summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-08-08 20:58:33 +0200
committerJohn Johansen <john.johansen@canonical.com>2018-02-09 20:30:01 +0100
commit074c1cd798cb0b481d7eaa749b64aa416563c053 (patch)
tree7f2b54f290fc29cd85e966b882fea6d11c0bc820 /security
parentapparmor: update domain transitions that are subsets of confinement at nnp (diff)
downloadlinux-074c1cd798cb0b481d7eaa749b64aa416563c053.tar.xz
linux-074c1cd798cb0b481d7eaa749b64aa416563c053.zip
apparmor: dfa move character match into a macro
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/match.c74
1 files changed, 27 insertions, 47 deletions
diff --git a/security/apparmor/match.c b/security/apparmor/match.c
index 5d95caeddebc..aeac68c58689 100644
--- a/security/apparmor/match.c
+++ b/security/apparmor/match.c
@@ -329,6 +329,18 @@ fail:
return ERR_PTR(error);
}
+#define match_char(state, def, base, next, check, C) \
+do { \
+ u32 b = (base)[(state)]; \
+ unsigned int pos = base_idx(b) + (C); \
+ if ((check)[pos] != (state)) { \
+ (state) = (def)[(state)]; \
+ break; \
+ } \
+ (state) = (next)[pos]; \
+ break; \
+} while (1)
+
/**
* aa_dfa_match_len - traverse @dfa to find state @str stops at
* @dfa: the dfa to match @str against (NOT NULL)
@@ -352,7 +364,7 @@ unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start,
u32 *base = BASE_TABLE(dfa);
u16 *next = NEXT_TABLE(dfa);
u16 *check = CHECK_TABLE(dfa);
- unsigned int state = start, pos;
+ unsigned int state = start;
if (state == 0)
return 0;
@@ -361,23 +373,13 @@ unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start,
if (dfa->tables[YYTD_ID_EC]) {
/* Equivalence class table defined */
u8 *equiv = EQUIV_TABLE(dfa);
- /* default is direct to next state */
- for (; len; len--) {
- pos = base_idx(base[state]) + equiv[(u8) *str++];
- if (check[pos] == state)
- state = next[pos];
- else
- state = def[state];
- }
+ for (; len; len--)
+ match_char(state, def, base, next, check,
+ equiv[(u8) *str++]);
} else {
/* default is direct to next state */
- for (; len; len--) {
- pos = base_idx(base[state]) + (u8) *str++;
- if (check[pos] == state)
- state = next[pos];
- else
- state = def[state];
- }
+ for (; len; len--)
+ match_char(state, def, base, next, check, (u8) *str++);
}
return state;
@@ -402,7 +404,7 @@ unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start,
u32 *base = BASE_TABLE(dfa);
u16 *next = NEXT_TABLE(dfa);
u16 *check = CHECK_TABLE(dfa);
- unsigned int state = start, pos;
+ unsigned int state = start;
if (state == 0)
return 0;
@@ -412,22 +414,13 @@ unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start,
/* Equivalence class table defined */
u8 *equiv = EQUIV_TABLE(dfa);
/* default is direct to next state */
- while (*str) {
- pos = base_idx(base[state]) + equiv[(u8) *str++];
- if (check[pos] == state)
- state = next[pos];
- else
- state = def[state];
- }
+ while (*str)
+ match_char(state, def, base, next, check,
+ equiv[(u8) *str++]);
} else {
/* default is direct to next state */
- while (*str) {
- pos = base_idx(base[state]) + (u8) *str++;
- if (check[pos] == state)
- state = next[pos];
- else
- state = def[state];
- }
+ while (*str)
+ match_char(state, def, base, next, check, (u8) *str++);
}
return state;
@@ -450,27 +443,14 @@ unsigned int aa_dfa_next(struct aa_dfa *dfa, unsigned int state,
u32 *base = BASE_TABLE(dfa);
u16 *next = NEXT_TABLE(dfa);
u16 *check = CHECK_TABLE(dfa);
- unsigned int pos;
/* current state is <state>, matching character *str */
if (dfa->tables[YYTD_ID_EC]) {
/* Equivalence class table defined */
u8 *equiv = EQUIV_TABLE(dfa);
- /* default is direct to next state */
-
- pos = base_idx(base[state]) + equiv[(u8) c];
- if (check[pos] == state)
- state = next[pos];
- else
- state = def[state];
- } else {
- /* default is direct to next state */
- pos = base_idx(base[state]) + (u8) c;
- if (check[pos] == state)
- state = next[pos];
- else
- state = def[state];
- }
+ match_char(state, def, base, next, check, equiv[(u8) c]);
+ } else
+ match_char(state, def, base, next, check, (u8) c);
return state;
}