profiles/internal/ipc: Add Glob error when user doesn't have access
With this change, Glob will return an error when some part of the
pattern touches an object that the user is not authorized to access,
without revealing which object triggered the error.
It is still possible to guess the name of hidden objects with a lot
of trial and error. If a/foo is hidden, the user could glob a/*, then
a/a*, a/b*, ..., a/f*, a/fa*, etc.
From a usability perspective, it is better to leak a little bit
informaiton than to return unexpected results when access permissions
aren't set correctly.
MultiPart: 1/2
Change-Id: Id27dbb39840a4d4401cad48d9d5fb55a6af2a0ea
9 files changed
