Sha256: 16c5b1854438a0766f5d9724966e77361f1664fd18f3d23cc0202c6046744f3d
Contents?: true
Size: 1.91 KB
Versions: 19
Compression:
Stored size: 1.91 KB
Contents
//! This defines `set_permissions`, the primary entrypoint to sandboxed
//! filesystem permissions modification.
#[cfg(racy_asserts)]
use crate::fs::{map_result, stat, stat_unchecked, FollowSymlinks, Metadata};
use crate::fs::{set_permissions_impl, Permissions};
use std::path::Path;
use std::{fs, io};
/// Perform a `chmodat`-like operation, ensuring that the resolution of the
/// path never escapes the directory tree rooted at `start`.
#[cfg_attr(not(racy_asserts), allow(clippy::let_and_return))]
#[inline]
pub fn set_permissions(start: &fs::File, path: &Path, perm: Permissions) -> io::Result<()> {
#[cfg(racy_asserts)]
let perm_clone = perm.clone();
#[cfg(racy_asserts)]
let stat_before = stat(start, path, FollowSymlinks::Yes);
// Call the underlying implementation.
let result = set_permissions_impl(start, path, perm);
#[cfg(racy_asserts)]
let stat_after = stat_unchecked(start, path, FollowSymlinks::Yes);
#[cfg(racy_asserts)]
check_set_permissions(start, path, perm_clone, &stat_before, &result, &stat_after);
result
}
#[cfg(racy_asserts)]
fn check_set_permissions(
start: &fs::File,
path: &Path,
perm: Permissions,
stat_before: &io::Result<Metadata>,
result: &io::Result<()>,
stat_after: &io::Result<Metadata>,
) {
match (
map_result(stat_before),
map_result(result),
map_result(stat_after),
) {
(Ok(_), Ok(()), Ok(metadata)) => {
assert_eq!(perm, metadata.permissions());
}
(Ok(metadata_before), Err(_), Ok(metadata_after)) => {
assert_eq!(metadata_before.permissions(), metadata_after.permissions());
}
// TODO: Check error messages
(Err(_), Err(_), Err(_)) => (),
other => panic!(
"inconsistent set_permissions checks: start='{:?}' path='{}':\n{:#?}",
start,
path.display(),
other,
),
}
}
Version data entries
19 entries across 19 versions & 1 rubygems