Re: [Xen-devel] [PATCH XEN v6 25/32] tools/libs/gnttab: Extensive updates to API documentation.

n Campbell <ian.campb...@citrix.com> Cc: Daniel De Graaf <dgde...@tycho.nsa.gov> --- Daniel, you input on the description of the unmap notification stuff would be much appreciated. The description looks complete and correct to me. The statement that the interfaces operate on a

Re: [Xen-devel] [PATCH v4 2/3] arm: export platform_op XENPF_settime64

an many of the other things below, so maybe the ifdef could be ditched? The #ifdef is there mostly as a failsafe reminder to ensure that the implementation for other architectures actually calls the same XSM hooks that the x86 version does. -- Daniel De Graaf Nati

Re: [Xen-devel] [PATCH XEN v5 07/23] tools: Refactor /dev/xen/gnt{dev, shr} wrappers into libxengnttab.

On 16/11/15 07:30, Ian Campbell wrote: On Fri, 2015-11-13 at 15:38 -0500, Daniel De Graaf wrote: On 13/11/15 10:02, Ian Campbell wrote: On Wed, 2015-11-11 at 15:03 +, Ian Jackson wrote: Ian Campbell writes ("[PATCH XEN v5 07/23] tools: Refactor /dev/xen/gnt{dev,shr} wra

Re: [Xen-devel] [PATCH] x86/PCI: make all config space writes subject to XSM checking

Daniel De Graaf <dgde...@tycho.nsa.gov> ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH XEN v5 07/23] tools: Refactor /dev/xen/gnt{dev, shr} wrappers into libxengnttab.

ess, uint32_t count); What effect does this have on the peer ? Daniel? If this removes the (final copy of the) mapping and a notify offset/port is set, that processing happens. Otherwise, the peer cannot tell when this is called. -- Daniel De Graaf National Security Agency _

Re: [Xen-devel] [PATCH v1 02/11] xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op

exist, - query for specific payloads, - check*1, apply*1, replace*1, and unload payloads. *1: Which of course in this patch are nops. Signed-off-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com> Signed-off-by: Ross Lagerwall <ross.lagerw...@citrix.com> Acked-by: Daniel De Graaf <

Re: [Xen-devel] [PATCHv2] 03/27] build: convert HAS_PASSTHROUGH use to Kconfig

<k...@xen.org> CC: Jan Beulich <jbeul...@suse.com> CC: Andrew Cooper <andrew.coop...@citrix.com> CC: Daniel De Graaf <dgde...@tycho.nsa.gov> Signed-off-by: Doug Goldstein <car...@cardoe.com> Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>

Re: [Xen-devel] [PATCHv2] 22/27] build: convert HAS_MEM_ACCESS use to Kconfig

aser <k...@xen.org> CC: Jan Beulich <jbeul...@suse.com> CC: Andrew Cooper <andrew.coop...@citrix.com> CC: Razvan Cojocaru <rcojoc...@bitdefender.com> CC: Tamas K Lengyel <ta...@tklengyel.com> CC: Daniel De Graaf <dgde...@tycho.nsa.gov> Signed-off-by: Doug Goldstein

Re: [Xen-devel] [PATCHv2] 23/27] build: convert HAS_MEM_PAGING use to Kconfig

itrix.com> CC: Razvan Cojocaru <rcojoc...@bitdefender.com> CC: Tamas K Lengyel <ta...@tklengyel.com> CC: Daniel De Graaf <dgde...@tycho.nsa.gov> Signed-off-by: Doug Goldstein <car...@cardoe.com> Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>

Re: [Xen-devel] [PATCHv2] 04/27] build: convert HAS_DEVICE_TREE use to Kconfig

Jan Beulich <jbeul...@suse.com> CC: Daniel De Graaf <dgde...@tycho.nsa.gov> Signed-off-by: Doug Goldstein <car...@cardoe.com> Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov> ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCHv2] 24/27] build: convert HAS_MEM_SHARING use to Kconfig

itrix.com> CC: Razvan Cojocaru <rcojoc...@bitdefender.com> CC: Tamas K Lengyel <ta...@tklengyel.com> CC: Daniel De Graaf <dgde...@tycho.nsa.gov> Signed-off-by: Doug Goldstein <car...@cardoe.com> Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>

Re: [Xen-devel] [PATCHv2] 05/27] build: convert HAS_PCI use to Kconfig

On 11/11/15 11:49, Doug Goldstein wrote: Use the Kconfig generated CONFIG_HAS_PCI defines in the code base. Signed-off-by: Doug Goldstein <car...@cardoe.com> CC: Keir Fraser <k...@xen.org> CC: Jan Beulich <jbeul...@suse.com> CC: Andrew Cooper <andrew.coop...@citrix.com

Re: [Xen-devel] [PATCH v4 2/3] arm: export platform_op XENPF_settime64

when before calling do_settime, so that system_time actually accounts for all the time in nsec between machine boot and when the wallclock was set. Expose xsm_platform_op to ARM. Signed-off-by: Stefano Stabellini <stefano.stabell...@eu.citrix.com> CC: dgde...@tycho.nsa.gov Acked-by: Dan

Re: [Xen-devel] [PATCH v2 2/2] arm: export platform_op XENPF_settime64

On 09/11/15 12:32, sstabell...@kernel.org wrote: From: Stefano Stabellini Call update_domain_wallclock_time at domain initialization, specifically in arch_set_info_guest for vcpu0, like we do on x86. Set time_offset_seconds to the number of seconds between

Re: [Xen-devel] [PATCH v2 1/3] xsm/xen_version: Add XSM for the xen_version hypercall.

r than placing version_use in domain2. -- Daniel De Graaf National Security Agency ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH] MAINTAINERS: adding myself as co-maintainer of vTPM

On 10/10/15 12:26, Quan Xu wrote: Signed-off-by: Quan Xu <quan...@intel.com> Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov> ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

Re: [Xen-devel] xsm_pci_config_permission() placement

idea. The read check wouldn't be covered, but I think the protections of that XSM hook are only really important on writes. The read check could also be duplicated as a more conservative alternative. -- Daniel De Graaf National Security Agency ___ Xen

Re: [Xen-devel] [PATCH] flask: Allow initial domain to use XENPF_get_symbol

Konrad Rzeszutek Wilk <konrad.w...@oracle.com> Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov> ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

Re: [Xen-devel] Is: Make XENVER_* use XSM, seperate the different ops in smaller security domains. Was:Re: [PATCH v1 5/5] xsplice: Use ld-embedded build-ids

n. As far as the xsm_default_t value, this is really what XSM_OTHER is for, but if there are going to be many instances of this type of data, a new value like XSM_PRIV_INFOLEAK could be introduced. -- Daniel De Graaf National Security Agency ___ Xen-devel mailin

Re: [Xen-devel] Is: Make XENVER_* use XSM, seperate the different ops in smaller security domains. Was:Re: [PATCH v1 5/5] xsplice: Use ld-embedded build-ids

u could). How Linux chooses to behave itself has absolutely no bearing on how we go about securing the hypercall. But making something slower is surely not something we strive for. ~Andrew -- Daniel De Graaf National Security Agency ___ Xen-devel ma

Re: [Xen-devel] [PATCH v3] xen/xsm: Make p->policyvers be a local variable (ver) to shut up GCC 5.1.1 warnings.

e rest of the functions. Signed-off-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com> Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov> ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH v2 6/8] tmem: Remove the old tmem control XSM checks as it is part of sysctl hypercall.

On 27/08/15 07:02, Konrad Rzeszutek Wilk wrote: The sysctl is where the tmem control operations are done and the XSM checks are done via there. The old mechanism (to check for control tmem op XSM from do_tmem_op) is not needed anymore. CC: Daniel De Graaf dgde...@tycho.nsa.gov Signed-off

Re: [Xen-devel] [PATCH v8 07/11] flask: DOMCTL_soft_reset support

On 06/23/2015 12:11 PM, Vitaly Kuznetsov wrote: Add new soft_reset vector to domain2 class, add it to create_domain in the default policy. Signed-off-by: Vitaly Kuznetsov vkuzn...@redhat.com Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov ___ Xen

Re: [Xen-devel] [PATCH V3 2/3] xen/vm_event: Support for guest-requested events

added to an existing channel from the guest to the monitor. The best way to control this communication is probably when the shared page is mapped by the monitor, but this is an existing mechanism which appears to be covered by the ability to map any page in the target domain. -- Daniel De Graaf

Re: [Xen-devel] [PATCH v3 13/13] x86/altp2m: XSM hooks for altp2m HVM ops

On 07/01/2015 02:09 PM, Ed White wrote: From: Ravi Sahita ravi.sah...@intel.com Signed-off-by: Ravi Sahita ravi.sah...@intel.com Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org

Re: [Xen-devel] [PATCH v2 12/12] x86/altp2m: XSM hooks for altp2m HVM ops

On 06/26/2015 03:35 PM, Ed White wrote: On 06/26/2015 12:24 PM, Daniel De Graaf wrote: On 06/22/2015 02:56 PM, Ed White wrote: From: Ravi Sahita ravi.sah...@intel.com Signed-off-by: Ravi Sahita ravi.sah...@intel.com One comment, below. [...] diff --git a/tools/flask/policy/policy/modules

Re: [Xen-devel] [PATCH v2 12/12] x86/altp2m: XSM hooks for altp2m HVM ops

enable the feature on a domain before anyone can use it. Otherwise, this looks good, although if patch #10 is changed to expose a single subop, the altp2mhvm_op XSM checks will need to be relocated. -- Daniel De Graaf National Security Agency ___ Xen

Re: [Xen-devel] [PATCH v7 05/10] xsm: add XEN_DOMCTL_soft_reset support

-by: Daniel De Graaf dgde...@tycho.nsa.gov ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

[Xen-devel] [PATCH 2/3] xen/flask: change bool_maxstr to PAGE_SIZE

to initialize bool_maxstr correctly prior to its use, it is simpler to use a fixed maximum of PAGE_SIZE as is done for the other calls to safe_copy_string_from_guest. Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- xen/xsm/flask/flask_op.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions

[Xen-devel] [PATCH 3/3] libxc: add missing xc_hypercall_bounce_pre calls

Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- tools/libxc/xc_flask.c | 12 1 file changed, 12 insertions(+) diff --git a/tools/libxc/xc_flask.c b/tools/libxc/xc_flask.c index bb117f7..e24a2e7 100644 --- a/tools/libxc/xc_flask.c +++ b/tools/libxc/xc_flask.c @@ -191,6

[Xen-devel] [PATCH 1/3] flask/policy: updates from osstest runs

these possibilities. Reported-by: Wei Liu wei.l...@citrix.com Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- tools/flask/policy/policy/modules/xen/xen.if | 2 ++ tools/flask/policy/policy/modules/xen/xen.te | 10 ++ 2 files changed, 12 insertions(+) diff --git a/tools/flask/policy

Re: [Xen-devel] XSM: new set of avc denied

guest_writeconsole off will disable this permission, which defaults to on. Actual output to the console is also controlled by log levels, so this may not even be needed to hide the output in normal use. -- Daniel De Graaf National Security Agency ___ Xen-devel mailing

Re: [Xen-devel] [PATCH v6 05/10] xsm: add XENMEM_soft_reset support

of XSM_TARGET against _both_ domains? Jan Unless there is a change in how XSM_TARGET is implemented, the result is going to be equivalent: it is not possible for a domain to have more than one target at a time, so if current-domain is not dom0, then one of the two XSM_TARGET checks will fail. -- Daniel De

Re: [Xen-devel] [PATCH v6 05/10] xsm: add XENMEM_soft_reset support

On 05/21/2015 05:49 AM, Vitaly Kuznetsov wrote: Daniel De Graaf dgde...@tycho.nsa.gov writes: On 05/13/2015 05:49 AM, Vitaly Kuznetsov wrote: Dummy policy just checks that the current domain is privileged, in flask policy soft_reset is added to create_domain. Signed-off-by: Vitaly Kuznetsov

Re: [Xen-devel] [PATCH v6 05/10] xsm: add XENMEM_soft_reset support

= source soft reset domain +# target = destination soft reset domain +soft_reset These comments are a bit ambiguous. I would suggest something like: # source = domain making the hypercall # target = domain being reset (source or destination) -- Daniel De Graaf National Security Agency

Re: [Xen-devel] [PATCH v3 3/6] xen: flask: Restrict generated header to xen + tools

Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH v3 2/6] xen: flask: Pass output directory as a parameter to mkflask.sh

On 05/20/2015 10:38 AM, Ian Campbell wrote: When called from the tools side in a later patch we will want to direct its output to the appropriate place. Signed-off-by: Ian Campbell ian.campb...@citrix.com Acked-by: Wei Liu wei.l...@citrix.com Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov

Re: [Xen-devel] [PATCH v2] x86/domctl: Fix getpageframeinfo* handling

-by: Andrew Cooper andrew.coop...@citrix.com Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH v3 4/6] tools: Expose XSM Flask initial SIDs list to tools

in the hypervisor Signed-off-by: Ian Campbell ian.campb...@citrix.com Acked-by: Wei Liu wei.l...@citrix.com Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH v3 6/6] libxl: assign a default ssidref (XSM label) to guests

. Signed-off-by: Ian Campbell ian.campb...@citrix.com Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

[Xen-devel] [PATCH] flask/policy: add initial SIDs for domU/domDM

Add default security contexts to the XSM policy for use by the toolstack when a domain is created without specifying an explicit security label. Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- docs/misc/xsm-flask.txt | 6 +++--- tools/flask/policy/policy

Re: [Xen-devel] [PATCH v2 5/6] flask/policy: Add SECINITSID_DOMU as default domU SSID

On 05/19/2015 09:44 AM, Ian Campbell wrote: From: Daniel De Graaf dgde...@tycho.nsa.gov Acked-by: Ian Campbell ian.campb...@citrix.com --- Daniel -- this is from your example patch in 2b0e.8050...@tycho.nsa.gov and so needs your S-o-b, please. Signed-off-by: Daniel De Graaf dgde

Re: [Xen-devel] [PATCH] libxl: assigned a default ssid_label (XSM label) to guests

(tools/...) are intended to be used by components outside the hypervisor that do not implement their own security policy. The current example policy defines a class for xenstore permissions, but since xenstore does not actually use this, it is just an example. -- Daniel De Graaf National Security

Re: [Xen-devel] [PATCH] libxl: assigned a default ssid_label (XSM label) to guests

On 05/15/2015 05:39 AM, Ian Campbell wrote: On Thu, 2015-05-14 at 19:09 -0400, Daniel De Graaf wrote: On 05/14/2015 07:54 AM, Ian Campbell wrote: On Thu, 2015-05-14 at 12:21 +0100, Julien Grall wrote: Hi Ian, On 14/05/15 11:33, Ian Campbell wrote: system_u:system_r:domU_t is defined

Re: [Xen-devel] [PATCH v6 1/2] xen/pvh: use a custom IO bitmap for PVH hardware domains

bitmap of domain 0 to also be cleared after the hardware domain is created, but it's not really a requirement to make things work. -- Daniel De Graaf National Security Agency ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen

Re: [Xen-devel] [PATCH] libxl: assigned a default ssid_label (XSM label) to guests

On 05/14/2015 07:54 AM, Ian Campbell wrote: On Thu, 2015-05-14 at 12:21 +0100, Julien Grall wrote: Hi Ian, On 14/05/15 11:33, Ian Campbell wrote: system_u:system_r:domU_t is defined in the default policy and makes as much sense as anything for a default. So you rule out the possibility to

Re: [Xen-devel] [PATCH v5 p2 04/19] xen/arm: Implement hypercall DOMCTL_{, un}bind_pt_pirq

that method. This method has the advantage of not making more architecture-specific hooks which are sometimes harder to test/maintain. Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen

Re: [Xen-devel] [PATCH v2 2/2] vtpmmgr: execute deep quote in locality 0

policy, group public key. At the end of these hashes the PCR values are appended. Signed-off-by: Emil Condrea emilcond...@gmail.com Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen

Re: [Xen-devel] [Qemu-devel] [PATCH v5 3/6] Qemu-Xen-vTPM: Xen frontend driver infrastructure

, offset + (uint8_t *)shr, shr-length); use length rather than shr-length otherwise length goes unused. Agreed; the values from the shared page should not be read more than once, because an uncooperative peer could end up changing them. -- Daniel De Graaf National Security Agency

Re: [Xen-devel] [PATCH v2 1/2] vtpm: deep quote flags

On 04/14/2015 05:08 AM, Emil Condrea wrote: Currently, the flags are not interpreted by vTPM. They are just packed and sent to vtpmmgr. Signed-off-by: Emil Condrea emilcond...@gmail.com Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov [...] +- res = TPM_DeepQuote(nonce, myPCR, ptPCR

Re: [Xen-devel] [PATCH v6 2/5] sysctl: Add sysctl interface for querying PCI topology

On 04/06/2015 06:12 PM, Boris Ostrovsky wrote: Signed-off-by: Boris Ostrovsky boris.ostrov...@oracle.com. Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 2/2] vtpmmgr: execute deep quote in locality 0

On 04/07/2015 03:12 AM, Emil Condrea wrote: On Mon, Apr 6, 2015 at 6:49 PM, Daniel De Graaf dgde...@tycho.nsa.gov wrote: On 04/05/2015 07:09 AM, Emil Condrea wrote: Enables deep quote execution for vtpmmgr which can not be started using locality 2. The VTPM_ORD_GET_QUOTE command is backwards

Re: [Xen-devel] [PATCH v4 25/33] xen/xsm: Add helpers to check permission for device tree passthrough

julien.gr...@linaro.org Looks good to me with one assumption below. Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov [...] diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c index b1a4f8a..31bc702 100644 --- a/xen/xsm/flask/avc.c +++ b/xen/xsm/flask/avc.c @@ -600,6 +600,9 @@ void avc_audit

Re: [Xen-devel] [PATCH] flask: Update XEN_SYSCTL_cputopoinfo name

Ostrovsky boris.ostrov...@oracle.com Reported-by: Wei Liu wei.l...@citrix.com Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

[Xen-devel] [PATCH v3 0/3] Xen/FLASK policy updates for device contexts

In order to support assigning security lables to ARM device tree nodes in Xen's XSM policy, a new ocontext type is needed in the security policy. In addition to adding the new ocontext, the existing I/O memory range ocontext is expanded to 64 bits in order to support hardware with more than 44

[Xen-devel] [PATCH 3/3] libsepol, checkpolicy: add device tree ocontext nodes to Xen policy

In Xen on ARM, device tree nodes identified by a path (string) need to be labeled by the security policy. Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- checkpolicy/policy_define.c| 55 + checkpolicy/policy_define.h| 1

[Xen-devel] [PATCH 1/3] checkpolicy: Expand allowed character set in paths

In order to support paths containing spaces or other characters, allow a quoted string with these characters to be parsed as a path in addition to the existing unquoted string. Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- checkpolicy/policy_parse.y | 3 +++ checkpolicy/policy_scan.l

[Xen-devel] [PATCH 2/3] libsepol, checkpolicy: widen Xen IOMEM ocontext entries

SELinux policy compatibility entry was added in order to avoid breaking compilation of an SELinux policy without explicitly specifying the policy version. Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- checkpolicy/policy_define.c| 11 +- checkpolicy

Re: [Xen-devel] [PATCH v2] xsm: add device tree labeling support

, so I don't really want to do that without a good reason. -- Daniel De Graaf National Security Agency ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 5/6] xsm: add CAT related xsm policies

On 03/13/2015 06:13 AM, Chao Peng wrote: Add xsm policies for Cache Allocation Technology(CAT) related hypercalls to restrict the functions visibility to control domain only. Signed-off-by: Chao Peng chao.p.p...@linux.intel.com Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov

[Xen-devel] [PATCH 0/4] Xen/FLASK policy updates for device contexts

In order to support assigning security lables to ARM device tree nodes in Xen's XSM policy, a new ocontext type is needed in the security policy. This addition requires a new policy version for Xen. In order to keep the build process for Xen policy sane, a method of determining the highest Xen

[Xen-devel] [PATCH 4/4] checkpolicy: Expand allowed character set in paths

In order to support paths containing spaces or other characters, allow a quoted string with these characters to be parsed as a path in addition to the existing unquoted string. Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- checkpolicy/policy_parse.y | 3 +++ checkpolicy/policy_scan.l

[Xen-devel] [PATCH 1/4] Expand Xen IOMEMCON to 64 bits

This change is required to support static I/O memory range labeling for systems with over 16TB of physical address space. Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- checkpolicy/policy_define.c| 6 +++--- checkpolicy/policy_define.h| 2

Re: [Xen-devel] [PATCH 2/4] Add device tree ocontext nodes to Xen policy

On 03/12/2015 01:27 PM, Julien Grall wrote: Hi Daniel, On 12/03/15 17:12, Daniel De Graaf wrote: ; +dtree_context_def : DEVICETREECON path security_context_def + {if (define_devicetree_context()) return -1

[Xen-devel] [PATCH 3/4] checkpolicy: add output for Xen policy version support

due to the Xen policy having a different maximum version number. Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- checkpolicy/checkpolicy.c | 59 ++ libsepol/include/sepol/policydb/policydb.h | 9 +++-- 2 files changed, 49 insertions(+), 19

[Xen-devel] [PATCH] xsm: add device tree labeling support

This adds support in the hypervisor and policy build toolchain for Xen/Flask policy version 25, which adds the ability to label ARM device tree nodes and expands the IOMEM ocontext entries to 64 bits. Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- Note: Actually using the features

Re: [Xen-devel] [PATCH] xsm: add device tree labeling support

On 03/12/2015 01:13 PM, Daniel De Graaf wrote: This adds support in the hypervisor and policy build toolchain for Xen/Flask policy version 25, which adds the ability to label ARM device tree nodes and expands the IOMEM ocontext entries to 64 bits. Signed-off-by: Daniel De Graaf dgde

[Xen-devel] [PATCH 1/3] checkpolicy: Expand allowed character set in paths

In order to support paths containing spaces or other characters, allow a quoted string with these characters to be parsed as a path in addition to the existing unquoted string. Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- checkpolicy/policy_parse.y | 3 +++ checkpolicy/policy_scan.l

[Xen-devel] [PATCH 2/3] libsepol, checkpolicy: widen Xen IOMEM ocontext entries

SELinux policy compatibility entry was added in order to avoid breaking compilation of an SELinux policy without explicitly specifying the policy version. Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- checkpolicy/policy_define.c| 6 +++--- checkpolicy/policy_define.h

[Xen-devel] [PATCH 3/3] libsepol, checkpolicy: add device tree ocontext nodes to Xen policy

In Xen on ARM, device tree nodes identified by a path (string) need to be labeled by the security policy. Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- checkpolicy/policy_define.c| 55 + checkpolicy/policy_define.h| 1

[Xen-devel] [PATCH v2] xsm: add device tree labeling support

This adds support in the hypervisor and policy build toolchain for Xen/Flask policy version 30, which adds the ability to label ARM device tree nodes and expands the IOMEM ocontext entries to 64 bits. Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- tools/flask/policy/Makefile

[Xen-devel] [PATCH v2 0/3] Xen/FLASK policy updates for device contexts

In order to support assigning security lables to ARM device tree nodes in Xen's XSM policy, a new ocontext type is needed in the security policy. In addition to adding the new ocontext, the existing I/O memory range ocontext is expanded to 64 bits in order to support hardware with more than 44

[Xen-devel] [PATCH] flask/policy: fix static device labeling examples

some directions about using the xen policy type in checkpolicy which is no longer needed. Reported-by: Julien Grall julien.gr...@linaro.org Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- docs/misc/xsm-flask.txt | 31 +++ tools/flask/policy

Re: [Xen-devel] [PATCH v3 20/24] xen/passthrough: Extend XEN_DOMCTL_assign_device to support DT device

On 03/10/2015 12:52 PM, Julien Grall wrote: Hi Daniel, On 23/02/15 16:25, Daniel De Graaf wrote: On 02/20/2015 12:17 PM, Ian Campbell wrote: On Tue, 2015-01-13 at 14:25 +, Julien Grall wrote: TODO: Update the commit message A device node is described by a path. It will be used

Re: [Xen-devel] [PATCH v3 20/24] xen/passthrough: Extend XEN_DOMCTL_assign_device to support DT device

On 03/10/2015 07:07 PM, Julien Grall wrote: Hi Daniel, On 10/03/2015 22:45, Daniel De Graaf wrote: BTW, do you have any pointer on how to write a policy for device/IRQ passthrough? There is a bit of documentation in xsm-flask.txt about device labeling, which is the hard part of making

Re: [Xen-devel] vTPM Deep Quote validation

? It is useful to be able to ask for the current value of both physical and virtual PCRs in a single atomic operation. Including the value of all PCRs in the response could make the reply packet too large (which is part of the reason why TPM_Quote2 removed them). -- Daniel De Graaf National Security Agency

Re: [Xen-devel] vTPM Deep Quote validation

On 03/09/2015 11:58 AM, Emil Condrea wrote: On Mon, Mar 9, 2015 at 4:40 PM, Daniel De Graaf dgde...@tycho.nsa.gov wrote: On 03/08/2015 07:41 AM, Emil Condrea wrote: I am trying to validate a Deep Quote request made by domU but I feel that something is missing. Right now when a domU requests

Re: [Xen-devel] [PATCH 2/2] flask: create unified flask= boot parameter

On 03/06/2015 07:22 AM, Wei Liu wrote: On Tue, Mar 03, 2015 at 12:00:19PM -0500, Daniel De Graaf wrote: [...] diff --git a/docs/man/xl.pod.1 b/docs/man/xl.pod.1 index 6b89ba8..48b8f98 100644 --- a/docs/man/xl.pod.1 +++ b/docs/man/xl.pod.1 @@ -1441,8 +1441,8 @@ Determine if the FLASK security

[Xen-devel] [PATCH v4 0/2] flask: Handle policy load failures properly

Chagnes from v3: - Moved documentation to xen-command-line.markdown Changes from v2: - Add flask= parameter and split off cleanup patch [PATCH 1/2] flask: clean up initialization and #defines [PATCH 2/2] flask: create unified flask= boot parameter

[Xen-devel] [PATCH 1/2] flask: clean up initialization and #defines

parameter. This also changes the return type of xsm_initcall_t to void to properly reflect the fact that the caller ignores the return value. Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov Reviewed-by: Wei Liu wei.l...@citrix.com --- xen/include/xen/config.h | 4 xen/include/xsm

Re: [Xen-devel] [PATCH] xsm/policy: remove gawk-ism line in Makefile

On 03/03/2015 07:44 AM, Wei Liu wrote: Translate gawk regex to mawk regex to allow using mawk. The new regex works on both gawk and mawk. Signed-off-by: Wei Liu wei.l...@citrix.com Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov ___ Xen-devel

[Xen-devel] [PATCH 2/2] flask: create unified flask= boot parameter

in enforcing mode if present, but errors will disable access controls until a successful loadpolicy instead of causing a panic at boot. Suggested-by: Julien Grall julien.gr...@linaro.org Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- docs/man/xl.pod.1| 4 ++-- docs/misc/xsm

[Xen-devel] [PATCH v3 0/2] flask: Handle policy load failures properly

This series has changed quite a bit from v2; the focus has changed from fixing the behavior on failed policy loads to adding the flask= boot parameter. The first patch, which is purely cleanup with no functional changes, was extracted to simplify review. [PATCH 1/2] flask: clean up

[Xen-devel] [PATCH 1/2] flask: clean up initialization and #defines

parameter. This also changes the return type of xsm_initcall_t to void to properly reflect the fact that the caller ignores the return value. Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- xen/include/xen/config.h | 4 xen/include/xsm/xsm.h| 2 +- xen/xsm/flask

Re: [Xen-devel] [PATCH v2] xsm/flask: Handle policy load failures properly

useless marker messages Flask: Initializing. and AVC INITIALIZED; they convey no useful information. -- Daniel De Graaf National Security Agency ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly

On 02/24/2015 05:21 AM, Ian Campbell wrote: On Tue, 2015-02-24 at 09:51 +, Julien Grall wrote: On 24/02/2015 09:39, Ian Campbell wrote: On Tue, 2015-02-24 at 09:31 +, Julien Grall wrote: On 24/02/2015 08:47, Ian Campbell wrote: On Mon, 2015-02-23 at 12:53 -0500, Daniel De Graaf

Re: [Xen-devel] [PATCH] xen/xsm: Generate the permission in a spec-compliant way

On 02/23/2015 10:04 AM, Julien Grall wrote: Hi Daniel, On 20/02/15 23:01, Daniel De Graaf wrote: On 02/20/2015 10:58 AM, Julien Grall wrote: Each class can contains 32 permisions which are encoded on a word (one bit per permission). Currently the awk script will generate an hexadecimal value

[Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly

from a successful policy load in logs. To clarify that the return value of XSM initcalls is ignored, this patch also changes the return type of these functions to void. Reported-by: Julien Grall julien.gr...@linaro.org Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov --- xen/include/xsm/xsm.h

Re: [Xen-devel] [PATCH v3 20/24] xen/passthrough: Extend XEN_DOMCTL_assign_device to support DT device

way as PCI devices and x86 legacy I/O ports. -- Daniel De Graaf National Security Agency ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH] xen/xsm: Generate the permission in a spec-compliant way

nobody ran the script on a system with this bug - in part because nobody ran Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov Wow, that's quite an annoying bug. Thankfully, it's more likely to make a broken system than an insecure one, since doing an access check on the permission 0x7fff

Re: [Xen-devel] [PATCH V4 08/13] xen: Introduce monitor_op domctl

on which future applications can build on. Suggested-by: Andrew Cooper andrew.coop...@citrix.com Signed-off-by: Tamas K Lengyel tamas.leng...@zentific.com Acked-by: Ian Campbell ian.campb...@citrix.com Acked-by: Kevin Tian kevin.t...@intel.com One minor typo, then: Acked-by: Daniel De Graaf dgde

Re: [Xen-devel] [PATCH V4 05/13] xen: Rename mem_event to vm_event

for off-loading the decision making logic into helper applications when encountering various events during a VM's execution. Signed-off-by: Tamas K Lengyel tamas.leng...@zentific.com Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov ___ Xen-devel mailing list

Re: [Xen-devel] [PATCH V4 12/13] xen/xsm: Split vm_event_op into three separate labels

separate labels for each of these memops. Signed-off-by: Tamas K Lengyel tamas.leng...@zentific.com Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov -- Daniel De Graaf National Security Agency ___ Xen-devel mailing list Xen-devel@lists.xen.org http

Re: [Xen-devel] [PATCH V4 10/13] xen/vm_event: Decouple vm_event and mem_access.

. Otherwise: Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

Re: [Xen-devel] [RFC PATCH V3 07/12] xen: Remove mem_event

/mem_event.h delete mode 100644 xen/include/xen/mem_event.h You should also remove mem_event from xen/xsm/flask/policy/access_vectors in this patch. -- Daniel De Graaf National Security Agency ___ Xen-devel mailing list Xen-devel@lists.xen.org http

Re: [Xen-devel] [PATCH] time: widen wallclock seconds to 64 bits

dropped. Signed-off-by: Jan Beulich jbeul...@suse.com Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH v4 00/14] Enable vTPM subsystem on TPM 2.0

2.0 is not backward compatible with TPM 1.2. Updates from v3 all look good, all patches in this series: Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov PS: If you need to re-post this in the future, you should add that line below the signed-off-by on the unchanged patches, so that it is clear

Re: [Xen-devel] [PATCH v3 01/24] xen: Extend DOMCTL createdomain to support arch configuration

the previously DOMCTL arm_configure_domain introduced in Xen 4.5, as it has been made useless. Signed-off-by: Julien Grall julien.gr...@linaro.org Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov ___ Xen-devel mailing list Xen-devel@lists.xen.org http

Re: [Xen-devel] [PATCH v3 04/24] xen: guestcopy: Provide an helper to safely copy string from guest

into safe_copy_string_from_guest - Add comment to explain the extra +1 - Return directly the buffer and use the macros provided by xen/err.h to return an error code if necessary. Signed-off-by: Julien Grall julien.gr...@linaro.org Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov

Re: [Xen-devel] [PATCH v3 09/14] vTPM/TPM2: Support 'tpm2' extra command line.

with tpm2. If you also want to support tpm2=1, then checking for that explicitly is preferred. Currently, tpm2=0 will enable the tpm2 driver, which is confusing. -- Daniel De Graaf National Security Agency ___ Xen-devel mailing list Xen-devel

<    1   2   3   4   >