xsm: Add security labels to event-channel dump

In FLASK, event channel labels are distinct from the labels of the
domain using them. When debugging policy issues, it is useful to be
able to view the current label of event channels; add this label to
the event channel dump.

This patch also adds the IRQ associated with a PIRQ for event channels
bound to a PIRQ, and moves the xen_consumer flag to the front to
create more consistent alignment in the output.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>

1 files changed, 30 insertions, 0 deletions

diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 543dc77f1a..d207b1d1be 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -274,6 +274,35 @@ static void flask_free_security_evtchn(struct evtchn *chn)
     xfree(esec);
 }
 
+static char *flask_show_security_evtchn(struct domain *d, const struct evtchn *chn)
+{
+    struct evtchn_security_struct *esec;
+    int irq;
+    u32 sid = 0;
+    char *ctx;
+    u32 ctx_len;
+
+    switch ( chn->state )
+    {
+    case ECS_UNBOUND:
+    case ECS_INTERDOMAIN:
+        esec = chn->ssid;
+        if ( esec )
+            sid = esec->sid;
+        break;
+    case ECS_PIRQ:
+        irq = domain_pirq_to_irq(d, chn->u.pirq.irq);
+        if (irq)
+            security_irq_sid(irq, &sid);
+        break;
+    }
+    if ( !sid )
+        return NULL;
+    if (security_sid_to_context(sid, &ctx, &ctx_len))
+        return NULL;
+    return ctx;
+}
+
 static int flask_grant_mapref(struct domain *d1, struct domain *d2, 
                               uint32_t flags)
 {
@@ -1499,6 +1528,7 @@ static struct xsm_operations flask_ops = {
     .free_security_domain = flask_domain_free_security,
     .alloc_security_evtchn = flask_alloc_security_evtchn,
     .free_security_evtchn = flask_free_security_evtchn,
+    .show_security_evtchn = flask_show_security_evtchn,
 
     .get_pod_target = flask_get_pod_target,
     .set_pod_target = flask_set_pod_target,