diff options
Diffstat (limited to 'security/device_cgroup.c')
| -rw-r--r-- | security/device_cgroup.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 4b877a92a7ea..e3ce02a00ffc 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c | |||
| @@ -42,6 +42,7 @@ struct dev_whitelist_item { | |||
| 42 | struct dev_cgroup { | 42 | struct dev_cgroup { |
| 43 | struct cgroup_subsys_state css; | 43 | struct cgroup_subsys_state css; |
| 44 | struct list_head whitelist; | 44 | struct list_head whitelist; |
| 45 | bool deny_all; | ||
| 45 | }; | 46 | }; |
| 46 | 47 | ||
| 47 | static inline struct dev_cgroup *css_to_devcgroup(struct cgroup_subsys_state *s) | 48 | static inline struct dev_cgroup *css_to_devcgroup(struct cgroup_subsys_state *s) |
| @@ -178,12 +179,14 @@ static struct cgroup_subsys_state *devcgroup_create(struct cgroup *cgroup) | |||
| 178 | wh->minor = wh->major = ~0; | 179 | wh->minor = wh->major = ~0; |
| 179 | wh->type = DEV_ALL; | 180 | wh->type = DEV_ALL; |
| 180 | wh->access = ACC_MASK; | 181 | wh->access = ACC_MASK; |
| 182 | dev_cgroup->deny_all = false; | ||
| 181 | list_add(&wh->list, &dev_cgroup->whitelist); | 183 | list_add(&wh->list, &dev_cgroup->whitelist); |
| 182 | } else { | 184 | } else { |
| 183 | parent_dev_cgroup = cgroup_to_devcgroup(parent_cgroup); | 185 | parent_dev_cgroup = cgroup_to_devcgroup(parent_cgroup); |
| 184 | mutex_lock(&devcgroup_mutex); | 186 | mutex_lock(&devcgroup_mutex); |
| 185 | ret = dev_whitelist_copy(&dev_cgroup->whitelist, | 187 | ret = dev_whitelist_copy(&dev_cgroup->whitelist, |
| 186 | &parent_dev_cgroup->whitelist); | 188 | &parent_dev_cgroup->whitelist); |
| 189 | dev_cgroup->deny_all = parent_dev_cgroup->deny_all; | ||
| 187 | mutex_unlock(&devcgroup_mutex); | 190 | mutex_unlock(&devcgroup_mutex); |
| 188 | if (ret) { | 191 | if (ret) { |
| 189 | kfree(dev_cgroup); | 192 | kfree(dev_cgroup); |
| @@ -409,9 +412,11 @@ handle: | |||
| 409 | case DEVCG_ALLOW: | 412 | case DEVCG_ALLOW: |
| 410 | if (!parent_has_perm(devcgroup, &wh)) | 413 | if (!parent_has_perm(devcgroup, &wh)) |
| 411 | return -EPERM; | 414 | return -EPERM; |
| 415 | devcgroup->deny_all = false; | ||
| 412 | return dev_whitelist_add(devcgroup, &wh); | 416 | return dev_whitelist_add(devcgroup, &wh); |
| 413 | case DEVCG_DENY: | 417 | case DEVCG_DENY: |
| 414 | dev_whitelist_rm(devcgroup, &wh); | 418 | dev_whitelist_rm(devcgroup, &wh); |
| 419 | devcgroup->deny_all = true; | ||
| 415 | break; | 420 | break; |
| 416 | default: | 421 | default: |
| 417 | return -EINVAL; | 422 | return -EINVAL; |