diff options
author | John Johansen <john.johansen@canonical.com> | 2017-08-08 20:58:33 +0200 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2018-02-09 20:30:01 +0100 |
commit | 074c1cd798cb0b481d7eaa749b64aa416563c053 (patch) | |
tree | 7f2b54f290fc29cd85e966b882fea6d11c0bc820 /security | |
parent | apparmor: update domain transitions that are subsets of confinement at nnp (diff) | |
download | linux-074c1cd798cb0b481d7eaa749b64aa416563c053.tar.xz linux-074c1cd798cb0b481d7eaa749b64aa416563c053.zip |
apparmor: dfa move character match into a macro
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/match.c | 74 |
1 files changed, 27 insertions, 47 deletions
diff --git a/security/apparmor/match.c b/security/apparmor/match.c index 5d95caeddebc..aeac68c58689 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c @@ -329,6 +329,18 @@ fail: return ERR_PTR(error); } +#define match_char(state, def, base, next, check, C) \ +do { \ + u32 b = (base)[(state)]; \ + unsigned int pos = base_idx(b) + (C); \ + if ((check)[pos] != (state)) { \ + (state) = (def)[(state)]; \ + break; \ + } \ + (state) = (next)[pos]; \ + break; \ +} while (1) + /** * aa_dfa_match_len - traverse @dfa to find state @str stops at * @dfa: the dfa to match @str against (NOT NULL) @@ -352,7 +364,7 @@ unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start, u32 *base = BASE_TABLE(dfa); u16 *next = NEXT_TABLE(dfa); u16 *check = CHECK_TABLE(dfa); - unsigned int state = start, pos; + unsigned int state = start; if (state == 0) return 0; @@ -361,23 +373,13 @@ unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start, if (dfa->tables[YYTD_ID_EC]) { /* Equivalence class table defined */ u8 *equiv = EQUIV_TABLE(dfa); - /* default is direct to next state */ - for (; len; len--) { - pos = base_idx(base[state]) + equiv[(u8) *str++]; - if (check[pos] == state) - state = next[pos]; - else - state = def[state]; - } + for (; len; len--) + match_char(state, def, base, next, check, + equiv[(u8) *str++]); } else { /* default is direct to next state */ - for (; len; len--) { - pos = base_idx(base[state]) + (u8) *str++; - if (check[pos] == state) - state = next[pos]; - else - state = def[state]; - } + for (; len; len--) + match_char(state, def, base, next, check, (u8) *str++); } return state; @@ -402,7 +404,7 @@ unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start, u32 *base = BASE_TABLE(dfa); u16 *next = NEXT_TABLE(dfa); u16 *check = CHECK_TABLE(dfa); - unsigned int state = start, pos; + unsigned int state = start; if (state == 0) return 0; @@ -412,22 +414,13 @@ unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start, /* Equivalence class table defined */ u8 *equiv = EQUIV_TABLE(dfa); /* default is direct to next state */ - while (*str) { - pos = base_idx(base[state]) + equiv[(u8) *str++]; - if (check[pos] == state) - state = next[pos]; - else - state = def[state]; - } + while (*str) + match_char(state, def, base, next, check, + equiv[(u8) *str++]); } else { /* default is direct to next state */ - while (*str) { - pos = base_idx(base[state]) + (u8) *str++; - if (check[pos] == state) - state = next[pos]; - else - state = def[state]; - } + while (*str) + match_char(state, def, base, next, check, (u8) *str++); } return state; @@ -450,27 +443,14 @@ unsigned int aa_dfa_next(struct aa_dfa *dfa, unsigned int state, u32 *base = BASE_TABLE(dfa); u16 *next = NEXT_TABLE(dfa); u16 *check = CHECK_TABLE(dfa); - unsigned int pos; /* current state is <state>, matching character *str */ if (dfa->tables[YYTD_ID_EC]) { /* Equivalence class table defined */ u8 *equiv = EQUIV_TABLE(dfa); - /* default is direct to next state */ - - pos = base_idx(base[state]) + equiv[(u8) c]; - if (check[pos] == state) - state = next[pos]; - else - state = def[state]; - } else { - /* default is direct to next state */ - pos = base_idx(base[state]) + (u8) c; - if (check[pos] == state) - state = next[pos]; - else - state = def[state]; - } + match_char(state, def, base, next, check, equiv[(u8) c]); + } else + match_char(state, def, base, next, check, (u8) c); return state; } |