projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 80eb3da) | patch
xsm: correct AVC lookups for two sysctls
authorDaniel De Graaf <dgdegra@tycho.nsa.gov>
Thu, 10 Aug 2017 10:35:28 +0000 (12:35 +0200)
committerJan Beulich <jbeulich@suse.com>
Thu, 10 Aug 2017 10:35:28 +0000 (12:35 +0200)
commitde834631b6f678cfdd7b0ec6259b1a679ea78814
treeca7b2dc025f18b1ad8693a2df65c6916b47fbe7etree | snapshot
parent80eb3da01bc4378af537d60e3d55767acf0d16eacommit | diff
xsm: correct AVC lookups for two sysctls

The current code was incorrectly using SECCLASS_XEN instead of
SECCLASS_XEN2, resulting in the wrong permission being checked.

GET_CPU_LEVELLING_CAPS was checking MTRR_DEL
GET_CPU_FEATURESET was checking MTRR_READ

The default XSM policy only allowed these permissions to dom0, so this
didn't result in a security issue there.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
xen/xsm/flask/hooks.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.