#include <public/event_channel.h>
#include <xsm/xsm.h>
-#define bucket_from_port(d,p) \
- ((d)->evtchn[(p)/EVTCHNS_PER_BUCKET])
-#define port_is_valid(d,p) \
- (((p) >= 0) && ((p) < MAX_EVTCHNS(d)) && \
- (bucket_from_port(d,p) != NULL))
-#define evtchn_from_port(d,p) \
- (&(bucket_from_port(d,p))[(p)&(EVTCHNS_PER_BUCKET-1)])
-
#define ERROR_EXIT(_errno) \
do { \
gdprintk(XENLOG_WARNING, \
uint64_t low, high;
};
+struct xen_flask_peersid {
+ /* IN */
+ evtchn_port_t evtchn;
+ /* OUT */
+ uint32_t sid;
+};
+
struct xen_flask_op {
uint32_t cmd;
#define FLASK_LOAD 1
#define FLASK_MEMBER 20
#define FLASK_ADD_OCONTEXT 21
#define FLASK_DEL_OCONTEXT 22
+#define FLASK_GET_PEER_SID 23
uint32_t interface_version; /* XEN_FLASK_INTERFACE_VERSION */
union {
struct xen_flask_load load;
struct xen_flask_cache_stats cache_stats;
/* FLASK_ADD_OCONTEXT, FLASK_DEL_OCONTEXT */
struct xen_flask_ocontext ocontext;
+ struct xen_flask_peersid peersid;
} u;
};
typedef struct xen_flask_op xen_flask_op_t;
/* Notify remote end of a Xen-attached event channel.*/
void notify_via_xen_event_channel(struct domain *ld, int lport);
+/* Internal event channel object accessors */
+#define bucket_from_port(d,p) \
+ ((d)->evtchn[(p)/EVTCHNS_PER_BUCKET])
+#define port_is_valid(d,p) \
+ (((p) >= 0) && ((p) < MAX_EVTCHNS(d)) && \
+ (bucket_from_port(d,p) != NULL))
+#define evtchn_from_port(d,p) \
+ (&(bucket_from_port(d,p))[(p)&(EVTCHNS_PER_BUCKET-1)])
+
+
/* Wait on a Xen-attached event channel. */
#define wait_on_xen_event_channel(port, condition) \
do { \
*/
#include <xen/errno.h>
+#include <xen/event.h>
#include <xsm/xsm.h>
#include <xen/guest_access.h>
1UL<<FLASK_AVC_HASHSTATS | \
1UL<<FLASK_AVC_CACHESTATS | \
1UL<<FLASK_MEMBER | \
+ 1UL<<FLASK_GET_PEER_SID | \
0)
static DEFINE_SPINLOCK(sel_sem);
return security_ocontext_add(arg->ocon, arg->low, arg->high, arg->sid);
}
+static int flask_get_peer_sid(struct xen_flask_peersid *arg)
+{
+ int rv = -EINVAL;
+ struct domain *d = current->domain;
+ struct domain *peer;
+ struct evtchn *chn;
+ struct domain_security_struct *dsec;
+
+ spin_lock(&d->event_lock);
+
+ if ( !port_is_valid(d, arg->evtchn) )
+ goto out;
+
+ chn = evtchn_from_port(d, arg->evtchn);
+ if ( chn->state != ECS_INTERDOMAIN )
+ goto out;
+
+ peer = chn->u.interdomain.remote_dom;
+ if ( !peer )
+ goto out;
+
+ dsec = peer->ssid;
+ arg->sid = dsec->sid;
+ rv = 0;
+
+ out:
+ spin_unlock(&d->event_lock);
+ return rv;
+}
+
long do_flask_op(XEN_GUEST_HANDLE(xsm_op_t) u_flask_op)
{
xen_flask_op_t op;
rv = flask_ocontext_del(&op.u.ocontext);
break;
+ case FLASK_GET_PEER_SID:
+ rv = flask_get_peer_sid(&op.u.peersid);
+ break;
+
default:
rv = -ENOSYS;
}
projects / xen.git / commitdiff