[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH 2/2] flask: implement xsm_transtion_running
On Wed, Apr 20, 2022 at 1:03 PM Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> wrote: > > This commit implements full support for starting the idle domain privileged by > introducing a new flask label xenboot_t which the idle domain is labeled with > at creation. It then provides the implementation for the XSM hook > xsm_transition_running to relabel the idle domain to the existing xen_t flask > label. > > In the reference flask policy a new macro, xen_build_domain(target), is > introduced for creating policies for dom0less/hyperlaunch allowing the > hypervisor to create and assign the necessary resources for domain > construction. > > Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> > --- > @@ -188,6 +188,7 @@ static int cf_check flask_domain_alloc_security(struct > domain *d) > > static void cf_check flask_domain_runtime_security(void) > { > + struct domain_security_struct *dsec; > struct domain *d = current->domain; > > if ( d->domain_id != DOMID_IDLE ) > @@ -198,6 +199,9 @@ static void cf_check flask_domain_runtime_security(void) > * set to false for the consistency check(s) in the setup code. > */ > d->is_privileged = false; > + > + dsec = d->ssid; > + dsec->sid = SECINITSID_XEN; I think you also want dsec->self_sid = dsec->sid; so self also changes to xen_t. Otherwise I think it looks good, I was wondering if you were going to require xenboot_t -> xen_t permissions, but manually setting the sid fields side-steps that. That seems nicer than requiring policy rules for the transition. Hmmm, cross referencing other flask code, often after assigning self_sid there is this call to potentially re-calculate it: security_transition_sid(dsec->sid, dsec->sid, SECCLASS_DOMAIN, &dsec->self_sid); But it isn't used for system domains, so omitting it seems fine. Regards, Jason
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |