From: Daniel De Graaf Date: Wed, 20 May 2015 14:38:59 +0000 (+0100) Subject: flask/policy: add initial SIDs for domU/domDM X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~3180 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=926158e2a14ff5b7edc6e32ce332efff52d1d17b;p=xen.git flask/policy: add initial SIDs for domU/domDM Add default security contexts to the XSM policy for use by the toolstack when a domain is created without specifying an explicit security label. Signed-off-by: Daniel De Graaf Acked-by: Ian Campbell --- diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt index d63a8a7e05..7249f402c3 100644 --- a/docs/misc/xsm-flask.txt +++ b/docs/misc/xsm-flask.txt @@ -213,9 +213,9 @@ that can be used without dom0 disaggregation. The main types for domUs are: - nomigrate_t is a domain that must be created via the nomigrate_t_building type, and whose memory cannot be read by dom0 once created -HVM domains with stubdomain device models use two types (one per domain): - - domHVM_t is an HVM domain that uses a stubdomain device model - - dm_dom_t is the device model for a domain with type domHVM_t +HVM domains with stubdomain device models also need a type for the stub domain. +The example policy defines dm_dom_t for the device model of a domU_t domain; +there are no device model types defined for the other domU types. One disadvantage of using type enforcement to enforce isolation is that a new type is needed for each group of domains. The user field can be used to address diff --git a/tools/flask/policy/policy/initial_sids b/tools/flask/policy/policy/initial_sids index 5de0bbf7c2..6b7b7eff21 100644 --- a/tools/flask/policy/policy/initial_sids +++ b/tools/flask/policy/policy/initial_sids @@ -12,3 +12,7 @@ sid irq gen_context(system_u:object_r:irq_t,s0) sid iomem gen_context(system_u:object_r:iomem_t,s0) sid ioport gen_context(system_u:object_r:ioport_t,s0) sid device gen_context(system_u:object_r:device_t,s0) + +# Initial SIDs used by the toolstack for domains without defined labels +sid domU gen_context(system_u:system_r:domU_t,s0) +sid domDM gen_context(system_u:system_r:dm_dom_t,s0) diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te index e555d11e71..ce70639275 100644 --- a/tools/flask/policy/policy/modules/xen/xen.te +++ b/tools/flask/policy/policy/modules/xen/xen.te @@ -151,18 +151,13 @@ domain_comms(domU_t, prot_domU_t) domain_comms(prot_domU_t, prot_domU_t) domain_self_comms(prot_domU_t) -# domHVM_t is meant to be paired with a qemu-dm stub domain of type dm_dom_t -declare_domain(domHVM_t) -create_domain(dom0_t, domHVM_t) -manage_domain(dom0_t, domHVM_t) -domain_comms(dom0_t, domHVM_t) -domain_self_comms(domHVM_t) - +# Device model for domU_t. You can define distinct types for device models for +# domains of other types, or add more make_device_model lines for this type. declare_domain(dm_dom_t) create_domain(dom0_t, dm_dom_t) manage_domain(dom0_t, dm_dom_t) domain_comms(dom0_t, dm_dom_t) -make_device_model(dom0_t, dm_dom_t, domHVM_t) +make_device_model(dom0_t, dm_dom_t, domU_t) # nomigrate_t must be built via the nomigrate_t_building label; once built, # dom0 cannot read its memory. diff --git a/xen/xsm/flask/policy/initial_sids b/xen/xsm/flask/policy/initial_sids index e508bde976..7eca70d339 100644 --- a/xen/xsm/flask/policy/initial_sids +++ b/xen/xsm/flask/policy/initial_sids @@ -13,4 +13,6 @@ sid ioport sid iomem sid irq sid device +sid domU +sid domDM # FLASK