T_L3_CBM
5. XEN_SYSCTL_PSR_CAT_get_l3_info -> XEN_SYSCTL_PSR_get_l3_info
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
production, introduce
__xsm_action_mismatch_detected for llvm coverage builds.
Signed-off-by: Roger Pau Monné
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On 10/20/2017 02:14 AM, Jan Beulich wrote:
On 19.10.17 at 19:36, wrote:
On 10/19/2017 07:58 AM, Jan Beulich wrote:
On 19.10.17 at 04:36, wrote:
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -516,7 +516,8 @@ static XSM_INLINE int
xsm_remove_from_physmap(XSM_DEFAULT_ARG struc
On 10/19/2017 08:55 PM, Zhongze Liu wrote:
2017-10-20 8:34 GMT+08:00 Zhongze Liu :
Hi Daniel,
2017-10-20 1:36 GMT+08:00 Daniel De Graaf :
On 10/18/2017 10:36 PM, Zhongze Liu wrote:
The original dummy xsm_map_gmfn_foregin checks if source domain has the
proper
privileges over the target
On 10/19/2017 07:58 AM, Jan Beulich wrote:
On 19.10.17 at 04:36, wrote:
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -516,7 +516,8 @@ static XSM_INLINE int
xsm_remove_from_physmap(XSM_DEFAULT_ARG struct domain *d1,
static XSM_INLINE int xsm_map_gmfn_foreign(XSM_DEFAULT_ARG
for normal domains that allow grant mapping/event
channels.
This is for the proposal "Allow setting up shared memory areas between VMs
from xl config file" (see [1]).
[1] https://lists.xen.org/archives/html/xen-devel/2017-08/msg03242.html
Signed-off-by: Zhongze Liu
Cc: Daniel De Graaf
new op is not intrinsicly specific to the x86 architecture,
I have no means to test it on an ARM platform and so cannot verify
that it functions correctly.
Signed-off-by: Paul Durrant
Acked-by: Daniel De Graaf
___
Xen-devel mailing
T_L3_CBM
5. XEN_SYSCTL_PSR_CAT_get_l3_info -> XEN_SYSCTL_PSR_get_l3_info
Signed-off-by: Yi Sun
Reviewed-by: Wei Liu
Reviewed-by: Roger Pau Monné
Acked-by: Jan Beulich
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
ed-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On 09/07/2017 09:47 AM, Juergen Gross wrote:
Add a domctl hypercall to set the domain's resource limits regarding
grant tables. It is accepted only as long as neither
gnttab_setup_table() has been called for the domain, nor the domain
has started to run.
Signed-off-by: Juergen Gross
Reviewed-by
iewed-by: Paul Durrant
Reviewed-by: Wei Liu
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On 08/24/2017 08:39 AM, Jan Beulich wrote:
On 24.08.17 at 13:33, wrote:
Hi Jan,
2017-08-24 14:37 GMT+08:00 Jan Beulich :
On 24.08.17 at 02:51, wrote:
2017-08-23 17:55 GMT+08:00 Jan Beulich :
On 22.08.17 at 20:08, wrote:
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -525,
Signed-off-by: Christopher Clark
Acked-by: Daniel De Graaf
To be honest, for this kind of a change I would have hoped for
a Reviewed-by (by you or someone else), not just an Acked-by.
Hence I'm hesitant to put the patch in right away.
Jan
I'll keep that in mind for the future. I
lists.xenproject.org/archives/html/xen-devel/2017-07/msg03047.html
Signed-off-by: Zhongze Liu
Cc: Stefano Stabellini
Cc: Julien Grall
Cc: George Dunlap
Cc: Jan Beulich
Cc: Andrew Cooper
Cc: Daniel De Graaf
Cc: xen-devel@lists.xen.org
---
xen/arch/arm/mm.c | 2 +-
xen/arch/x86/mm/
interrupt remapping is ok
* Active but interrupt remapping is not available
* Not active
This patch also updates the reference XSM policy to use the new
primitives, with policy entries that do not require an active IOMMU.
Signed-off-by: Christopher Clark
Acked-by: Daniel De Graaf
One additiona
particular domain.
Drop XSM's test_assign_{,dt}device hooks as no longer being
individually useful.
Signed-off-by: Jan Beulich
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
to 'alloc'. E.g.:
1. psr_cat_op -> psr_alloc_op
2. XEN_DOMCTL_psr_cat_op -> XEN_DOMCTL_psr_alloc_op
3. XEN_SYSCTL_psr_cat_op -> XEN_SYSCTL_psr_alloc_op
The sysctl/domctl version numbers are bumped.
Signed-off-by: Yi Sun
Acked-by: Daniel De Graaf
On 08/14/2017 03:08 AM, Juergen Gross wrote:
Add a sysctl hypercall to support setting parameters similar to
command line parameters, but at runtime. The parameters to set are
specified as a string, just like the boot parameters.
Acked-by: Daniel De Graaf
On 08/14/2017 03:08 AM, Juergen Gross wrote:
Modify the custom parameter parsing routines in:
xen/xsm/flask/flask_op.c
to indicate whether the parameter value was parsed successfully.
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel
On 06/28/2017 07:16 AM, Andrew Cooper wrote:
Signed-off-by: Andrew Cooper
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
x27;t result in a security issue there.
Signed-off-by: Daniel De Graaf
---
xen/xsm/flask/hooks.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 819e25d3af..57be18d6d4 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/
On 08/09/2017 03:07 AM, Juergen Gross wrote:
Add a sysctl hypercall to support setting parameters similar to
command line parameters, but at runtime. The parameters to set are
specified as a string, just like the boot parameters.
Looks good, except for one thing:
+case XEN_SYSCTL_set_para
On 08/09/2017 03:06 AM, Juergen Gross wrote:
Modify the custom parameter parsing routines in:
xen/xsm/flask/flask_op.c
to indicate whether the parameter value was parsed successfully.
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel
On 06/23/2017 11:00 AM, Jan Beulich wrote:
So far callers of the libxc interface passed in a domain ID which was
then ignored in the hypervisor. Instead, make the hypervisor honor it
(accepting DOMID_INVALID to obtain original behavior), allowing to
query whether a device can be assigned to a par
heck the XSM permissions
for them, which would require adding test_io{port,mem,q}_permission
functions too.
Alternatively, you could assume that the PCI device and its associated
resources all have the same label (which will be almost always be true in a
properly configured system) and just use this as an early bail out to avoid
user mistakes.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
d as long as it's done on
occasional builds. Alternatively, it could be done by a static analysis tool,
but I've not looked into how to do that with Coverity.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
same functionality.
Signed-off-by: Roger Pau Monné
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
: Tamas K Lengyel
Signed-off-by: Sergej Proskurin
Acked-by: Wei Liu
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
to "mixed", and "limited" is impossible to use with XSM.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
RIV check into the default case in xsm_pmu_op. This also fixes
the behavior of do_xenpmu_op, which will now return -EINVAL for unknown
XENPMU_* operations, instead of -EPERM when called by a privileged domain.
Signed-off-by: Roger Pau Monné
Acked-by: Daniel De Graaf
This also looks like a good
On 01/25/2017 05:43 AM, Wei Liu wrote:
In 58cbc034 send_irq permission was removed but there was still
reference to it in policy file. Remove the stale reference.
And now we also need dm permission. Add that.
Signed-off-by: Wei Liu
Acked-by: Daniel De Graaf
On 01/25/2017 09:24 AM, Andrew Cooper wrote:
Signed-off-by: Andrew Cooper
---
CC: Jan Beulich
CC: Daniel De Graaf
CC: Paul Durrant
CC: Ian Jackson
Might be better to merge into one single patch when committed?
Either way (combined with prior patch, original series, or alone):
Acked-by
o uint32_t. In practice
the value passed was always truncated to 32 bits.
Suggested-by: Jan Beulich
Signed-off-by: Paul Durrant
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
ts.
Suggested-by: Jan Beulich
Signed-off-by: Paul Durrant
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
passed was always truncated to 32 bits.
Suggested-by: Jan Beulich
Signed-off-by: Paul Durrant
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
to 32 bits.
Suggested-by: Jan Beulich
Signed-off-by: Paul Durrant
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
__XEN_INTERFACE_VERSION__ less than that value.
NOTE: This patch also widens the 'domain' parameter of
xc_hvm_set_pci_intx_level() from a uint8_t to a uint16_t.
Suggested-by: Jan Beulich
Signed-off-by: Paul Durrant
---
Reviewed-by: Jan Beulich
Cc: Daniel De Graaf
Cc: Ian Jackson
On 01/17/2017 12:29 PM, Paul Durrant wrote:
The definitions of HVM_IOREQSRV_BUFIOREQ_* have to persist as they are
already in use by callers of the libxc interface.
Suggested-by: Jan Beulich
Signed-off-by: Paul Durrant
Acked-by: Daniel De Graaf
efore likely already compromised)."
See that file for further information.
This patch simply adds the boilerplate for the hypercall.
Signed-off-by: Paul Durrant
Suggested-by: Ian Jackson
Suggested-by: Jennifer Herbert
Acked-by: Daniel De Graaf
_
On 12/19/2016 11:03 PM, Doug Goldstein wrote:
On 12/19/16 10:02 AM, Doug Goldstein wrote:
On 12/14/16 3:09 PM, Daniel De Graaf wrote:
On 12/12/2016 09:00 AM, Anshul Makkar wrote:
During guest migrate allow permission to prevent
spurious page faults.
Prevents these errors:
d73: Non-privileged
On 01/03/2017 09:04 AM, Boris Ostrovsky wrote:
This domctl will allow toolstack to read and write some
ACPI registers. It will be available to both x86 and ARM
but will be implemented first only for x86
Signed-off-by: Boris Ostrovsky
Acked-by: Daniel De Graaf
--
Daniel De Graaf
National
=system_u:system_r:domU_t tclass=domain
GPU passthrough for hvm guest:
avc: denied { send_irq } for domid=0 target=10
scontext=system_u:system_r:dom0_t
tcontext=system_u:system_r:domU_t tclass=hvm
Signed-off-by: Anshul Makkar
Acked-by: Daniel De Graaf
have not compiled & looked
at the resulting manpages.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On 11/10/2016 04:23 AM, Cédric Bosdonnat wrote:
Gcc6 build reports misleading indentation as warnings. Fix a few
warnings in stubdom.
Signed-off-by: Cédric Bosdonnat
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
Ostrovsky
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
(which results in an XSM check with the source xen_t). It does not make
sense to deny these permissions; no domain should be using xen_t, and
forbidding the hypervisor from performing cleanup is not useful.
Signed-off-by: Daniel De Graaf
Cc: Andrew Cooper
---
tools/flask/policy/modules/xen.if | 2
output file names with FLASK_BUILD_DIR. Hypervisor and tools
build will set that variable to different directories, so that we can
be safe from races.
Adjust other bits of the build system as needed.
Signed-off-by: Wei Liu
Acked-by: Daniel De Graaf
Pulling the definition of POLICY_FILENAME
On 10/13/2016 10:37 AM, Wei Liu wrote:
Signed-off-by: Wei Liu
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On 08/24/2016 04:06 AM, Jan Beulich wrote:
Non-debugging message text should be (and is in the cases here)
distinguishable without also logging function names.
Signed-off-by: Jan Beulich
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen
all ops.
Signed-off-by: Tamas K Lengyel
Signed-off-by: Sergej Proskurin
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
t once avoids a for_each_domain() loop when the ID of an
existing domain gets passed in.
Reported-by: Marek Marczykowski-Górecki
Signed-off-by: Jan Beulich
Acked-by: Daniel De Graaf
[...]
I know there had been an alternative patch suggestion, but that one
doesn't seem have seen a formal submission s
o determine what to do, especially in this case where it changes
what permissions are actually being enforced (in the non-FLASK case).
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
Hypervisor Makefile will use Makefile.common to build xsm
policy.
Signed-off-by: Wei Liu
Acked-by: Daniel De Graaf
Thanks for fixing this; I intended the build to remain separate but
never actually de-configured a build tree to test.
Using git-send-email -C would make the
27;s rewording is a bit clearer than the
original.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On 07/14/2016 11:58 AM, Andrew Cooper wrote:
A subsequent change will introduce C99 bools, at which point 'bool'
becomes a type, and ineligible as a variable name.
Signed-off-by: Andrew Cooper
Acked-by: Daniel De Graaf
___
Xen-devel ma
policy.
The XSM policy is not moved out of tools because that remains the
primary location for installing and configuring the policy.
Signed-off-by: Daniel De Graaf
Reviewed-by: Konrad Rzeszutek Wilk
Reviewed-by: Jan Beulich
---
No changes from v5.
Config.mk | 6
This makes the buffers function parameters instead of globals, in
preparation for adding alternate locations for the policy.
Signed-off-by: Daniel De Graaf
Reviewed-by: Jan Beulich
---
Changes since v5:
- Adjusted __init annotation placement
- Removed unneeded cast to char*
xen/include/xsm
{ setpodtarget } for domid=0 target=9
scontext=system_u:system_r:dom0_t
tcontext=system_u:system_r:domU_t tclass=domain
Signed-off-by: Anshul Makkar
This seems to indicate that getpodtarget should also be added to the list.
Either as-is or with getpodtarget also added,
Acked-by: Daniel De Graaf
On 07/06/2016 12:19 PM, anshul makkar wrote:
On 06/07/16 16:59, Daniel De Graaf wrote:
On 07/06/2016 11:34 AM, anshul makkar wrote:
Hi,
It allows the resource to be added and removed by the source domain to
target domain, but its use by target domain is blocked.
This rule only mandates the
This makes the buffers function parameters instead of globals, in
preparation for adding alternate locations for the policy.
Signed-off-by: Daniel De Graaf
---
This patch is new in v5.
xen/include/xsm/xsm.h| 13 ++---
xen/xsm/flask/hooks.c| 2 +-
xen/xsm/flask
policy.
The XSM policy is not moved out of tools because that remains the
primary location for installing and configuring the policy.
Signed-off-by: Daniel De Graaf
Reviewed-by: Konrad Rzeszutek Wilk
---
Changes since v4:
- Fixed clean target in xsm/flask/Makefile
- Dropped now-unneeded
=system_u:system_r:domU_t
tclass=domain
avc: denied { settime } for domid=0 target=1 scontext=system_u:system_r:dom0_t
tcontext=system_u:system_r:domU_t tclass=domain
Signed-off-by: Anshul Makkar
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel
below (only in ARM); the cast would only be moved. The buffer is
never modified, if that's what you are asking.
The reason that xsm_init_policy is unsigned is to avoid compiler warnings
resulting from assigning values such as 0xF3 to a signed character.
--
Daniel De Graaf
doesn't affect the basic
functionalities, is this "neverallow" rule needed ?
Thanks
Anshul Makkar
The neverallow rules are just there to ensure that the attributes are being
used correctly.
--
Daniel De Graaf
National Security Agency
ooper
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On 06/24/2016 06:33 AM, Jan Beulich wrote:
Signed-off-by: Jan Beulich
Reviewed-by: Wei Liu
Reviewed-by: Andrew Cooper
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On 06/24/2016 06:32 AM, Jan Beulich wrote:
Signed-off-by: Jan Beulich
Reviewed-by: Wei Liu
Reviewed-by: Andrew Cooper
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
an Beulich
Reviewed-by: Wei Liu
Reviewed-by: Andrew Cooper
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On 06/24/2016 06:31 AM, Jan Beulich wrote:
Also limiting "nr" at the libxc level to 32 bits (the high 32 bits of
the previous 64-bit parameter got ignore so far).
Signed-off-by: Jan Beulich
Reviewed-by: Wei Liu
Reviewed-by: Andrew Cooper
Acked-by: Danie
On 06/24/2016 06:31 AM, Jan Beulich wrote:
Also limiting "nr" at the libxc level to 32 bits (the high 32 bits of
the previous 64-bit parameter got ignore so far).
Signed-off-by: Jan Beulich
Reviewed-by: Wei Liu
Reviewed-by: Andrew Cooper
Acked-by: Danie
: Wei Liu
Reviewed-by: Andrew Cooper
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
: Wei Liu
Reviewed-by: Andrew Cooper
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On 06/24/2016 06:28 AM, Jan Beulich wrote:
... as a means to replace all HVMOP_* which a domain can't issue on
itself (i.e. intended for use by only the control domain or device
model).
Signed-off-by: Jan Beulich
Reviewed-by: Wei Liu
Acked-by: Daniel De
log level numbers to strings and
vice verse. Lower and upper bounds are checked. Add XSM hook.
Signed-off-by: Wei Liu
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
policy.
The XSM policy is not moved out of tools because that remains the
primary location for installing and configuring the policy.
Signed-off-by: Daniel De Graaf
---
Changes from v3:
- Make default Kconfig value depend on the presence of checkpolicy
- Use proper __initconst label on
On 06/30/2016 09:45 AM, Konrad Rzeszutek Wilk wrote:
On Wed, Jun 29, 2016 at 11:09:01AM -0400, Daniel De Graaf wrote:
This adds a Kconfig option and support for including the XSM policy from
tools/flask/policy in the hypervisor so that the bootloader does not
need to provide a policy to get
y need the ability to
remove a vTPM without destroying the client domain (or the driver domain),
so I don't think this ever got tested. I am guessing that the minios and/or
Linux driver is missing a state change step.
--
Daniel De Graaf
National Security Agency
___
policy.
The XSM policy is not moved out of tools because that remains the
primary location for installing and configuring the policy.
Signed-off-by: Daniel De Graaf
---
Changes from v2 (dropped acks and reviewed-by):
- Drop linker script changes, use python binary-to-C file script
- Make the
That's fine; I am planning on sending a v3 of this patch that drops
the use of objcopy for a python script converting the policy to an
array in a .c file. This also eliminates the linker script changes.
--
Daniel De Graaf
National Security Agency
at much of a problem. This would change if XSM were to be
enabled by default, because I would then expect "xsm enabled, flask disabled"
to become a more common case - and that does not require a policy.
--
Daniel De Graaf
National Security Agency
_
On 06/24/2016 01:40 PM, Konrad Rzeszutek Wilk wrote:
On Fri, Jun 24, 2016 at 01:34:29PM -0400, Daniel De Graaf wrote:
On 06/24/2016 12:50 PM, Konrad Rzeszutek Wilk wrote:
On Fri, Jun 24, 2016 at 05:30:32PM +0100, Julien Grall wrote:
Hello Daniel,
Please try to CC relevant maintainers on your
On 06/24/2016 12:50 PM, Konrad Rzeszutek Wilk wrote:
On Fri, Jun 24, 2016 at 05:30:32PM +0100, Julien Grall wrote:
Hello Daniel,
Please try to CC relevant maintainers on your patch. I would have missed it
if Andrew did not ping me on IRC.
On 20/06/16 15:04, Daniel De Graaf wrote:
This adds a
On 06/23/2016 11:22 AM, Marek Marczykowski-Górecki wrote:
On Thu, Jun 23, 2016 at 11:00:42AM -0400, Daniel De Graaf wrote:
On 06/23/2016 09:25 AM, Marek Marczykowski-Górecki wrote:
[...]
Ok, after drawing a flowchart of the control in this function after your
change, on a piece of paper, this
);
This makes it clear that xenstore is the special case, and removes the
need for the one-off XSM_XS_PRIV constant.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
{ getparam setparam trackdirtyvram hvmctl
irqlevel pciroute pcilevel cacheattr send_irq };
')
Jan
Yes, that is what I meant.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
to be added to the device_model macro in xen.if.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
Since enabling XSM is required to enable FLASK, place the option for
FLASK below the one for XSM. In addition, since it does not make sense
to enable XSM without any XSM providers, and FLASK is the only XSM
provider, hide the option to disable FLASK under EXPERT.
Signed-off-by: Daniel De Graaf
On 06/20/2016 10:46 AM, Doug Goldstein wrote:
On 6/20/16 9:04 AM, Daniel De Graaf wrote:
Since enabling XSM is required to enable FLASK, place the option for
FLASK below the one for XSM. In addition, since it does not make sense
to enable XSM without any XSM providers, and FLASK is the only
On 06/20/2016 10:35 AM, Doug Goldstein wrote:
On 6/20/16 9:04 AM, Daniel De Graaf wrote:
This operation has no known users, and is primarily useful when an MLS
policy is in use (which has never been shipped with Xen). In addition,
the information it provides does not actually depend on
On 06/20/2016 10:35 AM, Andrew Cooper wrote:
On 20/06/16 15:27, Doug Goldstein wrote:
On 6/20/16 9:04 AM, Daniel De Graaf wrote:
These permissions were initially split because they were in separate
domctls, but this split is very unlikely to actually provide security
benefits: it would require
to an
overall check in the HVM operation hypercall, which does not exist.
There is no reason to have an operation protected by two different
access checks, so I think that both the previous and patched code
are correct and the "also needs hvmctl" comment shoul
This adds the xenstore_t type to the example policy for use by a
xenstore stub domain; see the init-xenstore-domain tool for how this
type needs to be used.
Signed-off-by: Daniel De Graaf
Reviewed-by: Konrad Rzeszutek Wilk
Reviewed-by: Doug Goldstein
---
tools/flask/policy/modules
When the all_system_role module is enabled, any domain type can be
created using the system_r role, which was the default. When it is
disabled, domains not using the default types (dom0_t and domU_t) must
use another role such as vm_r.
Signed-off-by: Daniel De Graaf
Reviewed-by: Konrad
accessing another type.
Signed-off-by: Daniel De Graaf
Reviewed-by: Konrad Rzeszutek Wilk
---
tools/flask/policy/modules/dom0.te | 1 -
tools/flask/policy/modules/xen.if | 7 +++
xen/xsm/flask/hooks.c | 20 ++--
xen/xsm/flask/policy/access_vectors | 16
that can be placed in xsm_core.c.
Signed-off-by: Daniel De Graaf
---
xen/arch/arm/xen.lds.S | 5 -
xen/arch/x86/xen.lds.S | 5 -
xen/include/xsm/xsm.h | 16
xen/xsm/flask/hooks.c | 4 +---
xen/xsm/xsm_core.c | 13 +
5 files changed, 10 insertions
The access vectors defined here have never been used by xenstore.
Signed-off-by: Daniel De Graaf
Reviewed-by: Konrad Rzeszutek Wilk
Reviewed-by: Doug Goldstein
---
tools/flask/policy/policy/access_vectors | 23 ++-
tools/flask/policy/policy/security_classes | 1 -
2
The only possible value of original_ops was &dummy_xsm_ops, and
unregister_xsm was never used.
Signed-off-by: Daniel De Graaf
Reviewed-by: Andrew Cooper
Reviewed-by: Konrad Rzeszutek Wilk
---
xen/include/xsm/xsm.h| 1 -
xen/xsm/flask/flask_op.c | 4 +---
xen/xsm/flask/hooks.c
Signed-off-by: Daniel De Graaf
Reviewed-by: Konrad Rzeszutek Wilk
Reviewed-by: Doug Goldstein
---
.../policy/policy/support/loadable_module.spt | 166 -
tools/flask/policy/policy/support/misc_macros.spt | 2 +
2 files changed, 2 insertions(+), 166 deletions
Changes from v1:
- Change c->context and c->sid from arrays to fields when shrinking
- Keep struct xen_flask_userlist in headers, but guard it with #ifs
- Split off Kconfig changes into their own patches
- Add patch 16 (AVC_STATS in Kconfig)
- Prevent free() of static data in xsm_dt_init
FLAS
1 - 100 of 334 matches
Mail list logo