Jann Horn <jannh@xxxxxxxxxx> wrote: > > On Sat, Jul 6, 2019 at 12:55 PM Salvatore Mesoraca > <s.mesoraca16@xxxxxxxxx> wrote: > > Creation of a generic Discrete Finite Automata implementation > > for string matching. The transition tables have to be produced > > in user-space. > > This allows us to possibly support advanced string matching > > patterns like regular expressions, but they need to be supported > > by user-space tools. > > AppArmor already has a DFA implementation that takes a DFA machine > from userspace and runs it against file paths; see e.g. > aa_dfa_match(). Did you look into whether you could move their DFA to > some place like lib/ and reuse it instead of adding yet another > generic rule interface to the kernel? Yes, using AppArmor DFA cloud be a possibility. Though, I didn't know how AppArmor's maintainers feel about this. I thought that was easier to just implement my own. Anyway I understand that re-using that code would be the optimal solution. I'm adding in CC AppArmor's maintainers, let's see what they think about this. > > +++ b/security/sara/dfa.c > > @@ -0,0 +1,335 @@ > > +// SPDX-License-Identifier: GPL-2.0 > > + > > +/* > > + * S.A.R.A. Linux Security Module > > + * > > + * Copyright (C) 2017 Salvatore Mesoraca <s.mesoraca16@xxxxxxxxx> > > + * > > + * This program is free software; you can redistribute it and/or modify > > + * it under the terms of the GNU General Public License version 2, as > > + * published by the Free Software Foundation. > > Throughout the series, you are adding files that both add an SPDX > identifier and have a description of the license in the comment block > at the top. The SPDX identifier already identifies the license. I added the license description because I thought it was required anyway. IANAL, if you tell me that SPDX it's enough I'll remove the description. Thank you for your comments.
