On 05/28/2012 10:53 AM, Seth Arnold wrote: > I'd love to see the tools and parser using the exact same code to figure out > which files to skip. Is there an exported library call that could be used in > the tools to replace this function? > Not yet but soon. The chfa match code is going to become part of the library. At that point we can add a match fn, and provide it with a precompiled expression (something compiled during the build).
Precompiled because we aren't currently planning on putting the full aare code into libapparmor (C++ and all its deps), but we will make it available as a second library. Well that is the current plan anyway, it is possible we might collapse down to one (libapparmor) or could split into 3 libapparmor, libaare_match, libaare. The reason for wanting the split is that the match code is lightweight and pure C, while the code to compile an expression is C++ and quite heavy. The match code will uses without being able to compile an expression, as we will be able to hand it precompiled expressions (policy exported from kernel, etc). Of course its possible that the split isn't worth doing, we need to look at it more. -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
