On 03/18/2016 05:48 AM, Fu Wei wrote:
Hi Jan,
On 18 March 2016 at 16:24, Jan Beulich JBeulich@suse.com wrote:
On 18.03.16 at 08:41, fu.wei@linaro.org wrote:
--- a/xen/arch/arm/bootfdt.c +++ b/xen/arch/arm/bootfdt.c @@ -163,6 +163,36 @@ static void __init process_memory_node(const void *fdt, int node, } }
+static bool __init check_xsm_signature(const void *fdt, int node,
const char *name,
u32 address_cells, u32 size_cells)
+{
- uint32_t selinux_magic = 0xf97cff8c;
So this would be the 3rd instance of this literal number in the source base. I would have wanted to suggest using one of the two constants we already have, but I don't know which one to pick.
Daniel - why do we have both XSM_MAGIC and FLASK_MAGIC?
I think the intent was that FLASK_MAGIC be the primary source of the constant with XSM_MAGIC set to that value when FLASK was the chosen XSM module. With the relative locations of the definitions in Xen, this ended up duplicating the literal which isn't quite as nice. I would be fine with consolidating either way; perhaps move FLASK_MAGIC into xsm.h and conditionally define XSM_MAGIC to reference it?
Ah, Sorry for that , I didn't know we already have these definition.
OK, I think we should use XSM_MAGIC, and I think FLASK_MAGIC should be "XenFlask". Please correct me if I misunderstand something.
These constants are also defined as POLICYDB_MAGIC and POLICYDB_STRING in xen/xsm/flask/ss/policydb.h (that will probably need to be moved if you want to use them elsewhere).
The hypervisor also supports loading policies whose magic type declares them to be SELinux policy, but I think it's fine if ARM requires that the policy be built targeting Xen - the build has done that for a while, and the original reason (older versions of checkpolicy didn't support creating xen-type policy) is no longer an issue.