123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869 |
- /*
- * device_cgroup.c - device cgroup subsystem
- *
- * Copyright 2007 IBM Corp
- */
- #include <linux/device_cgroup.h>
- #include <linux/cgroup.h>
- #include <linux/ctype.h>
- #include <linux/list.h>
- #include <linux/uaccess.h>
- #include <linux/seq_file.h>
- #include <linux/slab.h>
- #include <linux/rcupdate.h>
- #include <linux/mutex.h>
- #define ACC_MKNOD 1
- #define ACC_READ 2
- #define ACC_WRITE 4
- #define ACC_MASK (ACC_MKNOD | ACC_READ | ACC_WRITE)
- #define DEV_BLOCK 1
- #define DEV_CHAR 2
- #define DEV_ALL 4 /* this represents all devices */
- static DEFINE_MUTEX(devcgroup_mutex);
- enum devcg_behavior {
- DEVCG_DEFAULT_NONE,
- DEVCG_DEFAULT_ALLOW,
- DEVCG_DEFAULT_DENY,
- };
- /*
- * exception list locking rules:
- * hold devcgroup_mutex for update/read.
- * hold rcu_read_lock() for read.
- */
- struct dev_exception_item {
- u32 major, minor;
- short type;
- short access;
- struct list_head list;
- struct rcu_head rcu;
- };
- struct dev_cgroup {
- struct cgroup_subsys_state css;
- struct list_head exceptions;
- enum devcg_behavior behavior;
- };
- static inline struct dev_cgroup *css_to_devcgroup(struct cgroup_subsys_state *s)
- {
- return s ? container_of(s, struct dev_cgroup, css) : NULL;
- }
- static inline struct dev_cgroup *task_devcgroup(struct task_struct *task)
- {
- return css_to_devcgroup(task_css(task, devices_cgrp_id));
- }
- /*
- * called under devcgroup_mutex
- */
- static int dev_exceptions_copy(struct list_head *dest, struct list_head *orig)
- {
- struct dev_exception_item *ex, *tmp, *new;
- lockdep_assert_held(&devcgroup_mutex);
- list_for_each_entry(ex, orig, list) {
- new = kmemdup(ex, sizeof(*ex), GFP_KERNEL);
- if (!new)
- goto free_and_exit;
- list_add_tail(&new->list, dest);
- }
- return 0;
- free_and_exit:
- list_for_each_entry_safe(ex, tmp, dest, list) {
- list_del(&ex->list);
- kfree(ex);
- }
- return -ENOMEM;
- }
- /*
- * called under devcgroup_mutex
- */
- static int dev_exception_add(struct dev_cgroup *dev_cgroup,
- struct dev_exception_item *ex)
- {
- struct dev_exception_item *excopy, *walk;
- lockdep_assert_held(&devcgroup_mutex);
- excopy = kmemdup(ex, sizeof(*ex), GFP_KERNEL);
- if (!excopy)
- return -ENOMEM;
- list_for_each_entry(walk, &dev_cgroup->exceptions, list) {
- if (walk->type != ex->type)
- continue;
- if (walk->major != ex->major)
- continue;
- if (walk->minor != ex->minor)
- continue;
- walk->access |= ex->access;
- kfree(excopy);
- excopy = NULL;
- }
- if (excopy != NULL)
- list_add_tail_rcu(&excopy->list, &dev_cgroup->exceptions);
- return 0;
- }
- /*
- * called under devcgroup_mutex
- */
- static void dev_exception_rm(struct dev_cgroup *dev_cgroup,
- struct dev_exception_item *ex)
- {
- struct dev_exception_item *walk, *tmp;
- lockdep_assert_held(&devcgroup_mutex);
- list_for_each_entry_safe(walk, tmp, &dev_cgroup->exceptions, list) {
- if (walk->type != ex->type)
- continue;
- if (walk->major != ex->major)
- continue;
- if (walk->minor != ex->minor)
- continue;
- walk->access &= ~ex->access;
- if (!walk->access) {
- list_del_rcu(&walk->list);
- kfree_rcu(walk, rcu);
- }
- }
- }
- static void __dev_exception_clean(struct dev_cgroup *dev_cgroup)
- {
- struct dev_exception_item *ex, *tmp;
- list_for_each_entry_safe(ex, tmp, &dev_cgroup->exceptions, list) {
- list_del_rcu(&ex->list);
- kfree_rcu(ex, rcu);
- }
- }
- /**
- * dev_exception_clean - frees all entries of the exception list
- * @dev_cgroup: dev_cgroup with the exception list to be cleaned
- *
- * called under devcgroup_mutex
- */
- static void dev_exception_clean(struct dev_cgroup *dev_cgroup)
- {
- lockdep_assert_held(&devcgroup_mutex);
- __dev_exception_clean(dev_cgroup);
- }
- static inline bool is_devcg_online(const struct dev_cgroup *devcg)
- {
- return (devcg->behavior != DEVCG_DEFAULT_NONE);
- }
- /**
- * devcgroup_online - initializes devcgroup's behavior and exceptions based on
- * parent's
- * @css: css getting online
- * returns 0 in case of success, error code otherwise
- */
- static int devcgroup_online(struct cgroup_subsys_state *css)
- {
- struct dev_cgroup *dev_cgroup = css_to_devcgroup(css);
- struct dev_cgroup *parent_dev_cgroup = css_to_devcgroup(css->parent);
- int ret = 0;
- mutex_lock(&devcgroup_mutex);
- if (parent_dev_cgroup == NULL)
- dev_cgroup->behavior = DEVCG_DEFAULT_ALLOW;
- else {
- ret = dev_exceptions_copy(&dev_cgroup->exceptions,
- &parent_dev_cgroup->exceptions);
- if (!ret)
- dev_cgroup->behavior = parent_dev_cgroup->behavior;
- }
- mutex_unlock(&devcgroup_mutex);
- return ret;
- }
- static void devcgroup_offline(struct cgroup_subsys_state *css)
- {
- struct dev_cgroup *dev_cgroup = css_to_devcgroup(css);
- mutex_lock(&devcgroup_mutex);
- dev_cgroup->behavior = DEVCG_DEFAULT_NONE;
- mutex_unlock(&devcgroup_mutex);
- }
- /*
- * called from kernel/cgroup.c with cgroup_lock() held.
- */
- static struct cgroup_subsys_state *
- devcgroup_css_alloc(struct cgroup_subsys_state *parent_css)
- {
- struct dev_cgroup *dev_cgroup;
- dev_cgroup = kzalloc(sizeof(*dev_cgroup), GFP_KERNEL);
- if (!dev_cgroup)
- return ERR_PTR(-ENOMEM);
- INIT_LIST_HEAD(&dev_cgroup->exceptions);
- dev_cgroup->behavior = DEVCG_DEFAULT_NONE;
- return &dev_cgroup->css;
- }
- static void devcgroup_css_free(struct cgroup_subsys_state *css)
- {
- struct dev_cgroup *dev_cgroup = css_to_devcgroup(css);
- __dev_exception_clean(dev_cgroup);
- kfree(dev_cgroup);
- }
- #define DEVCG_ALLOW 1
- #define DEVCG_DENY 2
- #define DEVCG_LIST 3
- #define MAJMINLEN 13
- #define ACCLEN 4
- static void set_access(char *acc, short access)
- {
- int idx = 0;
- memset(acc, 0, ACCLEN);
- if (access & ACC_READ)
- acc[idx++] = 'r';
- if (access & ACC_WRITE)
- acc[idx++] = 'w';
- if (access & ACC_MKNOD)
- acc[idx++] = 'm';
- }
- static char type_to_char(short type)
- {
- if (type == DEV_ALL)
- return 'a';
- if (type == DEV_CHAR)
- return 'c';
- if (type == DEV_BLOCK)
- return 'b';
- return 'X';
- }
- static void set_majmin(char *str, unsigned m)
- {
- if (m == ~0)
- strcpy(str, "*");
- else
- sprintf(str, "%u", m);
- }
- static int devcgroup_seq_show(struct seq_file *m, void *v)
- {
- struct dev_cgroup *devcgroup = css_to_devcgroup(seq_css(m));
- struct dev_exception_item *ex;
- char maj[MAJMINLEN], min[MAJMINLEN], acc[ACCLEN];
- rcu_read_lock();
- /*
- * To preserve the compatibility:
- * - Only show the "all devices" when the default policy is to allow
- * - List the exceptions in case the default policy is to deny
- * This way, the file remains as a "whitelist of devices"
- */
- if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) {
- set_access(acc, ACC_MASK);
- set_majmin(maj, ~0);
- set_majmin(min, ~0);
- seq_printf(m, "%c %s:%s %s\n", type_to_char(DEV_ALL),
- maj, min, acc);
- } else {
- list_for_each_entry_rcu(ex, &devcgroup->exceptions, list) {
- set_access(acc, ex->access);
- set_majmin(maj, ex->major);
- set_majmin(min, ex->minor);
- seq_printf(m, "%c %s:%s %s\n", type_to_char(ex->type),
- maj, min, acc);
- }
- }
- rcu_read_unlock();
- return 0;
- }
- /**
- * match_exception - iterates the exception list trying to find a complete match
- * @exceptions: list of exceptions
- * @type: device type (DEV_BLOCK or DEV_CHAR)
- * @major: device file major number, ~0 to match all
- * @minor: device file minor number, ~0 to match all
- * @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD)
- *
- * It is considered a complete match if an exception is found that will
- * contain the entire range of provided parameters.
- *
- * Return: true in case it matches an exception completely
- */
- static bool match_exception(struct list_head *exceptions, short type,
- u32 major, u32 minor, short access)
- {
- struct dev_exception_item *ex;
- list_for_each_entry_rcu(ex, exceptions, list) {
- if ((type & DEV_BLOCK) && !(ex->type & DEV_BLOCK))
- continue;
- if ((type & DEV_CHAR) && !(ex->type & DEV_CHAR))
- continue;
- if (ex->major != ~0 && ex->major != major)
- continue;
- if (ex->minor != ~0 && ex->minor != minor)
- continue;
- /* provided access cannot have more than the exception rule */
- if (access & (~ex->access))
- continue;
- return true;
- }
- return false;
- }
- /**
- * match_exception_partial - iterates the exception list trying to find a partial match
- * @exceptions: list of exceptions
- * @type: device type (DEV_BLOCK or DEV_CHAR)
- * @major: device file major number, ~0 to match all
- * @minor: device file minor number, ~0 to match all
- * @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD)
- *
- * It is considered a partial match if an exception's range is found to
- * contain *any* of the devices specified by provided parameters. This is
- * used to make sure no extra access is being granted that is forbidden by
- * any of the exception list.
- *
- * Return: true in case the provided range mat matches an exception completely
- */
- static bool match_exception_partial(struct list_head *exceptions, short type,
- u32 major, u32 minor, short access)
- {
- struct dev_exception_item *ex;
- list_for_each_entry_rcu(ex, exceptions, list) {
- if ((type & DEV_BLOCK) && !(ex->type & DEV_BLOCK))
- continue;
- if ((type & DEV_CHAR) && !(ex->type & DEV_CHAR))
- continue;
- /*
- * We must be sure that both the exception and the provided
- * range aren't masking all devices
- */
- if (ex->major != ~0 && major != ~0 && ex->major != major)
- continue;
- if (ex->minor != ~0 && minor != ~0 && ex->minor != minor)
- continue;
- /*
- * In order to make sure the provided range isn't matching
- * an exception, all its access bits shouldn't match the
- * exception's access bits
- */
- if (!(access & ex->access))
- continue;
- return true;
- }
- return false;
- }
- /**
- * verify_new_ex - verifies if a new exception is allowed by parent cgroup's permissions
- * @dev_cgroup: dev cgroup to be tested against
- * @refex: new exception
- * @behavior: behavior of the exception's dev_cgroup
- *
- * This is used to make sure a child cgroup won't have more privileges
- * than its parent
- */
- static bool verify_new_ex(struct dev_cgroup *dev_cgroup,
- struct dev_exception_item *refex,
- enum devcg_behavior behavior)
- {
- bool match = false;
- RCU_LOCKDEP_WARN(!rcu_read_lock_held() &&
- !lockdep_is_held(&devcgroup_mutex),
- "device_cgroup:verify_new_ex called without proper synchronization");
- if (dev_cgroup->behavior == DEVCG_DEFAULT_ALLOW) {
- if (behavior == DEVCG_DEFAULT_ALLOW) {
- /*
- * new exception in the child doesn't matter, only
- * adding extra restrictions
- */
- return true;
- } else {
- /*
- * new exception in the child will add more devices
- * that can be acessed, so it can't match any of
- * parent's exceptions, even slightly
- */
- match = match_exception_partial(&dev_cgroup->exceptions,
- refex->type,
- refex->major,
- refex->minor,
- refex->access);
- if (match)
- return false;
- return true;
- }
- } else {
- /*
- * Only behavior == DEVCG_DEFAULT_DENY allowed here, therefore
- * the new exception will add access to more devices and must
- * be contained completely in an parent's exception to be
- * allowed
- */
- match = match_exception(&dev_cgroup->exceptions, refex->type,
- refex->major, refex->minor,
- refex->access);
- if (match)
- /* parent has an exception that matches the proposed */
- return true;
- else
- return false;
- }
- return false;
- }
- /*
- * parent_has_perm:
- * when adding a new allow rule to a device exception list, the rule
- * must be allowed in the parent device
- */
- static int parent_has_perm(struct dev_cgroup *childcg,
- struct dev_exception_item *ex)
- {
- struct dev_cgroup *parent = css_to_devcgroup(childcg->css.parent);
- if (!parent)
- return 1;
- return verify_new_ex(parent, ex, childcg->behavior);
- }
- /**
- * parent_allows_removal - verify if it's ok to remove an exception
- * @childcg: child cgroup from where the exception will be removed
- * @ex: exception being removed
- *
- * When removing an exception in cgroups with default ALLOW policy, it must
- * be checked if removing it will give the child cgroup more access than the
- * parent.
- *
- * Return: true if it's ok to remove exception, false otherwise
- */
- static bool parent_allows_removal(struct dev_cgroup *childcg,
- struct dev_exception_item *ex)
- {
- struct dev_cgroup *parent = css_to_devcgroup(childcg->css.parent);
- if (!parent)
- return true;
- /* It's always allowed to remove access to devices */
- if (childcg->behavior == DEVCG_DEFAULT_DENY)
- return true;
- /*
- * Make sure you're not removing part or a whole exception existing in
- * the parent cgroup
- */
- return !match_exception_partial(&parent->exceptions, ex->type,
- ex->major, ex->minor, ex->access);
- }
- /**
- * may_allow_all - checks if it's possible to change the behavior to
- * allow based on parent's rules.
- * @parent: device cgroup's parent
- * returns: != 0 in case it's allowed, 0 otherwise
- */
- static inline int may_allow_all(struct dev_cgroup *parent)
- {
- if (!parent)
- return 1;
- return parent->behavior == DEVCG_DEFAULT_ALLOW;
- }
- /**
- * revalidate_active_exceptions - walks through the active exception list and
- * revalidates the exceptions based on parent's
- * behavior and exceptions. The exceptions that
- * are no longer valid will be removed.
- * Called with devcgroup_mutex held.
- * @devcg: cgroup which exceptions will be checked
- *
- * This is one of the three key functions for hierarchy implementation.
- * This function is responsible for re-evaluating all the cgroup's active
- * exceptions due to a parent's exception change.
- * Refer to Documentation/cgroups/devices.txt for more details.
- */
- static void revalidate_active_exceptions(struct dev_cgroup *devcg)
- {
- struct dev_exception_item *ex;
- struct list_head *this, *tmp;
- list_for_each_safe(this, tmp, &devcg->exceptions) {
- ex = container_of(this, struct dev_exception_item, list);
- if (!parent_has_perm(devcg, ex))
- dev_exception_rm(devcg, ex);
- }
- }
- /**
- * propagate_exception - propagates a new exception to the children
- * @devcg_root: device cgroup that added a new exception
- * @ex: new exception to be propagated
- *
- * returns: 0 in case of success, != 0 in case of error
- */
- static int propagate_exception(struct dev_cgroup *devcg_root,
- struct dev_exception_item *ex)
- {
- struct cgroup_subsys_state *pos;
- int rc = 0;
- rcu_read_lock();
- css_for_each_descendant_pre(pos, &devcg_root->css) {
- struct dev_cgroup *devcg = css_to_devcgroup(pos);
- /*
- * Because devcgroup_mutex is held, no devcg will become
- * online or offline during the tree walk (see on/offline
- * methods), and online ones are safe to access outside RCU
- * read lock without bumping refcnt.
- */
- if (pos == &devcg_root->css || !is_devcg_online(devcg))
- continue;
- rcu_read_unlock();
- /*
- * in case both root's behavior and devcg is allow, a new
- * restriction means adding to the exception list
- */
- if (devcg_root->behavior == DEVCG_DEFAULT_ALLOW &&
- devcg->behavior == DEVCG_DEFAULT_ALLOW) {
- rc = dev_exception_add(devcg, ex);
- if (rc)
- break;
- } else {
- /*
- * in the other possible cases:
- * root's behavior: allow, devcg's: deny
- * root's behavior: deny, devcg's: deny
- * the exception will be removed
- */
- dev_exception_rm(devcg, ex);
- }
- revalidate_active_exceptions(devcg);
- rcu_read_lock();
- }
- rcu_read_unlock();
- return rc;
- }
- /*
- * Modify the exception list using allow/deny rules.
- * CAP_SYS_ADMIN is needed for this. It's at least separate from CAP_MKNOD
- * so we can give a container CAP_MKNOD to let it create devices but not
- * modify the exception list.
- * It seems likely we'll want to add a CAP_CONTAINER capability to allow
- * us to also grant CAP_SYS_ADMIN to containers without giving away the
- * device exception list controls, but for now we'll stick with CAP_SYS_ADMIN
- *
- * Taking rules away is always allowed (given CAP_SYS_ADMIN). Granting
- * new access is only allowed if you're in the top-level cgroup, or your
- * parent cgroup has the access you're asking for.
- */
- static int devcgroup_update_access(struct dev_cgroup *devcgroup,
- int filetype, char *buffer)
- {
- const char *b;
- char temp[12]; /* 11 + 1 characters needed for a u32 */
- int count, rc = 0;
- struct dev_exception_item ex;
- struct dev_cgroup *parent = css_to_devcgroup(devcgroup->css.parent);
- if (!capable(CAP_SYS_ADMIN))
- return -EPERM;
- memset(&ex, 0, sizeof(ex));
- b = buffer;
- switch (*b) {
- case 'a':
- switch (filetype) {
- case DEVCG_ALLOW:
- if (css_has_online_children(&devcgroup->css))
- return -EINVAL;
- if (!may_allow_all(parent))
- return -EPERM;
- dev_exception_clean(devcgroup);
- devcgroup->behavior = DEVCG_DEFAULT_ALLOW;
- if (!parent)
- break;
- rc = dev_exceptions_copy(&devcgroup->exceptions,
- &parent->exceptions);
- if (rc)
- return rc;
- break;
- case DEVCG_DENY:
- if (css_has_online_children(&devcgroup->css))
- return -EINVAL;
- dev_exception_clean(devcgroup);
- devcgroup->behavior = DEVCG_DEFAULT_DENY;
- break;
- default:
- return -EINVAL;
- }
- return 0;
- case 'b':
- ex.type = DEV_BLOCK;
- break;
- case 'c':
- ex.type = DEV_CHAR;
- break;
- default:
- return -EINVAL;
- }
- b++;
- if (!isspace(*b))
- return -EINVAL;
- b++;
- if (*b == '*') {
- ex.major = ~0;
- b++;
- } else if (isdigit(*b)) {
- memset(temp, 0, sizeof(temp));
- for (count = 0; count < sizeof(temp) - 1; count++) {
- temp[count] = *b;
- b++;
- if (!isdigit(*b))
- break;
- }
- rc = kstrtou32(temp, 10, &ex.major);
- if (rc)
- return -EINVAL;
- } else {
- return -EINVAL;
- }
- if (*b != ':')
- return -EINVAL;
- b++;
- /* read minor */
- if (*b == '*') {
- ex.minor = ~0;
- b++;
- } else if (isdigit(*b)) {
- memset(temp, 0, sizeof(temp));
- for (count = 0; count < sizeof(temp) - 1; count++) {
- temp[count] = *b;
- b++;
- if (!isdigit(*b))
- break;
- }
- rc = kstrtou32(temp, 10, &ex.minor);
- if (rc)
- return -EINVAL;
- } else {
- return -EINVAL;
- }
- if (!isspace(*b))
- return -EINVAL;
- for (b++, count = 0; count < 3; count++, b++) {
- switch (*b) {
- case 'r':
- ex.access |= ACC_READ;
- break;
- case 'w':
- ex.access |= ACC_WRITE;
- break;
- case 'm':
- ex.access |= ACC_MKNOD;
- break;
- case '\n':
- case '\0':
- count = 3;
- break;
- default:
- return -EINVAL;
- }
- }
- switch (filetype) {
- case DEVCG_ALLOW:
- /*
- * If the default policy is to allow by default, try to remove
- * an matching exception instead. And be silent about it: we
- * don't want to break compatibility
- */
- if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) {
- /* Check if the parent allows removing it first */
- if (!parent_allows_removal(devcgroup, &ex))
- return -EPERM;
- dev_exception_rm(devcgroup, &ex);
- break;
- }
- if (!parent_has_perm(devcgroup, &ex))
- return -EPERM;
- rc = dev_exception_add(devcgroup, &ex);
- break;
- case DEVCG_DENY:
- /*
- * If the default policy is to deny by default, try to remove
- * an matching exception instead. And be silent about it: we
- * don't want to break compatibility
- */
- if (devcgroup->behavior == DEVCG_DEFAULT_DENY)
- dev_exception_rm(devcgroup, &ex);
- else
- rc = dev_exception_add(devcgroup, &ex);
- if (rc)
- break;
- /* we only propagate new restrictions */
- rc = propagate_exception(devcgroup, &ex);
- break;
- default:
- rc = -EINVAL;
- }
- return rc;
- }
- static ssize_t devcgroup_access_write(struct kernfs_open_file *of,
- char *buf, size_t nbytes, loff_t off)
- {
- int retval;
- mutex_lock(&devcgroup_mutex);
- retval = devcgroup_update_access(css_to_devcgroup(of_css(of)),
- of_cft(of)->private, strstrip(buf));
- mutex_unlock(&devcgroup_mutex);
- return retval ?: nbytes;
- }
- static struct cftype dev_cgroup_files[] = {
- {
- .name = "allow",
- .write = devcgroup_access_write,
- .private = DEVCG_ALLOW,
- },
- {
- .name = "deny",
- .write = devcgroup_access_write,
- .private = DEVCG_DENY,
- },
- {
- .name = "list",
- .seq_show = devcgroup_seq_show,
- .private = DEVCG_LIST,
- },
- { } /* terminate */
- };
- struct cgroup_subsys devices_cgrp_subsys = {
- .css_alloc = devcgroup_css_alloc,
- .css_free = devcgroup_css_free,
- .css_online = devcgroup_online,
- .css_offline = devcgroup_offline,
- .legacy_cftypes = dev_cgroup_files,
- };
- /**
- * __devcgroup_check_permission - checks if an inode operation is permitted
- * @dev_cgroup: the dev cgroup to be tested against
- * @type: device type
- * @major: device major number
- * @minor: device minor number
- * @access: combination of ACC_WRITE, ACC_READ and ACC_MKNOD
- *
- * returns 0 on success, -EPERM case the operation is not permitted
- */
- static int __devcgroup_check_permission(short type, u32 major, u32 minor,
- short access)
- {
- struct dev_cgroup *dev_cgroup;
- bool rc;
- rcu_read_lock();
- dev_cgroup = task_devcgroup(current);
- if (dev_cgroup->behavior == DEVCG_DEFAULT_ALLOW)
- /* Can't match any of the exceptions, even partially */
- rc = !match_exception_partial(&dev_cgroup->exceptions,
- type, major, minor, access);
- else
- /* Need to match completely one exception to be allowed */
- rc = match_exception(&dev_cgroup->exceptions, type, major,
- minor, access);
- rcu_read_unlock();
- if (!rc)
- return -EPERM;
- return 0;
- }
- int __devcgroup_inode_permission(struct inode *inode, int mask)
- {
- short type, access = 0;
- if (S_ISBLK(inode->i_mode))
- type = DEV_BLOCK;
- if (S_ISCHR(inode->i_mode))
- type = DEV_CHAR;
- if (mask & MAY_WRITE)
- access |= ACC_WRITE;
- if (mask & MAY_READ)
- access |= ACC_READ;
- return __devcgroup_check_permission(type, imajor(inode), iminor(inode),
- access);
- }
- int devcgroup_inode_mknod(int mode, dev_t dev)
- {
- short type;
- if (!S_ISBLK(mode) && !S_ISCHR(mode))
- return 0;
- if (S_ISBLK(mode))
- type = DEV_BLOCK;
- else
- type = DEV_CHAR;
- return __devcgroup_check_permission(type, MAJOR(dev), MINOR(dev),
- ACC_MKNOD);
- }
|