xen/xsm: distinguish scheduler get/set operations

Add getscheduler and setscheduler permissions to replace the
monolithic scheduler permission in the scheduler_op domctl and sysctl.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>

1 files changed, 9 insertions, 1 deletions

diff --git a/xen/common/schedule.c b/xen/common/schedule.c
index 903f32d57c..f3fc6bcc3e 100644
--- a/xen/common/schedule.c
+++ b/xen/common/schedule.c
@@ -1006,7 +1006,11 @@ int sched_id(void)
 long sched_adjust(struct domain *d, struct xen_domctl_scheduler_op *op)
 {
     long ret;
-    
+
+    ret = xsm_domctl_scheduler_op(XSM_HOOK, d, op->cmd);
+    if ( ret )
+        return ret;
+
     if ( (op->sched_id != DOM2OP(d)->sched_id) ||
          ((op->cmd != XEN_DOMCTL_SCHEDOP_putinfo) &&
           (op->cmd != XEN_DOMCTL_SCHEDOP_getinfo)) )
@@ -1025,6 +1029,10 @@ long sched_adjust_global(struct xen_sysctl_scheduler_op *op)
     struct cpupool *pool;
     int rc;
 
+    rc = xsm_sysctl_scheduler_op(XSM_HOOK, op->cmd);
+    if ( rc )
+        return rc;
+
     if ( (op->cmd != XEN_DOMCTL_SCHEDOP_putinfo) &&
          (op->cmd != XEN_DOMCTL_SCHEDOP_getinfo) )
         return -EINVAL;