@@ -306,17 +306,17 @@ static int devcgroup_seq_show(struct seq_file *m, void *v)
306306}
307307
308308/**
309- * match_exception - iterates the exception list trying to match a rule
310- * based on type, major, minor and access type. It is
311- * considered a match if an exception is found that
312- * will contain the entire range of provided parameters.
309+ * match_exception - iterates the exception list trying to find a complete match
313310 * @exceptions: list of exceptions
314311 * @type: device type (DEV_BLOCK or DEV_CHAR)
315312 * @major: device file major number, ~0 to match all
316313 * @minor: device file minor number, ~0 to match all
317314 * @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD)
318315 *
319- * returns: true in case it matches an exception completely
316+ * It is considered a complete match if an exception is found that will
317+ * contain the entire range of provided parameters.
318+ *
319+ * Return: true in case it matches an exception completely
320320 */
321321static bool match_exception (struct list_head * exceptions , short type ,
322322 u32 major , u32 minor , short access )
@@ -341,20 +341,19 @@ static bool match_exception(struct list_head *exceptions, short type,
341341}
342342
343343/**
344- * match_exception_partial - iterates the exception list trying to match a rule
345- * based on type, major, minor and access type. It is
346- * considered a match if an exception's range is
347- * found to contain *any* of the devices specified by
348- * provided parameters. This is used to make sure no
349- * extra access is being granted that is forbidden by
350- * any of the exception list.
344+ * match_exception_partial - iterates the exception list trying to find a partial match
351345 * @exceptions: list of exceptions
352346 * @type: device type (DEV_BLOCK or DEV_CHAR)
353347 * @major: device file major number, ~0 to match all
354348 * @minor: device file minor number, ~0 to match all
355349 * @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD)
356350 *
357- * returns: true in case the provided range mat matches an exception completely
351+ * It is considered a partial match if an exception's range is found to
352+ * contain *any* of the devices specified by provided parameters. This is
353+ * used to make sure no extra access is being granted that is forbidden by
354+ * any of the exception list.
355+ *
356+ * Return: true in case the provided range mat matches an exception completely
358357 */
359358static bool match_exception_partial (struct list_head * exceptions , short type ,
360359 u32 major , u32 minor , short access )
@@ -387,13 +386,13 @@ static bool match_exception_partial(struct list_head *exceptions, short type,
387386}
388387
389388/**
390- * verify_new_ex - verifies if a new exception is part of what is allowed
391- * by a dev cgroup based on the default policy +
392- * exceptions. This is used to make sure a child cgroup
393- * won't have more privileges than its parent
389+ * verify_new_ex - verifies if a new exception is allowed by parent cgroup's permissions
394390 * @dev_cgroup: dev cgroup to be tested against
395391 * @refex: new exception
396392 * @behavior: behavior of the exception's dev_cgroup
393+ *
394+ * This is used to make sure a child cgroup won't have more privileges
395+ * than its parent
397396 */
398397static bool verify_new_ex (struct dev_cgroup * dev_cgroup ,
399398 struct dev_exception_item * refex ,
0 commit comments