[apparmor] [PATCH 1/5] Add basic string matching to the hfa

[John Johansen]

Add the ability to match strings directly from the hfa instead of needing
to build a cfha.

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 parser/libapparmor_re/hfa.cc |   14 ++++++++++++++
 parser/libapparmor_re/hfa.h  |   10 ++++++++++
 2 files changed, 24 insertions(+), 0 deletions(-)

diff --git a/parser/libapparmor_re/hfa.cc b/parser/libapparmor_re/hfa.cc
index 5e2898f..86e5bd5 100644
--- a/parser/libapparmor_re/hfa.cc
+++ b/parser/libapparmor_re/hfa.cc
@@ -30,6 +30,7 @@
 #include <ostream>
 #include <iostream>
 #include <fstream>
+#include <string.h>
 
 #include "expr-tree.h"
 #include "hfa.h"
@@ -267,6 +268,19 @@ DFA::~DFA()
 		delete *i;
 }
 
+State *DFA::match_len(State *state, const char *str, size_t len)
+{
+	for (; len > 0; ++str, --len)
+		state = state->next(*str);
+
+	return state;
+}
+
+State *DFA::match(const char *str)
+{
+	return match_len(start, str, strlen(str));
+}
+
 void DFA::dump_uniq_perms(const char *s)
 {
 	set<pair<uint32_t, uint32_t> > uniq;
diff --git a/parser/libapparmor_re/hfa.h b/parser/libapparmor_re/hfa.h
index 161cddd..3e8d99b 100644
--- a/parser/libapparmor_re/hfa.h
+++ b/parser/libapparmor_re/hfa.h
@@ -275,6 +275,13 @@ public:
 		}
 	};
 
+	State *next(uchar c) {
+		StateTrans::iterator i = trans.find(c);
+		if (i != trans.end())
+			return i->second;
+		return otherwise;
+	};
+
 	int label;
 	uint32_t audit, accept;
 	StateTrans trans;
@@ -341,6 +348,9 @@ public:
 	DFA(Node *root, dfaflags_t flags);
 	virtual ~DFA();
 
+	State *match_len(State *state, const char *str, size_t len);
+	State *match(const char *str);
+
 	void remove_unreachable(dfaflags_t flags);
 	bool same_mappings(State *s1, State *s2);
 	size_t hash_trans(State *s);
-- 
1.7.7.3