From e459fc54fc5fbba0ef31c2a54ca2a86b138c7574 Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen Date: Sat, 13 Nov 2010 08:20:08 -0800 Subject: [PATCH] Added flags parameter to smack_set_file_smack() and smack_get_file_smack(). --- src/smack.c | 22 +++++++++++++++++----- src/smack.h | 14 ++++++++++---- tests/check_smack.c | 28 ++++++++++++++++++++++++---- 3 files changed, 51 insertions(+), 13 deletions(-) diff --git a/src/smack.c b/src/smack.c index 2aa3a7f..5bab567 100644 --- a/src/smack.c +++ b/src/smack.c @@ -232,7 +232,7 @@ int smack_have_access_rule(smack_ruleset_t handle, const char *subject, return ((o->ac & ac) == ac); } -int smack_set_file_smack(const char *path, const char *smack) +int smack_set_file_smack(const char *path, const char *smack, int flags) { size_t size; int ret; @@ -241,22 +241,34 @@ int smack_set_file_smack(const char *path, const char *smack) if (size > SMACK64_LEN) return -1; - ret = setxattr(path, SMACK64, smack, size, 0); + if ((flags & SMACK_SET_SYMLINK) == 0) + ret = setxattr(path, SMACK64, smack, size, 0); + else + ret = lsetxattr(path, SMACK64, smack, size, 0); return ret; } -int smack_get_file_smack(const char *path, char **smack) +int smack_get_file_smack(const char *path, char **smack, int flags) { ssize_t ret; char *buf; - ret = getxattr(path, SMACK64, NULL, 0); + if ((flags & SMACK_SET_SYMLINK) == 0) + ret = getxattr(path, SMACK64, NULL, 0); + else + ret = lgetxattr(path, SMACK64, NULL, 0); + if (ret < 0) return -1; buf = malloc(ret + 1); - ret = getxattr(path, SMACK64, buf, ret); + + if ((flags & SMACK_SET_SYMLINK) == 0) + ret = getxattr(path, SMACK64, buf, ret); + else + ret = lgetxattr(path, SMACK64, buf, ret); + if (ret < 0) { free(buf); return -1; diff --git a/src/smack.h b/src/smack.h index 39f96cc..33cadf5 100644 --- a/src/smack.h +++ b/src/smack.h @@ -40,6 +40,8 @@ typedef struct smack_ruleset *smack_ruleset_t; #define SMACK_FORMAT_CONFIG 0 #define SMACK_FORMAT_KERNEL 1 +#define SMACK_SET_SYMLINK 1 + #ifdef __cplusplus extern "C" { #endif @@ -136,23 +138,27 @@ extern int smack_have_access_rule(smack_ruleset_t handle, const char *subject, const char *object, const char *access); /*! - * Set SMACK64 security attribute for a given path. Follows symbolic links. + * Set SMACK64 security attribute for a given path. * * @param path path to a file * @param smack new value + * @param flags set flags * @return 0 on success */ -extern int smack_set_file_smack(const char *path, const char *smack); +extern int smack_set_file_smack(const char *path, const char *smack, + int flags); /*! - * Get SMACK64 security attribute for a given path. Follows symbolic links. + * Get SMACK64 security attribute for a given path. * Allocated memory must be freed by the caller. * * @param path path to a file * @param smack current value + * @param flags set flags * @return 0 on success */ -extern int smack_get_file_smack(const char *path, char **smack); +extern int smack_get_file_smack(const char *path, char **smack, + int flags); /*! * Get SMACK64 security attribute for a given pid. diff --git a/tests/check_smack.c b/tests/check_smack.c index 9666d4e..fd93390 100644 --- a/tests/check_smack.c +++ b/tests/check_smack.c @@ -176,10 +176,31 @@ START_TEST(test_set_file_smack) fprintf(file, "dummy\n"); fclose(file); - rc = smack_set_file_smack("set_smack-dummy.txt", "Apple"); + rc = smack_set_file_smack("set_smack-dummy.txt", "Apple", 0); fail_unless(rc == 0, "Failed to set SMACK64"); - rc = smack_get_file_smack("set_smack-dummy.txt", &smack); + rc = smack_get_file_smack("set_smack-dummy.txt", &smack, 0); + fail_unless(rc == 0, "Failed to get SMACK64"); + + rc = strcmp(smack, "Apple"); + fail_unless(rc == 0, "smack %s not equal to Apple", smack); + + free(smack); +} +END_TEST + +START_TEST(test_set_file_smack_symlink) +{ + FILE *file; + int rc; + char *smack; + + symlink("unknown.txt", "set_smack-symlink.txt"); + + rc = smack_set_file_smack("set_smack-symlink.txt", "Apple", SMACK_SET_SYMLINK); + fail_unless(rc == 0, "Failed to set SMACK64"); + + rc = smack_get_file_smack("set_smack-symlink.txt", &smack, SMACK_SET_SYMLINK); fail_unless(rc == 0, "Failed to get SMACK64"); rc = strcmp(smack, "Apple"); @@ -208,11 +229,10 @@ Suite *ruleset_suite (void) tcase_add_test(tc_core, test_have_access_removed_rule); suite_add_tcase(s, tc_core); - /* tc_core = tcase_create("Security attributes"); tcase_add_test(tc_core, test_set_file_smack); + tcase_add_test(tc_core, test_set_file_smack_symlink); suite_add_tcase(s, tc_core); - */ return s; } -- 2.7.4