TOMOYO: Split file access control functions by type of parameters.

		return true;

		return true;

	list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {

	list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {

		switch (ptr->type) {

		switch (ptr->type) {

			struct tomoyo_path_acl *acl;

			u16 perm;

			u32 perm;

			u8 i;

			u8 i;

		case TOMOYO_TYPE_PATH_ACL:

		case TOMOYO_TYPE_PATH_ACL:

			acl = container_of(ptr, struct tomoyo_path_acl, head);

			perm = container_of(ptr, struct tomoyo_path_acl, head)

			perm = acl->perm | (((u32) acl->perm_high) << 16);

				->perm;

			for (i = 0; i < TOMOYO_MAX_PATH_OPERATION; i++)

			for (i = 0; i < TOMOYO_MAX_PATH_OPERATION; i++)

				if (perm & (1 << i))

				if (perm & (1 << i))

					count++;

					count++;

				if (perm & (1 << i))

				if (perm & (1 << i))

					count++;

					count++;

			break;

			break;

		case TOMOYO_TYPE_PATH_NUMBER_ACL:

			perm = container_of(ptr, struct tomoyo_path_number_acl,

					    head)->perm;

			for (i = 0; i < TOMOYO_MAX_PATH_NUMBER_OPERATION; i++)

				if (perm & (1 << i))

					count++;

			break;

		case TOMOYO_TYPE_PATH_NUMBER3_ACL:

			perm = container_of(ptr, struct tomoyo_path_number3_acl,

					    head)->perm;

			for (i = 0; i < TOMOYO_MAX_PATH_NUMBER3_OPERATION; i++)

				if (perm & (1 << i))

					count++;

			break;

		}

		}

	}

	}

	if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY))

	if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY))

{

{

	int pos;

	int pos;

	u8 bit;

	u8 bit;

	const u32 perm = ptr->perm | (((u32) ptr->perm_high) << 16);

	const u16 perm = ptr->perm;

	for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {

	for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {

		if (!(perm & (1 << bit)))

		if (!(perm & (1 << bit)))

	return false;

	return false;

}

}

/**

 * tomoyo_print_path_number_acl - Print a path_number ACL entry.

 *

 * @head: Pointer to "struct tomoyo_io_buffer".

 * @ptr:  Pointer to "struct tomoyo_path_number_acl".

 *

 * Returns true on success, false otherwise.

 */

static bool tomoyo_print_path_number_acl(struct tomoyo_io_buffer *head,

					 struct tomoyo_path_number_acl *ptr)

{

	int pos;

	u8 bit;

	const u8 perm = ptr->perm;

	for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_NUMBER_OPERATION;

	     bit++) {

		if (!(perm & (1 << bit)))

			continue;

		pos = head->read_avail;

		if (!tomoyo_io_printf(head, "allow_%s",

				      tomoyo_path_number2keyword(bit)) ||

		    !tomoyo_print_name_union(head, &ptr->name) ||

		    !tomoyo_print_number_union(head, &ptr->number) ||

		    !tomoyo_io_printf(head, "\n"))

			goto out;

	}

	head->read_bit = 0;

	return true;

 out:

	head->read_bit = bit;

	head->read_avail = pos;

	return false;

}

/**

 * tomoyo_print_path_number3_acl - Print a path_number3 ACL entry.

 *

 * @head: Pointer to "struct tomoyo_io_buffer".

 * @ptr:  Pointer to "struct tomoyo_path_number3_acl".

 *

 * Returns true on success, false otherwise.

 */

static bool tomoyo_print_path_number3_acl(struct tomoyo_io_buffer *head,

					  struct tomoyo_path_number3_acl *ptr)

{

	int pos;

	u8 bit;

	const u16 perm = ptr->perm;

	for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_NUMBER3_OPERATION;

	     bit++) {

		if (!(perm & (1 << bit)))

			continue;

		pos = head->read_avail;

		if (!tomoyo_io_printf(head, "allow_%s",

				      tomoyo_path_number32keyword(bit)) ||

		    !tomoyo_print_name_union(head, &ptr->name) ||

		    !tomoyo_print_number_union(head, &ptr->mode) ||

		    !tomoyo_print_number_union(head, &ptr->major) ||

		    !tomoyo_print_number_union(head, &ptr->minor) ||

		    !tomoyo_io_printf(head, "\n"))

			goto out;

	}

	head->read_bit = 0;

	return true;

 out:

	head->read_bit = bit;

	head->read_avail = pos;

	return false;

}

/**

/**

 * tomoyo_print_entry - Print an ACL entry.

 * tomoyo_print_entry - Print an ACL entry.

 *

 *

			= container_of(ptr, struct tomoyo_path2_acl, head);

			= container_of(ptr, struct tomoyo_path2_acl, head);

		return tomoyo_print_path2_acl(head, acl);

		return tomoyo_print_path2_acl(head, acl);

	}

	}

	if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) {

		struct tomoyo_path_number_acl *acl

			= container_of(ptr, struct tomoyo_path_number_acl,

				       head);

		return tomoyo_print_path_number_acl(head, acl);

	}

	if (acl_type == TOMOYO_TYPE_PATH_NUMBER3_ACL) {

		struct tomoyo_path_number3_acl *acl

			= container_of(ptr, struct tomoyo_path_number3_acl,

				       head);

		return tomoyo_print_path_number3_acl(head, acl);

	}

	BUG(); /* This must not happen. */

	BUG(); /* This must not happen. */

	return false;

	return false;

}

}

enum tomoyo_acl_entry_type_index {

enum tomoyo_acl_entry_type_index {

	TOMOYO_TYPE_PATH_ACL,

	TOMOYO_TYPE_PATH_ACL,

	TOMOYO_TYPE_PATH2_ACL,

	TOMOYO_TYPE_PATH2_ACL,

	TOMOYO_TYPE_PATH_NUMBER_ACL,

	TOMOYO_TYPE_PATH_NUMBER3_ACL,

};

};

/* Index numbers for File Controls. */

/* Index numbers for File Controls. */

/*

/*

 * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set

 * TOMOYO_TYPE_READ_WRITE is special. TOMOYO_TYPE_READ_WRITE is automatically

 * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and

 * set if both TOMOYO_TYPE_READ and TOMOYO_TYPE_WRITE are set.

 * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set.

 * Both TOMOYO_TYPE_READ and TOMOYO_TYPE_WRITE are automatically set if

 * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or

 * TOMOYO_TYPE_READ_WRITE is set.

 * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are

 * TOMOYO_TYPE_READ_WRITE is automatically cleared if either TOMOYO_TYPE_READ

 * automatically cleared if TYPE_READ_WRITE_ACL is cleared.

 * or TOMOYO_TYPE_WRITE is cleared.

 * Both TOMOYO_TYPE_READ and TOMOYO_TYPE_WRITE are automatically cleared if

 * TOMOYO_TYPE_READ_WRITE is cleared.

 */

 */

enum tomoyo_path_acl_index {

enum tomoyo_path_acl_index {

	TOMOYO_TYPE_EXECUTE,

	TOMOYO_TYPE_EXECUTE,

	TOMOYO_TYPE_READ,

	TOMOYO_TYPE_READ,

	TOMOYO_TYPE_WRITE,

	TOMOYO_TYPE_WRITE,

	TOMOYO_TYPE_CREATE,

	TOMOYO_TYPE_UNLINK,

	TOMOYO_TYPE_UNLINK,

	TOMOYO_TYPE_MKDIR,

	TOMOYO_TYPE_RMDIR,

	TOMOYO_TYPE_RMDIR,

	TOMOYO_TYPE_MKFIFO,

	TOMOYO_TYPE_MKSOCK,

	TOMOYO_TYPE_MKBLOCK,

	TOMOYO_TYPE_MKCHAR,

	TOMOYO_TYPE_TRUNCATE,

	TOMOYO_TYPE_TRUNCATE,

	TOMOYO_TYPE_SYMLINK,

	TOMOYO_TYPE_SYMLINK,

	TOMOYO_TYPE_REWRITE,

	TOMOYO_TYPE_REWRITE,

	TOMOYO_TYPE_IOCTL,

	TOMOYO_TYPE_CHMOD,

	TOMOYO_TYPE_CHOWN,

	TOMOYO_TYPE_CHGRP,

	TOMOYO_TYPE_CHROOT,

	TOMOYO_TYPE_CHROOT,

	TOMOYO_TYPE_MOUNT,

	TOMOYO_TYPE_MOUNT,

	TOMOYO_TYPE_UMOUNT,

	TOMOYO_TYPE_UMOUNT,

	TOMOYO_MAX_PATH_OPERATION

	TOMOYO_MAX_PATH_OPERATION

};

};

enum tomoyo_path_number3_acl_index {

	TOMOYO_TYPE_MKBLOCK,

	TOMOYO_TYPE_MKCHAR,

	TOMOYO_MAX_PATH_NUMBER3_OPERATION

};

enum tomoyo_path2_acl_index {

enum tomoyo_path2_acl_index {

	TOMOYO_TYPE_LINK,

	TOMOYO_TYPE_LINK,

	TOMOYO_TYPE_RENAME,

	TOMOYO_TYPE_RENAME,

	TOMOYO_MAX_PATH2_OPERATION

	TOMOYO_MAX_PATH2_OPERATION

};

};

enum tomoyo_path_number_acl_index {

	TOMOYO_TYPE_CREATE,

	TOMOYO_TYPE_MKDIR,

	TOMOYO_TYPE_MKFIFO,

	TOMOYO_TYPE_MKSOCK,

	TOMOYO_TYPE_IOCTL,

	TOMOYO_TYPE_CHMOD,

	TOMOYO_TYPE_CHOWN,

	TOMOYO_TYPE_CHGRP,

	TOMOYO_MAX_PATH_NUMBER_OPERATION

};

enum tomoyo_securityfs_interface_index {

enum tomoyo_securityfs_interface_index {

	TOMOYO_DOMAINPOLICY,

	TOMOYO_DOMAINPOLICY,

	TOMOYO_EXCEPTIONPOLICY,

	TOMOYO_EXCEPTIONPOLICY,

 *  (3) "name" is the pathname.

 *  (3) "name" is the pathname.

 *

 *

 * Directives held by this structure are "allow_read/write", "allow_execute",

 * Directives held by this structure are "allow_read/write", "allow_execute",

 * "allow_read", "allow_write", "allow_create", "allow_unlink", "allow_mkdir",

 * "allow_read", "allow_write", "allow_unlink", "allow_rmdir",

 * "allow_rmdir", "allow_mkfifo", "allow_mksock", "allow_mkblock",

 * "allow_truncate", "allow_symlink", "allow_rewrite", "allow_chroot",

 * "allow_mkchar", "allow_truncate", "allow_symlink", "allow_rewrite",

 * "allow_ioctl", "allow_chmod", "allow_chown", "allow_chgrp", "allow_chroot",

 * "allow_mount" and "allow_unmount".

 * "allow_mount" and "allow_unmount".

 */

 */

struct tomoyo_path_acl {

struct tomoyo_path_acl {

	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */

	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */

	u8 perm_high;

	u16 perm;

	u16 perm;

	struct tomoyo_name_union name;

	struct tomoyo_name_union name;

};

};

/*

 * tomoyo_path_number_acl is a structure which is used for holding an

 * entry with one pathname and one number operation.

 * It has following fields.

 *

 *  (1) "head" which is a "struct tomoyo_acl_info".

 *  (2) "perm" which is a bitmask of permitted operations.

 *  (3) "name" is the pathname.

 *  (4) "number" is the numeric value.

 *

 * Directives held by this structure are "allow_create", "allow_mkdir",

 * "allow_ioctl", "allow_mkfifo", "allow_mksock", "allow_chmod", "allow_chown"

 * and "allow_chgrp".

 *

 */

struct tomoyo_path_number_acl {

	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_NUMBER_ACL */

	u8 perm;

	struct tomoyo_name_union name;

	struct tomoyo_number_union number;

};

/*

 * tomoyo_path_number3_acl is a structure which is used for holding an

 * entry with one pathname and three numbers operation.

 * It has following fields.

 *

 *  (1) "head" which is a "struct tomoyo_acl_info".

 *  (2) "perm" which is a bitmask of permitted operations.

 *  (3) "mode" is the create mode.

 *  (4) "major" is the major number of device node.

 *  (5) "minor" is the minor number of device node.

 *

 * Directives held by this structure are "allow_mkchar", "allow_mkblock".

 *

 */

struct tomoyo_path_number3_acl {

	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_NUMBER3_ACL */

	u8 perm;

	struct tomoyo_name_union name;

	struct tomoyo_number_union mode;

	struct tomoyo_number_union major;

	struct tomoyo_number_union minor;

};

/*

/*

 * tomoyo_path2_acl is a structure which is used for holding an

 * tomoyo_path2_acl is a structure which is used for holding an

 * entry with two pathnames operation (i.e. link(), rename() and pivot_root()).

 * entry with two pathnames operation (i.e. link(), rename() and pivot_root()).

bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain);

bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain);

/* Convert double path operation to operation name. */

/* Convert double path operation to operation name. */

const char *tomoyo_path22keyword(const u8 operation);

const char *tomoyo_path22keyword(const u8 operation);

const char *tomoyo_path_number2keyword(const u8 operation);

const char *tomoyo_path_number32keyword(const u8 operation);

/* Get the last component of the given domainname. */

/* Get the last component of the given domainname. */

const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain);

const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain);

/* Convert single path operation to operation name. */

/* Convert single path operation to operation name. */

			   const struct tomoyo_path_info *filename);

			   const struct tomoyo_path_info *filename);

int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,

int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,

				 struct path *path, const int flag);

				 struct path *path, const int flag);

int tomoyo_path_number_perm(const u8 operation, struct path *path,

			    unsigned long number);

int tomoyo_path_number3_perm(const u8 operation, struct path *path,

			     const unsigned int mode, unsigned int dev);

int tomoyo_path_perm(const u8 operation, struct path *path);

int tomoyo_path_perm(const u8 operation, struct path *path);

int tomoyo_path2_perm(const u8 operation, struct path *path1,

int tomoyo_path2_perm(const u8 operation, struct path *path1,

		      struct path *path2);

		      struct path *path2);

int tomoyo_find_next_domain(struct linux_binprm *bprm);

int tomoyo_find_next_domain(struct linux_binprm *bprm);

void tomoyo_print_ulong(char *buffer, const int buffer_len,

			const unsigned long value, const u8 type);

/* Drop refcount on tomoyo_name_union. */

/* Drop refcount on tomoyo_name_union. */

void tomoyo_put_name_union(struct tomoyo_name_union *ptr);

void tomoyo_put_name_union(struct tomoyo_name_union *ptr);

		tomoyo_is_same_name_union(&p1->name, &p2->name);

		tomoyo_is_same_name_union(&p1->name, &p2->name);

}

}

static inline bool tomoyo_is_same_path_number3_acl

(const struct tomoyo_path_number3_acl *p1,

 const struct tomoyo_path_number3_acl *p2)

{

	return tomoyo_is_same_acl_head(&p1->head, &p2->head)

		&& tomoyo_is_same_name_union(&p1->name, &p2->name)

		&& tomoyo_is_same_number_union(&p1->mode, &p2->mode)

		&& tomoyo_is_same_number_union(&p1->major, &p2->major)

		&& tomoyo_is_same_number_union(&p1->minor, &p2->minor);

}

static inline bool tomoyo_is_same_path2_acl(const struct tomoyo_path2_acl *p1,

static inline bool tomoyo_is_same_path2_acl(const struct tomoyo_path2_acl *p1,

					    const struct tomoyo_path2_acl *p2)

					    const struct tomoyo_path2_acl *p2)

{

{

		tomoyo_is_same_name_union(&p1->name2, &p2->name2);

		tomoyo_is_same_name_union(&p1->name2, &p2->name2);

}

}

static inline bool tomoyo_is_same_path_number_acl

(const struct tomoyo_path_number_acl *p1,

 const struct tomoyo_path_number_acl *p2)

{

	return tomoyo_is_same_acl_head(&p1->head, &p2->head)

		&& tomoyo_is_same_name_union(&p1->name, &p2->name)

		&& tomoyo_is_same_number_union(&p1->number, &p2->number);

}

static inline bool tomoyo_is_same_domain_initializer_entry

static inline bool tomoyo_is_same_domain_initializer_entry

(const struct tomoyo_domain_initializer_entry *p1,

(const struct tomoyo_domain_initializer_entry *p1,

 const struct tomoyo_domain_initializer_entry *p2)

 const struct tomoyo_domain_initializer_entry *p2)

			tomoyo_put_name_union(&entry->name2);

			tomoyo_put_name_union(&entry->name2);

		}

		}

		break;

		break;

	case TOMOYO_TYPE_PATH_NUMBER_ACL:

		{

			struct tomoyo_path_number_acl *entry

				= container_of(acl, typeof(*entry), head);

			tomoyo_put_name_union(&entry->name);

			tomoyo_put_number_union(&entry->number);

		}

		break;

	case TOMOYO_TYPE_PATH_NUMBER3_ACL:

		{

			struct tomoyo_path_number3_acl *entry

				= container_of(acl, typeof(*entry), head);

			tomoyo_put_name_union(&entry->name);

			tomoyo_put_number_union(&entry->mode);

			tomoyo_put_number_union(&entry->major);

			tomoyo_put_number_union(&entry->minor);

		}

		break;

	default:

	default:

		printk(KERN_WARNING "Unknown type\n");

		printk(KERN_WARNING "Unknown type\n");

		break;

		break;

				case TOMOYO_TYPE_PATH_ACL:

				case TOMOYO_TYPE_PATH_ACL:

					if (container_of(acl,

					if (container_of(acl,

					 struct tomoyo_path_acl,

					 struct tomoyo_path_acl,

							 head)->perm ||

							 head)->perm)

					    container_of(acl,

					 struct tomoyo_path_acl,

							 head)->perm_high)

						continue;

						continue;

					break;

					break;

				case TOMOYO_TYPE_PATH2_ACL:

				case TOMOYO_TYPE_PATH2_ACL:

							 head)->perm)

							 head)->perm)

						continue;

						continue;

					break;

					break;

				case TOMOYO_TYPE_PATH_NUMBER_ACL:

					if (container_of(acl,

					 struct tomoyo_path_number_acl,

							 head)->perm)

						continue;

					break;

				case TOMOYO_TYPE_PATH_NUMBER3_ACL:

					if (container_of(acl,

					 struct tomoyo_path_number3_acl,

							 head)->perm)

						continue;

					break;

				default:

				default:

					continue;

					continue;

				}

				}

			     int mode)

			     int mode)

{

{

	struct path path = { parent->mnt, dentry };

	struct path path = { parent->mnt, dentry };

	return tomoyo_path_perm(TOMOYO_TYPE_MKDIR, &path);

	return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,

				       mode & S_IALLUGO);

}

}

static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)

static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)

{

{

	struct path path = { parent->mnt, dentry };

	struct path path = { parent->mnt, dentry };

	int type = TOMOYO_TYPE_CREATE;

	int type = TOMOYO_TYPE_CREATE;

	const unsigned int perm = mode & S_IALLUGO;

	switch (mode & S_IFMT) {

	switch (mode & S_IFMT) {

	case S_IFCHR:

	case S_IFCHR:

	case S_IFBLK:

	case S_IFBLK:

		type = TOMOYO_TYPE_MKBLOCK;

		type = TOMOYO_TYPE_MKBLOCK;

		break;

		break;

	default:

		goto no_dev;

	}

	return tomoyo_path_number3_perm(type, &path, perm, dev);

 no_dev:

	switch (mode & S_IFMT) {

	case S_IFIFO:

	case S_IFIFO:

		type = TOMOYO_TYPE_MKFIFO;

		type = TOMOYO_TYPE_MKFIFO;

		break;

		break;

		type = TOMOYO_TYPE_MKSOCK;

		type = TOMOYO_TYPE_MKSOCK;

		break;

		break;

	}

	}

	return tomoyo_path_perm(type, &path);

	return tomoyo_path_number_perm(type, &path, perm);

}

}

static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,

static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,

static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,

static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,

			     unsigned long arg)

			     unsigned long arg)

{

{

	return tomoyo_path_perm(TOMOYO_TYPE_IOCTL, &file->f_path);

	return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd);

}

}

static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt,

static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt,

			     mode_t mode)

			     mode_t mode)

{

{

	struct path path = { mnt, dentry };

	struct path path = { mnt, dentry };

	return tomoyo_path_perm(TOMOYO_TYPE_CHMOD, &path);

	return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, &path,

				       mode & S_IALLUGO);

}

}

static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)

static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)

{

{

	int error = 0;

	int error = 0;

	if (uid != (uid_t) -1)

	if (uid != (uid_t) -1)

		error = tomoyo_path_perm(TOMOYO_TYPE_CHOWN, path);

		error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path, uid);

	if (!error && gid != (gid_t) -1)

	if (!error && gid != (gid_t) -1)

		error = tomoyo_path_perm(TOMOYO_TYPE_CHGRP, path);

		error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path, gid);

	return error;

	return error;

}

}