From nobody Sun Feb 8 22:58:05 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) ARC-Seal: i=2; a=rsa-sha256; t=1631290413; cv=pass; d=zohomail.com; s=zohoarc; b=JVM4vllILfH0rBOLdPtnfA4qjcvjIRiBRW5LIHT3olNx8xPx9zWTT+Gmwpapu3h0fMpxDXL6u/gKxXzjqASFt3+JWa6awyz2VECUS79eLArhTlytLQ8t4YXNUUu0CIxjaQnlw/ygPTgoAb3bqEiV5u4b2pMdMdL0w8NHBhGngZQ= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631290413; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=R9fWktmmlY/XpFnqpgzdSmnNqMw4SOU1eoy5oHGQ8QI=; b=e1E+W63S2Dwh6Hfz2Hx1knnSByWEy+QFfdPZdPwXqloIeC8MKNC7I/iV0u4MyRa6LE+ym9U2P6DFgsw1P9GDKbQmzcppciRjilJZPVIq+8uuALK8xPh0MdotojD+MNaiXCyDpoECVKq0uylrsmvpQ3X7jCIxgKQeu5HTGerhaPE= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1631290413303683.6650191498677; Fri, 10 Sep 2021 09:13:33 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.184580.333290 (Exim 4.92) (envelope-from ) id 1mOj9T-00077e-L3; Fri, 10 Sep 2021 16:13:19 +0000 Received: by outflank-mailman (output) from mailman id 184580.333290; Fri, 10 Sep 2021 16:13:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOj9T-00077X-HH; Fri, 10 Sep 2021 16:13:19 +0000 Received: by outflank-mailman (input) for mailman id 184580; Fri, 10 Sep 2021 16:13:18 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOj9S-00075v-GJ for xen-devel@lists.xenproject.org; Fri, 10 Sep 2021 16:13:18 +0000 Received: from sender4-of-o51.zoho.com (unknown [136.143.188.51]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 87d67a80-b29d-4c26-8405-e69cb21b773d; Fri, 10 Sep 2021 16:13:17 +0000 (UTC) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1631290374880385.695511741147; Fri, 10 Sep 2021 09:12:54 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 87d67a80-b29d-4c26-8405-e69cb21b773d ARC-Seal: i=1; a=rsa-sha256; t=1631290378; cv=none; d=zohomail.com; s=zohoarc; b=eftcgl6WBbiBfHcWeuvjVd4/qZ8X9u42X6fasPZ2qPXlTG5r79DCz37iXh9nVOyHnh2aIeLDypzdcder0sgkQDVF74Y4EBY3u1uBiMw1pxUsM62nD3CWHluaOLahdf8NobOM/cYLzallBx1Z795TJ4F3YKKziz5jmO966aQRxJ0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631290378; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=R9fWktmmlY/XpFnqpgzdSmnNqMw4SOU1eoy5oHGQ8QI=; b=Ujk8UKtyRxBcHSK/03ujSNKhs/hpyY21D+xMAp3nYgi88uHY0Mjh23oMSt9/FCeW01AE8cJT5bfRoDd/i+Y0nhZ6Yor9I7HsEVHCk1b52LRBcKuyWuFDCqdWNTTOBNIeYFgv8q5ebopnqfUnDacmMCMlZIBh1+qC9IEt7LFQT64= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1631290378; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding; bh=R9fWktmmlY/XpFnqpgzdSmnNqMw4SOU1eoy5oHGQ8QI=; b=ZhTDnfQS85Ean6yaJtku37HJH9WA+GP+D5wzSnLVtH/8J+WDzntUuwhurhi46EtE 4oXYXm6XpoVuCltFirV+sDBQDvBORsxhaAueSG46Pj3rkwdgs3AY541ovPbAgQp08zC gUbXLZTU0FO9sJguuuYTz5TCQNxk7Q1OVHN8hQUM= From: "Daniel P. Smith" To: "Daniel P. Smith" , xen-devel@lists.xenproject.org Cc: Andrew Cooper , George Dunlap , Ian Jackson , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu , Daniel De Graaf Subject: [PATCH v6 02/10] xsm: remove the ability to disable flask Date: Fri, 10 Sep 2021 16:12:57 -0400 Message-Id: <20210910201305.32526-3-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210910201305.32526-1-dpsmith@apertussolutions.com> References: <20210910201305.32526-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-ZohoMail-DKIM: pass (identity dpsmith@apertussolutions.com) X-ZM-MESSAGEID: 1631290414010100001 Content-Type: text/plain; charset="utf-8" On Linux when SELinux is put into permissive mode the descretionary access controls are still in place. Whereas for Xen when the enforcing state of fl= ask is set to permissive, all operations for all domains would succeed, i.e. it does not fall back to the default access controls. To provide a means to mi= mic a similar but not equivalent behavior, a flask op is present to allow a one-time switch back to the default access controls, aka the "dummy policy". While this may be desirable for an OS, Xen is a hypervisor and should not a= llow the switching of which security policy framework is being enforced after bo= ot. This patch removes the flask op to enforce the desired XSM usage model requiring a reboot of Xen to change the XSM policy module in use. Signed-off-by: Daniel P. Smith Acked-by: Andrew Cooper --- xen/include/public/xsm/flask_op.h | 2 +- xen/xsm/flask/flask_op.c | 30 ------------------------------ 2 files changed, 1 insertion(+), 31 deletions(-) diff --git a/xen/include/public/xsm/flask_op.h b/xen/include/public/xsm/fla= sk_op.h index 16af7bc22f..b41dd6dac8 100644 --- a/xen/include/public/xsm/flask_op.h +++ b/xen/include/public/xsm/flask_op.h @@ -188,7 +188,7 @@ struct xen_flask_op { #define FLASK_SETBOOL 12 #define FLASK_COMMITBOOLS 13 #define FLASK_MLS 14 -#define FLASK_DISABLE 15 +#define FLASK_DISABLE 15 /* No longer implemented */ #define FLASK_GETAVC_THRESHOLD 16 #define FLASK_SETAVC_THRESHOLD 17 #define FLASK_AVC_HASHSTATS 18 diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index 01e52138a1..f41c025391 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -223,32 +223,6 @@ static int flask_security_sid(struct xen_flask_sid_con= text *arg) =20 #ifndef COMPAT =20 -static int flask_disable(void) -{ - static int flask_disabled =3D 0; - - if ( ss_initialized ) - { - /* Not permitted after initial policy load. */ - return -EINVAL; - } - - if ( flask_disabled ) - { - /* Only do this once. */ - return -EINVAL; - } - - printk("Flask: Disabled at runtime.\n"); - - flask_disabled =3D 1; - - /* Reset xsm_ops to the original module. */ - xsm_ops =3D &dummy_xsm_ops; - - return 0; -} - static int flask_security_setavc_threshold(struct xen_flask_setavc_thresho= ld *arg) { int rv =3D 0; @@ -698,10 +672,6 @@ ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_f= lask_op) rv =3D flask_mls_enabled; break; =20 =20 - case FLASK_DISABLE: - rv =3D flask_disable(); - break; - case FLASK_GETAVC_THRESHOLD: rv =3D avc_cache_threshold; break; --=20 2.20.1