TOMOYO: Cleanup part 3.

				    const struct tomoyo_name_union *ptr)

{

	tomoyo_set_space(head);

	if (ptr->is_group) {

	if (ptr->group) {

		tomoyo_set_string(head, "@");

		tomoyo_set_string(head, ptr->group->group_name->name);

	} else {

				      const struct tomoyo_number_union *ptr)

{

	tomoyo_set_space(head);

	if (ptr->is_group) {

	if (ptr->group) {

		tomoyo_set_string(head, "@");

		tomoyo_set_string(head, ptr->group->group_name->name);

	} else {

		int i;

		unsigned long min = ptr->values[0];

		const unsigned long max = ptr->values[1];

		u8 min_type = ptr->min_type;

		const u8 max_type = ptr->max_type;

		u8 min_type = ptr->value_type[0];

		const u8 max_type = ptr->value_type[1];

		char buffer[128];

		buffer[0] = '\0';

		for (i = 0; i < 2; i++) {

			domain = tomoyo_find_domain(data + 7);

	} else

		return false;

	head->write_var1 = domain;

	head->w.domain = domain;

	/* Accessing read_buf is safe because head->io_sem is held. */

	if (!head->read_buf)

		return true; /* Do nothing if open(O_WRONLY). */

static int tomoyo_write_domain(struct tomoyo_io_buffer *head)

{

	char *data = head->write_buf;

	struct tomoyo_domain_info *domain = head->write_var1;

	struct tomoyo_domain_info *domain = head->w.domain;

	bool is_delete = false;

	bool is_select = false;

	unsigned int profile;

			domain = tomoyo_find_domain(data);

		else

			domain = tomoyo_assign_domain(data, 0);

		head->write_var1 = domain;

		head->w.domain = domain;

		return 0;

	}

	if (!domain)

{

	list_for_each_cookie(head->r.group, &tomoyo_group_list[idx]) {

		struct tomoyo_group *group =

			list_entry(head->r.group, typeof(*group), list);

			list_entry(head->r.group, typeof(*group), head.list);

		list_for_each_cookie(head->r.acl, &group->member_list) {

			struct tomoyo_acl_head *ptr =

				list_entry(head->r.acl, typeof(*ptr), list);

/**

 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.

 *

 * @file:       Pointer to "struct file".

 * @head:       Pointer to "struct tomoyo_io_buffer".

 * @buffer:     Poiner to buffer to write to.

 * @buffer_len: Size of @buffer.

 *

 *

 * Caller holds tomoyo_read_lock().

 */

int tomoyo_read_control(struct file *file, char __user *buffer,

int tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer,

			const int buffer_len)

{

	int len;

	struct tomoyo_io_buffer *head = file->private_data;

	if (!head->read)

		return -ENOSYS;

/**

 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface.

 *

 * @file:       Pointer to "struct file".

 * @head:       Pointer to "struct tomoyo_io_buffer".

 * @buffer:     Pointer to buffer to read from.

 * @buffer_len: Size of @buffer.

 *

 *

 * Caller holds tomoyo_read_lock().

 */

int tomoyo_write_control(struct file *file, const char __user *buffer,

			 const int buffer_len)

int tomoyo_write_control(struct tomoyo_io_buffer *head,

			 const char __user *buffer, const int buffer_len)

{

	struct tomoyo_io_buffer *head = file->private_data;

	int error = buffer_len;

	int avail_len = buffer_len;

	char *cp0 = head->write_buf;

	/* Read a line and dispatch it to the policy handler. */

	while (avail_len > 0) {

		char c;

		if (head->write_avail >= head->writebuf_size - 1) {

		if (head->w.avail >= head->writebuf_size - 1) {

			error = -ENOMEM;

			break;

		} else if (get_user(c, buffer)) {

		}

		buffer++;

		avail_len--;

		cp0[head->write_avail++] = c;

		cp0[head->w.avail++] = c;

		if (c != '\n')

			continue;

		cp0[head->write_avail - 1] = '\0';

		head->write_avail = 0;

		cp0[head->w.avail - 1] = '\0';

		head->w.avail = 0;

		tomoyo_normalize_line(cp0);

		head->write(head);

	}

/**

 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface.

 *

 * @file: Pointer to "struct file".

 * @head: Pointer to "struct tomoyo_io_buffer".

 *

 * Releases memory and returns 0.

 *

 * Caller looses tomoyo_read_lock().

 */

int tomoyo_close_control(struct file *file)

int tomoyo_close_control(struct tomoyo_io_buffer *head)

{

	struct tomoyo_io_buffer *head = file->private_data;

	const bool is_write = !!head->write_buf;

	/*

	kfree(head->write_buf);

	head->write_buf = NULL;

	kfree(head);

	head = NULL;

	file->private_data = NULL;

	if (is_write)

		tomoyo_run_gc();

	return 0;

	bool is_deleted;

} __packed;

/* Common header for shared entries. */

struct tomoyo_shared_acl_head {

	struct list_head list;

	atomic_t users;

} __packed;

/* Structure for request info. */

struct tomoyo_request_info {

	struct tomoyo_domain_info *domain;

/* Structure for holding string data. */

struct tomoyo_name {

	struct list_head list;

	atomic_t users;

	struct tomoyo_shared_acl_head head;

	struct tomoyo_path_info entry;

};

	/* Either @filename or @group is NULL. */

	const struct tomoyo_path_info *filename;

	struct tomoyo_group *group;

	/* True if @group != NULL, false if @filename != NULL. */

	u8 is_group;

};

/* Structure for holding a number. */

	unsigned long values[2];

	struct tomoyo_group *group; /* Maybe NULL. */

	/* One of values in "enum tomoyo_value_type". */

	u8 min_type;

	u8 max_type;

	/* True if @group != NULL, false otherwise. */

	u8 is_group;

	u8 value_type[2];

};

/* Structure for "path_group"/"number_group" directive. */

struct tomoyo_group {

	struct list_head list;

	struct tomoyo_shared_acl_head head;

	const struct tomoyo_path_info *group_name;

	struct list_head member_list;

	atomic_t users;

};

/* Structure for "path_group" directive. */

		bool print_execute_only;

		const char *w[TOMOYO_MAX_IO_READ_QUEUE];

	} r;

	struct {

		/* The position currently writing to.   */

	struct tomoyo_domain_info *write_var1;

		struct tomoyo_domain_info *domain;

		/* Bytes available for writing.         */

		int avail;

	} w;

	/* Buffer for reading.                  */

	char *read_buf;

	/* Size of read buffer.                 */

	int readbuf_size;

	/* Buffer for writing.                  */

	char *write_buf;

	/* Bytes available for writing.         */

	int write_avail;

	/* Size of write buffer.                */

	int writebuf_size;

	/* Type of this interface.              */

     __attribute__ ((format(printf, 2, 3)));

void tomoyo_check_profile(void);

int tomoyo_open_control(const u8 type, struct file *file);

int tomoyo_close_control(struct file *file);

int tomoyo_close_control(struct tomoyo_io_buffer *head);

int tomoyo_poll_control(struct file *file, poll_table *wait);

int tomoyo_read_control(struct file *file, char __user *buffer,

			const int buffer_len);

int tomoyo_write_control(struct file *file, const char __user *buffer,

int tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer,

			const int buffer_len);

int tomoyo_write_control(struct tomoyo_io_buffer *head,

			 const char __user *buffer, const int buffer_len);

bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r);

void tomoyo_warn_oom(const char *function);

const struct tomoyo_path_info *

	return a->hash != b->hash || strcmp(a->name, b->name);

}

/**

 * tomoyo_valid - Check whether the character is a valid char.

 *

 * @c: The character to check.

 *

 * Returns true if @c is a valid character, false otherwise.

 */

static inline bool tomoyo_valid(const unsigned char c)

{

	return c > ' ' && c < 127;

}

/**

 * tomoyo_invalid - Check whether the character is an invalid char.

 *

 * @c: The character to check.

 *

 * Returns true if @c is an invalid character, false otherwise.

 */

static inline bool tomoyo_invalid(const unsigned char c)

{

	return c && (c <= ' ' || c >= 127);

}

/**

 * tomoyo_put_name - Drop reference on "struct tomoyo_name".

 *

	if (name) {

		struct tomoyo_name *ptr =

			container_of(name, typeof(*ptr), entry);

		atomic_dec(&ptr->users);

		atomic_dec(&ptr->head.users);

	}

}

static inline void tomoyo_put_group(struct tomoyo_group *group)

{

	if (group)

		atomic_dec(&group->users);

		atomic_dec(&group->head.users);

}

/**

	return task_cred_xxx(task, security);

}

static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *p1,

					const struct tomoyo_acl_info *p2)

{

	return p1->type == p2->type;

}

/**

 * tomoyo_same_name_union - Check for duplicated "struct tomoyo_name_union" entry.

 *

static inline bool tomoyo_same_name_union

(const struct tomoyo_name_union *a, const struct tomoyo_name_union *b)

{

	return a->filename == b->filename && a->group == b->group &&

		a->is_group == b->is_group;

	return a->filename == b->filename && a->group == b->group;

}

/**

(const struct tomoyo_number_union *a, const struct tomoyo_number_union *b)

{

	return a->values[0] == b->values[0] && a->values[1] == b->values[1] &&

		a->group == b->group && a->min_type == b->min_type &&

		a->max_type == b->max_type && a->is_group == b->is_group;

		a->group == b->group && a->value_type[0] == b->value_type[0] &&

		a->value_type[1] == b->value_type[1];

}

/**

	return error;

}

/**

 * tomoyo_same_acl_head - Check for duplicated "struct tomoyo_acl_info" entry.

 *

 * @a: Pointer to "struct tomoyo_acl_info".

 * @b: Pointer to "struct tomoyo_acl_info".

 *

 * Returns true if @a == @b, false otherwise.

 */

static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *a,

					const struct tomoyo_acl_info *b)

{

	return a->type == b->type;

}

/**

 * tomoyo_update_domain - Update an entry for domain policy.

 *

	if (mutex_lock_interruptible(&tomoyo_policy_lock))

		return error;

	list_for_each_entry_rcu(entry, &domain->acl_info_list, list) {

		if (!check_duplicate(entry, new_entry))

		if (!tomoyo_same_acl_head(entry, new_entry) ||

		    !check_duplicate(entry, new_entry))

			continue;

		if (merge_duplicate)

			entry->is_deleted = merge_duplicate(entry, new_entry,

	[TOMOYO_TYPE_CHGRP]      = "chgrp",

};

/*

 * Mapping table from "enum tomoyo_path_acl_index" to "enum tomoyo_mac_index".

 */

static const u8 tomoyo_p2mac[TOMOYO_MAX_PATH_OPERATION] = {

	[TOMOYO_TYPE_EXECUTE]    = TOMOYO_MAC_FILE_EXECUTE,

	[TOMOYO_TYPE_READ]       = TOMOYO_MAC_FILE_OPEN,

	[TOMOYO_TYPE_UMOUNT]     = TOMOYO_MAC_FILE_UMOUNT,

};

/*

 * Mapping table from "enum tomoyo_mkdev_acl_index" to "enum tomoyo_mac_index".

 */

static const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION] = {

	[TOMOYO_TYPE_MKBLOCK] = TOMOYO_MAC_FILE_MKBLOCK,

	[TOMOYO_TYPE_MKCHAR]  = TOMOYO_MAC_FILE_MKCHAR,

};

/*

 * Mapping table from "enum tomoyo_path2_acl_index" to "enum tomoyo_mac_index".

 */

static const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION] = {

	[TOMOYO_TYPE_LINK]       = TOMOYO_MAC_FILE_LINK,

	[TOMOYO_TYPE_RENAME]     = TOMOYO_MAC_FILE_RENAME,

	[TOMOYO_TYPE_PIVOT_ROOT] = TOMOYO_MAC_FILE_PIVOT_ROOT,

};

/*

 * Mapping table from "enum tomoyo_path_number_acl_index" to

 * "enum tomoyo_mac_index".

 */

static const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION] = {

	[TOMOYO_TYPE_CREATE] = TOMOYO_MAC_FILE_CREATE,

	[TOMOYO_TYPE_MKDIR]  = TOMOYO_MAC_FILE_MKDIR,

	[TOMOYO_TYPE_CHGRP]  = TOMOYO_MAC_FILE_CHGRP,

};

/**

 * tomoyo_put_name_union - Drop reference on "struct tomoyo_name_union".

 *

 * @ptr: Pointer to "struct tomoyo_name_union".

 *

 * Returns nothing.

 */

void tomoyo_put_name_union(struct tomoyo_name_union *ptr)

{

	if (!ptr)

		return;

	if (ptr->is_group)

	tomoyo_put_group(ptr->group);

	else

	tomoyo_put_name(ptr->filename);

}

/**

 * tomoyo_compare_name_union - Check whether a name matches "struct tomoyo_name_union" or not.

 *

 * @name: Pointer to "struct tomoyo_path_info".

 * @ptr:  Pointer to "struct tomoyo_name_union".

 *

 * Returns "struct tomoyo_path_info" if @name matches @ptr, NULL otherwise.

 */

const struct tomoyo_path_info *

tomoyo_compare_name_union(const struct tomoyo_path_info *name,

			  const struct tomoyo_name_union *ptr)

{

	if (ptr->is_group)

	if (ptr->group)

		return tomoyo_path_matches_group(name, ptr->group);

	if (tomoyo_path_matches_pattern(name, ptr->filename))

		return ptr->filename;

	return NULL;

}

/**

 * tomoyo_put_number_union - Drop reference on "struct tomoyo_number_union".

 *

 * @ptr: Pointer to "struct tomoyo_number_union".

 *

 * Returns nothing.

 */

void tomoyo_put_number_union(struct tomoyo_number_union *ptr)

{

	if (ptr && ptr->is_group)

	tomoyo_put_group(ptr->group);

}

/**

 * tomoyo_compare_number_union - Check whether a value matches "struct tomoyo_number_union" or not.

 *

 * @value: Number to check.

 * @ptr:   Pointer to "struct tomoyo_number_union".

 *

 * Returns true if @value matches @ptr, false otherwise.

 */

bool tomoyo_compare_number_union(const unsigned long value,

				 const struct tomoyo_number_union *ptr)

{

	if (ptr->is_group)

	if (ptr->group)

		return tomoyo_number_matches_group(value, value, ptr->group);

	return value >= ptr->values[0] && value <= ptr->values[1];

}

/**

 * tomoyo_add_slash - Add trailing '/' if needed.

 *

 * @buf: Pointer to "struct tomoyo_path_info".

 *

 * Returns nothing.

 *

 * @buf must be generated by tomoyo_encode() because this function does not

 * allocate memory for adding '/'.

 */

static void tomoyo_add_slash(struct tomoyo_path_info *buf)

{

	if (buf->is_dir)

				 filename->name, buffer);

}

/**

 * tomoyo_check_path_acl - Check permission for path operation.

 *

 * @r:   Pointer to "struct tomoyo_request_info".

 * @ptr: Pointer to "struct tomoyo_acl_info".

 *

 * Returns true if granted, false otherwise.

 *

 * To be able to use wildcard for domain transition, this function sets

 * matching entry on success. Since the caller holds tomoyo_read_lock(),

 * it is safe to set matching entry.

 */

static bool tomoyo_check_path_acl(struct tomoyo_request_info *r,

				  const struct tomoyo_acl_info *ptr)

{

	return false;

}

/**

 * tomoyo_check_path_number_acl - Check permission for path number operation.

 *

 * @r:   Pointer to "struct tomoyo_request_info".

 * @ptr: Pointer to "struct tomoyo_acl_info".

 *

 * Returns true if granted, false otherwise.

 */

static bool tomoyo_check_path_number_acl(struct tomoyo_request_info *r,

					 const struct tomoyo_acl_info *ptr)

{

					  &acl->name);

}

/**

 * tomoyo_check_path2_acl - Check permission for path path operation.

 *

 * @r:   Pointer to "struct tomoyo_request_info".

 * @ptr: Pointer to "struct tomoyo_acl_info".

 *

 * Returns true if granted, false otherwise.

 */

static bool tomoyo_check_path2_acl(struct tomoyo_request_info *r,

				   const struct tomoyo_acl_info *ptr)

{

					     &acl->name2);

}

/**

 * tomoyo_check_mkdev_acl - Check permission for path number number number operation.

 *

 * @r:   Pointer to "struct tomoyo_request_info".

 * @ptr: Pointer to "struct tomoyo_acl_info".

 *

 * Returns true if granted, false otherwise.

 */

static bool tomoyo_check_mkdev_acl(struct tomoyo_request_info *r,

				   const struct tomoyo_acl_info *ptr)

{

					  &acl->name);

}

/**

 * tomoyo_same_path_acl - Check for duplicated "struct tomoyo_path_acl" entry.

 *

 * @a: Pointer to "struct tomoyo_acl_info".

 * @b: Pointer to "struct tomoyo_acl_info".

 *

 * Returns true if @a == @b except permission bits, false otherwise.

 */

static bool tomoyo_same_path_acl(const struct tomoyo_acl_info *a,

				 const struct tomoyo_acl_info *b)

{

	const struct tomoyo_path_acl *p1 = container_of(a, typeof(*p1), head);

	const struct tomoyo_path_acl *p2 = container_of(b, typeof(*p2), head);

	return tomoyo_same_acl_head(&p1->head, &p2->head) &&

		tomoyo_same_name_union(&p1->name, &p2->name);

	return tomoyo_same_name_union(&p1->name, &p2->name);

}

/**

	return error;

}

/**

 * tomoyo_same_mkdev_acl - Check for duplicated "struct tomoyo_mkdev_acl" entry.

 *

 * @a: Pointer to "struct tomoyo_acl_info".

 * @b: Pointer to "struct tomoyo_acl_info".

 *

 * Returns true if @a == @b except permission bits, false otherwise.

 */

static bool tomoyo_same_mkdev_acl(const struct tomoyo_acl_info *a,

					 const struct tomoyo_acl_info *b)

{

	const struct tomoyo_mkdev_acl *p1 = container_of(a, typeof(*p1),

								head);

	const struct tomoyo_mkdev_acl *p2 = container_of(b, typeof(*p2),

								head);

	return tomoyo_same_acl_head(&p1->head, &p2->head)

		&& tomoyo_same_name_union(&p1->name, &p2->name)

		&& tomoyo_same_number_union(&p1->mode, &p2->mode)

		&& tomoyo_same_number_union(&p1->major, &p2->major)

		&& tomoyo_same_number_union(&p1->minor, &p2->minor);

	const struct tomoyo_mkdev_acl *p1 = container_of(a, typeof(*p1), head);

	const struct tomoyo_mkdev_acl *p2 = container_of(b, typeof(*p2), head);

	return tomoyo_same_name_union(&p1->name, &p2->name) &&

		tomoyo_same_number_union(&p1->mode, &p2->mode) &&

		tomoyo_same_number_union(&p1->major, &p2->major) &&

		tomoyo_same_number_union(&p1->minor, &p2->minor);

}

/**

 * tomoyo_merge_mkdev_acl - Merge duplicated "struct tomoyo_mkdev_acl" entry.

 *

 * @a:         Pointer to "struct tomoyo_acl_info".

 * @b:         Pointer to "struct tomoyo_acl_info".

 * @is_delete: True for @a &= ~@b, false for @a |= @b.

 *

 * Returns true if @a is empty, false otherwise.

 */

static bool tomoyo_merge_mkdev_acl(struct tomoyo_acl_info *a,

				   struct tomoyo_acl_info *b,

				   const bool is_delete)

 */

static int tomoyo_update_mkdev_acl(const u8 type, const char *filename,

				   char *mode, char *major, char *minor,

					  struct tomoyo_domain_info * const

					  domain, const bool is_delete)

				   struct tomoyo_domain_info * const domain,

				   const bool is_delete)

{

	struct tomoyo_mkdev_acl e = {

		.head.type = TOMOYO_TYPE_MKDEV_ACL,

	return error;

}

/**

 * tomoyo_same_path2_acl - Check for duplicated "struct tomoyo_path2_acl" entry.

 *

 * @a: Pointer to "struct tomoyo_acl_info".

 * @b: Pointer to "struct tomoyo_acl_info".

 *

 * Returns true if @a == @b except permission bits, false otherwise.

 */

static bool tomoyo_same_path2_acl(const struct tomoyo_acl_info *a,

				  const struct tomoyo_acl_info *b)

{

	const struct tomoyo_path2_acl *p1 = container_of(a, typeof(*p1), head);

	const struct tomoyo_path2_acl *p2 = container_of(b, typeof(*p2), head);