1
2#include <linux/fs.h>
3
4#define DEVCG_ACC_MKNOD 1
5#define DEVCG_ACC_READ 2
6#define DEVCG_ACC_WRITE 4
7#define DEVCG_ACC_MASK (DEVCG_ACC_MKNOD | DEVCG_ACC_READ | DEVCG_ACC_WRITE)
8
9#define DEVCG_DEV_BLOCK 1
10#define DEVCG_DEV_CHAR 2
11#define DEVCG_DEV_ALL 4
12
13
14#if defined(CONFIG_CGROUP_DEVICE) || defined(CONFIG_CGROUP_BPF)
15int devcgroup_check_permission(short type, u32 major, u32 minor,
16 short access);
17static inline int devcgroup_inode_permission(struct inode *inode, int mask)
18{
19 short type, access = 0;
20
21 if (likely(!inode->i_rdev))
22 return 0;
23
24 if (S_ISBLK(inode->i_mode))
25 type = DEVCG_DEV_BLOCK;
26 else if (S_ISCHR(inode->i_mode))
27 type = DEVCG_DEV_CHAR;
28 else
29 return 0;
30
31 if (mask & MAY_WRITE)
32 access |= DEVCG_ACC_WRITE;
33 if (mask & MAY_READ)
34 access |= DEVCG_ACC_READ;
35
36 return devcgroup_check_permission(type, imajor(inode), iminor(inode),
37 access);
38}
39
40static inline int devcgroup_inode_mknod(int mode, dev_t dev)
41{
42 short type;
43
44 if (!S_ISBLK(mode) && !S_ISCHR(mode))
45 return 0;
46
47 if (S_ISCHR(mode) && dev == WHITEOUT_DEV)
48 return 0;
49
50 if (S_ISBLK(mode))
51 type = DEVCG_DEV_BLOCK;
52 else
53 type = DEVCG_DEV_CHAR;
54
55 return devcgroup_check_permission(type, MAJOR(dev), MINOR(dev),
56 DEVCG_ACC_MKNOD);
57}
58
59#else
60static inline int devcgroup_check_permission(short type, u32 major, u32 minor,
61 short access)
62{ return 0; }
63static inline int devcgroup_inode_permission(struct inode *inode, int mask)
64{ return 0; }
65static inline int devcgroup_inode_mknod(int mode, dev_t dev)
66{ return 0; }
67#endif
68
