130 static int audit_mount(struct aa_profile *profile, const char *op,  in audit_mount()  argument
142 		if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL))  in audit_mount()
160 		    AUDIT_MODE(profile) != AUDIT_NOQUIET &&  in audit_mount()
161 		    AUDIT_MODE(profile) != AUDIT_ALL)  in audit_mount()
178 	return aa_audit(audit_type, profile, &sa, audit_cb);  in audit_mount()
293 static int path_flags(struct aa_profile *profile, const struct path *path)  in path_flags()  argument
295 	AA_BUG(!profile);  in path_flags()
298 	return profile->path_flags |  in path_flags()
316 static int match_mnt_path_str(struct aa_profile *profile,  in match_mnt_path_str()  argument
326 	AA_BUG(!profile);  in match_mnt_path_str()
330 	if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))  in match_mnt_path_str()
333 	error = aa_path_name(mntpath, path_flags(profile, mntpath), buffer,  in match_mnt_path_str()
334 			     &mntpnt, &info, profile->disconnected);  in match_mnt_path_str()
345 	pos = do_match_mnt(profile->policy.dfa,  in match_mnt_path_str()
346 			   profile->policy.start[AA_CLASS_MOUNT],  in match_mnt_path_str()
355 	return audit_mount(profile, OP_MOUNT, mntpnt, devname, type, NULL,  in match_mnt_path_str()
373 static int match_mnt(struct aa_profile *profile, const struct path *path,  in match_mnt()  argument
381 	AA_BUG(!profile);  in match_mnt()
384 	if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))  in match_mnt()
388 		error = aa_path_name(devpath, path_flags(profile, devpath),  in match_mnt()
390 				     profile->disconnected);  in match_mnt()
395 	return match_mnt_path_str(profile, path, buffer, devname, type, flags,  in match_mnt()
402 	struct aa_profile *profile;  in aa_remount()  local
415 	error = fn_for_each_confined(label, profile,  in aa_remount()
416 			match_mnt(profile, path, buffer, NULL, NULL, NULL,  in aa_remount()
426 	struct aa_profile *profile;  in aa_bind_mount()  local
449 	error = fn_for_each_confined(label, profile,  in aa_bind_mount()
450 			match_mnt(profile, path, buffer, &old_path, old_buffer,  in aa_bind_mount()
463 	struct aa_profile *profile;  in aa_mount_change_type()  local
477 	error = fn_for_each_confined(label, profile,  in aa_mount_change_type()
478 			match_mnt(profile, path, buffer, NULL, NULL, NULL,  in aa_mount_change_type()
488 	struct aa_profile *profile;  in aa_move_mount()  local
508 	error = fn_for_each_confined(label, profile,  in aa_move_mount()
509 			match_mnt(profile, path, buffer, &old_path, old_buffer,  in aa_move_mount()
523 	struct aa_profile *profile;  in aa_new_mount()  local
565 		error = fn_for_each_confined(label, profile,  in aa_new_mount()
566 			match_mnt(profile, path, buffer, dev_path, dev_buffer,  in aa_new_mount()
569 		error = fn_for_each_confined(label, profile,  in aa_new_mount()
570 			match_mnt_path_str(profile, path, buffer, dev_name,  in aa_new_mount()
583 static int profile_umount(struct aa_profile *profile, const struct path *path,  in profile_umount()  argument
591 	AA_BUG(!profile);  in profile_umount()
594 	if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))  in profile_umount()
597 	error = aa_path_name(path, path_flags(profile, path), buffer, &name,  in profile_umount()
598 			     &info, profile->disconnected);  in profile_umount()
602 	state = aa_dfa_match(profile->policy.dfa,  in profile_umount()
603 			     profile->policy.start[AA_CLASS_MOUNT],  in profile_umount()
605 	perms = compute_mnt_perms(profile->policy.dfa, state);  in profile_umount()
610 	return audit_mount(profile, OP_UMOUNT, name, NULL, NULL, NULL, 0, NULL,  in profile_umount()
616 	struct aa_profile *profile;  in aa_umount()  local
628 	error = fn_for_each_confined(label, profile,  in aa_umount()
629 			profile_umount(profile, &path, buffer));  in aa_umount()
639 static struct aa_label *build_pivotroot(struct aa_profile *profile,  in build_pivotroot()  argument
651 	AA_BUG(!profile);  in build_pivotroot()
655 	if (profile_unconfined(profile) ||  in build_pivotroot()
656 	    !PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))  in build_pivotroot()
657 		return aa_get_newest_label(&profile->label);  in build_pivotroot()
659 	error = aa_path_name(old_path, path_flags(profile, old_path),  in build_pivotroot()
661 			     profile->disconnected);  in build_pivotroot()
664 	error = aa_path_name(new_path, path_flags(profile, new_path),  in build_pivotroot()
666 			     profile->disconnected);  in build_pivotroot()
671 	state = aa_dfa_match(profile->policy.dfa,  in build_pivotroot()
672 			     profile->policy.start[AA_CLASS_MOUNT],  in build_pivotroot()
674 	state = aa_dfa_null_transition(profile->policy.dfa, state);  in build_pivotroot()
675 	state = aa_dfa_match(profile->policy.dfa, state, old_name);  in build_pivotroot()
676 	perms = compute_mnt_perms(profile->policy.dfa, state);  in build_pivotroot()
682 	error = audit_mount(profile, OP_PIVOTROOT, new_name, old_name,  in build_pivotroot()
688 	return aa_get_newest_label(&profile->label);  in build_pivotroot()
694 	struct aa_profile *profile;  in aa_pivotroot()  local
708 	target = fn_label_build(label, profile, GFP_KERNEL,  in aa_pivotroot()
709 			build_pivotroot(profile, new_path, new_buffer,  in aa_pivotroot()
734 	error = fn_for_each(label, profile,  in aa_pivotroot()
735 			audit_mount(profile, OP_PIVOTROOT, NULL /*new_name */,  in aa_pivotroot()