mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
50452e1147
Construction of the chfa can reorder states from what the numbering
given during the hfa constuctions because of reordering for better
compression, dead state removal to ensure better packing etc.
This however means the dfa dump is difficult (it is possible using
multiple dumpes) to match up to the chfa that the kernel is
using. Make this easier by making the dfa dump be able to take the
emapping as input, and provide an option to dump the chfa equivalent
hfa.
Renumbered states will show up as {new <== {orig}} in the dump
Eg.
--D dfa-states
{1} <== priority (allow/deny/prompt/audit/quiet)
{5} 0 (0x 4/0//0/0/0)
{1} perms: none
0x2 -> {5} 0 (0x 4/0//0/0/0)
0x4 -> {5} 0 (0x 4/0//0/0/0)
\a 0x7 -> {5} 0 (0x 4/0//0/0/0)
\t 0x9 -> {5} 0 (0x 4/0//0/0/0)
\n 0xa -> {5} 0 (0x 4/0//0/0/0)
\ 0x20 -> {5} 0 (0x 4/0//0/0/0)
4 0x34 -> {3}
{3} perms: none
0x0 -> {6}
{6} perms: none
1 0x31 -> {5} 0 (0x 4/0//0/0/0)
-D dfa-compressed-states
{1} <== priority (allow/deny/prompt/audit/quiet)
{2 == {5}} 0 (0x 4/0//0/0/0)
{1} perms: none
0x2 -> {2 == {5}} 0 (0x 4/0//0/0/0)
0x4 -> {2 == {5}} 0 (0x 4/0//0/0/0)
\a 0x7 -> {2 == {5}} 0 (0x 4/0//0/0/0)
\t 0x9 -> {2 == {5}} 0 (0x 4/0//0/0/0)
\n 0xa -> {2 == {5}} 0 (0x 4/0//0/0/0)
\ 0x20 -> {2 == {5}} 0 (0x 4/0//0/0/0)
4 0x34 -> {3}
{3} perms: none
0x0 -> {4 == {6}}
{4 == {6}} perms: none
1 0x31 -> {2 == {5}} 0 (0x 4/0//0/0/0)
Signed-off-by: John Johansen <john.johansen@canonical.com>
69 lines
2.5 KiB
C
69 lines
2.5 KiB
C
/*
|
|
* (C) 2006, 2007 Andreas Gruenbacher <agruen@suse.de>
|
|
* Copyright (c) 2003-2008 Novell, Inc. (All rights reserved)
|
|
* Copyright 2009-2012 Canonical Ltd.
|
|
*
|
|
* The libapparmor library is licensed under the terms of the GNU
|
|
* Lesser General Public License, version 2.1. Please see the file
|
|
* COPYING.LGPL.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#ifndef APPARMOR_RE_H
|
|
#define APPARMOR_RE_H
|
|
|
|
#include "../common_flags.h"
|
|
|
|
#define CONTROL_DFA_EQUIV (1 << 0)
|
|
#define CONTROL_DFA_TREE_NORMAL (1 << 1)
|
|
#define CONTROL_DFA_TREE_SIMPLE (1 << 2)
|
|
#define CONTROL_DFA_TREE_LEFT (1 << 3)
|
|
#define CONTROL_DFA_MINIMIZE (1 << 4)
|
|
#define CONTROL_DFA_FILTER_DENY (1 << 6)
|
|
#define CONTROL_DFA_REMOVE_UNREACHABLE (1 << 7)
|
|
#define CONTROL_DFA_TRANS_HIGH (1 << 8)
|
|
#define CONTROL_DFA_DIFF_ENCODE (1 << 9)
|
|
#define CONTROL_RULE_MERGE (1 << 10)
|
|
#define CONTROL_DFA_STATE32 (1 << 11)
|
|
#define CONTROL_DFA_FLAGS_TABLE (1 << 12)
|
|
|
|
|
|
#define DUMP_DFA_DIFF_PROGRESS (1 << 0)
|
|
#define DUMP_DFA_DIFF_ENCODE (1 << 1)
|
|
#define DUMP_DFA_DIFF_STATS (1 << 2)
|
|
#define DUMP_DFA_MIN_PARTS (1 << 3)
|
|
#define DUMP_DFA_UNIQ_PERMS (1 << 4)
|
|
#define DUMP_DFA_MIN_UNIQ_PERMS (1 << 5)
|
|
#define DUMP_DFA_TREE_STATS (1 << 6)
|
|
#define DUMP_DFA_TREE (1 << 7)
|
|
#define DUMP_DFA_SIMPLE_TREE (1 << 8)
|
|
#define DUMP_DFA_PROGRESS (1 << 9)
|
|
#define DUMP_DFA_STATS (1 << 10)
|
|
#define DUMP_DFA_STATES (1 << 11)
|
|
#define DUMP_DFA_GRAPH (1 << 12)
|
|
#define DUMP_DFA_TRANS_PROGRESS (1 << 13)
|
|
#define DUMP_DFA_TRANS_STATS (1 << 14)
|
|
#define DUMP_DFA_TRANS_TABLE (1 << 15)
|
|
#define DUMP_DFA_EQUIV (1 << 16)
|
|
#define DUMP_DFA_EQUIV_STATS (1 << 17)
|
|
#define DUMP_DFA_MINIMIZE (1 << 18)
|
|
#define DUMP_DFA_UNREACHABLE (1 << 19)
|
|
#define DUMP_DFA_RULE_EXPR (1 << 20)
|
|
#define DUMP_DFA_NODE_TO_DFA (1 << 21)
|
|
#define DUMP_RULE_MERGE (1 << 22)
|
|
#define DUMP_DFA_STATE32 (1 << 23)
|
|
#define DUMP_DFA_FLAGS_TABLE (1 << 24)
|
|
#define DUMP_DFA_STATES_INIT (1 << 25)
|
|
#define DUMP_DFA_STATES_POST_FILTER (1 << 26)
|
|
#define DUMP_DFA_STATES_POST_MINIMIZE (1 << 27)
|
|
#define DUMP_DFA_STATES_POST_UNREACHABLE (1 << 28)
|
|
#define DUMP_DFA_COMPTRESSED_STATES (1 << 29)
|
|
|
|
#endif /* APPARMOR_RE_H */
|