feat: Add tests to check no edit is permitted

Privacy Sandbox Team · copybara-github · commit 5fa855449d5f · 2025-01-10T07:43:12.000-08:00
Bug: b/387989444
Change-Id: Ie1b778fcf46bfda336c2470235eca7ba4a66cdb5
GitOrigin-RevId: b09d80f30d29c1d4a20eb431b146730f2ab03ee1
diff --git a/src/roma/byob/sample_udf/BUILD.bazel b/src/roma/byob/sample_udf/BUILD.bazel
@@ -190,13 +190,33 @@ cc_binary(
 )
 
 cc_binary(
-    name = "filesystem_udf",
-    srcs = ["filesystem_udf.cc"],
+    name = "filesystem_add_udf",
+    srcs = ["filesystem_add_udf.cc"],
+    visibility = ["//visibility:public"],
+    deps = [
+        ":sample_byob_sdk_cc_proto",
+        "@com_google_absl//absl/status",
+        "@com_google_protobuf//:protobuf",
+    ],
+)
+
+cc_binary(
+    name = "filesystem_edit_udf",
+    srcs = ["filesystem_edit_udf.cc"],
+    visibility = ["//visibility:public"],
+    deps = [
+        ":sample_byob_sdk_cc_proto",
+        "@com_google_absl//absl/status",
+        "@com_google_protobuf//:protobuf",
+    ],
+)
+
+cc_binary(
+    name = "filesystem_delete_udf",
+    srcs = ["filesystem_delete_udf.cc"],
     visibility = ["//visibility:public"],
     deps = [
         ":sample_byob_sdk_cc_proto",
-        "//src/roma/byob/dispatcher:interface",
-        "//src/roma/byob/utility:utils",
         "@com_google_absl//absl/status",
         "@com_google_protobuf//:protobuf",
     ],
@@ -364,7 +384,9 @@ filegroup(
         ":abort_early_udf",
         ":abort_late_udf",
         ":cap_udf",
-        ":filesystem_udf",
+        ":filesystem_add_udf",
+        ":filesystem_delete_udf",
+        ":filesystem_edit_udf",
         ":log_benchmark_udf",
         ":log_udf",
         ":new_udf",
diff --git a/src/roma/byob/sample_udf/filesystem_add_udf.cc b/src/roma/byob/sample_udf/filesystem_add_udf.cc
@@ -20,9 +20,7 @@
 
 #include "absl/status/status.h"
 #include "google/protobuf/util/delimited_message_util.h"
-#include "src/roma/byob/dispatcher/interface.h"
 #include "src/roma/byob/sample_udf/sample_udf_interface.pb.h"
-#include "src/roma/byob/utility/utils.h"
 
 using google::protobuf::io::FileInputStream;
 using google::protobuf::util::ParseDelimitedFromZeroCopyStream;
diff --git a/src/roma/byob/sample_udf/filesystem_delete_udf.cc b/src/roma/byob/sample_udf/filesystem_delete_udf.cc
@@ -0,0 +1,87 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <fcntl.h>
+
+#include <cstdlib>
+#include <filesystem>
+#include <fstream>
+#include <iostream>
+#include <system_error>
+
+#include "absl/status/status.h"
+#include "google/protobuf/util/delimited_message_util.h"
+#include "src/roma/byob/sample_udf/sample_udf_interface.pb.h"
+
+using google::protobuf::io::FileInputStream;
+using google::protobuf::util::ParseDelimitedFromZeroCopyStream;
+using google::protobuf::util::SerializeDelimitedToFileDescriptor;
+using privacy_sandbox::roma_byob::example::SampleRequest;
+using privacy_sandbox::roma_byob::example::SampleResponse;
+
+SampleRequest ReadRequestFromFd(int fd) {
+  SampleRequest req;
+  FileInputStream stream(fd);
+  google::protobuf::util::ParseDelimitedFromZeroCopyStream(&req, &stream,
+                                                           nullptr);
+  return req;
+}
+
+void WriteResponseToFd(int fd, std::string_view greeting) {
+  SampleResponse response;
+  response.set_greeting(greeting);
+  google::protobuf::util::SerializeDelimitedToFileDescriptor(response, fd);
+}
+
+// Parses the file system directory structure and tries to delete an existing
+// file/directory. If a file/directory can be deleted to, it sends a fail
+// message. Else, it succeeds.
+absl::Status ParseFileSystemAndVerifyNoDelete(std::filesystem::path path) {
+  auto verify_no_delete = [](const std::filesystem::path& path) {
+    if (std::error_code ec; std::filesystem::remove_all(path, ec) !=
+                            static_cast<std::uintmax_t>(-1)) {
+      return absl::InternalError(
+          absl::StrCat("Failure. Able to delete ", path.c_str(),
+                       ". Expected read-only filesystem."));
+    }
+    return absl::OkStatus();
+  };
+  if (auto status = verify_no_delete(path); !status.ok()) {
+    return status;
+  }
+  for (const auto& entry :
+       std::filesystem::recursive_directory_iterator(path)) {
+    // Recursively traverse subdirectories
+    if (auto status = verify_no_delete(entry.path()); !status.ok()) {
+      return status;
+    }
+  }
+  return absl::OkStatus();
+}
+
+int main(int argc, char* argv[]) {
+  if (argc < 2) {
+    std::cerr << "Not enough arguments!";
+    return -1;
+  }
+  int fd = std::stoi(argv[1]);
+  SampleRequest sample_request = ReadRequestFromFd(fd);
+  auto status = ParseFileSystemAndVerifyNoDelete("/");
+  if (status.ok()) {
+    WriteResponseToFd(fd, "Success.");
+  } else {
+    WriteResponseToFd(fd, std::move(status).message());
+  }
+  return 0;
+}
diff --git a/src/roma/byob/sample_udf/filesystem_edit_udf.cc b/src/roma/byob/sample_udf/filesystem_edit_udf.cc
@@ -0,0 +1,90 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <fcntl.h>
+
+#include <cstdlib>
+#include <filesystem>
+#include <fstream>
+#include <iostream>
+
+#include "absl/status/status.h"
+#include "google/protobuf/util/delimited_message_util.h"
+#include "src/roma/byob/sample_udf/sample_udf_interface.pb.h"
+
+using google::protobuf::io::FileInputStream;
+using google::protobuf::util::ParseDelimitedFromZeroCopyStream;
+using google::protobuf::util::SerializeDelimitedToFileDescriptor;
+using privacy_sandbox::roma_byob::example::SampleRequest;
+using privacy_sandbox::roma_byob::example::SampleResponse;
+
+SampleRequest ReadRequestFromFd(int fd) {
+  SampleRequest req;
+  FileInputStream stream(fd);
+  google::protobuf::util::ParseDelimitedFromZeroCopyStream(&req, &stream,
+                                                           nullptr);
+  return req;
+}
+
+void WriteResponseToFd(int fd, std::string_view greeting) {
+  SampleResponse response;
+  response.set_greeting(greeting);
+  google::protobuf::util::SerializeDelimitedToFileDescriptor(response, fd);
+}
+
+// Parses the file system directory structure and tries to edit an existing
+// file. If a file can be written to, it sends a fail message. Else, it
+// succeeds.
+absl::Status ParseFileSystemAndVerifyNoEdit(std::filesystem::path dir) {
+  auto verify_no_edit = [](const std::filesystem::path& path) {
+    if (!std::filesystem::is_regular_file(path)) {
+      return absl::OkStatus();
+    }
+    std::ofstream out_file(path.c_str());
+    if (out_file.fail()) {
+      return absl::OkStatus();
+    }
+    out_file << "Able to edit";
+    out_file.close();
+    return absl::InternalError(
+        absl::StrCat("Failure. Able to edit ", path.c_str(),
+                     ". Expected read-only filesystem."));
+  };
+  if (auto status = verify_no_edit(dir); !status.ok()) {
+    return status;
+  }
+  for (const auto& entry : std::filesystem::recursive_directory_iterator(dir)) {
+    // Recursively traverse subdirectories
+    if (auto status = verify_no_edit(entry.path()); !status.ok()) {
+      return status;
+    }
+  }
+  return absl::OkStatus();
+}
+
+int main(int argc, char* argv[]) {
+  if (argc < 2) {
+    std::cerr << "Not enough arguments!";
+    return -1;
+  }
+  int fd = std::stoi(argv[1]);
+  SampleRequest sample_request = ReadRequestFromFd(fd);
+  auto status = ParseFileSystemAndVerifyNoEdit("/");
+  if (status.ok()) {
+    WriteResponseToFd(fd, "Success.");
+  } else {
+    WriteResponseToFd(fd, std::move(status).message());
+  }
+  return 0;
+}
diff --git a/src/roma/byob/test/roma_byob_test.cc b/src/roma/byob/test/roma_byob_test.cc
@@ -53,8 +53,12 @@ const std::filesystem::path kCPlusPlusBinaryFilename = "sample_udf";
 const std::filesystem::path kCPlusPlusCapBinaryFilename = "cap_udf";
 const std::filesystem::path kCPlusPlusSocketFinderBinaryFilename =
     "socket_finder_udf";
-const std::filesystem::path kCPlusPlusFileSystemModificationFilename =
-    "filesystem_udf";
+const std::filesystem::path kCPlusPlusFileSystemAddFilename =
+    "filesystem_add_udf";
+const std::filesystem::path kCPlusPlusFileSystemDeleteFilename =
+    "filesystem_delete_udf";
+const std::filesystem::path kCPlusPlusFileSystemEditFilename =
+    "filesystem_edit_udf";
 const std::filesystem::path kCPlusPlusNewBinaryFilename = "new_udf";
 const std::filesystem::path kCPlusPlusLogBinaryFilename = "log_udf";
 const std::filesystem::path kCPlusPlusPauseBinaryFilename = "pause_udf";
@@ -207,16 +211,46 @@ TEST(RomaByobTest, NoSocketFileInSandboxMode) {
               ::testing::StrEq("Success."));
 }
 
-TEST(RomaByobTest, NoFileSystemChangeEgressionInNonSandboxMode) {
+TEST(RomaByobTest, NoFileSystemCreateEgressionInNonSandboxMode) {
   Mode mode = Mode::kModeNoSandbox;
   if (!HasClonePermissionsByobWorker(mode)) {
     GTEST_SKIP() << "HasClonePermissionsByobWorker check returned false";
   }
   ByobSampleService<> roma_service = GetRomaService(mode);
 
-  std::string code_token = LoadCode(
-      roma_service, kUdfPath / kCPlusPlusFileSystemModificationFilename,
-      /*enable_log_egress=*/true, /*num_workers=*/1);
+  std::string code_token =
+      LoadCode(roma_service, kUdfPath / kCPlusPlusFileSystemAddFilename,
+               /*enable_log_egress=*/true, /*num_workers=*/1);
+
+  EXPECT_THAT(SendRequestAndGetResponse(roma_service, code_token).greeting(),
+              ::testing::StrEq("Success."));
+}
+
+TEST(RomaByobTest, NoFileSystemDeleteEgressionInNonSandboxMode) {
+  Mode mode = Mode::kModeNoSandbox;
+  if (!HasClonePermissionsByobWorker(mode)) {
+    GTEST_SKIP() << "HasClonePermissionsByobWorker check returned false";
+  }
+  ByobSampleService<> roma_service = GetRomaService(mode);
+
+  std::string code_token =
+      LoadCode(roma_service, kUdfPath / kCPlusPlusFileSystemDeleteFilename,
+               /*enable_log_egress=*/true, /*num_workers=*/1);
+
+  EXPECT_THAT(SendRequestAndGetResponse(roma_service, code_token).greeting(),
+              ::testing::StrEq("Success."));
+}
+
+TEST(RomaByobTest, NoFileSystemEditEgressionInNonSandboxMode) {
+  Mode mode = Mode::kModeNoSandbox;
+  if (!HasClonePermissionsByobWorker(mode)) {
+    GTEST_SKIP() << "HasClonePermissionsByobWorker check returned false";
+  }
+  ByobSampleService<> roma_service = GetRomaService(mode);
+
+  std::string code_token =
+      LoadCode(roma_service, kUdfPath / kCPlusPlusFileSystemEditFilename,
+               /*enable_log_egress=*/true, /*num_workers=*/1);
 
   EXPECT_THAT(SendRequestAndGetResponse(roma_service, code_token).greeting(),
               ::testing::StrEq("Success."));
