parser: add some new dfa dump options.

The dfa goes through several stages during the build. Allow dumping it
at the various stages instead of only at the end.

Signed-off-by: John Johansen <john.johansen@canonical.com>

parser/common_optarg.c

@@ -43,7 +43,11 @@ optflag_table_t dumpflag_table[] = {
 	{ 1, "dfa-progress", "Dump dfa creation as in progress",
 	  DUMP_DFA_PROGRESS | DUMP_DFA_STATS },
 	{ 1, "dfa-stats", "Dump dfa creation stats", DUMP_DFA_STATS },
-	{ 1, "dfa-states", "Dump dfa state diagram", DUMP_DFA_STATES },
+	{ 1, "dfa-states", "Dump final dfa state information", DUMP_DFA_STATES },
+	{ 1, "dfa-states-initial", "Dump dfa state immediately after initial build", DUMP_DFA_STATES_INIT },
+	{ 1, "dfa-states-post-filter", "Dump dfa state immediately after filtering deny", DUMP_DFA_STATES_POST_FILTER },
+	{ 1, "dfa-states-post-minimize", "Dump dfa state immediately after initial build", DUMP_DFA_STATES_POST_MINIMIZE },
+	{ 1, "dfa-states-post-unreachable", "Dump dfa state immediately after filtering deny", DUMP_DFA_STATES_POST_UNREACHABLE },
 	{ 1, "dfa-graph", "Dump dfa dot (graphviz) graph", DUMP_DFA_GRAPH },
 	{ 1, "dfa-minimize", "Dump dfa minimization", DUMP_DFA_MINIMIZE },
 	{ 1, "dfa-unreachable", "Dump dfa unreachable states",

parser/libapparmor_re/aare_rules.cc

@@ -258,6 +258,9 @@ CHFA *aare_rules::create_chfa(int *min_match_len,
 		if (opts.dump & DUMP_DFA_UNIQ_PERMS)
 			dfa.dump_uniq_perms("dfa");
 
+		if (opts.dump & DUMP_DFA_STATES_INIT)
+			dfa.dump(cerr);
+
 		/* since we are building a chfa, use the info about
 		 * whether the chfa supports extended perms to help
 		 * determine whether we clear the deny info.
@@ -265,18 +268,24 @@ CHFA *aare_rules::create_chfa(int *min_match_len,
 		 * information supported by the backed
 		 */
 		if (!extended_perms ||
-		    ((opts.control & CONTROL_DFA_FILTER_DENY)))
+		    ((opts.control & CONTROL_DFA_FILTER_DENY))) {
 			dfa.apply_and_clear_deny();
-
+			if (opts.dump & DUMP_DFA_STATES_POST_FILTER)
+				dfa.dump(cerr);
+		}
 		if (opts.control & CONTROL_DFA_MINIMIZE) {
 			dfa.minimize(opts);
 			if (opts.dump & DUMP_DFA_MIN_UNIQ_PERMS)
 				dfa.dump_uniq_perms("minimized dfa");
+			if (opts.dump & DUMP_DFA_STATES_POST_MINIMIZE)
+				dfa.dump(cerr);
 		}
 
-		if (opts.control & CONTROL_DFA_REMOVE_UNREACHABLE)
+		if (opts.control & CONTROL_DFA_REMOVE_UNREACHABLE) {
 			dfa.remove_unreachable(opts);
-
+			if (opts.dump & DUMP_DFA_STATES_POST_UNREACHABLE)
+				dfa.dump(cerr);
+		}
 		if (opts.dump & DUMP_DFA_STATES)
 			dfa.dump(cerr);
 

parser/libapparmor_re/apparmor_re.h

@@ -60,5 +60,9 @@
 #define DUMP_RULE_MERGE			(1 << 22)
 #define DUMP_DFA_STATE32		(1 << 23)
 #define DUMP_DFA_FLAGS_TABLE		(1 << 24)
+#define DUMP_DFA_STATES_INIT 		(1 << 25)
+#define DUMP_DFA_STATES_POST_FILTER 	(1 << 26)
+#define DUMP_DFA_STATES_POST_MINIMIZE	(1 << 27)
+#define DUMP_DFA_STATES_POST_UNREACHABLE (1 << 28)
 
 #endif /* APPARMOR_RE_H */