Daniel P. Berrangé <[email protected]> writes:
> This wires up the DeviceClass types to have their
> security checked when devices are created.
>
> Signed-off-by: Daniel P. Berrangé <[email protected]>
> ---
> system/qdev-monitor.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/system/qdev-monitor.c b/system/qdev-monitor.c
> index 2ac92d0a07..520fe5c495 100644
> --- a/system/qdev-monitor.c
> +++ b/system/qdev-monitor.c
> @@ -43,6 +43,8 @@
> #include "hw/qdev-properties.h"
> #include "hw/clock.h"
> #include "hw/boards.h"
> +#include "qapi/compat-policy.h"
> +
>
> /*
> * Aliases were a bad idea from the start. Let's keep them
> @@ -644,6 +646,13 @@ DeviceState *qdev_device_add_from_qdict(const QDict
> *opts,
> return NULL;
> }
>
> + if (!compat_policy_check_security(&compat_policy,
> +
> object_class_get_name(OBJECT_CLASS(dc)),
> +
> object_class_is_secure(OBJECT_CLASS(dc)),
> + errp)) {
> + return NULL;
> + }
> +
> /* find bus */
> path = qdict_get_try_str(opts, "bus");
> if (path != NULL) {
All users of compat_policy_check_security() in this series pass
object_class_get_name(<the-object>),
object_class_is_secure(<the-object>),
Have you considered passing just <the-object> instead?
