apparmor/parser/libapparmor_re/aare_rules.h

/*
 * (C) 2006, 2007 Andreas Gruenbacher <agruen@suse.de>
 * Copyright (c) 2003-2008 Novell, Inc. (All rights reserved)
 * Copyright 2009-2012 Canonical Ltd.
 *
 * The libapparmor library is licensed under the terms of the GNU
 * Lesser General Public License, version 2.1. Please see the file
 * COPYING.LGPL.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 *
 * Wrapper around the dfa to convert aa rules into a dfa
 */
#ifndef __LIBAA_RE_RULES_H
#define __LIBAA_RE_RULES_H

#include <stdint.h>

#include "apparmor_re.h"
#include "expr-tree.h"

class aare_rules {
	Node *root;
	void add_to_rules(Node *tree, Node *perms);
public:
	int reverse;
	int rule_count;
	aare_rules(): root(NULL), reverse(0), rule_count(0) { };
	aare_rules(int reverse): root(NULL), reverse(reverse), rule_count(0) { };
	~aare_rules();

	bool add_rule(const char *rule, int deny, uint32_t perms,
		      uint32_t audit, dfaflags_t flags);
	bool add_rule_vec(int deny, uint32_t perms, uint32_t audit, int count,
			  const char **rulev, dfaflags_t flags);
	void *create_dfa(size_t *size, dfaflags_t flags);
};

void aare_reset_matchflags(void);

#endif				/* __LIBAA_RE_RULES_H */
Split out aare_rules which are used to encapsulate creating the dfa Split out the aare_rule bits that encapsulate the convertion of apparmor rules into the final compressed dfa. This patch will not compile because of the it needs hfa to export an interface but hfa is going to be split so just delay until hfa and transtable are split and they can each export their own interface. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-By: Steve Beattie <sbeattie@ubuntu.com> 2011-03-13 05:49:15 -07:00			`/*`
			`* (C) 2006, 2007 Andreas Gruenbacher <agruen@suse.de>`
			`* Copyright (c) 2003-2008 Novell, Inc. (All rights reserved)`
Update the copyright dates for the apparmor_parser Signed-off-by: John Johansen <john.johansen@canonical.com> 2012-02-24 04:21:59 -08:00			`* Copyright 2009-2012 Canonical Ltd.`
Split out aare_rules which are used to encapsulate creating the dfa Split out the aare_rule bits that encapsulate the convertion of apparmor rules into the final compressed dfa. This patch will not compile because of the it needs hfa to export an interface but hfa is going to be split so just delay until hfa and transtable are split and they can each export their own interface. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-By: Steve Beattie <sbeattie@ubuntu.com> 2011-03-13 05:49:15 -07:00			`*`
			`* The libapparmor library is licensed under the terms of the GNU`
			`* Lesser General Public License, version 2.1. Please see the file`
			`* COPYING.LGPL.`
			`*`
			`* This library is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Lesser General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Lesser General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*`
			`*`
			`* Wrapper around the dfa to convert aa rules into a dfa`
			`*/`
			`#ifndef __LIBAA_RE_RULES_H`
			`#define __LIBAA_RE_RULES_H`

Split out compressed dfa "transition table" compression Split hfa into hfa and compressed_hfa files. The hfa portion focuses on creating an manipulating hfas, while compressed_hfa is used for creating compressed hfas that can be used/reused at run time with much less memory usage than the full blown hfa. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-By: Steve Beattie <sbeattie@ubuntu.com> 2011-03-13 05:50:34 -07:00			`#include <stdint.h>`

			`#include "apparmor_re.h"`
Convert aare_rules into a class This cleans things up a bit and fixes a bug where not all rules are getting properly counted so that the addition of policy_mediation rules fails to generate the policy dfa in some cases. Because the policy dfa is being generated correctly now we need to fix some tests to use the new -M flag to specify the expected features set of the test. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2014-04-23 10:57:16 -07:00			`#include "expr-tree.h"`
Split out compressed dfa "transition table" compression Split hfa into hfa and compressed_hfa files. The hfa portion focuses on creating an manipulating hfas, while compressed_hfa is used for creating compressed hfas that can be used/reused at run time with much less memory usage than the full blown hfa. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-By: Steve Beattie <sbeattie@ubuntu.com> 2011-03-13 05:50:34 -07:00
Convert aare_rules into a class This cleans things up a bit and fixes a bug where not all rules are getting properly counted so that the addition of policy_mediation rules fails to generate the policy dfa in some cases. Because the policy dfa is being generated correctly now we need to fix some tests to use the new -M flag to specify the expected features set of the test. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2014-04-23 10:57:16 -07:00			`class aare_rules {`
			`Node *root;`
parser: Refactor rule accumulation to use some helper functions Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2014-09-03 14:24:37 -07:00			`void add_to_rules(Node tree, Node perms);`
Convert aare_rules into a class This cleans things up a bit and fixes a bug where not all rules are getting properly counted so that the addition of policy_mediation rules fails to generate the policy dfa in some cases. Because the policy dfa is being generated correctly now we need to fix some tests to use the new -M flag to specify the expected features set of the test. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2014-04-23 10:57:16 -07:00			`public:`
			`int reverse;`
			`int rule_count;`
			`aare_rules(): root(NULL), reverse(0), rule_count(0) { };`
			`aare_rules(int reverse): root(NULL), reverse(reverse), rule_count(0) { };`
			`~aare_rules();`
Split out aare_rules which are used to encapsulate creating the dfa Split out the aare_rule bits that encapsulate the convertion of apparmor rules into the final compressed dfa. This patch will not compile because of the it needs hfa to export an interface but hfa is going to be split so just delay until hfa and transtable are split and they can each export their own interface. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-By: Steve Beattie <sbeattie@ubuntu.com> 2011-03-13 05:49:15 -07:00
Convert aare_rules into a class This cleans things up a bit and fixes a bug where not all rules are getting properly counted so that the addition of policy_mediation rules fails to generate the policy dfa in some cases. Because the policy dfa is being generated correctly now we need to fix some tests to use the new -M flag to specify the expected features set of the test. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2014-04-23 10:57:16 -07:00			`bool add_rule(const char *rule, int deny, uint32_t perms,`
			`uint32_t audit, dfaflags_t flags);`
			`bool add_rule_vec(int deny, uint32_t perms, uint32_t audit, int count,`
			`const char **rulev, dfaflags_t flags);`
			`void create_dfa(size_t size, dfaflags_t flags);`
			`};`
Split out aare_rules which are used to encapsulate creating the dfa Split out the aare_rule bits that encapsulate the convertion of apparmor rules into the final compressed dfa. This patch will not compile because of the it needs hfa to export an interface but hfa is going to be split so just delay until hfa and transtable are split and they can each export their own interface. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-By: Steve Beattie <sbeattie@ubuntu.com> 2011-03-13 05:49:15 -07:00
			`void aare_reset_matchflags(void);`

Lindent + hand cleanups aare_rules Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-By: Steve Beattie <sbeattie@ubuntu.com> 2011-03-13 05:53:08 -07:00			`#endif /* __LIBAA_RE_RULES_H */`