diff options
| author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-01-11 10:37:10 +0000 |
|---|---|---|
| committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-01-11 10:37:10 +0000 |
| commit | 2b7a98eed8069cb6fe1b967236d80d0a8cf2913e (patch) | |
| tree | 4e40b8f3e430d34c96c42eea5a38db7a4360ed8d /xen/xsm/flask/policy/access_vectors | |
| parent | 4b73f651d09d7e566ec3b6f0df16af7b5b1dd8be (diff) | |
| download | xen-2b7a98eed8069cb6fe1b967236d80d0a8cf2913e.tar.gz xen-2b7a98eed8069cb6fe1b967236d80d0a8cf2913e.tar.bz2 xen-2b7a98eed8069cb6fe1b967236d80d0a8cf2913e.zip | |
xsm/flask: Add checks on the domain performing the set_target operation
The existing domain__set_target check only verifies that the source
and target domains can be associated. We also need to check that the
privileged domain making this association is allowed to do so.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'xen/xsm/flask/policy/access_vectors')
| -rw-r--r-- | xen/xsm/flask/policy/access_vectors | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors index c7e29abb32..11d02da49f 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -78,6 +78,8 @@ class domain2 relabelfrom relabelto relabelself + make_priv_for + set_as_target } class hvm |