[sys] Remove remaining usages of FLAG_POSIX_*

Test: fx test //src/sys/component_manager

Bug: 378924259
Change-Id: I3b3bff70bf9b0ff880af09daa7d433967809b0e6
Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/1191813
Commit-Queue: Brandon Castellano <[email protected]>
Reviewed-by: Claire Gonyeo <[email protected]>

Author: Breakthrough

src/sys/component_manager/src/framework/realm.rs

@@ -12,7 +12,7 @@ use anyhow::Error;
 use async_trait::async_trait;
 use cm_config::RuntimeConfig;
 use cm_rust::FidlIntoNative;
-use cm_types::{Name, OPEN_FLAGS_MAX_POSSIBLE_RIGHTS};
+use cm_types::{Name, FLAGS_MAX_POSSIBLE_RIGHTS};
 use errors::OpenExposedDirError;
 use fidl::endpoints::{DiscoverableProtocolMarker, ServerEnd};
 use futures::prelude::*;
@@ -210,11 +210,8 @@ impl RealmCapabilityProvider {
                     );
                     return fcomponent::Error::InstanceCannotResolve;
                 })?;
-                // open_exposed does not have a rights input parameter, so this
-                // makes use of the  POSIX_[WRITABLE|EXECUTABLE] flags to open
-                // a connection with those rights if available from the parent
-                // directory connection but without failing if not available.
-                let flags = OPEN_FLAGS_MAX_POSSIBLE_RIGHTS | fio::OpenFlags::DIRECTORY;
+                // We request the maximum possible rights from the parent directory connection.
+                let flags = FLAGS_MAX_POSSIBLE_RIGHTS | fio::Flags::PROTOCOL_DIRECTORY;
                 let mut object_request = flags.to_object_request(exposed_dir);
                 child
                     .open_exposed(OpenRequest::new(
@@ -1166,19 +1163,15 @@ mod tests {
             .now_or_never();
         assert!(event.is_none());
 
-        // Check flags on directory opened. These are not exactly the flags we
-        // set in `open_exposed_dir`, because fuchsia.io transforms POSIX_*
-        // flags into their respective {RIGHT_READABLE, RIGHT_WRITABLE,
-        // RIGHT_EXECUTABLE} variants if and only if all intermediate nodes are
-        // readable, writable, or executable. Additionally, we already know
-        // this is a directory, and fuchsia.io does not propagate that flag.
-        let (status, flags) = dir_proxy.get_flags().await.expect("getting exposed dir flags");
-        assert_matches!(zx::Status::ok(status), Ok(()));
+        // Check flags on directory opened. This should match the maximum set of rights for every
+        // directory connection along the open chain.
+        let flags = dir_proxy.get_flags2().await.expect("FIDL error").expect("GetFlags error");
         assert_eq!(
             flags,
-            fio::OpenFlags::RIGHT_READABLE
-                | fio::OpenFlags::RIGHT_WRITABLE
-                | fio::OpenFlags::RIGHT_EXECUTABLE
+            fio::PERM_READABLE
+                | fio::PERM_WRITABLE
+                | fio::PERM_EXECUTABLE
+                | fio::Flags::PROTOCOL_DIRECTORY
         );
 
         // Now that it was asserted that "system:0" has yet to start,

src/sys/lib/cm_types/src/lib.rs

@@ -108,36 +108,13 @@ pub const MAX_LONG_NAME_LENGTH: usize = 1024;
 pub const MAX_PATH_LENGTH: usize = fio::MAX_PATH_LENGTH as usize;
 pub const MAX_URL_LENGTH: usize = 4096;
 
-/// This asks for the maximum possible rights that the parent connection will allow; this will
-/// include the writable and executable rights if the parent connection has them, but won't fail if
-/// it doesn't.
-// TODO(https://fxbug.dev/324111518): Remove this once we migrate to using Open3.
-pub const OPEN_FLAGS_MAX_POSSIBLE_RIGHTS: fio::OpenFlags = fio::OpenFlags::RIGHT_READABLE
-    .union(fio::OpenFlags::POSIX_WRITABLE)
-    .union(fio::OpenFlags::POSIX_EXECUTABLE);
-
-#[cfg(fuchsia_api_level_at_least = "HEAD")]
 /// This asks for the maximum possible rights that the parent connection will allow; this will
 /// include the writable and executable rights if the parent connection has them, but won't fail if
 /// it doesn't.
 pub const FLAGS_MAX_POSSIBLE_RIGHTS: fio::Flags = fio::PERM_READABLE
     .union(fio::Flags::PERM_INHERIT_WRITE)
     .union(fio::Flags::PERM_INHERIT_EXECUTE);
 
-#[cfg(fuchsia_api_level_less_than = "HEAD")]
-/// This asks for the maximum possible rights that the parent connection will allow; this will
-/// include the writable and executable rights if the parent connection has them, but won't fail if
-/// it doesn't.
-// Note that when opening a node as readable, we expect the connection to have the following set of
-// permissions: `PERM_CONNECT | PERM_ENUMERATE | PERM_TRAVERSE | PERM_READ | PERM_GET_ATTRIBUTES`.
-pub const FLAGS_MAX_POSSIBLE_RIGHTS: fio::Flags = fio::Flags::PERM_READ
-    .union(fio::Flags::PERM_CONNECT)
-    .union(fio::Flags::PERM_ENUMERATE)
-    .union(fio::Flags::PERM_TRAVERSE)
-    .union(fio::Flags::PERM_GET_ATTRIBUTES)
-    .union(fio::Flags::PERM_INHERIT_WRITE)
-    .union(fio::Flags::PERM_INHERIT_EXECUTE);
-
 /// A name that can refer to a component, collection, or other entity in the
 /// Component Manifest. Its length is bounded to `MAX_NAME_LENGTH`.
 pub type Name = BoundedName<MAX_NAME_LENGTH>;