From 0e19f276cf127ec118ef122d4934c845c5fc99a7 Mon Sep 17 00:00:00 2001
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Date: Thu, 9 Feb 2012 18:25:15 +0000
Subject: [PATCH] libxl: Add device_model_stubdomain_seclabel

This allows the security label of stub domains to be specified.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
---
 docs/man/xl.cfg.pod.5       |  4 ++++
 tools/libxl/libxl_dm.c      |  1 +
 tools/libxl/libxl_types.idl |  1 +
 tools/libxl/xl_cmdimpl.c    | 15 +++++++++++++++
 4 files changed, 21 insertions(+)

diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5
index 9d90290cc1..8f171b4e3c 100644
--- a/docs/man/xl.cfg.pod.5
+++ b/docs/man/xl.cfg.pod.5
@@ -789,6 +789,10 @@ Override the use of stubdomain based device-model.  Normally this will
 be automatically selected based upon the other features and options
 you have selected.
 
+=item B<device_model_stubdomain_seclabel="LABEL">
+
+Assign an XSM security label to the device-model stubdomain.
+
 =item B<device_model_args=[ "ARG", "ARG", ...]>
 
 Pass additional arbitrary options on the devide-model command
diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c
index 5fec137afc..e99d173ef0 100644
--- a/tools/libxl/libxl_dm.c
+++ b/tools/libxl/libxl_dm.c
@@ -703,6 +703,7 @@ static int libxl__create_stubdom(libxl__gc *gc,
     dm_config.c_info.type = LIBXL_DOMAIN_TYPE_PV;
     dm_config.c_info.name = libxl__sprintf(gc, "%s-dm",
                                     libxl__domid_to_name(gc, guest_domid));
+    dm_config.c_info.ssidref = guest_config->b_info.device_model_ssidref;
 
     libxl_uuid_generate(&dm_config.c_info.uuid);
 
diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl
index 3c24626d8e..b77bc651d8 100644
--- a/tools/libxl/libxl_types.idl
+++ b/tools/libxl/libxl_types.idl
@@ -217,6 +217,7 @@ libxl_domain_build_info = Struct("domain_build_info",[
     ("device_model_stubdomain", bool),
     # you set device_model you must set device_model_version too
     ("device_model",     string),
+    ("device_model_ssidref", uint32),
 
     # extra parameters pass directly to qemu, NULL terminated
     ("extra",            libxl_string_list),
diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c
index f10c20c6b4..df0980e361 100644
--- a/tools/libxl/xl_cmdimpl.c
+++ b/tools/libxl/xl_cmdimpl.c
@@ -1134,6 +1134,21 @@ skip_vfb:
     if (!xlu_cfg_get_long (config, "device_model_stubdomain_override", &l, 0))
         b_info->device_model_stubdomain = l;
 
+    if (!xlu_cfg_get_string (config, "device_model_stubdomain_seclabel",
+                             &buf, 0)) {
+        e = libxl_flask_context_to_sid(ctx, (char *)buf, strlen(buf),
+                                    &b_info->device_model_ssidref);
+        if (e) {
+            if (errno == ENOSYS) {
+                fprintf(stderr, "XSM Disabled:"
+                        " device_model_stubdomain_seclabel not supported\n");
+            } else {
+                fprintf(stderr, "Invalid device_model_stubdomain_seclabel:"
+                        " %s\n", buf);
+                exit(1);
+            }
+        }
+    }
 #define parse_extra_args(type)                                            \
     e = xlu_cfg_get_list_as_string_list(config, "device_model_args"#type, \
                                     &b_info->extra##type, 0);            \
-- 
2.30.2