This is an archive of the discontinued LLVM Phabricator instance.

Differential D64236

[llvm-objcopy] Don't change permissions of non-regular output files
ClosedPublic

Authored by MaskRay on Jul 4 2019, 11:28 PM.

Details

Reviewers
abrachet
alexander-shaposhnikov
jakehehrlich
jhenderson
rupprecht
espindola
Commits
rG6dc59629570a: [llvm-objcopy] Don't change permissions of non-regular output files
rL365753: [llvm-objcopy] Don't change permissions of non-regular output files
Summary

This fixes the EPERM error when a regular user executes llvm-objcopy a.o /dev/null

A new overload of llvm::sys::fs::setPermissions is added.
Users should provide perm & ~umask as the parameter if they intend to
respect umask.

The existing overload of llvm::sys::fs::setPermissions may be deleted if
we can find an implementation of fchmod() on Windows.

Diff Detail

Event Timeline

MaskRay created this revision.Jul 4 2019, 11:28 PM
Herald added a reviewer: espindola. · View Herald TranscriptJul 4 2019, 11:28 PM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: llvm-commits, kristina, arichardson, emaste. · View Herald Transcript
Harbormaster completed remote builds in B34407: Diff 208120.Jul 4 2019, 11:30 PM
MaskRay updated this revision to Diff 208121.Jul 4 2019, 11:36 PM

Fix unittest

Harbormaster completed remote builds in B34408: Diff 208121.Jul 4 2019, 11:36 PM
MaskRay updated this revision to Diff 208122.Jul 4 2019, 11:51 PM

Add a #ifdef _Win32 to (hopefully) fix Windows tests.
I don't know how to implement fchmod on Windows...

Harbormaster completed remote builds in B34409: Diff 208122.Jul 4 2019, 11:53 PM
abrachet added a comment.Jul 4 2019, 11:55 PM

Thanks @MaskRay, this is a big upgrade to what I had.

lib/Support/Windows/Path.inc
777

By no means a Windows expert, but it seems like _get_osfhandle and SetFileInformationByHandle would be a place to start?

unittests/Support/Path.cpp
1543

I'm not sure this test fixture is needed anymore, but it's also not hurting.

MaskRay marked an inline comment as done.Jul 5 2019, 12:03 AM
MaskRay added inline comments.
lib/Support/Windows/Path.inc
777

I don't even have a Windows for testing... I'll leave this to a Windows expert.

jakehehrlich accepted this revision.Jul 8 2019, 10:51 AM

LGTM

This revision is now accepted and ready to land.Jul 8 2019, 10:51 AM
jakehehrlich added a comment.Jul 8 2019, 10:59 AM

I can't verify the windows parts today. If you can wait until tomorrow I can run it on a windows machine to test it.

jhenderson added a comment.Jul 9 2019, 6:53 AM

I just built this and ran the tests on my Windows machine, and saw no issues. However, I'm not sure I follow why you'd expect there to be any issues with the current state of the code?

I'm happy with the Windows side not being implemented for now, but I'm also not sure why you need the new overload at all? Isn't the OStat.type() check sufficient?

include/llvm/Support/FileSystem.h
675

Doxygen comments to match the other overload?

lib/Support/Windows/Path.inc
777

Perhaps it's worth return a not_supported error here?

test/tools/llvm-objcopy/ELF/mirror-permissions-unix.test
41

I feel like this needs to actually test that the permissions haven't been changed.

abrachet added a comment.Jul 9 2019, 11:30 AM

but I'm also not sure why you need the new overload at all? Isn't the OStat.type() check sufficient?

I agree with @jhenderson here. If we don't implement a setPermissions(int, perms) for Windows, I reckon we should only use setPermissions(const Twine&, perms).

lib/Support/Windows/Path.inc
777

We could do something hacky like this to get it to at least work on Windows.

HANDLE Handle = _get_osfhandle(FD);
char Buf[256];
GetFinalPathNameByHandleA(Handle, Buf, 256, 0);
return setPermissions(Buf, Permissions);
MaskRay updated this revision to Diff 208867.Jul 9 2019, 7:36 PM
MaskRay marked 2 inline comments as done.
MaskRay edited the summary of this revision. (Show Details)

Address review comments

include/llvm/Support/FileSystem.h
675

The purpose is obvious from the function signature and the overload above. Adding another few lines of comment just clutter the code.

Actually, I think std::error_code setPermissions(const Twine &Path, perms Permissions); should just be removed if we can find an implementation of fchmod on Windows - it is very rare to set mode bits of an unknown file (with a path).

Harbormaster completed remote builds in B34667: Diff 208867.Jul 9 2019, 7:37 PM
MaskRay marked an inline comment as done.Jul 9 2019, 7:53 PM
jhenderson added inline comments.Jul 10 2019, 3:45 AM
include/llvm/Support/FileSystem.h
675

In the source code, I agree, but if you don't add the doxygen comments, it will have none in the doxygen output, and therefore will look odd and is not so easy to switch around. Also, they have clearly different signatures so the meaning could be considered different.

Also, why would we delete the path overload? What if we don't have easy access to a FD (or don't want to try to look one up)?

lib/Support/Windows/Path.inc
778

make_error_code(errc::not_supported) would be a bit cleaner.

MaskRay updated this revision to Diff 208934.Jul 10 2019, 6:08 AM

Switch to return std::make_error_code(std::errc::not_supported);

Harbormaster completed remote builds in B34686: Diff 208934.Jul 10 2019, 6:12 AM
MaskRay marked an inline comment as done.Jul 10 2019, 6:16 AM
MaskRay added inline comments.
include/llvm/Support/FileSystem.h
675

In the source code, I agree, but if you don't add the doxygen comments, it will have none in the doxygen output, and therefore will look odd and is not so easy to switch around.

When the function does more involved tasks, I agree. Here, the function doesn't do anything smart. The comment just makes reading through the file harder.

Also, why would we delete the path overload? What if we don't have easy access to a FD (or don't want to try to look one up)?

chmod has much fewer use cases than fchmod. It is rare to chmod a foreign file. Usually, you also write/stat/read the file, then you'll need a handle. Once you have the handle, it is more natural to use fchmod (it also prevents TOCTOU race). setPermissions(Path, perms) was currently only used in one place in objcopy, I can hardly think of any future use case of it.

jhenderson added inline comments.Jul 10 2019, 6:34 AM
include/llvm/Support/FileSystem.h
675

When the function does more involved tasks, I agree. Here, the function doesn't do anything smart. The comment just makes reading through the file harder.

See also md5_contents, is_local, make_absolute, copy_file, and various other methods in this file, and most of them have simple behaviour. Each of them have nearly-identical doxygen comments for multiple overloads. You may disagree with this, but that is the established pattern, and makes a lot more sense when you're reading the doxygen itself. You can probably get away with a single-line comment referring to the "main" overload (i.e. the one with the comments), just noting the different parameter.

MaskRay updated this revision to Diff 208955.Jul 10 2019, 7:09 AM

Add "Vesion of setPermissions accepting a file descriptor."

Harbormaster completed remote builds in B34693: Diff 208955.Jul 10 2019, 7:09 AM
jhenderson added a comment.Jul 10 2019, 7:17 AM

I just built this and ran the tests on my Windows machine, and saw no issues. However, I'm not sure I follow why you'd expect there to be any issues with the current state of the code?

I'm happy with the Windows side not being implemented for now, but I'm also not sure why you need the new overload at all? Isn't the OStat.type() check sufficient?

Thanks for the update. Can you answer these comments, please?

MaskRay added a comment.Jul 10 2019, 7:34 AM
In D64236#1578315, @jhenderson wrote:

I just built this and ran the tests on my Windows machine, and saw no issues. However, I'm not sure I follow why you'd expect there to be any issues with the current state of the code?

I'm happy with the Windows side not being implemented for now, but I'm also not sure why you need the new overload at all? Isn't the OStat.type() check sufficient?

Thanks for the update. Can you answer these comments, please?

With the current state of the code, objcopy a.o /dev/null => EPERM because it tries to set the mode bits of /dev/null (/dev/null is owned by root).
If you are root, you can even change its mode bits (usually rw-rw-rw-).

The new overload saves one stat syscall and avoids the race condition (if the filename is moved between sys::fs::openFileForWrite and sys::fs::setPermissions, the updated code will not operate on a nonexistent/different file). I'm sorry that I didn't read carefully when restoreStatOnFile was initially checked in.

jhenderson accepted this revision.Jul 11 2019, 1:31 AM

Thanks, LGTM!

Closed by commit rL365753: [llvm-objcopy] Don't change permissions of non-regular output files (authored by MaskRay). · Explain WhyJul 11 2019, 3:19 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
include/
llvm/
Support/
9 lines
lib/
Support/
Unix/
12 lines
Windows/
8 lines
test/
tools/
llvm-objcopy/
ELF/
6 lines
tools/
llvm-objcopy/
15 lines
unittests/
Support/
10 lines

Diff 208867

include/llvm/Support/FileSystem.h

Show First 20 LinesShow All 659 Lines▼ Show 20 Lines
/// on Windows. This function does not return an error_code because /// on Windows. This function does not return an error_code because
/// umask(2) never fails. It is not thread safe. /// umask(2) never fails. It is not thread safe.
unsigned getUmask(); unsigned getUmask();
/// Set file permissions. /// Set file permissions.
/// ///
/// @param Path File to set permissions on. /// @param Path File to set permissions on.
/// @param Permissions New file permissions. /// @param Permissions New file permissions.
/// @param RespectUmask If true then Permissions will be changed to respect the
/// umask of the current process.
/// @returns errc::success if the permissions were successfully set, otherwise /// @returns errc::success if the permissions were successfully set, otherwise
/// a platform-specific error_code. /// a platform-specific error_code.
/// @note On Windows, all permissions except *_write are ignored. Using any of /// @note On Windows, all permissions except *_write are ignored. Using any of
/// owner_write, group_write, or all_write will make the file writable. /// owner_write, group_write, or all_write will make the file writable.
/// Otherwise, the file will be marked as read-only. /// Otherwise, the file will be marked as read-only.
std::error_code setPermissions(const Twine &Path, perms Permissions, std::error_code setPermissions(const Twine &Path, perms Permissions);
bool RespectUmask = false);
// TODO Delete the path based overload once we implement the FD based overload
jhendersonUnsubmitted
Not Done
ReplyInline Actions

Doxygen comments to match the other overload?

jhenderson: Doxygen comments to match the other overload?
MaskRayAuthorUnsubmitted
Done
ReplyInline Actions

The purpose is obvious from the function signature and the overload above. Adding another few lines of comment just clutter the code.

Actually, I think std::error_code setPermissions(const Twine &Path, perms Permissions); should just be removed if we can find an implementation of fchmod on Windows - it is very rare to set mode bits of an unknown file (with a path).

MaskRay: The purpose is obvious from the function signature and the overload above. Adding another few…
jhendersonUnsubmitted
Not Done
ReplyInline Actions

In the source code, I agree, but if you don't add the doxygen comments, it will have none in the doxygen output, and therefore will look odd and is not so easy to switch around. Also, they have clearly different signatures so the meaning could be considered different.

Also, why would we delete the path overload? What if we don't have easy access to a FD (or don't want to try to look one up)?

jhenderson: In the source code, I agree, but if you don't add the doxygen comments, it will have none in…
MaskRayAuthorUnsubmitted
Done
ReplyInline Actions

In the source code, I agree, but if you don't add the doxygen comments, it will have none in the doxygen output, and therefore will look odd and is not so easy to switch around.

When the function does more involved tasks, I agree. Here, the function doesn't do anything smart. The comment just makes reading through the file harder.

Also, why would we delete the path overload? What if we don't have easy access to a FD (or don't want to try to look one up)?

chmod has much fewer use cases than fchmod. It is rare to chmod a foreign file. Usually, you also write/stat/read the file, then you'll need a handle. Once you have the handle, it is more natural to use fchmod (it also prevents TOCTOU race). setPermissions(Path, perms) was currently only used in one place in objcopy, I can hardly think of any future use case of it.

MaskRay: > In the source code, I agree, but if you don't add the doxygen comments, it will have none in…
jhendersonUnsubmitted
Not Done
ReplyInline Actions

When the function does more involved tasks, I agree. Here, the function doesn't do anything smart. The comment just makes reading through the file harder.

See also md5_contents, is_local, make_absolute, copy_file, and various other methods in this file, and most of them have simple behaviour. Each of them have nearly-identical doxygen comments for multiple overloads. You may disagree with this, but that is the established pattern, and makes a lot more sense when you're reading the doxygen itself. You can probably get away with a single-line comment referring to the "main" overload (i.e. the one with the comments), just noting the different parameter.

jhenderson: > When the function does more involved tasks, I agree. Here, the function doesn't do anything…
// on Windows.
std::error_code setPermissions(int FD, perms Permissions);
/// Get file permissions. /// Get file permissions.
/// ///
/// @param Path File to get permissions from. /// @param Path File to get permissions from.
/// @returns the permissions if they were successfully retrieved, otherwise a /// @returns the permissions if they were successfully retrieved, otherwise a
/// platform-specific error_code. /// platform-specific error_code.
/// @note On Windows, if the file does not have the FILE_ATTRIBUTE_READONLY /// @note On Windows, if the file does not have the FILE_ATTRIBUTE_READONLY
/// attribute, all_all will be returned. Otherwise, all_read | all_exe /// attribute, all_all will be returned. Otherwise, all_read | all_exe
▲ Show 20 LinesShow All 760 LinesShow Last 20 Lines

lib/Support/Unix/Path.inc

Show First 20 LinesShow All 696 Lines▼ Show 20 Lines
unsigned getUmask() { unsigned getUmask() {
// Chose arbitary new mask and reset the umask to the old mask. // Chose arbitary new mask and reset the umask to the old mask.
// umask(2) never fails so ignore the return of the second call. // umask(2) never fails so ignore the return of the second call.
unsigned Mask = ::umask(0); unsigned Mask = ::umask(0);
(void) ::umask(Mask); (void) ::umask(Mask);
return Mask; return Mask;
} }
std::error_code setPermissions(const Twine &Path, perms Permissions, std::error_code setPermissions(const Twine &Path, perms Permissions) {
bool RespectUmask) {
SmallString<128> PathStorage; SmallString<128> PathStorage;
StringRef P = Path.toNullTerminatedStringRef(PathStorage); StringRef P = Path.toNullTerminatedStringRef(PathStorage);
if (RespectUmask)
Permissions = static_cast<perms>(Permissions & ~getUmask());
if (::chmod(P.begin(), Permissions)) if (::chmod(P.begin(), Permissions))
return std::error_code(errno, std::generic_category()); return std::error_code(errno, std::generic_category());
return std::error_code(); return std::error_code();
} }
std::error_code setPermissions(int FD, perms Permissions) {
if (::fchmod(FD, Permissions))
return std::error_code(errno, std::generic_category());
return std::error_code();
}
std::error_code setLastAccessAndModificationTime(int FD, TimePoint<> AccessTime, std::error_code setLastAccessAndModificationTime(int FD, TimePoint<> AccessTime,
TimePoint<> ModificationTime) { TimePoint<> ModificationTime) {
#if defined(HAVE_FUTIMENS) #if defined(HAVE_FUTIMENS)
timespec Times[2]; timespec Times[2];
Times[0] = sys::toTimeSpec(AccessTime); Times[0] = sys::toTimeSpec(AccessTime);
Times[1] = sys::toTimeSpec(ModificationTime); Times[1] = sys::toTimeSpec(ModificationTime);
if (::futimens(FD, Times)) if (::futimens(FD, Times))
return std::error_code(errno, std::generic_category()); return std::error_code(errno, std::generic_category());
▲ Show 20 LinesShow All 499 LinesShow Last 20 Lines

lib/Support/Windows/Path.inc

Show First 20 LinesShow All 736 Lines▼ Show 20 Lines
std::error_code status(file_t FileHandle, file_status &Result) { std::error_code status(file_t FileHandle, file_status &Result) {
return getStatus(FileHandle, Result); return getStatus(FileHandle, Result);
} }
unsigned getUmask() { unsigned getUmask() {
return 0; return 0;
} }
std::error_code setPermissions(const Twine &Path, perms Permissions, std::error_code setPermissions(const Twine &Path, perms Permissions) {
bool /*RespectUmask*/) {
SmallVector<wchar_t, 128> PathUTF16; SmallVector<wchar_t, 128> PathUTF16;
if (std::error_code EC = widenPath(Path, PathUTF16)) if (std::error_code EC = widenPath(Path, PathUTF16))
return EC; return EC;
DWORD Attributes = ::GetFileAttributesW(PathUTF16.begin()); DWORD Attributes = ::GetFileAttributesW(PathUTF16.begin());
if (Attributes == INVALID_FILE_ATTRIBUTES) if (Attributes == INVALID_FILE_ATTRIBUTES)
return mapWindowsError(GetLastError()); return mapWindowsError(GetLastError());
Show All 14 Linesstd::error_code setPermissions(const Twine &Path, perms Permissions) {
} }
if (!::SetFileAttributesW(PathUTF16.begin(), Attributes)) if (!::SetFileAttributesW(PathUTF16.begin(), Attributes))
return mapWindowsError(GetLastError()); return mapWindowsError(GetLastError());
return std::error_code(); return std::error_code();
} }
std::error_code setPermissions(int FD, perms Permissions) {
// FIXME Not implemented.
abrachetUnsubmitted
Not Done
ReplyInline Actions

By no means a Windows expert, but it seems like _get_osfhandle and SetFileInformationByHandle would be a place to start?

abrachet: By no means a Windows expert, but it seems like [[ https://docs.microsoft.com/en-us/cpp/c…
MaskRayAuthorUnsubmitted
Done
ReplyInline Actions

I don't even have a Windows for testing... I'll leave this to a Windows expert.

MaskRay: I don't even have a Windows for testing... I'll leave this to a Windows expert.
jhendersonUnsubmitted
Done
ReplyInline Actions

Perhaps it's worth return a not_supported error here?

jhenderson: Perhaps it's worth return a not_supported error here?
abrachetUnsubmitted
Not Done
ReplyInline Actions

We could do something hacky like this to get it to at least work on Windows.

HANDLE Handle = _get_osfhandle(FD);
char Buf[256];
GetFinalPathNameByHandleA(Handle, Buf, 256, 0);
return setPermissions(Buf, Permissions);
abrachet: We could do something hacky like this to get it to at least //work// on Windows. ``` HANDLE…
return std::error_code(ENOTSUP, std::generic_category());
jhendersonUnsubmitted
Not Done
ReplyInline Actions

make_error_code(errc::not_supported) would be a bit cleaner.

jhenderson: `make_error_code(errc::not_supported)` would be a bit cleaner.
}
std::error_code setLastAccessAndModificationTime(int FD, TimePoint<> AccessTime, std::error_code setLastAccessAndModificationTime(int FD, TimePoint<> AccessTime,
TimePoint<> ModificationTime) { TimePoint<> ModificationTime) {
FILETIME AccessFT = toFILETIME(AccessTime); FILETIME AccessFT = toFILETIME(AccessTime);
FILETIME ModifyFT = toFILETIME(ModificationTime); FILETIME ModifyFT = toFILETIME(ModificationTime);
HANDLE FileHandle = reinterpret_cast<HANDLE>(_get_osfhandle(FD)); HANDLE FileHandle = reinterpret_cast<HANDLE>(_get_osfhandle(FD));
if (!SetFileTime(FileHandle, NULL, &AccessFT, &ModifyFT)) if (!SetFileTime(FileHandle, NULL, &AccessFT, &ModifyFT))
return mapWindowsError(::GetLastError()); return mapWindowsError(::GetLastError());
return std::error_code(); return std::error_code();
▲ Show 20 LinesShow All 727 LinesShow Last 20 Lines

test/tools/llvm-objcopy/ELF/mirror-permissions-unix.test

Show All 30 Lines
# RUN: ls -l %t1 | cut -f 1 -d ' ' > %t1.perms # RUN: ls -l %t1 | cut -f 1 -d ' ' > %t1.perms
# RUN: cmp %t1.perms %t.0666 # RUN: cmp %t1.perms %t.0666
# RUN: chmod 0640 %t # RUN: chmod 0640 %t
# RUN: llvm-objcopy %t %t1 # RUN: llvm-objcopy %t %t1
# RUN: ls -l %t1 | cut -f 1 -d ' ' > %t1.perms # RUN: ls -l %t1 | cut -f 1 -d ' ' > %t1.perms
# RUN: cmp %t1.perms %t.0640 # RUN: cmp %t1.perms %t.0640
## Don't set the permission of a character special file, otherwise there will
## be an EPERM error (or worse: root may change the permission).
# RUN: ls -l /dev/null | cut -f 1 -d ' ' > %tnull.perms
jhendersonUnsubmitted
Done
ReplyInline Actions

I feel like this needs to actually test that the permissions haven't been changed.

jhenderson: I feel like this needs to actually test that the permissions haven't been changed.
# RUN: llvm-objcopy %t /dev/null
# RUN: ls -l /dev/null | cut -f 1 -d ' ' | diff - %tnull.perms
--- !ELF --- !ELF
FileHeader: FileHeader:
Class: ELFCLASS64 Class: ELFCLASS64
Data: ELFDATA2LSB Data: ELFDATA2LSB
Type: ET_EXEC Type: ET_EXEC
Machine: EM_X86_64 Machine: EM_X86_64

tools/llvm-objcopy/llvm-objcopy.cpp

Show First 20 LinesShow All 216 Lines▼ Show 20 Lines if (auto EC =
sys::fs::openFileForWrite(Filename, FD, sys::fs::CD_OpenExisting)) sys::fs::openFileForWrite(Filename, FD, sys::fs::CD_OpenExisting))
return createFileError(Filename, EC); return createFileError(Filename, EC);
if (PreserveDates) if (PreserveDates)
if (auto EC = sys::fs::setLastAccessAndModificationTime( if (auto EC = sys::fs::setLastAccessAndModificationTime(
FD, Stat.getLastAccessedTime(), Stat.getLastModificationTime())) FD, Stat.getLastAccessedTime(), Stat.getLastModificationTime()))
return createFileError(Filename, EC); return createFileError(Filename, EC);
if (auto EC = sys::fs::setPermissions(Filename, Stat.permissions(), sys::fs::file_status OStat;
/*respectUmask=*/true)) if (std::error_code EC = sys::fs::status(FD, OStat))
return createFileError(Filename, EC);
if (OStat.type() == sys::fs::file_type::regular_file)
#ifdef _WIN32
if (auto EC = sys::fs::setPermissions(
Filename, static_cast<sys::fs::perms>(Stat.permissions() &
~sys::fs::getUmask())))
#else
if (auto EC = sys::fs::setPermissions(
FD, static_cast<sys::fs::perms>(Stat.permissions() &
~sys::fs::getUmask())))
#endif
return createFileError(Filename, EC); return createFileError(Filename, EC);
if (auto EC = sys::Process::SafelyCloseFileDescriptor(FD)) if (auto EC = sys::Process::SafelyCloseFileDescriptor(FD))
return createFileError(Filename, EC); return createFileError(Filename, EC);
return Error::success(); return Error::success();
} }
/// The function executeObjcopy does the higher level dispatch based on the type /// The function executeObjcopy does the higher level dispatch based on the type
▲ Show 20 LinesShow All 83 LinesShow Last 20 Lines

unittests/Support/Path.cpp

Show First 20 LinesShow All 1,534 Lines▼ Show 20 Lines#else
unsigned OldMask = ::umask(0022); unsigned OldMask = ::umask(0022);
unsigned CurrentMask = fs::getUmask(); unsigned CurrentMask = fs::getUmask();
EXPECT_EQ(CurrentMask, 0022U) EXPECT_EQ(CurrentMask, 0022U)
<< "getUmask() didn't return previously set umask()"; << "getUmask() didn't return previously set umask()";
EXPECT_EQ(::umask(OldMask), 0022U) << "getUmask() may have changed umask()"; EXPECT_EQ(::umask(OldMask), 0022U) << "getUmask() may have changed umask()";
#endif #endif
} }
TEST_F(FileSystemTest, RespectUmask) { TEST_F(FileSystemTest, RespectUmask) {
abrachetUnsubmitted
Not Done
ReplyInline Actions

I'm not sure this test fixture is needed anymore, but it's also not hurting.

abrachet: I'm not sure this test fixture is needed anymore, but it's also not hurting.
#ifndef _WIN32 #ifndef _WIN32
unsigned OldMask = ::umask(0022); unsigned OldMask = ::umask(0022);
int FD; int FD;
SmallString<128> TempPath; SmallString<128> TempPath;
ASSERT_NO_ERROR(fs::createTemporaryFile("prefix", "temp", FD, TempPath)); ASSERT_NO_ERROR(fs::createTemporaryFile("prefix", "temp", FD, TempPath));
fs::perms AllRWE = static_cast<fs::perms>(0777); fs::perms AllRWE = static_cast<fs::perms>(0777);
ASSERT_NO_ERROR(fs::setPermissions(TempPath, AllRWE /*RespectUmask=false*/)); ASSERT_NO_ERROR(fs::setPermissions(TempPath, AllRWE));
ErrorOr<fs::perms> Perms = fs::getPermissions(TempPath); ErrorOr<fs::perms> Perms = fs::getPermissions(TempPath);
ASSERT_TRUE(!!Perms); ASSERT_TRUE(!!Perms);
EXPECT_EQ(Perms.get(), AllRWE) << "Should have ignored umask by default"; EXPECT_EQ(Perms.get(), AllRWE) << "Should have ignored umask by default";
ASSERT_NO_ERROR(fs::setPermissions(TempPath, AllRWE, /*RespectUmask=*/false)); ASSERT_NO_ERROR(fs::setPermissions(TempPath, AllRWE));
Perms = fs::getPermissions(TempPath); Perms = fs::getPermissions(TempPath);
ASSERT_TRUE(!!Perms); ASSERT_TRUE(!!Perms);
EXPECT_EQ(Perms.get(), AllRWE) << "Should have ignored umask"; EXPECT_EQ(Perms.get(), AllRWE) << "Should have ignored umask";
ASSERT_NO_ERROR(fs::setPermissions(TempPath, AllRWE, /*RespectUmask=*/true)); ASSERT_NO_ERROR(
fs::setPermissions(FD, static_cast<fs::perms>(AllRWE & ~fs::getUmask())));
Perms = fs::getPermissions(TempPath); Perms = fs::getPermissions(TempPath);
ASSERT_TRUE(!!Perms); ASSERT_TRUE(!!Perms);
EXPECT_EQ(Perms.get(), static_cast<fs::perms>(0755)) EXPECT_EQ(Perms.get(), static_cast<fs::perms>(0755))
<< "Did not respect umask"; << "Did not respect umask";
(void)::umask(0057); (void)::umask(0057);
ASSERT_NO_ERROR(fs::setPermissions(TempPath, AllRWE, /*RespectUmask=*/true)); ASSERT_NO_ERROR(
fs::setPermissions(FD, static_cast<fs::perms>(AllRWE & ~fs::getUmask())));
Perms = fs::getPermissions(TempPath); Perms = fs::getPermissions(TempPath);
ASSERT_TRUE(!!Perms); ASSERT_TRUE(!!Perms);
EXPECT_EQ(Perms.get(), static_cast<fs::perms>(0720)) EXPECT_EQ(Perms.get(), static_cast<fs::perms>(0720))
<< "Did not respect umask"; << "Did not respect umask";
(void)::umask(OldMask); (void)::umask(OldMask);
(void)::close(FD); (void)::close(FD);
#endif #endif
▲ Show 20 LinesShow All 206 LinesShow Last 20 Lines