Re: [PATCH v4 4/9] devcg: expand may_access() logic

From: Serge E. Hallyn
Date: Wed Jan 30 2013 - 15:09:24 EST

Next message: Stephen Warren: "Re: [PATCH 4/4] pinctrl/abx500: destroy mutex if returning earlydue to error"
Previous message: Russell King: "BUG: circular locking dependency detected"
In reply to: aris: "[PATCH v4 4/9] devcg: expand may_access() logic"
Next in thread: aris: "[PATCH v4 2/9] devcg: reorder device exception functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting aris@xxxxxxxxxx (aris@xxxxxxxxxx):
> In order to make the next patch more clear, expand may_access() logic.
>
> v2: may_access() returns bool now
>
> Acked-by: Tejun Heo <tj@xxxxxxxxxx>
> Cc: Tejun Heo <tj@xxxxxxxxxx>
> Cc: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx>

Acked-by: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx>

> Signed-off-by: Aristeu Rozanski <aris@xxxxxxxxxx>
>
> ---
> security/device_cgroup.c | 21 ++++++++++++---------
> 1 file changed, 12 insertions(+), 9 deletions(-)
>
> --- github.orig/security/device_cgroup.c 2013-01-30 08:56:29.532063723 -0500
> +++ github/security/device_cgroup.c 2013-01-30 08:58:02.934460404 -0500
> @@ -355,8 +355,8 @@ return 0;
> * @dev_cgroup: dev cgroup to be tested against
> * @refex: new exception
> */
> -static int may_access(struct dev_cgroup *dev_cgroup,
> - struct dev_exception_item *refex)
> +static bool may_access(struct dev_cgroup *dev_cgroup,
> + struct dev_exception_item *refex)
> {
> struct dev_exception_item *ex;
> bool match = false;
> @@ -382,16 +382,19 @@ if (ex->minor != ~0 && ex->minor != re
>
> /*
> * In two cases we'll consider this new exception valid:
> - * - the dev cgroup has its default policy to allow + exception list:
> - * the new exception should *not* match any of the exceptions
> - * (behavior == DEVCG_DEFAULT_ALLOW, !match)
> * - the dev cgroup has its default policy to deny + exception list:
> * the new exception *should* match the exceptions
> - * (behavior == DEVCG_DEFAULT_DENY, match)
> + * - the dev cgroup has its default policy to allow + exception list:
> + * the new exception should *not* match any of the exceptions
> */
> - if ((dev_cgroup->behavior == DEVCG_DEFAULT_DENY) == match)
> - return 1;
> - return 0;
> + if (dev_cgroup->behavior == DEVCG_DEFAULT_DENY) {
> + if (match)
> + return true;
> + } else {
> + if (!match)
> + return true;
> + }
> + return false;
> }
>
> /*
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Warren: "Re: [PATCH 4/4] pinctrl/abx500: destroy mutex if returning earlydue to error"
Previous message: Russell King: "BUG: circular locking dependency detected"
In reply to: aris: "[PATCH v4 4/9] devcg: expand may_access() logic"
Next in thread: aris: "[PATCH v4 2/9] devcg: reorder device exception functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]