src/sys/component_manager/tests/rights/meta/root_invalid_offer_dir_rights.cml - fuchsia - Git at Google

 // Realm for the rights_integration_test that verifies offer filtering and rights inference is
 // correctly working and that rights that are filtered are correctly being opened with lower
 // privileges in the use_dir_rights child.
 {
     children: [
         {
             name: "use_dir_rights",
             url: "fuchsia-pkg://fuchsia.com/rights_integration_test#meta/use_dir_rights.cm",
         },
         {
             name: "expose_dir_rights",
             url: "fuchsia-pkg://fuchsia.com/rights_integration_test#meta/expose_dir_rights.cm",
         },
     ],
     offer: [
         // This offer is invalidly increased in scope by the parent to rw*. This should fail and
         // result in the directory not being mapped to the child proccess.
         {
             directory: "read_only",
             from: "#expose_dir_rights",
             to: [ "#use_dir_rights" ],
             rights: [ "rw*" ],
         },
         {
             directory: "read_write",
             from: "#expose_dir_rights",
             to: [ "#use_dir_rights" ],
         },
         {
             directory: "read_write",
             from: "#expose_dir_rights",
             as: "/read_write_dup",
             to: [ "#use_dir_rights" ],
         },
         {
             directory: "read_exec",
             from: "#expose_dir_rights",
             to: [ "#use_dir_rights" ],
         },
         {
             directory: "read_admin",
             from: "#expose_dir_rights",
             to: [ "#use_dir_rights" ],
         },
         {
             directory: "read_only_after_scoped",
             from: "#expose_dir_rights",
             to: [ "#use_dir_rights" ],
         },
     ],
     expose: [
         {
             protocol: "fidl.test.components.Trigger",
             from: "#use_dir_rights",
         },
     ],
 }
	// Realm for the rights_integration_test that verifies offer filtering and rights inference is
	// correctly working and that rights that are filtered are correctly being opened with lower
	// privileges in the use_dir_rights child.
	{
	children: [
	{
	name: "use_dir_rights",
	url: "fuchsia-pkg://fuchsia.com/rights_integration_test#meta/use_dir_rights.cm",
	},
	{
	name: "expose_dir_rights",
	url: "fuchsia-pkg://fuchsia.com/rights_integration_test#meta/expose_dir_rights.cm",
	},
	],
	offer: [
	// This offer is invalidly increased in scope by the parent to rw*. This should fail and
	// result in the directory not being mapped to the child proccess.
	{
	directory: "read_only",
	from: "#expose_dir_rights",
	to: [ "#use_dir_rights" ],
	rights: [ "rw*" ],
	},
	{
	directory: "read_write",
	from: "#expose_dir_rights",
	to: [ "#use_dir_rights" ],
	},
	{
	directory: "read_write",
	from: "#expose_dir_rights",
	as: "/read_write_dup",
	to: [ "#use_dir_rights" ],
	},
	{
	directory: "read_exec",
	from: "#expose_dir_rights",
	to: [ "#use_dir_rights" ],
	},
	{
	directory: "read_admin",
	from: "#expose_dir_rights",
	to: [ "#use_dir_rights" ],
	},
	{
	directory: "read_only_after_scoped",
	from: "#expose_dir_rights",
	to: [ "#use_dir_rights" ],
	},
	],
	expose: [
	{
	protocol: "fidl.test.components.Trigger",
	from: "#use_dir_rights",
	},
	],
	}