[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/6] Flask: Support for ARM xentrace

To: Benjamin Sanda <ben.sanda@xxxxxxxxxxxxxxx>
From: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Date: Fri, 25 Mar 2016 15:27:32 -0400
Cc: Keir Fraser <keir@xxxxxxx>, Tim Deegan <tim@xxxxxxx>, Dario Faggioli <dario.faggioli@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Paul Sujkov <psujkov@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 25 Mar 2016 19:28:01 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Wed, Mar 16, 2016 at 01:51:34PM -0700, Benjamin Sanda wrote:
> From: bensanda <ben.sanda@xxxxxxxxxxxxxxx>
> 
> Modified to provide support for xentrace on the ARM platform. Added flask 
> credential to allow dom0 dom_xen mapping and write access for trace buffers.

So .. what does that mean?

Is that something xentrace requests? Why is this ARM specific?
Looking at xsm_sysctl and how the trace is setup it checks for
XEN__TBUFCONTROL?

But this is more specific?
> 
> Signed-off-by: Benjamin Sanda <ben.sanda@xxxxxxxxxxxxxxx>
> ---
>  tools/flask/policy/policy/modules/xen/xen.te | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/tools/flask/policy/policy/modules/xen/xen.te 
> b/tools/flask/policy/policy/modules/xen/xen.te
> index d35ae22..41d276a 100644
> --- a/tools/flask/policy/policy/modules/xen/xen.te
> +++ b/tools/flask/policy/policy/modules/xen/xen.te
> @@ -90,6 +90,8 @@ allow dom0_t dom0_t:domain2 {
>  };
>  allow dom0_t dom0_t:resource { add remove };
>  
> +allow dom0_t domxen_t:mmu { memorymap map_write };
> +
>  # These permissions allow using the FLASK security server to compute access
>  # checks locally, which could be used by a domain or service (such as 
> xenstore)
>  # that does not have its own security server to make access decisions based 
> on
> -- 
> 2.7.2
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxx
> http://lists.xen.org/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 1/6] Flask: Support for ARM xentrace
  - From: Ben Sanda

References:
- [Xen-devel] [PATCH 0/6] xentrace/xenalyze support on ARM
  - From: Benjamin Sanda
- [Xen-devel] [PATCH 1/6] Flask: Support for ARM xentrace
  - From: Benjamin Sanda

Prev by Date: Re: [Xen-devel] [PATCH] Mini-OS: netfront: fix off-by-one error introduced in 7c8f3483
Next by Date: Re: [Xen-devel] [PATCH 6/6] xentrace: ARM platform timestamp support
Previous by thread: Re: [Xen-devel] [PATCH 1/6] Flask: Support for ARM xentrace
Next by thread: Re: [Xen-devel] [PATCH 1/6] Flask: Support for ARM xentrace
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.