shill: limit shill profile file permissions
The shill profile file permissions must be readable and writeable
by the owner only.
BUG=chromium-os:29752
TEST=Added new checks to unit test KeyFileStoreTest.OpenClose
to verify the permissions.
Change-Id: I8907f27714fbc1bf417f38e5de4448209ab65e5e
Reviewed-on: https://gerrit.chromium.org/gerrit/20711
Reviewed-by: Paul Stewart <pstew@chromium.org>
Tested-by: Gary Morain <gmorain@chromium.org>
Commit-Ready: Gary Morain <gmorain@chromium.org>
diff --git a/key_file_store_unittest.cc b/key_file_store_unittest.cc
index 4e7d6be..12f6b6e 100644
--- a/key_file_store_unittest.cc
+++ b/key_file_store_unittest.cc
@@ -10,6 +10,7 @@
#include <base/stringprintf.h>
#include <gtest/gtest.h>
+using file_util::FileEnumerator;
using std::set;
using std::string;
using std::vector;
@@ -70,6 +71,18 @@
EXPECT_EQ(1, store_.crypto_.cryptos_.size());
ASSERT_TRUE(store_.Close());
EXPECT_FALSE(store_.key_file_);
+ FileEnumerator file_enumerator(temp_dir_.path(),
+ false /* not recursive */,
+ FileEnumerator::FILES);
+
+ // Verify that the file actually got written with the right name.
+ EXPECT_EQ(test_file_.value(), file_enumerator.Next().value());
+ FileEnumerator::FindInfo find_info;
+ file_enumerator.GetFindInfo(&find_info);
+
+ // Verify that the profile is a regular file, readable and writeable by the
+ // owner only.
+ EXPECT_EQ(S_IFREG | S_IRUSR | S_IWUSR, find_info.stat.st_mode);
ASSERT_TRUE(store_.Open());
EXPECT_TRUE(store_.key_file_);