[apparmor] [patch 09/12] Refactor accept nodes to be common to a shared node type
John Johansen
john.johansen at canonical.com
Thu Aug 21 20:32:17 UTC 2014
On 08/20/2014 01:11 AM, Steve Beattie wrote:
> On Fri, Aug 15, 2014 at 12:20:44PM -0700, john.johansen at canonical.com wrote:
>> The shared node type will be used in the future to add new capabilities
>>
>> Signed-off-by: John Johansen <john.johansen at canonical.com>
>>
>> === modified file 'parser/libapparmor_re/expr-tree.h'
>> ---
>> parser/libapparmor_re/expr-tree.h | 99 +++++++++++++++++++-------------------
>> 1 file changed, 51 insertions(+), 48 deletions(-)
>>
>> --- parser/libapparmor_re/expr-tree.h.orig
>> +++ parser/libapparmor_re/expr-tree.h
>> @@ -216,6 +216,7 @@
>> void compute_lastpos() { lastpos.insert(this); }
>> virtual void follow(Cases &cases) = 0;
>> virtual int is_accept(void) = 0;
>> + virtual int is_postprocess(void) = 0;
>> };
>>
>> /* common base class for all the different classes that contain
>> @@ -225,6 +226,7 @@
>> public:
>> CNode(): ImportantNode() { }
>> int is_accept(void) { return false; }
>> + int is_postprocess(void) { return false; }
>> };
>>
>
> All the class reorganization I think looks okay, I just don't get the
> addition of the is_postprocess() methods that only return false (here
> and in the AcceptNode() class. Is this a future change that leaked in,
> because I don't see anything that references it later in the patch set.
>
Indeed I stole this code from the alias rework, where we pickup new node
types to handle alias rewriting
> Without the is_postprocess() bits, Acked-by: Steve Beattie <steve at nxnw.org>
>
>> /* Match one specific character (/c/). */
>> @@ -369,35 +371,6 @@
>> ostream &dump(ostream &os) { return os << "."; }
>> };
>>
>> -/**
>> - * Indicate that a regular expression matches. An AcceptNode itself
>> - * doesn't match anything, so it will never generate any transitions.
>> - */
>> -class AcceptNode: public ImportantNode {
>> -public:
>> - AcceptNode() { }
>> - int is_accept(void) { return true; }
>> - void release(void)
>> - {
>> - /* don't delete AcceptNode via release as they are shared, and
>> - * will be deleted when the table the are stored in is deleted
>> - */
>> - }
>> -
>> - void follow(Cases &cases __attribute__ ((unused)))
>> - {
>> - /* Nothing to follow. */
>> - }
>> -
>> - /* requires accept nodes to be common by pointer */
>> - int eq(Node *other)
>> - {
>> - if (dynamic_cast<AcceptNode *>(other))
>> - return (this == other);
>> - return 0;
>> - }
>> -};
>> -
>> /* Match a node zero or more times. (This is a unary operator.) */
>> class StarNode: public OneChildNode {
>> public:
>> @@ -536,6 +509,55 @@
>> void normalize(int dir);
>> };
>>
>> +class SharedNode: public ImportantNode {
>> +public:
>> + SharedNode() { }
>> + void release(void)
>> + {
>> + /* don't delete SharedNodes via release as they are shared, and
>> + * will be deleted when the table they are stored in is deleted
>> + */
>> + }
>> +
>> + void follow(Cases &cases __attribute__ ((unused)))
>> + {
>> + /* Nothing to follow. */
>> + }
>> +
>> + /* requires shared nodes to be common by pointer */
>> + int eq(Node *other) { return (this == other); }
>> +};
>> +
>> +/**
>> + * Indicate that a regular expression matches. An AcceptNode itself
>> + * doesn't match anything, so it will never generate any transitions.
>> + */
>> +class AcceptNode: public SharedNode {
>> +public:
>> + AcceptNode() { }
>> + int is_accept(void) { return true; }
>> + int is_postprocess(void) { return false; }
>> +};
>> +
>> +class MatchFlag: public AcceptNode {
>> +public:
>> + MatchFlag(uint32_t flag, uint32_t audit): flag(flag), audit(audit) { }
>> + ostream &dump(ostream &os) { return os << "< 0x" << hex << flag << '>'; }
>> +
>> + uint32_t flag;
>> + uint32_t audit;
>> +};
>> +
>> +class ExactMatchFlag: public MatchFlag {
>> +public:
>> + ExactMatchFlag(uint32_t flag, uint32_t audit): MatchFlag(flag, audit) {}
>> +};
>> +
>> +class DenyMatchFlag: public MatchFlag {
>> +public:
>> + DenyMatchFlag(uint32_t flag, uint32_t quiet): MatchFlag(flag, quiet) {}
>> +};
>> +
>> /* Traverse the syntax tree depth-first in an iterator-like manner. */
>> class depth_first_traversal {
>> stack<Node *>pos;
>> @@ -588,25 +610,6 @@
>> void flip_tree(Node *node);
>>
>>
>> -class MatchFlag: public AcceptNode {
>> -public:
>> - MatchFlag(uint32_t flag, uint32_t audit): flag(flag), audit(audit) { }
>> - ostream &dump(ostream &os) { return os << "< 0x" << hex << flag << '>'; }
>> -
>> - uint32_t flag;
>> - uint32_t audit;
>> -};
>> -
>> -class ExactMatchFlag: public MatchFlag {
>> -public:
>> - ExactMatchFlag(uint32_t flag, uint32_t audit): MatchFlag(flag, audit) {}
>> -};
>> -
>> -class DenyMatchFlag: public MatchFlag {
>> -public:
>> - DenyMatchFlag(uint32_t flag, uint32_t quiet): MatchFlag(flag, quiet) {}
>> -};
>> -
>>
>> /*
>> * hashedNodes - for efficient set comparison
>>
>>
>> --
>> AppArmor mailing list
>> AppArmor at lists.ubuntu.com
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
>
>
More information about the AppArmor
mailing list