Re: [apparmor] [PATCH 4/8] Remove testing for AARE as it is the only matching engine

Fri, 13 Sep 2013 22:54:04 -0700 

On Fri, Sep 13, 2013 at 10:46:21PM -0700, Steve Beattie wrote:
> On Thu, Sep 12, 2013 at 04:08:52PM -0700, Steve Beattie wrote:
> Alright, I think I've tracked down the specific issue from this patch:
> 
> In:
> 
> > diff --git a/parser/parser_interface.c b/parser/parser_interface.c
> > index fdd610d..5c2b486 100644
> > --- a/parser/parser_interface.c
> > +++ b/parser/parser_interface.c
> > @@ -665,18 +663,13 @@ int sd_serialize_profile(sd_serialize *p, struct 
> > codomain *profile,
> >     }
> >  
> >     /* either have a single dfa or lists of different entry types */
> > -   if (regex_type == AARE_DFA) {
> > -           if (!sd_serialize_dfa(p, profile->dfa, profile->dfa_size))
> > -                   return 0;
> > +   if (!sd_serialize_dfa(p, profile->dfa, profile->dfa_size))
> > +           return 0;
> >  
> > -           if (!sd_serialize_xtable(p, profile->exec_table))
> > -                   return 0;
> > -   } else {
> > -           PERROR(_("Unknown pattern type\n"));
> > -           return 1;
> > -   }
> > +   if (!sd_serialize_xtable(p, profile->exec_table))
> > +           return 0;
> >  
> > -   if (profile->hat_table && regex_type != AARE_DFA) {
> > +   if (profile->hat_table) {
> 
> Note that the test removed here is if regex_type != AARE_DFA, *not* if
> regex_type == AARE_DFA. Since we don't support non AARE_DFA matching
> anymore, the code block that follows this test should be removed
> entirely, like so:
> 
> Signed-off-by: Steve Beattie <st...@nxnw.org>
> ---
>  parser/parser_interface.c |    9 ---------
>  1 file changed, 9 deletions(-)
> 
> Index: b/parser/parser_interface.c
> ===================================================================
> --- a/parser/parser_interface.c
> +++ b/parser/parser_interface.c
> @@ -669,15 +669,6 @@ int sd_serialize_profile(sd_serialize *p
>       if (!sd_serialize_xtable(p, profile->exec_table))
>               return 0;
>  
> -     if (profile->hat_table) {
> -             if (!sd_write_list(p, "hats"))
> -                     return 0;
> -             if (load_hats(p, profile) != 0)
> -                     return 0;
> -             if (!sd_write_listend(p))
> -                     return 0;
> -
> -     }
>       if (!sd_write_structend(p))
>               return 0;
>  
> 
> With this incorporated into the patch, the regression tests all pass
> again, in particular all the tests that loads hats.

Also, I should that the original patch, with the above fix applied
on top of it, gets an Acked-by: Steve Beattie <st...@nxnw.org> from me.

-- 
Steve Beattie
<sbeat...@ubuntu.com>
http://NxNW.org/~steve/

Attachment: signature.asc
Description: Digital signature

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to