diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2012-02-09 18:33:35 +0000 |
---|---|---|
committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2012-02-09 18:33:35 +0000 |
commit | d0b276ee3bd33e42e03d8150c80146f893bb7f71 (patch) | |
tree | 68cca96c547c0c295347192ca7149a3549c17e35 /tools/xenstore | |
parent | c43afaf2206fd3048ad845ce087e1d8a3bd80fe6 (diff) | |
download | xen-d0b276ee3bd33e42e03d8150c80146f893bb7f71.tar.gz xen-d0b276ee3bd33e42e03d8150c80146f893bb7f71.tar.bz2 xen-d0b276ee3bd33e42e03d8150c80146f893bb7f71.zip |
xenstored: use domain_is_unprivileged instead of checking conn->id
This centralizes all the permission checking for privileged domains in
preparation for allowing domains other than dom0 to be privileged.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Diffstat (limited to 'tools/xenstore')
-rw-r--r-- | tools/xenstore/xenstored_core.c | 6 | ||||
-rw-r--r-- | tools/xenstore/xenstored_domain.c | 8 |
2 files changed, 7 insertions, 7 deletions
diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c index 40e2fc0c8b..66584f51d2 100644 --- a/tools/xenstore/xenstored_core.c +++ b/tools/xenstore/xenstored_core.c @@ -462,7 +462,7 @@ static enum xs_perm_type perm_for_conn(struct connection *conn, mask &= ~XS_PERM_WRITE; /* Owners and tools get it all... */ - if (!conn->id || perms[0].id == conn->id + if (!domain_is_unprivileged(conn) || perms[0].id == conn->id || (conn->target && perms[0].id == conn->target->id)) return (XS_PERM_READ|XS_PERM_WRITE|XS_PERM_OWNER) & mask; @@ -800,11 +800,11 @@ static struct node *construct_node(struct connection *conn, const char *name) node->tdb = tdb_context(conn); node->name = talloc_strdup(node, name); - /* Inherit permissions, except domains own what they create */ + /* Inherit permissions, except unprivileged domains own what they create */ node->num_perms = parent->num_perms; node->perms = talloc_memdup(node, parent->perms, node->num_perms * sizeof(node->perms[0])); - if (conn && conn->id) + if (domain_is_unprivileged(conn)) node->perms[0].id = conn->id; /* No children, no data */ diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c index 558e5cbc59..fa9c8fe984 100644 --- a/tools/xenstore/xenstored_domain.c +++ b/tools/xenstore/xenstored_domain.c @@ -354,7 +354,7 @@ void do_introduce(struct connection *conn, struct buffered_data *in) return; } - if (conn->id != 0 || !conn->can_write) { + if (domain_is_unprivileged(conn) || !conn->can_write) { send_error(conn, EACCES); return; } @@ -418,7 +418,7 @@ void do_set_target(struct connection *conn, struct buffered_data *in) return; } - if (conn->id != 0 || !conn->can_write) { + if (domain_is_unprivileged(conn) || !conn->can_write) { send_error(conn, EACCES); return; } @@ -470,7 +470,7 @@ void do_release(struct connection *conn, const char *domid_str) return; } - if (conn->id != 0) { + if (domain_is_unprivileged(conn)) { send_error(conn, EACCES); return; } @@ -507,7 +507,7 @@ void do_resume(struct connection *conn, const char *domid_str) return; } - if (conn->id != 0) { + if (domain_is_unprivileged(conn)) { send_error(conn, EACCES); return; } |