From ddaebbdd5675275ff854938041b0e823705da699 Mon Sep 17 00:00:00 2001
From: Jarkko Sakkinen <ext-jarkko.2.sakkinen@nokia.com>
Date: Thu, 10 Mar 2011 02:34:36 -0800
Subject: [PATCH] Implemented smack_have_access() function.

---
 src/Makefile.am                             |  2 +
 src/smack.c                                 | 79 +++++++++++++++++++++++++++++
 src/smack.h                                 | 13 +++++
 tests/check_smack.c                         | 78 +++++-----------------------
 tests/data/test_save_to_file-excepted.txt   |  2 -
 tests/data/test_save_to_kernel-excepted.txt |  3 --
 6 files changed, 108 insertions(+), 69 deletions(-)
 delete mode 100644 tests/data/test_save_to_file-excepted.txt
 delete mode 100644 tests/data/test_save_to_kernel-excepted.txt

diff --git a/src/Makefile.am b/src/Makefile.am
index 2001443..7603e30 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -3,3 +3,5 @@ lib_LTLIBRARIES = libsmack.la
 
 libsmack_la_LDFLAGS = -version-info 1:0:0
 libsmack_la_SOURCES = smack.c
+libsmack_la_LIBADD = -lpthread
+libsmack_la_CFLAGS = -D_REENTRANT
diff --git a/src/smack.c b/src/smack.c
index 3443081..cb0811d 100644
--- a/src/smack.c
+++ b/src/smack.c
@@ -27,6 +27,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <uthash.h>
+#include <pthread.h>
+#include <sys/stat.h>
 
 #define SMACK_LEN 23
 
@@ -65,6 +67,64 @@ inline unsigned str_to_ac(const char *str);
 inline void ac_to_config_str(unsigned ac, char *str);
 inline void ac_to_kernel_str(unsigned ac, char *str);
 
+static SmackRuleSet global_rules = NULL;
+static time_t global_rules_mtime = 0;
+static pthread_mutex_t global_rules_mutex = PTHREAD_MUTEX_INITIALIZER;
+static char *global_rules_path = NULL;
+
+static void free_global_rules(void)
+{
+	smack_rule_set_free(global_rules);
+	global_rules = NULL;
+	free(global_rules_path);
+	global_rules_path = NULL;
+}
+
+static int refresh_global_rules(const char *path)
+{
+	struct stat sb;
+	int ret;
+	int result = 0;
+
+	if (pthread_mutex_lock(&global_rules_mutex) != 0) {
+		result = -1;
+		goto out;
+	}
+
+	if (global_rules != NULL) {
+		ret = stat(path, &sb);
+		if (ret) {
+			result = -1;
+			goto out;
+		}
+
+		if (global_rules_path == NULL ||
+			strcmp(path, global_rules_path) != 0 ||
+			sb.st_mtime != global_rules_mtime)
+			free_global_rules();
+	}
+
+	if (global_rules == NULL) {
+		global_rules_path = strdup(path);
+		if (global_rules_path == NULL) {
+			result = -1;
+			goto out;
+		}
+
+		global_rules = smack_rule_set_new(path);
+		if (global_rules == NULL) {
+			result = -1;
+			goto out;
+		}
+	}
+
+out:
+	if (result == -1)
+		free_global_rules();
+	(void) pthread_mutex_unlock(&global_rules_mutex);
+	return result;
+}
+
 SmackRuleSet smack_rule_set_new(const char *path)
 {
 	SmackRuleSet rules;
@@ -368,6 +428,25 @@ int smack_rule_set_iter_next(SmackRuleSetIter iter,
 	return 0;
 }
 
+int smack_have_access(const char *path, const char *subject,
+		      const char *object, const char *access_type)
+{
+	int res;
+
+	if (refresh_global_rules(path) == -1)
+		return 0;
+
+	if (pthread_mutex_lock(&global_rules_mutex) != 0)
+		return 0;
+
+	res = smack_rule_set_have_access(global_rules, subject,
+					 object, access_type);
+
+	(void)pthread_mutex_unlock(&global_rules_mutex);
+
+	return res;
+}
+
 static int update_rule(struct smack_subject **subjects,
 		       const char *subject_str,
 		       const char *object_str, unsigned ac)
diff --git a/src/smack.h b/src/smack.h
index 454a8b7..6484a2a 100644
--- a/src/smack.h
+++ b/src/smack.h
@@ -180,6 +180,19 @@ extern int smack_rule_set_iter_next(SmackRuleSetIter iter,
 				    const char **object,
 				    const char **access);
 
+/*!
+ * Verify access from a given subject to given object with a
+ * given access type.
+ *
+ * @param path path to smack kernel load file
+ * @param subject subject of the rule
+ * @param object object of the rule
+ * @param access_type string defining access type
+ * @return 1 if access, 0 if no access.
+ */
+extern int smack_have_access(const char *path, const char *subject,
+			     const char *object, const char *access_type);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/tests/check_smack.c b/tests/check_smack.c
index d15cefb..baa88f4 100644
--- a/tests/check_smack.c
+++ b/tests/check_smack.c
@@ -25,8 +25,6 @@
 #include <check.h>
 #include "../src/smack.h"
 
-static int files_equal(const char *filename1, const char *filename2);
-
 START_TEST(test_save_to_kernel)
 {
 	int rc;
@@ -46,13 +44,15 @@ START_TEST(test_save_to_kernel)
 
 	rc = smack_rule_set_apply_kernel(
 		rules,
-		"test_save_to_kernel-result.txt");
+		"save_to_kernel-kernel");
 	fail_unless(rc == 0, "Failed to write the rule set");
 
-	rc = files_equal(
-		"test_save_to_kernel-result.txt",
-		"data/test_save_to_kernel-excepted.txt");
-	fail_unless(rc == 1, "Unexcepted result");
+	fail_unless(smack_have_access("save_to_file-rules", "Banana", "Peach", "x"),
+				      "Access not granted");
+	fail_unless(!smack_have_access("save_to_file-rules", "Banana", "Peach", "r"),
+				       "Access not granted");
+	fail_unless(!smack_have_access("save_to_file-rules", "Apple", "Orange", "a"),
+				       "Access not granted");
 
 	smack_rule_set_free(rules);
 }
@@ -77,13 +77,15 @@ START_TEST(test_save_to_file)
 
 	rc = smack_rule_set_save(
 		rules,
-		"test_save_to_file-result.txt");
+		"save_to_file-rules");
 	fail_unless(rc == 0, "Failed to write the rule set");
 
-	rc = files_equal(
-		"test_save_to_file-result.txt",
-		"data/test_save_to_file-excepted.txt");
-	fail_unless(rc == 1, "Unexcepted result");
+	fail_unless(smack_have_access("save_to_file-rules", "Banana", "Peach", "x"),
+				      "Access not granted");
+	fail_unless(!smack_have_access("save_to_file-rules", "Banana", "Peach", "r"),
+				       "Access not granted");
+	fail_unless(!smack_have_access("save_to_file-rules", "Apple", "Orange", "a"),
+				       "Access not granted");
 
 	smack_rule_set_free(rules);
 }
@@ -164,55 +166,3 @@ int main(void)
 	return (nfailed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
 }
 
-static int files_equal(const char *filename1, const char *filename2)
-{
-	FILE *fp1 = NULL;
-	FILE *fp2 = NULL;
-	char ch1, ch2;
-	int rc = 0;
-
-	fp1 = fopen(filename1, "rb");
-	if (fp1 == NULL) {
-		goto out;
-	}
-
-	fp2 = fopen(filename2, "rb");
-	if (fp2 == NULL) {
-		goto out;
-	}
-
-	rc = 1;
-	for (;;) {
-		if (feof(fp1) && feof(fp2))
-			break;
-
-		if (feof(fp1) || feof(fp2)) {
-			rc = 0;
-			break;
-		}
-
-		ch1 = fgetc(fp1);
-		if (ferror(fp1)) {
-			rc = 0;
-			break;
-		}
-
-		ch2 = fgetc(fp2);
-		if (ferror(fp2)) {
-			rc = 0;
-			break;
-		}
-
-		if (ch1 != ch2) {
-			rc = 0;
-			break;
-		}
-	}
-out:
-	if (fp1 != NULL)
-		fclose(fp1);
-	if (fp2 != NULL)
-		fclose(fp2);
-	return rc;
-}
-
diff --git a/tests/data/test_save_to_file-excepted.txt b/tests/data/test_save_to_file-excepted.txt
deleted file mode 100644
index 977c205..0000000
--- a/tests/data/test_save_to_file-excepted.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Apple Orange rwx
-Banana Peach xa
diff --git a/tests/data/test_save_to_kernel-excepted.txt b/tests/data/test_save_to_kernel-excepted.txt
deleted file mode 100644
index af9c399..0000000
--- a/tests/data/test_save_to_kernel-excepted.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Apple                   Orange                  rwx-
-Plum                    Peach                   ----
-Banana                  Peach                   --xa
-- 
2.7.4