This series makes it so that the idle domain is started privileged under the
default policy, which the SILO policy inherits, and under the flask policy. It
then introduces a new one-way XSM hook, xsm_transition_running, that is hooked
by an XSM policy to transition the idle domain to its running privilege level.
Changes in v6:
- readded the setting of is_privileged in flask_set_system_active()
- clarified comment on is_privileged in flask_set_system_active()
- added ASSERT on is_privileged and self_sid in flask_set_system_active()
- fixed err code returned on Arm for xsm_set_system_active() panic message
Changes in v5:
- dropped setting is_privileged in flask_set_system_active()
- added err code returned by xsm_set_system_active() to panic message
Changes in v4:
- reworded patch 1 commit messaged
- fixed whitespace to coding style
- fixed comment to coding style
Changes in v3:
- renamed *_transition_running() to *_set_system_active()
- changed the XSM hook set_system_active() from void to int return
- added ASSERT check for the expected privilege level each XSM policy expected
- replaced a check against is_privileged in each arch with checking the return
value from the call to xsm_set_system_active()
Changes in v2:
- renamed flask_domain_runtime_security() to flask_transition_running()
- added the missed assignment of self_sid
Daniel P. Smith (2):
xsm: create idle domain privileged and demote after setup
flask: implement xsm_set_system_active
tools/flask/policy/modules/xen.if | 6 +++++
tools/flask/policy/modules/xen.te | 1 +
tools/flask/policy/policy/initial_sids | 1 +
xen/arch/arm/setup.c | 4 ++++
xen/arch/x86/setup.c | 5 ++++
xen/common/sched/core.c | 7 +++++-
xen/include/xsm/dummy.h | 17 ++++++++++++++
xen/include/xsm/xsm.h | 6 +++++
xen/xsm/dummy.c | 1 +
xen/xsm/flask/hooks.c | 32 +++++++++++++++++++++++++-
xen/xsm/flask/policy/initial_sids | 1 +
11 files changed, 79 insertions(+), 2 deletions(-)
--
2.20.1