apparmor: misc cleanup of match
tidying up comments, includes and defines Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com>
This commit is contained in:
parent
cf47aede3b
commit
8e4ff109d0
@ -4,7 +4,7 @@
|
||||
* This file contains AppArmor policy dfa matching engine definitions.
|
||||
*
|
||||
* Copyright (C) 1998-2008 Novell/SUSE
|
||||
* Copyright 2009-2010 Canonical Ltd.
|
||||
* Copyright 2009-2012 Canonical Ltd.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License as
|
||||
@ -16,7 +16,6 @@
|
||||
#define __AA_MATCH_H
|
||||
|
||||
#include <linux/kref.h>
|
||||
#include <linux/workqueue.h>
|
||||
|
||||
#define DFA_NOMATCH 0
|
||||
#define DFA_START 1
|
||||
@ -29,12 +28,20 @@
|
||||
* file format (--tables-file option; see Table File Format in the flex
|
||||
* info pages and the flex sources for documentation). The magic number
|
||||
* used in the header is 0x1B5E783D instead of 0xF13C57B1 though, because
|
||||
* the YY_ID_CHK (check) and YY_ID_DEF (default) tables are used
|
||||
* slightly differently (see the apparmor-parser package).
|
||||
* new tables have been defined and others YY_ID_CHK (check) and YY_ID_DEF
|
||||
* (default) tables are used slightly differently (see the apparmor-parser
|
||||
* package).
|
||||
*
|
||||
*
|
||||
* The data in the packed dfa is stored in network byte order, and the tables
|
||||
* are arranged for flexibility. We convert the table data to host native
|
||||
* byte order.
|
||||
*
|
||||
* The dfa begins with a table set header, and is followed by the actual
|
||||
* tables.
|
||||
*/
|
||||
|
||||
#define YYTH_MAGIC 0x1B5E783D
|
||||
#define YYTH_DEF_RECURSE 0x1 /* DEF Table is recursive */
|
||||
|
||||
struct table_set_header {
|
||||
u32 th_magic; /* YYTH_MAGIC */
|
||||
@ -63,7 +70,7 @@ struct table_set_header {
|
||||
#define YYTD_DATA32 4
|
||||
#define YYTD_DATA64 8
|
||||
|
||||
/* Each ACCEPT2 table gets 6 dedicated flags, YYTD_DATAX define the
|
||||
/* ACCEPT & ACCEPT2 tables gets 6 dedicated flags, YYTD_DATAX define the
|
||||
* first flags
|
||||
*/
|
||||
#define ACCEPT1_FLAGS(X) ((X) & 0x3f)
|
||||
|
@ -4,7 +4,7 @@
|
||||
* This file contains AppArmor dfa based regular expression matching engine
|
||||
*
|
||||
* Copyright (C) 1998-2008 Novell/SUSE
|
||||
* Copyright 2009-2010 Canonical Ltd.
|
||||
* Copyright 2009-2012 Canonical Ltd.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License as
|
||||
@ -137,7 +137,6 @@ static int verify_dfa(struct aa_dfa *dfa, int flags)
|
||||
for (i = 0; i < state_count; i++) {
|
||||
if (DEFAULT_TABLE(dfa)[i] >= state_count)
|
||||
goto out;
|
||||
/* TODO: do check that DEF state recursion terminates */
|
||||
if (BASE_TABLE(dfa)[i] + 255 >= trans_count) {
|
||||
printk(KERN_ERR "AppArmor DFA next/check upper "
|
||||
"bounds error\n");
|
||||
|
Loading…
Reference in New Issue
Block a user