In order to support paths containing spaces or other characters, allow a
quoted string with these characters to be parsed as a path in addition
to the existing unquoted string.
Signed-off-by: Daniel De Graaf
---
checkpolicy/policy_parse.y | 3 +++
checkpolicy/policy_scan.l | 1 +
2 files
-by: Boris Ostrovsky
Reported-by: Wei Liu
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
lien Grall
Looks good to me with one assumption below.
Acked-by: Daniel De Graaf
[...]
diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c
index b1a4f8a..31bc702 100644
--- a/xen/xsm/flask/avc.c
+++ b/xen/xsm/flask/avc.c
@@ -600,6 +600,9 @@ void avc_audit(u32 ssid, u32 tsid, u16 t
, *pcr_size);
+ /*hashes already copied when flags!=0 by do_vtpminfo_hash*/
+ if(extra_info_flags == 0){
+ *pcr_size = pcrs.valueSize;
+ memcpy(pcr_out, pcrs.pcrValue, *pcr_size);
+ }
}
I think it would be useful to append the PCR values to the externData values,
as long as the entire set of hashes doesn't risk becoming too long.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 04/06/2015 06:12 PM, Boris Ostrovsky wrote:
Signed-off-by: Boris Ostrovsky .
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 04/07/2015 03:12 AM, Emil Condrea wrote:
On Mon, Apr 6, 2015 at 6:49 PM, Daniel De Graaf
wrote:
On 04/05/2015 07:09 AM, Emil Condrea wrote:
Enables deep quote execution for vtpmmgr which can not be started
using locality 2. The VTPM_ORD_GET_QUOTE command is backwards
compatible. When
buf_size as the maximum value it can be assigned.
+
+memcpy(buf, offset + (uint8_t *)shr, shr->length);
use length rather than shr->length otherwise length goes unused.
Agreed; the values from the shared page should not be read more than
once, because an uncooperative peer could end up chang
policy, group public key. At the end of these hashes the PCR values are
appended.
Signed-off-by: Emil Condrea
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 04/14/2015 05:08 AM, Emil Condrea wrote:
Currently, the flags are not interpreted by vTPM. They are just
packed and sent to vtpmmgr.
Signed-off-by: Emil Condrea
Acked-by: Daniel De Graaf
[...]
+- res = TPM_DeepQuote(&nonce, &myPCR, &ptPCR, &req->aut
method has the advantage
of not making more architecture-specific hooks which are sometimes harder
to test/maintain.
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
have not tested) speed up
the security server by avoiding the __get_cpu_var call and increment. The
corresponding SELinux knob is a Kconfig option in Linux.
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.or
On 03/07/2016 01:42 PM, Doug Goldstein wrote:
Let Kconfig set the XSM_MAGIC value for us.
Signed-off-by: Doug Goldstein
This is not the best place to define this constant: it doesn't
make sense for it to be user-configurable. If you want to move it
out of config.h, I think the best solution
hat: I saw the --help-- line and assumed it was the prompt.
Either way, this #define is a configuration-like knob that doesn't need to
be hard-coded in a header as it currently is.
The
corresponding SELinux knob is a Kconfig option in Linux.
Acked-by: Daniel De Graaf
... if you're
-NULL. The same would
be true for event channels, but inlining the field to save space makes
that a non-issue.
Or whether one can FLASK_LOAD if the ops are dummy_ops instead
of flask_ops.
Right, the flask_op hypercall is also disconnected in the dummy module.
I w
d by the flask= parameter.
Signed-off-by: Daniel De Graaf
---
docs/misc/xen-command-line.markdown | 2 +-
docs/misc/xsm-flask.txt | 12 ++--
xen/xsm/flask/flask_op.c| 8 +---
3 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/docs/misc/xen-comm
On 03/10/2016 02:12 PM, Konrad Rzeszutek Wilk wrote:
On Thu, Mar 10, 2016 at 01:30:29PM -0500, Daniel De Graaf wrote:
I've added Ian and Jan on the email as scripts/get_maintainer.pl spits out
their names (Oddly not yours?)
The previous default of "permissive" is meant fo
only takes effect then. With flask=late,
userspace code can also adjust the value (xl setenforce) before loading
the policy.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
g the creation of domains without a policy loaded to avoid making
this mistake, but since this is no longer the default, I don't think that
type of guard isnecessary.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xe
On 15/12/15 08:13, Doug Goldstein wrote:
Use the Kconfig generated CONFIG_HAS_DEVICE_TREE defines in the code
base.
CC: Ian Campbell
CC: Stefano Stabellini
CC: Jan Beulich
CC: Daniel De Graaf
Signed-off-by: Doug Goldstein
Acked-by: Jan Beulich
Acked-by: Daniel De Graaf
On 15/12/15 08:13, Doug Goldstein wrote:
Use the Kconfig generated HAS_PASSTHROUGH defines for the code base.
CC: Ian Campbell
CC: Stefano Stabellini
CC: Keir Fraser
CC: Jan Beulich
CC: Andrew Cooper
CC: Daniel De Graaf
Signed-off-by: Doug Goldstein
Acked-by: Jan Beulich
Acked-by
On 15/12/15 08:13, Doug Goldstein wrote:
Use the Kconfig generated CONFIG_HAS_MEM_ACCESS defines in the code base.
CC: Ian Campbell
CC: Stefano Stabellini
CC: Keir Fraser
CC: Jan Beulich
CC: Andrew Cooper
CC: Razvan Cojocaru
CC: Tamas K Lengyel
CC: Daniel De Graaf
Signed-off-by: Doug
On 15/12/15 08:13, Doug Goldstein wrote:
Use the Kconfig generated CONFIG_HAS_PCI defines in the code base.
CC: Keir Fraser
CC: Jan Beulich
CC: Andrew Cooper
CC: Daniel De Graaf
Signed-off-by: Doug Goldstein
Acked-by: Jan Beulich
Acked-by: Daniel De Graaf
On 15/12/15 08:13, Doug Goldstein wrote:
Use the Kconfig generated CONFIG_HAS_MEM_SHARING defines in the code base.
CC: Keir Fraser
CC: Jan Beulich
CC: Andrew Cooper
CC: Razvan Cojocaru
CC: Tamas K Lengyel
CC: Daniel De Graaf
Signed-off-by: Doug Goldstein
Acked-by: Razvan Cojocaru
On 15/12/15 08:13, Doug Goldstein wrote:
Use the Kconfig generated CONFIG_HAS_MEM_PAGING defines in the code base.
CC: Keir Fraser
CC: Jan Beulich
CC: Andrew Cooper
CC: Razvan Cojocaru
CC: Tamas K Lengyel
CC: Daniel De Graaf
Signed-off-by: Doug Goldstein
Acked-by: Razvan Cojocaru
ious given the issue. I didn't find any other
missing XSM_DM_PRIV accesses when I walked through them, so hopefully
this is the only one that wasn't correct.
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http
only implemented in Linux. If
this changes, or if it compiles anyway, then I see no problem.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
f the tool a bit nicer to read.
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
ook good, split or together (but I agree that
splitting is better for the history). Either way:
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
Dom0 this flag will allow to
recognize a xenstore domain already being present to connect to.
Cc: Jan Beulich
Cc: Keir Fraser
Cc: Tim Deegan
Cc: Andrew Cooper
Cc: David Vrabel
Cc: Daniel De Graaf
Signed-off-by: Juergen Gross
The XSM hook changes look good. If XSM_XS_PRIV is ever used f
: Doug Goldstein
Assuming that both patches in this series are applied together,
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 22/12/15 16:26, Doug Goldstein wrote:
Converts the existing XSM_ENABLE flag from Config.mk to CONFIG_XSM
within Kconfig. This also re-adds the dependency of CONFIG_FLASK on
CONFIG_XSM.
CC: Keir Fraser
CC: Jan Beulich
CC: Andrew Cooper
Signed-off-by: Doug Goldstein
The dependencies for L
On 04/01/16 15:33, Doug Goldstein wrote:
On 1/4/16 2:01 PM, Daniel De Graaf wrote:
On 22/12/15 16:26, Doug Goldstein wrote:
Converts the existing XSM_ENABLE flag from Config.mk to CONFIG_XSM
within Kconfig. This also re-adds the dependency of CONFIG_FLASK on
CONFIG_XSM.
CC: Keir Fraser
CC
n is taking advantage of
the existing XSM checks on XEN_DOMCTL_iomem_permission, and the
only XSM check that is needed would be that current->domain has
permission to modify (d)'s mappings - and this is done by the
xsm_add_to_physmap check in XENMEM_add_to_physmap.
--
Dani
On 01/07/2016 01:42 PM, Doug Goldstein wrote:
This is broken from "xen: convert XSM_ENABLE to Kconfig"
6d5293032f5fc1c65f7a73548afaa3caa8e0105a. This hunk was dropped when I
made my v2 for some reason.
Signed-off-by: Doug Goldstein
Acked-by: Danie
parameters|get_features|page_size|guest_handle|changeset|
compile_info] behave as before - allowed by default for all guests.
This is with the XSM default (and non-default) policy and with
the dummy ones.
Signed-off-by: Konrad Rzeszutek Wilk
Acked-by: Danie
On 10/02/16 05:47, Jan Beulich wrote:
On 10.02.16 at 11:39, wrote:
On 09/02/16 17:05, Jan Beulich wrote:
On 09.02.16 at 17:21, wrote:
Signed-off-by: Andrew Cooper
I'm sorry for the breakage / not noticing.
---
CC: Jan Beulich
CC: Tim Deegan
CC: Ian Campbell
CC: Daniel De Graaf
subops.
v7: Remove the \0 on xen_deny()
v8: Add new XSM domain for xenver hypercall. Add all subops to it.
With one excess line removed:
Acked-by: Daniel De Graaf
[...]
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index c856e1e..7e3bcdd 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen
/COFF does not have any "comment"
sections to the author.
Suggested-by: Andrew Cooper
Signed-off-by: Martin Pohlack
Signed-off-by: Konrad Rzeszutek Wilk
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http
more inline with the rest of the functions.
Signed-off-by: Konrad Rzeszutek Wilk
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
is is uncommon.
As far as the xsm_default_t value, this is really what XSM_OTHER is for,
but if there are going to be many instances of this type of data, a new
value like XSM_PRIV_INFOLEAK could be introduced.
--
Daniel De Graaf
National Security Agency
a performance hit (not that I
reckon you could). How Linux chooses to behave itself has absolutely no
bearing on how we go about securing the hypercall.
But making something slower is surely not something we strive for.
~Andrew
--
Daniel De Graaf
National Security Agency
: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 27/08/15 07:02, Konrad Rzeszutek Wilk wrote:
The sysctl is where the tmem control operations are done and the
XSM checks are done via there. The old mechanism (to check
for control tmem op XSM from do_tmem_op) is not needed anymore.
CC: Daniel De Graaf
Signed-off-by: Konrad Rzeszutek Wilk
On 06/23/2015 12:11 PM, Vitaly Kuznetsov wrote:
Add new soft_reset vector to domain2 class, add it to create_domain
in the default policy.
Signed-off-by: Vitaly Kuznetsov
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel
On 10/10/15 12:26, Quan Xu wrote:
Signed-off-by: Quan Xu
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
good idea. The read check wouldn't be
covered, but I think the protections of that XSM hook are only really
important on writes. The read check could also be duplicated as a
more conservative alternative.
--
Daniel De Graaf
National Security Agency
_
On 09/11/15 12:32, sstabell...@kernel.org wrote:
From: Stefano Stabellini
Call update_domain_wallclock_time at domain initialization, specifically
in arch_set_info_guest for vcpu0, like we do on x86.
Set time_offset_seconds to the number of seconds between phisical boot
and domain initializatio
version_use in domain2.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 11/11/15 11:49, Doug Goldstein wrote:
Use the Kconfig generated HAS_PASSTHROUGH defines for the code base.
Signed-off-by: Doug Goldstein
CC: Ian Campbell
CC: Stefano Stabellini
CC: Keir Fraser
CC: Jan Beulich
CC: Andrew Cooper
CC: Daniel De Graaf
Signed-off-by: Doug Goldstein
De Graaf
Signed-off-by: Doug Goldstein
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 11/11/15 11:50, Doug Goldstein wrote:
Use the Kconfig generated CONFIG_HAS_MEM_PAGING defines in the code base.
Signed-off-by: Doug Goldstein
CC: Keir Fraser
CC: Jan Beulich
CC: Andrew Cooper
CC: Razvan Cojocaru
CC: Tamas K Lengyel
CC: Daniel De Graaf
Signed-off-by: Doug Goldstein
On 11/11/15 11:50, Doug Goldstein wrote:
Use the Kconfig generated CONFIG_HAS_MEM_SHARING defines in the code base.
Signed-off-by: Doug Goldstein
CC: Keir Fraser
CC: Jan Beulich
CC: Andrew Cooper
CC: Razvan Cojocaru
CC: Tamas K Lengyel
CC: Daniel De Graaf
Signed-off-by: Doug Goldstein
On 11/11/15 11:49, Doug Goldstein wrote:
Use the Kconfig generated CONFIG_HAS_DEVICE_TREE defines in the code
base.
Signed-off-by: Doug Goldstein
CC: Ian Campbell
CC: Stefano Stabellini
CC: Jan Beulich
CC: Daniel De Graaf
Signed-off-by: Doug Goldstein
Acked-by: Daniel De Graaf
On 11/11/15 11:49, Doug Goldstein wrote:
Use the Kconfig generated CONFIG_HAS_PCI defines in the code base.
Signed-off-by: Doug Goldstein
CC: Keir Fraser
CC: Jan Beulich
CC: Andrew Cooper
CC: Daniel De Graaf
Signed-off-by: Doug Goldstein
Acked-by: Daniel De Graaf
when before calling do_settime,
so that system_time actually accounts for all the time in nsec between
machine boot and when the wallclock was set.
Expose xsm_platform_op to ARM.
Signed-off-by: Stefano Stabellini
CC: dgde...@tycho.nsa.gov
Acked-by: Daniel De Graaf
start_address,
uint32_t count);
What effect does this have on the peer ?
Daniel?
If this removes the (final copy of the) mapping and a notify offset/port
is set, that processing happens. Otherwise, the peer cannot tell when
this is called.
--
Daniel De Graaf
National Security Agency
__
payloads,
- check*1, apply*1, replace*1, and unload payloads.
*1: Which of course in this patch are nops.
Signed-off-by: Konrad Rzeszutek Wilk
Signed-off-by: Ross Lagerwall
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
On 16/11/15 07:30, Ian Campbell wrote:
On Fri, 2015-11-13 at 15:38 -0500, Daniel De Graaf wrote:
On 13/11/15 10:02, Ian Campbell wrote:
On Wed, 2015-11-11 at 15:03 +, Ian Jackson wrote:
Ian Campbell writes ("[PATCH XEN v5 07/23] tools: Refactor
/dev/xen/gnt{dev,shr} wrappers
On 24/11/15 09:42, Jan Beulich wrote:
Now that we intercept them all, there's no reason not to also uniformly
hand them to XSM. Reads (which are expected to be of less interest) get
handled as before (MMCFG accesses un-audited).
Signed-off-by: Jan Beulich
Acked-by: Daniel De
itched?
The #ifdef is there mostly as a failsafe reminder to ensure that the
implementation for other architectures actually calls the same XSM hooks
that the x86 version does.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing l
an Campbell
Cc: Daniel De Graaf
---
Daniel, you input on the description of the unmap notification stuff
would be much appreciated.
The description looks complete and correct to me. The statement that
the interfaces operate on a single page only might be misleading - the
interface will wor
k.
Signed-off-by: Konrad Rzeszutek Wilk
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
d a local variable block.
Signed-off-by: Konrad Rzeszutek Wilk
Acked-by: Jan Beulich
Replied to the wrong email before; this one is actually:
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 03/16/2016 03:18 PM, Doug Goldstein wrote:
Rather than have XSM_MAGIC set in the global xen/config.h and set in
xsm.h if it's unset, just set it once in xsm.h since its only used in
files that already include xsm.h
Signed-off-by: Doug Goldstein
Acked-by: Daniel De
buffer.
Signed-off-by: Konrad Rzeszutek Wilk
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
done that for a while,
and the original reason (older versions of checkpolicy didn't support
creating xen-type policy) is no longer an issue.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
) ||
+strncmp(buff + sizeof(u32), (char *) &target_len, sizeof(u32)) ||
+strncmp(buff + sizeof(u32) * 2, "XenFlask", target_len))
+return 0;
+
memcmp() is more correct than strncmp() here, especially since target_len will
have embedded NULLs. It also assumes little
n superseded by the flask= parameter.
Signed-off-by: Daniel De Graaf
---
Changes from v1: move the setting of flask_enforcing to flask_init
instead of needing to set and reset it in parse_flask_param.
docs/misc/xen-command-line.markdown | 2 +-
docs/misc/xsm-flask.txt | 12 ++--
future patches, which will introduce detection and switching
logic, after which the interface will report hardware capabilities correctly.
Signed-off-by: Andrew Cooper
Acked-by: Jan Beulich
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel
On 04/07/2016 07:57 AM, Andrew Cooper wrote:
And provide stubs for toolstack use.
Signed-off-by: Andrew Cooper
Acked-by: Wei Liu
Acked-by: David Scott
Acked-by: Jan Beulich
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel
nown.
We also detect the XSM Magic for the following unknowns, then set its kind
according to the return value of has_xsm_magic.
By this way, arm64 behavior can be compatible to x86 and can simplify
multi-arch bootloader such as GRUB.
Signed-off-by: Fu Wei
Acked
-off-by: Konrad Rzeszutek Wilk
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
: Keir Fraser
CC: Tim Deegan
CC: Konrad Rzeszutek Wilk
CC: Daniel De Graaf
Daniel,
any chance we could get your ack (or otherwise) on this?
Thanks, Jan
Sure, I didn't realize you were waiting on it. The patch looks good.
Acked-by: Daniel De
er modules
that would be available to turn on/off.
The process of assembling the modules into a single XSM policy is done
in userspace, not the hypervisor, so "xl loadpolicy" would not change.
--
Daniel De Graaf
National Security Agency
___
Xen-de
nd I think using
"xl devd" probably qualifies for that), then they probably need
dontaudit rules.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
Reported-by: Doug Goldstein
Signed-off-by: Daniel De Graaf
---
tools/flask/policy/policy/modules/xen/xen.te | 10 ++
1 file changed, 10 insertions(+)
diff --git a/tools/flask/policy/policy/modules/xen/xen.te
b/tools/flask/policy/policy/modules/xen/xen.te
index bef33b0..fed09a9 100644
On 05/13/2016 11:09 AM, Jan Beulich wrote:
On 13.05.16 at 16:50, wrote:
[...]
@@ -1468,6 +1505,69 @@ int
mem_sharing_memop(XEN_GUEST_HANDLE_PARAM(xen_mem_sharing_op_t) arg)
}
break;
+case XENMEM_sharing_op_bulk_share:
+{
+unsigned long max_sgfn
licy is done
in userspace, not the hypervisor, so "xl loadpolicy" would not change.
/me nods
Thank you!
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
This includes the policy in tools/flask/policy in the hypervisor so that
the bootloader does not need to load a policy to get sane behavior from
an XSM-enabled hypervisor.
RFC because this adds a binding between xen's build and the tools build.
The inclusion of policy.o could be made conditional o
This also renames the example users created by vm_role.
Signed-off-by: Daniel De Graaf
---
docs/misc/xsm-flask.txt| 34 +++---
tools/flask/policy/Makefile| 9 --
tools/flask/policy/modules/default_role.te | 5
Signed-off-by: Daniel De Graaf
---
.../policy/policy/support/loadable_module.spt | 166 -
tools/flask/policy/policy/support/misc_macros.spt | 2 +
2 files changed, 2 insertions(+), 166 deletions(-)
delete mode 100644 tools/flask/policy/policy/support
This adds the xenstore_t type to the example policy for use by a
xenstore stub domain.
Signed-off-by: Daniel De Graaf
---
tools/flask/policy/modules/modules.conf | 3 +++
tools/flask/policy/modules/xenstore.te | 21 +
2 files changed, 24 insertions(+)
create mode 100644
Signed-off-by: Daniel De Graaf
---
tools/flask/policy/policy/access_vectors | 32 +++---
tools/flask/policy/policy/security_classes | 2 +-
2 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/tools/flask/policy/policy/access_vectors
b/tools/flask/policy
The most important patch is the first one, which splits up the XSM
policy into multiple files that can be enabled/disabled to adjust the
policy. The others are just general cleanup of the policy build and a
better xenstore example.
[PATCH 1/5] flask/policy: split into modules
[PATCH 2/5] flask/po
This makes it easier to enable or disable parts of the XSM policy.
Signed-off-by: Daniel De Graaf
---
tools/flask/policy/Makefile| 22 +-
tools/flask/policy/modules/default_role.te | 8 +
tools/flask/policy/modules/dom0.te | 74 ++
tools
On 05/23/2016 11:25 AM, Andrew Cooper wrote:
On 23/05/16 15:51, Daniel De Graaf wrote:
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index 634ec98..af1d86f 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -47,6 +47,17 @@ static void __init do_xsm_initcalls(void
abled, the built_in.o is binary equal.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
ek Wilk
Reviewed-by: Jan Beulich
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 06/07/2016 03:22 PM, Konrad Rzeszutek Wilk wrote:
On Mon, May 23, 2016 at 11:05:29AM -0400, Daniel De Graaf wrote:
This makes it easier to enable or disable parts of the XSM policy.
Hey Daniel,
I am no expert on this so please take it with a grain of salt.
That can actually be helpful
On 06/07/2016 03:44 PM, Konrad Rzeszutek Wilk wrote:
On Mon, May 23, 2016 at 11:05:32AM -0400, Daniel De Graaf wrote:
This adds the xenstore_t type to the example policy for use by a
xenstore stub domain.
Is there a link somewhere or docs that oultines how to how
create/build such stub domain
On 06/07/2016 03:45 PM, Konrad Rzeszutek Wilk wrote:
On Mon, May 23, 2016 at 11:05:33AM -0400, Daniel De Graaf wrote:
Signed-off-by: Daniel De Graaf
Would it be good to include in the description something like:
"You should be using the xenstore stubdomain".?
Thanks.
This is un
On 06/07/2016 04:02 PM, Konrad Rzeszutek Wilk wrote:
On Tue, Jun 07, 2016 at 03:51:20PM -0400, Daniel De Graaf wrote:
On 06/07/2016 03:45 PM, Konrad Rzeszutek Wilk wrote:
On Mon, May 23, 2016 at 11:05:33AM -0400, Daniel De Graaf wrote:
Signed-off-by: Daniel De Graaf
Would it be good to
On 06/09/2016 05:58 AM, Andrew Cooper wrote:
Additionally, link it adjacently to the other constant init data.
Signed-off-by: Andrew Cooper
I think this section can actually be removed instead: it only has
one user, additional users will need special switching code added
anyway, and it should
This adds the xenstore_t type to the example policy for use by a
xenstore stub domain.
Signed-off-by: Daniel De Graaf
---
tools/flask/policy/modules/modules.conf | 3 +++
tools/flask/policy/modules/xenstore.te | 24
2 files changed, 27 insertions(+)
create mode
that can be placed in xsm_core.c.
Signed-off-by: Daniel De Graaf
---
xen/arch/arm/xen.lds.S | 5 -
xen/arch/x86/xen.lds.S | 5 -
xen/common/Kconfig | 37 +++--
xen/include/xsm/xsm.h | 16
xen/xsm/flask/hooks.c | 4 +---
xen/xsm
These functions were only called from __init functions.
Signed-off-by: Daniel De Graaf
---
xen/xsm/dummy.c| 2 +-
xen/xsm/xsm_core.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 9791ad4..a082b28 100644
--- a/xen/xsm/dummy.c
Some of these patches have been posted before (patch 11 was posted in
2014; an earlier variant of 1-6 and 15 were posted recently as RFC).
The rest are mostly removal of unused code or other cleanup.
FLASK policy updates:
[PATCH 01/15] flask/policy: split into modules
[PATCH 02/15] flask/policy: s
This makes it easier to enable or disable parts of the XSM policy.
Signed-off-by: Daniel De Graaf
---
tools/flask/policy/Makefile| 22 +-
tools/flask/policy/modules/dom0.te | 74 ++
tools/flask/policy/modules/domU.te | 25 ++
tools
This field was originally used in Linux for a default message code for
network interfaces. It has never been used in Xen, so remove it.
Signed-off-by: Daniel De Graaf
---
xen/xsm/flask/ss/policydb.c | 1 -
xen/xsm/flask/ss/policydb.h | 4 ++--
2 files changed, 2 insertions(+), 3 deletions
101 - 200 of 334 matches
Mail list logo
