From nobody Fri May 17 03:12:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) ARC-Seal: i=2; a=rsa-sha256; t=1650493768; cv=pass; d=zohomail.com; s=zohoarc; b=crCQx3/ZCRnUNtTkgCbB0N8dFuRfcQ8GRt0AOY0aenzC3A1P9RdWiXYzuWihpJlZDcALZEiOKYHwfsuGxreIvOtpQX9+Yj5ld60Ro20XlkD3U/f7aewcjRDpzJJr8FCIHgEqxTBTM/wAnLMavJTKWlP70arOF2Qf97ESuK3qvmo= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1650493768; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=TRSJFXRMakYmWB2kJyW8tPNfqEyszLPKpOq9/CBWGkU=; b=WZ3g0xqgD0E/2vxCVB6pXObzoaFHURijwNyMPS5P7PBeqOXaYK40fLdqAIvm0l4x4MQXRbT6UqF4+lxNcSFnTGWjzVN/0Z4GaPqQd9b54W+VRGaz1Mm4AngUUaSkg9WyuSU0noeKSvFSei1UexwezkaYfYPWK1fV3a01cthTslg= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1650493768767237.8918647750047; Wed, 20 Apr 2022 15:29:28 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.309629.526013 (Exim 4.92) (envelope-from ) id 1nhIoj-0004P6-Br; Wed, 20 Apr 2022 22:28:57 +0000 Received: by outflank-mailman (output) from mailman id 309629.526013; Wed, 20 Apr 2022 22:28:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhIoj-0004Oz-8O; Wed, 20 Apr 2022 22:28:57 +0000 Received: by outflank-mailman (input) for mailman id 309629; Wed, 20 Apr 2022 22:28:56 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhIoi-00048L-Du for xen-devel@lists.xenproject.org; Wed, 20 Apr 2022 22:28:56 +0000 Received: from sender4-of-o51.zoho.com (sender4-of-o51.zoho.com [136.143.188.51]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 42b9e4f9-c0f9-11ec-8fbf-03012f2f19d4; Thu, 21 Apr 2022 00:28:55 +0200 (CEST) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1650493727255817.7561172280812; Wed, 20 Apr 2022 15:28:47 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 42b9e4f9-c0f9-11ec-8fbf-03012f2f19d4 ARC-Seal: i=1; a=rsa-sha256; t=1650493728; cv=none; d=zohomail.com; s=zohoarc; b=EFEPSu5yJSYhRf8ENJBUS8f5prO7/JETT4r+LoFYW8WccbaIxd7DJvXhK1YlIczlyL0m5Yet9hnwvg/Vrdi8AMIa8FBfoC2n7DaVnukArja/C/vLL7v55NGx2Sxvrzt6XBQLxCG4bDqOEGGeKq4uM5MQ4OLP30gR2Vunuvjd9cY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1650493728; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=TRSJFXRMakYmWB2kJyW8tPNfqEyszLPKpOq9/CBWGkU=; b=WhANJIJdQwNjMjbGCa+if9sMxUNqTg5KFUpqYrxMNZyqEAZMS0BbaOzavr481OVVAkGsXYl2GSFnh4WqGCDro07uSrnoUi0/JWWGOheIlt63qQlU8QR17v8KxuSDmfQVCszpAVi84T3edAP6u7rnRjFy/0Dn7J7WVIy+rMnA1kc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1650493728; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=TRSJFXRMakYmWB2kJyW8tPNfqEyszLPKpOq9/CBWGkU=; b=CUNip+k1w4bg7wufpzBWHcLNqDqUL+XptA2Oe56QXy2J2CFRZhOPSckTBE9XPM/6 sQfI+mYbQllWmdf2j7vgct8oFITpbkXnO8XqIqPz4asUUcOgC2dFlaYiH1YjAPFpPCP vEc8OoYL/uqBKhOy+eaR8f4XSj0fpHrv6y92te1U= From: "Daniel P. Smith" To: xen-devel@lists.xenproject.org, Volodymyr Babchuk , Wei Liu , "Daniel P. Smith" Cc: scott.davis@starlab.io, jandryuk@gmail.com, Stefano Stabellini , Julien Grall , Bertrand Marquis , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , George Dunlap , Dario Faggioli , Daniel De Graaf Subject: [PATCH v2 1/2] xsm: create idle domain privieged and demote after setup Date: Wed, 20 Apr 2022 18:28:33 -0400 Message-Id: <20220420222834.5478-2-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20220420222834.5478-1-dpsmith@apertussolutions.com> References: <20220420222834.5478-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-ZohoMail-DKIM: pass (identity dpsmith@apertussolutions.com) X-ZM-MESSAGEID: 1650493770386100001 Content-Type: text/plain; charset="utf-8" There are now instances where internal hypervisor logic needs to make resou= rce allocation calls that are protectd by XSM checks. The internal hypervisor l= ogic is represented a number of system domains which by designed are represented= by non-privileged struct domain instances. To enable these logic blocks to function correctly but in a controlled manner, this commit changes the idle domain to be created as a privileged domain under the default policy, which= is inherited by the SILO policy, and demoted before transitioning to running. A new XSM hook, xsm_transition_running, is introduced to allow each XSM policy type to demote the idle domain appropriately for that policy type. For flask a stub is added to ensure that flask policy system will function correctly with this patch until flask is extended with support for starting= the idle domain privileged and properly demoting it on the call to xsm_transtion_running. Signed-off-by: Daniel P. Smith --- xen/arch/arm/setup.c | 6 ++++++ xen/arch/x86/setup.c | 6 ++++++ xen/common/sched/core.c | 7 ++++++- xen/include/xsm/dummy.h | 12 ++++++++++++ xen/include/xsm/xsm.h | 6 ++++++ xen/xsm/dummy.c | 1 + xen/xsm/flask/hooks.c | 15 +++++++++++++++ 7 files changed, 52 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index d5d0792ed4..763835aeb5 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -1048,6 +1048,12 @@ void __init start_xen(unsigned long boot_phys_offset, /* Hide UART from DOM0 if we're using it */ serial_endboot(); =20 + xsm_transition_running(); + + /* Ensure idle domain was not left privileged */ + if ( current->domain->is_privileged ) + panic("idle domain did not properly transition from setup privileg= e\n"); + system_state =3D SYS_STATE_active; =20 for_each_domain( d ) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 6f20e17892..72695dcb07 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -621,6 +621,12 @@ static void noreturn init_done(void) void *va; unsigned long start, end; =20 + xsm_transition_running(); + + /* Ensure idle domain was not left privileged */ + if ( current->domain->is_privileged ) + panic("idle domain did not properly transition from setup privileg= e\n"); + system_state =3D SYS_STATE_active; =20 domain_unpause_by_systemcontroller(dom0); diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 19ab678181..22a619e260 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -3021,7 +3021,12 @@ void __init scheduler_init(void) sched_ratelimit_us =3D SCHED_DEFAULT_RATELIMIT_US; } =20 - idle_domain =3D domain_create(DOMID_IDLE, NULL, 0); + /* + * idle dom is created privileged to ensure unrestricted access during + * setup and will be demoted by xsm_transition_running when setup is + * complete + */ + idle_domain =3D domain_create(DOMID_IDLE, NULL, CDF_privileged); BUG_ON(IS_ERR(idle_domain)); BUG_ON(nr_cpu_ids > ARRAY_SIZE(idle_vcpu)); idle_domain->vcpu =3D idle_vcpu; diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 58afc1d589..b33f0ec672 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -101,6 +101,18 @@ static always_inline int xsm_default_action( } } =20 +static XSM_INLINE void cf_check xsm_transition_running(void) +{ + struct domain *d =3D current->domain; + + if ( d->domain_id !=3D DOMID_IDLE ) + panic("xsm_transition_running should only be called by idle domain= \n"); + + d->is_privileged =3D false; + + return; +} + static XSM_INLINE void cf_check xsm_security_domaininfo( struct domain *d, struct xen_domctl_getdomaininfo *info) { diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 3e2b7fe3db..a5c06804ab 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -52,6 +52,7 @@ typedef enum xsm_default xsm_default_t; * !!! WARNING !!! */ struct xsm_ops { + void (*transition_running)(void); void (*security_domaininfo)(struct domain *d, struct xen_domctl_getdomaininfo *info); int (*domain_create)(struct domain *d, uint32_t ssidref); @@ -208,6 +209,11 @@ extern struct xsm_ops xsm_ops; =20 #ifndef XSM_NO_WRAPPERS =20 +static inline void xsm_transition_running(void) +{ + alternative_vcall(xsm_ops.transition_running); +} + static inline void xsm_security_domaininfo( struct domain *d, struct xen_domctl_getdomaininfo *info) { diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 8c044ef615..66f26c6909 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -14,6 +14,7 @@ #include =20 static const struct xsm_ops __initconst_cf_clobber dummy_ops =3D { + .transition_running =3D xsm_transition_running, .security_domaininfo =3D xsm_security_domaininfo, .domain_create =3D xsm_domain_create, .getdomaininfo =3D xsm_getdomaininfo, diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 0bf63ffa84..decebc8231 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -186,6 +186,20 @@ static int cf_check flask_domain_alloc_security(struct= domain *d) return 0; } =20 +static void cf_check flask_transition_running(void) +{ + struct domain *d =3D current->domain; + + if ( d->domain_id !=3D DOMID_IDLE ) + panic("xsm_transition_running should only be called by idle domain= \n"); + + /* + * While is_privileged has no significant meaning under flask, + * set to false for the consistency check(s) in the setup code. + */ + d->is_privileged =3D false; +} + static void cf_check flask_domain_free_security(struct domain *d) { struct domain_security_struct *dsec =3D d->ssid; @@ -1766,6 +1780,7 @@ static int cf_check flask_argo_send( #endif =20 static const struct xsm_ops __initconst_cf_clobber flask_ops =3D { + .transition_running =3D flask_transition_running, .security_domaininfo =3D flask_security_domaininfo, .domain_create =3D flask_domain_create, .getdomaininfo =3D flask_getdomaininfo, --=20 2.20.1 From nobody Fri May 17 03:12:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) ARC-Seal: i=2; a=rsa-sha256; t=1650493780; cv=pass; d=zohomail.com; s=zohoarc; b=n/LrrW9nAq3iQJ5QOZwQniNkKOQBQIFeqDSABqSb2WWsEQEo+zMV2JMx56+7XYddLjNjlIZR2Ltxf81+hdWwpElGNQXSaOw4hrmTNF6b47aLsf/OkiaFoGMT+hgSPtM2Vo0Z1B/RRFcmElMpcDfEbY6vPR2odbW47iaP+anF2DA= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1650493780; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=rHJBVfL0hECCWnf5o+DbpSbD0YLUZ/xJtca9sdXcG1M=; b=gv7suzzIwvz5nDFUQQZdJ4Ha3GTuS2i6x7W0zfrfsKCwzjFMIXSKSTQrDm7gpLmCBTmfTt672pUpMBWNxz+V1wxtHNvKPYGhh6tK8rKsoIJO4XVf6DIoEm8UTLPtXJNvUr7SKMnsCbT5OuKfBVC0gjvOmFZqDIc43NEr+eKjNqk= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1650493780775758.7035891045706; Wed, 20 Apr 2022 15:29:40 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.309634.526024 (Exim 4.92) (envelope-from ) id 1nhIp4-0004yj-Kx; Wed, 20 Apr 2022 22:29:18 +0000 Received: by outflank-mailman (output) from mailman id 309634.526024; Wed, 20 Apr 2022 22:29:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhIp4-0004ya-I3; Wed, 20 Apr 2022 22:29:18 +0000 Received: by outflank-mailman (input) for mailman id 309634; Wed, 20 Apr 2022 22:29:17 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhIp2-00048L-Ue for xen-devel@lists.xenproject.org; Wed, 20 Apr 2022 22:29:17 +0000 Received: from sender4-of-o51.zoho.com (sender4-of-o51.zoho.com [136.143.188.51]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 4ef91ce3-c0f9-11ec-8fbf-03012f2f19d4; Thu, 21 Apr 2022 00:29:16 +0200 (CEST) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1650493728447691.6530014584494; Wed, 20 Apr 2022 15:28:48 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 4ef91ce3-c0f9-11ec-8fbf-03012f2f19d4 ARC-Seal: i=1; a=rsa-sha256; t=1650493730; cv=none; d=zohomail.com; s=zohoarc; b=iuJcKq+ndj+QWhAzGfa0ETYdjBS9od22RVIYMRfUNU6z7UgC3FyBj/5xHaDoKyYsdZqD6MjRvkBUcAyvVVHDG1sFJ8l5WFcyEoPb7GzEvMjA9GCxcOHiiJSrOqyxuR+f543abUHowW+Gb+ckXZd4uY/MCJMHnfOCpM/owKnXbcs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1650493730; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=rHJBVfL0hECCWnf5o+DbpSbD0YLUZ/xJtca9sdXcG1M=; b=ayMfG5enGgHrnHUImdpGE3OWHYaY+CIcxc5/9xTaROf4CxL0SW2n6eo50JTnBdvIvCqRrmduftJxkdcdj0Dg/GckZfXlPCTnpB9Z4Mib6xaobXpbmTqpvPMB7sNAX+3QNK3sYuokzs/83zZbjSa4BZSdyweGRDpeNo2oN0bWISs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1650493730; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=rHJBVfL0hECCWnf5o+DbpSbD0YLUZ/xJtca9sdXcG1M=; b=cyMGCfOI44D3Oq1w3qCwhizqk5EvQoYfs2gXXQPCaLNo0V0TNImBngfQiyEJT/nT stxektkc0Jd3odpcFFUlYARGhNKVY079sLO66pX+cL0Ak2zQk3C9tCC3MRIXhiHjpd8 7D6MstwnCwUlZ3E/uYazpIDhQunJgECmVaHc3ycg= From: "Daniel P. Smith" To: xen-devel@lists.xenproject.org, "Daniel P. Smith" Cc: scott.davis@starlab.io, jandryuk@gmail.com, Daniel De Graaf , Wei Liu , Anthony PERARD Subject: [PATCH v2 2/2] flask: implement xsm_transtion_running Date: Wed, 20 Apr 2022 18:28:34 -0400 Message-Id: <20220420222834.5478-3-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20220420222834.5478-1-dpsmith@apertussolutions.com> References: <20220420222834.5478-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-ZohoMail-DKIM: pass (identity dpsmith@apertussolutions.com) X-ZM-MESSAGEID: 1650493781950100001 Content-Type: text/plain; charset="utf-8" This commit implements full support for starting the idle domain privileged= by introducing a new flask label xenboot_t which the idle domain is labeled wi= th at creation. It then provides the implementation for the XSM hook xsm_transition_running to relabel the idle domain to the existing xen_t fla= sk label. In the reference flask policy a new macro, xen_build_domain(target), is introduced for creating policies for dom0less/hyperlaunch allowing the hypervisor to create and assign the necessary resources for domain construction. Signed-off-by: Daniel P. Smith --- tools/flask/policy/modules/xen.if | 6 ++++++ tools/flask/policy/modules/xen.te | 1 + tools/flask/policy/policy/initial_sids | 1 + xen/xsm/flask/hooks.c | 7 ++++++- xen/xsm/flask/policy/initial_sids | 1 + 5 files changed, 15 insertions(+), 1 deletion(-) diff --git a/tools/flask/policy/modules/xen.if b/tools/flask/policy/modules= /xen.if index 5e2aa472b6..4ec676fff1 100644 --- a/tools/flask/policy/modules/xen.if +++ b/tools/flask/policy/modules/xen.if @@ -62,6 +62,12 @@ define(`create_domain_common', ` setparam altp2mhvm altp2mhvm_op dm }; ') =20 +# xen_build_domain(target) +# Allow a domain to be created at boot by the hypervisor +define(`xen_build_domain', ` + allow xenboot_t $1_channel:event create; +') + # create_domain(priv, target) # Allow a domain to be created directly define(`create_domain', ` diff --git a/tools/flask/policy/modules/xen.te b/tools/flask/policy/modules= /xen.te index 3dbf93d2b8..de98206fdd 100644 --- a/tools/flask/policy/modules/xen.te +++ b/tools/flask/policy/modules/xen.te @@ -24,6 +24,7 @@ attribute mls_priv; ##########################################################################= ###### =20 # The hypervisor itself +type xenboot_t, xen_type, mls_priv; type xen_t, xen_type, mls_priv; =20 # Domain 0 diff --git a/tools/flask/policy/policy/initial_sids b/tools/flask/policy/po= licy/initial_sids index 6b7b7eff21..ec729d3ba3 100644 --- a/tools/flask/policy/policy/initial_sids +++ b/tools/flask/policy/policy/initial_sids @@ -2,6 +2,7 @@ # objects created before the policy is loaded or for objects that do not h= ave a # label defined in some other manner. =20 +sid xenboot gen_context(system_u:system_r:xenboot_t,s0) sid xen gen_context(system_u:system_r:xen_t,s0) sid dom0 gen_context(system_u:system_r:dom0_t,s0) sid domxen gen_context(system_u:system_r:domxen_t,s0) diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index decebc8231..0643654aba 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -168,7 +168,7 @@ static int cf_check flask_domain_alloc_security(struct = domain *d) switch ( d->domain_id ) { case DOMID_IDLE: - dsec->sid =3D SECINITSID_XEN; + dsec->sid =3D SECINITSID_XENBOOT; break; case DOMID_XEN: dsec->sid =3D SECINITSID_DOMXEN; @@ -188,6 +188,7 @@ static int cf_check flask_domain_alloc_security(struct = domain *d) =20 static void cf_check flask_transition_running(void) { + struct domain_security_struct *dsec; struct domain *d =3D current->domain; =20 if ( d->domain_id !=3D DOMID_IDLE ) @@ -198,6 +199,10 @@ static void cf_check flask_transition_running(void) * set to false for the consistency check(s) in the setup code. */ d->is_privileged =3D false; + + dsec =3D d->ssid; + dsec->sid =3D SECINITSID_XEN; + dsec->self_sid =3D dsec->sid; } =20 static void cf_check flask_domain_free_security(struct domain *d) diff --git a/xen/xsm/flask/policy/initial_sids b/xen/xsm/flask/policy/initi= al_sids index 7eca70d339..e8b55b8368 100644 --- a/xen/xsm/flask/policy/initial_sids +++ b/xen/xsm/flask/policy/initial_sids @@ -3,6 +3,7 @@ # # Define initial security identifiers=20 # +sid xenboot sid xen sid dom0 sid domio --=20 2.20.1