Fix buffer permissions for legacy reasons (#377)

This fixes a legacy case of apps on a broken state where the app asks
for complete protection but the buffer was created before we changed
the directory permissions.

Author: Reflejo

platform/swift/source/LoggerBridge.swift

@@ -26,8 +26,33 @@ func makeDirectoryAndDisableProtection(at path: String) throws {
     var fileProtection: AnyObject?
     try url.getResourceValue(&fileProtection, forKey: .fileProtectionKey)
     if let protection = fileProtection as? URLFileProtection, protection != .none {
+        // Remove any restrictions from to the top level folder
         try url.setResourceValue(URLFileProtection.none, forKey: .fileProtectionKey)
     }
+
+    // We now check if the buffers directory has the right permission, this might not be the case
+    // for cases where the app ran before we set the right permissions.
+    //
+    // TODO(Fz): Having the `buffers` hardcoded here is not ideal and can come and bite us in the
+    // future, we should remove this once newer sdk versions are widespread.
+    guard let buffers = url.appendingPathComponent("buffers", isDirectory: true),
+          manager.fileExists(atPath: buffers.path)
+    else {
+        return
+    }
+
+    // Check if the buffers/ directory has the right permissions, otherwise we'll recursively
+    // remove file restrictions (for legacy reasons)
+    let bufferAttributes = try buffers.resourceValues(forKeys: [.fileProtectionKey])
+    if bufferAttributes.fileProtection != URLFileProtection.none {
+        // Remove any restrictions from the top level buffers directory
+        try (buffers as NSURL).setResourceValue(URLFileProtection.none, forKey: .fileProtectionKey)
+
+        // Remove any restrictions for buffers/*
+        for item in try manager.contentsOfDirectory(at: buffers, includingPropertiesForKeys: []) {
+            try (item as NSURL).setResourceValue(URLFileProtection.none, forKey: .fileProtectionKey)
+        }
+    }
 }
 
 /// A wrapper around Rust logger ID that makes it possible to call Rust logger methods.

test/platform/swift/unit_integration/core/LoggerTests.swift

@@ -351,28 +351,44 @@ final class LoggerTests: XCTestCase {
         try! FileManager.default.createDirectory(at: existingWithComplete,
                                                  withIntermediateDirectories: true)
 
-        // Make sure protections are correct
-        XCTAssertEqual(.complete, try! protection(at: root.path))
-        XCTAssertEqual(.complete, try! protection(at: existingWithComplete.path))
-        XCTAssertNil(try! protection(at: existingWithNone.path))
+        // Create a buffer directory inside the root path (should inherit complete protection)
+        let buffers = root.appendingPathComponent("buffers")
+        try! FileManager.default.createDirectory(at: buffers,
+                                                 withIntermediateDirectories: true)
+
+        // Create a file under buffers to pretend like it's the ring buffer
+        let bufferFile = buffers.appendingPathComponent("bufferFile")
+        FileManager.default.createFile(atPath: bufferFile.path,
+                                       contents: "foobar".data(using: .ascii))
+        try! (bufferFile as NSURL).setResourceValue(URLFileProtection.complete, forKey: .fileProtectionKey)
 
         // Test to see if disable protection works on a new path
+        XCTAssertEqual(.complete, try! protection(at: root.path))
         let newPath = root.appendingPathComponent("newPath")
         XCTAssertFalse(FileManager.default.fileExists(atPath: newPath.path))
         try! makeDirectoryAndDisableProtection(at: newPath.path)
         XCTAssertEqual(.completeUntilFirstUserAuthentication,
                        try! protection(at: newPath.path))
 
         // Test to see if disable protection works on an existing path with complete
+        XCTAssertEqual(.complete, try! protection(at: existingWithComplete.path))
         XCTAssertTrue(FileManager.default.fileExists(atPath: existingWithComplete.path))
         try! makeDirectoryAndDisableProtection(at: existingWithComplete.path)
         XCTAssertEqual(.completeUntilFirstUserAuthentication,
                        try! protection(at: existingWithComplete.path))
 
         // Test to see if disable protection works on an existing path with none
+        XCTAssertNil(try! protection(at: existingWithNone.path))
         XCTAssertTrue(FileManager.default.fileExists(atPath: existingWithNone.path))
         try! makeDirectoryAndDisableProtection(at: existingWithNone.path)
         XCTAssertNil(try! protection(at: existingWithNone.path))
+
+        // Test to see if disable protection works on all files under buffers
+        XCTAssertEqual(.complete, try! protection(at: bufferFile.path))
+        XCTAssertTrue(FileManager.default.fileExists(atPath: bufferFile.path))
+        try! makeDirectoryAndDisableProtection(at: root.path)
+        XCTAssertEqual(.completeUntilFirstUserAuthentication,
+                       try! protection(at: bufferFile.path))
     }
 }