From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [PATCH 3/4] flask: check permissions first thing in flask_security_set_bool() Date: Fri, 7 Feb 2014 12:57:39 +0000 Message-ID: <52F4D843.5070407@citrix.com> References: <52F4B840020000780011A1E2@nat28.tlf.novell.com> <52F4B9DC020000780011A1F6@nat28.tlf.novell.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6445427778366527671==" Return-path: Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1WBl03-000392-P1 for xen-devel@lists.xenproject.org; Fri, 07 Feb 2014 12:57:43 +0000 In-Reply-To: <52F4B9DC020000780011A1F6@nat28.tlf.novell.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Jan Beulich Cc: George Dunlap , xen-devel , dgdegra@tycho.nsa.gov List-Id: xen-devel@lists.xenproject.org --===============6445427778366527671== Content-Type: multipart/alternative; boundary="------------090608040508030803070205" --------------090608040508030803070205 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit On 07/02/14 09:47, Jan Beulich wrote: > Nothing else should be done if the caller isn't permitted to set > boolean values. > > Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper > > --- a/xen/xsm/flask/flask_op.c > +++ b/xen/xsm/flask/flask_op.c > @@ -326,11 +326,11 @@ static int flask_security_set_bool(struc > { > int rv; > > - rv = flask_security_resolve_bool(arg); > + rv = domain_has_security(current->domain, SECURITY__SETBOOL); > if ( rv ) > return rv; > > - rv = domain_has_security(current->domain, SECURITY__SETBOOL); > + rv = flask_security_resolve_bool(arg); > if ( rv ) > return rv; > > > > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel --------------090608040508030803070205 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit
On 07/02/14 09:47, Jan Beulich wrote:
Nothing else should be done if the caller isn't permitted to set
boolean values.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>


--- a/xen/xsm/flask/flask_op.c
+++ b/xen/xsm/flask/flask_op.c
@@ -326,11 +326,11 @@ static int flask_security_set_bool(struc
 {
     int rv;
 
-    rv = flask_security_resolve_bool(arg);
+    rv = domain_has_security(current->domain, SECURITY__SETBOOL);
     if ( rv )
         return rv;
 
-    rv = domain_has_security(current->domain, SECURITY__SETBOOL);
+    rv = flask_security_resolve_bool(arg);
     if ( rv )
         return rv;
 






_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

--------------090608040508030803070205-- --===============6445427778366527671== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel --===============6445427778366527671==--