From 9c50ff9fb363117634ee583e1cdf443635bedc20 Mon Sep 17 00:00:00 2001
From: Steve Beattie <sbeattie@ubuntu.com>
Date: Mon, 14 Oct 2013 14:36:05 -0700
Subject: [PATCH] parser - terminate search early if wildcards are discovered

This patch is a very minor optimization to the search to determine
whether a given rule is an exact match or not. If a wildcard rule
(i.e.  an inexact match) is discovered, exact_match is set to 0,
so we don't need to continue the tree traversal.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
---
 parser/libapparmor_re/aare_rules.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/parser/libapparmor_re/aare_rules.cc b/parser/libapparmor_re/aare_rules.cc
index 922735e48..695b3aac2 100644
--- a/parser/libapparmor_re/aare_rules.cc
+++ b/parser/libapparmor_re/aare_rules.cc
@@ -1,7 +1,7 @@
 /*
  * (C) 2006, 2007 Andreas Gruenbacher <agruen@suse.de>
  * Copyright (c) 2003-2008 Novell, Inc. (All rights reserved)
- * Copyright 2009-2012 Canonical Ltd.
+ * Copyright 2009-2013 Canonical Ltd. (All rights reserved)
  *
  * The libapparmor library is licensed under the terms of the GNU
  * Lesser General Public License, version 2.1. Please see the file
@@ -123,7 +123,7 @@ int aare_add_rule_vec(aare_ruleset_t *rules, int deny,
 	 * on how we split permission bitmasks here.
 	 */
 	exact_match = 1;
-	for (depth_first_traversal i(tree); i; i++) {
+	for (depth_first_traversal i(tree); i && exact_match; i++) {
 		if (dynamic_cast<StarNode *>(*i) ||
 		    dynamic_cast<PlusNode *>(*i) ||
 		    dynamic_cast<AnyCharNode *>(*i) ||