summaryrefslogtreecommitdiffstats
path: root/security/device_cgroup.c
diff options
context:
space:
mode:
authorAristeu Rozanski <aris@redhat.com>2014-04-24 21:33:21 +0200
committerTejun Heo <tj@kernel.org>2014-05-04 21:21:09 +0200
commitf5f3cf6f7e49b9529fc00a2c4629fa92cf2755fe (patch)
tree4ec412a6feff105d99a6addfa5aa3be4553c3b71 /security/device_cgroup.c
parentdevice_cgroup: rework device access check and exception checking (diff)
downloadlinux-f5f3cf6f7e49b9529fc00a2c4629fa92cf2755fe.tar.xz
linux-f5f3cf6f7e49b9529fc00a2c4629fa92cf2755fe.zip
device_cgroup: fix the comment format for recently added functions
Moving more extensive explanations to the end of the comment. Cc: Li Zefan <lizefan@huawei.com> Signed-off-by: Aristeu Rozanski <arozansk@redhat.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Tejun Heo <tj@kernel.org>
Diffstat (limited to 'security/device_cgroup.c')
-rw-r--r--security/device_cgroup.c33
1 files changed, 16 insertions, 17 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index b9048dc46b1a..6b1266dd92bb 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -306,17 +306,17 @@ static int devcgroup_seq_show(struct seq_file *m, void *v)
}
/**
- * match_exception - iterates the exception list trying to match a rule
- * based on type, major, minor and access type. It is
- * considered a match if an exception is found that
- * will contain the entire range of provided parameters.
+ * match_exception - iterates the exception list trying to find a complete match
* @exceptions: list of exceptions
* @type: device type (DEV_BLOCK or DEV_CHAR)
* @major: device file major number, ~0 to match all
* @minor: device file minor number, ~0 to match all
* @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD)
*
- * returns: true in case it matches an exception completely
+ * It is considered a complete match if an exception is found that will
+ * contain the entire range of provided parameters.
+ *
+ * Return: true in case it matches an exception completely
*/
static bool match_exception(struct list_head *exceptions, short type,
u32 major, u32 minor, short access)
@@ -341,20 +341,19 @@ static bool match_exception(struct list_head *exceptions, short type,
}
/**
- * match_exception_partial - iterates the exception list trying to match a rule
- * based on type, major, minor and access type. It is
- * considered a match if an exception's range is
- * found to contain *any* of the devices specified by
- * provided parameters. This is used to make sure no
- * extra access is being granted that is forbidden by
- * any of the exception list.
+ * match_exception_partial - iterates the exception list trying to find a partial match
* @exceptions: list of exceptions
* @type: device type (DEV_BLOCK or DEV_CHAR)
* @major: device file major number, ~0 to match all
* @minor: device file minor number, ~0 to match all
* @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD)
*
- * returns: true in case the provided range mat matches an exception completely
+ * It is considered a partial match if an exception's range is found to
+ * contain *any* of the devices specified by provided parameters. This is
+ * used to make sure no extra access is being granted that is forbidden by
+ * any of the exception list.
+ *
+ * Return: true in case the provided range mat matches an exception completely
*/
static bool match_exception_partial(struct list_head *exceptions, short type,
u32 major, u32 minor, short access)
@@ -387,13 +386,13 @@ static bool match_exception_partial(struct list_head *exceptions, short type,
}
/**
- * verify_new_ex - verifies if a new exception is part of what is allowed
- * by a dev cgroup based on the default policy +
- * exceptions. This is used to make sure a child cgroup
- * won't have more privileges than its parent
+ * verify_new_ex - verifies if a new exception is allowed by parent cgroup's permissions
* @dev_cgroup: dev cgroup to be tested against
* @refex: new exception
* @behavior: behavior of the exception's dev_cgroup
+ *
+ * This is used to make sure a child cgroup won't have more privileges
+ * than its parent
*/
static bool verify_new_ex(struct dev_cgroup *dev_cgroup,
struct dev_exception_item *refex,