From mboxrd@z Thu Jan  1 00:00:00 1970
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: Re: [PATCH v4 25/33] xen/xsm: Add helpers to check
 permission for device tree passthrough
Date: Tue, 31 Mar 2015 13:12:38 -0400
Message-ID: <551AD586.1080203@tycho.nsa.gov>
References: <1426793399-6283-1-git-send-email-julien.grall@linaro.org>
	<1426793399-6283-26-git-send-email-julien.grall@linaro.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta14.messagelabs.com ([193.109.254.103])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <dgdegra@tycho.nsa.gov>) id 1Ycziv-0007qb-Do
	for xen-devel@lists.xenproject.org; Tue, 31 Mar 2015 17:13:09 +0000
In-Reply-To: <1426793399-6283-26-git-send-email-julien.grall@linaro.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Julien Grall <julien.grall@linaro.org>, xen-devel@lists.xenproject.org
Cc: stefano.stabellini@citrix.com, tim@xen.org, ian.campbell@citrix.com
List-Id: xen-devel@lists.xenproject.org

On 03/19/2015 03:29 PM, Julien Grall wrote:
> This is a follow-up of commit 525ee49 "xsm: add device tree labeling
> support" which add support for device tree labelling in flask.
>
> Those helpers will be use latter when non-pci passthrough (i.e device
> tree) will be added.
>
> Signed-off-by: Julien Grall <julien.grall@linaro.org>

Looks good to me with one assumption below.

Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

[...]
> diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c
> index b1a4f8a..31bc702 100644
> --- a/xen/xsm/flask/avc.c
> +++ b/xen/xsm/flask/avc.c
> @@ -600,6 +600,9 @@ void avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested,
>       case AVC_AUDIT_DATA_MEMORY:
>           avc_printk(&buf, "pte=%#lx mfn=%#lx ", a->memory.pte, a->memory.mfn);
>           break;
> +    case AVC_AUDIT_DATA_DTDEV:
> +        avc_printk(&buf, "dtdevice=%s ", a->dtdev);
> +        break;
>       }
>
>       avc_dump_query(&buf, ssid, tsid, tclass);

This output could be end up being ambiguous if a device tree path can contain
spaces.  Am I correct in assuming that they are invalid in device tree paths?

-- 
Daniel De Graaf
National Security Agency