Xen project Mailing List

[Xen-changelog] [xen-unstable] flask/policy: Add boolean example

From: Xen patchbot-unstable <patchbot@xxxxxxx>

Date: Fri, 03 Feb 2012 21:59:53 +0000

Delivery-date: Fri, 03 Feb 2012 22:00:00 +0000

List-id: BK change log <xen-changelog.lists.xensource.com>

# HG changeset patch # User Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> # Date 1328196323 0 # Node ID 5201f4233dd549a77a2d46b4dbff65e789299a83 # Parent 2d956b5baeb00b1cd560805896a427d19dd97887 flask/policy: Add boolean example This shows an example boolean (prot_doms_locked) which can be set at runtime to prevent dom0 from mapping memory of domains of type prot_domU_t. Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> Committed-by: Keir Fraser <keir@xxxxxxx> --- diff -r 2d956b5baeb0 -r 5201f4233dd5 docs/misc/xsm-flask.txt --- a/docs/misc/xsm-flask.txt Thu Feb 02 15:24:53 2012 +0000 +++ b/docs/misc/xsm-flask.txt Thu Feb 02 15:25:23 2012 +0000 @@ -55,10 +55,11 @@ Once dom0 is running, the policy can be reloaded using "xl loadpolicy". The example policy included with Xen demonstrates most of the features of FLASK -that can be used without dom0 disaggregation. It has two main types for domUs: +that can be used without dom0 disaggregation. The main types for domUs are: - domU_t is a domain that can communicate with any other domU_t - isolated_domU_t can only communicate with dom0 + - prot_domU_t is a domain type whose creation can be disabled with a boolean One disadvantage of using type enforcement to enforce isolation is that a new type is needed for each group of domains. In addition, it is not possible to diff -r 2d956b5baeb0 -r 5201f4233dd5 tools/flask/policy/policy/modules/xen/xen.te --- a/tools/flask/policy/policy/modules/xen/xen.te Thu Feb 02 15:24:53 2012 +0000 +++ b/tools/flask/policy/policy/modules/xen/xen.te Thu Feb 02 15:25:23 2012 +0000 @@ -73,7 +73,7 @@ domain_self_comms(dom0_t) -auditallow dom0_t security_t:security { load_policy setenforce }; +auditallow dom0_t security_t:security { load_policy setenforce setbool }; ############################################################################### # @@ -92,6 +92,14 @@ manage_domain(dom0_t, isolated_domU_t) domain_comms(dom0_t, isolated_domU_t) +gen_bool(prot_doms_locked, false) +declare_domain(prot_domU_t) +if (!prot_doms_locked) { + create_domain(dom0_t, prot_domU_t) +} +domain_comms(dom0_t, prot_domU_t) +domain_comms(domU_t, prot_domU_t) + ############################################################################### # # Device delegation _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.