xsm: Add missing access checks
authorDaniel De Graaf <dgdegra@tycho.nsa.gov>
Sun, 18 Dec 2011 14:33:48 +0000 (14:33 +0000)
committerDaniel De Graaf <dgdegra@tycho.nsa.gov>
Sun, 18 Dec 2011 14:33:48 +0000 (14:33 +0000)
commit875756ca34fabc7243c4a682ffd7008710a907e2
treec4992e378b41a03f691fe756a5c3343b62381db9
parent4c1b911bbcd97fb68b4a9e0903a6644e50adda01
xsm: Add missing access checks

Actions requiring IS_PRIV should also require some XSM access control
in order for XSM to be useful in confining multiple privileged
domains. Add XSM hooks for new hypercalls and sub-commands that are
under IS_PRIV but not currently under any access checks.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
19 files changed:
tools/flask/policy/policy/flask/access_vectors
xen/arch/ia64/xen/mm.c
xen/arch/x86/cpu/mcheck/mce.c
xen/arch/x86/domctl.c
xen/arch/x86/hvm/hvm.c
xen/arch/x86/mm.c
xen/arch/x86/msi.c
xen/arch/x86/physdev.c
xen/arch/x86/platform_hypercall.c
xen/arch/x86/sysctl.c
xen/common/domctl.c
xen/common/grant_table.c
xen/common/sysctl.c
xen/drivers/passthrough/iommu.c
xen/drivers/passthrough/pci.c
xen/include/xsm/xsm.h
xen/xsm/flask/hooks.c
xen/xsm/flask/include/av_perm_to_string.h
xen/xsm/flask/include/av_permissions.h