Merge branch 'wip-2.6.34' into old-private-masterarchived-private-master

author: Andrea Bastoni <bastoni@cs.unc.edu> 2010-05-30 19:16:45 -0400
committer: Andrea Bastoni <bastoni@cs.unc.edu> 2010-05-30 19:16:45 -0400
commit: ada47b5fe13d89735805b566185f4885f5a3f750 (patch)
tree: 644b88f8a71896307d71438e9b3af49126ffb22b /security
parent: 43e98717ad40a4ae64545b5ba047c7b86aa44f4f (diff)
parent: 3280f21d43ee541f97f8cda5792150d2dbec20d5 (diff)
73 files changed, 2920 insertions, 3997 deletions
diff --git a/security/Kconfig b/security/Kconfig
index fb363cd81cf6..226b9556b25f 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -91,28 +91,6 @@ config SECURITY_PATH
          implement pathname based access controls.
          If you are unsure how to answer this question, answer N.
-config SECURITY_FILE_CAPABILITIES
-        bool "File POSIX Capabilities"
-        default n
-        help
-          This enables filesystem capabilities, allowing you to give
-          binaries a subset of root's powers without using setuid 0.
-          If in doubt, answer N.
-config SECURITY_ROOTPLUG
-        bool "Root Plug Support"
-        depends on USB=y && SECURITY
-        help
-          This is a sample LSM module that should only be used as such.
-          It prevents any programs running with egid == 0 if a specific
-          USB device is not present in the system.
-          See <http://www.linuxjournal.com/article.php?sid=6279> for
-          more information about this module.
-          If you are unsure how to answer this question, answer N.
 config INTEL_TXT
        bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
        depends on HAVE_INTEL_TXT
@@ -165,5 +143,37 @@ source security/tomoyo/Kconfig
 source security/integrity/ima/Kconfig
+choice
+        prompt "Default security module"
+        default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX
+        default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
+        default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
+        default DEFAULT_SECURITY_DAC
+        help
+          Select the security module that will be used by default if the
+          kernel parameter security= is not specified.
+        config DEFAULT_SECURITY_SELINUX
+                bool "SELinux" if SECURITY_SELINUX=y
+        config DEFAULT_SECURITY_SMACK
+                bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y
+        config DEFAULT_SECURITY_TOMOYO
+                bool "TOMOYO" if SECURITY_TOMOYO=y
+        config DEFAULT_SECURITY_DAC
+                bool "Unix Discretionary Access Controls"
+endchoice
+config DEFAULT_SECURITY
+        string
+        default "selinux" if DEFAULT_SECURITY_SELINUX
+        default "smack" if DEFAULT_SECURITY_SMACK
+        default "tomoyo" if DEFAULT_SECURITY_TOMOYO
+        default "" if DEFAULT_SECURITY_DAC
 endmenu
diff --git a/security/Makefile b/security/Makefile
index 95ecc06392d7..da20a193c8dd 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -8,7 +8,8 @@ subdir-$(CONFIG_SECURITY_SMACK)		+= smack
 subdir-$(CONFIG_SECURITY_TOMOYO)        += tomoyo
 # always enable default capabilities
-obj-y           += commoncap.o min_addr.o
+obj-y                                   += commoncap.o
+obj-$(CONFIG_MMU)                       += min_addr.o
 # Object file lists
 obj-$(CONFIG_SECURITY)                  += security.o capability.o
@@ -18,7 +19,6 @@ obj-$(CONFIG_SECURITY_SELINUX)		+= selinux/built-in.o
 obj-$(CONFIG_SECURITY_SMACK)            += smack/built-in.o
 obj-$(CONFIG_AUDIT)                     += lsm_audit.o
 obj-$(CONFIG_SECURITY_TOMOYO)           += tomoyo/built-in.o
-obj-$(CONFIG_SECURITY_ROOTPLUG)         += root_plug.o
 obj-$(CONFIG_CGROUP_DEVICE)             += device_cgroup.o
 # Object integrity file lists
diff --git a/security/capability.c b/security/capability.c
index fce07a7bc825..4875142b858d 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -308,6 +308,22 @@ static int cap_path_truncate(struct path *path, loff_t length,
 {
        return 0;
 }
+static int cap_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
+                          mode_t mode)
+{
+        return 0;
+}
+static int cap_path_chown(struct path *path, uid_t uid, gid_t gid)
+{
+        return 0;
+}
+static int cap_path_chroot(struct path *root)
+{
+        return 0;
+}
 #endif
 static int cap_file_permission(struct file *file, int mask)
@@ -405,7 +421,7 @@ static int cap_kernel_create_files_as(struct cred *new, struct inode *inode)
        return 0;
 }
-static int cap_kernel_module_request(void)
+static int cap_kernel_module_request(char *kmod_name)
 {
        return 0;
 }
@@ -890,10 +906,6 @@ static void cap_audit_rule_free(void *lsmrule)
 }
 #endif /* CONFIG_AUDIT */
-struct security_operations default_security_ops = {
-        .name   = "default",
-};
 #define set_to_cap_if_null(ops, function)                               \
        do {                                                            \
                if (!ops->function) {                                   \
@@ -977,6 +989,9 @@ void security_fixup_ops(struct security_operations *ops)
        set_to_cap_if_null(ops, path_link);
        set_to_cap_if_null(ops, path_rename);
        set_to_cap_if_null(ops, path_truncate);
+        set_to_cap_if_null(ops, path_chmod);
+        set_to_cap_if_null(ops, path_chown);
+        set_to_cap_if_null(ops, path_chroot);
 #endif
        set_to_cap_if_null(ops, file_permission);
        set_to_cap_if_null(ops, file_alloc_security);
diff --git a/security/commoncap.c b/security/commoncap.c
index fe30751a6cd9..61669730da98 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1,4 +1,4 @@
-/* Common capabilities, needed by capability.o and root_plug.o
+/* Common capabilities, needed by capability.o.
 *
 *      This program is free software; you can redistribute it and/or modify
 *      it under the terms of the GNU General Public License as published by
@@ -27,6 +27,7 @@
 #include <linux/sched.h>
 #include <linux/prctl.h>
 #include <linux/securebits.h>
+#include <linux/syslog.h>
 /*
 * If a non-root user executes a setuid-root binary in
@@ -173,7 +174,6 @@ int cap_capget(struct task_struct *target, kernel_cap_t *effective,
 */
 static inline int cap_inh_is_capped(void)
 {
-#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
        /* they are so limited unless the current task has the CAP_SETPCAP
         * capability
@@ -181,7 +181,6 @@ static inline int cap_inh_is_capped(void)
        if (cap_capable(current, current_cred(), CAP_SETPCAP,
                        SECURITY_CAP_AUDIT) == 0)
                return 0;
-#endif
        return 1;
 }
@@ -239,8 +238,6 @@ static inline void bprm_clear_caps(struct linux_binprm *bprm)
        bprm->cap_effective = false;
 }
-#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
 /**
 * cap_inode_need_killpriv - Determine if inode change affects privileges
 * @dentry: The inode/dentry in being changed with change marked ATTR_KILL_PRIV
@@ -421,49 +418,6 @@ out:
        return rc;
 }
-#else
-int cap_inode_need_killpriv(struct dentry *dentry)
-{
-        return 0;
-}
-int cap_inode_killpriv(struct dentry *dentry)
-{
-        return 0;
-}
-int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps)
-{
-        memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data));
-        return -ENODATA;
-}
-static inline int get_file_caps(struct linux_binprm *bprm, bool *effective)
-{
-        bprm_clear_caps(bprm);
-        return 0;
-}
-#endif
-/*
- * Determine whether a exec'ing process's new permitted capabilities should be
- * limited to just what it already has.
- *
- * This prevents processes that are being ptraced from gaining access to
- * CAP_SETPCAP, unless the process they're tracing already has it, and the
- * binary they're executing has filecaps that elevate it.
- *
- *  Returns 1 if they should be limited, 0 if they are not.
- */
-static inline int cap_limit_ptraced_target(void)
-{
-#ifndef CONFIG_SECURITY_FILE_CAPABILITIES
-        if (capable(CAP_SETPCAP))
-                return 0;
-#endif
-        return 1;
-}
 /**
 * cap_bprm_set_creds - Set up the proposed credentials for execve().
 * @bprm: The execution parameters, including the proposed creds
@@ -523,9 +477,8 @@ skip:
                        new->euid = new->uid;
                        new->egid = new->gid;
                }
-                if (cap_limit_ptraced_target())
+                new->cap_permitted = cap_intersect(new->cap_permitted,
-                        new->cap_permitted = cap_intersect(new->cap_permitted,
+                                                   old->cap_permitted);
-                                                           old->cap_permitted);
        }
        new->suid = new->fsuid = new->euid;
@@ -739,7 +692,6 @@ int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags)
        return 0;
 }
-#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
 /*
 * Rationale: code calling task_setscheduler, task_setioprio, and
 * task_setnice, assumes that
@@ -820,22 +772,6 @@ static long cap_prctl_drop(struct cred *new, unsigned long cap)
        return 0;
 }
-#else
-int cap_task_setscheduler (struct task_struct *p, int policy,
-                           struct sched_param *lp)
-{
-        return 0;
-}
-int cap_task_setioprio (struct task_struct *p, int ioprio)
-{
-        return 0;
-}
-int cap_task_setnice (struct task_struct *p, int nice)
-{
-        return 0;
-}
-#endif
 /**
 * cap_task_prctl - Implement process control functions for this security module
 * @option: The process control function requested
@@ -866,7 +802,6 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
                error = !!cap_raised(new->cap_bset, arg2);
                goto no_change;
-#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
        case PR_CAPBSET_DROP:
                error = cap_prctl_drop(new, arg2);
                if (error < 0)
@@ -917,8 +852,6 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
                error = new->securebits;
                goto no_change;
-#endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */
        case PR_GET_KEEPCAPS:
                if (issecure(SECURE_KEEP_CAPS))
                        error = 1;
@@ -956,13 +889,17 @@ error:
 /**
 * cap_syslog - Determine whether syslog function is permitted
 * @type: Function requested
+ * @from_file: Whether this request came from an open file (i.e. /proc)
 *
 * Determine whether the current process is permitted to use a particular
 * syslog function, returning 0 if permission is granted, -ve if not.
 */
-int cap_syslog(int type)
+int cap_syslog(int type, bool from_file)
 {
-        if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN))
+        if (type != SYSLOG_ACTION_OPEN && from_file)
+                return 0;
+        if ((type != SYSLOG_ACTION_READ_ALL &&
+             type != SYSLOG_ACTION_SIZE_BUFFER) && !capable(CAP_SYS_ADMIN))
                return -EPERM;
        return 0;
 }
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 6cf8fd2b79e8..f77c60423992 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -10,6 +10,7 @@
 #include <linux/list.h>
 #include <linux/uaccess.h>
 #include <linux/seq_file.h>
+#include <linux/slab.h>
 #include <linux/rcupdate.h>
 #include <linux/mutex.h>
diff --git a/security/inode.c b/security/inode.c
index f7496c6a022b..1c812e874504 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -156,25 +156,18 @@ static int create_by_name(const char *name, mode_t mode,
         * block. A pointer to that is in the struct vfsmount that we
         * have around.
         */
-        if (!parent ) {
+        if (!parent)
-                if (mount && mount->mnt_sb) {
+                parent = mount->mnt_sb->s_root;
-                        parent = mount->mnt_sb->s_root;
-                }
-        }
-        if (!parent) {
-                pr_debug("securityfs: Ah! can not find a parent!\n");
-                return -EFAULT;
-        }
        mutex_lock(&parent->d_inode->i_mutex);
        *dentry = lookup_one_len(name, parent, strlen(name));
-        if (!IS_ERR(dentry)) {
+        if (!IS_ERR(*dentry)) {
                if ((mode & S_IFMT) == S_IFDIR)
                        error = mkdir(parent->d_inode, *dentry, mode);
                else
                        error = create(parent->d_inode, *dentry, mode);
        } else
-                error = PTR_ERR(dentry);
+                error = PTR_ERR(*dentry);
        mutex_unlock(&parent->d_inode->i_mutex);
        return error;
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 53d9764e8f09..3d7846de8069 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -3,6 +3,7 @@
 config IMA
        bool "Integrity Measurement Architecture(IMA)"
        depends on ACPI
+        depends on SECURITY
        select SECURITYFS
        select CRYPTO
        select CRYPTO_HMAC
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 165eb5397ea5..47fb65d1fcbd 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -65,7 +65,6 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
                         const char *cause, int result, int info);
 /* Internal IMA function definitions */
-void ima_iintcache_init(void);
 int ima_init(void);
 void ima_cleanup(void);
 int ima_fs_init(void);
@@ -97,7 +96,6 @@ static inline unsigned long ima_hash_key(u8 *digest)
 /* iint cache flags */
 #define IMA_MEASURED            1
-#define IMA_IINT_DUMP_STACK     512
 /* integrity data associated with an inode */
 struct ima_iint_cache {
@@ -128,13 +126,11 @@ void ima_template_show(struct seq_file *m, void *e,
 */
 struct ima_iint_cache *ima_iint_insert(struct inode *inode);
 struct ima_iint_cache *ima_iint_find_get(struct inode *inode);
-struct ima_iint_cache *ima_iint_find_insert_get(struct inode *inode);
-void ima_iint_delete(struct inode *inode);
 void iint_free(struct kref *kref);
 void iint_rcu_free(struct rcu_head *rcu);
 /* IMA policy related functions */
-enum ima_hooks { PATH_CHECK = 1, FILE_MMAP, BPRM_CHECK };
+enum ima_hooks { FILE_CHECK = 1, FILE_MMAP, BPRM_CHECK };
 int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask);
 void ima_init_policy(void);
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 3cd58b60afd2..52015d098fdf 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -13,6 +13,7 @@
 *      and store_template.
 */
 #include <linux/module.h>
+#include <linux/slab.h>
 #include "ima.h"
 static const char *IMA_TEMPLATE_NAME = "ima";
@@ -95,12 +96,12 @@ err_out:
 * ima_must_measure - measure decision based on policy.
 * @inode: pointer to inode to measure
 * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE)
- * @function: calling function (PATH_CHECK, BPRM_CHECK, FILE_MMAP)
+ * @function: calling function (FILE_CHECK, BPRM_CHECK, FILE_MMAP)
 *
 * The policy is defined in terms of keypairs:
 *              subj=, obj=, type=, func=, mask=, fsmagic=
 *      subj,obj, and type: are LSM specific.
- *      func: PATH_CHECK | BPRM_CHECK | FILE_MMAP
+ *      func: FILE_CHECK | BPRM_CHECK | FILE_MMAP
 *      mask: contains the permission mask
 *      fsmagic: hex value
 *
diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c
index ff513ff737f5..5af76340470c 100644
--- a/security/integrity/ima/ima_audit.c
+++ b/security/integrity/ima/ima_audit.c
@@ -11,6 +11,7 @@
 */
 #include <linux/fs.h>
+#include <linux/gfp.h>
 #include <linux/audit.h>
 #include "ima.h"
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index 46642a19bc78..952e51373f58 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -18,6 +18,7 @@
 #include <linux/crypto.h>
 #include <linux/scatterlist.h>
 #include <linux/err.h>
+#include <linux/slab.h>
 #include "ima.h"
 static int init_desc(struct hash_desc *desc)
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 0c72c9c38956..07cb9c338cc4 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -16,6 +16,7 @@
 *      current measurement list and IMA statistics
 */
 #include <linux/fcntl.h>
+#include <linux/slab.h>
 #include <linux/module.h>
 #include <linux/seq_file.h>
 #include <linux/rculist.h>
diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c
index a4e2b1dac943..2c744d488014 100644
--- a/security/integrity/ima/ima_iint.c
+++ b/security/integrity/ima/ima_iint.c
@@ -14,13 +14,12 @@
 *      - cache integrity information associated with an inode
 *        using a radix tree.
 */
+#include <linux/slab.h>
 #include <linux/module.h>
 #include <linux/spinlock.h>
 #include <linux/radix-tree.h>
 #include "ima.h"
-#define ima_iint_delete ima_inode_free
 RADIX_TREE(ima_iint_store, GFP_ATOMIC);
 DEFINE_SPINLOCK(ima_iint_lock);
@@ -45,22 +44,18 @@ out:
        return iint;
 }
-/* Allocate memory for the iint associated with the inode
+/**
- * from the iint_cache slab, initialize the iint, and
+ * ima_inode_alloc - allocate an iint associated with an inode
- * insert it into the radix tree.
+ * @inode: pointer to the inode
- *
- * On success return a pointer to the iint; on failure return NULL.
 */
-struct ima_iint_cache *ima_iint_insert(struct inode *inode)
+int ima_inode_alloc(struct inode *inode)
 {
        struct ima_iint_cache *iint = NULL;
        int rc = 0;
-        if (!ima_initialized)
-                return iint;
        iint = kmem_cache_alloc(iint_cache, GFP_NOFS);
        if (!iint)
-                return iint;
+                return -ENOMEM;
        rc = radix_tree_preload(GFP_NOFS);
        if (rc < 0)
@@ -69,67 +64,14 @@ struct ima_iint_cache *ima_iint_insert(struct inode *inode)
        spin_lock(&ima_iint_lock);
        rc = radix_tree_insert(&ima_iint_store, (unsigned long)inode, iint);
        spin_unlock(&ima_iint_lock);
+        radix_tree_preload_end();
 out:
-        if (rc < 0) {
+        if (rc < 0)
                kmem_cache_free(iint_cache, iint);
-                if (rc == -EEXIST) {
-                        spin_lock(&ima_iint_lock);
-                        iint = radix_tree_lookup(&ima_iint_store,
-                                                 (unsigned long)inode);
-                        spin_unlock(&ima_iint_lock);
-                } else
-                        iint = NULL;
-        }
-        radix_tree_preload_end();
-        return iint;
-}
-/**
+        return rc;
- * ima_inode_alloc - allocate an iint associated with an inode
- * @inode: pointer to the inode
- *
- * Return 0 on success, 1 on failure.
- */
-int ima_inode_alloc(struct inode *inode)
-{
-        struct ima_iint_cache *iint;
-        if (!ima_initialized)
-                return 0;
-        iint = ima_iint_insert(inode);
-        if (!iint)
-                return 1;
-        return 0;
 }
-/* ima_iint_find_insert_get - get the iint associated with an inode
- *
- * Most insertions are done at inode_alloc, except those allocated
- * before late_initcall. When the iint does not exist, allocate it,
- * initialize and insert it, and increment the iint refcount.
- *
- * (Can't initialize at security_initcall before any inodes are
- * allocated, got to wait at least until proc_init.)
- *
- *  Return the iint.
- */
-struct ima_iint_cache *ima_iint_find_insert_get(struct inode *inode)
-{
-        struct ima_iint_cache *iint = NULL;
-        iint = ima_iint_find_get(inode);
-        if (iint)
-                return iint;
-        iint = ima_iint_insert(inode);
-        if (iint)
-                kref_get(&iint->refcount);
-        return iint;
-}
-EXPORT_SYMBOL_GPL(ima_iint_find_insert_get);
 /* iint_free - called when the iint refcount goes to zero */
 void iint_free(struct kref *kref)
 {
@@ -164,17 +106,15 @@ void iint_rcu_free(struct rcu_head *rcu_head)
 }
 /**
- * ima_iint_delete - called on integrity_inode_free
+ * ima_inode_free - called on security_inode_free
 * @inode: pointer to the inode
 *
 * Free the integrity information(iint) associated with an inode.
 */
-void ima_iint_delete(struct inode *inode)
+void ima_inode_free(struct inode *inode)
 {
        struct ima_iint_cache *iint;
-        if (!ima_initialized)
-                return;
        spin_lock(&ima_iint_lock);
        iint = radix_tree_delete(&ima_iint_store, (unsigned long)inode);
        spin_unlock(&ima_iint_lock);
@@ -196,9 +136,11 @@ static void init_once(void *foo)
        kref_set(&iint->refcount, 1);
 }
-void __init ima_iintcache_init(void)
+static int __init ima_iintcache_init(void)
 {
        iint_cache =
            kmem_cache_create("iint_cache", sizeof(struct ima_iint_cache), 0,
                              SLAB_PANIC, init_once);
+        return 0;
 }
+security_initcall(ima_iintcache_init);
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index a40da7ae5900..b1bcb702a27c 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -16,6 +16,7 @@
 */
 #include <linux/module.h>
 #include <linux/scatterlist.h>
+#include <linux/slab.h>
 #include <linux/err.h>
 #include "ima.h"
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index b85e61bcf246..b2c89d9de2a4 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -13,14 +13,15 @@
 * License.
 *
 * File: ima_main.c
- *             implements the IMA hooks: ima_bprm_check, ima_file_mmap,
+ *      implements the IMA hooks: ima_bprm_check, ima_file_mmap,
- *             and ima_path_check.
+ *      and ima_file_check.
 */
 #include <linux/module.h>
 #include <linux/file.h>
 #include <linux/binfmts.h>
 #include <linux/mount.h>
 #include <linux/mman.h>
+#include <linux/slab.h>
 #include "ima.h"
@@ -35,50 +36,53 @@ static int __init hash_setup(char *str)
 }
 __setup("ima_hash=", hash_setup);
-/**
+struct ima_imbalance {
- * ima_file_free - called on __fput()
+        struct hlist_node node;
- * @file: pointer to file structure being freed
+        unsigned long fsmagic;
+};
+/*
+ * ima_limit_imbalance - emit one imbalance message per filesystem type
 *
- * Flag files that changed, based on i_version;
+ * Maintain list of filesystem types that do not measure files properly.
- * and decrement the iint readcount/writecount.
+ * Return false if unknown, true if known.
 */
-void ima_file_free(struct file *file)
+static bool ima_limit_imbalance(struct file *file)
 {
-        struct inode *inode = file->f_dentry->d_inode;
+        static DEFINE_SPINLOCK(ima_imbalance_lock);
-        struct ima_iint_cache *iint;
+        static HLIST_HEAD(ima_imbalance_list);
-        if (!ima_initialized || !S_ISREG(inode->i_mode))
+        struct super_block *sb = file->f_dentry->d_sb;
-                return;
+        struct ima_imbalance *entry;
-        iint = ima_iint_find_get(inode);
+        struct hlist_node *node;
-        if (!iint)
+        bool found = false;
-                return;
+        rcu_read_lock();
-        mutex_lock(&iint->mutex);
+        hlist_for_each_entry_rcu(entry, node, &ima_imbalance_list, node) {
-        if (iint->opencount <= 0) {
+                if (entry->fsmagic == sb->s_magic) {
-                printk(KERN_INFO
+                        found = true;
-                       "%s: %s open/free imbalance (r:%ld w:%ld o:%ld f:%ld)\n",
+                        break;
-                       __FUNCTION__, file->f_dentry->d_name.name,
-                       iint->readcount, iint->writecount,
-                       iint->opencount, atomic_long_read(&file->f_count));
-                if (!(iint->flags & IMA_IINT_DUMP_STACK)) {
-                        dump_stack();
-                        iint->flags |= IMA_IINT_DUMP_STACK;
                }
        }
-        iint->opencount--;
+        rcu_read_unlock();
+        if (found)
-        if ((file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
+                goto out;
-                iint->readcount--;
-        if (file->f_mode & FMODE_WRITE) {
+        entry = kmalloc(sizeof(*entry), GFP_NOFS);
-                iint->writecount--;
+        if (!entry)
-                if (iint->writecount == 0) {
+                goto out;
-                        if (iint->version != inode->i_version)
+        entry->fsmagic = sb->s_magic;
-                                iint->flags &= ~IMA_MEASURED;
+        spin_lock(&ima_imbalance_lock);
-                }
+        /*
-        }
+         * we could have raced and something else might have added this fs
-        mutex_unlock(&iint->mutex);
+         * to the list, but we don't really care
-        kref_put(&iint->refcount, iint_free);
+         */
+        hlist_add_head_rcu(&entry->node, &ima_imbalance_list);
+        spin_unlock(&ima_imbalance_lock);
+        printk(KERN_INFO "IMA: unmeasured files on fsmagic: %lX\n",
+               entry->fsmagic);
+out:
+        return found;
 }
 /* ima_read_write_check - reflect possible reading/writing errors in the PCR.
@@ -111,196 +115,142 @@ static void ima_read_write_check(enum iint_pcr_error error,
        }
 }
-static int get_path_measurement(struct ima_iint_cache *iint, struct file *file,
+/*
-                                const unsigned char *filename)
+ * Update the counts given an fmode_t
+ */
+static void ima_inc_counts(struct ima_iint_cache *iint, fmode_t mode)
 {
-        int rc = 0;
+        BUG_ON(!mutex_is_locked(&iint->mutex));
-        iint->opencount++;
-        iint->readcount++;
-        rc = ima_collect_measurement(iint, file);
-        if (!rc)
-                ima_store_measurement(iint, file, filename);
-        return rc;
-}
-static void ima_update_counts(struct ima_iint_cache *iint, int mask)
-{
        iint->opencount++;
-        if ((mask & MAY_WRITE) || (mask == 0))
+        if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
-                iint->writecount++;
-        else if (mask & (MAY_READ | MAY_EXEC))
                iint->readcount++;
+        if (mode & FMODE_WRITE)
+                iint->writecount++;
 }
-/**
+/*
- * ima_path_check - based on policy, collect/store measurement.
+ * ima_counts_get - increment file counts
- * @path: contains a pointer to the path to be measured
- * @mask: contains MAY_READ, MAY_WRITE or MAY_EXECUTE
- *
- * Measure the file being open for readonly, based on the
- * ima_must_measure() policy decision.
 *
- * Keep read/write counters for all files, but only
+ * Maintain read/write counters for all files, but only
 * invalidate the PCR for measured files:
 *      - Opening a file for write when already open for read,
 *        results in a time of measure, time of use (ToMToU) error.
 *      - Opening a file for read when already open for write,
 *        could result in a file measurement error.
 *
- * Always return 0 and audit dentry_open failures.
- * (Return code will be based upon measurement appraisal.)
 */
-int ima_path_check(struct path *path, int mask, int update_counts)
+void ima_counts_get(struct file *file)
 {
-        struct inode *inode = path->dentry->d_inode;
+        struct dentry *dentry = file->f_path.dentry;
+        struct inode *inode = dentry->d_inode;
+        fmode_t mode = file->f_mode;
        struct ima_iint_cache *iint;
-        struct file *file = NULL;
        int rc;
        if (!ima_initialized || !S_ISREG(inode->i_mode))
-                return 0;
+                return;
-        iint = ima_iint_find_insert_get(inode);
+        iint = ima_iint_find_get(inode);
        if (!iint)
-                return 0;
+                return;
        mutex_lock(&iint->mutex);
-        if (update_counts)
+        rc = ima_must_measure(iint, inode, MAY_READ, FILE_CHECK);
-                ima_update_counts(iint, mask);
-        rc = ima_must_measure(iint, inode, MAY_READ, PATH_CHECK);
        if (rc < 0)
                goto out;
-        if ((mask & MAY_WRITE) || (mask == 0))
+        if (mode & FMODE_WRITE) {
-                ima_read_write_check(TOMTOU, iint, inode,
+                ima_read_write_check(TOMTOU, iint, inode, dentry->d_name.name);
-                                     path->dentry->d_name.name);
-        if ((mask & (MAY_WRITE | MAY_READ | MAY_EXEC)) != MAY_READ)
                goto out;
-        ima_read_write_check(OPEN_WRITERS, iint, inode,
-                             path->dentry->d_name.name);
-        if (!(iint->flags & IMA_MEASURED)) {
-                struct dentry *dentry = dget(path->dentry);
-                struct vfsmount *mnt = mntget(path->mnt);
-                file = dentry_open(dentry, mnt, O_RDONLY | O_LARGEFILE,
-                                   current_cred());
-                if (IS_ERR(file)) {
-                        int audit_info = 0;
-                        integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode,
-                                            dentry->d_name.name,
-                                            "add_measurement",
-                                            "dentry_open failed",
-                                            1, audit_info);
-                        file = NULL;
-                        goto out;
-                }
-                rc = get_path_measurement(iint, file, dentry->d_name.name);
        }
+        ima_read_write_check(OPEN_WRITERS, iint, inode, dentry->d_name.name);
 out:
+        ima_inc_counts(iint, file->f_mode);
        mutex_unlock(&iint->mutex);
-        if (file)
-                fput(file);
        kref_put(&iint->refcount, iint_free);
-        return 0;
 }
-EXPORT_SYMBOL_GPL(ima_path_check);
-static int process_measurement(struct file *file, const unsigned char *filename,
+/*
-                               int mask, int function)
+ * Decrement ima counts
+ */
+static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode,
+                           struct file *file)
 {
-        struct inode *inode = file->f_dentry->d_inode;
+        mode_t mode = file->f_mode;
-        struct ima_iint_cache *iint;
+        BUG_ON(!mutex_is_locked(&iint->mutex));
-        int rc;
-        if (!ima_initialized || !S_ISREG(inode->i_mode))
+        iint->opencount--;
-                return 0;
+        if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
-        iint = ima_iint_find_insert_get(inode);
+                iint->readcount--;
-        if (!iint)
+        if (mode & FMODE_WRITE) {
-                return -ENOMEM;
+                iint->writecount--;
+                if (iint->writecount == 0) {
-        mutex_lock(&iint->mutex);
+                        if (iint->version != inode->i_version)
-        rc = ima_must_measure(iint, inode, mask, function);
+                                iint->flags &= ~IMA_MEASURED;
-        if (rc != 0)
+                }
-                goto out;
+        }
-        rc = ima_collect_measurement(iint, file);
+        if (((iint->opencount < 0) ||
-        if (!rc)
+             (iint->readcount < 0) ||
-                ima_store_measurement(iint, file, filename);
+             (iint->writecount < 0)) &&
-out:
+            !ima_limit_imbalance(file)) {
-        mutex_unlock(&iint->mutex);
+                printk(KERN_INFO "%s: open/free imbalance (r:%ld w:%ld o:%ld)\n",
-        kref_put(&iint->refcount, iint_free);
+                       __FUNCTION__, iint->readcount, iint->writecount,
-        return rc;
+                       iint->opencount);
+                dump_stack();
+        }
 }
-/*
+/**
- * ima_counts_put - decrement file counts
+ * ima_file_free - called on __fput()
+ * @file: pointer to file structure being freed
 *
- * File counts are incremented in ima_path_check. On file open
+ * Flag files that changed, based on i_version;
- * error, such as ETXTBSY, decrement the counts to prevent
+ * and decrement the iint readcount/writecount.
- * unnecessary imbalance messages.
 */
-void ima_counts_put(struct path *path, int mask)
+void ima_file_free(struct file *file)
 {
-        struct inode *inode = path->dentry->d_inode;
+        struct inode *inode = file->f_dentry->d_inode;
        struct ima_iint_cache *iint;
-        /* The inode may already have been freed, freeing the iint
+        if (!ima_initialized || !S_ISREG(inode->i_mode))
-         * with it. Verify the inode is not NULL before dereferencing
-         * it.
-         */
-        if (!ima_initialized || !inode || !S_ISREG(inode->i_mode))
                return;
-        iint = ima_iint_find_insert_get(inode);
+        iint = ima_iint_find_get(inode);
        if (!iint)
                return;
        mutex_lock(&iint->mutex);
-        iint->opencount--;
+        ima_dec_counts(iint, inode, file);
-        if ((mask & MAY_WRITE) || (mask == 0))
-                iint->writecount--;
-        else if (mask & (MAY_READ | MAY_EXEC))
-                iint->readcount--;
        mutex_unlock(&iint->mutex);
        kref_put(&iint->refcount, iint_free);
 }
-/*
+static int process_measurement(struct file *file, const unsigned char *filename,
- * ima_counts_get - increment file counts
+                               int mask, int function)
- *
- * - for IPC shm and shmat file.
- * - for nfsd exported files.
- *
- * Increment the counts for these files to prevent unnecessary
- * imbalance messages.
- */
-void ima_counts_get(struct file *file)
 {
        struct inode *inode = file->f_dentry->d_inode;
        struct ima_iint_cache *iint;
+        int rc;
        if (!ima_initialized || !S_ISREG(inode->i_mode))
-                return;
+                return 0;
-        iint = ima_iint_find_insert_get(inode);
+        iint = ima_iint_find_get(inode);
        if (!iint)
-                return;
+                return -ENOMEM;
        mutex_lock(&iint->mutex);
-        iint->opencount++;
+        rc = ima_must_measure(iint, inode, mask, function);
-        if ((file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
+        if (rc != 0)
-                iint->readcount++;
+                goto out;
-        if (file->f_mode & FMODE_WRITE)
+        rc = ima_collect_measurement(iint, file);
-                iint->writecount++;
+        if (!rc)
+                ima_store_measurement(iint, file, filename);
+out:
        mutex_unlock(&iint->mutex);
        kref_put(&iint->refcount, iint_free);
+        return rc;
 }
-EXPORT_SYMBOL_GPL(ima_counts_get);
 /**
 * ima_file_mmap - based on policy, collect/store measurement.
@@ -347,11 +297,31 @@ int ima_bprm_check(struct linux_binprm *bprm)
        return 0;
 }
+/**
+ * ima_path_check - based on policy, collect/store measurement.
+ * @file: pointer to the file to be measured
+ * @mask: contains MAY_READ, MAY_WRITE or MAY_EXECUTE
+ *
+ * Measure files based on the ima_must_measure() policy decision.
+ *
+ * Always return 0 and audit dentry_open failures.
+ * (Return code will be based upon measurement appraisal.)
+ */
+int ima_file_check(struct file *file, int mask)
+{
+        int rc;
+        rc = process_measurement(file, file->f_dentry->d_name.name,
+                                 mask & (MAY_READ | MAY_WRITE | MAY_EXEC),
+                                 FILE_CHECK);
+        return 0;
+}
+EXPORT_SYMBOL_GPL(ima_file_check);
 static int __init init_ima(void)
 {
        int error;
-        ima_iintcache_init();
        error = ima_init();
        ima_initialized = 1;
        return error;
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index e1278399b345..8643a93c5963 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -15,6 +15,7 @@
 #include <linux/security.h>
 #include <linux/magic.h>
 #include <linux/parser.h>
+#include <linux/slab.h>
 #include "ima.h"
@@ -67,7 +68,7 @@ static struct ima_measure_rule_entry default_rules[] = {
         .flags = IMA_FUNC | IMA_MASK},
        {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC,
         .flags = IMA_FUNC | IMA_MASK},
-        {.action = MEASURE,.func = PATH_CHECK,.mask = MAY_READ,.uid = 0,
+        {.action = MEASURE,.func = FILE_CHECK,.mask = MAY_READ,.uid = 0,
         .flags = IMA_FUNC | IMA_MASK | IMA_UID},
 };
@@ -282,8 +283,11 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
                        break;
                case Opt_func:
                        audit_log_format(ab, "func=%s ", args[0].from);
-                        if (strcmp(args[0].from, "PATH_CHECK") == 0)
+                        if (strcmp(args[0].from, "FILE_CHECK") == 0)
-                                entry->func = PATH_CHECK;
+                                entry->func = FILE_CHECK;
+                        /* PATH_CHECK is for backwards compat */
+                        else if (strcmp(args[0].from, "PATH_CHECK") == 0)
+                                entry->func = FILE_CHECK;
                        else if (strcmp(args[0].from, "FILE_MMAP") == 0)
                                entry->func = FILE_MMAP;
                        else if (strcmp(args[0].from, "BPRM_CHECK") == 0)
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index a0880e9c8e05..46ba62b1adf5 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -20,6 +20,7 @@
 */
 #include <linux/module.h>
 #include <linux/rculist.h>
+#include <linux/slab.h>
 #include "ima.h"
 LIST_HEAD(ima_measurements);    /* list of all measurements */
diff --git a/security/keys/gc.c b/security/keys/gc.c
index 4770be375ffe..a46e825cbf02 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -77,9 +77,10 @@ static bool key_gc_keyring(struct key *keyring, time_t limit)
                goto dont_gc;
        /* scan the keyring looking for dead keys */
+        rcu_read_lock();
        klist = rcu_dereference(keyring->payload.subscriptions);
        if (!klist)
-                goto dont_gc;
+                goto unlock_dont_gc;
        for (loop = klist->nkeys - 1; loop >= 0; loop--) {
                key = klist->keys[loop];
@@ -88,11 +89,14 @@ static bool key_gc_keyring(struct key *keyring, time_t limit)
                        goto do_gc;
        }
+unlock_dont_gc:
+        rcu_read_unlock();
 dont_gc:
        kleave(" = false");
        return false;
 do_gc:
+        rcu_read_unlock();
        key_gc_cursor = keyring->serial;
        key_get(keyring);
        spin_unlock(&key_serial_lock);
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 06ec722897be..e9c2e7c584d9 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1194,7 +1194,7 @@ long keyctl_get_security(key_serial_t keyid,
                 * have the authorisation token handy */
                instkey = key_get_instantiation_authkey(keyid);
                if (IS_ERR(instkey))
-                        return PTR_ERR(key_ref);
+                        return PTR_ERR(instkey);
                key_put(instkey);
                key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0);
@@ -1236,6 +1236,7 @@ long keyctl_get_security(key_serial_t keyid,
 */
 long keyctl_session_to_parent(void)
 {
+#ifdef TIF_NOTIFY_RESUME
        struct task_struct *me, *parent;
        const struct cred *mycred, *pcred;
        struct cred *cred, *oldcred;
@@ -1326,6 +1327,15 @@ not_permitted:
 error_keyring:
        key_ref_put(keyring_r);
        return ret;
+#else /* !TIF_NOTIFY_RESUME */
+        /*
+         * To be removed when TIF_NOTIFY_RESUME has been implemented on
+         * m68k/xtensa
+         */
+#warning TIF_NOTIFY_RESUME not implemented
+        return -EOPNOTSUPP;
+#endif /* !TIF_NOTIFY_RESUME */
 }
 /*****************************************************************************/
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 8ec02746ca99..1e4b0037935c 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -20,6 +20,11 @@
 #include <asm/uaccess.h>
 #include "internal.h"
+#define rcu_dereference_locked_keyring(keyring)                         \
+        (rcu_dereference_protected(                                     \
+                (keyring)->payload.subscriptions,                       \
+                rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))
 /*
 * when plumbing the depths of the key tree, this sets a hard limit set on how
 * deep we're willing to go
@@ -151,7 +156,9 @@ static void keyring_destroy(struct key *keyring)
                write_unlock(&keyring_name_lock);
        }
-        klist = rcu_dereference(keyring->payload.subscriptions);
+        klist = rcu_dereference_check(keyring->payload.subscriptions,
+                                      rcu_read_lock_held() ||
+                                      atomic_read(&keyring->usage) == 0);
        if (klist) {
                for (loop = klist->nkeys - 1; loop >= 0; loop--)
                        key_put(klist->keys[loop]);
@@ -199,8 +206,7 @@ static long keyring_read(const struct key *keyring,
        int loop, ret;
        ret = 0;
-        klist = rcu_dereference(keyring->payload.subscriptions);
+        klist = rcu_dereference_locked_keyring(keyring);
        if (klist) {
                /* calculate how much data we could return */
                qty = klist->nkeys * sizeof(key_serial_t);
@@ -524,9 +530,8 @@ struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
        struct key *keyring;
        int bucket;
-        keyring = ERR_PTR(-EINVAL);
        if (!name)
-                goto error;
+                return ERR_PTR(-EINVAL);
        bucket = keyring_hash(name);
@@ -553,17 +558,18 @@ struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
                                           KEY_SEARCH) < 0)
                                continue;
-                        /* we've got a match */
+                        /* we've got a match but we might end up racing with
-                        atomic_inc(&keyring->usage);
+                         * key_cleanup() if the keyring is currently 'dead'
-                        read_unlock(&keyring_name_lock);
+                         * (ie. it has a zero usage count) */
-                        goto error;
+                        if (!atomic_inc_not_zero(&keyring->usage))
+                                continue;
+                        goto out;
                }
        }
-        read_unlock(&keyring_name_lock);
        keyring = ERR_PTR(-ENOKEY);
+out:
- error:
+        read_unlock(&keyring_name_lock);
        return keyring;
 } /* end find_keyring_by_name() */
@@ -718,8 +724,7 @@ int __key_link(struct key *keyring, struct key *key)
        }
        /* see if there's a matching key we can displace */
-        klist = keyring->payload.subscriptions;
+        klist = rcu_dereference_locked_keyring(keyring);
        if (klist && klist->nkeys > 0) {
                struct key_type *type = key->type;
@@ -763,8 +768,6 @@ int __key_link(struct key *keyring, struct key *key)
        if (ret < 0)
                goto error2;
-        klist = keyring->payload.subscriptions;
        if (klist && klist->nkeys < klist->maxkeys) {
                /* there's sufficient slack space to add directly */
                atomic_inc(&key->usage);
@@ -866,7 +869,7 @@ int key_unlink(struct key *keyring, struct key *key)
        down_write(&keyring->sem);
-        klist = keyring->payload.subscriptions;
+        klist = rcu_dereference_locked_keyring(keyring);
        if (klist) {
                /* search the keyring for the key */
                for (loop = 0; loop < klist->nkeys; loop++)
@@ -957,7 +960,7 @@ int keyring_clear(struct key *keyring)
                /* detach the pointer block with the locks held */
                down_write(&keyring->sem);
-                klist = keyring->payload.subscriptions;
+                klist = rcu_dereference_locked_keyring(keyring);
                if (klist) {
                        /* adjust the quota */
                        key_payload_reserve(keyring,
@@ -989,7 +992,9 @@ EXPORT_SYMBOL(keyring_clear);
 */
 static void keyring_revoke(struct key *keyring)
 {
-        struct keyring_list *klist = keyring->payload.subscriptions;
+        struct keyring_list *klist;
+        klist = rcu_dereference_locked_keyring(keyring);
        /* adjust the quota */
        key_payload_reserve(keyring, 0);
@@ -1023,7 +1028,7 @@ void keyring_gc(struct key *keyring, time_t limit)
        down_write(&keyring->sem);
-        klist = keyring->payload.subscriptions;
+        klist = rcu_dereference_locked_keyring(keyring);
        if (!klist)
                goto no_klist;
diff --git a/security/keys/proc.c b/security/keys/proc.c
index 9d01021ca0c8..706d63f4f185 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -12,7 +12,6 @@
 #include <linux/module.h>
 #include <linux/init.h>
 #include <linux/sched.h>
-#include <linux/slab.h>
 #include <linux/fs.h>
 #include <linux/proc_fs.h>
 #include <linux/seq_file.h>
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 5c23afb31ece..06c2ccf26ed3 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -12,7 +12,6 @@
 #include <linux/module.h>
 #include <linux/init.h>
 #include <linux/sched.h>
-#include <linux/slab.h>
 #include <linux/keyctl.h>
 #include <linux/fs.h>
 #include <linux/err.h>
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 03fe63ed55bd..d8c1a6a0fb08 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -68,7 +68,8 @@ static int call_sbin_request_key(struct key_construction *cons,
 {
        const struct cred *cred = current_cred();
        key_serial_t prkey, sskey;
-        struct key *key = cons->key, *authkey = cons->authkey, *keyring;
+        struct key *key = cons->key, *authkey = cons->authkey, *keyring,
+                *session;
        char *argv[9], *envp[3], uid_str[12], gid_str[12];
        char key_str[12], keyring_str[3][12];
        char desc[20];
@@ -93,7 +94,7 @@ static int call_sbin_request_key(struct key_construction *cons,
        }
        /* attach the auth key to the session keyring */
-        ret = __key_link(keyring, authkey);
+        ret = key_link(keyring, authkey);
        if (ret < 0)
                goto error_link;
@@ -112,10 +113,12 @@ static int call_sbin_request_key(struct key_construction *cons,
        if (cred->tgcred->process_keyring)
                prkey = cred->tgcred->process_keyring->serial;
-        if (cred->tgcred->session_keyring)
+        rcu_read_lock();
-                sskey = rcu_dereference(cred->tgcred->session_keyring)->serial;
+        session = rcu_dereference(cred->tgcred->session_keyring);
-        else
+        if (!session)
-                sskey = cred->user->session_keyring->serial;
+                session = cred->user->session_keyring;
+        sskey = session->serial;
+        rcu_read_unlock();
        sprintf(keyring_str[2], "%d", sskey);
@@ -336,8 +339,10 @@ static int construct_alloc_key(struct key_type *type,
 key_already_present:
        mutex_unlock(&key_construction_mutex);
-        if (dest_keyring)
+        if (dest_keyring) {
+                __key_link(dest_keyring, key_ref_to_ptr(key_ref));
                up_write(&dest_keyring->sem);
+        }
        mutex_unlock(&user->cons_lock);
        key_put(key);
        *_key = key = key_ref_to_ptr(key_ref);
@@ -428,6 +433,11 @@ struct key *request_key_and_link(struct key_type *type,
        if (!IS_ERR(key_ref)) {
                key = key_ref_to_ptr(key_ref);
+                if (dest_keyring) {
+                        construct_get_dest_keyring(&dest_keyring);
+                        key_link(dest_keyring, key);
+                        key_put(dest_keyring);
+                }
        } else if (PTR_ERR(key_ref) != -EAGAIN) {
                key = ERR_CAST(key_ref);
        } else  {
diff --git a/security/keys/sysctl.c b/security/keys/sysctl.c
index 5e05dc09e2db..ee32d181764a 100644
--- a/security/keys/sysctl.c
+++ b/security/keys/sysctl.c
@@ -17,54 +17,49 @@ static const int zero, one = 1, max = INT_MAX;
 ctl_table key_sysctls[] = {
        {
-                .ctl_name = CTL_UNNUMBERED,
                .procname = "maxkeys",
                .data = &key_quota_maxkeys,
                .maxlen = sizeof(unsigned),
                .mode = 0644,
-                .proc_handler = &proc_dointvec_minmax,
+                .proc_handler = proc_dointvec_minmax,
                .extra1 = (void *) &one,
                .extra2 = (void *) &max,
        },
        {
-                .ctl_name = CTL_UNNUMBERED,
                .procname = "maxbytes",
                .data = &key_quota_maxbytes,
                .maxlen = sizeof(unsigned),
                .mode = 0644,
-                .proc_handler = &proc_dointvec_minmax,
+                .proc_handler = proc_dointvec_minmax,
                .extra1 = (void *) &one,
                .extra2 = (void *) &max,
        },
        {
-                .ctl_name = CTL_UNNUMBERED,
                .procname = "root_maxkeys",
                .data = &key_quota_root_maxkeys,
                .maxlen = sizeof(unsigned),
                .mode = 0644,
-                .proc_handler = &proc_dointvec_minmax,
+                .proc_handler = proc_dointvec_minmax,
                .extra1 = (void *) &one,
                .extra2 = (void *) &max,
        },
        {
-                .ctl_name = CTL_UNNUMBERED,
                .procname = "root_maxbytes",
                .data = &key_quota_root_maxbytes,
                .maxlen = sizeof(unsigned),
                .mode = 0644,
-                .proc_handler = &proc_dointvec_minmax,
+                .proc_handler = proc_dointvec_minmax,
                .extra1 = (void *) &one,
                .extra2 = (void *) &max,
        },
        {
-                .ctl_name = CTL_UNNUMBERED,
                .procname = "gc_delay",
                .data = &key_gc_delay,
                .maxlen = sizeof(unsigned),
                .mode = 0644,
-                .proc_handler = &proc_dointvec_minmax,
+                .proc_handler = proc_dointvec_minmax,
                .extra1 = (void *) &zero,
                .extra2 = (void *) &max,
        },
-        { .ctl_name = 0 }
+        { }
 };
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index 7c687d568221..e9aa07929656 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -199,7 +199,8 @@ long user_read(const struct key *key, char __user *buffer, size_t buflen)
        struct user_key_payload *upayload;
        long ret;
-        upayload = rcu_dereference(key->payload.data);
+        upayload = rcu_dereference_protected(
+                key->payload.data, rwsem_is_locked(&((struct key *)key)->sem));
        ret = upayload->datalen;
        /* we can return the data as is */
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 3bb90b6f1dd3..893365b79a29 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -14,6 +14,7 @@
 #include <linux/types.h>
 #include <linux/stddef.h>
 #include <linux/kernel.h>
+#include <linux/gfp.h>
 #include <linux/fs.h>
 #include <linux/init.h>
 #include <net/sock.h>
@@ -273,11 +274,11 @@ static void dump_common_audit_data(struct audit_buffer *ab,
                        case AF_INET: {
                                struct inet_sock *inet = inet_sk(sk);
-                                print_ipv4_addr(ab, inet->rcv_saddr,
+                                print_ipv4_addr(ab, inet->inet_rcv_saddr,
-                                                inet->sport,
+                                                inet->inet_sport,
                                                "laddr", "lport");
-                                print_ipv4_addr(ab, inet->daddr,
+                                print_ipv4_addr(ab, inet->inet_daddr,
-                                                inet->dport,
+                                                inet->inet_dport,
                                                "faddr", "fport");
                                break;
                        }
@@ -286,10 +287,10 @@ static void dump_common_audit_data(struct audit_buffer *ab,
                                struct ipv6_pinfo *inet6 = inet6_sk(sk);
                                print_ipv6_addr(ab, &inet6->rcv_saddr,
-                                                inet->sport,
+                                                inet->inet_sport,
                                                "laddr", "lport");
                                print_ipv6_addr(ab, &inet6->daddr,
-                                                inet->dport,
+                                                inet->inet_dport,
                                                "faddr", "fport");
                                break;
                        }
@@ -354,6 +355,10 @@ static void dump_common_audit_data(struct audit_buffer *ab,
                }
                break;
 #endif
+        case LSM_AUDIT_DATA_KMOD:
+                audit_log_format(ab, " kmod=");
+                audit_log_untrustedstring(ab, a->u.kmod_name);
+                break;
        } /* switch (a->type) */
 }
diff --git a/security/min_addr.c b/security/min_addr.c
index c844eed7915d..f728728f193b 100644
--- a/security/min_addr.c
+++ b/security/min_addr.c
@@ -33,6 +33,9 @@ int mmap_min_addr_handler(struct ctl_table *table, int write,
 {
        int ret;
+        if (write && !capable(CAP_SYS_RAWIO))
+                return -EPERM;
        ret = proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
        update_mmap_min_addr();
@@ -40,7 +43,7 @@ int mmap_min_addr_handler(struct ctl_table *table, int write,
        return ret;
 }
-int __init init_mmap_min_addr(void)
+static int __init init_mmap_min_addr(void)
 {
        update_mmap_min_addr();
diff --git a/security/root_plug.c b/security/root_plug.c
deleted file mode 100644
index 2f7ffa67c4d2..000000000000
--- a/security/root_plug.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Root Plug sample LSM module
- *
- * Originally written for a Linux Journal.
- *
- * Copyright (C) 2002 Greg Kroah-Hartman <greg@kroah.com>
- *
- * Prevents any programs running with egid == 0 if a specific USB device
- * is not present in the system.  Yes, it can be gotten around, but is a
- * nice starting point for people to play with, and learn the LSM
- * interface.
- *
- * If you want to turn this into something with a semblance of security,
- * you need to hook the task_* functions also.
- *
- * See http://www.linuxjournal.com/article.php?sid=6279 for more information
- * about this code.
- *
- *      This program is free software; you can redistribute it and/or
- *      modify it under the terms of the GNU General Public License as
- *      published by the Free Software Foundation, version 2 of the
- *      License.
- */
-#include <linux/kernel.h>
-#include <linux/init.h>
-#include <linux/security.h>
-#include <linux/usb.h>
-#include <linux/moduleparam.h>
-/* default is a generic type of usb to serial converter */
-static int vendor_id = 0x0557;
-static int product_id = 0x2008;
-module_param(vendor_id, uint, 0400);
-module_param(product_id, uint, 0400);
-/* should we print out debug messages */
-static int debug = 0;
-module_param(debug, bool, 0600);
-#define MY_NAME "root_plug"
-#define root_dbg(fmt, arg...)                                   \
-        do {                                                    \
-                if (debug)                                      \
-                        printk(KERN_DEBUG "%s: %s: " fmt ,      \
-                                MY_NAME , __func__ ,    \
-                                ## arg);                        \
-        } while (0)
-static int rootplug_bprm_check_security (struct linux_binprm *bprm)
-{
-        struct usb_device *dev;
-        root_dbg("file %s, e_uid = %d, e_gid = %d\n",
-                 bprm->filename, bprm->cred->euid, bprm->cred->egid);
-        if (bprm->cred->egid == 0) {
-                dev = usb_find_device(vendor_id, product_id);
-                if (!dev) {
-                        root_dbg("e_gid = 0, and device not found, "
-                                 "task not allowed to run...\n");
-                        return -EPERM;
-                }
-                usb_put_dev(dev);
-        }
-        return 0;
-}
-static struct security_operations rootplug_security_ops = {
-        .bprm_check_security =          rootplug_bprm_check_security,
-};
-static int __init rootplug_init (void)
-{
-        /* register ourselves with the security framework */
-        if (register_security (&rootplug_security_ops)) {
-                printk (KERN_INFO 
-                        "Failure registering Root Plug module with the kernel\n");
-                        return -EINVAL;
-        }
-        printk (KERN_INFO "Root Plug module initialized, "
-                "vendor_id = %4.4x, product id = %4.4x\n", vendor_id, product_id);
-        return 0;
-}
-security_initcall (rootplug_init);
diff --git a/security/security.c b/security/security.c
index c4c673240c1c..687c6fd14bb6 100644
--- a/security/security.c
+++ b/security/security.c
@@ -16,15 +16,19 @@
 #include <linux/init.h>
 #include <linux/kernel.h>
 #include <linux/security.h>
+#include <linux/ima.h>
 /* Boot-time LSM user choice */
-static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1];
+static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
+        CONFIG_DEFAULT_SECURITY;
 /* things that live in capability.c */
-extern struct security_operations default_security_ops;
 extern void security_fixup_ops(struct security_operations *ops);
-struct security_operations *security_ops;       /* Initialized to NULL */
+static struct security_operations *security_ops;
+static struct security_operations default_security_ops = {
+        .name   = "default",
+};
 static inline int verify(struct security_operations *ops)
 {
@@ -61,6 +65,11 @@ int __init security_init(void)
        return 0;
 }
+void reset_security_ops(void)
+{
+        security_ops = &default_security_ops;
+}
 /* Save user chosen LSM */
 static int __init choose_lsm(char *str)
 {
@@ -79,8 +88,10 @@ __setup("security=", choose_lsm);
 *
 * Return true if:
 *      -The passed LSM is the one chosen by user at boot time,
- *      -or user didn't specify a specific LSM and we're the first to ask
+ *      -or the passed LSM is configured as the default and the user did not
- *       for registration permission,
+ *       choose an alternate LSM at boot time,
+ *      -or there is no default LSM set and the user didn't specify a
+ *       specific LSM and we're the first to ask for registration permission,
 *      -or the passed LSM is currently loaded.
 * Otherwise, return false.
 */
@@ -199,9 +210,9 @@ int security_quota_on(struct dentry *dentry)
        return security_ops->quota_on(dentry);
 }
-int security_syslog(int type)
+int security_syslog(int type, bool from_file)
 {
-        return security_ops->syslog(type);
+        return security_ops->syslog(type, from_file);
 }
 int security_settime(struct timespec *ts, struct timezone *tz)
@@ -235,7 +246,12 @@ int security_bprm_set_creds(struct linux_binprm *bprm)
 int security_bprm_check(struct linux_binprm *bprm)
 {
-        return security_ops->bprm_check_security(bprm);
+        int ret;
+        ret = security_ops->bprm_check_security(bprm);
+        if (ret)
+                return ret;
+        return ima_bprm_check(bprm);
 }
 void security_bprm_committing_creds(struct linux_binprm *bprm)
@@ -352,12 +368,21 @@ EXPORT_SYMBOL(security_sb_parse_opts_str);
 int security_inode_alloc(struct inode *inode)
 {
+        int ret;
        inode->i_security = NULL;
-        return security_ops->inode_alloc_security(inode);
+        ret =  security_ops->inode_alloc_security(inode);
+        if (ret)
+                return ret;
+        ret = ima_inode_alloc(inode);
+        if (ret)
+                security_inode_free(inode);
+        return ret;
 }
 void security_inode_free(struct inode *inode)
 {
+        ima_inode_free(inode);
        security_ops->inode_free_security(inode);
 }
@@ -371,42 +396,42 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
 EXPORT_SYMBOL(security_inode_init_security);
 #ifdef CONFIG_SECURITY_PATH
-int security_path_mknod(struct path *path, struct dentry *dentry, int mode,
+int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
                        unsigned int dev)
 {
-        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+        if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
                return 0;
-        return security_ops->path_mknod(path, dentry, mode, dev);
+        return security_ops->path_mknod(dir, dentry, mode, dev);
 }
 EXPORT_SYMBOL(security_path_mknod);
-int security_path_mkdir(struct path *path, struct dentry *dentry, int mode)
+int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode)
 {
-        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+        if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
                return 0;
-        return security_ops->path_mkdir(path, dentry, mode);
+        return security_ops->path_mkdir(dir, dentry, mode);
 }
-int security_path_rmdir(struct path *path, struct dentry *dentry)
+int security_path_rmdir(struct path *dir, struct dentry *dentry)
 {
-        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+        if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
                return 0;
-        return security_ops->path_rmdir(path, dentry);
+        return security_ops->path_rmdir(dir, dentry);
 }
-int security_path_unlink(struct path *path, struct dentry *dentry)
+int security_path_unlink(struct path *dir, struct dentry *dentry)
 {
-        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+        if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
                return 0;
-        return security_ops->path_unlink(path, dentry);
+        return security_ops->path_unlink(dir, dentry);
 }
-int security_path_symlink(struct path *path, struct dentry *dentry,
+int security_path_symlink(struct path *dir, struct dentry *dentry,
                          const char *old_name)
 {
-        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+        if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
                return 0;
-        return security_ops->path_symlink(path, dentry, old_name);
+        return security_ops->path_symlink(dir, dentry, old_name);
 }
 int security_path_link(struct dentry *old_dentry, struct path *new_dir,
@@ -434,6 +459,26 @@ int security_path_truncate(struct path *path, loff_t length,
                return 0;
        return security_ops->path_truncate(path, length, time_attrs);
 }
+int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
+                        mode_t mode)
+{
+        if (unlikely(IS_PRIVATE(dentry->d_inode)))
+                return 0;
+        return security_ops->path_chmod(dentry, mnt, mode);
+}
+int security_path_chown(struct path *path, uid_t uid, gid_t gid)
+{
+        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+                return 0;
+        return security_ops->path_chown(path, uid, gid);
+}
+int security_path_chroot(struct path *path)
+{
+        return security_ops->path_chroot(path);
+}
 #endif
 int security_inode_create(struct inode *dir, struct dentry *dentry, int mode)
@@ -592,14 +637,14 @@ int security_inode_killpriv(struct dentry *dentry)
 int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
 {
        if (unlikely(IS_PRIVATE(inode)))
-                return 0;
+                return -EOPNOTSUPP;
        return security_ops->inode_getsecurity(inode, name, buffer, alloc);
 }
 int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
 {
        if (unlikely(IS_PRIVATE(inode)))
-                return 0;
+                return -EOPNOTSUPP;
        return security_ops->inode_setsecurity(inode, name, value, size, flags);
 }
@@ -639,7 +684,12 @@ int security_file_mmap(struct file *file, unsigned long reqprot,
                        unsigned long prot, unsigned long flags,
                        unsigned long addr, unsigned long addr_only)
 {
-        return security_ops->file_mmap(file, reqprot, prot, flags, addr, addr_only);
+        int ret;
+        ret = security_ops->file_mmap(file, reqprot, prot, flags, addr, addr_only);
+        if (ret)
+                return ret;
+        return ima_file_mmap(file, prot);
 }
 int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
@@ -719,9 +769,9 @@ int security_kernel_create_files_as(struct cred *new, struct inode *inode)
        return security_ops->kernel_create_files_as(new, inode);
 }
-int security_kernel_module_request(void)
+int security_kernel_module_request(char *kmod_name)
 {
-        return security_ops->kernel_module_request();
+        return security_ops->kernel_module_request(kmod_name);
 }
 int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
diff --git a/security/selinux/.gitignore b/security/selinux/.gitignore
new file mode 100644
index 000000000000..2e5040a3d48b
--- /dev/null
+++ b/security/selinux/.gitignore
@@ -0,0 +1,2 @@
+av_permissions.h
+flask.h
diff --git a/security/selinux/Makefile b/security/selinux/Makefile
index d47fc5e545e0..f013982df417 100644
--- a/security/selinux/Makefile
+++ b/security/selinux/Makefile
@@ -18,5 +18,13 @@ selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
 selinux-$(CONFIG_NETLABEL) += netlabel.o
-EXTRA_CFLAGS += -Isecurity/selinux/include
+EXTRA_CFLAGS += -Isecurity/selinux -Isecurity/selinux/include
+$(obj)/avc.o: $(obj)/flask.h
+quiet_cmd_flask = GEN     $(obj)/flask.h $(obj)/av_permissions.h
+      cmd_flask = scripts/selinux/genheaders/genheaders $(obj)/flask.h $(obj)/av_permissions.h
+targets += flask.h
+$(obj)/flask.h: $(src)/include/classmap.h FORCE
+        $(call if_changed,flask)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index b4b5da1c0a42..989fef82563a 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -31,43 +31,7 @@
 #include <net/ipv6.h>
 #include "avc.h"
 #include "avc_ss.h"
+#include "classmap.h"
-static const struct av_perm_to_string av_perm_to_string[] = {
-#define S_(c, v, s) { c, v, s },
-#include "av_perm_to_string.h"
-#undef S_
-};
-static const char *class_to_string[] = {
-#define S_(s) s,
-#include "class_to_string.h"
-#undef S_
-};
-#define TB_(s) static const char *s[] = {
-#define TE_(s) };
-#define S_(s) s,
-#include "common_perm_to_string.h"
-#undef TB_
-#undef TE_
-#undef S_
-static const struct av_inherit av_inherit[] = {
-#define S_(c, i, b) {   .tclass = c,\
-                        .common_pts = common_##i##_perm_to_string,\
-                        .common_base =  b },
-#include "av_inherit.h"
-#undef S_
-};
-const struct selinux_class_perm selinux_class_perm = {
-        .av_perm_to_string = av_perm_to_string,
-        .av_pts_len = ARRAY_SIZE(av_perm_to_string),
-        .class_to_string = class_to_string,
-        .cts_len = ARRAY_SIZE(class_to_string),
-        .av_inherit = av_inherit,
-        .av_inherit_len = ARRAY_SIZE(av_inherit)
-};
 #define AVC_CACHE_SLOTS                 512
 #define AVC_DEF_CACHE_THRESHOLD         512
@@ -139,52 +103,28 @@ static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass)
 */
 static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
 {
-        const char **common_pts = NULL;
+        const char **perms;
-        u32 common_base = 0;
+        int i, perm;
-        int i, i2, perm;
        if (av == 0) {
                audit_log_format(ab, " null");
                return;
        }
-        for (i = 0; i < ARRAY_SIZE(av_inherit); i++) {
+        perms = secclass_map[tclass-1].perms;
-                if (av_inherit[i].tclass == tclass) {
-                        common_pts = av_inherit[i].common_pts;
-                        common_base = av_inherit[i].common_base;
-                        break;
-                }
-        }
        audit_log_format(ab, " {");
        i = 0;
        perm = 1;
-        while (perm < common_base) {
+        while (i < (sizeof(av) * 8)) {
-                if (perm & av) {
+                if ((perm & av) && perms[i]) {
-                        audit_log_format(ab, " %s", common_pts[i]);
+                        audit_log_format(ab, " %s", perms[i]);
                        av &= ~perm;
                }
                i++;
                perm <<= 1;
        }
-        while (i < sizeof(av) * 8) {
-                if (perm & av) {
-                        for (i2 = 0; i2 < ARRAY_SIZE(av_perm_to_string); i2++) {
-                                if ((av_perm_to_string[i2].tclass == tclass) &&
-                                    (av_perm_to_string[i2].value == perm))
-                                        break;
-                        }
-                        if (i2 < ARRAY_SIZE(av_perm_to_string)) {
-                                audit_log_format(ab, " %s",
-                                                 av_perm_to_string[i2].name);
-                                av &= ~perm;
-                        }
-                }
-                i++;
-                perm <<= 1;
-        }
        if (av)
                audit_log_format(ab, " 0x%x", av);
@@ -219,8 +159,8 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
                kfree(scontext);
        }
-        BUG_ON(tclass >= ARRAY_SIZE(class_to_string) || !class_to_string[tclass]);
+        BUG_ON(tclass >= ARRAY_SIZE(secclass_map));
-        audit_log_format(ab, " tclass=%s", class_to_string[tclass]);
+        audit_log_format(ab, " tclass=%s", secclass_map[tclass-1].name);
 }
 /**
@@ -397,7 +337,7 @@ static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass)
 * Look up an AVC entry that is valid for the
 * (@ssid, @tsid), interpreting the permissions
 * based on @tclass.  If a valid AVC entry exists,
- * then this function return the avc_node.
+ * then this function returns the avc_node.
 * Otherwise, this function returns NULL.
 */
 static struct avc_node *avc_lookup(u32 ssid, u32 tsid, u16 tclass)
@@ -549,17 +489,14 @@ void avc_audit(u32 ssid, u32 tsid,
        struct common_audit_data stack_data;
        u32 denied, audited;
        denied = requested & ~avd->allowed;
-        if (denied) {
+        if (denied)
-                audited = denied;
+                audited = denied & avd->auditdeny;
-                if (!(audited & avd->auditdeny))
+        else if (result)
-                        return;
-        } else if (result) {
                audited = denied = requested;
-        } else {
+        else
-                audited = requested;
+                audited = requested & avd->auditallow;
-                if (!(audited & avd->auditallow))
+        if (!audited)
-                        return;
+                return;
-        }
        if (!a) {
                a = &stack_data;
                memset(a, 0, sizeof(*a));
@@ -586,7 +523,7 @@ void avc_audit(u32 ssid, u32 tsid,
 * @perms: permissions
 *
 * Register a callback function for events in the set @events
- * related to the SID pair (@ssid, @tsid) and
+ * related to the SID pair (@ssid, @tsid) 
 * and the permissions @perms, interpreting
 * @perms based on @tclass.  Returns %0 on success or
 * -%ENOMEM if insufficient memory exists to add the callback.
@@ -631,7 +568,7 @@ static inline int avc_sidcmp(u32 x, u32 y)
 *
 * if a valid AVC entry doesn't exist,this function returns -ENOENT.
 * if kmalloc() called internal returns NULL, this function returns -ENOMEM.
- * otherwise, this function update the AVC entry. The original AVC-entry object
+ * otherwise, this function updates the AVC entry. The original AVC-entry object
 * will release later by RCU.
 */
 static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass,
@@ -806,9 +743,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
                else
                        avd = &avd_entry;
-                rc = security_compute_av(ssid, tsid, tclass, requested, avd);
+                security_compute_av(ssid, tsid, tclass, avd);
-                if (rc)
-                        goto out;
                rcu_read_lock();
                node = avc_insert(ssid, tsid, tclass, avd);
        } else {
@@ -830,7 +765,6 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
        }
        rcu_read_unlock();
-out:
        return rc;
 }
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index bb230d5d7085..5feecb41009d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -76,6 +76,7 @@
 #include <linux/selinux.h>
 #include <linux/mutex.h>
 #include <linux/posix-timers.h>
+#include <linux/syslog.h>
 #include "avc.h"
 #include "objsec.h"
@@ -91,7 +92,6 @@
 #define NUM_SEL_MNT_OPTS 5
-extern unsigned int policydb_loaded_version;
 extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
 extern struct security_operations *security_ops;
@@ -126,13 +126,6 @@ __setup("selinux=", selinux_enabled_setup);
 int selinux_enabled = 1;
 #endif
-/*
- * Minimal support for a secondary security module,
- * just to allow the use of the capability module.
- */
-static struct security_operations *secondary_ops;
 /* Lists of inode and superblock security structures initialized
   before the policy was loaded. */
 static LIST_HEAD(superblock_security_head);
@@ -2050,29 +2043,30 @@ static int selinux_quota_on(struct dentry *dentry)
        return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON);
 }
-static int selinux_syslog(int type)
+static int selinux_syslog(int type, bool from_file)
 {
        int rc;
-        rc = cap_syslog(type);
+        rc = cap_syslog(type, from_file);
        if (rc)
                return rc;
        switch (type) {
-        case 3:         /* Read last kernel messages */
+        case SYSLOG_ACTION_READ_ALL:    /* Read last kernel messages */
-        case 10:        /* Return size of the log buffer */
+        case SYSLOG_ACTION_SIZE_BUFFER: /* Return size of the log buffer */
                rc = task_has_system(current, SYSTEM__SYSLOG_READ);
                break;
-        case 6:         /* Disable logging to console */
+        case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console */
-        case 7:         /* Enable logging to console */
+        case SYSLOG_ACTION_CONSOLE_ON:  /* Enable logging to console */
-        case 8:         /* Set level of messages printed to console */
+        /* Set level of messages printed to console */
+        case SYSLOG_ACTION_CONSOLE_LEVEL:
                rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
                break;
-        case 0:         /* Close log */
+        case SYSLOG_ACTION_CLOSE:       /* Close log */
-        case 1:         /* Open log */
+        case SYSLOG_ACTION_OPEN:        /* Open log */
-        case 2:         /* Read from log */
+        case SYSLOG_ACTION_READ:        /* Read from log */
-        case 4:         /* Read/clear last kernel messages */
+        case SYSLOG_ACTION_READ_CLEAR:  /* Read/clear last kernel messages */
-        case 5:         /* Clear ring buffer */
+        case SYSLOG_ACTION_CLEAR:       /* Clear ring buffer */
        default:
                rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
                break;
@@ -2366,7 +2360,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
                        initrlim = init_task.signal->rlim + i;
                        rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
                }
-                update_rlimit_cpu(rlim->rlim_cur);
+                update_rlimit_cpu(current->signal->rlim[RLIMIT_CPU].rlim_cur);
        }
 }
@@ -3335,12 +3329,21 @@ static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
        if (ret == 0)
                tsec->create_sid = isec->sid;
-        return 0;
+        return ret;
 }
-static int selinux_kernel_module_request(void)
+static int selinux_kernel_module_request(char *kmod_name)
 {
-        return task_has_system(current, SYSTEM__MODULE_REQUEST);
+        u32 sid;
+        struct common_audit_data ad;
+        sid = task_sid(current);
+        COMMON_AUDIT_DATA_INIT(&ad, KMOD);
+        ad.u.kmod_name = kmod_name;
+        return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
+                            SYSTEM__MODULE_REQUEST, &ad);
 }
 static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
@@ -4085,7 +4088,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
        char *addrp;
        COMMON_AUDIT_DATA_INIT(&ad, NET);
-        ad.u.net.netif = skb->iif;
+        ad.u.net.netif = skb->skb_iif;
        ad.u.net.family = family;
        err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
        if (err)
@@ -4147,7 +4150,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
                return 0;
        COMMON_AUDIT_DATA_INIT(&ad, NET);
-        ad.u.net.netif = skb->iif;
+        ad.u.net.netif = skb->skb_iif;
        ad.u.net.family = family;
        err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
        if (err)
@@ -4159,7 +4162,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
                err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
                if (err)
                        return err;
-                err = selinux_inet_sys_rcv_skb(skb->iif, addrp, family,
+                err = selinux_inet_sys_rcv_skb(skb->skb_iif, addrp, family,
                                               peer_sid, &ad);
                if (err) {
                        selinux_netlbl_err(skb, err, 0);
@@ -4714,10 +4717,7 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
        if (err)
                return err;
-        if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS)
+        return selinux_nlmsg_perm(sk, skb);
-                err = selinux_nlmsg_perm(sk, skb);
-        return err;
 }
 static int selinux_netlink_recv(struct sk_buff *skb, int capability)
@@ -5667,9 +5667,6 @@ static __init int selinux_init(void)
                                            0, SLAB_PANIC, NULL);
        avc_init();
-        secondary_ops = security_ops;
-        if (!secondary_ops)
-                panic("SELinux: No initial security operations\n");
        if (register_security(&selinux_ops))
                panic("SELinux: Unable to register with kernel.\n");
@@ -5830,12 +5827,11 @@ int selinux_disable(void)
        selinux_disabled = 1;
        selinux_enabled = 0;
+        reset_security_ops();
        /* Try to destroy the avc node cache */
        avc_disable();
-        /* Reset security_ops to the secondary module, dummy or capability. */
-        security_ops = secondary_ops;
        /* Unregister netfilter hooks. */
        selinux_nf_ip_exit();
diff --git a/security/selinux/include/av_inherit.h b/security/selinux/include/av_inherit.h
deleted file mode 100644
index abedcd704dae..000000000000
--- a/security/selinux/include/av_inherit.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/* This file is automatically generated.  Do not edit. */
-   S_(SECCLASS_DIR, file, 0x00020000UL)
-   S_(SECCLASS_FILE, file, 0x00020000UL)
-   S_(SECCLASS_LNK_FILE, file, 0x00020000UL)
-   S_(SECCLASS_CHR_FILE, file, 0x00020000UL)
-   S_(SECCLASS_BLK_FILE, file, 0x00020000UL)
-   S_(SECCLASS_SOCK_FILE, file, 0x00020000UL)
-   S_(SECCLASS_FIFO_FILE, file, 0x00020000UL)
-   S_(SECCLASS_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_TCP_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_UDP_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_RAWIP_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_NETLINK_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_PACKET_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_TUN_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_IPC, ipc, 0x00000200UL)
-   S_(SECCLASS_SEM, ipc, 0x00000200UL)
-   S_(SECCLASS_MSGQ, ipc, 0x00000200UL)
-   S_(SECCLASS_SHM, ipc, 0x00000200UL)
-   S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_APPLETALK_SOCKET, socket, 0x00400000UL)
-   S_(SECCLASS_DCCP_SOCKET, socket, 0x00400000UL)
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
deleted file mode 100644
index 2b683ad83d21..000000000000
--- a/security/selinux/include/av_perm_to_string.h
+++ /dev/null
@@ -1,183 +0,0 @@
-/* This file is automatically generated.  Do not edit. */
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget")
-   S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name")
-   S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name")
-   S_(SECCLASS_DIR, DIR__REPARENT, "reparent")
-   S_(SECCLASS_DIR, DIR__SEARCH, "search")
-   S_(SECCLASS_DIR, DIR__RMDIR, "rmdir")
-   S_(SECCLASS_DIR, DIR__OPEN, "open")
-   S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans")
-   S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint")
-   S_(SECCLASS_FILE, FILE__EXECMOD, "execmod")
-   S_(SECCLASS_FILE, FILE__OPEN, "open")
-   S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans")
-   S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint")
-   S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod")
-   S_(SECCLASS_CHR_FILE, CHR_FILE__OPEN, "open")
-   S_(SECCLASS_BLK_FILE, BLK_FILE__OPEN, "open")
-   S_(SECCLASS_SOCK_FILE, SOCK_FILE__OPEN, "open")
-   S_(SECCLASS_FIFO_FILE, FIFO_FILE__OPEN, "open")
-   S_(SECCLASS_FD, FD__USE, "use")
-   S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto")
-   S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn")
-   S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom")
-   S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind")
-   S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect")
-   S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind")
-   S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind")
-   S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv")
-   S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send")
-   S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv")
-   S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send")
-   S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv")
-   S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send")
-   S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest")
-   S_(SECCLASS_NODE, NODE__DCCP_RECV, "dccp_recv")
-   S_(SECCLASS_NODE, NODE__DCCP_SEND, "dccp_send")
-   S_(SECCLASS_NODE, NODE__RECVFROM, "recvfrom")
-   S_(SECCLASS_NODE, NODE__SENDTO, "sendto")
-   S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv")
-   S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send")
-   S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv")
-   S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send")
-   S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv")
-   S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send")
-   S_(SECCLASS_NETIF, NETIF__DCCP_RECV, "dccp_recv")
-   S_(SECCLASS_NETIF, NETIF__DCCP_SEND, "dccp_send")
-   S_(SECCLASS_NETIF, NETIF__INGRESS, "ingress")
-   S_(SECCLASS_NETIF, NETIF__EGRESS, "egress")
-   S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto")
-   S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn")
-   S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom")
-   S_(SECCLASS_PROCESS, PROCESS__FORK, "fork")
-   S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition")
-   S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld")
-   S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill")
-   S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop")
-   S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull")
-   S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal")
-   S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace")
-   S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched")
-   S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched")
-   S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession")
-   S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid")
-   S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid")
-   S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap")
-   S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap")
-   S_(SECCLASS_PROCESS, PROCESS__SHARE, "share")
-   S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr")
-   S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec")
-   S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate")
-   S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure")
-   S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh")
-   S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit")
-   S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh")
-   S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition")
-   S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent")
-   S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")
-   S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")
-   S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")
-   S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate")
-   S_(SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, "setsockcreate")
-   S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
-   S_(SECCLASS_MSG, MSG__SEND, "send")
-   S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
-   S_(SECCLASS_SHM, SHM__LOCK, "lock")
-   S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av")
-   S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create")
-   S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member")
-   S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context")
-   S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy")
-   S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel")
-   S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user")
-   S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce")
-   S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool")
-   S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam")
-   S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot")
-   S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info")
-   S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read")
-   S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod")
-   S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console")
-   S_(SECCLASS_SYSTEM, SYSTEM__MODULE_REQUEST, "module_request")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap")
-   S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_OVERRIDE, "mac_override")
-   S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_ADMIN, "mac_admin")
-   S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read")
-   S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write")
-   S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read")
-   S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, "nlmsg_write")
-   S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, "nlmsg_read")
-   S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, "nlmsg_write")
-   S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read")
-   S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write")
-   S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read")
-   S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write")
-   S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_RELAY, "nlmsg_relay")
-   S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv")
-   S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT, "nlmsg_tty_audit")
-   S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read")
-   S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write")
-   S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")
-   S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")
-   S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext")
-   S_(SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, "polmatch")
-   S_(SECCLASS_PACKET, PACKET__SEND, "send")
-   S_(SECCLASS_PACKET, PACKET__RECV, "recv")
-   S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto")
-   S_(SECCLASS_PACKET, PACKET__FLOW_IN, "flow_in")
-   S_(SECCLASS_PACKET, PACKET__FLOW_OUT, "flow_out")
-   S_(SECCLASS_PACKET, PACKET__FORWARD_IN, "forward_in")
-   S_(SECCLASS_PACKET, PACKET__FORWARD_OUT, "forward_out")
-   S_(SECCLASS_KEY, KEY__VIEW, "view")
-   S_(SECCLASS_KEY, KEY__READ, "read")
-   S_(SECCLASS_KEY, KEY__WRITE, "write")
-   S_(SECCLASS_KEY, KEY__SEARCH, "search")
-   S_(SECCLASS_KEY, KEY__LINK, "link")
-   S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
-   S_(SECCLASS_KEY, KEY__CREATE, "create")
-   S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind")
-   S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect")
-   S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero")
-   S_(SECCLASS_PEER, PEER__RECV, "recv")
-   S_(SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__USE_AS_OVERRIDE, "use_as_override")
-   S_(SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__CREATE_FILES_AS, "create_files_as")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
deleted file mode 100644
index 0546d616ccac..000000000000
--- a/security/selinux/include/av_permissions.h
+++ /dev/null
@@ -1,870 +0,0 @@
-/* This file is automatically generated.  Do not edit. */
-#define COMMON_FILE__IOCTL                               0x00000001UL
-#define COMMON_FILE__READ                                0x00000002UL
-#define COMMON_FILE__WRITE                               0x00000004UL
-#define COMMON_FILE__CREATE                              0x00000008UL
-#define COMMON_FILE__GETATTR                             0x00000010UL
-#define COMMON_FILE__SETATTR                             0x00000020UL
-#define COMMON_FILE__LOCK                                0x00000040UL
-#define COMMON_FILE__RELABELFROM                         0x00000080UL
-#define COMMON_FILE__RELABELTO                           0x00000100UL
-#define COMMON_FILE__APPEND                              0x00000200UL
-#define COMMON_FILE__UNLINK                              0x00000400UL
-#define COMMON_FILE__LINK                                0x00000800UL
-#define COMMON_FILE__RENAME                              0x00001000UL
-#define COMMON_FILE__EXECUTE                             0x00002000UL
-#define COMMON_FILE__SWAPON                              0x00004000UL
-#define COMMON_FILE__QUOTAON                             0x00008000UL
-#define COMMON_FILE__MOUNTON                             0x00010000UL
-#define COMMON_SOCKET__IOCTL                             0x00000001UL
-#define COMMON_SOCKET__READ                              0x00000002UL
-#define COMMON_SOCKET__WRITE                             0x00000004UL
-#define COMMON_SOCKET__CREATE                            0x00000008UL
-#define COMMON_SOCKET__GETATTR                           0x00000010UL
-#define COMMON_SOCKET__SETATTR                           0x00000020UL
-#define COMMON_SOCKET__LOCK                              0x00000040UL
-#define COMMON_SOCKET__RELABELFROM                       0x00000080UL
-#define COMMON_SOCKET__RELABELTO                         0x00000100UL
-#define COMMON_SOCKET__APPEND                            0x00000200UL
-#define COMMON_SOCKET__BIND                              0x00000400UL
-#define COMMON_SOCKET__CONNECT                           0x00000800UL
-#define COMMON_SOCKET__LISTEN                            0x00001000UL
-#define COMMON_SOCKET__ACCEPT                            0x00002000UL
-#define COMMON_SOCKET__GETOPT                            0x00004000UL
-#define COMMON_SOCKET__SETOPT                            0x00008000UL
-#define COMMON_SOCKET__SHUTDOWN                          0x00010000UL
-#define COMMON_SOCKET__RECVFROM                          0x00020000UL
-#define COMMON_SOCKET__SENDTO                            0x00040000UL
-#define COMMON_SOCKET__RECV_MSG                          0x00080000UL
-#define COMMON_SOCKET__SEND_MSG                          0x00100000UL
-#define COMMON_SOCKET__NAME_BIND                         0x00200000UL
-#define COMMON_IPC__CREATE                               0x00000001UL
-#define COMMON_IPC__DESTROY                              0x00000002UL
-#define COMMON_IPC__GETATTR                              0x00000004UL
-#define COMMON_IPC__SETATTR                              0x00000008UL
-#define COMMON_IPC__READ                                 0x00000010UL
-#define COMMON_IPC__WRITE                                0x00000020UL
-#define COMMON_IPC__ASSOCIATE                            0x00000040UL
-#define COMMON_IPC__UNIX_READ                            0x00000080UL
-#define COMMON_IPC__UNIX_WRITE                           0x00000100UL
-#define FILESYSTEM__MOUNT                         0x00000001UL
-#define FILESYSTEM__REMOUNT                       0x00000002UL
-#define FILESYSTEM__UNMOUNT                       0x00000004UL
-#define FILESYSTEM__GETATTR                       0x00000008UL
-#define FILESYSTEM__RELABELFROM                   0x00000010UL
-#define FILESYSTEM__RELABELTO                     0x00000020UL
-#define FILESYSTEM__TRANSITION                    0x00000040UL
-#define FILESYSTEM__ASSOCIATE                     0x00000080UL
-#define FILESYSTEM__QUOTAMOD                      0x00000100UL
-#define FILESYSTEM__QUOTAGET                      0x00000200UL
-#define DIR__IOCTL                                0x00000001UL
-#define DIR__READ                                 0x00000002UL
-#define DIR__WRITE                                0x00000004UL
-#define DIR__CREATE                               0x00000008UL
-#define DIR__GETATTR                              0x00000010UL
-#define DIR__SETATTR                              0x00000020UL
-#define DIR__LOCK                                 0x00000040UL
-#define DIR__RELABELFROM                          0x00000080UL
-#define DIR__RELABELTO                            0x00000100UL
-#define DIR__APPEND                               0x00000200UL
-#define DIR__UNLINK                               0x00000400UL
-#define DIR__LINK                                 0x00000800UL
-#define DIR__RENAME                               0x00001000UL
-#define DIR__EXECUTE                              0x00002000UL
-#define DIR__SWAPON                               0x00004000UL
-#define DIR__QUOTAON                              0x00008000UL
-#define DIR__MOUNTON                              0x00010000UL
-#define DIR__ADD_NAME                             0x00020000UL
-#define DIR__REMOVE_NAME                          0x00040000UL
-#define DIR__REPARENT                             0x00080000UL
-#define DIR__SEARCH                               0x00100000UL
-#define DIR__RMDIR                                0x00200000UL
-#define DIR__OPEN                                 0x00400000UL
-#define FILE__IOCTL                               0x00000001UL
-#define FILE__READ                                0x00000002UL
-#define FILE__WRITE                               0x00000004UL
-#define FILE__CREATE                              0x00000008UL
-#define FILE__GETATTR                             0x00000010UL
-#define FILE__SETATTR                             0x00000020UL
-#define FILE__LOCK                                0x00000040UL
-#define FILE__RELABELFROM                         0x00000080UL
-#define FILE__RELABELTO                           0x00000100UL
-#define FILE__APPEND                              0x00000200UL
-#define FILE__UNLINK                              0x00000400UL
-#define FILE__LINK                                0x00000800UL
-#define FILE__RENAME                              0x00001000UL
-#define FILE__EXECUTE                             0x00002000UL
-#define FILE__SWAPON                              0x00004000UL
-#define FILE__QUOTAON                             0x00008000UL
-#define FILE__MOUNTON                             0x00010000UL
-#define FILE__EXECUTE_NO_TRANS                    0x00020000UL
-#define FILE__ENTRYPOINT                          0x00040000UL
-#define FILE__EXECMOD                             0x00080000UL
-#define FILE__OPEN                                0x00100000UL
-#define LNK_FILE__IOCTL                           0x00000001UL
-#define LNK_FILE__READ                            0x00000002UL
-#define LNK_FILE__WRITE                           0x00000004UL
-#define LNK_FILE__CREATE                          0x00000008UL
-#define LNK_FILE__GETATTR                         0x00000010UL
-#define LNK_FILE__SETATTR                         0x00000020UL
-#define LNK_FILE__LOCK                            0x00000040UL
-#define LNK_FILE__RELABELFROM                     0x00000080UL
-#define LNK_FILE__RELABELTO                       0x00000100UL
-#define LNK_FILE__APPEND                          0x00000200UL
-#define LNK_FILE__UNLINK                          0x00000400UL
-#define LNK_FILE__LINK                            0x00000800UL
-#define LNK_FILE__RENAME                          0x00001000UL
-#define LNK_FILE__EXECUTE                         0x00002000UL
-#define LNK_FILE__SWAPON                          0x00004000UL
-#define LNK_FILE__QUOTAON                         0x00008000UL
-#define LNK_FILE__MOUNTON                         0x00010000UL
-#define CHR_FILE__IOCTL                           0x00000001UL
-#define CHR_FILE__READ                            0x00000002UL
-#define CHR_FILE__WRITE                           0x00000004UL
-#define CHR_FILE__CREATE                          0x00000008UL
-#define CHR_FILE__GETATTR                         0x00000010UL
-#define CHR_FILE__SETATTR                         0x00000020UL
-#define CHR_FILE__LOCK                            0x00000040UL
-#define CHR_FILE__RELABELFROM                     0x00000080UL
-#define CHR_FILE__RELABELTO                       0x00000100UL
-#define CHR_FILE__APPEND                          0x00000200UL
-#define CHR_FILE__UNLINK                          0x00000400UL
-#define CHR_FILE__LINK                            0x00000800UL
-#define CHR_FILE__RENAME                          0x00001000UL
-#define CHR_FILE__EXECUTE                         0x00002000UL
-#define CHR_FILE__SWAPON                          0x00004000UL
-#define CHR_FILE__QUOTAON                         0x00008000UL
-#define CHR_FILE__MOUNTON                         0x00010000UL
-#define CHR_FILE__EXECUTE_NO_TRANS                0x00020000UL
-#define CHR_FILE__ENTRYPOINT                      0x00040000UL
-#define CHR_FILE__EXECMOD                         0x00080000UL
-#define CHR_FILE__OPEN                            0x00100000UL
-#define BLK_FILE__IOCTL                           0x00000001UL
-#define BLK_FILE__READ                            0x00000002UL
-#define BLK_FILE__WRITE                           0x00000004UL
-#define BLK_FILE__CREATE                          0x00000008UL
-#define BLK_FILE__GETATTR                         0x00000010UL
-#define BLK_FILE__SETATTR                         0x00000020UL
-#define BLK_FILE__LOCK                            0x00000040UL
-#define BLK_FILE__RELABELFROM                     0x00000080UL
-#define BLK_FILE__RELABELTO                       0x00000100UL
-#define BLK_FILE__APPEND                          0x00000200UL
-#define BLK_FILE__UNLINK                          0x00000400UL
-#define BLK_FILE__LINK                            0x00000800UL
-#define BLK_FILE__RENAME                          0x00001000UL
-#define BLK_FILE__EXECUTE                         0x00002000UL
-#define BLK_FILE__SWAPON                          0x00004000UL
-#define BLK_FILE__QUOTAON                         0x00008000UL
-#define BLK_FILE__MOUNTON                         0x00010000UL
-#define BLK_FILE__OPEN                            0x00020000UL
-#define SOCK_FILE__IOCTL                          0x00000001UL
-#define SOCK_FILE__READ                           0x00000002UL
-#define SOCK_FILE__WRITE                          0x00000004UL
-#define SOCK_FILE__CREATE                         0x00000008UL
-#define SOCK_FILE__GETATTR                        0x00000010UL
-#define SOCK_FILE__SETATTR                        0x00000020UL
-#define SOCK_FILE__LOCK                           0x00000040UL
-#define SOCK_FILE__RELABELFROM                    0x00000080UL
-#define SOCK_FILE__RELABELTO                      0x00000100UL
-#define SOCK_FILE__APPEND                         0x00000200UL
-#define SOCK_FILE__UNLINK                         0x00000400UL
-#define SOCK_FILE__LINK                           0x00000800UL
-#define SOCK_FILE__RENAME                         0x00001000UL
-#define SOCK_FILE__EXECUTE                        0x00002000UL
-#define SOCK_FILE__SWAPON                         0x00004000UL
-#define SOCK_FILE__QUOTAON                        0x00008000UL
-#define SOCK_FILE__MOUNTON                        0x00010000UL
-#define SOCK_FILE__OPEN                           0x00020000UL
-#define FIFO_FILE__IOCTL                          0x00000001UL
-#define FIFO_FILE__READ                           0x00000002UL
-#define FIFO_FILE__WRITE                          0x00000004UL
-#define FIFO_FILE__CREATE                         0x00000008UL
-#define FIFO_FILE__GETATTR                        0x00000010UL
-#define FIFO_FILE__SETATTR                        0x00000020UL
-#define FIFO_FILE__LOCK                           0x00000040UL
-#define FIFO_FILE__RELABELFROM                    0x00000080UL
-#define FIFO_FILE__RELABELTO                      0x00000100UL
-#define FIFO_FILE__APPEND                         0x00000200UL
-#define FIFO_FILE__UNLINK                         0x00000400UL
-#define FIFO_FILE__LINK                           0x00000800UL
-#define FIFO_FILE__RENAME                         0x00001000UL
-#define FIFO_FILE__EXECUTE                        0x00002000UL
-#define FIFO_FILE__SWAPON                         0x00004000UL
-#define FIFO_FILE__QUOTAON                        0x00008000UL
-#define FIFO_FILE__MOUNTON                        0x00010000UL
-#define FIFO_FILE__OPEN                           0x00020000UL
-#define FD__USE                                   0x00000001UL
-#define SOCKET__IOCTL                             0x00000001UL
-#define SOCKET__READ                              0x00000002UL
-#define SOCKET__WRITE                             0x00000004UL
-#define SOCKET__CREATE                            0x00000008UL
-#define SOCKET__GETATTR                           0x00000010UL
-#define SOCKET__SETATTR                           0x00000020UL
-#define SOCKET__LOCK                              0x00000040UL
-#define SOCKET__RELABELFROM                       0x00000080UL
-#define SOCKET__RELABELTO                         0x00000100UL
-#define SOCKET__APPEND                            0x00000200UL
-#define SOCKET__BIND                              0x00000400UL
-#define SOCKET__CONNECT                           0x00000800UL
-#define SOCKET__LISTEN                            0x00001000UL
-#define SOCKET__ACCEPT                            0x00002000UL
-#define SOCKET__GETOPT                            0x00004000UL
-#define SOCKET__SETOPT                            0x00008000UL
-#define SOCKET__SHUTDOWN                          0x00010000UL
-#define SOCKET__RECVFROM                          0x00020000UL
-#define SOCKET__SENDTO                            0x00040000UL
-#define SOCKET__RECV_MSG                          0x00080000UL
-#define SOCKET__SEND_MSG                          0x00100000UL
-#define SOCKET__NAME_BIND                         0x00200000UL
-#define TCP_SOCKET__IOCTL                         0x00000001UL
-#define TCP_SOCKET__READ                          0x00000002UL
-#define TCP_SOCKET__WRITE                         0x00000004UL
-#define TCP_SOCKET__CREATE                        0x00000008UL
-#define TCP_SOCKET__GETATTR                       0x00000010UL
-#define TCP_SOCKET__SETATTR                       0x00000020UL
-#define TCP_SOCKET__LOCK                          0x00000040UL
-#define TCP_SOCKET__RELABELFROM                   0x00000080UL
-#define TCP_SOCKET__RELABELTO                     0x00000100UL
-#define TCP_SOCKET__APPEND                        0x00000200UL
-#define TCP_SOCKET__BIND                          0x00000400UL
-#define TCP_SOCKET__CONNECT                       0x00000800UL
-#define TCP_SOCKET__LISTEN                        0x00001000UL
-#define TCP_SOCKET__ACCEPT                        0x00002000UL
-#define TCP_SOCKET__GETOPT                        0x00004000UL
-#define TCP_SOCKET__SETOPT                        0x00008000UL
-#define TCP_SOCKET__SHUTDOWN                      0x00010000UL
-#define TCP_SOCKET__RECVFROM                      0x00020000UL
-#define TCP_SOCKET__SENDTO                        0x00040000UL
-#define TCP_SOCKET__RECV_MSG                      0x00080000UL
-#define TCP_SOCKET__SEND_MSG                      0x00100000UL
-#define TCP_SOCKET__NAME_BIND                     0x00200000UL
-#define TCP_SOCKET__CONNECTTO                     0x00400000UL
-#define TCP_SOCKET__NEWCONN                       0x00800000UL
-#define TCP_SOCKET__ACCEPTFROM                    0x01000000UL
-#define TCP_SOCKET__NODE_BIND                     0x02000000UL
-#define TCP_SOCKET__NAME_CONNECT                  0x04000000UL
-#define UDP_SOCKET__IOCTL                         0x00000001UL
-#define UDP_SOCKET__READ                          0x00000002UL
-#define UDP_SOCKET__WRITE                         0x00000004UL
-#define UDP_SOCKET__CREATE                        0x00000008UL
-#define UDP_SOCKET__GETATTR                       0x00000010UL
-#define UDP_SOCKET__SETATTR                       0x00000020UL
-#define UDP_SOCKET__LOCK                          0x00000040UL
-#define UDP_SOCKET__RELABELFROM                   0x00000080UL
-#define UDP_SOCKET__RELABELTO                     0x00000100UL
-#define UDP_SOCKET__APPEND                        0x00000200UL
-#define UDP_SOCKET__BIND                          0x00000400UL
-#define UDP_SOCKET__CONNECT                       0x00000800UL
-#define UDP_SOCKET__LISTEN                        0x00001000UL
-#define UDP_SOCKET__ACCEPT                        0x00002000UL
-#define UDP_SOCKET__GETOPT                        0x00004000UL
-#define UDP_SOCKET__SETOPT                        0x00008000UL
-#define UDP_SOCKET__SHUTDOWN                      0x00010000UL
-#define UDP_SOCKET__RECVFROM                      0x00020000UL
-#define UDP_SOCKET__SENDTO                        0x00040000UL
-#define UDP_SOCKET__RECV_MSG                      0x00080000UL
-#define UDP_SOCKET__SEND_MSG                      0x00100000UL
-#define UDP_SOCKET__NAME_BIND                     0x00200000UL
-#define UDP_SOCKET__NODE_BIND                     0x00400000UL
-#define RAWIP_SOCKET__IOCTL                       0x00000001UL
-#define RAWIP_SOCKET__READ                        0x00000002UL
-#define RAWIP_SOCKET__WRITE                       0x00000004UL
-#define RAWIP_SOCKET__CREATE                      0x00000008UL
-#define RAWIP_SOCKET__GETATTR                     0x00000010UL
-#define RAWIP_SOCKET__SETATTR                     0x00000020UL
-#define RAWIP_SOCKET__LOCK                        0x00000040UL
-#define RAWIP_SOCKET__RELABELFROM                 0x00000080UL
-#define RAWIP_SOCKET__RELABELTO                   0x00000100UL
-#define RAWIP_SOCKET__APPEND                      0x00000200UL
-#define RAWIP_SOCKET__BIND                        0x00000400UL
-#define RAWIP_SOCKET__CONNECT                     0x00000800UL
-#define RAWIP_SOCKET__LISTEN                      0x00001000UL
-#define RAWIP_SOCKET__ACCEPT                      0x00002000UL
-#define RAWIP_SOCKET__GETOPT                      0x00004000UL
-#define RAWIP_SOCKET__SETOPT                      0x00008000UL
-#define RAWIP_SOCKET__SHUTDOWN                    0x00010000UL
-#define RAWIP_SOCKET__RECVFROM                    0x00020000UL
-#define RAWIP_SOCKET__SENDTO                      0x00040000UL
-#define RAWIP_SOCKET__RECV_MSG                    0x00080000UL
-#define RAWIP_SOCKET__SEND_MSG                    0x00100000UL
-#define RAWIP_SOCKET__NAME_BIND                   0x00200000UL
-#define RAWIP_SOCKET__NODE_BIND                   0x00400000UL
-#define NODE__TCP_RECV                            0x00000001UL
-#define NODE__TCP_SEND                            0x00000002UL
-#define NODE__UDP_RECV                            0x00000004UL
-#define NODE__UDP_SEND                            0x00000008UL
-#define NODE__RAWIP_RECV                          0x00000010UL
-#define NODE__RAWIP_SEND                          0x00000020UL
-#define NODE__ENFORCE_DEST                        0x00000040UL
-#define NODE__DCCP_RECV                           0x00000080UL
-#define NODE__DCCP_SEND                           0x00000100UL
-#define NODE__RECVFROM                            0x00000200UL
-#define NODE__SENDTO                              0x00000400UL
-#define NETIF__TCP_RECV                           0x00000001UL
-#define NETIF__TCP_SEND                           0x00000002UL
-#define NETIF__UDP_RECV                           0x00000004UL
-#define NETIF__UDP_SEND                           0x00000008UL
-#define NETIF__RAWIP_RECV                         0x00000010UL
-#define NETIF__RAWIP_SEND                         0x00000020UL
-#define NETIF__DCCP_RECV                          0x00000040UL
-#define NETIF__DCCP_SEND                          0x00000080UL
-#define NETIF__INGRESS                            0x00000100UL
-#define NETIF__EGRESS                             0x00000200UL
-#define NETLINK_SOCKET__IOCTL                     0x00000001UL
-#define NETLINK_SOCKET__READ                      0x00000002UL
-#define NETLINK_SOCKET__WRITE                     0x00000004UL
-#define NETLINK_SOCKET__CREATE                    0x00000008UL
-#define NETLINK_SOCKET__GETATTR                   0x00000010UL
-#define NETLINK_SOCKET__SETATTR                   0x00000020UL
-#define NETLINK_SOCKET__LOCK                      0x00000040UL
-#define NETLINK_SOCKET__RELABELFROM               0x00000080UL
-#define NETLINK_SOCKET__RELABELTO                 0x00000100UL
-#define NETLINK_SOCKET__APPEND                    0x00000200UL
-#define NETLINK_SOCKET__BIND                      0x00000400UL
-#define NETLINK_SOCKET__CONNECT                   0x00000800UL
-#define NETLINK_SOCKET__LISTEN                    0x00001000UL
-#define NETLINK_SOCKET__ACCEPT                    0x00002000UL
-#define NETLINK_SOCKET__GETOPT                    0x00004000UL
-#define NETLINK_SOCKET__SETOPT                    0x00008000UL
-#define NETLINK_SOCKET__SHUTDOWN                  0x00010000UL
-#define NETLINK_SOCKET__RECVFROM                  0x00020000UL
-#define NETLINK_SOCKET__SENDTO                    0x00040000UL
-#define NETLINK_SOCKET__RECV_MSG                  0x00080000UL
-#define NETLINK_SOCKET__SEND_MSG                  0x00100000UL
-#define NETLINK_SOCKET__NAME_BIND                 0x00200000UL
-#define PACKET_SOCKET__IOCTL                      0x00000001UL
-#define PACKET_SOCKET__READ                       0x00000002UL
-#define PACKET_SOCKET__WRITE                      0x00000004UL
-#define PACKET_SOCKET__CREATE                     0x00000008UL
-#define PACKET_SOCKET__GETATTR                    0x00000010UL
-#define PACKET_SOCKET__SETATTR                    0x00000020UL
-#define PACKET_SOCKET__LOCK                       0x00000040UL
-#define PACKET_SOCKET__RELABELFROM                0x00000080UL
-#define PACKET_SOCKET__RELABELTO                  0x00000100UL
-#define PACKET_SOCKET__APPEND                     0x00000200UL
-#define PACKET_SOCKET__BIND                       0x00000400UL
-#define PACKET_SOCKET__CONNECT                    0x00000800UL
-#define PACKET_SOCKET__LISTEN                     0x00001000UL
-#define PACKET_SOCKET__ACCEPT                     0x00002000UL
-#define PACKET_SOCKET__GETOPT                     0x00004000UL
-#define PACKET_SOCKET__SETOPT                     0x00008000UL
-#define PACKET_SOCKET__SHUTDOWN                   0x00010000UL
-#define PACKET_SOCKET__RECVFROM                   0x00020000UL
-#define PACKET_SOCKET__SENDTO                     0x00040000UL
-#define PACKET_SOCKET__RECV_MSG                   0x00080000UL
-#define PACKET_SOCKET__SEND_MSG                   0x00100000UL
-#define PACKET_SOCKET__NAME_BIND                  0x00200000UL
-#define KEY_SOCKET__IOCTL                         0x00000001UL
-#define KEY_SOCKET__READ                          0x00000002UL
-#define KEY_SOCKET__WRITE                         0x00000004UL
-#define KEY_SOCKET__CREATE                        0x00000008UL
-#define KEY_SOCKET__GETATTR                       0x00000010UL
-#define KEY_SOCKET__SETATTR                       0x00000020UL
-#define KEY_SOCKET__LOCK                          0x00000040UL
-#define KEY_SOCKET__RELABELFROM                   0x00000080UL
-#define KEY_SOCKET__RELABELTO                     0x00000100UL
-#define KEY_SOCKET__APPEND                        0x00000200UL
-#define KEY_SOCKET__BIND                          0x00000400UL
-#define KEY_SOCKET__CONNECT                       0x00000800UL
-#define KEY_SOCKET__LISTEN                        0x00001000UL
-#define KEY_SOCKET__ACCEPT                        0x00002000UL
-#define KEY_SOCKET__GETOPT                        0x00004000UL
-#define KEY_SOCKET__SETOPT                        0x00008000UL
-#define KEY_SOCKET__SHUTDOWN                      0x00010000UL
-#define KEY_SOCKET__RECVFROM                      0x00020000UL
-#define KEY_SOCKET__SENDTO                        0x00040000UL
-#define KEY_SOCKET__RECV_MSG                      0x00080000UL
-#define KEY_SOCKET__SEND_MSG                      0x00100000UL
-#define KEY_SOCKET__NAME_BIND                     0x00200000UL
-#define UNIX_STREAM_SOCKET__IOCTL                 0x00000001UL
-#define UNIX_STREAM_SOCKET__READ                  0x00000002UL
-#define UNIX_STREAM_SOCKET__WRITE                 0x00000004UL
-#define UNIX_STREAM_SOCKET__CREATE                0x00000008UL
-#define UNIX_STREAM_SOCKET__GETATTR               0x00000010UL
-#define UNIX_STREAM_SOCKET__SETATTR               0x00000020UL
-#define UNIX_STREAM_SOCKET__LOCK                  0x00000040UL
-#define UNIX_STREAM_SOCKET__RELABELFROM           0x00000080UL
-#define UNIX_STREAM_SOCKET__RELABELTO             0x00000100UL
-#define UNIX_STREAM_SOCKET__APPEND                0x00000200UL
-#define UNIX_STREAM_SOCKET__BIND                  0x00000400UL
-#define UNIX_STREAM_SOCKET__CONNECT               0x00000800UL
-#define UNIX_STREAM_SOCKET__LISTEN                0x00001000UL
-#define UNIX_STREAM_SOCKET__ACCEPT                0x00002000UL
-#define UNIX_STREAM_SOCKET__GETOPT                0x00004000UL
-#define UNIX_STREAM_SOCKET__SETOPT                0x00008000UL
-#define UNIX_STREAM_SOCKET__SHUTDOWN              0x00010000UL
-#define UNIX_STREAM_SOCKET__RECVFROM              0x00020000UL
-#define UNIX_STREAM_SOCKET__SENDTO                0x00040000UL
-#define UNIX_STREAM_SOCKET__RECV_MSG              0x00080000UL
-#define UNIX_STREAM_SOCKET__SEND_MSG              0x00100000UL
-#define UNIX_STREAM_SOCKET__NAME_BIND             0x00200000UL
-#define UNIX_STREAM_SOCKET__CONNECTTO             0x00400000UL
-#define UNIX_STREAM_SOCKET__NEWCONN               0x00800000UL
-#define UNIX_STREAM_SOCKET__ACCEPTFROM            0x01000000UL
-#define UNIX_DGRAM_SOCKET__IOCTL                  0x00000001UL
-#define UNIX_DGRAM_SOCKET__READ                   0x00000002UL
-#define UNIX_DGRAM_SOCKET__WRITE                  0x00000004UL
-#define UNIX_DGRAM_SOCKET__CREATE                 0x00000008UL
-#define UNIX_DGRAM_SOCKET__GETATTR                0x00000010UL
-#define UNIX_DGRAM_SOCKET__SETATTR                0x00000020UL
-#define UNIX_DGRAM_SOCKET__LOCK                   0x00000040UL
-#define UNIX_DGRAM_SOCKET__RELABELFROM            0x00000080UL
-#define UNIX_DGRAM_SOCKET__RELABELTO              0x00000100UL
-#define UNIX_DGRAM_SOCKET__APPEND                 0x00000200UL
-#define UNIX_DGRAM_SOCKET__BIND                   0x00000400UL
-#define UNIX_DGRAM_SOCKET__CONNECT                0x00000800UL
-#define UNIX_DGRAM_SOCKET__LISTEN                 0x00001000UL
-#define UNIX_DGRAM_SOCKET__ACCEPT                 0x00002000UL
-#define UNIX_DGRAM_SOCKET__GETOPT                 0x00004000UL
-#define UNIX_DGRAM_SOCKET__SETOPT                 0x00008000UL
-#define UNIX_DGRAM_SOCKET__SHUTDOWN               0x00010000UL
-#define UNIX_DGRAM_SOCKET__RECVFROM               0x00020000UL
-#define UNIX_DGRAM_SOCKET__SENDTO                 0x00040000UL
-#define UNIX_DGRAM_SOCKET__RECV_MSG               0x00080000UL
-#define UNIX_DGRAM_SOCKET__SEND_MSG               0x00100000UL
-#define UNIX_DGRAM_SOCKET__NAME_BIND              0x00200000UL
-#define TUN_SOCKET__IOCTL                         0x00000001UL
-#define TUN_SOCKET__READ                          0x00000002UL
-#define TUN_SOCKET__WRITE                         0x00000004UL
-#define TUN_SOCKET__CREATE                        0x00000008UL
-#define TUN_SOCKET__GETATTR                       0x00000010UL
-#define TUN_SOCKET__SETATTR                       0x00000020UL
-#define TUN_SOCKET__LOCK                          0x00000040UL
-#define TUN_SOCKET__RELABELFROM                   0x00000080UL
-#define TUN_SOCKET__RELABELTO                     0x00000100UL
-#define TUN_SOCKET__APPEND                        0x00000200UL
-#define TUN_SOCKET__BIND                          0x00000400UL
-#define TUN_SOCKET__CONNECT                       0x00000800UL
-#define TUN_SOCKET__LISTEN                        0x00001000UL
-#define TUN_SOCKET__ACCEPT                        0x00002000UL
-#define TUN_SOCKET__GETOPT                        0x00004000UL
-#define TUN_SOCKET__SETOPT                        0x00008000UL
-#define TUN_SOCKET__SHUTDOWN                      0x00010000UL
-#define TUN_SOCKET__RECVFROM                      0x00020000UL
-#define TUN_SOCKET__SENDTO                        0x00040000UL
-#define TUN_SOCKET__RECV_MSG                      0x00080000UL
-#define TUN_SOCKET__SEND_MSG                      0x00100000UL
-#define TUN_SOCKET__NAME_BIND                     0x00200000UL
-#define PROCESS__FORK                             0x00000001UL
-#define PROCESS__TRANSITION                       0x00000002UL
-#define PROCESS__SIGCHLD                          0x00000004UL
-#define PROCESS__SIGKILL                          0x00000008UL
-#define PROCESS__SIGSTOP                          0x00000010UL
-#define PROCESS__SIGNULL                          0x00000020UL
-#define PROCESS__SIGNAL                           0x00000040UL
-#define PROCESS__PTRACE                           0x00000080UL
-#define PROCESS__GETSCHED                         0x00000100UL
-#define PROCESS__SETSCHED                         0x00000200UL
-#define PROCESS__GETSESSION                       0x00000400UL
-#define PROCESS__GETPGID                          0x00000800UL
-#define PROCESS__SETPGID                          0x00001000UL
-#define PROCESS__GETCAP                           0x00002000UL
-#define PROCESS__SETCAP                           0x00004000UL
-#define PROCESS__SHARE                            0x00008000UL
-#define PROCESS__GETATTR                          0x00010000UL
-#define PROCESS__SETEXEC                          0x00020000UL
-#define PROCESS__SETFSCREATE                      0x00040000UL
-#define PROCESS__NOATSECURE                       0x00080000UL
-#define PROCESS__SIGINH                           0x00100000UL
-#define PROCESS__SETRLIMIT                        0x00200000UL
-#define PROCESS__RLIMITINH                        0x00400000UL
-#define PROCESS__DYNTRANSITION                    0x00800000UL
-#define PROCESS__SETCURRENT                       0x01000000UL
-#define PROCESS__EXECMEM                          0x02000000UL
-#define PROCESS__EXECSTACK                        0x04000000UL
-#define PROCESS__EXECHEAP                         0x08000000UL
-#define PROCESS__SETKEYCREATE                     0x10000000UL
-#define PROCESS__SETSOCKCREATE                    0x20000000UL
-#define IPC__CREATE                               0x00000001UL
-#define IPC__DESTROY                              0x00000002UL
-#define IPC__GETATTR                              0x00000004UL
-#define IPC__SETATTR                              0x00000008UL
-#define IPC__READ                                 0x00000010UL
-#define IPC__WRITE                                0x00000020UL
-#define IPC__ASSOCIATE                            0x00000040UL
-#define IPC__UNIX_READ                            0x00000080UL
-#define IPC__UNIX_WRITE                           0x00000100UL
-#define SEM__CREATE                               0x00000001UL
-#define SEM__DESTROY                              0x00000002UL
-#define SEM__GETATTR                              0x00000004UL
-#define SEM__SETATTR                              0x00000008UL
-#define SEM__READ                                 0x00000010UL
-#define SEM__WRITE                                0x00000020UL
-#define SEM__ASSOCIATE                            0x00000040UL
-#define SEM__UNIX_READ                            0x00000080UL
-#define SEM__UNIX_WRITE                           0x00000100UL
-#define MSGQ__CREATE                              0x00000001UL
-#define MSGQ__DESTROY                             0x00000002UL
-#define MSGQ__GETATTR                             0x00000004UL
-#define MSGQ__SETATTR                             0x00000008UL
-#define MSGQ__READ                                0x00000010UL
-#define MSGQ__WRITE                               0x00000020UL
-#define MSGQ__ASSOCIATE                           0x00000040UL
-#define MSGQ__UNIX_READ                           0x00000080UL
-#define MSGQ__UNIX_WRITE                          0x00000100UL
-#define MSGQ__ENQUEUE                             0x00000200UL
-#define MSG__SEND                                 0x00000001UL
-#define MSG__RECEIVE                              0x00000002UL
-#define SHM__CREATE                               0x00000001UL
-#define SHM__DESTROY                              0x00000002UL
-#define SHM__GETATTR                              0x00000004UL
-#define SHM__SETATTR                              0x00000008UL
-#define SHM__READ                                 0x00000010UL
-#define SHM__WRITE                                0x00000020UL
-#define SHM__ASSOCIATE                            0x00000040UL
-#define SHM__UNIX_READ                            0x00000080UL
-#define SHM__UNIX_WRITE                           0x00000100UL
-#define SHM__LOCK                                 0x00000200UL
-#define SECURITY__COMPUTE_AV                      0x00000001UL
-#define SECURITY__COMPUTE_CREATE                  0x00000002UL
-#define SECURITY__COMPUTE_MEMBER                  0x00000004UL
-#define SECURITY__CHECK_CONTEXT                   0x00000008UL
-#define SECURITY__LOAD_POLICY                     0x00000010UL
-#define SECURITY__COMPUTE_RELABEL                 0x00000020UL
-#define SECURITY__COMPUTE_USER                    0x00000040UL
-#define SECURITY__SETENFORCE                      0x00000080UL
-#define SECURITY__SETBOOL                         0x00000100UL
-#define SECURITY__SETSECPARAM                     0x00000200UL
-#define SECURITY__SETCHECKREQPROT                 0x00000400UL
-#define SYSTEM__IPC_INFO                          0x00000001UL
-#define SYSTEM__SYSLOG_READ                       0x00000002UL
-#define SYSTEM__SYSLOG_MOD                        0x00000004UL
-#define SYSTEM__SYSLOG_CONSOLE                    0x00000008UL
-#define SYSTEM__MODULE_REQUEST                    0x00000010UL
-#define CAPABILITY__CHOWN                         0x00000001UL
-#define CAPABILITY__DAC_OVERRIDE                  0x00000002UL
-#define CAPABILITY__DAC_READ_SEARCH               0x00000004UL
-#define CAPABILITY__FOWNER                        0x00000008UL
-#define CAPABILITY__FSETID                        0x00000010UL
-#define CAPABILITY__KILL                          0x00000020UL
-#define CAPABILITY__SETGID                        0x00000040UL
-#define CAPABILITY__SETUID                        0x00000080UL
-#define CAPABILITY__SETPCAP                       0x00000100UL
-#define CAPABILITY__LINUX_IMMUTABLE               0x00000200UL
-#define CAPABILITY__NET_BIND_SERVICE              0x00000400UL
-#define CAPABILITY__NET_BROADCAST                 0x00000800UL
-#define CAPABILITY__NET_ADMIN                     0x00001000UL
-#define CAPABILITY__NET_RAW                       0x00002000UL
-#define CAPABILITY__IPC_LOCK                      0x00004000UL
-#define CAPABILITY__IPC_OWNER                     0x00008000UL
-#define CAPABILITY__SYS_MODULE                    0x00010000UL
-#define CAPABILITY__SYS_RAWIO                     0x00020000UL
-#define CAPABILITY__SYS_CHROOT                    0x00040000UL
-#define CAPABILITY__SYS_PTRACE                    0x00080000UL
-#define CAPABILITY__SYS_PACCT                     0x00100000UL
-#define CAPABILITY__SYS_ADMIN                     0x00200000UL
-#define CAPABILITY__SYS_BOOT                      0x00400000UL
-#define CAPABILITY__SYS_NICE                      0x00800000UL
-#define CAPABILITY__SYS_RESOURCE                  0x01000000UL
-#define CAPABILITY__SYS_TIME                      0x02000000UL
-#define CAPABILITY__SYS_TTY_CONFIG                0x04000000UL
-#define CAPABILITY__MKNOD                         0x08000000UL
-#define CAPABILITY__LEASE                         0x10000000UL
-#define CAPABILITY__AUDIT_WRITE                   0x20000000UL
-#define CAPABILITY__AUDIT_CONTROL                 0x40000000UL
-#define CAPABILITY__SETFCAP                       0x80000000UL
-#define CAPABILITY2__MAC_OVERRIDE                 0x00000001UL
-#define CAPABILITY2__MAC_ADMIN                    0x00000002UL
-#define NETLINK_ROUTE_SOCKET__IOCTL               0x00000001UL
-#define NETLINK_ROUTE_SOCKET__READ                0x00000002UL
-#define NETLINK_ROUTE_SOCKET__WRITE               0x00000004UL
-#define NETLINK_ROUTE_SOCKET__CREATE              0x00000008UL
-#define NETLINK_ROUTE_SOCKET__GETATTR             0x00000010UL
-#define NETLINK_ROUTE_SOCKET__SETATTR             0x00000020UL
-#define NETLINK_ROUTE_SOCKET__LOCK                0x00000040UL
-#define NETLINK_ROUTE_SOCKET__RELABELFROM         0x00000080UL
-#define NETLINK_ROUTE_SOCKET__RELABELTO           0x00000100UL
-#define NETLINK_ROUTE_SOCKET__APPEND              0x00000200UL
-#define NETLINK_ROUTE_SOCKET__BIND                0x00000400UL
-#define NETLINK_ROUTE_SOCKET__CONNECT             0x00000800UL
-#define NETLINK_ROUTE_SOCKET__LISTEN              0x00001000UL
-#define NETLINK_ROUTE_SOCKET__ACCEPT              0x00002000UL
-#define NETLINK_ROUTE_SOCKET__GETOPT              0x00004000UL
-#define NETLINK_ROUTE_SOCKET__SETOPT              0x00008000UL
-#define NETLINK_ROUTE_SOCKET__SHUTDOWN            0x00010000UL
-#define NETLINK_ROUTE_SOCKET__RECVFROM            0x00020000UL
-#define NETLINK_ROUTE_SOCKET__SENDTO              0x00040000UL
-#define NETLINK_ROUTE_SOCKET__RECV_MSG            0x00080000UL
-#define NETLINK_ROUTE_SOCKET__SEND_MSG            0x00100000UL
-#define NETLINK_ROUTE_SOCKET__NAME_BIND           0x00200000UL
-#define NETLINK_ROUTE_SOCKET__NLMSG_READ          0x00400000UL
-#define NETLINK_ROUTE_SOCKET__NLMSG_WRITE         0x00800000UL
-#define NETLINK_FIREWALL_SOCKET__IOCTL            0x00000001UL
-#define NETLINK_FIREWALL_SOCKET__READ             0x00000002UL
-#define NETLINK_FIREWALL_SOCKET__WRITE            0x00000004UL
-#define NETLINK_FIREWALL_SOCKET__CREATE           0x00000008UL
-#define NETLINK_FIREWALL_SOCKET__GETATTR          0x00000010UL
-#define NETLINK_FIREWALL_SOCKET__SETATTR          0x00000020UL
-#define NETLINK_FIREWALL_SOCKET__LOCK             0x00000040UL
-#define NETLINK_FIREWALL_SOCKET__RELABELFROM      0x00000080UL
-#define NETLINK_FIREWALL_SOCKET__RELABELTO        0x00000100UL
-#define NETLINK_FIREWALL_SOCKET__APPEND           0x00000200UL
-#define NETLINK_FIREWALL_SOCKET__BIND             0x00000400UL
-#define NETLINK_FIREWALL_SOCKET__CONNECT          0x00000800UL
-#define NETLINK_FIREWALL_SOCKET__LISTEN           0x00001000UL
-#define NETLINK_FIREWALL_SOCKET__ACCEPT           0x00002000UL
-#define NETLINK_FIREWALL_SOCKET__GETOPT           0x00004000UL
-#define NETLINK_FIREWALL_SOCKET__SETOPT           0x00008000UL
-#define NETLINK_FIREWALL_SOCKET__SHUTDOWN         0x00010000UL
-#define NETLINK_FIREWALL_SOCKET__RECVFROM         0x00020000UL
-#define NETLINK_FIREWALL_SOCKET__SENDTO           0x00040000UL
-#define NETLINK_FIREWALL_SOCKET__RECV_MSG         0x00080000UL
-#define NETLINK_FIREWALL_SOCKET__SEND_MSG         0x00100000UL
-#define NETLINK_FIREWALL_SOCKET__NAME_BIND        0x00200000UL
-#define NETLINK_FIREWALL_SOCKET__NLMSG_READ       0x00400000UL
-#define NETLINK_FIREWALL_SOCKET__NLMSG_WRITE      0x00800000UL
-#define NETLINK_TCPDIAG_SOCKET__IOCTL             0x00000001UL
-#define NETLINK_TCPDIAG_SOCKET__READ              0x00000002UL
-#define NETLINK_TCPDIAG_SOCKET__WRITE             0x00000004UL
-#define NETLINK_TCPDIAG_SOCKET__CREATE            0x00000008UL
-#define NETLINK_TCPDIAG_SOCKET__GETATTR           0x00000010UL
-#define NETLINK_TCPDIAG_SOCKET__SETATTR           0x00000020UL
-#define NETLINK_TCPDIAG_SOCKET__LOCK              0x00000040UL
-#define NETLINK_TCPDIAG_SOCKET__RELABELFROM       0x00000080UL
-#define NETLINK_TCPDIAG_SOCKET__RELABELTO         0x00000100UL
-#define NETLINK_TCPDIAG_SOCKET__APPEND            0x00000200UL
-#define NETLINK_TCPDIAG_SOCKET__BIND              0x00000400UL
-#define NETLINK_TCPDIAG_SOCKET__CONNECT           0x00000800UL
-#define NETLINK_TCPDIAG_SOCKET__LISTEN            0x00001000UL
-#define NETLINK_TCPDIAG_SOCKET__ACCEPT            0x00002000UL
-#define NETLINK_TCPDIAG_SOCKET__GETOPT            0x00004000UL
-#define NETLINK_TCPDIAG_SOCKET__SETOPT            0x00008000UL
-#define NETLINK_TCPDIAG_SOCKET__SHUTDOWN          0x00010000UL
-#define NETLINK_TCPDIAG_SOCKET__RECVFROM          0x00020000UL
-#define NETLINK_TCPDIAG_SOCKET__SENDTO            0x00040000UL
-#define NETLINK_TCPDIAG_SOCKET__RECV_MSG          0x00080000UL
-#define NETLINK_TCPDIAG_SOCKET__SEND_MSG          0x00100000UL
-#define NETLINK_TCPDIAG_SOCKET__NAME_BIND         0x00200000UL
-#define NETLINK_TCPDIAG_SOCKET__NLMSG_READ        0x00400000UL
-#define NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE       0x00800000UL
-#define NETLINK_NFLOG_SOCKET__IOCTL               0x00000001UL
-#define NETLINK_NFLOG_SOCKET__READ                0x00000002UL
-#define NETLINK_NFLOG_SOCKET__WRITE               0x00000004UL
-#define NETLINK_NFLOG_SOCKET__CREATE              0x00000008UL
-#define NETLINK_NFLOG_SOCKET__GETATTR             0x00000010UL
-#define NETLINK_NFLOG_SOCKET__SETATTR             0x00000020UL
-#define NETLINK_NFLOG_SOCKET__LOCK                0x00000040UL
-#define NETLINK_NFLOG_SOCKET__RELABELFROM         0x00000080UL
-#define NETLINK_NFLOG_SOCKET__RELABELTO           0x00000100UL
-#define NETLINK_NFLOG_SOCKET__APPEND              0x00000200UL
-#define NETLINK_NFLOG_SOCKET__BIND                0x00000400UL
-#define NETLINK_NFLOG_SOCKET__CONNECT             0x00000800UL
-#define NETLINK_NFLOG_SOCKET__LISTEN              0x00001000UL
-#define NETLINK_NFLOG_SOCKET__ACCEPT              0x00002000UL
-#define NETLINK_NFLOG_SOCKET__GETOPT              0x00004000UL
-#define NETLINK_NFLOG_SOCKET__SETOPT              0x00008000UL
-#define NETLINK_NFLOG_SOCKET__SHUTDOWN            0x00010000UL
-#define NETLINK_NFLOG_SOCKET__RECVFROM            0x00020000UL
-#define NETLINK_NFLOG_SOCKET__SENDTO              0x00040000UL
-#define NETLINK_NFLOG_SOCKET__RECV_MSG            0x00080000UL
-#define NETLINK_NFLOG_SOCKET__SEND_MSG            0x00100000UL
-#define NETLINK_NFLOG_SOCKET__NAME_BIND           0x00200000UL
-#define NETLINK_XFRM_SOCKET__IOCTL                0x00000001UL
-#define NETLINK_XFRM_SOCKET__READ                 0x00000002UL
-#define NETLINK_XFRM_SOCKET__WRITE                0x00000004UL
-#define NETLINK_XFRM_SOCKET__CREATE               0x00000008UL
-#define NETLINK_XFRM_SOCKET__GETATTR              0x00000010UL
-#define NETLINK_XFRM_SOCKET__SETATTR              0x00000020UL
-#define NETLINK_XFRM_SOCKET__LOCK                 0x00000040UL
-#define NETLINK_XFRM_SOCKET__RELABELFROM          0x00000080UL
-#define NETLINK_XFRM_SOCKET__RELABELTO            0x00000100UL
-#define NETLINK_XFRM_SOCKET__APPEND               0x00000200UL
-#define NETLINK_XFRM_SOCKET__BIND                 0x00000400UL
-#define NETLINK_XFRM_SOCKET__CONNECT              0x00000800UL
-#define NETLINK_XFRM_SOCKET__LISTEN               0x00001000UL
-#define NETLINK_XFRM_SOCKET__ACCEPT               0x00002000UL
-#define NETLINK_XFRM_SOCKET__GETOPT               0x00004000UL
-#define NETLINK_XFRM_SOCKET__SETOPT               0x00008000UL
-#define NETLINK_XFRM_SOCKET__SHUTDOWN             0x00010000UL
-#define NETLINK_XFRM_SOCKET__RECVFROM             0x00020000UL
-#define NETLINK_XFRM_SOCKET__SENDTO               0x00040000UL
-#define NETLINK_XFRM_SOCKET__RECV_MSG             0x00080000UL
-#define NETLINK_XFRM_SOCKET__SEND_MSG             0x00100000UL
-#define NETLINK_XFRM_SOCKET__NAME_BIND            0x00200000UL
-#define NETLINK_XFRM_SOCKET__NLMSG_READ           0x00400000UL
-#define NETLINK_XFRM_SOCKET__NLMSG_WRITE          0x00800000UL
-#define NETLINK_SELINUX_SOCKET__IOCTL             0x00000001UL
-#define NETLINK_SELINUX_SOCKET__READ              0x00000002UL
-#define NETLINK_SELINUX_SOCKET__WRITE             0x00000004UL
-#define NETLINK_SELINUX_SOCKET__CREATE            0x00000008UL
-#define NETLINK_SELINUX_SOCKET__GETATTR           0x00000010UL
-#define NETLINK_SELINUX_SOCKET__SETATTR           0x00000020UL
-#define NETLINK_SELINUX_SOCKET__LOCK              0x00000040UL
-#define NETLINK_SELINUX_SOCKET__RELABELFROM       0x00000080UL
-#define NETLINK_SELINUX_SOCKET__RELABELTO         0x00000100UL
-#define NETLINK_SELINUX_SOCKET__APPEND            0x00000200UL
-#define NETLINK_SELINUX_SOCKET__BIND              0x00000400UL
-#define NETLINK_SELINUX_SOCKET__CONNECT           0x00000800UL
-#define NETLINK_SELINUX_SOCKET__LISTEN            0x00001000UL
-#define NETLINK_SELINUX_SOCKET__ACCEPT            0x00002000UL
-#define NETLINK_SELINUX_SOCKET__GETOPT            0x00004000UL
-#define NETLINK_SELINUX_SOCKET__SETOPT            0x00008000UL
-#define NETLINK_SELINUX_SOCKET__SHUTDOWN          0x00010000UL
-#define NETLINK_SELINUX_SOCKET__RECVFROM          0x00020000UL
-#define NETLINK_SELINUX_SOCKET__SENDTO            0x00040000UL
-#define NETLINK_SELINUX_SOCKET__RECV_MSG          0x00080000UL
-#define NETLINK_SELINUX_SOCKET__SEND_MSG          0x00100000UL
-#define NETLINK_SELINUX_SOCKET__NAME_BIND         0x00200000UL
-#define NETLINK_AUDIT_SOCKET__IOCTL               0x00000001UL
-#define NETLINK_AUDIT_SOCKET__READ                0x00000002UL
-#define NETLINK_AUDIT_SOCKET__WRITE               0x00000004UL
-#define NETLINK_AUDIT_SOCKET__CREATE              0x00000008UL
-#define NETLINK_AUDIT_SOCKET__GETATTR             0x00000010UL
-#define NETLINK_AUDIT_SOCKET__SETATTR             0x00000020UL
-#define NETLINK_AUDIT_SOCKET__LOCK                0x00000040UL
-#define NETLINK_AUDIT_SOCKET__RELABELFROM         0x00000080UL
-#define NETLINK_AUDIT_SOCKET__RELABELTO           0x00000100UL
-#define NETLINK_AUDIT_SOCKET__APPEND              0x00000200UL
-#define NETLINK_AUDIT_SOCKET__BIND                0x00000400UL
-#define NETLINK_AUDIT_SOCKET__CONNECT             0x00000800UL
-#define NETLINK_AUDIT_SOCKET__LISTEN              0x00001000UL
-#define NETLINK_AUDIT_SOCKET__ACCEPT              0x00002000UL
-#define NETLINK_AUDIT_SOCKET__GETOPT              0x00004000UL
-#define NETLINK_AUDIT_SOCKET__SETOPT              0x00008000UL
-#define NETLINK_AUDIT_SOCKET__SHUTDOWN            0x00010000UL
-#define NETLINK_AUDIT_SOCKET__RECVFROM            0x00020000UL
-#define NETLINK_AUDIT_SOCKET__SENDTO              0x00040000UL
-#define NETLINK_AUDIT_SOCKET__RECV_MSG            0x00080000UL
-#define NETLINK_AUDIT_SOCKET__SEND_MSG            0x00100000UL
-#define NETLINK_AUDIT_SOCKET__NAME_BIND           0x00200000UL
-#define NETLINK_AUDIT_SOCKET__NLMSG_READ          0x00400000UL
-#define NETLINK_AUDIT_SOCKET__NLMSG_WRITE         0x00800000UL
-#define NETLINK_AUDIT_SOCKET__NLMSG_RELAY         0x01000000UL
-#define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV      0x02000000UL
-#define NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT     0x04000000UL
-#define NETLINK_IP6FW_SOCKET__IOCTL               0x00000001UL
-#define NETLINK_IP6FW_SOCKET__READ                0x00000002UL
-#define NETLINK_IP6FW_SOCKET__WRITE               0x00000004UL
-#define NETLINK_IP6FW_SOCKET__CREATE              0x00000008UL
-#define NETLINK_IP6FW_SOCKET__GETATTR             0x00000010UL
-#define NETLINK_IP6FW_SOCKET__SETATTR             0x00000020UL
-#define NETLINK_IP6FW_SOCKET__LOCK                0x00000040UL
-#define NETLINK_IP6FW_SOCKET__RELABELFROM         0x00000080UL
-#define NETLINK_IP6FW_SOCKET__RELABELTO           0x00000100UL
-#define NETLINK_IP6FW_SOCKET__APPEND              0x00000200UL
-#define NETLINK_IP6FW_SOCKET__BIND                0x00000400UL
-#define NETLINK_IP6FW_SOCKET__CONNECT             0x00000800UL
-#define NETLINK_IP6FW_SOCKET__LISTEN              0x00001000UL
-#define NETLINK_IP6FW_SOCKET__ACCEPT              0x00002000UL
-#define NETLINK_IP6FW_SOCKET__GETOPT              0x00004000UL
-#define NETLINK_IP6FW_SOCKET__SETOPT              0x00008000UL
-#define NETLINK_IP6FW_SOCKET__SHUTDOWN            0x00010000UL
-#define NETLINK_IP6FW_SOCKET__RECVFROM            0x00020000UL
-#define NETLINK_IP6FW_SOCKET__SENDTO              0x00040000UL
-#define NETLINK_IP6FW_SOCKET__RECV_MSG            0x00080000UL
-#define NETLINK_IP6FW_SOCKET__SEND_MSG            0x00100000UL
-#define NETLINK_IP6FW_SOCKET__NAME_BIND           0x00200000UL
-#define NETLINK_IP6FW_SOCKET__NLMSG_READ          0x00400000UL
-#define NETLINK_IP6FW_SOCKET__NLMSG_WRITE         0x00800000UL
-#define NETLINK_DNRT_SOCKET__IOCTL                0x00000001UL
-#define NETLINK_DNRT_SOCKET__READ                 0x00000002UL
-#define NETLINK_DNRT_SOCKET__WRITE                0x00000004UL
-#define NETLINK_DNRT_SOCKET__CREATE               0x00000008UL
-#define NETLINK_DNRT_SOCKET__GETATTR              0x00000010UL
-#define NETLINK_DNRT_SOCKET__SETATTR              0x00000020UL
-#define NETLINK_DNRT_SOCKET__LOCK                 0x00000040UL
-#define NETLINK_DNRT_SOCKET__RELABELFROM          0x00000080UL
-#define NETLINK_DNRT_SOCKET__RELABELTO            0x00000100UL
-#define NETLINK_DNRT_SOCKET__APPEND               0x00000200UL
-#define NETLINK_DNRT_SOCKET__BIND                 0x00000400UL
-#define NETLINK_DNRT_SOCKET__CONNECT              0x00000800UL
-#define NETLINK_DNRT_SOCKET__LISTEN               0x00001000UL
-#define NETLINK_DNRT_SOCKET__ACCEPT               0x00002000UL
-#define NETLINK_DNRT_SOCKET__GETOPT               0x00004000UL
-#define NETLINK_DNRT_SOCKET__SETOPT               0x00008000UL
-#define NETLINK_DNRT_SOCKET__SHUTDOWN             0x00010000UL
-#define NETLINK_DNRT_SOCKET__RECVFROM             0x00020000UL
-#define NETLINK_DNRT_SOCKET__SENDTO               0x00040000UL
-#define NETLINK_DNRT_SOCKET__RECV_MSG             0x00080000UL
-#define NETLINK_DNRT_SOCKET__SEND_MSG             0x00100000UL
-#define NETLINK_DNRT_SOCKET__NAME_BIND            0x00200000UL
-#define ASSOCIATION__SENDTO                       0x00000001UL
-#define ASSOCIATION__RECVFROM                     0x00000002UL
-#define ASSOCIATION__SETCONTEXT                   0x00000004UL
-#define ASSOCIATION__POLMATCH                     0x00000008UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL      0x00000001UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__READ       0x00000002UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__WRITE      0x00000004UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__CREATE     0x00000008UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__GETATTR    0x00000010UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__SETATTR    0x00000020UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__LOCK       0x00000040UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELFROM 0x00000080UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELTO  0x00000100UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__APPEND     0x00000200UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__BIND       0x00000400UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__CONNECT    0x00000800UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__LISTEN     0x00001000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__ACCEPT     0x00002000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__GETOPT     0x00004000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__SETOPT     0x00008000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__SHUTDOWN   0x00010000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__RECVFROM   0x00020000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__SENDTO     0x00040000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__RECV_MSG   0x00080000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG   0x00100000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND  0x00200000UL
-#define APPLETALK_SOCKET__IOCTL                   0x00000001UL
-#define APPLETALK_SOCKET__READ                    0x00000002UL
-#define APPLETALK_SOCKET__WRITE                   0x00000004UL
-#define APPLETALK_SOCKET__CREATE                  0x00000008UL
-#define APPLETALK_SOCKET__GETATTR                 0x00000010UL
-#define APPLETALK_SOCKET__SETATTR                 0x00000020UL
-#define APPLETALK_SOCKET__LOCK                    0x00000040UL
-#define APPLETALK_SOCKET__RELABELFROM             0x00000080UL
-#define APPLETALK_SOCKET__RELABELTO               0x00000100UL
-#define APPLETALK_SOCKET__APPEND                  0x00000200UL
-#define APPLETALK_SOCKET__BIND                    0x00000400UL
-#define APPLETALK_SOCKET__CONNECT                 0x00000800UL
-#define APPLETALK_SOCKET__LISTEN                  0x00001000UL
-#define APPLETALK_SOCKET__ACCEPT                  0x00002000UL
-#define APPLETALK_SOCKET__GETOPT                  0x00004000UL
-#define APPLETALK_SOCKET__SETOPT                  0x00008000UL
-#define APPLETALK_SOCKET__SHUTDOWN                0x00010000UL
-#define APPLETALK_SOCKET__RECVFROM                0x00020000UL
-#define APPLETALK_SOCKET__SENDTO                  0x00040000UL
-#define APPLETALK_SOCKET__RECV_MSG                0x00080000UL
-#define APPLETALK_SOCKET__SEND_MSG                0x00100000UL
-#define APPLETALK_SOCKET__NAME_BIND               0x00200000UL
-#define PACKET__SEND                              0x00000001UL
-#define PACKET__RECV                              0x00000002UL
-#define PACKET__RELABELTO                         0x00000004UL
-#define PACKET__FLOW_IN                           0x00000008UL
-#define PACKET__FLOW_OUT                          0x00000010UL
-#define PACKET__FORWARD_IN                        0x00000020UL
-#define PACKET__FORWARD_OUT                       0x00000040UL
-#define KEY__VIEW                                 0x00000001UL
-#define KEY__READ                                 0x00000002UL
-#define KEY__WRITE                                0x00000004UL
-#define KEY__SEARCH                               0x00000008UL
-#define KEY__LINK                                 0x00000010UL
-#define KEY__SETATTR                              0x00000020UL
-#define KEY__CREATE                               0x00000040UL
-#define DCCP_SOCKET__IOCTL                        0x00000001UL
-#define DCCP_SOCKET__READ                         0x00000002UL
-#define DCCP_SOCKET__WRITE                        0x00000004UL
-#define DCCP_SOCKET__CREATE                       0x00000008UL
-#define DCCP_SOCKET__GETATTR                      0x00000010UL
-#define DCCP_SOCKET__SETATTR                      0x00000020UL
-#define DCCP_SOCKET__LOCK                         0x00000040UL
-#define DCCP_SOCKET__RELABELFROM                  0x00000080UL
-#define DCCP_SOCKET__RELABELTO                    0x00000100UL
-#define DCCP_SOCKET__APPEND                       0x00000200UL
-#define DCCP_SOCKET__BIND                         0x00000400UL
-#define DCCP_SOCKET__CONNECT                      0x00000800UL
-#define DCCP_SOCKET__LISTEN                       0x00001000UL
-#define DCCP_SOCKET__ACCEPT                       0x00002000UL
-#define DCCP_SOCKET__GETOPT                       0x00004000UL
-#define DCCP_SOCKET__SETOPT                       0x00008000UL
-#define DCCP_SOCKET__SHUTDOWN                     0x00010000UL
-#define DCCP_SOCKET__RECVFROM                     0x00020000UL
-#define DCCP_SOCKET__SENDTO                       0x00040000UL
-#define DCCP_SOCKET__RECV_MSG                     0x00080000UL
-#define DCCP_SOCKET__SEND_MSG                     0x00100000UL
-#define DCCP_SOCKET__NAME_BIND                    0x00200000UL
-#define DCCP_SOCKET__NODE_BIND                    0x00400000UL
-#define DCCP_SOCKET__NAME_CONNECT                 0x00800000UL
-#define MEMPROTECT__MMAP_ZERO                     0x00000001UL
-#define PEER__RECV                                0x00000001UL
-#define KERNEL_SERVICE__USE_AS_OVERRIDE           0x00000001UL
-#define KERNEL_SERVICE__CREATE_FILES_AS           0x00000002UL
diff --git a/security/selinux/include/avc_ss.h b/security/selinux/include/avc_ss.h
index bb1ec801bdfe..4677aa519b04 100644
--- a/security/selinux/include/avc_ss.h
+++ b/security/selinux/include/avc_ss.h
@@ -10,26 +10,13 @@
 int avc_ss_reset(u32 seqno);
-struct av_perm_to_string {
+/* Class/perm mapping support */
-        u16 tclass;
+struct security_class_mapping {
-        u32 value;
        const char *name;
+        const char *perms[sizeof(u32) * 8 + 1];
 };
-struct av_inherit {
+extern struct security_class_mapping secclass_map[];
-        const char **common_pts;
-        u32 common_base;
-        u16 tclass;
-};
-struct selinux_class_perm {
-        const struct av_perm_to_string *av_perm_to_string;
-        u32 av_pts_len;
-        u32 cts_len;
-        const char **class_to_string;
-        const struct av_inherit *av_inherit;
-        u32 av_inherit_len;
-};
 #endif /* _SELINUX_AVC_SS_H_ */
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h
deleted file mode 100644
index 7ab9299bfb6b..000000000000
--- a/security/selinux/include/class_to_string.h
+++ /dev/null
@@ -1,80 +0,0 @@
-/* This file is automatically generated.  Do not edit. */
-/*
- * Security object class definitions
- */
-    S_(NULL)
-    S_("security")
-    S_("process")
-    S_("system")
-    S_("capability")
-    S_("filesystem")
-    S_("file")
-    S_("dir")
-    S_("fd")
-    S_("lnk_file")
-    S_("chr_file")
-    S_("blk_file")
-    S_("sock_file")
-    S_("fifo_file")
-    S_("socket")
-    S_("tcp_socket")
-    S_("udp_socket")
-    S_("rawip_socket")
-    S_("node")
-    S_("netif")
-    S_("netlink_socket")
-    S_("packet_socket")
-    S_("key_socket")
-    S_("unix_stream_socket")
-    S_("unix_dgram_socket")
-    S_("sem")
-    S_("msg")
-    S_("msgq")
-    S_("shm")
-    S_("ipc")
-    S_(NULL)
-    S_(NULL)
-    S_(NULL)
-    S_(NULL)
-    S_(NULL)
-    S_(NULL)
-    S_(NULL)
-    S_(NULL)
-    S_(NULL)
-    S_(NULL)
-    S_(NULL)
-    S_(NULL)
-    S_(NULL)
-    S_("netlink_route_socket")
-    S_("netlink_firewall_socket")
-    S_("netlink_tcpdiag_socket")
-    S_("netlink_nflog_socket")
-    S_("netlink_xfrm_socket")
-    S_("netlink_selinux_socket")
-    S_("netlink_audit_socket")
-    S_("netlink_ip6fw_socket")
-    S_("netlink_dnrt_socket")
-    S_(NULL)
-    S_(NULL)
-    S_("association")
-    S_("netlink_kobject_uevent_socket")
-    S_("appletalk_socket")
-    S_("packet")
-    S_("key")
-    S_(NULL)
-    S_("dccp_socket")
-    S_("memprotect")
-    S_(NULL)
-    S_(NULL)
-    S_(NULL)
-    S_(NULL)
-    S_(NULL)
-    S_(NULL)
-    S_("peer")
-    S_("capability2")
-    S_(NULL)
-    S_(NULL)
-    S_(NULL)
-    S_(NULL)
-    S_("kernel_service")
-    S_("tun_socket")
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
new file mode 100644
index 000000000000..8b32e959bb2e
--- /dev/null
+++ b/security/selinux/include/classmap.h
@@ -0,0 +1,150 @@
+#define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \
+    "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append"
+#define COMMON_FILE_PERMS COMMON_FILE_SOCK_PERMS, "unlink", "link", \
+    "rename", "execute", "swapon", "quotaon", "mounton"
+#define COMMON_SOCK_PERMS COMMON_FILE_SOCK_PERMS, "bind", "connect", \
+    "listen", "accept", "getopt", "setopt", "shutdown", "recvfrom",  \
+    "sendto", "recv_msg", "send_msg", "name_bind"
+#define COMMON_IPC_PERMS "create", "destroy", "getattr", "setattr", "read", \
+            "write", "associate", "unix_read", "unix_write"
+struct security_class_mapping secclass_map[] = {
+        { "security",
+          { "compute_av", "compute_create", "compute_member",
+            "check_context", "load_policy", "compute_relabel",
+            "compute_user", "setenforce", "setbool", "setsecparam",
+            "setcheckreqprot", NULL } },
+        { "process",
+          { "fork", "transition", "sigchld", "sigkill",
+            "sigstop", "signull", "signal", "ptrace", "getsched", "setsched",
+            "getsession", "getpgid", "setpgid", "getcap", "setcap", "share",
+            "getattr", "setexec", "setfscreate", "noatsecure", "siginh",
+            "setrlimit", "rlimitinh", "dyntransition", "setcurrent",
+            "execmem", "execstack", "execheap", "setkeycreate",
+            "setsockcreate", NULL } },
+        { "system",
+          { "ipc_info", "syslog_read", "syslog_mod",
+            "syslog_console", "module_request", NULL } },
+        { "capability",
+          { "chown", "dac_override", "dac_read_search",
+            "fowner", "fsetid", "kill", "setgid", "setuid", "setpcap",
+            "linux_immutable", "net_bind_service", "net_broadcast",
+            "net_admin", "net_raw", "ipc_lock", "ipc_owner", "sys_module",
+            "sys_rawio", "sys_chroot", "sys_ptrace", "sys_pacct", "sys_admin",
+            "sys_boot", "sys_nice", "sys_resource", "sys_time",
+            "sys_tty_config", "mknod", "lease", "audit_write",
+            "audit_control", "setfcap", NULL } },
+        { "filesystem",
+          { "mount", "remount", "unmount", "getattr",
+            "relabelfrom", "relabelto", "transition", "associate", "quotamod",
+            "quotaget", NULL } },
+        { "file",
+          { COMMON_FILE_PERMS,
+            "execute_no_trans", "entrypoint", "execmod", "open", NULL } },
+        { "dir",
+          { COMMON_FILE_PERMS, "add_name", "remove_name",
+            "reparent", "search", "rmdir", "open", NULL } },
+        { "fd", { "use", NULL } },
+        { "lnk_file",
+          { COMMON_FILE_PERMS, NULL } },
+        { "chr_file",
+          { COMMON_FILE_PERMS,
+            "execute_no_trans", "entrypoint", "execmod", "open", NULL } },
+        { "blk_file",
+          { COMMON_FILE_PERMS, "open", NULL } },
+        { "sock_file",
+          { COMMON_FILE_PERMS, "open", NULL } },
+        { "fifo_file",
+          { COMMON_FILE_PERMS, "open", NULL } },
+        { "socket",
+          { COMMON_SOCK_PERMS, NULL } },
+        { "tcp_socket",
+          { COMMON_SOCK_PERMS,
+            "connectto", "newconn", "acceptfrom", "node_bind", "name_connect",
+            NULL } },
+        { "udp_socket",
+          { COMMON_SOCK_PERMS,
+            "node_bind", NULL } },
+        { "rawip_socket",
+          { COMMON_SOCK_PERMS,
+            "node_bind", NULL } },
+        { "node",
+          { "tcp_recv", "tcp_send", "udp_recv", "udp_send",
+            "rawip_recv", "rawip_send", "enforce_dest",
+            "dccp_recv", "dccp_send", "recvfrom", "sendto", NULL } },
+        { "netif",
+          {  "tcp_recv", "tcp_send", "udp_recv", "udp_send",
+             "rawip_recv", "rawip_send", "dccp_recv", "dccp_send",
+             "ingress", "egress", NULL } },
+        { "netlink_socket",
+          { COMMON_SOCK_PERMS, NULL } },
+        { "packet_socket",
+          { COMMON_SOCK_PERMS, NULL } },
+        { "key_socket",
+          { COMMON_SOCK_PERMS, NULL } },
+        { "unix_stream_socket",
+          { COMMON_SOCK_PERMS, "connectto", "newconn", "acceptfrom", NULL
+          } },
+        { "unix_dgram_socket",
+          { COMMON_SOCK_PERMS, NULL
+          } },
+        { "sem",
+          { COMMON_IPC_PERMS, NULL } },
+        { "msg", { "send", "receive", NULL } },
+        { "msgq",
+          { COMMON_IPC_PERMS, "enqueue", NULL } },
+        { "shm",
+          { COMMON_IPC_PERMS, "lock", NULL } },
+        { "ipc",
+          { COMMON_IPC_PERMS, NULL } },
+        { "netlink_route_socket",
+          { COMMON_SOCK_PERMS,
+            "nlmsg_read", "nlmsg_write", NULL } },
+        { "netlink_firewall_socket",
+          { COMMON_SOCK_PERMS,
+            "nlmsg_read", "nlmsg_write", NULL } },
+        { "netlink_tcpdiag_socket",
+          { COMMON_SOCK_PERMS,
+            "nlmsg_read", "nlmsg_write", NULL } },
+        { "netlink_nflog_socket",
+          { COMMON_SOCK_PERMS, NULL } },
+        { "netlink_xfrm_socket",
+          { COMMON_SOCK_PERMS,
+            "nlmsg_read", "nlmsg_write", NULL } },
+        { "netlink_selinux_socket",
+          { COMMON_SOCK_PERMS, NULL } },
+        { "netlink_audit_socket",
+          { COMMON_SOCK_PERMS,
+            "nlmsg_read", "nlmsg_write", "nlmsg_relay", "nlmsg_readpriv",
+            "nlmsg_tty_audit", NULL } },
+        { "netlink_ip6fw_socket",
+          { COMMON_SOCK_PERMS,
+            "nlmsg_read", "nlmsg_write", NULL } },
+        { "netlink_dnrt_socket",
+          { COMMON_SOCK_PERMS, NULL } },
+        { "association",
+          { "sendto", "recvfrom", "setcontext", "polmatch", NULL } },
+        { "netlink_kobject_uevent_socket",
+          { COMMON_SOCK_PERMS, NULL } },
+        { "appletalk_socket",
+          { COMMON_SOCK_PERMS, NULL } },
+        { "packet",
+          { "send", "recv", "relabelto", "flow_in", "flow_out",
+            "forward_in", "forward_out", NULL } },
+        { "key",
+          { "view", "read", "write", "search", "link", "setattr", "create",
+            NULL } },
+        { "dccp_socket",
+          { COMMON_SOCK_PERMS,
+            "node_bind", "name_connect", NULL } },
+        { "memprotect", { "mmap_zero", NULL } },
+        { "peer", { "recv", NULL } },
+        { "capability2", { "mac_override", "mac_admin", NULL } },
+        { "kernel_service", { "use_as_override", "create_files_as", NULL } },
+        { "tun_socket",
+          { COMMON_SOCK_PERMS, NULL } },
+        { NULL }
+  };
diff --git a/security/selinux/include/common_perm_to_string.h b/security/selinux/include/common_perm_to_string.h
deleted file mode 100644
index ce5b6e2fe9dd..000000000000
--- a/security/selinux/include/common_perm_to_string.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/* This file is automatically generated.  Do not edit. */
-TB_(common_file_perm_to_string)
-    S_("ioctl")
-    S_("read")
-    S_("write")
-    S_("create")
-    S_("getattr")
-    S_("setattr")
-    S_("lock")
-    S_("relabelfrom")
-    S_("relabelto")
-    S_("append")
-    S_("unlink")
-    S_("link")
-    S_("rename")
-    S_("execute")
-    S_("swapon")
-    S_("quotaon")
-    S_("mounton")
-TE_(common_file_perm_to_string)
-TB_(common_socket_perm_to_string)
-    S_("ioctl")
-    S_("read")
-    S_("write")
-    S_("create")
-    S_("getattr")
-    S_("setattr")
-    S_("lock")
-    S_("relabelfrom")
-    S_("relabelto")
-    S_("append")
-    S_("bind")
-    S_("connect")
-    S_("listen")
-    S_("accept")
-    S_("getopt")
-    S_("setopt")
-    S_("shutdown")
-    S_("recvfrom")
-    S_("sendto")
-    S_("recv_msg")
-    S_("send_msg")
-    S_("name_bind")
-TE_(common_socket_perm_to_string)
-TB_(common_ipc_perm_to_string)
-    S_("create")
-    S_("destroy")
-    S_("getattr")
-    S_("setattr")
-    S_("read")
-    S_("write")
-    S_("associate")
-    S_("unix_read")
-    S_("unix_write")
-TE_(common_ipc_perm_to_string)
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h
deleted file mode 100644
index f248500a1e3c..000000000000
--- a/security/selinux/include/flask.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/* This file is automatically generated.  Do not edit. */
-#ifndef _SELINUX_FLASK_H_
-#define _SELINUX_FLASK_H_
-/*
- * Security object class definitions
- */
-#define SECCLASS_SECURITY                                1
-#define SECCLASS_PROCESS                                 2
-#define SECCLASS_SYSTEM                                  3
-#define SECCLASS_CAPABILITY                              4
-#define SECCLASS_FILESYSTEM                              5
-#define SECCLASS_FILE                                    6
-#define SECCLASS_DIR                                     7
-#define SECCLASS_FD                                      8
-#define SECCLASS_LNK_FILE                                9
-#define SECCLASS_CHR_FILE                                10
-#define SECCLASS_BLK_FILE                                11
-#define SECCLASS_SOCK_FILE                               12
-#define SECCLASS_FIFO_FILE                               13
-#define SECCLASS_SOCKET                                  14
-#define SECCLASS_TCP_SOCKET                              15
-#define SECCLASS_UDP_SOCKET                              16
-#define SECCLASS_RAWIP_SOCKET                            17
-#define SECCLASS_NODE                                    18
-#define SECCLASS_NETIF                                   19
-#define SECCLASS_NETLINK_SOCKET                          20
-#define SECCLASS_PACKET_SOCKET                           21
-#define SECCLASS_KEY_SOCKET                              22
-#define SECCLASS_UNIX_STREAM_SOCKET                      23
-#define SECCLASS_UNIX_DGRAM_SOCKET                       24
-#define SECCLASS_SEM                                     25
-#define SECCLASS_MSG                                     26
-#define SECCLASS_MSGQ                                    27
-#define SECCLASS_SHM                                     28
-#define SECCLASS_IPC                                     29
-#define SECCLASS_NETLINK_ROUTE_SOCKET                    43
-#define SECCLASS_NETLINK_FIREWALL_SOCKET                 44
-#define SECCLASS_NETLINK_TCPDIAG_SOCKET                  45
-#define SECCLASS_NETLINK_NFLOG_SOCKET                    46
-#define SECCLASS_NETLINK_XFRM_SOCKET                     47
-#define SECCLASS_NETLINK_SELINUX_SOCKET                  48
-#define SECCLASS_NETLINK_AUDIT_SOCKET                    49
-#define SECCLASS_NETLINK_IP6FW_SOCKET                    50
-#define SECCLASS_NETLINK_DNRT_SOCKET                     51
-#define SECCLASS_ASSOCIATION                             54
-#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET           55
-#define SECCLASS_APPLETALK_SOCKET                        56
-#define SECCLASS_PACKET                                  57
-#define SECCLASS_KEY                                     58
-#define SECCLASS_DCCP_SOCKET                             60
-#define SECCLASS_MEMPROTECT                              61
-#define SECCLASS_PEER                                    68
-#define SECCLASS_CAPABILITY2                             69
-#define SECCLASS_KERNEL_SERVICE                          74
-#define SECCLASS_TUN_SOCKET                              75
-/*
- * Security identifier indices for initial entities
- */
-#define SECINITSID_KERNEL                               1
-#define SECINITSID_SECURITY                             2
-#define SECINITSID_UNLABELED                            3
-#define SECINITSID_FS                                   4
-#define SECINITSID_FILE                                 5
-#define SECINITSID_FILE_LABELS                          6
-#define SECINITSID_INIT                                 7
-#define SECINITSID_ANY_SOCKET                           8
-#define SECINITSID_PORT                                 9
-#define SECINITSID_NETIF                                10
-#define SECINITSID_NETMSG                               11
-#define SECINITSID_NODE                                 12
-#define SECINITSID_IGMP_PACKET                          13
-#define SECINITSID_ICMP_SOCKET                          14
-#define SECINITSID_TCP_SOCKET                           15
-#define SECINITSID_SYSCTL_MODPROBE                      16
-#define SECINITSID_SYSCTL                               17
-#define SECINITSID_SYSCTL_FS                            18
-#define SECINITSID_SYSCTL_KERNEL                        19
-#define SECINITSID_SYSCTL_NET                           20
-#define SECINITSID_SYSCTL_NET_UNIX                      21
-#define SECINITSID_SYSCTL_VM                            22
-#define SECINITSID_SYSCTL_DEV                           23
-#define SECINITSID_KMOD                                 24
-#define SECINITSID_POLICY                               25
-#define SECINITSID_SCMP_PACKET                          26
-#define SECINITSID_DEVNULL                              27
-#define SECINITSID_NUM                                  27
-#endif
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index ca835795a8b3..1f7c2491d3dc 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -57,7 +57,6 @@
 struct netlbl_lsm_secattr;
 extern int selinux_enabled;
-extern int selinux_mls_enabled;
 /* Policy capabilities */
 enum {
@@ -80,6 +79,8 @@ extern int selinux_policycap_openperm;
 /* limitation of boundary depth  */
 #define POLICYDB_BOUNDS_MAXDEPTH        4
+int security_mls_enabled(void);
 int security_load_policy(void *data, size_t len);
 int security_policycap_supported(unsigned int req_cap);
@@ -96,12 +97,17 @@ struct av_decision {
 /* definitions of av_decision.flags */
 #define AVD_FLAGS_PERMISSIVE    0x0001
-int security_compute_av(u32 ssid, u32 tsid,
+void security_compute_av(u32 ssid, u32 tsid,
-        u16 tclass, u32 requested,
+                         u16 tclass, struct av_decision *avd);
-        struct av_decision *avd);
+void security_compute_av_user(u32 ssid, u32 tsid,
+                             u16 tclass, struct av_decision *avd);
 int security_transition_sid(u32 ssid, u32 tsid,
-        u16 tclass, u32 *out_sid);
+                            u16 tclass, u32 *out_sid);
+int security_transition_sid_user(u32 ssid, u32 tsid,
+                                 u16 tclass, u32 *out_sid);
 int security_member_sid(u32 ssid, u32 tsid,
        u16 tclass, u32 *out_sid);
diff --git a/security/selinux/netif.c b/security/selinux/netif.c
index b4e14bc0bf32..d6095d63d831 100644
--- a/security/selinux/netif.c
+++ b/security/selinux/netif.c
@@ -16,6 +16,7 @@
 */
 #include <linux/init.h>
 #include <linux/types.h>
+#include <linux/slab.h>
 #include <linux/stddef.h>
 #include <linux/kernel.h>
 #include <linux/list.h>
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index e68823741ad5..628da72ee763 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -29,6 +29,7 @@
 #include <linux/spinlock.h>
 #include <linux/rcupdate.h>
+#include <linux/gfp.h>
 #include <linux/ip.h>
 #include <linux/ipv6.h>
 #include <net/sock.h>
@@ -204,7 +205,7 @@ int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
 *
 * Description
 * Call the NetLabel mechanism to set the label of a packet using @sid.
- * Returns zero on auccess, negative values on failure.
+ * Returns zero on success, negative values on failure.
 *
 */
 int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
diff --git a/security/selinux/netlink.c b/security/selinux/netlink.c
index 1ae556446e65..0e147b6914ad 100644
--- a/security/selinux/netlink.c
+++ b/security/selinux/netlink.c
@@ -11,6 +11,7 @@
 */
 #include <linux/init.h>
 #include <linux/types.h>
+#include <linux/slab.h>
 #include <linux/stddef.h>
 #include <linux/kernel.h>
 #include <linux/list.h>
diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index 7100072bb1b0..dc92792271f1 100644
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -31,6 +31,7 @@
 #include <linux/types.h>
 #include <linux/rcupdate.h>
 #include <linux/list.h>
+#include <linux/slab.h>
 #include <linux/spinlock.h>
 #include <linux/in.h>
 #include <linux/in6.h>
diff --git a/security/selinux/netport.c b/security/selinux/netport.c
index fe7fba67f19f..cfe2d72d3fb7 100644
--- a/security/selinux/netport.c
+++ b/security/selinux/netport.c
@@ -30,6 +30,7 @@
 #include <linux/types.h>
 #include <linux/rcupdate.h>
 #include <linux/list.h>
+#include <linux/slab.h>
 #include <linux/spinlock.h>
 #include <linux/in.h>
 #include <linux/in6.h>
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index b4fc506e7a87..cd191bbec03c 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -282,7 +282,8 @@ static ssize_t sel_read_mls(struct file *filp, char __user *buf,
        char tmpbuf[TMPBUFLEN];
        ssize_t length;
-        length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_mls_enabled);
+        length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
+                           security_mls_enabled());
        return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
 }
@@ -494,7 +495,6 @@ static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
        char *scon, *tcon;
        u32 ssid, tsid;
        u16 tclass;
-        u32 req;
        struct av_decision avd;
        ssize_t length;
@@ -512,7 +512,7 @@ static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
                goto out;
        length = -EINVAL;
-        if (sscanf(buf, "%s %s %hu %x", scon, tcon, &tclass, &req) != 4)
+        if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
                goto out2;
        length = security_context_to_sid(scon, strlen(scon)+1, &ssid);
@@ -522,9 +522,7 @@ static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
        if (length < 0)
                goto out2;
-        length = security_compute_av(ssid, tsid, tclass, req, &avd);
+        security_compute_av_user(ssid, tsid, tclass, &avd);
-        if (length < 0)
-                goto out2;
        length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
                          "%x %x %x %x %u %x",
@@ -571,7 +569,7 @@ static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
        if (length < 0)
                goto out2;
-        length = security_transition_sid(ssid, tsid, tclass, &newsid);
+        length = security_transition_sid_user(ssid, tsid, tclass, &newsid);
        if (length < 0)
                goto out2;
@@ -979,6 +977,8 @@ static int sel_make_bools(void)
        u32 sid;
        /* remove any existing files */
+        for (i = 0; i < bool_num; i++)
+                kfree(bool_pending_names[i]);
        kfree(bool_pending_names);
        kfree(bool_pending_values);
        bool_pending_names = NULL;
diff --git a/security/selinux/ss/Makefile b/security/selinux/ss/Makefile
index bad78779b9b0..15d4e62917de 100644
--- a/security/selinux/ss/Makefile
+++ b/security/selinux/ss/Makefile
@@ -2,7 +2,7 @@
 # Makefile for building the SELinux security server as part of the kernel tree.
 #
-EXTRA_CFLAGS += -Isecurity/selinux/include
+EXTRA_CFLAGS += -Isecurity/selinux -Isecurity/selinux/include
 obj-y := ss.o
 ss-y := ebitmap.o hashtab.o symtab.o sidtab.o avtab.o policydb.o services.o conditional.o mls.o
diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h
index 8da6a8428086..cd4f734e2749 100644
--- a/security/selinux/ss/avtab.h
+++ b/security/selinux/ss/avtab.h
@@ -82,7 +82,7 @@ struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified
 void avtab_cache_init(void);
 void avtab_cache_destroy(void);
-#define MAX_AVTAB_HASH_BITS 13
+#define MAX_AVTAB_HASH_BITS 11
 #define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS)
 #define MAX_AVTAB_HASH_MASK (MAX_AVTAB_HASH_BUCKETS-1)
 #define MAX_AVTAB_SIZE MAX_AVTAB_HASH_BUCKETS
diff --git a/security/selinux/ss/context.h b/security/selinux/ss/context.h
index d9dd7a2f6a8a..45e8fb0515f8 100644
--- a/security/selinux/ss/context.h
+++ b/security/selinux/ss/context.h
@@ -41,9 +41,6 @@ static inline int mls_context_cpy(struct context *dst, struct context *src)
 {
        int rc;
-        if (!selinux_mls_enabled)
-                return 0;
        dst->range.level[0].sens = src->range.level[0].sens;
        rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
        if (rc)
@@ -64,9 +61,6 @@ static inline int mls_context_cpy_low(struct context *dst, struct context *src)
 {
        int rc;
-        if (!selinux_mls_enabled)
-                return 0;
        dst->range.level[0].sens = src->range.level[0].sens;
        rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
        if (rc)
@@ -82,9 +76,6 @@ out:
 static inline int mls_context_cmp(struct context *c1, struct context *c2)
 {
-        if (!selinux_mls_enabled)
-                return 1;
        return ((c1->range.level[0].sens == c2->range.level[0].sens) &&
                ebitmap_cmp(&c1->range.level[0].cat, &c2->range.level[0].cat) &&
                (c1->range.level[1].sens == c2->range.level[1].sens) &&
@@ -93,9 +84,6 @@ static inline int mls_context_cmp(struct context *c1, struct context *c2)
 static inline void mls_context_destroy(struct context *c)
 {
-        if (!selinux_mls_enabled)
-                return;
        ebitmap_destroy(&c->range.level[0].cat);
        ebitmap_destroy(&c->range.level[1].cat);
        mls_context_init(c);
diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
index 68c7348d1acc..04b6145d767f 100644
--- a/security/selinux/ss/ebitmap.c
+++ b/security/selinux/ss/ebitmap.c
@@ -128,7 +128,7 @@ int ebitmap_netlbl_export(struct ebitmap *ebmap,
                        cmap_idx = delta / NETLBL_CATMAP_MAPSIZE;
                        cmap_sft = delta % NETLBL_CATMAP_MAPSIZE;
                        c_iter->bitmap[cmap_idx]
-                                |= e_iter->maps[cmap_idx] << cmap_sft;
+                                |= e_iter->maps[i] << cmap_sft;
                }
                e_iter = e_iter->next;
        }
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index b5407f16c2a4..372b773f8210 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -39,7 +39,7 @@ int mls_compute_context_len(struct context *context)
        struct ebitmap *e;
        struct ebitmap_node *node;
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return 0;
        len = 1; /* for the beginning ":" */
@@ -93,7 +93,7 @@ void mls_sid_to_context(struct context *context,
        struct ebitmap *e;
        struct ebitmap_node *node;
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return;
        scontextp = *scontext;
@@ -200,7 +200,7 @@ int mls_context_isvalid(struct policydb *p, struct context *c)
 {
        struct user_datum *usrdatum;
-        if (!selinux_mls_enabled)
+        if (!p->mls_enabled)
                return 1;
        if (!mls_range_isvalid(p, &c->range))
@@ -253,7 +253,7 @@ int mls_context_to_sid(struct policydb *pol,
        struct cat_datum *catdatum, *rngdatum;
        int l, rc = -EINVAL;
-        if (!selinux_mls_enabled) {
+        if (!pol->mls_enabled) {
                if (def_sid != SECSID_NULL && oldc)
                        *scontext += strlen(*scontext)+1;
                return 0;
@@ -387,7 +387,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
        char *tmpstr, *freestr;
        int rc;
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return -EINVAL;
        /* we need freestr because mls_context_to_sid will change
@@ -407,7 +407,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
 /*
 * Copies the MLS range `range' into `context'.
 */
-static inline int mls_range_set(struct context *context,
+int mls_range_set(struct context *context,
                                struct mls_range *range)
 {
        int l, rc = 0;
@@ -427,7 +427,7 @@ static inline int mls_range_set(struct context *context,
 int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
                         struct context *usercon)
 {
-        if (selinux_mls_enabled) {
+        if (policydb.mls_enabled) {
                struct mls_level *fromcon_sen = &(fromcon->range.level[0]);
                struct mls_level *fromcon_clr = &(fromcon->range.level[1]);
                struct mls_level *user_low = &(user->range.level[0]);
@@ -477,7 +477,7 @@ int mls_convert_context(struct policydb *oldp,
        struct ebitmap_node *node;
        int l, i;
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return 0;
        for (l = 0; l < 2; l++) {
@@ -513,26 +513,24 @@ int mls_compute_sid(struct context *scontext,
                    u32 specified,
                    struct context *newcontext)
 {
-        struct range_trans *rtr;
+        struct range_trans rtr;
+        struct mls_range *r;
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return 0;
        switch (specified) {
        case AVTAB_TRANSITION:
                /* Look for a range transition rule. */
-                for (rtr = policydb.range_tr; rtr; rtr = rtr->next) {
+                rtr.source_type = scontext->type;
-                        if (rtr->source_type == scontext->type &&
+                rtr.target_type = tcontext->type;
-                            rtr->target_type == tcontext->type &&
+                rtr.target_class = tclass;
-                            rtr->target_class == tclass) {
+                r = hashtab_search(policydb.range_tr, &rtr);
-                                /* Set the range from the rule */
+                if (r)
-                                return mls_range_set(newcontext,
+                        return mls_range_set(newcontext, r);
-                                                     &rtr->target_range);
-                        }
-                }
                /* Fallthrough */
        case AVTAB_CHANGE:
-                if (tclass == SECCLASS_PROCESS)
+                if (tclass == policydb.process_class)
                        /* Use the process MLS attributes. */
                        return mls_context_cpy(newcontext, scontext);
                else
@@ -541,8 +539,8 @@ int mls_compute_sid(struct context *scontext,
        case AVTAB_MEMBER:
                /* Use the process effective MLS attributes. */
                return mls_context_cpy_low(newcontext, scontext);
-        default:
-                return -EINVAL;
+        /* fall through */
        }
        return -EINVAL;
 }
@@ -561,7 +559,7 @@ int mls_compute_sid(struct context *scontext,
 void mls_export_netlbl_lvl(struct context *context,
                           struct netlbl_lsm_secattr *secattr)
 {
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return;
        secattr->attr.mls.lvl = context->range.level[0].sens - 1;
@@ -581,7 +579,7 @@ void mls_export_netlbl_lvl(struct context *context,
 void mls_import_netlbl_lvl(struct context *context,
                           struct netlbl_lsm_secattr *secattr)
 {
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return;
        context->range.level[0].sens = secattr->attr.mls.lvl + 1;
@@ -603,7 +601,7 @@ int mls_export_netlbl_cat(struct context *context,
 {
        int rc;
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return 0;
        rc = ebitmap_netlbl_export(&context->range.level[0].cat,
@@ -631,7 +629,7 @@ int mls_import_netlbl_cat(struct context *context,
 {
        int rc;
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return 0;
        rc = ebitmap_netlbl_import(&context->range.level[0].cat,
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h
index 1276715aaa8b..cd9152632e54 100644
--- a/security/selinux/ss/mls.h
+++ b/security/selinux/ss/mls.h
@@ -39,6 +39,8 @@ int mls_context_to_sid(struct policydb *p,
 int mls_from_string(char *str, struct context *context, gfp_t gfp_mask);
+int mls_range_set(struct context *context, struct mls_range *range);
 int mls_convert_context(struct policydb *oldp,
                        struct policydb *newp,
                        struct context *context);
diff --git a/security/selinux/ss/mls_types.h b/security/selinux/ss/mls_types.h
index b6e943a21061..03bed52a8052 100644
--- a/security/selinux/ss/mls_types.h
+++ b/security/selinux/ss/mls_types.h
@@ -15,6 +15,7 @@
 #define _SS_MLS_TYPES_H_
 #include "security.h"
+#include "ebitmap.h"
 struct mls_level {
        u32 sens;               /* sensitivity */
@@ -27,18 +28,12 @@ struct mls_range {
 static inline int mls_level_eq(struct mls_level *l1, struct mls_level *l2)
 {
-        if (!selinux_mls_enabled)
-                return 1;
        return ((l1->sens == l2->sens) &&
                ebitmap_cmp(&l1->cat, &l2->cat));
 }
 static inline int mls_level_dom(struct mls_level *l1, struct mls_level *l2)
 {
-        if (!selinux_mls_enabled)
-                return 1;
        return ((l1->sens >= l2->sens) &&
                ebitmap_contains(&l1->cat, &l2->cat));
 }
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 72e4a54973aa..23c6e53c102c 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -52,8 +52,6 @@ static char *symtab_name[SYM_NUM] = {
 };
 #endif
-int selinux_mls_enabled;
 static unsigned int symtab_sizes[SYM_NUM] = {
        2,
        32,
@@ -177,6 +175,21 @@ out_free_role:
        goto out;
 }
+static u32 rangetr_hash(struct hashtab *h, const void *k)
+{
+        const struct range_trans *key = k;
+        return (key->source_type + (key->target_type << 3) +
+                (key->target_class << 5)) & (h->size - 1);
+}
+static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2)
+{
+        const struct range_trans *key1 = k1, *key2 = k2;
+        return (key1->source_type != key2->source_type ||
+                key1->target_type != key2->target_type ||
+                key1->target_class != key2->target_class);
+}
 /*
 * Initialize a policy database structure.
 */
@@ -204,6 +217,10 @@ static int policydb_init(struct policydb *p)
        if (rc)
                goto out_free_symtab;
+        p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256);
+        if (!p->range_tr)
+                goto out_free_symtab;
        ebitmap_init(&p->policycaps);
        ebitmap_init(&p->permissive_map);
@@ -408,6 +425,20 @@ static void symtab_hash_eval(struct symtab *s)
                       info.slots_used, h->size, info.max_chain_len);
        }
 }
+static void rangetr_hash_eval(struct hashtab *h)
+{
+        struct hashtab_info info;
+        hashtab_stat(h, &info);
+        printk(KERN_DEBUG "SELinux: rangetr:  %d entries and %d/%d buckets used, "
+               "longest chain length %d\n", h->nel,
+               info.slots_used, h->size, info.max_chain_len);
+}
+#else
+static inline void rangetr_hash_eval(struct hashtab *h)
+{
+}
 #endif
 /*
@@ -422,7 +453,7 @@ static int policydb_index_others(struct policydb *p)
        printk(KERN_DEBUG "SELinux:  %d users, %d roles, %d types, %d bools",
               p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
-        if (selinux_mls_enabled)
+        if (p->mls_enabled)
                printk(", %d sens, %d cats", p->p_levels.nprim,
                       p->p_cats.nprim);
        printk("\n");
@@ -612,6 +643,17 @@ static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) =
        cat_destroy,
 };
+static int range_tr_destroy(void *key, void *datum, void *p)
+{
+        struct mls_range *rt = datum;
+        kfree(key);
+        ebitmap_destroy(&rt->level[0].cat);
+        ebitmap_destroy(&rt->level[1].cat);
+        kfree(datum);
+        cond_resched();
+        return 0;
+}
 static void ocontext_destroy(struct ocontext *c, int i)
 {
        context_destroy(&c->context[0]);
@@ -632,7 +674,6 @@ void policydb_destroy(struct policydb *p)
        int i;
        struct role_allow *ra, *lra = NULL;
        struct role_trans *tr, *ltr = NULL;
-        struct range_trans *rt, *lrt = NULL;
        for (i = 0; i < SYM_NUM; i++) {
                cond_resched();
@@ -693,27 +734,14 @@ void policydb_destroy(struct policydb *p)
        }
        kfree(lra);
-        for (rt = p->range_tr; rt; rt = rt->next) {
+        hashtab_map(p->range_tr, range_tr_destroy, NULL);
-                cond_resched();
+        hashtab_destroy(p->range_tr);
-                if (lrt) {
-                        ebitmap_destroy(&lrt->target_range.level[0].cat);
-                        ebitmap_destroy(&lrt->target_range.level[1].cat);
-                        kfree(lrt);
-                }
-                lrt = rt;
-        }
-        if (lrt) {
-                ebitmap_destroy(&lrt->target_range.level[0].cat);
-                ebitmap_destroy(&lrt->target_range.level[1].cat);
-                kfree(lrt);
-        }
        if (p->type_attr_map) {
                for (i = 0; i < p->p_types.nprim; i++)
                        ebitmap_destroy(&p->type_attr_map[i]);
        }
        kfree(p->type_attr_map);
-        kfree(p->undefined_perms);
        ebitmap_destroy(&p->policycaps);
        ebitmap_destroy(&p->permissive_map);
@@ -1640,6 +1668,40 @@ static int policydb_bounds_sanity_check(struct policydb *p)
 extern int ss_initialized;
+u16 string_to_security_class(struct policydb *p, const char *name)
+{
+        struct class_datum *cladatum;
+        cladatum = hashtab_search(p->p_classes.table, name);
+        if (!cladatum)
+                return 0;
+        return cladatum->value;
+}
+u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name)
+{
+        struct class_datum *cladatum;
+        struct perm_datum *perdatum = NULL;
+        struct common_datum *comdatum;
+        if (!tclass || tclass > p->p_classes.nprim)
+                return 0;
+        cladatum = p->class_val_to_struct[tclass-1];
+        comdatum = cladatum->comdatum;
+        if (comdatum)
+                perdatum = hashtab_search(comdatum->permissions.table,
+                                          name);
+        if (!perdatum)
+                perdatum = hashtab_search(cladatum->permissions.table,
+                                          name);
+        if (!perdatum)
+                return 0;
+        return 1U << (perdatum->value-1);
+}
 /*
 * Read the configuration data from a policy database binary
 * representation file into a policy database structure.
@@ -1653,12 +1715,11 @@ int policydb_read(struct policydb *p, void *fp)
        int i, j, rc;
        __le32 buf[4];
        u32 nodebuf[8];
-        u32 len, len2, config, nprim, nel, nel2;
+        u32 len, len2, nprim, nel, nel2;
        char *policydb_str;
        struct policydb_compat_info *info;
-        struct range_trans *rt, *lrt;
+        struct range_trans *rt;
+        struct mls_range *r;
-        config = 0;
        rc = policydb_init(p);
        if (rc)
@@ -1707,7 +1768,7 @@ int policydb_read(struct policydb *p, void *fp)
        kfree(policydb_str);
        policydb_str = NULL;
-        /* Read the version, config, and table sizes. */
+        /* Read the version and table sizes. */
        rc = next_entry(buf, fp, sizeof(u32)*4);
        if (rc < 0)
                goto bad;
@@ -1722,13 +1783,7 @@ int policydb_read(struct policydb *p, void *fp)
        }
        if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
-                if (ss_initialized && !selinux_mls_enabled) {
+                p->mls_enabled = 1;
-                        printk(KERN_ERR "SELinux: Cannot switch between non-MLS"
-                                " and MLS policies\n");
-                        goto bad;
-                }
-                selinux_mls_enabled = 1;
-                config |= POLICYDB_CONFIG_MLS;
                if (p->policyvers < POLICYDB_VERSION_MLS) {
                        printk(KERN_ERR "SELinux: security policydb version %d "
@@ -1736,12 +1791,6 @@ int policydb_read(struct policydb *p, void *fp)
                                p->policyvers);
                        goto bad;
                }
-        } else {
-                if (ss_initialized && selinux_mls_enabled) {
-                        printk(KERN_ERR "SELinux: Cannot switch between MLS and"
-                                " non-MLS policies\n");
-                        goto bad;
-                }
        }
        p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
        p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
@@ -1861,6 +1910,16 @@ int policydb_read(struct policydb *p, void *fp)
        if (rc)
                goto bad;
+        p->process_class = string_to_security_class(p, "process");
+        if (!p->process_class)
+                goto bad;
+        p->process_trans_perms = string_to_av_perm(p, p->process_class,
+                                                   "transition");
+        p->process_trans_perms |= string_to_av_perm(p, p->process_class,
+                                                    "dyntransition");
+        if (!p->process_trans_perms)
+                goto bad;
        for (i = 0; i < info->ocon_num; i++) {
                rc = next_entry(buf, fp, sizeof(u32));
                if (rc < 0)
@@ -2079,44 +2138,61 @@ int policydb_read(struct policydb *p, void *fp)
                if (rc < 0)
                        goto bad;
                nel = le32_to_cpu(buf[0]);
-                lrt = NULL;
                for (i = 0; i < nel; i++) {
                        rt = kzalloc(sizeof(*rt), GFP_KERNEL);
                        if (!rt) {
                                rc = -ENOMEM;
                                goto bad;
                        }
-                        if (lrt)
-                                lrt->next = rt;
-                        else
-                                p->range_tr = rt;
                        rc = next_entry(buf, fp, (sizeof(u32) * 2));
-                        if (rc < 0)
+                        if (rc < 0) {
+                                kfree(rt);
                                goto bad;
+                        }
                        rt->source_type = le32_to_cpu(buf[0]);
                        rt->target_type = le32_to_cpu(buf[1]);
                        if (new_rangetr) {
                                rc = next_entry(buf, fp, sizeof(u32));
-                                if (rc < 0)
+                                if (rc < 0) {
+                                        kfree(rt);
                                        goto bad;
+                                }
                                rt->target_class = le32_to_cpu(buf[0]);
                        } else
-                                rt->target_class = SECCLASS_PROCESS;
+                                rt->target_class = p->process_class;
                        if (!policydb_type_isvalid(p, rt->source_type) ||
                            !policydb_type_isvalid(p, rt->target_type) ||
                            !policydb_class_isvalid(p, rt->target_class)) {
+                                kfree(rt);
                                rc = -EINVAL;
                                goto bad;
                        }
-                        rc = mls_read_range_helper(&rt->target_range, fp);
+                        r = kzalloc(sizeof(*r), GFP_KERNEL);
-                        if (rc)
+                        if (!r) {
+                                kfree(rt);
+                                rc = -ENOMEM;
+                                goto bad;
+                        }
+                        rc = mls_read_range_helper(r, fp);
+                        if (rc) {
+                                kfree(rt);
+                                kfree(r);
                                goto bad;
-                        if (!mls_range_isvalid(p, &rt->target_range)) {
+                        }
+                        if (!mls_range_isvalid(p, r)) {
                                printk(KERN_WARNING "SELinux:  rangetrans:  invalid range\n");
+                                kfree(rt);
+                                kfree(r);
+                                goto bad;
+                        }
+                        rc = hashtab_insert(p->range_tr, rt, r);
+                        if (rc) {
+                                kfree(rt);
+                                kfree(r);
                                goto bad;
                        }
-                        lrt = rt;
                }
+                rangetr_hash_eval(p->range_tr);
        }
        p->type_attr_map = kmalloc(p->p_types.nprim*sizeof(struct ebitmap), GFP_KERNEL);
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index 55152d498b53..26d9adf8542b 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -27,6 +27,8 @@
 #include "symtab.h"
 #include "avtab.h"
 #include "sidtab.h"
+#include "ebitmap.h"
+#include "mls_types.h"
 #include "context.h"
 #include "constraint.h"
@@ -113,8 +115,6 @@ struct range_trans {
        u32 source_type;
        u32 target_type;
        u32 target_class;
-        struct mls_range target_range;
-        struct range_trans *next;
 };
 /* Boolean data type */
@@ -187,6 +187,8 @@ struct genfs {
 /* The policy database */
 struct policydb {
+        int mls_enabled;
        /* symbol tables */
        struct symtab symtab[SYM_NUM];
 #define p_commons symtab[SYM_COMMONS]
@@ -240,8 +242,8 @@ struct policydb {
           fixed labeling behavior. */
        struct genfs *genfs;
-        /* range transitions */
+        /* range transitions table (range_trans_key -> mls_range) */
-        struct range_trans *range_tr;
+        struct hashtab *range_tr;
        /* type -> attribute reverse mapping */
        struct ebitmap *type_attr_map;
@@ -254,7 +256,9 @@ struct policydb {
        unsigned int reject_unknown : 1;
        unsigned int allow_unknown : 1;
-        u32 *undefined_perms;
+        u16 process_class;
+        u32 process_trans_perms;
 };
 extern void policydb_destroy(struct policydb *p);
@@ -295,5 +299,8 @@ static inline int next_entry(void *buf, struct policy_file *fp, size_t bytes)
        return 0;
 }
+extern u16 string_to_security_class(struct policydb *p, const char *name);
+extern u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name);
 #endif  /* _SS_POLICYDB_H_ */
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index ff17820d35ec..cf27b3ee1a95 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -26,6 +26,10 @@
 *
 *  Added support for bounds domain and audit messaged on masked permissions
 *
+ * Updated: Guido Trentalancia <guido@trentalancia.com>
+ *
+ *  Added support for runtime switching of the policy type
+ *
 * Copyright (C) 2008, 2009 NEC Corporation
 * Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P.
 * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
@@ -65,16 +69,10 @@
 #include "audit.h"
 extern void selnl_notify_policyload(u32 seqno);
-unsigned int policydb_loaded_version;
 int selinux_policycap_netpeer;
 int selinux_policycap_openperm;
-/*
- * This is declared in avc.c
- */
-extern const struct selinux_class_perm selinux_class_perm;
 static DEFINE_RWLOCK(policy_rwlock);
 static struct sidtab sidtab;
@@ -93,11 +91,156 @@ static u32 latest_granting;
 static int context_struct_to_string(struct context *context, char **scontext,
                                    u32 *scontext_len);
-static int context_struct_compute_av(struct context *scontext,
+static void context_struct_compute_av(struct context *scontext,
-                                     struct context *tcontext,
+                                      struct context *tcontext,
-                                     u16 tclass,
+                                      u16 tclass,
-                                     u32 requested,
+                                      struct av_decision *avd);
-                                     struct av_decision *avd);
+struct selinux_mapping {
+        u16 value; /* policy value */
+        unsigned num_perms;
+        u32 perms[sizeof(u32) * 8];
+};
+static struct selinux_mapping *current_mapping;
+static u16 current_mapping_size;
+static int selinux_set_mapping(struct policydb *pol,
+                               struct security_class_mapping *map,
+                               struct selinux_mapping **out_map_p,
+                               u16 *out_map_size)
+{
+        struct selinux_mapping *out_map = NULL;
+        size_t size = sizeof(struct selinux_mapping);
+        u16 i, j;
+        unsigned k;
+        bool print_unknown_handle = false;
+        /* Find number of classes in the input mapping */
+        if (!map)
+                return -EINVAL;
+        i = 0;
+        while (map[i].name)
+                i++;
+        /* Allocate space for the class records, plus one for class zero */
+        out_map = kcalloc(++i, size, GFP_ATOMIC);
+        if (!out_map)
+                return -ENOMEM;
+        /* Store the raw class and permission values */
+        j = 0;
+        while (map[j].name) {
+                struct security_class_mapping *p_in = map + (j++);
+                struct selinux_mapping *p_out = out_map + j;
+                /* An empty class string skips ahead */
+                if (!strcmp(p_in->name, "")) {
+                        p_out->num_perms = 0;
+                        continue;
+                }
+                p_out->value = string_to_security_class(pol, p_in->name);
+                if (!p_out->value) {
+                        printk(KERN_INFO
+                               "SELinux:  Class %s not defined in policy.\n",
+                               p_in->name);
+                        if (pol->reject_unknown)
+                                goto err;
+                        p_out->num_perms = 0;
+                        print_unknown_handle = true;
+                        continue;
+                }
+                k = 0;
+                while (p_in->perms && p_in->perms[k]) {
+                        /* An empty permission string skips ahead */
+                        if (!*p_in->perms[k]) {
+                                k++;
+                                continue;
+                        }
+                        p_out->perms[k] = string_to_av_perm(pol, p_out->value,
+                                                            p_in->perms[k]);
+                        if (!p_out->perms[k]) {
+                                printk(KERN_INFO
+                                       "SELinux:  Permission %s in class %s not defined in policy.\n",
+                                       p_in->perms[k], p_in->name);
+                                if (pol->reject_unknown)
+                                        goto err;
+                                print_unknown_handle = true;
+                        }
+                        k++;
+                }
+                p_out->num_perms = k;
+        }
+        if (print_unknown_handle)
+                printk(KERN_INFO "SELinux: the above unknown classes and permissions will be %s\n",
+                       pol->allow_unknown ? "allowed" : "denied");
+        *out_map_p = out_map;
+        *out_map_size = i;
+        return 0;
+err:
+        kfree(out_map);
+        return -EINVAL;
+}
+/*
+ * Get real, policy values from mapped values
+ */
+static u16 unmap_class(u16 tclass)
+{
+        if (tclass < current_mapping_size)
+                return current_mapping[tclass].value;
+        return tclass;
+}
+static void map_decision(u16 tclass, struct av_decision *avd,
+                         int allow_unknown)
+{
+        if (tclass < current_mapping_size) {
+                unsigned i, n = current_mapping[tclass].num_perms;
+                u32 result;
+                for (i = 0, result = 0; i < n; i++) {
+                        if (avd->allowed & current_mapping[tclass].perms[i])
+                                result |= 1<<i;
+                        if (allow_unknown && !current_mapping[tclass].perms[i])
+                                result |= 1<<i;
+                }
+                avd->allowed = result;
+                for (i = 0, result = 0; i < n; i++)
+                        if (avd->auditallow & current_mapping[tclass].perms[i])
+                                result |= 1<<i;
+                avd->auditallow = result;
+                for (i = 0, result = 0; i < n; i++) {
+                        if (avd->auditdeny & current_mapping[tclass].perms[i])
+                                result |= 1<<i;
+                        if (!allow_unknown && !current_mapping[tclass].perms[i])
+                                result |= 1<<i;
+                }
+                /*
+                 * In case the kernel has a bug and requests a permission
+                 * between num_perms and the maximum permission number, we
+                 * should audit that denial
+                 */
+                for (; i < (sizeof(u32)*8); i++)
+                        result |= 1<<i;
+                avd->auditdeny = result;
+        }
+}
+int security_mls_enabled(void)
+{
+        return policydb.mls_enabled;
+}
 /*
 * Return the boolean value of a constraint expression
 * when it is applied to the specified source and target
@@ -312,7 +455,8 @@ static void security_dump_masked_av(struct context *scontext,
        char *scontext_name = NULL;
        char *tcontext_name = NULL;
        char *permission_names[32];
-        int index, length;
+        int index;
+        u32 length;
        bool need_comma = false;
        if (!permissions)
@@ -379,7 +523,6 @@ out:
 static void type_attribute_bounds_av(struct context *scontext,
                                     struct context *tcontext,
                                     u16 tclass,
-                                     u32 requested,
                                     struct av_decision *avd)
 {
        struct context lo_scontext;
@@ -400,7 +543,6 @@ static void type_attribute_bounds_av(struct context *scontext,
                context_struct_compute_av(&lo_scontext,
                                          tcontext,
                                          tclass,
-                                          requested,
                                          &lo_avd);
                if ((lo_avd.allowed & avd->allowed) == avd->allowed)
                        return;         /* no masked permission */
@@ -416,7 +558,6 @@ static void type_attribute_bounds_av(struct context *scontext,
                context_struct_compute_av(scontext,
                                          &lo_tcontext,
                                          tclass,
-                                          requested,
                                          &lo_avd);
                if ((lo_avd.allowed & avd->allowed) == avd->allowed)
                        return;         /* no masked permission */
@@ -433,7 +574,6 @@ static void type_attribute_bounds_av(struct context *scontext,
                context_struct_compute_av(&lo_scontext,
                                          &lo_tcontext,
                                          tclass,
-                                          requested,
                                          &lo_avd);
                if ((lo_avd.allowed & avd->allowed) == avd->allowed)
                        return;         /* no masked permission */
@@ -454,11 +594,10 @@ static void type_attribute_bounds_av(struct context *scontext,
 * Compute access vectors based on a context structure pair for
 * the permissions in a particular class.
 */
-static int context_struct_compute_av(struct context *scontext,
+static void context_struct_compute_av(struct context *scontext,
-                                     struct context *tcontext,
+                                      struct context *tcontext,
-                                     u16 tclass,
+                                      u16 tclass,
-                                     u32 requested,
+                                      struct av_decision *avd)
-                                     struct av_decision *avd)
 {
        struct constraint_node *constraint;
        struct role_allow *ra;
@@ -467,56 +606,17 @@ static int context_struct_compute_av(struct context *scontext,
        struct class_datum *tclass_datum;
        struct ebitmap *sattr, *tattr;
        struct ebitmap_node *snode, *tnode;
-        const struct selinux_class_perm *kdefs = &selinux_class_perm;
        unsigned int i, j;
-        /*
-         * Remap extended Netlink classes for old policy versions.
-         * Do this here rather than socket_type_to_security_class()
-         * in case a newer policy version is loaded, allowing sockets
-         * to remain in the correct class.
-         */
-        if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS)
-                if (tclass >= SECCLASS_NETLINK_ROUTE_SOCKET &&
-                    tclass <= SECCLASS_NETLINK_DNRT_SOCKET)
-                        tclass = SECCLASS_NETLINK_SOCKET;
-        /*
-         * Initialize the access vectors to the default values.
-         */
        avd->allowed = 0;
        avd->auditallow = 0;
        avd->auditdeny = 0xffffffff;
-        avd->seqno = latest_granting;
-        avd->flags = 0;
-        /*
+        if (unlikely(!tclass || tclass > policydb.p_classes.nprim)) {
-         * Check for all the invalid cases.
+                if (printk_ratelimit())
-         * - tclass 0
+                        printk(KERN_WARNING "SELinux:  Invalid class %hu\n", tclass);
-         * - tclass > policy and > kernel
+                return;
-         * - tclass > policy but is a userspace class
+        }
-         * - tclass > policy but we do not allow unknowns
-         */
-        if (unlikely(!tclass))
-                goto inval_class;
-        if (unlikely(tclass > policydb.p_classes.nprim))
-                if (tclass > kdefs->cts_len ||
-                    !kdefs->class_to_string[tclass] ||
-                    !policydb.allow_unknown)
-                        goto inval_class;
-        /*
-         * Kernel class and we allow unknown so pad the allow decision
-         * the pad will be all 1 for unknown classes.
-         */
-        if (tclass <= kdefs->cts_len && policydb.allow_unknown)
-                avd->allowed = policydb.undefined_perms[tclass - 1];
-        /*
-         * Not in policy. Since decision is completed (all 1 or all 0) return.
-         */
-        if (unlikely(tclass > policydb.p_classes.nprim))
-                return 0;
        tclass_datum = policydb.class_val_to_struct[tclass - 1];
@@ -568,8 +668,8 @@ static int context_struct_compute_av(struct context *scontext,
         * role is changing, then check the (current_role, new_role)
         * pair.
         */
-        if (tclass == SECCLASS_PROCESS &&
+        if (tclass == policydb.process_class &&
-            (avd->allowed & (PROCESS__TRANSITION | PROCESS__DYNTRANSITION)) &&
+            (avd->allowed & policydb.process_trans_perms) &&
            scontext->role != tcontext->role) {
                for (ra = policydb.role_allow; ra; ra = ra->next) {
                        if (scontext->role == ra->role &&
@@ -577,8 +677,7 @@ static int context_struct_compute_av(struct context *scontext,
                                break;
                }
                if (!ra)
-                        avd->allowed &= ~(PROCESS__TRANSITION |
+                        avd->allowed &= ~policydb.process_trans_perms;
-                                          PROCESS__DYNTRANSITION);
        }
        /*
@@ -587,24 +686,7 @@ static int context_struct_compute_av(struct context *scontext,
         * permission and notice it to userspace via audit.
         */
        type_attribute_bounds_av(scontext, tcontext,
-                                 tclass, requested, avd);
+                                 tclass, avd);
-        return 0;
-inval_class:
-        if (!tclass || tclass > kdefs->cts_len ||
-            !kdefs->class_to_string[tclass]) {
-                if (printk_ratelimit())
-                        printk(KERN_ERR "SELinux: %s:  unrecognized class %d\n",
-                               __func__, tclass);
-                return -EINVAL;
-        }
-        /*
-         * Known to the kernel, but not to the policy.
-         * Handle as a denial (allowed is 0).
-         */
-        return 0;
 }
 static int security_validtrans_handle_fail(struct context *ocontext,
@@ -636,13 +718,14 @@ out:
 }
 int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
-                                 u16 tclass)
+                                 u16 orig_tclass)
 {
        struct context *ocontext;
        struct context *ncontext;
        struct context *tcontext;
        struct class_datum *tclass_datum;
        struct constraint_node *constraint;
+        u16 tclass;
        int rc = 0;
        if (!ss_initialized)
@@ -650,16 +733,7 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
        read_lock(&policy_rwlock);
-        /*
+        tclass = unmap_class(orig_tclass);
-         * Remap extended Netlink classes for old policy versions.
-         * Do this here rather than socket_type_to_security_class()
-         * in case a newer policy version is loaded, allowing sockets
-         * to remain in the correct class.
-         */
-        if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS)
-                if (tclass >= SECCLASS_NETLINK_ROUTE_SOCKET &&
-                    tclass <= SECCLASS_NETLINK_DNRT_SOCKET)
-                        tclass = SECCLASS_NETLINK_SOCKET;
        if (!tclass || tclass > policydb.p_classes.nprim) {
                printk(KERN_ERR "SELinux: %s:  unrecognized class %d\n",
@@ -741,7 +815,7 @@ int security_bounded_transition(u32 old_sid, u32 new_sid)
                goto out;
        }
-        /* type/domain unchaned */
+        /* type/domain unchanged */
        if (old_context->type == new_context->type) {
                rc = 0;
                goto out;
@@ -769,7 +843,7 @@ int security_bounded_transition(u32 old_sid, u32 new_sid)
        if (rc) {
                char *old_name = NULL;
                char *new_name = NULL;
-                int length;
+                u32 length;
                if (!context_struct_to_string(old_context,
                                              &old_name, &length) &&
@@ -791,63 +865,116 @@ out:
        return rc;
 }
+static void avd_init(struct av_decision *avd)
+{
+        avd->allowed = 0;
+        avd->auditallow = 0;
+        avd->auditdeny = 0xffffffff;
+        avd->seqno = latest_granting;
+        avd->flags = 0;
+}
 /**
 * security_compute_av - Compute access vector decisions.
 * @ssid: source security identifier
 * @tsid: target security identifier
 * @tclass: target security class
- * @requested: requested permissions
 * @avd: access vector decisions
 *
 * Compute a set of access vector decisions based on the
 * SID pair (@ssid, @tsid) for the permissions in @tclass.
- * Return -%EINVAL if any of the parameters are invalid or %0
- * if the access vector decisions were computed successfully.
 */
-int security_compute_av(u32 ssid,
+void security_compute_av(u32 ssid,
-                        u32 tsid,
+                         u32 tsid,
-                        u16 tclass,
+                         u16 orig_tclass,
-                        u32 requested,
+                         struct av_decision *avd)
-                        struct av_decision *avd)
 {
+        u16 tclass;
        struct context *scontext = NULL, *tcontext = NULL;
-        int rc = 0;
-        if (!ss_initialized) {
-                avd->allowed = 0xffffffff;
-                avd->auditallow = 0;
-                avd->auditdeny = 0xffffffff;
-                avd->seqno = latest_granting;
-                return 0;
-        }
        read_lock(&policy_rwlock);
+        avd_init(avd);
+        if (!ss_initialized)
+                goto allow;
        scontext = sidtab_search(&sidtab, ssid);
        if (!scontext) {
                printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
                       __func__, ssid);
-                rc = -EINVAL;
                goto out;
        }
+        /* permissive domain? */
+        if (ebitmap_get_bit(&policydb.permissive_map, scontext->type))
+                avd->flags |= AVD_FLAGS_PERMISSIVE;
        tcontext = sidtab_search(&sidtab, tsid);
        if (!tcontext) {
                printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
                       __func__, tsid);
-                rc = -EINVAL;
                goto out;
        }
-        rc = context_struct_compute_av(scontext, tcontext, tclass,
+        tclass = unmap_class(orig_tclass);
-                                       requested, avd);
+        if (unlikely(orig_tclass && !tclass)) {
+                if (policydb.allow_unknown)
+                        goto allow;
+                goto out;
+        }
+        context_struct_compute_av(scontext, tcontext, tclass, avd);
+        map_decision(orig_tclass, avd, policydb.allow_unknown);
+out:
+        read_unlock(&policy_rwlock);
+        return;
+allow:
+        avd->allowed = 0xffffffff;
+        goto out;
+}
+void security_compute_av_user(u32 ssid,
+                              u32 tsid,
+                              u16 tclass,
+                              struct av_decision *avd)
+{
+        struct context *scontext = NULL, *tcontext = NULL;
+        read_lock(&policy_rwlock);
+        avd_init(avd);
+        if (!ss_initialized)
+                goto allow;
+        scontext = sidtab_search(&sidtab, ssid);
+        if (!scontext) {
+                printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
+                       __func__, ssid);
+                goto out;
+        }
        /* permissive domain? */
        if (ebitmap_get_bit(&policydb.permissive_map, scontext->type))
-            avd->flags |= AVD_FLAGS_PERMISSIVE;
+                avd->flags |= AVD_FLAGS_PERMISSIVE;
-out:
+        tcontext = sidtab_search(&sidtab, tsid);
+        if (!tcontext) {
+                printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
+                       __func__, tsid);
+                goto out;
+        }
+        if (unlikely(!tclass)) {
+                if (policydb.allow_unknown)
+                        goto allow;
+                goto out;
+        }
+        context_struct_compute_av(scontext, tcontext, tclass, avd);
+ out:
        read_unlock(&policy_rwlock);
-        return rc;
+        return;
+allow:
+        avd->allowed = 0xffffffff;
+        goto out;
 }
 /*
@@ -1204,20 +1331,22 @@ out:
 static int security_compute_sid(u32 ssid,
                                u32 tsid,
-                                u16 tclass,
+                                u16 orig_tclass,
                                u32 specified,
-                                u32 *out_sid)
+                                u32 *out_sid,
+                                bool kern)
 {
        struct context *scontext = NULL, *tcontext = NULL, newcontext;
        struct role_trans *roletr = NULL;
        struct avtab_key avkey;
        struct avtab_datum *avdatum;
        struct avtab_node *node;
+        u16 tclass;
        int rc = 0;
        if (!ss_initialized) {
-                switch (tclass) {
+                switch (orig_tclass) {
-                case SECCLASS_PROCESS:
+                case SECCLASS_PROCESS: /* kernel value */
                        *out_sid = ssid;
                        break;
                default:
@@ -1231,6 +1360,11 @@ static int security_compute_sid(u32 ssid,
        read_lock(&policy_rwlock);
+        if (kern)
+                tclass = unmap_class(orig_tclass);
+        else
+                tclass = orig_tclass;
        scontext = sidtab_search(&sidtab, ssid);
        if (!scontext) {
                printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
@@ -1260,13 +1394,11 @@ static int security_compute_sid(u32 ssid,
        }
        /* Set the role and type to default values. */
-        switch (tclass) {
+        if (tclass == policydb.process_class) {
-        case SECCLASS_PROCESS:
                /* Use the current role and type of process. */
                newcontext.role = scontext->role;
                newcontext.type = scontext->type;
-                break;
+        } else {
-        default:
                /* Use the well-defined object role. */
                newcontext.role = OBJECT_R_VAL;
                /* Use the type of the related object. */
@@ -1297,8 +1429,7 @@ static int security_compute_sid(u32 ssid,
        }
        /* Check for class-specific changes. */
-        switch (tclass) {
+        if  (tclass == policydb.process_class) {
-        case SECCLASS_PROCESS:
                if (specified & AVTAB_TRANSITION) {
                        /* Look for a role transition rule. */
                        for (roletr = policydb.role_tr; roletr;
@@ -1311,9 +1442,6 @@ static int security_compute_sid(u32 ssid,
                                }
                        }
                }
-                break;
-        default:
-                break;
        }
        /* Set the MLS attributes.
@@ -1358,7 +1486,17 @@ int security_transition_sid(u32 ssid,
                            u16 tclass,
                            u32 *out_sid)
 {
-        return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION, out_sid);
+        return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION,
+                                    out_sid, true);
+}
+int security_transition_sid_user(u32 ssid,
+                                 u32 tsid,
+                                 u16 tclass,
+                                 u32 *out_sid)
+{
+        return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION,
+                                    out_sid, false);
 }
 /**
@@ -1379,7 +1517,8 @@ int security_member_sid(u32 ssid,
                        u16 tclass,
                        u32 *out_sid)
 {
-        return security_compute_sid(ssid, tsid, tclass, AVTAB_MEMBER, out_sid);
+        return security_compute_sid(ssid, tsid, tclass, AVTAB_MEMBER, out_sid,
+                                    false);
 }
 /**
@@ -1400,144 +1539,8 @@ int security_change_sid(u32 ssid,
                        u16 tclass,
                        u32 *out_sid)
 {
-        return security_compute_sid(ssid, tsid, tclass, AVTAB_CHANGE, out_sid);
+        return security_compute_sid(ssid, tsid, tclass, AVTAB_CHANGE, out_sid,
-}
+                                    false);
-/*
- * Verify that each kernel class that is defined in the
- * policy is correct
- */
-static int validate_classes(struct policydb *p)
-{
-        int i, j;
-        struct class_datum *cladatum;
-        struct perm_datum *perdatum;
-        u32 nprim, tmp, common_pts_len, perm_val, pol_val;
-        u16 class_val;
-        const struct selinux_class_perm *kdefs = &selinux_class_perm;
-        const char *def_class, *def_perm, *pol_class;
-        struct symtab *perms;
-        bool print_unknown_handle = 0;
-        if (p->allow_unknown) {
-                u32 num_classes = kdefs->cts_len;
-                p->undefined_perms = kcalloc(num_classes, sizeof(u32), GFP_KERNEL);
-                if (!p->undefined_perms)
-                        return -ENOMEM;
-        }
-        for (i = 1; i < kdefs->cts_len; i++) {
-                def_class = kdefs->class_to_string[i];
-                if (!def_class)
-                        continue;
-                if (i > p->p_classes.nprim) {
-                        printk(KERN_INFO
-                               "SELinux:  class %s not defined in policy\n",
-                               def_class);
-                        if (p->reject_unknown)
-                                return -EINVAL;
-                        if (p->allow_unknown)
-                                p->undefined_perms[i-1] = ~0U;
-                        print_unknown_handle = 1;
-                        continue;
-                }
-                pol_class = p->p_class_val_to_name[i-1];
-                if (strcmp(pol_class, def_class)) {
-                        printk(KERN_ERR
-                               "SELinux:  class %d is incorrect, found %s but should be %s\n",
-                               i, pol_class, def_class);
-                        return -EINVAL;
-                }
-        }
-        for (i = 0; i < kdefs->av_pts_len; i++) {
-                class_val = kdefs->av_perm_to_string[i].tclass;
-                perm_val = kdefs->av_perm_to_string[i].value;
-                def_perm = kdefs->av_perm_to_string[i].name;
-                if (class_val > p->p_classes.nprim)
-                        continue;
-                pol_class = p->p_class_val_to_name[class_val-1];
-                cladatum = hashtab_search(p->p_classes.table, pol_class);
-                BUG_ON(!cladatum);
-                perms = &cladatum->permissions;
-                nprim = 1 << (perms->nprim - 1);
-                if (perm_val > nprim) {
-                        printk(KERN_INFO
-                               "SELinux:  permission %s in class %s not defined in policy\n",
-                               def_perm, pol_class);
-                        if (p->reject_unknown)
-                                return -EINVAL;
-                        if (p->allow_unknown)
-                                p->undefined_perms[class_val-1] |= perm_val;
-                        print_unknown_handle = 1;
-                        continue;
-                }
-                perdatum = hashtab_search(perms->table, def_perm);
-                if (perdatum == NULL) {
-                        printk(KERN_ERR
-                               "SELinux:  permission %s in class %s not found in policy, bad policy\n",
-                               def_perm, pol_class);
-                        return -EINVAL;
-                }
-                pol_val = 1 << (perdatum->value - 1);
-                if (pol_val != perm_val) {
-                        printk(KERN_ERR
-                               "SELinux:  permission %s in class %s has incorrect value\n",
-                               def_perm, pol_class);
-                        return -EINVAL;
-                }
-        }
-        for (i = 0; i < kdefs->av_inherit_len; i++) {
-                class_val = kdefs->av_inherit[i].tclass;
-                if (class_val > p->p_classes.nprim)
-                        continue;
-                pol_class = p->p_class_val_to_name[class_val-1];
-                cladatum = hashtab_search(p->p_classes.table, pol_class);
-                BUG_ON(!cladatum);
-                if (!cladatum->comdatum) {
-                        printk(KERN_ERR
-                               "SELinux:  class %s should have an inherits clause but does not\n",
-                               pol_class);
-                        return -EINVAL;
-                }
-                tmp = kdefs->av_inherit[i].common_base;
-                common_pts_len = 0;
-                while (!(tmp & 0x01)) {
-                        common_pts_len++;
-                        tmp >>= 1;
-                }
-                perms = &cladatum->comdatum->permissions;
-                for (j = 0; j < common_pts_len; j++) {
-                        def_perm = kdefs->av_inherit[i].common_pts[j];
-                        if (j >= perms->nprim) {
-                                printk(KERN_INFO
-                                       "SELinux:  permission %s in class %s not defined in policy\n",
-                                       def_perm, pol_class);
-                                if (p->reject_unknown)
-                                        return -EINVAL;
-                                if (p->allow_unknown)
-                                        p->undefined_perms[class_val-1] |= (1 << j);
-                                print_unknown_handle = 1;
-                                continue;
-                        }
-                        perdatum = hashtab_search(perms->table, def_perm);
-                        if (perdatum == NULL) {
-                                printk(KERN_ERR
-                                       "SELinux:  permission %s in class %s not found in policy, bad policy\n",
-                                       def_perm, pol_class);
-                                return -EINVAL;
-                        }
-                        if (perdatum->value != j + 1) {
-                                printk(KERN_ERR
-                                       "SELinux:  permission %s in class %s has incorrect value\n",
-                                       def_perm, pol_class);
-                                return -EINVAL;
-                        }
-                }
-        }
-        if (print_unknown_handle)
-                printk(KERN_INFO "SELinux: the above unknown classes and permissions will be %s\n",
-                        (security_get_allow_unknown() ? "allowed" : "denied"));
-        return 0;
 }
 /* Clone the SID into the new SID table. */
@@ -1547,7 +1550,10 @@ static int clone_sid(u32 sid,
 {
        struct sidtab *s = arg;
-        return sidtab_insert(s, sid, context);
+        if (sid > SECINITSID_NUM)
+                return sidtab_insert(s, sid, context);
+        else
+                return 0;
 }
 static inline int convert_context_handle_invalid_context(struct context *context)
@@ -1588,12 +1594,17 @@ static int convert_context(u32 key,
 {
        struct convert_context_args *args;
        struct context oldc;
+        struct ocontext *oc;
+        struct mls_range *range;
        struct role_datum *role;
        struct type_datum *typdatum;
        struct user_datum *usrdatum;
        char *s;
        u32 len;
-        int rc;
+        int rc = 0;
+        if (key <= SECINITSID_NUM)
+                goto out;
        args = p;
@@ -1655,9 +1666,39 @@ static int convert_context(u32 key,
                goto bad;
        c->type = typdatum->value;
-        rc = mls_convert_context(args->oldp, args->newp, c);
+        /* Convert the MLS fields if dealing with MLS policies */
-        if (rc)
+        if (args->oldp->mls_enabled && args->newp->mls_enabled) {
-                goto bad;
+                rc = mls_convert_context(args->oldp, args->newp, c);
+                if (rc)
+                        goto bad;
+        } else if (args->oldp->mls_enabled && !args->newp->mls_enabled) {
+                /*
+                 * Switching between MLS and non-MLS policy:
+                 * free any storage used by the MLS fields in the
+                 * context for all existing entries in the sidtab.
+                 */
+                mls_context_destroy(c);
+        } else if (!args->oldp->mls_enabled && args->newp->mls_enabled) {
+                /*
+                 * Switching between non-MLS and MLS policy:
+                 * ensure that the MLS fields of the context for all
+                 * existing entries in the sidtab are filled in with a
+                 * suitable default value, likely taken from one of the
+                 * initial SIDs.
+                 */
+                oc = args->newp->ocontexts[OCON_ISID];
+                while (oc && oc->sid[0] != SECINITSID_UNLABELED)
+                        oc = oc->next;
+                if (!oc) {
+                        printk(KERN_ERR "SELinux:  unable to look up"
+                                " the initial SIDs list\n");
+                        goto bad;
+                }
+                range = &oc->context[0].range;
+                rc = mls_range_set(c, range);
+                if (rc)
+                        goto bad;
+        }
        /* Check the validity of the new context. */
        if (!policydb_context_isvalid(args->newp, c)) {
@@ -1710,8 +1751,10 @@ int security_load_policy(void *data, size_t len)
 {
        struct policydb oldpolicydb, newpolicydb;
        struct sidtab oldsidtab, newsidtab;
+        struct selinux_mapping *oldmap, *map = NULL;
        struct convert_context_args args;
        u32 seqno;
+        u16 map_size;
        int rc = 0;
        struct policy_file file = { data, len }, *fp = &file;
@@ -1721,22 +1764,19 @@ int security_load_policy(void *data, size_t len)
                        avtab_cache_destroy();
                        return -EINVAL;
                }
-                if (policydb_load_isids(&policydb, &sidtab)) {
+                if (selinux_set_mapping(&policydb, secclass_map,
+                                        &current_mapping,
+                                        &current_mapping_size)) {
                        policydb_destroy(&policydb);
                        avtab_cache_destroy();
                        return -EINVAL;
                }
-                /* Verify that the kernel defined classes are correct. */
+                if (policydb_load_isids(&policydb, &sidtab)) {
-                if (validate_classes(&policydb)) {
-                        printk(KERN_ERR
-                               "SELinux:  the definition of a class is incorrect\n");
-                        sidtab_destroy(&sidtab);
                        policydb_destroy(&policydb);
                        avtab_cache_destroy();
                        return -EINVAL;
                }
                security_load_policycaps();
-                policydb_loaded_version = policydb.policyvers;
                ss_initialized = 1;
                seqno = ++latest_granting;
                selinux_complete_init();
@@ -1754,18 +1794,22 @@ int security_load_policy(void *data, size_t len)
        if (policydb_read(&newpolicydb, fp))
                return -EINVAL;
-        if (sidtab_init(&newsidtab)) {
+        /* If switching between different policy types, log MLS status */
+        if (policydb.mls_enabled && !newpolicydb.mls_enabled)
+                printk(KERN_INFO "SELinux: Disabling MLS support...\n");
+        else if (!policydb.mls_enabled && newpolicydb.mls_enabled)
+                printk(KERN_INFO "SELinux: Enabling MLS support...\n");
+        rc = policydb_load_isids(&newpolicydb, &newsidtab);
+        if (rc) {
+                printk(KERN_ERR "SELinux:  unable to load the initial SIDs\n");
                policydb_destroy(&newpolicydb);
-                return -ENOMEM;
+                return rc;
        }
-        /* Verify that the kernel defined classes are correct. */
+        if (selinux_set_mapping(&newpolicydb, secclass_map,
-        if (validate_classes(&newpolicydb)) {
+                                &map, &map_size))
-                printk(KERN_ERR
-                       "SELinux:  the definition of a class is incorrect\n");
-                rc = -EINVAL;
                goto err;
-        }
        rc = security_preserve_bools(&newpolicydb);
        if (rc) {
@@ -1787,8 +1831,12 @@ int security_load_policy(void *data, size_t len)
        args.oldp = &policydb;
        args.newp = &newpolicydb;
        rc = sidtab_map(&newsidtab, convert_context, &args);
-        if (rc)
+        if (rc) {
+                printk(KERN_ERR "SELinux:  unable to convert the internal"
+                        " representation of contexts in the new SID"
+                        " table\n");
                goto err;
+        }
        /* Save the old policydb and SID table to free later. */
        memcpy(&oldpolicydb, &policydb, sizeof policydb);
@@ -1799,13 +1847,16 @@ int security_load_policy(void *data, size_t len)
        memcpy(&policydb, &newpolicydb, sizeof policydb);
        sidtab_set(&sidtab, &newsidtab);
        security_load_policycaps();
+        oldmap = current_mapping;
+        current_mapping = map;
+        current_mapping_size = map_size;
        seqno = ++latest_granting;
-        policydb_loaded_version = policydb.policyvers;
        write_unlock_irq(&policy_rwlock);
        /* Free the old policydb and SID table. */
        policydb_destroy(&oldpolicydb);
        sidtab_destroy(&oldsidtab);
+        kfree(oldmap);
        avc_ss_reset(seqno);
        selnl_notify_policyload(seqno);
@@ -1815,6 +1866,7 @@ int security_load_policy(void *data, size_t len)
        return 0;
 err:
+        kfree(map);
        sidtab_destroy(&newsidtab);
        policydb_destroy(&newpolicydb);
        return rc;
@@ -2091,7 +2143,7 @@ out_unlock:
        }
        for (i = 0, j = 0; i < mynel; i++) {
                rc = avc_has_perm_noaudit(fromsid, mysids[i],
-                                          SECCLASS_PROCESS,
+                                          SECCLASS_PROCESS, /* kernel value */
                                          PROCESS__TRANSITION, AVC_STRICT,
                                          NULL);
                if (!rc)
@@ -2119,10 +2171,11 @@ out:
 */
 int security_genfs_sid(const char *fstype,
                       char *path,
-                       u16 sclass,
+                       u16 orig_sclass,
                       u32 *sid)
 {
        int len;
+        u16 sclass;
        struct genfs *genfs;
        struct ocontext *c;
        int rc = 0, cmp = 0;
@@ -2132,6 +2185,8 @@ int security_genfs_sid(const char *fstype,
        read_lock(&policy_rwlock);
+        sclass = unmap_class(orig_sclass);
        for (genfs = policydb.genfs; genfs; genfs = genfs->next) {
                cmp = strcmp(fstype, genfs->fstype);
                if (cmp <= 0)
@@ -2377,7 +2432,7 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
        u32 len;
        int rc = 0;
-        if (!ss_initialized || !selinux_mls_enabled) {
+        if (!ss_initialized || !policydb.mls_enabled) {
                *new_sid = sid;
                goto out;
        }
@@ -2478,7 +2533,7 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
        /* we don't need to check ss_initialized here since the only way both
         * nlbl_sid and xfrm_sid are not equal to SECSID_NULL would be if the
         * security server was initialized and ss_initialized was true */
-        if (!selinux_mls_enabled) {
+        if (!policydb.mls_enabled) {
                *peer_sid = SECSID_NULL;
                return 0;
        }
@@ -2535,7 +2590,7 @@ int security_get_classes(char ***classes, int *nclasses)
        read_lock(&policy_rwlock);
        *nclasses = policydb.p_classes.nprim;
-        *classes = kcalloc(*nclasses, sizeof(*classes), GFP_ATOMIC);
+        *classes = kcalloc(*nclasses, sizeof(**classes), GFP_ATOMIC);
        if (!*classes)
                goto out;
@@ -2582,7 +2637,7 @@ int security_get_permissions(char *class, char ***perms, int *nperms)
        }
        *nperms = match->permissions.nprim;
-        *perms = kcalloc(*nperms, sizeof(*perms), GFP_ATOMIC);
+        *perms = kcalloc(*nperms, sizeof(**perms), GFP_ATOMIC);
        if (!*perms)
                goto out;
diff --git a/security/selinux/ss/symtab.c b/security/selinux/ss/symtab.c
index 837658a98a54..bcf9f620426e 100644
--- a/security/selinux/ss/symtab.c
+++ b/security/selinux/ss/symtab.c
@@ -4,7 +4,6 @@
 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
 */
 #include <linux/kernel.h>
-#include <linux/slab.h>
 #include <linux/string.h>
 #include <linux/errno.h>
 #include "symtab.h"
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index f3cb9ed731a9..fff78d3b51a2 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -38,6 +38,7 @@
 #include <linux/netfilter.h>
 #include <linux/netfilter_ipv4.h>
 #include <linux/netfilter_ipv6.h>
+#include <linux/slab.h>
 #include <linux/ip.h>
 #include <linux/tcp.h>
 #include <linux/skbuff.h>
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 0f9ac8146900..f4fac64c4da8 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -11,6 +11,7 @@
 */
 #include <linux/types.h>
+#include <linux/slab.h>
 #include <linux/fs.h>
 #include <linux/sched.h>
 #include "smack.h"
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index c33b6bb9b6dd..fdfeaa2f28ec 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -25,6 +25,7 @@
 #include <linux/ip.h>
 #include <linux/tcp.h>
 #include <linux/udp.h>
+#include <linux/slab.h>
 #include <linux/mutex.h>
 #include <linux/pipe_fs_i.h>
 #include <net/netlabel.h>
@@ -157,12 +158,12 @@ static int smack_ptrace_traceme(struct task_struct *ptp)
 *
 * Returns 0 on success, error code otherwise.
 */
-static int smack_syslog(int type)
+static int smack_syslog(int type, bool from_file)
 {
        int rc;
        char *sp = current_security();
-        rc = cap_syslog(type);
+        rc = cap_syslog(type, from_file);
        if (rc != 0)
                return rc;
@@ -387,7 +388,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags)
        struct smk_audit_info ad;
        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
-        smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_mountpoint);
+        smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_root);
        smk_ad_setfield_u_fs_path_mnt(&ad, mnt);
        sbp = mnt->mnt_sb->s_security;
@@ -2602,7 +2603,7 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 #ifdef CONFIG_AUDIT
        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
        ad.a.u.net.family = sk->sk_family;
-        ad.a.u.net.netif = skb->iif;
+        ad.a.u.net.netif = skb->skb_iif;
        ipv4_skb_to_auditdata(skb, &ad.a, NULL);
 #endif
        /*
@@ -2757,7 +2758,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
 #ifdef CONFIG_AUDIT
        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
        ad.a.u.net.family = family;
-        ad.a.u.net.netif = skb->iif;
+        ad.a.u.net.netif = skb->skb_iif;
        ipv4_skb_to_auditdata(skb, &ad.a, NULL);
 #endif
        /*
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index aeead7585093..a2b72d77f926 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -20,6 +20,7 @@
 #include <linux/vmalloc.h>
 #include <linux/security.h>
 #include <linux/mutex.h>
+#include <linux/slab.h>
 #include <net/net_namespace.h>
 #include <net/netlabel.h>
 #include <net/cipso_ipv4.h>
diff --git a/security/tomoyo/Makefile b/security/tomoyo/Makefile
index 10ccd686b290..60a9e2002da1 100644
--- a/security/tomoyo/Makefile
+++ b/security/tomoyo/Makefile
@@ -1 +1 @@
-obj-y = common.o realpath.o tomoyo.o domain.o file.o
+obj-y = common.o realpath.o tomoyo.o domain.o file.o gc.o
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 3c8bd8ee0b95..975c45d88baa 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -10,11 +10,13 @@
 */
 #include <linux/uaccess.h>
+#include <linux/slab.h>
 #include <linux/security.h>
 #include <linux/hardirq.h>
-#include "realpath.h"
 #include "common.h"
-#include "tomoyo.h"
+/* Lock for protecting policy. */
+DEFINE_MUTEX(tomoyo_policy_lock);
 /* Has loading policy done? */
 bool tomoyo_policy_loaded;
@@ -178,20 +180,19 @@ static void tomoyo_normalize_line(unsigned char *buffer)
 *                1 = must / -1 = must not / 0 = don't care
 * @end_type:     Should the pathname end with '/'?
 *                1 = must / -1 = must not / 0 = don't care
- * @function:     The name of function calling me.
 *
 * Check whether the given filename follows the naming rules.
 * Returns true if @filename follows the naming rules, false otherwise.
 */
 bool tomoyo_is_correct_path(const char *filename, const s8 start_type,
-                            const s8 pattern_type, const s8 end_type,
+                            const s8 pattern_type, const s8 end_type)
-                            const char *function)
 {
+        const char *const start = filename;
+        bool in_repetition = false;
        bool contains_pattern = false;
        unsigned char c;
        unsigned char d;
        unsigned char e;
-        const char *original_filename = filename;
        if (!filename)
                goto out;
@@ -212,9 +213,13 @@ bool tomoyo_is_correct_path(const char *filename, const s8 start_type,
                if (c == '/')
                        goto out;
        }
-        while ((c = *filename++) != '\0') {
+        while (1) {
+                c = *filename++;
+                if (!c)
+                        break;
                if (c == '\\') {
-                        switch ((c = *filename++)) {
+                        c = *filename++;
+                        switch (c) {
                        case '\\':  /* "\\" */
                                continue;
                        case '$':   /* "\$" */
@@ -231,6 +236,22 @@ bool tomoyo_is_correct_path(const char *filename, const s8 start_type,
                                        break; /* Must not contain pattern */
                                contains_pattern = true;
                                continue;
+                        case '{':   /* "/\{" */
+                                if (filename - 3 < start ||
+                                    *(filename - 3) != '/')
+                                        break;
+                                if (pattern_type == -1)
+                                        break; /* Must not contain pattern */
+                                contains_pattern = true;
+                                in_repetition = true;
+                                continue;
+                        case '}':   /* "\}/" */
+                                if (*filename != '/')
+                                        break;
+                                if (!in_repetition)
+                                        break;
+                                in_repetition = false;
+                                continue;
                        case '0':   /* "\ooo" */
                        case '1':
                        case '2':
@@ -246,6 +267,8 @@ bool tomoyo_is_correct_path(const char *filename, const s8 start_type,
                                        continue; /* pattern is not \000 */
                        }
                        goto out;
+                } else if (in_repetition && c == '/') {
+                        goto out;
                } else if (tomoyo_is_invalid(c)) {
                        goto out;
                }
@@ -254,27 +277,24 @@ bool tomoyo_is_correct_path(const char *filename, const s8 start_type,
                if (!contains_pattern)
                        goto out;
        }
+        if (in_repetition)
+                goto out;
        return true;
 out:
-        printk(KERN_DEBUG "%s: Invalid pathname '%s'\n", function,
-               original_filename);
        return false;
 }
 /**
 * tomoyo_is_correct_domain - Check whether the given domainname follows the naming rules.
 * @domainname:   The domainname to check.
- * @function:     The name of function calling me.
 *
 * Returns true if @domainname follows the naming rules, false otherwise.
 */
-bool tomoyo_is_correct_domain(const unsigned char *domainname,
+bool tomoyo_is_correct_domain(const unsigned char *domainname)
-                              const char *function)
 {
        unsigned char c;
        unsigned char d;
        unsigned char e;
-        const char *org_domainname = domainname;
        if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME,
                                   TOMOYO_ROOT_NAME_LEN))
@@ -317,8 +337,6 @@ bool tomoyo_is_correct_domain(const unsigned char *domainname,
        } while (*domainname);
        return true;
 out:
-        printk(KERN_DEBUG "%s: Invalid domainname '%s'\n", function,
-               org_domainname);
        return false;
 }
@@ -339,10 +357,9 @@ bool tomoyo_is_domain_def(const unsigned char *buffer)
 *
 * @domainname: The domainname to find.
 *
- * Caller must call down_read(&tomoyo_domain_list_lock); or
- * down_write(&tomoyo_domain_list_lock); .
- *
 * Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname)
 {
@@ -351,7 +368,7 @@ struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname)
        name.name = domainname;
        tomoyo_fill_path_info(&name);
-        list_for_each_entry(domain, &tomoyo_domain_list, list) {
+        list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
                if (!domain->is_deleted &&
                    !tomoyo_pathcmp(&name, domain->domainname))
                        return domain;
@@ -360,33 +377,6 @@ struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname)
 }
 /**
- * tomoyo_path_depth - Evaluate the number of '/' in a string.
- *
- * @pathname: The string to evaluate.
- *
- * Returns path depth of the string.
- *
- * I score 2 for each of the '/' in the @pathname
- * and score 1 if the @pathname ends with '/'.
- */
-static int tomoyo_path_depth(const char *pathname)
-{
-        int i = 0;
-        if (pathname) {
-                const char *ep = pathname + strlen(pathname);
-                if (pathname < ep--) {
-                        if (*ep != '/')
-                                i++;
-                        while (pathname <= ep)
-                                if (*ep-- == '/')
-                                        i += 2;
-                }
-        }
-        return i;
-}
-/**
 * tomoyo_const_part_length - Evaluate the initial length without a pattern in a token.
 *
 * @filename: The string to evaluate.
@@ -444,11 +434,10 @@ void tomoyo_fill_path_info(struct tomoyo_path_info *ptr)
        ptr->is_dir = len && (name[len - 1] == '/');
        ptr->is_patterned = (ptr->const_len < len);
        ptr->hash = full_name_hash(name, len);
-        ptr->depth = tomoyo_path_depth(name);
 }
 /**
- * tomoyo_file_matches_to_pattern2 - Pattern matching without '/' character
+ * tomoyo_file_matches_pattern2 - Pattern matching without '/' character
 * and "\-" pattern.
 *
 * @filename:     The start of string to check.
@@ -458,10 +447,10 @@ void tomoyo_fill_path_info(struct tomoyo_path_info *ptr)
 *
 * Returns true if @filename matches @pattern, false otherwise.
 */
-static bool tomoyo_file_matches_to_pattern2(const char *filename,
+static bool tomoyo_file_matches_pattern2(const char *filename,
-                                            const char *filename_end,
+                                         const char *filename_end,
-                                            const char *pattern,
+                                         const char *pattern,
-                                            const char *pattern_end)
+                                         const char *pattern_end)
 {
        while (filename < filename_end && pattern < pattern_end) {
                char c;
@@ -519,7 +508,7 @@ static bool tomoyo_file_matches_to_pattern2(const char *filename,
                case '*':
                case '@':
                        for (i = 0; i <= filename_end - filename; i++) {
-                                if (tomoyo_file_matches_to_pattern2(
+                                if (tomoyo_file_matches_pattern2(
                                                    filename + i, filename_end,
                                                    pattern + 1, pattern_end))
                                        return true;
@@ -550,7 +539,7 @@ static bool tomoyo_file_matches_to_pattern2(const char *filename,
                                        j++;
                        }
                        for (i = 1; i <= j; i++) {
-                                if (tomoyo_file_matches_to_pattern2(
+                                if (tomoyo_file_matches_pattern2(
                                                    filename + i, filename_end,
                                                    pattern + 1, pattern_end))
                                        return true;
@@ -567,7 +556,7 @@ static bool tomoyo_file_matches_to_pattern2(const char *filename,
 }
 /**
- * tomoyo_file_matches_to_pattern - Pattern matching without without '/' character.
+ * tomoyo_file_matches_pattern - Pattern matching without without '/' character.
 *
 * @filename:     The start of string to check.
 * @filename_end: The end of string to check.
@@ -576,7 +565,7 @@ static bool tomoyo_file_matches_to_pattern2(const char *filename,
 *
 * Returns true if @filename matches @pattern, false otherwise.
 */
-static bool tomoyo_file_matches_to_pattern(const char *filename,
+static bool tomoyo_file_matches_pattern(const char *filename,
                                           const char *filename_end,
                                           const char *pattern,
                                           const char *pattern_end)
@@ -589,10 +578,10 @@ static bool tomoyo_file_matches_to_pattern(const char *filename,
                /* Split at "\-" pattern. */
                if (*pattern++ != '\\' || *pattern++ != '-')
                        continue;
-                result = tomoyo_file_matches_to_pattern2(filename,
+                result = tomoyo_file_matches_pattern2(filename,
-                                                         filename_end,
+                                                      filename_end,
-                                                         pattern_start,
+                                                      pattern_start,
-                                                         pattern - 2);
+                                                      pattern - 2);
                if (first)
                        result = !result;
                if (result)
@@ -600,13 +589,79 @@ static bool tomoyo_file_matches_to_pattern(const char *filename,
                first = false;
                pattern_start = pattern;
        }
-        result = tomoyo_file_matches_to_pattern2(filename, filename_end,
+        result = tomoyo_file_matches_pattern2(filename, filename_end,
-                                                 pattern_start, pattern_end);
+                                              pattern_start, pattern_end);
        return first ? result : !result;
 }
 /**
+ * tomoyo_path_matches_pattern2 - Do pathname pattern matching.
+ *
+ * @f: The start of string to check.
+ * @p: The start of pattern to compare.
+ *
+ * Returns true if @f matches @p, false otherwise.
+ */
+static bool tomoyo_path_matches_pattern2(const char *f, const char *p)
+{
+        const char *f_delimiter;
+        const char *p_delimiter;
+        while (*f && *p) {
+                f_delimiter = strchr(f, '/');
+                if (!f_delimiter)
+                        f_delimiter = f + strlen(f);
+                p_delimiter = strchr(p, '/');
+                if (!p_delimiter)
+                        p_delimiter = p + strlen(p);
+                if (*p == '\\' && *(p + 1) == '{')
+                        goto recursive;
+                if (!tomoyo_file_matches_pattern(f, f_delimiter, p,
+                                                 p_delimiter))
+                        return false;
+                f = f_delimiter;
+                if (*f)
+                        f++;
+                p = p_delimiter;
+                if (*p)
+                        p++;
+        }
+        /* Ignore trailing "\*" and "\@" in @pattern. */
+        while (*p == '\\' &&
+               (*(p + 1) == '*' || *(p + 1) == '@'))
+                p += 2;
+        return !*f && !*p;
+ recursive:
+        /*
+         * The "\{" pattern is permitted only after '/' character.
+         * This guarantees that below "*(p - 1)" is safe.
+         * Also, the "\}" pattern is permitted only before '/' character
+         * so that "\{" + "\}" pair will not break the "\-" operator.
+         */
+        if (*(p - 1) != '/' || p_delimiter <= p + 3 || *p_delimiter != '/' ||
+            *(p_delimiter - 1) != '}' || *(p_delimiter - 2) != '\\')
+                return false; /* Bad pattern. */
+        do {
+                /* Compare current component with pattern. */
+                if (!tomoyo_file_matches_pattern(f, f_delimiter, p + 2,
+                                                 p_delimiter - 2))
+                        break;
+                /* Proceed to next component. */
+                f = f_delimiter;
+                if (!*f)
+                        break;
+                f++;
+                /* Continue comparison. */
+                if (tomoyo_path_matches_pattern2(f, p_delimiter + 1))
+                        return true;
+                f_delimiter = strchr(f, '/');
+        } while (f_delimiter);
+        return false; /* Not matched. */
+}
+/**
 * tomoyo_path_matches_pattern - Check whether the given filename matches the given pattern.
+ *
 * @filename: The filename to check.
 * @pattern:  The pattern to compare.
 *
@@ -615,24 +670,24 @@ static bool tomoyo_file_matches_to_pattern(const char *filename,
 * The following patterns are available.
 *   \\     \ itself.
 *   \ooo   Octal representation of a byte.
- *   \*     More than or equals to 0 character other than '/'.
+ *   \*     Zero or more repetitions of characters other than '/'.
- *   \@     More than or equals to 0 character other than '/' or '.'.
+ *   \@     Zero or more repetitions of characters other than '/' or '.'.
 *   \?     1 byte character other than '/'.
- *   \$     More than or equals to 1 decimal digit.
+ *   \$     One or more repetitions of decimal digits.
 *   \+     1 decimal digit.
- *   \X     More than or equals to 1 hexadecimal digit.
+ *   \X     One or more repetitions of hexadecimal digits.
 *   \x     1 hexadecimal digit.
- *   \A     More than or equals to 1 alphabet character.
+ *   \A     One or more repetitions of alphabet characters.
 *   \a     1 alphabet character.
+ *
 *   \-     Subtraction operator.
+ *
+ *   /\{dir\}/   '/' + 'One or more repetitions of dir/' (e.g. /dir/ /dir/dir/
+ *               /dir/dir/dir/ ).
 */
 bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename,
                                 const struct tomoyo_path_info *pattern)
 {
-        /*
-          if (!filename || !pattern)
-          return false;
-        */
        const char *f = filename->name;
        const char *p = pattern->name;
        const int len = pattern->const_len;
@@ -640,37 +695,15 @@ bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename,
        /* If @pattern doesn't contain pattern, I can use strcmp(). */
        if (!pattern->is_patterned)
                return !tomoyo_pathcmp(filename, pattern);
-        /* Dont compare if the number of '/' differs. */
+        /* Don't compare directory and non-directory. */
-        if (filename->depth != pattern->depth)
+        if (filename->is_dir != pattern->is_dir)
                return false;
        /* Compare the initial length without patterns. */
        if (strncmp(f, p, len))
                return false;
        f += len;
        p += len;
-        /* Main loop. Compare each directory component. */
+        return tomoyo_path_matches_pattern2(f, p);
-        while (*f && *p) {
-                const char *f_delimiter = strchr(f, '/');
-                const char *p_delimiter = strchr(p, '/');
-                if (!f_delimiter)
-                        f_delimiter = f + strlen(f);
-                if (!p_delimiter)
-                        p_delimiter = p + strlen(p);
-                if (!tomoyo_file_matches_to_pattern(f, f_delimiter,
-                                                    p, p_delimiter))
-                        return false;
-                f = f_delimiter;
-                if (*f)
-                        f++;
-                p = p_delimiter;
-                if (*p)
-                        p++;
-        }
-        /* Ignore trailing "\*" and "\@" in @pattern. */
-        while (*p == '\\' &&
-               (*(p + 1) == '*' || *(p + 1) == '@'))
-                p += 2;
-        return !*f && !*p;
 }
 /**
@@ -706,7 +739,7 @@ bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
 *
 * Returns the tomoyo_realpath() of current process on success, NULL otherwise.
 *
- * This function uses tomoyo_alloc(), so the caller must call tomoyo_free()
+ * This function uses kzalloc(), so the caller must call kfree()
 * if this function didn't return NULL.
 */
 static const char *tomoyo_get_exe(void)
@@ -787,6 +820,8 @@ bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain)
 * @domain: Pointer to "struct tomoyo_domain_info".
 *
 * Returns true if the domain is not exceeded quota, false otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain)
 {
@@ -795,61 +830,29 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain)
        if (!domain)
                return true;
-        down_read(&tomoyo_domain_acl_info_list_lock);
+        list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
-        list_for_each_entry(ptr, &domain->acl_info_list, list) {
+                switch (ptr->type) {
-                if (ptr->type & TOMOYO_ACL_DELETED)
+                        struct tomoyo_path_acl *acl;
-                        continue;
+                        u32 perm;
-                switch (tomoyo_acl_type2(ptr)) {
+                        u8 i;
-                        struct tomoyo_single_path_acl_record *acl1;
+                case TOMOYO_TYPE_PATH_ACL:
-                        struct tomoyo_double_path_acl_record *acl2;
+                        acl = container_of(ptr, struct tomoyo_path_acl, head);
-                        u16 perm;
+                        perm = acl->perm | (((u32) acl->perm_high) << 16);
-                case TOMOYO_TYPE_SINGLE_PATH_ACL:
+                        for (i = 0; i < TOMOYO_MAX_PATH_OPERATION; i++)
-                        acl1 = container_of(ptr,
+                                if (perm & (1 << i))
-                                    struct tomoyo_single_path_acl_record,
+                                        count++;
-                                            head);
+                        if (perm & (1 << TOMOYO_TYPE_READ_WRITE))
-                        perm = acl1->perm;
+                                count -= 2;
-                        if (perm & (1 << TOMOYO_TYPE_EXECUTE_ACL))
-                                count++;
-                        if (perm &
-                            ((1 << TOMOYO_TYPE_READ_ACL) |
-                             (1 << TOMOYO_TYPE_WRITE_ACL)))
-                                count++;
-                        if (perm & (1 << TOMOYO_TYPE_CREATE_ACL))
-                                count++;
-                        if (perm & (1 << TOMOYO_TYPE_UNLINK_ACL))
-                                count++;
-                        if (perm & (1 << TOMOYO_TYPE_MKDIR_ACL))
-                                count++;
-                        if (perm & (1 << TOMOYO_TYPE_RMDIR_ACL))
-                                count++;
-                        if (perm & (1 << TOMOYO_TYPE_MKFIFO_ACL))
-                                count++;
-                        if (perm & (1 << TOMOYO_TYPE_MKSOCK_ACL))
-                                count++;
-                        if (perm & (1 << TOMOYO_TYPE_MKBLOCK_ACL))
-                                count++;
-                        if (perm & (1 << TOMOYO_TYPE_MKCHAR_ACL))
-                                count++;
-                        if (perm & (1 << TOMOYO_TYPE_TRUNCATE_ACL))
-                                count++;
-                        if (perm & (1 << TOMOYO_TYPE_SYMLINK_ACL))
-                                count++;
-                        if (perm & (1 << TOMOYO_TYPE_REWRITE_ACL))
-                                count++;
                        break;
-                case TOMOYO_TYPE_DOUBLE_PATH_ACL:
+                case TOMOYO_TYPE_PATH2_ACL:
-                        acl2 = container_of(ptr,
+                        perm = container_of(ptr, struct tomoyo_path2_acl, head)
-                                    struct tomoyo_double_path_acl_record,
+                                ->perm;
-                                            head);
+                        for (i = 0; i < TOMOYO_MAX_PATH2_OPERATION; i++)
-                        perm = acl2->perm;
+                                if (perm & (1 << i))
-                        if (perm & (1 << TOMOYO_TYPE_LINK_ACL))
+                                        count++;
-                                count++;
-                        if (perm & (1 << TOMOYO_TYPE_RENAME_ACL))
-                                count++;
                        break;
                }
        }
-        up_read(&tomoyo_domain_acl_info_list_lock);
        if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY))
                return true;
        if (!domain->quota_warned) {
@@ -881,9 +884,12 @@ static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
        ptr = tomoyo_profile_ptr[profile];
        if (ptr)
                goto ok;
-        ptr = tomoyo_alloc_element(sizeof(*ptr));
+        ptr = kmalloc(sizeof(*ptr), GFP_KERNEL);
-        if (!ptr)
+        if (!tomoyo_memory_ok(ptr)) {
+                kfree(ptr);
+                ptr = NULL;
                goto ok;
+        }
        for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++)
                ptr->value[i] = tomoyo_control_array[i].current_value;
        mb(); /* Avoid out-of-order execution. */
@@ -924,7 +930,9 @@ static int tomoyo_write_profile(struct tomoyo_io_buffer *head)
                return -EINVAL;
        *cp = '\0';
        if (!strcmp(data, "COMMENT")) {
-                profile->comment = tomoyo_save_name(cp + 1);
+                const struct tomoyo_path_info *old_comment = profile->comment;
+                profile->comment = tomoyo_get_name(cp + 1);
+                tomoyo_put_name(old_comment);
                return 0;
        }
        for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) {
@@ -1019,27 +1027,6 @@ static int tomoyo_read_profile(struct tomoyo_io_buffer *head)
 }
 /*
- * tomoyo_policy_manager_entry is a structure which is used for holding list of
- * domainnames or programs which are permitted to modify configuration via
- * /sys/kernel/security/tomoyo/ interface.
- * It has following fields.
- *
- *  (1) "list" which is linked to tomoyo_policy_manager_list .
- *  (2) "manager" is a domainname or a program's pathname.
- *  (3) "is_domain" is a bool which is true if "manager" is a domainname, false
- *      otherwise.
- *  (4) "is_deleted" is a bool which is true if marked as deleted, false
- *      otherwise.
- */
-struct tomoyo_policy_manager_entry {
-        struct list_head list;
-        /* A path to program or a domainname. */
-        const struct tomoyo_path_info *manager;
-        bool is_domain;  /* True if manager is a domainname. */
-        bool is_deleted; /* True if this entry is deleted. */
-};
-/*
 * tomoyo_policy_manager_list is used for holding list of domainnames or
 * programs which are permitted to modify configuration via
 * /sys/kernel/security/tomoyo/ interface.
@@ -1069,8 +1056,7 @@ struct tomoyo_policy_manager_entry {
 *
 * # cat /sys/kernel/security/tomoyo/manager
 */
-static LIST_HEAD(tomoyo_policy_manager_list);
+LIST_HEAD(tomoyo_policy_manager_list);
-static DECLARE_RWSEM(tomoyo_policy_manager_list_lock);
 /**
 * tomoyo_update_manager_entry - Add a manager entry.
@@ -1079,48 +1065,50 @@ static DECLARE_RWSEM(tomoyo_policy_manager_list_lock);
 * @is_delete: True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_update_manager_entry(const char *manager,
                                       const bool is_delete)
 {
-        struct tomoyo_policy_manager_entry *new_entry;
+        struct tomoyo_policy_manager_entry *entry = NULL;
        struct tomoyo_policy_manager_entry *ptr;
        const struct tomoyo_path_info *saved_manager;
-        int error = -ENOMEM;
+        int error = is_delete ? -ENOENT : -ENOMEM;
        bool is_domain = false;
        if (tomoyo_is_domain_def(manager)) {
-                if (!tomoyo_is_correct_domain(manager, __func__))
+                if (!tomoyo_is_correct_domain(manager))
                        return -EINVAL;
                is_domain = true;
        } else {
-                if (!tomoyo_is_correct_path(manager, 1, -1, -1, __func__))
+                if (!tomoyo_is_correct_path(manager, 1, -1, -1))
                        return -EINVAL;
        }
-        saved_manager = tomoyo_save_name(manager);
+        saved_manager = tomoyo_get_name(manager);
        if (!saved_manager)
                return -ENOMEM;
-        down_write(&tomoyo_policy_manager_list_lock);
+        if (!is_delete)
-        list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) {
+                entry = kmalloc(sizeof(*entry), GFP_KERNEL);
+        mutex_lock(&tomoyo_policy_lock);
+        list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
                if (ptr->manager != saved_manager)
                        continue;
                ptr->is_deleted = is_delete;
                error = 0;
-                goto out;
+                break;
        }
-        if (is_delete) {
+        if (!is_delete && error && tomoyo_memory_ok(entry)) {
-                error = -ENOENT;
+                entry->manager = saved_manager;
-                goto out;
+                saved_manager = NULL;
+                entry->is_domain = is_domain;
+                list_add_tail_rcu(&entry->list, &tomoyo_policy_manager_list);
+                entry = NULL;
+                error = 0;
        }
-        new_entry = tomoyo_alloc_element(sizeof(*new_entry));
+        mutex_unlock(&tomoyo_policy_lock);
-        if (!new_entry)
+        tomoyo_put_name(saved_manager);
-                goto out;
+        kfree(entry);
-        new_entry->manager = saved_manager;
-        new_entry->is_domain = is_domain;
-        list_add_tail(&new_entry->list, &tomoyo_policy_manager_list);
-        error = 0;
- out:
-        up_write(&tomoyo_policy_manager_list_lock);
        return error;
 }
@@ -1130,6 +1118,8 @@ static int tomoyo_update_manager_entry(const char *manager,
 * @head: Pointer to "struct tomoyo_io_buffer".
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head)
 {
@@ -1149,6 +1139,8 @@ static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head)
 * @head: Pointer to "struct tomoyo_io_buffer".
 *
 * Returns 0.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
 {
@@ -1157,7 +1149,6 @@ static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
        if (head->read_eof)
                return 0;
-        down_read(&tomoyo_policy_manager_list_lock);
        list_for_each_cookie(pos, head->read_var2,
                             &tomoyo_policy_manager_list) {
                struct tomoyo_policy_manager_entry *ptr;
@@ -1169,7 +1160,6 @@ static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
                if (!done)
                        break;
        }
-        up_read(&tomoyo_policy_manager_list_lock);
        head->read_eof = done;
        return 0;
 }
@@ -1179,6 +1169,8 @@ static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
 *
 * Returns true if the current process is permitted to modify policy
 * via /sys/kernel/security/tomoyo/ interface.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static bool tomoyo_is_policy_manager(void)
 {
@@ -1192,29 +1184,25 @@ static bool tomoyo_is_policy_manager(void)
                return true;
        if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
                return false;
-        down_read(&tomoyo_policy_manager_list_lock);
+        list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
-        list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) {
                if (!ptr->is_deleted && ptr->is_domain
                    && !tomoyo_pathcmp(domainname, ptr->manager)) {
                        found = true;
                        break;
                }
        }
-        up_read(&tomoyo_policy_manager_list_lock);
        if (found)
                return true;
        exe = tomoyo_get_exe();
        if (!exe)
                return false;
-        down_read(&tomoyo_policy_manager_list_lock);
+        list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
-        list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) {
                if (!ptr->is_deleted && !ptr->is_domain
                    && !strcmp(exe, ptr->manager->name)) {
                        found = true;
                        break;
                }
        }
-        up_read(&tomoyo_policy_manager_list_lock);
        if (!found) { /* Reduce error messages. */
                static pid_t last_pid;
                const pid_t pid = current->pid;
@@ -1224,7 +1212,7 @@ static bool tomoyo_is_policy_manager(void)
                        last_pid = pid;
                }
        }
-        tomoyo_free(exe);
+        kfree(exe);
        return found;
 }
@@ -1235,6 +1223,8 @@ static bool tomoyo_is_policy_manager(void)
 * @data: String to parse.
 *
 * Returns true on success, false otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head,
                                 const char *data)
@@ -1244,17 +1234,16 @@ static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head,
        if (sscanf(data, "pid=%u", &pid) == 1) {
                struct task_struct *p;
+                rcu_read_lock();
                read_lock(&tasklist_lock);
                p = find_task_by_vpid(pid);
                if (p)
                        domain = tomoyo_real_domain(p);
                read_unlock(&tasklist_lock);
+                rcu_read_unlock();
        } else if (!strncmp(data, "domain=", 7)) {
-                if (tomoyo_is_domain_def(data + 7)) {
+                if (tomoyo_is_domain_def(data + 7))
-                        down_read(&tomoyo_domain_list_lock);
                        domain = tomoyo_find_domain(data + 7);
-                        up_read(&tomoyo_domain_list_lock);
-                }
        } else
                return false;
        head->write_var1 = domain;
@@ -1268,13 +1257,11 @@ static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head,
        if (domain) {
                struct tomoyo_domain_info *d;
                head->read_var1 = NULL;
-                down_read(&tomoyo_domain_list_lock);
+                list_for_each_entry_rcu(d, &tomoyo_domain_list, list) {
-                list_for_each_entry(d, &tomoyo_domain_list, list) {
                        if (d == domain)
                                break;
                        head->read_var1 = &d->list;
                }
-                up_read(&tomoyo_domain_list_lock);
                head->read_var2 = NULL;
                head->read_bit = 0;
                head->read_step = 0;
@@ -1290,6 +1277,8 @@ static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head,
 * @domainname: The name of domain.
 *
 * Returns 0.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_delete_domain(char *domainname)
 {
@@ -1298,9 +1287,9 @@ static int tomoyo_delete_domain(char *domainname)
        name.name = domainname;
        tomoyo_fill_path_info(&name);
-        down_write(&tomoyo_domain_list_lock);
+        mutex_lock(&tomoyo_policy_lock);
        /* Is there an active domain? */
-        list_for_each_entry(domain, &tomoyo_domain_list, list) {
+        list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
                /* Never delete tomoyo_kernel_domain */
                if (domain == &tomoyo_kernel_domain)
                        continue;
@@ -1310,7 +1299,7 @@ static int tomoyo_delete_domain(char *domainname)
                domain->is_deleted = true;
                break;
        }
-        up_write(&tomoyo_domain_list_lock);
+        mutex_unlock(&tomoyo_policy_lock);
        return 0;
 }
@@ -1320,6 +1309,8 @@ static int tomoyo_delete_domain(char *domainname)
 * @head: Pointer to "struct tomoyo_io_buffer".
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
 {
@@ -1342,11 +1333,9 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
                domain = NULL;
                if (is_delete)
                        tomoyo_delete_domain(data);
-                else if (is_select) {
+                else if (is_select)
-                        down_read(&tomoyo_domain_list_lock);
                        domain = tomoyo_find_domain(data);
-                        up_read(&tomoyo_domain_list_lock);
+                else
-                } else
                        domain = tomoyo_find_or_assign_new_domain(data, 0);
                head->write_var1 = domain;
                return 0;
@@ -1361,43 +1350,39 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
                return 0;
        }
        if (!strcmp(data, TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) {
-                tomoyo_set_domain_flag(domain, is_delete,
+                domain->ignore_global_allow_read = !is_delete;
-                               TOMOYO_DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_READ);
                return 0;
        }
        return tomoyo_write_file_policy(data, domain, is_delete);
 }
 /**
- * tomoyo_print_single_path_acl - Print a single path ACL entry.
+ * tomoyo_print_path_acl - Print a single path ACL entry.
 *
 * @head: Pointer to "struct tomoyo_io_buffer".
- * @ptr:  Pointer to "struct tomoyo_single_path_acl_record".
+ * @ptr:  Pointer to "struct tomoyo_path_acl".
 *
 * Returns true on success, false otherwise.
 */
-static bool tomoyo_print_single_path_acl(struct tomoyo_io_buffer *head,
+static bool tomoyo_print_path_acl(struct tomoyo_io_buffer *head,
-                                         struct tomoyo_single_path_acl_record *
+                                  struct tomoyo_path_acl *ptr)
-                                         ptr)
 {
        int pos;
        u8 bit;
        const char *atmark = "";
        const char *filename;
-        const u16 perm = ptr->perm;
+        const u32 perm = ptr->perm | (((u32) ptr->perm_high) << 16);
        filename = ptr->filename->name;
-        for (bit = head->read_bit; bit < TOMOYO_MAX_SINGLE_PATH_OPERATION;
+        for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
-             bit++) {
                const char *msg;
                if (!(perm & (1 << bit)))
                        continue;
                /* Print "read/write" instead of "read" and "write". */
-                if ((bit == TOMOYO_TYPE_READ_ACL ||
+                if ((bit == TOMOYO_TYPE_READ || bit == TOMOYO_TYPE_WRITE)
-                     bit == TOMOYO_TYPE_WRITE_ACL)
+                    && (perm & (1 << TOMOYO_TYPE_READ_WRITE)))
-                    && (perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL)))
                        continue;
-                msg = tomoyo_sp2keyword(bit);
+                msg = tomoyo_path2keyword(bit);
                pos = head->read_avail;
                if (!tomoyo_io_printf(head, "allow_%s %s%s\n", msg,
                                      atmark, filename))
@@ -1412,16 +1397,15 @@ static bool tomoyo_print_single_path_acl(struct tomoyo_io_buffer *head,
 }
 /**
- * tomoyo_print_double_path_acl - Print a double path ACL entry.
+ * tomoyo_print_path2_acl - Print a double path ACL entry.
 *
 * @head: Pointer to "struct tomoyo_io_buffer".
- * @ptr:  Pointer to "struct tomoyo_double_path_acl_record".
+ * @ptr:  Pointer to "struct tomoyo_path2_acl".
 *
 * Returns true on success, false otherwise.
 */
-static bool tomoyo_print_double_path_acl(struct tomoyo_io_buffer *head,
+static bool tomoyo_print_path2_acl(struct tomoyo_io_buffer *head,
-                                         struct tomoyo_double_path_acl_record *
+                                   struct tomoyo_path2_acl *ptr)
-                                         ptr)
 {
        int pos;
        const char *atmark1 = "";
@@ -1433,12 +1417,11 @@ static bool tomoyo_print_double_path_acl(struct tomoyo_io_buffer *head,
        filename1 = ptr->filename1->name;
        filename2 = ptr->filename2->name;
-        for (bit = head->read_bit; bit < TOMOYO_MAX_DOUBLE_PATH_OPERATION;
+        for (bit = head->read_bit; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) {
-             bit++) {
                const char *msg;
                if (!(perm & (1 << bit)))
                        continue;
-                msg = tomoyo_dp2keyword(bit);
+                msg = tomoyo_path22keyword(bit);
                pos = head->read_avail;
                if (!tomoyo_io_printf(head, "allow_%s %s%s %s%s\n", msg,
                                      atmark1, filename1, atmark2, filename2))
@@ -1463,23 +1446,17 @@ static bool tomoyo_print_double_path_acl(struct tomoyo_io_buffer *head,
 static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
                               struct tomoyo_acl_info *ptr)
 {
-        const u8 acl_type = tomoyo_acl_type2(ptr);
+        const u8 acl_type = ptr->type;
-        if (acl_type & TOMOYO_ACL_DELETED)
+        if (acl_type == TOMOYO_TYPE_PATH_ACL) {
-                return true;
+                struct tomoyo_path_acl *acl
-        if (acl_type == TOMOYO_TYPE_SINGLE_PATH_ACL) {
+                        = container_of(ptr, struct tomoyo_path_acl, head);
-                struct tomoyo_single_path_acl_record *acl
+                return tomoyo_print_path_acl(head, acl);
-                        = container_of(ptr,
-                                       struct tomoyo_single_path_acl_record,
-                                       head);
-                return tomoyo_print_single_path_acl(head, acl);
        }
-        if (acl_type == TOMOYO_TYPE_DOUBLE_PATH_ACL) {
+        if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
-                struct tomoyo_double_path_acl_record *acl
+                struct tomoyo_path2_acl *acl
-                        = container_of(ptr,
+                        = container_of(ptr, struct tomoyo_path2_acl, head);
-                                       struct tomoyo_double_path_acl_record,
+                return tomoyo_print_path2_acl(head, acl);
-                                       head);
-                return tomoyo_print_double_path_acl(head, acl);
        }
        BUG(); /* This must not happen. */
        return false;
@@ -1491,6 +1468,8 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
 * @head: Pointer to "struct tomoyo_io_buffer".
 *
 * Returns 0.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_read_domain_policy(struct tomoyo_io_buffer *head)
 {
@@ -1502,7 +1481,6 @@ static int tomoyo_read_domain_policy(struct tomoyo_io_buffer *head)
                return 0;
        if (head->read_step == 0)
                head->read_step = 1;
-        down_read(&tomoyo_domain_list_lock);
        list_for_each_cookie(dpos, head->read_var1, &tomoyo_domain_list) {
                struct tomoyo_domain_info *domain;
                const char *quota_exceeded = "";
@@ -1516,10 +1494,9 @@ static int tomoyo_read_domain_policy(struct tomoyo_io_buffer *head)
                /* Print domainname and flags. */
                if (domain->quota_warned)
                        quota_exceeded = "quota_exceeded\n";
-                if (domain->flags & TOMOYO_DOMAIN_FLAGS_TRANSITION_FAILED)
+                if (domain->transition_failed)
                        transition_failed = "transition_failed\n";
-                if (domain->flags &
+                if (domain->ignore_global_allow_read)
-                    TOMOYO_DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_READ)
                        ignore_global_allow_read
                                = TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n";
                done = tomoyo_io_printf(head, "%s\n" TOMOYO_KEYWORD_USE_PROFILE
@@ -1535,7 +1512,6 @@ acl_loop:
                if (head->read_step == 3)
                        goto tail_mark;
                /* Print ACL entries in the domain. */
-                down_read(&tomoyo_domain_acl_info_list_lock);
                list_for_each_cookie(apos, head->read_var2,
                                     &domain->acl_info_list) {
                        struct tomoyo_acl_info *ptr
@@ -1545,7 +1521,6 @@ acl_loop:
                        if (!done)
                                break;
                }
-                up_read(&tomoyo_domain_acl_info_list_lock);
                if (!done)
                        break;
                head->read_step = 3;
@@ -1557,7 +1532,6 @@ tail_mark:
                if (head->read_single_domain)
                        break;
        }
-        up_read(&tomoyo_domain_list_lock);
        head->read_eof = done;
        return 0;
 }
@@ -1573,6 +1547,8 @@ tail_mark:
 *
 *     ( echo "select " $domainname; echo "use_profile " $profile ) |
 *     /usr/lib/ccs/loadpolicy -d
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
 {
@@ -1584,9 +1560,7 @@ static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
        if (!cp)
                return -EINVAL;
        *cp = '\0';
-        down_read(&tomoyo_domain_list_lock);
        domain = tomoyo_find_domain(cp + 1);
-        up_read(&tomoyo_domain_list_lock);
        if (strict_strtoul(data, 10, &profile))
                return -EINVAL;
        if (domain && profile < TOMOYO_MAX_PROFILES
@@ -1608,6 +1582,8 @@ static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
 *     awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
 *     domainname = $0; } else if ( $1 == "use_profile" ) {
 *     print $2 " " domainname; domainname = ""; } } ; '
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
 {
@@ -1616,7 +1592,6 @@ static int tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
        if (head->read_eof)
                return 0;
-        down_read(&tomoyo_domain_list_lock);
        list_for_each_cookie(pos, head->read_var1, &tomoyo_domain_list) {
                struct tomoyo_domain_info *domain;
                domain = list_entry(pos, struct tomoyo_domain_info, list);
@@ -1627,7 +1602,6 @@ static int tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
                if (!done)
                        break;
        }
-        up_read(&tomoyo_domain_list_lock);
        head->read_eof = done;
        return 0;
 }
@@ -1665,11 +1639,13 @@ static int tomoyo_read_pid(struct tomoyo_io_buffer *head)
                const int pid = head->read_step;
                struct task_struct *p;
                struct tomoyo_domain_info *domain = NULL;
+                rcu_read_lock();
                read_lock(&tasklist_lock);
                p = find_task_by_vpid(pid);
                if (p)
                        domain = tomoyo_real_domain(p);
                read_unlock(&tasklist_lock);
+                rcu_read_unlock();
                if (domain)
                        tomoyo_io_printf(head, "%d %u %s", pid, domain->profile,
                                         domain->domainname->name);
@@ -1684,6 +1660,8 @@ static int tomoyo_read_pid(struct tomoyo_io_buffer *head)
 * @head: Pointer to "struct tomoyo_io_buffer".
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head)
 {
@@ -1718,6 +1696,8 @@ static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head)
 * @head: Pointer to "struct tomoyo_io_buffer".
 *
 * Returns 0 on success, -EINVAL otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_read_exception_policy(struct tomoyo_io_buffer *head)
 {
@@ -1847,15 +1827,13 @@ void tomoyo_load_policy(const char *filename)
        tomoyo_policy_loaded = true;
        { /* Check all profiles currently assigned to domains are defined. */
                struct tomoyo_domain_info *domain;
-                down_read(&tomoyo_domain_list_lock);
+                list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
-                list_for_each_entry(domain, &tomoyo_domain_list, list) {
                        const u8 profile = domain->profile;
                        if (tomoyo_profile_ptr[profile])
                                continue;
                        panic("Profile %u (used by '%s') not defined.\n",
                              profile, domain->domainname->name);
                }
-                up_read(&tomoyo_domain_list_lock);
        }
 }
@@ -1903,10 +1881,12 @@ static int tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
 * @file: Pointer to "struct file".
 *
 * Associates policy handler and returns 0 on success, -ENOMEM otherwise.
+ *
+ * Caller acquires tomoyo_read_lock().
 */
 static int tomoyo_open_control(const u8 type, struct file *file)
 {
-        struct tomoyo_io_buffer *head = tomoyo_alloc(sizeof(*head));
+        struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_KERNEL);
        if (!head)
                return -ENOMEM;
@@ -1967,9 +1947,9 @@ static int tomoyo_open_control(const u8 type, struct file *file)
        } else {
                if (!head->readbuf_size)
                        head->readbuf_size = 4096 * 2;
-                head->read_buf = tomoyo_alloc(head->readbuf_size);
+                head->read_buf = kzalloc(head->readbuf_size, GFP_KERNEL);
                if (!head->read_buf) {
-                        tomoyo_free(head);
+                        kfree(head);
                        return -ENOMEM;
                }
        }
@@ -1981,13 +1961,14 @@ static int tomoyo_open_control(const u8 type, struct file *file)
                head->write = NULL;
        } else if (head->write) {
                head->writebuf_size = 4096 * 2;
-                head->write_buf = tomoyo_alloc(head->writebuf_size);
+                head->write_buf = kzalloc(head->writebuf_size, GFP_KERNEL);
                if (!head->write_buf) {
-                        tomoyo_free(head->read_buf);
+                        kfree(head->read_buf);
-                        tomoyo_free(head);
+                        kfree(head);
                        return -ENOMEM;
                }
        }
+        head->reader_idx = tomoyo_read_lock();
        file->private_data = head;
        /*
         * Call the handler now if the file is
@@ -2009,6 +1990,8 @@ static int tomoyo_open_control(const u8 type, struct file *file)
 * @buffer_len: Size of @buffer.
 *
 * Returns bytes read on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_read_control(struct file *file, char __user *buffer,
                               const int buffer_len)
@@ -2052,6 +2035,8 @@ static int tomoyo_read_control(struct file *file, char __user *buffer,
 * @buffer_len: Size of @buffer.
 *
 * Returns @buffer_len on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_write_control(struct file *file, const char __user *buffer,
                                const int buffer_len)
@@ -2102,52 +2087,29 @@ static int tomoyo_write_control(struct file *file, const char __user *buffer,
 * @file: Pointer to "struct file".
 *
 * Releases memory and returns 0.
+ *
+ * Caller looses tomoyo_read_lock().
 */
 static int tomoyo_close_control(struct file *file)
 {
        struct tomoyo_io_buffer *head = file->private_data;
+        const bool is_write = !!head->write_buf;
+        tomoyo_read_unlock(head->reader_idx);
        /* Release memory used for policy I/O. */
-        tomoyo_free(head->read_buf);
+        kfree(head->read_buf);
        head->read_buf = NULL;
-        tomoyo_free(head->write_buf);
+        kfree(head->write_buf);
        head->write_buf = NULL;
-        tomoyo_free(head);
+        kfree(head);
        head = NULL;
        file->private_data = NULL;
+        if (is_write)
+                tomoyo_run_gc();
        return 0;
 }
 /**
- * tomoyo_alloc_acl_element - Allocate permanent memory for ACL entry.
- *
- * @acl_type:  Type of ACL entry.
- *
- * Returns pointer to the ACL entry on success, NULL otherwise.
- */
-void *tomoyo_alloc_acl_element(const u8 acl_type)
-{
-        int len;
-        struct tomoyo_acl_info *ptr;
-        switch (acl_type) {
-        case TOMOYO_TYPE_SINGLE_PATH_ACL:
-                len = sizeof(struct tomoyo_single_path_acl_record);
-                break;
-        case TOMOYO_TYPE_DOUBLE_PATH_ACL:
-                len = sizeof(struct tomoyo_double_path_acl_record);
-                break;
-        default:
-                return NULL;
-        }
-        ptr = tomoyo_alloc_element(len);
-        if (!ptr)
-                return NULL;
-        ptr->type = acl_type;
-        return ptr;
-}
-/**
 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.
 *
 * @inode: Pointer to "struct inode".
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 31df541911f7..67bd22dd3e68 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -1,12 +1,9 @@
 /*
 * security/tomoyo/common.h
 *
- * Common functions for TOMOYO.
+ * Header file for TOMOYO.
- *
- * Copyright (C) 2005-2009  NTT DATA CORPORATION
- *
- * Version: 2.2.0   2009/04/01
 *
+ * Copyright (C) 2005-2010  NTT DATA CORPORATION
 */
 #ifndef _SECURITY_TOMOYO_COMMON_H
@@ -22,9 +19,119 @@
 #include <linux/namei.h>
 #include <linux/mount.h>
 #include <linux/list.h>
+#include <linux/cred.h>
+struct linux_binprm;
+/********** Constants definitions. **********/
+/*
+ * TOMOYO uses this hash only when appending a string into the string
+ * table. Frequency of appending strings is very low. So we don't need
+ * large (e.g. 64k) hash size. 256 will be sufficient.
+ */
+#define TOMOYO_HASH_BITS  8
+#define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS)
+/*
+ * This is the max length of a token.
+ *
+ * A token consists of only ASCII printable characters.
+ * Non printable characters in a token is represented in \ooo style
+ * octal string. Thus, \ itself is represented as \\.
+ */
+#define TOMOYO_MAX_PATHNAME_LEN 4000
+/* Profile number is an integer between 0 and 255. */
+#define TOMOYO_MAX_PROFILES 256
+/* Keywords for ACLs. */
+#define TOMOYO_KEYWORD_ALIAS                     "alias "
+#define TOMOYO_KEYWORD_ALLOW_READ                "allow_read "
+#define TOMOYO_KEYWORD_DELETE                    "delete "
+#define TOMOYO_KEYWORD_DENY_REWRITE              "deny_rewrite "
+#define TOMOYO_KEYWORD_FILE_PATTERN              "file_pattern "
+#define TOMOYO_KEYWORD_INITIALIZE_DOMAIN         "initialize_domain "
+#define TOMOYO_KEYWORD_KEEP_DOMAIN               "keep_domain "
+#define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN      "no_initialize_domain "
+#define TOMOYO_KEYWORD_NO_KEEP_DOMAIN            "no_keep_domain "
+#define TOMOYO_KEYWORD_SELECT                    "select "
+#define TOMOYO_KEYWORD_USE_PROFILE               "use_profile "
+#define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ  "ignore_global_allow_read"
+/* A domain definition starts with <kernel>. */
+#define TOMOYO_ROOT_NAME                         "<kernel>"
+#define TOMOYO_ROOT_NAME_LEN                     (sizeof(TOMOYO_ROOT_NAME) - 1)
+/* Index numbers for Access Controls. */
+enum tomoyo_mac_index {
+        TOMOYO_MAC_FOR_FILE,  /* domain_policy.conf */
+        TOMOYO_MAX_ACCEPT_ENTRY,
+        TOMOYO_VERBOSE,
+        TOMOYO_MAX_CONTROL_INDEX
+};
+/* Index numbers for Access Controls. */
+enum tomoyo_acl_entry_type_index {
+        TOMOYO_TYPE_PATH_ACL,
+        TOMOYO_TYPE_PATH2_ACL,
+};
+/* Index numbers for File Controls. */
+/*
+ * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set
+ * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and
+ * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set.
+ * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or
+ * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are
+ * automatically cleared if TYPE_READ_WRITE_ACL is cleared.
+ */
+enum tomoyo_path_acl_index {
+        TOMOYO_TYPE_READ_WRITE,
+        TOMOYO_TYPE_EXECUTE,
+        TOMOYO_TYPE_READ,
+        TOMOYO_TYPE_WRITE,
+        TOMOYO_TYPE_CREATE,
+        TOMOYO_TYPE_UNLINK,
+        TOMOYO_TYPE_MKDIR,
+        TOMOYO_TYPE_RMDIR,
+        TOMOYO_TYPE_MKFIFO,
+        TOMOYO_TYPE_MKSOCK,
+        TOMOYO_TYPE_MKBLOCK,
+        TOMOYO_TYPE_MKCHAR,
+        TOMOYO_TYPE_TRUNCATE,
+        TOMOYO_TYPE_SYMLINK,
+        TOMOYO_TYPE_REWRITE,
+        TOMOYO_TYPE_IOCTL,
+        TOMOYO_TYPE_CHMOD,
+        TOMOYO_TYPE_CHOWN,
+        TOMOYO_TYPE_CHGRP,
+        TOMOYO_TYPE_CHROOT,
+        TOMOYO_TYPE_MOUNT,
+        TOMOYO_TYPE_UMOUNT,
+        TOMOYO_MAX_PATH_OPERATION
+};
-struct dentry;
+enum tomoyo_path2_acl_index {
-struct vfsmount;
+        TOMOYO_TYPE_LINK,
+        TOMOYO_TYPE_RENAME,
+        TOMOYO_TYPE_PIVOT_ROOT,
+        TOMOYO_MAX_PATH2_OPERATION
+};
+enum tomoyo_securityfs_interface_index {
+        TOMOYO_DOMAINPOLICY,
+        TOMOYO_EXCEPTIONPOLICY,
+        TOMOYO_DOMAIN_STATUS,
+        TOMOYO_PROCESS_STATUS,
+        TOMOYO_MEMINFO,
+        TOMOYO_SELFDOMAIN,
+        TOMOYO_VERSION,
+        TOMOYO_PROFILE,
+        TOMOYO_MANAGER
+};
+/********** Structure definitions. **********/
 /*
 * tomoyo_page_buffer is a structure which is used for holding a pathname
@@ -56,9 +163,6 @@ struct tomoyo_page_buffer {
 * (5) "is_patterned" is a bool which is true if "name" contains wildcard
 *     characters, false otherwise. This allows TOMOYO to use "hash" and
 *     strcmp() for string comparison if "is_patterned" is false.
- * (6) "depth" is calculated using the number of "/" characters in "name".
- *     This allows TOMOYO to avoid comparing two pathnames which never match
- *     (e.g. whether "/var/www/html/index.html" matches "/tmp/sh-thd-\$").
 */
 struct tomoyo_path_info {
        const char *name;
@@ -66,17 +170,17 @@ struct tomoyo_path_info {
        u16 const_len;     /* = tomoyo_const_part_length(name)     */
        bool is_dir;       /* = tomoyo_strendswith(name, "/")      */
        bool is_patterned; /* = tomoyo_path_contains_pattern(name) */
-        u16 depth;         /* = tomoyo_path_depth(name)            */
 };
 /*
- * This is the max length of a token.
+ * tomoyo_name_entry is a structure which is used for linking
- *
+ * "struct tomoyo_path_info" into tomoyo_name_list .
- * A token consists of only ASCII printable characters.
- * Non printable characters in a token is represented in \ooo style
- * octal string. Thus, \ itself is represented as \\.
 */
-#define TOMOYO_MAX_PATHNAME_LEN 4000
+struct tomoyo_name_entry {
+        struct list_head list;
+        atomic_t users;
+        struct tomoyo_path_info entry;
+};
 /*
 * tomoyo_path_info_with_data is a structure which is used for holding a
@@ -93,7 +197,7 @@ struct tomoyo_path_info {
 * "struct tomoyo_path_info_with_data".
 */
 struct tomoyo_path_info_with_data {
-        /* Keep "head" first, for this pointer is passed to tomoyo_free(). */
+        /* Keep "head" first, for this pointer is passed to kfree(). */
        struct tomoyo_path_info head;
        char barrier1[16]; /* Safeguard for overrun. */
        char body[TOMOYO_MAX_PATHNAME_LEN];
@@ -105,30 +209,19 @@ struct tomoyo_path_info_with_data {
 *
 *  (1) "list" which is linked to the ->acl_info_list of
 *      "struct tomoyo_domain_info"
- *  (2) "type" which tells
+ *  (2) "type" which tells type of the entry (either
- *      (a) type & 0x7F : type of the entry (either
+ *      "struct tomoyo_path_acl" or "struct tomoyo_path2_acl").
- *          "struct tomoyo_single_path_acl_record" or
- *          "struct tomoyo_double_path_acl_record")
- *      (b) type & 0x80 : whether the entry is marked as "deleted".
 *
 * Packing "struct tomoyo_acl_info" allows
- * "struct tomoyo_single_path_acl_record" to embed "u16" and
+ * "struct tomoyo_path_acl" to embed "u8" + "u16" and
- * "struct tomoyo_double_path_acl_record" to embed "u8"
+ * "struct tomoyo_path2_acl" to embed "u8"
 * without enlarging their structure size.
 */
 struct tomoyo_acl_info {
        struct list_head list;
-        /*
-         * Type of this ACL entry.
-         *
-         * MSB is is_deleted flag.
-         */
        u8 type;
 } __packed;
-/* This ACL entry is deleted.           */
-#define TOMOYO_ACL_DELETED        0x80
 /*
 * tomoyo_domain_info is a structure which is used for holding permissions
 * (e.g. "allow_read /lib/libc-2.5.so") given to each domain.
@@ -142,7 +235,17 @@ struct tomoyo_acl_info {
 *      "deleted", false otherwise.
 *  (6) "quota_warned" is a bool which is used for suppressing warning message
 *      when learning mode learned too much entries.
- *  (7) "flags" which remembers this domain's attributes.
+ *  (7) "ignore_global_allow_read" is a bool which is true if this domain
+ *      should ignore "allow_read" directive in exception policy.
+ *  (8) "transition_failed" is a bool which is set to true when this domain was
+ *      unable to create a new domain at tomoyo_find_next_domain() because the
+ *      name of the domain to be created was too long or it could not allocate
+ *      memory. If set to true, more than one process continued execve()
+ *      without domain transition.
+ *  (9) "users" is an atomic_t that holds how many "struct cred"->security
+ *      are referring this "struct tomoyo_domain_info". If is_deleted == true
+ *      and users == 0, this struct will be kfree()d upon next garbage
+ *      collection.
 *
 * A domain's lifecycle is an analogy of files on / directory.
 * Multiple domains with the same domainname cannot be created (as with
@@ -159,25 +262,13 @@ struct tomoyo_domain_info {
        u8 profile;        /* Profile number to use. */
        bool is_deleted;   /* Delete flag.           */
        bool quota_warned; /* Quota warnning flag.   */
-        /* DOMAIN_FLAGS_*. Use tomoyo_set_domain_flag() to modify. */
+        bool ignore_global_allow_read; /* Ignore "allow_read" flag. */
-        u8 flags;
+        bool transition_failed; /* Domain transition failed flag. */
+        atomic_t users; /* Number of referring credentials. */
 };
-/* Profile number is an integer between 0 and 255. */
-#define TOMOYO_MAX_PROFILES 256
-/* Ignore "allow_read" directive in exception policy. */
-#define TOMOYO_DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_READ 1
-/*
- * This domain was unable to create a new domain at tomoyo_find_next_domain()
- * because the name of the domain to be created was too long or
- * it could not allocate memory.
- * More than one process continued execve() without domain transition.
- */
-#define TOMOYO_DOMAIN_FLAGS_TRANSITION_FAILED        2
 /*
- * tomoyo_single_path_acl_record is a structure which is used for holding an
+ * tomoyo_path_acl is a structure which is used for holding an
 * entry with one pathname operation (e.g. open(), mkdir()).
 * It has following fields.
 *
@@ -188,18 +279,21 @@ struct tomoyo_domain_info {
 * Directives held by this structure are "allow_read/write", "allow_execute",
 * "allow_read", "allow_write", "allow_create", "allow_unlink", "allow_mkdir",
 * "allow_rmdir", "allow_mkfifo", "allow_mksock", "allow_mkblock",
- * "allow_mkchar", "allow_truncate", "allow_symlink" and "allow_rewrite".
+ * "allow_mkchar", "allow_truncate", "allow_symlink", "allow_rewrite",
+ * "allow_chmod", "allow_chown", "allow_chgrp", "allow_chroot", "allow_mount"
+ * and "allow_unmount".
 */
-struct tomoyo_single_path_acl_record {
+struct tomoyo_path_acl {
-        struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_SINGLE_PATH_ACL */
+        struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */
+        u8 perm_high;
        u16 perm;
        /* Pointer to single pathname. */
        const struct tomoyo_path_info *filename;
 };
 /*
- * tomoyo_double_path_acl_record is a structure which is used for holding an
+ * tomoyo_path2_acl is a structure which is used for holding an
- * entry with two pathnames operation (i.e. link() and rename()).
+ * entry with two pathnames operation (i.e. link(), rename() and pivot_root()).
 * It has following fields.
 *
 *  (1) "head" which is a "struct tomoyo_acl_info".
@@ -207,10 +301,11 @@ struct tomoyo_single_path_acl_record {
 *  (3) "filename1" is the source/old pathname.
 *  (4) "filename2" is the destination/new pathname.
 *
- * Directives held by this structure are "allow_rename" and "allow_link".
+ * Directives held by this structure are "allow_rename", "allow_link" and
+ * "allow_pivot_root".
 */
-struct tomoyo_double_path_acl_record {
+struct tomoyo_path2_acl {
-        struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_DOUBLE_PATH_ACL */
+        struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH2_ACL */
        u8 perm;
        /* Pointer to single pathname. */
        const struct tomoyo_path_info *filename1;
@@ -218,29 +313,6 @@ struct tomoyo_double_path_acl_record {
        const struct tomoyo_path_info *filename2;
 };
-/* Keywords for ACLs. */
-#define TOMOYO_KEYWORD_ALIAS                     "alias "
-#define TOMOYO_KEYWORD_ALLOW_READ                "allow_read "
-#define TOMOYO_KEYWORD_DELETE                    "delete "
-#define TOMOYO_KEYWORD_DENY_REWRITE              "deny_rewrite "
-#define TOMOYO_KEYWORD_FILE_PATTERN              "file_pattern "
-#define TOMOYO_KEYWORD_INITIALIZE_DOMAIN         "initialize_domain "
-#define TOMOYO_KEYWORD_KEEP_DOMAIN               "keep_domain "
-#define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN      "no_initialize_domain "
-#define TOMOYO_KEYWORD_NO_KEEP_DOMAIN            "no_keep_domain "
-#define TOMOYO_KEYWORD_SELECT                    "select "
-#define TOMOYO_KEYWORD_USE_PROFILE               "use_profile "
-#define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ  "ignore_global_allow_read"
-/* A domain definition starts with <kernel>. */
-#define TOMOYO_ROOT_NAME                         "<kernel>"
-#define TOMOYO_ROOT_NAME_LEN                     (sizeof(TOMOYO_ROOT_NAME) - 1)
-/* Index numbers for Access Controls. */
-#define TOMOYO_MAC_FOR_FILE                  0  /* domain_policy.conf */
-#define TOMOYO_MAX_ACCEPT_ENTRY              1
-#define TOMOYO_VERBOSE                       2
-#define TOMOYO_MAX_CONTROL_INDEX             3
 /*
 * tomoyo_io_buffer is a structure which is used for reading and modifying
 * configuration via /sys/kernel/security/tomoyo/ interface.
@@ -269,6 +341,8 @@ struct tomoyo_io_buffer {
        int (*write) (struct tomoyo_io_buffer *);
        /* Exclusive lock for this structure.   */
        struct mutex io_sem;
+        /* Index returned by tomoyo_read_lock(). */
+        int reader_idx;
        /* The position currently reading from. */
        struct list_head *read_var1;
        /* Extra variables for reading.         */
@@ -297,18 +371,159 @@ struct tomoyo_io_buffer {
        int writebuf_size;
 };
+/*
+ * tomoyo_globally_readable_file_entry is a structure which is used for holding
+ * "allow_read" entries.
+ * It has following fields.
+ *
+ *  (1) "list" which is linked to tomoyo_globally_readable_list .
+ *  (2) "filename" is a pathname which is allowed to open(O_RDONLY).
+ *  (3) "is_deleted" is a bool which is true if marked as deleted, false
+ *      otherwise.
+ */
+struct tomoyo_globally_readable_file_entry {
+        struct list_head list;
+        const struct tomoyo_path_info *filename;
+        bool is_deleted;
+};
+/*
+ * tomoyo_pattern_entry is a structure which is used for holding
+ * "tomoyo_pattern_list" entries.
+ * It has following fields.
+ *
+ *  (1) "list" which is linked to tomoyo_pattern_list .
+ *  (2) "pattern" is a pathname pattern which is used for converting pathnames
+ *      to pathname patterns during learning mode.
+ *  (3) "is_deleted" is a bool which is true if marked as deleted, false
+ *      otherwise.
+ */
+struct tomoyo_pattern_entry {
+        struct list_head list;
+        const struct tomoyo_path_info *pattern;
+        bool is_deleted;
+};
+/*
+ * tomoyo_no_rewrite_entry is a structure which is used for holding
+ * "deny_rewrite" entries.
+ * It has following fields.
+ *
+ *  (1) "list" which is linked to tomoyo_no_rewrite_list .
+ *  (2) "pattern" is a pathname which is by default not permitted to modify
+ *      already existing content.
+ *  (3) "is_deleted" is a bool which is true if marked as deleted, false
+ *      otherwise.
+ */
+struct tomoyo_no_rewrite_entry {
+        struct list_head list;
+        const struct tomoyo_path_info *pattern;
+        bool is_deleted;
+};
+/*
+ * tomoyo_domain_initializer_entry is a structure which is used for holding
+ * "initialize_domain" and "no_initialize_domain" entries.
+ * It has following fields.
+ *
+ *  (1) "list" which is linked to tomoyo_domain_initializer_list .
+ *  (2) "domainname" which is "a domainname" or "the last component of a
+ *      domainname". This field is NULL if "from" clause is not specified.
+ *  (3) "program" which is a program's pathname.
+ *  (4) "is_deleted" is a bool which is true if marked as deleted, false
+ *      otherwise.
+ *  (5) "is_not" is a bool which is true if "no_initialize_domain", false
+ *      otherwise.
+ *  (6) "is_last_name" is a bool which is true if "domainname" is "the last
+ *      component of a domainname", false otherwise.
+ */
+struct tomoyo_domain_initializer_entry {
+        struct list_head list;
+        const struct tomoyo_path_info *domainname;    /* This may be NULL */
+        const struct tomoyo_path_info *program;
+        bool is_deleted;
+        bool is_not;       /* True if this entry is "no_initialize_domain".  */
+        /* True if the domainname is tomoyo_get_last_name(). */
+        bool is_last_name;
+};
+/*
+ * tomoyo_domain_keeper_entry is a structure which is used for holding
+ * "keep_domain" and "no_keep_domain" entries.
+ * It has following fields.
+ *
+ *  (1) "list" which is linked to tomoyo_domain_keeper_list .
+ *  (2) "domainname" which is "a domainname" or "the last component of a
+ *      domainname".
+ *  (3) "program" which is a program's pathname.
+ *      This field is NULL if "from" clause is not specified.
+ *  (4) "is_deleted" is a bool which is true if marked as deleted, false
+ *      otherwise.
+ *  (5) "is_not" is a bool which is true if "no_initialize_domain", false
+ *      otherwise.
+ *  (6) "is_last_name" is a bool which is true if "domainname" is "the last
+ *      component of a domainname", false otherwise.
+ */
+struct tomoyo_domain_keeper_entry {
+        struct list_head list;
+        const struct tomoyo_path_info *domainname;
+        const struct tomoyo_path_info *program;       /* This may be NULL */
+        bool is_deleted;
+        bool is_not;       /* True if this entry is "no_keep_domain".        */
+        /* True if the domainname is tomoyo_get_last_name(). */
+        bool is_last_name;
+};
+/*
+ * tomoyo_alias_entry is a structure which is used for holding "alias" entries.
+ * It has following fields.
+ *
+ *  (1) "list" which is linked to tomoyo_alias_list .
+ *  (2) "original_name" which is a dereferenced pathname.
+ *  (3) "aliased_name" which is a symlink's pathname.
+ *  (4) "is_deleted" is a bool which is true if marked as deleted, false
+ *      otherwise.
+ */
+struct tomoyo_alias_entry {
+        struct list_head list;
+        const struct tomoyo_path_info *original_name;
+        const struct tomoyo_path_info *aliased_name;
+        bool is_deleted;
+};
+/*
+ * tomoyo_policy_manager_entry is a structure which is used for holding list of
+ * domainnames or programs which are permitted to modify configuration via
+ * /sys/kernel/security/tomoyo/ interface.
+ * It has following fields.
+ *
+ *  (1) "list" which is linked to tomoyo_policy_manager_list .
+ *  (2) "manager" is a domainname or a program's pathname.
+ *  (3) "is_domain" is a bool which is true if "manager" is a domainname, false
+ *      otherwise.
+ *  (4) "is_deleted" is a bool which is true if marked as deleted, false
+ *      otherwise.
+ */
+struct tomoyo_policy_manager_entry {
+        struct list_head list;
+        /* A path to program or a domainname. */
+        const struct tomoyo_path_info *manager;
+        bool is_domain;  /* True if manager is a domainname. */
+        bool is_deleted; /* True if this entry is deleted. */
+};
+/********** Function prototypes. **********/
 /* Check whether the domain has too many ACL entries to hold. */
 bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain);
 /* Transactional sprintf() for policy dump. */
 bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
        __attribute__ ((format(printf, 2, 3)));
 /* Check whether the domainname is correct. */
-bool tomoyo_is_correct_domain(const unsigned char *domainname,
+bool tomoyo_is_correct_domain(const unsigned char *domainname);
-                              const char *function);
 /* Check whether the token is correct. */
 bool tomoyo_is_correct_path(const char *filename, const s8 start_type,
-                            const s8 pattern_type, const s8 end_type,
+                            const s8 pattern_type, const s8 end_type);
-                            const char *function);
 /* Check whether the token can be a domainname. */
 bool tomoyo_is_domain_def(const unsigned char *buffer);
 /* Check whether the given filename matches the given pattern. */
@@ -332,13 +547,13 @@ bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head);
 /* Write domain policy violation warning message to console? */
 bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain);
 /* Convert double path operation to operation name. */
-const char *tomoyo_dp2keyword(const u8 operation);
+const char *tomoyo_path22keyword(const u8 operation);
 /* Get the last component of the given domainname. */
 const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain);
 /* Get warning message. */
 const char *tomoyo_get_msg(const bool is_enforce);
 /* Convert single path operation to operation name. */
-const char *tomoyo_sp2keyword(const u8 operation);
+const char *tomoyo_path2keyword(const u8 operation);
 /* Create "alias" entry in exception policy. */
 int tomoyo_write_alias_policy(char *data, const bool is_delete);
 /*
@@ -374,33 +589,107 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
 /* Check mode for specified functionality. */
 unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
                                const u8 index);
-/* Allocate memory for structures. */
-void *tomoyo_alloc_acl_element(const u8 acl_type);
 /* Fill in "struct tomoyo_path_info" members. */
 void tomoyo_fill_path_info(struct tomoyo_path_info *ptr);
 /* Run policy loader when /sbin/init starts. */
 void tomoyo_load_policy(const char *filename);
-/* Change "struct tomoyo_domain_info"->flags. */
-void tomoyo_set_domain_flag(struct tomoyo_domain_info *domain,
-                            const bool is_delete, const u8 flags);
-/* strcmp() for "struct tomoyo_path_info" structure. */
+/* Convert binary string to ascii string. */
-static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a,
+int tomoyo_encode(char *buffer, int buflen, const char *str);
-                                  const struct tomoyo_path_info *b)
+/* Returns realpath(3) of the given pathname but ignores chroot'ed root. */
+int tomoyo_realpath_from_path2(struct path *path, char *newname,
+                               int newname_len);
+/*
+ * Returns realpath(3) of the given pathname but ignores chroot'ed root.
+ * These functions use kzalloc(), so the caller must call kfree()
+ * if these functions didn't return NULL.
+ */
+char *tomoyo_realpath(const char *pathname);
+/*
+ * Same with tomoyo_realpath() except that it doesn't follow the final symlink.
+ */
+char *tomoyo_realpath_nofollow(const char *pathname);
+/* Same with tomoyo_realpath() except that the pathname is already solved. */
+char *tomoyo_realpath_from_path(struct path *path);
+/* Check memory quota. */
+bool tomoyo_memory_ok(void *ptr);
+/*
+ * Keep the given name on the RAM.
+ * The RAM is shared, so NEVER try to modify or kfree() the returned name.
+ */
+const struct tomoyo_path_info *tomoyo_get_name(const char *name);
+/* Check for memory usage. */
+int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head);
+/* Set memory quota. */
+int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head);
+/* Initialize realpath related code. */
+void __init tomoyo_realpath_init(void);
+int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
+                           const struct tomoyo_path_info *filename);
+int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
+                                 struct path *path, const int flag);
+int tomoyo_path_perm(const u8 operation, struct path *path);
+int tomoyo_path2_perm(const u8 operation, struct path *path1,
+                      struct path *path2);
+int tomoyo_check_rewrite_permission(struct file *filp);
+int tomoyo_find_next_domain(struct linux_binprm *bprm);
+/* Run garbage collector. */
+void tomoyo_run_gc(void);
+void tomoyo_memory_free(void *ptr);
+/********** External variable definitions. **********/
+/* Lock for GC. */
+extern struct srcu_struct tomoyo_ss;
+/* The list for "struct tomoyo_domain_info". */
+extern struct list_head tomoyo_domain_list;
+extern struct list_head tomoyo_domain_initializer_list;
+extern struct list_head tomoyo_domain_keeper_list;
+extern struct list_head tomoyo_alias_list;
+extern struct list_head tomoyo_globally_readable_list;
+extern struct list_head tomoyo_pattern_list;
+extern struct list_head tomoyo_no_rewrite_list;
+extern struct list_head tomoyo_policy_manager_list;
+extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
+extern struct mutex tomoyo_name_list_lock;
+/* Lock for protecting policy. */
+extern struct mutex tomoyo_policy_lock;
+/* Has /sbin/init started? */
+extern bool tomoyo_policy_loaded;
+/* The kernel's domain. */
+extern struct tomoyo_domain_info tomoyo_kernel_domain;
+/********** Inlined functions. **********/
+static inline int tomoyo_read_lock(void)
 {
-        return a->hash != b->hash || strcmp(a->name, b->name);
+        return srcu_read_lock(&tomoyo_ss);
 }
-/* Get type of an ACL entry. */
+static inline void tomoyo_read_unlock(int idx)
-static inline u8 tomoyo_acl_type1(struct tomoyo_acl_info *ptr)
 {
-        return ptr->type & ~TOMOYO_ACL_DELETED;
+        srcu_read_unlock(&tomoyo_ss, idx);
 }
-/* Get type of an ACL entry. */
+/* strcmp() for "struct tomoyo_path_info" structure. */
-static inline u8 tomoyo_acl_type2(struct tomoyo_acl_info *ptr)
+static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a,
+                                  const struct tomoyo_path_info *b)
 {
-        return ptr->type;
+        return a->hash != b->hash || strcmp(a->name, b->name);
 }
 /**
@@ -427,18 +716,25 @@ static inline bool tomoyo_is_invalid(const unsigned char c)
        return c && (c <= ' ' || c >= 127);
 }
-/* The list for "struct tomoyo_domain_info". */
+static inline void tomoyo_put_name(const struct tomoyo_path_info *name)
-extern struct list_head tomoyo_domain_list;
+{
-extern struct rw_semaphore tomoyo_domain_list_lock;
+        if (name) {
+                struct tomoyo_name_entry *ptr =
-/* Lock for domain->acl_info_list. */
+                        container_of(name, struct tomoyo_name_entry, entry);
-extern struct rw_semaphore tomoyo_domain_acl_info_list_lock;
+                atomic_dec(&ptr->users);
+        }
+}
-/* Has /sbin/init started? */
+static inline struct tomoyo_domain_info *tomoyo_domain(void)
-extern bool tomoyo_policy_loaded;
+{
+        return current_cred()->security;
+}
-/* The kernel's domain. */
+static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
-extern struct tomoyo_domain_info tomoyo_kernel_domain;
+                                                            *task)
+{
+        return task_cred_xxx(task, security);
+}
 /**
 * list_for_each_cookie - iterate over a list with cookie.
@@ -446,16 +742,16 @@ extern struct tomoyo_domain_info tomoyo_kernel_domain;
 * @cookie:     the &struct list_head to use as a cookie.
 * @head:       the head for your list.
 *
- * Same with list_for_each() except that this primitive uses @cookie
+ * Same with list_for_each_rcu() except that this primitive uses @cookie
 * so that we can continue iteration.
 * @cookie must be NULL when iteration starts, and @cookie will become
 * NULL when iteration finishes.
 */
-#define list_for_each_cookie(pos, cookie, head)                       \
+#define list_for_each_cookie(pos, cookie, head)                         \
-        for (({ if (!cookie)                                          \
+        for (({ if (!cookie)                                            \
-                                     cookie = head; }),               \
+                                     cookie = head; }),                 \
-             pos = (cookie)->next;                                    \
+                     pos = rcu_dereference((cookie)->next);             \
-             prefetch(pos->next), pos != (head) || ((cookie) = NULL); \
+             prefetch(pos->next), pos != (head) || ((cookie) = NULL);   \
-             (cookie) = pos, pos = pos->next)
+             (cookie) = pos, pos = rcu_dereference(pos->next))
 #endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index fcf52accce2b..acb8c397d5cf 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -10,9 +10,8 @@
 */
 #include "common.h"
-#include "tomoyo.h"
-#include "realpath.h"
 #include <linux/binfmts.h>
+#include <linux/slab.h>
 /* Variables definitions.*/
@@ -58,99 +57,6 @@ struct tomoyo_domain_info tomoyo_kernel_domain;
 * exceptions.
 */
 LIST_HEAD(tomoyo_domain_list);
-DECLARE_RWSEM(tomoyo_domain_list_lock);
-/*
- * tomoyo_domain_initializer_entry is a structure which is used for holding
- * "initialize_domain" and "no_initialize_domain" entries.
- * It has following fields.
- *
- *  (1) "list" which is linked to tomoyo_domain_initializer_list .
- *  (2) "domainname" which is "a domainname" or "the last component of a
- *      domainname". This field is NULL if "from" clause is not specified.
- *  (3) "program" which is a program's pathname.
- *  (4) "is_deleted" is a bool which is true if marked as deleted, false
- *      otherwise.
- *  (5) "is_not" is a bool which is true if "no_initialize_domain", false
- *      otherwise.
- *  (6) "is_last_name" is a bool which is true if "domainname" is "the last
- *      component of a domainname", false otherwise.
- */
-struct tomoyo_domain_initializer_entry {
-        struct list_head list;
-        const struct tomoyo_path_info *domainname;    /* This may be NULL */
-        const struct tomoyo_path_info *program;
-        bool is_deleted;
-        bool is_not;       /* True if this entry is "no_initialize_domain".  */
-        /* True if the domainname is tomoyo_get_last_name(). */
-        bool is_last_name;
-};
-/*
- * tomoyo_domain_keeper_entry is a structure which is used for holding
- * "keep_domain" and "no_keep_domain" entries.
- * It has following fields.
- *
- *  (1) "list" which is linked to tomoyo_domain_keeper_list .
- *  (2) "domainname" which is "a domainname" or "the last component of a
- *      domainname".
- *  (3) "program" which is a program's pathname.
- *      This field is NULL if "from" clause is not specified.
- *  (4) "is_deleted" is a bool which is true if marked as deleted, false
- *      otherwise.
- *  (5) "is_not" is a bool which is true if "no_initialize_domain", false
- *      otherwise.
- *  (6) "is_last_name" is a bool which is true if "domainname" is "the last
- *      component of a domainname", false otherwise.
- */
-struct tomoyo_domain_keeper_entry {
-        struct list_head list;
-        const struct tomoyo_path_info *domainname;
-        const struct tomoyo_path_info *program;       /* This may be NULL */
-        bool is_deleted;
-        bool is_not;       /* True if this entry is "no_keep_domain".        */
-        /* True if the domainname is tomoyo_get_last_name(). */
-        bool is_last_name;
-};
-/*
- * tomoyo_alias_entry is a structure which is used for holding "alias" entries.
- * It has following fields.
- *
- *  (1) "list" which is linked to tomoyo_alias_list .
- *  (2) "original_name" which is a dereferenced pathname.
- *  (3) "aliased_name" which is a symlink's pathname.
- *  (4) "is_deleted" is a bool which is true if marked as deleted, false
- *      otherwise.
- */
-struct tomoyo_alias_entry {
-        struct list_head list;
-        const struct tomoyo_path_info *original_name;
-        const struct tomoyo_path_info *aliased_name;
-        bool is_deleted;
-};
-/**
- * tomoyo_set_domain_flag - Set or clear domain's attribute flags.
- *
- * @domain:    Pointer to "struct tomoyo_domain_info".
- * @is_delete: True if it is a delete request.
- * @flags:     Flags to set or clear.
- *
- * Returns nothing.
- */
-void tomoyo_set_domain_flag(struct tomoyo_domain_info *domain,
-                            const bool is_delete, const u8 flags)
-{
-        /* We need to serialize because this is bitfield operation. */
-        static DEFINE_SPINLOCK(lock);
-        spin_lock(&lock);
-        if (!is_delete)
-                domain->flags |= flags;
-        else
-                domain->flags &= ~flags;
-        spin_unlock(&lock);
-}
 /**
 * tomoyo_get_last_name - Get last component of a domainname.
@@ -205,8 +111,7 @@ const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain)
 * will cause "/usr/sbin/httpd" to belong to "<kernel> /usr/sbin/httpd" domain
 * unless executed from "<kernel> /etc/rc.d/init.d/httpd" domain.
 */
-static LIST_HEAD(tomoyo_domain_initializer_list);
+LIST_HEAD(tomoyo_domain_initializer_list);
-static DECLARE_RWSEM(tomoyo_domain_initializer_list_lock);
 /**
 * tomoyo_update_domain_initializer_entry - Update "struct tomoyo_domain_initializer_entry" list.
@@ -217,59 +122,65 @@ static DECLARE_RWSEM(tomoyo_domain_initializer_list_lock);
 * @is_delete:  True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_update_domain_initializer_entry(const char *domainname,
                                                  const char *program,
                                                  const bool is_not,
                                                  const bool is_delete)
 {
-        struct tomoyo_domain_initializer_entry *new_entry;
+        struct tomoyo_domain_initializer_entry *entry = NULL;
        struct tomoyo_domain_initializer_entry *ptr;
-        const struct tomoyo_path_info *saved_program;
+        const struct tomoyo_path_info *saved_program = NULL;
        const struct tomoyo_path_info *saved_domainname = NULL;
-        int error = -ENOMEM;
+        int error = is_delete ? -ENOENT : -ENOMEM;
        bool is_last_name = false;
-        if (!tomoyo_is_correct_path(program, 1, -1, -1, __func__))
+        if (!tomoyo_is_correct_path(program, 1, -1, -1))
                return -EINVAL; /* No patterns allowed. */
        if (domainname) {
                if (!tomoyo_is_domain_def(domainname) &&
-                    tomoyo_is_correct_path(domainname, 1, -1, -1, __func__))
+                    tomoyo_is_correct_path(domainname, 1, -1, -1))
                        is_last_name = true;
-                else if (!tomoyo_is_correct_domain(domainname, __func__))
+                else if (!tomoyo_is_correct_domain(domainname))
                        return -EINVAL;
-                saved_domainname = tomoyo_save_name(domainname);
+                saved_domainname = tomoyo_get_name(domainname);
                if (!saved_domainname)
-                        return -ENOMEM;
+                        goto out;
        }
-        saved_program = tomoyo_save_name(program);
+        saved_program = tomoyo_get_name(program);
        if (!saved_program)
-                return -ENOMEM;
+                goto out;
-        down_write(&tomoyo_domain_initializer_list_lock);
+        if (!is_delete)
-        list_for_each_entry(ptr, &tomoyo_domain_initializer_list, list) {
+                entry = kmalloc(sizeof(*entry), GFP_KERNEL);
+        mutex_lock(&tomoyo_policy_lock);
+        list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, list) {
                if (ptr->is_not != is_not ||
                    ptr->domainname != saved_domainname ||
                    ptr->program != saved_program)
                        continue;
                ptr->is_deleted = is_delete;
                error = 0;
-                goto out;
+                break;
        }
-        if (is_delete) {
+        if (!is_delete && error && tomoyo_memory_ok(entry)) {
-                error = -ENOENT;
+                entry->domainname = saved_domainname;
-                goto out;
+                saved_domainname = NULL;
+                entry->program = saved_program;
+                saved_program = NULL;
+                entry->is_not = is_not;
+                entry->is_last_name = is_last_name;
+                list_add_tail_rcu(&entry->list,
+                                  &tomoyo_domain_initializer_list);
+                entry = NULL;
+                error = 0;
        }
-        new_entry = tomoyo_alloc_element(sizeof(*new_entry));
+        mutex_unlock(&tomoyo_policy_lock);
-        if (!new_entry)
-                goto out;
-        new_entry->domainname = saved_domainname;
-        new_entry->program = saved_program;
-        new_entry->is_not = is_not;
-        new_entry->is_last_name = is_last_name;
-        list_add_tail(&new_entry->list, &tomoyo_domain_initializer_list);
-        error = 0;
 out:
-        up_write(&tomoyo_domain_initializer_list_lock);
+        tomoyo_put_name(saved_domainname);
+        tomoyo_put_name(saved_program);
+        kfree(entry);
        return error;
 }
@@ -279,13 +190,14 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
 * @head: Pointer to "struct tomoyo_io_buffer".
 *
 * Returns true on success, false otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head)
 {
        struct list_head *pos;
        bool done = true;
-        down_read(&tomoyo_domain_initializer_list_lock);
        list_for_each_cookie(pos, head->read_var2,
                             &tomoyo_domain_initializer_list) {
                const char *no;
@@ -308,7 +220,6 @@ bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head)
                if (!done)
                        break;
        }
-        up_read(&tomoyo_domain_initializer_list_lock);
        return done;
 }
@@ -320,6 +231,8 @@ bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head)
 * @is_delete: True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 int tomoyo_write_domain_initializer_policy(char *data, const bool is_not,
                                           const bool is_delete)
@@ -345,6 +258,8 @@ int tomoyo_write_domain_initializer_policy(char *data, const bool is_not,
 *
 * Returns true if executing @program reinitializes domain transition,
 * false otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static bool tomoyo_is_domain_initializer(const struct tomoyo_path_info *
                                         domainname,
@@ -355,8 +270,7 @@ static bool tomoyo_is_domain_initializer(const struct tomoyo_path_info *
        struct tomoyo_domain_initializer_entry *ptr;
        bool flag = false;
-        down_read(&tomoyo_domain_initializer_list_lock);
+        list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, list) {
-        list_for_each_entry(ptr,  &tomoyo_domain_initializer_list, list) {
                if (ptr->is_deleted)
                        continue;
                if (ptr->domainname) {
@@ -376,7 +290,6 @@ static bool tomoyo_is_domain_initializer(const struct tomoyo_path_info *
                }
                flag = true;
        }
-        up_read(&tomoyo_domain_initializer_list_lock);
        return flag;
 }
@@ -418,8 +331,7 @@ static bool tomoyo_is_domain_initializer(const struct tomoyo_path_info *
 * "<kernel> /usr/sbin/sshd /bin/bash /usr/bin/passwd" domain, unless
 * explicitly specified by "initialize_domain".
 */
-static LIST_HEAD(tomoyo_domain_keeper_list);
+LIST_HEAD(tomoyo_domain_keeper_list);
-static DECLARE_RWSEM(tomoyo_domain_keeper_list_lock);
 /**
 * tomoyo_update_domain_keeper_entry - Update "struct tomoyo_domain_keeper_entry" list.
@@ -430,59 +342,64 @@ static DECLARE_RWSEM(tomoyo_domain_keeper_list_lock);
 * @is_delete:  True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_update_domain_keeper_entry(const char *domainname,
                                             const char *program,
                                             const bool is_not,
                                             const bool is_delete)
 {
-        struct tomoyo_domain_keeper_entry *new_entry;
+        struct tomoyo_domain_keeper_entry *entry = NULL;
        struct tomoyo_domain_keeper_entry *ptr;
-        const struct tomoyo_path_info *saved_domainname;
+        const struct tomoyo_path_info *saved_domainname = NULL;
        const struct tomoyo_path_info *saved_program = NULL;
-        int error = -ENOMEM;
+        int error = is_delete ? -ENOENT : -ENOMEM;
        bool is_last_name = false;
        if (!tomoyo_is_domain_def(domainname) &&
-            tomoyo_is_correct_path(domainname, 1, -1, -1, __func__))
+            tomoyo_is_correct_path(domainname, 1, -1, -1))
                is_last_name = true;
-        else if (!tomoyo_is_correct_domain(domainname, __func__))
+        else if (!tomoyo_is_correct_domain(domainname))
                return -EINVAL;
        if (program) {
-                if (!tomoyo_is_correct_path(program, 1, -1, -1, __func__))
+                if (!tomoyo_is_correct_path(program, 1, -1, -1))
                        return -EINVAL;
-                saved_program = tomoyo_save_name(program);
+                saved_program = tomoyo_get_name(program);
                if (!saved_program)
-                        return -ENOMEM;
+                        goto out;
        }
-        saved_domainname = tomoyo_save_name(domainname);
+        saved_domainname = tomoyo_get_name(domainname);
        if (!saved_domainname)
-                return -ENOMEM;
+                goto out;
-        down_write(&tomoyo_domain_keeper_list_lock);
+        if (!is_delete)
-        list_for_each_entry(ptr, &tomoyo_domain_keeper_list, list) {
+                entry = kmalloc(sizeof(*entry), GFP_KERNEL);
+        mutex_lock(&tomoyo_policy_lock);
+        list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, list) {
                if (ptr->is_not != is_not ||
                    ptr->domainname != saved_domainname ||
                    ptr->program != saved_program)
                        continue;
                ptr->is_deleted = is_delete;
                error = 0;
-                goto out;
+                break;
        }
-        if (is_delete) {
+        if (!is_delete && error && tomoyo_memory_ok(entry)) {
-                error = -ENOENT;
+                entry->domainname = saved_domainname;
-                goto out;
+                saved_domainname = NULL;
+                entry->program = saved_program;
+                saved_program = NULL;
+                entry->is_not = is_not;
+                entry->is_last_name = is_last_name;
+                list_add_tail_rcu(&entry->list, &tomoyo_domain_keeper_list);
+                entry = NULL;
+                error = 0;
        }
-        new_entry = tomoyo_alloc_element(sizeof(*new_entry));
+        mutex_unlock(&tomoyo_policy_lock);
-        if (!new_entry)
-                goto out;
-        new_entry->domainname = saved_domainname;
-        new_entry->program = saved_program;
-        new_entry->is_not = is_not;
-        new_entry->is_last_name = is_last_name;
-        list_add_tail(&new_entry->list, &tomoyo_domain_keeper_list);
-        error = 0;
 out:
-        up_write(&tomoyo_domain_keeper_list_lock);
+        tomoyo_put_name(saved_domainname);
+        tomoyo_put_name(saved_program);
+        kfree(entry);
        return error;
 }
@@ -493,6 +410,7 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
 * @is_not:    True if it is "no_keep_domain" entry.
 * @is_delete: True if it is a delete request.
 *
+ * Caller holds tomoyo_read_lock().
 */
 int tomoyo_write_domain_keeper_policy(char *data, const bool is_not,
                                      const bool is_delete)
@@ -513,13 +431,14 @@ int tomoyo_write_domain_keeper_policy(char *data, const bool is_not,
 * @head: Pointer to "struct tomoyo_io_buffer".
 *
 * Returns true on success, false otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head)
 {
        struct list_head *pos;
        bool done = true;
-        down_read(&tomoyo_domain_keeper_list_lock);
        list_for_each_cookie(pos, head->read_var2,
                             &tomoyo_domain_keeper_list) {
                struct tomoyo_domain_keeper_entry *ptr;
@@ -542,7 +461,6 @@ bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head)
                if (!done)
                        break;
        }
-        up_read(&tomoyo_domain_keeper_list_lock);
        return done;
 }
@@ -555,6 +473,8 @@ bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head)
 *
 * Returns true if executing @program supresses domain transition,
 * false otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static bool tomoyo_is_domain_keeper(const struct tomoyo_path_info *domainname,
                                    const struct tomoyo_path_info *program,
@@ -563,8 +483,7 @@ static bool tomoyo_is_domain_keeper(const struct tomoyo_path_info *domainname,
        struct tomoyo_domain_keeper_entry *ptr;
        bool flag = false;
-        down_read(&tomoyo_domain_keeper_list_lock);
+        list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, list) {
-        list_for_each_entry(ptr, &tomoyo_domain_keeper_list, list) {
                if (ptr->is_deleted)
                        continue;
                if (!ptr->is_last_name) {
@@ -582,7 +501,6 @@ static bool tomoyo_is_domain_keeper(const struct tomoyo_path_info *domainname,
                }
                flag = true;
        }
-        up_read(&tomoyo_domain_keeper_list_lock);
        return flag;
 }
@@ -616,8 +534,7 @@ static bool tomoyo_is_domain_keeper(const struct tomoyo_path_info *domainname,
 * /bin/busybox and domainname which the current process will belong to after
 * execve() succeeds is calculated using /bin/cat rather than /bin/busybox .
 */
-static LIST_HEAD(tomoyo_alias_list);
+LIST_HEAD(tomoyo_alias_list);
-static DECLARE_RWSEM(tomoyo_alias_list_lock);
 /**
 * tomoyo_update_alias_entry - Update "struct tomoyo_alias_entry" list.
@@ -627,46 +544,51 @@ static DECLARE_RWSEM(tomoyo_alias_list_lock);
 * @is_delete:     True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_update_alias_entry(const char *original_name,
                                     const char *aliased_name,
                                     const bool is_delete)
 {
-        struct tomoyo_alias_entry *new_entry;
+        struct tomoyo_alias_entry *entry = NULL;
        struct tomoyo_alias_entry *ptr;
        const struct tomoyo_path_info *saved_original_name;
        const struct tomoyo_path_info *saved_aliased_name;
-        int error = -ENOMEM;
+        int error = is_delete ? -ENOENT : -ENOMEM;
-        if (!tomoyo_is_correct_path(original_name, 1, -1, -1, __func__) ||
+        if (!tomoyo_is_correct_path(original_name, 1, -1, -1) ||
-            !tomoyo_is_correct_path(aliased_name, 1, -1, -1, __func__))
+            !tomoyo_is_correct_path(aliased_name, 1, -1, -1))
                return -EINVAL; /* No patterns allowed. */
-        saved_original_name = tomoyo_save_name(original_name);
+        saved_original_name = tomoyo_get_name(original_name);
-        saved_aliased_name = tomoyo_save_name(aliased_name);
+        saved_aliased_name = tomoyo_get_name(aliased_name);
        if (!saved_original_name || !saved_aliased_name)
-                return -ENOMEM;
+                goto out;
-        down_write(&tomoyo_alias_list_lock);
+        if (!is_delete)
-        list_for_each_entry(ptr, &tomoyo_alias_list, list) {
+                entry = kmalloc(sizeof(*entry), GFP_KERNEL);
+        mutex_lock(&tomoyo_policy_lock);
+        list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) {
                if (ptr->original_name != saved_original_name ||
                    ptr->aliased_name != saved_aliased_name)
                        continue;
                ptr->is_deleted = is_delete;
                error = 0;
-                goto out;
+                break;
        }
-        if (is_delete) {
+        if (!is_delete && error && tomoyo_memory_ok(entry)) {
-                error = -ENOENT;
+                entry->original_name = saved_original_name;
-                goto out;
+                saved_original_name = NULL;
+                entry->aliased_name = saved_aliased_name;
+                saved_aliased_name = NULL;
+                list_add_tail_rcu(&entry->list, &tomoyo_alias_list);
+                entry = NULL;
+                error = 0;
        }
-        new_entry = tomoyo_alloc_element(sizeof(*new_entry));
+        mutex_unlock(&tomoyo_policy_lock);
-        if (!new_entry)
-                goto out;
-        new_entry->original_name = saved_original_name;
-        new_entry->aliased_name = saved_aliased_name;
-        list_add_tail(&new_entry->list, &tomoyo_alias_list);
-        error = 0;
 out:
-        up_write(&tomoyo_alias_list_lock);
+        tomoyo_put_name(saved_original_name);
+        tomoyo_put_name(saved_aliased_name);
+        kfree(entry);
        return error;
 }
@@ -676,13 +598,14 @@ static int tomoyo_update_alias_entry(const char *original_name,
 * @head: Pointer to "struct tomoyo_io_buffer".
 *
 * Returns true on success, false otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head)
 {
        struct list_head *pos;
        bool done = true;
-        down_read(&tomoyo_alias_list_lock);
        list_for_each_cookie(pos, head->read_var2, &tomoyo_alias_list) {
                struct tomoyo_alias_entry *ptr;
@@ -695,7 +618,6 @@ bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head)
                if (!done)
                        break;
        }
-        up_read(&tomoyo_alias_list_lock);
        return done;
 }
@@ -706,6 +628,8 @@ bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head)
 * @is_delete: True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 int tomoyo_write_alias_policy(char *data, const bool is_delete)
 {
@@ -724,63 +648,46 @@ int tomoyo_write_alias_policy(char *data, const bool is_delete)
 * @profile:    Profile number to assign if the domain was newly created.
 *
 * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                                                            domainname,
                                                            const u8 profile)
 {
-        struct tomoyo_domain_info *domain = NULL;
+        struct tomoyo_domain_info *entry;
+        struct tomoyo_domain_info *domain;
        const struct tomoyo_path_info *saved_domainname;
+        bool found = false;
-        down_write(&tomoyo_domain_list_lock);
+        if (!tomoyo_is_correct_domain(domainname))
-        domain = tomoyo_find_domain(domainname);
+                return NULL;
-        if (domain)
+        saved_domainname = tomoyo_get_name(domainname);
-                goto out;
-        if (!tomoyo_is_correct_domain(domainname, __func__))
-                goto out;
-        saved_domainname = tomoyo_save_name(domainname);
        if (!saved_domainname)
-                goto out;
+                return NULL;
-        /* Can I reuse memory of deleted domain? */
+        entry = kzalloc(sizeof(*entry), GFP_KERNEL);
-        list_for_each_entry(domain, &tomoyo_domain_list, list) {
+        mutex_lock(&tomoyo_policy_lock);
-                struct task_struct *p;
+        list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
-                struct tomoyo_acl_info *ptr;
+                if (domain->is_deleted ||
-                bool flag;
+                    tomoyo_pathcmp(saved_domainname, domain->domainname))
-                if (!domain->is_deleted ||
-                    domain->domainname != saved_domainname)
                        continue;
-                flag = false;
+                found = true;
-                read_lock(&tasklist_lock);
+                break;
-                for_each_process(p) {
-                        if (tomoyo_real_domain(p) != domain)
-                                continue;
-                        flag = true;
-                        break;
-                }
-                read_unlock(&tasklist_lock);
-                if (flag)
-                        continue;
-                list_for_each_entry(ptr, &domain->acl_info_list, list) {
-                        ptr->type |= TOMOYO_ACL_DELETED;
-                }
-                tomoyo_set_domain_flag(domain, true, domain->flags);
-                domain->profile = profile;
-                domain->quota_warned = false;
-                mb(); /* Avoid out-of-order execution. */
-                domain->is_deleted = false;
-                goto out;
        }
-        /* No memory reusable. Create using new memory. */
+        if (!found && tomoyo_memory_ok(entry)) {
-        domain = tomoyo_alloc_element(sizeof(*domain));
+                INIT_LIST_HEAD(&entry->acl_info_list);
-        if (domain) {
+                entry->domainname = saved_domainname;
-                INIT_LIST_HEAD(&domain->acl_info_list);
+                saved_domainname = NULL;
-                domain->domainname = saved_domainname;
+                entry->profile = profile;
-                domain->profile = profile;
+                list_add_tail_rcu(&entry->list, &tomoyo_domain_list);
-                list_add_tail(&domain->list, &tomoyo_domain_list);
+                domain = entry;
+                entry = NULL;
+                found = true;
        }
- out:
+        mutex_unlock(&tomoyo_policy_lock);
-        up_write(&tomoyo_domain_list_lock);
+        tomoyo_put_name(saved_domainname);
-        return domain;
+        kfree(entry);
+        return found ? domain : NULL;
 }
 /**
@@ -789,6 +696,8 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
 * @bprm: Pointer to "struct linux_binprm".
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 int tomoyo_find_next_domain(struct linux_binprm *bprm)
 {
@@ -796,7 +705,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
         * This function assumes that the size of buffer returned by
         * tomoyo_realpath() = TOMOYO_MAX_PATHNAME_LEN.
         */
-        struct tomoyo_page_buffer *tmp = tomoyo_alloc(sizeof(*tmp));
+        struct tomoyo_page_buffer *tmp = kzalloc(sizeof(*tmp), GFP_KERNEL);
        struct tomoyo_domain_info *old_domain = tomoyo_domain();
        struct tomoyo_domain_info *domain = NULL;
        const char *old_domain_name = old_domain->domainname->name;
@@ -849,8 +758,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
        if (tomoyo_pathcmp(&r, &s)) {
                struct tomoyo_alias_entry *ptr;
                /* Is this program allowed to be called via symbolic links? */
-                down_read(&tomoyo_alias_list_lock);
+                list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) {
-                list_for_each_entry(ptr, &tomoyo_alias_list, list) {
                        if (ptr->is_deleted ||
                            tomoyo_pathcmp(&r, ptr->original_name) ||
                            tomoyo_pathcmp(&s, ptr->aliased_name))
@@ -861,7 +769,6 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
                        tomoyo_fill_path_info(&r);
                        break;
                }
-                up_read(&tomoyo_alias_list_lock);
        }
        /* Check execute permission. */
@@ -892,9 +799,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
        }
        if (domain || strlen(new_domain_name) >= TOMOYO_MAX_PATHNAME_LEN)
                goto done;
-        down_read(&tomoyo_domain_list_lock);
        domain = tomoyo_find_domain(new_domain_name);
-        up_read(&tomoyo_domain_list_lock);
        if (domain)
                goto done;
        if (is_enforce)
@@ -909,14 +814,15 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
        if (is_enforce)
                retval = -EPERM;
        else
-                tomoyo_set_domain_flag(old_domain, false,
+                old_domain->transition_failed = true;
-                                       TOMOYO_DOMAIN_FLAGS_TRANSITION_FAILED);
 out:
        if (!domain)
                domain = old_domain;
+        /* Update reference count on "struct tomoyo_domain_info". */
+        atomic_inc(&domain->users);
        bprm->cred->security = domain;
-        tomoyo_free(real_program_name);
+        kfree(real_program_name);
-        tomoyo_free(symlink_program_name);
+        kfree(symlink_program_name);
-        tomoyo_free(tmp);
+        kfree(tmp);
        return retval;
 }
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 5ae3a571559f..6f3fe76a1fde 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -10,109 +10,65 @@
 */
 #include "common.h"
-#include "tomoyo.h"
+#include <linux/slab.h>
-#include "realpath.h"
-#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
-/*
- * tomoyo_globally_readable_file_entry is a structure which is used for holding
- * "allow_read" entries.
- * It has following fields.
- *
- *  (1) "list" which is linked to tomoyo_globally_readable_list .
- *  (2) "filename" is a pathname which is allowed to open(O_RDONLY).
- *  (3) "is_deleted" is a bool which is true if marked as deleted, false
- *      otherwise.
- */
-struct tomoyo_globally_readable_file_entry {
-        struct list_head list;
-        const struct tomoyo_path_info *filename;
-        bool is_deleted;
-};
-/*
- * tomoyo_pattern_entry is a structure which is used for holding
- * "tomoyo_pattern_list" entries.
- * It has following fields.
- *
- *  (1) "list" which is linked to tomoyo_pattern_list .
- *  (2) "pattern" is a pathname pattern which is used for converting pathnames
- *      to pathname patterns during learning mode.
- *  (3) "is_deleted" is a bool which is true if marked as deleted, false
- *      otherwise.
- */
-struct tomoyo_pattern_entry {
-        struct list_head list;
-        const struct tomoyo_path_info *pattern;
-        bool is_deleted;
-};
-/*
- * tomoyo_no_rewrite_entry is a structure which is used for holding
- * "deny_rewrite" entries.
- * It has following fields.
- *
- *  (1) "list" which is linked to tomoyo_no_rewrite_list .
- *  (2) "pattern" is a pathname which is by default not permitted to modify
- *      already existing content.
- *  (3) "is_deleted" is a bool which is true if marked as deleted, false
- *      otherwise.
- */
-struct tomoyo_no_rewrite_entry {
-        struct list_head list;
-        const struct tomoyo_path_info *pattern;
-        bool is_deleted;
-};
 /* Keyword array for single path operations. */
-static const char *tomoyo_sp_keyword[TOMOYO_MAX_SINGLE_PATH_OPERATION] = {
+static const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = {
-        [TOMOYO_TYPE_READ_WRITE_ACL] = "read/write",
+        [TOMOYO_TYPE_READ_WRITE] = "read/write",
-        [TOMOYO_TYPE_EXECUTE_ACL]    = "execute",
+        [TOMOYO_TYPE_EXECUTE]    = "execute",
-        [TOMOYO_TYPE_READ_ACL]       = "read",
+        [TOMOYO_TYPE_READ]       = "read",
-        [TOMOYO_TYPE_WRITE_ACL]      = "write",
+        [TOMOYO_TYPE_WRITE]      = "write",
-        [TOMOYO_TYPE_CREATE_ACL]     = "create",
+        [TOMOYO_TYPE_CREATE]     = "create",
-        [TOMOYO_TYPE_UNLINK_ACL]     = "unlink",
+        [TOMOYO_TYPE_UNLINK]     = "unlink",
-        [TOMOYO_TYPE_MKDIR_ACL]      = "mkdir",
+        [TOMOYO_TYPE_MKDIR]      = "mkdir",
-        [TOMOYO_TYPE_RMDIR_ACL]      = "rmdir",
+        [TOMOYO_TYPE_RMDIR]      = "rmdir",
-        [TOMOYO_TYPE_MKFIFO_ACL]     = "mkfifo",
+        [TOMOYO_TYPE_MKFIFO]     = "mkfifo",
-        [TOMOYO_TYPE_MKSOCK_ACL]     = "mksock",
+        [TOMOYO_TYPE_MKSOCK]     = "mksock",
-        [TOMOYO_TYPE_MKBLOCK_ACL]    = "mkblock",
+        [TOMOYO_TYPE_MKBLOCK]    = "mkblock",
-        [TOMOYO_TYPE_MKCHAR_ACL]     = "mkchar",
+        [TOMOYO_TYPE_MKCHAR]     = "mkchar",
-        [TOMOYO_TYPE_TRUNCATE_ACL]   = "truncate",
+        [TOMOYO_TYPE_TRUNCATE]   = "truncate",
-        [TOMOYO_TYPE_SYMLINK_ACL]    = "symlink",
+        [TOMOYO_TYPE_SYMLINK]    = "symlink",
-        [TOMOYO_TYPE_REWRITE_ACL]    = "rewrite",
+        [TOMOYO_TYPE_REWRITE]    = "rewrite",
+        [TOMOYO_TYPE_IOCTL]      = "ioctl",
+        [TOMOYO_TYPE_CHMOD]      = "chmod",
+        [TOMOYO_TYPE_CHOWN]      = "chown",
+        [TOMOYO_TYPE_CHGRP]      = "chgrp",
+        [TOMOYO_TYPE_CHROOT]     = "chroot",
+        [TOMOYO_TYPE_MOUNT]      = "mount",
+        [TOMOYO_TYPE_UMOUNT]     = "unmount",
 };
 /* Keyword array for double path operations. */
-static const char *tomoyo_dp_keyword[TOMOYO_MAX_DOUBLE_PATH_OPERATION] = {
+static const char *tomoyo_path2_keyword[TOMOYO_MAX_PATH2_OPERATION] = {
-        [TOMOYO_TYPE_LINK_ACL]    = "link",
+        [TOMOYO_TYPE_LINK]    = "link",
-        [TOMOYO_TYPE_RENAME_ACL]  = "rename",
+        [TOMOYO_TYPE_RENAME]  = "rename",
+        [TOMOYO_TYPE_PIVOT_ROOT] = "pivot_root",
 };
 /**
- * tomoyo_sp2keyword - Get the name of single path operation.
+ * tomoyo_path2keyword - Get the name of single path operation.
 *
 * @operation: Type of operation.
 *
 * Returns the name of single path operation.
 */
-const char *tomoyo_sp2keyword(const u8 operation)
+const char *tomoyo_path2keyword(const u8 operation)
 {
-        return (operation < TOMOYO_MAX_SINGLE_PATH_OPERATION)
+        return (operation < TOMOYO_MAX_PATH_OPERATION)
-                ? tomoyo_sp_keyword[operation] : NULL;
+                ? tomoyo_path_keyword[operation] : NULL;
 }
 /**
- * tomoyo_dp2keyword - Get the name of double path operation.
+ * tomoyo_path22keyword - Get the name of double path operation.
 *
 * @operation: Type of operation.
 *
 * Returns the name of double path operation.
 */
-const char *tomoyo_dp2keyword(const u8 operation)
+const char *tomoyo_path22keyword(const u8 operation)
 {
-        return (operation < TOMOYO_MAX_DOUBLE_PATH_OPERATION)
+        return (operation < TOMOYO_MAX_PATH2_OPERATION)
-                ? tomoyo_dp_keyword[operation] : NULL;
+                ? tomoyo_path2_keyword[operation] : NULL;
 }
 /**
@@ -143,7 +99,8 @@ static bool tomoyo_strendswith(const char *name, const char *tail)
 static struct tomoyo_path_info *tomoyo_get_path(struct path *path)
 {
        int error;
-        struct tomoyo_path_info_with_data *buf = tomoyo_alloc(sizeof(*buf));
+        struct tomoyo_path_info_with_data *buf = kzalloc(sizeof(*buf),
+                                                         GFP_KERNEL);
        if (!buf)
                return NULL;
@@ -155,20 +112,17 @@ static struct tomoyo_path_info *tomoyo_get_path(struct path *path)
                tomoyo_fill_path_info(&buf->head);
                return &buf->head;
        }
-        tomoyo_free(buf);
+        kfree(buf);
        return NULL;
 }
-/* Lock for domain->acl_info_list. */
+static int tomoyo_update_path2_acl(const u8 type, const char *filename1,
-DECLARE_RWSEM(tomoyo_domain_acl_info_list_lock);
+                                   const char *filename2,
+                                   struct tomoyo_domain_info *const domain,
-static int tomoyo_update_double_path_acl(const u8 type, const char *filename1,
+                                   const bool is_delete);
-                                         const char *filename2,
+static int tomoyo_update_path_acl(const u8 type, const char *filename,
-                                         struct tomoyo_domain_info *
+                                  struct tomoyo_domain_info *const domain,
-                                         const domain, const bool is_delete);
+                                  const bool is_delete);
-static int tomoyo_update_single_path_acl(const u8 type, const char *filename,
-                                         struct tomoyo_domain_info *
-                                         const domain, const bool is_delete);
 /*
 * tomoyo_globally_readable_list is used for holding list of pathnames which
@@ -195,8 +149,7 @@ static int tomoyo_update_single_path_acl(const u8 type, const char *filename,
 * given "allow_read /lib/libc-2.5.so" to the domain which current process
 * belongs to.
 */
-static LIST_HEAD(tomoyo_globally_readable_list);
+LIST_HEAD(tomoyo_globally_readable_list);
-static DECLARE_RWSEM(tomoyo_globally_readable_list_lock);
 /**
 * tomoyo_update_globally_readable_entry - Update "struct tomoyo_globally_readable_file_entry" list.
@@ -205,40 +158,42 @@ static DECLARE_RWSEM(tomoyo_globally_readable_list_lock);
 * @is_delete: True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_update_globally_readable_entry(const char *filename,
                                                 const bool is_delete)
 {
-        struct tomoyo_globally_readable_file_entry *new_entry;
+        struct tomoyo_globally_readable_file_entry *entry = NULL;
        struct tomoyo_globally_readable_file_entry *ptr;
        const struct tomoyo_path_info *saved_filename;
-        int error = -ENOMEM;
+        int error = is_delete ? -ENOENT : -ENOMEM;
-        if (!tomoyo_is_correct_path(filename, 1, 0, -1, __func__))
+        if (!tomoyo_is_correct_path(filename, 1, 0, -1))
                return -EINVAL;
-        saved_filename = tomoyo_save_name(filename);
+        saved_filename = tomoyo_get_name(filename);
        if (!saved_filename)
                return -ENOMEM;
-        down_write(&tomoyo_globally_readable_list_lock);
+        if (!is_delete)
-        list_for_each_entry(ptr, &tomoyo_globally_readable_list, list) {
+                entry = kmalloc(sizeof(*entry), GFP_KERNEL);
+        mutex_lock(&tomoyo_policy_lock);
+        list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, list) {
                if (ptr->filename != saved_filename)
                        continue;
                ptr->is_deleted = is_delete;
                error = 0;
-                goto out;
+                break;
        }
-        if (is_delete) {
+        if (!is_delete && error && tomoyo_memory_ok(entry)) {
-                error = -ENOENT;
+                entry->filename = saved_filename;
-                goto out;
+                saved_filename = NULL;
+                list_add_tail_rcu(&entry->list, &tomoyo_globally_readable_list);
+                entry = NULL;
+                error = 0;
        }
-        new_entry = tomoyo_alloc_element(sizeof(*new_entry));
+        mutex_unlock(&tomoyo_policy_lock);
-        if (!new_entry)
+        tomoyo_put_name(saved_filename);
-                goto out;
+        kfree(entry);
-        new_entry->filename = saved_filename;
-        list_add_tail(&new_entry->list, &tomoyo_globally_readable_list);
-        error = 0;
- out:
-        up_write(&tomoyo_globally_readable_list_lock);
        return error;
 }
@@ -248,21 +203,22 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
 * @filename: The filename to check.
 *
 * Returns true if any domain can open @filename for reading, false otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static bool tomoyo_is_globally_readable_file(const struct tomoyo_path_info *
                                             filename)
 {
        struct tomoyo_globally_readable_file_entry *ptr;
        bool found = false;
-        down_read(&tomoyo_globally_readable_list_lock);
-        list_for_each_entry(ptr, &tomoyo_globally_readable_list, list) {
+        list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, list) {
                if (!ptr->is_deleted &&
                    tomoyo_path_matches_pattern(filename, ptr->filename)) {
                        found = true;
                        break;
                }
        }
-        up_read(&tomoyo_globally_readable_list_lock);
        return found;
 }
@@ -273,6 +229,8 @@ static bool tomoyo_is_globally_readable_file(const struct tomoyo_path_info *
 * @is_delete: True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 int tomoyo_write_globally_readable_policy(char *data, const bool is_delete)
 {
@@ -285,13 +243,14 @@ int tomoyo_write_globally_readable_policy(char *data, const bool is_delete)
 * @head: Pointer to "struct tomoyo_io_buffer".
 *
 * Returns true on success, false otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head)
 {
        struct list_head *pos;
        bool done = true;
-        down_read(&tomoyo_globally_readable_list_lock);
        list_for_each_cookie(pos, head->read_var2,
                             &tomoyo_globally_readable_list) {
                struct tomoyo_globally_readable_file_entry *ptr;
@@ -305,7 +264,6 @@ bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head)
                if (!done)
                        break;
        }
-        up_read(&tomoyo_globally_readable_list_lock);
        return done;
 }
@@ -338,8 +296,7 @@ bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head)
 * which pretends as if /proc/self/ is not a symlink; so that we can forbid
 * current process from accessing other process's information.
 */
-static LIST_HEAD(tomoyo_pattern_list);
+LIST_HEAD(tomoyo_pattern_list);
-static DECLARE_RWSEM(tomoyo_pattern_list_lock);
 /**
 * tomoyo_update_file_pattern_entry - Update "struct tomoyo_pattern_entry" list.
@@ -348,40 +305,43 @@ static DECLARE_RWSEM(tomoyo_pattern_list_lock);
 * @is_delete: True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_update_file_pattern_entry(const char *pattern,
                                            const bool is_delete)
 {
-        struct tomoyo_pattern_entry *new_entry;
+        struct tomoyo_pattern_entry *entry = NULL;
        struct tomoyo_pattern_entry *ptr;
        const struct tomoyo_path_info *saved_pattern;
-        int error = -ENOMEM;
+        int error = is_delete ? -ENOENT : -ENOMEM;
-        if (!tomoyo_is_correct_path(pattern, 0, 1, 0, __func__))
+        saved_pattern = tomoyo_get_name(pattern);
-                return -EINVAL;
-        saved_pattern = tomoyo_save_name(pattern);
        if (!saved_pattern)
-                return -ENOMEM;
+                return error;
-        down_write(&tomoyo_pattern_list_lock);
+        if (!saved_pattern->is_patterned)
-        list_for_each_entry(ptr, &tomoyo_pattern_list, list) {
+                goto out;
+        if (!is_delete)
+                entry = kmalloc(sizeof(*entry), GFP_KERNEL);
+        mutex_lock(&tomoyo_policy_lock);
+        list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) {
                if (saved_pattern != ptr->pattern)
                        continue;
                ptr->is_deleted = is_delete;
                error = 0;
-                goto out;
+                break;
        }
-        if (is_delete) {
+        if (!is_delete && error && tomoyo_memory_ok(entry)) {
-                error = -ENOENT;
+                entry->pattern = saved_pattern;
-                goto out;
+                saved_pattern = NULL;
+                list_add_tail_rcu(&entry->list, &tomoyo_pattern_list);
+                entry = NULL;
+                error = 0;
        }
-        new_entry = tomoyo_alloc_element(sizeof(*new_entry));
+        mutex_unlock(&tomoyo_policy_lock);
-        if (!new_entry)
-                goto out;
-        new_entry->pattern = saved_pattern;
-        list_add_tail(&new_entry->list, &tomoyo_pattern_list);
-        error = 0;
 out:
-        up_write(&tomoyo_pattern_list_lock);
+        kfree(entry);
+        tomoyo_put_name(saved_pattern);
        return error;
 }
@@ -391,6 +351,8 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
 * @filename: The filename to find patterned pathname.
 *
 * Returns pointer to pathname pattern if matched, @filename otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static const struct tomoyo_path_info *
 tomoyo_get_file_pattern(const struct tomoyo_path_info *filename)
@@ -398,8 +360,7 @@ tomoyo_get_file_pattern(const struct tomoyo_path_info *filename)
        struct tomoyo_pattern_entry *ptr;
        const struct tomoyo_path_info *pattern = NULL;
-        down_read(&tomoyo_pattern_list_lock);
+        list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) {
-        list_for_each_entry(ptr, &tomoyo_pattern_list, list) {
                if (ptr->is_deleted)
                        continue;
                if (!tomoyo_path_matches_pattern(filename, ptr->pattern))
@@ -412,7 +373,6 @@ tomoyo_get_file_pattern(const struct tomoyo_path_info *filename)
                        break;
                }
        }
-        up_read(&tomoyo_pattern_list_lock);
        if (pattern)
                filename = pattern;
        return filename;
@@ -425,6 +385,8 @@ tomoyo_get_file_pattern(const struct tomoyo_path_info *filename)
 * @is_delete: True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 int tomoyo_write_pattern_policy(char *data, const bool is_delete)
 {
@@ -437,13 +399,14 @@ int tomoyo_write_pattern_policy(char *data, const bool is_delete)
 * @head: Pointer to "struct tomoyo_io_buffer".
 *
 * Returns true on success, false otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head)
 {
        struct list_head *pos;
        bool done = true;
-        down_read(&tomoyo_pattern_list_lock);
        list_for_each_cookie(pos, head->read_var2, &tomoyo_pattern_list) {
                struct tomoyo_pattern_entry *ptr;
                ptr = list_entry(pos, struct tomoyo_pattern_entry, list);
@@ -454,7 +417,6 @@ bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head)
                if (!done)
                        break;
        }
-        up_read(&tomoyo_pattern_list_lock);
        return done;
 }
@@ -487,8 +449,7 @@ bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head)
 * " (deleted)" suffix if the file is already unlink()ed; so that we don't
 * need to worry whether the file is already unlink()ed or not.
 */
-static LIST_HEAD(tomoyo_no_rewrite_list);
+LIST_HEAD(tomoyo_no_rewrite_list);
-static DECLARE_RWSEM(tomoyo_no_rewrite_list_lock);
 /**
 * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite_entry" list.
@@ -497,39 +458,42 @@ static DECLARE_RWSEM(tomoyo_no_rewrite_list_lock);
 * @is_delete: True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_update_no_rewrite_entry(const char *pattern,
                                          const bool is_delete)
 {
-        struct tomoyo_no_rewrite_entry *new_entry, *ptr;
+        struct tomoyo_no_rewrite_entry *entry = NULL;
+        struct tomoyo_no_rewrite_entry *ptr;
        const struct tomoyo_path_info *saved_pattern;
-        int error = -ENOMEM;
+        int error = is_delete ? -ENOENT : -ENOMEM;
-        if (!tomoyo_is_correct_path(pattern, 0, 0, 0, __func__))
+        if (!tomoyo_is_correct_path(pattern, 0, 0, 0))
                return -EINVAL;
-        saved_pattern = tomoyo_save_name(pattern);
+        saved_pattern = tomoyo_get_name(pattern);
        if (!saved_pattern)
-                return -ENOMEM;
+                return error;
-        down_write(&tomoyo_no_rewrite_list_lock);
+        if (!is_delete)
-        list_for_each_entry(ptr, &tomoyo_no_rewrite_list, list) {
+                entry = kmalloc(sizeof(*entry), GFP_KERNEL);
+        mutex_lock(&tomoyo_policy_lock);
+        list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, list) {
                if (ptr->pattern != saved_pattern)
                        continue;
                ptr->is_deleted = is_delete;
                error = 0;
-                goto out;
+                break;
        }
-        if (is_delete) {
+        if (!is_delete && error && tomoyo_memory_ok(entry)) {
-                error = -ENOENT;
+                entry->pattern = saved_pattern;
-                goto out;
+                saved_pattern = NULL;
+                list_add_tail_rcu(&entry->list, &tomoyo_no_rewrite_list);
+                entry = NULL;
+                error = 0;
        }
-        new_entry = tomoyo_alloc_element(sizeof(*new_entry));
+        mutex_unlock(&tomoyo_policy_lock);
-        if (!new_entry)
+        tomoyo_put_name(saved_pattern);
-                goto out;
+        kfree(entry);
-        new_entry->pattern = saved_pattern;
-        list_add_tail(&new_entry->list, &tomoyo_no_rewrite_list);
-        error = 0;
- out:
-        up_write(&tomoyo_no_rewrite_list_lock);
        return error;
 }
@@ -540,14 +504,15 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
 *
 * Returns true if @filename is specified by "deny_rewrite" directive,
 * false otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static bool tomoyo_is_no_rewrite_file(const struct tomoyo_path_info *filename)
 {
        struct tomoyo_no_rewrite_entry *ptr;
        bool found = false;
-        down_read(&tomoyo_no_rewrite_list_lock);
+        list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, list) {
-        list_for_each_entry(ptr, &tomoyo_no_rewrite_list, list) {
                if (ptr->is_deleted)
                        continue;
                if (!tomoyo_path_matches_pattern(filename, ptr->pattern))
@@ -555,7 +520,6 @@ static bool tomoyo_is_no_rewrite_file(const struct tomoyo_path_info *filename)
                found = true;
                break;
        }
-        up_read(&tomoyo_no_rewrite_list_lock);
        return found;
 }
@@ -566,6 +530,8 @@ static bool tomoyo_is_no_rewrite_file(const struct tomoyo_path_info *filename)
 * @is_delete: True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete)
 {
@@ -578,13 +544,14 @@ int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete)
 * @head: Pointer to "struct tomoyo_io_buffer".
 *
 * Returns true on success, false otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head)
 {
        struct list_head *pos;
        bool done = true;
-        down_read(&tomoyo_no_rewrite_list_lock);
        list_for_each_cookie(pos, head->read_var2, &tomoyo_no_rewrite_list) {
                struct tomoyo_no_rewrite_entry *ptr;
                ptr = list_entry(pos, struct tomoyo_no_rewrite_entry, list);
@@ -595,7 +562,6 @@ bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head)
                if (!done)
                        break;
        }
-        up_read(&tomoyo_no_rewrite_list_lock);
        return done;
 }
@@ -613,6 +579,8 @@ bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head)
 * Current policy syntax uses "allow_read/write" instead of "6",
 * "allow_read" instead of "4", "allow_write" instead of "2",
 * "allow_execute" instead of "1".
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_update_file_acl(const char *filename, u8 perm,
                                  struct tomoyo_domain_info * const domain,
@@ -630,19 +598,19 @@ static int tomoyo_update_file_acl(const char *filename, u8 perm,
                 */
                return 0;
        if (perm & 4)
-                tomoyo_update_single_path_acl(TOMOYO_TYPE_READ_ACL, filename,
+                tomoyo_update_path_acl(TOMOYO_TYPE_READ, filename, domain,
-                                              domain, is_delete);
+                                       is_delete);
        if (perm & 2)
-                tomoyo_update_single_path_acl(TOMOYO_TYPE_WRITE_ACL, filename,
+                tomoyo_update_path_acl(TOMOYO_TYPE_WRITE, filename, domain,
-                                              domain, is_delete);
+                                       is_delete);
        if (perm & 1)
-                tomoyo_update_single_path_acl(TOMOYO_TYPE_EXECUTE_ACL,
+                tomoyo_update_path_acl(TOMOYO_TYPE_EXECUTE, filename, domain,
-                                              filename, domain, is_delete);
+                                       is_delete);
        return 0;
 }
 /**
- * tomoyo_check_single_path_acl2 - Check permission for single path operation.
+ * tomoyo_path_acl2 - Check permission for single path operation.
 *
 * @domain:          Pointer to "struct tomoyo_domain_info".
 * @filename:        Filename to check.
@@ -650,26 +618,28 @@ static int tomoyo_update_file_acl(const char *filename, u8 perm,
 * @may_use_pattern: True if patterned ACL is permitted.
 *
 * Returns 0 on success, -EPERM otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
-static int tomoyo_check_single_path_acl2(const struct tomoyo_domain_info *
+static int tomoyo_path_acl2(const struct tomoyo_domain_info *domain,
-                                         domain,
+                            const struct tomoyo_path_info *filename,
-                                         const struct tomoyo_path_info *
+                            const u32 perm, const bool may_use_pattern)
-                                         filename,
-                                         const u16 perm,
-                                         const bool may_use_pattern)
 {
        struct tomoyo_acl_info *ptr;
        int error = -EPERM;
-        down_read(&tomoyo_domain_acl_info_list_lock);
+        list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
-        list_for_each_entry(ptr, &domain->acl_info_list, list) {
+                struct tomoyo_path_acl *acl;
-                struct tomoyo_single_path_acl_record *acl;
+                if (ptr->type != TOMOYO_TYPE_PATH_ACL)
-                if (tomoyo_acl_type2(ptr) != TOMOYO_TYPE_SINGLE_PATH_ACL)
-                        continue;
-                acl = container_of(ptr, struct tomoyo_single_path_acl_record,
-                                   head);
-                if (!(acl->perm & perm))
                        continue;
+                acl = container_of(ptr, struct tomoyo_path_acl, head);
+                if (perm <= 0xFFFF) {
+                        if (!(acl->perm & perm))
+                                continue;
+                } else {
+                        if (!(acl->perm_high & (perm >> 16)))
+                                continue;
+                }
                if (may_use_pattern || !acl->filename->is_patterned) {
                        if (!tomoyo_path_matches_pattern(filename,
                                                         acl->filename))
@@ -680,7 +650,6 @@ static int tomoyo_check_single_path_acl2(const struct tomoyo_domain_info *
                error = 0;
                break;
        }
-        up_read(&tomoyo_domain_acl_info_list_lock);
        return error;
 }
@@ -692,27 +661,28 @@ static int tomoyo_check_single_path_acl2(const struct tomoyo_domain_info *
 * @operation: Mode ("read" or "write" or "read/write" or "execute").
 *
 * Returns 0 on success, -EPERM otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_check_file_acl(const struct tomoyo_domain_info *domain,
                                 const struct tomoyo_path_info *filename,
                                 const u8 operation)
 {
-        u16 perm = 0;
+        u32 perm = 0;
        if (!tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE))
                return 0;
        if (operation == 6)
-                perm = 1 << TOMOYO_TYPE_READ_WRITE_ACL;
+                perm = 1 << TOMOYO_TYPE_READ_WRITE;
        else if (operation == 4)
-                perm = 1 << TOMOYO_TYPE_READ_ACL;
+                perm = 1 << TOMOYO_TYPE_READ;
        else if (operation == 2)
-                perm = 1 << TOMOYO_TYPE_WRITE_ACL;
+                perm = 1 << TOMOYO_TYPE_WRITE;
        else if (operation == 1)
-                perm = 1 << TOMOYO_TYPE_EXECUTE_ACL;
+                perm = 1 << TOMOYO_TYPE_EXECUTE;
        else
                BUG();
-        return tomoyo_check_single_path_acl2(domain, filename, perm,
+        return tomoyo_path_acl2(domain, filename, perm, operation != 1);
-                                             operation != 1);
 }
 /**
@@ -725,6 +695,8 @@ static int tomoyo_check_file_acl(const struct tomoyo_domain_info *domain,
 * @mode:      Access control mode.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_check_file_perm2(struct tomoyo_domain_info * const domain,
                                   const struct tomoyo_path_info *filename,
@@ -738,18 +710,17 @@ static int tomoyo_check_file_perm2(struct tomoyo_domain_info * const domain,
        if (!filename)
                return 0;
        error = tomoyo_check_file_acl(domain, filename, perm);
-        if (error && perm == 4 &&
+        if (error && perm == 4 && !domain->ignore_global_allow_read
-            (domain->flags & TOMOYO_DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_READ) == 0
            && tomoyo_is_globally_readable_file(filename))
                error = 0;
        if (perm == 6)
-                msg = tomoyo_sp2keyword(TOMOYO_TYPE_READ_WRITE_ACL);
+                msg = tomoyo_path2keyword(TOMOYO_TYPE_READ_WRITE);
        else if (perm == 4)
-                msg = tomoyo_sp2keyword(TOMOYO_TYPE_READ_ACL);
+                msg = tomoyo_path2keyword(TOMOYO_TYPE_READ);
        else if (perm == 2)
-                msg = tomoyo_sp2keyword(TOMOYO_TYPE_WRITE_ACL);
+                msg = tomoyo_path2keyword(TOMOYO_TYPE_WRITE);
        else if (perm == 1)
-                msg = tomoyo_sp2keyword(TOMOYO_TYPE_EXECUTE_ACL);
+                msg = tomoyo_path2keyword(TOMOYO_TYPE_EXECUTE);
        else
                BUG();
        if (!error)
@@ -778,6 +749,8 @@ static int tomoyo_check_file_perm2(struct tomoyo_domain_info * const domain,
 * @is_delete: True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain,
                             const bool is_delete)
@@ -796,28 +769,28 @@ int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain,
        if (strncmp(data, "allow_", 6))
                goto out;
        data += 6;
-        for (type = 0; type < TOMOYO_MAX_SINGLE_PATH_OPERATION; type++) {
+        for (type = 0; type < TOMOYO_MAX_PATH_OPERATION; type++) {
-                if (strcmp(data, tomoyo_sp_keyword[type]))
+                if (strcmp(data, tomoyo_path_keyword[type]))
                        continue;
-                return tomoyo_update_single_path_acl(type, filename,
+                return tomoyo_update_path_acl(type, filename, domain,
-                                                     domain, is_delete);
+                                              is_delete);
        }
        filename2 = strchr(filename, ' ');
        if (!filename2)
                goto out;
        *filename2++ = '\0';
-        for (type = 0; type < TOMOYO_MAX_DOUBLE_PATH_OPERATION; type++) {
+        for (type = 0; type < TOMOYO_MAX_PATH2_OPERATION; type++) {
-                if (strcmp(data, tomoyo_dp_keyword[type]))
+                if (strcmp(data, tomoyo_path2_keyword[type]))
                        continue;
-                return tomoyo_update_double_path_acl(type, filename, filename2,
+                return tomoyo_update_path2_acl(type, filename, filename2,
-                                                     domain, is_delete);
+                                               domain, is_delete);
        }
 out:
        return -EINVAL;
 }
 /**
- * tomoyo_update_single_path_acl - Update "struct tomoyo_single_path_acl_record" list.
+ * tomoyo_update_path_acl - Update "struct tomoyo_path_acl" list.
 *
 * @type:      Type of operation.
 * @filename:  Filename.
@@ -825,85 +798,82 @@ int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain,
 * @is_delete: True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
-static int tomoyo_update_single_path_acl(const u8 type, const char *filename,
+static int tomoyo_update_path_acl(const u8 type, const char *filename,
-                                         struct tomoyo_domain_info *
+                                  struct tomoyo_domain_info *const domain,
-                                         const domain, const bool is_delete)
+                                  const bool is_delete)
 {
-        static const u16 rw_mask =
+        static const u32 rw_mask =
-                (1 << TOMOYO_TYPE_READ_ACL) | (1 << TOMOYO_TYPE_WRITE_ACL);
+                (1 << TOMOYO_TYPE_READ) | (1 << TOMOYO_TYPE_WRITE);
        const struct tomoyo_path_info *saved_filename;
        struct tomoyo_acl_info *ptr;
-        struct tomoyo_single_path_acl_record *acl;
+        struct tomoyo_path_acl *entry = NULL;
-        int error = -ENOMEM;
+        int error = is_delete ? -ENOENT : -ENOMEM;
-        const u16 perm = 1 << type;
+        const u32 perm = 1 << type;
        if (!domain)
                return -EINVAL;
-        if (!tomoyo_is_correct_path(filename, 0, 0, 0, __func__))
+        if (!tomoyo_is_correct_path(filename, 0, 0, 0))
                return -EINVAL;
-        saved_filename = tomoyo_save_name(filename);
+        saved_filename = tomoyo_get_name(filename);
        if (!saved_filename)
                return -ENOMEM;
-        down_write(&tomoyo_domain_acl_info_list_lock);
+        if (!is_delete)
-        if (is_delete)
+                entry = kmalloc(sizeof(*entry), GFP_KERNEL);
-                goto delete;
+        mutex_lock(&tomoyo_policy_lock);
-        list_for_each_entry(ptr, &domain->acl_info_list, list) {
+        list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
-                if (tomoyo_acl_type1(ptr) != TOMOYO_TYPE_SINGLE_PATH_ACL)
+                struct tomoyo_path_acl *acl =
+                        container_of(ptr, struct tomoyo_path_acl, head);
+                if (ptr->type != TOMOYO_TYPE_PATH_ACL)
                        continue;
-                acl = container_of(ptr, struct tomoyo_single_path_acl_record,
-                                   head);
                if (acl->filename != saved_filename)
                        continue;
-                /* Special case. Clear all bits if marked as deleted. */
+                if (is_delete) {
-                if (ptr->type & TOMOYO_ACL_DELETED)
+                        if (perm <= 0xFFFF)
-                        acl->perm = 0;
+                                acl->perm &= ~perm;
-                acl->perm |= perm;
+                        else
-                if ((acl->perm & rw_mask) == rw_mask)
+                                acl->perm_high &= ~(perm >> 16);
-                        acl->perm |= 1 << TOMOYO_TYPE_READ_WRITE_ACL;
+                        if ((acl->perm & rw_mask) != rw_mask)
-                else if (acl->perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL))
+                                acl->perm &= ~(1 << TOMOYO_TYPE_READ_WRITE);
-                        acl->perm |= rw_mask;
+                        else if (!(acl->perm & (1 << TOMOYO_TYPE_READ_WRITE)))
-                ptr->type &= ~TOMOYO_ACL_DELETED;
+                                acl->perm &= ~rw_mask;
+                } else {
+                        if (perm <= 0xFFFF)
+                                acl->perm |= perm;
+                        else
+                                acl->perm_high |= (perm >> 16);
+                        if ((acl->perm & rw_mask) == rw_mask)
+                                acl->perm |= 1 << TOMOYO_TYPE_READ_WRITE;
+                        else if (acl->perm & (1 << TOMOYO_TYPE_READ_WRITE))
+                                acl->perm |= rw_mask;
+                }
                error = 0;
-                goto out;
+                break;
        }
-        /* Not found. Append it to the tail. */
+        if (!is_delete && error && tomoyo_memory_ok(entry)) {
-        acl = tomoyo_alloc_acl_element(TOMOYO_TYPE_SINGLE_PATH_ACL);
+                entry->head.type = TOMOYO_TYPE_PATH_ACL;
-        if (!acl)
+                if (perm <= 0xFFFF)
-                goto out;
+                        entry->perm = perm;
-        acl->perm = perm;
+                else
-        if (perm == (1 << TOMOYO_TYPE_READ_WRITE_ACL))
+                        entry->perm_high = (perm >> 16);
-                acl->perm |= rw_mask;
+                if (perm == (1 << TOMOYO_TYPE_READ_WRITE))
-        acl->filename = saved_filename;
+                        entry->perm |= rw_mask;
-        list_add_tail(&acl->head.list, &domain->acl_info_list);
+                entry->filename = saved_filename;
-        error = 0;
+                saved_filename = NULL;
-        goto out;
+                list_add_tail_rcu(&entry->head.list, &domain->acl_info_list);
- delete:
+                entry = NULL;
-        error = -ENOENT;
-        list_for_each_entry(ptr, &domain->acl_info_list, list) {
-                if (tomoyo_acl_type2(ptr) != TOMOYO_TYPE_SINGLE_PATH_ACL)
-                        continue;
-                acl = container_of(ptr, struct tomoyo_single_path_acl_record,
-                                   head);
-                if (acl->filename != saved_filename)
-                        continue;
-                acl->perm &= ~perm;
-                if ((acl->perm & rw_mask) != rw_mask)
-                        acl->perm &= ~(1 << TOMOYO_TYPE_READ_WRITE_ACL);
-                else if (!(acl->perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL)))
-                        acl->perm &= ~rw_mask;
-                if (!acl->perm)
-                        ptr->type |= TOMOYO_ACL_DELETED;
                error = 0;
-                break;
        }
- out:
+        mutex_unlock(&tomoyo_policy_lock);
-        up_write(&tomoyo_domain_acl_info_list_lock);
+        kfree(entry);
+        tomoyo_put_name(saved_filename);
        return error;
 }
 /**
- * tomoyo_update_double_path_acl - Update "struct tomoyo_double_path_acl_record" list.
+ * tomoyo_update_path2_acl - Update "struct tomoyo_path2_acl" list.
 *
 * @type:      Type of operation.
 * @filename1: First filename.
@@ -912,98 +882,88 @@ static int tomoyo_update_single_path_acl(const u8 type, const char *filename,
 * @is_delete: True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
-static int tomoyo_update_double_path_acl(const u8 type, const char *filename1,
+static int tomoyo_update_path2_acl(const u8 type, const char *filename1,
-                                         const char *filename2,
+                                   const char *filename2,
-                                         struct tomoyo_domain_info *
+                                   struct tomoyo_domain_info *const domain,
-                                         const domain, const bool is_delete)
+                                   const bool is_delete)
 {
        const struct tomoyo_path_info *saved_filename1;
        const struct tomoyo_path_info *saved_filename2;
        struct tomoyo_acl_info *ptr;
-        struct tomoyo_double_path_acl_record *acl;
+        struct tomoyo_path2_acl *entry = NULL;
-        int error = -ENOMEM;
+        int error = is_delete ? -ENOENT : -ENOMEM;
        const u8 perm = 1 << type;
        if (!domain)
                return -EINVAL;
-        if (!tomoyo_is_correct_path(filename1, 0, 0, 0, __func__) ||
+        if (!tomoyo_is_correct_path(filename1, 0, 0, 0) ||
-            !tomoyo_is_correct_path(filename2, 0, 0, 0, __func__))
+            !tomoyo_is_correct_path(filename2, 0, 0, 0))
                return -EINVAL;
-        saved_filename1 = tomoyo_save_name(filename1);
+        saved_filename1 = tomoyo_get_name(filename1);
-        saved_filename2 = tomoyo_save_name(filename2);
+        saved_filename2 = tomoyo_get_name(filename2);
        if (!saved_filename1 || !saved_filename2)
-                return -ENOMEM;
-        down_write(&tomoyo_domain_acl_info_list_lock);
-        if (is_delete)
-                goto delete;
-        list_for_each_entry(ptr, &domain->acl_info_list, list) {
-                if (tomoyo_acl_type1(ptr) != TOMOYO_TYPE_DOUBLE_PATH_ACL)
-                        continue;
-                acl = container_of(ptr, struct tomoyo_double_path_acl_record,
-                                   head);
-                if (acl->filename1 != saved_filename1 ||
-                    acl->filename2 != saved_filename2)
-                        continue;
-                /* Special case. Clear all bits if marked as deleted. */
-                if (ptr->type & TOMOYO_ACL_DELETED)
-                        acl->perm = 0;
-                acl->perm |= perm;
-                ptr->type &= ~TOMOYO_ACL_DELETED;
-                error = 0;
                goto out;
-        }
+        if (!is_delete)
-        /* Not found. Append it to the tail. */
+                entry = kmalloc(sizeof(*entry), GFP_KERNEL);
-        acl = tomoyo_alloc_acl_element(TOMOYO_TYPE_DOUBLE_PATH_ACL);
+        mutex_lock(&tomoyo_policy_lock);
-        if (!acl)
+        list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
-                goto out;
+                struct tomoyo_path2_acl *acl =
-        acl->perm = perm;
+                        container_of(ptr, struct tomoyo_path2_acl, head);
-        acl->filename1 = saved_filename1;
+                if (ptr->type != TOMOYO_TYPE_PATH2_ACL)
-        acl->filename2 = saved_filename2;
-        list_add_tail(&acl->head.list, &domain->acl_info_list);
-        error = 0;
-        goto out;
- delete:
-        error = -ENOENT;
-        list_for_each_entry(ptr, &domain->acl_info_list, list) {
-                if (tomoyo_acl_type2(ptr) != TOMOYO_TYPE_DOUBLE_PATH_ACL)
                        continue;
-                acl = container_of(ptr, struct tomoyo_double_path_acl_record,
-                                   head);
                if (acl->filename1 != saved_filename1 ||
                    acl->filename2 != saved_filename2)
                        continue;
-                acl->perm &= ~perm;
+                if (is_delete)
-                if (!acl->perm)
+                        acl->perm &= ~perm;
-                        ptr->type |= TOMOYO_ACL_DELETED;
+                else
+                        acl->perm |= perm;
                error = 0;
                break;
        }
+        if (!is_delete && error && tomoyo_memory_ok(entry)) {
+                entry->head.type = TOMOYO_TYPE_PATH2_ACL;
+                entry->perm = perm;
+                entry->filename1 = saved_filename1;
+                saved_filename1 = NULL;
+                entry->filename2 = saved_filename2;
+                saved_filename2 = NULL;
+                list_add_tail_rcu(&entry->head.list, &domain->acl_info_list);
+                entry = NULL;
+                error = 0;
+        }
+        mutex_unlock(&tomoyo_policy_lock);
 out:
-        up_write(&tomoyo_domain_acl_info_list_lock);
+        tomoyo_put_name(saved_filename1);
+        tomoyo_put_name(saved_filename2);
+        kfree(entry);
        return error;
 }
 /**
- * tomoyo_check_single_path_acl - Check permission for single path operation.
+ * tomoyo_path_acl - Check permission for single path operation.
 *
 * @domain:   Pointer to "struct tomoyo_domain_info".
 * @type:     Type of operation.
 * @filename: Filename to check.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
-static int tomoyo_check_single_path_acl(struct tomoyo_domain_info *domain,
+static int tomoyo_path_acl(struct tomoyo_domain_info *domain, const u8 type,
-                                        const u8 type,
+                           const struct tomoyo_path_info *filename)
-                                        const struct tomoyo_path_info *filename)
 {
        if (!tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE))
                return 0;
-        return tomoyo_check_single_path_acl2(domain, filename, 1 << type, 1);
+        return tomoyo_path_acl2(domain, filename, 1 << type, 1);
 }
 /**
- * tomoyo_check_double_path_acl - Check permission for double path operation.
+ * tomoyo_path2_acl - Check permission for double path operation.
 *
 * @domain:    Pointer to "struct tomoyo_domain_info".
 * @type:      Type of operation.
@@ -1011,13 +971,13 @@ static int tomoyo_check_single_path_acl(struct tomoyo_domain_info *domain,
 * @filename2: Second filename to check.
 *
 * Returns 0 on success, -EPERM otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
-static int tomoyo_check_double_path_acl(const struct tomoyo_domain_info *domain,
+static int tomoyo_path2_acl(const struct tomoyo_domain_info *domain,
-                                        const u8 type,
+                            const u8 type,
-                                        const struct tomoyo_path_info *
+                            const struct tomoyo_path_info *filename1,
-                                        filename1,
+                            const struct tomoyo_path_info *filename2)
-                                        const struct tomoyo_path_info *
-                                        filename2)
 {
        struct tomoyo_acl_info *ptr;
        const u8 perm = 1 << type;
@@ -1025,13 +985,11 @@ static int tomoyo_check_double_path_acl(const struct tomoyo_domain_info *domain,
        if (!tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE))
                return 0;
-        down_read(&tomoyo_domain_acl_info_list_lock);
+        list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
-        list_for_each_entry(ptr, &domain->acl_info_list, list) {
+                struct tomoyo_path2_acl *acl;
-                struct tomoyo_double_path_acl_record *acl;
+                if (ptr->type != TOMOYO_TYPE_PATH2_ACL)
-                if (tomoyo_acl_type2(ptr) != TOMOYO_TYPE_DOUBLE_PATH_ACL)
                        continue;
-                acl = container_of(ptr, struct tomoyo_double_path_acl_record,
+                acl = container_of(ptr, struct tomoyo_path2_acl, head);
-                                   head);
                if (!(acl->perm & perm))
                        continue;
                if (!tomoyo_path_matches_pattern(filename1, acl->filename1))
@@ -1041,12 +999,11 @@ static int tomoyo_check_double_path_acl(const struct tomoyo_domain_info *domain,
                error = 0;
                break;
        }
-        up_read(&tomoyo_domain_acl_info_list_lock);
        return error;
 }
 /**
- * tomoyo_check_single_path_permission2 - Check permission for single path operation.
+ * tomoyo_path_permission2 - Check permission for single path operation.
 *
 * @domain:    Pointer to "struct tomoyo_domain_info".
 * @operation: Type of operation.
@@ -1054,11 +1011,13 @@ static int tomoyo_check_double_path_acl(const struct tomoyo_domain_info *domain,
 * @mode:      Access control mode.
 *
 * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
-static int tomoyo_check_single_path_permission2(struct tomoyo_domain_info *
+static int tomoyo_path_permission2(struct tomoyo_domain_info *const domain,
-                                                const domain, u8 operation,
+                                   u8 operation,
-                                                const struct tomoyo_path_info *
+                                   const struct tomoyo_path_info *filename,
-                                                filename, const u8 mode)
+                                   const u8 mode)
 {
        const char *msg;
        int error;
@@ -1067,8 +1026,8 @@ static int tomoyo_check_single_path_permission2(struct tomoyo_domain_info *
        if (!mode)
                return 0;
 next:
-        error = tomoyo_check_single_path_acl(domain, operation, filename);
+        error = tomoyo_path_acl(domain, operation, filename);
-        msg = tomoyo_sp2keyword(operation);
+        msg = tomoyo_path2keyword(operation);
        if (!error)
                goto ok;
        if (tomoyo_verbose_mode(domain))
@@ -1077,7 +1036,7 @@ static int tomoyo_check_single_path_permission2(struct tomoyo_domain_info *
                       tomoyo_get_last_name(domain));
        if (mode == 1 && tomoyo_domain_quota_is_ok(domain)) {
                const char *name = tomoyo_get_file_pattern(filename)->name;
-                tomoyo_update_single_path_acl(operation, name, domain, false);
+                tomoyo_update_path_acl(operation, name, domain, false);
        }
        if (!is_enforce)
                error = 0;
@@ -1087,42 +1046,23 @@ static int tomoyo_check_single_path_permission2(struct tomoyo_domain_info *
         * we need to check "allow_rewrite" permission if the filename is
         * specified by "deny_rewrite" keyword.
         */
-        if (!error && operation == TOMOYO_TYPE_TRUNCATE_ACL &&
+        if (!error && operation == TOMOYO_TYPE_TRUNCATE &&
            tomoyo_is_no_rewrite_file(filename)) {
-                operation = TOMOYO_TYPE_REWRITE_ACL;
+                operation = TOMOYO_TYPE_REWRITE;
                goto next;
        }
        return error;
 }
 /**
- * tomoyo_check_file_perm - Check permission for sysctl()'s "read" and "write".
- *
- * @domain:    Pointer to "struct tomoyo_domain_info".
- * @filename:  Filename to check.
- * @perm:      Mode ("read" or "write" or "read/write").
- * Returns 0 on success, negative value otherwise.
- */
-int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
-                           const char *filename, const u8 perm)
-{
-        struct tomoyo_path_info name;
-        const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
-        if (!mode)
-                return 0;
-        name.name = filename;
-        tomoyo_fill_path_info(&name);
-        return tomoyo_check_file_perm2(domain, &name, perm, "sysctl", mode);
-}
-/**
 * tomoyo_check_exec_perm - Check permission for "execute".
 *
 * @domain:   Pointer to "struct tomoyo_domain_info".
 * @filename: Check permission for "execute".
 *
 * Returns 0 on success, negativevalue otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
 */
 int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
                           const struct tomoyo_path_info *filename)
@@ -1151,6 +1091,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
        struct tomoyo_path_info *buf;
        const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
        const bool is_enforce = (mode == 3);
+        int idx;
        if (!mode || !path->mnt)
                return 0;
@@ -1162,6 +1103,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
                 * don't call me.
                 */
                return 0;
+        idx = tomoyo_read_lock();
        buf = tomoyo_get_path(path);
        if (!buf)
                goto out;
@@ -1174,49 +1116,50 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
        if ((acc_mode & MAY_WRITE) &&
            ((flag & O_TRUNC) || !(flag & O_APPEND)) &&
            (tomoyo_is_no_rewrite_file(buf))) {
-                error = tomoyo_check_single_path_permission2(domain,
+                error = tomoyo_path_permission2(domain, TOMOYO_TYPE_REWRITE,
-                                                     TOMOYO_TYPE_REWRITE_ACL,
+                                                buf, mode);
-                                                             buf, mode);
        }
        if (!error)
                error = tomoyo_check_file_perm2(domain, buf, acc_mode, "open",
                                                mode);
        if (!error && (flag & O_TRUNC))
-                error = tomoyo_check_single_path_permission2(domain,
+                error = tomoyo_path_permission2(domain, TOMOYO_TYPE_TRUNCATE,
-                                                     TOMOYO_TYPE_TRUNCATE_ACL,
+                                                buf, mode);
-                                                             buf, mode);
 out:
-        tomoyo_free(buf);
+        kfree(buf);
+        tomoyo_read_unlock(idx);
        if (!is_enforce)
                error = 0;
        return error;
 }
 /**
- * tomoyo_check_1path_perm - Check permission for "create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock", "mkblock", "mkchar", "truncate" and "symlink".
+ * tomoyo_path_perm - Check permission for "create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock", "mkblock", "mkchar", "truncate", "symlink", "ioctl", "chmod", "chown", "chgrp", "chroot", "mount" and "unmount".
 *
- * @domain:    Pointer to "struct tomoyo_domain_info".
 * @operation: Type of operation.
 * @path:      Pointer to "struct path".
 *
 * Returns 0 on success, negative value otherwise.
 */
-int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain,
+int tomoyo_path_perm(const u8 operation, struct path *path)
-                            const u8 operation, struct path *path)
 {
        int error = -ENOMEM;
        struct tomoyo_path_info *buf;
+        struct tomoyo_domain_info *domain = tomoyo_domain();
        const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
        const bool is_enforce = (mode == 3);
+        int idx;
        if (!mode || !path->mnt)
                return 0;
+        idx = tomoyo_read_lock();
        buf = tomoyo_get_path(path);
        if (!buf)
                goto out;
        switch (operation) {
-        case TOMOYO_TYPE_MKDIR_ACL:
+        case TOMOYO_TYPE_MKDIR:
-        case TOMOYO_TYPE_RMDIR_ACL:
+        case TOMOYO_TYPE_RMDIR:
+        case TOMOYO_TYPE_CHROOT:
                if (!buf->is_dir) {
                        /*
                         * tomoyo_get_path() reserves space for appending "/."
@@ -1225,10 +1168,10 @@ int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain,
                        tomoyo_fill_path_info(buf);
                }
        }
-        error = tomoyo_check_single_path_permission2(domain, operation, buf,
+        error = tomoyo_path_permission2(domain, operation, buf, mode);
-                                                     mode);
 out:
-        tomoyo_free(buf);
+        kfree(buf);
+        tomoyo_read_unlock(idx);
        if (!is_enforce)
                error = 0;
        return error;
@@ -1237,21 +1180,23 @@ int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain,
 /**
 * tomoyo_check_rewrite_permission - Check permission for "rewrite".
 *
- * @domain: Pointer to "struct tomoyo_domain_info".
 * @filp: Pointer to "struct file".
 *
 * Returns 0 on success, negative value otherwise.
 */
-int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain,
+int tomoyo_check_rewrite_permission(struct file *filp)
-                                    struct file *filp)
 {
        int error = -ENOMEM;
+        struct tomoyo_domain_info *domain = tomoyo_domain();
        const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
        const bool is_enforce = (mode == 3);
        struct tomoyo_path_info *buf;
+        int idx;
        if (!mode || !filp->f_path.mnt)
                return 0;
+        idx = tomoyo_read_lock();
        buf = tomoyo_get_path(&filp->f_path);
        if (!buf)
                goto out;
@@ -1259,38 +1204,38 @@ int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain,
                error = 0;
                goto out;
        }
-        error = tomoyo_check_single_path_permission2(domain,
+        error = tomoyo_path_permission2(domain, TOMOYO_TYPE_REWRITE, buf, mode);
-                                                     TOMOYO_TYPE_REWRITE_ACL,
-                                                     buf, mode);
 out:
-        tomoyo_free(buf);
+        kfree(buf);
+        tomoyo_read_unlock(idx);
        if (!is_enforce)
                error = 0;
        return error;
 }
 /**
- * tomoyo_check_2path_perm - Check permission for "rename" and "link".
+ * tomoyo_path2_perm - Check permission for "rename", "link" and "pivot_root".
 *
- * @domain:    Pointer to "struct tomoyo_domain_info".
 * @operation: Type of operation.
 * @path1:      Pointer to "struct path".
 * @path2:      Pointer to "struct path".
 *
 * Returns 0 on success, negative value otherwise.
 */
-int tomoyo_check_2path_perm(struct tomoyo_domain_info * const domain,
+int tomoyo_path2_perm(const u8 operation, struct path *path1,
-                            const u8 operation, struct path *path1,
+                      struct path *path2)
-                            struct path *path2)
 {
        int error = -ENOMEM;
        struct tomoyo_path_info *buf1, *buf2;
+        struct tomoyo_domain_info *domain = tomoyo_domain();
        const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
        const bool is_enforce = (mode == 3);
        const char *msg;
+        int idx;
        if (!mode || !path1->mnt || !path2->mnt)
                return 0;
+        idx = tomoyo_read_lock();
        buf1 = tomoyo_get_path(path1);
        buf2 = tomoyo_get_path(path2);
        if (!buf1 || !buf2)
@@ -1311,8 +1256,8 @@ int tomoyo_check_2path_perm(struct tomoyo_domain_info * const domain,
                        }
                }
        }
-        error = tomoyo_check_double_path_acl(domain, operation, buf1, buf2);
+        error = tomoyo_path2_acl(domain, operation, buf1, buf2);
-        msg = tomoyo_dp2keyword(operation);
+        msg = tomoyo_path22keyword(operation);
        if (!error)
                goto out;
        if (tomoyo_verbose_mode(domain))
@@ -1323,12 +1268,13 @@ int tomoyo_check_2path_perm(struct tomoyo_domain_info * const domain,
        if (mode == 1 && tomoyo_domain_quota_is_ok(domain)) {
                const char *name1 = tomoyo_get_file_pattern(buf1)->name;
                const char *name2 = tomoyo_get_file_pattern(buf2)->name;
-                tomoyo_update_double_path_acl(operation, name1, name2, domain,
+                tomoyo_update_path2_acl(operation, name1, name2, domain,
-                                              false);
+                                        false);
        }
 out:
-        tomoyo_free(buf1);
+        kfree(buf1);
-        tomoyo_free(buf2);
+        kfree(buf2);
+        tomoyo_read_unlock(idx);
        if (!is_enforce)
                error = 0;
        return error;
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
new file mode 100644
index 000000000000..d9ad35bc7fa8
--- /dev/null
+++ b/security/tomoyo/gc.c
@@ -0,0 +1,371 @@
+/*
+ * security/tomoyo/gc.c
+ *
+ * Implementation of the Domain-Based Mandatory Access Control.
+ *
+ * Copyright (C) 2005-2010  NTT DATA CORPORATION
+ *
+ */
+#include "common.h"
+#include <linux/kthread.h>
+#include <linux/slab.h>
+enum tomoyo_gc_id {
+        TOMOYO_ID_DOMAIN_INITIALIZER,
+        TOMOYO_ID_DOMAIN_KEEPER,
+        TOMOYO_ID_ALIAS,
+        TOMOYO_ID_GLOBALLY_READABLE,
+        TOMOYO_ID_PATTERN,
+        TOMOYO_ID_NO_REWRITE,
+        TOMOYO_ID_MANAGER,
+        TOMOYO_ID_NAME,
+        TOMOYO_ID_ACL,
+        TOMOYO_ID_DOMAIN
+};
+struct tomoyo_gc_entry {
+        struct list_head list;
+        int type;
+        void *element;
+};
+static LIST_HEAD(tomoyo_gc_queue);
+static DEFINE_MUTEX(tomoyo_gc_mutex);
+/* Caller holds tomoyo_policy_lock mutex. */
+static bool tomoyo_add_to_gc(const int type, void *element)
+{
+        struct tomoyo_gc_entry *entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
+        if (!entry)
+                return false;
+        entry->type = type;
+        entry->element = element;
+        list_add(&entry->list, &tomoyo_gc_queue);
+        return true;
+}
+static void tomoyo_del_allow_read
+(struct tomoyo_globally_readable_file_entry *ptr)
+{
+        tomoyo_put_name(ptr->filename);
+}
+static void tomoyo_del_file_pattern(struct tomoyo_pattern_entry *ptr)
+{
+        tomoyo_put_name(ptr->pattern);
+}
+static void tomoyo_del_no_rewrite(struct tomoyo_no_rewrite_entry *ptr)
+{
+        tomoyo_put_name(ptr->pattern);
+}
+static void tomoyo_del_domain_initializer
+(struct tomoyo_domain_initializer_entry *ptr)
+{
+        tomoyo_put_name(ptr->domainname);
+        tomoyo_put_name(ptr->program);
+}
+static void tomoyo_del_domain_keeper(struct tomoyo_domain_keeper_entry *ptr)
+{
+        tomoyo_put_name(ptr->domainname);
+        tomoyo_put_name(ptr->program);
+}
+static void tomoyo_del_alias(struct tomoyo_alias_entry *ptr)
+{
+        tomoyo_put_name(ptr->original_name);
+        tomoyo_put_name(ptr->aliased_name);
+}
+static void tomoyo_del_manager(struct tomoyo_policy_manager_entry *ptr)
+{
+        tomoyo_put_name(ptr->manager);
+}
+static void tomoyo_del_acl(struct tomoyo_acl_info *acl)
+{
+        switch (acl->type) {
+        case TOMOYO_TYPE_PATH_ACL:
+                {
+                        struct tomoyo_path_acl *entry
+                                = container_of(acl, typeof(*entry), head);
+                        tomoyo_put_name(entry->filename);
+                }
+                break;
+        case TOMOYO_TYPE_PATH2_ACL:
+                {
+                        struct tomoyo_path2_acl *entry
+                                = container_of(acl, typeof(*entry), head);
+                        tomoyo_put_name(entry->filename1);
+                        tomoyo_put_name(entry->filename2);
+                }
+                break;
+        default:
+                printk(KERN_WARNING "Unknown type\n");
+                break;
+        }
+}
+static bool tomoyo_del_domain(struct tomoyo_domain_info *domain)
+{
+        struct tomoyo_acl_info *acl;
+        struct tomoyo_acl_info *tmp;
+        /*
+         * Since we don't protect whole execve() operation using SRCU,
+         * we need to recheck domain->users at this point.
+         *
+         * (1) Reader starts SRCU section upon execve().
+         * (2) Reader traverses tomoyo_domain_list and finds this domain.
+         * (3) Writer marks this domain as deleted.
+         * (4) Garbage collector removes this domain from tomoyo_domain_list
+         *     because this domain is marked as deleted and used by nobody.
+         * (5) Reader saves reference to this domain into
+         *     "struct linux_binprm"->cred->security .
+         * (6) Reader finishes SRCU section, although execve() operation has
+         *     not finished yet.
+         * (7) Garbage collector waits for SRCU synchronization.
+         * (8) Garbage collector kfree() this domain because this domain is
+         *     used by nobody.
+         * (9) Reader finishes execve() operation and restores this domain from
+         *     "struct linux_binprm"->cred->security.
+         *
+         * By updating domain->users at (5), we can solve this race problem
+         * by rechecking domain->users at (8).
+         */
+        if (atomic_read(&domain->users))
+                return false;
+        list_for_each_entry_safe(acl, tmp, &domain->acl_info_list, list) {
+                tomoyo_del_acl(acl);
+                tomoyo_memory_free(acl);
+        }
+        tomoyo_put_name(domain->domainname);
+        return true;
+}
+static void tomoyo_del_name(const struct tomoyo_name_entry *ptr)
+{
+}
+static void tomoyo_collect_entry(void)
+{
+        mutex_lock(&tomoyo_policy_lock);
+        {
+                struct tomoyo_globally_readable_file_entry *ptr;
+                list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list,
+                                        list) {
+                        if (!ptr->is_deleted)
+                                continue;
+                        if (tomoyo_add_to_gc(TOMOYO_ID_GLOBALLY_READABLE, ptr))
+                                list_del_rcu(&ptr->list);
+                        else
+                                break;
+                }
+        }
+        {
+                struct tomoyo_pattern_entry *ptr;
+                list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) {
+                        if (!ptr->is_deleted)
+                                continue;
+                        if (tomoyo_add_to_gc(TOMOYO_ID_PATTERN, ptr))
+                                list_del_rcu(&ptr->list);
+                        else
+                                break;
+                }
+        }
+        {
+                struct tomoyo_no_rewrite_entry *ptr;
+                list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, list) {
+                        if (!ptr->is_deleted)
+                                continue;
+                        if (tomoyo_add_to_gc(TOMOYO_ID_NO_REWRITE, ptr))
+                                list_del_rcu(&ptr->list);
+                        else
+                                break;
+                }
+        }
+        {
+                struct tomoyo_domain_initializer_entry *ptr;
+                list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list,
+                                        list) {
+                        if (!ptr->is_deleted)
+                                continue;
+                        if (tomoyo_add_to_gc(TOMOYO_ID_DOMAIN_INITIALIZER, ptr))
+                                list_del_rcu(&ptr->list);
+                        else
+                                break;
+                }
+        }
+        {
+                struct tomoyo_domain_keeper_entry *ptr;
+                list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, list) {
+                        if (!ptr->is_deleted)
+                                continue;
+                        if (tomoyo_add_to_gc(TOMOYO_ID_DOMAIN_KEEPER, ptr))
+                                list_del_rcu(&ptr->list);
+                        else
+                                break;
+                }
+        }
+        {
+                struct tomoyo_alias_entry *ptr;
+                list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) {
+                        if (!ptr->is_deleted)
+                                continue;
+                        if (tomoyo_add_to_gc(TOMOYO_ID_ALIAS, ptr))
+                                list_del_rcu(&ptr->list);
+                        else
+                                break;
+                }
+        }
+        {
+                struct tomoyo_policy_manager_entry *ptr;
+                list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list,
+                                        list) {
+                        if (!ptr->is_deleted)
+                                continue;
+                        if (tomoyo_add_to_gc(TOMOYO_ID_MANAGER, ptr))
+                                list_del_rcu(&ptr->list);
+                        else
+                                break;
+                }
+        }
+        {
+                struct tomoyo_domain_info *domain;
+                list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
+                        struct tomoyo_acl_info *acl;
+                        list_for_each_entry_rcu(acl, &domain->acl_info_list,
+                                                list) {
+                                switch (acl->type) {
+                                case TOMOYO_TYPE_PATH_ACL:
+                                        if (container_of(acl,
+                                         struct tomoyo_path_acl,
+                                                         head)->perm ||
+                                            container_of(acl,
+                                         struct tomoyo_path_acl,
+                                                         head)->perm_high)
+                                                continue;
+                                        break;
+                                case TOMOYO_TYPE_PATH2_ACL:
+                                        if (container_of(acl,
+                                         struct tomoyo_path2_acl,
+                                                         head)->perm)
+                                                continue;
+                                        break;
+                                default:
+                                        continue;
+                                }
+                                if (tomoyo_add_to_gc(TOMOYO_ID_ACL, acl))
+                                        list_del_rcu(&acl->list);
+                                else
+                                        break;
+                        }
+                        if (!domain->is_deleted || atomic_read(&domain->users))
+                                continue;
+                        /*
+                         * Nobody is referring this domain. But somebody may
+                         * refer this domain after successful execve().
+                         * We recheck domain->users after SRCU synchronization.
+                         */
+                        if (tomoyo_add_to_gc(TOMOYO_ID_DOMAIN, domain))
+                                list_del_rcu(&domain->list);
+                        else
+                                break;
+                }
+        }
+        mutex_unlock(&tomoyo_policy_lock);
+        mutex_lock(&tomoyo_name_list_lock);
+        {
+                int i;
+                for (i = 0; i < TOMOYO_MAX_HASH; i++) {
+                        struct tomoyo_name_entry *ptr;
+                        list_for_each_entry_rcu(ptr, &tomoyo_name_list[i],
+                                                list) {
+                                if (atomic_read(&ptr->users))
+                                        continue;
+                                if (tomoyo_add_to_gc(TOMOYO_ID_NAME, ptr))
+                                        list_del_rcu(&ptr->list);
+                                else {
+                                        i = TOMOYO_MAX_HASH;
+                                        break;
+                                }
+                        }
+                }
+        }
+        mutex_unlock(&tomoyo_name_list_lock);
+}
+static void tomoyo_kfree_entry(void)
+{
+        struct tomoyo_gc_entry *p;
+        struct tomoyo_gc_entry *tmp;
+        list_for_each_entry_safe(p, tmp, &tomoyo_gc_queue, list) {
+                switch (p->type) {
+                case TOMOYO_ID_DOMAIN_INITIALIZER:
+                        tomoyo_del_domain_initializer(p->element);
+                        break;
+                case TOMOYO_ID_DOMAIN_KEEPER:
+                        tomoyo_del_domain_keeper(p->element);
+                        break;
+                case TOMOYO_ID_ALIAS:
+                        tomoyo_del_alias(p->element);
+                        break;
+                case TOMOYO_ID_GLOBALLY_READABLE:
+                        tomoyo_del_allow_read(p->element);
+                        break;
+                case TOMOYO_ID_PATTERN:
+                        tomoyo_del_file_pattern(p->element);
+                        break;
+                case TOMOYO_ID_NO_REWRITE:
+                        tomoyo_del_no_rewrite(p->element);
+                        break;
+                case TOMOYO_ID_MANAGER:
+                        tomoyo_del_manager(p->element);
+                        break;
+                case TOMOYO_ID_NAME:
+                        tomoyo_del_name(p->element);
+                        break;
+                case TOMOYO_ID_ACL:
+                        tomoyo_del_acl(p->element);
+                        break;
+                case TOMOYO_ID_DOMAIN:
+                        if (!tomoyo_del_domain(p->element))
+                                continue;
+                        break;
+                default:
+                        printk(KERN_WARNING "Unknown type\n");
+                        break;
+                }
+                tomoyo_memory_free(p->element);
+                list_del(&p->list);
+                kfree(p);
+        }
+}
+static int tomoyo_gc_thread(void *unused)
+{
+        daemonize("GC for TOMOYO");
+        if (mutex_trylock(&tomoyo_gc_mutex)) {
+                int i;
+                for (i = 0; i < 10; i++) {
+                        tomoyo_collect_entry();
+                        if (list_empty(&tomoyo_gc_queue))
+                                break;
+                        synchronize_srcu(&tomoyo_ss);
+                        tomoyo_kfree_entry();
+                }
+                mutex_unlock(&tomoyo_gc_mutex);
+        }
+        do_exit(0);
+}
+void tomoyo_run_gc(void)
+{
+        struct task_struct *task = kthread_create(tomoyo_gc_thread, NULL,
+                                                  "GC for TOMOYO");
+        if (!IS_ERR(task))
+                wake_up_process(task);
+}
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index 5f2e33263371..c225c65ce426 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -13,8 +13,10 @@
 #include <linux/mount.h>
 #include <linux/mnt_namespace.h>
 #include <linux/fs_struct.h>
+#include <linux/hash.h>
+#include <linux/magic.h>
+#include <linux/slab.h>
 #include "common.h"
-#include "realpath.h"
 /**
 * tomoyo_encode: Convert binary string to ascii string.
@@ -87,27 +89,21 @@ int tomoyo_realpath_from_path2(struct path *path, char *newname,
                sp = dentry->d_op->d_dname(dentry, newname + offset,
                                           newname_len - offset);
        } else {
-                /* Taken from d_namespace_path(). */
+                struct path ns_root = {.mnt = NULL, .dentry = NULL};
-                struct path root;
-                struct path ns_root = { };
-                struct path tmp;
-                read_lock(&current->fs->lock);
-                root = current->fs->root;
-                path_get(&root);
-                read_unlock(&current->fs->lock);
-                spin_lock(&vfsmount_lock);
-                if (root.mnt && root.mnt->mnt_ns)
-                        ns_root.mnt = mntget(root.mnt->mnt_ns->root);
-                if (ns_root.mnt)
-                        ns_root.dentry = dget(ns_root.mnt->mnt_root);
-                spin_unlock(&vfsmount_lock);
                spin_lock(&dcache_lock);
-                tmp = ns_root;
+                /* go to whatever namespace root we are under */
-                sp = __d_path(path, &tmp, newname, newname_len);
+                sp = __d_path(path, &ns_root, newname, newname_len);
                spin_unlock(&dcache_lock);
-                path_put(&root);
+                /* Prepend "/proc" prefix if using internal proc vfs mount. */
-                path_put(&ns_root);
+                if (!IS_ERR(sp) && (path->mnt->mnt_flags & MNT_INTERNAL) &&
+                    (path->mnt->mnt_sb->s_magic == PROC_SUPER_MAGIC)) {
+                        sp -= 5;
+                        if (sp >= newname)
+                                memcpy(sp, "/proc", 5);
+                        else
+                                sp = ERR_PTR(-ENOMEM);
+                }
        }
        if (IS_ERR(sp))
                error = PTR_ERR(sp);
@@ -138,12 +134,12 @@ int tomoyo_realpath_from_path2(struct path *path, char *newname,
 *
 * Returns the realpath of the given @path on success, NULL otherwise.
 *
- * These functions use tomoyo_alloc(), so the caller must call tomoyo_free()
+ * These functions use kzalloc(), so the caller must call kfree()
 * if these functions didn't return NULL.
 */
 char *tomoyo_realpath_from_path(struct path *path)
 {
-        char *buf = tomoyo_alloc(sizeof(struct tomoyo_page_buffer));
+        char *buf = kzalloc(sizeof(struct tomoyo_page_buffer), GFP_KERNEL);
        BUILD_BUG_ON(sizeof(struct tomoyo_page_buffer)
                     <= TOMOYO_MAX_PATHNAME_LEN - 1);
@@ -152,7 +148,7 @@ char *tomoyo_realpath_from_path(struct path *path)
        if (tomoyo_realpath_from_path2(path, buf,
                                       TOMOYO_MAX_PATHNAME_LEN - 1) == 0)
                return buf;
-        tomoyo_free(buf);
+        kfree(buf);
        return NULL;
 }
@@ -195,97 +191,47 @@ char *tomoyo_realpath_nofollow(const char *pathname)
 }
 /* Memory allocated for non-string data. */
-static unsigned int tomoyo_allocated_memory_for_elements;
+static atomic_t tomoyo_policy_memory_size;
-/* Quota for holding non-string data. */
+/* Quota for holding policy. */
-static unsigned int tomoyo_quota_for_elements;
+static unsigned int tomoyo_quota_for_policy;
 /**
- * tomoyo_alloc_element - Allocate permanent memory for structures.
+ * tomoyo_memory_ok - Check memory quota.
 *
- * @size: Size in bytes.
+ * @ptr: Pointer to allocated memory.
 *
- * Returns pointer to allocated memory on success, NULL otherwise.
+ * Returns true on success, false otherwise.
 *
- * Memory has to be zeroed.
+ * Caller holds tomoyo_policy_lock.
- * The RAM is chunked, so NEVER try to kfree() the returned pointer.
+ * Memory pointed by @ptr will be zeroed on success.
 */
-void *tomoyo_alloc_element(const unsigned int size)
+bool tomoyo_memory_ok(void *ptr)
 {
-        static char *buf;
+        int allocated_len = ptr ? ksize(ptr) : 0;
-        static DEFINE_MUTEX(lock);
+        atomic_add(allocated_len, &tomoyo_policy_memory_size);
-        static unsigned int buf_used_len = PATH_MAX;
+        if (ptr && (!tomoyo_quota_for_policy ||
-        char *ptr = NULL;
+                    atomic_read(&tomoyo_policy_memory_size)
-        /*Assumes sizeof(void *) >= sizeof(long) is true. */
+                    <= tomoyo_quota_for_policy)) {
-        const unsigned int word_aligned_size
+                memset(ptr, 0, allocated_len);
-                = roundup(size, max(sizeof(void *), sizeof(long)));
+                return true;
-        if (word_aligned_size > PATH_MAX)
-                return NULL;
-        mutex_lock(&lock);
-        if (buf_used_len + word_aligned_size > PATH_MAX) {
-                if (!tomoyo_quota_for_elements ||
-                    tomoyo_allocated_memory_for_elements
-                    + PATH_MAX <= tomoyo_quota_for_elements)
-                        ptr = kzalloc(PATH_MAX, GFP_KERNEL);
-                if (!ptr) {
-                        printk(KERN_WARNING "ERROR: Out of memory "
-                               "for tomoyo_alloc_element().\n");
-                        if (!tomoyo_policy_loaded)
-                                panic("MAC Initialization failed.\n");
-                } else {
-                        buf = ptr;
-                        tomoyo_allocated_memory_for_elements += PATH_MAX;
-                        buf_used_len = word_aligned_size;
-                        ptr = buf;
-                }
-        } else if (word_aligned_size) {
-                int i;
-                ptr = buf + buf_used_len;
-                buf_used_len += word_aligned_size;
-                for (i = 0; i < word_aligned_size; i++) {
-                        if (!ptr[i])
-                                continue;
-                        printk(KERN_ERR "WARNING: Reserved memory was tainted! "
-                               "The system might go wrong.\n");
-                        ptr[i] = '\0';
-                }
        }
-        mutex_unlock(&lock);
+        printk(KERN_WARNING "ERROR: Out of memory "
-        return ptr;
+               "for tomoyo_alloc_element().\n");
+        if (!tomoyo_policy_loaded)
+                panic("MAC Initialization failed.\n");
+        return false;
 }
-/* Memory allocated for string data in bytes. */
+/**
-static unsigned int tomoyo_allocated_memory_for_savename;
+ * tomoyo_memory_free - Free memory for elements.
-/* Quota for holding string data in bytes. */
-static unsigned int tomoyo_quota_for_savename;
-/*
- * TOMOYO uses this hash only when appending a string into the string
- * table. Frequency of appending strings is very low. So we don't need
- * large (e.g. 64k) hash size. 256 will be sufficient.
- */
-#define TOMOYO_MAX_HASH 256
-/*
- * tomoyo_name_entry is a structure which is used for linking
- * "struct tomoyo_path_info" into tomoyo_name_list .
 *
- * Since tomoyo_name_list manages a list of strings which are shared by
+ * @ptr:  Pointer to allocated memory.
- * multiple processes (whereas "struct tomoyo_path_info" inside
- * "struct tomoyo_path_info_with_data" is not shared), a reference counter will
- * be added to "struct tomoyo_name_entry" rather than "struct tomoyo_path_info"
- * when TOMOYO starts supporting garbage collector.
 */
-struct tomoyo_name_entry {
+void tomoyo_memory_free(void *ptr)
-        struct list_head list;
+{
-        struct tomoyo_path_info entry;
+        atomic_sub(ksize(ptr), &tomoyo_policy_memory_size);
-};
+        kfree(ptr);
+}
-/* Structure for available memory region. */
-struct tomoyo_free_memory_block_list {
-        struct list_head list;
-        char *ptr;             /* Pointer to a free area. */
-        int len;               /* Length of the area.     */
-};
 /*
 * tomoyo_name_list is used for holding string data used by TOMOYO.
@@ -293,85 +239,58 @@ struct tomoyo_free_memory_block_list {
 * "/lib/libc-2.5.so"), TOMOYO shares string data in the form of
 * "const struct tomoyo_path_info *".
 */
-static struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
+struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
+/* Lock for protecting tomoyo_name_list . */
+DEFINE_MUTEX(tomoyo_name_list_lock);
 /**
- * tomoyo_save_name - Allocate permanent memory for string data.
+ * tomoyo_get_name - Allocate permanent memory for string data.
 *
 * @name: The string to store into the permernent memory.
 *
 * Returns pointer to "struct tomoyo_path_info" on success, NULL otherwise.
- *
- * The RAM is shared, so NEVER try to modify or kfree() the returned name.
 */
-const struct tomoyo_path_info *tomoyo_save_name(const char *name)
+const struct tomoyo_path_info *tomoyo_get_name(const char *name)
 {
-        static LIST_HEAD(fmb_list);
-        static DEFINE_MUTEX(lock);
        struct tomoyo_name_entry *ptr;
        unsigned int hash;
-        /* fmb contains available size in bytes.
-           fmb is removed from the fmb_list when fmb->len becomes 0. */
-        struct tomoyo_free_memory_block_list *fmb;
        int len;
-        char *cp;
+        int allocated_len;
+        struct list_head *head;
        if (!name)
                return NULL;
        len = strlen(name) + 1;
-        if (len > TOMOYO_MAX_PATHNAME_LEN) {
-                printk(KERN_WARNING "ERROR: Name too long "
-                       "for tomoyo_save_name().\n");
-                return NULL;
-        }
        hash = full_name_hash((const unsigned char *) name, len - 1);
-        mutex_lock(&lock);
+        head = &tomoyo_name_list[hash_long(hash, TOMOYO_HASH_BITS)];
-        list_for_each_entry(ptr, &tomoyo_name_list[hash % TOMOYO_MAX_HASH],
+        mutex_lock(&tomoyo_name_list_lock);
-                             list) {
+        list_for_each_entry(ptr, head, list) {
-                if (hash == ptr->entry.hash && !strcmp(name, ptr->entry.name))
+                if (hash != ptr->entry.hash || strcmp(name, ptr->entry.name))
-                        goto out;
+                        continue;
-        }
+                atomic_inc(&ptr->users);
-        list_for_each_entry(fmb, &fmb_list, list) {
+                goto out;
-                if (len <= fmb->len)
-                        goto ready;
        }
-        if (!tomoyo_quota_for_savename ||
+        ptr = kzalloc(sizeof(*ptr) + len, GFP_KERNEL);
-            tomoyo_allocated_memory_for_savename + PATH_MAX
+        allocated_len = ptr ? ksize(ptr) : 0;
-            <= tomoyo_quota_for_savename)
+        if (!ptr || (tomoyo_quota_for_policy &&
-                cp = kzalloc(PATH_MAX, GFP_KERNEL);
+                     atomic_read(&tomoyo_policy_memory_size) + allocated_len
-        else
+                     > tomoyo_quota_for_policy)) {
-                cp = NULL;
+                kfree(ptr);
-        fmb = kzalloc(sizeof(*fmb), GFP_KERNEL);
-        if (!cp || !fmb) {
-                kfree(cp);
-                kfree(fmb);
                printk(KERN_WARNING "ERROR: Out of memory "
-                       "for tomoyo_save_name().\n");
+                       "for tomoyo_get_name().\n");
                if (!tomoyo_policy_loaded)
                        panic("MAC Initialization failed.\n");
                ptr = NULL;
                goto out;
        }
-        tomoyo_allocated_memory_for_savename += PATH_MAX;
+        atomic_add(allocated_len, &tomoyo_policy_memory_size);
-        list_add(&fmb->list, &fmb_list);
+        ptr->entry.name = ((char *) ptr) + sizeof(*ptr);
-        fmb->ptr = cp;
+        memmove((char *) ptr->entry.name, name, len);
-        fmb->len = PATH_MAX;
+        atomic_set(&ptr->users, 1);
- ready:
-        ptr = tomoyo_alloc_element(sizeof(*ptr));
-        if (!ptr)
-                goto out;
-        ptr->entry.name = fmb->ptr;
-        memmove(fmb->ptr, name, len);
        tomoyo_fill_path_info(&ptr->entry);
-        fmb->ptr += len;
+        list_add_tail(&ptr->list, head);
-        fmb->len -= len;
-        list_add_tail(&ptr->list, &tomoyo_name_list[hash % TOMOYO_MAX_HASH]);
-        if (fmb->len == 0) {
-                list_del(&fmb->list);
-                kfree(fmb);
-        }
 out:
-        mutex_unlock(&lock);
+        mutex_unlock(&tomoyo_name_list_lock);
        return ptr ? &ptr->entry : NULL;
 }
@@ -386,45 +305,14 @@ void __init tomoyo_realpath_init(void)
        for (i = 0; i < TOMOYO_MAX_HASH; i++)
                INIT_LIST_HEAD(&tomoyo_name_list[i]);
        INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list);
-        tomoyo_kernel_domain.domainname = tomoyo_save_name(TOMOYO_ROOT_NAME);
+        tomoyo_kernel_domain.domainname = tomoyo_get_name(TOMOYO_ROOT_NAME);
-        list_add_tail(&tomoyo_kernel_domain.list, &tomoyo_domain_list);
+        /*
-        down_read(&tomoyo_domain_list_lock);
+         * tomoyo_read_lock() is not needed because this function is
+         * called before the first "delete" request.
+         */
+        list_add_tail_rcu(&tomoyo_kernel_domain.list, &tomoyo_domain_list);
        if (tomoyo_find_domain(TOMOYO_ROOT_NAME) != &tomoyo_kernel_domain)
                panic("Can't register tomoyo_kernel_domain");
-        up_read(&tomoyo_domain_list_lock);
-}
-/* Memory allocated for temporary purpose. */
-static atomic_t tomoyo_dynamic_memory_size;
-/**
- * tomoyo_alloc - Allocate memory for temporary purpose.
- *
- * @size: Size in bytes.
- *
- * Returns pointer to allocated memory on success, NULL otherwise.
- */
-void *tomoyo_alloc(const size_t size)
-{
-        void *p = kzalloc(size, GFP_KERNEL);
-        if (p)
-                atomic_add(ksize(p), &tomoyo_dynamic_memory_size);
-        return p;
-}
-/**
- * tomoyo_free - Release memory allocated by tomoyo_alloc().
- *
- * @p: Pointer returned by tomoyo_alloc(). May be NULL.
- *
- * Returns nothing.
- */
-void tomoyo_free(const void *p)
-{
-        if (p) {
-                atomic_sub(ksize(p), &tomoyo_dynamic_memory_size);
-                kfree(p);
-        }
 }
 /**
@@ -437,32 +325,19 @@ void tomoyo_free(const void *p)
 int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head)
 {
        if (!head->read_eof) {
-                const unsigned int shared
+                const unsigned int policy
-                        = tomoyo_allocated_memory_for_savename;
+                        = atomic_read(&tomoyo_policy_memory_size);
-                const unsigned int private
-                        = tomoyo_allocated_memory_for_elements;
-                const unsigned int dynamic
-                        = atomic_read(&tomoyo_dynamic_memory_size);
                char buffer[64];
                memset(buffer, 0, sizeof(buffer));
-                if (tomoyo_quota_for_savename)
+                if (tomoyo_quota_for_policy)
-                        snprintf(buffer, sizeof(buffer) - 1,
-                                 "   (Quota: %10u)",
-                                 tomoyo_quota_for_savename);
-                else
-                        buffer[0] = '\0';
-                tomoyo_io_printf(head, "Shared:  %10u%s\n", shared, buffer);
-                if (tomoyo_quota_for_elements)
                        snprintf(buffer, sizeof(buffer) - 1,
                                 "   (Quota: %10u)",
-                                 tomoyo_quota_for_elements);
+                                 tomoyo_quota_for_policy);
                else
                        buffer[0] = '\0';
-                tomoyo_io_printf(head, "Private: %10u%s\n", private, buffer);
+                tomoyo_io_printf(head, "Policy:  %10u%s\n", policy, buffer);
-                tomoyo_io_printf(head, "Dynamic: %10u\n", dynamic);
+                tomoyo_io_printf(head, "Total:   %10u\n", policy);
-                tomoyo_io_printf(head, "Total:   %10u\n",
-                                 shared + private + dynamic);
                head->read_eof = true;
        }
        return 0;
@@ -480,9 +355,7 @@ int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head)
        char *data = head->write_buf;
        unsigned int size;
-        if (sscanf(data, "Shared: %u", &size) == 1)
+        if (sscanf(data, "Policy: %u", &size) == 1)
-                tomoyo_quota_for_savename = size;
+                tomoyo_quota_for_policy = size;
-        else if (sscanf(data, "Private: %u", &size) == 1)
-                tomoyo_quota_for_elements = size;
        return 0;
 }
diff --git a/security/tomoyo/realpath.h b/security/tomoyo/realpath.h
deleted file mode 100644
index 78217a37960b..000000000000
--- a/security/tomoyo/realpath.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * security/tomoyo/realpath.h
- *
- * Get the canonicalized absolute pathnames. The basis for TOMOYO.
- *
- * Copyright (C) 2005-2009  NTT DATA CORPORATION
- *
- * Version: 2.2.0   2009/04/01
- *
- */
-#ifndef _SECURITY_TOMOYO_REALPATH_H
-#define _SECURITY_TOMOYO_REALPATH_H
-struct path;
-struct tomoyo_path_info;
-struct tomoyo_io_buffer;
-/* Convert binary string to ascii string. */
-int tomoyo_encode(char *buffer, int buflen, const char *str);
-/* Returns realpath(3) of the given pathname but ignores chroot'ed root. */
-int tomoyo_realpath_from_path2(struct path *path, char *newname,
-                               int newname_len);
-/*
- * Returns realpath(3) of the given pathname but ignores chroot'ed root.
- * These functions use tomoyo_alloc(), so the caller must call tomoyo_free()
- * if these functions didn't return NULL.
- */
-char *tomoyo_realpath(const char *pathname);
-/*
- * Same with tomoyo_realpath() except that it doesn't follow the final symlink.
- */
-char *tomoyo_realpath_nofollow(const char *pathname);
-/* Same with tomoyo_realpath() except that the pathname is already solved. */
-char *tomoyo_realpath_from_path(struct path *path);
-/*
- * Allocate memory for ACL entry.
- * The RAM is chunked, so NEVER try to kfree() the returned pointer.
- */
-void *tomoyo_alloc_element(const unsigned int size);
-/*
- * Keep the given name on the RAM.
- * The RAM is shared, so NEVER try to modify or kfree() the returned name.
- */
-const struct tomoyo_path_info *tomoyo_save_name(const char *name);
-/* Allocate memory for temporary use (e.g. permission checks). */
-void *tomoyo_alloc(const size_t size);
-/* Free memory allocated by tomoyo_alloc(). */
-void tomoyo_free(const void *p);
-/* Check for memory usage. */
-int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head);
-/* Set memory quota. */
-int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head);
-/* Initialize realpath related code. */
-void __init tomoyo_realpath_init(void);
-#endif /* !defined(_SECURITY_TOMOYO_REALPATH_H) */
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 9548a0984cc4..dedd97d0c163 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -11,8 +11,6 @@
 #include <linux/security.h>
 #include "common.h"
-#include "tomoyo.h"
-#include "realpath.h"
 static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
 {
@@ -23,21 +21,23 @@ static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
 static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
                               gfp_t gfp)
 {
-        /*
+        struct tomoyo_domain_info *domain = old->security;
-         * Since "struct tomoyo_domain_info *" is a sharable pointer,
+        new->security = domain;
-         * we don't need to duplicate.
+        if (domain)
-         */
+                atomic_inc(&domain->users);
-        new->security = old->security;
        return 0;
 }
 static void tomoyo_cred_transfer(struct cred *new, const struct cred *old)
 {
-        /*
+        tomoyo_cred_prepare(new, old, 0);
-         * Since "struct tomoyo_domain_info *" is a sharable pointer,
+}
-         * we don't need to duplicate.
-         */
+static void tomoyo_cred_free(struct cred *cred)
-        new->security = old->security;
+{
+        struct tomoyo_domain_info *domain = cred->security;
+        if (domain)
+                atomic_dec(&domain->users);
 }
 static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
@@ -61,6 +61,14 @@ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
        if (!tomoyo_policy_loaded)
                tomoyo_load_policy(bprm->filename);
        /*
+         * Release reference to "struct tomoyo_domain_info" stored inside
+         * "bprm->cred->security". New reference to "struct tomoyo_domain_info"
+         * stored inside "bprm->cred->security" will be acquired later inside
+         * tomoyo_find_next_domain().
+         */
+        atomic_dec(&((struct tomoyo_domain_info *)
+                     bprm->cred->security)->users);
+        /*
         * Tell tomoyo_bprm_check_security() is called for the first time of an
         * execve operation.
         */
@@ -76,156 +84,71 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
         * Execute permission is checked against pathname passed to do_execve()
         * using current domain.
         */
-        if (!domain)
+        if (!domain) {
-                return tomoyo_find_next_domain(bprm);
+                const int idx = tomoyo_read_lock();
+                const int err = tomoyo_find_next_domain(bprm);
+                tomoyo_read_unlock(idx);
+                return err;
+        }
        /*
         * Read permission is checked against interpreters using next domain.
-         * '1' is the result of open_to_namei_flags(O_RDONLY).
         */
-        return tomoyo_check_open_permission(domain, &bprm->file->f_path, 1);
+        return tomoyo_check_open_permission(domain, &bprm->file->f_path, O_RDONLY);
-}
-#ifdef CONFIG_SYSCTL
-static int tomoyo_prepend(char **buffer, int *buflen, const char *str)
-{
-        int namelen = strlen(str);
-        if (*buflen < namelen)
-                return -ENOMEM;
-        *buflen -= namelen;
-        *buffer -= namelen;
-        memcpy(*buffer, str, namelen);
-        return 0;
-}
-/**
- * tomoyo_sysctl_path - return the realpath of a ctl_table.
- * @table: pointer to "struct ctl_table".
- *
- * Returns realpath(3) of the @table on success.
- * Returns NULL on failure.
- *
- * This function uses tomoyo_alloc(), so the caller must call tomoyo_free()
- * if this function didn't return NULL.
- */
-static char *tomoyo_sysctl_path(struct ctl_table *table)
-{
-        int buflen = TOMOYO_MAX_PATHNAME_LEN;
-        char *buf = tomoyo_alloc(buflen);
-        char *end = buf + buflen;
-        int error = -ENOMEM;
-        if (!buf)
-                return NULL;
-        *--end = '\0';
-        buflen--;
-        while (table) {
-                char num[32];
-                const char *sp = table->procname;
-                if (!sp) {
-                        memset(num, 0, sizeof(num));
-                        snprintf(num, sizeof(num) - 1, "=%d=", table->ctl_name);
-                        sp = num;
-                }
-                if (tomoyo_prepend(&end, &buflen, sp) ||
-                    tomoyo_prepend(&end, &buflen, "/"))
-                        goto out;
-                table = table->parent;
-        }
-        if (tomoyo_prepend(&end, &buflen, "/proc/sys"))
-                goto out;
-        error = tomoyo_encode(buf, end - buf, end);
- out:
-        if (!error)
-                return buf;
-        tomoyo_free(buf);
-        return NULL;
-}
-static int tomoyo_sysctl(struct ctl_table *table, int op)
-{
-        int error;
-        char *name;
-        op &= MAY_READ | MAY_WRITE;
-        if (!op)
-                return 0;
-        name = tomoyo_sysctl_path(table);
-        if (!name)
-                return -ENOMEM;
-        error = tomoyo_check_file_perm(tomoyo_domain(), name, op);
-        tomoyo_free(name);
-        return error;
 }
-#endif
 static int tomoyo_path_truncate(struct path *path, loff_t length,
                                unsigned int time_attrs)
 {
-        return tomoyo_check_1path_perm(tomoyo_domain(),
+        return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path);
-                                       TOMOYO_TYPE_TRUNCATE_ACL,
-                                       path);
 }
 static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
 {
        struct path path = { parent->mnt, dentry };
-        return tomoyo_check_1path_perm(tomoyo_domain(),
+        return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path);
-                                       TOMOYO_TYPE_UNLINK_ACL,
-                                       &path);
 }
 static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
                             int mode)
 {
        struct path path = { parent->mnt, dentry };
-        return tomoyo_check_1path_perm(tomoyo_domain(),
+        return tomoyo_path_perm(TOMOYO_TYPE_MKDIR, &path);
-                                       TOMOYO_TYPE_MKDIR_ACL,
-                                       &path);
 }
 static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
 {
        struct path path = { parent->mnt, dentry };
-        return tomoyo_check_1path_perm(tomoyo_domain(),
+        return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path);
-                                       TOMOYO_TYPE_RMDIR_ACL,
-                                       &path);
 }
 static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
                               const char *old_name)
 {
        struct path path = { parent->mnt, dentry };
-        return tomoyo_check_1path_perm(tomoyo_domain(),
+        return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path);
-                                       TOMOYO_TYPE_SYMLINK_ACL,
-                                       &path);
 }
 static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
                             int mode, unsigned int dev)
 {
        struct path path = { parent->mnt, dentry };
-        int type = TOMOYO_TYPE_CREATE_ACL;
+        int type = TOMOYO_TYPE_CREATE;
        switch (mode & S_IFMT) {
        case S_IFCHR:
-                type = TOMOYO_TYPE_MKCHAR_ACL;
+                type = TOMOYO_TYPE_MKCHAR;
                break;
        case S_IFBLK:
-                type = TOMOYO_TYPE_MKBLOCK_ACL;
+                type = TOMOYO_TYPE_MKBLOCK;
                break;
        case S_IFIFO:
-                type = TOMOYO_TYPE_MKFIFO_ACL;
+                type = TOMOYO_TYPE_MKFIFO;
                break;
        case S_IFSOCK:
-                type = TOMOYO_TYPE_MKSOCK_ACL;
+                type = TOMOYO_TYPE_MKSOCK;
                break;
        }
-        return tomoyo_check_1path_perm(tomoyo_domain(),
+        return tomoyo_path_perm(type, &path);
-                                       type, &path);
 }
 static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
@@ -233,9 +156,7 @@ static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
 {
        struct path path1 = { new_dir->mnt, old_dentry };
        struct path path2 = { new_dir->mnt, new_dentry };
-        return tomoyo_check_2path_perm(tomoyo_domain(),
+        return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
-                                       TOMOYO_TYPE_LINK_ACL,
-                                       &path1, &path2);
 }
 static int tomoyo_path_rename(struct path *old_parent,
@@ -245,32 +166,71 @@ static int tomoyo_path_rename(struct path *old_parent,
 {
        struct path path1 = { old_parent->mnt, old_dentry };
        struct path path2 = { new_parent->mnt, new_dentry };
-        return tomoyo_check_2path_perm(tomoyo_domain(),
+        return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
-                                       TOMOYO_TYPE_RENAME_ACL,
-                                       &path1, &path2);
 }
 static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,
                             unsigned long arg)
 {
        if (cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND))
-                return tomoyo_check_rewrite_permission(tomoyo_domain(), file);
+                return tomoyo_check_rewrite_permission(file);
        return 0;
 }
 static int tomoyo_dentry_open(struct file *f, const struct cred *cred)
 {
        int flags = f->f_flags;
-        if ((flags + 1) & O_ACCMODE)
-                flags++;
-        flags |= f->f_flags & (O_APPEND | O_TRUNC);
        /* Don't check read permission here if called from do_execve(). */
        if (current->in_execve)
                return 0;
        return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags);
 }
+static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
+                             unsigned long arg)
+{
+        return tomoyo_path_perm(TOMOYO_TYPE_IOCTL, &file->f_path);
+}
+static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
+                             mode_t mode)
+{
+        struct path path = { mnt, dentry };
+        return tomoyo_path_perm(TOMOYO_TYPE_CHMOD, &path);
+}
+static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)
+{
+        int error = 0;
+        if (uid != (uid_t) -1)
+                error = tomoyo_path_perm(TOMOYO_TYPE_CHOWN, path);
+        if (!error && gid != (gid_t) -1)
+                error = tomoyo_path_perm(TOMOYO_TYPE_CHGRP, path);
+        return error;
+}
+static int tomoyo_path_chroot(struct path *path)
+{
+        return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path);
+}
+static int tomoyo_sb_mount(char *dev_name, struct path *path,
+                           char *type, unsigned long flags, void *data)
+{
+        return tomoyo_path_perm(TOMOYO_TYPE_MOUNT, path);
+}
+static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
+{
+        struct path path = { mnt, mnt->mnt_root };
+        return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path);
+}
+static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path)
+{
+        return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
+}
 /*
 * tomoyo_security_ops is a "struct security_operations" which is used for
 * registering TOMOYO.
@@ -280,11 +240,9 @@ static struct security_operations tomoyo_security_ops = {
        .cred_alloc_blank    = tomoyo_cred_alloc_blank,
        .cred_prepare        = tomoyo_cred_prepare,
        .cred_transfer       = tomoyo_cred_transfer,
+        .cred_free           = tomoyo_cred_free,
        .bprm_set_creds      = tomoyo_bprm_set_creds,
        .bprm_check_security = tomoyo_bprm_check_security,
-#ifdef CONFIG_SYSCTL
-        .sysctl              = tomoyo_sysctl,
-#endif
        .file_fcntl          = tomoyo_file_fcntl,
        .dentry_open         = tomoyo_dentry_open,
        .path_truncate       = tomoyo_path_truncate,
@@ -295,8 +253,18 @@ static struct security_operations tomoyo_security_ops = {
        .path_mknod          = tomoyo_path_mknod,
        .path_link           = tomoyo_path_link,
        .path_rename         = tomoyo_path_rename,
+        .file_ioctl          = tomoyo_file_ioctl,
+        .path_chmod          = tomoyo_path_chmod,
+        .path_chown          = tomoyo_path_chown,
+        .path_chroot         = tomoyo_path_chroot,
+        .sb_mount            = tomoyo_sb_mount,
+        .sb_umount           = tomoyo_sb_umount,
+        .sb_pivotroot        = tomoyo_sb_pivotroot,
 };
+/* Lock for GC. */
+struct srcu_struct tomoyo_ss;
 static int __init tomoyo_init(void)
 {
        struct cred *cred = (struct cred *) current_cred();
@@ -304,7 +272,8 @@ static int __init tomoyo_init(void)
        if (!security_module_enable(&tomoyo_security_ops))
                return 0;
        /* register ourselves with the security framework */
-        if (register_security(&tomoyo_security_ops))
+        if (register_security(&tomoyo_security_ops) ||
+            init_srcu_struct(&tomoyo_ss))
                panic("Failure registering TOMOYO Linux");
        printk(KERN_INFO "TOMOYO Linux initialized\n");
        cred->security = &tomoyo_kernel_domain;
diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h
deleted file mode 100644
index cd6ba0bf7069..000000000000
--- a/security/tomoyo/tomoyo.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * security/tomoyo/tomoyo.h
- *
- * Implementation of the Domain-Based Mandatory Access Control.
- *
- * Copyright (C) 2005-2009  NTT DATA CORPORATION
- *
- * Version: 2.2.0   2009/04/01
- *
- */
-#ifndef _SECURITY_TOMOYO_TOMOYO_H
-#define _SECURITY_TOMOYO_TOMOYO_H
-struct tomoyo_path_info;
-struct path;
-struct inode;
-struct linux_binprm;
-struct pt_regs;
-int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
-                           const char *filename, const u8 perm);
-int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
-                           const struct tomoyo_path_info *filename);
-int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
-                                 struct path *path, const int flag);
-int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain,
-                            const u8 operation, struct path *path);
-int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain,
-                            const u8 operation, struct path *path1,
-                            struct path *path2);
-int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain,
-                                    struct file *filp);
-int tomoyo_find_next_domain(struct linux_binprm *bprm);
-/* Index numbers for Access Controls. */
-#define TOMOYO_TYPE_SINGLE_PATH_ACL                 0
-#define TOMOYO_TYPE_DOUBLE_PATH_ACL                 1
-/* Index numbers for File Controls. */
-/*
- * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set
- * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and
- * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set.
- * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or
- * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are
- * automatically cleared if TYPE_READ_WRITE_ACL is cleared.
- */
-#define TOMOYO_TYPE_READ_WRITE_ACL    0
-#define TOMOYO_TYPE_EXECUTE_ACL       1
-#define TOMOYO_TYPE_READ_ACL          2
-#define TOMOYO_TYPE_WRITE_ACL         3
-#define TOMOYO_TYPE_CREATE_ACL        4
-#define TOMOYO_TYPE_UNLINK_ACL        5
-#define TOMOYO_TYPE_MKDIR_ACL         6
-#define TOMOYO_TYPE_RMDIR_ACL         7
-#define TOMOYO_TYPE_MKFIFO_ACL        8
-#define TOMOYO_TYPE_MKSOCK_ACL        9
-#define TOMOYO_TYPE_MKBLOCK_ACL      10
-#define TOMOYO_TYPE_MKCHAR_ACL       11
-#define TOMOYO_TYPE_TRUNCATE_ACL     12
-#define TOMOYO_TYPE_SYMLINK_ACL      13
-#define TOMOYO_TYPE_REWRITE_ACL      14
-#define TOMOYO_MAX_SINGLE_PATH_OPERATION 15
-#define TOMOYO_TYPE_LINK_ACL         0
-#define TOMOYO_TYPE_RENAME_ACL       1
-#define TOMOYO_MAX_DOUBLE_PATH_OPERATION 2
-#define TOMOYO_DOMAINPOLICY          0
-#define TOMOYO_EXCEPTIONPOLICY       1
-#define TOMOYO_DOMAIN_STATUS         2
-#define TOMOYO_PROCESS_STATUS        3
-#define TOMOYO_MEMINFO               4
-#define TOMOYO_SELFDOMAIN            5
-#define TOMOYO_VERSION               6
-#define TOMOYO_PROFILE               7
-#define TOMOYO_MANAGER               8
-extern struct tomoyo_domain_info tomoyo_kernel_domain;
-static inline struct tomoyo_domain_info *tomoyo_domain(void)
-{
-        return current_cred()->security;
-}
-static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
-                                                            *task)
-{
-        return task_cred_xxx(task, security);
-}
-#endif /* !defined(_SECURITY_TOMOYO_TOMOYO_H) */
author	Andrea Bastoni <bastoni@cs.unc.edu>	2010-05-30 19:16:45 -0400
committer	Andrea Bastoni <bastoni@cs.unc.edu>	2010-05-30 19:16:45 -0400
commit	ada47b5fe13d89735805b566185f4885f5a3f750 (patch)
tree	644b88f8a71896307d71438e9b3af49126ffb22b /security
parent	43e98717ad40a4ae64545b5ba047c7b86aa44f4f (diff)
parent	3280f21d43ee541f97f8cda5792150d2dbec20d5 (diff)