mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-05 17:01:00 +01:00
5e361a4a05
Minimization was failing because it was too agressive. It was minimizing as if there was only 1 accept condition. This allowed it to remove more states but at the cost of loosing unique permission sets, they where being combined into single commulative perms. This means that audit, deny, xtrans, ... info on one path would be applied to all other paths that it was combined with during minimization. This means that we need to retain the unique accept states, not allowing them to be combined into a single state. To do this we put each unique permission set into its own partition at the start of minimization. The states within a partition have the same permissions and can be combined within the other states in the partition as the loss of unique path information is will not result in a conflict. This is similar to what perm hashing used to do but deny information is still being correctly applied and carried. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-By: Steve Beattie <sbeattie@ubuntu.com>
13 lines
159 B
Text
13 lines
159 B
Text
#
|
|
#=DESCRIPTION test for conflict resolution in minimization phase of dfa gen
|
|
#=EXRESULT PASS
|
|
#=TODO
|
|
#
|
|
/usr/bin/foo {
|
|
|
|
/b px,
|
|
/* Pixr,
|
|
/a Cx -> foo,
|
|
|
|
}
|
|
|