mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-28 21:07:56 +00:00
Code Issues Releases Wiki Activity

Lindent + some hand cleanups hfa

Browse Source 
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@gmail.com>
This commit is contained in:
John Johansen 2011-03-13 05:55:25 -07:00
parent 3cfe47d3f0
commit 9a377bb9da
3 changed files with 319 additions and 317 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

176
parser/libapparmor_re/hfa.cc
View File

@ -35,8 +35,6 @@
#include "hfa.h" #include "hfa.h"
#include "../immunix.h" #include "../immunix.h"
ostream &operator<<(ostream &os, const State &state) ostream &operator<<(ostream &os, const State &state)
{ {
/* dump the state label */ /* dump the state label */
@ -46,7 +44,9 @@ ostream& operator<<(ostream& os, const State& state)
return os; return os;
} }
State* DFA::add_new_state(NodeMap &nodemap, pair <unsigned long, NodeSet *> index, NodeSet *nodes, dfa_stats_t &stats) State *DFA::add_new_state(NodeMap &nodemap,
pair<unsigned long, NodeSet *> index,
NodeSet *nodes, dfa_stats_t &stats)
{ {
State *state = new State(nodemap.size(), nodes); State *state = new State(nodemap.size(), nodes);
states.push_back(state); states.push_back(state);
@ -82,9 +82,8 @@ State *DFA::find_target_state(NodeMap &nodemap, list <State *> &work_queue,
return target; return target;
} }
void DFA::update_state_transitions(NodeMap &nodemap, void DFA::update_state_transitions(NodeMap &nodemap, list<State *> &work_queue,
list <State *> &work_queue, State *state, State *state, dfa_stats_t &stats)
dfa_stats_t &stats)
{ {
/* Compute possible transitions for state->nodes. This is done by /* Compute possible transitions for state->nodes. This is done by
* iterating over all the nodes in state->nodes and combining the * iterating over all the nodes in state->nodes and combining the
@ -113,8 +112,7 @@ void DFA::update_state_transitions(NodeMap &nodemap,
*/ */
for (NodeCases::iterator j = cases.begin(); j != cases.end(); j++) { for (NodeCases::iterator j = cases.begin(); j != cases.end(); j++) {
State *target; State *target;
target = find_target_state(nodemap, work_queue, j->second, target = find_target_state(nodemap, work_queue, j->second, stats);
stats);
/* Don't insert transition that the default transition /* Don't insert transition that the default transition
* already covers * already covers
@ -124,7 +122,6 @@ void DFA::update_state_transitions(NodeMap &nodemap,
} }
} }
/* WARNING: This routine can only be called from within DFA creation as /* WARNING: This routine can only be called from within DFA creation as
* the nodes value is only valid during dfa construction. * the nodes value is only valid during dfa construction.
*/ */
@ -185,7 +182,9 @@ DFA::DFA(Node *root, dfaflags_t flags) : root(root)
while (!work_queue.empty()) { while (!work_queue.empty()) {
if (i % 1000 == 0 && (flags & DFA_DUMP_PROGRESS)) if (i % 1000 == 0 && (flags & DFA_DUMP_PROGRESS))
fprintf(stderr, "\033[2KCreating dfa: queue %ld\tstates %ld\teliminated duplicates %d\r", work_queue.size(), states.size(), stats.duplicates); fprintf(stderr, "\033[2KCreating dfa: queue %ld\tstates %ld\teliminated duplicates %d\r",
work_queue.size(), states.size(),
stats.duplicates);
i++; i++;
State *from = work_queue.front(); State *from = work_queue.front();
@ -196,7 +195,7 @@ DFA::DFA(Node *root, dfaflags_t flags) : root(root)
*/ */
update_state_transitions(nodemap, work_queue, from, stats); update_state_transitions(nodemap, work_queue, from, stats);
} /* for (NodeSet *nodes ... */ } /* while (!work_queue.empty()) */
/* cleanup Sets of nodes used computing the DFA as they are no longer /* cleanup Sets of nodes used computing the DFA as they are no longer
* needed. * needed.
@ -215,11 +214,12 @@ DFA::DFA(Node *root, dfaflags_t flags) : root(root)
nodemap.clear(); nodemap.clear();
if (flags & (DFA_DUMP_STATS)) if (flags & (DFA_DUMP_STATS))
fprintf(stderr, "\033[2KCreated dfa: states %ld,\teliminated duplicates %d,\tprotostate sets: longest %u, avg %u\n", states.size(), stats.duplicates, stats.proto_max, (unsigned int) (stats.proto_sum/states.size())); fprintf(stderr, "\033[2KCreated dfa: states %ld,\teliminated duplicates %d,\tprotostate sets: longest %u, avg %u\n",
states.size(), stats.duplicates, stats.proto_max,
(unsigned int)(stats.proto_sum / states.size()));
} }
DFA::~DFA() DFA::~DFA()
{ {
for (Partition::iterator i = states.begin(); i != states.end(); i++) for (Partition::iterator i = states.begin(); i != states.end(); i++)
@ -240,7 +240,6 @@ void DFA::dump_uniq_perms(const char *s)
} }
} }
/* Remove dead or unreachable states */ /* Remove dead or unreachable states */
void DFA::remove_unreachable(dfaflags_t flags) void DFA::remove_unreachable(dfaflags_t flags)
{ {
@ -259,8 +258,7 @@ void DFA::remove_unreachable(dfaflags_t flags)
(reachable.find(from->cases.otherwise) == reachable.end())) (reachable.find(from->cases.otherwise) == reachable.end()))
work_queue.push_back(from->cases.otherwise); work_queue.push_back(from->cases.otherwise);
for (Cases::iterator j = from->cases.begin(); for (Cases::iterator j = from->cases.begin(); j != from->cases.end(); j++) {
j != from->cases.end(); j++) {
if (reachable.find(j->second) == reachable.end()) if (reachable.find(j->second) == reachable.end())
work_queue.push_back(j->second); work_queue.push_back(j->second);
} }
@ -280,10 +278,12 @@ void DFA::remove_unreachable(dfaflags_t flags)
if (*i == start) if (*i == start)
cerr << " <=="; cerr << " <==";
if ((*i)->accept) { if ((*i)->accept) {
cerr << " (0x" << hex << (*i)->accept cerr << " (0x" << hex
<< " " << (*i)->audit << dec << ')'; << (*i)->accept << " "
<< (*i)->audit << dec
<< ')';
} }
cerr << endl; cerr << "\n";
} }
State *current = *i; State *current = *i;
states.erase(i); states.erase(i);
@ -314,8 +314,7 @@ bool DFA::same_mappings(State *s1, State *s2)
if (s1->cases.cases.size() != s2->cases.cases.size()) if (s1->cases.cases.size() != s2->cases.cases.size())
return false; return false;
for (Cases::iterator j1 = s1->cases.begin(); j1 != s1->cases.end(); for (Cases::iterator j1 = s1->cases.begin(); j1 != s1->cases.end(); j1++) {
j1++){
Cases::iterator j2 = s2->cases.cases.find(j1->first); Cases::iterator j2 = s2->cases.cases.find(j1->first);
if (j2 == s2->cases.end()) if (j2 == s2->cases.end())
return false; return false;
@ -383,7 +382,6 @@ void DFA::minimize(dfaflags_t flags)
/* combine all perms together into a single parition */ /* combine all perms together into a single parition */
perm_hash = 1; perm_hash = 1;
} /* else not an accept state so 0 for perm_hash */ } /* else not an accept state so 0 for perm_hash */
size_t trans_hash = 0; size_t trans_hash = 0;
if (flags & DFA_CONTROL_MINIMIZE_HASH_TRANS) if (flags & DFA_CONTROL_MINIMIZE_HASH_TRANS)
trans_hash = hash_trans(*i); trans_hash = hash_trans(*i);
@ -402,9 +400,10 @@ void DFA::minimize(dfaflags_t flags)
p->second->push_back(*i); p->second->push_back(*i);
} }
if ((flags & DFA_DUMP_PROGRESS) && if ((flags & DFA_DUMP_PROGRESS) && (partitions.size() % 1000 == 0))
(partitions.size() % 1000 == 0)) cerr << "\033[2KMinimize dfa: partitions "
cerr << "\033[2KMinimize dfa: partitions " << partitions.size() << "\tinit " << partitions.size() << " (accept " << accept_count << ")\r"; << partitions.size() << "\tinit " << partitions.size()
<< " (accept " << accept_count << ")\r";
} }
/* perm_map is no longer needed so free the memory it is using. /* perm_map is no longer needed so free the memory it is using.
@ -414,7 +413,9 @@ void DFA::minimize(dfaflags_t flags)
int init_count = partitions.size(); int init_count = partitions.size();
if (flags & DFA_DUMP_PROGRESS) if (flags & DFA_DUMP_PROGRESS)
cerr << "\033[2KMinimize dfa: partitions " << partitions.size() << "\tinit " << init_count << " (accept " << accept_count << ")\r"; cerr << "\033[2KMinimize dfa: partitions " << partitions.size()
<< "\tinit " << init_count << " (accept "
<< accept_count << ")\r";
/* Now do repartitioning until each partition contains the set of /* Now do repartitioning until each partition contains the set of
* states that are the same. This will happen when the partition * states that are the same. This will happen when the partition
@ -430,8 +431,7 @@ void DFA::minimize(dfaflags_t flags)
new_part = NULL; new_part = NULL;
State *rep = *((*p)->begin()); State *rep = *((*p)->begin());
Partition::iterator next; Partition::iterator next;
for (Partition::iterator s = ++(*p)->begin(); for (Partition::iterator s = ++(*p)->begin(); s != (*p)->end();) {
s != (*p)->end(); ) {
if (same_mappings(rep, *s)) { if (same_mappings(rep, *s)) {
++s; ++s;
continue; continue;
@ -454,16 +454,19 @@ void DFA::minimize(dfaflags_t flags)
(*m)->partition = new_part; (*m)->partition = new_part;
} }
} }
if ((flags & DFA_DUMP_PROGRESS) && if ((flags & DFA_DUMP_PROGRESS) && (partitions.size() % 100 == 0))
(partitions.size() % 100 == 0)) cerr << "\033[2KMinimize dfa: partitions "
cerr << "\033[2KMinimize dfa: partitions " << partitions.size() << "\tinit " << init_count << " (accept " << accept_count << ")\r"; << partitions.size() << "\tinit "
<< init_count << " (accept "
<< accept_count << ")\r";
} }
} while (new_part_count); } while (new_part_count);
if (partitions.size() == states.size()) { if (partitions.size() == states.size()) {
if (flags & DFA_DUMP_STATS) if (flags & DFA_DUMP_STATS)
cerr << "\033[2KDfa minimization no states removed: partitions " << partitions.size() << "\tinit " << init_count << " (accept " << accept_count << ")\n"; cerr << "\033[2KDfa minimization no states removed: partitions "
<< partitions.size() << "\tinit " << init_count
<< " (accept " << accept_count << ")\n";
goto out; goto out;
} }
@ -484,8 +487,7 @@ void DFA::minimize(dfaflags_t flags)
Partition *partition = rep->cases.otherwise->partition; Partition *partition = rep->cases.otherwise->partition;
rep->cases.otherwise = *partition->begin(); rep->cases.otherwise = *partition->begin();
} }
for (Cases::iterator c = rep->cases.begin(); for (Cases::iterator c = rep->cases.begin(); c != rep->cases.end(); c++) {
c != rep->cases.end(); c++) {
Partition *partition = c->second->partition; Partition *partition = c->second->partition;
c->second = *partition->begin(); c->second = *partition->begin();
} }
@ -506,9 +508,10 @@ void DFA::minimize(dfaflags_t flags)
//cerr << "\n"; //cerr << "\n";
} }
if (flags & DFA_DUMP_STATS) if (flags & DFA_DUMP_STATS)
cerr << "\033[2KMinimized dfa: final partitions " << partitions.size() << " (accept " << final_accept << ")" << "\tinit " << init_count << " (accept " << accept_count << ")\n"; cerr << "\033[2KMinimized dfa: final partitions "
<< partitions.size() << " (accept " << final_accept
<< ")" << "\tinit " << init_count << " (accept "
<< accept_count << ")\n";
/* make sure nonmatching and start state are up to date with the /* make sure nonmatching and start state are up to date with the
* mappings */ * mappings */
@ -557,21 +560,24 @@ void DFA::dump(ostream& os)
if (*i == start) if (*i == start)
os << " <=="; os << " <==";
if ((*i)->accept) { if ((*i)->accept) {
os << " (0x" << hex << (*i)->accept << " " << (*i)->audit << dec << ')'; os << " (0x" << hex << (*i)->accept << " "
<< (*i)->audit << dec << ')';
} }
os << endl; os << "\n";
} }
} }
os << endl; os << "\n";
for (Partition::iterator i = states.begin(); i != states.end(); i++) { for (Partition::iterator i = states.begin(); i != states.end(); i++) {
if ((*i)->cases.otherwise) if ((*i)->cases.otherwise)
os << **i << " -> " << (*i)->cases.otherwise << endl; os << **i << " -> " << (*i)->cases.otherwise << "\n";
for (Cases::iterator j = (*i)->cases.begin(); j != (*i)->cases.end(); j++) { for (Cases::iterator j = (*i)->cases.begin();
os << **i << " -> " << j->second << ": " << j->first << endl; j != (*i)->cases.end(); j++) {
os << **i << " -> " << j->second << ": "
<< j->first << "\n";
} }
} }
os << endl; os << "\n";
} }
/** /**
@ -579,22 +585,22 @@ void DFA::dump(ostream& os)
*/ */
void DFA::dump_dot_graph(ostream & os) void DFA::dump_dot_graph(ostream & os)
{ {
os << "digraph \"dfa\" {" << endl; os << "digraph \"dfa\" {" << "\n";
for (Partition::iterator i = states.begin(); i != states.end(); i++) { for (Partition::iterator i = states.begin(); i != states.end(); i++) {
if (*i == nonmatching) if (*i == nonmatching)
continue; continue;
os << "\t\"" << **i << "\" [" << endl; os << "\t\"" << **i << "\" [" << "\n";
if (*i == start) { if (*i == start) {
os << "\t\tstyle=bold" << endl; os << "\t\tstyle=bold" << "\n";
} }
uint32_t perms = (*i)->accept; uint32_t perms = (*i)->accept;
if (perms) { if (perms) {
os << "\t\tlabel=\"" << **i << "\\n(" os << "\t\tlabel=\"" << **i << "\\n("
<< perms << ")\"" << endl; << perms << ")\"" << "\n";
} }
os << "\t]" << endl; os << "\t]" << "\n";
} }
for (Partition::iterator i = states.begin(); i != states.end(); i++) { for (Partition::iterator i = states.begin(); i != states.end(); i++) {
Cases &cases = (*i)->cases; Cases &cases = (*i)->cases;
@ -604,28 +610,27 @@ void DFA::dump_dot_graph(ostream& os)
if (j->second == nonmatching) if (j->second == nonmatching)
excluded.insert(j->first); excluded.insert(j->first);
else { else {
os << "\t\"" << **i << "\" -> \""; os << "\t\"" << **i << "\" -> \"" << j->second
os << j->second << "\" [" << endl; << "\" [" << "\n";
os << "\t\tlabel=\"" << j->first << "\"" << endl; os << "\t\tlabel=\"" << j-> first << "\"\n";
os << "\t]" << endl; os << "\t]" << "\n";
} }
} }
if (cases.otherwise && cases.otherwise != nonmatching) { if (cases.otherwise && cases.otherwise != nonmatching) {
os << "\t\"" << **i << "\" -> \"" << cases.otherwise os << "\t\"" << **i << "\" -> \"" << cases.otherwise
<< "\" [" << endl; << "\" [" << "\n";
if (!excluded.empty()) { if (!excluded.empty()) {
os << "\t\tlabel=\"[^"; os << "\t\tlabel=\"[^";
for (Chars::iterator i = excluded.begin(); for (Chars::iterator i = excluded.begin();
i != excluded.end(); i != excluded.end(); i++) {
i++) {
os << *i; os << *i;
} }
os << "]\"" << endl; os << "]\"" << "\n";
} }
os << "\t]" << endl; os << "\t]" << "\n";
} }
} }
os << '}' << endl; os << '}' << "\n";
} }
/** /**
@ -646,20 +651,16 @@ map<uchar, uchar> DFA::equivalence_classes(dfaflags_t flags)
node_sets[j->second].insert(j->first); node_sets[j->second].insert(j->first);
for (map<const State *, Chars>::iterator j = node_sets.begin(); for (map<const State *, Chars>::iterator j = node_sets.begin();
j != node_sets.end(); j != node_sets.end(); j++) {
j++) {
/* Group edges to the same next state together by class */ /* Group edges to the same next state together by class */
map<uchar, Chars> node_classes; map<uchar, Chars> node_classes;
bool class_used = false; bool class_used = false;
for (Chars::iterator k = j->second.begin(); for (Chars::iterator k = j->second.begin();
k != j->second.end(); k != j->second.end(); k++) {
k++) { pair<map<uchar, uchar>::iterator, bool> x = classes.insert(make_pair(*k, next_class));
pair<map<uchar, uchar>::iterator, bool> x =
classes.insert(make_pair(*k, next_class));
if (x.second) if (x.second)
class_used = true; class_used = true;
pair<map<uchar, Chars>::iterator, bool> y = pair<map<uchar, Chars>::iterator, bool> y = node_classes.insert(make_pair(x.first->second, Chars()));
node_classes.insert(make_pair(x.first->second, Chars()));
y.first->second.insert(*k); y.first->second.insert(*k);
} }
if (class_used) { if (class_used) {
@ -667,11 +668,11 @@ map<uchar, uchar> DFA::equivalence_classes(dfaflags_t flags)
class_used = false; class_used = false;
} }
for (map<uchar, Chars>::iterator k = node_classes.begin(); for (map<uchar, Chars>::iterator k = node_classes.begin();
k != node_classes.end(); k != node_classes.end(); k++) {
k++) {
/** /**
* If any other characters are in the same class, move * If any other characters are in the same class, move
* the characters in this class into their own new class * the characters in this class into their own new
* class
*/ */
map<uchar, uchar>::iterator l; map<uchar, uchar>::iterator l;
for (l = classes.begin(); l != classes.end(); l++) { for (l = classes.begin(); l != classes.end(); l++) {
@ -683,8 +684,7 @@ map<uchar, uchar> DFA::equivalence_classes(dfaflags_t flags)
} }
if (class_used) { if (class_used) {
for (Chars::iterator l = k->second.begin(); for (Chars::iterator l = k->second.begin();
l != k->second.end(); l != k->second.end(); l++) {
l++) {
classes[*l] = next_class; classes[*l] = next_class;
} }
next_class++; next_class++;
@ -695,7 +695,8 @@ map<uchar, uchar> DFA::equivalence_classes(dfaflags_t flags)
} }
if (flags & DFA_DUMP_EQUIV_STATS) if (flags & DFA_DUMP_EQUIV_STATS)
fprintf(stderr, "Equiv class reduces to %d classes\n", next_class - 1); fprintf(stderr, "Equiv class reduces to %d classes\n",
next_class - 1);
return classes; return classes;
} }
@ -707,18 +708,17 @@ void dump_equivalence_classes(ostream& os, map<uchar, uchar>& eq)
map<uchar, Chars> rev; map<uchar, Chars> rev;
for (map<uchar, uchar>::iterator i = eq.begin(); i != eq.end(); i++) { for (map<uchar, uchar>::iterator i = eq.begin(); i != eq.end(); i++) {
Chars& chars = rev.insert(make_pair(i->second, Chars &chars = rev.insert(make_pair(i->second, Chars())).first->second;
Chars())).first->second;
chars.insert(i->first); chars.insert(i->first);
} }
os << "(eq):" << endl; os << "(eq):" << "\n";
for (map<uchar, Chars>::iterator i = rev.begin(); i != rev.end(); i++) { for (map<uchar, Chars>::iterator i = rev.begin(); i != rev.end(); i++) {
os << (int)i->first << ':'; os << (int)i->first << ':';
Chars &chars = i->second; Chars &chars = i->second;
for (Chars::iterator j = chars.begin(); j != chars.end(); j++) { for (Chars::iterator j = chars.begin(); j != chars.end(); j++) {
os << ' ' << *j; os << ' ' << *j;
} }
os << endl; os << "\n";
} }
} }
@ -736,7 +736,8 @@ void DFA::apply_equivalence_classes(map<uchar, uchar>& eq)
map<uchar, State *> tmp; map<uchar, State *> tmp;
tmp.swap((*i)->cases.cases); tmp.swap((*i)->cases.cases);
for (Cases::iterator j = tmp.begin(); j != tmp.end(); j++) for (Cases::iterator j = tmp.begin(); j != tmp.end(); j++)
(*i)->cases.cases.insert(make_pair(eq[j->first], j->second)); (*i)->cases.cases.
insert(make_pair(eq[j->first], j->second));
} }
} }
@ -753,13 +754,11 @@ map<ImportantNode *, AcceptNodes> dominance(DFA& dfa)
set1.insert(accept); set1.insert(accept);
} }
for (AcceptNodes::iterator j = set1.begin(); j != set1.end(); j++) { for (AcceptNodes::iterator j = set1.begin(); j != set1.end(); j++) {
pair<map<ImportantNode *, AcceptNodes>::iterator, bool> x = pair<map<ImportantNode *, AcceptNodes>::iterator, bool> x = is_dominated.insert(make_pair(*j, set1));
is_dominated.insert(make_pair(*j, set1));
if (!x.second) { if (!x.second) {
AcceptNodes & set2(x.first->second), set3; AcceptNodes & set2(x.first->second), set3;
for (AcceptNodes::iterator l = set2.begin(); for (AcceptNodes::iterator l = set2.begin();
l != set2.end(); l != set2.end(); l++) {
l++) {
if (set1.find(*l) != set1.end()) if (set1.find(*l) != set1.end())
set3.insert(*l); set3.insert(*l);
} }
@ -771,7 +770,6 @@ map<ImportantNode *, AcceptNodes> dominance(DFA& dfa)
} }
#endif #endif
static inline int diff_qualifiers(uint32_t perm1, uint32_t perm2) static inline int diff_qualifiers(uint32_t perm1, uint32_t perm2)
{ {
return ((perm1 & AA_EXEC_TYPE) && (perm2 & AA_EXEC_TYPE) && return ((perm1 & AA_EXEC_TYPE) && (perm2 & AA_EXEC_TYPE) &&
@ -785,8 +783,8 @@ static inline int diff_qualifiers(uint32_t perm1, uint32_t perm2)
*/ */
uint32_t accept_perms(NodeSet *state, uint32_t *audit_ctl, int *error) uint32_t accept_perms(NodeSet *state, uint32_t *audit_ctl, int *error)
{ {
uint32_t perms = 0, exact_match_perms = 0, audit = 0, exact_audit = 0, uint32_t perms = 0, exact_match_perms = 0;
quiet = 0, deny = 0; uint32_t audit = 0, exact_audit = 0, quiet = 0, deny = 0;
if (error) if (error)
*error = 0; *error = 0;
@ -805,7 +803,8 @@ uint32_t accept_perms(NodeSet *state, uint32_t *audit_ctl, int *error)
deny |= match->flag; deny |= match->flag;
quiet |= match->audit; quiet |= match->audit;
} else { } else {
if (!is_merged_x_consistent(perms, match->flag) && error) if (!is_merged_x_consistent(perms, match->flag)
&& error)
*error = 1; *error = 1;
perms |= match->flag; perms |= match->flag;
audit |= match->audit; audit |= match->audit;
@ -815,8 +814,7 @@ uint32_t accept_perms(NodeSet *state, uint32_t *audit_ctl, int *error)
//if (audit || quiet) //if (audit || quiet)
//fprintf(stderr, "perms: 0x%x, audit: 0x%x exact: 0x%x eaud: 0x%x deny: 0x%x quiet: 0x%x\n", perms, audit, exact_match_perms, exact_audit, deny, quiet); //fprintf(stderr, "perms: 0x%x, audit: 0x%x exact: 0x%x eaud: 0x%x deny: 0x%x quiet: 0x%x\n", perms, audit, exact_match_perms, exact_audit, deny, quiet);
perms |= exact_match_perms & perms |= exact_match_perms & ~(AA_USER_EXEC_TYPE | AA_OTHER_EXEC_TYPE);
~(AA_USER_EXEC_TYPE | AA_OTHER_EXEC_TYPE);
if (exact_match_perms & AA_USER_EXEC_TYPE) { if (exact_match_perms & AA_USER_EXEC_TYPE) {
perms = (exact_match_perms & AA_USER_EXEC_TYPE) | perms = (exact_match_perms & AA_USER_EXEC_TYPE) |

10
parser/libapparmor_re/hfa.h
View File

@ -47,13 +47,13 @@ typedef struct Cases {
iterator end() { return cases.end(); } iterator end() { return cases.end(); }
Cases(): otherwise(0) { } Cases(): otherwise(0) { }
map<uchar, State *> cases; map<uchar, State *> cases;
State *otherwise; State *otherwise;
} Cases; } Cases;
typedef list<State *> Partition; typedef list<State *> Partition;
uint32_t accept_perms(NodeSet *state, uint32_t *audit_ctl, int *error); uint32_t accept_perms(NodeSet *state, uint32_t *audit_ctl, int *error);
/* /*
@ -113,8 +113,12 @@ typedef struct dfa_stats {
class DFA { class DFA {
void dump_node_to_dfa(void); void dump_node_to_dfa(void);
State* add_new_state(NodeMap &nodemap, pair <unsigned long, NodeSet *> index, NodeSet *nodes, dfa_stats_t &stats); State *add_new_state(NodeMap &nodemap,
void update_state_transitions(NodeMap &nodemap, list <State *> &work_queue, State *state, dfa_stats_t &stats); pair<unsigned long, NodeSet *> index,
NodeSet *nodes, dfa_stats_t &stats);
void update_state_transitions(NodeMap &nodemap,
list<State *> &work_queue,
State *state, dfa_stats_t &stats);
State *find_target_state(NodeMap &nodemap, list<State *> &work_queue, State *find_target_state(NodeMap &nodemap, list<State *> &work_queue,
NodeSet *nodes, dfa_stats_t &stats); NodeSet *nodes, dfa_stats_t &stats);
public: public: