[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 03/19] arch/x86: add distinct XSM hooks for map/unmap
>>> On 19.11.12 at 15:53, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote: > On 11/19/2012 03:59 AM, Jan Beulich wrote: >>>>> On 16.11.12 at 19:28, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote: >>> -static int flask_irq_permission (struct domain *d, int irq, uint8_t access) >>> +static int flask_unmap_domain_pirq (struct domain *d, int irq) >>> { >>> - u32 perm; >>> - u32 rsid; >>> + u32 sid; >>> int rc = -EPERM; >>> >>> - struct domain_security_struct *ssec, *tsec; >>> + struct domain_security_struct *ssec; >>> struct avc_audit_data ad; >>> >>> - rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, >>> - resource_to_perm(access)); >>> - >>> + rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, > RESOURCE__REMOVE); >>> if ( rc ) >>> return rc; >>> >>> - if ( access ) >>> - perm = RESOURCE__ADD_IRQ; >>> - else >>> - perm = RESOURCE__REMOVE_IRQ; >>> - >>> ssec = current->domain->ssid; >>> - tsec = d->ssid; >>> >>> - rc = get_irq_sid(irq, &rsid, &ad); >>> - if ( rc ) >>> - return rc; >>> - >>> - rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, perm, &ad); >>> + if ( irq >= nr_irqs_gsi ) { >> >> Isn't the use of nr_irqs_gsi x86-specific? > > It's defined in xen/include/xen/irq.h (not in an x86-specific file), so I > hadn't assumed so. The check here is to avoid needing to allow access to > the MSI IRQs by number since they are dynamic and therefore meaningless in > a statically-defined policy. Indeed, there are other uses in common code. We may need to do something about this for ARM. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |