130 static int audit_mount(struct aa_profile *profile, const char *op,  in audit_mount()  argument
142 		if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL))  in audit_mount()
160 		    AUDIT_MODE(profile) != AUDIT_NOQUIET &&  in audit_mount()
161 		    AUDIT_MODE(profile) != AUDIT_ALL)  in audit_mount()
178 	return aa_audit(audit_type, profile, &sa, audit_cb);  in audit_mount()
292 static int path_flags(struct aa_profile *profile, const struct path *path)  in path_flags()  argument
294 	AA_BUG(!profile);  in path_flags()
297 	return profile->path_flags |  in path_flags()
315 static int match_mnt_path_str(struct aa_profile *profile,  in match_mnt_path_str()  argument
325 	AA_BUG(!profile);  in match_mnt_path_str()
329 	if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))  in match_mnt_path_str()
332 	error = aa_path_name(mntpath, path_flags(profile, mntpath), buffer,  in match_mnt_path_str()
333 			     &mntpnt, &info, profile->disconnected);  in match_mnt_path_str()
344 	pos = do_match_mnt(profile->policy.dfa,  in match_mnt_path_str()
345 			   profile->policy.start[AA_CLASS_MOUNT],  in match_mnt_path_str()
354 	return audit_mount(profile, OP_MOUNT, mntpnt, devname, type, NULL,  in match_mnt_path_str()
372 static int match_mnt(struct aa_profile *profile, const struct path *path,  in match_mnt()  argument
380 	AA_BUG(!profile);  in match_mnt()
383 	if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))  in match_mnt()
387 		error = aa_path_name(devpath, path_flags(profile, devpath),  in match_mnt()
389 				     profile->disconnected);  in match_mnt()
394 	return match_mnt_path_str(profile, path, buffer, devname, type, flags,  in match_mnt()
401 	struct aa_profile *profile;  in aa_remount()  local
414 	error = fn_for_each_confined(label, profile,  in aa_remount()
415 			match_mnt(profile, path, buffer, NULL, NULL, NULL,  in aa_remount()
425 	struct aa_profile *profile;  in aa_bind_mount()  local
448 	error = fn_for_each_confined(label, profile,  in aa_bind_mount()
449 			match_mnt(profile, path, buffer, &old_path, old_buffer,  in aa_bind_mount()
462 	struct aa_profile *profile;  in aa_mount_change_type()  local
476 	error = fn_for_each_confined(label, profile,  in aa_mount_change_type()
477 			match_mnt(profile, path, buffer, NULL, NULL, NULL,  in aa_mount_change_type()
487 	struct aa_profile *profile;  in aa_move_mount()  local
507 	error = fn_for_each_confined(label, profile,  in aa_move_mount()
508 			match_mnt(profile, path, buffer, &old_path, old_buffer,  in aa_move_mount()
522 	struct aa_profile *profile;  in aa_new_mount()  local
564 		error = fn_for_each_confined(label, profile,  in aa_new_mount()
565 			match_mnt(profile, path, buffer, dev_path, dev_buffer,  in aa_new_mount()
568 		error = fn_for_each_confined(label, profile,  in aa_new_mount()
569 			match_mnt_path_str(profile, path, buffer, dev_name,  in aa_new_mount()
582 static int profile_umount(struct aa_profile *profile, const struct path *path,  in profile_umount()  argument
590 	AA_BUG(!profile);  in profile_umount()
593 	if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))  in profile_umount()
596 	error = aa_path_name(path, path_flags(profile, path), buffer, &name,  in profile_umount()
597 			     &info, profile->disconnected);  in profile_umount()
601 	state = aa_dfa_match(profile->policy.dfa,  in profile_umount()
602 			     profile->policy.start[AA_CLASS_MOUNT],  in profile_umount()
604 	perms = compute_mnt_perms(profile->policy.dfa, state);  in profile_umount()
609 	return audit_mount(profile, OP_UMOUNT, name, NULL, NULL, NULL, 0, NULL,  in profile_umount()
615 	struct aa_profile *profile;  in aa_umount()  local
627 	error = fn_for_each_confined(label, profile,  in aa_umount()
628 			profile_umount(profile, &path, buffer));  in aa_umount()
638 static struct aa_label *build_pivotroot(struct aa_profile *profile,  in build_pivotroot()  argument
650 	AA_BUG(!profile);  in build_pivotroot()
654 	if (profile_unconfined(profile) ||  in build_pivotroot()
655 	    !PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))  in build_pivotroot()
656 		return aa_get_newest_label(&profile->label);  in build_pivotroot()
658 	error = aa_path_name(old_path, path_flags(profile, old_path),  in build_pivotroot()
660 			     profile->disconnected);  in build_pivotroot()
663 	error = aa_path_name(new_path, path_flags(profile, new_path),  in build_pivotroot()
665 			     profile->disconnected);  in build_pivotroot()
670 	state = aa_dfa_match(profile->policy.dfa,  in build_pivotroot()
671 			     profile->policy.start[AA_CLASS_MOUNT],  in build_pivotroot()
673 	state = aa_dfa_null_transition(profile->policy.dfa, state);  in build_pivotroot()
674 	state = aa_dfa_match(profile->policy.dfa, state, old_name);  in build_pivotroot()
675 	perms = compute_mnt_perms(profile->policy.dfa, state);  in build_pivotroot()
681 	error = audit_mount(profile, OP_PIVOTROOT, new_name, old_name,  in build_pivotroot()
687 	return aa_get_newest_label(&profile->label);  in build_pivotroot()
693 	struct aa_profile *profile;  in aa_pivotroot()  local
707 	target = fn_label_build(label, profile, GFP_KERNEL,  in aa_pivotroot()
708 			build_pivotroot(profile, new_path, new_buffer,  in aa_pivotroot()
733 	error = fn_for_each(label, profile,  in aa_pivotroot()
734 			audit_mount(profile, OP_PIVOTROOT, NULL /*new_name */,  in aa_pivotroot()