18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * device_cgroup.c - device cgroup subsystem 48c2ecf20Sopenharmony_ci * 58c2ecf20Sopenharmony_ci * Copyright 2007 IBM Corp 68c2ecf20Sopenharmony_ci */ 78c2ecf20Sopenharmony_ci 88c2ecf20Sopenharmony_ci#include <linux/device_cgroup.h> 98c2ecf20Sopenharmony_ci#include <linux/cgroup.h> 108c2ecf20Sopenharmony_ci#include <linux/ctype.h> 118c2ecf20Sopenharmony_ci#include <linux/list.h> 128c2ecf20Sopenharmony_ci#include <linux/uaccess.h> 138c2ecf20Sopenharmony_ci#include <linux/seq_file.h> 148c2ecf20Sopenharmony_ci#include <linux/slab.h> 158c2ecf20Sopenharmony_ci#include <linux/rcupdate.h> 168c2ecf20Sopenharmony_ci#include <linux/mutex.h> 178c2ecf20Sopenharmony_ci 188c2ecf20Sopenharmony_ci#ifdef CONFIG_CGROUP_DEVICE 198c2ecf20Sopenharmony_ci 208c2ecf20Sopenharmony_cistatic DEFINE_MUTEX(devcgroup_mutex); 218c2ecf20Sopenharmony_ci 228c2ecf20Sopenharmony_cienum devcg_behavior { 238c2ecf20Sopenharmony_ci DEVCG_DEFAULT_NONE, 248c2ecf20Sopenharmony_ci DEVCG_DEFAULT_ALLOW, 258c2ecf20Sopenharmony_ci DEVCG_DEFAULT_DENY, 268c2ecf20Sopenharmony_ci}; 278c2ecf20Sopenharmony_ci 288c2ecf20Sopenharmony_ci/* 298c2ecf20Sopenharmony_ci * exception list locking rules: 308c2ecf20Sopenharmony_ci * hold devcgroup_mutex for update/read. 318c2ecf20Sopenharmony_ci * hold rcu_read_lock() for read. 328c2ecf20Sopenharmony_ci */ 338c2ecf20Sopenharmony_ci 348c2ecf20Sopenharmony_cistruct dev_exception_item { 358c2ecf20Sopenharmony_ci u32 major, minor; 368c2ecf20Sopenharmony_ci short type; 378c2ecf20Sopenharmony_ci short access; 388c2ecf20Sopenharmony_ci struct list_head list; 398c2ecf20Sopenharmony_ci struct rcu_head rcu; 408c2ecf20Sopenharmony_ci}; 418c2ecf20Sopenharmony_ci 428c2ecf20Sopenharmony_cistruct dev_cgroup { 438c2ecf20Sopenharmony_ci struct cgroup_subsys_state css; 448c2ecf20Sopenharmony_ci struct list_head exceptions; 458c2ecf20Sopenharmony_ci enum devcg_behavior behavior; 468c2ecf20Sopenharmony_ci}; 478c2ecf20Sopenharmony_ci 488c2ecf20Sopenharmony_cistatic inline struct dev_cgroup *css_to_devcgroup(struct cgroup_subsys_state *s) 498c2ecf20Sopenharmony_ci{ 508c2ecf20Sopenharmony_ci return s ? container_of(s, struct dev_cgroup, css) : NULL; 518c2ecf20Sopenharmony_ci} 528c2ecf20Sopenharmony_ci 538c2ecf20Sopenharmony_cistatic inline struct dev_cgroup *task_devcgroup(struct task_struct *task) 548c2ecf20Sopenharmony_ci{ 558c2ecf20Sopenharmony_ci return css_to_devcgroup(task_css(task, devices_cgrp_id)); 568c2ecf20Sopenharmony_ci} 578c2ecf20Sopenharmony_ci 588c2ecf20Sopenharmony_ci/* 598c2ecf20Sopenharmony_ci * called under devcgroup_mutex 608c2ecf20Sopenharmony_ci */ 618c2ecf20Sopenharmony_cistatic int dev_exceptions_copy(struct list_head *dest, struct list_head *orig) 628c2ecf20Sopenharmony_ci{ 638c2ecf20Sopenharmony_ci struct dev_exception_item *ex, *tmp, *new; 648c2ecf20Sopenharmony_ci 658c2ecf20Sopenharmony_ci lockdep_assert_held(&devcgroup_mutex); 668c2ecf20Sopenharmony_ci 678c2ecf20Sopenharmony_ci list_for_each_entry(ex, orig, list) { 688c2ecf20Sopenharmony_ci new = kmemdup(ex, sizeof(*ex), GFP_KERNEL); 698c2ecf20Sopenharmony_ci if (!new) 708c2ecf20Sopenharmony_ci goto free_and_exit; 718c2ecf20Sopenharmony_ci list_add_tail(&new->list, dest); 728c2ecf20Sopenharmony_ci } 738c2ecf20Sopenharmony_ci 748c2ecf20Sopenharmony_ci return 0; 758c2ecf20Sopenharmony_ci 768c2ecf20Sopenharmony_cifree_and_exit: 778c2ecf20Sopenharmony_ci list_for_each_entry_safe(ex, tmp, dest, list) { 788c2ecf20Sopenharmony_ci list_del(&ex->list); 798c2ecf20Sopenharmony_ci kfree(ex); 808c2ecf20Sopenharmony_ci } 818c2ecf20Sopenharmony_ci return -ENOMEM; 828c2ecf20Sopenharmony_ci} 838c2ecf20Sopenharmony_ci 848c2ecf20Sopenharmony_cistatic void dev_exceptions_move(struct list_head *dest, struct list_head *orig) 858c2ecf20Sopenharmony_ci{ 868c2ecf20Sopenharmony_ci struct dev_exception_item *ex, *tmp; 878c2ecf20Sopenharmony_ci 888c2ecf20Sopenharmony_ci lockdep_assert_held(&devcgroup_mutex); 898c2ecf20Sopenharmony_ci 908c2ecf20Sopenharmony_ci list_for_each_entry_safe(ex, tmp, orig, list) { 918c2ecf20Sopenharmony_ci list_move_tail(&ex->list, dest); 928c2ecf20Sopenharmony_ci } 938c2ecf20Sopenharmony_ci} 948c2ecf20Sopenharmony_ci 958c2ecf20Sopenharmony_ci/* 968c2ecf20Sopenharmony_ci * called under devcgroup_mutex 978c2ecf20Sopenharmony_ci */ 988c2ecf20Sopenharmony_cistatic int dev_exception_add(struct dev_cgroup *dev_cgroup, 998c2ecf20Sopenharmony_ci struct dev_exception_item *ex) 1008c2ecf20Sopenharmony_ci{ 1018c2ecf20Sopenharmony_ci struct dev_exception_item *excopy, *walk; 1028c2ecf20Sopenharmony_ci 1038c2ecf20Sopenharmony_ci lockdep_assert_held(&devcgroup_mutex); 1048c2ecf20Sopenharmony_ci 1058c2ecf20Sopenharmony_ci excopy = kmemdup(ex, sizeof(*ex), GFP_KERNEL); 1068c2ecf20Sopenharmony_ci if (!excopy) 1078c2ecf20Sopenharmony_ci return -ENOMEM; 1088c2ecf20Sopenharmony_ci 1098c2ecf20Sopenharmony_ci list_for_each_entry(walk, &dev_cgroup->exceptions, list) { 1108c2ecf20Sopenharmony_ci if (walk->type != ex->type) 1118c2ecf20Sopenharmony_ci continue; 1128c2ecf20Sopenharmony_ci if (walk->major != ex->major) 1138c2ecf20Sopenharmony_ci continue; 1148c2ecf20Sopenharmony_ci if (walk->minor != ex->minor) 1158c2ecf20Sopenharmony_ci continue; 1168c2ecf20Sopenharmony_ci 1178c2ecf20Sopenharmony_ci walk->access |= ex->access; 1188c2ecf20Sopenharmony_ci kfree(excopy); 1198c2ecf20Sopenharmony_ci excopy = NULL; 1208c2ecf20Sopenharmony_ci } 1218c2ecf20Sopenharmony_ci 1228c2ecf20Sopenharmony_ci if (excopy != NULL) 1238c2ecf20Sopenharmony_ci list_add_tail_rcu(&excopy->list, &dev_cgroup->exceptions); 1248c2ecf20Sopenharmony_ci return 0; 1258c2ecf20Sopenharmony_ci} 1268c2ecf20Sopenharmony_ci 1278c2ecf20Sopenharmony_ci/* 1288c2ecf20Sopenharmony_ci * called under devcgroup_mutex 1298c2ecf20Sopenharmony_ci */ 1308c2ecf20Sopenharmony_cistatic void dev_exception_rm(struct dev_cgroup *dev_cgroup, 1318c2ecf20Sopenharmony_ci struct dev_exception_item *ex) 1328c2ecf20Sopenharmony_ci{ 1338c2ecf20Sopenharmony_ci struct dev_exception_item *walk, *tmp; 1348c2ecf20Sopenharmony_ci 1358c2ecf20Sopenharmony_ci lockdep_assert_held(&devcgroup_mutex); 1368c2ecf20Sopenharmony_ci 1378c2ecf20Sopenharmony_ci list_for_each_entry_safe(walk, tmp, &dev_cgroup->exceptions, list) { 1388c2ecf20Sopenharmony_ci if (walk->type != ex->type) 1398c2ecf20Sopenharmony_ci continue; 1408c2ecf20Sopenharmony_ci if (walk->major != ex->major) 1418c2ecf20Sopenharmony_ci continue; 1428c2ecf20Sopenharmony_ci if (walk->minor != ex->minor) 1438c2ecf20Sopenharmony_ci continue; 1448c2ecf20Sopenharmony_ci 1458c2ecf20Sopenharmony_ci walk->access &= ~ex->access; 1468c2ecf20Sopenharmony_ci if (!walk->access) { 1478c2ecf20Sopenharmony_ci list_del_rcu(&walk->list); 1488c2ecf20Sopenharmony_ci kfree_rcu(walk, rcu); 1498c2ecf20Sopenharmony_ci } 1508c2ecf20Sopenharmony_ci } 1518c2ecf20Sopenharmony_ci} 1528c2ecf20Sopenharmony_ci 1538c2ecf20Sopenharmony_cistatic void __dev_exception_clean(struct dev_cgroup *dev_cgroup) 1548c2ecf20Sopenharmony_ci{ 1558c2ecf20Sopenharmony_ci struct dev_exception_item *ex, *tmp; 1568c2ecf20Sopenharmony_ci 1578c2ecf20Sopenharmony_ci list_for_each_entry_safe(ex, tmp, &dev_cgroup->exceptions, list) { 1588c2ecf20Sopenharmony_ci list_del_rcu(&ex->list); 1598c2ecf20Sopenharmony_ci kfree_rcu(ex, rcu); 1608c2ecf20Sopenharmony_ci } 1618c2ecf20Sopenharmony_ci} 1628c2ecf20Sopenharmony_ci 1638c2ecf20Sopenharmony_ci/** 1648c2ecf20Sopenharmony_ci * dev_exception_clean - frees all entries of the exception list 1658c2ecf20Sopenharmony_ci * @dev_cgroup: dev_cgroup with the exception list to be cleaned 1668c2ecf20Sopenharmony_ci * 1678c2ecf20Sopenharmony_ci * called under devcgroup_mutex 1688c2ecf20Sopenharmony_ci */ 1698c2ecf20Sopenharmony_cistatic void dev_exception_clean(struct dev_cgroup *dev_cgroup) 1708c2ecf20Sopenharmony_ci{ 1718c2ecf20Sopenharmony_ci lockdep_assert_held(&devcgroup_mutex); 1728c2ecf20Sopenharmony_ci 1738c2ecf20Sopenharmony_ci __dev_exception_clean(dev_cgroup); 1748c2ecf20Sopenharmony_ci} 1758c2ecf20Sopenharmony_ci 1768c2ecf20Sopenharmony_cistatic inline bool is_devcg_online(const struct dev_cgroup *devcg) 1778c2ecf20Sopenharmony_ci{ 1788c2ecf20Sopenharmony_ci return (devcg->behavior != DEVCG_DEFAULT_NONE); 1798c2ecf20Sopenharmony_ci} 1808c2ecf20Sopenharmony_ci 1818c2ecf20Sopenharmony_ci/** 1828c2ecf20Sopenharmony_ci * devcgroup_online - initializes devcgroup's behavior and exceptions based on 1838c2ecf20Sopenharmony_ci * parent's 1848c2ecf20Sopenharmony_ci * @css: css getting online 1858c2ecf20Sopenharmony_ci * returns 0 in case of success, error code otherwise 1868c2ecf20Sopenharmony_ci */ 1878c2ecf20Sopenharmony_cistatic int devcgroup_online(struct cgroup_subsys_state *css) 1888c2ecf20Sopenharmony_ci{ 1898c2ecf20Sopenharmony_ci struct dev_cgroup *dev_cgroup = css_to_devcgroup(css); 1908c2ecf20Sopenharmony_ci struct dev_cgroup *parent_dev_cgroup = css_to_devcgroup(css->parent); 1918c2ecf20Sopenharmony_ci int ret = 0; 1928c2ecf20Sopenharmony_ci 1938c2ecf20Sopenharmony_ci mutex_lock(&devcgroup_mutex); 1948c2ecf20Sopenharmony_ci 1958c2ecf20Sopenharmony_ci if (parent_dev_cgroup == NULL) 1968c2ecf20Sopenharmony_ci dev_cgroup->behavior = DEVCG_DEFAULT_ALLOW; 1978c2ecf20Sopenharmony_ci else { 1988c2ecf20Sopenharmony_ci ret = dev_exceptions_copy(&dev_cgroup->exceptions, 1998c2ecf20Sopenharmony_ci &parent_dev_cgroup->exceptions); 2008c2ecf20Sopenharmony_ci if (!ret) 2018c2ecf20Sopenharmony_ci dev_cgroup->behavior = parent_dev_cgroup->behavior; 2028c2ecf20Sopenharmony_ci } 2038c2ecf20Sopenharmony_ci mutex_unlock(&devcgroup_mutex); 2048c2ecf20Sopenharmony_ci 2058c2ecf20Sopenharmony_ci return ret; 2068c2ecf20Sopenharmony_ci} 2078c2ecf20Sopenharmony_ci 2088c2ecf20Sopenharmony_cistatic void devcgroup_offline(struct cgroup_subsys_state *css) 2098c2ecf20Sopenharmony_ci{ 2108c2ecf20Sopenharmony_ci struct dev_cgroup *dev_cgroup = css_to_devcgroup(css); 2118c2ecf20Sopenharmony_ci 2128c2ecf20Sopenharmony_ci mutex_lock(&devcgroup_mutex); 2138c2ecf20Sopenharmony_ci dev_cgroup->behavior = DEVCG_DEFAULT_NONE; 2148c2ecf20Sopenharmony_ci mutex_unlock(&devcgroup_mutex); 2158c2ecf20Sopenharmony_ci} 2168c2ecf20Sopenharmony_ci 2178c2ecf20Sopenharmony_ci/* 2188c2ecf20Sopenharmony_ci * called from kernel/cgroup.c with cgroup_lock() held. 2198c2ecf20Sopenharmony_ci */ 2208c2ecf20Sopenharmony_cistatic struct cgroup_subsys_state * 2218c2ecf20Sopenharmony_cidevcgroup_css_alloc(struct cgroup_subsys_state *parent_css) 2228c2ecf20Sopenharmony_ci{ 2238c2ecf20Sopenharmony_ci struct dev_cgroup *dev_cgroup; 2248c2ecf20Sopenharmony_ci 2258c2ecf20Sopenharmony_ci dev_cgroup = kzalloc(sizeof(*dev_cgroup), GFP_KERNEL); 2268c2ecf20Sopenharmony_ci if (!dev_cgroup) 2278c2ecf20Sopenharmony_ci return ERR_PTR(-ENOMEM); 2288c2ecf20Sopenharmony_ci INIT_LIST_HEAD(&dev_cgroup->exceptions); 2298c2ecf20Sopenharmony_ci dev_cgroup->behavior = DEVCG_DEFAULT_NONE; 2308c2ecf20Sopenharmony_ci 2318c2ecf20Sopenharmony_ci return &dev_cgroup->css; 2328c2ecf20Sopenharmony_ci} 2338c2ecf20Sopenharmony_ci 2348c2ecf20Sopenharmony_cistatic void devcgroup_css_free(struct cgroup_subsys_state *css) 2358c2ecf20Sopenharmony_ci{ 2368c2ecf20Sopenharmony_ci struct dev_cgroup *dev_cgroup = css_to_devcgroup(css); 2378c2ecf20Sopenharmony_ci 2388c2ecf20Sopenharmony_ci __dev_exception_clean(dev_cgroup); 2398c2ecf20Sopenharmony_ci kfree(dev_cgroup); 2408c2ecf20Sopenharmony_ci} 2418c2ecf20Sopenharmony_ci 2428c2ecf20Sopenharmony_ci#define DEVCG_ALLOW 1 2438c2ecf20Sopenharmony_ci#define DEVCG_DENY 2 2448c2ecf20Sopenharmony_ci#define DEVCG_LIST 3 2458c2ecf20Sopenharmony_ci 2468c2ecf20Sopenharmony_ci#define MAJMINLEN 13 2478c2ecf20Sopenharmony_ci#define ACCLEN 4 2488c2ecf20Sopenharmony_ci 2498c2ecf20Sopenharmony_cistatic void set_access(char *acc, short access) 2508c2ecf20Sopenharmony_ci{ 2518c2ecf20Sopenharmony_ci int idx = 0; 2528c2ecf20Sopenharmony_ci memset(acc, 0, ACCLEN); 2538c2ecf20Sopenharmony_ci if (access & DEVCG_ACC_READ) 2548c2ecf20Sopenharmony_ci acc[idx++] = 'r'; 2558c2ecf20Sopenharmony_ci if (access & DEVCG_ACC_WRITE) 2568c2ecf20Sopenharmony_ci acc[idx++] = 'w'; 2578c2ecf20Sopenharmony_ci if (access & DEVCG_ACC_MKNOD) 2588c2ecf20Sopenharmony_ci acc[idx++] = 'm'; 2598c2ecf20Sopenharmony_ci} 2608c2ecf20Sopenharmony_ci 2618c2ecf20Sopenharmony_cistatic char type_to_char(short type) 2628c2ecf20Sopenharmony_ci{ 2638c2ecf20Sopenharmony_ci if (type == DEVCG_DEV_ALL) 2648c2ecf20Sopenharmony_ci return 'a'; 2658c2ecf20Sopenharmony_ci if (type == DEVCG_DEV_CHAR) 2668c2ecf20Sopenharmony_ci return 'c'; 2678c2ecf20Sopenharmony_ci if (type == DEVCG_DEV_BLOCK) 2688c2ecf20Sopenharmony_ci return 'b'; 2698c2ecf20Sopenharmony_ci return 'X'; 2708c2ecf20Sopenharmony_ci} 2718c2ecf20Sopenharmony_ci 2728c2ecf20Sopenharmony_cistatic void set_majmin(char *str, unsigned m) 2738c2ecf20Sopenharmony_ci{ 2748c2ecf20Sopenharmony_ci if (m == ~0) 2758c2ecf20Sopenharmony_ci strcpy(str, "*"); 2768c2ecf20Sopenharmony_ci else 2778c2ecf20Sopenharmony_ci sprintf(str, "%u", m); 2788c2ecf20Sopenharmony_ci} 2798c2ecf20Sopenharmony_ci 2808c2ecf20Sopenharmony_cistatic int devcgroup_seq_show(struct seq_file *m, void *v) 2818c2ecf20Sopenharmony_ci{ 2828c2ecf20Sopenharmony_ci struct dev_cgroup *devcgroup = css_to_devcgroup(seq_css(m)); 2838c2ecf20Sopenharmony_ci struct dev_exception_item *ex; 2848c2ecf20Sopenharmony_ci char maj[MAJMINLEN], min[MAJMINLEN], acc[ACCLEN]; 2858c2ecf20Sopenharmony_ci 2868c2ecf20Sopenharmony_ci rcu_read_lock(); 2878c2ecf20Sopenharmony_ci /* 2888c2ecf20Sopenharmony_ci * To preserve the compatibility: 2898c2ecf20Sopenharmony_ci * - Only show the "all devices" when the default policy is to allow 2908c2ecf20Sopenharmony_ci * - List the exceptions in case the default policy is to deny 2918c2ecf20Sopenharmony_ci * This way, the file remains as a "whitelist of devices" 2928c2ecf20Sopenharmony_ci */ 2938c2ecf20Sopenharmony_ci if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) { 2948c2ecf20Sopenharmony_ci set_access(acc, DEVCG_ACC_MASK); 2958c2ecf20Sopenharmony_ci set_majmin(maj, ~0); 2968c2ecf20Sopenharmony_ci set_majmin(min, ~0); 2978c2ecf20Sopenharmony_ci seq_printf(m, "%c %s:%s %s\n", type_to_char(DEVCG_DEV_ALL), 2988c2ecf20Sopenharmony_ci maj, min, acc); 2998c2ecf20Sopenharmony_ci } else { 3008c2ecf20Sopenharmony_ci list_for_each_entry_rcu(ex, &devcgroup->exceptions, list) { 3018c2ecf20Sopenharmony_ci set_access(acc, ex->access); 3028c2ecf20Sopenharmony_ci set_majmin(maj, ex->major); 3038c2ecf20Sopenharmony_ci set_majmin(min, ex->minor); 3048c2ecf20Sopenharmony_ci seq_printf(m, "%c %s:%s %s\n", type_to_char(ex->type), 3058c2ecf20Sopenharmony_ci maj, min, acc); 3068c2ecf20Sopenharmony_ci } 3078c2ecf20Sopenharmony_ci } 3088c2ecf20Sopenharmony_ci rcu_read_unlock(); 3098c2ecf20Sopenharmony_ci 3108c2ecf20Sopenharmony_ci return 0; 3118c2ecf20Sopenharmony_ci} 3128c2ecf20Sopenharmony_ci 3138c2ecf20Sopenharmony_ci/** 3148c2ecf20Sopenharmony_ci * match_exception - iterates the exception list trying to find a complete match 3158c2ecf20Sopenharmony_ci * @exceptions: list of exceptions 3168c2ecf20Sopenharmony_ci * @type: device type (DEVCG_DEV_BLOCK or DEVCG_DEV_CHAR) 3178c2ecf20Sopenharmony_ci * @major: device file major number, ~0 to match all 3188c2ecf20Sopenharmony_ci * @minor: device file minor number, ~0 to match all 3198c2ecf20Sopenharmony_ci * @access: permission mask (DEVCG_ACC_READ, DEVCG_ACC_WRITE, DEVCG_ACC_MKNOD) 3208c2ecf20Sopenharmony_ci * 3218c2ecf20Sopenharmony_ci * It is considered a complete match if an exception is found that will 3228c2ecf20Sopenharmony_ci * contain the entire range of provided parameters. 3238c2ecf20Sopenharmony_ci * 3248c2ecf20Sopenharmony_ci * Return: true in case it matches an exception completely 3258c2ecf20Sopenharmony_ci */ 3268c2ecf20Sopenharmony_cistatic bool match_exception(struct list_head *exceptions, short type, 3278c2ecf20Sopenharmony_ci u32 major, u32 minor, short access) 3288c2ecf20Sopenharmony_ci{ 3298c2ecf20Sopenharmony_ci struct dev_exception_item *ex; 3308c2ecf20Sopenharmony_ci 3318c2ecf20Sopenharmony_ci list_for_each_entry_rcu(ex, exceptions, list) { 3328c2ecf20Sopenharmony_ci if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK)) 3338c2ecf20Sopenharmony_ci continue; 3348c2ecf20Sopenharmony_ci if ((type & DEVCG_DEV_CHAR) && !(ex->type & DEVCG_DEV_CHAR)) 3358c2ecf20Sopenharmony_ci continue; 3368c2ecf20Sopenharmony_ci if (ex->major != ~0 && ex->major != major) 3378c2ecf20Sopenharmony_ci continue; 3388c2ecf20Sopenharmony_ci if (ex->minor != ~0 && ex->minor != minor) 3398c2ecf20Sopenharmony_ci continue; 3408c2ecf20Sopenharmony_ci /* provided access cannot have more than the exception rule */ 3418c2ecf20Sopenharmony_ci if (access & (~ex->access)) 3428c2ecf20Sopenharmony_ci continue; 3438c2ecf20Sopenharmony_ci return true; 3448c2ecf20Sopenharmony_ci } 3458c2ecf20Sopenharmony_ci return false; 3468c2ecf20Sopenharmony_ci} 3478c2ecf20Sopenharmony_ci 3488c2ecf20Sopenharmony_ci/** 3498c2ecf20Sopenharmony_ci * match_exception_partial - iterates the exception list trying to find a partial match 3508c2ecf20Sopenharmony_ci * @exceptions: list of exceptions 3518c2ecf20Sopenharmony_ci * @type: device type (DEVCG_DEV_BLOCK or DEVCG_DEV_CHAR) 3528c2ecf20Sopenharmony_ci * @major: device file major number, ~0 to match all 3538c2ecf20Sopenharmony_ci * @minor: device file minor number, ~0 to match all 3548c2ecf20Sopenharmony_ci * @access: permission mask (DEVCG_ACC_READ, DEVCG_ACC_WRITE, DEVCG_ACC_MKNOD) 3558c2ecf20Sopenharmony_ci * 3568c2ecf20Sopenharmony_ci * It is considered a partial match if an exception's range is found to 3578c2ecf20Sopenharmony_ci * contain *any* of the devices specified by provided parameters. This is 3588c2ecf20Sopenharmony_ci * used to make sure no extra access is being granted that is forbidden by 3598c2ecf20Sopenharmony_ci * any of the exception list. 3608c2ecf20Sopenharmony_ci * 3618c2ecf20Sopenharmony_ci * Return: true in case the provided range mat matches an exception completely 3628c2ecf20Sopenharmony_ci */ 3638c2ecf20Sopenharmony_cistatic bool match_exception_partial(struct list_head *exceptions, short type, 3648c2ecf20Sopenharmony_ci u32 major, u32 minor, short access) 3658c2ecf20Sopenharmony_ci{ 3668c2ecf20Sopenharmony_ci struct dev_exception_item *ex; 3678c2ecf20Sopenharmony_ci 3688c2ecf20Sopenharmony_ci list_for_each_entry_rcu(ex, exceptions, list, 3698c2ecf20Sopenharmony_ci lockdep_is_held(&devcgroup_mutex)) { 3708c2ecf20Sopenharmony_ci if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK)) 3718c2ecf20Sopenharmony_ci continue; 3728c2ecf20Sopenharmony_ci if ((type & DEVCG_DEV_CHAR) && !(ex->type & DEVCG_DEV_CHAR)) 3738c2ecf20Sopenharmony_ci continue; 3748c2ecf20Sopenharmony_ci /* 3758c2ecf20Sopenharmony_ci * We must be sure that both the exception and the provided 3768c2ecf20Sopenharmony_ci * range aren't masking all devices 3778c2ecf20Sopenharmony_ci */ 3788c2ecf20Sopenharmony_ci if (ex->major != ~0 && major != ~0 && ex->major != major) 3798c2ecf20Sopenharmony_ci continue; 3808c2ecf20Sopenharmony_ci if (ex->minor != ~0 && minor != ~0 && ex->minor != minor) 3818c2ecf20Sopenharmony_ci continue; 3828c2ecf20Sopenharmony_ci /* 3838c2ecf20Sopenharmony_ci * In order to make sure the provided range isn't matching 3848c2ecf20Sopenharmony_ci * an exception, all its access bits shouldn't match the 3858c2ecf20Sopenharmony_ci * exception's access bits 3868c2ecf20Sopenharmony_ci */ 3878c2ecf20Sopenharmony_ci if (!(access & ex->access)) 3888c2ecf20Sopenharmony_ci continue; 3898c2ecf20Sopenharmony_ci return true; 3908c2ecf20Sopenharmony_ci } 3918c2ecf20Sopenharmony_ci return false; 3928c2ecf20Sopenharmony_ci} 3938c2ecf20Sopenharmony_ci 3948c2ecf20Sopenharmony_ci/** 3958c2ecf20Sopenharmony_ci * verify_new_ex - verifies if a new exception is allowed by parent cgroup's permissions 3968c2ecf20Sopenharmony_ci * @dev_cgroup: dev cgroup to be tested against 3978c2ecf20Sopenharmony_ci * @refex: new exception 3988c2ecf20Sopenharmony_ci * @behavior: behavior of the exception's dev_cgroup 3998c2ecf20Sopenharmony_ci * 4008c2ecf20Sopenharmony_ci * This is used to make sure a child cgroup won't have more privileges 4018c2ecf20Sopenharmony_ci * than its parent 4028c2ecf20Sopenharmony_ci */ 4038c2ecf20Sopenharmony_cistatic bool verify_new_ex(struct dev_cgroup *dev_cgroup, 4048c2ecf20Sopenharmony_ci struct dev_exception_item *refex, 4058c2ecf20Sopenharmony_ci enum devcg_behavior behavior) 4068c2ecf20Sopenharmony_ci{ 4078c2ecf20Sopenharmony_ci bool match = false; 4088c2ecf20Sopenharmony_ci 4098c2ecf20Sopenharmony_ci RCU_LOCKDEP_WARN(!rcu_read_lock_held() && 4108c2ecf20Sopenharmony_ci !lockdep_is_held(&devcgroup_mutex), 4118c2ecf20Sopenharmony_ci "device_cgroup:verify_new_ex called without proper synchronization"); 4128c2ecf20Sopenharmony_ci 4138c2ecf20Sopenharmony_ci if (dev_cgroup->behavior == DEVCG_DEFAULT_ALLOW) { 4148c2ecf20Sopenharmony_ci if (behavior == DEVCG_DEFAULT_ALLOW) { 4158c2ecf20Sopenharmony_ci /* 4168c2ecf20Sopenharmony_ci * new exception in the child doesn't matter, only 4178c2ecf20Sopenharmony_ci * adding extra restrictions 4188c2ecf20Sopenharmony_ci */ 4198c2ecf20Sopenharmony_ci return true; 4208c2ecf20Sopenharmony_ci } else { 4218c2ecf20Sopenharmony_ci /* 4228c2ecf20Sopenharmony_ci * new exception in the child will add more devices 4238c2ecf20Sopenharmony_ci * that can be acessed, so it can't match any of 4248c2ecf20Sopenharmony_ci * parent's exceptions, even slightly 4258c2ecf20Sopenharmony_ci */ 4268c2ecf20Sopenharmony_ci match = match_exception_partial(&dev_cgroup->exceptions, 4278c2ecf20Sopenharmony_ci refex->type, 4288c2ecf20Sopenharmony_ci refex->major, 4298c2ecf20Sopenharmony_ci refex->minor, 4308c2ecf20Sopenharmony_ci refex->access); 4318c2ecf20Sopenharmony_ci 4328c2ecf20Sopenharmony_ci if (match) 4338c2ecf20Sopenharmony_ci return false; 4348c2ecf20Sopenharmony_ci return true; 4358c2ecf20Sopenharmony_ci } 4368c2ecf20Sopenharmony_ci } else { 4378c2ecf20Sopenharmony_ci /* 4388c2ecf20Sopenharmony_ci * Only behavior == DEVCG_DEFAULT_DENY allowed here, therefore 4398c2ecf20Sopenharmony_ci * the new exception will add access to more devices and must 4408c2ecf20Sopenharmony_ci * be contained completely in an parent's exception to be 4418c2ecf20Sopenharmony_ci * allowed 4428c2ecf20Sopenharmony_ci */ 4438c2ecf20Sopenharmony_ci match = match_exception(&dev_cgroup->exceptions, refex->type, 4448c2ecf20Sopenharmony_ci refex->major, refex->minor, 4458c2ecf20Sopenharmony_ci refex->access); 4468c2ecf20Sopenharmony_ci 4478c2ecf20Sopenharmony_ci if (match) 4488c2ecf20Sopenharmony_ci /* parent has an exception that matches the proposed */ 4498c2ecf20Sopenharmony_ci return true; 4508c2ecf20Sopenharmony_ci else 4518c2ecf20Sopenharmony_ci return false; 4528c2ecf20Sopenharmony_ci } 4538c2ecf20Sopenharmony_ci return false; 4548c2ecf20Sopenharmony_ci} 4558c2ecf20Sopenharmony_ci 4568c2ecf20Sopenharmony_ci/* 4578c2ecf20Sopenharmony_ci * parent_has_perm: 4588c2ecf20Sopenharmony_ci * when adding a new allow rule to a device exception list, the rule 4598c2ecf20Sopenharmony_ci * must be allowed in the parent device 4608c2ecf20Sopenharmony_ci */ 4618c2ecf20Sopenharmony_cistatic int parent_has_perm(struct dev_cgroup *childcg, 4628c2ecf20Sopenharmony_ci struct dev_exception_item *ex) 4638c2ecf20Sopenharmony_ci{ 4648c2ecf20Sopenharmony_ci struct dev_cgroup *parent = css_to_devcgroup(childcg->css.parent); 4658c2ecf20Sopenharmony_ci 4668c2ecf20Sopenharmony_ci if (!parent) 4678c2ecf20Sopenharmony_ci return 1; 4688c2ecf20Sopenharmony_ci return verify_new_ex(parent, ex, childcg->behavior); 4698c2ecf20Sopenharmony_ci} 4708c2ecf20Sopenharmony_ci 4718c2ecf20Sopenharmony_ci/** 4728c2ecf20Sopenharmony_ci * parent_allows_removal - verify if it's ok to remove an exception 4738c2ecf20Sopenharmony_ci * @childcg: child cgroup from where the exception will be removed 4748c2ecf20Sopenharmony_ci * @ex: exception being removed 4758c2ecf20Sopenharmony_ci * 4768c2ecf20Sopenharmony_ci * When removing an exception in cgroups with default ALLOW policy, it must 4778c2ecf20Sopenharmony_ci * be checked if removing it will give the child cgroup more access than the 4788c2ecf20Sopenharmony_ci * parent. 4798c2ecf20Sopenharmony_ci * 4808c2ecf20Sopenharmony_ci * Return: true if it's ok to remove exception, false otherwise 4818c2ecf20Sopenharmony_ci */ 4828c2ecf20Sopenharmony_cistatic bool parent_allows_removal(struct dev_cgroup *childcg, 4838c2ecf20Sopenharmony_ci struct dev_exception_item *ex) 4848c2ecf20Sopenharmony_ci{ 4858c2ecf20Sopenharmony_ci struct dev_cgroup *parent = css_to_devcgroup(childcg->css.parent); 4868c2ecf20Sopenharmony_ci 4878c2ecf20Sopenharmony_ci if (!parent) 4888c2ecf20Sopenharmony_ci return true; 4898c2ecf20Sopenharmony_ci 4908c2ecf20Sopenharmony_ci /* It's always allowed to remove access to devices */ 4918c2ecf20Sopenharmony_ci if (childcg->behavior == DEVCG_DEFAULT_DENY) 4928c2ecf20Sopenharmony_ci return true; 4938c2ecf20Sopenharmony_ci 4948c2ecf20Sopenharmony_ci /* 4958c2ecf20Sopenharmony_ci * Make sure you're not removing part or a whole exception existing in 4968c2ecf20Sopenharmony_ci * the parent cgroup 4978c2ecf20Sopenharmony_ci */ 4988c2ecf20Sopenharmony_ci return !match_exception_partial(&parent->exceptions, ex->type, 4998c2ecf20Sopenharmony_ci ex->major, ex->minor, ex->access); 5008c2ecf20Sopenharmony_ci} 5018c2ecf20Sopenharmony_ci 5028c2ecf20Sopenharmony_ci/** 5038c2ecf20Sopenharmony_ci * may_allow_all - checks if it's possible to change the behavior to 5048c2ecf20Sopenharmony_ci * allow based on parent's rules. 5058c2ecf20Sopenharmony_ci * @parent: device cgroup's parent 5068c2ecf20Sopenharmony_ci * returns: != 0 in case it's allowed, 0 otherwise 5078c2ecf20Sopenharmony_ci */ 5088c2ecf20Sopenharmony_cistatic inline int may_allow_all(struct dev_cgroup *parent) 5098c2ecf20Sopenharmony_ci{ 5108c2ecf20Sopenharmony_ci if (!parent) 5118c2ecf20Sopenharmony_ci return 1; 5128c2ecf20Sopenharmony_ci return parent->behavior == DEVCG_DEFAULT_ALLOW; 5138c2ecf20Sopenharmony_ci} 5148c2ecf20Sopenharmony_ci 5158c2ecf20Sopenharmony_ci/** 5168c2ecf20Sopenharmony_ci * revalidate_active_exceptions - walks through the active exception list and 5178c2ecf20Sopenharmony_ci * revalidates the exceptions based on parent's 5188c2ecf20Sopenharmony_ci * behavior and exceptions. The exceptions that 5198c2ecf20Sopenharmony_ci * are no longer valid will be removed. 5208c2ecf20Sopenharmony_ci * Called with devcgroup_mutex held. 5218c2ecf20Sopenharmony_ci * @devcg: cgroup which exceptions will be checked 5228c2ecf20Sopenharmony_ci * 5238c2ecf20Sopenharmony_ci * This is one of the three key functions for hierarchy implementation. 5248c2ecf20Sopenharmony_ci * This function is responsible for re-evaluating all the cgroup's active 5258c2ecf20Sopenharmony_ci * exceptions due to a parent's exception change. 5268c2ecf20Sopenharmony_ci * Refer to Documentation/admin-guide/cgroup-v1/devices.rst for more details. 5278c2ecf20Sopenharmony_ci */ 5288c2ecf20Sopenharmony_cistatic void revalidate_active_exceptions(struct dev_cgroup *devcg) 5298c2ecf20Sopenharmony_ci{ 5308c2ecf20Sopenharmony_ci struct dev_exception_item *ex; 5318c2ecf20Sopenharmony_ci struct list_head *this, *tmp; 5328c2ecf20Sopenharmony_ci 5338c2ecf20Sopenharmony_ci list_for_each_safe(this, tmp, &devcg->exceptions) { 5348c2ecf20Sopenharmony_ci ex = container_of(this, struct dev_exception_item, list); 5358c2ecf20Sopenharmony_ci if (!parent_has_perm(devcg, ex)) 5368c2ecf20Sopenharmony_ci dev_exception_rm(devcg, ex); 5378c2ecf20Sopenharmony_ci } 5388c2ecf20Sopenharmony_ci} 5398c2ecf20Sopenharmony_ci 5408c2ecf20Sopenharmony_ci/** 5418c2ecf20Sopenharmony_ci * propagate_exception - propagates a new exception to the children 5428c2ecf20Sopenharmony_ci * @devcg_root: device cgroup that added a new exception 5438c2ecf20Sopenharmony_ci * @ex: new exception to be propagated 5448c2ecf20Sopenharmony_ci * 5458c2ecf20Sopenharmony_ci * returns: 0 in case of success, != 0 in case of error 5468c2ecf20Sopenharmony_ci */ 5478c2ecf20Sopenharmony_cistatic int propagate_exception(struct dev_cgroup *devcg_root, 5488c2ecf20Sopenharmony_ci struct dev_exception_item *ex) 5498c2ecf20Sopenharmony_ci{ 5508c2ecf20Sopenharmony_ci struct cgroup_subsys_state *pos; 5518c2ecf20Sopenharmony_ci int rc = 0; 5528c2ecf20Sopenharmony_ci 5538c2ecf20Sopenharmony_ci rcu_read_lock(); 5548c2ecf20Sopenharmony_ci 5558c2ecf20Sopenharmony_ci css_for_each_descendant_pre(pos, &devcg_root->css) { 5568c2ecf20Sopenharmony_ci struct dev_cgroup *devcg = css_to_devcgroup(pos); 5578c2ecf20Sopenharmony_ci 5588c2ecf20Sopenharmony_ci /* 5598c2ecf20Sopenharmony_ci * Because devcgroup_mutex is held, no devcg will become 5608c2ecf20Sopenharmony_ci * online or offline during the tree walk (see on/offline 5618c2ecf20Sopenharmony_ci * methods), and online ones are safe to access outside RCU 5628c2ecf20Sopenharmony_ci * read lock without bumping refcnt. 5638c2ecf20Sopenharmony_ci */ 5648c2ecf20Sopenharmony_ci if (pos == &devcg_root->css || !is_devcg_online(devcg)) 5658c2ecf20Sopenharmony_ci continue; 5668c2ecf20Sopenharmony_ci 5678c2ecf20Sopenharmony_ci rcu_read_unlock(); 5688c2ecf20Sopenharmony_ci 5698c2ecf20Sopenharmony_ci /* 5708c2ecf20Sopenharmony_ci * in case both root's behavior and devcg is allow, a new 5718c2ecf20Sopenharmony_ci * restriction means adding to the exception list 5728c2ecf20Sopenharmony_ci */ 5738c2ecf20Sopenharmony_ci if (devcg_root->behavior == DEVCG_DEFAULT_ALLOW && 5748c2ecf20Sopenharmony_ci devcg->behavior == DEVCG_DEFAULT_ALLOW) { 5758c2ecf20Sopenharmony_ci rc = dev_exception_add(devcg, ex); 5768c2ecf20Sopenharmony_ci if (rc) 5778c2ecf20Sopenharmony_ci return rc; 5788c2ecf20Sopenharmony_ci } else { 5798c2ecf20Sopenharmony_ci /* 5808c2ecf20Sopenharmony_ci * in the other possible cases: 5818c2ecf20Sopenharmony_ci * root's behavior: allow, devcg's: deny 5828c2ecf20Sopenharmony_ci * root's behavior: deny, devcg's: deny 5838c2ecf20Sopenharmony_ci * the exception will be removed 5848c2ecf20Sopenharmony_ci */ 5858c2ecf20Sopenharmony_ci dev_exception_rm(devcg, ex); 5868c2ecf20Sopenharmony_ci } 5878c2ecf20Sopenharmony_ci revalidate_active_exceptions(devcg); 5888c2ecf20Sopenharmony_ci 5898c2ecf20Sopenharmony_ci rcu_read_lock(); 5908c2ecf20Sopenharmony_ci } 5918c2ecf20Sopenharmony_ci 5928c2ecf20Sopenharmony_ci rcu_read_unlock(); 5938c2ecf20Sopenharmony_ci return rc; 5948c2ecf20Sopenharmony_ci} 5958c2ecf20Sopenharmony_ci 5968c2ecf20Sopenharmony_ci/* 5978c2ecf20Sopenharmony_ci * Modify the exception list using allow/deny rules. 5988c2ecf20Sopenharmony_ci * CAP_SYS_ADMIN is needed for this. It's at least separate from CAP_MKNOD 5998c2ecf20Sopenharmony_ci * so we can give a container CAP_MKNOD to let it create devices but not 6008c2ecf20Sopenharmony_ci * modify the exception list. 6018c2ecf20Sopenharmony_ci * It seems likely we'll want to add a CAP_CONTAINER capability to allow 6028c2ecf20Sopenharmony_ci * us to also grant CAP_SYS_ADMIN to containers without giving away the 6038c2ecf20Sopenharmony_ci * device exception list controls, but for now we'll stick with CAP_SYS_ADMIN 6048c2ecf20Sopenharmony_ci * 6058c2ecf20Sopenharmony_ci * Taking rules away is always allowed (given CAP_SYS_ADMIN). Granting 6068c2ecf20Sopenharmony_ci * new access is only allowed if you're in the top-level cgroup, or your 6078c2ecf20Sopenharmony_ci * parent cgroup has the access you're asking for. 6088c2ecf20Sopenharmony_ci */ 6098c2ecf20Sopenharmony_cistatic int devcgroup_update_access(struct dev_cgroup *devcgroup, 6108c2ecf20Sopenharmony_ci int filetype, char *buffer) 6118c2ecf20Sopenharmony_ci{ 6128c2ecf20Sopenharmony_ci const char *b; 6138c2ecf20Sopenharmony_ci char temp[12]; /* 11 + 1 characters needed for a u32 */ 6148c2ecf20Sopenharmony_ci int count, rc = 0; 6158c2ecf20Sopenharmony_ci struct dev_exception_item ex; 6168c2ecf20Sopenharmony_ci struct dev_cgroup *parent = css_to_devcgroup(devcgroup->css.parent); 6178c2ecf20Sopenharmony_ci struct dev_cgroup tmp_devcgrp; 6188c2ecf20Sopenharmony_ci 6198c2ecf20Sopenharmony_ci if (!capable(CAP_SYS_ADMIN)) 6208c2ecf20Sopenharmony_ci return -EPERM; 6218c2ecf20Sopenharmony_ci 6228c2ecf20Sopenharmony_ci memset(&ex, 0, sizeof(ex)); 6238c2ecf20Sopenharmony_ci memset(&tmp_devcgrp, 0, sizeof(tmp_devcgrp)); 6248c2ecf20Sopenharmony_ci b = buffer; 6258c2ecf20Sopenharmony_ci 6268c2ecf20Sopenharmony_ci switch (*b) { 6278c2ecf20Sopenharmony_ci case 'a': 6288c2ecf20Sopenharmony_ci switch (filetype) { 6298c2ecf20Sopenharmony_ci case DEVCG_ALLOW: 6308c2ecf20Sopenharmony_ci if (css_has_online_children(&devcgroup->css)) 6318c2ecf20Sopenharmony_ci return -EINVAL; 6328c2ecf20Sopenharmony_ci 6338c2ecf20Sopenharmony_ci if (!may_allow_all(parent)) 6348c2ecf20Sopenharmony_ci return -EPERM; 6358c2ecf20Sopenharmony_ci if (!parent) { 6368c2ecf20Sopenharmony_ci devcgroup->behavior = DEVCG_DEFAULT_ALLOW; 6378c2ecf20Sopenharmony_ci dev_exception_clean(devcgroup); 6388c2ecf20Sopenharmony_ci break; 6398c2ecf20Sopenharmony_ci } 6408c2ecf20Sopenharmony_ci 6418c2ecf20Sopenharmony_ci INIT_LIST_HEAD(&tmp_devcgrp.exceptions); 6428c2ecf20Sopenharmony_ci rc = dev_exceptions_copy(&tmp_devcgrp.exceptions, 6438c2ecf20Sopenharmony_ci &devcgroup->exceptions); 6448c2ecf20Sopenharmony_ci if (rc) 6458c2ecf20Sopenharmony_ci return rc; 6468c2ecf20Sopenharmony_ci dev_exception_clean(devcgroup); 6478c2ecf20Sopenharmony_ci rc = dev_exceptions_copy(&devcgroup->exceptions, 6488c2ecf20Sopenharmony_ci &parent->exceptions); 6498c2ecf20Sopenharmony_ci if (rc) { 6508c2ecf20Sopenharmony_ci dev_exceptions_move(&devcgroup->exceptions, 6518c2ecf20Sopenharmony_ci &tmp_devcgrp.exceptions); 6528c2ecf20Sopenharmony_ci return rc; 6538c2ecf20Sopenharmony_ci } 6548c2ecf20Sopenharmony_ci devcgroup->behavior = DEVCG_DEFAULT_ALLOW; 6558c2ecf20Sopenharmony_ci dev_exception_clean(&tmp_devcgrp); 6568c2ecf20Sopenharmony_ci break; 6578c2ecf20Sopenharmony_ci case DEVCG_DENY: 6588c2ecf20Sopenharmony_ci if (css_has_online_children(&devcgroup->css)) 6598c2ecf20Sopenharmony_ci return -EINVAL; 6608c2ecf20Sopenharmony_ci 6618c2ecf20Sopenharmony_ci dev_exception_clean(devcgroup); 6628c2ecf20Sopenharmony_ci devcgroup->behavior = DEVCG_DEFAULT_DENY; 6638c2ecf20Sopenharmony_ci break; 6648c2ecf20Sopenharmony_ci default: 6658c2ecf20Sopenharmony_ci return -EINVAL; 6668c2ecf20Sopenharmony_ci } 6678c2ecf20Sopenharmony_ci return 0; 6688c2ecf20Sopenharmony_ci case 'b': 6698c2ecf20Sopenharmony_ci ex.type = DEVCG_DEV_BLOCK; 6708c2ecf20Sopenharmony_ci break; 6718c2ecf20Sopenharmony_ci case 'c': 6728c2ecf20Sopenharmony_ci ex.type = DEVCG_DEV_CHAR; 6738c2ecf20Sopenharmony_ci break; 6748c2ecf20Sopenharmony_ci default: 6758c2ecf20Sopenharmony_ci return -EINVAL; 6768c2ecf20Sopenharmony_ci } 6778c2ecf20Sopenharmony_ci b++; 6788c2ecf20Sopenharmony_ci if (!isspace(*b)) 6798c2ecf20Sopenharmony_ci return -EINVAL; 6808c2ecf20Sopenharmony_ci b++; 6818c2ecf20Sopenharmony_ci if (*b == '*') { 6828c2ecf20Sopenharmony_ci ex.major = ~0; 6838c2ecf20Sopenharmony_ci b++; 6848c2ecf20Sopenharmony_ci } else if (isdigit(*b)) { 6858c2ecf20Sopenharmony_ci memset(temp, 0, sizeof(temp)); 6868c2ecf20Sopenharmony_ci for (count = 0; count < sizeof(temp) - 1; count++) { 6878c2ecf20Sopenharmony_ci temp[count] = *b; 6888c2ecf20Sopenharmony_ci b++; 6898c2ecf20Sopenharmony_ci if (!isdigit(*b)) 6908c2ecf20Sopenharmony_ci break; 6918c2ecf20Sopenharmony_ci } 6928c2ecf20Sopenharmony_ci rc = kstrtou32(temp, 10, &ex.major); 6938c2ecf20Sopenharmony_ci if (rc) 6948c2ecf20Sopenharmony_ci return -EINVAL; 6958c2ecf20Sopenharmony_ci } else { 6968c2ecf20Sopenharmony_ci return -EINVAL; 6978c2ecf20Sopenharmony_ci } 6988c2ecf20Sopenharmony_ci if (*b != ':') 6998c2ecf20Sopenharmony_ci return -EINVAL; 7008c2ecf20Sopenharmony_ci b++; 7018c2ecf20Sopenharmony_ci 7028c2ecf20Sopenharmony_ci /* read minor */ 7038c2ecf20Sopenharmony_ci if (*b == '*') { 7048c2ecf20Sopenharmony_ci ex.minor = ~0; 7058c2ecf20Sopenharmony_ci b++; 7068c2ecf20Sopenharmony_ci } else if (isdigit(*b)) { 7078c2ecf20Sopenharmony_ci memset(temp, 0, sizeof(temp)); 7088c2ecf20Sopenharmony_ci for (count = 0; count < sizeof(temp) - 1; count++) { 7098c2ecf20Sopenharmony_ci temp[count] = *b; 7108c2ecf20Sopenharmony_ci b++; 7118c2ecf20Sopenharmony_ci if (!isdigit(*b)) 7128c2ecf20Sopenharmony_ci break; 7138c2ecf20Sopenharmony_ci } 7148c2ecf20Sopenharmony_ci rc = kstrtou32(temp, 10, &ex.minor); 7158c2ecf20Sopenharmony_ci if (rc) 7168c2ecf20Sopenharmony_ci return -EINVAL; 7178c2ecf20Sopenharmony_ci } else { 7188c2ecf20Sopenharmony_ci return -EINVAL; 7198c2ecf20Sopenharmony_ci } 7208c2ecf20Sopenharmony_ci if (!isspace(*b)) 7218c2ecf20Sopenharmony_ci return -EINVAL; 7228c2ecf20Sopenharmony_ci for (b++, count = 0; count < 3; count++, b++) { 7238c2ecf20Sopenharmony_ci switch (*b) { 7248c2ecf20Sopenharmony_ci case 'r': 7258c2ecf20Sopenharmony_ci ex.access |= DEVCG_ACC_READ; 7268c2ecf20Sopenharmony_ci break; 7278c2ecf20Sopenharmony_ci case 'w': 7288c2ecf20Sopenharmony_ci ex.access |= DEVCG_ACC_WRITE; 7298c2ecf20Sopenharmony_ci break; 7308c2ecf20Sopenharmony_ci case 'm': 7318c2ecf20Sopenharmony_ci ex.access |= DEVCG_ACC_MKNOD; 7328c2ecf20Sopenharmony_ci break; 7338c2ecf20Sopenharmony_ci case '\n': 7348c2ecf20Sopenharmony_ci case '\0': 7358c2ecf20Sopenharmony_ci count = 3; 7368c2ecf20Sopenharmony_ci break; 7378c2ecf20Sopenharmony_ci default: 7388c2ecf20Sopenharmony_ci return -EINVAL; 7398c2ecf20Sopenharmony_ci } 7408c2ecf20Sopenharmony_ci } 7418c2ecf20Sopenharmony_ci 7428c2ecf20Sopenharmony_ci switch (filetype) { 7438c2ecf20Sopenharmony_ci case DEVCG_ALLOW: 7448c2ecf20Sopenharmony_ci /* 7458c2ecf20Sopenharmony_ci * If the default policy is to allow by default, try to remove 7468c2ecf20Sopenharmony_ci * an matching exception instead. And be silent about it: we 7478c2ecf20Sopenharmony_ci * don't want to break compatibility 7488c2ecf20Sopenharmony_ci */ 7498c2ecf20Sopenharmony_ci if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) { 7508c2ecf20Sopenharmony_ci /* Check if the parent allows removing it first */ 7518c2ecf20Sopenharmony_ci if (!parent_allows_removal(devcgroup, &ex)) 7528c2ecf20Sopenharmony_ci return -EPERM; 7538c2ecf20Sopenharmony_ci dev_exception_rm(devcgroup, &ex); 7548c2ecf20Sopenharmony_ci break; 7558c2ecf20Sopenharmony_ci } 7568c2ecf20Sopenharmony_ci 7578c2ecf20Sopenharmony_ci if (!parent_has_perm(devcgroup, &ex)) 7588c2ecf20Sopenharmony_ci return -EPERM; 7598c2ecf20Sopenharmony_ci rc = dev_exception_add(devcgroup, &ex); 7608c2ecf20Sopenharmony_ci break; 7618c2ecf20Sopenharmony_ci case DEVCG_DENY: 7628c2ecf20Sopenharmony_ci /* 7638c2ecf20Sopenharmony_ci * If the default policy is to deny by default, try to remove 7648c2ecf20Sopenharmony_ci * an matching exception instead. And be silent about it: we 7658c2ecf20Sopenharmony_ci * don't want to break compatibility 7668c2ecf20Sopenharmony_ci */ 7678c2ecf20Sopenharmony_ci if (devcgroup->behavior == DEVCG_DEFAULT_DENY) 7688c2ecf20Sopenharmony_ci dev_exception_rm(devcgroup, &ex); 7698c2ecf20Sopenharmony_ci else 7708c2ecf20Sopenharmony_ci rc = dev_exception_add(devcgroup, &ex); 7718c2ecf20Sopenharmony_ci 7728c2ecf20Sopenharmony_ci if (rc) 7738c2ecf20Sopenharmony_ci break; 7748c2ecf20Sopenharmony_ci /* we only propagate new restrictions */ 7758c2ecf20Sopenharmony_ci rc = propagate_exception(devcgroup, &ex); 7768c2ecf20Sopenharmony_ci break; 7778c2ecf20Sopenharmony_ci default: 7788c2ecf20Sopenharmony_ci rc = -EINVAL; 7798c2ecf20Sopenharmony_ci } 7808c2ecf20Sopenharmony_ci return rc; 7818c2ecf20Sopenharmony_ci} 7828c2ecf20Sopenharmony_ci 7838c2ecf20Sopenharmony_cistatic ssize_t devcgroup_access_write(struct kernfs_open_file *of, 7848c2ecf20Sopenharmony_ci char *buf, size_t nbytes, loff_t off) 7858c2ecf20Sopenharmony_ci{ 7868c2ecf20Sopenharmony_ci int retval; 7878c2ecf20Sopenharmony_ci 7888c2ecf20Sopenharmony_ci mutex_lock(&devcgroup_mutex); 7898c2ecf20Sopenharmony_ci retval = devcgroup_update_access(css_to_devcgroup(of_css(of)), 7908c2ecf20Sopenharmony_ci of_cft(of)->private, strstrip(buf)); 7918c2ecf20Sopenharmony_ci mutex_unlock(&devcgroup_mutex); 7928c2ecf20Sopenharmony_ci return retval ?: nbytes; 7938c2ecf20Sopenharmony_ci} 7948c2ecf20Sopenharmony_ci 7958c2ecf20Sopenharmony_cistatic struct cftype dev_cgroup_files[] = { 7968c2ecf20Sopenharmony_ci { 7978c2ecf20Sopenharmony_ci .name = "allow", 7988c2ecf20Sopenharmony_ci .write = devcgroup_access_write, 7998c2ecf20Sopenharmony_ci .private = DEVCG_ALLOW, 8008c2ecf20Sopenharmony_ci }, 8018c2ecf20Sopenharmony_ci { 8028c2ecf20Sopenharmony_ci .name = "deny", 8038c2ecf20Sopenharmony_ci .write = devcgroup_access_write, 8048c2ecf20Sopenharmony_ci .private = DEVCG_DENY, 8058c2ecf20Sopenharmony_ci }, 8068c2ecf20Sopenharmony_ci { 8078c2ecf20Sopenharmony_ci .name = "list", 8088c2ecf20Sopenharmony_ci .seq_show = devcgroup_seq_show, 8098c2ecf20Sopenharmony_ci .private = DEVCG_LIST, 8108c2ecf20Sopenharmony_ci }, 8118c2ecf20Sopenharmony_ci { } /* terminate */ 8128c2ecf20Sopenharmony_ci}; 8138c2ecf20Sopenharmony_ci 8148c2ecf20Sopenharmony_cistruct cgroup_subsys devices_cgrp_subsys = { 8158c2ecf20Sopenharmony_ci .css_alloc = devcgroup_css_alloc, 8168c2ecf20Sopenharmony_ci .css_free = devcgroup_css_free, 8178c2ecf20Sopenharmony_ci .css_online = devcgroup_online, 8188c2ecf20Sopenharmony_ci .css_offline = devcgroup_offline, 8198c2ecf20Sopenharmony_ci .legacy_cftypes = dev_cgroup_files, 8208c2ecf20Sopenharmony_ci}; 8218c2ecf20Sopenharmony_ci 8228c2ecf20Sopenharmony_ci/** 8238c2ecf20Sopenharmony_ci * devcgroup_legacy_check_permission - checks if an inode operation is permitted 8248c2ecf20Sopenharmony_ci * @dev_cgroup: the dev cgroup to be tested against 8258c2ecf20Sopenharmony_ci * @type: device type 8268c2ecf20Sopenharmony_ci * @major: device major number 8278c2ecf20Sopenharmony_ci * @minor: device minor number 8288c2ecf20Sopenharmony_ci * @access: combination of DEVCG_ACC_WRITE, DEVCG_ACC_READ and DEVCG_ACC_MKNOD 8298c2ecf20Sopenharmony_ci * 8308c2ecf20Sopenharmony_ci * returns 0 on success, -EPERM case the operation is not permitted 8318c2ecf20Sopenharmony_ci */ 8328c2ecf20Sopenharmony_cistatic int devcgroup_legacy_check_permission(short type, u32 major, u32 minor, 8338c2ecf20Sopenharmony_ci short access) 8348c2ecf20Sopenharmony_ci{ 8358c2ecf20Sopenharmony_ci struct dev_cgroup *dev_cgroup; 8368c2ecf20Sopenharmony_ci bool rc; 8378c2ecf20Sopenharmony_ci 8388c2ecf20Sopenharmony_ci rcu_read_lock(); 8398c2ecf20Sopenharmony_ci dev_cgroup = task_devcgroup(current); 8408c2ecf20Sopenharmony_ci if (dev_cgroup->behavior == DEVCG_DEFAULT_ALLOW) 8418c2ecf20Sopenharmony_ci /* Can't match any of the exceptions, even partially */ 8428c2ecf20Sopenharmony_ci rc = !match_exception_partial(&dev_cgroup->exceptions, 8438c2ecf20Sopenharmony_ci type, major, minor, access); 8448c2ecf20Sopenharmony_ci else 8458c2ecf20Sopenharmony_ci /* Need to match completely one exception to be allowed */ 8468c2ecf20Sopenharmony_ci rc = match_exception(&dev_cgroup->exceptions, type, major, 8478c2ecf20Sopenharmony_ci minor, access); 8488c2ecf20Sopenharmony_ci rcu_read_unlock(); 8498c2ecf20Sopenharmony_ci 8508c2ecf20Sopenharmony_ci if (!rc) 8518c2ecf20Sopenharmony_ci return -EPERM; 8528c2ecf20Sopenharmony_ci 8538c2ecf20Sopenharmony_ci return 0; 8548c2ecf20Sopenharmony_ci} 8558c2ecf20Sopenharmony_ci 8568c2ecf20Sopenharmony_ci#endif /* CONFIG_CGROUP_DEVICE */ 8578c2ecf20Sopenharmony_ci 8588c2ecf20Sopenharmony_ci#if defined(CONFIG_CGROUP_DEVICE) || defined(CONFIG_CGROUP_BPF) 8598c2ecf20Sopenharmony_ci 8608c2ecf20Sopenharmony_ciint devcgroup_check_permission(short type, u32 major, u32 minor, short access) 8618c2ecf20Sopenharmony_ci{ 8628c2ecf20Sopenharmony_ci int rc = BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(type, major, minor, access); 8638c2ecf20Sopenharmony_ci 8648c2ecf20Sopenharmony_ci if (rc) 8658c2ecf20Sopenharmony_ci return -EPERM; 8668c2ecf20Sopenharmony_ci 8678c2ecf20Sopenharmony_ci #ifdef CONFIG_CGROUP_DEVICE 8688c2ecf20Sopenharmony_ci return devcgroup_legacy_check_permission(type, major, minor, access); 8698c2ecf20Sopenharmony_ci 8708c2ecf20Sopenharmony_ci #else /* CONFIG_CGROUP_DEVICE */ 8718c2ecf20Sopenharmony_ci return 0; 8728c2ecf20Sopenharmony_ci 8738c2ecf20Sopenharmony_ci #endif /* CONFIG_CGROUP_DEVICE */ 8748c2ecf20Sopenharmony_ci} 8758c2ecf20Sopenharmony_ciEXPORT_SYMBOL(devcgroup_check_permission); 8768c2ecf20Sopenharmony_ci#endif /* defined(CONFIG_CGROUP_DEVICE) || defined(CONFIG_CGROUP_BPF) */ 877