[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH v3 11/15] xsm, argo: XSM control for argo register
- To: 'Christopher Clark' <christopher.w.clark@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: "DeGraaf, Daniel G" <dgdegra@xxxxxxx>
- Date: Mon, 7 Jan 2019 23:07:27 +0000
- Accept-language: en-US
- Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Ross Philipson <ross.philipson@xxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jason Andryuk <jandryuk@xxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Rich Persaud <persaur@xxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Paul Durrant <paul.durrant@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, James McKenzie <james@xxxxxxxxxxx>, Eric Chanudet <eric.chanudet@xxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
- Delivery-date: Mon, 07 Jan 2019 23:07:35 +0000
- Ironport-phdr: 9a23:8s7IpB+bfvQXsP9uRHKM819IXTAuvvDOBiVQ1KB90+IfIJqq85mqBkHD//Il1AaPAd2Lraocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze+/94HQbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDtU7s6RSqt4LtqSB/wiScIKTg58H3MisdtiK5XuQ+tqwBjz4LRZoyaOuB+fqfAdt0EQ2RPUNtaWyhYDo+ic4cDCuwMNvtaoYbgvVsDtRuwCxexCuPzxDFGhX720rE13esuCgzGwBcvEtYSvHjIsNn4NqEfWv21wqnSyjXDautb1Tnz5ofWcx4hu+uDUqh+ccbJ1EIhGRnKjlORqYP7OzOey+UDv2aG5OdnSO2vhHMopB9+oji13MghkY/JhpkPxVze+iV5x5g1KMS+RUVmYtCkCINduzyGO4dsXM8uXmFltDwkxrEYu5O3ZjUGxZc6yxLHdvCLb5KE7gz+WOuROzt0mnxodbClixqs7ESs1PXwWtS13VtOtCZJjNnBu38X2xHS8MSKS/hw80G80jiVzQ/T8PtLIUUsmKreLJ4u36A/m4IIsUTGAi/2gEL2jLKKdkk8+uin9eDnYrL+q5GbKoF6iB/wPr0vlMK9HOg0KwYBUWeH9OigyrHv51H2QLJQjv0uiKXZtovaKt4Bqq62BA9VzJ4v6xe5Dzi4zNQVhWQLIE5fdB6ZkoTkO0vCLO7mAfq9mVigjTRmy+3eMr3kGJrNL3zDkLn7fbZ67k5R0Bc8zd9C6J1KBbEBOuj8V1T3tNzDFBA1KQO0w+H5CNllzIMRRXqPArOFMKPVqVKI5PggI++Ra48PuDf9Nvsl6uXhjX88g1AdfK2p0YELZ3C/G/RsO1+Zbmb0gtcdDWcKuRIzQ/LwiF2DTTFffWq9X6Im6TE9FYKpEJnMRpy2jbyO2Se0BJxWZmRcBl+QFnfocp2OW+0QZyKKPs9hjjsEWKCvSoA/1BGirgv6y7t6LubK4SAXqZPj1MRv5+3SmhA+7yB7D8OY02uVVWF7gnsIRyMq3KB4uUF90UyD0bRijPNDC9NT4/dJUgY8NZ7d1OF6CM79WhjHftiXTFaqWNKmASs+Ttgp2d8Bf159G8m+jhDExyeqH74Vl7mQCZ077K3c2WL9J8Fny3bJzKMhlUUpQtNTNW26ga5y7xXcB5bSk0WclqaqaaQc0TXX+2eb02WOpl1YUBNrUaXeWnAfYlbWrcj45kPFSb+uEq4rPRdGyc6HMqFKcMHmjU1aRPf/P9TTe3++m2itChmWybOMdpDldn4B3CTdFEcEkwcT8WyANQglHCituW3eDDtwFVj3eUPj7fF+qG+nTk8z1wyKbVdu17+r9R4OnvGTUOkT3rUBuCcgtjV0GUyx0M7RC9qFvwBhZrlTYcsh4Fdb0mLUrxR9MYK6L6B5nFEebh53sljh1xVyEIpAkMwqoGk2wwp1LKKSyElBeC+A3ZDsJr3XLXH//Aqoa67NwVHSys6W+qcO6PQ8qlXjpBqpFk0k83h83NlV1mGT5pTODAYITZ3xVUM3/QBgp77Geik9+5/U1Xp0PKe1rDDC3MgpBOQ7xRq6cdlfLaWEFAvoHM0CHMWhNvEql0K1YRIFIOBS7q80Psy8e/Sa366rOf5qnCi6gmRf/IB9zkWM+jJ9SuHS2ZYJ2fOY0RGbWDf/l1ehtcb3lJtaajEPBGaw1SnkBJJLZq1zcocHE3uhI8qyxt9mnZ7iR2ZY9EK/B1MBwMKmYxySYEHn3QJO20Ubu2ComSy/zzxsjT4ptKSS0TfSzOTjaBoHIG9LRWZ4gVjwJoi0isgQXFK0YAgxiBul+UH6yrBHq6R/NWnTQFxIfzTxL2F6Uqu/qKCCb9RB6Z8yrSpXVP6zYUqZSrPmrBsa1jnsH2paxDwhaz6qvZD5lQRgiG2BNHZzsGbZecZoyBbQ+tPcQ+dd0ScYSylmlzbXAkOxP92o/dWPi5fDqfqyVm2/WZ1VaSnr14SAtCml6mJ2HR2zhfezmsfoEQIiyy/0y8FqVTnUrBb7eoTrz761Mf9jfkVyGVD89tB6GptknYs2mJEdwmQVhpSJ/XodkGfyPs9X1r75bHoIXTQL2cLa4BD52E1/KXKE35j5VnKSwsR/fdm2eHsW1Tgg781RFKiU7aBEnTF0olu3tw7eff99njIFw/s09HEam/0JuBYqziiFAbASGk9YPTb2mBuV9dy/oqRXZGKscbWr00p+h8quA62Gog5CQnr2ZpAiHSpo5MVlLF3MyGHz6p3jeNTIb9IcrQObkwrEj+hUNJ0xluEHhTF6OWLmo3Ip0fI0jRtr3ZuipoiIN31t/L6lAh5fLjD1Zd4T+jXsjalAmMaaxY+vHo97FTUPWJvlVuinECgXtfj9KwmOFzg8+T+nHu+QNg+F6Vx6qGrPHorjHHWePnpWhYFpRAOcP1BYmAAZRnMl2JU9Hxqp7MPkeUZ9oDsW4wi84lFcx+QtOxThX2P3oAazdixyWJWZNABR7AxJ+wHSK8PUprZjEicd8pC/oQilLm2Aex8OHWwPQlaDBV3oIv+p/9aWoMaCAe/rZdfDTq+HoOIaH9uBw5Oi1sNJtX7YOsqDM3Z4BtU9wUMFUndnTZeK0w4TQjAawnqeJ/WQow2xr2gu9Jiy
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AdSm3cHHv2KBo/iYRvO9Eb0lBER8SQ==
- Thread-topic: [PATCH v3 11/15] xsm, argo: XSM control for argo register
> From: Christopher Clark <christopher.w.clark@xxxxxxxxx>
> Subject: [PATCH v3 11/15] xsm, argo: XSM control for argo register
>
> XSM controls for argo ring registration with two distinct cases, where
> the ring being registered is:
>
> 1) Single source: registering a ring for communication to receive messages
> from a specified single other domain.
> Default policy: allow.
>
> 2) Any source: registering a ring for communication to receive messages
> from any, or all, other domains (ie. wildcard).
> Default policy: deny, with runtime policy configuration via bootparam.
>
> The existing argo-mac boot parameter indicates administrator preference for
> either permissive or strict access control, which will allow or deny
> registration of any-sender rings.
>
> This commit modifies the signature of core XSM hook functions in order to
> apply 'const' to arguments, needed in order for 'const' to be accepted in
> signature of functions that invoke them.
>
> Signed-off-by: Christopher Clark <christopher.clark6@xxxxxxxxxxxxxx>
Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
While it does not need to be a part of this patch, somewhere in the series you
should add a rule allowing these features to be used by guests in the default
XSM policy; tools/flask/policy/modules/guest_features.te is where features like
this have previously been handled. Since you're adding permissions one at a
time, you could add the rules all at once or as a part of the patch adding the
vector.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|