[apparmor] [patch 12/12] split accept perm processing from rule parsing
John Johansen
john.johansen at canonical.com
Thu Aug 21 20:18:35 UTC 2014
On 08/20/2014 01:18 AM, Steve Beattie wrote:
> On Fri, Aug 15, 2014 at 12:20:47PM -0700, john.johansen at canonical.com wrote:
>> Signed-off-by: John Johansen <john.johansen at canonical.com>
>
> Acked-by: Steve Beattie <steve at nxnw.org>
>
>> + /*
>> + * Check if we have an expression with or without wildcards. This
>> + * determines how exec modifiers are merged in accept_perms() based
>> + * on how we split permission bitmasks here.
>> + */
>> + exact_match = 1;
>> + for (depth_first_traversal i(tree); i && exact_match; i++) {
>> + if (dynamic_cast<StarNode *>(*i) ||
>> + dynamic_cast<PlusNode *>(*i) ||
>> + dynamic_cast<AnyCharNode *>(*i) ||
>> + dynamic_cast<CharSetNode *>(*i) ||
>> + dynamic_cast<NotCharSetNode *>(*i))
>> + exact_match = 0;
>> + }
>
> One of these days I'll get around to pushing an is_exact_match()
> method into each of the Node classes so that all the dynamic_casts
> don't need to occur while walking the tree. Or maybe someone else will,
> which would be great, too.
>
nah, all of this is going to get razed as asap. The work has been started its
just getting time to finish it
More information about the AppArmor
mailing list