[apparmor] [PATCH 05/11] Accumulate accept state permission in dfa minimize
John Johansen
john.johansen at canonical.com
Tue Oct 19 01:20:37 BST 2010
Do permission accumulation in dfa minimization. This is necessary if accept
states with different permissions are to ever share a partition.
---
parser/libapparmor_re/regexp.y | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/parser/libapparmor_re/regexp.y b/parser/libapparmor_re/regexp.y
index c95644b..6de7ae6 100644
--- a/parser/libapparmor_re/regexp.y
+++ b/parser/libapparmor_re/regexp.y
@@ -1827,10 +1827,13 @@ void DFA::minimize(dfaflags_t flags)
//if ((*p)->size() > 1)
//cerr << rep->label << ": ";
- /* clear the state label for all non representative states */
+ /* clear the state label for all non representative states,
+ * and accumulate permissions */
for (Partition::iterator i = ++(*p)->begin(); i != (*p)->end(); i++) {
//cerr << " " << (*i)->label;
(*i)->label = -1;
+ rep->accept |= (*i)->accept;
+ rep->audit |= (*i)->audit;
}
//if ((*p)->size() > 1)
//cerr << "\n";
--
1.7.1
More information about the AppArmor
mailing list