projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 64b9c34) | patch
xsm, argo: XSM control for argo register
authorChristopher Clark <christopher.w.clark@gmail.com>
Wed, 6 Feb 2019 08:55:00 +0000 (09:55 +0100)
committerJan Beulich <jbeulich@suse.com>
Thu, 7 Feb 2019 13:25:39 +0000 (14:25 +0100)
commit23d160faeb708092895e43fd6e5c8701f42e0670
tree8ec506e0d15d690fd85da4e38159dfee526b056atree | snapshot
parent64b9c3422b81752036b4222e1f7229632f77315ccommit | diff
xsm, argo: XSM control for argo register

XSM controls for argo ring registration with two distinct cases, where
the ring being registered is:

1) Single source:  registering a ring for communication to receive messages
                   from a specified single other domain.
   Default policy: allow.

2) Any source:     registering a ring for communication to receive messages
                   from any, or all, other domains (ie. wildcard).
   Default policy: deny, with runtime policy configuration via bootparam.

This commit modifies the signature of core XSM hook functions in order to
apply 'const' to arguments, needed in order for 'const' to be accepted in
signature of functions that invoke them.

Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com>
Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Tested-by: Chris Patterson <pattersonc@ainfosec.com>
Release-acked-by: Juergen Gross <jgross@suse.com>
tools/flask/policy/modules/guest_features.te diff | blob | history
xen/common/argo.c diff | blob | history
xen/include/xsm/dummy.h diff | blob | history
xen/include/xsm/xsm.h diff | blob | history
xen/xsm/dummy.c diff | blob | history
xen/xsm/flask/hooks.c diff | blob | history
xen/xsm/flask/include/avc.h diff | blob | history
xen/xsm/flask/policy/access_vectors diff | blob | history
xen/xsm/flask/policy/security_classes diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.