Add the ability to match strings directly from the hfa instead of needing to build a cfha.
Signed-off-by: John Johansen <[email protected]> --- parser/libapparmor_re/hfa.cc | 14 ++++++++++++++ parser/libapparmor_re/hfa.h | 10 ++++++++++ 2 files changed, 24 insertions(+), 0 deletions(-) diff --git a/parser/libapparmor_re/hfa.cc b/parser/libapparmor_re/hfa.cc index 5e2898f..86e5bd5 100644 --- a/parser/libapparmor_re/hfa.cc +++ b/parser/libapparmor_re/hfa.cc @@ -30,6 +30,7 @@ #include <ostream> #include <iostream> #include <fstream> +#include <string.h> #include "expr-tree.h" #include "hfa.h" @@ -267,6 +268,19 @@ DFA::~DFA() delete *i; } +State *DFA::match_len(State *state, const char *str, size_t len) +{ + for (; len > 0; ++str, --len) + state = state->next(*str); + + return state; +} + +State *DFA::match(const char *str) +{ + return match_len(start, str, strlen(str)); +} + void DFA::dump_uniq_perms(const char *s) { set<pair<uint32_t, uint32_t> > uniq; diff --git a/parser/libapparmor_re/hfa.h b/parser/libapparmor_re/hfa.h index 161cddd..3e8d99b 100644 --- a/parser/libapparmor_re/hfa.h +++ b/parser/libapparmor_re/hfa.h @@ -275,6 +275,13 @@ public: } }; + State *next(uchar c) { + StateTrans::iterator i = trans.find(c); + if (i != trans.end()) + return i->second; + return otherwise; + }; + int label; uint32_t audit, accept; StateTrans trans; @@ -341,6 +348,9 @@ public: DFA(Node *root, dfaflags_t flags); virtual ~DFA(); + State *match_len(State *state, const char *str, size_t len); + State *match(const char *str); + void remove_unreachable(dfaflags_t flags); bool same_mappings(State *s1, State *s2); size_t hash_trans(State *s); -- 1.7.7.3 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
