diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2012-04-17 08:31:07 +0100 |
---|---|---|
committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2012-04-17 08:31:07 +0100 |
commit | 8eee0a1a5f73085467e4a5e8ada94a3d9599cb4d (patch) | |
tree | bd5128b83a8d59ff07e855fa57a1bd9869bb933f /xen/xsm/flask/hooks.c | |
parent | f5f061b681ba29850ca7b1905ae584d66da97ddf (diff) | |
download | xen-8eee0a1a5f73085467e4a5e8ada94a3d9599cb4d.tar.gz xen-8eee0a1a5f73085467e4a5e8ada94a3d9599cb4d.tar.bz2 xen-8eee0a1a5f73085467e4a5e8ada94a3d9599cb4d.zip |
xsm/flask: clean up auditing output
The audit data for normal MMU updates was incorrectly using the RANGE
type which presented the data badly in audit messages; add a MEMORY
type for this showing the correct names for the fields. This patch
also shows the target domain in event channel mapping checks to make
debugging those denials easier.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'xen/xsm/flask/hooks.c')
-rw-r--r-- | xen/xsm/flask/hooks.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 9948fca2a2..c93b8d09b3 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -186,6 +186,10 @@ static int flask_evtchn_interdomain(struct domain *d1, struct evtchn *chn1, int rc; struct domain_security_struct *dsec, *dsec1, *dsec2; struct evtchn_security_struct *esec1, *esec2; + struct avc_audit_data ad; + AVC_AUDIT_DATA_INIT(&ad, NONE); + ad.sdom = d1; + ad.tdom = d2; dsec = current->domain->ssid; dsec1 = d1->ssid; @@ -203,15 +207,15 @@ static int flask_evtchn_interdomain(struct domain *d1, struct evtchn *chn1, return rc; } - rc = avc_has_perm(dsec->sid, newsid, SECCLASS_EVENT, EVENT__CREATE, NULL); + rc = avc_has_perm(dsec->sid, newsid, SECCLASS_EVENT, EVENT__CREATE, &ad); if ( rc ) return rc; - rc = avc_has_perm(newsid, dsec2->sid, SECCLASS_EVENT, EVENT__BIND, NULL); + rc = avc_has_perm(newsid, dsec2->sid, SECCLASS_EVENT, EVENT__BIND, &ad); if ( rc ) return rc; - rc = avc_has_perm(esec2->sid, dsec1->sid, SECCLASS_EVENT, EVENT__BIND, NULL); + rc = avc_has_perm(esec2->sid, dsec1->sid, SECCLASS_EVENT, EVENT__BIND, &ad); if ( rc ) return rc; @@ -1328,13 +1332,13 @@ static int flask_mmu_normal_update(struct domain *d, struct domain *t, if ( l1e_get_flags(l1e_from_intpte(fpte)) & _PAGE_RW ) map_perms |= MMU__MAP_WRITE; - AVC_AUDIT_DATA_INIT(&ad, RANGE); + AVC_AUDIT_DATA_INIT(&ad, MEMORY); fmfn = get_gfn_untyped(f, l1e_get_pfn(l1e_from_intpte(fpte))); ad.sdom = d; ad.tdom = f; - ad.range.start = fpte; - ad.range.end = fmfn; + ad.memory.pte = fpte; + ad.memory.mfn = fmfn; rc = get_mfn_sid(fmfn, &fsid); |