mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-05 17:01:00 +01:00
92 lines
2.8 KiB
Diff
92 lines
2.8 KiB
Diff
Index: b/security/apparmor/match.c
|
|
===================================================================
|
|
--- a/security/apparmor/match.c
|
|
+++ b/security/apparmor/match.c
|
|
@@ -160,7 +160,7 @@ int verify_dfa(struct aa_dfa *dfa)
|
|
if (trans_count != dfa->tables[YYTD_ID_CHK - 1]->td_lolen)
|
|
goto out;
|
|
|
|
- /* if equivalence classes then its table must be 256 */
|
|
+ /* if equivalence classes then its table size must be 256 */
|
|
if (dfa->tables[YYTD_ID_EC - 1] &&
|
|
dfa->tables[YYTD_ID_EC - 1]->td_lolen != 256)
|
|
goto out;
|
|
@@ -201,67 +201,46 @@ void aa_match_free(struct aa_dfa *dfa)
|
|
}
|
|
|
|
/**
|
|
- * aadfa_label - return the permissions associated with @state
|
|
- * @dfa: dfa to get state permission from
|
|
- * @state: state in the dfa for which to get a label
|
|
- *
|
|
- * Assumes that state is a valid state of the dfa
|
|
- *
|
|
- * Returns the label associated with @state. 0 indicates the state
|
|
- * is no-accepting/provides no permissions.
|
|
- */
|
|
-inline unsigned int aadfa_label(struct aa_dfa *dfa, int state)
|
|
-{
|
|
- return ACCEPT_TABLE(dfa)[state];
|
|
-}
|
|
-
|
|
-/**
|
|
* aa_dfa_match - match @path against @dfa starting in @state
|
|
* @dfa: the dfa to match @path against
|
|
* @state: the state to start matching in
|
|
* @path: the path to match against the dfa
|
|
*
|
|
* aa_dfa_match will match the full path length and return the state it
|
|
- * finished matching in. The final state returned can be used to
|
|
- * lookup the accepting label or as a starting point to continue matching
|
|
- * with a new string if the path has been broken into multiple components.
|
|
+ * finished matching in. The final state is used to look up the accepting
|
|
+ * label.
|
|
*/
|
|
-inline unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int state,
|
|
- const char *path)
|
|
+inline unsigned int aa_dfa_match(struct aa_dfa *dfa, const char *str)
|
|
{
|
|
- u8 *s = (u8 *) path;
|
|
u16 *def = DEFAULT_TABLE(dfa);
|
|
u32 *base = BASE_TABLE(dfa);
|
|
u16 *next = NEXT_TABLE(dfa);
|
|
u16 *check = CHECK_TABLE(dfa);
|
|
- unsigned int pos;
|
|
+ unsigned int state = 1, pos;
|
|
|
|
- /* current state is <state>, matching character *s */
|
|
+ /* current state is <state>, matching character *str */
|
|
if (dfa->tables[YYTD_ID_EC - 1]) {
|
|
u8 *equiv = EQUIV_TABLE(dfa);
|
|
- for ( ; *s; ++s) {
|
|
- pos = base[state] + equiv[*s];
|
|
+ while (*str) {
|
|
+ pos = base[state] + equiv[(u8)*str++];
|
|
if (check[pos] == state)
|
|
state = next[pos];
|
|
else
|
|
state = def[state];
|
|
}
|
|
} else {
|
|
- for ( ; *s; ++s) {
|
|
- pos = base[state] + *s;
|
|
+ while (*str) {
|
|
+ pos = base[state] + (u8)*str++;
|
|
if (check[pos] == state)
|
|
state = next[pos];
|
|
else
|
|
state = def[state];
|
|
}
|
|
}
|
|
- return state;
|
|
+ return ACCEPT_TABLE(dfa)[state];
|
|
}
|
|
|
|
unsigned int aa_match(struct aa_dfa *dfa, const char *pathname)
|
|
{
|
|
- if (dfa)
|
|
- return aadfa_label(dfa, aa_dfa_match(dfa, 1, pathname));
|
|
-
|
|
- return 0;
|
|
+ return dfa ? aa_dfa_match(dfa, pathname) : 0;
|
|
}
|