[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 03/19] arch/x86: add distinct XSM hooks for map/unmap



>>> On 16.11.12 at 19:28, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote:
> -static int flask_irq_permission (struct domain *d, int irq, uint8_t access)
> +static int flask_unmap_domain_pirq (struct domain *d, int irq)
>  {
> -    u32 perm;
> -    u32 rsid;
> +    u32 sid;
>      int rc = -EPERM;
>  
> -    struct domain_security_struct *ssec, *tsec;
> +    struct domain_security_struct *ssec;
>      struct avc_audit_data ad;
>  
> -    rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
> -                         resource_to_perm(access));
> -
> +    rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, 
> RESOURCE__REMOVE);
>      if ( rc )
>          return rc;
>  
> -    if ( access )
> -        perm = RESOURCE__ADD_IRQ;
> -    else
> -        perm = RESOURCE__REMOVE_IRQ;
> -
>      ssec = current->domain->ssid;
> -    tsec = d->ssid;
>  
> -    rc = get_irq_sid(irq, &rsid, &ad);
> -    if ( rc )
> -        return rc;
> -
> -    rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, perm, &ad);
> +    if ( irq >= nr_irqs_gsi ) {

Isn't the use of nr_irqs_gsi x86-specific?

Jan

> +        /* TODO support for MSI here */
> +        return 0;
> +    } else {
> +        rc = get_irq_sid(irq, &sid, &ad);
> +    }
>      if ( rc )
>          return rc;
>  
> -    if ( access )
> -        rc = avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, 
> -                            RESOURCE__USE, &ad);
> +    rc = avc_has_perm(ssec->sid, sid, SECCLASS_RESOURCE, 
> RESOURCE__REMOVE_IRQ, &ad);
>      return rc;
>  }



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.