From 79f626c313f693f9866a9a29931f4111cf0666f4 Mon Sep 17 00:00:00 2001
From: Kyungwook Tak <k.tak@samsung.com>
Date: Wed, 8 Jun 2016 11:17:51 +0900
Subject: [PATCH] Fix bug: File read permission check is missed

when get stat of file, file read permission should be checked
additionally. ::stat() function doesn't require permission on the file
itself but require all permissions of the directories in path that lead
to the file.

Change-Id: Ia91c188fe20a90784ebad8109930ff3726f5ca72
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
---
 src/framework/service/file-system.cpp |  4 ++--
 src/framework/service/fs-utils.cpp    | 11 ++++++++---
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/framework/service/file-system.cpp b/src/framework/service/file-system.cpp
index 5e19d78..973ce54 100644
--- a/src/framework/service/file-system.cpp
+++ b/src/framework/service/file-system.cpp
@@ -241,7 +241,7 @@ FilePtr File::createInternal(const std::string &fpath, time_t modifiedSince,
 	auto statptr = getStat(fpath);
 
 	if (statptr == nullptr)
-		ThrowExc(CSR_ERROR_FILE_DO_NOT_EXIST, "file not exist: " << fpath);
+		ThrowExc(CSR_ERROR_FILE_DO_NOT_EXIST, "file not exist or no permission: " << fpath);
 	else if (!S_ISREG(statptr->st_mode) && !S_ISDIR(statptr->st_mode))
 		ThrowExc(CSR_ERROR_FILE_SYSTEM, "file type is not reguler or dir: " << fpath);
 
@@ -270,7 +270,7 @@ FsVisitorPtr FsVisitor::create(const std::string &dirpath, time_t modifiedSince)
 {
 	auto statptr = getStat(dirpath);
 	if (statptr == nullptr)
-		ThrowExc(CSR_ERROR_FILE_DO_NOT_EXIST, "directory not exist: " << dirpath);
+		ThrowExc(CSR_ERROR_FILE_DO_NOT_EXIST, "directory not exist or no permission: " << dirpath);
 	else if (!S_ISDIR(statptr->st_mode))
 		ThrowExc(CSR_ERROR_FILE_SYSTEM, "file type is not directory: " << dirpath);
 	else
diff --git a/src/framework/service/fs-utils.cpp b/src/framework/service/fs-utils.cpp
index 0e0ba1b..52d0de1 100644
--- a/src/framework/service/fs-utils.cpp
+++ b/src/framework/service/fs-utils.cpp
@@ -23,6 +23,7 @@
 
 #include <cstring>
 #include <cerrno>
+#include <unistd.h>
 
 #include "common/audit/logger.h"
 
@@ -33,20 +34,24 @@ std::unique_ptr<struct stat> getStat(const std::string &target)
 	std::unique_ptr<struct stat> statptr(new struct stat);
 	memset(statptr.get(), 0x00, sizeof(struct stat));
 
-	if (stat(target.c_str(), statptr.get()) != 0) {
+	if (::stat(target.c_str(), statptr.get()) != 0) {
 		const int err = errno;
 
 		if (err == ENOENT)
 			WARN("target not exist: " << target);
 		else if (err == EACCES)
-			WARN("no permission to read target: " << target);
+			WARN("no permission to read path: " << target);
 		else
 			ERROR("stat() failed on target: " << target << " errno: " << err);
 
 		return nullptr;
 	}
 
-	return statptr;
+	// if no permission to read, return nullptr
+	if (::access(target.c_str(), R_OK) != 0)
+		return nullptr;
+	else
+		return statptr;
 }
 
 }
-- 
2.7.4