device_cgroup.h (1609B)
1/* SPDX-License-Identifier: GPL-2.0 */ 2#include <linux/fs.h> 3 4#define DEVCG_ACC_MKNOD 1 5#define DEVCG_ACC_READ 2 6#define DEVCG_ACC_WRITE 4 7#define DEVCG_ACC_MASK (DEVCG_ACC_MKNOD | DEVCG_ACC_READ | DEVCG_ACC_WRITE) 8 9#define DEVCG_DEV_BLOCK 1 10#define DEVCG_DEV_CHAR 2 11#define DEVCG_DEV_ALL 4 /* this represents all devices */ 12 13 14#if defined(CONFIG_CGROUP_DEVICE) || defined(CONFIG_CGROUP_BPF) 15int devcgroup_check_permission(short type, u32 major, u32 minor, 16 short access); 17static inline int devcgroup_inode_permission(struct inode *inode, int mask) 18{ 19 short type, access = 0; 20 21 if (likely(!inode->i_rdev)) 22 return 0; 23 24 if (S_ISBLK(inode->i_mode)) 25 type = DEVCG_DEV_BLOCK; 26 else if (S_ISCHR(inode->i_mode)) 27 type = DEVCG_DEV_CHAR; 28 else 29 return 0; 30 31 if (mask & MAY_WRITE) 32 access |= DEVCG_ACC_WRITE; 33 if (mask & MAY_READ) 34 access |= DEVCG_ACC_READ; 35 36 return devcgroup_check_permission(type, imajor(inode), iminor(inode), 37 access); 38} 39 40static inline int devcgroup_inode_mknod(int mode, dev_t dev) 41{ 42 short type; 43 44 if (!S_ISBLK(mode) && !S_ISCHR(mode)) 45 return 0; 46 47 if (S_ISCHR(mode) && dev == WHITEOUT_DEV) 48 return 0; 49 50 if (S_ISBLK(mode)) 51 type = DEVCG_DEV_BLOCK; 52 else 53 type = DEVCG_DEV_CHAR; 54 55 return devcgroup_check_permission(type, MAJOR(dev), MINOR(dev), 56 DEVCG_ACC_MKNOD); 57} 58 59#else 60static inline int devcgroup_check_permission(short type, u32 major, u32 minor, 61 short access) 62{ return 0; } 63static inline int devcgroup_inode_permission(struct inode *inode, int mask) 64{ return 0; } 65static inline int devcgroup_inode_mknod(int mode, dev_t dev) 66{ return 0; } 67#endif