[Xen-changelog] [xen-unstable] [ACM] Remove aggregate set calculations for Domain-0

[Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>]

# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1195911553 0
# Node ID 483329e219c97cd8317f751976ee495df5fdc883
# Parent  5e8e82e80f3b8c9c7de31be2faf04f3103dc1f7b
[ACM] Remove aggregate set calculations for Domain-0

Since the pre_domain_create hook is called also for Dom-0, this
special case handling is not necessary any more.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
---
 xen/xsm/acm/acm_chinesewall_hooks.c |   44 ------------------------------------
 1 files changed, 1 insertion(+), 43 deletions(-)

diff -r 5e8e82e80f3b -r 483329e219c9 xen/xsm/acm/acm_chinesewall_hooks.c
--- a/xen/xsm/acm/acm_chinesewall_hooks.c       Sat Nov 24 13:37:26 2007 +0000
+++ b/xen/xsm/acm/acm_chinesewall_hooks.c       Sat Nov 24 13:39:13 2007 +0000
@@ -547,7 +547,7 @@ static int _chwall_pre_domain_create(voi
 
 static void _chwall_post_domain_create(domid_t domid, ssidref_t ssidref)
 {
-    int i, j;
+    int i;
     ssidref_t chwall_ssidref;
 
     chwall_ssidref = GET_SSIDREF(ACM_CHINESE_WALL_POLICY, ssidref);
@@ -556,48 +556,6 @@ static void _chwall_post_domain_create(d
         chwall_bin_pol.running_types[i] +=
             chwall_bin_pol.ssidrefs[chwall_ssidref *
                                    chwall_bin_pol.max_types + i];
-    if ( domid )
-        return;
-
-    /* Xen does not call pre-create hook for DOM0;
-     * to consider type conflicts of any domain with DOM0, we need
-     * to adjust the conflict_aggregate for DOM0 here the same way it
-     * is done for non-DOM0 domains in the pre-hook */
-    printkd("%s: adjusting security state for DOM0 (ssidref=%x, 
chwall_ssidref=%x).\n",
-            __func__, ssidref, chwall_ssidref);
-
-    /* chinese wall conflict set adjustment (so that other
-     *      other domains simultaneously created are evaluated against this 
new set)*/
-    for ( i = 0; i < chwall_bin_pol.max_conflictsets; i++ )
-    {
-        int common = 0;
-        /* check if conflict_set_i and ssidref have common types */
-        for ( j = 0; j < chwall_bin_pol.max_types; j++ )
-            if ( chwall_bin_pol.
-                 conflict_sets[i * chwall_bin_pol.max_types + j]
-                 && chwall_bin_pol.ssidrefs[chwall_ssidref *
-                                            chwall_bin_pol.max_types + j] )
-            {
-                common = 1;
-                break;
-            }
-
-        if ( common == 0 )
-        {
-            /* try next conflict set */
-            continue;
-        }
-
-        /* now add types of the conflict set to conflict_aggregate_set
-           (except types in chwall_ssidref) */
-        for ( j = 0; j < chwall_bin_pol.max_types; j++ )
-            if ( chwall_bin_pol.
-                 conflict_sets[i * chwall_bin_pol.max_types + j]
-                 && !chwall_bin_pol.ssidrefs[chwall_ssidref *
-                                             chwall_bin_pol.max_types + j] )
-                chwall_bin_pol.conflict_aggregate_set[j]++;
-    }
-    return;
 }
 
 

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog