[apparmor] [patch 08/12] Refactor rule accumulation to use some helper functions
John Johansen
john.johansen at canonical.com
Mon Aug 25 23:32:45 UTC 2014
On 08/19/2014 01:35 AM, Steve Beattie wrote:
> On Fri, Aug 15, 2014 at 12:20:43PM -0700, john.johansen at canonical.com wrote:
>> Signed-off-by: John Johansen <john.johansen at canonical.com>
>
> Acked-by: Steve Beattie <steve at nxnw.org> with one minor style nit...
>
>> ---
>> parser/libapparmor_re/aare_rules.cc | 28 ++++++++++++++++++----------
>> parser/libapparmor_re/aare_rules.h | 1 +
>> 2 files changed, 19 insertions(+), 10 deletions(-)
>>
>> --- 2.9-test.orig/parser/libapparmor_re/aare_rules.cc
>> +++ 2.9-test/parser/libapparmor_re/aare_rules.cc
>> @@ -76,6 +76,21 @@
>> #undef RESET_FLAGS
>> }
>>
>> +void aare_rules::add_to_rules(Node *tree, Node *perms)
>> +{
>> + if (reverse)
>> + flip_tree(tree);
>> + if (root)
>> + root = new AltNode(root, new CatNode(tree, perms));
>> + else
>> + root = new CatNode(tree, perms);
>> +}
>> +
>> +static Node *cat_with_null_seperator(Node *l, Node *r)
>> +{
>> + return new CatNode(new CatNode(l, new CharNode(0)), r);
>> +}
>> +
>> bool aare_rules::add_rule_vec(int deny, uint32_t perms, uint32_t audit,
>> int count, const char **rulev, dfaflags_t flags)
>> {
>> @@ -89,13 +104,9 @@
>> return false;
>> for (int i = 1; i < count; i++) {
>> Node *subtree = NULL;
>> - Node *node = new CharNode(0);
>> - if (!node)
>> - return false;
>> - tree = new CatNode(tree, node);
>> if (regex_parse(&subtree, rulev[i]))
>> - return false;
>> - tree = new CatNode(tree, subtree);
>> + return 0;
>
> Why the conversion from returning false to 0?
>
sorry just a brain fart, probably was switching over from kernel code
More information about the AppArmor
mailing list