-/**
- * tomoyo_file_perm - Check permission for opening files.
- *
- * @r: Pointer to "struct tomoyo_request_info".
- * @filename: Filename to check.
- * @mode: Mode ("read" or "write" or "read/write" or "execute").
- *
- * Returns 0 on success, negative value otherwise.
- *
- * Caller holds tomoyo_read_lock().
- */
-static int tomoyo_file_perm(struct tomoyo_request_info *r,
- const struct tomoyo_path_info *filename,
- const u8 mode)
-{
- const char *msg = "<unknown>";
- int error = 0;
- u32 perm = 0;
-
- if (!filename)
- return 0;
-
- if (mode == 6) {
- msg = tomoyo_path2keyword(TOMOYO_TYPE_READ_WRITE);
- perm = 1 << TOMOYO_TYPE_READ_WRITE;
- } else if (mode == 4) {
- msg = tomoyo_path2keyword(TOMOYO_TYPE_READ);
- perm = 1 << TOMOYO_TYPE_READ;
- } else if (mode == 2) {
- msg = tomoyo_path2keyword(TOMOYO_TYPE_WRITE);
- perm = 1 << TOMOYO_TYPE_WRITE;
- } else if (mode == 1) {
- msg = tomoyo_path2keyword(TOMOYO_TYPE_EXECUTE);
- perm = 1 << TOMOYO_TYPE_EXECUTE;
- } else
- BUG();
- do {
- error = tomoyo_path_acl(r, filename, perm);
- if (error && mode == 4 && !r->domain->ignore_global_allow_read
- && tomoyo_is_globally_readable_file(filename))
- error = 0;
- if (!error)
- break;
- tomoyo_warn_log(r, "%s %s", msg, filename->name);
- error = tomoyo_supervisor(r, "allow_%s %s\n", msg,
- tomoyo_file_pattern(filename));
- /*
- * Do not retry for execute request, for alias may have
- * changed.
- */
- } while (error == TOMOYO_RETRY_REQUEST && mode != 1);
- if (r->mode != TOMOYO_CONFIG_ENFORCING)
- error = 0;
- return error;
-}
-