[apparmor] [PATCH 05/11] Accumulate accept state permission in dfa minimize
Steve Beattie
steve at nxnw.org
Fri Oct 22 08:41:30 BST 2010
On Mon, Oct 18, 2010 at 05:20:37PM -0700, John Johansen wrote:
> Do permission accumulation in dfa minimization. This is necessary if accept
> states with different permissions are to ever share a partition.
> ---
> parser/libapparmor_re/regexp.y | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/parser/libapparmor_re/regexp.y b/parser/libapparmor_re/regexp.y
> index c95644b..6de7ae6 100644
> --- a/parser/libapparmor_re/regexp.y
> +++ b/parser/libapparmor_re/regexp.y
> @@ -1827,10 +1827,13 @@ void DFA::minimize(dfaflags_t flags)
>
> //if ((*p)->size() > 1)
> //cerr << rep->label << ": ";
> - /* clear the state label for all non representative states */
> + /* clear the state label for all non representative states,
> + * and accumulate permissions */
> for (Partition::iterator i = ++(*p)->begin(); i != (*p)->end(); i++) {
> //cerr << " " << (*i)->label;
> (*i)->label = -1;
> + rep->accept |= (*i)->accept;
> + rep->audit |= (*i)->audit;
> }
> //if ((*p)->size() > 1)
> //cerr << "\n";
ACK.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20101022/6d26b354/attachment.pgp
More information about the AppArmor
mailing list