xsm: correct AVC lookups for two sysctls

author Daniel De Graaf <dgdegra@tycho.nsa.gov>

Thu, 10 Aug 2017 10:35:28 +0000 (12:35 +0200)

committer Jan Beulich <jbeulich@suse.com>

Thu, 10 Aug 2017 10:35:28 +0000 (12:35 +0200)
author Daniel De Graaf <dgdegra@tycho.nsa.gov>
Thu, 10 Aug 2017 10:35:28 +0000 (12:35 +0200)
committer Jan Beulich <jbeulich@suse.com>
Thu, 10 Aug 2017 10:35:28 +0000 (12:35 +0200)
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c

index fd84ac0f095d958d7c12ce85af674d1e60341488..17560b152c1c184e2cfb391af7e1430c6dd540f5 100644 (file)
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -814,10 +814,12 @@ static int flask_sysctl(int cmd)
          return domain_has_xen(current->domain, XEN__TMEM_CONTROL);
  
      case XEN_SYSCTL_get_cpu_levelling_caps:
-        return domain_has_xen(current->domain, XEN2__GET_CPU_LEVELLING_CAPS);
+        return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2,
+                                    XEN2__GET_CPU_LEVELLING_CAPS);
  
      case XEN_SYSCTL_get_cpu_featureset:
-        return domain_has_xen(current->domain, XEN2__GET_CPU_FEATURESET);
+        return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2,
+                                    XEN2__GET_CPU_FEATURESET);
  
      case XEN_SYSCTL_livepatch_op:
          return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2,
author	Daniel De Graaf <dgdegra@tycho.nsa.gov>
	Thu, 10 Aug 2017 10:35:28 +0000 (12:35 +0200)
committer	Jan Beulich <jbeulich@suse.com>
	Thu, 10 Aug 2017 10:35:28 +0000 (12:35 +0200)