On Thu, Oct 23, 2025 at 01:54:24PM +0200, Markus Armbruster wrote: > Daniel P. Berrangé <[email protected]> writes: > > > This wires up the DeviceClass types to have their > > security checked when devices are created. > > > > Signed-off-by: Daniel P. Berrangé <[email protected]> > > --- > > system/qdev-monitor.c | 9 +++++++++ > > 1 file changed, 9 insertions(+) > > > > diff --git a/system/qdev-monitor.c b/system/qdev-monitor.c > > index 2ac92d0a07..520fe5c495 100644 > > --- a/system/qdev-monitor.c > > +++ b/system/qdev-monitor.c > > @@ -43,6 +43,8 @@ > > #include "hw/qdev-properties.h" > > #include "hw/clock.h" > > #include "hw/boards.h" > > +#include "qapi/compat-policy.h" > > + > > > > /* > > * Aliases were a bad idea from the start. Let's keep them > > @@ -644,6 +646,13 @@ DeviceState *qdev_device_add_from_qdict(const QDict > > *opts, > > return NULL; > > } > > > > + if (!compat_policy_check_security(&compat_policy, > > + > > object_class_get_name(OBJECT_CLASS(dc)), > > + > > object_class_is_secure(OBJECT_CLASS(dc)), > > + errp)) { > > + return NULL; > > + } > > + > > /* find bus */ > > path = qdict_get_try_str(opts, "bus"); > > if (path != NULL) { > > All users of compat_policy_check_security() in this series pass > > object_class_get_name(<the-object>), > object_class_is_secure(<the-object>), > > Have you considered passing just <the-object> instead?
That would make qapi/qapi-compat.c have a dependency on QOM which I felt was undesirable. What I could do, however, is introduced a object_check_security method in qom/object.c that calls into compat_policy_check_security, so we simplify the callers. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
