}
}
-static XSM_INLINE void xsm_security_domaininfo(
+static XSM_INLINE void cf_check xsm_security_domaininfo(
struct domain *d, struct xen_domctl_getdomaininfo *info)
{
return;
}
-static XSM_INLINE int xsm_domain_create(
+static XSM_INLINE int cf_check xsm_domain_create(
XSM_DEFAULT_ARG struct domain *d, uint32_t ssidref)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_getdomaininfo(XSM_DEFAULT_ARG struct domain *d)
+static XSM_INLINE int cf_check xsm_getdomaininfo(
+ XSM_DEFAULT_ARG struct domain *d)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_domctl_scheduler_op(
+static XSM_INLINE int cf_check xsm_domctl_scheduler_op(
XSM_DEFAULT_ARG struct domain *d, int cmd)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_sysctl_scheduler_op(XSM_DEFAULT_ARG int cmd)
+static XSM_INLINE int cf_check xsm_sysctl_scheduler_op(XSM_DEFAULT_ARG int cmd)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_set_target(
+static XSM_INLINE int cf_check xsm_set_target(
XSM_DEFAULT_ARG struct domain *d, struct domain *e)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_domctl(XSM_DEFAULT_ARG struct domain *d, int cmd)
+static XSM_INLINE int cf_check xsm_domctl(
+ XSM_DEFAULT_ARG struct domain *d, int cmd)
{
XSM_ASSERT_ACTION(XSM_OTHER);
switch ( cmd )
}
}
-static XSM_INLINE int xsm_sysctl(XSM_DEFAULT_ARG int cmd)
+static XSM_INLINE int cf_check xsm_sysctl(XSM_DEFAULT_ARG int cmd)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_readconsole(XSM_DEFAULT_ARG uint32_t clear)
+static XSM_INLINE int cf_check xsm_readconsole(XSM_DEFAULT_ARG uint32_t clear)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_alloc_security_domain(struct domain *d)
+static XSM_INLINE int cf_check xsm_alloc_security_domain(struct domain *d)
{
return 0;
}
-static XSM_INLINE void xsm_free_security_domain(struct domain *d)
+static XSM_INLINE void cf_check xsm_free_security_domain(struct domain *d)
{
return;
}
-static XSM_INLINE int xsm_grant_mapref(
+static XSM_INLINE int cf_check xsm_grant_mapref(
XSM_DEFAULT_ARG struct domain *d1, struct domain *d2, uint32_t flags)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_grant_unmapref(
+static XSM_INLINE int cf_check xsm_grant_unmapref(
XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_grant_setup(
+static XSM_INLINE int cf_check xsm_grant_setup(
XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_grant_transfer(
+static XSM_INLINE int cf_check xsm_grant_transfer(
XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_grant_copy(
+static XSM_INLINE int cf_check xsm_grant_copy(
XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_grant_query_size(
+static XSM_INLINE int cf_check xsm_grant_query_size(
XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_memory_exchange(XSM_DEFAULT_ARG struct domain *d)
+static XSM_INLINE int cf_check xsm_memory_exchange(
+ XSM_DEFAULT_ARG struct domain *d)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_memory_adjust_reservation(
+static XSM_INLINE int cf_check xsm_memory_adjust_reservation(
XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_memory_stat_reservation(
+static XSM_INLINE int cf_check xsm_memory_stat_reservation(
XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_console_io(XSM_DEFAULT_ARG struct domain *d, int cmd)
+static XSM_INLINE int cf_check xsm_console_io(
+ XSM_DEFAULT_ARG struct domain *d, int cmd)
{
XSM_ASSERT_ACTION(XSM_OTHER);
if ( d->is_console )
return xsm_default_action(XSM_PRIV, d, NULL);
}
-static XSM_INLINE int xsm_profile(XSM_DEFAULT_ARG struct domain *d, int op)
+static XSM_INLINE int cf_check xsm_profile(
+ XSM_DEFAULT_ARG struct domain *d, int op)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, d, NULL);
}
-static XSM_INLINE int xsm_kexec(XSM_DEFAULT_VOID)
+static XSM_INLINE int cf_check xsm_kexec(XSM_DEFAULT_VOID)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_schedop_shutdown(
+static XSM_INLINE int cf_check xsm_schedop_shutdown(
XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_DM_PRIV);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_memory_pin_page(
+static XSM_INLINE int cf_check xsm_memory_pin_page(
XSM_DEFAULT_ARG struct domain *d1, struct domain *d2,
struct page_info *page)
{
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_claim_pages(XSM_DEFAULT_ARG struct domain *d)
+static XSM_INLINE int cf_check xsm_claim_pages(XSM_DEFAULT_ARG struct domain *d)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_evtchn_unbound(
+static XSM_INLINE int cf_check xsm_evtchn_unbound(
XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn, domid_t id2)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_evtchn_interdomain(
+static XSM_INLINE int cf_check xsm_evtchn_interdomain(
XSM_DEFAULT_ARG struct domain *d1, struct evtchn *chan1, struct domain *d2,
struct evtchn *chan2)
{
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE void xsm_evtchn_close_post(struct evtchn *chn)
+static XSM_INLINE void cf_check xsm_evtchn_close_post(struct evtchn *chn)
{
return;
}
-static XSM_INLINE int xsm_evtchn_send(
+static XSM_INLINE int cf_check xsm_evtchn_send(
XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, d, NULL);
}
-static XSM_INLINE int xsm_evtchn_status(
+static XSM_INLINE int cf_check xsm_evtchn_status(
XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_evtchn_reset(
+static XSM_INLINE int cf_check xsm_evtchn_reset(
XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_alloc_security_evtchns(
+static XSM_INLINE int cf_check xsm_alloc_security_evtchns(
struct evtchn chn[], unsigned int nr)
{
return 0;
}
-static XSM_INLINE void xsm_free_security_evtchns(
+static XSM_INLINE void cf_check xsm_free_security_evtchns(
struct evtchn chn[], unsigned int nr)
{
return;
}
-static XSM_INLINE char *xsm_show_security_evtchn(
+static XSM_INLINE char *cf_check xsm_show_security_evtchn(
struct domain *d, const struct evtchn *chn)
{
return NULL;
}
-static XSM_INLINE int xsm_init_hardware_domain(XSM_DEFAULT_ARG struct domain *d)
+static XSM_INLINE int cf_check xsm_init_hardware_domain(
+ XSM_DEFAULT_ARG struct domain *d)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_get_pod_target(XSM_DEFAULT_ARG struct domain *d)
+static XSM_INLINE int cf_check xsm_get_pod_target(
+ XSM_DEFAULT_ARG struct domain *d)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_set_pod_target(XSM_DEFAULT_ARG struct domain *d)
+static XSM_INLINE int cf_check xsm_set_pod_target(
+ XSM_DEFAULT_ARG struct domain *d)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_get_vnumainfo(XSM_DEFAULT_ARG struct domain *d)
+static XSM_INLINE int cf_check xsm_get_vnumainfo(
+ XSM_DEFAULT_ARG struct domain *d)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, current->domain, d);
}
#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI)
-static XSM_INLINE int xsm_get_device_group(XSM_DEFAULT_ARG uint32_t machine_bdf)
+static XSM_INLINE int cf_check xsm_get_device_group(
+ XSM_DEFAULT_ARG uint32_t machine_bdf)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_assign_device(
+static XSM_INLINE int cf_check xsm_assign_device(
XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_deassign_device(
+static XSM_INLINE int cf_check xsm_deassign_device(
XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf)
{
XSM_ASSERT_ACTION(XSM_HOOK);
#endif /* HAS_PASSTHROUGH && HAS_PCI */
#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE)
-static XSM_INLINE int xsm_assign_dtdevice(
+static XSM_INLINE int cf_check xsm_assign_dtdevice(
XSM_DEFAULT_ARG struct domain *d, const char *dtpath)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_deassign_dtdevice(
+static XSM_INLINE int cf_check xsm_deassign_dtdevice(
XSM_DEFAULT_ARG struct domain *d, const char *dtpath)
{
XSM_ASSERT_ACTION(XSM_HOOK);
#endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */
-static XSM_INLINE int xsm_resource_plug_core(XSM_DEFAULT_VOID)
+static XSM_INLINE int cf_check xsm_resource_plug_core(XSM_DEFAULT_VOID)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_resource_unplug_core(XSM_DEFAULT_VOID)
+static XSM_INLINE int cf_check xsm_resource_unplug_core(XSM_DEFAULT_VOID)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_resource_plug_pci(
+static XSM_INLINE int cf_check xsm_resource_plug_pci(
XSM_DEFAULT_ARG uint32_t machine_bdf)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_resource_unplug_pci(
+static XSM_INLINE int cf_check xsm_resource_unplug_pci(
XSM_DEFAULT_ARG uint32_t machine_bdf)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_resource_setup_pci(
+static XSM_INLINE int cf_check xsm_resource_setup_pci(
XSM_DEFAULT_ARG uint32_t machine_bdf)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_resource_setup_gsi(XSM_DEFAULT_ARG int gsi)
+static XSM_INLINE int cf_check xsm_resource_setup_gsi(XSM_DEFAULT_ARG int gsi)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_resource_setup_misc(XSM_DEFAULT_VOID)
+static XSM_INLINE int cf_check xsm_resource_setup_misc(XSM_DEFAULT_VOID)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_page_offline(XSM_DEFAULT_ARG uint32_t cmd)
+static XSM_INLINE int cf_check xsm_page_offline(XSM_DEFAULT_ARG uint32_t cmd)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_hypfs_op(XSM_DEFAULT_VOID)
+static XSM_INLINE int cf_check xsm_hypfs_op(XSM_DEFAULT_VOID)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op)
+static XSM_INLINE long cf_check xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op)
{
return -ENOSYS;
}
#ifdef CONFIG_COMPAT
-static XSM_INLINE int xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(void) op)
+static XSM_INLINE int cf_check xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(void) op)
{
return -ENOSYS;
}
#endif
-static XSM_INLINE char *xsm_show_irq_sid(int irq)
+static XSM_INLINE char *cf_check xsm_show_irq_sid(int irq)
{
return NULL;
}
-static XSM_INLINE int xsm_map_domain_pirq(XSM_DEFAULT_ARG struct domain *d)
+static XSM_INLINE int cf_check xsm_map_domain_pirq(
+ XSM_DEFAULT_ARG struct domain *d)
{
XSM_ASSERT_ACTION(XSM_DM_PRIV);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_map_domain_irq(
+static XSM_INLINE int cf_check xsm_map_domain_irq(
XSM_DEFAULT_ARG struct domain *d, int irq, const void *data)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_unmap_domain_pirq(XSM_DEFAULT_ARG struct domain *d)
+static XSM_INLINE int cf_check xsm_unmap_domain_pirq(
+ XSM_DEFAULT_ARG struct domain *d)
{
XSM_ASSERT_ACTION(XSM_DM_PRIV);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_bind_pt_irq(
+static XSM_INLINE int cf_check xsm_bind_pt_irq(
XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_unbind_pt_irq(
+static XSM_INLINE int cf_check xsm_unbind_pt_irq(
XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_unmap_domain_irq(
+static XSM_INLINE int cf_check xsm_unmap_domain_irq(
XSM_DEFAULT_ARG struct domain *d, int irq, const void *data)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_irq_permission(
+static XSM_INLINE int cf_check xsm_irq_permission(
XSM_DEFAULT_ARG struct domain *d, int pirq, uint8_t allow)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_iomem_permission(
+static XSM_INLINE int cf_check xsm_iomem_permission(
XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_iomem_mapping(
+static XSM_INLINE int cf_check xsm_iomem_mapping(
XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_pci_config_permission(
+static XSM_INLINE int cf_check xsm_pci_config_permission(
XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf, uint16_t start,
uint16_t end, uint8_t access)
{
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_add_to_physmap(
+static XSM_INLINE int cf_check xsm_add_to_physmap(
XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_remove_from_physmap(
+static XSM_INLINE int cf_check xsm_remove_from_physmap(
XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_map_gmfn_foreign(
+static XSM_INLINE int cf_check xsm_map_gmfn_foreign(
XSM_DEFAULT_ARG struct domain *d, struct domain *t)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d, t);
}
-static XSM_INLINE int xsm_hvm_param(
+static XSM_INLINE int cf_check xsm_hvm_param(
XSM_DEFAULT_ARG struct domain *d, unsigned long op)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_hvm_param_altp2mhvm(XSM_DEFAULT_ARG struct domain *d)
+static XSM_INLINE int cf_check xsm_hvm_param_altp2mhvm(
+ XSM_DEFAULT_ARG struct domain *d)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_hvm_altp2mhvm_op(
+static XSM_INLINE int cf_check xsm_hvm_altp2mhvm_op(
XSM_DEFAULT_ARG struct domain *d, uint64_t mode, uint32_t op)
{
XSM_ASSERT_ACTION(XSM_OTHER);
}
}
-static XSM_INLINE int xsm_vm_event_control(
+static XSM_INLINE int cf_check xsm_vm_event_control(
XSM_DEFAULT_ARG struct domain *d, int mode, int op)
{
XSM_ASSERT_ACTION(XSM_PRIV);
}
#ifdef CONFIG_MEM_ACCESS
-static XSM_INLINE int xsm_mem_access(XSM_DEFAULT_ARG struct domain *d)
+static XSM_INLINE int cf_check xsm_mem_access(XSM_DEFAULT_ARG struct domain *d)
{
XSM_ASSERT_ACTION(XSM_DM_PRIV);
return xsm_default_action(action, current->domain, d);
#endif
#ifdef CONFIG_MEM_PAGING
-static XSM_INLINE int xsm_mem_paging(XSM_DEFAULT_ARG struct domain *d)
+static XSM_INLINE int cf_check xsm_mem_paging(XSM_DEFAULT_ARG struct domain *d)
{
XSM_ASSERT_ACTION(XSM_DM_PRIV);
return xsm_default_action(action, current->domain, d);
#endif
#ifdef CONFIG_MEM_SHARING
-static XSM_INLINE int xsm_mem_sharing(XSM_DEFAULT_ARG struct domain *d)
+static XSM_INLINE int cf_check xsm_mem_sharing(XSM_DEFAULT_ARG struct domain *d)
{
XSM_ASSERT_ACTION(XSM_DM_PRIV);
return xsm_default_action(action, current->domain, d);
}
#endif
-static XSM_INLINE int xsm_platform_op(XSM_DEFAULT_ARG uint32_t op)
+static XSM_INLINE int cf_check xsm_platform_op(XSM_DEFAULT_ARG uint32_t op)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, NULL);
}
#ifdef CONFIG_X86
-static XSM_INLINE int xsm_do_mca(XSM_DEFAULT_VOID)
+static XSM_INLINE int cf_check xsm_do_mca(XSM_DEFAULT_VOID)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_shadow_control(
+static XSM_INLINE int cf_check xsm_shadow_control(
XSM_DEFAULT_ARG struct domain *d, uint32_t op)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_mem_sharing_op(
+static XSM_INLINE int cf_check xsm_mem_sharing_op(
XSM_DEFAULT_ARG struct domain *d, struct domain *cd, int op)
{
XSM_ASSERT_ACTION(XSM_DM_PRIV);
return xsm_default_action(action, current->domain, cd);
}
-static XSM_INLINE int xsm_apic(XSM_DEFAULT_ARG struct domain *d, int cmd)
+static XSM_INLINE int cf_check xsm_apic(
+ XSM_DEFAULT_ARG struct domain *d, int cmd)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, d, NULL);
}
-static XSM_INLINE int xsm_machine_memory_map(XSM_DEFAULT_VOID)
+static XSM_INLINE int cf_check xsm_machine_memory_map(XSM_DEFAULT_VOID)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_domain_memory_map(XSM_DEFAULT_ARG struct domain *d)
+static XSM_INLINE int cf_check xsm_domain_memory_map(
+ XSM_DEFAULT_ARG struct domain *d)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_mmu_update(
+static XSM_INLINE int cf_check xsm_mmu_update(
XSM_DEFAULT_ARG struct domain *d, struct domain *t, struct domain *f,
uint32_t flags)
{
return rc;
}
-static XSM_INLINE int xsm_mmuext_op(
+static XSM_INLINE int cf_check xsm_mmuext_op(
XSM_DEFAULT_ARG struct domain *d, struct domain *f)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d, f);
}
-static XSM_INLINE int xsm_update_va_mapping(
+static XSM_INLINE int cf_check xsm_update_va_mapping(
XSM_DEFAULT_ARG struct domain *d, struct domain *f, l1_pgentry_t pte)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d, f);
}
-static XSM_INLINE int xsm_priv_mapping(
+static XSM_INLINE int cf_check xsm_priv_mapping(
XSM_DEFAULT_ARG struct domain *d, struct domain *t)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d, t);
}
-static XSM_INLINE int xsm_ioport_permission(
+static XSM_INLINE int cf_check xsm_ioport_permission(
XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_ioport_mapping(
+static XSM_INLINE int cf_check xsm_ioport_mapping(
XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_pmu_op(
+static XSM_INLINE int cf_check xsm_pmu_op(
XSM_DEFAULT_ARG struct domain *d, unsigned int op)
{
XSM_ASSERT_ACTION(XSM_OTHER);
#endif /* CONFIG_X86 */
-static XSM_INLINE int xsm_dm_op(XSM_DEFAULT_ARG struct domain *d)
+static XSM_INLINE int cf_check xsm_dm_op(XSM_DEFAULT_ARG struct domain *d)
{
XSM_ASSERT_ACTION(XSM_DM_PRIV);
return xsm_default_action(action, current->domain, d);
}
#ifdef CONFIG_ARGO
-static XSM_INLINE int xsm_argo_enable(const struct domain *d)
+static XSM_INLINE int cf_check xsm_argo_enable(const struct domain *d)
{
return 0;
}
-static XSM_INLINE int xsm_argo_register_single_source(
+static XSM_INLINE int cf_check xsm_argo_register_single_source(
const struct domain *d, const struct domain *t)
{
return 0;
}
-static XSM_INLINE int xsm_argo_register_any_source(const struct domain *d)
+static XSM_INLINE int cf_check xsm_argo_register_any_source(
+ const struct domain *d)
{
return 0;
}
-static XSM_INLINE int xsm_argo_send(
+static XSM_INLINE int cf_check xsm_argo_send(
const struct domain *d, const struct domain *t)
{
return 0;
#endif /* CONFIG_ARGO */
#include <public/version.h>
-static XSM_INLINE int xsm_xen_version(XSM_DEFAULT_ARG uint32_t op)
+static XSM_INLINE int cf_check xsm_xen_version(XSM_DEFAULT_ARG uint32_t op)
{
XSM_ASSERT_ACTION(XSM_OTHER);
switch ( op )
}
}
-static XSM_INLINE int xsm_domain_resource_map(XSM_DEFAULT_ARG struct domain *d)
+static XSM_INLINE int cf_check xsm_domain_resource_map(
+ XSM_DEFAULT_ARG struct domain *d)
{
XSM_ASSERT_ACTION(XSM_DM_PRIV);
return xsm_default_action(action, current->domain, d);
#endif /* !COMPAT */
-ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op)
+ret_t cf_check do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op)
{
xen_flask_op_t op;
int rv;
return rc;
}
-static int flask_domain_alloc_security(struct domain *d)
+static int cf_check flask_domain_alloc_security(struct domain *d)
{
struct domain_security_struct *dsec;
return 0;
}
-static void flask_domain_free_security(struct domain *d)
+static void cf_check flask_domain_free_security(struct domain *d)
{
struct domain_security_struct *dsec = d->ssid;
xfree(dsec);
}
-static int flask_evtchn_unbound(struct domain *d1, struct evtchn *chn,
- domid_t id2)
+static int cf_check flask_evtchn_unbound(
+ struct domain *d1, struct evtchn *chn, domid_t id2)
{
u32 sid1, sid2, newsid;
int rc;
return rc;
}
-static int flask_evtchn_interdomain(struct domain *d1, struct evtchn *chn1,
- struct domain *d2, struct evtchn *chn2)
+static int cf_check flask_evtchn_interdomain(
+ struct domain *d1, struct evtchn *chn1,
+ struct domain *d2, struct evtchn *chn2)
{
u32 sid1, sid2, newsid, reverse_sid;
int rc;
return rc;
}
-static void flask_evtchn_close_post(struct evtchn *chn)
+static void cf_check flask_evtchn_close_post(struct evtchn *chn)
{
chn->ssid.flask_sid = SECINITSID_UNLABELED;
}
-static int flask_evtchn_send(struct domain *d, struct evtchn *chn)
+static int cf_check flask_evtchn_send(struct domain *d, struct evtchn *chn)
{
int rc;
return rc;
}
-static int flask_evtchn_status(struct domain *d, struct evtchn *chn)
+static int cf_check flask_evtchn_status(struct domain *d, struct evtchn *chn)
{
return domain_has_evtchn(d, chn, EVENT__STATUS);
}
-static int flask_evtchn_reset(struct domain *d1, struct domain *d2)
+static int cf_check flask_evtchn_reset(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_EVENT, EVENT__RESET);
}
-static int flask_alloc_security_evtchns(struct evtchn chn[], unsigned int nr)
+static int cf_check flask_alloc_security_evtchns(
+ struct evtchn chn[], unsigned int nr)
{
unsigned int i;
return 0;
}
-static void flask_free_security_evtchns(struct evtchn chn[], unsigned int nr)
+static void cf_check flask_free_security_evtchns(
+ struct evtchn chn[], unsigned int nr)
{
unsigned int i;
chn[i].ssid.flask_sid = SECINITSID_UNLABELED;
}
-static char *flask_show_security_evtchn(struct domain *d, const struct evtchn *chn)
+static char *cf_check flask_show_security_evtchn(
+ struct domain *d, const struct evtchn *chn)
{
int irq;
u32 sid = 0;
return ctx;
}
-static int flask_init_hardware_domain(struct domain *d)
+static int cf_check flask_init_hardware_domain(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__CREATE_HARDWARE_DOMAIN);
}
-static int flask_grant_mapref(struct domain *d1, struct domain *d2,
- uint32_t flags)
+static int cf_check flask_grant_mapref(
+ struct domain *d1, struct domain *d2, uint32_t flags)
{
u32 perms = GRANT__MAP_READ;
return domain_has_perm(d1, d2, SECCLASS_GRANT, perms);
}
-static int flask_grant_unmapref(struct domain *d1, struct domain *d2)
+static int cf_check flask_grant_unmapref(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__UNMAP);
}
-static int flask_grant_setup(struct domain *d1, struct domain *d2)
+static int cf_check flask_grant_setup(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__SETUP);
}
-static int flask_grant_transfer(struct domain *d1, struct domain *d2)
+static int cf_check flask_grant_transfer(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__TRANSFER);
}
-static int flask_grant_copy(struct domain *d1, struct domain *d2)
+static int cf_check flask_grant_copy(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__COPY);
}
-static int flask_grant_query_size(struct domain *d1, struct domain *d2)
+static int cf_check flask_grant_query_size(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__QUERY);
}
-static int flask_get_pod_target(struct domain *d)
+static int cf_check flask_get_pod_target(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETPODTARGET);
}
-static int flask_set_pod_target(struct domain *d)
+static int cf_check flask_set_pod_target(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETPODTARGET);
}
-static int flask_memory_exchange(struct domain *d)
+static int cf_check flask_memory_exchange(struct domain *d)
{
return current_has_perm(d, SECCLASS_MMU, MMU__EXCHANGE);
}
-static int flask_memory_adjust_reservation(struct domain *d1, struct domain *d2)
+static int cf_check flask_memory_adjust_reservation(
+ struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__ADJUST);
}
-static int flask_memory_stat_reservation(struct domain *d1, struct domain *d2)
+static int cf_check flask_memory_stat_reservation(
+ struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__STAT);
}
-static int flask_memory_pin_page(struct domain *d1, struct domain *d2,
- struct page_info *page)
+static int cf_check flask_memory_pin_page(
+ struct domain *d1, struct domain *d2, struct page_info *page)
{
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PINPAGE);
}
-static int flask_claim_pages(struct domain *d)
+static int cf_check flask_claim_pages(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SETCLAIM);
}
-static int flask_get_vnumainfo(struct domain *d)
+static int cf_check flask_get_vnumainfo(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__GET_VNUMAINFO);
}
-static int flask_console_io(struct domain *d, int cmd)
+static int cf_check flask_console_io(struct domain *d, int cmd)
{
u32 perm;
return domain_has_xen(d, perm);
}
-static int flask_profile(struct domain *d, int op)
+static int cf_check flask_profile(struct domain *d, int op)
{
u32 perm;
return domain_has_xen(d, perm);
}
-static int flask_kexec(void)
+static int cf_check flask_kexec(void)
{
return domain_has_xen(current->domain, XEN__KEXEC);
}
-static int flask_schedop_shutdown(struct domain *d1, struct domain *d2)
+static int cf_check flask_schedop_shutdown(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_DOMAIN, DOMAIN__SHUTDOWN);
}
-static void flask_security_domaininfo(struct domain *d,
- struct xen_domctl_getdomaininfo *info)
+static void cf_check flask_security_domaininfo(
+ struct domain *d, struct xen_domctl_getdomaininfo *info)
{
info->ssidref = domain_sid(d);
}
-static int flask_domain_create(struct domain *d, u32 ssidref)
+static int cf_check flask_domain_create(struct domain *d, u32 ssidref)
{
int rc;
struct domain_security_struct *dsec = d->ssid;
return rc;
}
-static int flask_getdomaininfo(struct domain *d)
+static int cf_check flask_getdomaininfo(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETDOMAININFO);
}
-static int flask_domctl_scheduler_op(struct domain *d, int op)
+static int cf_check flask_domctl_scheduler_op(struct domain *d, int op)
{
switch ( op )
{
}
}
-static int flask_sysctl_scheduler_op(int op)
+static int cf_check flask_sysctl_scheduler_op(int op)
{
switch ( op )
{
}
}
-static int flask_set_target(struct domain *d, struct domain *t)
+static int cf_check flask_set_target(struct domain *d, struct domain *t)
{
int rc;
struct domain_security_struct *dsec, *tsec;
return rc;
}
-static int flask_domctl(struct domain *d, int cmd)
+static int cf_check flask_domctl(struct domain *d, int cmd)
{
switch ( cmd )
{
}
}
-static int flask_sysctl(int cmd)
+static int cf_check flask_sysctl(int cmd)
{
switch ( cmd )
{
}
}
-static int flask_readconsole(uint32_t clear)
+static int cf_check flask_readconsole(uint32_t clear)
{
u32 perms = XEN__READCONSOLE;
return RESOURCE__REMOVE;
}
-static char *flask_show_irq_sid (int irq)
+static char *cf_check flask_show_irq_sid(int irq)
{
u32 sid, ctx_len;
char *ctx;
return ctx;
}
-static int flask_map_domain_pirq (struct domain *d)
+static int cf_check flask_map_domain_pirq(struct domain *d)
{
return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD);
}
return perm;
}
-static int flask_map_domain_irq (struct domain *d, int irq, const void *data)
+static int cf_check flask_map_domain_irq(struct domain *d, int irq, const void *data)
{
u32 sid, dsid;
int rc = -EPERM;
return rc;
}
-static int flask_unmap_domain_pirq (struct domain *d)
+static int cf_check flask_unmap_domain_pirq(struct domain *d)
{
return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
}
#endif
}
-static int flask_unmap_domain_irq (struct domain *d, int irq, const void *data)
+static int cf_check flask_unmap_domain_irq(
+ struct domain *d, int irq, const void *data)
{
u32 sid;
int rc = -EPERM;
return rc;
}
-static int flask_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq *bind)
+static int cf_check flask_bind_pt_irq(
+ struct domain *d, struct xen_domctl_bind_pt_irq *bind)
{
u32 dsid, rsid;
int rc = -EPERM;
return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, dperm, &ad);
}
-static int flask_unbind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq *bind)
+static int cf_check flask_unbind_pt_irq(
+ struct domain *d, struct xen_domctl_bind_pt_irq *bind)
{
return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
}
-static int flask_irq_permission (struct domain *d, int pirq, uint8_t access)
+static int cf_check flask_irq_permission(
+ struct domain *d, int pirq, uint8_t access)
{
/* the PIRQ number is not useful; real IRQ is checked during mapping */
return current_has_perm(d, SECCLASS_RESOURCE, resource_to_perm(access));
u32 use_perm;
};
-static int _iomem_has_perm(void *v, u32 sid, unsigned long start, unsigned long end)
+static int cf_check _iomem_has_perm(
+ void *v, u32 sid, unsigned long start, unsigned long end)
{
struct iomem_has_perm_data *data = v;
struct avc_audit_data ad;
return avc_has_perm(data->dsid, sid, SECCLASS_RESOURCE, data->use_perm, &ad);
}
-static int flask_iomem_permission(struct domain *d, uint64_t start, uint64_t end, uint8_t access)
+static int cf_check flask_iomem_permission(
+ struct domain *d, uint64_t start, uint64_t end, uint8_t access)
{
struct iomem_has_perm_data data;
int rc;
return security_iterate_iomem_sids(start, end, _iomem_has_perm, &data);
}
-static int flask_iomem_mapping(struct domain *d, uint64_t start, uint64_t end, uint8_t access)
+static int cf_check flask_iomem_mapping(struct domain *d, uint64_t start, uint64_t end, uint8_t access)
{
return flask_iomem_permission(d, start, end, access);
}
-static int flask_pci_config_permission(struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access)
+static int cf_check flask_pci_config_permission(
+ struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end,
+ uint8_t access)
{
u32 dsid, rsid;
int rc = -EPERM;
}
-static int flask_resource_plug_core(void)
+static int cf_check flask_resource_plug_core(void)
{
return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE, RESOURCE__PLUG, NULL);
}
-static int flask_resource_unplug_core(void)
+static int cf_check flask_resource_unplug_core(void)
{
return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE, RESOURCE__UNPLUG, NULL);
}
return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE, RESOURCE__USE, NULL);
}
-static int flask_resource_plug_pci(uint32_t machine_bdf)
+static int cf_check flask_resource_plug_pci(uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__PLUG, &ad);
}
-static int flask_resource_unplug_pci(uint32_t machine_bdf)
+static int cf_check flask_resource_unplug_pci(uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__UNPLUG, &ad);
}
-static int flask_resource_setup_pci(uint32_t machine_bdf)
+static int cf_check flask_resource_setup_pci(uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__SETUP, &ad);
}
-static int flask_resource_setup_gsi(int gsi)
+static int cf_check flask_resource_setup_gsi(int gsi)
{
u32 rsid;
int rc = -EPERM;
return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__SETUP, &ad);
}
-static int flask_resource_setup_misc(void)
+static int cf_check flask_resource_setup_misc(void)
{
return avc_current_has_perm(SECINITSID_XEN, SECCLASS_RESOURCE, RESOURCE__SETUP, NULL);
}
-static inline int flask_page_offline(uint32_t cmd)
+static inline int cf_check flask_page_offline(uint32_t cmd)
{
switch (cmd) {
case sysctl_page_offline:
}
}
-static inline int flask_hypfs_op(void)
+static inline int cf_check flask_hypfs_op(void)
{
return domain_has_xen(current->domain, XEN__HYPFS_OP);
}
-static int flask_add_to_physmap(struct domain *d1, struct domain *d2)
+static int cf_check flask_add_to_physmap(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PHYSMAP);
}
-static int flask_remove_from_physmap(struct domain *d1, struct domain *d2)
+static int cf_check flask_remove_from_physmap(
+ struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PHYSMAP);
}
-static int flask_map_gmfn_foreign(struct domain *d, struct domain *t)
+static int cf_check flask_map_gmfn_foreign(struct domain *d, struct domain *t)
{
return domain_has_perm(d, t, SECCLASS_MMU, MMU__MAP_READ | MMU__MAP_WRITE);
}
-static int flask_hvm_param(struct domain *d, unsigned long op)
+static int cf_check flask_hvm_param(struct domain *d, unsigned long op)
{
u32 perm;
return current_has_perm(d, SECCLASS_HVM, perm);
}
-static int flask_hvm_param_altp2mhvm(struct domain *d)
+static int cf_check flask_hvm_param_altp2mhvm(struct domain *d)
{
return current_has_perm(d, SECCLASS_HVM, HVM__ALTP2MHVM);
}
-static int flask_hvm_altp2mhvm_op(struct domain *d, uint64_t mode, uint32_t op)
+static int cf_check flask_hvm_altp2mhvm_op(struct domain *d, uint64_t mode, uint32_t op)
{
/*
* Require both mode and XSM to allow the operation. Assume XSM rules
return current_has_perm(d, SECCLASS_HVM, HVM__ALTP2MHVM_OP);
}
-static int flask_vm_event_control(struct domain *d, int mode, int op)
+static int cf_check flask_vm_event_control(struct domain *d, int mode, int op)
{
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__VM_EVENT);
}
#ifdef CONFIG_MEM_ACCESS
-static int flask_mem_access(struct domain *d)
+static int cf_check flask_mem_access(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__MEM_ACCESS);
}
#endif
#ifdef CONFIG_MEM_PAGING
-static int flask_mem_paging(struct domain *d)
+static int cf_check flask_mem_paging(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__MEM_PAGING);
}
#endif
#ifdef CONFIG_MEM_SHARING
-static int flask_mem_sharing(struct domain *d)
+static int cf_check flask_mem_sharing(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__MEM_SHARING);
}
#endif
#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI)
-static int flask_get_device_group(uint32_t machine_bdf)
+static int cf_check flask_get_device_group(uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE, NULL);
}
-static int flask_assign_device(struct domain *d, uint32_t machine_bdf)
+static int cf_check flask_assign_device(struct domain *d, uint32_t machine_bdf)
{
u32 dsid, rsid;
int rc = -EPERM;
return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, dperm, &ad);
}
-static int flask_deassign_device(struct domain *d, uint32_t machine_bdf)
+static int cf_check flask_deassign_device(
+ struct domain *d, uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
NULL);
}
-static int flask_assign_dtdevice(struct domain *d, const char *dtpath)
+static int cf_check flask_assign_dtdevice(struct domain *d, const char *dtpath)
{
u32 dsid, rsid;
int rc = -EPERM;
return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, dperm, &ad);
}
-static int flask_deassign_dtdevice(struct domain *d, const char *dtpath)
+static int cf_check flask_deassign_dtdevice(
+ struct domain *d, const char *dtpath)
{
u32 rsid;
int rc = -EPERM;
}
#endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */
-static int flask_platform_op(uint32_t op)
+static int cf_check flask_platform_op(uint32_t op)
{
switch ( op )
{
}
#ifdef CONFIG_X86
-static int flask_do_mca(void)
+static int cf_check flask_do_mca(void)
{
return domain_has_xen(current->domain, XEN__MCA_OP);
}
-static int flask_shadow_control(struct domain *d, uint32_t op)
+static int cf_check flask_shadow_control(struct domain *d, uint32_t op)
{
u32 perm;
u32 use_perm;
};
-static int _ioport_has_perm(void *v, u32 sid, unsigned long start, unsigned long end)
+static int cf_check _ioport_has_perm(
+ void *v, u32 sid, unsigned long start, unsigned long end)
{
struct ioport_has_perm_data *data = v;
struct avc_audit_data ad;
return avc_has_perm(data->dsid, sid, SECCLASS_RESOURCE, data->use_perm, &ad);
}
-static int flask_ioport_permission(struct domain *d, uint32_t start, uint32_t end, uint8_t access)
+static int cf_check flask_ioport_permission(
+ struct domain *d, uint32_t start, uint32_t end, uint8_t access)
{
int rc;
struct ioport_has_perm_data data;
return security_iterate_ioport_sids(start, end, _ioport_has_perm, &data);
}
-static int flask_ioport_mapping(struct domain *d, uint32_t start, uint32_t end, uint8_t access)
+static int cf_check flask_ioport_mapping(
+ struct domain *d, uint32_t start, uint32_t end, uint8_t access)
{
return flask_ioport_permission(d, start, end, access);
}
-static int flask_mem_sharing_op(struct domain *d, struct domain *cd, int op)
+static int cf_check flask_mem_sharing_op(
+ struct domain *d, struct domain *cd, int op)
{
int rc = current_has_perm(cd, SECCLASS_HVM, HVM__MEM_SHARING);
if ( rc )
return domain_has_perm(d, cd, SECCLASS_HVM, HVM__SHARE_MEM);
}
-static int flask_apic(struct domain *d, int cmd)
+static int cf_check flask_apic(struct domain *d, int cmd)
{
u32 perm;
return domain_has_xen(d, perm);
}
-static int flask_machine_memory_map(void)
+static int cf_check flask_machine_memory_map(void)
{
return avc_current_has_perm(SECINITSID_XEN, SECCLASS_MMU, MMU__MEMORYMAP, NULL);
}
-static int flask_domain_memory_map(struct domain *d)
+static int cf_check flask_domain_memory_map(struct domain *d)
{
return current_has_perm(d, SECCLASS_MMU, MMU__MEMORYMAP);
}
-static int flask_mmu_update(struct domain *d, struct domain *t,
- struct domain *f, uint32_t flags)
+static int cf_check flask_mmu_update(
+ struct domain *d, struct domain *t, struct domain *f, uint32_t flags)
{
int rc = 0;
u32 map_perms = 0;
return rc;
}
-static int flask_mmuext_op(struct domain *d, struct domain *f)
+static int cf_check flask_mmuext_op(struct domain *d, struct domain *f)
{
return domain_has_perm(d, f, SECCLASS_MMU, MMU__MMUEXT_OP);
}
-static int flask_update_va_mapping(struct domain *d, struct domain *f,
- l1_pgentry_t pte)
+static int cf_check flask_update_va_mapping(
+ struct domain *d, struct domain *f, l1_pgentry_t pte)
{
u32 map_perms = MMU__MAP_READ;
if ( !(l1e_get_flags(pte) & _PAGE_PRESENT) )
return domain_has_perm(d, f, SECCLASS_MMU, map_perms);
}
-static int flask_priv_mapping(struct domain *d, struct domain *t)
+static int cf_check flask_priv_mapping(struct domain *d, struct domain *t)
{
return domain_has_perm(d, t, SECCLASS_MMU, MMU__TARGET_HACK);
}
-static int flask_pmu_op (struct domain *d, unsigned int op)
+static int cf_check flask_pmu_op(struct domain *d, unsigned int op)
{
u32 dsid = domain_sid(d);
}
#endif /* CONFIG_X86 */
-static int flask_dm_op(struct domain *d)
+static int cf_check flask_dm_op(struct domain *d)
{
return current_has_perm(d, SECCLASS_HVM, HVM__DM);
}
-static int flask_xen_version (uint32_t op)
+static int cf_check flask_xen_version(uint32_t op)
{
u32 dsid = domain_sid(current->domain);
}
}
-static int flask_domain_resource_map(struct domain *d)
+static int cf_check flask_domain_resource_map(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__RESOURCE_MAP);
}
#ifdef CONFIG_ARGO
-static int flask_argo_enable(const struct domain *d)
+static int cf_check flask_argo_enable(const struct domain *d)
{
return avc_has_perm(domain_sid(d), SECINITSID_XEN, SECCLASS_ARGO,
ARGO__ENABLE, NULL);
}
-static int flask_argo_register_single_source(const struct domain *d,
- const struct domain *t)
+static int cf_check flask_argo_register_single_source(
+ const struct domain *d, const struct domain *t)
{
return domain_has_perm(d, t, SECCLASS_ARGO,
ARGO__REGISTER_SINGLE_SOURCE);
}
-static int flask_argo_register_any_source(const struct domain *d)
+static int cf_check flask_argo_register_any_source(const struct domain *d)
{
return avc_has_perm(domain_sid(d), SECINITSID_XEN, SECCLASS_ARGO,
ARGO__REGISTER_ANY_SOURCE, NULL);
}
-static int flask_argo_send(const struct domain *d, const struct domain *t)
+static int cf_check flask_argo_send(
+ const struct domain *d, const struct domain *t)
{
return domain_has_perm(d, t, SECCLASS_ARGO, ARGO__SEND);
}
#include <public/xen.h>
-long do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op);
-int compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op);
+long cf_check do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op);
+int cf_check compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op);
#endif /* XSM_FLASK_PRIVATE */
is_control_domain(rdom) || ldom == rdom);
}
-static int silo_evtchn_unbound(struct domain *d1, struct evtchn *chn,
- domid_t id2)
+static int cf_check silo_evtchn_unbound(
+ struct domain *d1, struct evtchn *chn, domid_t id2)
{
int rc = -EPERM;
struct domain *d2 = rcu_lock_domain_by_any_id(id2);
return rc;
}
-static int silo_evtchn_interdomain(struct domain *d1, struct evtchn *chan1,
- struct domain *d2, struct evtchn *chan2)
+static int cf_check silo_evtchn_interdomain(
+ struct domain *d1, struct evtchn *chan1,
+ struct domain *d2, struct evtchn *chan2)
{
if ( silo_mode_dom_check(d1, d2) )
return xsm_evtchn_interdomain(d1, chan1, d2, chan2);
return -EPERM;
}
-static int silo_grant_mapref(struct domain *d1, struct domain *d2,
- uint32_t flags)
+static int cf_check silo_grant_mapref(
+ struct domain *d1, struct domain *d2, uint32_t flags)
{
if ( silo_mode_dom_check(d1, d2) )
return xsm_grant_mapref(d1, d2, flags);
return -EPERM;
}
-static int silo_grant_transfer(struct domain *d1, struct domain *d2)
+static int cf_check silo_grant_transfer(struct domain *d1, struct domain *d2)
{
if ( silo_mode_dom_check(d1, d2) )
return xsm_grant_transfer(d1, d2);
return -EPERM;
}
-static int silo_grant_copy(struct domain *d1, struct domain *d2)
+static int cf_check silo_grant_copy(struct domain *d1, struct domain *d2)
{
if ( silo_mode_dom_check(d1, d2) )
return xsm_grant_copy(d1, d2);
#ifdef CONFIG_ARGO
-static int silo_argo_register_single_source(const struct domain *d1,
- const struct domain *d2)
+static int cf_check silo_argo_register_single_source(
+ const struct domain *d1, const struct domain *d2)
{
if ( silo_mode_dom_check(d1, d2) )
return xsm_argo_register_single_source(d1, d2);
return -EPERM;
}
-static int silo_argo_send(const struct domain *d1, const struct domain *d2)
+static int cf_check silo_argo_send(
+ const struct domain *d1, const struct domain *d2)
{
if ( silo_mode_dom_check(d1, d2) )
return xsm_argo_send(d1, d2);
projects / people / royger / xen.git / commitdiff