[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 03/19] arch/x86: add distinct XSM hooks for map/unmap
>>> On 16.11.12 at 19:28, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote: > -static int flask_irq_permission (struct domain *d, int irq, uint8_t access) > +static int flask_unmap_domain_pirq (struct domain *d, int irq) > { > - u32 perm; > - u32 rsid; > + u32 sid; > int rc = -EPERM; > > - struct domain_security_struct *ssec, *tsec; > + struct domain_security_struct *ssec; > struct avc_audit_data ad; > > - rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, > - resource_to_perm(access)); > - > + rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, > RESOURCE__REMOVE); > if ( rc ) > return rc; > > - if ( access ) > - perm = RESOURCE__ADD_IRQ; > - else > - perm = RESOURCE__REMOVE_IRQ; > - > ssec = current->domain->ssid; > - tsec = d->ssid; > > - rc = get_irq_sid(irq, &rsid, &ad); > - if ( rc ) > - return rc; > - > - rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, perm, &ad); > + if ( irq >= nr_irqs_gsi ) { Isn't the use of nr_irqs_gsi x86-specific? Jan > + /* TODO support for MSI here */ > + return 0; > + } else { > + rc = get_irq_sid(irq, &sid, &ad); > + } > if ( rc ) > return rc; > > - if ( access ) > - rc = avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, > - RESOURCE__USE, &ad); > + rc = avc_has_perm(ssec->sid, sid, SECCLASS_RESOURCE, > RESOURCE__REMOVE_IRQ, &ad); > return rc; > } _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |