TOMOYO was using own memory usage counter for detecting memory leak.
But as kernel 2.6.31 introduced memory leak detection mechanism
( CONFIG_DEBUG_KMEMLEAK ), we no longer need to have own counter.

We remove usage counter for memory used for permission checks, but we keep
usage counter for memory used for policy so that we can apply quota.
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>

Currently, TOMOYO allocates memory for list elements from memory pool allocated
by kmalloc(PAGE_SIZE). But that makes it difficult to kfree() when garbage
collector is added. Thus, remove memory pool and use kmalloc(sizeof()).
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>

Since readers no longer use down_read(), writers no longer
need to use rw_semaphore. Replace individual rw_semaphore by
single mutex.
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: NSerge Hallyn <serue@us.ibm.com>
Signed-off-by: NJames Morris <jmorris@namei.org>

Replace list operation with RCU primitives and replace
down_read()/up_read() with srcu_read_lock()/srcu_read_unlock().
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: NSerge Hallyn <serue@us.ibm.com>
Signed-off-by: NJames Morris <jmorris@namei.org>

We can update bprm->cred->security inside tomoyo_find_next_domain().
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>

We can mark tomoyo_delete_domain() as a "static" function
by moving it from domain.c to common.c .
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>

This patch adds some descriptions of lists and structures.
This patch contains no code changes.
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>

TOMOYO 2.2.0 does not check argv[] and envp[] upon execve().
We don't need to pass "struct tomoyo_page_buffer".
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>

We can directly assign the result of tomoyo_io_printf() to done flag.
Signed-off-by: NKentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NToshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>

Remove '/***** START/STOP *****/' markers.
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>

I forgot to remove on TOMOYO's 15th posting.
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>

Signed-off-by: NKentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NToshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>

Since TOMOYO's policy management tools does not use the "undelete domain"
command, we decided to remove that command.
Signed-off-by: NKentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NToshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>

Since TOMOYO's policy management tools does not use the "undelete domain"
command, we decided to remove that command.
Signed-off-by: NKentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NToshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>

Due to wrong initialization, "cat /sys/kernel/security/tomoyo/exception_policy"
returned nothing.
Signed-off-by: NKentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NToshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>

This file controls domain creation/deletion/transition.

Every process belongs to a domain in TOMOYO Linux.
Domain transition occurs when execve(2) is called
and the domain is expressed as 'process invocation history',
such as '<kernel> /sbin/init /etc/init.d/rc'.
Domain information is stored in current->cred->security field.
Signed-off-by: NKentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NToshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>