summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLi Zefan <lizf@cn.fujitsu.com>2009-06-17 16:26:33 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2009-06-18 13:03:47 -0700
commitcd5008196f7e583f4c558531a2bca59f6c674c5b (patch)
treec91a3d15b09545eddebbc09577b2763ef2e34235
parentf9ab5b5b0f5be506640321d710b0acd3dca6154a (diff)
downloadlwn-cd5008196f7e583f4c558531a2bca59f6c674c5b.tar.gz
lwn-cd5008196f7e583f4c558531a2bca59f6c674c5b.zip
devcgroup: skip superfluous checks when found the DEV_ALL elem
While walking through the whitelist, if the DEV_ALL item is found, no more check is needed. Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--security/device_cgroup.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 5fda7df19723..b8186bac8b7e 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -490,7 +490,7 @@ int devcgroup_inode_permission(struct inode *inode, int mask)
list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
if (wh->type & DEV_ALL)
- goto acc_check;
+ goto found;
if ((wh->type & DEV_BLOCK) && !S_ISBLK(inode->i_mode))
continue;
if ((wh->type & DEV_CHAR) && !S_ISCHR(inode->i_mode))
@@ -499,11 +499,12 @@ int devcgroup_inode_permission(struct inode *inode, int mask)
continue;
if (wh->minor != ~0 && wh->minor != iminor(inode))
continue;
-acc_check:
+
if ((mask & MAY_WRITE) && !(wh->access & ACC_WRITE))
continue;
if ((mask & MAY_READ) && !(wh->access & ACC_READ))
continue;
+found:
rcu_read_unlock();
return 0;
}
@@ -527,7 +528,7 @@ int devcgroup_inode_mknod(int mode, dev_t dev)
list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
if (wh->type & DEV_ALL)
- goto acc_check;
+ goto found;
if ((wh->type & DEV_BLOCK) && !S_ISBLK(mode))
continue;
if ((wh->type & DEV_CHAR) && !S_ISCHR(mode))
@@ -536,9 +537,10 @@ int devcgroup_inode_mknod(int mode, dev_t dev)
continue;
if (wh->minor != ~0 && wh->minor != MINOR(dev))
continue;
-acc_check:
+
if (!(wh->access & ACC_MKNOD))
continue;
+found:
rcu_read_unlock();
return 0;
}