device_cgroup: add DEVCG_ prefix to ACC_* and DEV_* constants

Rename device type and access type constants defined in security/device_cgroup.c by adding the DEVCG_ prefix. The reason behind this renaming is to make them global namespace friendly, as they will be moved to the corresponding header file by following patches. Signed-off-by: Roman Gushchin <guro@fb.com> Cc: David S. Miller <davem@davemloft.net> Cc: Tejun Heo <tj@kernel.org> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Roman Gushchin <guro@fb.com> 2017-11-05 08:15:30 -0500
committer: David S. Miller <davem@davemloft.net> 2017-11-05 09:26:51 -0500
commit: 67e306fdbed71ab0a6e0d5985e088a49061c523f (patch)
tree: c07c29404d0d8bd861e3c85a1f955e66edb15503 /security/device_cgroup.c
parent: 488e5b30d384ec0b9e3151dee69f4a65c548fe34 (diff)
1 files changed, 36 insertions, 36 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 5ef7e5240563..968c21557ba7 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -15,14 +15,14 @@
 #include <linux/rcupdate.h>
 #include <linux/mutex.h>
-#define ACC_MKNOD 1
+#define DEVCG_ACC_MKNOD 1
-#define ACC_READ  2
+#define DEVCG_ACC_READ  2
-#define ACC_WRITE 4
+#define DEVCG_ACC_WRITE 4
-#define ACC_MASK (ACC_MKNOD | ACC_READ | ACC_WRITE)
+#define DEVCG_ACC_MASK (DEVCG_ACC_MKNOD | DEVCG_ACC_READ | DEVCG_ACC_WRITE)
-#define DEV_BLOCK 1
+#define DEVCG_DEV_BLOCK 1
-#define DEV_CHAR  2
+#define DEVCG_DEV_CHAR  2
-#define DEV_ALL   4  /* this represents all devices */
+#define DEVCG_DEV_ALL   4  /* this represents all devices */
 static DEFINE_MUTEX(devcgroup_mutex);
@@ -246,21 +246,21 @@ static void set_access(char *acc, short access)
 {
        int idx = 0;
        memset(acc, 0, ACCLEN);
-        if (access & ACC_READ)
+        if (access & DEVCG_ACC_READ)
                acc[idx++] = 'r';
-        if (access & ACC_WRITE)
+        if (access & DEVCG_ACC_WRITE)
                acc[idx++] = 'w';
-        if (access & ACC_MKNOD)
+        if (access & DEVCG_ACC_MKNOD)
                acc[idx++] = 'm';
 }
 static char type_to_char(short type)
 {
-        if (type == DEV_ALL)
+        if (type == DEVCG_DEV_ALL)
                return 'a';
-        if (type == DEV_CHAR)
+        if (type == DEVCG_DEV_CHAR)
                return 'c';
-        if (type == DEV_BLOCK)
+        if (type == DEVCG_DEV_BLOCK)
                return 'b';
        return 'X';
 }
@@ -287,10 +287,10 @@ static int devcgroup_seq_show(struct seq_file *m, void *v)
         * This way, the file remains as a "whitelist of devices"
         */
        if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) {
-                set_access(acc, ACC_MASK);
+                set_access(acc, DEVCG_ACC_MASK);
                set_majmin(maj, ~0);
                set_majmin(min, ~0);
-                seq_printf(m, "%c %s:%s %s\n", type_to_char(DEV_ALL),
+                seq_printf(m, "%c %s:%s %s\n", type_to_char(DEVCG_DEV_ALL),
                           maj, min, acc);
        } else {
                list_for_each_entry_rcu(ex, &devcgroup->exceptions, list) {
@@ -309,10 +309,10 @@ static int devcgroup_seq_show(struct seq_file *m, void *v)
 /**
 * match_exception      - iterates the exception list trying to find a complete match
 * @exceptions: list of exceptions
- * @type: device type (DEV_BLOCK or DEV_CHAR)
+ * @type: device type (DEVCG_DEV_BLOCK or DEVCG_DEV_CHAR)
 * @major: device file major number, ~0 to match all
 * @minor: device file minor number, ~0 to match all
- * @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD)
+ * @access: permission mask (DEVCG_ACC_READ, DEVCG_ACC_WRITE, DEVCG_ACC_MKNOD)
 *
 * It is considered a complete match if an exception is found that will
 * contain the entire range of provided parameters.
@@ -325,9 +325,9 @@ static bool match_exception(struct list_head *exceptions, short type,
        struct dev_exception_item *ex;
        list_for_each_entry_rcu(ex, exceptions, list) {
-                if ((type & DEV_BLOCK) && !(ex->type & DEV_BLOCK))
+                if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK))
                        continue;
-                if ((type & DEV_CHAR) && !(ex->type & DEV_CHAR))
+                if ((type & DEVCG_DEV_CHAR) && !(ex->type & DEVCG_DEV_CHAR))
                        continue;
                if (ex->major != ~0 && ex->major != major)
                        continue;
@@ -344,10 +344,10 @@ static bool match_exception(struct list_head *exceptions, short type,
 /**
 * match_exception_partial - iterates the exception list trying to find a partial match
 * @exceptions: list of exceptions
- * @type: device type (DEV_BLOCK or DEV_CHAR)
+ * @type: device type (DEVCG_DEV_BLOCK or DEVCG_DEV_CHAR)
 * @major: device file major number, ~0 to match all
 * @minor: device file minor number, ~0 to match all
- * @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD)
+ * @access: permission mask (DEVCG_ACC_READ, DEVCG_ACC_WRITE, DEVCG_ACC_MKNOD)
 *
 * It is considered a partial match if an exception's range is found to
 * contain *any* of the devices specified by provided parameters. This is
@@ -362,9 +362,9 @@ static bool match_exception_partial(struct list_head *exceptions, short type,
        struct dev_exception_item *ex;
        list_for_each_entry_rcu(ex, exceptions, list) {
-                if ((type & DEV_BLOCK) && !(ex->type & DEV_BLOCK))
+                if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK))
                        continue;
-                if ((type & DEV_CHAR) && !(ex->type & DEV_CHAR))
+                if ((type & DEVCG_DEV_CHAR) && !(ex->type & DEVCG_DEV_CHAR))
                        continue;
                /*
                 * We must be sure that both the exception and the provided
@@ -647,10 +647,10 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup,
                }
                return 0;
        case 'b':
-                ex.type = DEV_BLOCK;
+                ex.type = DEVCG_DEV_BLOCK;
                break;
        case 'c':
-                ex.type = DEV_CHAR;
+                ex.type = DEVCG_DEV_CHAR;
                break;
        default:
                return -EINVAL;
@@ -703,13 +703,13 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup,
        for (b++, count = 0; count < 3; count++, b++) {
                switch (*b) {
                case 'r':
-                        ex.access |= ACC_READ;
+                        ex.access |= DEVCG_ACC_READ;
                        break;
                case 'w':
-                        ex.access |= ACC_WRITE;
+                        ex.access |= DEVCG_ACC_WRITE;
                        break;
                case 'm':
-                        ex.access |= ACC_MKNOD;
+                        ex.access |= DEVCG_ACC_MKNOD;
                        break;
                case '\n':
                case '\0':
@@ -806,7 +806,7 @@ struct cgroup_subsys devices_cgrp_subsys = {
 * @type: device type
 * @major: device major number
 * @minor: device minor number
- * @access: combination of ACC_WRITE, ACC_READ and ACC_MKNOD
+ * @access: combination of DEVCG_ACC_WRITE, DEVCG_ACC_READ and DEVCG_ACC_MKNOD
 *
 * returns 0 on success, -EPERM case the operation is not permitted
 */
@@ -839,13 +839,13 @@ int __devcgroup_inode_permission(struct inode *inode, int mask)
        short type, access = 0;
        if (S_ISBLK(inode->i_mode))
-                type = DEV_BLOCK;
+                type = DEVCG_DEV_BLOCK;
        if (S_ISCHR(inode->i_mode))
-                type = DEV_CHAR;
+                type = DEVCG_DEV_CHAR;
        if (mask & MAY_WRITE)
-                access |= ACC_WRITE;
+                access |= DEVCG_ACC_WRITE;
        if (mask & MAY_READ)
-                access |= ACC_READ;
+                access |= DEVCG_ACC_READ;
        return __devcgroup_check_permission(type, imajor(inode), iminor(inode),
                        access);
@@ -859,11 +859,11 @@ int devcgroup_inode_mknod(int mode, dev_t dev)
                return 0;
        if (S_ISBLK(mode))
-                type = DEV_BLOCK;
+                type = DEVCG_DEV_BLOCK;
        else
-                type = DEV_CHAR;
+                type = DEVCG_DEV_CHAR;
        return __devcgroup_check_permission(type, MAJOR(dev), MINOR(dev),
-                        ACC_MKNOD);
+                        DEVCG_ACC_MKNOD);
 }
author	Roman Gushchin <guro@fb.com>	2017-11-05 08:15:30 -0500
committer	David S. Miller <davem@davemloft.net>	2017-11-05 09:26:51 -0500
commit	67e306fdbed71ab0a6e0d5985e088a49061c523f (patch)
tree	c07c29404d0d8bd861e3c85a1f955e66edb15503 /security/device_cgroup.c
parent	488e5b30d384ec0b9e3151dee69f4a65c548fe34 (diff)

diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 5ef7e5240563..968c21557ba7 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c
@@ -15,14 +15,14 @@
15	#include <linux/rcupdate.h>	15	#include <linux/rcupdate.h>
16	#include <linux/mutex.h>	16	#include <linux/mutex.h>
17		17
18	#define ACC_MKNOD 1	18	#define DEVCG_ACC_MKNOD 1
19	#define ACC_READ 2	19	#define DEVCG_ACC_READ 2
20	#define ACC_WRITE 4	20	#define DEVCG_ACC_WRITE 4
21	#define ACC_MASK (ACC_MKNOD \| ACC_READ \| ACC_WRITE)	21	#define DEVCG_ACC_MASK (DEVCG_ACC_MKNOD \| DEVCG_ACC_READ \| DEVCG_ACC_WRITE)
22		22
23	#define DEV_BLOCK 1	23	#define DEVCG_DEV_BLOCK 1
24	#define DEV_CHAR 2	24	#define DEVCG_DEV_CHAR 2
25	#define DEV_ALL 4 /* this represents all devices */	25	#define DEVCG_DEV_ALL 4 /* this represents all devices */
26		26
27	static DEFINE_MUTEX(devcgroup_mutex);	27	static DEFINE_MUTEX(devcgroup_mutex);
28		28
@@ -246,21 +246,21 @@ static void set_access(char *acc, short access)
246	{	246	{
247	int idx = 0;	247	int idx = 0;
248	memset(acc, 0, ACCLEN);	248	memset(acc, 0, ACCLEN);
249	if (access & ACC_READ)	249	if (access & DEVCG_ACC_READ)
250	acc[idx++] = 'r';	250	acc[idx++] = 'r';
251	if (access & ACC_WRITE)	251	if (access & DEVCG_ACC_WRITE)
252	acc[idx++] = 'w';	252	acc[idx++] = 'w';
253	if (access & ACC_MKNOD)	253	if (access & DEVCG_ACC_MKNOD)
254	acc[idx++] = 'm';	254	acc[idx++] = 'm';
255	}	255	}
256		256
257	static char type_to_char(short type)	257	static char type_to_char(short type)
258	{	258	{
259	if (type == DEV_ALL)	259	if (type == DEVCG_DEV_ALL)
260	return 'a';	260	return 'a';
261	if (type == DEV_CHAR)	261	if (type == DEVCG_DEV_CHAR)
262	return 'c';	262	return 'c';
263	if (type == DEV_BLOCK)	263	if (type == DEVCG_DEV_BLOCK)
264	return 'b';	264	return 'b';
265	return 'X';	265	return 'X';
266	}	266	}
@@ -287,10 +287,10 @@ static int devcgroup_seq_show(struct seq_file m, void v)
287	* This way, the file remains as a "whitelist of devices"	287	* This way, the file remains as a "whitelist of devices"
288	*/	288	*/
289	if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) {	289	if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) {
290	set_access(acc, ACC_MASK);	290	set_access(acc, DEVCG_ACC_MASK);
291	set_majmin(maj, ~0);	291	set_majmin(maj, ~0);
292	set_majmin(min, ~0);	292	set_majmin(min, ~0);
293	seq_printf(m, "%c %s:%s %s\n", type_to_char(DEV_ALL),	293	seq_printf(m, "%c %s:%s %s\n", type_to_char(DEVCG_DEV_ALL),
294	maj, min, acc);	294	maj, min, acc);
295	} else {	295	} else {
296	list_for_each_entry_rcu(ex, &devcgroup->exceptions, list) {	296	list_for_each_entry_rcu(ex, &devcgroup->exceptions, list) {
@@ -309,10 +309,10 @@ static int devcgroup_seq_show(struct seq_file m, void v)
309	/**	309	/**
310	* match_exception - iterates the exception list trying to find a complete match	310	* match_exception - iterates the exception list trying to find a complete match
311	* @exceptions: list of exceptions	311	* @exceptions: list of exceptions
312	* @type: device type (DEV_BLOCK or DEV_CHAR)	312	* @type: device type (DEVCG_DEV_BLOCK or DEVCG_DEV_CHAR)
313	* @major: device file major number, ~0 to match all	313	* @major: device file major number, ~0 to match all
314	* @minor: device file minor number, ~0 to match all	314	* @minor: device file minor number, ~0 to match all
315	* @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD)	315	* @access: permission mask (DEVCG_ACC_READ, DEVCG_ACC_WRITE, DEVCG_ACC_MKNOD)
316	*	316	*
317	* It is considered a complete match if an exception is found that will	317	* It is considered a complete match if an exception is found that will
318	* contain the entire range of provided parameters.	318	* contain the entire range of provided parameters.
@@ -325,9 +325,9 @@ static bool match_exception(struct list_head *exceptions, short type,
325	struct dev_exception_item *ex;	325	struct dev_exception_item *ex;
326		326
327	list_for_each_entry_rcu(ex, exceptions, list) {	327	list_for_each_entry_rcu(ex, exceptions, list) {
328	if ((type & DEV_BLOCK) && !(ex->type & DEV_BLOCK))	328	if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK))
329	continue;	329	continue;
330	if ((type & DEV_CHAR) && !(ex->type & DEV_CHAR))	330	if ((type & DEVCG_DEV_CHAR) && !(ex->type & DEVCG_DEV_CHAR))
331	continue;	331	continue;
332	if (ex->major != ~0 && ex->major != major)	332	if (ex->major != ~0 && ex->major != major)
333	continue;	333	continue;
@@ -344,10 +344,10 @@ static bool match_exception(struct list_head *exceptions, short type,
344	/**	344	/**
345	* match_exception_partial - iterates the exception list trying to find a partial match	345	* match_exception_partial - iterates the exception list trying to find a partial match
346	* @exceptions: list of exceptions	346	* @exceptions: list of exceptions
347	* @type: device type (DEV_BLOCK or DEV_CHAR)	347	* @type: device type (DEVCG_DEV_BLOCK or DEVCG_DEV_CHAR)
348	* @major: device file major number, ~0 to match all	348	* @major: device file major number, ~0 to match all
349	* @minor: device file minor number, ~0 to match all	349	* @minor: device file minor number, ~0 to match all
350	* @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD)	350	* @access: permission mask (DEVCG_ACC_READ, DEVCG_ACC_WRITE, DEVCG_ACC_MKNOD)
351	*	351	*
352	* It is considered a partial match if an exception's range is found to	352	* It is considered a partial match if an exception's range is found to
353	* contain any of the devices specified by provided parameters. This is	353	* contain any of the devices specified by provided parameters. This is
@@ -362,9 +362,9 @@ static bool match_exception_partial(struct list_head *exceptions, short type,
362	struct dev_exception_item *ex;	362	struct dev_exception_item *ex;
363		363
364	list_for_each_entry_rcu(ex, exceptions, list) {	364	list_for_each_entry_rcu(ex, exceptions, list) {
365	if ((type & DEV_BLOCK) && !(ex->type & DEV_BLOCK))	365	if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK))
366	continue;	366	continue;
367	if ((type & DEV_CHAR) && !(ex->type & DEV_CHAR))	367	if ((type & DEVCG_DEV_CHAR) && !(ex->type & DEVCG_DEV_CHAR))
368	continue;	368	continue;
369	/*	369	/*
370	* We must be sure that both the exception and the provided	370	* We must be sure that both the exception and the provided
@@ -647,10 +647,10 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup,
647	}	647	}
648	return 0;	648	return 0;
649	case 'b':	649	case 'b':
650	ex.type = DEV_BLOCK;	650	ex.type = DEVCG_DEV_BLOCK;
651	break;	651	break;
652	case 'c':	652	case 'c':
653	ex.type = DEV_CHAR;	653	ex.type = DEVCG_DEV_CHAR;
654	break;	654	break;
655	default:	655	default:
656	return -EINVAL;	656	return -EINVAL;
@@ -703,13 +703,13 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup,
703	for (b++, count = 0; count < 3; count++, b++) {	703	for (b++, count = 0; count < 3; count++, b++) {
704	switch (*b) {	704	switch (*b) {
705	case 'r':	705	case 'r':
706	ex.access \|= ACC_READ;	706	ex.access \|= DEVCG_ACC_READ;
707	break;	707	break;
708	case 'w':	708	case 'w':
709	ex.access \|= ACC_WRITE;	709	ex.access \|= DEVCG_ACC_WRITE;
710	break;	710	break;
711	case 'm':	711	case 'm':
712	ex.access \|= ACC_MKNOD;	712	ex.access \|= DEVCG_ACC_MKNOD;
713	break;	713	break;
714	case '\n':	714	case '\n':
715	case '\0':	715	case '\0':
@@ -806,7 +806,7 @@ struct cgroup_subsys devices_cgrp_subsys = {
806	* @type: device type	806	* @type: device type
807	* @major: device major number	807	* @major: device major number
808	* @minor: device minor number	808	* @minor: device minor number
809	* @access: combination of ACC_WRITE, ACC_READ and ACC_MKNOD	809	* @access: combination of DEVCG_ACC_WRITE, DEVCG_ACC_READ and DEVCG_ACC_MKNOD
810	*	810	*
811	* returns 0 on success, -EPERM case the operation is not permitted	811	* returns 0 on success, -EPERM case the operation is not permitted
812	*/	812	*/
@@ -839,13 +839,13 @@ int __devcgroup_inode_permission(struct inode *inode, int mask)
839	short type, access = 0;	839	short type, access = 0;
840		840
841	if (S_ISBLK(inode->i_mode))	841	if (S_ISBLK(inode->i_mode))
842	type = DEV_BLOCK;	842	type = DEVCG_DEV_BLOCK;
843	if (S_ISCHR(inode->i_mode))	843	if (S_ISCHR(inode->i_mode))
844	type = DEV_CHAR;	844	type = DEVCG_DEV_CHAR;
845	if (mask & MAY_WRITE)	845	if (mask & MAY_WRITE)
846	access \|= ACC_WRITE;	846	access \|= DEVCG_ACC_WRITE;
847	if (mask & MAY_READ)	847	if (mask & MAY_READ)
848	access \|= ACC_READ;	848	access \|= DEVCG_ACC_READ;
849		849
850	return __devcgroup_check_permission(type, imajor(inode), iminor(inode),	850	return __devcgroup_check_permission(type, imajor(inode), iminor(inode),
851	access);	851	access);
@@ -859,11 +859,11 @@ int devcgroup_inode_mknod(int mode, dev_t dev)
859	return 0;	859	return 0;
860		860
861	if (S_ISBLK(mode))	861	if (S_ISBLK(mode))
862	type = DEV_BLOCK;	862	type = DEVCG_DEV_BLOCK;
863	else	863	else
864	type = DEV_CHAR;	864	type = DEVCG_DEV_CHAR;
865		865
866	return __devcgroup_check_permission(type, MAJOR(dev), MINOR(dev),	866	return __devcgroup_check_permission(type, MAJOR(dev), MINOR(dev),
867	ACC_MKNOD);	867	DEVCG_ACC_MKNOD);
868		868
869	}	869	}