dfa patches for the parser

parser/parser_main.c

@@ -48,6 +48,7 @@
 #define MATCH_STRING "/sys/kernel/security/" MODULE_NAME "/matching"
 #define MOUNTED_FS "/proc/mounts"
 #define PCRE "pattern=pcre"
+#define AADFA "pattern=aadfa"
 
 #define UNPRIVILEGED_OPS (debug || preprocess_only || option == OPTION_STDOUT || names_only || \
 			  dump_vars || dump_expanded_vars)
@@ -65,6 +66,8 @@ int conf_quiet = 0;
 char *subdomainbase = NULL;
 char *profilename;
 char *match_string = NULL;
+int regex_type = AARE_NONE;
+
 extern int current_lineno;
 
 struct option long_options[] = {
@@ -387,7 +390,7 @@ static void get_match_string(void) {
 
 	/* has process_args() already assigned a match string? */
 	if (match_string)
-		return;
+		goto out;
 
 	FILE *ms = fopen(MATCH_STRING, "r");
 	if (!ms)
@@ -404,22 +407,28 @@ static void get_match_string(void) {
 	}
 
 out:
-	fclose(ms);
+	if (match_string) {
+		if (strstr(match_string, PCRE))
+			regex_type = AARE_PCRE;
+
+		if (strstr(match_string, AADFA))
+			regex_type = AARE_DFA;
+	}
+
+	if (ms)
+		fclose(ms);
 	return;
 }
 
 /* return 1 --> PCRE should work fine
    return 0 --> no PCRE support */
-static int pcre_support(void) {
-
-	get_match_string();
-
+static int regex_support(void) {
 	/* no match string, predates (or postdates?) the split matching
 	module design */
 	if (!match_string)
 		return 1;
 
-	if (strstr(match_string, PCRE))
+	if (regex_type != AARE_NONE)
 		return 1;
 
 	return 0;
@@ -437,6 +446,9 @@ int process_profile(int option, char *profilename)
 	if (retval != 0)
 		goto out;
 
+	/* Get the match string to determine type of regex support needed */
+	get_match_string();
+
 	retval = post_process_policy();
   	if (retval != 0) {
   		PERROR(_("%s: Errors found in file. Aborting.\n"), progname);
@@ -470,7 +482,7 @@ int process_profile(int option, char *profilename)
 	if (!subdomainbase && !preprocess_only && !(option == OPTION_STDOUT))
 			find_subdomainfs_mountpoint();
 
-	if (!pcre_support()) {
+	if (!regex_support()) {
 		die_if_any_regex();
 	}