TOMOYO: Cleanup part 2.

static int tomoyo_write_manager(struct tomoyo_io_buffer *head)

{

	char *data = head->write_buf;

	bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);

	bool is_delete = tomoyo_str_starts(&data, "delete ");

	if (!strcmp(data, "manage_by_non_root")) {

		tomoyo_manage_by_non_root = !is_delete;

static int tomoyo_write_domain2(char *data, struct tomoyo_domain_info *domain,

				const bool is_delete)

{

	if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_MOUNT))

	if (tomoyo_str_starts(&data, "allow_mount "))

		return tomoyo_write_mount(data, domain, is_delete);

	return tomoyo_write_file(data, domain, is_delete);

}

	bool is_select = false;

	unsigned int profile;

	if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))

	if (tomoyo_str_starts(&data, "delete "))

		is_delete = true;

	else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))

	else if (tomoyo_str_starts(&data, "select "))

		is_select = true;

	if (is_select && tomoyo_select_one(head, data))

		return 0;

	if (!domain)

		return -EINVAL;

	if (sscanf(data, TOMOYO_KEYWORD_USE_PROFILE "%u", &profile) == 1

	if (sscanf(data, "use_profile %u", &profile) == 1

	    && profile < TOMOYO_MAX_PROFILES) {

		if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)

			domain->profile = (u8) profile;

		return 0;

	}

	if (!strcmp(data, TOMOYO_KEYWORD_QUOTA_EXCEEDED)) {

	if (!strcmp(data, "quota_exceeded")) {

		domain->quota_warned = !is_delete;

		return 0;

	}

	if (!strcmp(data, TOMOYO_KEYWORD_TRANSITION_FAILED)) {

	if (!strcmp(data, "transition_failed")) {

		domain->transition_failed = !is_delete;

		return 0;

	}

			/* Print domainname and flags. */

			tomoyo_set_string(head, domain->domainname->name);

			tomoyo_set_lf(head);

			tomoyo_io_printf(head,

					 TOMOYO_KEYWORD_USE_PROFILE "%u\n",

			tomoyo_io_printf(head, "use_profile %u\n",

					 domain->profile);

			if (domain->quota_warned)

				tomoyo_set_string(head, "quota_exceeded\n");

}

static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = {

	[TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE]

	= TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN,

	[TOMOYO_TRANSITION_CONTROL_INITIALIZE]

	= TOMOYO_KEYWORD_INITIALIZE_DOMAIN,

	[TOMOYO_TRANSITION_CONTROL_NO_KEEP] = TOMOYO_KEYWORD_NO_KEEP_DOMAIN,

	[TOMOYO_TRANSITION_CONTROL_KEEP] = TOMOYO_KEYWORD_KEEP_DOMAIN

	[TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain",

	[TOMOYO_TRANSITION_CONTROL_INITIALIZE]    = "initialize_domain",

	[TOMOYO_TRANSITION_CONTROL_NO_KEEP]       = "no_keep_domain",

	[TOMOYO_TRANSITION_CONTROL_KEEP]          = "keep_domain",

};

static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {

	[TOMOYO_PATH_GROUP] = TOMOYO_KEYWORD_PATH_GROUP,

	[TOMOYO_NUMBER_GROUP] = TOMOYO_KEYWORD_NUMBER_GROUP

	[TOMOYO_PATH_GROUP]   = "path_group ",

	[TOMOYO_NUMBER_GROUP] = "number_group ",

};

/**

static int tomoyo_write_exception(struct tomoyo_io_buffer *head)

{

	char *data = head->write_buf;

	bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);

	bool is_delete = tomoyo_str_starts(&data, "delete ");

	u8 i;

	static const struct {

		const char *keyword;

		int (*write) (char *, const bool);

	} tomoyo_callback[1] = {

		{ TOMOYO_KEYWORD_AGGREGATOR, tomoyo_write_aggregator },

		{ "aggregator ", tomoyo_write_aggregator },

	};

	for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)

			{

				struct tomoyo_aggregator *ptr =

					container_of(acl, typeof(*ptr), head);

				tomoyo_set_string(head,

						  TOMOYO_KEYWORD_AGGREGATOR);

				tomoyo_set_string(head, "aggregator ");

				tomoyo_set_string(head,

						  ptr->original_name->name);

				tomoyo_set_space(head);

 * tomoyo_audit_path_number_log - Audit path/number request log.

 *

 * @r: Pointer to "struct tomoyo_request_info".

 * @error: Error code.

 *

 * Returns 0 on success, negative value otherwise.

 */

#include <linux/slab.h>

#include "common.h"

/* Keywords for mount restrictions. */

/* Allow to call 'mount --bind /source_dir /dest_dir' */

#define TOMOYO_MOUNT_BIND_KEYWORD                        "--bind"

/* Allow to call 'mount --move /old_dir    /new_dir ' */

#define TOMOYO_MOUNT_MOVE_KEYWORD                        "--move"

/* Allow to call 'mount -o remount /dir             ' */

#define TOMOYO_MOUNT_REMOUNT_KEYWORD                     "--remount"

/* Allow to call 'mount --make-unbindable /dir'       */

#define TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD             "--make-unbindable"

/* Allow to call 'mount --make-private /dir'          */

#define TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD                "--make-private"

/* Allow to call 'mount --make-slave /dir'            */

#define TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD                  "--make-slave"

/* Allow to call 'mount --make-shared /dir'           */

#define TOMOYO_MOUNT_MAKE_SHARED_KEYWORD                 "--make-shared"

/* String table for special mount operations. */

static const char * const tomoyo_mounts[TOMOYO_MAX_SPECIAL_MOUNT] = {

	[TOMOYO_MOUNT_BIND]            = "--bind",

	[TOMOYO_MOUNT_MOVE]            = "--move",

	[TOMOYO_MOUNT_REMOUNT]         = "--remount",

	[TOMOYO_MOUNT_MAKE_UNBINDABLE] = "--make-unbindable",

	[TOMOYO_MOUNT_MAKE_PRIVATE]    = "--make-private",

	[TOMOYO_MOUNT_MAKE_SLAVE]      = "--make-slave",

	[TOMOYO_MOUNT_MAKE_SHARED]     = "--make-shared",

};

/**

 * tomoyo_audit_mount_log - Audit mount log.

	const unsigned long flags = r->param.mount.flags;

	if (r->granted)

		return 0;

	if (!strcmp(type, TOMOYO_MOUNT_REMOUNT_KEYWORD))

	if (type == tomoyo_mounts[TOMOYO_MOUNT_REMOUNT])

		tomoyo_warn_log(r, "mount -o remount %s 0x%lX", dir, flags);

	else if (!strcmp(type, TOMOYO_MOUNT_BIND_KEYWORD)

		 || !strcmp(type, TOMOYO_MOUNT_MOVE_KEYWORD))

	else if (type == tomoyo_mounts[TOMOYO_MOUNT_BIND]

		 || type == tomoyo_mounts[TOMOYO_MOUNT_MOVE])

		tomoyo_warn_log(r, "mount %s %s %s 0x%lX", type, dev, dir,

				flags);

	else if (!strcmp(type, TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD) ||

		 !strcmp(type, TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD) ||

		 !strcmp(type, TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD) ||

		 !strcmp(type, TOMOYO_MOUNT_MAKE_SHARED_KEYWORD))

	else if (type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE] ||

		 type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE] ||

		 type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE] ||

		 type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED])

		tomoyo_warn_log(r, "mount %s %s 0x%lX", type, dir, flags);

	else

		tomoyo_warn_log(r, "mount -t %s %s %s 0x%lX", type, dev, dir,

				flags);

	return tomoyo_supervisor(r,

				 TOMOYO_KEYWORD_ALLOW_MOUNT "%s %s %s 0x%lX\n",

	return tomoyo_supervisor(r, "allow_mount %s %s %s 0x%lX\n",

				 r->param.mount.dev->name,

				 r->param.mount.dir->name, type, flags);

}

 * Caller holds tomoyo_read_lock().

 */

static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,

			    struct path *dir, char *type, unsigned long flags)

			    struct path *dir, const char *type,

			    unsigned long flags)

{

	struct path path;

	struct file_system_type *fstype = NULL;

	tomoyo_fill_path_info(&rdir);

	/* Compare fs name. */

	if (!strcmp(type, TOMOYO_MOUNT_REMOUNT_KEYWORD)) {

	if (type == tomoyo_mounts[TOMOYO_MOUNT_REMOUNT]) {

		/* dev_name is ignored. */

	} else if (!strcmp(type, TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD) ||

		   !strcmp(type, TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD) ||

		   !strcmp(type, TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD) ||

		   !strcmp(type, TOMOYO_MOUNT_MAKE_SHARED_KEYWORD)) {

	} else if (type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE] ||

		   type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE] ||

		   type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE] ||

		   type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED]) {

		/* dev_name is ignored. */

	} else if (!strcmp(type, TOMOYO_MOUNT_BIND_KEYWORD) ||

		   !strcmp(type, TOMOYO_MOUNT_MOVE_KEYWORD)) {

	} else if (type == tomoyo_mounts[TOMOYO_MOUNT_BIND] ||

		   type == tomoyo_mounts[TOMOYO_MOUNT_MOVE]) {

		need_dev = -1; /* dev_name is a directory */

	} else {

		fstype = get_fs_type(type);

 *

 * Returns 0 on success, negative value otherwise.

 */

int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,

			    unsigned long flags, void *data_page)

int tomoyo_mount_permission(char *dev_name, struct path *path,

			    const char *type, unsigned long flags,

			    void *data_page)

{

	struct tomoyo_request_info r;

	int error;

	if ((flags & MS_MGC_MSK) == MS_MGC_VAL)

		flags &= ~MS_MGC_MSK;

	if (flags & MS_REMOUNT) {

		type = TOMOYO_MOUNT_REMOUNT_KEYWORD;

		type = tomoyo_mounts[TOMOYO_MOUNT_REMOUNT];

		flags &= ~MS_REMOUNT;

	}

	if (flags & MS_MOVE) {

		type = TOMOYO_MOUNT_MOVE_KEYWORD;

		type = tomoyo_mounts[TOMOYO_MOUNT_MOVE];

		flags &= ~MS_MOVE;

	}

	if (flags & MS_BIND) {

		type = TOMOYO_MOUNT_BIND_KEYWORD;

		type = tomoyo_mounts[TOMOYO_MOUNT_BIND];

		flags &= ~MS_BIND;

	}

	if (flags & MS_UNBINDABLE) {

		type = TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD;

		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE];

		flags &= ~MS_UNBINDABLE;

	}

	if (flags & MS_PRIVATE) {

		type = TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD;

		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE];

		flags &= ~MS_PRIVATE;

	}

	if (flags & MS_SLAVE) {

		type = TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD;

		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE];

		flags &= ~MS_SLAVE;

	}

	if (flags & MS_SHARED) {

		type = TOMOYO_MOUNT_MAKE_SHARED_KEYWORD;

		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED];

		flags &= ~MS_SHARED;

	}

	if (!type)

}

/**

 * tomoyo_poll - poll() for /proc/ccs/ interface.

 * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface.

 *

 * @file: Pointer to "struct file".

 * @wait: Pointer to "poll_table".