apparmor: dfa move character match into a macro

Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2017-08-08 14:58:33 -0400
committer: John Johansen <john.johansen@canonical.com> 2018-02-09 14:30:01 -0500
commit: 074c1cd798cb0b481d7eaa749b64aa416563c053 (patch)
tree: 7f2b54f290fc29cd85e966b882fea6d11c0bc820 /security
parent: 9fcf78cca198600b27c44b4e50f00f8af3927f17 (diff)
1 files changed, 27 insertions, 47 deletions
diff --git a/security/apparmor/match.c b/security/apparmor/match.c
index 5d95caeddebc..aeac68c58689 100644
--- a/security/apparmor/match.c
+++ b/security/apparmor/match.c
@@ -329,6 +329,18 @@ fail:
        return ERR_PTR(error);
 }
+#define match_char(state, def, base, next, check, C)    \
+do {                                                    \
+        u32 b = (base)[(state)];                        \
+        unsigned int pos = base_idx(b) + (C);           \
+        if ((check)[pos] != (state)) {                  \
+                (state) = (def)[(state)];               \
+                break;                                  \
+        }                                               \
+        (state) = (next)[pos];                          \
+        break;                                          \
+} while (1)
 /**
 * aa_dfa_match_len - traverse @dfa to find state @str stops at
 * @dfa: the dfa to match @str against  (NOT NULL)
@@ -352,7 +364,7 @@ unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start,
        u32 *base = BASE_TABLE(dfa);
        u16 *next = NEXT_TABLE(dfa);
        u16 *check = CHECK_TABLE(dfa);
-        unsigned int state = start, pos;
+        unsigned int state = start;
        if (state == 0)
                return 0;
@@ -361,23 +373,13 @@ unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start,
        if (dfa->tables[YYTD_ID_EC]) {
                /* Equivalence class table defined */
                u8 *equiv = EQUIV_TABLE(dfa);
-                /* default is direct to next state */
+                for (; len; len--)
-                for (; len; len--) {
+                        match_char(state, def, base, next, check,
-                        pos = base_idx(base[state]) + equiv[(u8) *str++];
+                                   equiv[(u8) *str++]);
-                        if (check[pos] == state)
-                                state = next[pos];
-                        else
-                                state = def[state];
-                }
        } else {
                /* default is direct to next state */
-                for (; len; len--) {
+                for (; len; len--)
-                        pos = base_idx(base[state]) + (u8) *str++;
+                        match_char(state, def, base, next, check, (u8) *str++);
-                        if (check[pos] == state)
-                                state = next[pos];
-                        else
-                                state = def[state];
-                }
        }
        return state;
@@ -402,7 +404,7 @@ unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start,
        u32 *base = BASE_TABLE(dfa);
        u16 *next = NEXT_TABLE(dfa);
        u16 *check = CHECK_TABLE(dfa);
-        unsigned int state = start, pos;
+        unsigned int state = start;
        if (state == 0)
                return 0;
@@ -412,22 +414,13 @@ unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start,
                /* Equivalence class table defined */
                u8 *equiv = EQUIV_TABLE(dfa);
                /* default is direct to next state */
-                while (*str) {
+                while (*str)
-                        pos = base_idx(base[state]) + equiv[(u8) *str++];
+                        match_char(state, def, base, next, check,
-                        if (check[pos] == state)
+                                   equiv[(u8) *str++]);
-                                state = next[pos];
-                        else
-                                state = def[state];
-                }
        } else {
                /* default is direct to next state */
-                while (*str) {
+                while (*str)
-                        pos = base_idx(base[state]) + (u8) *str++;
+                        match_char(state, def, base, next, check, (u8) *str++);
-                        if (check[pos] == state)
-                                state = next[pos];
-                        else
-                                state = def[state];
-                }
        }
        return state;
@@ -450,27 +443,14 @@ unsigned int aa_dfa_next(struct aa_dfa *dfa, unsigned int state,
        u32 *base = BASE_TABLE(dfa);
        u16 *next = NEXT_TABLE(dfa);
        u16 *check = CHECK_TABLE(dfa);
-        unsigned int pos;
        /* current state is <state>, matching character *str */
        if (dfa->tables[YYTD_ID_EC]) {
                /* Equivalence class table defined */
                u8 *equiv = EQUIV_TABLE(dfa);
-                /* default is direct to next state */
+                match_char(state, def, base, next, check, equiv[(u8) c]);
+        } else
-                pos = base_idx(base[state]) + equiv[(u8) c];
+                match_char(state, def, base, next, check, (u8) c);
-                if (check[pos] == state)
-                        state = next[pos];
-                else
-                        state = def[state];
-        } else {
-                /* default is direct to next state */
-                pos = base_idx(base[state]) + (u8) c;
-                if (check[pos] == state)
-                        state = next[pos];
-                else
-                        state = def[state];
-        }
        return state;
 }
author	John Johansen <john.johansen@canonical.com>	2017-08-08 14:58:33 -0400
committer	John Johansen <john.johansen@canonical.com>	2018-02-09 14:30:01 -0500
commit	074c1cd798cb0b481d7eaa749b64aa416563c053 (patch)
tree	7f2b54f290fc29cd85e966b882fea6d11c0bc820 /security
parent	9fcf78cca198600b27c44b4e50f00f8af3927f17 (diff)

diff --git a/security/apparmor/match.c b/security/apparmor/match.c index 5d95caeddebc..aeac68c58689 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c
@@ -329,6 +329,18 @@ fail:
329	return ERR_PTR(error);	329	return ERR_PTR(error);
330	}	330	}
331		331
		332	#define match_char(state, def, base, next, check, C) \
		333	do { \
		334	u32 b = (base)[(state)]; \
		335	unsigned int pos = base_idx(b) + (C); \
		336	if ((check)[pos] != (state)) { \
		337	(state) = (def)[(state)]; \
		338	break; \
		339	} \
		340	(state) = (next)[pos]; \
		341	break; \
		342	} while (1)
		343
332	/**	344	/**
333	* aa_dfa_match_len - traverse @dfa to find state @str stops at	345	* aa_dfa_match_len - traverse @dfa to find state @str stops at
334	* @dfa: the dfa to match @str against (NOT NULL)	346	* @dfa: the dfa to match @str against (NOT NULL)
@@ -352,7 +364,7 @@ unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start,
352	u32 *base = BASE_TABLE(dfa);	364	u32 *base = BASE_TABLE(dfa);
353	u16 *next = NEXT_TABLE(dfa);	365	u16 *next = NEXT_TABLE(dfa);
354	u16 *check = CHECK_TABLE(dfa);	366	u16 *check = CHECK_TABLE(dfa);
355	unsigned int state = start, pos;	367	unsigned int state = start;
356		368
357	if (state == 0)	369	if (state == 0)
358	return 0;	370	return 0;
@@ -361,23 +373,13 @@ unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start,
361	if (dfa->tables[YYTD_ID_EC]) {	373	if (dfa->tables[YYTD_ID_EC]) {
362	/* Equivalence class table defined */	374	/* Equivalence class table defined */
363	u8 *equiv = EQUIV_TABLE(dfa);	375	u8 *equiv = EQUIV_TABLE(dfa);
364	/* default is direct to next state */	376	for (; len; len--)
365	for (; len; len--) {	377	match_char(state, def, base, next, check,
366	pos = base_idx(base[state]) + equiv[(u8) *str++];	378	equiv[(u8) *str++]);
367	if (check[pos] == state)
368	state = next[pos];
369	else
370	state = def[state];
371	}
372	} else {	379	} else {
373	/* default is direct to next state */	380	/* default is direct to next state */
374	for (; len; len--) {	381	for (; len; len--)
375	pos = base_idx(base[state]) + (u8) *str++;	382	match_char(state, def, base, next, check, (u8) *str++);
376	if (check[pos] == state)
377	state = next[pos];
378	else
379	state = def[state];
380	}
381	}	383	}
382		384
383	return state;	385	return state;
@@ -402,7 +404,7 @@ unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start,
402	u32 *base = BASE_TABLE(dfa);	404	u32 *base = BASE_TABLE(dfa);
403	u16 *next = NEXT_TABLE(dfa);	405	u16 *next = NEXT_TABLE(dfa);
404	u16 *check = CHECK_TABLE(dfa);	406	u16 *check = CHECK_TABLE(dfa);
405	unsigned int state = start, pos;	407	unsigned int state = start;
406		408
407	if (state == 0)	409	if (state == 0)
408	return 0;	410	return 0;
@@ -412,22 +414,13 @@ unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start,
412	/* Equivalence class table defined */	414	/* Equivalence class table defined */
413	u8 *equiv = EQUIV_TABLE(dfa);	415	u8 *equiv = EQUIV_TABLE(dfa);
414	/* default is direct to next state */	416	/* default is direct to next state */
415	while (*str) {	417	while (*str)
416	pos = base_idx(base[state]) + equiv[(u8) *str++];	418	match_char(state, def, base, next, check,
417	if (check[pos] == state)	419	equiv[(u8) *str++]);
418	state = next[pos];
419	else
420	state = def[state];
421	}
422	} else {	420	} else {
423	/* default is direct to next state */	421	/* default is direct to next state */
424	while (*str) {	422	while (*str)
425	pos = base_idx(base[state]) + (u8) *str++;	423	match_char(state, def, base, next, check, (u8) *str++);
426	if (check[pos] == state)
427	state = next[pos];
428	else
429	state = def[state];
430	}
431	}	424	}
432		425
433	return state;	426	return state;
@@ -450,27 +443,14 @@ unsigned int aa_dfa_next(struct aa_dfa *dfa, unsigned int state,
450	u32 *base = BASE_TABLE(dfa);	443	u32 *base = BASE_TABLE(dfa);
451	u16 *next = NEXT_TABLE(dfa);	444	u16 *next = NEXT_TABLE(dfa);
452	u16 *check = CHECK_TABLE(dfa);	445	u16 *check = CHECK_TABLE(dfa);
453	unsigned int pos;
454		446
455	/* current state is <state>, matching character str /	447	/* current state is <state>, matching character str /
456	if (dfa->tables[YYTD_ID_EC]) {	448	if (dfa->tables[YYTD_ID_EC]) {
457	/* Equivalence class table defined */	449	/* Equivalence class table defined */
458	u8 *equiv = EQUIV_TABLE(dfa);	450	u8 *equiv = EQUIV_TABLE(dfa);
459	/* default is direct to next state */	451	match_char(state, def, base, next, check, equiv[(u8) c]);
460		452	} else
461	pos = base_idx(base[state]) + equiv[(u8) c];	453	match_char(state, def, base, next, check, (u8) c);
462	if (check[pos] == state)
463	state = next[pos];
464	else
465	state = def[state];
466	} else {
467	/* default is direct to next state */
468	pos = base_idx(base[state]) + (u8) c;
469	if (check[pos] == state)
470	state = next[pos];
471	else
472	state = def[state];
473	}
474		454
475	return state;	455	return state;
476	}	456	}