From nobody Sun Feb 8 03:11:32 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) ARC-Seal: i=2; a=rsa-sha256; t=1628172482; cv=pass; d=zohomail.com; s=zohoarc; b=TFkRiJLiTPIUUNorzvEO08E2qRgumpnON8F5l9cL3RiLazIC/xC8jDYgBJ9EuvvClU+TLqAGM6q+sy8u3bhEcZUM/XpNBOfkqySi9iOvMJyAmag9ohWrj7CFoDZbh85DHnJxHekOBlRnh8ZAkjjVxaecZ22NkGZBvCxYgoOZT98= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628172482; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=oBtJAYzQJ3xOPC4nmZs464PFZEvqwBEbkKJJO08ZKyQ=; b=SV9YvTmhRSP8oCXNZNAEYPM52CEn5ca/3XY30FUAWnAoGjl83l5Lbd6MJtv6qNU/xZvn2kWtK/zGxa+Ob9Y0xoxoW29C/1n46BjhuGuGH4RO9nUUFrkRyl7QSHaI53GQoE/2npuknImhjxc/guwlVGJB4A9RkZr10+s6cCd338E= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1628172482411822.6644822329663; Thu, 5 Aug 2021 07:08:02 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.164252.300517 (Exim 4.92) (envelope-from ) id 1mBe2H-00029u-D5; Thu, 05 Aug 2021 14:07:49 +0000 Received: by outflank-mailman (output) from mailman id 164252.300517; Thu, 05 Aug 2021 14:07:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mBe2H-00029n-99; Thu, 05 Aug 2021 14:07:49 +0000 Received: by outflank-mailman (input) for mailman id 164252; Thu, 05 Aug 2021 14:07:48 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mBe2G-0001zB-Da for xen-devel@lists.xenproject.org; Thu, 05 Aug 2021 14:07:48 +0000 Received: from sender4-of-o51.zoho.com (unknown [136.143.188.51]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 184f06bb-dc13-495d-9fc9-36a59ee35e1c; Thu, 05 Aug 2021 14:07:47 +0000 (UTC) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 162817244586698.78117808058039; Thu, 5 Aug 2021 07:07:25 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 184f06bb-dc13-495d-9fc9-36a59ee35e1c ARC-Seal: i=1; a=rsa-sha256; t=1628172453; cv=none; d=zohomail.com; s=zohoarc; b=LrgabP+/WrfB8/58NDSrdZl8XfMrI1k8C5srWUD9ZOR+3kM+khDUIv+kAmM4hsOEbXXfPwLI5IcY3mpNrewnZcJXUvMGjcDSRZAfi+tIhXUHPbqDn9q8lv+fuzUMsN5lZd9LpujYeBcMUzW8+vgXYd89EAHm8UBpRNp5WS2JVC8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628172453; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=oBtJAYzQJ3xOPC4nmZs464PFZEvqwBEbkKJJO08ZKyQ=; b=PKSUS4+JnBYPN4X/yoVRQ26POggrQjg3stq6DVXQ59KT6UISdT/IuXd5KSoceOBzJWmOr+R/Q72uqmXwcHO0N2LV+ticzAMtEDPnxl1efKEvGkUCGxbdsHfXegHD9EIoR3p8aXXjqRamLMO7JT+ZAl6vntNYoaAFf7J1LH2A7P8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1628172453; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding; bh=oBtJAYzQJ3xOPC4nmZs464PFZEvqwBEbkKJJO08ZKyQ=; b=XB3STg4hlk3olDoIWK5H3yvE3dgP/2j8c4oAPcGn9VhsYe1tAe3Nmw+nPcv4cGL1 wNRqXS8mI+vQ/uQCqlTE5klTl8k6wE4bxzQoukuA5FOLgPAjAuQlsWHF3NjPaarFXAY bZM3KlARlDVJfwdfcTVY0HocNEL1wbJuXZL8j8Jo= From: "Daniel P. Smith" To: "Daniel P. Smith" , xen-devel@lists.xenproject.org Cc: Andrew Cooper , George Dunlap , Ian Jackson , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu , Daniel De Graaf Subject: [PATCH v3 2/7] xsm: remove the ability to disable flask Date: Thu, 5 Aug 2021 10:06:39 -0400 Message-Id: <20210805140644.357-3-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210805140644.357-1-dpsmith@apertussolutions.com> References: <20210805140644.357-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-ZohoMail-DKIM: pass (identity dpsmith@apertussolutions.com) X-ZM-MESSAGEID: 1628172483780100003 Content-Type: text/plain; charset="utf-8" On Linux when SELinux is put into permissive mode the descretionary access controls are still in place. Whereas for Xen when the enforcing state of fl= ask is set to permissive, all operations for all domains would succeed, i.e. it does not fall back to the default access controls. To provide a means to mi= mic a similar but not equivalent behavior, a flask op is present to allow a one-time switch back to the default access controls, aka the "dummy policy". This patch removes this flask op to enforce a consistent XSM usage model th= at a reboot of Xen is required to change the XSM policy module in use. Signed-off-by: Daniel P. Smith --- xen/include/public/xsm/flask_op.h | 2 +- xen/xsm/flask/flask_op.c | 30 ------------------------------ 2 files changed, 1 insertion(+), 31 deletions(-) diff --git a/xen/include/public/xsm/flask_op.h b/xen/include/public/xsm/fla= sk_op.h index 16af7bc22f..b41dd6dac8 100644 --- a/xen/include/public/xsm/flask_op.h +++ b/xen/include/public/xsm/flask_op.h @@ -188,7 +188,7 @@ struct xen_flask_op { #define FLASK_SETBOOL 12 #define FLASK_COMMITBOOLS 13 #define FLASK_MLS 14 -#define FLASK_DISABLE 15 +#define FLASK_DISABLE 15 /* No longer implemented */ #define FLASK_GETAVC_THRESHOLD 16 #define FLASK_SETAVC_THRESHOLD 17 #define FLASK_AVC_HASHSTATS 18 diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index 01e52138a1..f41c025391 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -223,32 +223,6 @@ static int flask_security_sid(struct xen_flask_sid_con= text *arg) =20 #ifndef COMPAT =20 -static int flask_disable(void) -{ - static int flask_disabled =3D 0; - - if ( ss_initialized ) - { - /* Not permitted after initial policy load. */ - return -EINVAL; - } - - if ( flask_disabled ) - { - /* Only do this once. */ - return -EINVAL; - } - - printk("Flask: Disabled at runtime.\n"); - - flask_disabled =3D 1; - - /* Reset xsm_ops to the original module. */ - xsm_ops =3D &dummy_xsm_ops; - - return 0; -} - static int flask_security_setavc_threshold(struct xen_flask_setavc_thresho= ld *arg) { int rv =3D 0; @@ -698,10 +672,6 @@ ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_f= lask_op) rv =3D flask_mls_enabled; break; =20 =20 - case FLASK_DISABLE: - rv =3D flask_disable(); - break; - case FLASK_GETAVC_THRESHOLD: rv =3D avc_cache_threshold; break; --=20 2.20.1