[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] Revert "xsm: add a default policy to .init.data"

commit ea42b83dc25e7c7716c4dbc6542fde6aafbe7546
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Wed Jun 29 16:37:07 2016 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Jun 29 16:37:07 2016 +0200

    Revert "xsm: add a default policy to .init.data"
    
    This reverts commit 08cffe6696c047123bd552e095163924c8ef4353,
    which broke the ARM (32-bit) build.
---
 docs/misc/xen-command-line.markdown | 16 +++++++---------
 docs/misc/xsm-flask.txt             | 30 +++++++++++++++---------------
 xen/arch/arm/xen.lds.S              |  4 ----
 xen/arch/x86/xen.lds.S              |  5 -----
 xen/common/Kconfig                  | 17 -----------------
 xen/xsm/flask/Makefile              | 17 -----------------
 xen/xsm/xsm_core.c                  | 15 +--------------
 7 files changed, 23 insertions(+), 81 deletions(-)

diff --git a/docs/misc/xen-command-line.markdown 
b/docs/misc/xen-command-line.markdown
index 5500242..2a088ca 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -712,15 +712,13 @@ enabled by running either:
   with untrusted guests.  If a policy is provided by the bootloader, it will be
   loaded; errors will be reported to the ring buffer but will not prevent
   booting.  The policy can be changed to enforcing mode using "xl setenforce".
-* `enforcing`: This will cause the security server to enter enforcing mode 
prior
-  to the creation of domain 0.  If an valid policy is not provided by the
-  bootloader and no built-in policy is present, the hypervisor will not 
continue
-  booting.
-* `late`: This disables loading of the built-in security policy or the policy
-  provided by the bootloader.  FLASK will be enabled but will not enforce 
access
-  controls until a policy is loaded by a domain using "xl loadpolicy".  Once a
-  policy is loaded, FLASK will run in enforcing mode unless "xl setenforce" has
-  changed that setting.
+* `enforcing`: This requires a security policy to be provided by the bootloader
+  and will enter enforcing mode prior to the creation of domain 0.  If a valid
+  policy is not provided, the hypervisor will not continue booting.
+* `late`: This disables loading of the security policy from the bootloader.
+  FLASK will be enabled but will not enforce access controls until a policy is
+  loaded by a domain using "xl loadpolicy".  Once a policy is loaded, FLASK 
will
+  run in enforcing mode unless "xl setenforce" has changed that setting.
 * `disabled`: This causes the XSM framework to revert to the dummy module.  The
   dummy module provides the same security policy as is used when compiling the
   hypervisor without support for XSM.  The xsm\_op hypercall can also be used 
to
diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt
index 62f15dd..2f42585 100644
--- a/docs/misc/xsm-flask.txt
+++ b/docs/misc/xsm-flask.txt
@@ -141,21 +141,21 @@ only type enforcement is used and the user and role are 
set to system_u and
 system_r for all domains.
 
 The FLASK security framework is mostly configured using a security policy file.
-It relies on the SELinux compiler "checkpolicy"; if this is available, the
-policy will be compiled as part of the tools build.  If hypervisor support for 
a
-built-in policy is enabled ("Compile Xen with a built-in security policy"), the
-policy will be built during the hypervisor build.
-
-The policy is generated from definition files in tools/flask/policy.  Most
-changes to security policy will involve creating or modifying modules found in
-tools/flask/policy/modules/.  The modules.conf file there defines what modules
-are enabled and has short descriptions of each module.
-
-If not using the built-in policy, the XSM policy file needs to be copied to
-/boot and loaded as a module by grub.  The exact position and filename of the
-module does not matter as long as it is after the Xen kernel; it is normally
-placed either just above the dom0 kernel or at the end.  Once dom0 is running,
-the policy can be reloaded using "xl loadpolicy".
+This policy file is not normally generated during the Xen build process because
+it relies on the SELinux compiler "checkpolicy"; run
+
+       make -C tools/flask/policy
+
+to compile the example policy included with Xen. The policy is generated from
+definition files under this directory. Most changes to security policy will
+involve creating or modifying modules found in tools/flask/policy/modules/.  
The
+modules.conf file there defines what modules are enabled and has short
+descriptions of each module.
+
+The XSM policy file needs to be copied to /boot and loaded as a module by grub.
+The exact position of the module does not matter as long as it is after the Xen
+kernel; it is normally placed either just above the dom0 kernel or at the end.
+Once dom0 is running, the policy can be reloaded using "xl loadpolicy".
 
 The example policy included with Xen demonstrates most of the features of FLASK
 that can be used without dom0 disaggregation. The main types for domUs are:
diff --git a/xen/arch/arm/xen.lds.S b/xen/arch/arm/xen.lds.S
index 8736bc6..b18c9c2 100644
--- a/xen/arch/arm/xen.lds.S
+++ b/xen/arch/arm/xen.lds.S
@@ -155,10 +155,6 @@ SECTIONS
        *(.init.data.rel)
        *(.init.data.rel.*)
 
-       __xsm_init_policy_start = .;
-       *(.init.xsm_policy)
-       __xsm_init_policy_end = .;
-
        . = ALIGN(8);
        __ctors_start = .;
        *(.init_array)
diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S
index 6904979..d620e7a 100644
--- a/xen/arch/x86/xen.lds.S
+++ b/xen/arch/x86/xen.lds.S
@@ -167,11 +167,6 @@ SECTIONS
        *(.init.data)
        *(.init.data.rel)
        *(.init.data.rel.*)
-
-       __xsm_init_policy_start = .;
-       *(.init.xsm_policy)
-       __xsm_init_policy_end = .;
-
        . = ALIGN(4);
        __trampoline_rel_start = .;
        *(.trampoline_rel)
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index bcaf953..daab832 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -143,23 +143,6 @@ config FLASK_AVC_STATS
 
          If unsure, say Y.
 
-config XSM_POLICY
-       bool "Compile Xen with a built-in security policy"
-       default y
-       depends on XSM
-       ---help---
-         This includes a default XSM policy in the hypervisor so that the
-         bootloader does not need to load a policy to get sane behavior from an
-         XSM-enabled hypervisor.  If this is disabled, a policy must be
-         provided by the bootloader or by Domain 0.  Even if this is enabled, a
-         policy provided by the bootloader will override it.
-
-         This requires that the SELinux policy compiler (checkpolicy) be
-         available when compiling the hypervisor; if this tool is not found, no
-         policy will be added.
-
-         If unsure, say Y.
-
 # Enable schedulers
 menu "Schedulers"
        visible if EXPERT = "y"
diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile
index eefd37c..12fc3a9 100644
--- a/xen/xsm/flask/Makefile
+++ b/xen/xsm/flask/Makefile
@@ -27,23 +27,6 @@ $(FLASK_H_FILES): $(FLASK_H_DEPEND)
 $(AV_H_FILES): $(AV_H_DEPEND)
        $(CONFIG_SHELL) policy/mkaccess_vector.sh $(AWK) $(AV_H_DEPEND)
 
-ifeq ($(CONFIG_XSM_POLICY),y)
-HAS_CHECKPOLICY := $(shell checkpolicy -h 2>&1 | grep -q xen && echo y || echo 
n)
-
-obj-$(HAS_CHECKPOLICY) += policy.o
-endif
-
-LDFLAGS += --accept-unknown-input-arch
-
-POLICY_SRC := $(XEN_ROOT)/tools/flask/policy/xenpolicy-$(XEN_FULLVERSION)
-
-policy.bin: FORCE
-       $(MAKE) -C $(XEN_ROOT)/tools/flask/policy
-       cmp -s $(POLICY_SRC) $@ || cp $(POLICY_SRC) $@
-
-policy.o: policy.bin
-       $(OBJCOPY) -S -I binary -O elf64-little 
--rename-section=.data=.init.xsm_policy $< $@
-
 .PHONY: clean
 clean::
        rm -f $(ALL_H_FILES) *.o $(DEPS)
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index 509210c..8df1a3c 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -36,17 +36,6 @@ static inline int verify(struct xsm_operations *ops)
     return 0;
 }
 
-extern char __xsm_init_policy_start[], __xsm_init_policy_end[];
-
-static void __init xsm_policy_init(void)
-{
-    if ( policy_size == 0 && __xsm_init_policy_end != __xsm_init_policy_start )
-    {
-        policy_buffer = __xsm_init_policy_start;
-        policy_size = __xsm_init_policy_end - __xsm_init_policy_start;
-    }
-}
-
 static int __init xsm_core_init(void)
 {
     if ( verify(&dummy_xsm_ops) )
@@ -57,7 +46,6 @@ static int __init xsm_core_init(void)
     }
 
     xsm_ops = &dummy_xsm_ops;
-    xsm_policy_init();
     flask_init();
 
     return 0;
@@ -110,8 +98,7 @@ int __init xsm_dt_init(void)
 
     ret = xsm_core_init();
 
-    if ( policy_buffer != __xsm_init_policy_start )
-        xfree(policy_buffer);
+    xfree(policy_buffer);
 
     return ret;
 }
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.