[apparmor] [PATCH 3/6] rework the is_null test to not include deny

Steve Beattie steve at nxnw.org
Wed Mar 21 20:48:32 UTC 2012 

On Wed, Mar 21, 2012 at 06:02:22AM -0700, John Johansen wrote:
> The deny information is not used as valid accept state information,
> so remove it from the is_null test.  This does not change the dfa
> generated but does result in the dumped information changing,
> as states that don't have any accept information are no longer
> reported as accepting. This is what changes the number of states
> reported in the minimize tests.
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>

Acked-By: Steve Beattie <sbeattie at ubuntu.com>

Does is_null() need a better name?

> ---
>  parser/libapparmor_re/hfa.h |    2 +-
>  parser/tst/minimize.sh      |    4 ++--
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/parser/libapparmor_re/hfa.h b/parser/libapparmor_re/hfa.h
> index 923c918..73bbfc0 100644
> --- a/parser/libapparmor_re/hfa.h
> +++ b/parser/libapparmor_re/hfa.h
> @@ -43,7 +43,7 @@ class perms_t {
>  public:
>  	perms_t(void) throw(int): allow(0), deny(0), audit(0), quiet(0), exact(0) { };
>  
> -	bool is_null(void) { return !(allow | deny | audit | quiet); }
> +	bool is_null(void) { return !(allow | audit | quiet); }
>  
>  	void dump(ostream &os)
>  	{
> diff --git a/parser/tst/minimize.sh b/parser/tst/minimize.sh
> index 9bc9aae..300ab8d 100755
> --- a/parser/tst/minimize.sh
> +++ b/parser/tst/minimize.sh
> @@ -127,7 +127,7 @@ echo "ok"
>  # {c} (0x 40030/0/0/0)
>  
>  echo -n "Minimize profiles audit deny perms "
> -if [ `echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, audit deny /** w, }" | ../apparmor_parser -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '(.*)$' | wc -l` -ne 6 ] ; then
> +if [ `echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, audit deny /** w, }" | ../apparmor_parser -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '(.*)$' | wc -l` -ne 5 ] ; then
>      echo "failed"
>      exit 1;
>  fi
> @@ -192,7 +192,7 @@ echo "ok"
>  # {3} (0x 0/fe17f85/0/0)
>  
>  echo -n "Minimize profiles audit deny xtrans "
> -if [ `echo "/t { /b px, audit deny /* xr, /a Cx -> foo, }" | ../apparmor_parser -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '(.*)$' | wc -l` -ne 1 ] ; then
> +if [ `echo "/t { /b px, audit deny /* xr, /a Cx -> foo, }" | ../apparmor_parser -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '(.*)$' | wc -l` -ne 0 ] ; then
>      echo "failed"
>      exit 1;
>  fi
> -- 
> 1.7.9.1
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120321/6377eb47/attachment-0001.pgp>

More information about the AppArmor mailing list