X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=security%2Fdevice_cgroup.c;h=e3ce02a00ffcdadc1ee202bee3bfde6a2c3f5198;hb=66b8ef67756b3051bf42a077a82c3c5c279caa5b;hp=4b877a92a7ea3dc3a0307f5c5efb9e78c3289b17;hpb=d66e6737d454553e1e62109d8298ede5351178a4;p=platform%2Fadaptation%2Frenesas_rcar%2Frenesas_kernel.git

diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 4b877a9..e3ce02a 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -42,6 +42,7 @@ struct dev_whitelist_item {
 struct dev_cgroup {
 	struct cgroup_subsys_state css;
 	struct list_head whitelist;
+	bool deny_all;
 };
 
 static inline struct dev_cgroup *css_to_devcgroup(struct cgroup_subsys_state *s)
@@ -178,12 +179,14 @@ static struct cgroup_subsys_state *devcgroup_create(struct cgroup *cgroup)
 		wh->minor = wh->major = ~0;
 		wh->type = DEV_ALL;
 		wh->access = ACC_MASK;
+		dev_cgroup->deny_all = false;
 		list_add(&wh->list, &dev_cgroup->whitelist);
 	} else {
 		parent_dev_cgroup = cgroup_to_devcgroup(parent_cgroup);
 		mutex_lock(&devcgroup_mutex);
 		ret = dev_whitelist_copy(&dev_cgroup->whitelist,
 				&parent_dev_cgroup->whitelist);
+		dev_cgroup->deny_all = parent_dev_cgroup->deny_all;
 		mutex_unlock(&devcgroup_mutex);
 		if (ret) {
 			kfree(dev_cgroup);
@@ -409,9 +412,11 @@ handle:
 	case DEVCG_ALLOW:
 		if (!parent_has_perm(devcgroup, &wh))
 			return -EPERM;
+		devcgroup->deny_all = false;
 		return dev_whitelist_add(devcgroup, &wh);
 	case DEVCG_DENY:
 		dev_whitelist_rm(devcgroup, &wh);
+		devcgroup->deny_all = true;
 		break;
 	default:
 		return -EINVAL;