From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Date: Fri, 11 Jan 2013 10:37:10 +0000 (+0000)
Subject: xsm/flask: Add checks on the domain performing the set_target operation
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~7450^2~13
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=2b7a98eed8069cb6fe1b967236d80d0a8cf2913e;p=xen.git

xsm/flask: Add checks on the domain performing the set_target operation

The existing domain__set_target check only verifies that the source
and target domains can be associated. We also need to check that the
privileged domain making this association is allowed to do so.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
---

diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 63f936b420..c2a1de034c 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -577,6 +577,13 @@ static int flask_domain_settime(struct domain *d)
 
 static int flask_set_target(struct domain *d, struct domain *e)
 {
+    int rc;
+    rc = domain_has_perm(current->domain, d, SECCLASS_DOMAIN2, DOMAIN2__MAKE_PRIV_FOR);
+    if ( rc )
+        return rc;
+    rc = domain_has_perm(current->domain, e, SECCLASS_DOMAIN2, DOMAIN2__SET_AS_TARGET);
+    if ( rc )
+        return rc;
     return domain_has_perm(d, e, SECCLASS_DOMAIN, DOMAIN__SET_TARGET);
 }
 
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
index c7e29abb32..11d02da49f 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -78,6 +78,8 @@ class domain2
 	relabelfrom
 	relabelto
 	relabelself
+	make_priv_for
+	set_as_target
 }
 
 class hvm