parser - terminate search early if wildcards are discovered

This patch is a very minor optimization to the search to determine whether a given rule is an exact match or not. If a wildcard rule (i.e. an inexact match) is discovered, exact_match is set to 0, so we don't need to continue the tree traversal. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2025-08-22 01:57:43 +00:00 · 2013-10-14 14:36:05 -07:00 · 2013-10-14 14:36:05 -07:00 · 9c50ff9fb3
commit 9c50ff9fb3
parent 3d26d2431c
1 changed files with 2 additions and 2 deletions
--- a/parser/libapparmor_re/aare_rules.cc
+++ b/parser/libapparmor_re/aare_rules.cc
@ -1,7 +1,7 @@
 /*
 * (C) 2006, 2007 Andreas Gruenbacher <agruen@suse.de>
 * Copyright (c) 2003-2008 Novell, Inc. (All rights reserved)
- * Copyright 2009-2012 Canonical Ltd.
+ * Copyright 2009-2013 Canonical Ltd. (All rights reserved)
 *
 * The libapparmor library is licensed under the terms of the GNU
 * Lesser General Public License, version 2.1. Please see the file
@ -123,7 +123,7 @@ int aare_add_rule_vec(aare_ruleset_t *rules, int deny,
 	 * on how we split permission bitmasks here.
 	 */
 	exact_match = 1;
-	for (depth_first_traversal i(tree); i; i++) {
+	for (depth_first_traversal i(tree); i && exact_match; i++) {
 		if (dynamic_cast<StarNode *>(*i) ||
 		    dynamic_cast<PlusNode *>(*i) ||
 		    dynamic_cast<AnyCharNode *>(*i) ||