0001
0002 #include <linux/fs.h>
0003
0004 #define DEVCG_ACC_MKNOD 1
0005 #define DEVCG_ACC_READ 2
0006 #define DEVCG_ACC_WRITE 4
0007 #define DEVCG_ACC_MASK (DEVCG_ACC_MKNOD | DEVCG_ACC_READ | DEVCG_ACC_WRITE)
0008
0009 #define DEVCG_DEV_BLOCK 1
0010 #define DEVCG_DEV_CHAR 2
0011 #define DEVCG_DEV_ALL 4
0012
0013
0014 #if defined(CONFIG_CGROUP_DEVICE) || defined(CONFIG_CGROUP_BPF)
0015 int devcgroup_check_permission(short type, u32 major, u32 minor,
0016 short access);
0017 static inline int devcgroup_inode_permission(struct inode *inode, int mask)
0018 {
0019 short type, access = 0;
0020
0021 if (likely(!inode->i_rdev))
0022 return 0;
0023
0024 if (S_ISBLK(inode->i_mode))
0025 type = DEVCG_DEV_BLOCK;
0026 else if (S_ISCHR(inode->i_mode))
0027 type = DEVCG_DEV_CHAR;
0028 else
0029 return 0;
0030
0031 if (mask & MAY_WRITE)
0032 access |= DEVCG_ACC_WRITE;
0033 if (mask & MAY_READ)
0034 access |= DEVCG_ACC_READ;
0035
0036 return devcgroup_check_permission(type, imajor(inode), iminor(inode),
0037 access);
0038 }
0039
0040 static inline int devcgroup_inode_mknod(int mode, dev_t dev)
0041 {
0042 short type;
0043
0044 if (!S_ISBLK(mode) && !S_ISCHR(mode))
0045 return 0;
0046
0047 if (S_ISCHR(mode) && dev == WHITEOUT_DEV)
0048 return 0;
0049
0050 if (S_ISBLK(mode))
0051 type = DEVCG_DEV_BLOCK;
0052 else
0053 type = DEVCG_DEV_CHAR;
0054
0055 return devcgroup_check_permission(type, MAJOR(dev), MINOR(dev),
0056 DEVCG_ACC_MKNOD);
0057 }
0058
0059 #else
0060 static inline int devcgroup_check_permission(short type, u32 major, u32 minor,
0061 short access)
0062 { return 0; }
0063 static inline int devcgroup_inode_permission(struct inode *inode, int mask)
0064 { return 0; }
0065 static inline int devcgroup_inode_mknod(int mode, dev_t dev)
0066 { return 0; }
0067 #endif
