[apparmor] [PATCH 1/5] Add basic string matching to the hfa
John Johansen
john.johansen at canonical.com
Tue Jan 3 12:05:55 UTC 2012
On 01/02/2012 03:53 PM, Seth Arnold wrote:
> Oh yes, I like that very much. :) thanks John!
So can I count that as an ACK?
>
> ------Original Message------
> From: John Johansen
> To: Seth Arnold
> Cc: apparmor at lists.ubuntu.com
> Subject: Re: [apparmor] [PATCH 1/5] Add basic string matching to the hfa
> Sent: Jan 2, 2012 3:21 PM
>
> On 12/27/2011 08:13 PM, Seth Arnold wrote:
>> Yay! I love patches. :)
>>
>>
>
> << snip>>
>
>> It seems unfortunate to me that this walks the string _twice_ -- once for
>> strlen, once for the match_len call. Is this me prematurely optimizing? Or
>> is this a potential performance problem?
>>
>
> And how do you find this for a solution
>
> ---
>
> From 8f391bbc7e522d798a69809f3d40b7a6d6cdb8a1 Mon Sep 17 00:00:00 2001
> From: John Johansen<john.johansen at canonical.com>
> Date: Fri, 30 Dec 2011 17:36:05 -0800
> Subject: [PATCH] Make hfa::match not need to walk a string twice
>
> Currently hfa::match calls hfa::match_len to do matching. However this
> requires walking the input string twice. Instead provide a match routine for
> input that is supposed to terminate at a given input character.
>
> Signed-off-by: John Johansen<john.johansen at canonical.com>
> ---
> parser/libapparmor_re/hfa.cc | 10 +++++++++-
> parser/libapparmor_re/hfa.h | 1 +
> 2 files changed, 10 insertions(+), 1 deletions(-)
>
> diff --git a/parser/libapparmor_re/hfa.cc b/parser/libapparmor_re/hfa.cc
> index 86e5bd5..dca9304 100644
> --- a/parser/libapparmor_re/hfa.cc
> +++ b/parser/libapparmor_re/hfa.cc
> @@ -276,9 +276,17 @@ State *DFA::match_len(State *state, const char *str, size_t len)
> return state;
> }
>
> +State *DFA::match_until(State *state, const char *str, const char term)
> +{
> + while (*str != term)
> + state = state->next(*str++);
> +
> + return state;
> +}
> +
> State *DFA::match(const char *str)
> {
> - return match_len(start, str, strlen(str));
> + return match_until(start, str, 0);
> }
>
> void DFA::dump_uniq_perms(const char *s)
> diff --git a/parser/libapparmor_re/hfa.h b/parser/libapparmor_re/hfa.h
> index 3e8d99b..66f0a70 100644
> --- a/parser/libapparmor_re/hfa.h
> +++ b/parser/libapparmor_re/hfa.h
> @@ -349,6 +349,7 @@ public:
> virtual ~DFA();
>
> State *match_len(State *state, const char *str, size_t len);
> + State *match_until(State *state, const char *str, const char term);
> State *match(const char *str);
>
> void remove_unreachable(dfaflags_t flags);
More information about the AppArmor
mailing list