device_cgroup.c 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808
  1. /*
  2. * device_cgroup.c - device cgroup subsystem
  3. *
  4. * Copyright 2007 IBM Corp
  5. */
  6. #include <linux/device_cgroup.h>
  7. #include <linux/cgroup.h>
  8. #include <linux/ctype.h>
  9. #include <linux/list.h>
  10. #include <linux/uaccess.h>
  11. #include <linux/seq_file.h>
  12. #include <linux/slab.h>
  13. #include <linux/rcupdate.h>
  14. #include <linux/mutex.h>
  15. #define ACC_MKNOD 1
  16. #define ACC_READ 2
  17. #define ACC_WRITE 4
  18. #define ACC_MASK (ACC_MKNOD | ACC_READ | ACC_WRITE)
  19. #define DEV_BLOCK 1
  20. #define DEV_CHAR 2
  21. #define DEV_ALL 4 /* this represents all devices */
  22. static DEFINE_MUTEX(devcgroup_mutex);
  23. enum devcg_behavior {
  24. DEVCG_DEFAULT_NONE,
  25. DEVCG_DEFAULT_ALLOW,
  26. DEVCG_DEFAULT_DENY,
  27. };
  28. /*
  29. * exception list locking rules:
  30. * hold devcgroup_mutex for update/read.
  31. * hold rcu_read_lock() for read.
  32. */
  33. struct dev_exception_item {
  34. u32 major, minor;
  35. short type;
  36. short access;
  37. struct list_head list;
  38. struct rcu_head rcu;
  39. };
  40. struct dev_cgroup {
  41. struct cgroup_subsys_state css;
  42. struct list_head exceptions;
  43. enum devcg_behavior behavior;
  44. /* temporary list for pending propagation operations */
  45. struct list_head propagate_pending;
  46. };
  47. static inline struct dev_cgroup *css_to_devcgroup(struct cgroup_subsys_state *s)
  48. {
  49. return container_of(s, struct dev_cgroup, css);
  50. }
  51. static inline struct dev_cgroup *cgroup_to_devcgroup(struct cgroup *cgroup)
  52. {
  53. return css_to_devcgroup(cgroup_subsys_state(cgroup, devices_subsys_id));
  54. }
  55. static inline struct dev_cgroup *task_devcgroup(struct task_struct *task)
  56. {
  57. return css_to_devcgroup(task_subsys_state(task, devices_subsys_id));
  58. }
  59. struct cgroup_subsys devices_subsys;
  60. static int devcgroup_can_attach(struct cgroup *new_cgrp,
  61. struct cgroup_taskset *set)
  62. {
  63. struct task_struct *task = cgroup_taskset_first(set);
  64. if (current != task && !capable(CAP_SYS_ADMIN))
  65. return -EPERM;
  66. return 0;
  67. }
  68. /*
  69. * called under devcgroup_mutex
  70. */
  71. static int dev_exceptions_copy(struct list_head *dest, struct list_head *orig)
  72. {
  73. struct dev_exception_item *ex, *tmp, *new;
  74. lockdep_assert_held(&devcgroup_mutex);
  75. list_for_each_entry(ex, orig, list) {
  76. new = kmemdup(ex, sizeof(*ex), GFP_KERNEL);
  77. if (!new)
  78. goto free_and_exit;
  79. list_add_tail(&new->list, dest);
  80. }
  81. return 0;
  82. free_and_exit:
  83. list_for_each_entry_safe(ex, tmp, dest, list) {
  84. list_del(&ex->list);
  85. kfree(ex);
  86. }
  87. return -ENOMEM;
  88. }
  89. /*
  90. * called under devcgroup_mutex
  91. */
  92. static int dev_exception_add(struct dev_cgroup *dev_cgroup,
  93. struct dev_exception_item *ex)
  94. {
  95. struct dev_exception_item *excopy, *walk;
  96. lockdep_assert_held(&devcgroup_mutex);
  97. excopy = kmemdup(ex, sizeof(*ex), GFP_KERNEL);
  98. if (!excopy)
  99. return -ENOMEM;
  100. list_for_each_entry(walk, &dev_cgroup->exceptions, list) {
  101. if (walk->type != ex->type)
  102. continue;
  103. if (walk->major != ex->major)
  104. continue;
  105. if (walk->minor != ex->minor)
  106. continue;
  107. walk->access |= ex->access;
  108. kfree(excopy);
  109. excopy = NULL;
  110. }
  111. if (excopy != NULL)
  112. list_add_tail_rcu(&excopy->list, &dev_cgroup->exceptions);
  113. return 0;
  114. }
  115. /*
  116. * called under devcgroup_mutex
  117. */
  118. static void dev_exception_rm(struct dev_cgroup *dev_cgroup,
  119. struct dev_exception_item *ex)
  120. {
  121. struct dev_exception_item *walk, *tmp;
  122. lockdep_assert_held(&devcgroup_mutex);
  123. list_for_each_entry_safe(walk, tmp, &dev_cgroup->exceptions, list) {
  124. if (walk->type != ex->type)
  125. continue;
  126. if (walk->major != ex->major)
  127. continue;
  128. if (walk->minor != ex->minor)
  129. continue;
  130. walk->access &= ~ex->access;
  131. if (!walk->access) {
  132. list_del_rcu(&walk->list);
  133. kfree_rcu(walk, rcu);
  134. }
  135. }
  136. }
  137. static void __dev_exception_clean(struct dev_cgroup *dev_cgroup)
  138. {
  139. struct dev_exception_item *ex, *tmp;
  140. list_for_each_entry_safe(ex, tmp, &dev_cgroup->exceptions, list) {
  141. list_del_rcu(&ex->list);
  142. kfree_rcu(ex, rcu);
  143. }
  144. }
  145. /**
  146. * dev_exception_clean - frees all entries of the exception list
  147. * @dev_cgroup: dev_cgroup with the exception list to be cleaned
  148. *
  149. * called under devcgroup_mutex
  150. */
  151. static void dev_exception_clean(struct dev_cgroup *dev_cgroup)
  152. {
  153. lockdep_assert_held(&devcgroup_mutex);
  154. __dev_exception_clean(dev_cgroup);
  155. }
  156. static inline bool is_devcg_online(const struct dev_cgroup *devcg)
  157. {
  158. return (devcg->behavior != DEVCG_DEFAULT_NONE);
  159. }
  160. /**
  161. * devcgroup_online - initializes devcgroup's behavior and exceptions based on
  162. * parent's
  163. * @cgroup: cgroup getting online
  164. * returns 0 in case of success, error code otherwise
  165. */
  166. static int devcgroup_online(struct cgroup *cgroup)
  167. {
  168. struct dev_cgroup *dev_cgroup, *parent_dev_cgroup = NULL;
  169. int ret = 0;
  170. mutex_lock(&devcgroup_mutex);
  171. dev_cgroup = cgroup_to_devcgroup(cgroup);
  172. if (cgroup->parent)
  173. parent_dev_cgroup = cgroup_to_devcgroup(cgroup->parent);
  174. if (parent_dev_cgroup == NULL)
  175. dev_cgroup->behavior = DEVCG_DEFAULT_ALLOW;
  176. else {
  177. ret = dev_exceptions_copy(&dev_cgroup->exceptions,
  178. &parent_dev_cgroup->exceptions);
  179. if (!ret)
  180. dev_cgroup->behavior = parent_dev_cgroup->behavior;
  181. }
  182. mutex_unlock(&devcgroup_mutex);
  183. return ret;
  184. }
  185. static void devcgroup_offline(struct cgroup *cgroup)
  186. {
  187. struct dev_cgroup *dev_cgroup = cgroup_to_devcgroup(cgroup);
  188. mutex_lock(&devcgroup_mutex);
  189. dev_cgroup->behavior = DEVCG_DEFAULT_NONE;
  190. mutex_unlock(&devcgroup_mutex);
  191. }
  192. /*
  193. * called from kernel/cgroup.c with cgroup_lock() held.
  194. */
  195. static struct cgroup_subsys_state *devcgroup_css_alloc(struct cgroup *cgroup)
  196. {
  197. struct dev_cgroup *dev_cgroup;
  198. dev_cgroup = kzalloc(sizeof(*dev_cgroup), GFP_KERNEL);
  199. if (!dev_cgroup)
  200. return ERR_PTR(-ENOMEM);
  201. INIT_LIST_HEAD(&dev_cgroup->exceptions);
  202. INIT_LIST_HEAD(&dev_cgroup->propagate_pending);
  203. dev_cgroup->behavior = DEVCG_DEFAULT_NONE;
  204. return &dev_cgroup->css;
  205. }
  206. static void devcgroup_css_free(struct cgroup *cgroup)
  207. {
  208. struct dev_cgroup *dev_cgroup;
  209. dev_cgroup = cgroup_to_devcgroup(cgroup);
  210. __dev_exception_clean(dev_cgroup);
  211. kfree(dev_cgroup);
  212. }
  213. #define DEVCG_ALLOW 1
  214. #define DEVCG_DENY 2
  215. #define DEVCG_LIST 3
  216. #define MAJMINLEN 13
  217. #define ACCLEN 4
  218. static void set_access(char *acc, short access)
  219. {
  220. int idx = 0;
  221. memset(acc, 0, ACCLEN);
  222. if (access & ACC_READ)
  223. acc[idx++] = 'r';
  224. if (access & ACC_WRITE)
  225. acc[idx++] = 'w';
  226. if (access & ACC_MKNOD)
  227. acc[idx++] = 'm';
  228. }
  229. static char type_to_char(short type)
  230. {
  231. if (type == DEV_ALL)
  232. return 'a';
  233. if (type == DEV_CHAR)
  234. return 'c';
  235. if (type == DEV_BLOCK)
  236. return 'b';
  237. return 'X';
  238. }
  239. static void set_majmin(char *str, unsigned m)
  240. {
  241. if (m == ~0)
  242. strcpy(str, "*");
  243. else
  244. sprintf(str, "%u", m);
  245. }
  246. static int devcgroup_seq_read(struct cgroup *cgroup, struct cftype *cft,
  247. struct seq_file *m)
  248. {
  249. struct dev_cgroup *devcgroup = cgroup_to_devcgroup(cgroup);
  250. struct dev_exception_item *ex;
  251. char maj[MAJMINLEN], min[MAJMINLEN], acc[ACCLEN];
  252. rcu_read_lock();
  253. /*
  254. * To preserve the compatibility:
  255. * - Only show the "all devices" when the default policy is to allow
  256. * - List the exceptions in case the default policy is to deny
  257. * This way, the file remains as a "whitelist of devices"
  258. */
  259. if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) {
  260. set_access(acc, ACC_MASK);
  261. set_majmin(maj, ~0);
  262. set_majmin(min, ~0);
  263. seq_printf(m, "%c %s:%s %s\n", type_to_char(DEV_ALL),
  264. maj, min, acc);
  265. } else {
  266. list_for_each_entry_rcu(ex, &devcgroup->exceptions, list) {
  267. set_access(acc, ex->access);
  268. set_majmin(maj, ex->major);
  269. set_majmin(min, ex->minor);
  270. seq_printf(m, "%c %s:%s %s\n", type_to_char(ex->type),
  271. maj, min, acc);
  272. }
  273. }
  274. rcu_read_unlock();
  275. return 0;
  276. }
  277. /**
  278. * may_access - verifies if a new exception is part of what is allowed
  279. * by a dev cgroup based on the default policy +
  280. * exceptions. This is used to make sure a child cgroup
  281. * won't have more privileges than its parent or to
  282. * verify if a certain access is allowed.
  283. * @dev_cgroup: dev cgroup to be tested against
  284. * @refex: new exception
  285. * @behavior: behavior of the exception
  286. */
  287. static bool may_access(struct dev_cgroup *dev_cgroup,
  288. struct dev_exception_item *refex,
  289. enum devcg_behavior behavior)
  290. {
  291. struct dev_exception_item *ex;
  292. bool match = false;
  293. rcu_lockdep_assert(rcu_read_lock_held() ||
  294. lockdep_is_held(&devcgroup_mutex),
  295. "device_cgroup::may_access() called without proper synchronization");
  296. list_for_each_entry_rcu(ex, &dev_cgroup->exceptions, list) {
  297. if ((refex->type & DEV_BLOCK) && !(ex->type & DEV_BLOCK))
  298. continue;
  299. if ((refex->type & DEV_CHAR) && !(ex->type & DEV_CHAR))
  300. continue;
  301. if (ex->major != ~0 && ex->major != refex->major)
  302. continue;
  303. if (ex->minor != ~0 && ex->minor != refex->minor)
  304. continue;
  305. if (refex->access & (~ex->access))
  306. continue;
  307. match = true;
  308. break;
  309. }
  310. if (dev_cgroup->behavior == DEVCG_DEFAULT_ALLOW) {
  311. if (behavior == DEVCG_DEFAULT_ALLOW) {
  312. /* the exception will deny access to certain devices */
  313. return true;
  314. } else {
  315. /* the exception will allow access to certain devices */
  316. if (match)
  317. /*
  318. * a new exception allowing access shouldn't
  319. * match an parent's exception
  320. */
  321. return false;
  322. return true;
  323. }
  324. } else {
  325. /* only behavior == DEVCG_DEFAULT_DENY allowed here */
  326. if (match)
  327. /* parent has an exception that matches the proposed */
  328. return true;
  329. else
  330. return false;
  331. }
  332. return false;
  333. }
  334. /*
  335. * parent_has_perm:
  336. * when adding a new allow rule to a device exception list, the rule
  337. * must be allowed in the parent device
  338. */
  339. static int parent_has_perm(struct dev_cgroup *childcg,
  340. struct dev_exception_item *ex)
  341. {
  342. struct cgroup *pcg = childcg->css.cgroup->parent;
  343. struct dev_cgroup *parent;
  344. if (!pcg)
  345. return 1;
  346. parent = cgroup_to_devcgroup(pcg);
  347. return may_access(parent, ex, childcg->behavior);
  348. }
  349. /**
  350. * may_allow_all - checks if it's possible to change the behavior to
  351. * allow based on parent's rules.
  352. * @parent: device cgroup's parent
  353. * returns: != 0 in case it's allowed, 0 otherwise
  354. */
  355. static inline int may_allow_all(struct dev_cgroup *parent)
  356. {
  357. if (!parent)
  358. return 1;
  359. return parent->behavior == DEVCG_DEFAULT_ALLOW;
  360. }
  361. /**
  362. * revalidate_active_exceptions - walks through the active exception list and
  363. * revalidates the exceptions based on parent's
  364. * behavior and exceptions. The exceptions that
  365. * are no longer valid will be removed.
  366. * Called with devcgroup_mutex held.
  367. * @devcg: cgroup which exceptions will be checked
  368. *
  369. * This is one of the three key functions for hierarchy implementation.
  370. * This function is responsible for re-evaluating all the cgroup's active
  371. * exceptions due to a parent's exception change.
  372. * Refer to Documentation/cgroups/devices.txt for more details.
  373. */
  374. static void revalidate_active_exceptions(struct dev_cgroup *devcg)
  375. {
  376. struct dev_exception_item *ex;
  377. struct list_head *this, *tmp;
  378. list_for_each_safe(this, tmp, &devcg->exceptions) {
  379. ex = container_of(this, struct dev_exception_item, list);
  380. if (!parent_has_perm(devcg, ex))
  381. dev_exception_rm(devcg, ex);
  382. }
  383. }
  384. /**
  385. * get_online_devcg - walks the cgroup tree and fills a list with the online
  386. * groups
  387. * @root: cgroup used as starting point
  388. * @online: list that will be filled with online groups
  389. *
  390. * Must be called with devcgroup_mutex held. Grabs RCU lock.
  391. * Because devcgroup_mutex is held, no devcg will become online or offline
  392. * during the tree walk (see devcgroup_online, devcgroup_offline)
  393. * A separated list is needed because propagate_behavior() and
  394. * propagate_exception() need to allocate memory and can block.
  395. */
  396. static void get_online_devcg(struct cgroup *root, struct list_head *online)
  397. {
  398. struct cgroup *pos;
  399. struct dev_cgroup *devcg;
  400. lockdep_assert_held(&devcgroup_mutex);
  401. rcu_read_lock();
  402. cgroup_for_each_descendant_pre(pos, root) {
  403. devcg = cgroup_to_devcgroup(pos);
  404. if (is_devcg_online(devcg))
  405. list_add_tail(&devcg->propagate_pending, online);
  406. }
  407. rcu_read_unlock();
  408. }
  409. /**
  410. * propagate_exception - propagates a new exception to the children
  411. * @devcg_root: device cgroup that added a new exception
  412. * @ex: new exception to be propagated
  413. *
  414. * returns: 0 in case of success, != 0 in case of error
  415. */
  416. static int propagate_exception(struct dev_cgroup *devcg_root,
  417. struct dev_exception_item *ex)
  418. {
  419. struct cgroup *root = devcg_root->css.cgroup;
  420. struct dev_cgroup *devcg, *parent, *tmp;
  421. int rc = 0;
  422. LIST_HEAD(pending);
  423. get_online_devcg(root, &pending);
  424. list_for_each_entry_safe(devcg, tmp, &pending, propagate_pending) {
  425. parent = cgroup_to_devcgroup(devcg->css.cgroup->parent);
  426. /*
  427. * in case both root's behavior and devcg is allow, a new
  428. * restriction means adding to the exception list
  429. */
  430. if (devcg_root->behavior == DEVCG_DEFAULT_ALLOW &&
  431. devcg->behavior == DEVCG_DEFAULT_ALLOW) {
  432. rc = dev_exception_add(devcg, ex);
  433. if (rc)
  434. break;
  435. } else {
  436. /*
  437. * in the other possible cases:
  438. * root's behavior: allow, devcg's: deny
  439. * root's behavior: deny, devcg's: deny
  440. * the exception will be removed
  441. */
  442. dev_exception_rm(devcg, ex);
  443. }
  444. revalidate_active_exceptions(devcg);
  445. list_del_init(&devcg->propagate_pending);
  446. }
  447. return rc;
  448. }
  449. static inline bool has_children(struct dev_cgroup *devcgroup)
  450. {
  451. struct cgroup *cgrp = devcgroup->css.cgroup;
  452. return !list_empty(&cgrp->children);
  453. }
  454. /*
  455. * Modify the exception list using allow/deny rules.
  456. * CAP_SYS_ADMIN is needed for this. It's at least separate from CAP_MKNOD
  457. * so we can give a container CAP_MKNOD to let it create devices but not
  458. * modify the exception list.
  459. * It seems likely we'll want to add a CAP_CONTAINER capability to allow
  460. * us to also grant CAP_SYS_ADMIN to containers without giving away the
  461. * device exception list controls, but for now we'll stick with CAP_SYS_ADMIN
  462. *
  463. * Taking rules away is always allowed (given CAP_SYS_ADMIN). Granting
  464. * new access is only allowed if you're in the top-level cgroup, or your
  465. * parent cgroup has the access you're asking for.
  466. */
  467. static int devcgroup_update_access(struct dev_cgroup *devcgroup,
  468. int filetype, const char *buffer)
  469. {
  470. const char *b;
  471. char temp[12]; /* 11 + 1 characters needed for a u32 */
  472. int count, rc = 0;
  473. struct dev_exception_item ex;
  474. struct cgroup *p = devcgroup->css.cgroup;
  475. struct dev_cgroup *parent = NULL;
  476. if (!capable(CAP_SYS_ADMIN))
  477. return -EPERM;
  478. if (p->parent)
  479. parent = cgroup_to_devcgroup(p->parent);
  480. memset(&ex, 0, sizeof(ex));
  481. b = buffer;
  482. switch (*b) {
  483. case 'a':
  484. switch (filetype) {
  485. case DEVCG_ALLOW:
  486. if (has_children(devcgroup))
  487. return -EINVAL;
  488. if (!may_allow_all(parent))
  489. return -EPERM;
  490. dev_exception_clean(devcgroup);
  491. devcgroup->behavior = DEVCG_DEFAULT_ALLOW;
  492. if (!parent)
  493. break;
  494. rc = dev_exceptions_copy(&devcgroup->exceptions,
  495. &parent->exceptions);
  496. if (rc)
  497. return rc;
  498. break;
  499. case DEVCG_DENY:
  500. if (has_children(devcgroup))
  501. return -EINVAL;
  502. dev_exception_clean(devcgroup);
  503. devcgroup->behavior = DEVCG_DEFAULT_DENY;
  504. break;
  505. default:
  506. return -EINVAL;
  507. }
  508. return 0;
  509. case 'b':
  510. ex.type = DEV_BLOCK;
  511. break;
  512. case 'c':
  513. ex.type = DEV_CHAR;
  514. break;
  515. default:
  516. return -EINVAL;
  517. }
  518. b++;
  519. if (!isspace(*b))
  520. return -EINVAL;
  521. b++;
  522. if (*b == '*') {
  523. ex.major = ~0;
  524. b++;
  525. } else if (isdigit(*b)) {
  526. memset(temp, 0, sizeof(temp));
  527. for (count = 0; count < sizeof(temp) - 1; count++) {
  528. temp[count] = *b;
  529. b++;
  530. if (!isdigit(*b))
  531. break;
  532. }
  533. rc = kstrtou32(temp, 10, &ex.major);
  534. if (rc)
  535. return -EINVAL;
  536. } else {
  537. return -EINVAL;
  538. }
  539. if (*b != ':')
  540. return -EINVAL;
  541. b++;
  542. /* read minor */
  543. if (*b == '*') {
  544. ex.minor = ~0;
  545. b++;
  546. } else if (isdigit(*b)) {
  547. memset(temp, 0, sizeof(temp));
  548. for (count = 0; count < sizeof(temp) - 1; count++) {
  549. temp[count] = *b;
  550. b++;
  551. if (!isdigit(*b))
  552. break;
  553. }
  554. rc = kstrtou32(temp, 10, &ex.minor);
  555. if (rc)
  556. return -EINVAL;
  557. } else {
  558. return -EINVAL;
  559. }
  560. if (!isspace(*b))
  561. return -EINVAL;
  562. for (b++, count = 0; count < 3; count++, b++) {
  563. switch (*b) {
  564. case 'r':
  565. ex.access |= ACC_READ;
  566. break;
  567. case 'w':
  568. ex.access |= ACC_WRITE;
  569. break;
  570. case 'm':
  571. ex.access |= ACC_MKNOD;
  572. break;
  573. case '\n':
  574. case '\0':
  575. count = 3;
  576. break;
  577. default:
  578. return -EINVAL;
  579. }
  580. }
  581. switch (filetype) {
  582. case DEVCG_ALLOW:
  583. if (!parent_has_perm(devcgroup, &ex))
  584. return -EPERM;
  585. /*
  586. * If the default policy is to allow by default, try to remove
  587. * an matching exception instead. And be silent about it: we
  588. * don't want to break compatibility
  589. */
  590. if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) {
  591. dev_exception_rm(devcgroup, &ex);
  592. return 0;
  593. }
  594. rc = dev_exception_add(devcgroup, &ex);
  595. break;
  596. case DEVCG_DENY:
  597. /*
  598. * If the default policy is to deny by default, try to remove
  599. * an matching exception instead. And be silent about it: we
  600. * don't want to break compatibility
  601. */
  602. if (devcgroup->behavior == DEVCG_DEFAULT_DENY)
  603. dev_exception_rm(devcgroup, &ex);
  604. else
  605. rc = dev_exception_add(devcgroup, &ex);
  606. if (rc)
  607. break;
  608. /* we only propagate new restrictions */
  609. rc = propagate_exception(devcgroup, &ex);
  610. break;
  611. default:
  612. rc = -EINVAL;
  613. }
  614. return rc;
  615. }
  616. static int devcgroup_access_write(struct cgroup *cgrp, struct cftype *cft,
  617. const char *buffer)
  618. {
  619. int retval;
  620. mutex_lock(&devcgroup_mutex);
  621. retval = devcgroup_update_access(cgroup_to_devcgroup(cgrp),
  622. cft->private, buffer);
  623. mutex_unlock(&devcgroup_mutex);
  624. return retval;
  625. }
  626. static struct cftype dev_cgroup_files[] = {
  627. {
  628. .name = "allow",
  629. .write_string = devcgroup_access_write,
  630. .private = DEVCG_ALLOW,
  631. },
  632. {
  633. .name = "deny",
  634. .write_string = devcgroup_access_write,
  635. .private = DEVCG_DENY,
  636. },
  637. {
  638. .name = "list",
  639. .read_seq_string = devcgroup_seq_read,
  640. .private = DEVCG_LIST,
  641. },
  642. { } /* terminate */
  643. };
  644. struct cgroup_subsys devices_subsys = {
  645. .name = "devices",
  646. .can_attach = devcgroup_can_attach,
  647. .css_alloc = devcgroup_css_alloc,
  648. .css_free = devcgroup_css_free,
  649. .css_online = devcgroup_online,
  650. .css_offline = devcgroup_offline,
  651. .subsys_id = devices_subsys_id,
  652. .base_cftypes = dev_cgroup_files,
  653. };
  654. /**
  655. * __devcgroup_check_permission - checks if an inode operation is permitted
  656. * @dev_cgroup: the dev cgroup to be tested against
  657. * @type: device type
  658. * @major: device major number
  659. * @minor: device minor number
  660. * @access: combination of ACC_WRITE, ACC_READ and ACC_MKNOD
  661. *
  662. * returns 0 on success, -EPERM case the operation is not permitted
  663. */
  664. static int __devcgroup_check_permission(short type, u32 major, u32 minor,
  665. short access)
  666. {
  667. struct dev_cgroup *dev_cgroup;
  668. struct dev_exception_item ex;
  669. int rc;
  670. memset(&ex, 0, sizeof(ex));
  671. ex.type = type;
  672. ex.major = major;
  673. ex.minor = minor;
  674. ex.access = access;
  675. rcu_read_lock();
  676. dev_cgroup = task_devcgroup(current);
  677. rc = may_access(dev_cgroup, &ex, dev_cgroup->behavior);
  678. rcu_read_unlock();
  679. if (!rc)
  680. return -EPERM;
  681. return 0;
  682. }
  683. int __devcgroup_inode_permission(struct inode *inode, int mask)
  684. {
  685. short type, access = 0;
  686. if (S_ISBLK(inode->i_mode))
  687. type = DEV_BLOCK;
  688. if (S_ISCHR(inode->i_mode))
  689. type = DEV_CHAR;
  690. if (mask & MAY_WRITE)
  691. access |= ACC_WRITE;
  692. if (mask & MAY_READ)
  693. access |= ACC_READ;
  694. return __devcgroup_check_permission(type, imajor(inode), iminor(inode),
  695. access);
  696. }
  697. int devcgroup_inode_mknod(int mode, dev_t dev)
  698. {
  699. short type;
  700. if (!S_ISBLK(mode) && !S_ISCHR(mode))
  701. return 0;
  702. if (S_ISBLK(mode))
  703. type = DEV_BLOCK;
  704. else
  705. type = DEV_CHAR;
  706. return __devcgroup_check_permission(type, MAJOR(dev), MINOR(dev),
  707. ACC_MKNOD);
  708. }