| // Realm for the rights_integration_test that verifies offer filtering and rights inference is |
| // correctly working and that rights that are filtered are correctly being opened with lower |
| // privileges in the use_dir_rights child. |
| { |
| children: [ |
| { |
| name: "use_dir_rights", |
| url: "fuchsia-pkg://fuchsia.com/rights_integration_test#meta/use_dir_rights.cm", |
| }, |
| { |
| name: "expose_dir_rights", |
| url: "fuchsia-pkg://fuchsia.com/rights_integration_test#meta/expose_dir_rights.cm", |
| }, |
| ], |
| offer: [ |
| // This offer is invalidly increased in scope by the parent to rw*. This should fail and |
| // result in the directory not being mapped to the child proccess. |
| { |
| directory: "read_only", |
| from: "#expose_dir_rights", |
| to: [ "#use_dir_rights" ], |
| rights: [ "rw*" ], |
| }, |
| { |
| directory: "read_write", |
| from: "#expose_dir_rights", |
| to: [ "#use_dir_rights" ], |
| }, |
| { |
| directory: "read_write", |
| from: "#expose_dir_rights", |
| as: "/read_write_dup", |
| to: [ "#use_dir_rights" ], |
| }, |
| { |
| directory: "read_exec", |
| from: "#expose_dir_rights", |
| to: [ "#use_dir_rights" ], |
| }, |
| { |
| directory: "read_admin", |
| from: "#expose_dir_rights", |
| to: [ "#use_dir_rights" ], |
| }, |
| { |
| directory: "read_only_after_scoped", |
| from: "#expose_dir_rights", |
| to: [ "#use_dir_rights" ], |
| }, |
| ], |
| expose: [ |
| { |
| protocol: "fidl.test.components.Trigger", |
| from: "#use_dir_rights", |
| }, |
| ], |
| } |