TOMOYO: Use common code for open and mkdir etc.

/* Initialize mm related code. */

void __init tomoyo_mm_init(void);

int tomoyo_check_exec_perm(struct tomoyo_request_info *r,

int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,

			   const struct tomoyo_path_info *filename);

int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,

				 struct path *path, const int flag);

	}

	/* Check execute permission. */

	retval = tomoyo_check_exec_perm(&r, &rn);

	retval = tomoyo_path_permission(&r, TOMOYO_TYPE_EXECUTE, &rn);

	if (retval == TOMOYO_RETRY_REQUEST)

		goto retry;

	if (retval < 0)

	return error;

}

/**

 * tomoyo_file_perm - Check permission for opening files.

 *

 * @r:         Pointer to "struct tomoyo_request_info".

 * @filename:  Filename to check.

 * @mode:      Mode ("read" or "write" or "read/write" or "execute").

 *

 * Returns 0 on success, negative value otherwise.

 *

 * Caller holds tomoyo_read_lock().

 */

static int tomoyo_file_perm(struct tomoyo_request_info *r,

			    const struct tomoyo_path_info *filename,

			    const u8 mode)

{

	const char *msg = "<unknown>";

	int error = 0;

	u32 perm = 0;

	if (!filename)

		return 0;

	if (mode == 6) {

		msg = tomoyo_path2keyword(TOMOYO_TYPE_READ_WRITE);

		perm = 1 << TOMOYO_TYPE_READ_WRITE;

	} else if (mode == 4) {

		msg = tomoyo_path2keyword(TOMOYO_TYPE_READ);

		perm = 1 << TOMOYO_TYPE_READ;

	} else if (mode == 2) {

		msg = tomoyo_path2keyword(TOMOYO_TYPE_WRITE);

		perm = 1 << TOMOYO_TYPE_WRITE;

	} else if (mode == 1) {

		msg = tomoyo_path2keyword(TOMOYO_TYPE_EXECUTE);

		perm = 1 << TOMOYO_TYPE_EXECUTE;

	} else

		BUG();

	do {

		error = tomoyo_path_acl(r, filename, perm);

		if (error && mode == 4 && !r->domain->ignore_global_allow_read

		    && tomoyo_is_globally_readable_file(filename))

			error = 0;

		if (!error)

			break;

		tomoyo_warn_log(r, "%s %s", msg, filename->name);

		error = tomoyo_supervisor(r, "allow_%s %s\n", msg,

					  tomoyo_file_pattern(filename));

		/*

                 * Do not retry for execute request, for alias may have

		 * changed.

                 */

	} while (error == TOMOYO_RETRY_REQUEST && mode != 1);

	if (r->mode != TOMOYO_CONFIG_ENFORCING)

		error = 0;

	return error;

}

static bool tomoyo_same_path_acl(const struct tomoyo_acl_info *a,

				 const struct tomoyo_acl_info *b)

{

 *

 * Caller holds tomoyo_read_lock().

 */

static int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,

int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,

			   const struct tomoyo_path_info *filename)

{

	const char *msg;

		return 0;

	do {

		error = tomoyo_path_acl(r, filename, 1 << operation);

		if (error && operation == TOMOYO_TYPE_READ &&

		    !r->domain->ignore_global_allow_read &&

		    tomoyo_is_globally_readable_file(filename))

			error = 0;

		if (!error)

			break;

		msg = tomoyo_path2keyword(operation);

		tomoyo_warn_log(r, "%s %s", msg, filename->name);

		error = tomoyo_supervisor(r, "allow_%s %s\n", msg,

					  tomoyo_file_pattern(filename));

	} while (error == TOMOYO_RETRY_REQUEST);

	if (r->mode != TOMOYO_CONFIG_ENFORCING)

		error = 0;

		/*

		 * Do not retry for execute request, for alias may have

		 * changed.

		 */

	} while (error == TOMOYO_RETRY_REQUEST &&

		 operation != TOMOYO_TYPE_EXECUTE);

	/*

	 * Since "allow_truncate" doesn't imply "allow_rewrite" permission,

	 * we need to check "allow_rewrite" permission if the filename is

					  tomoyo_file_pattern(filename),

					  buffer);

	} while (error == TOMOYO_RETRY_REQUEST);

	if (r->mode != TOMOYO_CONFIG_ENFORCING)

		error = 0;

	return error;

}

	return error;

}

/**

 * tomoyo_check_exec_perm - Check permission for "execute".

 *

 * @r:        Pointer to "struct tomoyo_request_info".

 * @filename: Check permission for "execute".

 *

 * Returns 0 on success, negativevalue otherwise.

 *

 * Caller holds tomoyo_read_lock().

 */

int tomoyo_check_exec_perm(struct tomoyo_request_info *r,

			   const struct tomoyo_path_info *filename)

{

	if (r->mode == TOMOYO_CONFIG_DISABLED)

		return 0;

	return tomoyo_file_perm(r, filename, 1);

}

/**

 * tomoyo_check_open_permission - Check permission for "read" and "write".

 *

	if (!error && acc_mode &&

	    tomoyo_init_request_info(&r, domain, TOMOYO_MAC_FILE_OPEN)

	    != TOMOYO_CONFIG_DISABLED) {

		u8 operation;

		if (!buf.name && !tomoyo_get_realpath(&buf, path)) {

			error = -ENOMEM;

			goto out;

		}

		error = tomoyo_file_perm(&r, &buf, acc_mode);

		if (acc_mode == (MAY_READ | MAY_WRITE))

			operation = TOMOYO_TYPE_READ_WRITE;

		else if (acc_mode == MAY_READ)

			operation = TOMOYO_TYPE_READ;

		else

			operation = TOMOYO_TYPE_WRITE;

		error = tomoyo_path_permission(&r, operation, &buf);

	}

 out:

	kfree(buf.name);