[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] flask: add gcov_op check

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Wei Liu <wei.liu2@xxxxxxxxxx>
Date: Thu, 13 Oct 2016 15:37:13 +0100
Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>
Delivery-date: Thu, 13 Oct 2016 14:37:35 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx>
---
Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
---
 tools/flask/policy/modules/dom0.te  | 2 +-
 xen/xsm/flask/hooks.c               | 3 +++
 xen/xsm/flask/policy/access_vectors | 2 ++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/tools/flask/policy/modules/dom0.te 
b/tools/flask/policy/modules/dom0.te
index 2d982d9..54c3572 100644
--- a/tools/flask/policy/modules/dom0.te
+++ b/tools/flask/policy/modules/dom0.te
@@ -15,7 +15,7 @@ allow dom0_t xen_t:xen {
 };
 allow dom0_t xen_t:xen2 {
        resource_op psr_cmt_op psr_cat_op pmu_ctrl get_symbol
-       get_cpu_levelling_caps get_cpu_featureset livepatch_op
+       get_cpu_levelling_caps get_cpu_featureset livepatch_op gcov_op
 };
 
 # Allow dom0 to use all XENVER_ subops that have checks.
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 177c11f..040a251 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -822,6 +822,9 @@ static int flask_sysctl(int cmd)
     case XEN_SYSCTL_livepatch_op:
         return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2,
                                     XEN2__LIVEPATCH_OP, NULL);
+    case XEN_SYSCTL_gcov_op:
+        return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2,
+                                    XEN2__GCOV_OP, NULL);
 
     default:
         return avc_unknown_permission("sysctl", cmd);
diff --git a/xen/xsm/flask/policy/access_vectors 
b/xen/xsm/flask/policy/access_vectors
index 49c9a9e..92e6da9 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -99,6 +99,8 @@ class xen2
     get_cpu_featureset
 # XEN_SYSCTL_livepatch_op
     livepatch_op
+# XEN_SYSCTL_gcov_op
+    gcov_op
 }
 
 # Classes domain and domain2 consist of operations that a domain performs on
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] flask: add gcov_op check
  - From: Daniel De Graaf
- Re: [Xen-devel] [PATCH] flask: add gcov_op check
  - From: Konrad Rzeszutek Wilk

Prev by Date: Re: [Xen-devel] [PATCHv1 net] xen-netback: fix guest Rx stall detection (after guest Rx refactor)
Next by Date: Re: [Xen-devel] [PATCH] flask: add gcov_op check
Previous by thread: [Xen-devel] [qemu-mainline test] 101411: regressions - FAIL
Next by thread: Re: [Xen-devel] [PATCH] flask: add gcov_op check
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.