This patch is a very minor optimization to the search to determine whether a given rule is an exact match or not. If a wildcard rule (i.e. an inexact match) is discovered, exact_match is set to 0, so we don't need to continue the tree traversal.
Signed-off-by: Steve Beattie <st...@nxnw.org> --- parser/libapparmor_re/aare_rules.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Index: b/parser/libapparmor_re/aare_rules.cc =================================================================== --- a/parser/libapparmor_re/aare_rules.cc +++ b/parser/libapparmor_re/aare_rules.cc @@ -1,7 +1,7 @@ /* * (C) 2006, 2007 Andreas Gruenbacher <agr...@suse.de> * Copyright (c) 2003-2008 Novell, Inc. (All rights reserved) - * Copyright 2009-2012 Canonical Ltd. + * Copyright 2009-2013 Canonical Ltd. (All rights reserved) * * The libapparmor library is licensed under the terms of the GNU * Lesser General Public License, version 2.1. Please see the file @@ -123,7 +123,7 @@ int aare_add_rule_vec(aare_ruleset_t *ru * on how we split permission bitmasks here. */ exact_match = 1; - for (depth_first_traversal i(tree); i; i++) { + for (depth_first_traversal i(tree); i && exact_match; i++) { if (dynamic_cast<StarNode *>(*i) || dynamic_cast<PlusNode *>(*i) || dynamic_cast<AnyCharNode *>(*i) || -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor