ia64/xen-unstable

changeset 16404:2022cbc842af

ACM: Test sharing as part of the authorization check.

Protected the policy from being changed while the hooks are being
called.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author Keir Fraser <keir.fraser@citrix.com>
date Tue Nov 20 15:13:29 2007 +0000 (2007-11-20)
parents bc6aaa44e296
children 94b3979606cd
files xen/include/xsm/acm/acm_hooks.h xen/xsm/acm/acm_policy.c
line diff
     1.1 --- a/xen/include/xsm/acm/acm_hooks.h	Tue Nov 20 15:05:36 2007 +0000
     1.2 +++ b/xen/include/xsm/acm/acm_hooks.h	Tue Nov 20 15:13:29 2007 +0000
     1.3 @@ -325,7 +325,7 @@ static inline int acm_authorization(ssid
     1.4               acm_secondary_ops->authorization(ssidref1, ssidref2)) {
     1.5          return ACM_ACCESS_DENIED;
     1.6      } else
     1.7 -        return ACM_ACCESS_PERMITTED;
     1.8 +        return acm_sharing(ssidref1, ssidref2);
     1.9  }
    1.10  
    1.11  
     2.1 --- a/xen/xsm/acm/acm_policy.c	Tue Nov 20 15:05:36 2007 +0000
     2.2 +++ b/xen/xsm/acm/acm_policy.c	Tue Nov 20 15:13:29 2007 +0000
     2.3 @@ -430,6 +430,9 @@ int
     2.4  acm_get_decision(ssidref_t ssidref1, ssidref_t ssidref2, u32 hook)
     2.5  {
     2.6      int ret = ACM_ACCESS_DENIED;
     2.7 +
     2.8 +    read_lock(&acm_bin_pol_rwlock);
     2.9 +
    2.10      switch ( hook )
    2.11      {
    2.12  
    2.13 @@ -447,6 +450,8 @@ acm_get_decision(ssidref_t ssidref1, ssi
    2.14          break;
    2.15      }
    2.16  
    2.17 +    read_unlock(&acm_bin_pol_rwlock);
    2.18 +
    2.19      printkd("%s: ssid1=%x, ssid2=%x, decision=%s.\n",
    2.20              __func__, ssidref1, ssidref2,
    2.21              (ret == ACM_ACCESS_PERMITTED) ? "GRANTED" : "DENIED");