Xen project Mailing List

Re: [Xen-devel] [PATCH 12/25] xsm, argo: XSM control for argo message send operation

To: 'Christopher Clark' <christopher.w.clark@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Paul Durrant <Paul.Durrant@xxxxxxxxxx>

Date: Tue, 4 Dec 2018 09:53:47 +0000

Accept-language: en-GB, en-US

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Ross Philipson <ross.philipson@xxxxxxxxx>, Jason Andryuk <jandryuk@xxxxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, James McKenzie <voreekf@xxxxxxxxxxxxx>, Rich Persaud <persaur@xxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Eric Chanudet <eric.chanudet@xxxxxxxxx>

Delivery-date: Tue, 04 Dec 2018 09:54:32 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHUiRXtBvHs3M/r90uuWRo4l9JXGqVuXDyw

Thread-topic: [PATCH 12/25] xsm, argo: XSM control for argo message send operation

> -----Original Message----- > From: Christopher Clark [mailto:christopher.w.clark@xxxxxxxxx] > Sent: 01 December 2018 01:33 > To: xen-devel@xxxxxxxxxxxxxxxxxxxx > Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>; Paul Durrant > <Paul.Durrant@xxxxxxxxxx>; Stefano Stabellini <sstabellini@xxxxxxxxxx>; > Rich Persaud <persaur@xxxxxxxxx>; Ross Philipson > <ross.philipson@xxxxxxxxx>; Eric Chanudet <eric.chanudet@xxxxxxxxx>; James > McKenzie <voreekf@xxxxxxxxxxxxx>; Jason Andryuk <jandryuk@xxxxxxxxx>; > Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> > Subject: [PATCH 12/25] xsm, argo: XSM control for argo message send > operation > > Default policy: allow. > > Signed-off-by: Christopher Clark <christopher.clark6@xxxxxxxxxxxxxx> Reviewed-by: Paul Durrant <paul.durrant@xxxxxxxxxx> > --- > xen/include/xsm/dummy.h | 5 +++++ > xen/include/xsm/xsm.h | 6 ++++++ > xen/xsm/dummy.c | 1 + > xen/xsm/flask/hooks.c | 7 +++++++ > xen/xsm/flask/policy/access_vectors | 2 ++ > 5 files changed, 21 insertions(+) > > diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h > index 55113c3..85965fc 100644 > --- a/xen/include/xsm/dummy.h > +++ b/xen/include/xsm/dummy.h > @@ -733,6 +733,11 @@ static XSM_INLINE int > xsm_argo_register_any_source(struct domain *d, > return strict ? -EPERM : 0; > } > > +static XSM_INLINE int xsm_argo_send(struct domain *d, struct domain *t) > +{ > + return 0; > +} > + > #endif /* CONFIG_ARGO */ > > #include <public/version.h> > diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h > index 65577fd..470e7c3 100644 > --- a/xen/include/xsm/xsm.h > +++ b/xen/include/xsm/xsm.h > @@ -184,6 +184,7 @@ struct xsm_operations { > #ifdef CONFIG_ARGO > int (*argo_register_single_source) (struct domain *d, struct domain > *t); > int (*argo_register_any_source) (struct domain *d); > + int (*argo_send) (struct domain *d, struct domain *t); > #endif > }; > > @@ -713,6 +714,11 @@ static inline xsm_argo_register_any_source(struct > domain *d, bool strict) > return xsm_ops->argo_register_any_source(d); > } > > +static inline int xsm_argo_send(struct domain *d, struct domain *t) > +{ > + return xsm_ops->argo_send(d, t); > +} > + > #endif /* CONFIG_ARGO */ > > #endif /* XSM_NO_WRAPPERS */ > diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c > index ed236b0..ffac774 100644 > --- a/xen/xsm/dummy.c > +++ b/xen/xsm/dummy.c > @@ -155,5 +155,6 @@ void __init xsm_fixup_ops (struct xsm_operations *ops) > #ifdef CONFIG_ARGO > set_to_dummy_if_null(ops, argo_register_single_source); > set_to_dummy_if_null(ops, argo_register_any_source); > + set_to_dummy_if_null(ops, argo_send); > #endif > } > diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c > index 3166561..7b4e5ff 100644 > --- a/xen/xsm/flask/hooks.c > +++ b/xen/xsm/flask/hooks.c > @@ -1730,6 +1730,12 @@ static int flask_argo_register_any_source(struct > domain *d) > return avc_has_perm(domain_sid(d), SECINITSID_XEN, SECCLASS_ARGO, > ARGO__REGISTER_ANY_SOURCE, NULL); > } > + > +static int flask_argo_send(struct domain *d, struct domain *t) > +{ > + return domain_has_perm(d, t, SECCLASS_ARGO, ARGO__SEND); > +} > + > #endif > > long do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op); > @@ -1869,6 +1875,7 @@ static struct xsm_operations flask_ops = { > #ifdef CONFIG_ARGO > .argo_register_single_source = flask_argo_register_single_source, > .argo_register_any_source = flask_argo_register_any_source, > + .argo_send = flask_argo_send, > #endif > }; > > diff --git a/xen/xsm/flask/policy/access_vectors > b/xen/xsm/flask/policy/access_vectors > index fb95c97..f6c5377 100644 > --- a/xen/xsm/flask/policy/access_vectors > +++ b/xen/xsm/flask/policy/access_vectors > @@ -541,4 +541,6 @@ class argo > # Domain requesting registration of a communication ring > # to receive messages from any other domain. > register_any_source > + # Domain sending a message to another domain. > + send > } > -- > 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.