[SPARK-20172][Core] Add file permission check when listing files in FsHistoryProvider

core/src/main/scala/org/apache/spark/deploy/history/FsHistoryProvider.scala

@@ -27,7 +27,8 @@ import scala.xml.Node
 
 import com.google.common.io.ByteStreams
 import com.google.common.util.concurrent.{MoreExecutors, ThreadFactoryBuilder}
-import org.apache.hadoop.fs.{FileStatus, FileSystem, Path}
+import org.apache.hadoop.fs.{FileStatus, Path}
+import org.apache.hadoop.fs.permission.FsAction
 import org.apache.hadoop.hdfs.DistributedFileSystem
 import org.apache.hadoop.hdfs.protocol.HdfsConstants
 import org.apache.hadoop.security.AccessControlException
@@ -320,14 +321,15 @@ private[history] class FsHistoryProvider(conf: SparkConf, clock: Clock)
         .filter { entry =>
           try {
             val prevFileSize = fileToAppInfo.get(entry.getPath()).map{_.fileSize}.getOrElse(0L)
+            fs.access(entry.getPath, FsAction.READ)
             !entry.isDirectory() &&
               // FsHistoryProvider generates a hidden file which can't be read.  Accidentally
               // reading a garbage file is safe, but we would log an error which can be scary to
               // the end-user.
               !entry.getPath().getName().startsWith(".") &&
               prevFileSize < entry.getLen()
           } catch {
-            case e: AccessControlException =>
+            case _: AccessControlException =>
               // Do not use "logInfo" since these messages can get pretty noisy if printed on
               // every poll.
               logDebug(s"No permission to read $entry, ignoring.")
@@ -445,7 +447,7 @@ private[history] class FsHistoryProvider(conf: SparkConf, clock: Clock)
   /**
    * Replay the log files in the list and merge the list of old applications with new ones
    */
-  private def mergeApplicationListing(fileStatus: FileStatus): Unit = {
+  protected def mergeApplicationListing(fileStatus: FileStatus): Unit = {
     val newAttempts = try {
       val eventsFilter: ReplayEventsFilter = { eventString =>
         eventString.startsWith(APPL_START_EVENT_PREFIX) ||

core/src/test/scala/org/apache/spark/deploy/history/FsHistoryProviderSuite.scala

@@ -27,6 +27,7 @@ import scala.concurrent.duration._
 import scala.language.postfixOps
 
 import com.google.common.io.{ByteStreams, Files}
+import org.apache.hadoop.fs.FileStatus
 import org.apache.hadoop.hdfs.DistributedFileSystem
 import org.json4s.jackson.JsonMethods._
 import org.mockito.Matchers.any
@@ -571,6 +572,34 @@ class FsHistoryProviderSuite extends SparkFunSuite with BeforeAndAfter with Matc
     }
  }
 
+  test("log without read permission should be filtered out before actual reading") {
+    class TestFsHistoryProvider extends FsHistoryProvider(createTestConf()) {
+      var mergeApplicationListingCall = 0
+      override protected def mergeApplicationListing(fileStatus: FileStatus): Unit = {
+        super.mergeApplicationListing(fileStatus)
+        mergeApplicationListingCall += 1
+      }
+    }
+
+    val provider = new TestFsHistoryProvider
+    val log = newLogFile("app1", Some("app1"), inProgress = true)
+    writeFile(log, true, None,
+      SparkListenerApplicationStart("app1", Some("app1"), System.currentTimeMillis(),
+         "test", Some("attempt1")),
+      SparkListenerApplicationEnd(System.currentTimeMillis()))
+
+    // Set the read permission to false to simulate access permission not allowed scenario.
+    log.setReadable(false)
+
+    updateAndCheck(provider) { list =>
+      list.size should be (0)
+    }
+
+    // Because we already filter out logs without read permission, so it will get a empty file list
+    // and not invoke mergeApplicationListing() call.
+    provider.mergeApplicationListingCall should be (0)
+  }
+
   /**
    * Asks the provider to check for logs and calls a function to perform checks on the updated
    * app list. Example: