smack_get_file_smack().
return ((o->ac & ac) == ac);
}
-int smack_set_file_smack(const char *path, const char *smack)
+int smack_set_file_smack(const char *path, const char *smack, int flags)
{
size_t size;
int ret;
if (size > SMACK64_LEN)
return -1;
- ret = setxattr(path, SMACK64, smack, size, 0);
+ if ((flags & SMACK_SET_SYMLINK) == 0)
+ ret = setxattr(path, SMACK64, smack, size, 0);
+ else
+ ret = lsetxattr(path, SMACK64, smack, size, 0);
return ret;
}
-int smack_get_file_smack(const char *path, char **smack)
+int smack_get_file_smack(const char *path, char **smack, int flags)
{
ssize_t ret;
char *buf;
- ret = getxattr(path, SMACK64, NULL, 0);
+ if ((flags & SMACK_SET_SYMLINK) == 0)
+ ret = getxattr(path, SMACK64, NULL, 0);
+ else
+ ret = lgetxattr(path, SMACK64, NULL, 0);
+
if (ret < 0)
return -1;
buf = malloc(ret + 1);
- ret = getxattr(path, SMACK64, buf, ret);
+
+ if ((flags & SMACK_SET_SYMLINK) == 0)
+ ret = getxattr(path, SMACK64, buf, ret);
+ else
+ ret = lgetxattr(path, SMACK64, buf, ret);
+
if (ret < 0) {
free(buf);
return -1;
#define SMACK_FORMAT_CONFIG 0
#define SMACK_FORMAT_KERNEL 1
+#define SMACK_SET_SYMLINK 1
+
#ifdef __cplusplus
extern "C" {
#endif
const char *object, const char *access);
/*!
- * Set SMACK64 security attribute for a given path. Follows symbolic links.
+ * Set SMACK64 security attribute for a given path.
*
* @param path path to a file
* @param smack new value
+ * @param flags set flags
* @return 0 on success
*/
-extern int smack_set_file_smack(const char *path, const char *smack);
+extern int smack_set_file_smack(const char *path, const char *smack,
+ int flags);
/*!
- * Get SMACK64 security attribute for a given path. Follows symbolic links.
+ * Get SMACK64 security attribute for a given path.
* Allocated memory must be freed by the caller.
*
* @param path path to a file
* @param smack current value
+ * @param flags set flags
* @return 0 on success
*/
-extern int smack_get_file_smack(const char *path, char **smack);
+extern int smack_get_file_smack(const char *path, char **smack,
+ int flags);
/*!
* Get SMACK64 security attribute for a given pid.
fprintf(file, "dummy\n");
fclose(file);
- rc = smack_set_file_smack("set_smack-dummy.txt", "Apple");
+ rc = smack_set_file_smack("set_smack-dummy.txt", "Apple", 0);
fail_unless(rc == 0, "Failed to set SMACK64");
- rc = smack_get_file_smack("set_smack-dummy.txt", &smack);
+ rc = smack_get_file_smack("set_smack-dummy.txt", &smack, 0);
+ fail_unless(rc == 0, "Failed to get SMACK64");
+
+ rc = strcmp(smack, "Apple");
+ fail_unless(rc == 0, "smack %s not equal to Apple", smack);
+
+ free(smack);
+}
+END_TEST
+
+START_TEST(test_set_file_smack_symlink)
+{
+ FILE *file;
+ int rc;
+ char *smack;
+
+ symlink("unknown.txt", "set_smack-symlink.txt");
+
+ rc = smack_set_file_smack("set_smack-symlink.txt", "Apple", SMACK_SET_SYMLINK);
+ fail_unless(rc == 0, "Failed to set SMACK64");
+
+ rc = smack_get_file_smack("set_smack-symlink.txt", &smack, SMACK_SET_SYMLINK);
fail_unless(rc == 0, "Failed to get SMACK64");
rc = strcmp(smack, "Apple");
tcase_add_test(tc_core, test_have_access_removed_rule);
suite_add_tcase(s, tc_core);
- /*
tc_core = tcase_create("Security attributes");
tcase_add_test(tc_core, test_set_file_smack);
+ tcase_add_test(tc_core, test_set_file_smack_symlink);
suite_add_tcase(s, tc_core);
- */
return s;
}