libsmack: change semantics of rule allow_code and deny_code
Fields in struct smack_rule are used to store either set or modify rule.
Set rules used to be distinguished by having deny_code = -1.
It is more convenient to have it differently: allow_code describing bits
that are to be set, deny_code describing bits that are to be cleared.
With that semantics access_code = ~deny_code for set rules. This enables
easy replacement of change rules that can be simplified to a set rule.
Thanks José Bollo for original idea about simplifying modify rules.
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>