[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 07/18] arch/x86: add missing XSM checks to XENPF_ commands

To: xen-devel@xxxxxxxxxxxxx
From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Date: Mon, 6 Aug 2012 10:32:19 -0400
Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Delivery-date: Mon, 06 Aug 2012 14:32:51 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
 tools/flask/policy/policy/modules/xen/xen.te | 4 ++--
 xen/arch/x86/platform_hypercall.c            | 8 ++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/tools/flask/policy/policy/modules/xen/xen.te 
b/tools/flask/policy/policy/modules/xen/xen.te
index 40c4c0a..1162153 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -53,8 +53,8 @@ type device_t, resource_type;
 #
 
################################################################################
 allow dom0_t xen_t:xen { kexec readapic writeapic mtrr_read mtrr_add mtrr_del
-       scheduler physinfo heap quirk readconsole writeconsole settime
-       microcode cpupool_op sched_op };
+       scheduler physinfo heap quirk readconsole writeconsole settime 
getcpuinfo
+       microcode cpupool_op sched_op pm_op };
 allow dom0_t xen_t:mmu { memorymap };
 allow dom0_t security_t:security { check_context compute_av compute_create
        compute_member load_policy compute_relabel compute_user setenforce
diff --git a/xen/arch/x86/platform_hypercall.c 
b/xen/arch/x86/platform_hypercall.c
index 88880b0..c049db7 100644
--- a/xen/arch/x86/platform_hypercall.c
+++ b/xen/arch/x86/platform_hypercall.c
@@ -501,6 +501,10 @@ ret_t do_platform_op(XEN_GUEST_HANDLE(xen_platform_op_t) 
u_xenpf_op)
     {
         struct xenpf_pcpu_version *ver = &op->u.pcpu_version;
 
+        ret = xsm_getcpuinfo();
+        if ( ret )
+            break;
+
         if ( !get_cpu_maps() )
         {
             ret = -EBUSY;
@@ -618,6 +622,10 @@ ret_t do_platform_op(XEN_GUEST_HANDLE(xen_platform_op_t) 
u_xenpf_op)
     {
         uint32_t idle_nums;
 
+        ret = xsm_pm_op();
+        if ( ret )
+            break;
+
         switch(op->u.core_parking.type)
         {
         case XEN_CORE_PARKING_SET:
-- 
1.7.11.2


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 07/18] arch/x86: add missing XSM checks to XENPF_ commands
  - From: Jan Beulich

References:
- [Xen-devel] [PATCH 00/18] RFC: Merge IS_PRIV checks into XSM hooks
  - From: Daniel De Graaf

Prev by Date: [Xen-devel] [PATCH 15/18] xsm/flask: add distinct SIDs for self/target access
Next by Date: [Xen-devel] [PATCH 13/18] tmem: Add access control check
Previous by thread: [Xen-devel] [PATCH 15/18] xsm/flask: add distinct SIDs for self/target access
Next by thread: Re: [Xen-devel] [PATCH 07/18] arch/x86: add missing XSM checks to XENPF_ commands
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.