Xen project Mailing List

[Xen-devel] [PATCH 5/8] flask/policy: Add boolean example

From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Date: Wed, 1 Feb 2012 14:09:22 -0500

Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Delivery-date: Wed, 01 Feb 2012 19:10:03 +0000

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

This shows an example boolean (prot_doms_locked) which can be set at runtime to prevent dom0 from mapping memory of domains of type prot_domU_t. Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> --- docs/misc/xsm-flask.txt | 3 ++- tools/flask/policy/policy/modules/xen/xen.te | 10 +++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt index 285bb9f..5b4297d 100644 --- a/docs/misc/xsm-flask.txt +++ b/docs/misc/xsm-flask.txt @@ -55,10 +55,11 @@ kernel; it is normally placed either just above the dom0 kernel or at the end. Once dom0 is running, the policy can be reloaded using "xl loadpolicy". The example policy included with Xen demonstrates most of the features of FLASK -that can be used without dom0 disaggregation. It has two main types for domUs: +that can be used without dom0 disaggregation. The main types for domUs are: - domU_t is a domain that can communicate with any other domU_t - isolated_domU_t can only communicate with dom0 + - prot_domU_t is a domain type whose creation can be disabled with a boolean One disadvantage of using type enforcement to enforce isolation is that a new type is needed for each group of domains. In addition, it is not possible to diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te index fb71b75..f7343a2 100644 --- a/tools/flask/policy/policy/modules/xen/xen.te +++ b/tools/flask/policy/policy/modules/xen/xen.te @@ -73,7 +73,7 @@ allow dom0_t domio_t:mmu { map_read map_write }; domain_self_comms(dom0_t) -auditallow dom0_t security_t:security { load_policy setenforce }; +auditallow dom0_t security_t:security { load_policy setenforce setbool }; ############################################################################### # @@ -92,6 +92,14 @@ create_domain(dom0_t, isolated_domU_t) manage_domain(dom0_t, isolated_domU_t) domain_comms(dom0_t, isolated_domU_t) +gen_bool(prot_doms_locked, false) +declare_domain(prot_domU_t) +if (!prot_doms_locked) { + create_domain(dom0_t, prot_domU_t) +} +domain_comms(dom0_t, prot_domU_t) +domain_comms(domU_t, prot_domU_t) + ############################################################################### # # Device delegation -- 1.7.7.6 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.