[apparmor] [PATCH 5/9] Move state label, nodes, and permission setting into the State constructor

Steve Beattie steve at nxnw.org
Thu Nov 11 04:04:39 GMT 2010 

On Wed, Nov 10, 2010 at 02:02:26PM -0800, John Johansen wrote:
> Signed-off-by: John Johansen <john.johansen at canonical.com>

ACK

>  parser/libapparmor_re/regexp.y |   46 ++++++++++++++++++++-------------------
>  1 files changed, 24 insertions(+), 22 deletions(-)
> 
> diff --git a/parser/libapparmor_re/regexp.y b/parser/libapparmor_re/regexp.y
> index dc66236..ef04272 100644
> --- a/parser/libapparmor_re/regexp.y
> +++ b/parser/libapparmor_re/regexp.y
> @@ -1393,6 +1393,9 @@ typedef struct Cases {
>  } Cases;
>  
>  typedef list<State *> Partition;
> +
> +uint32_t accept_perms(NodeSet *state, uint32_t *audit_ctl, int *error);
> +
>  /*
>   * State - DFA individual state information
>   * audit: the audit permission mask for the state
> @@ -1401,7 +1404,22 @@ typedef list<State *> Partition;
>   */
>  class State {
>  public:
> -State() : label (0), audit(0), accept(0), cases() { }
> +	State() : label (0), nodes(NULL), audit(0), accept(0), cases() { };
> +	State(int l): label (l), nodes(NULL), audit(0), accept(0), cases() { };
> +	State(int l, NodeSet *n):
> +		label(l), nodes(n), audit(0), accept(0), cases()
> +	{
> +		int error;
> +
> +		/* Compute permissions associated with the State. */
> +		accept = accept_perms(nodes, &audit, &error);
> +		if (error) {
> +			/* TODO!!!!!!!!!!!!!
> +			 * permission error checking here
> +			 */
> +		}
> +	};
> +
>  	int label;
>  	union {
>  		Partition *partition;
> @@ -1442,8 +1460,6 @@ public:
>      Partition states;
>  };
>  
> -uint32_t accept_perms(NodeSet *state, uint32_t *audit_ctl, int *error);
> -
>  typedef struct dfa_stats {
>  	unsigned int duplicates, proto_max, proto_sum;
>  } dfa_stats_t;
> @@ -1459,9 +1475,7 @@ do { \
>  		/* set of nodes isn't known so create new state, and nodes to \
>  		 * state mapping \
>  		 */ \
> -		TARGET = new State(); \
> -		(TARGET)->label = nodemap.size();	\
> -		(TARGET)->nodes = (NODES); \
> +		TARGET = new State(nodemap.size(), (NODES));	\
>  		states.push_back(TARGET); \
>  		nodemap.insert(make_pair(index, TARGET)); \
>  		work_queue.push_back(NODES);	  \
> @@ -1512,18 +1526,15 @@ DFA::DFA(Node *root, dfaflags_t flags) : root(root)
>  	}
>  
>  	NodeMap nodemap;
> -	nonmatching = new State;
> -	states.push_back(nonmatching);
>  	NodeSet *emptynode = new NodeSet;
> -	nonmatching->nodes = emptynode;
> +	nonmatching = new State(0, emptynode);
> +	states.push_back(nonmatching);
>  	nodemap.insert(make_pair(make_pair(hash_NodeSet(emptynode), emptynode), nonmatching));
>  	/* there is no nodemapping for the nonmatching state */
>  
> -	start = new State;
> -	start->label = 1;
> -	states.push_back(start);
>  	NodeSet *first = new NodeSet(root->firstpos);
> -	start->nodes = first;
> +	start = new State(1, first);
> +	states.push_back(start);
>  	nodemap.insert(make_pair(make_pair(hash_NodeSet(first), first), start));
>  
>  	/* the work_queue contains the proto-states (set of nodes that is
> @@ -1542,19 +1553,10 @@ DFA::DFA(Node *root, dfaflags_t flags) : root(root)
>  			fprintf(stderr, "\033[2KCreating dfa: queue %ld\tstates %ld\teliminated duplicates %d\r", work_queue.size(), states.size(), stats.duplicates);
>  		i++;
>  
> -		int error;
>  		NodeSet *nodes = work_queue.front();
>  		work_queue.pop_front();
>  		State *from = nodemap[make_pair(hash_NodeSet(nodes), nodes)];
>  
> -		/* Compute permissions associated with the State. */
> -		from->accept = accept_perms(nodes, &from->audit, &error);
> -		if (error) {
> -			/* TODO!!!!!!!!!!!!!
> -			 * permission error checking here
> -			 */
> -		}
> -
>  		/* Compute possible transitions for `nodes`.  This is done by
>  		 * iterating over all the nodes in nodes and combining the
>  		 * transitions.
> -- 
> 1.7.1
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20101110/3863feea/attachment.pgp

More information about the AppArmor mailing list