diff options
Diffstat (limited to 'security/apparmor')
-rw-r--r-- | security/apparmor/match.c | 74 |
1 files changed, 27 insertions, 47 deletions
diff --git a/security/apparmor/match.c b/security/apparmor/match.c index 5d95caeddebc..aeac68c58689 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c @@ -329,6 +329,18 @@ fail: return ERR_PTR(error); } +#define match_char(state, def, base, next, check, C) \ +do { \ + u32 b = (base)[(state)]; \ + unsigned int pos = base_idx(b) + (C); \ + if ((check)[pos] != (state)) { \ + (state) = (def)[(state)]; \ + break; \ + } \ + (state) = (next)[pos]; \ + break; \ +} while (1) + /** * aa_dfa_match_len - traverse @dfa to find state @str stops at * @dfa: the dfa to match @str against (NOT NULL) @@ -352,7 +364,7 @@ unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start, u32 *base = BASE_TABLE(dfa); u16 *next = NEXT_TABLE(dfa); u16 *check = CHECK_TABLE(dfa); - unsigned int state = start, pos; + unsigned int state = start; if (state == 0) return 0; @@ -361,23 +373,13 @@ unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start, if (dfa->tables[YYTD_ID_EC]) { /* Equivalence class table defined */ u8 *equiv = EQUIV_TABLE(dfa); - /* default is direct to next state */ - for (; len; len--) { - pos = base_idx(base[state]) + equiv[(u8) *str++]; - if (check[pos] == state) - state = next[pos]; - else - state = def[state]; - } + for (; len; len--) + match_char(state, def, base, next, check, + equiv[(u8) *str++]); } else { /* default is direct to next state */ - for (; len; len--) { - pos = base_idx(base[state]) + (u8) *str++; - if (check[pos] == state) - state = next[pos]; - else - state = def[state]; - } + for (; len; len--) + match_char(state, def, base, next, check, (u8) *str++); } return state; @@ -402,7 +404,7 @@ unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start, u32 *base = BASE_TABLE(dfa); u16 *next = NEXT_TABLE(dfa); u16 *check = CHECK_TABLE(dfa); - unsigned int state = start, pos; + unsigned int state = start; if (state == 0) return 0; @@ -412,22 +414,13 @@ unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start, /* Equivalence class table defined */ u8 *equiv = EQUIV_TABLE(dfa); /* default is direct to next state */ - while (*str) { - pos = base_idx(base[state]) + equiv[(u8) *str++]; - if (check[pos] == state) - state = next[pos]; - else - state = def[state]; - } + while (*str) + match_char(state, def, base, next, check, + equiv[(u8) *str++]); } else { /* default is direct to next state */ - while (*str) { - pos = base_idx(base[state]) + (u8) *str++; - if (check[pos] == state) - state = next[pos]; - else - state = def[state]; - } + while (*str) + match_char(state, def, base, next, check, (u8) *str++); } return state; @@ -450,27 +443,14 @@ unsigned int aa_dfa_next(struct aa_dfa *dfa, unsigned int state, u32 *base = BASE_TABLE(dfa); u16 *next = NEXT_TABLE(dfa); u16 *check = CHECK_TABLE(dfa); - unsigned int pos; /* current state is <state>, matching character *str */ if (dfa->tables[YYTD_ID_EC]) { /* Equivalence class table defined */ u8 *equiv = EQUIV_TABLE(dfa); - /* default is direct to next state */ - - pos = base_idx(base[state]) + equiv[(u8) c]; - if (check[pos] == state) - state = next[pos]; - else - state = def[state]; - } else { - /* default is direct to next state */ - pos = base_idx(base[state]) + (u8) c; - if (check[pos] == state) - state = next[pos]; - else - state = def[state]; - } + match_char(state, def, base, next, check, equiv[(u8) c]); + } else + match_char(state, def, base, next, check, (u8) c); return state; } |