xenstored: use domain_is_unprivileged instead of checking conn->id

This centralizes all the permission checking for privileged domains in
preparation for allowing domains other than dom0 to be privileged.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

1 files changed, 4 insertions, 4 deletions

diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c
index 558e5cbc59..fa9c8fe984 100644
--- a/tools/xenstore/xenstored_domain.c
+++ b/tools/xenstore/xenstored_domain.c
@@ -354,7 +354,7 @@ void do_introduce(struct connection *conn, struct buffered_data *in)
 		return;
 	}
 
-	if (conn->id != 0 || !conn->can_write) {
+	if (domain_is_unprivileged(conn) || !conn->can_write) {
 		send_error(conn, EACCES);
 		return;
 	}
@@ -418,7 +418,7 @@ void do_set_target(struct connection *conn, struct buffered_data *in)
 		return;
 	}
 
-	if (conn->id != 0 || !conn->can_write) {
+	if (domain_is_unprivileged(conn) || !conn->can_write) {
 		send_error(conn, EACCES);
 		return;
 	}
@@ -470,7 +470,7 @@ void do_release(struct connection *conn, const char *domid_str)
 		return;
 	}
 
-	if (conn->id != 0) {
+	if (domain_is_unprivileged(conn)) {
 		send_error(conn, EACCES);
 		return;
 	}
@@ -507,7 +507,7 @@ void do_resume(struct connection *conn, const char *domid_str)
 		return;
 	}
 
-	if (conn->id != 0) {
+	if (domain_is_unprivileged(conn)) {
 		send_error(conn, EACCES);
 		return;
 	}