diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-02 13:45:15 -0800 |
---|---|---|
committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-02 13:45:15 -0800 |
commit | c9f7324e6c6f634bc0f7214fd0ab12fb9847c857 (patch) | |
tree | ac9afc51243fa6cbedacbb821319bd59d2a2bdc5 /xen/xsm | |
parent | 64b8b98854e09202f420b8bb02cb915b8a03cd55 (diff) | |
download | xen-c9f7324e6c6f634bc0f7214fd0ab12fb9847c857.tar.gz xen-c9f7324e6c6f634bc0f7214fd0ab12fb9847c857.tar.bz2 xen-c9f7324e6c6f634bc0f7214fd0ab12fb9847c857.zip |
xsm: remove unused xsm_assign_vector check
The PHYSDEVOP_alloc_irq_vector hypercall is a noop, so its XSM check
is not useful. Remove it and the "event vector" FLASK permission.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'xen/xsm')
-rw-r--r-- | xen/xsm/dummy.c | 6 | ||||
-rw-r--r-- | xen/xsm/flask/hooks.c | 13 | ||||
-rw-r--r-- | xen/xsm/flask/include/av_perm_to_string.h | 3 | ||||
-rw-r--r-- | xen/xsm/flask/include/av_permissions.h | 3 |
4 files changed, 2 insertions, 23 deletions
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 65369482c6..1b50d0e163 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -345,11 +345,6 @@ static int dummy_apic (struct domain *d, int cmd) return 0; } -static int dummy_assign_vector (struct domain *d, uint32_t pirq) -{ - return 0; -} - static int dummy_xen_settime (void) { return 0; @@ -560,7 +555,6 @@ void xsm_fixup_ops (struct xsm_operations *ops) set_to_dummy_if_null(ops, hvm_set_isa_irq_level); set_to_dummy_if_null(ops, hvm_set_pci_link_route); set_to_dummy_if_null(ops, apic); - set_to_dummy_if_null(ops, assign_vector); set_to_dummy_if_null(ops, xen_settime); set_to_dummy_if_null(ops, memtype); set_to_dummy_if_null(ops, microcode); diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 37b297e983..97ae4d9407 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -907,18 +907,6 @@ static int flask_apic(struct domain *d, int cmd) return domain_has_xen(d, perm); } -static int flask_assign_vector(struct domain *d, uint32_t pirq) -{ - u32 psid; - struct domain_security_struct *dsec; - dsec = d->ssid; - - if ( security_pirq_sid(pirq, &psid) ) - return -EPERM; - - return avc_has_perm(dsec->sid, psid, SECCLASS_EVENT, EVENT__VECTOR, NULL); -} - static int flask_xen_settime(void) { return domain_has_xen(current->domain, XEN__SETTIME); @@ -1306,7 +1294,6 @@ static struct xsm_operations flask_ops = { .hvm_set_isa_irq_level = flask_hvm_set_isa_irq_level, .hvm_set_pci_link_route = flask_hvm_set_pci_link_route, .apic = flask_apic, - .assign_vector = flask_assign_vector, .xen_settime = flask_xen_settime, .memtype = flask_memtype, .microcode = flask_microcode, diff --git a/xen/xsm/flask/include/av_perm_to_string.h b/xen/xsm/flask/include/av_perm_to_string.h index c32488ee9b..70aa02d2da 100644 --- a/xen/xsm/flask/include/av_perm_to_string.h +++ b/xen/xsm/flask/include/av_perm_to_string.h @@ -56,18 +56,17 @@ S_(SECCLASS_HVM, HVM__GETHVMC, "gethvmc") S_(SECCLASS_HVM, HVM__SETPARAM, "setparam") S_(SECCLASS_HVM, HVM__GETPARAM, "getparam") - S_(SECCLASS_HVM, HVM__TRACKDIRTYVRAM, "trackdirtyvram") S_(SECCLASS_HVM, HVM__PCILEVEL, "pcilevel") S_(SECCLASS_HVM, HVM__IRQLEVEL, "irqlevel") S_(SECCLASS_HVM, HVM__PCIROUTE, "pciroute") S_(SECCLASS_HVM, HVM__BIND_IRQ, "bind_irq") S_(SECCLASS_HVM, HVM__CACHEATTR, "cacheattr") + S_(SECCLASS_HVM, HVM__TRACKDIRTYVRAM, "trackdirtyvram") S_(SECCLASS_EVENT, EVENT__BIND, "bind") S_(SECCLASS_EVENT, EVENT__SEND, "send") S_(SECCLASS_EVENT, EVENT__STATUS, "status") S_(SECCLASS_EVENT, EVENT__NOTIFY, "notify") S_(SECCLASS_EVENT, EVENT__CREATE, "create") - S_(SECCLASS_EVENT, EVENT__VECTOR, "vector") S_(SECCLASS_EVENT, EVENT__RESET, "reset") S_(SECCLASS_GRANT, GRANT__MAP_READ, "map_read") S_(SECCLASS_GRANT, GRANT__MAP_WRITE, "map_write") diff --git a/xen/xsm/flask/include/av_permissions.h b/xen/xsm/flask/include/av_permissions.h index f5dcc6f8fe..4c2ffb61e8 100644 --- a/xen/xsm/flask/include/av_permissions.h +++ b/xen/xsm/flask/include/av_permissions.h @@ -70,8 +70,7 @@ #define EVENT__STATUS 0x00000004UL #define EVENT__NOTIFY 0x00000008UL #define EVENT__CREATE 0x00000010UL -#define EVENT__VECTOR 0x00000020UL -#define EVENT__RESET 0x00000040UL +#define EVENT__RESET 0x00000020UL #define GRANT__MAP_READ 0x00000001UL #define GRANT__MAP_WRITE 0x00000002UL |