This introduces a new flag "secure" against the Type/TypeInfo structs, and helpers to check this against the ObjectClass struct.
If an object is considered to provide a security boundary to protect against untrusted code, the "secure" flag must be explicitly set to true. If an object is considered to NOT provide protection against untrusted code, the "secure" flag must be explicitly set to false If the security protection of an object has not yet been evaluated and/or decided upon, the "secure" flag must not be initialized. It will be implicitly set to 'false' for the purposes of code querying the status. Signed-off-by: Daniel P. Berrangé <[email protected]> --- include/qom/object.h | 13 +++++++++++++ qom/object.c | 9 +++++++++ 2 files changed, 22 insertions(+) diff --git a/include/qom/object.h b/include/qom/object.h index 26df6137b9..9893be9ef8 100644 --- a/include/qom/object.h +++ b/include/qom/object.h @@ -453,6 +453,10 @@ struct Object * function. * @abstract: If this field is true, then the class is considered abstract and * cannot be directly instantiated. + * @secure: If this field is initialized to true, then the class is considered + * to provide a security boundary. If initialized to false, the class does + * not provide a security boundary. If uninitialized (and thus implicitly + * false) its status is not yet defined. * @class_size: The size of the class object (derivative of #ObjectClass) * for this object. If @class_size is 0, then the size of the class will be * assumed to be the size of the parent class. This allows a type to avoid @@ -485,6 +489,7 @@ struct TypeInfo void (*instance_finalize)(Object *obj); bool abstract; + bool secure; size_t class_size; void (*class_init)(ObjectClass *klass, const void *data); @@ -996,6 +1001,14 @@ const char *object_class_get_name(ObjectClass *klass); */ bool object_class_is_abstract(ObjectClass *klass); +/** + * object_class_is_secure: + * @klass: The class to check security of + * + * Returns: %true if @klass is declared to be secure, %false if not declared + */ +bool object_class_is_secure(ObjectClass *klass); + /** * object_class_by_name: * @typename: The QOM typename to obtain the class for. diff --git a/qom/object.c b/qom/object.c index a654765e0a..7e0921ae20 100644 --- a/qom/object.c +++ b/qom/object.c @@ -47,6 +47,7 @@ struct InterfaceImpl enum TypeImplFlags { TYPE_IMPL_FLAG_ABSTRACT = (1 << 0), + TYPE_IMPL_FLAG_SECURE = (1 << 1), }; struct TypeImpl @@ -134,6 +135,9 @@ static TypeImpl *type_new(const TypeInfo *info) if (info->abstract) { ti->flags |= TYPE_IMPL_FLAG_ABSTRACT; } + if (info->secure) { + ti->flags |= TYPE_IMPL_FLAG_SECURE; + } for (i = 0; info->interfaces && info->interfaces[i].type; i++) { ti->interfaces[i].typename = g_strdup(info->interfaces[i].type); @@ -1054,6 +1058,11 @@ bool object_class_is_abstract(ObjectClass *klass) return klass->type->flags & TYPE_IMPL_FLAG_ABSTRACT; } +bool object_class_is_secure(ObjectClass *klass) +{ + return klass->type->flags & TYPE_IMPL_FLAG_SECURE; +} + const char *object_class_get_name(ObjectClass *klass) { return klass->type->name; -- 2.50.1
