Xen devel - Nov 2011 - [PATCH] xsm: Add support for HVMOP_track_dirty_vram.

Xen try to inforce the xsm policy when a HVMOP_track_dirty_vram
is received (xen/arch/x86/hvm/hvm.c:3637). It was failing because
in flask_hvmcontext, xsm didn''t have any case for this operation.

Signed-off-by: Jean Guyader <jean.guyader@eu.citrix.com>
---
 tools/flask/policy/policy/flask/access_vectors |    1 +
 tools/flask/policy/policy/modules/xen/xen.if   |    2 +-
 xen/xsm/flask/hooks.c                          |    3 +++
 xen/xsm/flask/include/av_perm_to_string.h      |    1 +
 xen/xsm/flask/include/av_permissions.h         |    1 +
 5 files changed, 7 insertions(+), 1 deletions(-)



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 07/11 07:53, Jean Guyader wrote:
> 
> Xen try to inforce the xsm policy when a HVMOP_track_dirty_vram
> is received (xen/arch/x86/hvm/hvm.c:3637). It was failing because
> in flask_hvmcontext, xsm didn''t have any case for this operation.
> 
> Signed-off-by: Jean Guyader <jean.guyader@eu.citrix.com>
Can this patch go to 4.1 as well?

Thanks,
Jean

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 17/11/2011 06:01, "Jean Guyader" <jean.guyader@eu.citrix.com>
wrote:
> On 07/11 07:53, Jean Guyader wrote:
>> 
>> Xen try to inforce the xsm policy when a HVMOP_track_dirty_vram
>> is received (xen/arch/x86/hvm/hvm.c:3637). It was failing because
>> in flask_hvmcontext, xsm didn''t have any case for this
operation.
>> 
>> Signed-off-by: Jean Guyader <jean.guyader@eu.citrix.com>
> 
> Can this patch go to 4.1 as well?
Done.
> Thanks,
> Jean
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel