Change order of items checking during getDirectoryContents() loop

Previously, the function called fstatat() even on . and .. which
could have been not wanted by the caller to get listed/analyzed.

This change was inspired by an issue where an error happened during
call to prepare_app() - error happened on calling fstatat(), during
checking if threads properly dropped capabilities/changed labels;
error was in accessing ".." element inside /proc/self/task,
while the audit logged, at the same time, a Smack error of access
attempt from label User::Pkg::<ID> to System::Privileged on
proc filesystem.

While this change doesn't fix that issue on its own, it optimizes
the code.

Change-Id: I83fda49530fb32776cf6edcc364dc574a7ee08f9

diff --git a/src/common/filesystem.cpp b/src/common/filesystem.cpp
index 3a4a4f5..5384ab1 100644 (file)
--- a/src/common/filesystem.cpp
+++ b/src/common/filesystem.cpp
@@ -79,13 +79,13 @@ FileNameVector getDirectoryContents(const std::string &path, const mode_t &mode,
             break;
         }
 
+        if (noDot && (!strcmp(ptr->d_name, ".") || !strcmp(ptr->d_name, "..")))
+            continue;
+
         struct stat finfo;
         if (0 > fstatat(dirfd(dir.get()), ptr->d_name, &finfo, AT_SYMLINK_NOFOLLOW))
             ThrowMsg(FS::Exception::FileError, "Error reading: " << ptr->d_name);
 
-        if (noDot && (!strcmp(ptr->d_name, ".") || !strcmp(ptr->d_name, "..")))
-            continue;
-
         if ((finfo.st_mode & S_IFMT) == mode)
             result.push_back(ptr->d_name);
     }