[apparmor] [PATCH 3/6] rework the is_null test to not include deny
John Johansen
john.johansen at canonical.com
Wed Mar 21 13:02:22 UTC 2012
The deny information is not used as valid accept state information,
so remove it from the is_null test. This does not change the dfa
generated but does result in the dumped information changing,
as states that don't have any accept information are no longer
reported as accepting. This is what changes the number of states
reported in the minimize tests.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
parser/libapparmor_re/hfa.h | 2 +-
parser/tst/minimize.sh | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/parser/libapparmor_re/hfa.h b/parser/libapparmor_re/hfa.h
index 923c918..73bbfc0 100644
--- a/parser/libapparmor_re/hfa.h
+++ b/parser/libapparmor_re/hfa.h
@@ -43,7 +43,7 @@ class perms_t {
public:
perms_t(void) throw(int): allow(0), deny(0), audit(0), quiet(0), exact(0) { };
- bool is_null(void) { return !(allow | deny | audit | quiet); }
+ bool is_null(void) { return !(allow | audit | quiet); }
void dump(ostream &os)
{
diff --git a/parser/tst/minimize.sh b/parser/tst/minimize.sh
index 9bc9aae..300ab8d 100755
--- a/parser/tst/minimize.sh
+++ b/parser/tst/minimize.sh
@@ -127,7 +127,7 @@ echo "ok"
# {c} (0x 40030/0/0/0)
echo -n "Minimize profiles audit deny perms "
-if [ `echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, audit deny /** w, }" | ../apparmor_parser -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '(.*)$' | wc -l` -ne 6 ] ; then
+if [ `echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, audit deny /** w, }" | ../apparmor_parser -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '(.*)$' | wc -l` -ne 5 ] ; then
echo "failed"
exit 1;
fi
@@ -192,7 +192,7 @@ echo "ok"
# {3} (0x 0/fe17f85/0/0)
echo -n "Minimize profiles audit deny xtrans "
-if [ `echo "/t { /b px, audit deny /* xr, /a Cx -> foo, }" | ../apparmor_parser -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '(.*)$' | wc -l` -ne 1 ] ; then
+if [ `echo "/t { /b px, audit deny /* xr, /a Cx -> foo, }" | ../apparmor_parser -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '(.*)$' | wc -l` -ne 0 ] ; then
echo "failed"
exit 1;
fi
--
1.7.9.1
More information about the AppArmor
mailing list