extern void smack_rule_set_delete(SmackRuleSet handle);
/*!
- * Attach label set to rule set to enabled transparent long name conversion.
- * Note: does not take ownership of label set so caller must take care of
- * freeing it.
- *
- * @param rules rule set
- * @param labels label set
- */
-extern void smack_rule_set_attach_label_set(SmackRuleSet rules,
- SmackLabelSet labels);
-
-/*!
* Write rules to a given file.
*
* @param handle handle to a rules
* Add new rule to a rule set. Updates existing rule if there is already rule
* for the given subject and object.
*
- * @param handle handle to a rules
+ * Takes subject and object as long names and maps them to short names if the
+ * parameter labels is given (not set to NULL). In this case, if short labels
+ * are not found, this function fails and executes no action.
+ *
+ * @param handle handle to a rule set
* @param subject subject of the rule
* @param object object of the rule
- * @param access string defining access type
+ * @param access access string (rwxa)
+ * @param labels handle to a label set
* @return 0 on success
*/
extern int smack_rule_set_add(SmackRuleSet handle, const char *subject,
- const char *object, const char *access);
+ const char *object, const char *access,
+ SmackLabelSet labels);
/*!
* Remove rule from a rule set.
*
- * @param handle handle to a rules
+ * Takes subject and object as long names and maps them to short names if the
+ * parameter labels is given (not set to NULL). In this case, if short labels
+ * are not found, this function fails and executes no action.
+ *
+ * @param handle handle to a rule set
* @param subject subject of the rule
* @param object object of the rule
+ * @param labels handle to a label set
+ * @return 0 on success
*/
extern void smack_rule_set_remove(SmackRuleSet handle, const char *subject,
- const char *object);
+ const char *object, SmackLabelSet labels);
/*!
* Remove all rules with the given subject from a rule set.
*
- * @param handle handle to a rules
+ * Takes subject as long name and maps it to short name if the
+ * parameter labels is given (not set to NULL). In this case,
+ * if short label is not found, this function fails and executes
+ * no action.
+ *
+ * @param handle handle to a rule set
* @param subject subject of the rule
+ * @param labels handle to a label set
*/
extern void smack_rule_set_remove_by_subject(SmackRuleSet handle,
- const char *subject);
+ const char *subject,
+ SmackLabelSet labels);
/*!
* Remove all rules with the given object from a rule set.
+
+ * Takes subject as long name and maps it to short name if the
+ * parameter labels is given (not set to NULL). In this case,
+ * if short label is not found, this function fails and executes
+ * no action.
*
- * @param handle handle to a rules
+ * @param handle handle to a rule set
* @param object object of the rule
+ * @param labels handle to a label set
*/
extern void smack_rule_set_remove_by_object(SmackRuleSet handle,
- const char *object);
+ const char *object,
+ SmackLabelSet labels);
/*!
- * Does the given subject have at least the given access to the given object?
+ * Check access to a give object.
*
- * @param handle handle to a rules
+ * Takes subject and object as long names and maps them to short names if the
+ * parameter labels is given (not set to NULL). In this case, if short labels
+ * are not found, this function fails and executes no action.
+ *
+ * @param handle handle to a rule set
* @param subject subject of the rule
* @param object object of the rule
* @param access string defining access type
+ * @param labels handle to a label set
* @return boolean value
*/
extern int smack_rule_set_have_access(SmackRuleSet handle, const char *subject,
- const char *object, const char *access);
+ const char *object, const char *access,
+ SmackLabelSet labels);
/*!
* Create a new label set. The returned rule set must be freed with
struct _SmackRuleSet {
struct smack_subject *subjects;
- SmackLabelSet labels;
};
static int update_rule(struct smack_subject **subjects,
free(handle);
}
-void smack_rule_set_attach_label_set(SmackRuleSet rules,
- SmackLabelSet labels)
-{
- rules->labels = labels;
-}
-
int smack_rule_set_save_to_file(SmackRuleSet handle, const char *path)
{
struct smack_subject *s, *stmp;
}
int smack_rule_set_add(SmackRuleSet handle, const char *subject,
- const char *object, const char *access_str)
+ const char *object, const char *access_str,
+ SmackLabelSet labels)
{
unsigned access;
int ret;
- if (handle->labels != NULL) {
- subject = smack_label_set_to_short_name(handle->labels, subject);
- object = smack_label_set_to_short_name(handle->labels, object);
+ if (labels != NULL) {
+ subject = smack_label_set_to_short_name(labels, subject);
+ object = smack_label_set_to_short_name(labels, object);
if (subject == NULL || object == NULL)
return -1;
}
void smack_rule_set_remove(SmackRuleSet handle, const char *subject,
- const char *object)
+ const char *object, SmackLabelSet labels)
{
struct smack_subject *s = NULL;
struct smack_object *o = NULL;
- if (handle->labels != NULL) {
- subject = smack_label_set_to_short_name(handle->labels, subject);
- object = smack_label_set_to_short_name(handle->labels, object);
+ if (labels != NULL) {
+ subject = smack_label_set_to_short_name(labels, subject);
+ object = smack_label_set_to_short_name(labels, object);
if (subject == NULL || object == NULL)
return;
return;
}
-void smack_rule_set_remove_by_subject(SmackRuleSet handle, const char *subject)
+void smack_rule_set_remove_by_subject(SmackRuleSet handle, const char *subject,
+ SmackLabelSet labels)
{
struct smack_subject *s = NULL;
struct smack_object *o = NULL, *tmp = NULL;
- if (handle->labels != NULL) {
- subject = smack_label_set_to_short_name(handle->labels, subject);
+ if (labels != NULL) {
+ subject = smack_label_set_to_short_name(labels, subject);
if (subject == NULL)
return;
}
}
-void smack_rule_set_remove_by_object(SmackRuleSet handle, const char *object)
+void smack_rule_set_remove_by_object(SmackRuleSet handle, const char *object,
+ SmackLabelSet labels)
{
struct smack_subject *s = NULL, *tmp = NULL;
struct smack_object *o = NULL;
- if (handle->labels != NULL) {
- object = smack_label_set_to_short_name(handle->labels, object);
+ if (labels != NULL) {
+ object = smack_label_set_to_short_name(labels, object);
if (object == NULL)
return;
}
int smack_rule_set_have_access(SmackRuleSet handle, const char *subject,
- const char *object, const char *access_str)
+ const char *object, const char *access_str,
+ SmackLabelSet labels)
{
struct smack_subject *s = NULL;
struct smack_object *o = NULL;
unsigned ac;
- if (handle->labels != NULL) {
- subject = smack_label_set_to_short_name(handle->labels, subject);
- object = smack_label_set_to_short_name(handle->labels, object);
+ if (labels != NULL) {
+ subject = smack_label_set_to_short_name(labels, subject);
+ object = smack_label_set_to_short_name(labels, object);
if (subject == NULL || object == NULL)
- return -1;
+ return;
}
ac = str_to_ac(access_str);
int rc;
SmackRuleSet rules = smack_rule_set_new_from_file("data/add_new_rule-in.txt", NULL);
fail_unless(rules != NULL, "Reading rules failed");
- rc = smack_rule_set_add(rules, "Orange", "Apple", "ra");
+ rc = smack_rule_set_add(rules, "Orange", "Apple", "ra", NULL);
fail_unless(rc == 0, "Failed to add rule");
rc = smack_rule_set_save_to_kernel(rules, "add_new_rule-result.txt");
fail_unless(rc == 0, "Failed to write ruleset");
int rc;
SmackRuleSet rules = smack_rule_set_new_from_file("data/modify_existing_rule-in.txt", NULL);
fail_unless(rules != NULL, "Reading rules failed");
- rc = smack_rule_set_add(rules, "Foo", "Bar", "wx");
+ rc = smack_rule_set_add(rules, "Foo", "Bar", "wx", NULL);
fail_unless(rc == 0, "Failed to add rule");
rc = smack_rule_set_save_to_kernel(rules, "modify_existing_rule-result.txt");
fail_unless(rc == 0, "Failed to write ruleset");
int rc;
SmackRuleSet rules = smack_rule_set_new_from_file("data/remove_rule-in.txt", NULL);
fail_unless(rules != NULL, "Reading rules failed");
- smack_rule_set_remove(rules, "Orange", "Apple");
+ smack_rule_set_remove(rules, "Orange", "Apple", NULL);
rc = smack_rule_set_save_to_kernel(rules, "remove_rule-result.txt");
fail_unless(rc == 0, "Failed to write ruleset");
rc = files_equal("remove_rule-result.txt", "data/remove_rule-excepted.txt");
int rc;
SmackRuleSet rules = smack_rule_set_new_from_file("data/remove_rules_by_subject-in.txt", NULL);
fail_unless(rules != NULL, "Reading rules failed");
- smack_rule_set_remove_by_subject(rules, "Foo");
+ smack_rule_set_remove_by_subject(rules, "Foo", NULL);
rc = smack_rule_set_save_to_kernel(rules, "remove_rules_by_subject-result.txt");
fail_unless(rc == 0, "Failed to write ruleset");
rc = files_equal("remove_rules_by_subject-result.txt", "data/remove_rules_by_subject-excepted.txt");
int rc;
SmackRuleSet rules = smack_rule_set_new_from_file("data/remove_rules_by_object-in.txt", NULL);
fail_unless(rules != NULL, "Reading rules failed");
- smack_rule_set_remove_by_object(rules, "Apple");
+ smack_rule_set_remove_by_object(rules, "Apple", NULL);
rc = smack_rule_set_save_to_kernel(rules, "remove_rules_by_object-result.txt");
fail_unless(rc == 0, "Failed to write ruleset");
rc = files_equal("remove_rules_by_object-result.txt", "data/remove_rules_by_object-excepted.txt");
int rc;
SmackRuleSet rules = smack_rule_set_new_from_file("data/have_access_rule-in.txt", "Orange");
fail_unless(rules != NULL, "Reading rules failed");
- rc = smack_rule_set_have_access(rules, "Orange", "Apple", "a");
+ rc = smack_rule_set_have_access(rules, "Orange", "Apple", "a", NULL);
fail_unless(rc, "Have access \"a\" failed");
smack_rule_set_delete(rules);
}
int rc;
SmackRuleSet rules = smack_rule_set_new_from_file("data/have_access_rule-in.txt", "Orange");
fail_unless(rules != NULL, "Reading rules failed");
- smack_rule_set_remove(rules, "Orange", "Apple");
- rc = smack_rule_set_have_access(rules, "Orange", "Apple", "a");
+ smack_rule_set_remove(rules, "Orange", "Apple", NULL);
+ rc = smack_rule_set_have_access(rules, "Orange", "Apple", "a", NULL);
fail_unless(!rc, "Has access to a removed rule");
smack_rule_set_delete(rules);
}
END_TEST
-START_TEST(test_rule_set_attach_label_set_add_remove_rule)
+START_TEST(test_rule_set_add_remove_long)
{
int rc;
const char *sn;
SmackLabelSet labels = smack_label_set_new();
fail_unless(labels != NULL, "Creating label set failed");
- smack_rule_set_attach_label_set(rules, labels);
-
sn = smack_label_set_add(labels, LONG_LABEL_1);
fail_unless(sn != NULL, "Adding label was not succesful");
sn = smack_label_set_add(labels, LONG_LABEL_2);
fail_unless(sn != NULL, "Adding label was not succesful");
- rc = smack_rule_set_add(rules, LONG_LABEL_1, LONG_LABEL_2, "rx");
+ rc = smack_rule_set_add(rules, LONG_LABEL_1, LONG_LABEL_2, "rx", labels);
fail_unless(rc == 0, "Adding rule was not succesful");
- rc = smack_rule_set_add(rules, LONG_LABEL_2, LONG_LABEL_1, "rwa");
+ rc = smack_rule_set_add(rules, LONG_LABEL_2, LONG_LABEL_1, "rwa", labels);
fail_unless(rc == 0, "Adding rule was not succesful");
- smack_rule_set_remove(rules, LONG_LABEL_1, LONG_LABEL_2);
+ smack_rule_set_remove(rules, LONG_LABEL_1, LONG_LABEL_2, labels);
- rc = smack_rule_set_have_access(rules, LONG_LABEL_2, LONG_LABEL_1, "a");
+ rc = smack_rule_set_have_access(rules, LONG_LABEL_2, LONG_LABEL_1, "a", labels);
fail_unless(rc, "Access failure");
- rc = smack_rule_set_have_access(rules, LONG_LABEL_1, LONG_LABEL_2, "r");
+ rc = smack_rule_set_have_access(rules, LONG_LABEL_1, LONG_LABEL_2, "r", labels);
fail_unless(!rc, "Access failure");
smack_rule_set_delete(rules);
}
END_TEST
-START_TEST(test_rule_set_attach_label_set_add_rule_no_labels)
+START_TEST(test_rule_set_add_long_no_labels)
{
int rc;
SmackLabelSet labels = smack_label_set_new();
fail_unless(labels != NULL, "Creating label set failed");
- smack_rule_set_attach_label_set(rules, labels);
-
- rc = smack_rule_set_add(rules, LONG_LABEL_1, LONG_LABEL_2, "rx");
+ rc = smack_rule_set_add(rules, LONG_LABEL_1, LONG_LABEL_2, "rx", labels);
fail_unless(rc != 0, "Adding rule was succesful");
smack_rule_set_delete(rules);
tcase_add_test(tc_core, test_remove_rules_by_object);
tcase_add_test(tc_core, test_have_access_rule);
tcase_add_test(tc_core, test_have_access_removed_rule);
- tcase_add_test(tc_core, test_rule_set_attach_label_set_add_remove_rule);
- tcase_add_test(tc_core, test_rule_set_attach_label_set_add_rule_no_labels);
+ tcase_add_test(tc_core, test_rule_set_add_remove_long);
+ tcase_add_test(tc_core, test_rule_set_add_long_no_labels);
suite_add_tcase(s, tc_core);
return s;
projects / framework / security / smack.git / commitdiff