Changes from v1:
- Change c->context and c->sid from arrays to fields when shrinking
- Keep struct xen_flask_userlist in headers, but guard it with #ifs
- Split off Kconfig changes into their own patches
- Add patch 16 (AVC_STATS in Kconfig)
- Prevent free() of static data in xsm_dt_init
FLASK policy updates:
[PATCH 01/17] flask/policy: split into modules
[PATCH 02/17] flask/policy: split out rules for system_r
[PATCH 03/17] flask/policy: move user definitions and constraints
[PATCH 04/17] flask/policy: remove unused support for binary modules
[PATCH 05/17] flask/policy: xenstore stubdom policy
[PATCH 06/17] flask/policy: remove unused example
Hypervisor updates to the FLASK security server:
[PATCH 07/17] flask: unify {get,set}vcpucontext permissions
[PATCH 08/17] flask: remove unused secondary context in ocontext
[PATCH 09/17] flask: remove unused AVC callback functions
[PATCH 10/17] flask: remove xen_flask_userlist operation
[PATCH 11/17] flask: improve unknown permission handling
Hypervisor updates to the XSM framework (and its config):
[PATCH 12/17] xen/xsm: remove .xsm_initcall.init section
[PATCH 13/17] xen: fix FLASK dependency in Kconfig
[PATCH 14/17] xsm: annotate setup functions with __init
[PATCH 15/17] xsm: clean up unregistration
[PATCH 16/17] xen: Make FLASK_AVC_STATS kconfig option visible
[PATCH 17/17] xsm: add a default policy to .init.data
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
