Revert "xen/xsm: Wire up get_dom0_console"

This reverts commit 9cef77400470604e76c6c3aa9f647c40429ff956,
for not being applicable to this branch.

diff --git a/tools/flask/policy/modules/dom0.te b/tools/flask/policy/modules/dom0.te
index 16b8c9646d1b2ec35942271fb5c28f28bf28136e..f1dcff48e22735ddddf8c6c99d3ee8a842bda9d0 100644 (file)
--- a/tools/flask/policy/modules/dom0.te
+++ b/tools/flask/policy/modules/dom0.te
@@ -16,7 +16,7 @@ allow dom0_t xen_t:xen {
 allow dom0_t xen_t:xen2 {
        resource_op psr_cmt_op psr_alloc pmu_ctrl get_symbol
        get_cpu_levelling_caps get_cpu_featureset livepatch_op
-       coverage_op get_dom0_console
+       coverage_op
 };
 
 # Allow dom0 to use all XENVER_ subops that have checks.

diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 5e88c71b8e225e86b48fba7f204ac1ebf7235401..78225f68c15c1c81b6c16ffc9afeee5d9bb9bd91 100644 (file)
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1558,10 +1558,6 @@ static int cf_check flask_platform_op(uint32_t op)
         return avc_has_perm(domain_sid(current->domain), SECINITSID_XEN,
                             SECCLASS_XEN2, XEN2__GET_SYMBOL, NULL);
 
-    case XENPF_get_dom0_console:
-        return avc_has_perm(domain_sid(current->domain), SECINITSID_XEN,
-                            SECCLASS_XEN2, XEN2__GET_DOM0_CONSOLE, NULL);
-
     default:
         return avc_unknown_permission("platform_op", op);
     }

diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
index a35e3d4c51e12113f4d1452c39d59fca9c111186..4e6710a63e1b30cac14fb99f4d8e28d188cf2a0a 100644 (file)
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -99,8 +99,6 @@ class xen2
     livepatch_op
 # XEN_SYSCTL_coverage_op
     coverage_op
-# XENPF_get_dom0_console
-    get_dom0_console
 }
 
 # Classes domain and domain2 consist of operations that a domain performs on