linux/security/device_cgroup.c
<<
>>
Prefs
   1/*
   2 * device_cgroup.c - device cgroup subsystem
   3 *
   4 * Copyright 2007 IBM Corp
   5 */
   6
   7#include <linux/device_cgroup.h>
   8#include <linux/cgroup.h>
   9#include <linux/ctype.h>
  10#include <linux/list.h>
  11#include <linux/uaccess.h>
  12#include <linux/seq_file.h>
  13#include <linux/slab.h>
  14#include <linux/rcupdate.h>
  15#include <linux/mutex.h>
  16
  17#define ACC_MKNOD 1
  18#define ACC_READ  2
  19#define ACC_WRITE 4
  20#define ACC_MASK (ACC_MKNOD | ACC_READ | ACC_WRITE)
  21
  22#define DEV_BLOCK 1
  23#define DEV_CHAR  2
  24#define DEV_ALL   4  /* this represents all devices */
  25
  26static DEFINE_MUTEX(devcgroup_mutex);
  27
  28/*
  29 * exception list locking rules:
  30 * hold devcgroup_mutex for update/read.
  31 * hold rcu_read_lock() for read.
  32 */
  33
  34struct dev_exception_item {
  35        u32 major, minor;
  36        short type;
  37        short access;
  38        struct list_head list;
  39        struct rcu_head rcu;
  40};
  41
  42struct dev_cgroup {
  43        struct cgroup_subsys_state css;
  44        struct list_head exceptions;
  45        enum {
  46                DEVCG_DEFAULT_ALLOW,
  47                DEVCG_DEFAULT_DENY,
  48        } behavior;
  49};
  50
  51static inline struct dev_cgroup *css_to_devcgroup(struct cgroup_subsys_state *s)
  52{
  53        return container_of(s, struct dev_cgroup, css);
  54}
  55
  56static inline struct dev_cgroup *cgroup_to_devcgroup(struct cgroup *cgroup)
  57{
  58        return css_to_devcgroup(cgroup_subsys_state(cgroup, devices_subsys_id));
  59}
  60
  61static inline struct dev_cgroup *task_devcgroup(struct task_struct *task)
  62{
  63        return css_to_devcgroup(task_subsys_state(task, devices_subsys_id));
  64}
  65
  66struct cgroup_subsys devices_subsys;
  67
  68static int devcgroup_can_attach(struct cgroup *new_cgrp,
  69                                struct cgroup_taskset *set)
  70{
  71        struct task_struct *task = cgroup_taskset_first(set);
  72
  73        if (current != task && !capable(CAP_SYS_ADMIN))
  74                return -EPERM;
  75        return 0;
  76}
  77
  78/*
  79 * called under devcgroup_mutex
  80 */
  81static int dev_exceptions_copy(struct list_head *dest, struct list_head *orig)
  82{
  83        struct dev_exception_item *ex, *tmp, *new;
  84
  85        list_for_each_entry(ex, orig, list) {
  86                new = kmemdup(ex, sizeof(*ex), GFP_KERNEL);
  87                if (!new)
  88                        goto free_and_exit;
  89                list_add_tail(&new->list, dest);
  90        }
  91
  92        return 0;
  93
  94free_and_exit:
  95        list_for_each_entry_safe(ex, tmp, dest, list) {
  96                list_del(&ex->list);
  97                kfree(ex);
  98        }
  99        return -ENOMEM;
 100}
 101
 102/*
 103 * called under devcgroup_mutex
 104 */
 105static int dev_exception_add(struct dev_cgroup *dev_cgroup,
 106                             struct dev_exception_item *ex)
 107{
 108        struct dev_exception_item *excopy, *walk;
 109
 110        excopy = kmemdup(ex, sizeof(*ex), GFP_KERNEL);
 111        if (!excopy)
 112                return -ENOMEM;
 113
 114        list_for_each_entry(walk, &dev_cgroup->exceptions, list) {
 115                if (walk->type != ex->type)
 116                        continue;
 117                if (walk->major != ex->major)
 118                        continue;
 119                if (walk->minor != ex->minor)
 120                        continue;
 121
 122                walk->access |= ex->access;
 123                kfree(excopy);
 124                excopy = NULL;
 125        }
 126
 127        if (excopy != NULL)
 128                list_add_tail_rcu(&excopy->list, &dev_cgroup->exceptions);
 129        return 0;
 130}
 131
 132/*
 133 * called under devcgroup_mutex
 134 */
 135static void dev_exception_rm(struct dev_cgroup *dev_cgroup,
 136                             struct dev_exception_item *ex)
 137{
 138        struct dev_exception_item *walk, *tmp;
 139
 140        list_for_each_entry_safe(walk, tmp, &dev_cgroup->exceptions, list) {
 141                if (walk->type != ex->type)
 142                        continue;
 143                if (walk->major != ex->major)
 144                        continue;
 145                if (walk->minor != ex->minor)
 146                        continue;
 147
 148                walk->access &= ~ex->access;
 149                if (!walk->access) {
 150                        list_del_rcu(&walk->list);
 151                        kfree_rcu(walk, rcu);
 152                }
 153        }
 154}
 155
 156/**
 157 * dev_exception_clean - frees all entries of the exception list
 158 * @dev_cgroup: dev_cgroup with the exception list to be cleaned
 159 *
 160 * called under devcgroup_mutex
 161 */
 162static void dev_exception_clean(struct dev_cgroup *dev_cgroup)
 163{
 164        struct dev_exception_item *ex, *tmp;
 165
 166        list_for_each_entry_safe(ex, tmp, &dev_cgroup->exceptions, list) {
 167                list_del_rcu(&ex->list);
 168                kfree_rcu(ex, rcu);
 169        }
 170}
 171
 172/*
 173 * called from kernel/cgroup.c with cgroup_lock() held.
 174 */
 175static struct cgroup_subsys_state *devcgroup_create(struct cgroup *cgroup)
 176{
 177        struct dev_cgroup *dev_cgroup, *parent_dev_cgroup;
 178        struct cgroup *parent_cgroup;
 179        int ret;
 180
 181        dev_cgroup = kzalloc(sizeof(*dev_cgroup), GFP_KERNEL);
 182        if (!dev_cgroup)
 183                return ERR_PTR(-ENOMEM);
 184        INIT_LIST_HEAD(&dev_cgroup->exceptions);
 185        parent_cgroup = cgroup->parent;
 186
 187        if (parent_cgroup == NULL)
 188                dev_cgroup->behavior = DEVCG_DEFAULT_ALLOW;
 189        else {
 190                parent_dev_cgroup = cgroup_to_devcgroup(parent_cgroup);
 191                mutex_lock(&devcgroup_mutex);
 192                ret = dev_exceptions_copy(&dev_cgroup->exceptions,
 193                                          &parent_dev_cgroup->exceptions);
 194                dev_cgroup->behavior = parent_dev_cgroup->behavior;
 195                mutex_unlock(&devcgroup_mutex);
 196                if (ret) {
 197                        kfree(dev_cgroup);
 198                        return ERR_PTR(ret);
 199                }
 200        }
 201
 202        return &dev_cgroup->css;
 203}
 204
 205static void devcgroup_destroy(struct cgroup *cgroup)
 206{
 207        struct dev_cgroup *dev_cgroup;
 208
 209        dev_cgroup = cgroup_to_devcgroup(cgroup);
 210        dev_exception_clean(dev_cgroup);
 211        kfree(dev_cgroup);
 212}
 213
 214#define DEVCG_ALLOW 1
 215#define DEVCG_DENY 2
 216#define DEVCG_LIST 3
 217
 218#define MAJMINLEN 13
 219#define ACCLEN 4
 220
 221static void set_access(char *acc, short access)
 222{
 223        int idx = 0;
 224        memset(acc, 0, ACCLEN);
 225        if (access & ACC_READ)
 226                acc[idx++] = 'r';
 227        if (access & ACC_WRITE)
 228                acc[idx++] = 'w';
 229        if (access & ACC_MKNOD)
 230                acc[idx++] = 'm';
 231}
 232
 233static char type_to_char(short type)
 234{
 235        if (type == DEV_ALL)
 236                return 'a';
 237        if (type == DEV_CHAR)
 238                return 'c';
 239        if (type == DEV_BLOCK)
 240                return 'b';
 241        return 'X';
 242}
 243
 244static void set_majmin(char *str, unsigned m)
 245{
 246        if (m == ~0)
 247                strcpy(str, "*");
 248        else
 249                if (! 236> */fg">"*"6> */f/a>, "*");
);
 240    2                    121    2                    202    2           }
devcgroup_can_attseq_r+code=orig" class=up_can_attseq_r+cosref">cgroup *cgroup)
list_head *)
 202
list_head *)
 244}
 235
typeref">dev_cgroup *dev_cgroup;
cgroup_to_devcgroup(cgroup);
 216/**
typeref">dev_cgroup * *ex, *tmp 216      class="comment"> * dev_2xcept25" class="srefref">type_to_char++] = st+] = idx++] =  216      class="comment"> * @dev2cgrou2509" id="L209" class="line" name="L209"> 209 *
dev_cgroup = rcu_r+co href="+code=devcgrorcu_r+co hrefgroup id="L210" class="line" name="L210"> 210 * call2d und26clean" class="curity/device_cgroup.c#L173" id="L173" class="line" name="L173"> 121 */
 121    2c void accwa hregroup.a hre" namsgroup. whena hredefault policy isvicep" cwL173" id="L173" class="line" name="L173"> 121
 121}
 121
 126    2   m == ~0)
behavior = DEVCG_DEFAULT_ALLOW;
 127    2           list_del_rcuacc0, ACC_MKNOD)
 218    2           kfree_rcu(strtype_to_char+,7" iid="L210" class="line" name="L210"> 218 23r *strtype_to_charst,7" iid="L210" class="line" name="L210"> 210}
acc["*"eq_6> */f">strtype_to_char);
);
(short tyLL)
 201
kfr>[+,7type_to_charst,70, Aiid="L210" class="line" name="L210"> 210    2 class="comment">/*
 123 * call2d fro27 class="sref">kfree(e href="+code=ex" class= class="sref">e hrf">tyLL)
rcu);="sref">devcgroup_mutex);ode=dev_cgroup" clgroup" cla>behavior = list) {
 124 */
acc0, ACC_MKNOD)
access;
 210
ref">kfree_rcu(strtype_to_char+,7_MKNOD)
access;
 210    2href="security/device_cg2oup.c27href="security/device_cgroup. name="L236"> 23r *strtype_to_charst,7_MKNOD)
access;
 210    2   struct kfree("*"eq_6> */f">strtype_to_char);
);
(short tyLL)
type)
 201    2   struct kfree(+,7type_to_charst,70, Aiid="L210" class="line" name="L210"> 210 200
 201    2   dev_cgroup = rcu_r+co ; 212    2   if (! 233    2           return  124    2    125    2    126
 127    2   if ( 128    2            128li. Thisvisvused tofmake sure a child group" c59" id="L159" class="line" name="L159"> 120    2            120    2            122    2            123    2                        2     29kernel/cgroup.c with cgroup_lo@58"ex: newef="securiL158" id="L158" class="line" name="L158"> 123    2            125    2           devcgromays="srefvice_cgroup.c#L2ays="sref">accref">dev_cgroup *dev_cgroup,
 126    2           if (retdev_cgroup * *ex, * 247    2                    128    2                   retur2 cgroup *ex, *tmp 219    2           }
dev_cgroup = boolde=parent_dev_cgoolss="s="sref">devcgromatchvice_cgroup.c#L2atch class="sref">cgroup_tfalsy/device_cgroup.falsyp 230    3   }
 231
dev_cgroup = e=ex" class="sref">e href="+code=ex" class= class="sref">e hrf">tyLL)
rcu);="sref">devcgroup_mutexa href="+code=css" class="sref">css;
list) {
 132    3   return &ret == ~0;
 != ex-f">ACC_MKNOD)
ACf">ACC!yLL)
type)
ACC_MKNOD)
 233}
 134
 != ex-f">ACC_MKNOD)
ACf">ACC!yLL)
type)
ACC_MKNOD)
 2335/a>
ref">kfrc#L147" id="L147" class="line" name="L147"> 1346/a>
ret) {
access;
ACf">ACC{
access;
 !=  137    3   struct kfree 1348/a>    3                   retur3up.c#30f="+code=ERR_PTR" claa>) {
access;
ex->~0-f">ACf">ACC{
access;
ex-> !=  139    3   kfree 130    3   acc[) {
 != ACC(t;access;
 231    3   kfrc#L147" id="L147" class="line" name="L147"> 130    3href="security/device_cg3oup.c31lass="sref">ret = cgroup_tcgry/device_cgroup.cgryp 233
 233
 135#def3ne  136#def3ne  137
 138#def3ne  138    3ne  130
 130    3c void  132{
 130
 130
 135    3   if (accessev_cgroup);
behavior = DEVCG_DEFAULT_ALLOWDEVCG_DEmatchvice_cgroup.c#L2atch claid="L245" class="line" name="L245"> 236    3           acc[ 237    3   if (acc#L130" id="L130" class="line" name="L130"> 138    3            139    3   if ( 130    3           
 131}
 132
 132

< e" namL173" id="L173" class="line" name="L173"> 132
 135    3   if (devcgroehaviorhas_permvice_cgroup.c#Lehaviorhas_perm">accref">dev_cgroup *dev_cgroup,
 136    3           return 'a'cgroup *ex, *tmp 237    3   if ( 138    3           return cgroup *cgroup)
cgroup_tohildcgode=dev_cgroup"childcg36" /a>;
 *cgroarent;
 139    3   if (typeref">dev_cgroup *dev_cgroup,
 130    3           return  231    3   return dev_cgroup)
 232}
ret =c#L130"1id="L210" class="line" name="L210"> 233
cgroup_to_devcgroup(parent_cgroup 233
ERR_PTR(accv_cgroup,
)
aiid="L210" class="line" name="L210"> 233    3href="security/device_cg3oup.c3L246" id="L155" class="line" name="L155"> 136    3   if ( 137    3            138    3   else
 139    3           if (! 130    3                    130    3                   ERR_s:->0cla caseaitoup.cs p" cwc#,t0co hrrwismL173" id="L173" class="line" name="L173"> 132    3           }
 132
devcgromays=" cws=" vice_cgroup.c#L2ays=" cws=" ">accref">dev_cgroup *dev_cgroup,
 234}
 235
accessev_cgroup)
 234    3 class="comment">/**
acc[ 236    3 class="comment"> * dev_3xcept35ass="sref">acc#L130"v_cgroup)
behavior = DEVCG_DEFAULT_ALLOW;
 236    3 class="comment"> * @dev3cgrou35lass=id="L155" class="line" name="L155"> 139 *
 130 * call3d und36 devcgroup_mutex
 131 */
 131    3c void  131
 131}
 131
 136    3    136    3            136    3            136 130}

p" cwc#clf youce_cgrecla  hretop-levele="L174, or yourL173" id="L173" class="line" name="L173"> 130 130    3 class="comment">/*
 133 * call3d fro37ar" class="slass="sref">devcgroup_can_attupdates="srefvice_cgroup.c#Lup_can_attupdates="sref">accref">dev_cgroup *dev_cgroup,
( 134 */
devcgrofie=rity/device_cgroup.fie=rity86" ,7c#Lst , unsigned  230
 230    3href="security/device_cg3oup.c37href="securitc#Lst , unsigned  230    3   struct type_to_char 133    3   struct devcgrocourity/device_cgroucouri86" ,7_MKNOD)
 230typeref">dev_cgroup * *ex, *_MKNOD)
aid="L210" class="line" name="L210"> 230
cgroup *cgroup)
cgroup_tp( *cgroid="L210" class="line" name="L210"> 230deref">dev_cgroup *dev_cgroup,
cgroup_tNUurity/device_cgroNUurcgroid="L210" class="line" name="L210"> 230    3   if (! 233    3           return )
<=gpabe=CAP_SYS_ADMIN" =gpabe=">accv_cgroup,
 234    3   ,
 230
 136
m == ~0)
;
 234    3   if (list_del_rcucgroup_to_devcgroup(parent_cgroup;
 230    3            238dev_cgroup = code=acc" class="sref">acc, ="sref">devcgroup_muu" class="sref">rcu);0, sizeof {
a)iid="L210" class="line" name="L210"> 230    3           dev_excebde=parent_dev_cg89" ss="sref">cgroup_tbuffeode=parent_dev_cguffeo86" id="L210" class="line" name="L210"> 230 232    3           rswitch ( unsigned  133    3                        3     39=ERR_PTR" clacaseaa href="security/device_cgroup.c#L237" :d="L167" class="line" name="L167"> 133    3           devcgrofie=rity/device_cgroup.fie=rity86" " id="L167" class="line" name="L167"> 133
caseaasref">DEVCG_DEFAULT_ref="security/device_cgroup.c#L215":d="L167" class="line" name="L167"> 133
ret)
acc;
 237    3                   kfree,
 238    3                   retur3 dev_exce class="sref">cleaef="+code=str" c class="sref">cleae">acc;
 230kfreecgroup_tp(DEVCG_DEFAULT_ALLOW;
 240    4   }
acc[)
 241
kfr>[<<<<< 242    4   return & 243}
cgroup_tp, ="sref">devcgroup_mup(list 2434/a>}
devcgroup_mupecurity/device_cgroup.c#L186" >behavior = list 2435/a>
ref">kfra>) {
 2416/a>
ret)
 247    4   struct kfree 2428/a>    4                   retur4up.c#40f="+code=ERR_PTR" clacaseaasref">DEVCG_DEFAULT_f="security/device_cgroup.c"s38" :d="L167" class="line" name="L167"> 149    4   kfreedev_exce class="sref">cleaef="+code=str" c class="sref">cleae">acc;
 240    4   acc[<>kfreedev_exce cla>(DEVCG_DEFAULT_ALLOW 240
kfrbreakid="L210" class="line" name="L210"> 240    4href="security/device_cg4oup.c41lass="sref">ret =default:d="L167" class="line" name="L167"> 143
,
 2404/a>}
 145#def4ne c#L130" id="L130" class="line" name="L130"> 146#def4ne  147
list_del_rcua. *DC_MKNOD)
 1468/a>    4ne  240    4ne  140
acc[a. *DC_MKNOD)
 240    4c void  242{
rdefault:d="L167" class="line" name="L167"> 140
,
 240
 145    4   if (acunsigned  240#def4           m == ~0ev_cgroup)
acc unsigned  247    4   if (c#L130"-v_cgroup,
 2408/a>    4           acunsigned  240    4   if (m == ~0 unsigned  140    4           acc[a. * 241}
 242
) {
acc unsigned  140
kfree(acc,  * 242
);
 140    4   if (ref">kfree_rcu( 246    4           return 'a' 242    4   if (kfree)
acc unsigned  2428/a>    4           return  249    4   if ( 240    4           return acc[cgroup_tkitytouref="securilass="kitytoure/a>,  *devcgroup_mu=access" class="sref">a. * 241    4   return  242}
ret =========c#L130"-v_cgroup,
 243
 143
,
 243    4href="security/device_cg4oup.c44unlock" classid="L200" class="line" name="L200"> 240    4   if (m == ~0 unsigned  240    4           c#L130"-v_cgroup,
 248    4   else
acunsigned  249    4           if (! 140    4                    140    4                   d unsigned  142    4           }
ret = a. *ex-gt~0id="L210" class="line" name="L210"> 242
kfree( 244}
) {
acc unsigned  145
a>(acc,  * 244    4 class="comment">/**
acc[);
 146    4 class="comment"> * dev_4xcept45e=kfree" class="sref">kfree( 246    4 class="comment"> * @dev4cgrou45f="+code=ERR_PTR" cla" class="sref">dev_excebde=parent_dev_cg89" ++id="L210" class="line" name="L210"> 244    4 class="comment"> *
kfree)
acc unsigned  240 * call4d und46lass="sref">acc[<>kfree 241 */
 241    4c void ret = cgroup_tkitytouref="securilass="kitytoure/a>,  *devcgroup_mu=access" class="sref">a. * 241
kfree) {
 241}
,
 241
 146    4   acc[,
 241    4            241    4           )
acc unsigned  246,
 240}
afo/dp);
)
)
 140 140    4 class="comment">/*
ret =caseaa href="security/device_cgroup.c#L237" :d="L167" class="line" name="L167"> 143 * call4d fro47     &a. *cgroup_tACC_READcode=ACC_MKNOD"ACC_READ38" id="L210" class="line" name="L210"> 240}
 */
 240
caseaa href="security/device_cgwoup.c#L237" :d="L167" class="line" name="L167"> 143    4href="security/device_cg4oup.c47tring">'a'a. *cgroup_tACC_WRITEcode=ACC_MKNOD"ACC_WRITE38" id="L210" class="line" name="L210"> 240    4   struct kfree 243    4   struct  143kfreedev_exce=access" class="sref">a. *cgroup_tACC_.c#L2code=ACC_MKNOD"ACC_.c#L230" id="L210" class="line" name="L210"> 240
acc[<>kfree 240 140    4   if (!ret =caseaa href="security/device_cg\0oup.c#L237" :d="L167" class="line" name="L167"> 140)
 240}
kfree 240
default:d="L167" class="line" name="L167"> 146
'a',
 244    4   if (id="L200" class="line" name="L200"> 240    4            240 140    4           devcgrofie=rity/device_cgroup.fie=rity86" " id="L167" class="line" name="L167"> 140DEVCG_DEFAULT_ref="security/device_cgroup.c#L215":d="L167" class="line" name="L167"> 142    4           ret =cessev_cgroup)
accv_cgroup)
< cla>(devcgroup_mu=access" class="sref">a"id="L245" class="line" name="L245"> 243    4                        4     49     &,
 243    4           
 143
 143
 143    4                    143    4                   retur4  140) {
DEVCG_DEFAULT_ALLOW;
 150    5   }
acc[rmvice_cgroup.c#L class="sref">rm">accv_cgroup)
< cla>(devcgroup_mu=access" class="sref">a"id="L210" class="line" name="L210"> 251
kfrc#L130" id="L130" class="line" name="L130"> 152    5   return &ret =id="L200" class="line" name="L200"> 253}
)
< class="sref">addvice_cgroup.c#L class="sref">add">accv_cgroup)
< cla>(devcgroup_mu=access" class="sref">a"id="L210" class="line" name="L210"> 2514/a>}
DEVCG_DEFAULT_f="security/device_cgroup.c"s38" :d="L167" class="line" name="L167"> 1535/a>
group_mutex
 1516/a>
 157    5   struct  1528/a>    5                   retur5up.c#50 dev_cgroup with the excepti        ........* donoup.ctrwaassicebreak l epatibil"liL173" id="L173" class="line" name="L173"> 159    5    150    5   acc[) {
DEVCG_DEFAULT_ALLOW 150
kfr{
rmvice_cgroup.c#L class="sref">rm">accv_cgroup)
< cla>(devcgroup_mu=access" class="sref">a"id="L210" class="line" name="L210"> 250    5href="security/device_cg5oup.c51lass="sref">ret =========c#L130" id="L130" class="line" name="L130"> 153
 2504/a>}
)
< class="sref">addvice_cgroup.c#L class="sref">add">accv_cgroup)
< cla>(devcgroup_mu=access" class="sref">a"id="L210" class="line" name="L210"> 255#def5ne  156#def5ne acc[,
 257
 2568/a>    5ne  153    5ne  250
 250    5c void devcgroup_can_att class_w="ly/device_cgroup.up_can_att class_w="ly">acc>cgroup *cgroup)
cgroup * 250    5href="security/device_cg5oup.c52lass="sref">ret ===================c#Lst , unsigned  250
 150
devcgroc#Lva vice_cgroup.c#Lc#Lva 38" id="L210" class="line" name="L210"> 255    5   if ( 150#def5           m = *acc="sref">devcgroup_mup(a"id="L210" class="line" name="L210"> 257    5   if (devcgroc#Lva vice_cgroup.c#Lc#Lva 38" ss="sref">cgroup_tp(acc *parent_cgroup 2508/a>    5           )
;
 257    5   if (dev_cgroup = cutex_unlocky/device_cgroup.utex_unlock">acc="sref">devcgroup_mup(a"id="L210" class="line" name="L210"> 250    5           ac#L130"v_cgroup)
 251}
 252
 250
)
< clacan_attfie=fvice_cgroup.c#Lup_acan_attfie=fcgro[]-gtid="L167" class="line" name="L167"> 152
 152    5   if (. * 256    5           return 'a' *s="sref">cgroup_tp(ac,d="L221" class="line" name="L221"> 256    5   if ( *DEVCG_DEFAULT_ref="security/device_cgroup.c#L215",d="L221" class="line" name="L221"> 2568/a>    5           return  256    5   if ( 150    5           return acc[<. * 251    5   return cgroup_tp(ac,d="L221" class="line" name="L221"> 252}
ret =. *DEVCG_DEFAULT_f="security/device_cgroup.c"s38" ,d="L221" class="line" name="L221"> 252
 252
 153    5href="security/device_cg5oup.c54unlock" class="sref">. * 251    5   if ('a' *cgroup_tp( 252    5           . *DEVCG_DEFAULT_LISTecurity/device_cgroupLIST38" ,d="L221" class="line" name="L221"> 2528/a>    5   else
 259    5           if (!
 150    5                    250    5                    252    5           }
)
< clnams_subsy/device_cgroup.c clnams_subsy/sref="=id="L167" class="line" name="L167"> 152
 * 254}
 *cgroup_tp(( 255
 *cgroup_tp(( 255    5 class="comment">/**
a. *cgroup_tp( 255    5 class="comment"> * dev_5xcept55e=kfree" clas. *cgroup_tp 2558/a>    5 class="comment"> * @dev5cgrou55f="+code=ERR_. *cgroup_tp 255    5 class="comment"> *
 150 * call5d und56clean" class="roup_mutex
 151 */
 151    5c void  151
 151}
 151
 151    5    151    5            *cgroup_tcgry/device_cgroup.cgrycgro,d="L221" class="line" name="L221"> 251    5            256 150}
 150 150    5 class="comment">/*
 150
 * call5d fro57 clasecurity/device_cgroup..* @rity: p 150}
 */
 150
 150    5href="security/device_cg5oup.c57ref="security/device_cgroup.* @ class: l ebinaturitof ACC_WRITE, ACC_READ andeACC_.c#L23075" id="L175" class="line" name="L175"> 150    5   struct  150    5   struct  150 150
devcgro__p((acc>hort "sref">cgroup_tcde=DEV_BLOCK" class="sref");unsigned ,ev_cgroup = curity/device_cgroup.c#L144" );unsigned ,ev_cgroup = curity/device_cgroup.c#L146" ,d="L221" class="line" name="L221"> 250cgroup_tref="+code=ACC_MKNOD" class="srid="L245" class="line" name="L245"> 250    5   if (! 150)
 250}
cgroup *itemvice_cgroup.c#L class="sref">item/a>,ev_cgroup = =access" class="sref">aid="L210" class="line" name="L210"> 250
devcgroc=ACCLEN" class="rc89" id="L210" class="line" name="L210"> 256
 256    5   if (devcgrocode=acc" class="sref">acc, ="sref">devcgroup_mu=access" class="sref">a);0, sizeof {
a"iid="L210" class="line" name="L210"> 256    5           acunsigned a. *DC_MKNOD)
 256dev_cgroup = =access" class="sref">a. * * 250    5            = =access" class="sref">a. *ex-gt *exid="L210" class="line" name="L210"> 250 = =access" class="sref">a. * 250    5            253    5                        5     59     &devcgroc=u_r+co_locky/device_cgroupc=u_r+co_lock/a>, iid="L210" class="line" name="L210"> 253    5            *(,  *a"id="L210" class="line" name="L210"> 253
acunsigned cgroup_tmays="srefvice_cgroup.c#Lmays="sref/a>,  *devcgroup_mu=access" class="sref">a"id="L210" class="line" name="L210"> 253
m = * 253    5                    253    5                   retur5  250,
 260    6   }
 261
 162    6   return & 263}
 2634/a>}
devcgro__p((acc>/a>(r)
rdevcgroc=ACmp 250
 150
m =t "sref">cgroup_tcde=DEV_BLOCK" class="sref");unsigned  1627 253    5   6               retur5up.6#50 d60code=ERR_l ~0ev_cgned  *r;
 2539   5   6       }
DC_MKNOD)
 1468/6>    5   6a href="+code=dev_ex5ept6o51la6s="sref">acc *r;
 253
DC_MKNOD)
 240    5hre6="security/device_cg5oup6c51la6s="sref">retdNOD)
 250
cgroup_tACC_WRITEcode=ACC_MKNOD"ACC_WRITE38" id="L210" class="line" name="L210"> 240}
dNOD)
 250
.cgroup_tACC_WRITcode=ACC_MKNOD"ACC_READ38" id="L210" class="line" name="L210"> 240#def5ne 6a href="+code=DEVCG_5IST6 51la61gd="L210" class="line" name="L210"> 256
)
((acc>horf">cgroup_tcde=DEV_BLOCK" class="sref");unsigned reixid="> *r 256    5   6a href="+code=MAJMIN5EN"6c51f=61code=ERR_PTR" cla" class=====f">cgroup_tref="+code=ACC_MKNOD" class="srid="LL210" class="line" name="L210"> 2409   5   6a href="+code=ACCLEN5 cl6s519n6ryid="L200" class="line" name="L200"> 250
 250    5c v6id devcgroup_can_att cla__permmk_pe_cgroup.c#Lup_acanatt cla__permmk_peid=">="sref">devcgroc=ACmr = =acccanevice_cgrou+urccanid="L245" class="line" name="L245"> 250    5hre6="security/device_cg5oup6c52la62=id="L167" class="line" name="L167"> 150
cgro "sref">cgroup_tcde=DEV_BLOCK" class="sref");unL210" class="line" name="L210"> 240
 240
)
 *def">dNgroup)
 * 250#def5ne 6       acc[ 162    5   6f ( 253    5   6        * 2509   5   6f (DC_MKNOD)
 1468/6>    5   6       ac#L1 id=130" class="line" name="L130"> 1468/6>    5c v6="security/device_cg5oup6c53e=63ree_rcu" class="sref" *DC_MKNOD)
 240
 250
)
((acc>horf">cgroup_tcde=DEV_BLOCK" class="sref");unsigned  * * 250
 240    5   6f ( 150    5   6       return &#L200" class="line" name="L200"> 250    5   6f (


Tperariginal LXR softwaredefaoper00" classhttp://sourceforge.net/projects/lxr">LXR roupunit ,d="Laopis exissoary hl vert- chefa00" classmailto:lxr@"+cux.no">lxr@"+cux.no.
lxr."+cux.no kindly ho agciefa00" classhttp://www.redpill-"+cpro.no">Redpill L+cpro AS,d="LaproviderACC_L+cuxst