TOMOYO: Rename symbols.

	struct tomoyo_policy_manager_entry e = { };

	int error;

	if (tomoyo_is_domain_def(manager)) {

		if (!tomoyo_is_correct_domain(manager))

	if (tomoyo_domain_def(manager)) {

		if (!tomoyo_correct_domain(manager))

			return -EINVAL;

		e.is_domain = true;

	} else {

		if (!tomoyo_is_correct_path(manager))

		if (!tomoyo_correct_path(manager))

			return -EINVAL;

	}

	e.manager = tomoyo_get_name(manager);

}

/**

 * tomoyo_is_policy_manager - Check whether the current process is a policy manager.

 * tomoyo_policy_manager - Check whether the current process is a policy manager.

 *

 * Returns true if the current process is permitted to modify policy

 * via /sys/kernel/security/tomoyo/ interface.

 *

 * Caller holds tomoyo_read_lock().

 */

static bool tomoyo_is_policy_manager(void)

static bool tomoyo_policy_manager(void)

{

	struct tomoyo_policy_manager_entry *ptr;

	const char *exe;

}

/**

 * tomoyo_is_select_one - Parse select command.

 * tomoyo_select_one - Parse select command.

 *

 * @head: Pointer to "struct tomoyo_io_buffer".

 * @data: String to parse.

 *

 * Caller holds tomoyo_read_lock().

 */

static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head,

static bool tomoyo_select_one(struct tomoyo_io_buffer *head,

				 const char *data)

{

	unsigned int pid;

		read_unlock(&tasklist_lock);

		rcu_read_unlock();

	} else if (!strncmp(data, "domain=", 7)) {

		if (tomoyo_is_domain_def(data + 7))

		if (tomoyo_domain_def(data + 7))

			domain = tomoyo_find_domain(data + 7);

	} else

		return false;

		is_delete = true;

	else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))

		is_select = true;

	if (is_select && tomoyo_is_select_one(head, data))

	if (is_select && tomoyo_select_one(head, data))

		return 0;

	/* Don't allow updating policies by non manager programs. */

	if (!tomoyo_is_policy_manager())

	if (!tomoyo_policy_manager())

		return -EPERM;

	if (tomoyo_is_domain_def(data)) {

	if (tomoyo_domain_def(data)) {

		domain = NULL;

		if (is_delete)

			tomoyo_delete_domain(data);

}

/**

 * tomoyo_print_path_number3_acl - Print a path_number3 ACL entry.

 * tomoyo_print_mkdev_acl - Print a mkdev ACL entry.

 *

 * @head: Pointer to "struct tomoyo_io_buffer".

 * @ptr:  Pointer to "struct tomoyo_path_number3_acl".

 * @ptr:  Pointer to "struct tomoyo_mkdev_acl".

 *

 * Returns true on success, false otherwise.

 */

static bool tomoyo_print_path_number3_acl(struct tomoyo_io_buffer *head,

					  struct tomoyo_path_number3_acl *ptr)

static bool tomoyo_print_mkdev_acl(struct tomoyo_io_buffer *head,

					  struct tomoyo_mkdev_acl *ptr)

{

	int pos;

	u8 bit;

	const u16 perm = ptr->perm;

	for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_NUMBER3_OPERATION;

	for (bit = head->read_bit; bit < TOMOYO_MAX_MKDEV_OPERATION;

	     bit++) {

		if (!(perm & (1 << bit)))

			continue;

		pos = head->read_avail;

		if (!tomoyo_io_printf(head, "allow_%s",

				      tomoyo_path_number32keyword(bit)) ||

				      tomoyo_mkdev2keyword(bit)) ||

		    !tomoyo_print_name_union(head, &ptr->name) ||

		    !tomoyo_print_number_union(head, &ptr->mode) ||

		    !tomoyo_print_number_union(head, &ptr->major) ||

				       head);

		return tomoyo_print_path_number_acl(head, acl);

	}

	if (acl_type == TOMOYO_TYPE_PATH_NUMBER3_ACL) {

		struct tomoyo_path_number3_acl *acl

			= container_of(ptr, struct tomoyo_path_number3_acl,

	if (acl_type == TOMOYO_TYPE_MKDEV_ACL) {

		struct tomoyo_mkdev_acl *acl

			= container_of(ptr, struct tomoyo_mkdev_acl,

				       head);

		return tomoyo_print_path_number3_acl(head, acl);

		return tomoyo_print_mkdev_acl(head, acl);

	}

	if (acl_type == TOMOYO_TYPE_MOUNT_ACL) {

		struct tomoyo_mount_acl *acl

	/* Don't allow updating policies by non manager programs. */

	if (head->write != tomoyo_write_pid &&

	    head->write != tomoyo_write_domain_policy &&

	    !tomoyo_is_policy_manager())

	    !tomoyo_policy_manager())

		return -EPERM;

	if (mutex_lock_interruptible(&head->io_sem))

		return -EINTR;

	TOMOYO_TYPE_PATH_ACL,

	TOMOYO_TYPE_PATH2_ACL,

	TOMOYO_TYPE_PATH_NUMBER_ACL,

	TOMOYO_TYPE_PATH_NUMBER3_ACL,

	TOMOYO_TYPE_MKDEV_ACL,

	TOMOYO_TYPE_MOUNT_ACL,

};

#define TOMOYO_RW_MASK ((1 << TOMOYO_TYPE_READ) | (1 << TOMOYO_TYPE_WRITE))

enum tomoyo_path_number3_acl_index {

enum tomoyo_mkdev_acl_index {

	TOMOYO_TYPE_MKBLOCK,

	TOMOYO_TYPE_MKCHAR,

	TOMOYO_MAX_PATH_NUMBER3_OPERATION

	TOMOYO_MAX_MKDEV_OPERATION

};

enum tomoyo_path2_acl_index {

 *

 * Packing "struct tomoyo_acl_info" allows

 * "struct tomoyo_path_acl" to embed "u16" and "struct tomoyo_path2_acl"

 * "struct tomoyo_path_number_acl" "struct tomoyo_path_number3_acl" to embed

 * "struct tomoyo_path_number_acl" "struct tomoyo_mkdev_acl" to embed

 * "u8" without enlarging their structure size.

 */

struct tomoyo_acl_info {

};

/*

 * tomoyo_path_number3_acl is a structure which is used for holding an

 * tomoyo_mkdev_acl is a structure which is used for holding an

 * entry with one pathname and three numbers operation.

 * It has following fields.

 *

 * Directives held by this structure are "allow_mkchar", "allow_mkblock".

 *

 */

struct tomoyo_path_number3_acl {

	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_NUMBER3_ACL */

struct tomoyo_mkdev_acl {

	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MKDEV_ACL */

	u8 perm;

	struct tomoyo_name_union name;

	struct tomoyo_number_union mode;

bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)

	__attribute__ ((format(printf, 2, 3)));

/* Check whether the domainname is correct. */

bool tomoyo_is_correct_domain(const unsigned char *domainname);

bool tomoyo_correct_domain(const unsigned char *domainname);

/* Check whether the token is correct. */

bool tomoyo_is_correct_path(const char *filename);

bool tomoyo_is_correct_word(const char *string);

bool tomoyo_correct_path(const char *filename);

bool tomoyo_correct_word(const char *string);

/* Check whether the token can be a domainname. */

bool tomoyo_is_domain_def(const unsigned char *buffer);

bool tomoyo_domain_def(const unsigned char *buffer);

bool tomoyo_parse_name_union(const char *filename,

			     struct tomoyo_name_union *ptr);

/* Check whether the given filename matches the given path_group. */

/* Convert double path operation to operation name. */

const char *tomoyo_path22keyword(const u8 operation);

const char *tomoyo_path_number2keyword(const u8 operation);

const char *tomoyo_path_number32keyword(const u8 operation);

const char *tomoyo_mkdev2keyword(const u8 operation);

/* Get the last component of the given domainname. */

const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain);

/* Convert single path operation to operation name. */

				 struct path *path, const int flag);

int tomoyo_path_number_perm(const u8 operation, struct path *path,

			    unsigned long number);

int tomoyo_path_number3_perm(const u8 operation, struct path *path,

int tomoyo_mkdev_perm(const u8 operation, struct path *path,

		      const unsigned int mode, unsigned int dev);

int tomoyo_path_perm(const u8 operation, struct path *path);

int tomoyo_path2_perm(const u8 operation, struct path *path1,

}

/**

 * tomoyo_is_valid - Check whether the character is a valid char.

 * tomoyo_valid - Check whether the character is a valid char.

 *

 * @c: The character to check.

 *

 * Returns true if @c is a valid character, false otherwise.

 */

static inline bool tomoyo_is_valid(const unsigned char c)

static inline bool tomoyo_valid(const unsigned char c)

{

	return c > ' ' && c < 127;

}

/**

 * tomoyo_is_invalid - Check whether the character is an invalid char.

 * tomoyo_invalid - Check whether the character is an invalid char.

 *

 * @c: The character to check.

 *

 * Returns true if @c is an invalid character, false otherwise.

 */

static inline bool tomoyo_is_invalid(const unsigned char c)

static inline bool tomoyo_invalid(const unsigned char c)

{

	return c && (c <= ' ' || c >= 127);

}

	return task_cred_xxx(task, security);

}

static inline bool tomoyo_is_same_acl_head(const struct tomoyo_acl_info *p1,

static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *p1,

					   const struct tomoyo_acl_info *p2)

{

	return p1->type == p2->type;

}

static inline bool tomoyo_is_same_name_union

static inline bool tomoyo_same_name_union

(const struct tomoyo_name_union *p1, const struct tomoyo_name_union *p2)

{

	return p1->filename == p2->filename && p1->group == p2->group &&

		p1->is_group == p2->is_group;

}

static inline bool tomoyo_is_same_number_union

static inline bool tomoyo_same_number_union

(const struct tomoyo_number_union *p1, const struct tomoyo_number_union *p2)

{

	return p1->values[0] == p2->values[0] && p1->values[1] == p2->values[1]

	struct tomoyo_domain_initializer_entry e = { .is_not = is_not };

	int error = is_delete ? -ENOENT : -ENOMEM;

	if (!tomoyo_is_correct_path(program))

	if (!tomoyo_correct_path(program))

		return -EINVAL;

	if (domainname) {

		if (!tomoyo_is_domain_def(domainname) &&

		    tomoyo_is_correct_path(domainname))

		if (!tomoyo_domain_def(domainname) &&

		    tomoyo_correct_path(domainname))

			e.is_last_name = true;

		else if (!tomoyo_is_correct_domain(domainname))

		else if (!tomoyo_correct_domain(domainname))

			return -EINVAL;

		e.domainname = tomoyo_get_name(domainname);

		if (!e.domainname)

}

/**

 * tomoyo_is_domain_initializer - Check whether the given program causes domainname reinitialization.

 * tomoyo_domain_initializer - Check whether the given program causes domainname reinitialization.

 *

 * @domainname: The name of domain.

 * @program:    The name of program.

 *

 * Caller holds tomoyo_read_lock().

 */

static bool tomoyo_is_domain_initializer(const struct tomoyo_path_info *

static bool tomoyo_domain_initializer(const struct tomoyo_path_info *

					 domainname,

					 const struct tomoyo_path_info *program,

					 const struct tomoyo_path_info *

	struct tomoyo_domain_keeper_entry e = { .is_not = is_not };

	int error = is_delete ? -ENOENT : -ENOMEM;

	if (!tomoyo_is_domain_def(domainname) &&

	    tomoyo_is_correct_path(domainname))

	if (!tomoyo_domain_def(domainname) &&

	    tomoyo_correct_path(domainname))

		e.is_last_name = true;

	else if (!tomoyo_is_correct_domain(domainname))

	else if (!tomoyo_correct_domain(domainname))

		return -EINVAL;

	if (program) {

		if (!tomoyo_is_correct_path(program))

		if (!tomoyo_correct_path(program))

			return -EINVAL;

		e.program = tomoyo_get_name(program);

		if (!e.program)

}

/**

 * tomoyo_is_domain_keeper - Check whether the given program causes domain transition suppression.

 * tomoyo_domain_keeper - Check whether the given program causes domain transition suppression.

 *

 * @domainname: The name of domain.

 * @program:    The name of program.

 *

 * Caller holds tomoyo_read_lock().

 */

static bool tomoyo_is_domain_keeper(const struct tomoyo_path_info *domainname,

static bool tomoyo_domain_keeper(const struct tomoyo_path_info *domainname,

				    const struct tomoyo_path_info *program,

				    const struct tomoyo_path_info *last_name)

{

	struct tomoyo_aggregator_entry e = { };

	int error = is_delete ? -ENOENT : -ENOMEM;

	if (!tomoyo_is_correct_path(original_name) ||

	    !tomoyo_is_correct_path(aggregated_name))

	if (!tomoyo_correct_path(original_name) ||

	    !tomoyo_correct_path(aggregated_name))

		return -EINVAL;

	e.original_name = tomoyo_get_name(original_name);

	e.aggregated_name = tomoyo_get_name(aggregated_name);

	struct tomoyo_alias_entry e = { };

	int error = is_delete ? -ENOENT : -ENOMEM;

	if (!tomoyo_is_correct_path(original_name) ||

	    !tomoyo_is_correct_path(aliased_name))

	if (!tomoyo_correct_path(original_name) ||

	    !tomoyo_correct_path(aliased_name))

		return -EINVAL;

	e.original_name = tomoyo_get_name(original_name);

	e.aliased_name = tomoyo_get_name(aliased_name);

	const struct tomoyo_path_info *saved_domainname;

	bool found = false;

	if (!tomoyo_is_correct_domain(domainname))

	if (!tomoyo_correct_domain(domainname))

		return NULL;

	saved_domainname = tomoyo_get_name(domainname);

	if (!saved_domainname)

	if (retval < 0)

		goto out;

	if (tomoyo_is_domain_initializer(old_domain->domainname, &rn, &ln)) {

	if (tomoyo_domain_initializer(old_domain->domainname, &rn, &ln)) {

		/* Transit to the child of tomoyo_kernel_domain domain. */

		snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1,

			 TOMOYO_ROOT_NAME " " "%s", rn.name);

		 * initializers because they might start before /sbin/init.

		 */

		domain = old_domain;

	} else if (tomoyo_is_domain_keeper(old_domain->domainname, &rn, &ln)) {

	} else if (tomoyo_domain_keeper(old_domain->domainname, &rn, &ln)) {

		/* Keep current domain. */

		domain = old_domain;

	} else {

};

/* Keyword array for operations with one pathname and three numbers. */

static const char *tomoyo_path_number3_keyword

[TOMOYO_MAX_PATH_NUMBER3_OPERATION] = {

static const char *tomoyo_mkdev_keyword

[TOMOYO_MAX_MKDEV_OPERATION] = {

	[TOMOYO_TYPE_MKBLOCK]    = "mkblock",

	[TOMOYO_TYPE_MKCHAR]     = "mkchar",

};

	[TOMOYO_TYPE_UMOUNT]     = TOMOYO_MAC_FILE_UMOUNT,

};

static const u8 tomoyo_pnnn2mac[TOMOYO_MAX_PATH_NUMBER3_OPERATION] = {

static const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION] = {

	[TOMOYO_TYPE_MKBLOCK] = TOMOYO_MAC_FILE_MKBLOCK,

	[TOMOYO_TYPE_MKCHAR]  = TOMOYO_MAC_FILE_MKCHAR,

};

}

/**

 * tomoyo_path_number32keyword - Get the name of path/number/number/number operations.

 * tomoyo_mkdev2keyword - Get the name of path/number/number/number operations.

 *

 * @operation: Type of operation.

 *

 * Returns the name of path/number/number/number operation.

 */

const char *tomoyo_path_number32keyword(const u8 operation)

const char *tomoyo_mkdev2keyword(const u8 operation)

{

	return (operation < TOMOYO_MAX_PATH_NUMBER3_OPERATION)

		? tomoyo_path_number3_keyword[operation] : NULL;

	return (operation < TOMOYO_MAX_MKDEV_OPERATION)

		? tomoyo_mkdev_keyword[operation] : NULL;

}

/**

 */

static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r)

{

	const char *operation = tomoyo_path_number32keyword(r->param.mkdev.

	const char *operation = tomoyo_mkdev2keyword(r->param.mkdev.

							    operation);

	const struct tomoyo_path_info *filename = r->param.mkdev.filename;

	const unsigned int major = r->param.mkdev.major;

	struct tomoyo_globally_readable_file_entry e = { };

	int error;

	if (!tomoyo_is_correct_word(filename))

	if (!tomoyo_correct_word(filename))

		return -EINVAL;

	e.filename = tomoyo_get_name(filename);

	if (!e.filename)

}

/**

 * tomoyo_is_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading.

 * tomoyo_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading.

 *

 * @filename: The filename to check.

 *

 *

 * Caller holds tomoyo_read_lock().

 */

static bool tomoyo_is_globally_readable_file(const struct tomoyo_path_info *

static bool tomoyo_globally_readable_file(const struct tomoyo_path_info *

					     filename)

{

	struct tomoyo_globally_readable_file_entry *ptr;

	struct tomoyo_pattern_entry e = { };

	int error;

	if (!tomoyo_is_correct_word(pattern))

	if (!tomoyo_correct_word(pattern))

		return -EINVAL;

	e.pattern = tomoyo_get_name(pattern);

	if (!e.pattern)

	struct tomoyo_no_rewrite_entry e = { };

	int error;

	if (!tomoyo_is_correct_word(pattern))

	if (!tomoyo_correct_word(pattern))

		return -EINVAL;

	e.pattern = tomoyo_get_name(pattern);

	if (!e.pattern)

}

/**

 * tomoyo_is_no_rewrite_file - Check if the given pathname is not permitted to be rewrited.

 * tomoyo_no_rewrite_file - Check if the given pathname is not permitted to be rewrited.

 *

 * @filename: Filename to check.

 *

 *

 * Caller holds tomoyo_read_lock().

 */

static bool tomoyo_is_no_rewrite_file(const struct tomoyo_path_info *filename)

static bool tomoyo_no_rewrite_file(const struct tomoyo_path_info *filename)

{

	struct tomoyo_no_rewrite_entry *ptr;

	bool found = false;

static bool tomoyo_check_mkdev_acl(const struct tomoyo_request_info *r,

				const struct tomoyo_acl_info *ptr)

{

	const struct tomoyo_path_number3_acl *acl =

	const struct tomoyo_mkdev_acl *acl =

		container_of(ptr, typeof(*acl), head);

	return (acl->perm & (1 << r->param.mkdev.operation)) &&

		tomoyo_compare_number_union(r->param.mkdev.mode,

{

	const struct tomoyo_path_acl *p1 = container_of(a, typeof(*p1), head);

	const struct tomoyo_path_acl *p2 = container_of(b, typeof(*p2), head);

	return tomoyo_is_same_acl_head(&p1->head, &p2->head) &&

		tomoyo_is_same_name_union(&p1->name, &p2->name);

	return tomoyo_same_acl_head(&p1->head, &p2->head) &&

		tomoyo_same_name_union(&p1->name, &p2->name);

}

static bool tomoyo_merge_path_acl(struct tomoyo_acl_info *a,

	return error;

}

static bool tomoyo_same_path_number3_acl(const struct tomoyo_acl_info *a,

static bool tomoyo_same_mkdev_acl(const struct tomoyo_acl_info *a,

					 const struct tomoyo_acl_info *b)

{

	const struct tomoyo_path_number3_acl *p1 = container_of(a, typeof(*p1),

	const struct tomoyo_mkdev_acl *p1 = container_of(a, typeof(*p1),

								head);

	const struct tomoyo_path_number3_acl *p2 = container_of(b, typeof(*p2),

	const struct tomoyo_mkdev_acl *p2 = container_of(b, typeof(*p2),

								head);

	return tomoyo_is_same_acl_head(&p1->head, &p2->head)

		&& tomoyo_is_same_name_union(&p1->name, &p2->name)

		&& tomoyo_is_same_number_union(&p1->mode, &p2->mode)

		&& tomoyo_is_same_number_union(&p1->major, &p2->major)

		&& tomoyo_is_same_number_union(&p1->minor, &p2->minor);

	return tomoyo_same_acl_head(&p1->head, &p2->head)

		&& tomoyo_same_name_union(&p1->name, &p2->name)

		&& tomoyo_same_number_union(&p1->mode, &p2->mode)

		&& tomoyo_same_number_union(&p1->major, &p2->major)

		&& tomoyo_same_number_union(&p1->minor, &p2->minor);

}

static bool tomoyo_merge_path_number3_acl(struct tomoyo_acl_info *a,

static bool tomoyo_merge_mkdev_acl(struct tomoyo_acl_info *a,

					  struct tomoyo_acl_info *b,

					  const bool is_delete)

{

	u8 *const a_perm = &container_of(a, struct tomoyo_path_number3_acl,

	u8 *const a_perm = &container_of(a, struct tomoyo_mkdev_acl,

					 head)->perm;

	u8 perm = *a_perm;

	const u8 b_perm = container_of(b, struct tomoyo_path_number3_acl, head)

	const u8 b_perm = container_of(b, struct tomoyo_mkdev_acl, head)

		->perm;

	if (is_delete)

		perm &= ~b_perm;

}

/**

 * tomoyo_update_path_number3_acl - Update "struct tomoyo_path_number3_acl" list.

 * tomoyo_update_mkdev_acl - Update "struct tomoyo_mkdev_acl" list.

 *

 * @type:      Type of operation.

 * @filename:  Filename.

 *

 * Caller holds tomoyo_read_lock().

 */

static int tomoyo_update_path_number3_acl(const u8 type, const char *filename,

static int tomoyo_update_mkdev_acl(const u8 type, const char *filename,

					  char *mode, char *major, char *minor,

					  struct tomoyo_domain_info * const

					  domain, const bool is_delete)

{

	struct tomoyo_path_number3_acl e = {

		.head.type = TOMOYO_TYPE_PATH_NUMBER3_ACL,

	struct tomoyo_mkdev_acl e = {

		.head.type = TOMOYO_TYPE_MKDEV_ACL,

		.perm = 1 << type

	};

	int error = is_delete ? -ENOENT : -ENOMEM;