|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH v3 5/6] flask/policy: add initial SIDs for domU/domDM
From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Add default security contexts to the XSM policy for use by the toolstack
when a domain is created without specifying an explicit security label.
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
---
v3: New more comprehensive patch from Daniel
---
docs/misc/xsm-flask.txt | 6 +++---
tools/flask/policy/policy/initial_sids | 4 ++++
tools/flask/policy/policy/modules/xen/xen.te | 11 +++--------
xen/xsm/flask/policy/initial_sids | 2 ++
4 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt
index d63a8a7..7249f40 100644
--- a/docs/misc/xsm-flask.txt
+++ b/docs/misc/xsm-flask.txt
@@ -213,9 +213,9 @@ that can be used without dom0 disaggregation. The main
types for domUs are:
- nomigrate_t is a domain that must be created via the nomigrate_t_building
type, and whose memory cannot be read by dom0 once created
-HVM domains with stubdomain device models use two types (one per domain):
- - domHVM_t is an HVM domain that uses a stubdomain device model
- - dm_dom_t is the device model for a domain with type domHVM_t
+HVM domains with stubdomain device models also need a type for the stub domain.
+The example policy defines dm_dom_t for the device model of a domU_t domain;
+there are no device model types defined for the other domU types.
One disadvantage of using type enforcement to enforce isolation is that a new
type is needed for each group of domains. The user field can be used to address
diff --git a/tools/flask/policy/policy/initial_sids
b/tools/flask/policy/policy/initial_sids
index 5de0bbf..6b7b7ef 100644
--- a/tools/flask/policy/policy/initial_sids
+++ b/tools/flask/policy/policy/initial_sids
@@ -12,3 +12,7 @@ sid irq gen_context(system_u:object_r:irq_t,s0)
sid iomem gen_context(system_u:object_r:iomem_t,s0)
sid ioport gen_context(system_u:object_r:ioport_t,s0)
sid device gen_context(system_u:object_r:device_t,s0)
+
+# Initial SIDs used by the toolstack for domains without defined labels
+sid domU gen_context(system_u:system_r:domU_t,s0)
+sid domDM gen_context(system_u:system_r:dm_dom_t,s0)
diff --git a/tools/flask/policy/policy/modules/xen/xen.te
b/tools/flask/policy/policy/modules/xen/xen.te
index e555d11..ce70639 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -151,18 +151,13 @@ domain_comms(domU_t, prot_domU_t)
domain_comms(prot_domU_t, prot_domU_t)
domain_self_comms(prot_domU_t)
-# domHVM_t is meant to be paired with a qemu-dm stub domain of type dm_dom_t
-declare_domain(domHVM_t)
-create_domain(dom0_t, domHVM_t)
-manage_domain(dom0_t, domHVM_t)
-domain_comms(dom0_t, domHVM_t)
-domain_self_comms(domHVM_t)
-
+# Device model for domU_t. You can define distinct types for device models for
+# domains of other types, or add more make_device_model lines for this type.
declare_domain(dm_dom_t)
create_domain(dom0_t, dm_dom_t)
manage_domain(dom0_t, dm_dom_t)
domain_comms(dom0_t, dm_dom_t)
-make_device_model(dom0_t, dm_dom_t, domHVM_t)
+make_device_model(dom0_t, dm_dom_t, domU_t)
# nomigrate_t must be built via the nomigrate_t_building label; once built,
# dom0 cannot read its memory.
diff --git a/xen/xsm/flask/policy/initial_sids
b/xen/xsm/flask/policy/initial_sids
index e508bde..7eca70d 100644
--- a/xen/xsm/flask/policy/initial_sids
+++ b/xen/xsm/flask/policy/initial_sids
@@ -13,4 +13,6 @@ sid ioport
sid iomem
sid irq
sid device
+sid domU
+sid domDM
# FLASK
--
1.7.10.4
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |