mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-28 21:07:56 +00:00
Code Issues Releases Wiki Activity
7,339 Commits 23 Branches 113 Tags
Commit Graph

8 Commits

Author SHA1 Message Date
John Johansen
f86fda02f5 parser: fix 16 bit state limitation 
The hfa stores next/check transitions in 16 bit fields to reduce memory
usage. However this means the state machine can on contain 2^16
states.

Allow the next/check tables to be 32 bit. This theoretically could allow
for 2^32 states however the base table uses the top 8 bits as flags
giving us only 2^24 bits to index into the next/check tables. With
most states having at least 1 transition this effectively caps the
number of states at 2^24.

To obtain 2^32 possible states a flags table needs to be added. Add
a skeleton around supporting a flags table, so we can note the remaining
work that needs to be done. This patch will only allow for 2^24 states.

Bug: https://gitlab.com/apparmor/apparmor/-/issues/419

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2024-08-14 17:01:30 -07:00
John Johansen
501e87a3f2 parser: Cleanup parser control flags, so they display as expected to user 
Instead of having multiple tables, since we have room post split
of optimization and dump flags just move all the optimization and
dump flags into a common table.

We can if needed switch the flag entry size to a long in the future.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2023-07-08 19:58:59 -07:00
John Johansen
1754b4da69 parser: add flags to control rule merging 
Add the ability to control whether rule merging is done.

TODO: in the furture cleanup display of flags split accross two tables

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2023-07-08 01:06:50 -07:00
John Johansen
e84e481263 parser: cleanup and rework optimization and dump flag handling 
In preparation for more flags (not all of the backend dfa based),
rework the optimization and dump flag handling which has been exclusively
around the dfa up to this point.

- split dfa control and dump flags into separate fields. This gives more
  room for new flags in the existing DFA set
- rename DFA_DUMP, and DFA_CONTROL to CONTROL_DFA and DUMP_DFA as
  this will provide more uniform naming for none dfa flags
- group dump and control flags into a structure so they can be passed
  together.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2023-07-07 17:47:41 -07:00
John Johansen
9c1803d62a parser: cleanup/fix flagtable display for the warn, dump, and Optimize options 
This changes the flagtable header from

     warn: --./apparmor_parser [Option]
     -O: --./apparmor_parser [Option]
     dump: --./apparmor_parser [Option]

  to
     ./apparmor_parser: --warn=[Option]
     ./apparmor_parser: -O [Option]
     ./apparmor_parser: --dump=[Option]

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/600
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2020-09-01 19:42:38 -07:00
John Johansen
6e6f99e0b8 parser: add the ability to print what flags are set in option flag tables 
Add the ability to show which warnings are enabled by specifying "show"
as an to the --dump, --warn, and --Optimize options

  Eg.
     --warn=show

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/600
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2020-09-01 19:42:38 -07:00
John Johansen
db07b131b5 parser: unify flagtable printing for warn, dump and optimize 
warn, dump, and optize share common printing of their option flag
tables, refactor and unify.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/600
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2020-09-01 19:42:38 -07:00
John Johansen
77cd2e34a0 Split dfa optimization and dump flag handling into a separate file so that it can be shared with DFA test programs 
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
 2014-04-23 11:10:41 -07:00