Xen project Mailing List

Re: [Xen-devel] [PATCH] flask: add gcov_op check

From: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>

Date: Thu, 13 Oct 2016 10:42:51 -0400

Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Delivery-date: Thu, 13 Oct 2016 14:43:11 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Thu, Oct 13, 2016 at 03:37:13PM +0100, Wei Liu wrote: > Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx> > --- > Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> > Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> > --- > tools/flask/policy/modules/dom0.te | 2 +- > xen/xsm/flask/hooks.c | 3 +++ > xen/xsm/flask/policy/access_vectors | 2 ++ > 3 files changed, 6 insertions(+), 1 deletion(-) > > diff --git a/tools/flask/policy/modules/dom0.te > b/tools/flask/policy/modules/dom0.te > index 2d982d9..54c3572 100644 > --- a/tools/flask/policy/modules/dom0.te > +++ b/tools/flask/policy/modules/dom0.te > @@ -15,7 +15,7 @@ allow dom0_t xen_t:xen { > }; > allow dom0_t xen_t:xen2 { > resource_op psr_cmt_op psr_cat_op pmu_ctrl get_symbol > - get_cpu_levelling_caps get_cpu_featureset livepatch_op > + get_cpu_levelling_caps get_cpu_featureset livepatch_op gcov_op > }; > > # Allow dom0 to use all XENVER_ subops that have checks. > diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c > index 177c11f..040a251 100644 > --- a/xen/xsm/flask/hooks.c > +++ b/xen/xsm/flask/hooks.c > @@ -822,6 +822,9 @@ static int flask_sysctl(int cmd) > case XEN_SYSCTL_livepatch_op: > return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2, > XEN2__LIVEPATCH_OP, NULL); > + case XEN_SYSCTL_gcov_op: > + return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2, > + XEN2__GCOV_OP, NULL); > > default: > return avc_unknown_permission("sysctl", cmd); > diff --git a/xen/xsm/flask/policy/access_vectors > b/xen/xsm/flask/policy/access_vectors > index 49c9a9e..92e6da9 100644 > --- a/xen/xsm/flask/policy/access_vectors > +++ b/xen/xsm/flask/policy/access_vectors > @@ -99,6 +99,8 @@ class xen2 > get_cpu_featureset > # XEN_SYSCTL_livepatch_op > livepatch_op > +# XEN_SYSCTL_gcov_op > + gcov_op > } > > # Classes domain and domain2 consist of operations that a domain performs on > -- > 2.1.4 > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.