Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8e4ff109 authored by John Johansen's avatar John Johansen
Browse files

apparmor: misc cleanup of match 



tidying up comments, includes and defines

Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
Acked-by: default avatarKees Cook <kees@ubuntu.com>
parent cf47aede

security/apparmor/include/match.h

+13 −6
Original line number Diff line number Diff line
@@ -4,7 +4,7 @@ 
 * This file contains AppArmor policy dfa matching engine definitions.

 *

 * Copyright (C) 1998-2008 Novell/SUSE

 * Copyright 2009-2010 Canonical Ltd.

 * Copyright 2009-2012 Canonical Ltd.

 *

 * This program is free software; you can redistribute it and/or

 * modify it under the terms of the GNU General Public License as
@@ -16,7 +16,6 @@ 
#define __AA_MATCH_H



#include <linux/kref.h>

#include <linux/workqueue.h>



#define DFA_NOMATCH			0

#define DFA_START			1
@@ -29,12 +28,20 @@ 
 * file format (--tables-file option; see Table File Format in the flex

 * info pages and the flex sources for documentation). The magic number

 * used in the header is 0x1B5E783D instead of 0xF13C57B1 though, because

 * the YY_ID_CHK (check) and YY_ID_DEF (default) tables are used

 * slightly differently (see the apparmor-parser package).

 * new tables have been defined and others YY_ID_CHK (check) and YY_ID_DEF

 * (default) tables are used slightly differently (see the apparmor-parser

 * package).

 *

 *

 * The data in the packed dfa is stored in network byte order, and the tables

 * are arranged for flexibility.  We convert the table data to host native

 * byte order.

 *

 * The dfa begins with a table set header, and is followed by the actual

 * tables.

 */



#define YYTH_MAGIC	0x1B5E783D

#define YYTH_DEF_RECURSE 0x1			/* DEF Table is recursive */



struct table_set_header {

	u32 th_magic;		/* YYTH_MAGIC */
@@ -63,7 +70,7 @@ struct table_set_header { 
#define YYTD_DATA32	4

#define YYTD_DATA64	8



/* Each ACCEPT2 table gets 6 dedicated flags, YYTD_DATAX define the

/* ACCEPT & ACCEPT2 tables gets 6 dedicated flags, YYTD_DATAX define the

 * first flags

 */

#define ACCEPT1_FLAGS(X) ((X) & 0x3f)

security/apparmor/match.c

+1 −2
Original line number Diff line number Diff line
@@ -4,7 +4,7 @@ 
 * This file contains AppArmor dfa based regular expression matching engine

 *

 * Copyright (C) 1998-2008 Novell/SUSE

 * Copyright 2009-2010 Canonical Ltd.

 * Copyright 2009-2012 Canonical Ltd.

 *

 * This program is free software; you can redistribute it and/or

 * modify it under the terms of the GNU General Public License as
@@ -137,7 +137,6 @@ static int verify_dfa(struct aa_dfa *dfa, int flags) 
		for (i = 0; i < state_count; i++) {

			if (DEFAULT_TABLE(dfa)[i] >= state_count)

				goto out;

			/* TODO: do check that DEF state recursion terminates */

			if (BASE_TABLE(dfa)[i] + 255 >= trans_count) {

				printk(KERN_ERR "AppArmor DFA next/check upper "

				       "bounds error\n");