[apparmor] [patch 08/18] parser: simplify handling of default matching patterns [resend]

John Johansen john.johansen at canonical.com
Fri Jan 24 10:45:07 UTC 2014 

On 01/16/2014 02:06 PM, Steve Beattie wrote:
> Seth Arnold noticed an ugly string.clear(); convert_entry(string,
> NULL) pattern occurred frequently following the conversion to using
> std::string. This patch replaces that by using a static pointer to
> a constant string matching pattern, and also converts other uses of
> that pattern. It also adds a function wrapper that will clear the
> passed buffer before calling convert_entry().
> 
> Signed-off-by: Steve Beattie <steve at nxnw.org>

Acked-by: John Johansen <john.johansen at canonical.com>

> ---
>  parser/parser_regex.c |   66 ++++++++++++++++++++++----------------------------
>  1 file changed, 30 insertions(+), 36 deletions(-)
> 
> Index: b/parser/parser_regex.c
> ===================================================================
> --- a/parser/parser_regex.c
> +++ b/parser/parser_regex.c
> @@ -44,6 +44,9 @@ enum error_type {
>  	e_parse_error,
>  };
>  
> +/* match any char except \000 0 or more times */
> +static const char *default_match_pattern = "[^\\000]*";
> +
>  /* Filters out multiple slashes (except if the first two are slashes,
>   * that's a distinct namespace in linux) and trailing slashes.
>   * NOTE: modifies in place the contents of the path argument */
> @@ -631,7 +634,7 @@ static int build_list_val_expr(std::stri
>  	int pos;
>  
>  	if (!list) {
> -		buffer.append("[^\\000]*");
> +		buffer.append(default_match_pattern);
>  		return TRUE;
>  	}
>  
> @@ -664,12 +667,18 @@ static int convert_entry(std::string& bu
>  		if (ptype == ePatternInvalid)
>  			return FALSE;
>  	} else {
> -		buffer.append("[^\\000]*");
> +		buffer.append(default_match_pattern);
>  	}
>  
>  	return TRUE;
>  }
>  
> +static int clear_and_convert_entry(std::string& buffer, char *entry)
> +{
> +	buffer.clear();
> +	return convert_entry(buffer, entry);
> +}
> +
>  static int build_mnt_flags(char *buffer, int size, unsigned int flags,
>  			   unsigned int inv_flags)
>  {
> @@ -678,7 +687,7 @@ static int build_mnt_flags(char *buffer,
>  
>  	if (flags == MS_ALL_FLAGS) {
>  		/* all flags are optional */
> -		len = snprintf(p, size, "[^\\000]*");
> +		len = snprintf(p, size, "%s", default_match_pattern);
>  		if (len < 0 || len >= size)
>  			return FALSE;
>  		return TRUE;
> @@ -718,7 +727,7 @@ static int build_mnt_opts(std::string& b
>  	int pos;
>  
>  	if (!opts) {
> -		buffer.append("[^\\000]*");
> +		buffer.append(default_match_pattern);
>  		return TRUE;
>  	}
>  
> @@ -769,12 +778,9 @@ static int process_mnt_entry(aare_rulese
>  			vec[0] = mntbuf.c_str();
>  		}
>  		/* skip device */
> -		devbuf.clear();
> -		if (!convert_entry(devbuf, NULL))
> -			goto fail;
> -		vec[1] = devbuf.c_str();
> +		vec[1] = default_match_pattern;
>  		/* skip type */
> -		vec[2] = devbuf.c_str();
> +		vec[2] = default_match_pattern;
>  
>  		flags = entry->flags;
>  		inv_flags = entry->inv_flags;
> @@ -820,14 +826,11 @@ static int process_mnt_entry(aare_rulese
>  		if (!convert_entry(mntbuf, entry->mnt_point))
>  			goto fail;
>  		vec[0] = mntbuf.c_str();
> -		devbuf.clear();
> -		if (!convert_entry(devbuf, entry->device))
> +		if (!clear_and_convert_entry(devbuf, entry->device))
>  			goto fail;
>  		vec[1] = devbuf.c_str();
> -		typebuf.clear();
> -		if (!convert_entry(typebuf, NULL))
> -			goto fail;
> -		vec[2] = typebuf.c_str();
> +		/* skip type */
> +		vec[2] = default_match_pattern;
>  
>  		flags = entry->flags;
>  		inv_flags = entry->inv_flags;
> @@ -855,11 +858,8 @@ static int process_mnt_entry(aare_rulese
>  			goto fail;
>  		vec[0] = mntbuf.c_str();
>  		/* skip device and type */
> -		devbuf.clear();
> -		if (!convert_entry(devbuf, NULL))
> -			goto fail;
> -		vec[1] = devbuf.c_str();
> -		vec[2] = devbuf.c_str();
> +		vec[1] = default_match_pattern;
> +		vec[2] = default_match_pattern;
>  
>  		flags = entry->flags;
>  		inv_flags = entry->inv_flags;
> @@ -885,15 +885,11 @@ static int process_mnt_entry(aare_rulese
>  		if (!convert_entry(mntbuf, entry->mnt_point))
>  			goto fail;
>  		vec[0] = mntbuf.c_str();
> -		devbuf.clear();
> -		if (!convert_entry(devbuf, entry->device))
> +		if (!clear_and_convert_entry(devbuf, entry->device))
>  			goto fail;
>  		vec[1] = devbuf.c_str();
>  		/* skip type */
> -		typebuf.clear();
> -		if (!convert_entry(typebuf, NULL))
> -			goto fail;
> -		vec[2] = typebuf.c_str();
> +		vec[2] = default_match_pattern;
>  
>  		flags = entry->flags;
>  		inv_flags = entry->inv_flags;
> @@ -920,8 +916,7 @@ static int process_mnt_entry(aare_rulese
>  		if (!convert_entry(mntbuf, entry->mnt_point))
>  			goto fail;
>  		vec[0] = mntbuf.c_str();
> -		devbuf.clear();
> -		if (!convert_entry(devbuf, entry->device))
> +		if (!clear_and_convert_entry(devbuf, entry->device))
>  			goto fail;
>  		vec[1] = devbuf.c_str();
>  		typebuf.clear();
> @@ -982,8 +977,7 @@ static int process_mnt_entry(aare_rulese
>  		if (!convert_entry(mntbuf, entry->mnt_point))
>  			goto fail;
>  		vec[0] = mntbuf.c_str();
> -		devbuf.clear();
> -		if (!convert_entry(devbuf, entry->device))
> +		if (!clear_and_convert_entry(devbuf, entry->device))
>  			goto fail;
>  		vec[1] = devbuf.c_str();
>  		if (!aare_add_rule_vec(dfarules, entry->deny, entry->allow,
> @@ -1030,7 +1024,7 @@ static int process_dbus_entry(aare_rules
>  			goto fail;
>  	} else {
>  		/* match any char except \000 0 or more times */
> -		busbuf.append("[^\\000]*");
> +		busbuf.append(default_match_pattern);
>  	}
>  	vec[0] = busbuf.c_str();
>  
> @@ -1041,7 +1035,7 @@ static int process_dbus_entry(aare_rules
>  		vec[1] = namebuf.c_str();
>  	} else {
>  		/* match any char except \000 0 or more times */
> -		vec[1] = "[^\\000]*";
> +		vec[1] = default_match_pattern;
>  	}
>  
>  	if (entry->peer_label) {
> @@ -1052,7 +1046,7 @@ static int process_dbus_entry(aare_rules
>  		vec[2] = peer_labelbuf.c_str();
>  	} else {
>  		/* match any char except \000 0 or more times */
> -		vec[2] = "[^\\000]*";
> +		vec[2] = default_match_pattern;
>  	}
>  
>  	if (entry->path) {
> @@ -1062,7 +1056,7 @@ static int process_dbus_entry(aare_rules
>  		vec[3] = pathbuf.c_str();
>  	} else {
>  		/* match any char except \000 0 or more times */
> -		vec[3] = "[^\\000]*";
> +		vec[3] = default_match_pattern;
>  	}
>  
>  	if (entry->interface) {
> @@ -1072,7 +1066,7 @@ static int process_dbus_entry(aare_rules
>  		vec[4] = ifacebuf.c_str();
>  	} else {
>  		/* match any char except \000 0 or more times */
> -		vec[4] = "[^\\000]*";
> +		vec[4] = default_match_pattern;
>  	}
>  
>  	if (entry->member) {
> @@ -1082,7 +1076,7 @@ static int process_dbus_entry(aare_rules
>  		vec[5] = memberbuf.c_str();
>  	} else {
>  		/* match any char except \000 0 or more times */
> -		vec[5] = "[^\\000]*";
> +		vec[5] = default_match_pattern;
>  	}
>  
>  	if (entry->mode & AA_DBUS_BIND) {
> 
> 
> -- AppArmor mailing list AppArmor at lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>

More information about the AppArmor mailing list