[apparmor] [PATCH 3/6] rework the is_null test to not include deny

John Johansen john.johansen at canonical.com
Wed Mar 21 21:09:05 UTC 2012 

On 03/21/2012 01:48 PM, Steve Beattie wrote:
> On Wed, Mar 21, 2012 at 06:02:22AM -0700, John Johansen wrote:
>> The deny information is not used as valid accept state information,
>> so remove it from the is_null test.  This does not change the dfa
>> generated but does result in the dumped information changing,
>> as states that don't have any accept information are no longer
>> reported as accepting. This is what changes the number of states
>> reported in the minimize tests.
>>
>> Signed-off-by: John Johansen <john.johansen at canonical.com>
> 
> Acked-By: Steve Beattie <sbeattie at ubuntu.com>
> 
> Does is_null() need a better name?

yes. Either is_nonaccepting or even better switching the logic and going
with is_accept or is_accepting would be better.

The is_null() came about from earlier iterations where it was actually doing
something a little different.

> 
>> ---
>>  parser/libapparmor_re/hfa.h |    2 +-
>>  parser/tst/minimize.sh      |    4 ++--
>>  2 files changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/parser/libapparmor_re/hfa.h b/parser/libapparmor_re/hfa.h
>> index 923c918..73bbfc0 100644
>> --- a/parser/libapparmor_re/hfa.h
>> +++ b/parser/libapparmor_re/hfa.h
>> @@ -43,7 +43,7 @@ class perms_t {
>>  public:
>>  	perms_t(void) throw(int): allow(0), deny(0), audit(0), quiet(0), exact(0) { };
>>  
>> -	bool is_null(void) { return !(allow | deny | audit | quiet); }
>> +	bool is_null(void) { return !(allow | audit | quiet); }
>>  
>>  	void dump(ostream &os)
>>  	{
>> diff --git a/parser/tst/minimize.sh b/parser/tst/minimize.sh
>> index 9bc9aae..300ab8d 100755
>> --- a/parser/tst/minimize.sh
>> +++ b/parser/tst/minimize.sh
>> @@ -127,7 +127,7 @@ echo "ok"
>>  # {c} (0x 40030/0/0/0)
>>  
>>  echo -n "Minimize profiles audit deny perms "
>> -if [ `echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, audit deny /** w, }" | ../apparmor_parser -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '(.*)$' | wc -l` -ne 6 ] ; then
>> +if [ `echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, audit deny /** w, }" | ../apparmor_parser -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '(.*)$' | wc -l` -ne 5 ] ; then
>>      echo "failed"
>>      exit 1;
>>  fi
>> @@ -192,7 +192,7 @@ echo "ok"
>>  # {3} (0x 0/fe17f85/0/0)
>>  
>>  echo -n "Minimize profiles audit deny xtrans "
>> -if [ `echo "/t { /b px, audit deny /* xr, /a Cx -> foo, }" | ../apparmor_parser -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '(.*)$' | wc -l` -ne 1 ] ; then
>> +if [ `echo "/t { /b px, audit deny /* xr, /a Cx -> foo, }" | ../apparmor_parser -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '(.*)$' | wc -l` -ne 0 ] ; then
>>      echo "failed"
>>      exit 1;
>>  fi
>> -- 
>> 1.7.9.1
>>
>>
>> -- 
>> AppArmor mailing list
>> AppArmor at lists.ubuntu.com
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
> 
> 
>

More information about the AppArmor mailing list