return may_access(parent, ex);
}
+/**
+ * may_allow_all - checks if it's possible to change the behavior to
+ * allow based on parent's rules.
+ * @parent: device cgroup's parent
+ * returns: != 0 in case it's allowed, 0 otherwise
+ */
+static inline int may_allow_all(struct dev_cgroup *parent)
+{
+ return parent->behavior == DEVCG_DEFAULT_ALLOW;
+}
+
/*
* Modify the exception list using allow/deny rules.
* CAP_SYS_ADMIN is needed for this. It's at least separate from CAP_MKNOD
int filetype, const char *buffer)
{
const char *b;
- char *endp;
- int count;
+ char temp[12]; /* 11 + 1 characters needed for a u32 */
+ int count, rc;
struct dev_exception_item ex;
+ struct cgroup *p = devcgroup->css.cgroup;
+ struct dev_cgroup *parent = cgroup_to_devcgroup(p->parent);
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
case 'a':
switch (filetype) {
case DEVCG_ALLOW:
- if (!parent_has_perm(devcgroup, &ex))
+ if (!may_allow_all(parent))
return -EPERM;
dev_exception_clean(devcgroup);
+ rc = dev_exceptions_copy(&devcgroup->exceptions,
+ &parent->exceptions);
+ if (rc)
+ return rc;
devcgroup->behavior = DEVCG_DEFAULT_ALLOW;
break;
case DEVCG_DENY:
ex.major = ~0;
b++;
} else if (isdigit(*b)) {
- ex.major = simple_strtoul(b, &endp, 10);
- b = endp;
+ memset(temp, 0, sizeof(temp));
+ for (count = 0; count < sizeof(temp) - 1; count++) {
+ temp[count] = *b;
+ b++;
+ if (!isdigit(*b))
+ break;
+ }
+ rc = kstrtou32(temp, 10, &ex.major);
+ if (rc)
+ return -EINVAL;
} else {
return -EINVAL;
}
ex.minor = ~0;
b++;
} else if (isdigit(*b)) {
- ex.minor = simple_strtoul(b, &endp, 10);
- b = endp;
+ memset(temp, 0, sizeof(temp));
+ for (count = 0; count < sizeof(temp) - 1; count++) {
+ temp[count] = *b;
+ b++;
+ if (!isdigit(*b))
+ break;
+ }
+ rc = kstrtou32(temp, 10, &ex.minor);
+ if (rc)
+ return -EINVAL;
} else {
return -EINVAL;
}
projects / karo-tx-linux.git / blobdiff