Re: [Xen-devel] [PATCH] flask: fix build after the introduction of DMOP

2017-01-26 Thread Daniel De Graaf 

On 01/25/2017 05:43 AM, Wei Liu wrote:

In 58cbc034 send_irq permission was removed but there was still
reference to it in policy file. Remove the stale reference.

And now we also need dm permission. Add that.

Signed-off-by: Wei Liu 


Acked-by: Daniel De Graaf 


___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH] flask: fix build after the introduction of DMOP

2017-01-26 Thread Wei Liu 
On Thu, Jan 26, 2017 at 10:22:52AM +, Wei Liu wrote:
> On Wed, Jan 25, 2017 at 10:43:11AM +, Wei Liu wrote:
> > In 58cbc034 send_irq permission was removed but there was still
> > reference to it in policy file. Remove the stale reference.
> > 
> > And now we also need dm permission. Add that.
> > 
> > Signed-off-by: Wei Liu 
> > ---
> > Cc: Daniel De Graaf 
> 
> FAOD: Daniel I will need you ack before I can apply these two patches.

Actually I'm going to commit these patches now because staging is
blocked, so this is a bit urgent.

Daniel, please review them all the same and tell us if you think things
should be done differently. I will then post incremental patch for that.

Wei.

___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH] flask: fix build after the introduction of DMOP

2017-01-26 Thread Wei Liu 
On Wed, Jan 25, 2017 at 10:43:11AM +, Wei Liu wrote:
> In 58cbc034 send_irq permission was removed but there was still
> reference to it in policy file. Remove the stale reference.
> 
> And now we also need dm permission. Add that.
> 
> Signed-off-by: Wei Liu 
> ---
> Cc: Daniel De Graaf 

FAOD: Daniel I will need you ack before I can apply these two patches.

___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH] flask: fix build after the introduction of DMOP

2017-01-25 Thread Paul Durrant 
> -Original Message-
> From: Wei Liu [mailto:wei.l...@citrix.com]
> Sent: 25 January 2017 10:43
> To: Xen-devel 
> Cc: Wei Liu ; Daniel De Graaf
> ; Paul Durrant ; Ian
> Jackson 
> Subject: [PATCH] flask: fix build after the introduction of DMOP
> 
> In 58cbc034 send_irq permission was removed but there was still
> reference to it in policy file. Remove the stale reference.
> 
> And now we also need dm permission. Add that.
> 
> Signed-off-by: Wei Liu 
> ---
> Cc: Daniel De Graaf 
> Cc: Paul Durrant 
> Cc: Ian Jackson 
> 
> Staging is currently broken.

Sorry about that.

Reviewed-by: Paul Durrant 

> ---
>  tools/flask/policy/modules/xen.if   | 2 +-
>  xen/xsm/flask/policy/access_vectors | 2 ++
>  2 files changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/flask/policy/modules/xen.if
> b/tools/flask/policy/modules/xen.if
> index 45e5cea04f..f5d254f053 100644
> --- a/tools/flask/policy/modules/xen.if
> +++ b/tools/flask/policy/modules/xen.if
> @@ -58,7 +58,7 @@ define(`create_domain_common', `
>   allow $1 $2:mmu { map_read map_write adjust memorymap
> physmap pinpage mmuext_op updatemp };
>   allow $1 $2:grant setup;
>   allow $1 $2:hvm { cacheattr getparam hvmctl sethvmc
> - setparam nested altp2mhvm altp2mhvm_op
> send_irq };
> + setparam nested altp2mhvm altp2mhvm_op };
>  ')
> 
>  # create_domain(priv, target)
> diff --git a/xen/xsm/flask/policy/access_vectors
> b/xen/xsm/flask/policy/access_vectors
> index 36a7df9394..1f7eb35fc8 100644
> --- a/xen/xsm/flask/policy/access_vectors
> +++ b/xen/xsm/flask/policy/access_vectors
> @@ -284,6 +284,8 @@ class hvm
>  # HVMOP_altp2m_destroy_p2m HVMOP_altp2m_switch_p2m
>  # HVMOP_altp2m_set_mem_access HVMOP_altp2m_change_gfn
>  altp2mhvm_op
> +# DMOP
> +dm
>  }
> 
>  # Class event describes event channels.  Interdomain event channels have
> their
> --
> 2.11.0


___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

[Xen-devel] [PATCH] flask: fix build after the introduction of DMOP

2017-01-25 Thread Wei Liu 
In 58cbc034 send_irq permission was removed but there was still
reference to it in policy file. Remove the stale reference.

And now we also need dm permission. Add that.

Signed-off-by: Wei Liu 
---
Cc: Daniel De Graaf 
Cc: Paul Durrant 
Cc: Ian Jackson 

Staging is currently broken.
---
 tools/flask/policy/modules/xen.if   | 2 +-
 xen/xsm/flask/policy/access_vectors | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/tools/flask/policy/modules/xen.if 
b/tools/flask/policy/modules/xen.if
index 45e5cea04f..f5d254f053 100644
--- a/tools/flask/policy/modules/xen.if
+++ b/tools/flask/policy/modules/xen.if
@@ -58,7 +58,7 @@ define(`create_domain_common', `
allow $1 $2:mmu { map_read map_write adjust memorymap physmap pinpage 
mmuext_op updatemp };
allow $1 $2:grant setup;
allow $1 $2:hvm { cacheattr getparam hvmctl sethvmc
-   setparam nested altp2mhvm altp2mhvm_op send_irq };
+   setparam nested altp2mhvm altp2mhvm_op };
 ')
 
 # create_domain(priv, target)
diff --git a/xen/xsm/flask/policy/access_vectors 
b/xen/xsm/flask/policy/access_vectors
index 36a7df9394..1f7eb35fc8 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -284,6 +284,8 @@ class hvm
 # HVMOP_altp2m_destroy_p2m HVMOP_altp2m_switch_p2m
 # HVMOP_altp2m_set_mem_access HVMOP_altp2m_change_gfn
 altp2mhvm_op
+# DMOP
+dm
 }
 
 # Class event describes event channels.  Interdomain event channels have their
-- 
2.11.0


___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel