From 84bf56b36d19d8ddfd11cc78b3a93fa66958873c Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen Date: Mon, 15 Nov 2010 06:16:45 -0800 Subject: [PATCH] Cleaned up code. Made reading rules and users more atomic. --- src/smack.c | 199 ++++++++++++--------- src/smack.h | 75 ++++---- tests/check_smack.c | 104 +++++------ ...ted.txt => remove_rules_by_object-excepted.txt} | 0 ..._rules-in.txt => remove_rules_by_object-in.txt} | 0 ...ed.txt => remove_rules_by_subject-excepted.txt} | 0 ...rules-in.txt => remove_rules_by_subject-in.txt} | 0 7 files changed, 204 insertions(+), 174 deletions(-) rename tests/data/{remove_object_rules-excepted.txt => remove_rules_by_object-excepted.txt} (100%) rename tests/data/{remove_subject_rules-in.txt => remove_rules_by_object-in.txt} (100%) rename tests/data/{remove_subject_rules-excepted.txt => remove_rules_by_subject-excepted.txt} (100%) rename tests/data/{remove_object_rules-in.txt => remove_rules_by_subject-in.txt} (100%) diff --git a/src/smack.c b/src/smack.c index 3d3b5ee..bff55d5 100644 --- a/src/smack.c +++ b/src/smack.c @@ -51,7 +51,7 @@ struct smack_subject { UT_hash_handle hh; }; -struct smack_ruleset { +struct smack_rules { struct smack_subject *subjects; }; @@ -65,78 +65,79 @@ struct smack_users { struct smack_user *users; }; -static int update_rule(struct smack_ruleset *handle, +static int update_rule(struct smack_subject **subjects, const char *subject_str, const char *object_str, unsigned ac); -static int update_user(struct smack_users *handle, +static void destroy_rules(struct smack_subject **subjects); +static int update_user(struct smack_user **users, const char *user, const char *label); +static void destroy_users(struct smack_user **users); inline unsigned str_to_ac(const char *str); inline void ac_to_str(unsigned ac, char *str, int format); -smack_ruleset_t smack_create_ruleset(void) +smack_rules_t smack_create_rules(void) { - struct smack_ruleset *result = - calloc(1, sizeof(struct smack_ruleset)); + struct smack_rules *result = + calloc(1, sizeof(struct smack_rules)); return result; } -void smack_destroy_ruleset(smack_ruleset_t handle) +void smack_destroy_rules(smack_rules_t handle) { - struct smack_subject *s; - struct smack_object *o; - - while (handle->subjects != NULL) { - s = handle->subjects; - while (s->objects != NULL) { - o = s->objects; - HASH_DEL(s->objects, o); - free(o); - } - HASH_DEL(handle->subjects, s); - free(s); - } - + destroy_rules(&handle->subjects); free(handle); } -int smack_read_rules(smack_ruleset_t handle, const char *path, - const char *subject_filter) +int smack_read_rules_from_file(smack_rules_t handle, const char *path, + const char *subject_filter) { FILE *file; - char subject[SMACK64_LEN + 1]; - char object[SMACK64_LEN + 1]; - char access_str[SMACK_ACC_LEN]; - unsigned access; - int ret; + char *buf = NULL; + const char *subject, *object, *access; + unsigned ac; + size_t size; + struct smack_subject *subjects = NULL; + int ret = 0; file = fopen(path, "r"); if (file == NULL) return -1; - for (;;) { - ret = fscanf(file, "%23s %23s %4s\n", subject, object, - access_str); - if (ret == EOF) - break; - if (ret != 3) - continue; - - if (subject_filter == NULL || - strcmp(subject, subject_filter) == 0) { - access = str_to_ac(access_str); - if (update_rule(handle, subject, object, access) == - -1) { - fclose(file); - return -1; - } + while (ret == 0 && getline(&buf, &size, file) != -1) { + subject = strtok(buf, " \n"); + object = strtok(NULL, " \n"); + access = strtok(NULL, " \n"); + + if (subject == NULL || object == NULL || access == NULL || + strtok(NULL, " \n") != NULL) { + ret = -1; + } else if (subject_filter == NULL || + strcmp(subject, subject_filter) == 0) { + ac = str_to_ac(access); + ret = update_rule(&subjects, subject, object, ac); } + + free(buf); + buf = NULL; } + if (ferror(file)) + ret = -1; + + if (ret == 0) { + destroy_rules(&handle->subjects); + handle->subjects = subjects; + } else { + destroy_rules(&subjects); + } + + free(buf); fclose(file); - return 0; + return ret; } -int smack_write_rules(smack_ruleset_t handle, const char *path, int format) +int smack_write_rules_to_file(smack_rules_t handle, const char *path, + int format) { struct smack_subject *s, *stmp; struct smack_object *o, *otmp; @@ -171,15 +172,17 @@ int smack_write_rules(smack_ruleset_t handle, const char *path, int format) return 0; } -int smack_add_rule(smack_ruleset_t handle, const char *subject, +int smack_add_rule(smack_rules_t handle, const char *subject, const char *object, const char *access_str) { unsigned access; + int ret; access = str_to_ac(access_str); - return (update_rule(handle, subject, object, access) == 0 ? 0 : -1); + ret = update_rule(&handle->subjects, subject, object, access); + return ret == 0 ? 0 : -1; } -void smack_remove_rule(smack_ruleset_t handle, const char *subject, +void smack_remove_rule(smack_rules_t handle, const char *subject, const char *object) { struct smack_subject *s = NULL; @@ -197,7 +200,7 @@ void smack_remove_rule(smack_ruleset_t handle, const char *subject, free(o); } -void smack_remove_subject_rules(smack_ruleset_t handle, const char *subject) +void smack_remove_rules_by_subject(smack_rules_t handle, const char *subject) { struct smack_subject *s = NULL; struct smack_object *o = NULL, *tmp = NULL; @@ -212,7 +215,7 @@ void smack_remove_subject_rules(smack_ruleset_t handle, const char *subject) } } -void smack_remove_object_rules(smack_ruleset_t handle, const char *object) +void smack_remove_rules_by_object(smack_rules_t handle, const char *object) { struct smack_subject *s = NULL, *tmp = NULL; struct smack_object *o = NULL; @@ -224,7 +227,7 @@ void smack_remove_object_rules(smack_ruleset_t handle, const char *object) } } -int smack_have_access_rule(smack_ruleset_t handle, const char *subject, +int smack_have_access_rule(smack_rules_t handle, const char *subject, const char *object, const char *access_str) { struct smack_subject *s = NULL; @@ -254,55 +257,53 @@ smack_users_t smack_create_users() void smack_destroy_users(smack_users_t handle) { - struct smack_user *u, *tmp; - - HASH_ITER(hh, handle->users, u, tmp) { - HASH_DEL(handle->users, u); - free(u->user); - free(u); - } + destroy_users(&handle->users); + free(handle); } -int smack_read_users(smack_users_t handle, const char *path) +int smack_read_users_from_file(smack_users_t handle, const char *path) { FILE *file; char *buf = NULL; size_t size; - char *user; - char *label; + const char *user, *label; + struct smack_user *users = NULL; int ret = 0; file = fopen(path, "r"); if (file == NULL) return -1; - while (getline(&buf, &size, file) != -1) { - user = strtok(buf, " "); - if (user == NULL || user[0] == '#') - continue; - + while (ret == 0 && getline(&buf, &size, file) != -1) { + user = strtok(buf, " \n"); label = strtok(NULL, " \n"); - if (label == NULL) + + if (user == NULL || label == NULL || + strtok(NULL, " \n") != NULL) ret = -1; else - ret = update_user(handle, user, label); + ret = update_user(&users, user, label); free(buf); buf = NULL; - - if (ret != 0) - break; } if (ferror(file)) ret = -1; + if (ret == 0) { + destroy_users(&handle->users); + handle->users = users; + } else { + destroy_users(&users); + } + free(buf); fclose(file); return 0; } -int smack_write_users(smack_users_t handle, const char *path) +int smack_write_users_to_file(smack_users_t handle, const char *path) { struct smack_user *u, *tmp; FILE *file; @@ -326,7 +327,7 @@ int smack_write_users(smack_users_t handle, const char *path) return 0; } -int smack_set_file_smack(const char *path, const char *smack, int flags) +int smack_set_smack_to_file(const char *path, const char *smack, int flags) { size_t size; int ret; @@ -335,7 +336,7 @@ int smack_set_file_smack(const char *path, const char *smack, int flags) if (size > SMACK64_LEN) return -1; - if ((flags & SMACK_SET_SYMLINK) == 0) + if ((flags & SMACK_XATTR_SYMLINK) == 0) ret = setxattr(path, SMACK64, smack, size, 0); else ret = lsetxattr(path, SMACK64, smack, size, 0); @@ -343,12 +344,12 @@ int smack_set_file_smack(const char *path, const char *smack, int flags) return ret; } -int smack_get_file_smack(const char *path, char **smack, int flags) +int smack_get_smack_from_file(const char *path, char **smack, int flags) { ssize_t ret; char *buf; - if ((flags & SMACK_SET_SYMLINK) == 0) + if ((flags & SMACK_XATTR_SYMLINK) == 0) ret = getxattr(path, SMACK64, NULL, 0); else ret = lgetxattr(path, SMACK64, NULL, 0); @@ -358,7 +359,7 @@ int smack_get_file_smack(const char *path, char **smack, int flags) buf = malloc(ret + 1); - if ((flags & SMACK_SET_SYMLINK) == 0) + if ((flags & SMACK_XATTR_SYMLINK) == 0) ret = getxattr(path, SMACK64, buf, ret); else ret = lgetxattr(path, SMACK64, buf, ret); @@ -373,7 +374,7 @@ int smack_get_file_smack(const char *path, char **smack, int flags) return 0; } -int smack_get_proc_smack(int pid, char **smack) +int smack_get_smack_from_proc(int pid, char **smack) { char buf[LINE_BUFFER_SIZE]; FILE *file; @@ -395,7 +396,7 @@ int smack_get_proc_smack(int pid, char **smack) } -static int update_rule(struct smack_ruleset *handle, +static int update_rule(struct smack_subject **subjects, const char *subject_str, const char *object_str, unsigned ac) { @@ -406,11 +407,11 @@ static int update_rule(struct smack_ruleset *handle, strlen(object_str) > SMACK64_LEN) return -ERANGE; - HASH_FIND_STR(handle->subjects, subject_str, s); + HASH_FIND_STR(*subjects, subject_str, s); if (s == NULL) { s = calloc(1, sizeof(struct smack_subject)); strcpy(s->subject, subject_str); - HASH_ADD_STR(handle->subjects, subject, s); + HASH_ADD_STR(*subjects, subject, s); } HASH_FIND_STR(s->objects, object_str, o); @@ -424,7 +425,24 @@ static int update_rule(struct smack_ruleset *handle, return 0; } -static int update_user(struct smack_users *handle, +static void destroy_rules(struct smack_subject **subjects) +{ + struct smack_subject *s; + struct smack_object *o; + + while (*subjects != NULL) { + s = *subjects; + while (s->objects != NULL) { + o = s->objects; + HASH_DEL(s->objects, o); + free(o); + } + HASH_DEL(*subjects, s); + free(s); + } +} + +static int update_user(struct smack_user **users, const char *user, const char *label) { struct smack_user *u = NULL; @@ -432,17 +450,28 @@ static int update_user(struct smack_users *handle, if (strlen(label) > SMACK64_LEN) return -ERANGE; - HASH_FIND_STR(handle->users, user, u); + HASH_FIND_STR(*users, user, u); if (u == NULL) { u = calloc(1, sizeof(struct smack_subject)); u->user = strdup(user); - HASH_ADD_STR(handle->users, user, u); + HASH_ADD_STR(*users, user, u); } strcpy(u->label, label); return 0; } +static void destroy_users(struct smack_user **users) +{ + struct smack_user *u, *tmp; + + HASH_ITER(hh, *users, u, tmp) { + HASH_DEL(*users, u); + free(u->user); + free(u); + } +} + inline unsigned str_to_ac(const char *str) { int i, count; diff --git a/src/smack.h b/src/smack.h index 7f5784e..0c6d561 100644 --- a/src/smack.h +++ b/src/smack.h @@ -35,14 +35,14 @@ /*! * Handle to a in-memory representation of set of Smack rules. */ -typedef struct smack_ruleset *smack_ruleset_t; +typedef struct smack_rules *smack_rules_t; typedef struct smack_users *smack_users_t; #define SMACK_FORMAT_CONFIG 0 #define SMACK_FORMAT_KERNEL 1 -#define SMACK_SET_SYMLINK 1 +#define SMACK_XATTR_SYMLINK 1 #ifdef __cplusplus extern "C" { @@ -50,97 +50,98 @@ extern "C" { /*! * Create a new rule set. The returned rule set must be freed with - * smack_destroy_ruleset(). + * smack_destroy_rules(). * * @return handle to the rule set. Returns NULL if allocation fails. */ -extern smack_ruleset_t smack_create_ruleset(void); +extern smack_rules_t smack_create_rules(void); /*! - * Free resources allocated by ruleset. + * Free resources allocated by rules. * - * @param handle handle to a ruleset + * @param handle handle to a rules */ -extern void smack_destroy_ruleset(smack_ruleset_t handle); +extern void smack_destroy_rules(smack_rules_t handle); /*! - * Read rules from a given file. Rules can be optionally filtered with a - * subject. + * Read rules from a given file. Rules can be optionally filtered by a + * subject. Old rules are replaced with read ruleset on success full + * read. * - * @param handle handle to a ruleset + * @param handle handle to a rules * @param path path to the file containing rules * @param subject read only rules for the given subject if not set to NULL. * @return 0 on success */ -extern int smack_read_rules(smack_ruleset_t handle, - const char *path, - const char *subject); +extern int smack_read_rules_from_file(smack_rules_t handle, + const char *path, + const char *subject); /*! * Write rules to a given file. * - * @param handle handle to a ruleset + * @param handle handle to a rules * @param path path to the rules file * @param format file format * @return 0 on success */ -extern int smack_write_rules(smack_ruleset_t handle, const char *path, - int format); +extern int smack_write_rules_to_file(smack_rules_t handle, const char *path, + int format); /*! * Add new rule to a rule set. * - * @param handle handle to a ruleset + * @param handle handle to a rules * @param subject subject of the rule * @param object object of the rule * @param access string defining access type * @return 0 on success */ -extern int smack_add_rule(smack_ruleset_t handle, const char *subject, +extern int smack_add_rule(smack_rules_t handle, const char *subject, const char *object, const char *access); /*! * Remove rule from a rule set. * - * @param handle handle to a ruleset + * @param handle handle to a rules * @param subject subject of the rule * @param object object of the rule */ -extern void smack_remove_rule(smack_ruleset_t handle, const char *subject, +extern void smack_remove_rule(smack_rules_t handle, const char *subject, const char *object); /*! * Remove all rules with the given subject from a rule set. * - * @param handle handle to a ruleset + * @param handle handle to a rules * @param subject subject of the rule */ -extern void smack_remove_subject_rules(smack_ruleset_t handle, - const char *subject); +extern void smack_remove_rules_by_subject(smack_rules_t handle, + const char *subject); /*! * Remove all rules with the given object from a rule set. * - * @param handle handle to a ruleset + * @param handle handle to a rules * @param object object of the rule */ -extern void smack_remove_object_rules(smack_ruleset_t handle, - const char *object); +extern void smack_remove_rules_by_object(smack_rules_t handle, + const char *object); /*! * Does the given subject have at least the given access to the given object? * - * @param handle handle to a ruleset + * @param handle handle to a rules * @param subject subject of the rule * @param object object of the rule * @param access string defining access type * @return boolean value */ -extern int smack_have_access_rule(smack_ruleset_t handle, const char *subject, +extern int smack_have_access_rule(smack_rules_t handle, const char *subject, const char *object, const char *access); /*! * Create users database. The returned rule set must be freed with - * smack_destroy_ruleset(). + * smack_destroy_rules(). * * @return handle to the users db. Returns NULL if creation fails. */ @@ -149,7 +150,7 @@ extern smack_users_t smack_create_users(); /*! * Free users database. * - * @param handle handle to a ruleset + * @param handle handle to a rules */ extern void smack_destroy_users(smack_users_t handle); @@ -160,7 +161,7 @@ extern void smack_destroy_users(smack_users_t handle); * @param path path to the file containing users * @return 0 on success */ -extern int smack_read_users(smack_users_t handle, const char *path); +extern int smack_read_users_from_file(smack_users_t handle, const char *path); /*! * Write users to a given file. @@ -169,7 +170,7 @@ extern int smack_read_users(smack_users_t handle, const char *path); * @param path path to the users file * @return 0 on success */ -extern int smack_write_users(smack_users_t handle, const char *path); +extern int smack_write_users_to_file(smack_users_t handle, const char *path); /*! * Set SMACK64 security attribute for a given path. @@ -179,8 +180,8 @@ extern int smack_write_users(smack_users_t handle, const char *path); * @param flags set flags * @return 0 on success */ -extern int smack_set_file_smack(const char *path, const char *smack, - int flags); +extern int smack_set_smack_to_file(const char *path, const char *smack, + int flags); /*! * Get SMACK64 security attribute for a given path. @@ -191,8 +192,8 @@ extern int smack_set_file_smack(const char *path, const char *smack, * @param flags set flags * @return 0 on success */ -extern int smack_get_file_smack(const char *path, char **smack, - int flags); +extern int smack_get_smack_from_file(const char *path, char **smack, + int flags); /*! * Get SMACK64 security attribute for a given pid. @@ -201,7 +202,7 @@ extern int smack_get_file_smack(const char *path, char **smack, * @param smack current value * @return 0 on success */ -extern int smack_get_proc_smack(int pid, char **smack); +extern int smack_get_smack_from_proc(int pid, char **smack); #ifdef __cplusplus } diff --git a/tests/check_smack.c b/tests/check_smack.c index ee06f98..7570fa8 100644 --- a/tests/check_smack.c +++ b/tests/check_smack.c @@ -30,139 +30,139 @@ static int files_equal(const char *filename1, const char *filename2); START_TEST(test_add_new_rule) { int rc; - smack_ruleset_t rules = smack_create_ruleset(); + smack_rules_t rules = smack_create_rules(); fail_unless(rules != NULL, "Ruleset creation failed"); - rc = smack_read_rules(rules, "data/add_new_rule-in.txt", NULL); + rc = smack_read_rules_from_file(rules, "data/add_new_rule-in.txt", NULL); fail_unless(rc == 0, "Failed to read ruleset"); rc = smack_add_rule(rules, "Orange", "Apple", "ra"); fail_unless(rc == 0, "Failed to add rule"); - rc = smack_write_rules(rules, "add_new_rule-result.txt", SMACK_FORMAT_KERNEL); + rc = smack_write_rules_to_file(rules, "add_new_rule-result.txt", SMACK_FORMAT_KERNEL); fail_unless(rc == 0, "Failed to write ruleset"); rc = files_equal("add_new_rule-result.txt", "data/add_new_rule-excepted.txt"); fail_unless(rc == 1, "Unexcepted result"); - smack_destroy_ruleset(rules); + smack_destroy_rules(rules); } END_TEST START_TEST(test_modify_existing_rule) { int rc; - smack_ruleset_t rules = smack_create_ruleset(); + smack_rules_t rules = smack_create_rules(); fail_unless(rules != NULL, "Ruleset creation failed"); - rc = smack_read_rules(rules, "data/modify_existing_rule-in.txt", NULL); + rc = smack_read_rules_from_file(rules, "data/modify_existing_rule-in.txt", NULL); fail_unless(rc == 0, "Failed to read ruleset"); rc = smack_add_rule(rules, "Foo", "Bar", "wx"); fail_unless(rc == 0, "Failed to add rule"); - rc = smack_write_rules(rules, "modify_existing_rule-result.txt", SMACK_FORMAT_KERNEL); + rc = smack_write_rules_to_file(rules, "modify_existing_rule-result.txt", SMACK_FORMAT_KERNEL); fail_unless(rc == 0, "Failed to write ruleset"); rc = files_equal("modify_existing_rule-result.txt", "data/modify_existing_rule-excepted.txt"); fail_unless(rc == 1, "Unexcepted result"); - smack_destroy_ruleset(rules); + smack_destroy_rules(rules); } END_TEST START_TEST(test_rw_rules_config) { int rc; - smack_ruleset_t rules = smack_create_ruleset(); + smack_rules_t rules = smack_create_rules(); fail_unless(rules != NULL, "Ruleset creation failed"); - rc = smack_read_rules(rules, "data/write_rules_config-excepted.txt", NULL); + rc = smack_read_rules_from_file(rules, "data/write_rules_config-excepted.txt", NULL); fail_unless(rc == 0, "Failed to read ruleset"); - rc = smack_write_rules(rules, "write_rules_config-result.txt", SMACK_FORMAT_CONFIG); + rc = smack_write_rules_to_file(rules, "write_rules_config-result.txt", SMACK_FORMAT_CONFIG); fail_unless(rc == 0, "Failed to write ruleset"); rc = files_equal("write_rules_config-result.txt", "data/write_rules_config-excepted.txt"); fail_unless(rc == 1, "Unexcepted result"); - smack_destroy_ruleset(rules); + smack_destroy_rules(rules); } END_TEST START_TEST(test_rw_rules_kernel) { int rc; - smack_ruleset_t rules = smack_create_ruleset(); + smack_rules_t rules = smack_create_rules(); fail_unless(rules != NULL, "Ruleset creation failed"); - rc = smack_read_rules(rules, "data/write_rules_config-excepted.txt", NULL); + rc = smack_read_rules_from_file(rules, "data/write_rules_config-excepted.txt", NULL); fail_unless(rc == 0, "Failed to read ruleset"); - rc = smack_write_rules(rules, "write_rules_kernel-result.txt", SMACK_FORMAT_KERNEL); + rc = smack_write_rules_to_file(rules, "write_rules_kernel-result.txt", SMACK_FORMAT_KERNEL); fail_unless(rc == 0, "Failed to write ruleset"); rc = files_equal("write_rules_kernel-result.txt", "data/write_rules_kernel-excepted.txt"); fail_unless(rc == 1, "Unexcepted result"); - smack_destroy_ruleset(rules); + smack_destroy_rules(rules); } END_TEST START_TEST(test_remove_rule) { int rc; - smack_ruleset_t rules = smack_create_ruleset(); + smack_rules_t rules = smack_create_rules(); fail_unless(rules != NULL, "Ruleset creation failed"); - rc = smack_read_rules(rules, "data/remove_rule-in.txt", NULL); + rc = smack_read_rules_from_file(rules, "data/remove_rule-in.txt", NULL); fail_unless(rc == 0, "Failed to read ruleset"); smack_remove_rule(rules, "Orange", "Apple"); - rc = smack_write_rules(rules, "remove_rule-result.txt", SMACK_FORMAT_KERNEL); + rc = smack_write_rules_to_file(rules, "remove_rule-result.txt", SMACK_FORMAT_KERNEL); fail_unless(rc == 0, "Failed to write ruleset"); rc = files_equal("remove_rule-result.txt", "data/remove_rule-excepted.txt"); fail_unless(rc == 1, "Unexcepted result"); - smack_destroy_ruleset(rules); + smack_destroy_rules(rules); } END_TEST -START_TEST(test_remove_subject_rules) +START_TEST(test_remove_rules_by_subject) { int rc; - smack_ruleset_t rules = smack_create_ruleset(); + smack_rules_t rules = smack_create_rules(); fail_unless(rules != NULL, "Ruleset creation failed"); - rc = smack_read_rules(rules, "data/remove_subject_rules-in.txt", NULL); + rc = smack_read_rules_from_file(rules, "data/remove_rules_by_subject-in.txt", NULL); fail_unless(rc == 0, "Failed to read ruleset"); - smack_remove_subject_rules(rules, "Foo"); - rc = smack_write_rules(rules, "remove_subject_rules-result.txt", SMACK_FORMAT_KERNEL); + smack_remove_rules_by_subject(rules, "Foo"); + rc = smack_write_rules_to_file(rules, "remove_rules_by_subject-result.txt", SMACK_FORMAT_KERNEL); fail_unless(rc == 0, "Failed to write ruleset"); - rc = files_equal("remove_subject_rules-result.txt", "data/remove_subject_rules-excepted.txt"); + rc = files_equal("remove_rules_by_subject-result.txt", "data/remove_rules_by_subject-excepted.txt"); fail_unless(rc == 1, "Unexcepted result"); - smack_destroy_ruleset(rules); + smack_destroy_rules(rules); } END_TEST -START_TEST(test_remove_object_rules) +START_TEST(test_remove_rules_by_object) { int rc; - smack_ruleset_t rules = smack_create_ruleset(); + smack_rules_t rules = smack_create_rules(); fail_unless(rules != NULL, "Ruleset creation failed"); - rc = smack_read_rules(rules, "data/remove_object_rules-in.txt", NULL); + rc = smack_read_rules_from_file(rules, "data/remove_rules_by_object-in.txt", NULL); fail_unless(rc == 0, "Failed to read ruleset"); - smack_remove_object_rules(rules, "Apple"); - rc = smack_write_rules(rules, "remove_object_rules-result.txt", SMACK_FORMAT_KERNEL); + smack_remove_rules_by_object(rules, "Apple"); + rc = smack_write_rules_to_file(rules, "remove_rules_by_object-result.txt", SMACK_FORMAT_KERNEL); fail_unless(rc == 0, "Failed to write ruleset"); - rc = files_equal("remove_object_rules-result.txt", "data/remove_object_rules-excepted.txt"); + rc = files_equal("remove_rules_by_object-result.txt", "data/remove_rules_by_object-excepted.txt"); fail_unless(rc == 1, "Unexcepted result"); - smack_destroy_ruleset(rules); + smack_destroy_rules(rules); } END_TEST START_TEST(test_have_access_rule) { int rc; - smack_ruleset_t rules = smack_create_ruleset(); + smack_rules_t rules = smack_create_rules(); fail_unless(rules != NULL, "Ruleset creation failed"); - rc = smack_read_rules(rules, "data/have_access_rule-in.txt", "Orange"); + rc = smack_read_rules_from_file(rules, "data/have_access_rule-in.txt", "Orange"); fail_unless(rc == 0, "Failed to read ruleset"); rc = smack_have_access_rule(rules, "Orange", "Apple", "a"); fail_unless(rc, "Have access \"a\" failed"); - smack_destroy_ruleset(rules); + smack_destroy_rules(rules); } END_TEST START_TEST(test_have_access_removed_rule) { int rc; - smack_ruleset_t rules = smack_create_ruleset(); + smack_rules_t rules = smack_create_rules(); fail_unless(rules != NULL, "Ruleset creation failed"); - rc = smack_read_rules(rules, "data/have_access_rule-in.txt", "Orange"); + rc = smack_read_rules_from_file(rules, "data/have_access_rule-in.txt", "Orange"); fail_unless(rc == 0, "Failed to read ruleset"); smack_remove_rule(rules, "Orange", "Apple"); rc = smack_have_access_rule(rules, "Orange", "Apple", "a"); fail_unless(!rc, "Has access to a removed rule"); - smack_destroy_ruleset(rules); + smack_destroy_rules(rules); } END_TEST @@ -171,9 +171,9 @@ START_TEST(test_rw_users) int rc; smack_users_t users = smack_create_users(); fail_unless(users != NULL, "Users creation failed"); - rc = smack_read_users(users, "data/rw_users-in.txt"); + rc = smack_read_users_from_file(users, "data/rw_users-in.txt"); fail_unless(rc == 0, "Failed to read users"); - rc = smack_write_users(users, "rw_users-result.txt"); + rc = smack_write_users_to_file(users, "rw_users-result.txt"); fail_unless(rc == 0, "Failed to write ruleset"); rc = files_equal("rw_users-result.txt", "data/rw_users-excepted.txt"); fail_unless(rc == 1, "Unexcepted result"); @@ -181,7 +181,7 @@ START_TEST(test_rw_users) } END_TEST -START_TEST(test_set_file_smack) +START_TEST(test_set_smack_to_file) { FILE *file; int rc; @@ -191,10 +191,10 @@ START_TEST(test_set_file_smack) fprintf(file, "dummy\n"); fclose(file); - rc = smack_set_file_smack("set_smack-dummy.txt", "Apple", 0); + rc = smack_set_smack_to_file("set_smack-dummy.txt", "Apple", 0); fail_unless(rc == 0, "Failed to set SMACK64"); - rc = smack_get_file_smack("set_smack-dummy.txt", &smack, 0); + rc = smack_get_smack_from_file("set_smack-dummy.txt", &smack, 0); fail_unless(rc == 0, "Failed to get SMACK64"); rc = strcmp(smack, "Apple"); @@ -204,7 +204,7 @@ START_TEST(test_set_file_smack) } END_TEST -START_TEST(test_set_file_smack_symlink) +START_TEST(test_set_smack_to_file_symlink) { FILE *file; int rc; @@ -212,10 +212,10 @@ START_TEST(test_set_file_smack_symlink) symlink("unknown.txt", "set_smack-symlink.txt"); - rc = smack_set_file_smack("set_smack-symlink.txt", "Apple", SMACK_SET_SYMLINK); + rc = smack_set_smack_to_file("set_smack-symlink.txt", "Apple", SMACK_XATTR_SYMLINK); fail_unless(rc == 0, "Failed to set SMACK64"); - rc = smack_get_file_smack("set_smack-symlink.txt", &smack, SMACK_SET_SYMLINK); + rc = smack_get_smack_from_file("set_smack-symlink.txt", &smack, SMACK_XATTR_SYMLINK); fail_unless(rc == 0, "Failed to get SMACK64"); rc = strcmp(smack, "Apple"); @@ -238,16 +238,16 @@ Suite *ruleset_suite (void) tcase_add_test(tc_core, test_rw_rules_config); tcase_add_test(tc_core, test_rw_rules_kernel); tcase_add_test(tc_core, test_remove_rule); - tcase_add_test(tc_core, test_remove_subject_rules); - tcase_add_test(tc_core, test_remove_object_rules); + tcase_add_test(tc_core, test_remove_rules_by_subject); + tcase_add_test(tc_core, test_remove_rules_by_object); tcase_add_test(tc_core, test_have_access_rule); tcase_add_test(tc_core, test_have_access_removed_rule); tcase_add_test(tc_core, test_rw_users); suite_add_tcase(s, tc_core); tc_core = tcase_create("Security attributes"); - tcase_add_test(tc_core, test_set_file_smack); - tcase_add_test(tc_core, test_set_file_smack_symlink); + tcase_add_test(tc_core, test_set_smack_to_file); + tcase_add_test(tc_core, test_set_smack_to_file_symlink); suite_add_tcase(s, tc_core); return s; diff --git a/tests/data/remove_object_rules-excepted.txt b/tests/data/remove_rules_by_object-excepted.txt similarity index 100% rename from tests/data/remove_object_rules-excepted.txt rename to tests/data/remove_rules_by_object-excepted.txt diff --git a/tests/data/remove_subject_rules-in.txt b/tests/data/remove_rules_by_object-in.txt similarity index 100% rename from tests/data/remove_subject_rules-in.txt rename to tests/data/remove_rules_by_object-in.txt diff --git a/tests/data/remove_subject_rules-excepted.txt b/tests/data/remove_rules_by_subject-excepted.txt similarity index 100% rename from tests/data/remove_subject_rules-excepted.txt rename to tests/data/remove_rules_by_subject-excepted.txt diff --git a/tests/data/remove_object_rules-in.txt b/tests/data/remove_rules_by_subject-in.txt similarity index 100% rename from tests/data/remove_object_rules-in.txt rename to tests/data/remove_rules_by_subject-in.txt -- 2.7.4