From 0b15a3daec45cf1488994e742529735f16b4c59b Mon Sep 17 00:00:00 2001
From: Jarkko Sakkinen <jarkko.sakkinen@intel.com>
Date: Mon, 3 Oct 2011 15:35:06 +0300
Subject: [PATCH] First round of API clean up for preparing for 1.0 freeze.
 Fixed unit tests.

---
 src/smack.c         | 63 +++++------------------------------------------------
 src/smack.h         | 49 ++++++-----------------------------------
 tests/check_smack.c | 36 +++++++++++++++---------------
 3 files changed, 31 insertions(+), 117 deletions(-)

diff --git a/src/smack.c b/src/smack.c
index a9478e7..5e5e649 100644
--- a/src/smack.c
+++ b/src/smack.c
@@ -33,6 +33,7 @@
 #include <sys/stat.h>
 #include <sys/socket.h>
 
+#define SMACK_LOAD_PATH "/smack/load"
 #define SMACK_LEN 23
 
 #define ACC_R 1
@@ -77,8 +78,6 @@ static time_t global_rules_mtime = 0;
 static pthread_mutex_t global_rules_mutex = PTHREAD_MUTEX_INITIALIZER;
 static char *global_rules_path = NULL;
 
-static const char * const SMACK_LOAD_PATH = "/smack/load";
-
 static void free_global_rules(void)
 {
 	smack_rule_set_free(global_rules);
@@ -247,7 +246,7 @@ out:
 	return ret;
 }
 
-int smack_rule_set_apply_kernel(SmackRuleSet handle)
+int smack_rule_set_apply_kernel(SmackRuleSet handle, const char *path)
 {
 	struct smack_subject *s, *stmp;
 	struct smack_object *o, *otmp;
@@ -255,7 +254,7 @@ int smack_rule_set_apply_kernel(SmackRuleSet handle)
 	char str[6];
 	int err = 0;
 
-	file = fopen(SMACK_LOAD_PATH, "w+");
+	file = fopen(path, "w");
 	if (!file)
 		return -1;
 
@@ -277,7 +276,7 @@ int smack_rule_set_apply_kernel(SmackRuleSet handle)
 	return 0;
 }
 
-int smack_rule_set_clear_kernel(SmackRuleSet handle)
+int smack_rule_set_clear_kernel(SmackRuleSet handle, const char *path)
 {
 	struct smack_subject *s, *stmp;
 	struct smack_object *o, *otmp;
@@ -285,7 +284,7 @@ int smack_rule_set_clear_kernel(SmackRuleSet handle)
 	char str[6];
 	int err = 0;
 
-	file = fopen(SMACK_LOAD_PATH, "w+");
+	file = fopen(path, "w");
 	if (!file)
 		return -1;
 
@@ -381,58 +380,6 @@ int smack_rule_set_have_access(SmackRuleSet handle, const char *subject,
 	return ((o->ac & ac) == ac);
 }
 
-SmackRuleSetIter smack_rule_set_iter_new(void)
-{
-	SmackRuleSetIter iter = calloc(1, sizeof(struct _SmackRuleSetIter));
-	return iter;
-}
-
-void smack_rule_set_iter_free(SmackRuleSetIter iter)
-{
-	if (iter != NULL)
-		free(iter);
-}
-
-void smack_rule_set_iter_get(SmackRuleSet handle,
-			     SmackRuleSetIter iter)
-{
-	iter->subject = handle->subjects;
-	iter->object = NULL;
-}
-
-int smack_rule_set_iter_next(SmackRuleSetIter iter,
-			     const char **subject,
-			     const char **object,
-			     const char **access)
-{
-	struct smack_subject *s;
-	struct smack_object *o;
-
-	if (iter->subject == NULL)
-		return -1;
-
-	if (iter->object == NULL)
-		iter->object = iter->subject->objects;
-	else
-		iter->object = iter->object->hh.next;
-
-	if (iter->object == NULL) {
-		iter->subject = iter->subject->hh.next;
-		if (iter->subject == NULL)
-			return -1;
-		iter->object = iter->subject->objects;
-	}
-
-	if (iter->object == NULL)
-		return -1;
-
-	*subject = iter->subject->subject;
-	*object = iter->object->object;
-	*access = iter->object->acstr;
-
-	return 0;
-}
-
 int smack_have_access(const char *subject, const char *object,
                       const char *access_type)
 {
diff --git a/src/smack.h b/src/smack.h
index d34add3..3640fc1 100644
--- a/src/smack.h
+++ b/src/smack.h
@@ -2,6 +2,7 @@
  * This file is part of libsmack
  *
  * Copyright (C) 2010 Nokia Corporation
+ * Copyright (C) 2011 Intel Corporation
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public License
@@ -37,8 +38,6 @@
  */
 typedef struct _SmackRuleSet *SmackRuleSet;
 
-typedef struct _SmackRuleSetIter *SmackRuleSetIter;
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -70,20 +69,22 @@ extern void smack_rule_set_free(SmackRuleSet handle);
 extern int smack_rule_set_save(SmackRuleSet handle, const char *path);
 
 /*!
- * Apply rules to kernel.
+ * Write rules in SmackFS format.
  *
  * @param handle handle to a rule set
+ * @param path path to the load file
  * @return Returns negative value on failure.
  */
-extern int smack_rule_set_apply_kernel(SmackRuleSet handle);
+extern int smack_rule_set_apply_kernel(SmackRuleSet handle, const char *path);
 
 /*!
- * Clear given set of rules from kernel.
+ * Write rules in SmackFS format with access type set to -.
  *
  * @param handle handle to a rules
+ * @param path path to the load file
  * @return Returns negative value on failure.
  */
-extern int smack_rule_set_clear_kernel(SmackRuleSet handle);
+extern int smack_rule_set_clear_kernel(SmackRuleSet handle, const char *path);
 
 /*!
  * Add new rule to a rule set. Updates existing rule if there is already rule
@@ -143,42 +144,6 @@ extern int smack_rule_set_have_access(SmackRuleSet handle, const char *subject,
 				      const char *object, const char *access);
 
 /*!
- * Create new rule set iterator.
- *
- * @return new iterator instance
- */
-extern SmackRuleSetIter smack_rule_set_iter_new(void);
-
-/*!
- * Free rule set iterator.
- *
- * @param iter iterator
- */
-extern void smack_rule_set_iter_free(SmackRuleSetIter iter);
-
-/*!
- * Set iterator into beginning of the given rule set.
- *
- * @param handle handle to a rule set
- * @param iter iterator
- */
-extern void smack_rule_set_iter_get(SmackRuleSet handle,
-				    SmackRuleSetIter iter);
-
-/*!
- * Iterate over rules.
- *
- * @param iter Iterator
- * @param subject Subject label of the rule.
- * @param object Object label of the rule.
- * @param access Access string for the rule.
- */
-extern int smack_rule_set_iter_next(SmackRuleSetIter iter,
-				    const char **subject,
-				    const char **object,
-				    const char **access);
-
-/*!
  * Verify access from a given subject to given object with a
  * given access type.
  *
diff --git a/tests/check_smack.c b/tests/check_smack.c
index 4410fe7..8f6a58f 100644
--- a/tests/check_smack.c
+++ b/tests/check_smack.c
@@ -28,31 +28,34 @@
 START_TEST(test_save_to_kernel)
 {
 	int rc;
-	const char *sn;
 	SmackRuleSet rules;
 
 	rules = smack_rule_set_new(NULL);
-	fail_unless(rules != NULL, "Creating rule set failed");
+	fail_unless(rules != NULL, "Rule set creation failed");
 	if (rules == NULL)
 		return;
 
 	smack_rule_set_add(rules, "Apple", "Orange", "rwx");
 	smack_rule_set_add(rules, "Plum", "Peach", "rx");
 	smack_rule_set_add(rules, "Banana", "Peach", "xa");
-
 	smack_rule_set_remove(rules, "Plum", "Peach");
 
 	rc = smack_rule_set_apply_kernel(
 		rules,
-		"save_to_kernel-rules");
+		"save_to_kernel.rules");
 	fail_unless(rc == 0, "Failed to write the rule set");
 
-	fail_unless(smack_have_access("save_to_kernel-rules", "Banana", "Peach", "x"),
-				      "Access not granted");
-	fail_unless(!smack_have_access("save_to_kernel-rules", "Banana", "Peach", "r"),
-				       "Access not granted");
-	fail_unless(!smack_have_access("save_to_kernel-rules", "Apple", "Orange", "a"),
-				       "Access not granted");
+	rules = smack_rule_set_new("save_to_kernel.rules");
+	fail_unless(rules != NULL, "Opening rule set failed");
+	if (rules == NULL)
+		return;
+
+	rc = smack_rule_set_have_access(rules, "Banana", "Peach", "x");
+	fail_unless(rc == 1, "Access not granted");
+	rc = smack_rule_set_have_access(rules, "Banana", "Peach", "r");
+	fail_unless(rc == 0, "Access granted");
+	rc = smack_rule_set_have_access(rules, "Apple", "Orange", "a");
+	fail_unless(rc == 0, "Access granted");
 
 	smack_rule_set_free(rules);
 }
@@ -72,7 +75,6 @@ START_TEST(test_save_to_file)
 	smack_rule_set_add(rules, "Apple", "Orange", "rwx");
 	smack_rule_set_add(rules, "Plum", "Peach", "rx");
 	smack_rule_set_add(rules, "Banana", "Peach", "xa");
-
 	smack_rule_set_remove(rules, "Plum", "Peach");
 
 	rc = smack_rule_set_save(
@@ -80,12 +82,12 @@ START_TEST(test_save_to_file)
 		"save_to_file-rules");
 	fail_unless(rc == 0, "Failed to write the rule set");
 
-	fail_unless(smack_have_access("save_to_file-rules", "Banana", "Peach", "x"),
-				      "Access not granted");
-	fail_unless(!smack_have_access("save_to_file-rules", "Banana", "Peach", "r"),
-				       "Access not granted");
-	fail_unless(!smack_have_access("save_to_file-rules", "Apple", "Orange", "a"),
-				       "Access not granted");
+	rc = smack_rule_set_have_access(rules, "Banana", "Peach", "x");
+	fail_unless(rc == 1, "Access not granted");
+	rc = smack_rule_set_have_access(rules, "Banana", "Peach", "r");
+	fail_unless(rc == 0, "Access granted");
+	rc = smack_rule_set_have_access(rules, "Apple", "Orange", "a");
+	fail_unless(rc == 0, "Access granted");
 
 	smack_rule_set_free(rules);
 }
-- 
2.7.4