parser: fix 16 bit state limitation

The hfa stores next/check transitions in 16 bit fields to reduce memory
usage. However this means the state machine can on contain 2^16
states.

Allow the next/check tables to be 32 bit. This theoretically could allow
for 2^32 states however the base table uses the top 8 bits as flags
giving us only 2^24 bits to index into the next/check tables. With
most states having at least 1 transition this effectively caps the
number of states at 2^24.

To obtain 2^32 possible states a flags table needs to be added. Add
a skeleton around supporting a flags table, so we can note the remaining
work that needs to be done. This patch will only allow for 2^24 states.

Bug: https://gitlab.com/apparmor/apparmor/-/issues/419

Signed-off-by: John Johansen <john.johansen@canonical.com>

parser/libapparmor_re/apparmor_re.h

@@ -31,6 +31,8 @@
 #define CONTROL_DFA_TRANS_HIGH		(1 << 8)
 #define CONTROL_DFA_DIFF_ENCODE		(1 << 9)
 #define CONTROL_RULE_MERGE		(1 << 10)
+#define CONTROL_DFA_STATE32		(1 << 11)
+#define CONTROL_DFA_FLAGS_TABLE		(1 << 12)
 
 
 #define DUMP_DFA_DIFF_PROGRESS		(1 << 0)
@@ -56,5 +58,7 @@
 #define DUMP_DFA_RULE_EXPR 		(1 << 20)
 #define DUMP_DFA_NODE_TO_DFA 		(1 << 21)
 #define DUMP_RULE_MERGE			(1 << 22)
+#define DUMP_DFA_STATE32		(1 << 23)
+#define DUMP_DFA_FLAGS_TABLE		(1 << 24)
 
 #endif /* APPARMOR_RE_H */