match.h File Reference

#include <linux/kref.h>
#include <linux/workqueue.h>

Go to the source code of this file.

Data Structures
struct	table_set_header
struct	table_header
struct	aa_dfa

Macros
#define	DFA_NOMATCH   0
#define	DFA_START   1
#define	DFA_VALID_PERM_MASK   0xffffffff
#define	DFA_VALID_PERM2_MASK   0xffffffff
#define	YYTH_MAGIC   0x1B5E783D
#define	YYTH_DEF_RECURSE   0x1 /* DEF Table is recursive */
#define	YYTD_ID_ACCEPT   0
#define	YYTD_ID_BASE   1
#define	YYTD_ID_CHK   2
#define	YYTD_ID_DEF   3
#define	YYTD_ID_EC   4
#define	YYTD_ID_META   5
#define	YYTD_ID_ACCEPT2   6
#define	YYTD_ID_NXT   7
#define	YYTD_ID_TSIZE   8
#define	YYTD_DATA8   1
#define	YYTD_DATA16   2
#define	YYTD_DATA32   4
#define	YYTD_DATA64   8
#define	ACCEPT1_FLAGS(X)   ((X) & 0x3f)
#define	ACCEPT2_FLAGS(X)   ACCEPT1_FLAGS((X) >> YYTD_ID_ACCEPT2)
#define	TO_ACCEPT1_FLAG(X)   ACCEPT1_FLAGS(X)
#define	TO_ACCEPT2_FLAG(X)   (ACCEPT1_FLAGS(X) << YYTD_ID_ACCEPT2)
#define	DFA_FLAG_VERIFY_STATES   0x1000
#define	DEFAULT_TABLE(DFA)   ((u16 *)((DFA)->tables[YYTD_ID_DEF]->td_data))
#define	BASE_TABLE(DFA)   ((u32 *)((DFA)->tables[YYTD_ID_BASE]->td_data))
#define	NEXT_TABLE(DFA)   ((u16 *)((DFA)->tables[YYTD_ID_NXT]->td_data))
#define	CHECK_TABLE(DFA)   ((u16 *)((DFA)->tables[YYTD_ID_CHK]->td_data))
#define	EQUIV_TABLE(DFA)   ((u8 *)((DFA)->tables[YYTD_ID_EC]->td_data))
#define	ACCEPT_TABLE(DFA)   ((u32 *)((DFA)->tables[YYTD_ID_ACCEPT]->td_data))
#define	ACCEPT_TABLE2(DFA)   ((u32 *)((DFA)->tables[YYTD_ID_ACCEPT2]->td_data))
#define	byte_to_byte(X)   (X)
#define	UNPACK_ARRAY(TABLE, BLOB, LEN, TYPE, NTOHX)

Functions
struct aa_dfa *	aa_dfa_unpack (void *blob, size_t size, int flags)
unsigned int	aa_dfa_match_len (struct aa_dfa *dfa, unsigned int start, const char *str, int len)
unsigned int	aa_dfa_match (struct aa_dfa *dfa, unsigned int start, const char *str)
unsigned int	aa_dfa_next (struct aa_dfa *dfa, unsigned int state, const char c)
void	aa_dfa_free_kref (struct kref *kref)

Macro Definition Documentation

#define ACCEPT1_FLAGS

(

X

)

((X) & 0x3f)

Definition at line 69 of file match.h.

#define ACCEPT2_FLAGS

(

X

)

ACCEPT1_FLAGS((X) >> YYTD_ID_ACCEPT2)

Definition at line 70 of file match.h.

#define ACCEPT_TABLE

(

DFA

)

((u32 *)((DFA)->tables[YYTD_ID_ACCEPT]->td_data))

Definition at line 88 of file match.h.

#define ACCEPT_TABLE2

(

DFA

)

((u32 *)((DFA)->tables[YYTD_ID_ACCEPT2]->td_data))

Definition at line 89 of file match.h.

#define BASE_TABLE

(

DFA

)

((u32 *)((DFA)->tables[YYTD_ID_BASE]->td_data))

Definition at line 84 of file match.h.

#define byte_to_byte

(

X

)

(X)

Definition at line 97 of file match.h.

#define CHECK_TABLE

(

DFA

)

((u16 *)((DFA)->tables[YYTD_ID_CHK]->td_data))

Definition at line 86 of file match.h.

#define DEFAULT_TABLE

(

DFA

)

((u16 *)((DFA)->tables[YYTD_ID_DEF]->td_data))

Definition at line 83 of file match.h.

#define DFA_FLAG_VERIFY_STATES   0x1000

Definition at line 73 of file match.h.

#define DFA_NOMATCH   0

Definition at line 21 of file match.h.

#define DFA_START   1

Definition at line 22 of file match.h.

#define DFA_VALID_PERM2_MASK   0xffffffff

Definition at line 25 of file match.h.

#define DFA_VALID_PERM_MASK   0xffffffff

Definition at line 24 of file match.h.

#define EQUIV_TABLE

(

DFA

)

((u8 *)((DFA)->tables[YYTD_ID_EC]->td_data))

Definition at line 87 of file match.h.

#define NEXT_TABLE

(

DFA

)

((u16 *)((DFA)->tables[YYTD_ID_NXT]->td_data))

Definition at line 85 of file match.h.

#define TO_ACCEPT1_FLAG

(

X

)

ACCEPT1_FLAGS(X)

Definition at line 71 of file match.h.

#define TO_ACCEPT2_FLAG

(

X

)

(ACCEPT1_FLAGS(X) << YYTD_ID_ACCEPT2)

Definition at line 72 of file match.h.

#define UNPACK_ARRAY	(		TABLE,
			BLOB,
			LEN,
			TYPE,
			NTOHX
	)

Value:

do { \
        typeof(LEN) __i; \
        TYPE *__t = (TYPE *) TABLE; \
        TYPE *__b = (TYPE *) BLOB; \
        for (__i = 0; __i < LEN; __i++) { \
            __t[__i] = NTOHX(__b[__i]); \
        } \
    } while (0)

Definition at line 99 of file match.h.

#define YYTD_DATA16   2

Definition at line 62 of file match.h.

#define YYTD_DATA32   4

Definition at line 63 of file match.h.

#define YYTD_DATA64   8

Definition at line 64 of file match.h.

#define YYTD_DATA8   1

Definition at line 61 of file match.h.

#define YYTD_ID_ACCEPT   0

Definition at line 51 of file match.h.

#define YYTD_ID_ACCEPT2   6

Definition at line 57 of file match.h.

#define YYTD_ID_BASE   1

Definition at line 52 of file match.h.

#define YYTD_ID_CHK   2

Definition at line 53 of file match.h.

#define YYTD_ID_DEF   3

Definition at line 54 of file match.h.

#define YYTD_ID_EC   4

Definition at line 55 of file match.h.

#define YYTD_ID_META   5

Definition at line 56 of file match.h.

#define YYTD_ID_NXT   7

Definition at line 58 of file match.h.

#define YYTD_ID_TSIZE   8

Definition at line 59 of file match.h.

#define YYTH_DEF_RECURSE   0x1 /* DEF Table is recursive */

Definition at line 37 of file match.h.

#define YYTH_MAGIC   0x1B5E783D

The format used for transition tables is based on the GNU flex table file format (–tables-file option; see Table File Format in the flex info pages and the flex sources for documentation). The magic number used in the header is 0x1B5E783D instead of 0xF13C57B1 though, because the YY_ID_CHK (check) and YY_ID_DEF (default) tables are used slightly differently (see the apparmor-parser package).

Definition at line 36 of file match.h.

Function Documentation

void aa_dfa_free_kref

(

struct kref *

kref

)

aa_dfa_free_kref - free aa_dfa by kref (called by aa_put_dfa) : kref callback for freeing of a dfa (NOT NULL)

Definition at line 184 of file match.c.

unsigned int aa_dfa_match	(	struct aa_dfa *	dfa,
		unsigned int	start,
		const char *	str
	)

aa_dfa_match - traverse to find state stops at : the dfa to match against (NOT NULL) : the state of the dfa to start matching in : the null terminated string of bytes to match against the dfa (NOT NULL)

aa_dfa_match will match against the dfa and return the state it finished matching in. The final state can be used to look up the accepting label, or as the start state of a continuing match.

Returns: final state reached after input is consumed

Definition at line 349 of file match.c.

unsigned int aa_dfa_match_len	(	struct aa_dfa *	dfa,
		unsigned int	start,
		const char *	str,
		int	len
	)

aa_dfa_match_len - traverse to find state stops at : the dfa to match against (NOT NULL) : the state of the dfa to start matching in : the string of bytes to match against the dfa (NOT NULL) : length of the string of bytes to match

aa_dfa_match_len will match against the dfa and return the state it finished matching in. The final state can be used to look up the accepting label, or as the start state of a continuing match.

This function will happily match again the 0 byte and only finishes when input is consumed.

Returns: final state reached after input is consumed

Definition at line 299 of file match.c.

unsigned int aa_dfa_next	(	struct aa_dfa *	dfa,
		unsigned int	state,
		const char	c
	)

aa_dfa_next - step one character to the next state in the dfa : the dfa to tranverse (NOT NULL) : the state to start in : the input character to transition on

aa_dfa_match will step through the dfa by one input character

Returns: state reach after input

Definition at line 397 of file match.c.

struct aa_dfa* aa_dfa_unpack ( void *  blob, size_t  size, int  flags  )

read

aa_dfa_unpack - unpack the binary tables of a serialized dfa : aligned serialized stream of data to unpack (NOT NULL) : size of data to unpack : flags controlling what type of accept tables are acceptable

Unpack a dfa that has been serialized. To find information on the dfa format look in Documentation/security/apparmor.txt Assumes the dfa stream has been aligned on a 8 byte boundary

Returns: an unpacked dfa ready for matching or ERR_PTR on failure

Definition at line 202 of file match.c.