static int bpf_prog_allow_list_device(
BPFProgram *prog,
char type,
- int major,
- int minor,
+ unsigned major,
+ unsigned minor,
CGroupDevicePermissions p) {
int r;
assert(prog);
- log_trace("%s: %c %d:%d %s", __func__, type, major, minor, cgroup_device_permissions_to_string(p));
+ log_trace("%s: %c %u:%u %s", __func__, type, major, minor, cgroup_device_permissions_to_string(p));
if (p <= 0 || p >= _CGROUP_DEVICE_PERMISSIONS_MAX)
return -EINVAL;
static int bpf_prog_allow_list_major(
BPFProgram *prog,
char type,
- int major,
+ unsigned major,
CGroupDevicePermissions p) {
int r;
assert(prog);
- log_trace("%s: %c %d:* %s", __func__, type, major, cgroup_device_permissions_to_string(p));
+ log_trace("%s: %c %u:* %s", __func__, type, major, cgroup_device_permissions_to_string(p));
if (p <= 0 || p >= _CGROUP_DEVICE_PERMISSIONS_MAX)
return -EINVAL;
BPFProgram *prog,
const char *path,
char type,
- const unsigned *maj,
- const unsigned *min,
+ unsigned major,
+ unsigned minor,
CGroupDevicePermissions p) {
assert(IN_SET(type, 'b', 'c'));
if (!prog)
return 0;
- if (maj && min)
- return bpf_prog_allow_list_device(prog, type, *maj, *min, p);
- else if (maj)
- return bpf_prog_allow_list_major(prog, type, *maj, p);
+ if (major != UINT_MAX && minor != UINT_MAX)
+ return bpf_prog_allow_list_device(prog, type, major, minor, p);
+ else if (major != UINT_MAX)
+ return bpf_prog_allow_list_major(prog, type, major, p);
else
return bpf_prog_allow_list_class(prog, type, p);
char buf[2+DECIMAL_STR_MAX(unsigned)*2+2+4];
int r;
- if (maj && min)
- xsprintf(buf, "%c %u:%u %s", type, *maj, *min, cgroup_device_permissions_to_string(p));
- else if (maj)
- xsprintf(buf, "%c %u:* %s", type, *maj, cgroup_device_permissions_to_string(p));
+ if (major != UINT_MAX && minor != UINT_MAX)
+ xsprintf(buf, "%c %u:%u %s", type, major, minor, cgroup_device_permissions_to_string(p));
+ else if (major != UINT_MAX)
+ xsprintf(buf, "%c %u:* %s", type, major, cgroup_device_permissions_to_string(p));
else
xsprintf(buf, "%c *:* %s", type, cgroup_device_permissions_to_string(p));
rdev = (dev_t) st.st_rdev;
}
- unsigned maj = major(rdev), min = minor(rdev);
- return allow_list_device_pattern(prog, path, S_ISCHR(mode) ? 'c' : 'b', &maj, &min, p);
+ return allow_list_device_pattern(prog, path, S_ISCHR(mode) ? 'c' : 'b', major(rdev), minor(rdev), p);
}
int bpf_devices_allow_list_major(
char type,
CGroupDevicePermissions permissions) {
- unsigned maj;
+ unsigned major;
int r;
assert(path);
if (streq(name, "*"))
/* If the name is a wildcard, then apply this list to all devices of this type */
- return allow_list_device_pattern(prog, path, type, NULL, NULL, permissions);
+ return allow_list_device_pattern(prog, path, type, /* major= */ UINT_MAX, /* minor= */ UINT_MAX, permissions);
- if (safe_atou(name, &maj) >= 0 && DEVICE_MAJOR_VALID(maj))
+ if (safe_atou(name, &major) >= 0 && DEVICE_MAJOR_VALID(major))
/* The name is numeric and suitable as major. In that case, let's take its major, and create
* the entry directly. */
- return allow_list_device_pattern(prog, path, type, &maj, NULL, permissions);
+ return allow_list_device_pattern(prog, path, type, major, /* minor= */ UINT_MAX, permissions);
_cleanup_fclose_ FILE *f = NULL;
bool good = false, any = false;
continue;
*w = 0;
- r = safe_atou(p, &maj);
+ r = safe_atou(p, &major);
if (r < 0)
continue;
- if (maj <= 0)
+ if (major <= 0)
continue;
w++;
continue;
any = true;
- (void) allow_list_device_pattern(prog, path, type, &maj, NULL, permissions);
+ (void) allow_list_device_pattern(prog, path, type, major, /* minor= */ UINT_MAX, permissions);
}
if (!any)