The new lsm-based cgroup device access control provides an equivalent hook to check device permission. Thus, switch to the more generic security hook security_dev_permission() instead of directly calling devcgroup_check_permission(). Signed-off-by: Michael Weiß <michael.weiss@xxxxxxxxxxxxxxxxxxx> --- block/bdev.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/block/bdev.c b/block/bdev.c index f3b13aa1b7d4..fc6de4e2a80b 100644 --- a/block/bdev.c +++ b/block/bdev.c @@ -10,7 +10,6 @@ #include <linux/slab.h> #include <linux/kmod.h> #include <linux/major.h> -#include <linux/device_cgroup.h> #include <linux/blkdev.h> #include <linux/blk-integrity.h> #include <linux/backing-dev.h> @@ -27,6 +26,7 @@ #include <linux/part_stat.h> #include <linux/uaccess.h> #include <linux/stat.h> +#include <linux/security.h> #include "../fs/internal.h" #include "blk.h" @@ -757,10 +757,9 @@ struct block_device *blkdev_get_by_dev(dev_t dev, blk_mode_t mode, void *holder, struct gendisk *disk; int ret; - ret = devcgroup_check_permission(DEVCG_DEV_BLOCK, - MAJOR(dev), MINOR(dev), - ((mode & BLK_OPEN_READ) ? DEVCG_ACC_READ : 0) | - ((mode & BLK_OPEN_WRITE) ? DEVCG_ACC_WRITE : 0)); + ret = security_dev_permission(S_IFBLK, dev, + ((mode & BLK_OPEN_READ) ? MAY_READ : 0) | + ((mode & BLK_OPEN_WRITE) ? MAY_WRITE : 0)); if (ret) return ERR_PTR(ret); -- 2.30.2
