On Sun, Jul 21, 2013 at 10:32:48PM -0700, John Johansen wrote: > Remove use of AARE_DFA as the alternate pcre matching engine was removed > years ago. > > Signed-off-by: John Johansen <john.johan...@canonical.com>
Acked-by: Seth Arnold <seth.arn...@canonical.com> Wow, keep these cleanups coming :) Thanks > --- > parser/parser.h | 4 ---- > parser/parser_common.c | 1 - > parser/parser_interface.c | 33 +++++++++------------------------ > parser/parser_main.c | 8 -------- > parser/parser_policy.c | 6 +----- > parser/parser_regex.c | 31 +++++++++++++------------------ > 6 files changed, 23 insertions(+), 60 deletions(-) > > diff --git a/parser/parser.h b/parser/parser.h > index ab57db9..3b4ac63 100644 > --- a/parser/parser.h > +++ b/parser/parser.h > @@ -208,9 +208,6 @@ struct var_string { > #define OPTION_STDOUT 4 > #define OPTION_OFILE 5 > > -#define AARE_NONE 0 > -#define AARE_DFA 2 > - > #define BOOL int > > #define FLAG_CHANGEHAT_1_4 2 > @@ -267,7 +264,6 @@ extern int preprocess_only; > } while (0) > > /* from parser_common.c */ > -extern int regex_type; > extern int perms_create; > extern int net_af_max_override; > extern int kernel_load; > diff --git a/parser/parser_common.c b/parser/parser_common.c > index 15f0978..bf4dd41 100644 > --- a/parser/parser_common.c > +++ b/parser/parser_common.c > @@ -22,7 +22,6 @@ > #define _(s) gettext(s) > #include "parser.h" > > -int regex_type = AARE_DFA; > int perms_create = 0; /* perms contain create flag */ > int net_af_max_override = -1; /* use kernel to determine af_max */ > int kernel_load = 1; > diff --git a/parser/parser_interface.c b/parser/parser_interface.c > index fdd610d..5c2b486 100644 > --- a/parser/parser_interface.c > +++ b/parser/parser_interface.c > @@ -57,9 +57,7 @@ > #define SD_CODE_SIZE (sizeof(u8)) > #define SD_STR_LEN (sizeof(u16)) > > -#define SUBDOMAIN_INTERFACE_VERSION 2 > #define SUBDOMAIN_INTERFACE_DFA_VERSION 5 > -#define SUBDOMAIN_INTERFACE_POLICY_DB 16 > > int sd_serialize_codomain(int option, struct codomain *cod); > > @@ -573,7 +571,7 @@ int sd_serialize_profile(sd_serialize *p, struct codomain > *profile, > > /* only emit this if current kernel at least supports "create" */ > if (perms_create) { > - if (regex_type == AARE_DFA && profile->xmatch) { > + if (profile->xmatch) { > if (!sd_serialize_dfa(p, profile->xmatch, > profile->xmatch_size)) > return 0; > if (!sd_write32(p, profile->xmatch_len)) > @@ -655,7 +653,7 @@ int sd_serialize_profile(sd_serialize *p, struct codomain > *profile, > } else if (profile->network_allowed) > pwarn(_("profile %s network rules not enforced\n"), > profile->name); > > - if (profile->policy_dfa && regex_type == AARE_DFA) { > + if (profile->policy_dfa) { > if (!sd_write_struct(p, "policydb")) > return 0; > if (!sd_serialize_dfa(p, profile->policy_dfa, > profile->policy_dfa_size)) > @@ -665,18 +663,13 @@ int sd_serialize_profile(sd_serialize *p, struct > codomain *profile, > } > > /* either have a single dfa or lists of different entry types */ > - if (regex_type == AARE_DFA) { > - if (!sd_serialize_dfa(p, profile->dfa, profile->dfa_size)) > - return 0; > + if (!sd_serialize_dfa(p, profile->dfa, profile->dfa_size)) > + return 0; > > - if (!sd_serialize_xtable(p, profile->exec_table)) > - return 0; > - } else { > - PERROR(_("Unknown pattern type\n")); > - return 1; > - } > + if (!sd_serialize_xtable(p, profile->exec_table)) > + return 0; > > - if (profile->hat_table && regex_type != AARE_DFA) { > + if (profile->hat_table) { > if (!sd_write_list(p, "hats")) > return 0; > if (load_hats(p, profile) != 0) > @@ -695,15 +688,7 @@ int sd_serialize_top_profile(sd_serialize *p, struct > codomain *profile) > { > int version; > > - if (regex_type == AARE_DFA) { > - /* Not yet > - if (profile->policy_dfa) > - version = SUBDOMAIN_INTERFACE_POLICYDB; > - else */ > - version = SUBDOMAIN_INTERFACE_DFA_VERSION; > - } else > - version = SUBDOMAIN_INTERFACE_VERSION; > - > + version = SUBDOMAIN_INTERFACE_DFA_VERSION; > > if (!sd_write_name(p, "version")) > return 0; > @@ -859,7 +844,7 @@ int sd_serialize_codomain(int option, struct codomain > *cod) > > close(fd); > > - if (cod->hat_table && regex_type == AARE_DFA && option != > OPTION_REMOVE) { > + if (cod->hat_table && option != OPTION_REMOVE) { > if (load_flattened_hats(cod) != 0) > return 0; > } > diff --git a/parser/parser_main.c b/parser/parser_main.c > index 0fe4ccf..afbe78c 100644 > --- a/parser/parser_main.c > +++ b/parser/parser_main.c > @@ -791,7 +791,6 @@ static void get_match_string(void) { > > if (S_ISDIR(stat_file.st_mode)) { > /* if we have a features directory default to */ > - regex_type = AARE_DFA; > perms_create = 1; > > flags_string = malloc(FLAGS_STRING_SIZE); > @@ -821,16 +820,9 @@ static void get_match_string(void) { > > out: > if (match_string) { > - if (strstr(match_string, AADFA)) > - regex_type = AARE_DFA; > - > if (strstr(match_string, " perms=c")) > perms_create = 1; > } else { > - /* no match string default to 2.6.36 version which doesn't > - * have a match string > - */ > - regex_type = AARE_DFA; > perms_create = 1; > kernel_supports_network = 0; > } > diff --git a/parser/parser_policy.c b/parser/parser_policy.c > index dce1b0d..77d4a19 100644 > --- a/parser/parser_policy.c > +++ b/parser/parser_policy.c > @@ -635,11 +635,7 @@ static void __dump_policy_hatnames(const void *nodep, > const VISIT value, > if (value == preorder || value == endorder) > return; > > - if (regex_type == AARE_DFA) { > - printf("%s//%s\n", __dump_policy_name->name, (*t)->name); > - } else { > - printf("%s^%s\n", __dump_policy_name->name, (*t)->name); > - } > + printf("%s//%s\n", __dump_policy_name->name, (*t)->name); > } > > void dump_policy_hatnames(struct codomain *cod) > diff --git a/parser/parser_regex.c b/parser/parser_regex.c > index 30a86cc..4bc0691 100644 > --- a/parser/parser_regex.c > +++ b/parser/parser_regex.c > @@ -556,8 +556,7 @@ int post_process_entries(struct codomain *cod) > int count = 0; > > list_for_each(cod->entries, entry) { > - if (regex_type == AARE_DFA && > - !process_dfa_entry(cod->dfarules, entry)) > + if (!process_dfa_entry(cod->dfarules, entry)) > ret = FALSE; > count++; > } > @@ -570,18 +569,17 @@ int process_regex(struct codomain *cod) > { > int error = -1; > > - if (regex_type == AARE_DFA) { > - if (!process_profile_name_xmatch(cod)) > - goto out; > + if (!process_profile_name_xmatch(cod)) > + goto out; > + > + cod->dfarules = aare_new_ruleset(0); > + if (!cod->dfarules) > + goto out; > > - cod->dfarules = aare_new_ruleset(0); > - if (!cod->dfarules) > - goto out; > - } > if (!post_process_entries(cod)) > goto out; > > - if (regex_type == AARE_DFA && cod->dfarule_count > 0) { > + if (cod->dfarule_count > 0) { > cod->dfa = aare_create_dfa(cod->dfarules, &cod->dfa_size, > dfaflags); > aare_delete_ruleset(cod->dfarules); > @@ -1050,8 +1048,7 @@ int post_process_mnt_ents(struct codomain *cod) > if (cod->mnt_ents && kernel_supports_mount) { > struct mnt_entry *entry; > list_for_each(cod->mnt_ents, entry) { > - if (regex_type == AARE_DFA && > - !process_mnt_entry(cod->policy_rules, entry)) > + if (!process_mnt_entry(cod->policy_rules, entry)) > ret = FALSE; > count++; > } > @@ -1075,16 +1072,14 @@ int process_policydb(struct codomain *cod) > { > int error = -1; > > - if (regex_type == AARE_DFA) { > - cod->policy_rules = aare_new_ruleset(0); > - if (!cod->policy_rules) > - goto out; > - } > + cod->policy_rules = aare_new_ruleset(0); > + if (!cod->policy_rules) > + goto out; > > if (!post_process_policydb_ents(cod)) > goto out; > > - if (regex_type == AARE_DFA && cod->policy_rule_count > 0) { > + if (cod->policy_rule_count > 0) { > cod->policy_dfa = aare_create_dfa(cod->policy_rules, > &cod->policy_dfa_size, > dfaflags); > -- > 1.8.1.2 > > > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor