mirror of
https://github.com/torvalds/linux.git
synced 2024-12-31 23:31:29 +00:00
apparmor: misc cleanup of match
tidying up comments, includes and defines Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com>
This commit is contained in:
parent
cf47aede3b
commit
8e4ff109d0
@ -4,7 +4,7 @@
|
|||||||
* This file contains AppArmor policy dfa matching engine definitions.
|
* This file contains AppArmor policy dfa matching engine definitions.
|
||||||
*
|
*
|
||||||
* Copyright (C) 1998-2008 Novell/SUSE
|
* Copyright (C) 1998-2008 Novell/SUSE
|
||||||
* Copyright 2009-2010 Canonical Ltd.
|
* Copyright 2009-2012 Canonical Ltd.
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or
|
* This program is free software; you can redistribute it and/or
|
||||||
* modify it under the terms of the GNU General Public License as
|
* modify it under the terms of the GNU General Public License as
|
||||||
@ -16,7 +16,6 @@
|
|||||||
#define __AA_MATCH_H
|
#define __AA_MATCH_H
|
||||||
|
|
||||||
#include <linux/kref.h>
|
#include <linux/kref.h>
|
||||||
#include <linux/workqueue.h>
|
|
||||||
|
|
||||||
#define DFA_NOMATCH 0
|
#define DFA_NOMATCH 0
|
||||||
#define DFA_START 1
|
#define DFA_START 1
|
||||||
@ -29,12 +28,20 @@
|
|||||||
* file format (--tables-file option; see Table File Format in the flex
|
* file format (--tables-file option; see Table File Format in the flex
|
||||||
* info pages and the flex sources for documentation). The magic number
|
* info pages and the flex sources for documentation). The magic number
|
||||||
* used in the header is 0x1B5E783D instead of 0xF13C57B1 though, because
|
* used in the header is 0x1B5E783D instead of 0xF13C57B1 though, because
|
||||||
* the YY_ID_CHK (check) and YY_ID_DEF (default) tables are used
|
* new tables have been defined and others YY_ID_CHK (check) and YY_ID_DEF
|
||||||
* slightly differently (see the apparmor-parser package).
|
* (default) tables are used slightly differently (see the apparmor-parser
|
||||||
|
* package).
|
||||||
|
*
|
||||||
|
*
|
||||||
|
* The data in the packed dfa is stored in network byte order, and the tables
|
||||||
|
* are arranged for flexibility. We convert the table data to host native
|
||||||
|
* byte order.
|
||||||
|
*
|
||||||
|
* The dfa begins with a table set header, and is followed by the actual
|
||||||
|
* tables.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#define YYTH_MAGIC 0x1B5E783D
|
#define YYTH_MAGIC 0x1B5E783D
|
||||||
#define YYTH_DEF_RECURSE 0x1 /* DEF Table is recursive */
|
|
||||||
|
|
||||||
struct table_set_header {
|
struct table_set_header {
|
||||||
u32 th_magic; /* YYTH_MAGIC */
|
u32 th_magic; /* YYTH_MAGIC */
|
||||||
@ -63,7 +70,7 @@ struct table_set_header {
|
|||||||
#define YYTD_DATA32 4
|
#define YYTD_DATA32 4
|
||||||
#define YYTD_DATA64 8
|
#define YYTD_DATA64 8
|
||||||
|
|
||||||
/* Each ACCEPT2 table gets 6 dedicated flags, YYTD_DATAX define the
|
/* ACCEPT & ACCEPT2 tables gets 6 dedicated flags, YYTD_DATAX define the
|
||||||
* first flags
|
* first flags
|
||||||
*/
|
*/
|
||||||
#define ACCEPT1_FLAGS(X) ((X) & 0x3f)
|
#define ACCEPT1_FLAGS(X) ((X) & 0x3f)
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
* This file contains AppArmor dfa based regular expression matching engine
|
* This file contains AppArmor dfa based regular expression matching engine
|
||||||
*
|
*
|
||||||
* Copyright (C) 1998-2008 Novell/SUSE
|
* Copyright (C) 1998-2008 Novell/SUSE
|
||||||
* Copyright 2009-2010 Canonical Ltd.
|
* Copyright 2009-2012 Canonical Ltd.
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or
|
* This program is free software; you can redistribute it and/or
|
||||||
* modify it under the terms of the GNU General Public License as
|
* modify it under the terms of the GNU General Public License as
|
||||||
@ -137,7 +137,6 @@ static int verify_dfa(struct aa_dfa *dfa, int flags)
|
|||||||
for (i = 0; i < state_count; i++) {
|
for (i = 0; i < state_count; i++) {
|
||||||
if (DEFAULT_TABLE(dfa)[i] >= state_count)
|
if (DEFAULT_TABLE(dfa)[i] >= state_count)
|
||||||
goto out;
|
goto out;
|
||||||
/* TODO: do check that DEF state recursion terminates */
|
|
||||||
if (BASE_TABLE(dfa)[i] + 255 >= trans_count) {
|
if (BASE_TABLE(dfa)[i] + 255 >= trans_count) {
|
||||||
printk(KERN_ERR "AppArmor DFA next/check upper "
|
printk(KERN_ERR "AppArmor DFA next/check upper "
|
||||||
"bounds error\n");
|
"bounds error\n");
|
||||||
|
Loading…
Reference in New Issue
Block a user