libsmack: fixed apply_accesses() (regression in d2283792)

Took accesses_apply() from 8fd0167 and converted it mechanically
as possible to use the changed struct smack_rule. Now smackload
works succesfully for a single file too. Mistake I did in
d2283792 was that I unncessarily cleaned up accesses_apply()
at the same time as changing things. My bad.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

diff --git a/libsmack/libsmack.c b/libsmack/libsmack.c
index 2799bec..28c2715 100644 (file)
--- a/libsmack/libsmack.c
+++ b/libsmack/libsmack.c
@@ -675,35 +675,25 @@ static int accesses_apply(struct smack_accesses *handle, int clear)
 
        for (rule = handle->first; rule != NULL; rule = rule->next) {
                access_code_to_str(clear ? 0 : rule->allow_code, allow_str);
-               if (rule->deny_code != -1)
-                       access_code_to_str(clear ? 0 : rule->allow_code, deny_str);
 
-               if (load2) {
-                       if (rule->deny_code != -1) /* modify? */ {
-                               ret = snprintf(buf, LOAD_LEN + 1,
-                                              KERNEL_MODIFY_FORMAT,
-                                              rule->subject, rule->object,
-                                              allow_str, deny_str);
-
-                               fd = change_fd;
-                       } else {
-                               ret = snprintf(buf, LOAD_LEN + 1,
-                                              KERNEL_LONG_FORMAT,
-                                              rule->subject, rule->object,
-                                              allow_str);
+               if (rule->deny_code != -1 && !clear) {
+                       access_code_to_str(clear ? 0 : rule->deny_code, deny_str);
 
-                               fd = load_fd;
-                       }
+                       fd = change_fd;
+                       ret = snprintf(buf, LOAD_LEN + 1, KERNEL_MODIFY_FORMAT,
+                                      rule->subject, rule->object,
+                                      allow_str,
+                                      deny_str);
                } else {
-                       if (rule->deny_code != -1) /* modify? */ {
-                               ret = -1;
-                               goto err_out;
-                       }
-
-                       ret = snprintf(buf, LOAD_LEN + 1, KERNEL_SHORT_FORMAT,
-                                      rule->subject, rule->object, allow_str);
-
                        fd = load_fd;
+                       if (load2)
+                               ret = snprintf(buf, LOAD_LEN + 1, KERNEL_LONG_FORMAT,
+                                              rule->subject, rule->object,
+                                              allow_str);
+                       else
+                               ret = snprintf(buf, LOAD_LEN + 1, KERNEL_SHORT_FORMAT,
+                                              rule->subject, rule->object,
+                                              allow_str);
                }
 
                if (ret < 0 || fd < 0) {
@@ -717,7 +707,6 @@ static int accesses_apply(struct smack_accesses *handle, int clear)
                        goto err_out;
                }
        }
-
        ret = 0;
 
 err_out: