projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4c1b911) | patch
xsm: Add missing access checks
authorDaniel De Graaf <dgdegra@tycho.nsa.gov>
Sun, 18 Dec 2011 14:33:48 +0000 (14:33 +0000)
committerDaniel De Graaf <dgdegra@tycho.nsa.gov>
Sun, 18 Dec 2011 14:33:48 +0000 (14:33 +0000)
commit875756ca34fabc7243c4a682ffd7008710a907e2
treec4992e378b41a03f691fe756a5c3343b62381db9tree | snapshot
parent4c1b911bbcd97fb68b4a9e0903a6644e50adda01commit | diff
xsm: Add missing access checks

Actions requiring IS_PRIV should also require some XSM access control
in order for XSM to be useful in confining multiple privileged
domains. Add XSM hooks for new hypercalls and sub-commands that are
under IS_PRIV but not currently under any access checks.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
19 files changed:
tools/flask/policy/policy/flask/access_vectors diff | blob | history
xen/arch/ia64/xen/mm.c diff | blob | history
xen/arch/x86/cpu/mcheck/mce.c diff | blob | history
xen/arch/x86/domctl.c diff | blob | history
xen/arch/x86/hvm/hvm.c diff | blob | history
xen/arch/x86/mm.c diff | blob | history
xen/arch/x86/msi.c diff | blob | history
xen/arch/x86/physdev.c diff | blob | history
xen/arch/x86/platform_hypercall.c diff | blob | history
xen/arch/x86/sysctl.c diff | blob | history
xen/common/domctl.c diff | blob | history
xen/common/grant_table.c diff | blob | history
xen/common/sysctl.c diff | blob | history
xen/drivers/passthrough/iommu.c diff | blob | history
xen/drivers/passthrough/pci.c diff | blob | history
xen/include/xsm/xsm.h diff | blob | history
xen/xsm/flask/hooks.c diff | blob | history
xen/xsm/flask/include/av_perm_to_string.h diff | blob | history
xen/xsm/flask/include/av_permissions.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.