Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\device_cgroup.c Create Date:2022-07-28 19:55:50
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:verify_new_ex - verifies if a new exception is allowed by parent cgroup's permissions*@dev_cgroup: dev cgroup to be tested against*@refex: new exception*@behavior: behavior of the exception's dev_cgroup* This is used to make sure a child cgroup won't have

Proto:static bool verify_new_ex(struct dev_cgroup *dev_cgroup, struct dev_exception_item *refex, enum devcg_behavior behavior)

Type:bool

Parameter:

TypeParameterName
struct dev_cgroup *dev_cgroup
struct dev_exception_item *refex
enum devcg_behaviorbehavior
393  bool match = false
395  RCU_LOCKDEP_WARN(!_read_lock_held() - might we be in RCU read-side critical section?* If CONFIG_DEBUG_LOCK_ALLOC is selected, returns nonzero iff in an RCU* read-side critical section && !lockdep_is_held( & devcgroup_mutex), "device_cgroup:verify_new_ex called without proper synchronization")
399  If behavior == DEVCG_DEFAULT_ALLOW Then
400  If behavior == DEVCG_DEFAULT_ALLOW Then
405  Return true
406  Else
412  match = match_exception_partial - iterates the exception list trying to find a partial match*@exceptions: list of exceptions*@type: device type (DEVCG_DEV_BLOCK or DEVCG_DEV_CHAR)*@major: device file major number, ~0 to match all*@minor: device file minor number,
418  If match Then Return false
420  Return true
422  Else
429  match = match_exception - iterates the exception list trying to find a complete match*@exceptions: list of exceptions*@type: device type (DEVCG_DEV_BLOCK or DEVCG_DEV_CHAR)*@major: device file major number, ~0 to match all*@minor: device file minor number, ~0 to
433  If match Then Return true
436  Else Return false
439  Return false
Caller
NameDescribe
parent_has_permparent_has_perm:* when adding a new allow rule to a device exception list, the rule* must be allowed in the parent device