xsm: Add missing access checks

Actions requiring IS_PRIV should also require some XSM access control
in order for XSM to be useful in confining multiple privileged
domains. Add XSM hooks for new hypercalls and sub-commands that are
under IS_PRIV but not currently under any access checks.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

1 files changed, 6 insertions, 4 deletions

diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 06594a0f01..d6ae09bb0f 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -972,9 +972,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domctl_t) u_domctl)
         d = rcu_lock_domain_by_id(op->domain);
         if ( d != NULL )
         {
-            d->suspend_evtchn = op->u.subscribe.port;
+            ret = xsm_domctl(d, op->cmd);
+            if ( !ret )
+                d->suspend_evtchn = op->u.subscribe.port;
             rcu_unlock_domain(d);
-            ret = 0;
         }
     }
     break;
@@ -985,9 +986,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domctl_t) u_domctl)
         ret = -ESRCH;
         if ( (d = rcu_lock_domain_by_id(op->domain)) != NULL )
         {
-            d->disable_migrate = op->u.disable_migrate.disable;
+            ret = xsm_domctl(d, op->cmd);
+            if ( !ret )
+                d->disable_migrate = op->u.disable_migrate.disable;
             rcu_unlock_domain(d);
-            ret = 0;
         }
     }
     break;