bool checkNoAccesses(const char *subject, const char *object)
{
int result;
- for(const auto &perm : std::vector<std::string> () = {"r", "w", "a","t", "l"}) {
+
+ for(const auto &perm : std::vector<std::string> {"r", "w", "a","t", "l"}) {
result = smack_have_access(subject, object, perm.c_str());
if (result == 1) {
return false;
//should have no access - wrong rule, should be "r" only
result = smack_have_access("reader", "book", "rwx");
RUNNER_ASSERT_MSG_BT(result == 0, "Error while checking Smack access");
- //should fail - rule not exist
+ //should have no access - rule not exist
result = smack_have_access("s02badsubjectlabel", "book", "rwx");
- RUNNER_ASSERT_MSG_BT(result == -1, "Error while checking Smack access");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Error while checking Smack access");
//this subject do not exist in kernel rules
result = smack_revoke_subject("s02nonexistinglabel");
const std::string ruleAll = "x";
SecurityServer::AccessProvider provider(subject);
- provider.allowAPI("User", ruleAll);
- provider.allowAPI(object, access);
+ provider.addObjectRule("User", ruleAll);
+ provider.addObjectRule(object, access);
provider.applyAndSwithToUser(APP_UID, APP_GID);
}
//function inside checks if rule exist after add it
SecurityServer::AccessProvider provider(selfLabel);
- provider.allowAPI(filename, "l");
+ provider.addObjectRule(filename, "l");
provider.apply();
int ret = smack_have_access(selfLabel.c_str(), filename.c_str(), "l");