motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-04 00:03:54 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

hw/xen: Implement XenStore permissions

Browse source 
Store perms as a GList of strings, check permissions.

Signed-off-by: Paul Durrant <pdurrant@amazon.com>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
This commit is contained in:
Paul Durrant 2023-01-23 16:21:16 +00:00 committed by David Woodhouse
parent 7cabbdb70d
commit be1934dfef
4 changed files with 275 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

27
tests/unit/test-xs-node.c
View file

@ -80,8 +80,9 @@ static void watch_cb(void *_str, const char *path, const char *token)
static XenstoreImplState *setup(void)
{
XenstoreImplState *s = xs_impl_create();
XenstoreImplState *s = xs_impl_create(DOMID_GUEST);
char *abspath;
GList *perms;
int err;
abspath = g_strdup_printf("/local/domain/%u", DOMID_GUEST);
@ -90,6 +91,13 @@ static XenstoreImplState *setup(void)
g_assert(!err);
g_assert(s->nr_nodes == 4);
perms = g_list_append(NULL, g_strdup_printf("n%u", DOMID_QEMU));
perms = g_list_append(perms, g_strdup_printf("r%u", DOMID_GUEST));
err = xs_impl_set_perms(s, DOMID_QEMU, XBT_NULL, abspath, perms);
g_assert(!err);
g_list_free_full(perms, g_free);
g_free(abspath);
abspath = g_strdup_printf("/local/domain/%u/some", DOMID_GUEST);
@ -98,6 +106,12 @@ static XenstoreImplState *setup(void)
g_assert(!err);
g_assert(s->nr_nodes == 5);
perms = g_list_append(NULL, g_strdup_printf("n%u", DOMID_GUEST));
err = xs_impl_set_perms(s, DOMID_QEMU, XBT_NULL, abspath, perms);
g_assert(!err);
g_list_free_full(perms, g_free);
g_free(abspath);
return s;
@ -166,6 +180,12 @@ static void test_xs_node_simple(void)
/* Keep a copy, to force COW mode */
old_root = xs_node_ref(s->root);
/* Write somewhere we aren't allowed, in COW mode */
err = write_str(s, DOMID_GUEST, XBT_NULL, "/local/domain/badplace",
"moredata");
g_assert(err == EACCES);
g_assert(s->nr_nodes == 7);
/* Write works again */
err = write_str(s, DOMID_GUEST, XBT_NULL,
"/local/domain/1/some/relative/path2",
@ -226,6 +246,11 @@ static void test_xs_node_simple(void)
g_assert(!err);
g_assert(s->nr_nodes == 8);
/* Write somewhere we aren't allowed */
err = write_str(s, DOMID_GUEST, XBT_NULL, "/local/domain/badplace",
"moredata");
g_assert(err == EACCES);
g_assert(!strcmp(guest_watches->str,
"/local/domain/1/some/relativewatchrel"));
g_string_truncate(guest_watches, 0);