mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

parser: make minimization sets take prompt into account

Browse Source 
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2023-04-23 19:52:38 -07:00
parent b4384d53e1
commit 2510698f63
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
parser/libapparmor_re/hfa.cc
View File

@ -538,6 +538,7 @@ void DFA::dump_uniq_perms(const char *s)
<< i->deny << " audit:" << i->audit << i->deny << " audit:" << i->audit
<< " quiet:" << i->quiet << dec << "\n"; << " quiet:" << i->quiet << dec << "\n";
} }
//TODO: add prompt
} }
/* Remove dead or unreachable states */ /* Remove dead or unreachable states */
@ -645,10 +646,13 @@ int DFA::apply_and_clear_deny(void)
return c; return c;
} }
typedef __uint128_t uint128_t;
/* minimize the number of dfa states */ /* minimize the number of dfa states */
void DFA::minimize(optflags const &opts) void DFA::minimize(optflags const &opts)
{ {
map<pair<uint64_t, size_t>, Partition *> perm_map; map<pair<uint128_t, size_t>, Partition *> perm_map;
list<Partition *> partitions; list<Partition *> partitions;
/* Set up the initial partitions /* Set up the initial partitions
@ -665,9 +669,9 @@ void DFA::minimize(optflags const &opts)
int final_accept = 0; int final_accept = 0;
for (Partition::iterator i = states.begin(); i != states.end(); i++) { for (Partition::iterator i = states.begin(); i != states.end(); i++) {
size_t hash = 0; size_t hash = 0;
uint64_t permtype = ((uint64_t) (PACK_AUDIT_CTL((*i)->perms.audit, (*i)->perms.quiet & (*i)->perms.deny)) << 32) | (uint64_t) (*i)->perms.allow; uint128_t permtype = ((uint128_t) (PACK_AUDIT_CTL((*i)->perms.audit, (*i)->perms.quiet & (*i)->perms.deny)) << 32) | (uint128_t) (*i)->perms.allow | ((uint128_t) (*i)->perms.prompt << 64);
pair<uint64_t, size_t> group = make_pair(permtype, hash); pair<uint128_t, size_t> group = make_pair(permtype, hash);
map<pair<uint64_t, size_t>, Partition *>::iterator p = perm_map.find(group); map<pair<uint128_t, size_t>, Partition *>::iterator p = perm_map.find(group);
if (p == perm_map.end()) { if (p == perm_map.end()) {
Partition *part = new Partition(); Partition *part = new Partition();
part->push_back(*i); part->push_back(*i);