xen: add XSM hook for XENMEM_exchange

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>

3 files changed, 8 insertions, 0 deletions

diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 200cbc81bb..71299d56a2 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -84,6 +84,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
     set_to_dummy_if_null(ops, get_pod_target);
     set_to_dummy_if_null(ops, set_pod_target);
 
+    set_to_dummy_if_null(ops, memory_exchange);
     set_to_dummy_if_null(ops, memory_adjust_reservation);
     set_to_dummy_if_null(ops, memory_stat_reservation);
     set_to_dummy_if_null(ops, memory_pin_page);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index ad60a882bf..7707ac2654 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -396,6 +396,11 @@ static int flask_set_pod_target(struct domain *d)
     return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETPODTARGET);
 }
 
+static int flask_memory_exchange(struct domain *d)
+{
+    return current_has_perm(d, SECCLASS_MMU, MMU__EXCHANGE);
+}
+
 static int flask_memory_adjust_reservation(struct domain *d1, struct domain *d2)
 {
     return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__ADJUST);
@@ -1686,6 +1691,7 @@ static struct xsm_operations flask_ops = {
 
     .get_pod_target = flask_get_pod_target,
     .set_pod_target = flask_set_pod_target,
+    .memory_exchange = flask_memory_exchange,
     .memory_adjust_reservation = flask_memory_adjust_reservation,
     .memory_stat_reservation = flask_memory_stat_reservation,
     .memory_pin_page = flask_memory_pin_page,
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
index 8324725e11..caf65d2d89 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -142,6 +142,7 @@ class mmu
     memorymap
     remote_remap
 	mmuext_op
+	exchange
 }
 
 class shadow