Re: [PATCH v5 04/12] S.A.R.A.: generic DFA for string matching

[PATCH v5 00/12] S.A.R.A. a new stacked LSM · Salvatore Mesoraca <hidden> · 2019-07-06
[PATCH v5 01/12] S.A.R.A.: add documentation · Salvatore Mesoraca <hidden> · 2019-07-06
Re: [PATCH v5 01/12] S.A.R.A.: add documentation · Randy Dunlap <hidden> · 2019-07-06
Re: [PATCH v5 01/12] S.A.R.A.: add documentation · Salvatore Mesoraca <hidden> · 2019-07-06
Re: [PATCH v5 01/12] S.A.R.A.: add documentation · James Morris <jmorris@namei.org> · 2019-07-13
[PATCH v5 02/12] S.A.R.A.: create framework · Salvatore Mesoraca <hidden> · 2019-07-06
Re: [PATCH v5 02/12] S.A.R.A.: create framework · Randy Dunlap <hidden> · 2019-07-06
[PATCH v5 06/12] S.A.R.A.: WX protection · Salvatore Mesoraca <hidden> · 2019-07-06
Re: [PATCH v5 06/12] S.A.R.A.: WX protection · Randy Dunlap <hidden> · 2019-07-06
Re: [PATCH v5 06/12] S.A.R.A.: WX protection · Al Viro <viro@zeniv.linux.org.uk> · 2019-07-06
Re: [PATCH v5 06/12] S.A.R.A.: WX protection · Salvatore Mesoraca <hidden> · 2019-07-07
Re: [PATCH v5 06/12] S.A.R.A.: WX protection · Kees Cook <hidden> · 2019-07-09
RE: [PATCH v5 06/12] S.A.R.A.: WX protection · David Laight <hidden> · 2019-07-08
[PATCH v5 08/12] S.A.R.A.: trampoline emulation · Salvatore Mesoraca <hidden> · 2019-07-06
Re: [PATCH v5 08/12] S.A.R.A.: trampoline emulation · Randy Dunlap <hidden> · 2019-07-06
[PATCH v5 09/12] S.A.R.A.: WX protection procattr interface · Salvatore Mesoraca <hidden> · 2019-07-06
[PATCH v5 10/12] S.A.R.A.: XATTRs support · Salvatore Mesoraca <hidden> · 2019-07-06
[PATCH v5 12/12] MAINTAINERS: take maintainership for S.A.R.A. · Salvatore Mesoraca <hidden> · 2019-07-06
[PATCH v5 11/12] S.A.R.A.: /proc/*/mem write limitation · Salvatore Mesoraca <hidden> · 2019-07-06
Re: [PATCH v5 11/12] S.A.R.A.: /proc/*/mem write limitation · Jann Horn <jannh@google.com> · 2019-07-06
Re: [PATCH v5 11/12] S.A.R.A.: /proc/*/mem write limitation · Salvatore Mesoraca <hidden> · 2019-07-07
[PATCH v5 05/12] LSM: creation of "check_vmflags" LSM hook · Salvatore Mesoraca <hidden> · 2019-07-06
[PATCH v5 07/12] LSM: creation of "pagefault_handler" LSM hook · Salvatore Mesoraca <hidden> · 2019-07-06
[PATCH v5 03/12] S.A.R.A.: cred blob management · Salvatore Mesoraca <hidden> · 2019-07-06
Re: [PATCH v5 03/12] S.A.R.A.: cred blob management · James Morris <jmorris@namei.org> · 2019-07-12
[PATCH v5 04/12] S.A.R.A.: generic DFA for string matching · Salvatore Mesoraca <hidden> · 2019-07-06
Re: [PATCH v5 04/12] S.A.R.A.: generic DFA for string matching · Jann Horn <jannh@google.com> · 2019-07-06
Re: [PATCH v5 04/12] S.A.R.A.: generic DFA for string matching · Salvatore Mesoraca <hidden> · 2019-07-07
Re: [PATCH v5 04/12] S.A.R.A.: generic DFA for string matching · Jann Horn <jannh@google.com> · 2019-07-08
Re: [PATCH v5 04/12] S.A.R.A.: generic DFA for string matching · Salvatore Mesoraca <hidden> · 2019-10-06
Re: [PATCH v5 04/12] S.A.R.A.: generic DFA for string matching · Jann Horn <jannh@google.com> · 2019-10-07
Re: [PATCH v5 00/12] S.A.R.A. a new stacked LSM · Jordan Glover <hidden> · 2019-07-06
Re: [PATCH v5 00/12] S.A.R.A. a new stacked LSM · Salvatore Mesoraca <hidden> · 2019-07-06
Re: [PATCH v5 00/12] S.A.R.A. a new stacked LSM · James Morris <jmorris@namei.org> · 2019-07-07
Re: [PATCH v5 00/12] S.A.R.A. a new stacked LSM · Salvatore Mesoraca <hidden> · 2019-07-07

From: Jann Horn <jannh@google.com>
Date: 2019-07-06 18:33:17
Also in: linux-mm, lkml

On Sat, Jul 6, 2019 at 12:55 PM Salvatore Mesoraca
[off-list ref] wrote:

Creation of a generic Discrete Finite Automata implementation
for string matching. The transition tables have to be produced
in user-space.
This allows us to possibly support advanced string matching
patterns like regular expressions, but they need to be supported
by user-space tools.

AppArmor already has a DFA implementation that takes a DFA machine
from userspace and runs it against file paths; see e.g.
aa_dfa_match(). Did you look into whether you could move their DFA to
some place like lib/ and reuse it instead of adding yet another
generic rule interface to the kernel?

[...]

quoted hunk ↗ jump to hunk

+++ b/security/sara/dfa.c

@@ -0,0 +1,335 @@
+// SPDX-License-Identifier: GPL-2.0
+
+/*
+ * S.A.R.A. Linux Security Module
+ *
+ * Copyright (C) 2017 Salvatore Mesoraca <s.mesoraca16@gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2, as
+ * published by the Free Software Foundation.

Throughout the series, you are adding files that both add an SPDX
identifier and have a description of the license in the comment block
at the top. The SPDX identifier already identifies the license.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help