search for: domain_has_perm

...u32 perm; - u32 rsid; - int rc = -EPERM; +}; - struct domain_security_struct *ssec, *tsec; +static int _iomem_has_perm(void *v, u32 sid, unsigned long start, unsigned long end) +{ + struct iomem_has_perm_data *data = v; struct avc_audit_data ad; + int rc = -EPERM; - rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, - resource_to_perm(access)); - if ( rc ) - return rc; - - if ( access ) - perm = RESOURCE__ADD_IOMEM; - else - perm = RESOURCE__REMOVE_IOMEM; + AVC_AUDIT_DATA_INIT(&ad, DEV); + ad.device = star...

This patch set adds XSM security labels to useful debugging output locations, and fixes some assumptions that all interrupts behaved like GSI interrupts (which had useful non-dynamic IDs). It also cleans up the policy build process and adds an example of how to use the user field in the security context. Debug output: [PATCH 01/10] xsm: Add security labels to event-channel dump [PATCH 02/10] xsm:

Changes from v3: - mini-os configuration files moved into stubdom/ - mini-os extra console support now a config option - Fewer #ifdefs - grant table setup uses hypercall bounce - Xenstore stub domain syslog support re-enabled Changes from v2: - configuration support added to mini-os build system - add mini-os support for conditionally compiling frontends, xenbus -

Hi, V6: The only change from V5 is in patch #6: - changed comment to reflect autoxlate - removed a redundant ASSERT - reworked logic a bit so that get_page_from_gfn() is called with NULL for p2m type as before. arm has ASSERT wanting it to be NULL. Tim: patch 4 needs your approval. Daniel: patch 5 needs your approval. These patches implement PVH dom0. Patches 1 and 2