[apparmor] [PATCH 08/10] Use replace usage of NodeSet with ProtoState in dfa creation.

John Johansen john.johansen at canonical.com
Fri Oct 28 19:19:35 UTC 2011 

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 parser/libapparmor_re/Makefile |    2 +-
 parser/libapparmor_re/hfa.cc   |   33 +++++++++++++++++++++------------
 parser/libapparmor_re/hfa.h    |   19 ++++++++++++++-----
 3 files changed, 36 insertions(+), 18 deletions(-)

diff --git a/parser/libapparmor_re/Makefile b/parser/libapparmor_re/Makefile
index 3e58e4d..ebd0efa 100644
--- a/parser/libapparmor_re/Makefile
+++ b/parser/libapparmor_re/Makefile
@@ -4,7 +4,7 @@
 TARGET=libapparmor_re.a
 
 CFLAGS ?= -g -Wall -O2 ${EXTRA_CFLAGS}
-CXXFLAGS := ${CFLAGS}
+CXXFLAGS := ${CFLAGS} -std=c++0x
 
 ARFLAGS=-rcs
 
diff --git a/parser/libapparmor_re/hfa.cc b/parser/libapparmor_re/hfa.cc
index c805467..d9aa26a 100644
--- a/parser/libapparmor_re/hfa.cc
+++ b/parser/libapparmor_re/hfa.cc
@@ -35,6 +35,15 @@
 #include "hfa.h"
 #include "../immunix.h"
 
+ostream &operator<<(ostream &os, const ProtoState &proto)
+{
+	/* dump the state label */
+	os << '{';
+	os << proto.nodes;
+	os << '}';
+	return os;
+}
+
 ostream &operator<<(ostream &os, const State &state)
 {
 	/* dump the state label */
@@ -44,15 +53,15 @@ ostream &operator<<(ostream &os, const State &state)
 	return os;
 }
 
-State *DFA::add_new_state(NodeMap &nodemap,
-			  NodeSet *nodes, State *other, dfa_stats_t &stats)
+State *DFA::add_new_state(NodeMap &nodemap, ProtoState &proto,
+			  State *other, dfa_stats_t &stats)
 {
-	State *state = new State(nodemap.size(), nodes, other);
+	State *state = new State(nodemap.size(), proto, other);
 	states.push_back(state);
-	nodemap.insert(make_pair(ProtoState(nodes), state));
-	stats.proto_sum += nodes->size();
-	if (nodes->size() > stats.proto_max)
-		stats.proto_max = nodes->size();
+	nodemap.insert(make_pair(proto, state));
+	stats.proto_sum += proto.size();
+	if (proto.size() > stats.proto_max)
+		stats.proto_max = proto.size();
 	return state;
 }
 
@@ -75,7 +84,7 @@ State *DFA::find_target_state(NodeMap &nodemap, list<State *> &work_queue,
 		/* set of nodes isn't known so create new state, and nodes to
 		 * state mapping
 		 */
-		target = add_new_state(nodemap, nodes, nonmatching, stats);
+		target = add_new_state(nodemap, index, nonmatching, stats);
 		work_queue.push_back(target);
 	} else {
 		/* set of nodes already has a mapping so free this one */
@@ -97,7 +106,7 @@ void DFA::update_state_transitions(NodeMap &nodemap, list<State *> &work_queue,
 	 * sets of nodes.
 	 */
 	Cases cases;
-	for (NodeSet::iterator i = state->nodes->begin(); i != state->nodes->end(); i++)
+	for (ProtoState::iterator i = state->nodes.begin(); i != state->nodes.end(); i++)
 		(*i)->follow(cases);
 
 	/* Now for each set of nodes in the computed transitions, make
@@ -136,7 +145,7 @@ void DFA::dump_node_to_dfa(void)
 		"  State  <=   Nodes\n"
 		"-------------------\n";
 	for (Partition::iterator i = states.begin(); i != states.end(); i++)
-		cerr << "  " << (*i)->label << " <= " << *(*i)->nodes << "\n";
+		cerr << "  " << (*i)->label << " <= " << (*i)->nodes << "\n";
 }
 
 /**
@@ -163,10 +172,10 @@ DFA::DFA(Node *root, dfaflags_t flags): root(root)
 	}
 
 	NodeMap nodemap;
-	NodeSet *emptynode = new NodeSet;
+	ProtoState emptynode = ProtoState(new NodeSet);
 	nonmatching = add_new_state(nodemap, emptynode, NULL, stats);
 
-	NodeSet *first = new NodeSet(root->firstpos);
+	ProtoState first = ProtoState(new NodeSet(root->firstpos));
 	start = add_new_state(nodemap, first, nonmatching, stats);
 
 	/* the work_queue contains the states that need to have their
diff --git a/parser/libapparmor_re/hfa.h b/parser/libapparmor_re/hfa.h
index 8719eb4..49ca17f 100644
--- a/parser/libapparmor_re/hfa.h
+++ b/parser/libapparmor_re/hfa.h
@@ -70,6 +70,10 @@ public:
  */
 class ProtoState {
 public:
+	typedef NodeSet::iterator iterator;
+	iterator begin() { return nodes->begin(); }
+	iterator end() { return nodes->end(); }
+
 	NodeSet *nodes;
 
 	ProtoState(NodeSet *n): nodes(n) { };
@@ -78,6 +82,7 @@ public:
 		return nodes < rhs.nodes;
 	}
 
+	unsigned long size(void) { return nodes->size(); }
 };
 
 /*
@@ -97,8 +102,8 @@ public:
  */
 class State {
 public:
-	State(int l, NodeSet * n, State *other) throw(int):
-		label(l), audit(0), accept(0), trans(), nodes(n)
+	State(int l, ProtoState &n, State *other) throw(int):
+		label(l), audit(0), accept(0), trans()
 	{
 		int error;
 
@@ -107,8 +112,10 @@ public:
 		else
 			otherwise = this;
 
+		nodes = n;
+
 		/* Compute permissions associated with the State. */
-		accept = accept_perms(nodes, &audit, &error);
+		accept = accept_perms(n.nodes, &audit, &error);
 		if (error) {
 			//cerr << "Failing on accept perms " << error << "\n";
 			throw error;
@@ -119,9 +126,11 @@ public:
 	uint32_t audit, accept;
 	StateTrans trans;
 	State *otherwise;
+
+	/* temp storage for State construction */
 	union {
 		Partition *partition;
-		NodeSet *nodes;
+		ProtoState nodes;
 	};
 };
 
@@ -144,7 +153,7 @@ typedef struct dfa_stats {
 class DFA {
 	void dump_node_to_dfa(void);
 	State *add_new_state(NodeMap &nodemap,
-			     NodeSet *nodes, State *other, dfa_stats_t &stats);
+			     ProtoState &proto, State *other, dfa_stats_t &stats);
 	void update_state_transitions(NodeMap &nodemap,
 				      list<State *> &work_queue,
 				      State *state, dfa_stats_t &stats);
-- 
1.7.5.4

More information about the AppArmor mailing list