Xen project Mailing List

[RFC PATCH 01/10] headers: introduce new default privilege model

From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Date: Fri, 14 May 2021 16:54:28 -0400

Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx> header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1621025160; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=TEHXWnGRgz+Mdn2AlmOOOGtjzZhVm4N8sw0QqTaoWeQ=; b=QpfyjjF1aLfywbcLwS2aD3lcuNEzK4jxdKwxR3bhtOCeyUXjVztVuSXWJFbOHebEGoGtAkiwxKdqpSm65e3/KJbAbRoYPgSg3XIRDhKWan7ucXpi2HMFWELwwB+pJFhORhfaiY6bj+MMvz/mX02du2ECyRJ6kfGY6BsoGZyrIUk=

Arc-seal: i=1; a=rsa-sha256; t=1621025160; cv=none; d=zohomail.com; s=zohoarc; b=U7/ezs2SLRUXirSIGHz96sNUGoDN4smUP3Do/O6Sd6zqoWt5zE/QZPJ8G6rwxWkwMART86OK1ssNB7HwrV8O8W32p+VPqN/O9+Q0Joa+WSHqhp8at8+tCuRSv3KnT/Hpz8Qg/cx7FkIy42f0lVXWBILARQooolJzROuCXtqqfxQ=

Cc: sstabellini@xxxxxxxxxx, julien@xxxxxxx, Volodymyr_Babchuk@xxxxxxxx, andrew.cooper3@xxxxxxxxxx, george.dunlap@xxxxxxxxxx, iwj@xxxxxxxxxxxxxx, jbeulich@xxxxxxxx, wl@xxxxxxx, roger.pau@xxxxxxxxxx, tamas@xxxxxxxxxxxxx, tim@xxxxxxx, jgross@xxxxxxxx, aisaila@xxxxxxxxxxxxxxx, ppircalabu@xxxxxxxxxxxxxxx, dfaggioli@xxxxxxxx, paul@xxxxxxx, kevin.tian@xxxxxxxxx, dgdegra@xxxxxxxxxxxxx, adam.schwalm@xxxxxxxxxx, scott.davis@xxxxxxxxxx

Delivery-date: Fri, 14 May 2021 20:46:43 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

This defines the new privilege roles that a domain may be assigned. Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> --- xen/include/xen/sched.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index cc633fdc07..9b2c277ede 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -457,6 +457,24 @@ struct domain */ bool creation_finished; + /* When SILO or Flask are not in use, a domain may have one or more roles + * that are desired for it to fulfill. To accomplish these role a set of + * privilege is required. A break down of the basic privilege is mapped + * to a bit field for assignment and verification. + */ +#define XSM_NONE (1U<<0) /* No role required to make the call */ +#define XSM_SELF (1U<<1) /* Allowed to make the call on self */ +#define XSM_TARGET (1U<<2) /* Allowed to make the call on a domain's target */ +#define XSM_PLAT_CTRL (1U<<3) /* Platform Control: domain that control the overall platform */ +#define XSM_DOM_BUILD (1U<<4) /* Domain Builder: domain that does domain construction and destruction */ +#define XSM_DOM_SUPER (1U<<5) /* Domain Supervisor: domain that control the lifecycle, of all domains */ +#define XSM_DEV_EMUL (1U<<6) /* Device Emulator: domain that provides its target domain's device emulator */ +#define XSM_DEV_BACK (1U<<7) /* Device Backend: domain that provides a device backend */ +#define XSM_HW_CTRL (1U<<8) /* Hardware Control: domain with physical hardware access and its allocation for domain usage */ +#define XSM_HW_SUPER (1U<<9) /* Hardware Supervisor: domain that control allocated physical hardware */ +#define XSM_XENSTORE (1U<<31) /* Xenstore: domain that can do privileged operations on xenstore */ + uint32_t xsm_roles; + /* Which guest this guest has privileges on */ struct domain *target; -- 2.20.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.