From 323eb58acc0f6ab7534f0b602ef767c5d9d9b29d Mon Sep 17 00:00:00 2001 From: Aristeu Rozanski Date: Thu, 4 Oct 2012 17:15:13 -0700 Subject: [PATCH] --- yaml --- r: 330146 b: refs/heads/master c: 66b8ef67756b3051bf42a077a82c3c5c279caa5b h: refs/heads/master v: v3 --- [refs] | 2 +- trunk/security/device_cgroup.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/[refs] b/[refs] index eefdb4b16e59..84d291ae4bba 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 12ae6779332181432a7feda740735ffa5bb3d32d +refs/heads/master: 66b8ef67756b3051bf42a077a82c3c5c279caa5b diff --git a/trunk/security/device_cgroup.c b/trunk/security/device_cgroup.c index 4b877a92a7ea..e3ce02a00ffc 100644 --- a/trunk/security/device_cgroup.c +++ b/trunk/security/device_cgroup.c @@ -42,6 +42,7 @@ struct dev_whitelist_item { struct dev_cgroup { struct cgroup_subsys_state css; struct list_head whitelist; + bool deny_all; }; static inline struct dev_cgroup *css_to_devcgroup(struct cgroup_subsys_state *s) @@ -178,12 +179,14 @@ static struct cgroup_subsys_state *devcgroup_create(struct cgroup *cgroup) wh->minor = wh->major = ~0; wh->type = DEV_ALL; wh->access = ACC_MASK; + dev_cgroup->deny_all = false; list_add(&wh->list, &dev_cgroup->whitelist); } else { parent_dev_cgroup = cgroup_to_devcgroup(parent_cgroup); mutex_lock(&devcgroup_mutex); ret = dev_whitelist_copy(&dev_cgroup->whitelist, &parent_dev_cgroup->whitelist); + dev_cgroup->deny_all = parent_dev_cgroup->deny_all; mutex_unlock(&devcgroup_mutex); if (ret) { kfree(dev_cgroup); @@ -409,9 +412,11 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup, case DEVCG_ALLOW: if (!parent_has_perm(devcgroup, &wh)) return -EPERM; + devcgroup->deny_all = false; return dev_whitelist_add(devcgroup, &wh); case DEVCG_DENY: dev_whitelist_rm(devcgroup, &wh); + devcgroup->deny_all = true; break; default: return -EINVAL;