[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] flask/policy: add initial SIDs for domU/domDM
Add default security contexts to the XSM policy for use by the toolstack when a domain is created without specifying an explicit security label. Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> --- docs/misc/xsm-flask.txt | 6 +++--- tools/flask/policy/policy/initial_sids | 4 ++++ tools/flask/policy/policy/modules/xen/xen.te | 11 +++-------- xen/xsm/flask/policy/initial_sids | 2 ++ 4 files changed, 12 insertions(+), 11 deletions(-) diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt index d63a8a7..7249f40 100644 --- a/docs/misc/xsm-flask.txt +++ b/docs/misc/xsm-flask.txt @@ -213,9 +213,9 @@ that can be used without dom0 disaggregation. The main types for domUs are: - nomigrate_t is a domain that must be created via the nomigrate_t_building type, and whose memory cannot be read by dom0 once created -HVM domains with stubdomain device models use two types (one per domain): - - domHVM_t is an HVM domain that uses a stubdomain device model - - dm_dom_t is the device model for a domain with type domHVM_t +HVM domains with stubdomain device models also need a type for the stub domain. +The example policy defines dm_dom_t for the device model of a domU_t domain; +there are no device model types defined for the other domU types. One disadvantage of using type enforcement to enforce isolation is that a new type is needed for each group of domains. The user field can be used to address diff --git a/tools/flask/policy/policy/initial_sids b/tools/flask/policy/policy/initial_sids index 5de0bbf..6b7b7ef 100644 --- a/tools/flask/policy/policy/initial_sids +++ b/tools/flask/policy/policy/initial_sids @@ -12,3 +12,7 @@ sid irq gen_context(system_u:object_r:irq_t,s0) sid iomem gen_context(system_u:object_r:iomem_t,s0) sid ioport gen_context(system_u:object_r:ioport_t,s0) sid device gen_context(system_u:object_r:device_t,s0) + +# Initial SIDs used by the toolstack for domains without defined labels +sid domU gen_context(system_u:system_r:domU_t,s0) +sid domDM gen_context(system_u:system_r:dm_dom_t,s0) diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te index e555d11..ce70639 100644 --- a/tools/flask/policy/policy/modules/xen/xen.te +++ b/tools/flask/policy/policy/modules/xen/xen.te @@ -151,18 +151,13 @@ domain_comms(domU_t, prot_domU_t) domain_comms(prot_domU_t, prot_domU_t) domain_self_comms(prot_domU_t) -# domHVM_t is meant to be paired with a qemu-dm stub domain of type dm_dom_t -declare_domain(domHVM_t) -create_domain(dom0_t, domHVM_t) -manage_domain(dom0_t, domHVM_t) -domain_comms(dom0_t, domHVM_t) -domain_self_comms(domHVM_t) - +# Device model for domU_t. You can define distinct types for device models for +# domains of other types, or add more make_device_model lines for this type. declare_domain(dm_dom_t) create_domain(dom0_t, dm_dom_t) manage_domain(dom0_t, dm_dom_t) domain_comms(dom0_t, dm_dom_t) -make_device_model(dom0_t, dm_dom_t, domHVM_t) +make_device_model(dom0_t, dm_dom_t, domU_t) # nomigrate_t must be built via the nomigrate_t_building label; once built, # dom0 cannot read its memory. diff --git a/xen/xsm/flask/policy/initial_sids b/xen/xsm/flask/policy/initial_sids index e508bde..7eca70d 100644 --- a/xen/xsm/flask/policy/initial_sids +++ b/xen/xsm/flask/policy/initial_sids @@ -13,4 +13,6 @@ sid ioport sid iomem sid irq sid device +sid domU +sid domDM # FLASK -- 2.1.0 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |