summary refs log tree commit diff
path: root/security
diff options
context:
space:
mode:
authorLi Zefan <lizf@cn.fujitsu.com>2009-06-17 16:26:33 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2009-06-18 13:03:47 -0700
commitcd5008196f7e583f4c558531a2bca59f6c674c5b (patch)
treec91a3d15b09545eddebbc09577b2763ef2e34235 /security
parentf9ab5b5b0f5be506640321d710b0acd3dca6154a (diff)
downloadlinux-cd5008196f7e583f4c558531a2bca59f6c674c5b.tar.gz
devcgroup: skip superfluous checks when found the DEV_ALL elem
While walking through the whitelist, if the DEV_ALL item is found, no more
check is needed.

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security')
-rw-r--r--security/device_cgroup.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 5fda7df19723..b8186bac8b7e 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -490,7 +490,7 @@ int devcgroup_inode_permission(struct inode *inode, int mask)
 
 	list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
 		if (wh->type & DEV_ALL)
-			goto acc_check;
+			goto found;
 		if ((wh->type & DEV_BLOCK) && !S_ISBLK(inode->i_mode))
 			continue;
 		if ((wh->type & DEV_CHAR) && !S_ISCHR(inode->i_mode))
@@ -499,11 +499,12 @@ int devcgroup_inode_permission(struct inode *inode, int mask)
 			continue;
 		if (wh->minor != ~0 && wh->minor != iminor(inode))
 			continue;
-acc_check:
+
 		if ((mask & MAY_WRITE) && !(wh->access & ACC_WRITE))
 			continue;
 		if ((mask & MAY_READ) && !(wh->access & ACC_READ))
 			continue;
+found:
 		rcu_read_unlock();
 		return 0;
 	}
@@ -527,7 +528,7 @@ int devcgroup_inode_mknod(int mode, dev_t dev)
 
 	list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
 		if (wh->type & DEV_ALL)
-			goto acc_check;
+			goto found;
 		if ((wh->type & DEV_BLOCK) && !S_ISBLK(mode))
 			continue;
 		if ((wh->type & DEV_CHAR) && !S_ISCHR(mode))
@@ -536,9 +537,10 @@ int devcgroup_inode_mknod(int mode, dev_t dev)
 			continue;
 		if (wh->minor != ~0 && wh->minor != MINOR(dev))
 			continue;
-acc_check:
+
 		if (!(wh->access & ACC_MKNOD))
 			continue;
+found:
 		rcu_read_unlock();
 		return 0;
 	}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-24 23:20:01 +0000