xenbits.xensource.com Git - xen.git/commit

author	Michal Orzel <michal.orzel@amd.com>
	Tue, 7 Jan 2025 09:27:18 +0000 (10:27 +0100)
committer	Michal Orzel <michal.orzel@amd.com>
	Wed, 8 Jan 2025 12:05:50 +0000 (13:05 +0100)
commit	7fa1411676150634b1d6ca030e53b94c26a949dd
tree	ff861062ceee528bc68785f47cf1e8df7b1e489d	tree
parent	29daa72e4019aae92f857cf6e7e0c3ca8fb1483e	commit \| diff

xen/flask: Wire up XEN_DOMCTL_dt_overlay

Addition of FLASK permission for this hypercall was overlooked in the
original patch. Fix it. The only dt overlay operation is attaching that can
happen only after the domain is created. Dom0 can attach overlay to itself
as well.

Fixes: 4c733873b5c2 ("xen/arm: Add XEN_DOMCTL_dt_overlay and device attachment to domains")
Signed-off-by: Michal Orzel <michal.orzel@amd.com>
Release-Acked-By: Oleksii Kurochko <oleksii.kurochko@gmail.com>
Acked-by: Daniel P. Smith <dpsmith@apertussolutions.com>

tools/flask/policy/modules/dom0.te		diff \| blob \| blame \| history
tools/flask/policy/modules/xen.if		diff \| blob \| blame \| history
xen/xsm/flask/hooks.c		diff \| blob \| blame \| history
xen/xsm/flask/policy/access_vectors		diff \| blob \| blame \| history