[apparmor] [patch 08/18] parser: simplify handling of default matching patterns [resend]
Steve Beattie
steve at nxnw.org
Thu Jan 16 22:06:16 UTC 2014
Seth Arnold noticed an ugly string.clear(); convert_entry(string,
NULL) pattern occurred frequently following the conversion to using
std::string. This patch replaces that by using a static pointer to
a constant string matching pattern, and also converts other uses of
that pattern. It also adds a function wrapper that will clear the
passed buffer before calling convert_entry().
Signed-off-by: Steve Beattie <steve at nxnw.org>
---
parser/parser_regex.c | 66 ++++++++++++++++++++++----------------------------
1 file changed, 30 insertions(+), 36 deletions(-)
Index: b/parser/parser_regex.c
===================================================================
--- a/parser/parser_regex.c
+++ b/parser/parser_regex.c
@@ -44,6 +44,9 @@ enum error_type {
e_parse_error,
};
+/* match any char except \000 0 or more times */
+static const char *default_match_pattern = "[^\\000]*";
+
/* Filters out multiple slashes (except if the first two are slashes,
* that's a distinct namespace in linux) and trailing slashes.
* NOTE: modifies in place the contents of the path argument */
@@ -631,7 +634,7 @@ static int build_list_val_expr(std::stri
int pos;
if (!list) {
- buffer.append("[^\\000]*");
+ buffer.append(default_match_pattern);
return TRUE;
}
@@ -664,12 +667,18 @@ static int convert_entry(std::string& bu
if (ptype == ePatternInvalid)
return FALSE;
} else {
- buffer.append("[^\\000]*");
+ buffer.append(default_match_pattern);
}
return TRUE;
}
+static int clear_and_convert_entry(std::string& buffer, char *entry)
+{
+ buffer.clear();
+ return convert_entry(buffer, entry);
+}
+
static int build_mnt_flags(char *buffer, int size, unsigned int flags,
unsigned int inv_flags)
{
@@ -678,7 +687,7 @@ static int build_mnt_flags(char *buffer,
if (flags == MS_ALL_FLAGS) {
/* all flags are optional */
- len = snprintf(p, size, "[^\\000]*");
+ len = snprintf(p, size, "%s", default_match_pattern);
if (len < 0 || len >= size)
return FALSE;
return TRUE;
@@ -718,7 +727,7 @@ static int build_mnt_opts(std::string& b
int pos;
if (!opts) {
- buffer.append("[^\\000]*");
+ buffer.append(default_match_pattern);
return TRUE;
}
@@ -769,12 +778,9 @@ static int process_mnt_entry(aare_rulese
vec[0] = mntbuf.c_str();
}
/* skip device */
- devbuf.clear();
- if (!convert_entry(devbuf, NULL))
- goto fail;
- vec[1] = devbuf.c_str();
+ vec[1] = default_match_pattern;
/* skip type */
- vec[2] = devbuf.c_str();
+ vec[2] = default_match_pattern;
flags = entry->flags;
inv_flags = entry->inv_flags;
@@ -820,14 +826,11 @@ static int process_mnt_entry(aare_rulese
if (!convert_entry(mntbuf, entry->mnt_point))
goto fail;
vec[0] = mntbuf.c_str();
- devbuf.clear();
- if (!convert_entry(devbuf, entry->device))
+ if (!clear_and_convert_entry(devbuf, entry->device))
goto fail;
vec[1] = devbuf.c_str();
- typebuf.clear();
- if (!convert_entry(typebuf, NULL))
- goto fail;
- vec[2] = typebuf.c_str();
+ /* skip type */
+ vec[2] = default_match_pattern;
flags = entry->flags;
inv_flags = entry->inv_flags;
@@ -855,11 +858,8 @@ static int process_mnt_entry(aare_rulese
goto fail;
vec[0] = mntbuf.c_str();
/* skip device and type */
- devbuf.clear();
- if (!convert_entry(devbuf, NULL))
- goto fail;
- vec[1] = devbuf.c_str();
- vec[2] = devbuf.c_str();
+ vec[1] = default_match_pattern;
+ vec[2] = default_match_pattern;
flags = entry->flags;
inv_flags = entry->inv_flags;
@@ -885,15 +885,11 @@ static int process_mnt_entry(aare_rulese
if (!convert_entry(mntbuf, entry->mnt_point))
goto fail;
vec[0] = mntbuf.c_str();
- devbuf.clear();
- if (!convert_entry(devbuf, entry->device))
+ if (!clear_and_convert_entry(devbuf, entry->device))
goto fail;
vec[1] = devbuf.c_str();
/* skip type */
- typebuf.clear();
- if (!convert_entry(typebuf, NULL))
- goto fail;
- vec[2] = typebuf.c_str();
+ vec[2] = default_match_pattern;
flags = entry->flags;
inv_flags = entry->inv_flags;
@@ -920,8 +916,7 @@ static int process_mnt_entry(aare_rulese
if (!convert_entry(mntbuf, entry->mnt_point))
goto fail;
vec[0] = mntbuf.c_str();
- devbuf.clear();
- if (!convert_entry(devbuf, entry->device))
+ if (!clear_and_convert_entry(devbuf, entry->device))
goto fail;
vec[1] = devbuf.c_str();
typebuf.clear();
@@ -982,8 +977,7 @@ static int process_mnt_entry(aare_rulese
if (!convert_entry(mntbuf, entry->mnt_point))
goto fail;
vec[0] = mntbuf.c_str();
- devbuf.clear();
- if (!convert_entry(devbuf, entry->device))
+ if (!clear_and_convert_entry(devbuf, entry->device))
goto fail;
vec[1] = devbuf.c_str();
if (!aare_add_rule_vec(dfarules, entry->deny, entry->allow,
@@ -1030,7 +1024,7 @@ static int process_dbus_entry(aare_rules
goto fail;
} else {
/* match any char except \000 0 or more times */
- busbuf.append("[^\\000]*");
+ busbuf.append(default_match_pattern);
}
vec[0] = busbuf.c_str();
@@ -1041,7 +1035,7 @@ static int process_dbus_entry(aare_rules
vec[1] = namebuf.c_str();
} else {
/* match any char except \000 0 or more times */
- vec[1] = "[^\\000]*";
+ vec[1] = default_match_pattern;
}
if (entry->peer_label) {
@@ -1052,7 +1046,7 @@ static int process_dbus_entry(aare_rules
vec[2] = peer_labelbuf.c_str();
} else {
/* match any char except \000 0 or more times */
- vec[2] = "[^\\000]*";
+ vec[2] = default_match_pattern;
}
if (entry->path) {
@@ -1062,7 +1056,7 @@ static int process_dbus_entry(aare_rules
vec[3] = pathbuf.c_str();
} else {
/* match any char except \000 0 or more times */
- vec[3] = "[^\\000]*";
+ vec[3] = default_match_pattern;
}
if (entry->interface) {
@@ -1072,7 +1066,7 @@ static int process_dbus_entry(aare_rules
vec[4] = ifacebuf.c_str();
} else {
/* match any char except \000 0 or more times */
- vec[4] = "[^\\000]*";
+ vec[4] = default_match_pattern;
}
if (entry->member) {
@@ -1082,7 +1076,7 @@ static int process_dbus_entry(aare_rules
vec[5] = memberbuf.c_str();
} else {
/* match any char except \000 0 or more times */
- vec[5] = "[^\\000]*";
+ vec[5] = default_match_pattern;
}
if (entry->mode & AA_DBUS_BIND) {
More information about the AppArmor
mailing list