[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH v3 12/23] xsm/xen_version: Add XSM for the xen_version hypercall (v8).
- To: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, konrad@xxxxxxxxxx, mpohlack@xxxxxxxxx, ross.lagerwall@xxxxxxxxxx, sasha.levin@xxxxxxxxxx, jinsong.liu@xxxxxxxxxxxxxxx, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx
- From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
- Date: Fri, 12 Feb 2016 16:52:52 -0500
- Delivery-date: Fri, 12 Feb 2016 21:53:44 +0000
- List-id: Xen developer discussion <xen-devel.lists.xen.org>
On 12/02/16 13:05, Konrad Rzeszutek Wilk wrote:
All of XENVER_* have now an XSM check for their sub-ops.
The subop for XENVER_commandline is now a priviliged operation.
To not break guests we still return an string - but it is
just '<denied>\0'.
The rest: XENVER_[version|extraversion|capabilities|
parameters|get_features|page_size|guest_handle|changeset|
compile_info] behave as before - allowed by default for all
guests if using the XSM default policy or with the dummy one.
The admin can choose to change the sub-ops to be denied
as they see fit.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
---
v2: Do XSM check for all the XENVER_ ops.
v3: Add empty data conditions.
v4: Return <denied> for priv subops.
v5: Move extraversion from priv to normal. Drop the XSM check
for the non-priv subops.
v6: Add +1 for strlen(xen_deny()) to include NULL. Move changeset,
compile_info to non-priv subops.
v7: Remove the \0 on xen_deny()
v8: Add new XSM domain for xenver hypercall. Add all subops to it.
With one excess line removed:
Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
[...]
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index c856e1e..7e3bcdd 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -26,6 +26,7 @@
#include <public/xen.h>
#include <public/physdev.h>
#include <public/platform.h>
+#include <public/version.h>
#include <public/xsm/flask_op.h>
@@ -1626,6 +1627,48 @@ static int flask_pmu_op (struct domain *d, unsigned int
op)
}
#endif /* CONFIG_X86 */
+static int flask_version_op (uint32_t op)
+{
+ u32 dsid = domain_sid(current->domain);
+
+ switch ( op )
+ {
+ case XENVER_version:
+ return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
+ VERSION__VERSION, NULL);
+ case XENVER_extraversion:
+ return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
+ VERSION__EXTRAVERSION, NULL);
+ case XENVER_compile_info:
+ return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
+ VERSION__COMPILE_INFO, NULL);
+ case XENVER_capabilities:
+ return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
+ VERSION__CAPABILITIES, NULL);
+ case XENVER_changeset:
+ return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
+ VERSION__CHANGESET, NULL);
+ case XENVER_platform_parameters:
+ return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
+ VERSION__PLATFORM_PARAMETERS, NULL);
+ case XENVER_get_features:
+ return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
+ VERSION__GET_FEATURES, NULL);
+ case XENVER_pagesize:
+ return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
+ VERSION__PAGESIZE, NULL);
+ case XENVER_guest_handle:
+ return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
+ VERSION__GUEST_HANDLE, NULL);
+ return 0; /* These MUST always be accessible to guests. */
This line seems to be misplaced.
+ case XENVER_commandline:
+ return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
+ VERSION__COMMANDLINE, NULL);
+ default:
+ return -EPERM;
+ }
+}
+
long do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op);
int compat_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op);
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
