From 8f52dbd472547adb2db84c0cd35db9da5965f575 Mon Sep 17 00:00:00 2001 From: Keir Fraser Date: Tue, 20 Nov 2007 15:13:29 +0000 Subject: [PATCH] ACM: Test sharing as part of the authorization check. Protected the policy from being changed while the hooks are being called. Signed-off-by: Stefan Berger --- xen/include/xsm/acm/acm_hooks.h | 2 +- xen/xsm/acm/acm_policy.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/xen/include/xsm/acm/acm_hooks.h b/xen/include/xsm/acm/acm_hooks.h index f3ca68fa01..35ea144378 100644 --- a/xen/include/xsm/acm/acm_hooks.h +++ b/xen/include/xsm/acm/acm_hooks.h @@ -325,7 +325,7 @@ static inline int acm_authorization(ssidref_t ssidref1, ssidref_t ssidref2) acm_secondary_ops->authorization(ssidref1, ssidref2)) { return ACM_ACCESS_DENIED; } else - return ACM_ACCESS_PERMITTED; + return acm_sharing(ssidref1, ssidref2); } diff --git a/xen/xsm/acm/acm_policy.c b/xen/xsm/acm/acm_policy.c index 6f334effa8..fce439c9fa 100644 --- a/xen/xsm/acm/acm_policy.c +++ b/xen/xsm/acm/acm_policy.c @@ -430,6 +430,9 @@ int acm_get_decision(ssidref_t ssidref1, ssidref_t ssidref2, u32 hook) { int ret = ACM_ACCESS_DENIED; + + read_lock(&acm_bin_pol_rwlock); + switch ( hook ) { @@ -447,6 +450,8 @@ acm_get_decision(ssidref_t ssidref1, ssidref_t ssidref2, u32 hook) break; } + read_unlock(&acm_bin_pol_rwlock); + printkd("%s: ssid1=%x, ssid2=%x, decision=%s.\n", __func__, ssidref1, ssidref2, (ret == ACM_ACCESS_PERMITTED) ? "GRANTED" : "DENIED"); -- 2.30.2