# HG changeset patch
# User Jean Guyader <jean.guyader@xxxxxxxxxxxxx>
# Date 1320781307 0
# Node ID fb1b32c9d03dfa5af4014688556a97805b118ac9
# Parent 2af5bfbc9fdee08af184d9dfc48c368619719e0f
xsm: Add support for HVMOP_track_dirty_vram.
Xen try to inforce the xsm policy when a HVMOP_track_dirty_vram
is received (xen/arch/x86/hvm/hvm.c:3637). It was failing because
in flask_hvmcontext, xsm didn't have any case for this operation.
Signed-off-by: Jean Guyader <jean.guyader@xxxxxxxxxxxxx>
Committed-by: Keir Fraser <keir@xxxxxxx>
---
diff -r 2af5bfbc9fde -r fb1b32c9d03d
tools/flask/policy/policy/flask/access_vectors
--- a/tools/flask/policy/policy/flask/access_vectors Tue Nov 08 19:35:42
2011 +0000
+++ b/tools/flask/policy/policy/flask/access_vectors Tue Nov 08 19:41:47
2011 +0000
@@ -90,6 +90,7 @@
pciroute
bind_irq
cacheattr
+ trackdirtyvram
}
class event
diff -r 2af5bfbc9fde -r fb1b32c9d03d
tools/flask/policy/policy/modules/xen/xen.if
--- a/tools/flask/policy/policy/modules/xen/xen.if Tue Nov 08 19:35:42
2011 +0000
+++ b/tools/flask/policy/policy/modules/xen/xen.if Tue Nov 08 19:41:47
2011 +0000
@@ -22,7 +22,7 @@
################################################################################
define(`create_hvm_dom', `
create_domain($1, $2, $3)
- allow $1 $2:hvm { setparam getparam cacheattr pciroute irqlevel
pcilevel };
+ allow $1 $2:hvm { setparam getparam cacheattr pciroute irqlevel
pcilevel trackdirtyvram };
allow $2 $2:hvm setparam;
')
diff -r 2af5bfbc9fde -r fb1b32c9d03d xen/xsm/flask/hooks.c
--- a/xen/xsm/flask/hooks.c Tue Nov 08 19:35:42 2011 +0000
+++ b/xen/xsm/flask/hooks.c Tue Nov 08 19:41:47 2011 +0000
@@ -816,6 +816,9 @@
case XEN_DOMCTL_gethvmcontext_partial:
perm = HVM__GETHVMC;
break;
+ case HVMOP_track_dirty_vram:
+ perm = HVM__TRACKDIRTYVRAM;
+ break;
default:
return -EPERM;
}
diff -r 2af5bfbc9fde -r fb1b32c9d03d xen/xsm/flask/include/av_perm_to_string.h
--- a/xen/xsm/flask/include/av_perm_to_string.h Tue Nov 08 19:35:42 2011 +0000
+++ b/xen/xsm/flask/include/av_perm_to_string.h Tue Nov 08 19:41:47 2011 +0000
@@ -56,6 +56,7 @@
S_(SECCLASS_HVM, HVM__GETHVMC, "gethvmc")
S_(SECCLASS_HVM, HVM__SETPARAM, "setparam")
S_(SECCLASS_HVM, HVM__GETPARAM, "getparam")
+ S_(SECCLASS_HVM, HVM__TRACKDIRTYVRAM, "trackdirtyvram")
S_(SECCLASS_HVM, HVM__PCILEVEL, "pcilevel")
S_(SECCLASS_HVM, HVM__IRQLEVEL, "irqlevel")
S_(SECCLASS_HVM, HVM__PCIROUTE, "pciroute")
diff -r 2af5bfbc9fde -r fb1b32c9d03d xen/xsm/flask/include/av_permissions.h
--- a/xen/xsm/flask/include/av_permissions.h Tue Nov 08 19:35:42 2011 +0000
+++ b/xen/xsm/flask/include/av_permissions.h Tue Nov 08 19:41:47 2011 +0000
@@ -63,6 +63,7 @@
#define HVM__PCIROUTE 0x00000040UL
#define HVM__BIND_IRQ 0x00000080UL
#define HVM__CACHEATTR 0x00000100UL
+#define HVM__TRACKDIRTYVRAM 0x00000200UL
#define EVENT__BIND 0x00000001UL
#define EVENT__SEND 0x00000002UL
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|