130 static int audit_mount(struct aa_profile *profile, const char *op,  in audit_mount()  argument
142 		if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL))  in audit_mount()
160 		    AUDIT_MODE(profile) != AUDIT_NOQUIET &&  in audit_mount()
161 		    AUDIT_MODE(profile) != AUDIT_ALL)  in audit_mount()
178 	return aa_audit(audit_type, profile, &sa, audit_cb);  in audit_mount()
292 static int path_flags(struct aa_profile *profile, const struct path *path)  in path_flags()  argument
294 	AA_BUG(!profile);  in path_flags()
297 	return profile->path_flags |  in path_flags()
315 static int match_mnt_path_str(struct aa_profile *profile,  in match_mnt_path_str()  argument
325 	AA_BUG(!profile);  in match_mnt_path_str()
329 	if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))  in match_mnt_path_str()
332 	error = aa_path_name(mntpath, path_flags(profile, mntpath), buffer,  in match_mnt_path_str()
333 			     &mntpnt, &info, profile->disconnected);  in match_mnt_path_str()
344 	pos = do_match_mnt(profile->policy.dfa,  in match_mnt_path_str()
345 			   profile->policy.start[AA_CLASS_MOUNT],  in match_mnt_path_str()
354 	return audit_mount(profile, OP_MOUNT, mntpnt, devname, type, NULL,  in match_mnt_path_str()
372 static int match_mnt(struct aa_profile *profile, const struct path *path,  in match_mnt()  argument
380 	AA_BUG(!profile);  in match_mnt()
383 	if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))  in match_mnt()
387 		error = aa_path_name(devpath, path_flags(profile, devpath),  in match_mnt()
389 				     profile->disconnected);  in match_mnt()
394 	return match_mnt_path_str(profile, path, buffer, devname, type, flags,  in match_mnt()
401 	struct aa_profile *profile;  in aa_remount()  local
412 	error = fn_for_each_confined(label, profile,  in aa_remount()
413 			match_mnt(profile, path, buffer, NULL, NULL, NULL,  in aa_remount()
423 	struct aa_profile *profile;  in aa_bind_mount()  local
441 	error = fn_for_each_confined(label, profile,  in aa_bind_mount()
442 			match_mnt(profile, path, buffer, &old_path, old_buffer,  in aa_bind_mount()
453 	struct aa_profile *profile;  in aa_mount_change_type()  local
465 	error = fn_for_each_confined(label, profile,  in aa_mount_change_type()
466 			match_mnt(profile, path, buffer, NULL, NULL, NULL,  in aa_mount_change_type()
476 	struct aa_profile *profile;  in aa_move_mount()  local
492 	error = fn_for_each_confined(label, profile,  in aa_move_mount()
493 			match_mnt(profile, path, buffer, &old_path, old_buffer,  in aa_move_mount()
505 	struct aa_profile *profile;  in aa_new_mount()  local
538 		error = fn_for_each_confined(label, profile,  in aa_new_mount()
539 			match_mnt(profile, path, buffer, dev_path, dev_buffer,  in aa_new_mount()
542 		error = fn_for_each_confined(label, profile,  in aa_new_mount()
543 			match_mnt_path_str(profile, path, buffer, dev_name,  in aa_new_mount()
553 static int profile_umount(struct aa_profile *profile, struct path *path,  in profile_umount()  argument
561 	AA_BUG(!profile);  in profile_umount()
564 	if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))  in profile_umount()
567 	error = aa_path_name(path, path_flags(profile, path), buffer, &name,  in profile_umount()
568 			     &info, profile->disconnected);  in profile_umount()
572 	state = aa_dfa_match(profile->policy.dfa,  in profile_umount()
573 			     profile->policy.start[AA_CLASS_MOUNT],  in profile_umount()
575 	perms = compute_mnt_perms(profile->policy.dfa, state);  in profile_umount()
580 	return audit_mount(profile, OP_UMOUNT, name, NULL, NULL, NULL, 0, NULL,  in profile_umount()
586 	struct aa_profile *profile;  in aa_umount()  local
595 	error = fn_for_each_confined(label, profile,  in aa_umount()
596 			profile_umount(profile, &path, buffer));  in aa_umount()
606 static struct aa_label *build_pivotroot(struct aa_profile *profile,  in build_pivotroot()  argument
618 	AA_BUG(!profile);  in build_pivotroot()
622 	if (profile_unconfined(profile) ||  in build_pivotroot()
623 	    !PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))  in build_pivotroot()
624 		return aa_get_newest_label(&profile->label);  in build_pivotroot()
626 	error = aa_path_name(old_path, path_flags(profile, old_path),  in build_pivotroot()
628 			     profile->disconnected);  in build_pivotroot()
631 	error = aa_path_name(new_path, path_flags(profile, new_path),  in build_pivotroot()
633 			     profile->disconnected);  in build_pivotroot()
638 	state = aa_dfa_match(profile->policy.dfa,  in build_pivotroot()
639 			     profile->policy.start[AA_CLASS_MOUNT],  in build_pivotroot()
641 	state = aa_dfa_null_transition(profile->policy.dfa, state);  in build_pivotroot()
642 	state = aa_dfa_match(profile->policy.dfa, state, old_name);  in build_pivotroot()
643 	perms = compute_mnt_perms(profile->policy.dfa, state);  in build_pivotroot()
649 	error = audit_mount(profile, OP_PIVOTROOT, new_name, old_name,  in build_pivotroot()
655 	return aa_get_newest_label(&profile->label);  in build_pivotroot()
661 	struct aa_profile *profile;  in aa_pivotroot()  local
671 	target = fn_label_build(label, profile, GFP_ATOMIC,  in aa_pivotroot()
672 			build_pivotroot(profile, new_path, new_buffer,  in aa_pivotroot()
695 	error = fn_for_each(label, profile,  in aa_pivotroot()
696 			audit_mount(profile, OP_PIVOTROOT, NULL /*new_name */,  in aa_pivotroot()