[Xen-changelog] [xen-unstable] flask/policy: add device model types to example policy

[Xen patchbot-unstable <patchbot@xxxxxxx>]

# HG changeset patch
# User Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
# Date 1328811949 0
# Node ID f341c34b6342d597b123e02db533a75a30f86197
# Parent  90fbc6b03d2f85577642c591d482ccc3dac532ae
flask/policy: add device model types to example policy

This adds an example user for device_model_stubdomain_seclabel.

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Committed-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
---


diff -r 90fbc6b03d2f -r f341c34b6342 docs/misc/xsm-flask.txt
--- a/docs/misc/xsm-flask.txt   Thu Feb 09 18:25:15 2012 +0000
+++ b/docs/misc/xsm-flask.txt   Thu Feb 09 18:25:49 2012 +0000
@@ -61,6 +61,10 @@
  - isolated_domU_t can only communicate with dom0
  - prot_domU_t is a domain type whose creation can be disabled with a boolean
 
+HVM domains with stubdomain device models use two types (one per domain):
+ - domHVM_t is an HVM domain that uses a stubdomain device model
+ - dm_dom_t is the device model for a domain with type domHVM_t
+
 One disadvantage of using type enforcement to enforce isolation is that a new
 type is needed for each group of domains. In addition, it is not possible to
 allow isolated_domU_t cannot to create loopback event channels without allowing
diff -r 90fbc6b03d2f -r f341c34b6342 
tools/flask/policy/policy/modules/xen/xen.if
--- a/tools/flask/policy/policy/modules/xen/xen.if      Thu Feb 09 18:25:15 
2012 +0000
+++ b/tools/flask/policy/policy/modules/xen/xen.if      Thu Feb 09 18:25:49 
2012 +0000
@@ -25,7 +25,7 @@
        allow $1 $2:shadow enable;
        allow $1 $2:mmu {map_read map_write adjust memorymap physmap pinpage};
        allow $1 $2:grant setup;
-       allow $1 $2:hvm { cacheattr getparam hvmctl irqlevel pciroute setparam 
};
+       allow $1 $2:hvm { cacheattr getparam hvmctl irqlevel pciroute setparam 
pcilevel trackdirtyvram };
        allow $1 $2_$1_channel:event create;
 ')
 
@@ -36,6 +36,7 @@
                        getaddrsize pause unpause trigger shutdown destroy
                        setvcpuaffinity setdomainmaxmem };
 ')
+
 
################################################################################
 #
 # Inter-domain communication
@@ -75,6 +76,14 @@
        allow $1 $1:grant { map_read map_write copy unmap };
 ')
 
+# device_model(dm_dom, hvm_dom)
+#   Define how a device model domain interacts with its target
+define(`device_model', `
+       domain_comms($1, $2)
+       allow $1 $2:domain { set_target shutdown };
+       allow $1 $2:mmu { map_read map_write adjust physmap };
+       allow $1 $2:hvm { getparam setparam trackdirtyvram hvmctl irqlevel 
pciroute };
+')
 
################################################################################
 #
 # Device types and delegation (PCI passthrough)
diff -r 90fbc6b03d2f -r f341c34b6342 
tools/flask/policy/policy/modules/xen/xen.te
--- a/tools/flask/policy/policy/modules/xen/xen.te      Thu Feb 09 18:25:15 
2012 +0000
+++ b/tools/flask/policy/policy/modules/xen/xen.te      Thu Feb 09 18:25:49 
2012 +0000
@@ -100,6 +100,19 @@
 domain_comms(dom0_t, prot_domU_t)
 domain_comms(domU_t, prot_domU_t)
 
+# domHVM_t is meant to be paired with a qemu-dm stub domain of type dm_dom_t
+declare_domain(domHVM_t)
+create_domain(dom0_t, domHVM_t)
+manage_domain(dom0_t, domHVM_t)
+domain_comms(dom0_t, domHVM_t)
+domain_self_comms(domHVM_t)
+
+declare_domain(dm_dom_t)
+create_domain(dom0_t, dm_dom_t)
+manage_domain(dom0_t, dm_dom_t)
+domain_comms(dom0_t, dm_dom_t)
+device_model(dm_dom_t, domHVM_t)
+
 ###############################################################################
 #
 # Device delegation

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog