xenstored: use domain_is_unprivileged instead of checking conn->id

This centralizes all the permission checking for privileged domains in
preparation for allowing domains other than dom0 to be privileged.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
index 40e2fc0c8b..66584f51d2 100644
--- a/tools/xenstore/xenstored_core.c
+++ b/tools/xenstore/xenstored_core.c
@@ -462,7 +462,7 @@ static enum xs_perm_type perm_for_conn(struct connection *conn,
 		mask &= ~XS_PERM_WRITE;
 
 	/* Owners and tools get it all... */
-	if (!conn->id || perms[0].id == conn->id
+	if (!domain_is_unprivileged(conn) || perms[0].id == conn->id
                 || (conn->target && perms[0].id == conn->target->id))
 		return (XS_PERM_READ|XS_PERM_WRITE|XS_PERM_OWNER) & mask;
 
@@ -800,11 +800,11 @@ static struct node *construct_node(struct connection *conn, const char *name)
 	node->tdb = tdb_context(conn);
 	node->name = talloc_strdup(node, name);
 
-	/* Inherit permissions, except domains own what they create */
+	/* Inherit permissions, except unprivileged domains own what they create */
 	node->num_perms = parent->num_perms;
 	node->perms = talloc_memdup(node, parent->perms,
 				    node->num_perms * sizeof(node->perms[0]));
-	if (conn && conn->id)
+	if (domain_is_unprivileged(conn))
 		node->perms[0].id = conn->id;
 
 	/* No children, no data */