diff options
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/config.go | 4 | ||||
| -rw-r--r-- | actions/config_test.go | 55 |
2 files changed, 58 insertions, 1 deletions
diff --git a/actions/config.go b/actions/config.go index 386edc4..7fdaf5b 100644 --- a/actions/config.go +++ b/actions/config.go @@ -31,6 +31,7 @@ import ( "golang.org/x/sys/unix" "github.com/google/fscrypt/crypto" + "github.com/google/fscrypt/filesystem" "github.com/google/fscrypt/metadata" "github.com/google/fscrypt/util" ) @@ -68,7 +69,8 @@ var ( func CreateConfigFile(target time.Duration, useLegacy bool) error { // Create the config file before computing the hashing costs, so we fail // immediately if the program has insufficient permissions. - configFile, err := os.OpenFile(ConfigFileLocation, createFlags, configPermissions) + configFile, err := filesystem.OpenFileOverridingUmask(ConfigFileLocation, + createFlags, configPermissions) switch { case os.IsExist(err): return ErrConfigFileExists diff --git a/actions/config_test.go b/actions/config_test.go new file mode 100644 index 0000000..037e433 --- /dev/null +++ b/actions/config_test.go @@ -0,0 +1,55 @@ +/* + * config_test.go - tests for creating the config file + * + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + +package actions + +import ( + "io/ioutil" + "os" + "path/filepath" + "testing" + "time" + + "golang.org/x/sys/unix" +) + +// Test that the global config file is created with mode 0644, regardless of the +// current umask. +func TestConfigFileIsCreatedWithCorrectMode(t *testing.T) { + oldMask := unix.Umask(0) + defer unix.Umask(oldMask) + unix.Umask(0077) + + tempDir, err := ioutil.TempDir("", "fscrypt") + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(tempDir) + ConfigFileLocation = filepath.Join(tempDir, "test.conf") + + if err = CreateConfigFile(time.Millisecond, false); err != nil { + t.Fatal(err) + } + fileInfo, err := os.Stat(ConfigFileLocation) + if err != nil { + t.Fatal(err) + } + if fileInfo.Mode().Perm() != 0644 { + t.Error("Expected newly created config file to have mode 0644") + } +} |