On 02.05.2022 15:30, Daniel P. Smith wrote:
> @@ -188,14 +188,20 @@ static int cf_check flask_domain_alloc_security(struct
> domain *d)
>
> static int cf_check flask_set_system_active(void)
> {
> + struct domain_security_struct *dsec;
> struct domain *d = current->domain;
>
> + dsec = d->ssid;
> + ASSERT(dsec->sid == SECINITSID_XENBOOT);
What about ->self_sid, which ...
> +
> if ( d->domain_id != DOMID_IDLE )
> {
> printk("xsm_set_system_active should only be called by idle
> domain\n");
> return -EPERM;
> }
>
> + dsec->self_sid = dsec->sid = SECINITSID_XEN;
... you also overwrite here?
Jan
