security/ccsecurity/policy_io.c

/*
 * security/ccsecurity/policy_io.c
 *
 * Copyright (C) 2005-2011  NTT DATA CORPORATION
 *
 * Version: 1.8.3+   2011/10/25
 */

#include "internal.h"

/***** SECTION1: Constants definition *****/

/* Define this to enable debug mode. */
/* #define DEBUG_CONDITION */

#ifdef DEBUG_CONDITION
#define dprintk printk
#else
#define dprintk(...) do { } while (0)
#endif

/* String table for operation mode. */
const char * const ccs_mode[CCS_CONFIG_MAX_MODE] = {
        [CCS_CONFIG_DISABLED]   = "disabled",
        [CCS_CONFIG_LEARNING]   = "learning",
        [CCS_CONFIG_PERMISSIVE] = "permissive",
        [CCS_CONFIG_ENFORCING]  = "enforcing"
};

/* String table for /proc/ccs/profile interface. */
const char * const ccs_mac_keywords[CCS_MAX_MAC_INDEX
                                    + CCS_MAX_MAC_CATEGORY_INDEX] = {
        /* CONFIG::file group */
        [CCS_MAC_FILE_EXECUTE]    = "execute",
        [CCS_MAC_FILE_OPEN]       = "open",
        [CCS_MAC_FILE_CREATE]     = "create",
        [CCS_MAC_FILE_UNLINK]     = "unlink",
        [CCS_MAC_FILE_GETATTR]    = "getattr",
        [CCS_MAC_FILE_MKDIR]      = "mkdir",
        [CCS_MAC_FILE_RMDIR]      = "rmdir",
        [CCS_MAC_FILE_MKFIFO]     = "mkfifo",
        [CCS_MAC_FILE_MKSOCK]     = "mksock",
        [CCS_MAC_FILE_TRUNCATE]   = "truncate",
        [CCS_MAC_FILE_SYMLINK]    = "symlink",
        [CCS_MAC_FILE_MKBLOCK]    = "mkblock",
        [CCS_MAC_FILE_MKCHAR]     = "mkchar",
        [CCS_MAC_FILE_LINK]       = "link",
        [CCS_MAC_FILE_RENAME]     = "rename",
        [CCS_MAC_FILE_CHMOD]      = "chmod",
        [CCS_MAC_FILE_CHOWN]      = "chown",
        [CCS_MAC_FILE_CHGRP]      = "chgrp",
        [CCS_MAC_FILE_IOCTL]      = "ioctl",
        [CCS_MAC_FILE_CHROOT]     = "chroot",
        [CCS_MAC_FILE_MOUNT]      = "mount",
        [CCS_MAC_FILE_UMOUNT]     = "unmount",
        [CCS_MAC_FILE_PIVOT_ROOT] = "pivot_root",
        /* CONFIG::misc group */
        [CCS_MAC_ENVIRON] = "env",
        /* CONFIG::network group */
        [CCS_MAC_NETWORK_INET_STREAM_BIND]       = "inet_stream_bind",
        [CCS_MAC_NETWORK_INET_STREAM_LISTEN]     = "inet_stream_listen",
        [CCS_MAC_NETWORK_INET_STREAM_CONNECT]    = "inet_stream_connect",
        [CCS_MAC_NETWORK_INET_STREAM_ACCEPT]     = "inet_stream_accept",
        [CCS_MAC_NETWORK_INET_DGRAM_BIND]        = "inet_dgram_bind",
        [CCS_MAC_NETWORK_INET_DGRAM_SEND]        = "inet_dgram_send",
        [CCS_MAC_NETWORK_INET_DGRAM_RECV]        = "inet_dgram_recv",
        [CCS_MAC_NETWORK_INET_RAW_BIND]          = "inet_raw_bind",
        [CCS_MAC_NETWORK_INET_RAW_SEND]          = "inet_raw_send",
        [CCS_MAC_NETWORK_INET_RAW_RECV]          = "inet_raw_recv",
        [CCS_MAC_NETWORK_UNIX_STREAM_BIND]       = "unix_stream_bind",
        [CCS_MAC_NETWORK_UNIX_STREAM_LISTEN]     = "unix_stream_listen",
        [CCS_MAC_NETWORK_UNIX_STREAM_CONNECT]    = "unix_stream_connect",
        [CCS_MAC_NETWORK_UNIX_STREAM_ACCEPT]     = "unix_stream_accept",
        [CCS_MAC_NETWORK_UNIX_DGRAM_BIND]        = "unix_dgram_bind",
        [CCS_MAC_NETWORK_UNIX_DGRAM_SEND]        = "unix_dgram_send",
        [CCS_MAC_NETWORK_UNIX_DGRAM_RECV]        = "unix_dgram_recv",
        [CCS_MAC_NETWORK_UNIX_SEQPACKET_BIND]    = "unix_seqpacket_bind",
        [CCS_MAC_NETWORK_UNIX_SEQPACKET_LISTEN]  = "unix_seqpacket_listen",
        [CCS_MAC_NETWORK_UNIX_SEQPACKET_CONNECT] = "unix_seqpacket_connect",
        [CCS_MAC_NETWORK_UNIX_SEQPACKET_ACCEPT]  = "unix_seqpacket_accept",
        /* CONFIG::ipc group */
        [CCS_MAC_SIGNAL] = "signal",
        /* CONFIG::capability group */
        [CCS_MAC_CAPABILITY_USE_ROUTE_SOCKET]  = "use_route",
        [CCS_MAC_CAPABILITY_USE_PACKET_SOCKET] = "use_packet",
        [CCS_MAC_CAPABILITY_SYS_REBOOT]        = "SYS_REBOOT",
        [CCS_MAC_CAPABILITY_SYS_VHANGUP]       = "SYS_VHANGUP",
        [CCS_MAC_CAPABILITY_SYS_SETTIME]       = "SYS_TIME",
        [CCS_MAC_CAPABILITY_SYS_NICE]          = "SYS_NICE",
        [CCS_MAC_CAPABILITY_SYS_SETHOSTNAME]   = "SYS_SETHOSTNAME",
        [CCS_MAC_CAPABILITY_USE_KERNEL_MODULE] = "use_kernel_module",
        [CCS_MAC_CAPABILITY_SYS_KEXEC_LOAD]    = "SYS_KEXEC_LOAD",
        [CCS_MAC_CAPABILITY_SYS_PTRACE]        = "SYS_PTRACE",
        /* CONFIG group */
        [CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_FILE]       = "file",
        [CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_NETWORK]    = "network",
        [CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_MISC]       = "misc",
        [CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_IPC]        = "ipc",
        [CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_CAPABILITY] = "capability",
};

/* String table for path operation. */
const char * const ccs_path_keyword[CCS_MAX_PATH_OPERATION] = {
        [CCS_TYPE_EXECUTE]    = "execute",
        [CCS_TYPE_READ]       = "read",
        [CCS_TYPE_WRITE]      = "write",
        [CCS_TYPE_APPEND]     = "append",
        [CCS_TYPE_UNLINK]     = "unlink",
        [CCS_TYPE_GETATTR]    = "getattr",
        [CCS_TYPE_RMDIR]      = "rmdir",
        [CCS_TYPE_TRUNCATE]   = "truncate",
        [CCS_TYPE_SYMLINK]    = "symlink",
        [CCS_TYPE_CHROOT]     = "chroot",
        [CCS_TYPE_UMOUNT]     = "unmount",
};

/* String table for socket's operation. */
const char * const ccs_socket_keyword[CCS_MAX_NETWORK_OPERATION] = {
        [CCS_NETWORK_BIND]    = "bind",
        [CCS_NETWORK_LISTEN]  = "listen",
        [CCS_NETWORK_CONNECT] = "connect",
        [CCS_NETWORK_ACCEPT]  = "accept",
        [CCS_NETWORK_SEND]    = "send",
        [CCS_NETWORK_RECV]    = "recv",
};

/* String table for categories. */
static const char * const ccs_category_keywords[CCS_MAX_MAC_CATEGORY_INDEX] = {
        [CCS_MAC_CATEGORY_FILE]       = "file",
        [CCS_MAC_CATEGORY_NETWORK]    = "network",
        [CCS_MAC_CATEGORY_MISC]       = "misc",
        [CCS_MAC_CATEGORY_IPC]        = "ipc",
        [CCS_MAC_CATEGORY_CAPABILITY] = "capability",
};

/* String table for conditions. */
const char * const ccs_condition_keyword[CCS_MAX_CONDITION_KEYWORD] = {
        [CCS_TASK_UID]             = "task.uid",
        [CCS_TASK_EUID]            = "task.euid",
        [CCS_TASK_SUID]            = "task.suid",
        [CCS_TASK_FSUID]           = "task.fsuid",
        [CCS_TASK_GID]             = "task.gid",
        [CCS_TASK_EGID]            = "task.egid",
        [CCS_TASK_SGID]            = "task.sgid",
        [CCS_TASK_FSGID]           = "task.fsgid",
        [CCS_TASK_PID]             = "task.pid",
        [CCS_TASK_PPID]            = "task.ppid",
        [CCS_EXEC_ARGC]            = "exec.argc",
        [CCS_EXEC_ENVC]            = "exec.envc",
        [CCS_TYPE_IS_SOCKET]       = "socket",
        [CCS_TYPE_IS_SYMLINK]      = "symlink",
        [CCS_TYPE_IS_FILE]         = "file",
        [CCS_TYPE_IS_BLOCK_DEV]    = "block",
        [CCS_TYPE_IS_DIRECTORY]    = "directory",
        [CCS_TYPE_IS_CHAR_DEV]     = "char",
        [CCS_TYPE_IS_FIFO]         = "fifo",
        [CCS_MODE_SETUID]          = "setuid",
        [CCS_MODE_SETGID]          = "setgid",
        [CCS_MODE_STICKY]          = "sticky",
        [CCS_MODE_OWNER_READ]      = "owner_read",
        [CCS_MODE_OWNER_WRITE]     = "owner_write",
        [CCS_MODE_OWNER_EXECUTE]   = "owner_execute",
        [CCS_MODE_GROUP_READ]      = "group_read",
        [CCS_MODE_GROUP_WRITE]     = "group_write",
        [CCS_MODE_GROUP_EXECUTE]   = "group_execute",
        [CCS_MODE_OTHERS_READ]     = "others_read",
        [CCS_MODE_OTHERS_WRITE]    = "others_write",
        [CCS_MODE_OTHERS_EXECUTE]  = "others_execute",
        [CCS_TASK_TYPE]            = "task.type",
        [CCS_TASK_EXECUTE_HANDLER] = "execute_handler",
        [CCS_EXEC_REALPATH]        = "exec.realpath",
        [CCS_SYMLINK_TARGET]       = "symlink.target",
        [CCS_PATH1_UID]            = "path1.uid",
        [CCS_PATH1_GID]            = "path1.gid",
        [CCS_PATH1_INO]            = "path1.ino",
        [CCS_PATH1_MAJOR]          = "path1.major",
        [CCS_PATH1_MINOR]          = "path1.minor",
        [CCS_PATH1_PERM]           = "path1.perm",
        [CCS_PATH1_TYPE]           = "path1.type",
        [CCS_PATH1_DEV_MAJOR]      = "path1.dev_major",
        [CCS_PATH1_DEV_MINOR]      = "path1.dev_minor",
        [CCS_PATH2_UID]            = "path2.uid",
        [CCS_PATH2_GID]            = "path2.gid",
        [CCS_PATH2_INO]            = "path2.ino",
        [CCS_PATH2_MAJOR]          = "path2.major",
        [CCS_PATH2_MINOR]          = "path2.minor",
        [CCS_PATH2_PERM]           = "path2.perm",
        [CCS_PATH2_TYPE]           = "path2.type",
        [CCS_PATH2_DEV_MAJOR]      = "path2.dev_major",
        [CCS_PATH2_DEV_MINOR]      = "path2.dev_minor",
        [CCS_PATH1_PARENT_UID]     = "path1.parent.uid",
        [CCS_PATH1_PARENT_GID]     = "path1.parent.gid",
        [CCS_PATH1_PARENT_INO]     = "path1.parent.ino",
        [CCS_PATH1_PARENT_PERM]    = "path1.parent.perm",
        [CCS_PATH2_PARENT_UID]     = "path2.parent.uid",
        [CCS_PATH2_PARENT_GID]     = "path2.parent.gid",
        [CCS_PATH2_PARENT_INO]     = "path2.parent.ino",
        [CCS_PATH2_PARENT_PERM]    = "path2.parent.perm",
};

/* String table for PREFERENCE keyword. */
static const char * const ccs_pref_keywords[CCS_MAX_PREF] = {
        [CCS_PREF_MAX_AUDIT_LOG]      = "max_audit_log",
        [CCS_PREF_MAX_LEARNING_ENTRY] = "max_learning_entry",
        [CCS_PREF_ENFORCING_PENALTY]  = "enforcing_penalty",
};

/* String table for domain flags. */
const char * const ccs_dif[CCS_MAX_DOMAIN_INFO_FLAGS] = {
        [CCS_DIF_QUOTA_WARNED]      = "quota_exceeded\n",
        [CCS_DIF_TRANSITION_FAILED] = "transition_failed\n",
};

/* String table for domain transition control keywords. */
static const char * const ccs_transition_type[CCS_MAX_TRANSITION_TYPE] = {
        [CCS_TRANSITION_CONTROL_NO_RESET]      = "no_reset_domain ",
        [CCS_TRANSITION_CONTROL_RESET]         = "reset_domain ",
        [CCS_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain ",
        [CCS_TRANSITION_CONTROL_INITIALIZE]    = "initialize_domain ",
        [CCS_TRANSITION_CONTROL_NO_KEEP]       = "no_keep_domain ",
        [CCS_TRANSITION_CONTROL_KEEP]          = "keep_domain ",
};

/* String table for grouping keywords. */
static const char * const ccs_group_name[CCS_MAX_GROUP] = {
        [CCS_PATH_GROUP]    = "path_group ",
        [CCS_NUMBER_GROUP]  = "number_group ",
        [CCS_ADDRESS_GROUP] = "address_group ",
};

/* String table for /proc/ccs/stat interface. */
static const char * const ccs_policy_headers[CCS_MAX_POLICY_STAT] = {
        [CCS_STAT_POLICY_UPDATES]    = "update:",
        [CCS_STAT_POLICY_LEARNING]   = "violation in learning mode:",
        [CCS_STAT_POLICY_PERMISSIVE] = "violation in permissive mode:",
        [CCS_STAT_POLICY_ENFORCING]  = "violation in enforcing mode:",
};

/* String table for /proc/ccs/stat interface. */
static const char * const ccs_memory_headers[CCS_MAX_MEMORY_STAT] = {
        [CCS_MEMORY_POLICY]     = "policy:",
        [CCS_MEMORY_AUDIT]      = "audit log:",
        [CCS_MEMORY_QUERY]      = "query message:",
};

/***** SECTION2: Structure definition *****/

/* Structure for query. */
struct ccs_query {
        struct list_head list;
        struct ccs_domain_info *domain;
        char *query;
        size_t query_len;
        unsigned int serial;
        u8 timer;
        u8 answer;
        u8 retry;
};

/***** SECTION3: Prototype definition section *****/

const char *ccs_yesno(const unsigned int value);
void ccs_init_policy_namespace(struct ccs_policy_namespace *ns);
struct ccs_profile *ccs_profile(const u8 profile);
int ccs_supervisor(struct ccs_request_info *r, const char *fmt, ...);
void ccs_update_stat(const u8 index);
int ccs_open_control(const u8 type, struct file *file);
int ccs_poll_control(struct file *file, poll_table *wait);
ssize_t ccs_read_control(struct ccs_io_buffer *head, char __user *buffer, const size_t buffer_len);
ssize_t ccs_write_control(struct ccs_io_buffer *head, const char __user *buffer, const size_t buffer_len);
int ccs_close_control(struct ccs_io_buffer *head);
void __init ccs_policy_io_init(void);
void __init ccs_load_builtin_policy(void);

static void ccs_print_ip(char *buf, const unsigned int size,
                         const struct ccs_ipaddr_union *ptr);
static bool ccs_parse_name_union(struct ccs_acl_param *param, struct ccs_name_union *ptr);
static bool ccs_parse_number_union(struct ccs_acl_param *param, struct ccs_number_union *ptr);
static bool ccs_parse_ipaddr_union(struct ccs_acl_param *param, struct ccs_ipaddr_union *ptr);
static const struct ccs_path_info *ccs_get_dqword(char *start);
static bool ccs_parse_name_union_quoted(struct ccs_acl_param *param, struct ccs_name_union *ptr);
static bool ccs_parse_argv(char *left, char *right, struct ccs_argv *argv);
static bool ccs_parse_envp(char *left, char *right, struct ccs_envp *envp);
static bool ccs_same_condition(const struct ccs_condition *a, const struct ccs_condition *b);
static u8 ccs_condition_type(const char *word);
static struct ccs_condition *ccs_commit_condition(struct ccs_condition *entry);
static char *ccs_get_transit_preference(struct ccs_acl_param *param, struct ccs_condition *e);
static struct ccs_condition *ccs_get_condition(struct ccs_acl_param *param);
static void ccs_addprintf(char *buffer, int len, const char *fmt, ...) __attribute__ ((format(printf, 3, 4)));
static void ccs_addprintf(char *buffer, int len, const char *fmt, ...);
static bool ccs_flush(struct ccs_io_buffer *head);
static void ccs_set_string(struct ccs_io_buffer *head, const char *string);
static void ccs_io_printf(struct ccs_io_buffer *head, const char *fmt, ...) __attribute__ ((format(printf, 2, 3)));
static void ccs_io_printf(struct ccs_io_buffer *head, const char *fmt, ...);
static void ccs_set_space(struct ccs_io_buffer *head);
static bool ccs_set_lf(struct ccs_io_buffer *head);
static void ccs_set_slash(struct ccs_io_buffer *head);
static void ccs_print_namespace(struct ccs_io_buffer *head);
static struct ccs_profile *ccs_assign_profile(struct ccs_policy_namespace *ns, const unsigned int profile);
static void ccs_check_profile(void);
static s8 ccs_find_yesno(const char *string, const char *find);
static void ccs_set_uint(unsigned int *i, const char *string, const char *find);
static int ccs_set_mode(char *name, const char *value, struct ccs_profile *profile);
static int ccs_write_profile(struct ccs_io_buffer *head);
static void ccs_print_config(struct ccs_io_buffer *head, const u8 config);
static void ccs_read_profile(struct ccs_io_buffer *head);
static int ccs_update_policy(const int size, struct ccs_acl_param *param);
static int ccs_update_manager_entry(const char *manager, const bool is_delete);
static int ccs_write_manager(struct ccs_io_buffer *head);
static void ccs_read_manager(struct ccs_io_buffer *head);
static bool ccs_manager(void);
static bool ccs_select_domain(struct ccs_io_buffer *head, const char *data);
static int ccs_update_domain(const int size, struct ccs_acl_param *param);
static int ccs_write_task(struct ccs_acl_param *param);
static int ccs_write_inet_network(struct ccs_acl_param *param);
static int ccs_write_unix_network(struct ccs_acl_param *param);
static int ccs_write_file(struct ccs_acl_param *param);
static int ccs_write_misc(struct ccs_acl_param *param);
static int ccs_write_ipc(struct ccs_acl_param *param);
static int ccs_write_capability(struct ccs_acl_param *param);
static int ccs_write_domain2(struct ccs_policy_namespace *ns, struct list_head *list, char *data, const bool is_delete);
static int ccs_delete_domain(char *domainname);
static int ccs_write_domain(struct ccs_io_buffer *head);
static void ccs_print_name_union(struct ccs_io_buffer *head, const struct ccs_name_union *ptr);
static void ccs_print_name_union_quoted(struct ccs_io_buffer *head, const struct ccs_name_union *ptr);
static void ccs_print_number_union_nospace(struct ccs_io_buffer *head, const struct ccs_number_union *ptr);
static void ccs_print_number_union(struct ccs_io_buffer *head, const struct ccs_number_union *ptr);
static bool ccs_print_condition(struct ccs_io_buffer *head, const struct ccs_condition *cond);
static void ccs_set_group(struct ccs_io_buffer *head, const char *category);
static bool ccs_print_entry(struct ccs_io_buffer *head, const struct ccs_acl_info *acl);
static bool ccs_read_domain2(struct ccs_io_buffer *head, struct list_head *list);
static void ccs_read_domain(struct ccs_io_buffer *head);
static int ccs_write_pid(struct ccs_io_buffer *head);
static void ccs_read_pid(struct ccs_io_buffer *head);
static int ccs_write_group(struct ccs_acl_param *param, const u8 type);
static bool __ccs_lport_reserved(const u16 port);
static int ccs_write_reserved_port(struct ccs_acl_param *param);
static int ccs_write_aggregator(struct ccs_acl_param *param);
static int ccs_write_transition_control(struct ccs_acl_param *param, const u8 type);
static int ccs_write_exception(struct ccs_io_buffer *head);
static bool ccs_read_group(struct ccs_io_buffer *head, const int idx);
static bool ccs_read_policy(struct ccs_io_buffer *head, const int idx);
static void ccs_read_exception(struct ccs_io_buffer *head);
static int ccs_truncate(char *str);
static void ccs_add_entry(char *header);
static struct ccs_domain_info *ccs_find_domain_by_qid(unsigned int serial);
static int ccs_poll_query(struct file *file, poll_table *wait);
static void ccs_read_query(struct ccs_io_buffer *head);
static int ccs_write_answer(struct ccs_io_buffer *head);
static void ccs_read_version(struct ccs_io_buffer *head);
static void ccs_read_stat(struct ccs_io_buffer *head);
static int ccs_write_stat(struct ccs_io_buffer *head);
static void ccs_set_namespace_cursor(struct ccs_io_buffer *head);
static bool ccs_has_more_namespace(struct ccs_io_buffer *head);
static int ccs_parse_policy(struct ccs_io_buffer *head, char *line);

/***** SECTION4: Standalone functions section *****/

#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 5, 0)

/**
 * __wait_event_interruptible_timeout - Sleep until a condition gets true or a timeout elapses.
 *
 * @wq:        The waitqueue to wait on.
 * @condition: A C expression for the event to wait for.
 * @ret:       Timeout, in jiffies.
 *
 * Returns 0 if the @timeout elapsed, -ERESTARTSYS if it was interrupted by a
 * signal, and the remaining jiffies otherwise if the condition evaluated to
 * true before the timeout elapsed.
 *
 * This is for compatibility with older kernels.
 */
#define __wait_event_interruptible_timeout(wq, condition, ret)          \
do {                                                                    \
        wait_queue_t __wait;                                            \
        init_waitqueue_entry(&__wait, current);                         \
                                                                        \
        add_wait_queue(&wq, &__wait);                                   \
        for (;;) {                                                      \
                set_current_state(TASK_INTERRUPTIBLE);                  \
                if (condition)                                          \
                        break;                                          \
                if (!signal_pending(current)) {                         \
                        ret = schedule_timeout(ret);                    \
                        if (!ret)                                       \
                                break;                                  \
                        continue;                                       \
                }                                                       \
                ret = -ERESTARTSYS;                                     \
                break;                                                  \
        }                                                               \
        current->state = TASK_RUNNING;                                  \
        remove_wait_queue(&wq, &__wait);                                \
} while (0)

/**
 * wait_event_interruptible_timeout - Sleep until a condition gets true or a timeout elapses.
 *
 * @wq:        The waitqueue to wait on.
 * @condition: A C expression for the event to wait for.
 * @timeout:   Timeout, in jiffies.
 *
 * Returns 0 if the @timeout elapsed, -ERESTARTSYS if it was interrupted by a
 * signal, and the remaining jiffies otherwise if the condition evaluated to
 * true before the timeout elapsed.
 *
 * This is for compatibility with older kernels.
 */
#define wait_event_interruptible_timeout(wq, condition, timeout)        \
({                                                                      \
        long __ret = timeout;                                           \
        if (!(condition))                                               \
                __wait_event_interruptible_timeout(wq, condition, __ret); \
        __ret;                                                          \
})

#endif

#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19) && defined(CONFIG_NET)
#define ccs_in4_pton in4_pton
#define ccs_in6_pton in6_pton
#else
/*
 * Routines for parsing IPv4 or IPv6 address.
 * These are copied from lib/hexdump.c net/core/utils.c .
 */
#include <linux/ctype.h>

#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35)
static int hex_to_bin(char ch)
{
        if ((ch >= '0') && (ch <= '9'))
                return ch - '0';
        ch = tolower(ch);
        if ((ch >= 'a') && (ch <= 'f'))
                return ch - 'a' + 10;
        return -1;
}
#endif

#define IN6PTON_XDIGIT          0x00010000
#define IN6PTON_DIGIT           0x00020000
#define IN6PTON_COLON_MASK      0x00700000
#define IN6PTON_COLON_1         0x00100000      /* single : requested */
#define IN6PTON_COLON_2         0x00200000      /* second : requested */
#define IN6PTON_COLON_1_2       0x00400000      /* :: requested */
#define IN6PTON_DOT             0x00800000      /* . */
#define IN6PTON_DELIM           0x10000000
#define IN6PTON_NULL            0x20000000      /* first/tail */
#define IN6PTON_UNKNOWN         0x40000000

static inline int xdigit2bin(char c, int delim)
{
        int val;

        if (c == delim || c == '\0')
                return IN6PTON_DELIM;
        if (c == ':')
                return IN6PTON_COLON_MASK;
        if (c == '.')
                return IN6PTON_DOT;

        val = hex_to_bin(c);
        if (val >= 0)
                return val | IN6PTON_XDIGIT | (val < 10 ? IN6PTON_DIGIT : 0);

        if (delim == -1)
                return IN6PTON_DELIM;
        return IN6PTON_UNKNOWN;
}

static int ccs_in4_pton(const char *src, int srclen, u8 *dst, int delim,
                        const char **end)
{
        const char *s;
        u8 *d;
        u8 dbuf[4];
        int ret = 0;
        int i;
        int w = 0;

        if (srclen < 0)
                srclen = strlen(src);
        s = src;
        d = dbuf;
        i = 0;
        while (1) {
                int c;
                c = xdigit2bin(srclen > 0 ? *s : '\0', delim);
                if (!(c & (IN6PTON_DIGIT | IN6PTON_DOT | IN6PTON_DELIM |
                           IN6PTON_COLON_MASK)))
                        goto out;
                if (c & (IN6PTON_DOT | IN6PTON_DELIM | IN6PTON_COLON_MASK)) {
                        if (w == 0)
                                goto out;
                        *d++ = w & 0xff;
                        w = 0;
                        i++;
                        if (c & (IN6PTON_DELIM | IN6PTON_COLON_MASK)) {
                                if (i != 4)
                                        goto out;
                                break;
                        }
                        goto cont;
                }
                w = (w * 10) + c;
                if ((w & 0xffff) > 255)
                        goto out;
cont:
                if (i >= 4)
                        goto out;
                s++;
                srclen--;
        }
        ret = 1;
        memcpy(dst, dbuf, sizeof(dbuf));
out:
        if (end)
                *end = s;
        return ret;
}

static int ccs_in6_pton(const char *src, int srclen, u8 *dst, int delim,
                        const char **end)
{
        const char *s, *tok = NULL;
        u8 *d, *dc = NULL;
        u8 dbuf[16];
        int ret = 0;
        int i;
        int state = IN6PTON_COLON_1_2 | IN6PTON_XDIGIT | IN6PTON_NULL;
        int w = 0;

        memset(dbuf, 0, sizeof(dbuf));

        s = src;
        d = dbuf;
        if (srclen < 0)
                srclen = strlen(src);

        while (1) {
                int c;

                c = xdigit2bin(srclen > 0 ? *s : '\0', delim);
                if (!(c & state))
                        goto out;
                if (c & (IN6PTON_DELIM | IN6PTON_COLON_MASK)) {
                        /* process one 16-bit word */
                        if (!(state & IN6PTON_NULL)) {
                                *d++ = (w >> 8) & 0xff;
                                *d++ = w & 0xff;
                        }
                        w = 0;
                        if (c & IN6PTON_DELIM) {
                                /* We've processed last word */
                                break;
                        }
                        /*
                         * COLON_1 => XDIGIT
                         * COLON_2 => XDIGIT|DELIM
                         * COLON_1_2 => COLON_2
                         */
                        switch (state & IN6PTON_COLON_MASK) {
                        case IN6PTON_COLON_2:
                                dc = d;
                                state = IN6PTON_XDIGIT | IN6PTON_DELIM;
                                if (dc - dbuf >= sizeof(dbuf))
                                        state |= IN6PTON_NULL;
                                break;
                        case IN6PTON_COLON_1|IN6PTON_COLON_1_2:
                                state = IN6PTON_XDIGIT | IN6PTON_COLON_2;
                                break;
                        case IN6PTON_COLON_1:
                                state = IN6PTON_XDIGIT;
                                break;
                        case IN6PTON_COLON_1_2:
                                state = IN6PTON_COLON_2;
                                break;
                        default:
                                state = 0;
                        }
                        tok = s + 1;
                        goto cont;
                }

                if (c & IN6PTON_DOT) {
                        ret = ccs_in4_pton(tok ? tok : s, srclen +
                                           (int)(s - tok), d, delim, &s);
                        if (ret > 0) {
                                d += 4;
                                break;
                        }
                        goto out;
                }

                w = (w << 4) | (0xff & c);
                state = IN6PTON_COLON_1 | IN6PTON_DELIM;
                if (!(w & 0xf000))
                        state |= IN6PTON_XDIGIT;
                if (!dc && d + 2 < dbuf + sizeof(dbuf)) {
                        state |= IN6PTON_COLON_1_2;
                        state &= ~IN6PTON_DELIM;
                }
                if (d + 2 >= dbuf + sizeof(dbuf))
                        state &= ~(IN6PTON_COLON_1|IN6PTON_COLON_1_2);
cont:
                if ((dc && d + 4 < dbuf + sizeof(dbuf)) ||
                    d + 4 == dbuf + sizeof(dbuf))
                        state |= IN6PTON_DOT;
                if (d >= dbuf + sizeof(dbuf))
                        state &= ~(IN6PTON_XDIGIT|IN6PTON_COLON_MASK);
                s++;
                srclen--;
        }

        i = 15; d--;

        if (dc) {
                while (d >= dc)
                        dst[i--] = *d--;
                while (i >= dc - dbuf)
                        dst[i--] = 0;
                while (i >= 0)
                        dst[i--] = *d--;
        } else
                memcpy(dst, dbuf, sizeof(dbuf));

        ret = 1;
out:
        if (end)
                *end = s;
        return ret;
}
#endif

#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 32)

/*
 * Routines for printing IPv4 or IPv6 address.
 * These are copied from include/linux/kernel.h include/net/ipv6.h
 * include/net/addrconf.h lib/hexdump.c lib/vsprintf.c and simplified.
 */
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 26)
static const char hex_asc[] = "0123456789abcdef";
#define hex_asc_lo(x)   hex_asc[((x) & 0x0f)]
#define hex_asc_hi(x)   hex_asc[((x) & 0xf0) >> 4]

static inline char *pack_hex_byte(char *buf, u8 byte)
{
        *buf++ = hex_asc_hi(byte);
        *buf++ = hex_asc_lo(byte);
        return buf;
}
#endif

#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 24)
static inline int ipv6_addr_v4mapped(const struct in6_addr *a)
{
        return (a->s6_addr32[0] | a->s6_addr32[1] |
                (a->s6_addr32[2] ^ htonl(0x0000ffff))) == 0;
}
#endif

static inline int ipv6_addr_is_isatap(const struct in6_addr *addr)
{
        return (addr->s6_addr32[2] | htonl(0x02000000)) == htonl(0x02005EFE);
}

static char *ip4_string(char *p, const u8 *addr)
{
        /*
         * Since this function is called outside vsnprintf(), I can use
         * sprintf() here.
         */
        return p +
                sprintf(p, "%u.%u.%u.%u", addr[0], addr[1], addr[2], addr[3]);
}

static char *ip6_compressed_string(char *p, const char *addr)
{
        int i, j, range;
        unsigned char zerolength[8];
        int longest = 1;
        int colonpos = -1;
        u16 word;
        u8 hi, lo;
        bool needcolon = false;
        bool useIPv4;
        struct in6_addr in6;

        memcpy(&in6, addr, sizeof(struct in6_addr));

        useIPv4 = ipv6_addr_v4mapped(&in6) || ipv6_addr_is_isatap(&in6);

        memset(zerolength, 0, sizeof(zerolength));

        if (useIPv4)
                range = 6;
        else
                range = 8;

        /* find position of longest 0 run */
        for (i = 0; i < range; i++) {
                for (j = i; j < range; j++) {
                        if (in6.s6_addr16[j] != 0)
                                break;
                        zerolength[i]++;
                }
        }
        for (i = 0; i < range; i++) {
                if (zerolength[i] > longest) {
                        longest = zerolength[i];
                        colonpos = i;
                }
        }
        if (longest == 1)               /* don't compress a single 0 */
                colonpos = -1;

        /* emit address */
        for (i = 0; i < range; i++) {
                if (i == colonpos) {
                        if (needcolon || i == 0)
                                *p++ = ':';
                        *p++ = ':';
                        needcolon = false;
                        i += longest - 1;
                        continue;
                }
                if (needcolon) {
                        *p++ = ':';
                        needcolon = false;
                }
                /* hex u16 without leading 0s */
                word = ntohs(in6.s6_addr16[i]);
                hi = word >> 8;
                lo = word & 0xff;
                if (hi) {
                        if (hi > 0x0f)
                                p = pack_hex_byte(p, hi);
                        else
                                *p++ = hex_asc_lo(hi);
                        p = pack_hex_byte(p, lo);
                } else if (lo > 0x0f)
                        p = pack_hex_byte(p, lo);
                else
                        *p++ = hex_asc_lo(lo);
                needcolon = true;
        }

        if (useIPv4) {
                if (needcolon)
                        *p++ = ':';
                p = ip4_string(p, &in6.s6_addr[12]);
        }
        *p = '\0';

        return p;
}
#endif

/**
 * ccs_print_ipv4 - Print an IPv4 address.
 *
 * @buffer:     Buffer to write to.
 * @buffer_len: Size of @buffer.
 * @ip:         Pointer to "u32 in network byte order".
 *
 * Returns written length.
 */
int ccs_print_ipv4(char *buffer, const unsigned int buffer_len, const u32 *ip)
{
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 32)
        return snprintf(buffer, buffer_len, "%pI4", ip);
#else
        char addr[sizeof("255.255.255.255")];
        ip4_string(addr, (const u8 *) ip);
        return snprintf(buffer, buffer_len, "%s", addr);
#endif
}

/**
 * ccs_print_ipv6 - Print an IPv6 address.
 *
 * @buffer:     Buffer to write to.
 * @buffer_len: Size of @buffer.
 * @ip:         Pointer to "struct in6_addr".
 *
 * Returns written length.
 */
int ccs_print_ipv6(char *buffer, const unsigned int buffer_len,
                   const struct in6_addr *ip)
{
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 32)
        return snprintf(buffer, buffer_len, "%pI6c", ip);
#else
        char addr[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255")];
        ip6_compressed_string(addr, (const u8 *) ip);
        return snprintf(buffer, buffer_len, "%s", addr);
#endif
}

/***** SECTION5: Variables definition section *****/

/* Permit policy management by non-root user? */
static bool ccs_manage_by_non_root;

/* List of namespaces. */
LIST_HEAD(ccs_namespace_list);
/* True if namespace other than ccs_kernel_namespace is defined. */
static bool ccs_namespace_enabled;

/* Bitmap for reserved local port numbers.*/
static u8 ccs_reserved_port_map[8192];

/* Wait queue for kernel -> userspace notification. */
static DECLARE_WAIT_QUEUE_HEAD(ccs_query_wait);
/* Wait queue for userspace -> kernel notification. */
static DECLARE_WAIT_QUEUE_HEAD(ccs_answer_wait);

/* The list for "struct ccs_query". */
static LIST_HEAD(ccs_query_list);

/* Lock for manipulating ccs_query_list. */
static DEFINE_SPINLOCK(ccs_query_list_lock);

/* Number of "struct file" referring /proc/ccs/query interface. */
static atomic_t ccs_query_observers = ATOMIC_INIT(0);

/* Timestamp counter for last updated. */
static unsigned int ccs_stat_updated[CCS_MAX_POLICY_STAT];
/* Counter for number of updates. */
static unsigned int ccs_stat_modified[CCS_MAX_POLICY_STAT];

/***** SECTION6: Dependent functions section *****/

/**
 * list_for_each_cookie - iterate over a list with cookie.
 *
 * @pos:  Pointer to "struct list_head".
 * @head: Pointer to "struct list_head".
 */
#define list_for_each_cookie(pos, head)                                 \
        for (pos = pos ? pos : srcu_dereference((head)->next, &ccs_ss); \
             pos != (head); pos = srcu_dereference(pos->next, &ccs_ss))

/**
 * ccs_print_ip - Print an IP address.
 *
 * @buf:  Buffer to write to.
 * @size: Size of @buf.
 * @ptr:  Pointer to "struct ipaddr_union".
 *
 * Returns nothing.
 */
static void ccs_print_ip(char *buf, const unsigned int size,
                         const struct ccs_ipaddr_union *ptr)
{
        int len;
        if (ptr->is_ipv6)
                len = ccs_print_ipv6(buf, size, &ptr->ip[0]);
        else
                len = ccs_print_ipv4(buf, size, &ptr->ip[0].s6_addr32[0]);
        if (!memcmp(&ptr->ip[0], &ptr->ip[1], 16) || len >= size / 2)
                return;
        buf[len++] = '-';
        if (ptr->is_ipv6)
                ccs_print_ipv6(buf + len, size - len, &ptr->ip[1]);
        else
                ccs_print_ipv4(buf + len, size - len,
                               &ptr->ip[1].s6_addr32[0]);
}

/**
 * ccs_parse_name_union - Parse a ccs_name_union.
 *
 * @param: Pointer to "struct ccs_acl_param".
 * @ptr:   Pointer to "struct ccs_name_union".
 *
 * Returns true on success, false otherwise.
 */
static bool ccs_parse_name_union(struct ccs_acl_param *param,
                                 struct ccs_name_union *ptr)
{
        char *filename;
        if (param->data[0] == '@') {
                param->data++;
                ptr->group = ccs_get_group(param, CCS_PATH_GROUP);
                return ptr->group != NULL;
        }
        filename = ccs_read_token(param);
        if (!ccs_correct_word(filename))
                return false;
        ptr->filename = ccs_get_name(filename);
        return ptr->filename != NULL;
}

/**
 * ccs_parse_number_union - Parse a ccs_number_union.
 *
 * @param: Pointer to "struct ccs_acl_param".
 * @ptr:   Pointer to "struct ccs_number_union".
 *
 * Returns true on success, false otherwise.
 */
static bool ccs_parse_number_union(struct ccs_acl_param *param,
                                   struct ccs_number_union *ptr)
{
        char *data;
        u8 type;
        unsigned long v;
        memset(ptr, 0, sizeof(*ptr));
        if (param->data[0] == '@') {
                param->data++;
                ptr->group = ccs_get_group(param, CCS_NUMBER_GROUP);
                return ptr->group != NULL;
        }
        data = ccs_read_token(param);
        type = ccs_parse_ulong(&v, &data);
        if (type == CCS_VALUE_TYPE_INVALID)
                return false;
        ptr->values[0] = v;
        ptr->value_type[0] = type;
        if (!*data) {
                ptr->values[1] = v;
                ptr->value_type[1] = type;
                return true;
        }
        if (*data++ != '-')
                return false;
        type = ccs_parse_ulong(&v, &data);
        if (type == CCS_VALUE_TYPE_INVALID || *data || ptr->values[0] > v)
                return false;
        ptr->values[1] = v;
        ptr->value_type[1] = type;
        return true;
}

/**
 * ccs_parse_ipaddr_union - Parse an IP address.
 *
 * @param: Pointer to "struct ccs_acl_param".
 * @ptr:   Pointer to "struct ccs_ipaddr_union".
 *
 * Returns true on success, false otherwise.
 */
static bool ccs_parse_ipaddr_union(struct ccs_acl_param *param,
                                   struct ccs_ipaddr_union *ptr)
{
        u8 * const min = ptr->ip[0].in6_u.u6_addr8;
        u8 * const max = ptr->ip[1].in6_u.u6_addr8;
        char *address = ccs_read_token(param);
        const char *end;
        if (!strchr(address, ':') &&
            ccs_in4_pton(address, -1, min, '-', &end) > 0) {
                ptr->is_ipv6 = false;
                if (!*end)
                        ptr->ip[1].s6_addr32[0] = ptr->ip[0].s6_addr32[0];
                else if (*end++ != '-' ||
                         ccs_in4_pton(end, -1, max, '\0', &end) <= 0 || *end)
                        return false;
                return true;
        }
        if (ccs_in6_pton(address, -1, min, '-', &end) > 0) {
                ptr->is_ipv6 = true;
                if (!*end)
                        memmove(max, min, sizeof(u16) * 8);
                else if (*end++ != '-' ||
                         ccs_in6_pton(end, -1, max, '\0', &end) <= 0 || *end)
                        return false;
                return true;
        }
        return false;
}

/**
 * ccs_get_dqword - ccs_get_name() for a quoted string.
 *
 * @start: String to save.
 *
 * Returns pointer to "struct ccs_path_info" on success, NULL otherwise.
 */
static const struct ccs_path_info *ccs_get_dqword(char *start)
{
        char *cp = start + strlen(start) - 1;
        if (cp == start || *start++ != '"' || *cp != '"')
                return NULL;
        *cp = '\0';
        if (*start && !ccs_correct_word(start))
                return NULL;
        return ccs_get_name(start);
}

/**
 * ccs_parse_name_union_quoted - Parse a quoted word.
 *
 * @param: Pointer to "struct ccs_acl_param".
 * @ptr:   Pointer to "struct ccs_name_union".
 *
 * Returns true on success, false otherwise.
 */
static bool ccs_parse_name_union_quoted(struct ccs_acl_param *param,
                                        struct ccs_name_union *ptr)
{
        char *filename = param->data;
        if (*filename == '@')
                return ccs_parse_name_union(param, ptr);
        ptr->filename = ccs_get_dqword(filename);
        return ptr->filename != NULL;
}

/**
 * ccs_parse_argv - Parse an argv[] condition part.
 *
 * @left:  Lefthand value.
 * @right: Righthand value.
 * @argv:  Pointer to "struct ccs_argv".
 *
 * Returns true on success, false otherwise.
 */
static bool ccs_parse_argv(char *left, char *right, struct ccs_argv *argv)
{
        if (ccs_parse_ulong(&argv->index, &left) != CCS_VALUE_TYPE_DECIMAL ||
            *left++ != ']' || *left)
                return false;
        argv->value = ccs_get_dqword(right);
        return argv->value != NULL;
}

/**
 * ccs_parse_envp - Parse an envp[] condition part.
 *
 * @left:  Lefthand value.
 * @right: Righthand value.
 * @envp:  Pointer to "struct ccs_envp".
 *
 * Returns true on success, false otherwise.
 */
static bool ccs_parse_envp(char *left, char *right, struct ccs_envp *envp)
{
        const struct ccs_path_info *name;
        const struct ccs_path_info *value;
        char *cp = left + strlen(left) - 1;
        if (*cp-- != ']' || *cp != '"')
                goto out;
        *cp = '\0';
        if (!ccs_correct_word(left))
                goto out;
        name = ccs_get_name(left);
        if (!name)
                goto out;
        if (!strcmp(right, "NULL")) {
                value = NULL;
        } else {
                value = ccs_get_dqword(right);
                if (!value) {
                        ccs_put_name(name);
                        goto out;
                }
        }
        envp->name = name;
        envp->value = value;
        return true;
out:
        return false;
}

/**
 * ccs_same_condition - Check for duplicated "struct ccs_condition" entry.
 *
 * @a: Pointer to "struct ccs_condition".
 * @b: Pointer to "struct ccs_condition".
 *
 * Returns true if @a == @b, false otherwise.
 */
static bool ccs_same_condition(const struct ccs_condition *a,
                               const struct ccs_condition *b)
{
        return a->size == b->size && a->condc == b->condc &&
                a->numbers_count == b->numbers_count &&
                a->names_count == b->names_count &&
                a->argc == b->argc && a->envc == b->envc &&
                a->grant_log == b->grant_log &&
                a->exec_transit == b->exec_transit && a->transit == b->transit
                && !memcmp(a + 1, b + 1, a->size - sizeof(*a));
}

/**
 * ccs_condition_type - Get condition type.
 *
 * @word: Keyword string.
 *
 * Returns one of values in "enum ccs_conditions_index" on success,
 * CCS_MAX_CONDITION_KEYWORD otherwise.
 */
static u8 ccs_condition_type(const char *word)
{
        u8 i;
        for (i = 0; i < CCS_MAX_CONDITION_KEYWORD; i++) {
                if (!strcmp(word, ccs_condition_keyword[i]))
                        break;
        }
        return i;
}

/**
 * ccs_commit_condition - Commit "struct ccs_condition".
 *
 * @entry: Pointer to "struct ccs_condition".
 *
 * Returns pointer to "struct ccs_condition" on success, NULL otherwise.
 *
 * This function merges duplicated entries. This function returns NULL if
 * @entry is not duplicated but memory quota for policy has exceeded.
 */
static struct ccs_condition *ccs_commit_condition(struct ccs_condition *entry)
{
        struct ccs_condition *ptr;
        bool found = false;
        if (mutex_lock_interruptible(&ccs_policy_lock)) {
                dprintk(KERN_WARNING "%u: %s failed\n", __LINE__, __func__);
                ptr = NULL;
                found = true;
                goto out;
        }
        list_for_each_entry(ptr, &ccs_condition_list, head.list) {
                if (!ccs_same_condition(ptr, entry) ||
                    atomic_read(&ptr->head.users) == CCS_GC_IN_PROGRESS)
                        continue;
                /* Same entry found. Share this entry. */
                atomic_inc(&ptr->head.users);
                found = true;
                break;
        }
        if (!found) {
                if (ccs_memory_ok(entry, entry->size)) {
                        atomic_set(&entry->head.users, 1);
                        list_add(&entry->head.list, &ccs_condition_list);
                } else {
                        found = true;
                        ptr = NULL;
                }
        }
        mutex_unlock(&ccs_policy_lock);
out:
        if (found) {
                ccs_del_condition(&entry->head.list);
                kfree(entry);
                entry = ptr;
        }
        return entry;
}

/**
 * ccs_get_transit_preference - Parse domain transition preference for execve().
 *
 * @param: Pointer to "struct ccs_acl_param".
 * @e:     Pointer to "struct ccs_condition".
 *
 * Returns the condition string part.
 */
static char *ccs_get_transit_preference(struct ccs_acl_param *param,
                                        struct ccs_condition *e)
{
        char * const pos = param->data;
        bool flag;
        if (*pos == '<') {
                e->transit = ccs_get_domainname(param);
                goto done;
        }
        {
                char *cp = strchr(pos, ' ');
                if (cp)
                        *cp = '\0';
                flag = ccs_correct_path(pos) || !strcmp(pos, "keep") ||
                        !strcmp(pos, "initialize") || !strcmp(pos, "reset") ||
                        !strcmp(pos, "child") || !strcmp(pos, "parent");
                if (cp)
                        *cp = ' ';
        }
        if (!flag)
                return pos;
        e->transit = ccs_get_name(ccs_read_token(param));
done:
        if (e->transit) {
                e->exec_transit = true;
                return param->data;
        }
        /*
         * Return a bad read-only condition string that will let
         * ccs_get_condition() return NULL.
         */
        return "/";
}

/**
 * ccs_get_condition - Parse condition part.
 *
 * @param: Pointer to "struct ccs_acl_param".
 *
 * Returns pointer to "struct ccs_condition" on success, NULL otherwise.
 */
struct ccs_condition *ccs_get_condition(struct ccs_acl_param *param)
{
        struct ccs_condition *entry = NULL;
        struct ccs_condition_element *condp = NULL;
        struct ccs_number_union *numbers_p = NULL;
        struct ccs_name_union *names_p = NULL;
        struct ccs_argv *argv = NULL;
        struct ccs_envp *envp = NULL;
        struct ccs_condition e = { };
        char * const start_of_string = ccs_get_transit_preference(param, &e);
        char * const end_of_string = start_of_string + strlen(start_of_string);
        char *pos;
rerun:
        pos = start_of_string;
        while (1) {
                u8 left = -1;
                u8 right = -1;
                char *left_word = pos;
                char *cp;
                char *right_word;
                bool is_not;
                if (!*left_word)
                        break;
                /*
                 * Since left-hand condition does not allow use of "path_group"
                 * or "number_group" and environment variable's names do not
                 * accept '=', it is guaranteed that the original line consists
                 * of one or more repetition of $left$operator$right blocks
                 * where "$left is free from '=' and ' '" and "$operator is
                 * either '=' or '!='" and "$right is free from ' '".
                 * Therefore, we can reconstruct the original line at the end
                 * of dry run even if we overwrite $operator with '\0'.
                 */
                cp = strchr(pos, ' ');
                if (cp) {
                        *cp = '\0'; /* Will restore later. */
                        pos = cp + 1;
                } else {
                        pos = "";
                }
                right_word = strchr(left_word, '=');
                if (!right_word || right_word == left_word)
                        goto out;
                is_not = *(right_word - 1) == '!';
                if (is_not)
                        *(right_word++ - 1) = '\0'; /* Will restore later. */
                else if (*(right_word + 1) != '=')
                        *right_word++ = '\0'; /* Will restore later. */
                else
                        goto out;
                dprintk(KERN_WARNING "%u: <%s>%s=<%s>\n", __LINE__, left_word,
                        is_not ? "!" : "", right_word);
                if (!strcmp(left_word, "grant_log")) {
                        if (entry) {
                                if (is_not ||
                                    entry->grant_log != CCS_GRANTLOG_AUTO)
                                        goto out;
                                else if (!strcmp(right_word, "yes"))
                                        entry->grant_log = CCS_GRANTLOG_YES;
                                else if (!strcmp(right_word, "no"))
                                        entry->grant_log = CCS_GRANTLOG_NO;
                                else
                                        goto out;
                        }
                        continue;
                }
                if (!strcmp(left_word, "auto_domain_transition")) {
                        if (entry) {
                                if (is_not || entry->transit)
                                        goto out;
                                entry->transit = ccs_get_dqword(right_word);
                                if (!entry->transit ||
                                    (entry->transit->name[0] != '/' &&
                                     !ccs_domain_def(entry->transit->name)))
                                        goto out;
                        }
                        continue;
                }
                if (!strncmp(left_word, "exec.argv[", 10)) {
                        if (!argv) {
                                e.argc++;
                                e.condc++;
                        } else {
                                e.argc--;
                                e.condc--;
                                left = CCS_ARGV_ENTRY;
                                argv->is_not = is_not;
                                if (!ccs_parse_argv(left_word + 10,
                                                    right_word, argv++))
                                        goto out;
                        }
                        goto store_value;
                }
                if (!strncmp(left_word, "exec.envp[\"", 11)) {
                        if (!envp) {
                                e.envc++;
                                e.condc++;
                        } else {
                                e.envc--;
                                e.condc--;
                                left = CCS_ENVP_ENTRY;
                                envp->is_not = is_not;
                                if (!ccs_parse_envp(left_word + 11,
                                                    right_word, envp++))
                                        goto out;
                        }
                        goto store_value;
                }
                left = ccs_condition_type(left_word);
                dprintk(KERN_WARNING "%u: <%s> left=%u\n", __LINE__, left_word,
                        left);
                if (left == CCS_MAX_CONDITION_KEYWORD) {
                        if (!numbers_p) {
                                e.numbers_count++;
                        } else {
                                e.numbers_count--;
                                left = CCS_NUMBER_UNION;
                                param->data = left_word;
                                if (*left_word == '@' ||
                                    !ccs_parse_number_union(param,
                                                            numbers_p++))
                                        goto out;
                        }
                }
                if (!condp)
                        e.condc++;
                else
                        e.condc--;
                if (left == CCS_EXEC_REALPATH || left == CCS_SYMLINK_TARGET) {
                        if (!names_p) {
                                e.names_count++;
                        } else {
                                e.names_count--;
                                right = CCS_NAME_UNION;
                                param->data = right_word;
                                if (!ccs_parse_name_union_quoted(param,
                                                                 names_p++))
                                        goto out;
                        }
                        goto store_value;
                }
                right = ccs_condition_type(right_word);
                if (right == CCS_MAX_CONDITION_KEYWORD) {
                        if (!numbers_p) {
                                e.numbers_count++;
                        } else {
                                e.numbers_count--;
                                right = CCS_NUMBER_UNION;
                                param->data = right_word;
                                if (!ccs_parse_number_union(param,
                                                            numbers_p++))
                                        goto out;
                        }
                }
store_value:
                if (!condp) {
                        dprintk(KERN_WARNING "%u: dry_run left=%u right=%u "
                                "match=%u\n", __LINE__, left, right, !is_not);
                        continue;
                }
                condp->left = left;
                condp->right = right;
                condp->equals = !is_not;
                dprintk(KERN_WARNING "%u: left=%u right=%u match=%u\n",
                        __LINE__, condp->left, condp->right,
                        condp->equals);
                condp++;
        }
        dprintk(KERN_INFO "%u: cond=%u numbers=%u names=%u ac=%u ec=%u\n",
                __LINE__, e.condc, e.numbers_count, e.names_count, e.argc,
                e.envc);
        if (entry) {
                BUG_ON(e.names_count | e.numbers_count | e.argc | e.envc |
                       e.condc);
                return ccs_commit_condition(entry);
        }
        e.size = sizeof(*entry)
                + e.condc * sizeof(struct ccs_condition_element)
                + e.numbers_count * sizeof(struct ccs_number_union)
                + e.names_count * sizeof(struct ccs_name_union)
                + e.argc * sizeof(struct ccs_argv)
                + e.envc * sizeof(struct ccs_envp);
        entry = kzalloc(e.size, CCS_GFP_FLAGS);
        if (!entry)
                goto out2;
        *entry = e;
        e.transit = NULL;
        condp = (struct ccs_condition_element *) (entry + 1);
        numbers_p = (struct ccs_number_union *) (condp + e.condc);
        names_p = (struct ccs_name_union *) (numbers_p + e.numbers_count);
        argv = (struct ccs_argv *) (names_p + e.names_count);
        envp = (struct ccs_envp *) (argv + e.argc);
        {
                bool flag = false;
                for (pos = start_of_string; pos < end_of_string; pos++) {
                        if (*pos)
                                continue;
                        if (flag) /* Restore " ". */
                                *pos = ' ';
                        else if (*(pos + 1) == '=') /* Restore "!=". */
                                *pos = '!';
                        else /* Restore "=". */
                                *pos = '=';
                        flag = !flag;
                }
        }
        goto rerun;
out:
        dprintk(KERN_WARNING "%u: %s failed\n", __LINE__, __func__);
        if (entry) {
                ccs_del_condition(&entry->head.list);
                kfree(entry);
        }
out2:
        ccs_put_name(e.transit);
        return NULL;
}

/* Permit policy management by non-root user? */
static bool ccs_manage_by_non_root;

/**
 * ccs_yesno - Return "yes" or "no".
 *
 * @value: Bool value.
 *
 * Returns "yes" if @value is not 0, "no" otherwise.
 */
const char *ccs_yesno(const unsigned int value)
{
        return value ? "yes" : "no";
}

/**
 * ccs_addprintf - strncat()-like-snprintf().
 *
 * @buffer: Buffer to write to. Must be '\0'-terminated.
 * @len:    Size of @buffer.
 * @fmt:    The printf()'s format string, followed by parameters.
 *
 * Returns nothing.
 */
static void ccs_addprintf(char *buffer, int len, const char *fmt, ...)
{
        va_list args;
        const int pos = strlen(buffer);
        va_start(args, fmt);
        vsnprintf(buffer + pos, len - pos - 1, fmt, args);
        va_end(args);
}

/**
 * ccs_flush - Flush queued string to userspace's buffer.
 *
 * @head: Pointer to "struct ccs_io_buffer".
 *
 * Returns true if all data was flushed, false otherwise.
 */
static bool ccs_flush(struct ccs_io_buffer *head)
{
        while (head->r.w_pos) {
                const char *w = head->r.w[0];
                size_t len = strlen(w);
                if (len) {
                        if (len > head->read_user_buf_avail)
                                len = head->read_user_buf_avail;
                        if (!len)
                                return false;
                        if (copy_to_user(head->read_user_buf, w, len))
                                return false;
                        head->read_user_buf_avail -= len;
                        head->read_user_buf += len;
                        w += len;
                }
                head->r.w[0] = w;
                if (*w)
                        return false;
                /* Add '\0' for audit logs and query. */
                if (head->type == CCS_AUDIT || head->type == CCS_QUERY) {
                        if (!head->read_user_buf_avail ||
                            copy_to_user(head->read_user_buf, "", 1))
                                return false;
                        head->read_user_buf_avail--;
                        head->read_user_buf++;
                }
                head->r.w_pos--;
                for (len = 0; len < head->r.w_pos; len++)
                        head->r.w[len] = head->r.w[len + 1];
        }
        head->r.avail = 0;
        return true;
}

/**
 * ccs_set_string - Queue string to "struct ccs_io_buffer" structure.
 *
 * @head:   Pointer to "struct ccs_io_buffer".
 * @string: String to print.
 *
 * Returns nothing.
 *
 * Note that @string has to be kept valid until @head is kfree()d.
 * This means that char[] allocated on stack memory cannot be passed to
 * this function. Use ccs_io_printf() for char[] allocated on stack memory.
 */
static void ccs_set_string(struct ccs_io_buffer *head, const char *string)
{
        if (head->r.w_pos < CCS_MAX_IO_READ_QUEUE) {
                head->r.w[head->r.w_pos++] = string;
                ccs_flush(head);
        } else
                printk(KERN_WARNING "Too many words in a line.\n");
}

/**
 * ccs_io_printf - printf() to "struct ccs_io_buffer" structure.
 *
 * @head: Pointer to "struct ccs_io_buffer".
 * @fmt:  The printf()'s format string, followed by parameters.
 *
 * Returns nothing.
 */
static void ccs_io_printf(struct ccs_io_buffer *head, const char *fmt, ...)
{
        va_list args;
        size_t len;
        size_t pos = head->r.avail;
        int size = head->readbuf_size - pos;
        if (size <= 0)
                return;
        va_start(args, fmt);
        len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1;
        va_end(args);
        if (pos + len >= head->readbuf_size) {
                printk(KERN_WARNING "Too many words in a line.\n");
                return;
        }
        head->r.avail += len;
        ccs_set_string(head, head->read_buf + pos);
}

/**
 * ccs_set_space - Put a space to "struct ccs_io_buffer" structure.
 *
 * @head: Pointer to "struct ccs_io_buffer".
 *
 * Returns nothing.
 */
static void ccs_set_space(struct ccs_io_buffer *head)
{
        ccs_set_string(head, " ");
}

/**
 * ccs_set_lf - Put a line feed to "struct ccs_io_buffer" structure.
 *
 * @head: Pointer to "struct ccs_io_buffer".
 *
 * Returns nothing.
 */
static bool ccs_set_lf(struct ccs_io_buffer *head)
{
        ccs_set_string(head, "\n");
        return !head->r.w_pos;
}

/**
 * ccs_set_slash - Put a shash to "struct ccs_io_buffer" structure.
 *
 * @head: Pointer to "struct ccs_io_buffer".
 *
 * Returns nothing.
 */
static void ccs_set_slash(struct ccs_io_buffer *head)
{
        ccs_set_string(head, "/");
}

/**
 * ccs_init_policy_namespace - Initialize namespace.
 *
 * @ns: Pointer to "struct ccs_policy_namespace".
 *
 * Returns nothing.
 */
void ccs_init_policy_namespace(struct ccs_policy_namespace *ns)
{
        unsigned int idx;
        for (idx = 0; idx < CCS_MAX_ACL_GROUPS; idx++)
                INIT_LIST_HEAD(&ns->acl_group[idx]);
        for (idx = 0; idx < CCS_MAX_GROUP; idx++)
                INIT_LIST_HEAD(&ns->group_list[idx]);
        for (idx = 0; idx < CCS_MAX_POLICY; idx++)
                INIT_LIST_HEAD(&ns->policy_list[idx]);
        ns->profile_version = 20100903;
        ccs_namespace_enabled = !list_empty(&ccs_namespace_list);
        list_add_tail_rcu(&ns->namespace_list, &ccs_namespace_list);
}

/**
 * ccs_print_namespace - Print namespace header.
 *
 * @head: Pointer to "struct ccs_io_buffer".
 *
 * Returns nothing.
 */
static void ccs_print_namespace(struct ccs_io_buffer *head)
{
        if (!ccs_namespace_enabled)
                return;
        ccs_set_string(head,
                       container_of(head->r.ns, struct ccs_policy_namespace,
                                    namespace_list)->name);
        ccs_set_space(head);
}

/**
 * ccs_assign_profile - Create a new profile.
 *
 * @ns:      Pointer to "struct ccs_policy_namespace".
 * @profile: Profile number to create.
 *
 * Returns pointer to "struct ccs_profile" on success, NULL otherwise.
 */
static struct ccs_profile *ccs_assign_profile(struct ccs_policy_namespace *ns,
                                              const unsigned int profile)
{
        struct ccs_profile *ptr;
        struct ccs_profile *entry;
        if (profile >= CCS_MAX_PROFILES)
                return NULL;
        ptr = ns->profile_ptr[profile];
        if (ptr)
                return ptr;
        entry = kzalloc(sizeof(*entry), CCS_GFP_FLAGS);
        if (mutex_lock_interruptible(&ccs_policy_lock))
                goto out;
        ptr = ns->profile_ptr[profile];
        if (!ptr && ccs_memory_ok(entry, sizeof(*entry))) {
                ptr = entry;
                ptr->default_config = CCS_CONFIG_DISABLED |
                        CCS_CONFIG_WANT_GRANT_LOG | CCS_CONFIG_WANT_REJECT_LOG;
                memset(ptr->config, CCS_CONFIG_USE_DEFAULT,
                       sizeof(ptr->config));
                ptr->pref[CCS_PREF_MAX_AUDIT_LOG] =
                        CONFIG_CCSECURITY_MAX_AUDIT_LOG;
                ptr->pref[CCS_PREF_MAX_LEARNING_ENTRY] =
                        CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY;
                mb(); /* Avoid out-of-order execution. */
                ns->profile_ptr[profile] = ptr;
                entry = NULL;
        }
        mutex_unlock(&ccs_policy_lock);
out:
        kfree(entry);
        return ptr;
}

/**
 * ccs_check_profile - Check all profiles currently assigned to domains are defined.
 *
 * Returns nothing.
 */
static void ccs_check_profile(void)
{
        struct ccs_domain_info *domain;
        const int idx = ccs_read_lock();
        ccs_policy_loaded = true;
        printk(KERN_INFO "CCSecurity: 1.8.3+   2011/10/25\n");
        list_for_each_entry_srcu(domain, &ccs_domain_list, list, &ccs_ss) {
                const u8 profile = domain->profile;
                const struct ccs_policy_namespace *ns = domain->ns;
                if (ns->profile_version != 20100903)
                        printk(KERN_ERR
                               "Profile version %u is not supported.\n",
                               ns->profile_version);
                else if (!ns->profile_ptr[profile])
                        printk(KERN_ERR
                               "Profile %u (used by '%s') is not defined.\n",
                               profile, domain->domainname->name);
                else
                        continue;
                printk(KERN_ERR
                       "Userland tools for TOMOYO 1.8 must be installed and "
                       "policy must be initialized.\n");
                printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/1.8/ "
                       "for more information.\n");
                panic("STOP!");
        }
        ccs_read_unlock(idx);
        printk(KERN_INFO "Mandatory Access Control activated.\n");
}

/**
 * ccs_profile - Find a profile.
 *
 * @profile: Profile number to find.
 *
 * Returns pointer to "struct ccs_profile".
 */
struct ccs_profile *ccs_profile(const u8 profile)
{
        static struct ccs_profile ccs_null_profile;
        struct ccs_profile *ptr = ccs_current_namespace()->
                profile_ptr[profile];
        if (!ptr)
                ptr = &ccs_null_profile;
        return ptr;
}

/**
 * ccs_find_yesno - Find values for specified keyword.
 *
 * @string: String to check.
 * @find:   Name of keyword.
 *
 * Returns 1 if "@find=yes" was found, 0 if "@find=no" was found, -1 otherwise.
 */
static s8 ccs_find_yesno(const char *string, const char *find)
{
        const char *cp = strstr(string, find);
        if (cp) {
                cp += strlen(find);
                if (!strncmp(cp, "=yes", 4))
                        return 1;
                else if (!strncmp(cp, "=no", 3))
                        return 0;
        }
        return -1;
}

/**
 * ccs_set_uint - Set value for specified preference.
 *
 * @i:      Pointer to "unsigned int".
 * @string: String to check.
 * @find:   Name of keyword.
 *
 * Returns nothing.
 */
static void ccs_set_uint(unsigned int *i, const char *string, const char *find)
{
        const char *cp = strstr(string, find);
        if (cp)
                sscanf(cp + strlen(find), "=%u", i);
}

/**
 * ccs_set_mode - Set mode for specified profile.
 *
 * @name:    Name of functionality.
 * @value:   Mode for @name.
 * @profile: Pointer to "struct ccs_profile".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int ccs_set_mode(char *name, const char *value,
                        struct ccs_profile *profile)
{
        u8 i;
        u8 config;
        if (!strcmp(name, "CONFIG")) {
                i = CCS_MAX_MAC_INDEX + CCS_MAX_MAC_CATEGORY_INDEX;
                config = profile->default_config;
        } else if (ccs_str_starts(&name, "CONFIG::")) {
                config = 0;
                for (i = 0; i < CCS_MAX_MAC_INDEX + CCS_MAX_MAC_CATEGORY_INDEX;
                     i++) {
                        int len = 0;
                        if (i < CCS_MAX_MAC_INDEX) {
                                const u8 c = ccs_index2category[i];
                                const char *category =
                                        ccs_category_keywords[c];
                                len = strlen(category);
                                if (strncmp(name, category, len) ||
                                    name[len++] != ':' || name[len++] != ':')
                                        continue;
                        }
                        if (strcmp(name + len, ccs_mac_keywords[i]))
                                continue;
                        config = profile->config[i];
                        break;
                }
                if (i == CCS_MAX_MAC_INDEX + CCS_MAX_MAC_CATEGORY_INDEX)
                        return -EINVAL;
        } else {
                return -EINVAL;
        }
        if (strstr(value, "use_default")) {
                config = CCS_CONFIG_USE_DEFAULT;
        } else {
                u8 mode;
                for (mode = 0; mode < CCS_CONFIG_MAX_MODE; mode++)
                        if (strstr(value, ccs_mode[mode]))
                                /*
                                 * Update lower 3 bits in order to distinguish
                                 * 'config' from 'CCS_CONFIG_USE_DEAFULT'.
                                 */
                                config = (config & ~7) | mode;
                if (config != CCS_CONFIG_USE_DEFAULT) {
                        switch (ccs_find_yesno(value, "grant_log")) {
                        case 1:
                                config |= CCS_CONFIG_WANT_GRANT_LOG;
                                break;
                        case 0:
                                config &= ~CCS_CONFIG_WANT_GRANT_LOG;
                                break;
                        }
                        switch (ccs_find_yesno(value, "reject_log")) {
                        case 1:
                                config |= CCS_CONFIG_WANT_REJECT_LOG;
                                break;
                        case 0:
                                config &= ~CCS_CONFIG_WANT_REJECT_LOG;
                                break;
                        }
                }
        }
        if (i < CCS_MAX_MAC_INDEX + CCS_MAX_MAC_CATEGORY_INDEX)
                profile->config[i] = config;
        else if (config != CCS_CONFIG_USE_DEFAULT)
                profile->default_config = config;
        return 0;
}

/**
 * ccs_write_profile - Write profile table.
 *
 * @head: Pointer to "struct ccs_io_buffer".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int ccs_write_profile(struct ccs_io_buffer *head)
{
        char *data = head->write_buf;
        unsigned int i;
        char *cp;
        struct ccs_profile *profile;
        if (sscanf(data, "PROFILE_VERSION=%u", &head->w.ns->profile_version)
            == 1)
                return 0;
        i = simple_strtoul(data, &cp, 10);
        if (*cp != '-')
                return -EINVAL;
        data = cp + 1;
        profile = ccs_assign_profile(head->w.ns, i);
        if (!profile)
                return -EINVAL;
        cp = strchr(data, '=');
        if (!cp)
                return -EINVAL;
        *cp++ = '\0';
        if (!strcmp(data, "COMMENT")) {
                static DEFINE_SPINLOCK(lock);
                const struct ccs_path_info *new_comment = ccs_get_name(cp);
                const struct ccs_path_info *old_comment;
                if (!new_comment)
                        return -ENOMEM;
                spin_lock(&lock);
                old_comment = profile->comment;
                profile->comment = new_comment;
                spin_unlock(&lock);
                ccs_put_name(old_comment);
                return 0;
        }
        if (!strcmp(data, "PREFERENCE")) {
                for (i = 0; i < CCS_MAX_PREF; i++)
                        ccs_set_uint(&profile->pref[i], cp,
                                     ccs_pref_keywords[i]);
                return 0;
        }
        return ccs_set_mode(data, cp, profile);
}

/**
 * ccs_print_config - Print mode for specified functionality.
 *
 * @head:   Pointer to "struct ccs_io_buffer".
 * @config: Mode for that functionality.
 *
 * Returns nothing.
 *
 * Caller prints functionality's name.
 */
static void ccs_print_config(struct ccs_io_buffer *head, const u8 config)
{
        ccs_io_printf(head, "={ mode=%s grant_log=%s reject_log=%s }\n",
                      ccs_mode[config & 3],
                      ccs_yesno(config & CCS_CONFIG_WANT_GRANT_LOG),
                      ccs_yesno(config & CCS_CONFIG_WANT_REJECT_LOG));
}

/**
 * ccs_read_profile - Read profile table.
 *
 * @head: Pointer to "struct ccs_io_buffer".
 *
 * Returns nothing.
 */
static void ccs_read_profile(struct ccs_io_buffer *head)
{
        u8 index;
        struct ccs_policy_namespace *ns = container_of(head->r.ns, typeof(*ns),
                                                       namespace_list);
        const struct ccs_profile *profile;
        if (head->r.eof)
                return;
next:
        index = head->r.index;
        profile = ns->profile_ptr[index];
        switch (head->r.step) {
        case 0:
                ccs_print_namespace(head);
                ccs_io_printf(head, "PROFILE_VERSION=%u\n",
                              ns->profile_version);
                head->r.step++;
                break;
        case 1:
                for ( ; head->r.index < CCS_MAX_PROFILES; head->r.index++)
                        if (ns->profile_ptr[head->r.index])
                                break;
                if (head->r.index == CCS_MAX_PROFILES) {
                        head->r.eof = true;
                        return;
                }
                head->r.step++;
                break;
        case 2:
                {
                        u8 i;
                        const struct ccs_path_info *comment = profile->comment;
                        ccs_print_namespace(head);
                        ccs_io_printf(head, "%u-COMMENT=", index);
                        ccs_set_string(head, comment ? comment->name : "");
                        ccs_set_lf(head);
                        ccs_print_namespace(head);
                        ccs_io_printf(head, "%u-PREFERENCE={ ", index);
                        for (i = 0; i < CCS_MAX_PREF; i++)
                                ccs_io_printf(head, "%s=%u ",
                                              ccs_pref_keywords[i],
                                              profile->pref[i]);
                        ccs_set_string(head, "}\n");
                        head->r.step++;
                }
                break;
        case 3:
                {
                        ccs_print_namespace(head);
                        ccs_io_printf(head, "%u-%s", index, "CONFIG");
                        ccs_print_config(head, profile->default_config);
                        head->r.bit = 0;
                        head->r.step++;
                }
                break;
        case 4:
                for ( ; head->r.bit < CCS_MAX_MAC_INDEX
                              + CCS_MAX_MAC_CATEGORY_INDEX; head->r.bit++) {
                        const u8 i = head->r.bit;
                        const u8 config = profile->config[i];
                        if (config == CCS_CONFIG_USE_DEFAULT)
                                continue;
                        ccs_print_namespace(head);
                        if (i < CCS_MAX_MAC_INDEX)
                                ccs_io_printf(head, "%u-CONFIG::%s::%s", index,
                                              ccs_category_keywords
                                              [ccs_index2category[i]],
                                              ccs_mac_keywords[i]);
                        else
                                ccs_io_printf(head, "%u-CONFIG::%s", index,
                                              ccs_mac_keywords[i]);
                        ccs_print_config(head, config);
                        head->r.bit++;
                        break;
                }
                if (head->r.bit == CCS_MAX_MAC_INDEX
                    + CCS_MAX_MAC_CATEGORY_INDEX) {
                        head->r.index++;
                        head->r.step = 1;
                }
                break;
        }
        if (ccs_flush(head))
                goto next;
}

/**
 * ccs_update_policy - Update an entry for exception policy.
 *
 * @size:  Size of new entry in bytes.
 * @param: Pointer to "struct ccs_acl_param".
 *
 * Returns 0 on success, negative value otherwise.
 *
 * Caller holds ccs_read_lock().
 */
static int ccs_update_policy(const int size, struct ccs_acl_param *param)
{
        struct ccs_acl_head *new_entry = &param->e.acl_head; 
        int error = param->is_delete ? -ENOENT : -ENOMEM;
        struct ccs_acl_head *entry;
        struct list_head *list = param->list;
        BUG_ON(size < sizeof(*entry));
        if (mutex_lock_interruptible(&ccs_policy_lock))
                return -ENOMEM;
        list_for_each_entry_srcu(entry, list, list, &ccs_ss) {
                if (entry->is_deleted == CCS_GC_IN_PROGRESS)
                        continue;
                if (memcmp(entry + 1, new_entry + 1, size - sizeof(*entry)))
                        continue;
                entry->is_deleted = param->is_delete;
                error = 0;
                break;
        }
        if (error && !param->is_delete) {
                entry = ccs_commit_ok(new_entry, size);
                if (entry) {
                        list_add_tail_rcu(&entry->list, list);
                        error = 0;
                }
        }
        mutex_unlock(&ccs_policy_lock);
        return error;
}

/**
 * ccs_update_manager_entry - Add a manager entry.
 *
 * @manager:   The path to manager or the domainnamme.
 * @is_delete: True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int ccs_update_manager_entry(const char *manager,
                                    const bool is_delete)
{
        struct ccs_acl_param param = {
                /* .ns = &ccs_kernel_namespace, */
                .is_delete = is_delete,
                .list = &ccs_kernel_namespace.policy_list[CCS_ID_MANAGER],
        };
        struct ccs_manager *e = &param.e.manager;
        int error = is_delete ? -ENOENT : -ENOMEM;
        /* Forced zero clear for using memcmp() at ccs_update_policy(). */
        memset(&param.e, 0, sizeof(param.e));
        if (ccs_domain_def(manager)) {
                if (!ccs_correct_domain(manager))
                        return -EINVAL;
                e->is_domain = true;
        } else {
                if (!ccs_correct_path(manager))
                        return -EINVAL;
        }
        e->manager = ccs_get_name(manager);
        if (e->manager) {
                error = ccs_update_policy(sizeof(*e), &param);
                ccs_put_name(e->manager);
        }
        return error;
}

/**
 * ccs_write_manager - Write manager policy.
 *
 * @head: Pointer to "struct ccs_io_buffer".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int ccs_write_manager(struct ccs_io_buffer *head)
{
        const char *data = head->write_buf;
        if (!strcmp(data, "manage_by_non_root")) {
                ccs_manage_by_non_root = !head->w.is_delete;
                return 0;
        }
        return ccs_update_manager_entry(data, head->w.is_delete);
}

/**
 * ccs_read_manager - Read manager policy.
 *
 * @head: Pointer to "struct ccs_io_buffer".
 *
 * Returns nothing.
 *
 * Caller holds ccs_read_lock().
 */
static void ccs_read_manager(struct ccs_io_buffer *head)
{
        if (head->r.eof)
                return;
        list_for_each_cookie(head->r.acl, &ccs_kernel_namespace.
                             policy_list[CCS_ID_MANAGER]) {
                struct ccs_manager *ptr =
                        list_entry(head->r.acl, typeof(*ptr), head.list);
                if (ptr->head.is_deleted)
                        continue;
                if (!ccs_flush(head))
                        return;
                ccs_set_string(head, ptr->manager->name);
                ccs_set_lf(head);
        }
        head->r.eof = true;
}

/**
 * ccs_manager - Check whether the current process is a policy manager.
 *
 * Returns true if the current process is permitted to modify policy
 * via /proc/ccs/ interface.
 *
 * Caller holds ccs_read_lock().
 */
static bool ccs_manager(void)
{
        struct ccs_manager *ptr;
        const char *exe;
        struct ccs_security *task = ccs_current_security();
        const struct ccs_path_info *domainname
                = ccs_current_domain()->domainname;
        bool found = false;
        if (!ccs_policy_loaded)
                return true;
        if (task->ccs_flags & CCS_TASK_IS_MANAGER)
                return true;
        if (!ccs_manage_by_non_root && (current_uid() || current_euid()))
                return false;
        exe = ccs_get_exe();
        list_for_each_entry_srcu(ptr, &ccs_kernel_namespace.
                                 policy_list[CCS_ID_MANAGER], head.list,
                                 &ccs_ss) {
                if (ptr->head.is_deleted)
                        continue;
                if (ptr->is_domain) {
                        if (ccs_pathcmp(domainname, ptr->manager))
                                continue;
                } else {
                        if (!exe || strcmp(exe, ptr->manager->name))
                                continue;
                }
                /* Set manager flag. */
                task->ccs_flags |= CCS_TASK_IS_MANAGER;
                found = true;
                break;
        }
        if (!found) { /* Reduce error messages. */
                static pid_t ccs_last_pid;
                const pid_t pid = current->pid;
                if (ccs_last_pid != pid) {
                        printk(KERN_WARNING "%s ( %s ) is not permitted to "
                               "update policies.\n", domainname->name, exe);
                        ccs_last_pid = pid;
                }
        }
        kfree(exe);
        return found;
}

/**
 * ccs_select_domain - Parse select command.
 *
 * @head: Pointer to "struct ccs_io_buffer".
 * @data: String to parse.
 *
 * Returns true on success, false otherwise.
 *
 * Caller holds ccs_read_lock().
 */
static bool ccs_select_domain(struct ccs_io_buffer *head, const char *data)
{
        unsigned int pid;
        struct ccs_domain_info *domain = NULL;
        bool global_pid = false;
        if (strncmp(data, "select ", 7))
                return false;
        data += 7;
        if (sscanf(data, "pid=%u", &pid) == 1 ||
            (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
                struct task_struct *p;
                ccs_tasklist_lock();
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
                if (global_pid)
                        p = ccsecurity_exports.find_task_by_pid_ns(pid,
                                                               &init_pid_ns);
                else
                        p = ccsecurity_exports.find_task_by_vpid(pid);
#else
                p = find_task_by_pid(pid);
#endif
                if (p)
                        domain = ccs_task_domain(p);
                ccs_tasklist_unlock();
        } else if (!strncmp(data, "domain=", 7)) {
                if (*(data + 7) == '<')
                        domain = ccs_find_domain(data + 7);
        } else if (sscanf(data, "Q=%u", &pid) == 1) {
                domain = ccs_find_domain_by_qid(pid);
        } else
                return false;
        head->w.domain = domain;
        /* Accessing read_buf is safe because head->io_sem is held. */
        if (!head->read_buf)
                return true; /* Do nothing if open(O_WRONLY). */
        memset(&head->r, 0, sizeof(head->r));
        head->r.print_this_domain_only = true;
        if (domain)
                head->r.domain = &domain->list;
        else
                head->r.eof = true;
        ccs_io_printf(head, "# select %s\n", data);
        if (domain && domain->is_deleted)
                ccs_set_string(head, "# This is a deleted domain.\n");
        return true;
}

/**
 * ccs_update_domain - Update an entry for domain policy.
 *
 * @size:  Size of new entry in bytes.
 * @param: Pointer to "struct ccs_acl_param".
 *
 * Returns 0 on success, negative value otherwise.
 *
 * Caller holds ccs_read_lock().
 */
static int ccs_update_domain(const int size, struct ccs_acl_param *param)
{
        struct ccs_acl_info *new_entry = &param->e.acl_info; 
        const bool is_delete = param->is_delete;
        int error = is_delete ? -ENOENT : -ENOMEM;
        struct ccs_acl_info *entry;
        struct list_head * const list = param->list;
        BUG_ON(size < sizeof(*entry));
        if (param->data[0]) {
                new_entry->cond = ccs_get_condition(param);
                if (!new_entry->cond)
                        return -EINVAL;
                /*
                 * Domain transition preference is allowed for only
                 * "file execute"/"task auto_execute_handler"/
                 * "task denied_auto_execute_handler" entries.
                 */
                if (new_entry->cond->exec_transit &&
                    !(new_entry->type == CCS_TYPE_PATH_ACL &&
                      new_entry->perm == 1 << CCS_TYPE_EXECUTE) &&
                    new_entry->type != CCS_TYPE_AUTO_EXECUTE_HANDLER &&
                    new_entry->type != CCS_TYPE_DENIED_EXECUTE_HANDLER)
                        return -EINVAL;
        }
        if (mutex_lock_interruptible(&ccs_policy_lock))
                return -ENOMEM;
        list_for_each_entry_srcu(entry, list, list, &ccs_ss) {
                if (entry->is_deleted == CCS_GC_IN_PROGRESS)
                        continue;
                if (entry->type != new_entry->type ||
                    entry->cond != new_entry->cond ||
                    memcmp(entry + 1, new_entry + 1, size - sizeof(*entry)))
                        continue;
                if (is_delete)
                        entry->perm &= ~new_entry->perm;
                else
                        entry->perm |= new_entry->perm;
                entry->is_deleted = !entry->perm;
                error = 0;
                break;
        }
        if (error && !is_delete) {
                entry = ccs_commit_ok(new_entry, size);
                if (entry) {
                        list_add_tail_rcu(&entry->list, list);
                        error = 0;
                }
        }
        mutex_unlock(&ccs_policy_lock);
        return error;
}

/**
 * ccs_write_task - Update task related list.
 *
 * @param: Pointer to "struct ccs_acl_param".
 *
 * Returns 0 on success, negative value otherwise.
 *
 * Caller holds ccs_read_lock().
 */
static int ccs_write_task(struct ccs_acl_param *param)
{
        int error;
        const bool is_auto = ccs_str_starts(&param->data,
                                            "auto_domain_transition ");
        if (!is_auto && !ccs_str_starts(&param->data,
                                        "manual_domain_transition ")) {
                struct ccs_handler_acl *e = &param->e.handler_acl;
                char *handler;
                if (ccs_str_starts(&param->data, "auto_execute_handler "))
                        e->head.type = CCS_TYPE_AUTO_EXECUTE_HANDLER;
                else if (ccs_str_starts(&param->data,
                                        "denied_execute_handler "))
                        e->head.type = CCS_TYPE_DENIED_EXECUTE_HANDLER;
                else
                        return -EINVAL;
                handler = ccs_read_token(param);
                if (!ccs_correct_path(handler))
                        return -EINVAL;
                e->handler = ccs_get_name(handler);
                if (!e->handler)
                        return -ENOMEM;
                if (e->handler->is_patterned)
                        return -EINVAL; /* No patterns allowed. */
                return ccs_update_domain(sizeof(*e), param);
        } else {
                struct ccs_task_acl *e = &param->e.task_acl;
                e->head.type = is_auto ?
                        CCS_TYPE_AUTO_TASK_ACL : CCS_TYPE_MANUAL_TASK_ACL;
                e->domainname = ccs_get_domainname(param);
                if (!e->domainname)
                        return -EINVAL;
                return ccs_update_domain(sizeof(*e), param);
        }
        return error;
}

/**
 * ccs_write_inet_network - Write "struct ccs_inet_acl" list.
 *
 * @param: Pointer to "struct ccs_acl_param".
 *
 * Returns 0 on success, negative value otherwise.
 *
 * Caller holds ccs_read_lock().
 */
static int ccs_write_inet_network(struct 