[Xen-changelog] [xen-4.1-testing] xsm: Add support for HVMOP_track_dirty_vram.

[Xen patchbot-4.1-testing <patchbot@xxxxxxx>]

# HG changeset patch
# User Jean Guyader <jean.guyader@xxxxxxxxxxxxx>
# Date 1321521120 0
# Node ID 344dddd4160bec210e7cb97e772a5bcc2b0a5fa0
# Parent  1bbf2940ef6146923593e642b34f7c55d1c58f92
xsm: Add support for HVMOP_track_dirty_vram.

Xen try to inforce the xsm policy when a HVMOP_track_dirty_vram
is received (xen/arch/x86/hvm/hvm.c:3637). It was failing because
in flask_hvmcontext, xsm didn't have any case for this operation.

Signed-off-by: Jean Guyader <jean.guyader@xxxxxxxxxxxxx>
Committed-by: Keir Fraser <keir@xxxxxxx>
xen-unstable changeset:   24107:fb1b32c9d03d
xen-unstable date:        Tue Nov 08 19:41:47 2011 +0000
---


diff -r 1bbf2940ef61 -r 344dddd4160b 
tools/flask/policy/policy/flask/access_vectors
--- a/tools/flask/policy/policy/flask/access_vectors    Thu Nov 17 09:10:07 
2011 +0000
+++ b/tools/flask/policy/policy/flask/access_vectors    Thu Nov 17 09:12:00 
2011 +0000
@@ -90,6 +90,7 @@
     pciroute
        bind_irq
        cacheattr
+    trackdirtyvram
 }
 
 class event
diff -r 1bbf2940ef61 -r 344dddd4160b 
tools/flask/policy/policy/modules/xen/xen.if
--- a/tools/flask/policy/policy/modules/xen/xen.if      Thu Nov 17 09:10:07 
2011 +0000
+++ b/tools/flask/policy/policy/modules/xen/xen.if      Thu Nov 17 09:12:00 
2011 +0000
@@ -22,7 +22,7 @@
 
################################################################################
 define(`create_hvm_dom', `
        create_domain($1, $2, $3)
-       allow $1 $2:hvm { setparam getparam cacheattr pciroute irqlevel 
pcilevel };
+       allow $1 $2:hvm { setparam getparam cacheattr pciroute irqlevel 
pcilevel trackdirtyvram };
        allow $2 $2:hvm setparam;
 ')     
 
diff -r 1bbf2940ef61 -r 344dddd4160b xen/xsm/flask/hooks.c
--- a/xen/xsm/flask/hooks.c     Thu Nov 17 09:10:07 2011 +0000
+++ b/xen/xsm/flask/hooks.c     Thu Nov 17 09:12:00 2011 +0000
@@ -835,6 +835,9 @@
     case XEN_DOMCTL_gethvmcontext_partial:
         perm = HVM__GETHVMC;
         break;
+    case HVMOP_track_dirty_vram:
+        perm = HVM__TRACKDIRTYVRAM;
+        break;
     default:
         return -EPERM;
     }
diff -r 1bbf2940ef61 -r 344dddd4160b xen/xsm/flask/include/av_perm_to_string.h
--- a/xen/xsm/flask/include/av_perm_to_string.h Thu Nov 17 09:10:07 2011 +0000
+++ b/xen/xsm/flask/include/av_perm_to_string.h Thu Nov 17 09:12:00 2011 +0000
@@ -56,6 +56,7 @@
    S_(SECCLASS_HVM, HVM__GETHVMC, "gethvmc")
    S_(SECCLASS_HVM, HVM__SETPARAM, "setparam")
    S_(SECCLASS_HVM, HVM__GETPARAM, "getparam")
+   S_(SECCLASS_HVM, HVM__TRACKDIRTYVRAM, "trackdirtyvram")
    S_(SECCLASS_HVM, HVM__PCILEVEL, "pcilevel")
    S_(SECCLASS_HVM, HVM__IRQLEVEL, "irqlevel")
    S_(SECCLASS_HVM, HVM__PCIROUTE, "pciroute")
diff -r 1bbf2940ef61 -r 344dddd4160b xen/xsm/flask/include/av_permissions.h
--- a/xen/xsm/flask/include/av_permissions.h    Thu Nov 17 09:10:07 2011 +0000
+++ b/xen/xsm/flask/include/av_permissions.h    Thu Nov 17 09:12:00 2011 +0000
@@ -63,6 +63,7 @@
 #define HVM__PCIROUTE                             0x00000040UL
 #define HVM__BIND_IRQ                             0x00000080UL
 #define HVM__CACHEATTR                            0x00000100UL
+#define HVM__TRACKDIRTYVRAM                       0x00000200UL
 
 #define EVENT__BIND                               0x00000001UL
 #define EVENT__SEND                               0x00000002UL

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog