[apparmor] [PATCH 09/10] Split the nodeset used in computing the dfa into two sets, accepting and non-accepting, and have the proto-state use them.
Seth Arnold
seth.arnold at gmail.com
Fri Oct 28 22:08:22 UTC 2011
Can you explain the complicated condition at the end of the split operation?
static void split_node_types(NodeSet *nodes, NodeSet **anodes, NodeSet **nnodes)
{
*anodes = *nnodes = NULL;
for (NodeSet::iterator i = nodes->begin(); i != nodes->end(); ) {
If ((*i)->is_accept()) {
if (!*anodes)
*anodes = new NodeSet;
(*anodes)->insert(*i);
NodeSet::iterator k = i++;
nodes->erase(k);
} else
i++;
}
if (nodes->size() > 0 || !*anodes) {
*nnodes = nodes;
} else {
delete nodes;
}
}
(Please forgive the formatting, blackberry is surely not vim.)
I'm going around in circles trying to understand why || was used and how these conditions make sense in the end. I think I'd feel better if all the non-accept nodes were appended to nnodes in the body of the loop instead, but I'm not convinced that would be the same behavior.
What am I missing?
Thanks
More information about the AppArmor
mailing list