mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 00:14:44 +01:00
parser: dfa minimization prepare for extended permissions
Instead of compressing the permission set into 128 bit and using that as the index in the permission map, just use the permissions directly as the index into the permission map. Note: this will break equality and minimization tests. Because deny is not being cleared it will result in more partitions in the initial setup. This will be addressed and the tests will be fixed in a follow on patch. Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
parent
5ff00bba3a
commit
1fa45b7c1f
2 changed files with 5 additions and 9 deletions
|
|
@ -647,12 +647,11 @@ int DFA::apply_and_clear_deny(void)
|
|||
}
|
||||
|
||||
|
||||
typedef pair<uint64_t,uint64_t> uint128_t;
|
||||
|
||||
/* minimize the number of dfa states */
|
||||
void DFA::minimize(optflags const &opts)
|
||||
{
|
||||
map<uint128_t, Partition *> perm_map;
|
||||
map<perms_t, Partition *> perm_map;
|
||||
list<Partition *> partitions;
|
||||
|
||||
/* Set up the initial partitions
|
||||
|
|
@ -661,17 +660,14 @@ void DFA::minimize(optflags const &opts)
|
|||
int accept_count = 0;
|
||||
int final_accept = 0;
|
||||
for (Partition::iterator i = states.begin(); i != states.end(); i++) {
|
||||
uint128_t group;
|
||||
group.first = ((uint64_t) (PACK_AUDIT_CTL((*i)->perms.audit, (*i)->perms.quiet & (*i)->perms.deny)) << 32);
|
||||
group.second = (uint64_t) (*i)->perms.allow | ((uint64_t) (*i)->perms.prompt << 32);
|
||||
map<uint128_t, Partition *>::iterator p = perm_map.find(group);
|
||||
map<perms_t, Partition *>::iterator p = perm_map.find((*i)->perms);
|
||||
if (p == perm_map.end()) {
|
||||
Partition *part = new Partition();
|
||||
part->push_back(*i);
|
||||
perm_map.insert(make_pair(group, part));
|
||||
perm_map.insert(make_pair((*i)->perms, part));
|
||||
partitions.push_back(part);
|
||||
(*i)->partition = part;
|
||||
if (group.first || group.second)
|
||||
if ((*i)->perms.is_accept())
|
||||
accept_count++;
|
||||
} else {
|
||||
(*i)->partition = p->second;
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ class perms_t {
|
|||
public:
|
||||
perms_t(void): allow(0), deny(0), audit(0), quiet(0), exact(0) { };
|
||||
|
||||
bool is_accept(void) { return (allow | prompt | audit | quiet); }
|
||||
bool is_accept(void) { return (allow | deny | prompt | audit | quiet); }
|
||||
|
||||
void dump_header(ostream &os)
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue