UT_hash_handle hh;
};
-struct smack_ruleset {
+struct smack_rules {
struct smack_subject *subjects;
};
struct smack_user *users;
};
-static int update_rule(struct smack_ruleset *handle,
+static int update_rule(struct smack_subject **subjects,
const char *subject_str, const char *object_str,
unsigned ac);
-static int update_user(struct smack_users *handle,
+static void destroy_rules(struct smack_subject **subjects);
+static int update_user(struct smack_user **users,
const char *user, const char *label);
+static void destroy_users(struct smack_user **users);
inline unsigned str_to_ac(const char *str);
inline void ac_to_str(unsigned ac, char *str, int format);
-smack_ruleset_t smack_create_ruleset(void)
+smack_rules_t smack_create_rules(void)
{
- struct smack_ruleset *result =
- calloc(1, sizeof(struct smack_ruleset));
+ struct smack_rules *result =
+ calloc(1, sizeof(struct smack_rules));
return result;
}
-void smack_destroy_ruleset(smack_ruleset_t handle)
+void smack_destroy_rules(smack_rules_t handle)
{
- struct smack_subject *s;
- struct smack_object *o;
-
- while (handle->subjects != NULL) {
- s = handle->subjects;
- while (s->objects != NULL) {
- o = s->objects;
- HASH_DEL(s->objects, o);
- free(o);
- }
- HASH_DEL(handle->subjects, s);
- free(s);
- }
-
+ destroy_rules(&handle->subjects);
free(handle);
}
-int smack_read_rules(smack_ruleset_t handle, const char *path,
- const char *subject_filter)
+int smack_read_rules_from_file(smack_rules_t handle, const char *path,
+ const char *subject_filter)
{
FILE *file;
- char subject[SMACK64_LEN + 1];
- char object[SMACK64_LEN + 1];
- char access_str[SMACK_ACC_LEN];
- unsigned access;
- int ret;
+ char *buf = NULL;
+ const char *subject, *object, *access;
+ unsigned ac;
+ size_t size;
+ struct smack_subject *subjects = NULL;
+ int ret = 0;
file = fopen(path, "r");
if (file == NULL)
return -1;
- for (;;) {
- ret = fscanf(file, "%23s %23s %4s\n", subject, object,
- access_str);
- if (ret == EOF)
- break;
- if (ret != 3)
- continue;
-
- if (subject_filter == NULL ||
- strcmp(subject, subject_filter) == 0) {
- access = str_to_ac(access_str);
- if (update_rule(handle, subject, object, access) ==
- -1) {
- fclose(file);
- return -1;
- }
+ while (ret == 0 && getline(&buf, &size, file) != -1) {
+ subject = strtok(buf, " \n");
+ object = strtok(NULL, " \n");
+ access = strtok(NULL, " \n");
+
+ if (subject == NULL || object == NULL || access == NULL ||
+ strtok(NULL, " \n") != NULL) {
+ ret = -1;
+ } else if (subject_filter == NULL ||
+ strcmp(subject, subject_filter) == 0) {
+ ac = str_to_ac(access);
+ ret = update_rule(&subjects, subject, object, ac);
}
+
+ free(buf);
+ buf = NULL;
}
+ if (ferror(file))
+ ret = -1;
+
+ if (ret == 0) {
+ destroy_rules(&handle->subjects);
+ handle->subjects = subjects;
+ } else {
+ destroy_rules(&subjects);
+ }
+
+ free(buf);
fclose(file);
- return 0;
+ return ret;
}
-int smack_write_rules(smack_ruleset_t handle, const char *path, int format)
+int smack_write_rules_to_file(smack_rules_t handle, const char *path,
+ int format)
{
struct smack_subject *s, *stmp;
struct smack_object *o, *otmp;
return 0;
}
-int smack_add_rule(smack_ruleset_t handle, const char *subject,
+int smack_add_rule(smack_rules_t handle, const char *subject,
const char *object, const char *access_str)
{
unsigned access;
+ int ret;
access = str_to_ac(access_str);
- return (update_rule(handle, subject, object, access) == 0 ? 0 : -1);
+ ret = update_rule(&handle->subjects, subject, object, access);
+ return ret == 0 ? 0 : -1;
}
-void smack_remove_rule(smack_ruleset_t handle, const char *subject,
+void smack_remove_rule(smack_rules_t handle, const char *subject,
const char *object)
{
struct smack_subject *s = NULL;
free(o);
}
-void smack_remove_subject_rules(smack_ruleset_t handle, const char *subject)
+void smack_remove_rules_by_subject(smack_rules_t handle, const char *subject)
{
struct smack_subject *s = NULL;
struct smack_object *o = NULL, *tmp = NULL;
}
}
-void smack_remove_object_rules(smack_ruleset_t handle, const char *object)
+void smack_remove_rules_by_object(smack_rules_t handle, const char *object)
{
struct smack_subject *s = NULL, *tmp = NULL;
struct smack_object *o = NULL;
}
}
-int smack_have_access_rule(smack_ruleset_t handle, const char *subject,
+int smack_have_access_rule(smack_rules_t handle, const char *subject,
const char *object, const char *access_str)
{
struct smack_subject *s = NULL;
void smack_destroy_users(smack_users_t handle)
{
- struct smack_user *u, *tmp;
-
- HASH_ITER(hh, handle->users, u, tmp) {
- HASH_DEL(handle->users, u);
- free(u->user);
- free(u);
- }
+ destroy_users(&handle->users);
+ free(handle);
}
-int smack_read_users(smack_users_t handle, const char *path)
+int smack_read_users_from_file(smack_users_t handle, const char *path)
{
FILE *file;
char *buf = NULL;
size_t size;
- char *user;
- char *label;
+ const char *user, *label;
+ struct smack_user *users = NULL;
int ret = 0;
file = fopen(path, "r");
if (file == NULL)
return -1;
- while (getline(&buf, &size, file) != -1) {
- user = strtok(buf, " ");
- if (user == NULL || user[0] == '#')
- continue;
-
+ while (ret == 0 && getline(&buf, &size, file) != -1) {
+ user = strtok(buf, " \n");
label = strtok(NULL, " \n");
- if (label == NULL)
+
+ if (user == NULL || label == NULL ||
+ strtok(NULL, " \n") != NULL)
ret = -1;
else
- ret = update_user(handle, user, label);
+ ret = update_user(&users, user, label);
free(buf);
buf = NULL;
-
- if (ret != 0)
- break;
}
if (ferror(file))
ret = -1;
+ if (ret == 0) {
+ destroy_users(&handle->users);
+ handle->users = users;
+ } else {
+ destroy_users(&users);
+ }
+
free(buf);
fclose(file);
return 0;
}
-int smack_write_users(smack_users_t handle, const char *path)
+int smack_write_users_to_file(smack_users_t handle, const char *path)
{
struct smack_user *u, *tmp;
FILE *file;
return 0;
}
-int smack_set_file_smack(const char *path, const char *smack, int flags)
+int smack_set_smack_to_file(const char *path, const char *smack, int flags)
{
size_t size;
int ret;
if (size > SMACK64_LEN)
return -1;
- if ((flags & SMACK_SET_SYMLINK) == 0)
+ if ((flags & SMACK_XATTR_SYMLINK) == 0)
ret = setxattr(path, SMACK64, smack, size, 0);
else
ret = lsetxattr(path, SMACK64, smack, size, 0);
return ret;
}
-int smack_get_file_smack(const char *path, char **smack, int flags)
+int smack_get_smack_from_file(const char *path, char **smack, int flags)
{
ssize_t ret;
char *buf;
- if ((flags & SMACK_SET_SYMLINK) == 0)
+ if ((flags & SMACK_XATTR_SYMLINK) == 0)
ret = getxattr(path, SMACK64, NULL, 0);
else
ret = lgetxattr(path, SMACK64, NULL, 0);
buf = malloc(ret + 1);
- if ((flags & SMACK_SET_SYMLINK) == 0)
+ if ((flags & SMACK_XATTR_SYMLINK) == 0)
ret = getxattr(path, SMACK64, buf, ret);
else
ret = lgetxattr(path, SMACK64, buf, ret);
return 0;
}
-int smack_get_proc_smack(int pid, char **smack)
+int smack_get_smack_from_proc(int pid, char **smack)
{
char buf[LINE_BUFFER_SIZE];
FILE *file;
}
-static int update_rule(struct smack_ruleset *handle,
+static int update_rule(struct smack_subject **subjects,
const char *subject_str,
const char *object_str, unsigned ac)
{
strlen(object_str) > SMACK64_LEN)
return -ERANGE;
- HASH_FIND_STR(handle->subjects, subject_str, s);
+ HASH_FIND_STR(*subjects, subject_str, s);
if (s == NULL) {
s = calloc(1, sizeof(struct smack_subject));
strcpy(s->subject, subject_str);
- HASH_ADD_STR(handle->subjects, subject, s);
+ HASH_ADD_STR(*subjects, subject, s);
}
HASH_FIND_STR(s->objects, object_str, o);
return 0;
}
-static int update_user(struct smack_users *handle,
+static void destroy_rules(struct smack_subject **subjects)
+{
+ struct smack_subject *s;
+ struct smack_object *o;
+
+ while (*subjects != NULL) {
+ s = *subjects;
+ while (s->objects != NULL) {
+ o = s->objects;
+ HASH_DEL(s->objects, o);
+ free(o);
+ }
+ HASH_DEL(*subjects, s);
+ free(s);
+ }
+}
+
+static int update_user(struct smack_user **users,
const char *user, const char *label)
{
struct smack_user *u = NULL;
if (strlen(label) > SMACK64_LEN)
return -ERANGE;
- HASH_FIND_STR(handle->users, user, u);
+ HASH_FIND_STR(*users, user, u);
if (u == NULL) {
u = calloc(1, sizeof(struct smack_subject));
u->user = strdup(user);
- HASH_ADD_STR(handle->users, user, u);
+ HASH_ADD_STR(*users, user, u);
}
strcpy(u->label, label);
return 0;
}
+static void destroy_users(struct smack_user **users)
+{
+ struct smack_user *u, *tmp;
+
+ HASH_ITER(hh, *users, u, tmp) {
+ HASH_DEL(*users, u);
+ free(u->user);
+ free(u);
+ }
+}
+
inline unsigned str_to_ac(const char *str)
{
int i, count;
/*!
* Handle to a in-memory representation of set of Smack rules.
*/
-typedef struct smack_ruleset *smack_ruleset_t;
+typedef struct smack_rules *smack_rules_t;
typedef struct smack_users *smack_users_t;
#define SMACK_FORMAT_CONFIG 0
#define SMACK_FORMAT_KERNEL 1
-#define SMACK_SET_SYMLINK 1
+#define SMACK_XATTR_SYMLINK 1
#ifdef __cplusplus
extern "C" {
/*!
* Create a new rule set. The returned rule set must be freed with
- * smack_destroy_ruleset().
+ * smack_destroy_rules().
*
* @return handle to the rule set. Returns NULL if allocation fails.
*/
-extern smack_ruleset_t smack_create_ruleset(void);
+extern smack_rules_t smack_create_rules(void);
/*!
- * Free resources allocated by ruleset.
+ * Free resources allocated by rules.
*
- * @param handle handle to a ruleset
+ * @param handle handle to a rules
*/
-extern void smack_destroy_ruleset(smack_ruleset_t handle);
+extern void smack_destroy_rules(smack_rules_t handle);
/*!
- * Read rules from a given file. Rules can be optionally filtered with a
- * subject.
+ * Read rules from a given file. Rules can be optionally filtered by a
+ * subject. Old rules are replaced with read ruleset on success full
+ * read.
*
- * @param handle handle to a ruleset
+ * @param handle handle to a rules
* @param path path to the file containing rules
* @param subject read only rules for the given subject if not set to NULL.
* @return 0 on success
*/
-extern int smack_read_rules(smack_ruleset_t handle,
- const char *path,
- const char *subject);
+extern int smack_read_rules_from_file(smack_rules_t handle,
+ const char *path,
+ const char *subject);
/*!
* Write rules to a given file.
*
- * @param handle handle to a ruleset
+ * @param handle handle to a rules
* @param path path to the rules file
* @param format file format
* @return 0 on success
*/
-extern int smack_write_rules(smack_ruleset_t handle, const char *path,
- int format);
+extern int smack_write_rules_to_file(smack_rules_t handle, const char *path,
+ int format);
/*!
* Add new rule to a rule set.
*
- * @param handle handle to a ruleset
+ * @param handle handle to a rules
* @param subject subject of the rule
* @param object object of the rule
* @param access string defining access type
* @return 0 on success
*/
-extern int smack_add_rule(smack_ruleset_t handle, const char *subject,
+extern int smack_add_rule(smack_rules_t handle, const char *subject,
const char *object, const char *access);
/*!
* Remove rule from a rule set.
*
- * @param handle handle to a ruleset
+ * @param handle handle to a rules
* @param subject subject of the rule
* @param object object of the rule
*/
-extern void smack_remove_rule(smack_ruleset_t handle, const char *subject,
+extern void smack_remove_rule(smack_rules_t handle, const char *subject,
const char *object);
/*!
* Remove all rules with the given subject from a rule set.
*
- * @param handle handle to a ruleset
+ * @param handle handle to a rules
* @param subject subject of the rule
*/
-extern void smack_remove_subject_rules(smack_ruleset_t handle,
- const char *subject);
+extern void smack_remove_rules_by_subject(smack_rules_t handle,
+ const char *subject);
/*!
* Remove all rules with the given object from a rule set.
*
- * @param handle handle to a ruleset
+ * @param handle handle to a rules
* @param object object of the rule
*/
-extern void smack_remove_object_rules(smack_ruleset_t handle,
- const char *object);
+extern void smack_remove_rules_by_object(smack_rules_t handle,
+ const char *object);
/*!
* Does the given subject have at least the given access to the given object?
*
- * @param handle handle to a ruleset
+ * @param handle handle to a rules
* @param subject subject of the rule
* @param object object of the rule
* @param access string defining access type
* @return boolean value
*/
-extern int smack_have_access_rule(smack_ruleset_t handle, const char *subject,
+extern int smack_have_access_rule(smack_rules_t handle, const char *subject,
const char *object, const char *access);
/*!
* Create users database. The returned rule set must be freed with
- * smack_destroy_ruleset().
+ * smack_destroy_rules().
*
* @return handle to the users db. Returns NULL if creation fails.
*/
/*!
* Free users database.
*
- * @param handle handle to a ruleset
+ * @param handle handle to a rules
*/
extern void smack_destroy_users(smack_users_t handle);
* @param path path to the file containing users
* @return 0 on success
*/
-extern int smack_read_users(smack_users_t handle, const char *path);
+extern int smack_read_users_from_file(smack_users_t handle, const char *path);
/*!
* Write users to a given file.
* @param path path to the users file
* @return 0 on success
*/
-extern int smack_write_users(smack_users_t handle, const char *path);
+extern int smack_write_users_to_file(smack_users_t handle, const char *path);
/*!
* Set SMACK64 security attribute for a given path.
* @param flags set flags
* @return 0 on success
*/
-extern int smack_set_file_smack(const char *path, const char *smack,
- int flags);
+extern int smack_set_smack_to_file(const char *path, const char *smack,
+ int flags);
/*!
* Get SMACK64 security attribute for a given path.
* @param flags set flags
* @return 0 on success
*/
-extern int smack_get_file_smack(const char *path, char **smack,
- int flags);
+extern int smack_get_smack_from_file(const char *path, char **smack,
+ int flags);
/*!
* Get SMACK64 security attribute for a given pid.
* @param smack current value
* @return 0 on success
*/
-extern int smack_get_proc_smack(int pid, char **smack);
+extern int smack_get_smack_from_proc(int pid, char **smack);
#ifdef __cplusplus
}
START_TEST(test_add_new_rule)
{
int rc;
- smack_ruleset_t rules = smack_create_ruleset();
+ smack_rules_t rules = smack_create_rules();
fail_unless(rules != NULL, "Ruleset creation failed");
- rc = smack_read_rules(rules, "data/add_new_rule-in.txt", NULL);
+ rc = smack_read_rules_from_file(rules, "data/add_new_rule-in.txt", NULL);
fail_unless(rc == 0, "Failed to read ruleset");
rc = smack_add_rule(rules, "Orange", "Apple", "ra");
fail_unless(rc == 0, "Failed to add rule");
- rc = smack_write_rules(rules, "add_new_rule-result.txt", SMACK_FORMAT_KERNEL);
+ rc = smack_write_rules_to_file(rules, "add_new_rule-result.txt", SMACK_FORMAT_KERNEL);
fail_unless(rc == 0, "Failed to write ruleset");
rc = files_equal("add_new_rule-result.txt", "data/add_new_rule-excepted.txt");
fail_unless(rc == 1, "Unexcepted result");
- smack_destroy_ruleset(rules);
+ smack_destroy_rules(rules);
}
END_TEST
START_TEST(test_modify_existing_rule)
{
int rc;
- smack_ruleset_t rules = smack_create_ruleset();
+ smack_rules_t rules = smack_create_rules();
fail_unless(rules != NULL, "Ruleset creation failed");
- rc = smack_read_rules(rules, "data/modify_existing_rule-in.txt", NULL);
+ rc = smack_read_rules_from_file(rules, "data/modify_existing_rule-in.txt", NULL);
fail_unless(rc == 0, "Failed to read ruleset");
rc = smack_add_rule(rules, "Foo", "Bar", "wx");
fail_unless(rc == 0, "Failed to add rule");
- rc = smack_write_rules(rules, "modify_existing_rule-result.txt", SMACK_FORMAT_KERNEL);
+ rc = smack_write_rules_to_file(rules, "modify_existing_rule-result.txt", SMACK_FORMAT_KERNEL);
fail_unless(rc == 0, "Failed to write ruleset");
rc = files_equal("modify_existing_rule-result.txt", "data/modify_existing_rule-excepted.txt");
fail_unless(rc == 1, "Unexcepted result");
- smack_destroy_ruleset(rules);
+ smack_destroy_rules(rules);
}
END_TEST
START_TEST(test_rw_rules_config)
{
int rc;
- smack_ruleset_t rules = smack_create_ruleset();
+ smack_rules_t rules = smack_create_rules();
fail_unless(rules != NULL, "Ruleset creation failed");
- rc = smack_read_rules(rules, "data/write_rules_config-excepted.txt", NULL);
+ rc = smack_read_rules_from_file(rules, "data/write_rules_config-excepted.txt", NULL);
fail_unless(rc == 0, "Failed to read ruleset");
- rc = smack_write_rules(rules, "write_rules_config-result.txt", SMACK_FORMAT_CONFIG);
+ rc = smack_write_rules_to_file(rules, "write_rules_config-result.txt", SMACK_FORMAT_CONFIG);
fail_unless(rc == 0, "Failed to write ruleset");
rc = files_equal("write_rules_config-result.txt", "data/write_rules_config-excepted.txt");
fail_unless(rc == 1, "Unexcepted result");
- smack_destroy_ruleset(rules);
+ smack_destroy_rules(rules);
}
END_TEST
START_TEST(test_rw_rules_kernel)
{
int rc;
- smack_ruleset_t rules = smack_create_ruleset();
+ smack_rules_t rules = smack_create_rules();
fail_unless(rules != NULL, "Ruleset creation failed");
- rc = smack_read_rules(rules, "data/write_rules_config-excepted.txt", NULL);
+ rc = smack_read_rules_from_file(rules, "data/write_rules_config-excepted.txt", NULL);
fail_unless(rc == 0, "Failed to read ruleset");
- rc = smack_write_rules(rules, "write_rules_kernel-result.txt", SMACK_FORMAT_KERNEL);
+ rc = smack_write_rules_to_file(rules, "write_rules_kernel-result.txt", SMACK_FORMAT_KERNEL);
fail_unless(rc == 0, "Failed to write ruleset");
rc = files_equal("write_rules_kernel-result.txt", "data/write_rules_kernel-excepted.txt");
fail_unless(rc == 1, "Unexcepted result");
- smack_destroy_ruleset(rules);
+ smack_destroy_rules(rules);
}
END_TEST
START_TEST(test_remove_rule)
{
int rc;
- smack_ruleset_t rules = smack_create_ruleset();
+ smack_rules_t rules = smack_create_rules();
fail_unless(rules != NULL, "Ruleset creation failed");
- rc = smack_read_rules(rules, "data/remove_rule-in.txt", NULL);
+ rc = smack_read_rules_from_file(rules, "data/remove_rule-in.txt", NULL);
fail_unless(rc == 0, "Failed to read ruleset");
smack_remove_rule(rules, "Orange", "Apple");
- rc = smack_write_rules(rules, "remove_rule-result.txt", SMACK_FORMAT_KERNEL);
+ rc = smack_write_rules_to_file(rules, "remove_rule-result.txt", SMACK_FORMAT_KERNEL);
fail_unless(rc == 0, "Failed to write ruleset");
rc = files_equal("remove_rule-result.txt", "data/remove_rule-excepted.txt");
fail_unless(rc == 1, "Unexcepted result");
- smack_destroy_ruleset(rules);
+ smack_destroy_rules(rules);
}
END_TEST
-START_TEST(test_remove_subject_rules)
+START_TEST(test_remove_rules_by_subject)
{
int rc;
- smack_ruleset_t rules = smack_create_ruleset();
+ smack_rules_t rules = smack_create_rules();
fail_unless(rules != NULL, "Ruleset creation failed");
- rc = smack_read_rules(rules, "data/remove_subject_rules-in.txt", NULL);
+ rc = smack_read_rules_from_file(rules, "data/remove_rules_by_subject-in.txt", NULL);
fail_unless(rc == 0, "Failed to read ruleset");
- smack_remove_subject_rules(rules, "Foo");
- rc = smack_write_rules(rules, "remove_subject_rules-result.txt", SMACK_FORMAT_KERNEL);
+ smack_remove_rules_by_subject(rules, "Foo");
+ rc = smack_write_rules_to_file(rules, "remove_rules_by_subject-result.txt", SMACK_FORMAT_KERNEL);
fail_unless(rc == 0, "Failed to write ruleset");
- rc = files_equal("remove_subject_rules-result.txt", "data/remove_subject_rules-excepted.txt");
+ rc = files_equal("remove_rules_by_subject-result.txt", "data/remove_rules_by_subject-excepted.txt");
fail_unless(rc == 1, "Unexcepted result");
- smack_destroy_ruleset(rules);
+ smack_destroy_rules(rules);
}
END_TEST
-START_TEST(test_remove_object_rules)
+START_TEST(test_remove_rules_by_object)
{
int rc;
- smack_ruleset_t rules = smack_create_ruleset();
+ smack_rules_t rules = smack_create_rules();
fail_unless(rules != NULL, "Ruleset creation failed");
- rc = smack_read_rules(rules, "data/remove_object_rules-in.txt", NULL);
+ rc = smack_read_rules_from_file(rules, "data/remove_rules_by_object-in.txt", NULL);
fail_unless(rc == 0, "Failed to read ruleset");
- smack_remove_object_rules(rules, "Apple");
- rc = smack_write_rules(rules, "remove_object_rules-result.txt", SMACK_FORMAT_KERNEL);
+ smack_remove_rules_by_object(rules, "Apple");
+ rc = smack_write_rules_to_file(rules, "remove_rules_by_object-result.txt", SMACK_FORMAT_KERNEL);
fail_unless(rc == 0, "Failed to write ruleset");
- rc = files_equal("remove_object_rules-result.txt", "data/remove_object_rules-excepted.txt");
+ rc = files_equal("remove_rules_by_object-result.txt", "data/remove_rules_by_object-excepted.txt");
fail_unless(rc == 1, "Unexcepted result");
- smack_destroy_ruleset(rules);
+ smack_destroy_rules(rules);
}
END_TEST
START_TEST(test_have_access_rule)
{
int rc;
- smack_ruleset_t rules = smack_create_ruleset();
+ smack_rules_t rules = smack_create_rules();
fail_unless(rules != NULL, "Ruleset creation failed");
- rc = smack_read_rules(rules, "data/have_access_rule-in.txt", "Orange");
+ rc = smack_read_rules_from_file(rules, "data/have_access_rule-in.txt", "Orange");
fail_unless(rc == 0, "Failed to read ruleset");
rc = smack_have_access_rule(rules, "Orange", "Apple", "a");
fail_unless(rc, "Have access \"a\" failed");
- smack_destroy_ruleset(rules);
+ smack_destroy_rules(rules);
}
END_TEST
START_TEST(test_have_access_removed_rule)
{
int rc;
- smack_ruleset_t rules = smack_create_ruleset();
+ smack_rules_t rules = smack_create_rules();
fail_unless(rules != NULL, "Ruleset creation failed");
- rc = smack_read_rules(rules, "data/have_access_rule-in.txt", "Orange");
+ rc = smack_read_rules_from_file(rules, "data/have_access_rule-in.txt", "Orange");
fail_unless(rc == 0, "Failed to read ruleset");
smack_remove_rule(rules, "Orange", "Apple");
rc = smack_have_access_rule(rules, "Orange", "Apple", "a");
fail_unless(!rc, "Has access to a removed rule");
- smack_destroy_ruleset(rules);
+ smack_destroy_rules(rules);
}
END_TEST
int rc;
smack_users_t users = smack_create_users();
fail_unless(users != NULL, "Users creation failed");
- rc = smack_read_users(users, "data/rw_users-in.txt");
+ rc = smack_read_users_from_file(users, "data/rw_users-in.txt");
fail_unless(rc == 0, "Failed to read users");
- rc = smack_write_users(users, "rw_users-result.txt");
+ rc = smack_write_users_to_file(users, "rw_users-result.txt");
fail_unless(rc == 0, "Failed to write ruleset");
rc = files_equal("rw_users-result.txt", "data/rw_users-excepted.txt");
fail_unless(rc == 1, "Unexcepted result");
}
END_TEST
-START_TEST(test_set_file_smack)
+START_TEST(test_set_smack_to_file)
{
FILE *file;
int rc;
fprintf(file, "dummy\n");
fclose(file);
- rc = smack_set_file_smack("set_smack-dummy.txt", "Apple", 0);
+ rc = smack_set_smack_to_file("set_smack-dummy.txt", "Apple", 0);
fail_unless(rc == 0, "Failed to set SMACK64");
- rc = smack_get_file_smack("set_smack-dummy.txt", &smack, 0);
+ rc = smack_get_smack_from_file("set_smack-dummy.txt", &smack, 0);
fail_unless(rc == 0, "Failed to get SMACK64");
rc = strcmp(smack, "Apple");
}
END_TEST
-START_TEST(test_set_file_smack_symlink)
+START_TEST(test_set_smack_to_file_symlink)
{
FILE *file;
int rc;
symlink("unknown.txt", "set_smack-symlink.txt");
- rc = smack_set_file_smack("set_smack-symlink.txt", "Apple", SMACK_SET_SYMLINK);
+ rc = smack_set_smack_to_file("set_smack-symlink.txt", "Apple", SMACK_XATTR_SYMLINK);
fail_unless(rc == 0, "Failed to set SMACK64");
- rc = smack_get_file_smack("set_smack-symlink.txt", &smack, SMACK_SET_SYMLINK);
+ rc = smack_get_smack_from_file("set_smack-symlink.txt", &smack, SMACK_XATTR_SYMLINK);
fail_unless(rc == 0, "Failed to get SMACK64");
rc = strcmp(smack, "Apple");
tcase_add_test(tc_core, test_rw_rules_config);
tcase_add_test(tc_core, test_rw_rules_kernel);
tcase_add_test(tc_core, test_remove_rule);
- tcase_add_test(tc_core, test_remove_subject_rules);
- tcase_add_test(tc_core, test_remove_object_rules);
+ tcase_add_test(tc_core, test_remove_rules_by_subject);
+ tcase_add_test(tc_core, test_remove_rules_by_object);
tcase_add_test(tc_core, test_have_access_rule);
tcase_add_test(tc_core, test_have_access_removed_rule);
tcase_add_test(tc_core, test_rw_users);
suite_add_tcase(s, tc_core);
tc_core = tcase_create("Security attributes");
- tcase_add_test(tc_core, test_set_file_smack);
- tcase_add_test(tc_core, test_set_file_smack_symlink);
+ tcase_add_test(tc_core, test_set_smack_to_file);
+ tcase_add_test(tc_core, test_set_smack_to_file_symlink);
suite_add_tcase(s, tc_core);
return s;