tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
devcg: expand may_access() logic
In order to make the next patch more clear, expand may_access() logic.
v2: may_access() returns bool now
Acked-by: Tejun Heo <tj@kernel.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Aristeu Rozanski <aris@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
authored by
Aristeu Rozanski
and committed by
Tejun Heo
26898fdf
3ac1707a
+12
-9
+12
-9
security/device_cgroup.c
+12
-9
security/device_cgroup.c
···
305
305
* @dev_cgroup: dev cgroup to be tested against
306
306
* @refex: new exception
307
307
*/
308
-
static int may_access(struct dev_cgroup *dev_cgroup,
309
-
struct dev_exception_item *refex)
308
+
static bool may_access(struct dev_cgroup *dev_cgroup,
309
+
struct dev_exception_item *refex)
310
310
{
311
311
struct dev_exception_item *ex;
312
312
bool match = false;
···
332
332
333
333
/*
334
334
* In two cases we'll consider this new exception valid:
335
-
* - the dev cgroup has its default policy to allow + exception list:
336
-
* the new exception should *not* match any of the exceptions
337
-
* (behavior == DEVCG_DEFAULT_ALLOW, !match)
338
335
* - the dev cgroup has its default policy to deny + exception list:
339
336
* the new exception *should* match the exceptions
340
-
* (behavior == DEVCG_DEFAULT_DENY, match)
337
+
* - the dev cgroup has its default policy to allow + exception list:
338
+
* the new exception should *not* match any of the exceptions
341
339
*/
342
-
if ((dev_cgroup->behavior == DEVCG_DEFAULT_DENY) == match)
343
-
return 1;
344
-
return 0;
340
+
if (dev_cgroup->behavior == DEVCG_DEFAULT_DENY) {
341
+
if (match)
342
+
return true;
343
+
} else {
344
+
if (!match)
345
+
return true;
346
+
}
347
+
return false;
345
348
}
346
349
347
350
/*