diff options
| author | David Lönnhager <david.l@mullvad.net> | 2025-03-19 22:19:25 +0100 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2025-03-24 16:43:29 +0100 |
| commit | 192b831c6799fdb6694ff3fd353f0faba6ac3f9e (patch) | |
| tree | badfde6c30dde02fc4f12d08f2e695601fc37e1f | |
| parent | 85a07b3c58a246497f738bcbf15d2ff5b7d1b577 (diff) | |
| download | mullvadvpn-192b831c6799fdb6694ff3fd353f0faba6ac3f9e.tar.xz mullvadvpn-192b831c6799fdb6694ff3fd353f0faba6ac3f9e.zip | |
Add test for is_admin_owned
| -rw-r--r-- | talpid-windows/Cargo.toml | 7 | ||||
| -rw-r--r-- | talpid-windows/src/fs.rs | 31 |
2 files changed, 38 insertions, 0 deletions
diff --git a/talpid-windows/Cargo.toml b/talpid-windows/Cargo.toml index 594e17f9ef..fae8c72949 100644 --- a/talpid-windows/Cargo.toml +++ b/talpid-windows/Cargo.toml @@ -30,3 +30,10 @@ features = [ "Win32_NetworkManagement_IpHelper", "Win32_NetworkManagement_Ndis", ] + +[target.'cfg(windows)'.dev-dependencies.windows-sys] +workspace = true +features = [ + "Win32_Storage", + "Win32_Storage_FileSystem" +] diff --git a/talpid-windows/src/fs.rs b/talpid-windows/src/fs.rs index eb78efa963..51d714fe6d 100644 --- a/talpid-windows/src/fs.rs +++ b/talpid-windows/src/fs.rs @@ -45,3 +45,34 @@ pub fn is_admin_owned<T: AsRawHandle>(handle: T) -> io::Result<bool> { Ok(is_system_owned || is_admin_owned) } + +#[cfg(test)] +mod test { + use std::os::windows::fs::OpenOptionsExt; + use windows_sys::Win32::Storage::FileSystem::FILE_FLAG_BACKUP_SEMANTICS; + + use super::is_admin_owned; + + #[test] + pub fn test_is_admin_owned() { + // The kernel image is owned by "TrustedInstaller", so we expect the function to return 'false' + let path = std::fs::File::open(r"C:\Windows\System32\ntoskrnl.exe").unwrap(); + let result = is_admin_owned(path); + assert!( + matches!(result, Ok(false)), + "expected ntoskrnl.exe to be owned by TrustedInstaller (false), got {result:?}" + ); + + // The Windows system temp directory is owned by SYSTEM, so we expect 'true' + let path = std::fs::File::options() + .read(true) + .custom_flags(FILE_FLAG_BACKUP_SEMANTICS) + .open(r"C:\Windows\Temp") + .unwrap(); + let result = is_admin_owned(path); + assert!( + matches!(result, Ok(true)), + "expected TEMP to be owned by SYSTEM (true), got {result:?}" + ); + } +} |