Add a test for path_open read rights

crates/test-programs/wasi-tests/src/bin/path_open_read_without_rights.rs

@@ -0,0 +1,88 @@
+use std::{env, process};
+use wasi_tests::open_scratch_directory;
+use wasi_tests::{drop_rights, fd_get_rights};
+
+const TEST_FILENAME: &'static str = "file";
+
+unsafe fn create_testfile(dir_fd: wasi::Fd) {
+    let fd = wasi::path_open(
+        dir_fd,
+        0,
+        TEST_FILENAME,
+        wasi::OFLAGS_CREAT | wasi::OFLAGS_EXCL,
+        wasi::RIGHTS_FD_READ | wasi::RIGHTS_FD_WRITE,
+        0,
+        0,
+    )
+    .expect("creating a file");
+    wasi::fd_close(fd).expect("closing a file");
+}
+
+unsafe fn try_read_file(dir_fd: wasi::Fd) {
+    let fd = wasi::path_open(dir_fd, 0, TEST_FILENAME, 0, 0, 0, 0).expect("opening the file");
+
+    // Check that we don't have the right to exeucute fd_read
+    let (rbase, rinher) = fd_get_rights(fd);
+    assert_eq!(
+        rbase & wasi::RIGHTS_FD_READ,
+        0,
+        "should not have base RIGHTS_FD_READ"
+    );
+    assert_eq!(
+        rinher & wasi::RIGHTS_FD_READ,
+        0,
+        "should not have inheriting RIGHTS_FD_READ"
+    );
+
+    let contents = &mut [0u8; 1];
+    let iovec = wasi::Iovec {
+        buf: contents.as_mut_ptr() as *mut _,
+        buf_len: contents.len(),
+    };
+    // Since we no longer have the right to fd_read, trying to read a file
+    // should be an error.
+    let err = wasi::fd_read(fd, &[iovec]).expect_err("reading bytes from file should fail");
+    assert_eq!(err, wasi::ERRNO_NOTCAPABLE, "the errno should be ENOTCAPABLE");
+}
+
+unsafe fn test_read_rights(dir_fd: wasi::Fd) {
+    create_testfile(dir_fd);
+    drop_rights(dir_fd, wasi::RIGHTS_FD_READ, wasi::RIGHTS_FD_READ);
+
+    let (rbase, rinher) = fd_get_rights(dir_fd);
+    assert_eq!(
+        rbase & wasi::RIGHTS_FD_READ,
+        0,
+        "dir should not have base RIGHTS_FD_READ"
+    );
+    assert_eq!(
+        rinher & wasi::RIGHTS_FD_READ,
+        0,
+        "dir should not have inheriting RIGHTS_FD_READ"
+    );
+
+    try_read_file(dir_fd);
+}
+
+fn main() {
+    let mut args = env::args();
+    let prog = args.next().unwrap();
+    let arg = if let Some(arg) = args.next() {
+        arg
+    } else {
+        eprintln!("usage: {} <scratch directory>", prog);
+        process::exit(1);
+    };
+
+    // Open scratch directory
+    let dir_fd = match open_scratch_directory(&arg) {
+        Ok(dir_fd) => dir_fd,
+        Err(err) => {
+            eprintln!("{}", err);
+            process::exit(1)
+        }
+    };
+
+    // Run the tests.
+    unsafe { test_read_rights(dir_fd) }
+}

crates/test-programs/wasi-tests/src/lib.rs

@@ -43,3 +43,24 @@ pub unsafe fn create_file(dir_fd: wasi::Fd, filename: &str) {
     );
     wasi::fd_close(file_fd).expect("closing a file");
 }
+
+// Returns: (rights_base, rights_inheriting)
+pub unsafe fn fd_get_rights(fd: wasi::Fd) -> (wasi::Rights, wasi::Rights) {
+    let fdstat = wasi::fd_fdstat_get(fd).expect("fd_fdstat_get failed");
+    (fdstat.fs_rights_base, fdstat.fs_rights_inheriting)
+}
+
+pub unsafe fn drop_rights(
+    fd: wasi::Fd,
+    drop_base: wasi::Rights,
+    drop_inheriting: wasi::Rights,
+) {
+    let (current_base, current_inheriting) = fd_get_rights(fd);
+
+    let new_base = current_base & !drop_base;
+    let new_inheriting = current_inheriting & !drop_inheriting;
+
+        wasi::fd_fdstat_set_rights(fd, new_base, new_inheriting).expect(
+        "dropping fd rights",
+    );
+}