[apparmor] [patch 09/12] Refactor accept nodes to be common to a shared node type

Steve Beattie steve at nxnw.org
Wed Aug 20 08:11:31 UTC 2014 

On Fri, Aug 15, 2014 at 12:20:44PM -0700, john.johansen at canonical.com wrote:
> The shared node type will be used in the future to add new capabilities
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> 
> === modified file 'parser/libapparmor_re/expr-tree.h'
> ---
>  parser/libapparmor_re/expr-tree.h |   99 +++++++++++++++++++-------------------
>  1 file changed, 51 insertions(+), 48 deletions(-)
> 
> --- parser/libapparmor_re/expr-tree.h.orig
> +++ parser/libapparmor_re/expr-tree.h
> @@ -216,6 +216,7 @@
>  	void compute_lastpos() { lastpos.insert(this); }
>  	virtual void follow(Cases &cases) = 0;
>  	virtual int is_accept(void) = 0;
> +	virtual int is_postprocess(void) = 0;
>  };
>  
>  /* common base class for all the different classes that contain
> @@ -225,6 +226,7 @@
>  public:
>  	CNode(): ImportantNode() { }
>  	int is_accept(void) { return false; }
> +	int is_postprocess(void) { return false; }
>  };
>  

All the class reorganization I think looks okay, I just don't get the
addition of the is_postprocess() methods that only return false (here
and in the AcceptNode() class. Is this a future change that leaked in,
because I don't see anything that references it later in the patch set.

Without the is_postprocess() bits, Acked-by: Steve Beattie <steve at nxnw.org>

>  /* Match one specific character (/c/). */
> @@ -369,35 +371,6 @@
>  	ostream &dump(ostream &os) { return os << "."; }
>  };
>  
> -/**
> - * Indicate that a regular expression matches. An AcceptNode itself
> - * doesn't match anything, so it will never generate any transitions.
> - */
> -class AcceptNode: public ImportantNode {
> -public:
> -	AcceptNode() { }
> -	int is_accept(void) { return true; }
> -	void release(void)
> -	{
> -		/* don't delete AcceptNode via release as they are shared, and
> -		 * will be deleted when the table the are stored in is deleted
> -		 */
> -	}
> -
> -	void follow(Cases &cases __attribute__ ((unused)))
> -	{
> -		/* Nothing to follow. */
> -	}
> -
> -	/* requires accept nodes to be common by pointer */
> -	int eq(Node *other)
> -	{
> -		if (dynamic_cast<AcceptNode *>(other))
> -			return (this == other);
> -		return 0;
> -	}
> -};
> -
>  /* Match a node zero or more times. (This is a unary operator.) */
>  class StarNode: public OneChildNode {
>  public:
> @@ -536,6 +509,55 @@
>  	void normalize(int dir);
>  };
>  
> +class SharedNode: public ImportantNode {
> +public:
> +	SharedNode() { }
> +	void release(void)
> +	{
> +		/* don't delete SharedNodes via release as they are shared, and
> +		 * will be deleted when the table they are stored in is deleted
> +		 */
> +	}
> +
> +	void follow(Cases &cases __attribute__ ((unused)))
> +	{
> +		/* Nothing to follow. */
> +	}
> +
> +	/* requires shared nodes to be common by pointer */
> +	int eq(Node *other) { return (this == other); }
> +};
> +
> +/**
> + * Indicate that a regular expression matches. An AcceptNode itself
> + * doesn't match anything, so it will never generate any transitions.
> + */
> +class AcceptNode: public SharedNode {
> +public:
> +	AcceptNode() { }
> +	int is_accept(void) { return true; }
> +	int is_postprocess(void) { return false; }
> +};
> +
> +class MatchFlag: public AcceptNode {
> +public:
> +	MatchFlag(uint32_t flag, uint32_t audit): flag(flag), audit(audit) { }
> +	ostream &dump(ostream &os) { return os << "< 0x" << hex << flag << '>'; }
> +
> +	uint32_t flag;
> +	uint32_t audit;
> +};
> +
> +class ExactMatchFlag: public MatchFlag {
> +public:
> +	ExactMatchFlag(uint32_t flag, uint32_t audit): MatchFlag(flag, audit) {}
> +};
> +
> +class DenyMatchFlag: public MatchFlag {
> +public:
> +	DenyMatchFlag(uint32_t flag, uint32_t quiet): MatchFlag(flag, quiet) {}
> +};
> +
>  /* Traverse the syntax tree depth-first in an iterator-like manner. */
>  class depth_first_traversal {
>  	stack<Node *>pos;
> @@ -588,25 +610,6 @@
>  void flip_tree(Node *node);
>  
>  
> -class MatchFlag: public AcceptNode {
> -public:
> -	MatchFlag(uint32_t flag, uint32_t audit): flag(flag), audit(audit) { }
> -	ostream &dump(ostream &os) { return os << "< 0x" << hex << flag << '>'; }
> -
> -	uint32_t flag;
> -	uint32_t audit;
> -};
> -
> -class ExactMatchFlag: public MatchFlag {
> -public:
> -	ExactMatchFlag(uint32_t flag, uint32_t audit): MatchFlag(flag, audit) {}
> -};
> -
> -class DenyMatchFlag: public MatchFlag {
> -public:
> -	DenyMatchFlag(uint32_t flag, uint32_t quiet): MatchFlag(flag, quiet) {}
> -};
> -
>  
>  /*
>   * hashedNodes - for efficient set comparison
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140820/923c0d6b/attachment.pgp>

More information about the AppArmor mailing list