[apparmor] [PATCH 1/5] Add basic string matching to the hfa

John Johansen john.johansen at canonical.com
Tue Jan 3 12:05:55 UTC 2012 

On 01/02/2012 03:53 PM, Seth Arnold wrote:
> Oh yes, I like that very much. :) thanks John!

So can I count that as an ACK?

>
> ------Original Message------
> From: John Johansen
> To: Seth Arnold
> Cc: apparmor at lists.ubuntu.com
> Subject: Re: [apparmor] [PATCH 1/5] Add basic string matching to the hfa
> Sent: Jan 2, 2012 3:21 PM
>
> On 12/27/2011 08:13 PM, Seth Arnold wrote:
>> Yay! I love patches. :)
>>
>>
>
> <<  snip>>
>
>> It seems unfortunate to me that this walks the string _twice_ -- once for
>> strlen, once for the match_len call. Is this me prematurely optimizing? Or
>> is this a potential performance problem?
>>
>
> And how do you find this for a solution
>
> ---
>
>   From 8f391bbc7e522d798a69809f3d40b7a6d6cdb8a1 Mon Sep 17 00:00:00 2001
> From: John Johansen<john.johansen at canonical.com>
> Date: Fri, 30 Dec 2011 17:36:05 -0800
> Subject: [PATCH] Make hfa::match not need to walk a string twice
>
> Currently hfa::match calls hfa::match_len to do matching.  However this
> requires walking the input string twice.  Instead provide a match routine for
> input that is supposed to terminate at a given input character.
>
> Signed-off-by: John Johansen<john.johansen at canonical.com>
> ---
>    parser/libapparmor_re/hfa.cc |   10 +++++++++-
>    parser/libapparmor_re/hfa.h  |    1 +
>    2 files changed, 10 insertions(+), 1 deletions(-)
>
> diff --git a/parser/libapparmor_re/hfa.cc b/parser/libapparmor_re/hfa.cc
> index 86e5bd5..dca9304 100644
> --- a/parser/libapparmor_re/hfa.cc
> +++ b/parser/libapparmor_re/hfa.cc
> @@ -276,9 +276,17 @@ State *DFA::match_len(State *state, const char *str, size_t len)
>    	return state;
>    }
>
> +State *DFA::match_until(State *state, const char *str, const char term)
> +{
> +	while (*str != term)
> +		state = state->next(*str++);
> +
> +	return state;
> +}
> +
>    State *DFA::match(const char *str)
>    {
> -	return match_len(start, str, strlen(str));
> +	return match_until(start, str, 0);
>    }
>
>    void DFA::dump_uniq_perms(const char *s)
> diff --git a/parser/libapparmor_re/hfa.h b/parser/libapparmor_re/hfa.h
> index 3e8d99b..66f0a70 100644
> --- a/parser/libapparmor_re/hfa.h
> +++ b/parser/libapparmor_re/hfa.h
> @@ -349,6 +349,7 @@ public:
>    	virtual ~DFA();
>
>    	State *match_len(State *state, const char *str, size_t len);
> +	State *match_until(State *state, const char *str, const char term);
>    	State *match(const char *str);
>
>    	void remove_unreachable(dfaflags_t flags);

More information about the AppArmor mailing list