diff --git a/parser/libapparmor_re/hfa.cc b/parser/libapparmor_re/hfa.cc
index 5e2898f91..86e5bd5ff 100644
--- a/parser/libapparmor_re/hfa.cc
+++ b/parser/libapparmor_re/hfa.cc
@@ -30,6 +30,7 @@
 #include <ostream>
 #include <iostream>
 #include <fstream>
+#include <string.h>
 
 #include "expr-tree.h"
 #include "hfa.h"
@@ -267,6 +268,19 @@ DFA::~DFA()
 		delete *i;
 }
 
+State *DFA::match_len(State *state, const char *str, size_t len)
+{
+	for (; len > 0; ++str, --len)
+		state = state->next(*str);
+
+	return state;
+}
+
+State *DFA::match(const char *str)
+{
+	return match_len(start, str, strlen(str));
+}
+
 void DFA::dump_uniq_perms(const char *s)
 {
 	set<pair<uint32_t, uint32_t> > uniq;
diff --git a/parser/libapparmor_re/hfa.h b/parser/libapparmor_re/hfa.h
index 161cddd82..3e8d99b35 100644
--- a/parser/libapparmor_re/hfa.h
+++ b/parser/libapparmor_re/hfa.h
@@ -275,6 +275,13 @@ public:
 		}
 	};
 
+	State *next(uchar c) {
+		StateTrans::iterator i = trans.find(c);
+		if (i != trans.end())
+			return i->second;
+		return otherwise;
+	};
+
 	int label;
 	uint32_t audit, accept;
 	StateTrans trans;
@@ -341,6 +348,9 @@ public:
 	DFA(Node *root, dfaflags_t flags);
 	virtual ~DFA();
 
+	State *match_len(State *state, const char *str, size_t len);
+	State *match(const char *str);
+
 	void remove_unreachable(dfaflags_t flags);
 	bool same_mappings(State *s1, State *s2);
 	size_t hash_trans(State *s);