From 9ecd70c2b78ebb6d469c2cff23b3a88668d294b4 Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen Date: Thu, 2 Dec 2010 21:49:02 -0800 Subject: [PATCH] Save rules with long labels when parameter 'labels' is given. --- src/smack.h | 12 ++- src/smack_rules.c | 35 +++++-- tests/Makefile.am | 8 +- tests/check_labels.c | 143 --------------------------- tests/check_rules.c | 96 +++++------------- tests/data/add_label-excepted.txt | 1 - tests/data/add_new_rule-excepted.txt | 2 - tests/data/add_new_rule-in.txt | 1 - tests/data/add_user-excepted.txt | 3 - tests/data/add_user-in.txt | 2 - tests/data/have_access_rule-in.txt | 3 - tests/data/modify_existing_rule-excepted.txt | 1 - tests/data/modify_existing_rule-in.txt | 1 - tests/data/remove_user-excepted.txt | 1 - tests/data/write_rules_config-excepted.txt | 3 - tests/data/write_rules_kernel-excepted.txt | 3 - 16 files changed, 59 insertions(+), 256 deletions(-) delete mode 100644 tests/check_labels.c delete mode 100644 tests/data/add_label-excepted.txt delete mode 100644 tests/data/add_new_rule-excepted.txt delete mode 100644 tests/data/add_new_rule-in.txt delete mode 100644 tests/data/add_user-excepted.txt delete mode 100644 tests/data/add_user-in.txt delete mode 100644 tests/data/have_access_rule-in.txt delete mode 100644 tests/data/modify_existing_rule-excepted.txt delete mode 100644 tests/data/modify_existing_rule-in.txt delete mode 100644 tests/data/remove_user-excepted.txt delete mode 100644 tests/data/write_rules_config-excepted.txt delete mode 100644 tests/data/write_rules_kernel-excepted.txt diff --git a/src/smack.h b/src/smack.h index e086d72..35009de 100644 --- a/src/smack.h +++ b/src/smack.h @@ -97,16 +97,22 @@ extern SmackRuleSet smack_rule_set_new_from_file(const char *path, extern void smack_rule_set_delete(SmackRuleSet handle); /*! - * Write rules to a given file. + * Write rules to a given file. Does not write rules with no access defined. + * + * Takes subject and object as long names and maps them to short names if the + * parameter labels is given (not set to NULL). In this case, if short labels + * are not found, this function fails and executes no action. * * @param handle handle to a rules * @param path path to the rules file + * @param labels handle to a label set * @return 0 on success */ -extern int smack_rule_set_save_to_file(SmackRuleSet handle, const char *path); +extern int smack_rule_set_save_to_file(SmackRuleSet handle, const char *path, + SmackLabelSet labels); /*! - * Write rules to /smack/load. + * Write rules to /smack/load. Does not write rules with no access defined. * * @param handle handle to a rule set * @param path path to the SmackFS load file diff --git a/src/smack_rules.c b/src/smack_rules.c index ff18a41..a40ddf1 100644 --- a/src/smack_rules.c +++ b/src/smack_rules.c @@ -134,13 +134,17 @@ void smack_rule_set_delete(SmackRuleSet handle) free(handle); } -int smack_rule_set_save_to_file(SmackRuleSet handle, const char *path) +int smack_rule_set_save_to_file(SmackRuleSet handle, const char *path, + SmackLabelSet labels) { struct smack_subject *s, *stmp; struct smack_object *o, *otmp; + const char *sstr, *ostr; + char astr[ACC_LEN + 1]; FILE *file; - char str[ACC_LEN + 1]; - int err = 0; + int err, ret; + + ret = 0; file = fopen(path, "w+"); if (!file) @@ -151,20 +155,33 @@ int smack_rule_set_save_to_file(SmackRuleSet handle, const char *path) if (o->ac == 0) continue; - ac_to_config_str(o->ac, str); + if (labels != NULL) { + sstr = smack_label_set_to_long_name(labels, s->subject); + ostr = smack_label_set_to_long_name(labels, o->object); + } else { + sstr = s->subject; + ostr = o->object; + } - err = fprintf(file, "%s %s %s\n", - s->subject, o->object, str); + if (sstr == NULL || ostr == NULL) { + ret = -1; + goto out; + } + ac_to_config_str(o->ac, astr); + + err = fprintf(file, "%s %s %s\n", + sstr, ostr, astr); if (err < 0) { - fclose(file); - return errno; + ret = -1; + goto out; } } } +out: fclose(file); - return 0; + return ret; } int smack_rule_set_save_to_kernel(SmackRuleSet handle, const char *path) diff --git a/tests/Makefile.am b/tests/Makefile.am index 5653a87..5ee2c51 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -1,5 +1,5 @@ -TESTS = check_rules check_xattr check_labels -check_PROGRAMS = check_rules check_xattr check_labels +TESTS = check_rules check_xattr +check_PROGRAMS = check_rules check_xattr check_rules_SOURCES = check_rules.c $(top_builddir)/src/smack.h check_rules_CFLAGS = @CHECK_CFLAGS@ @@ -8,7 +8,3 @@ check_rules_LDADD = $(top_builddir)/src/libsmack.la @CHECK_LIBS@ check_xattr_SOURCES = check_xattr.c $(top_builddir)/src/smack.h check_xattr_CFLAGS = @CHECK_CFLAGS@ check_xattr_LDADD = $(top_builddir)/src/libsmack.la @CHECK_LIBS@ - -check_labels_SOURCES = check_labels.c $(top_builddir)/src/smack.h -check_labels_CFLAGS = @CHECK_CFLAGS@ -check_labels_LDADD = $(top_builddir)/src/libsmack.la @CHECK_LIBS@ diff --git a/tests/check_labels.c b/tests/check_labels.c deleted file mode 100644 index 277a349..0000000 --- a/tests/check_labels.c +++ /dev/null @@ -1,143 +0,0 @@ -/* - * This file is part of libsmack - * - * Copyright (C) 2010 Nokia Corporation - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA - * - * Author: Jarkko Sakkinen - */ - -#include -#include -#include -#include "../src/smack.h" - -static int files_equal(const char *filename1, const char *filename2); - -START_TEST(test_to_short_and_long_name) -{ - int rc; - const char *long_name; - const char *short_name; - - SmackLabelSet labels = smack_label_set_new(); - fail_unless(labels != NULL, "Creating labels failed"); - rc = smack_label_set_add(labels, "ThisIsReallyReallyReallyLongLabelName"); - fail_unless(rc != 0, "Adding label failed"); - short_name = smack_label_set_to_short_name(labels, "ThisIsReallyReallyReallyLongLabelName"); - fail_unless(short_name != NULL, "No short name"); - long_name = smack_label_set_to_long_name(labels, short_name); - fail_unless(long_name != NULL, "No long name"); - rc = strcmp(long_name, "ThisIsReallyReallyReallyLongLabelName"); - fail_unless(rc == 0, "Long name does not match"); - smack_label_set_delete(labels); -} -END_TEST - -START_TEST(test_save_label) -{ - int rc; - SmackLabelSet labels = smack_label_set_new(); - fail_unless(labels != NULL, "Creating labels failed"); - rc = smack_label_set_add(labels, "ThisIsReallyReallyReallyLongLabelName"); - fail_unless(rc != 0, "Adding label failed"); - rc = smack_label_set_save_to_file(labels, "add_label-result.txt"); - fail_unless(rc == 0, "Failed to write labelset"); - rc = files_equal("add_label-result.txt", "data/add_label-excepted.txt"); - fail_unless(rc == 1, "Unexcepted result"); - smack_label_set_delete(labels); -} -END_TEST - -Suite *ruleset_suite (void) -{ - Suite *s; - TCase *tc_core; - - s = suite_create("Labels"); - - tc_core = tcase_create("Labels"); - tcase_add_test(tc_core, test_to_short_and_long_name); - tcase_add_test(tc_core, test_save_label); - suite_add_tcase(s, tc_core); - - return s; -} - -int main(void) -{ - int nfailed; - Suite *s = ruleset_suite(); - SRunner *sr = srunner_create(s); - srunner_set_log(sr, "check_xattr.log"); - srunner_run_all(sr, CK_ENV); - nfailed = srunner_ntests_failed(sr); - srunner_free(sr); - return (nfailed == 0) ? EXIT_SUCCESS : EXIT_FAILURE; -} - -static int files_equal(const char *filename1, const char *filename2) -{ - FILE *fp1 = NULL; - FILE *fp2 = NULL; - char ch1, ch2; - int rc = 0; - - fp1 = fopen(filename1, "rb"); - if (fp1 == NULL) { - goto out; - } - - fp2 = fopen(filename2, "rb"); - if (fp2 == NULL) { - goto out; - } - - rc = 1; - for (;;) { - if (feof(fp1) && feof(fp2)) - break; - - if (feof(fp1) || feof(fp2)) { - rc = 0; - break; - } - - ch1 = fgetc(fp1); - if (ferror(fp1)) { - rc = 0; - break; - } - - ch2 = fgetc(fp2); - if (ferror(fp2)) { - rc = 0; - break; - } - - if (ch1 != ch2) { - rc = 0; - break; - } - } -out: - if (fp1 != NULL) - fclose(fp1); - if (fp2 != NULL) - fclose(fp2); - return rc; -} - diff --git a/tests/check_rules.c b/tests/check_rules.c index 28101ce..3bc80ff 100644 --- a/tests/check_rules.c +++ b/tests/check_rules.c @@ -30,83 +30,36 @@ static int files_equal(const char *filename1, const char *filename2); -START_TEST(test_add_new_rule) +START_TEST(test_rule_set_add_and_save_to_file) { int rc; - SmackRuleSet rules = smack_rule_set_new_from_file("data/add_new_rule-in.txt", NULL); - fail_unless(rules != NULL, "Reading rules failed"); - rc = smack_rule_set_add(rules, "Orange", "Apple", "ra", NULL); - fail_unless(rc == 0, "Failed to add rule"); - rc = smack_rule_set_save_to_kernel(rules, "add_new_rule-result.txt"); - fail_unless(rc == 0, "Failed to write ruleset"); - rc = files_equal("add_new_rule-result.txt", "data/add_new_rule-excepted.txt"); - fail_unless(rc == 1, "Unexcepted result"); - smack_rule_set_delete(rules); -} -END_TEST + const char *sn; + SmackRuleSet rules = smack_rule_set_new(); + fail_unless(rules != NULL, "Creating rule set failed"); -START_TEST(test_modify_existing_rule) -{ - int rc; - SmackRuleSet rules = smack_rule_set_new_from_file("data/modify_existing_rule-in.txt", NULL); - fail_unless(rules != NULL, "Reading rules failed"); - rc = smack_rule_set_add(rules, "Foo", "Bar", "wx", NULL); - fail_unless(rc == 0, "Failed to add rule"); - rc = smack_rule_set_save_to_kernel(rules, "modify_existing_rule-result.txt"); - fail_unless(rc == 0, "Failed to write ruleset"); - rc = files_equal("modify_existing_rule-result.txt", "data/modify_existing_rule-excepted.txt"); - fail_unless(rc == 1, "Unexcepted result"); - smack_rule_set_delete(rules); -} -END_TEST + SmackLabelSet labels = smack_label_set_new(); + fail_unless(labels != NULL, "Creating label set failed"); -START_TEST(test_rw_rules_config) -{ - int rc; - SmackRuleSet rules = smack_rule_set_new_from_file("data/write_rules_config-excepted.txt", NULL); - fail_unless(rules != NULL, "Reading rules failed"); - rc = smack_rule_set_save_to_file(rules, "rules_save_config-result.txt"); - fail_unless(rc == 0, "Failed to write ruleset"); - rc = files_equal("rules_save_config-result.txt", "data/write_rules_config-excepted.txt"); - fail_unless(rc == 1, "Unexcepted result"); - smack_rule_set_delete(rules); -} -END_TEST + sn = smack_label_set_add(labels, LONG_LABEL_1); + fail_unless(sn != NULL, "Adding label was not succesful"); -START_TEST(test_rw_rules_kernel) -{ - int rc; - SmackRuleSet rules = smack_rule_set_new_from_file("data/write_rules_config-excepted.txt", NULL); - fail_unless(rules != NULL, "Reading rules failed"); - rc = smack_rule_set_save_to_kernel(rules, "rules_save_kernel-result.txt"); - fail_unless(rc == 0, "Failed to write ruleset"); - rc = files_equal("rules_save_kernel-result.txt", "data/write_rules_kernel-excepted.txt"); - fail_unless(rc == 1, "Unexcepted result"); - smack_rule_set_delete(rules); -} -END_TEST + sn = smack_label_set_add(labels, LONG_LABEL_2); + fail_unless(sn != NULL, "Adding label was not succesful"); -START_TEST(test_have_access_rule) -{ - int rc; - SmackRuleSet rules = smack_rule_set_new_from_file("data/have_access_rule-in.txt", "Orange"); - fail_unless(rules != NULL, "Reading rules failed"); - rc = smack_rule_set_have_access(rules, "Orange", "Apple", "a", NULL); - fail_unless(rc, "Have access \"a\" failed"); - smack_rule_set_delete(rules); -} -END_TEST + rc = smack_rule_set_add(rules, LONG_LABEL_1, LONG_LABEL_2, "rx", labels); + fail_unless(rc == 0, "Adding rule was not succesful"); + + rc = smack_rule_set_add(rules, LONG_LABEL_2, LONG_LABEL_1, "rwa", labels); + fail_unless(rc == 0, "Adding rule was not succesful"); + + rc = smack_rule_set_save_to_file(rules, + "rule_set_add_and_save_to_config-result.txt", + labels); + fail_unless(rc == 0, "Failed to write ruleset"); -START_TEST(test_have_access_removed_rule) -{ - int rc; - SmackRuleSet rules = smack_rule_set_new_from_file("data/have_access_rule-in.txt", "Orange"); - fail_unless(rules != NULL, "Reading rules failed"); - smack_rule_set_remove(rules, "Orange", "Apple", NULL); - rc = smack_rule_set_have_access(rules, "Orange", "Apple", "a", NULL); - fail_unless(!rc, "Has access to a removed rule"); smack_rule_set_delete(rules); + smack_label_set_delete(labels); } END_TEST @@ -246,12 +199,7 @@ Suite *ruleset_suite (void) s = suite_create("Rules"); tc_core = tcase_create("Rules"); - tcase_add_test(tc_core, test_add_new_rule); - tcase_add_test(tc_core, test_modify_existing_rule); - tcase_add_test(tc_core, test_rw_rules_config); - tcase_add_test(tc_core, test_rw_rules_kernel); - tcase_add_test(tc_core, test_have_access_rule); - tcase_add_test(tc_core, test_have_access_removed_rule); + tcase_add_test(tc_core, test_rule_set_add_and_save_to_file); tcase_add_test(tc_core, test_rule_set_remove_and_save_to_kernel); tcase_add_test(tc_core, test_rule_set_remove_by_subject_and_save_to_kernel); tcase_add_test(tc_core, test_rule_set_remove_by_object_and_save_to_kernel); diff --git a/tests/data/add_label-excepted.txt b/tests/data/add_label-excepted.txt deleted file mode 100644 index a215c99..0000000 --- a/tests/data/add_label-excepted.txt +++ /dev/null @@ -1 +0,0 @@ -ThisIsReallyReallyReallyLongLabelName allyReallyLongLabelName diff --git a/tests/data/add_new_rule-excepted.txt b/tests/data/add_new_rule-excepted.txt deleted file mode 100644 index d96b8e2..0000000 --- a/tests/data/add_new_rule-excepted.txt +++ /dev/null @@ -1,2 +0,0 @@ -Foo Bar r-x- -Orange Apple r--a diff --git a/tests/data/add_new_rule-in.txt b/tests/data/add_new_rule-in.txt deleted file mode 100644 index 5f338d8..0000000 --- a/tests/data/add_new_rule-in.txt +++ /dev/null @@ -1 +0,0 @@ -Foo Bar rx diff --git a/tests/data/add_user-excepted.txt b/tests/data/add_user-excepted.txt deleted file mode 100644 index d7c0188..0000000 --- a/tests/data/add_user-excepted.txt +++ /dev/null @@ -1,3 +0,0 @@ -foo Apple -bar Orange -zip Zap diff --git a/tests/data/add_user-in.txt b/tests/data/add_user-in.txt deleted file mode 100644 index f25a925..0000000 --- a/tests/data/add_user-in.txt +++ /dev/null @@ -1,2 +0,0 @@ -foo Apple -bar Orange diff --git a/tests/data/have_access_rule-in.txt b/tests/data/have_access_rule-in.txt deleted file mode 100644 index b5ff2b8..0000000 --- a/tests/data/have_access_rule-in.txt +++ /dev/null @@ -1,3 +0,0 @@ -Foo Bar rx -Orange Apple ra -Foo Apple wx diff --git a/tests/data/modify_existing_rule-excepted.txt b/tests/data/modify_existing_rule-excepted.txt deleted file mode 100644 index 1b8b351..0000000 --- a/tests/data/modify_existing_rule-excepted.txt +++ /dev/null @@ -1 +0,0 @@ -Foo Bar -wx- diff --git a/tests/data/modify_existing_rule-in.txt b/tests/data/modify_existing_rule-in.txt deleted file mode 100644 index 5f338d8..0000000 --- a/tests/data/modify_existing_rule-in.txt +++ /dev/null @@ -1 +0,0 @@ -Foo Bar rx diff --git a/tests/data/remove_user-excepted.txt b/tests/data/remove_user-excepted.txt deleted file mode 100644 index 216f4ad..0000000 --- a/tests/data/remove_user-excepted.txt +++ /dev/null @@ -1 +0,0 @@ -foo Apple diff --git a/tests/data/write_rules_config-excepted.txt b/tests/data/write_rules_config-excepted.txt deleted file mode 100644 index a3503cc..0000000 --- a/tests/data/write_rules_config-excepted.txt +++ /dev/null @@ -1,3 +0,0 @@ -Foo Bar rx -Foo Apple wx -Orange Apple ra diff --git a/tests/data/write_rules_kernel-excepted.txt b/tests/data/write_rules_kernel-excepted.txt deleted file mode 100644 index de59d0d..0000000 --- a/tests/data/write_rules_kernel-excepted.txt +++ /dev/null @@ -1,3 +0,0 @@ -Foo Bar r-x- -Foo Apple -wx- -Orange Apple r--a -- 2.7.4