From bf06dd3f4bee45a432d04228e25c6e7985b4f5fb Mon Sep 17 00:00:00 2001
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Date: Thu, 28 Nov 2013 17:49:47 +0200
Subject: [PATCH] libsmack: fixed apply_accesses() (regression in d2283792)

Took accesses_apply() from 8fd0167 and converted it mechanically
as possible to use the changed struct smack_rule. Now smackload
works succesfully for a single file too. Mistake I did in
d2283792 was that I unncessarily cleaned up accesses_apply()
at the same time as changing things. My bad.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 libsmack/libsmack.c | 41 +++++++++++++++--------------------------
 1 file changed, 15 insertions(+), 26 deletions(-)

diff --git a/libsmack/libsmack.c b/libsmack/libsmack.c
index 2799bec..28c2715 100644
--- a/libsmack/libsmack.c
+++ b/libsmack/libsmack.c
@@ -675,35 +675,25 @@ static int accesses_apply(struct smack_accesses *handle, int clear)
 
 	for (rule = handle->first; rule != NULL; rule = rule->next) {
 		access_code_to_str(clear ? 0 : rule->allow_code, allow_str);
-		if (rule->deny_code != -1)
-			access_code_to_str(clear ? 0 : rule->allow_code, deny_str);
 
-		if (load2) {
-			if (rule->deny_code != -1) /* modify? */ {
-				ret = snprintf(buf, LOAD_LEN + 1,
-					       KERNEL_MODIFY_FORMAT,
-					       rule->subject, rule->object,
-					       allow_str, deny_str);
-
-				fd = change_fd;
-			} else {
-				ret = snprintf(buf, LOAD_LEN + 1,
-					       KERNEL_LONG_FORMAT,
-					       rule->subject, rule->object,
-					       allow_str);
+		if (rule->deny_code != -1 && !clear) {
+			access_code_to_str(clear ? 0 : rule->deny_code, deny_str);
 
-				fd = load_fd;
-			}
+			fd = change_fd;
+			ret = snprintf(buf, LOAD_LEN + 1, KERNEL_MODIFY_FORMAT,
+				       rule->subject, rule->object,
+				       allow_str,
+				       deny_str);
 		} else {
-			if (rule->deny_code != -1) /* modify? */ {
-				ret = -1;
-				goto err_out;
-			}
-
-			ret = snprintf(buf, LOAD_LEN + 1, KERNEL_SHORT_FORMAT,
-				       rule->subject, rule->object, allow_str);
-
 			fd = load_fd;
+			if (load2)
+				ret = snprintf(buf, LOAD_LEN + 1, KERNEL_LONG_FORMAT,
+					       rule->subject, rule->object,
+					       allow_str);
+			else
+				ret = snprintf(buf, LOAD_LEN + 1, KERNEL_SHORT_FORMAT,
+					       rule->subject, rule->object,
+					       allow_str);
 		}
 
 		if (ret < 0 || fd < 0) {
@@ -717,7 +707,6 @@ static int accesses_apply(struct smack_accesses *handle, int clear)
 			goto err_out;
 		}
 	}
-
 	ret = 0;
 
 err_out:
-- 
2.7.4