[apparmor] [patch 09/12] Refactor accept nodes to be common to a shared node type

John Johansen john.johansen at canonical.com
Thu Aug 21 20:32:17 UTC 2014


On 08/20/2014 01:11 AM, Steve Beattie wrote:
> On Fri, Aug 15, 2014 at 12:20:44PM -0700, john.johansen at canonical.com wrote:
>> The shared node type will be used in the future to add new capabilities
>>
>> Signed-off-by: John Johansen <john.johansen at canonical.com>
>>
>> === modified file 'parser/libapparmor_re/expr-tree.h'
>> ---
>>  parser/libapparmor_re/expr-tree.h |   99 +++++++++++++++++++-------------------
>>  1 file changed, 51 insertions(+), 48 deletions(-)
>>
>> --- parser/libapparmor_re/expr-tree.h.orig
>> +++ parser/libapparmor_re/expr-tree.h
>> @@ -216,6 +216,7 @@
>>  	void compute_lastpos() { lastpos.insert(this); }
>>  	virtual void follow(Cases &cases) = 0;
>>  	virtual int is_accept(void) = 0;
>> +	virtual int is_postprocess(void) = 0;
>>  };
>>  
>>  /* common base class for all the different classes that contain
>> @@ -225,6 +226,7 @@
>>  public:
>>  	CNode(): ImportantNode() { }
>>  	int is_accept(void) { return false; }
>> +	int is_postprocess(void) { return false; }
>>  };
>>  
> 
> All the class reorganization I think looks okay, I just don't get the
> addition of the is_postprocess() methods that only return false (here
> and in the AcceptNode() class. Is this a future change that leaked in,
> because I don't see anything that references it later in the patch set.
> 
Indeed I stole this code from the alias rework, where we pickup new node
types to handle alias rewriting

> Without the is_postprocess() bits, Acked-by: Steve Beattie <steve at nxnw.org>
> 
>>  /* Match one specific character (/c/). */
>> @@ -369,35 +371,6 @@
>>  	ostream &dump(ostream &os) { return os << "."; }
>>  };
>>  
>> -/**
>> - * Indicate that a regular expression matches. An AcceptNode itself
>> - * doesn't match anything, so it will never generate any transitions.
>> - */
>> -class AcceptNode: public ImportantNode {
>> -public:
>> -	AcceptNode() { }
>> -	int is_accept(void) { return true; }
>> -	void release(void)
>> -	{
>> -		/* don't delete AcceptNode via release as they are shared, and
>> -		 * will be deleted when the table the are stored in is deleted
>> -		 */
>> -	}
>> -
>> -	void follow(Cases &cases __attribute__ ((unused)))
>> -	{
>> -		/* Nothing to follow. */
>> -	}
>> -
>> -	/* requires accept nodes to be common by pointer */
>> -	int eq(Node *other)
>> -	{
>> -		if (dynamic_cast<AcceptNode *>(other))
>> -			return (this == other);
>> -		return 0;
>> -	}
>> -};
>> -
>>  /* Match a node zero or more times. (This is a unary operator.) */
>>  class StarNode: public OneChildNode {
>>  public:
>> @@ -536,6 +509,55 @@
>>  	void normalize(int dir);
>>  };
>>  
>> +class SharedNode: public ImportantNode {
>> +public:
>> +	SharedNode() { }
>> +	void release(void)
>> +	{
>> +		/* don't delete SharedNodes via release as they are shared, and
>> +		 * will be deleted when the table they are stored in is deleted
>> +		 */
>> +	}
>> +
>> +	void follow(Cases &cases __attribute__ ((unused)))
>> +	{
>> +		/* Nothing to follow. */
>> +	}
>> +
>> +	/* requires shared nodes to be common by pointer */
>> +	int eq(Node *other) { return (this == other); }
>> +};
>> +
>> +/**
>> + * Indicate that a regular expression matches. An AcceptNode itself
>> + * doesn't match anything, so it will never generate any transitions.
>> + */
>> +class AcceptNode: public SharedNode {
>> +public:
>> +	AcceptNode() { }
>> +	int is_accept(void) { return true; }
>> +	int is_postprocess(void) { return false; }
>> +};
>> +
>> +class MatchFlag: public AcceptNode {
>> +public:
>> +	MatchFlag(uint32_t flag, uint32_t audit): flag(flag), audit(audit) { }
>> +	ostream &dump(ostream &os) { return os << "< 0x" << hex << flag << '>'; }
>> +
>> +	uint32_t flag;
>> +	uint32_t audit;
>> +};
>> +
>> +class ExactMatchFlag: public MatchFlag {
>> +public:
>> +	ExactMatchFlag(uint32_t flag, uint32_t audit): MatchFlag(flag, audit) {}
>> +};
>> +
>> +class DenyMatchFlag: public MatchFlag {
>> +public:
>> +	DenyMatchFlag(uint32_t flag, uint32_t quiet): MatchFlag(flag, quiet) {}
>> +};
>> +
>>  /* Traverse the syntax tree depth-first in an iterator-like manner. */
>>  class depth_first_traversal {
>>  	stack<Node *>pos;
>> @@ -588,25 +610,6 @@
>>  void flip_tree(Node *node);
>>  
>>  
>> -class MatchFlag: public AcceptNode {
>> -public:
>> -	MatchFlag(uint32_t flag, uint32_t audit): flag(flag), audit(audit) { }
>> -	ostream &dump(ostream &os) { return os << "< 0x" << hex << flag << '>'; }
>> -
>> -	uint32_t flag;
>> -	uint32_t audit;
>> -};
>> -
>> -class ExactMatchFlag: public MatchFlag {
>> -public:
>> -	ExactMatchFlag(uint32_t flag, uint32_t audit): MatchFlag(flag, audit) {}
>> -};
>> -
>> -class DenyMatchFlag: public MatchFlag {
>> -public:
>> -	DenyMatchFlag(uint32_t flag, uint32_t quiet): MatchFlag(flag, quiet) {}
>> -};
>> -
>>  
>>  /*
>>   * hashedNodes - for efficient set comparison
>>
>>
>> -- 
>> AppArmor mailing list
>> AppArmor at lists.ubuntu.com
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
> 
> 
> 




More information about the AppArmor mailing list