Rewrote has_permission in the POSIX runtime. We now only return with permission error a single time in symbolic execution mode.

The rewrite also fixes a bug reported in #1230.
Rewrote the FilePerm.c test accordingly.

2 files changed, 19 insertions, 28 deletions

diff --git a/runtime/POSIX/fd.c b/runtime/POSIX/fd.c
index be13a40b..b41d4e32 100644
--- a/runtime/POSIX/fd.c
+++ b/runtime/POSIX/fd.c
@@ -106,32 +106,18 @@ mode_t umask(mode_t mask) {
 
 
 /* Returns 1 if the process has the access rights specified by 'flags'
-   to the file with stat 's'.  Returns 0 otherwise*/
+   to the file with stat 's', and returns 0 otherwise. 
+   We allow access if any user has access to the file, so we ignore 
+   s->st_uid / geteuid() and s->st_gid / getegid(). */
 static int has_permission(int flags, struct stat64 *s) {
-  int write_access, read_access;
   mode_t mode = s->st_mode;
-  
-  if (flags & O_RDONLY || flags & O_RDWR)
-    read_access = 1;
-  else read_access = 0;
-
-  if (flags & O_WRONLY || flags & O_RDWR)
-    write_access = 1;
-  else write_access = 0;
-
-  /* XXX: We don't worry about process uid and gid for now. 
-     We allow access if any user has access to the file. */
-#if 0
-  uid_t uid = s->st_uid;
-  uid_t euid = geteuid();
-  gid_t gid = s->st_gid;
-  gid_t egid = getegid();
-#endif  
-
-  if (read_access && ((mode & S_IRUSR) | (mode & S_IRGRP) | (mode & S_IROTH)))
-    return 0;
+  int read_request = ((flags & O_RDONLY) | (flags & O_RDWR)) ? 1 : 0;
+  int write_request = ((flags & O_WRONLY) | (flags & O_RDWR)) ? 1 : 0;
 
-  if (write_access && !((mode & S_IWUSR) | (mode & S_IWGRP) | (mode & S_IWOTH)))
+  /* It is important to do this check using only bitwise operators so that we 
+     return 0 a single time in symbolic execution mode. */
+  if ((read_request  & !((mode & S_IRUSR) | (mode & S_IRGRP) | (mode & S_IROTH))) |
+      (write_request & !((mode & S_IWUSR) | (mode & S_IWGRP) | (mode & S_IWOTH))))
     return 0;
 
   return 1;
diff --git a/test/Runtime/POSIX/FilePerm.c b/test/Runtime/POSIX/FilePerm.c
index 418e3717..5fc9924f 100644
--- a/test/Runtime/POSIX/FilePerm.c
+++ b/test/Runtime/POSIX/FilePerm.c
@@ -1,21 +1,26 @@
+/* This test checks that when opening a symbolic file in R/W mode, we return exactly twice: 
+   once successfully, and the other time with a permission error */
+
 // RUN: %clang %s -emit-llvm %O0opt -c -o %t.bc
 // RUN: rm -rf %t.klee-out
-// RUN: %klee --output-dir=%t.klee-out --posix-runtime %t.bc --sym-files 1 10 --sym-stdout 2>%t.log 
+// RUN: %klee --output-dir=%t.klee-out --posix-runtime %t.bc --sym-files 1 10 | FileCheck %s
 // RUN: test -f %t.klee-out/test000001.ktest
 // RUN: test -f %t.klee-out/test000002.ktest
-// RUN: test -f %t.klee-out/test000003.ktest
+// RUN: not test -f %t.klee-out/test000003.ktest
 
 #include <stdio.h>       
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+#include <unistd.h>
 
 int main(int argc, char** argv) {
   int fd = open("A", O_RDWR);
   if (fd != -1)
-    fprintf(stderr, "File 'A' opened successfully\n");
-  else fprintf(stderr, "Cannot open file 'A'\n");
-
+    printf("File 'A' opened successfully\n");
+  // CHECK-DAG: File 'A' opened successfully
+  else printf("Cannot open file 'A'\n");
+  // CHECK-DAG: Cannot open file 'A'
   if (fd != -1)
     close(fd);
 }