From 41d3b0d8fb019f8f6d677469047954808d7dc3b1 Mon Sep 17 00:00:00 2001
From: Jarkko Sakkinen <jarkko.sakkinen@intel.com>
Date: Tue, 25 Sep 2012 23:05:38 +0300
Subject: [PATCH] libsmack: fallback to short labels

Use /smack/load and /smack/access as a fallback if kernel does not
have long label support.
---
 libsmack/libsmack.c | 56 ++++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 43 insertions(+), 13 deletions(-)

diff --git a/libsmack/libsmack.c b/libsmack/libsmack.c
index 5614bf3..5bd2b22 100644
--- a/libsmack/libsmack.c
+++ b/libsmack/libsmack.c
@@ -44,8 +44,9 @@
 #define ACC_A 0x08
 #define ACC_T 0x10
 
-#define KERNEL_FORMAT "%s %s %s"
-#define READ_BUF_SIZE LOAD_LEN + 10
+#define KERNEL_LONG_FORMAT "%s %s %s"
+#define KERNEL_SHORT_FORMAT "%-23s %-23s %5s"
+#define READ_BUF_SIZE LOAD_LEN + 1
 #define SMACKFS_MNT "/smack"
 #define SELF_LABEL_FILE "/proc/self/attr/current"
 
@@ -218,20 +219,34 @@ int smack_have_access(const char *subject, const char *object,
 	unsigned access_code;
 	int ret;
 	int fd;
+	int access2 = 1;
 
 	access_code = access_type_to_int(access_type);
 	int_to_access_type_k(access_code, access_type_k);
 
-	ret = snprintf(buf, LOAD_LEN + 1, KERNEL_FORMAT, subject, object,
-		       access_type_k);
-	if (ret < 0)
-		return -1;
-
 	fd = open(SMACKFS_MNT "/access2", O_RDWR);
-	if (fd < 0)
+	if (fd < 0) {
+		if (errno != ENOENT)
+			return -1;
+		fd = open(SMACKFS_MNT "/access", O_RDWR);
+		if (fd < 0)
+			return -1;
+		access2 = 0;
+	}
+
+	if (access2)
+		ret = snprintf(buf, LOAD_LEN + 1, KERNEL_LONG_FORMAT,
+			       subject, object, access_type_k);
+	else
+		ret = snprintf(buf, LOAD_LEN + 1, KERNEL_SHORT_FORMAT,
+			       subject, object, access_type_k);
+
+	if (ret < 0) {
+		close(fd);
 		return -1;
+	}
 
-	ret = write(fd, buf, LOAD_LEN);
+	ret = write(fd, buf, strlen(buf));
 	if (ret < 0) {
 		close(fd);
 		return -1;
@@ -304,10 +319,18 @@ static int accesses_apply(struct smack_accesses *handle, int clear)
 	struct smack_rule *rule;
 	int ret;
 	int fd;
+	int load2 = 1;
 
 	fd = open(SMACKFS_MNT "/load2", O_WRONLY);
-	if (fd < 0)
-		return -1;
+	if (fd < 0) {
+		if (errno != ENOENT)
+			return -1;
+		/* fallback */
+		fd = open(SMACKFS_MNT "/load", O_WRONLY);
+		if (fd < 0)
+			return -1;
+		load2 = 0;
+	}
 
 	if (clear)
 		strcpy(access_type, "-----");
@@ -316,13 +339,20 @@ static int accesses_apply(struct smack_accesses *handle, int clear)
 		if (!clear)
 			int_to_access_type_k(rule->access_code, access_type);
 
-		ret = snprintf(buf, LOAD_LEN + 1, KERNEL_FORMAT, rule->subject, rule->object, access_type);
+		if (load2)
+			ret = snprintf(buf, LOAD_LEN + 1, KERNEL_LONG_FORMAT,
+				       rule->subject, rule->object,
+				       access_type);
+		else
+			ret = snprintf(buf, LOAD_LEN + 1, KERNEL_SHORT_FORMAT,
+				       rule->subject, rule->object,
+				       access_type);
 		if (ret < 0) {
 			close(fd);
 			return -1;
 		}
 
-		ret = write(fd, buf, LOAD_LEN);
+		ret = write(fd, buf, strlen(buf));
 		if (ret < 0) {
 			close(fd);
 			return -1;
-- 
2.7.4