|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 03/19] arch/x86: add distinct XSM hooks for map/unmap
>>> On 16.11.12 at 19:28, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote:
> -static int flask_irq_permission (struct domain *d, int irq, uint8_t access)
> +static int flask_unmap_domain_pirq (struct domain *d, int irq)
> {
> - u32 perm;
> - u32 rsid;
> + u32 sid;
> int rc = -EPERM;
>
> - struct domain_security_struct *ssec, *tsec;
> + struct domain_security_struct *ssec;
> struct avc_audit_data ad;
>
> - rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
> - resource_to_perm(access));
> -
> + rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
> RESOURCE__REMOVE);
> if ( rc )
> return rc;
>
> - if ( access )
> - perm = RESOURCE__ADD_IRQ;
> - else
> - perm = RESOURCE__REMOVE_IRQ;
> -
> ssec = current->domain->ssid;
> - tsec = d->ssid;
>
> - rc = get_irq_sid(irq, &rsid, &ad);
> - if ( rc )
> - return rc;
> -
> - rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, perm, &ad);
> + if ( irq >= nr_irqs_gsi ) {
Isn't the use of nr_irqs_gsi x86-specific?
Jan
> + /* TODO support for MSI here */
> + return 0;
> + } else {
> + rc = get_irq_sid(irq, &sid, &ad);
> + }
> if ( rc )
> return rc;
>
> - if ( access )
> - rc = avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE,
> - RESOURCE__USE, &ad);
> + rc = avc_has_perm(ssec->sid, sid, SECCLASS_RESOURCE,
> RESOURCE__REMOVE_IRQ, &ad);
> return rc;
> }
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |