From ac9cf6d74185e21a1ff164d588ba5f12ee807a0b Mon Sep 17 00:00:00 2001
From: Quentin Kaiser <quentin.kaiser@onekey.com>
Date: Wed, 22 Jan 2025 11:15:33 +0100
Subject: [PATCH] fix(sandbox): add remove_dir/remove_file permissions to
 sandbox

When an extraction directory is empty, unblob will try to delete it.

This can lead to PermissionError due to insufficient permissions within
the sandbox. The same can happen when deleting files.

We therefore allow unblob to delete directories and files from the
extraction directory with the remove_dir and remove_file permissions.
---
 unblob/sandbox.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/unblob/sandbox.py b/unblob/sandbox.py
index d12b27f0ea..1e6c969b16 100644
--- a/unblob/sandbox.py
+++ b/unblob/sandbox.py
@@ -47,6 +47,8 @@ def __init__(
             AccessFS.read_write("/dev/shm"),  # noqa: S108
             # Extracted contents
             AccessFS.read_write(config.extract_root),
+            AccessFS.remove_dir(config.extract_root),
+            AccessFS.remove_file(config.extract_root),
             AccessFS.make_dir(config.extract_root.parent),
             AccessFS.read_write(log_path),
             *extra_passthrough,