[v8] Adds starting the idle domain privileged

[PATCH v8 0/2] Adds starting the idle domain privileged

Posted by Daniel P. Smith 1 year, 11 months ago

This series makes it so that the idle domain is started privileged under the
default policy, which the SILO policy inherits, and under the flask policy. It
then introduces a new one-way XSM hook, xsm_transition_running, that is hooked
by an XSM policy to transition the idle domain to its running privilege level.

Changes in v8:
- adjusted panic messages in arm and x86 setup.c to be less than 80cols
- fixed comment line that went over 80col
- added line in patch #1 commit message to clarify the need is for domain
  creation

Changes in v7:
- adjusted error message in default and flask xsm_set_system_active hooks
- merged panic messages in arm and x86 setup.c to a single line

Changes in v6:
- readded the setting of is_privileged in flask_set_system_active()
- clarified comment on is_privileged in flask_set_system_active()
- added ASSERT on is_privileged and self_sid in flask_set_system_active()
- fixed err code returned on Arm for xsm_set_system_active() panic message

Changes in v5:
- dropped setting is_privileged in flask_set_system_active()
- added err code returned by xsm_set_system_active() to panic message

Changes in v4:
- reworded patch 1 commit messaged
- fixed whitespace to coding style
- fixed comment to coding style

Changes in v3:
- renamed *_transition_running() to *_set_system_active()
- changed the XSM hook set_system_active() from void to int return
- added ASSERT check for the expected privilege level each XSM policy expected
- replaced a check against is_privileged in each arch with checking the return
  value from the call to xsm_set_system_active()

Changes in v2:
- renamed flask_domain_runtime_security() to flask_transition_running()
- added the missed assignment of self_sid

Daniel P. Smith (2):
  xsm: create idle domain privileged and demote after setup
  flask: implement xsm_set_system_active

 tools/flask/policy/modules/xen.if      |  6 +++++
 tools/flask/policy/modules/xen.te      |  1 +
 tools/flask/policy/policy/initial_sids |  1 +
 xen/arch/arm/setup.c                   |  3 +++
 xen/arch/x86/setup.c                   |  4 ++++
 xen/common/sched/core.c                |  7 +++++-
 xen/include/xsm/dummy.h                | 17 ++++++++++++++
 xen/include/xsm/xsm.h                  |  6 +++++
 xen/xsm/dummy.c                        |  1 +
 xen/xsm/flask/hooks.c                  | 32 +++++++++++++++++++++++++-
 xen/xsm/flask/policy/initial_sids      |  1 +
 11 files changed, 77 insertions(+), 2 deletions(-)

-- 
2.20.1

RE: [PATCH v8 0/2] Adds starting the idle domain privileged

Posted by Henry Wang 1 year, 10 months ago

Hi,

It seems that this series is stale for a while with author's action needed for
Patch#1 [1] (and probably also need ack from flask maintainer for [2]). So this email
is a gentle reminder about this series. Thanks!

[1] https://patchwork.kernel.org/project/xen-devel/patch/20220531145646.10062-2-dpsmith@apertussolutions.com/
[2] https://patchwork.kernel.org/project/xen-devel/patch/20220531145646.10062-3-dpsmith@apertussolutions.com/

Kind regards,
Henry

> -----Original Message-----
> From: Xen-devel <xen-devel-bounces@lists.xenproject.org> On Behalf Of
> Daniel P. Smith
> Subject: [PATCH v8 0/2] Adds starting the idle domain privileged
> 
> This series makes it so that the idle domain is started privileged under the
> default policy, which the SILO policy inherits, and under the flask policy. It
> then introduces a new one-way XSM hook, xsm_transition_running, that is
> hooked
> by an XSM policy to transition the idle domain to its running privilege level.
> 
> Changes in v8:
> - adjusted panic messages in arm and x86 setup.c to be less than 80cols
> - fixed comment line that went over 80col
> - added line in patch #1 commit message to clarify the need is for domain
>   creation
> 
> Changes in v7:
> - adjusted error message in default and flask xsm_set_system_active hooks
> - merged panic messages in arm and x86 setup.c to a single line
> 
> Changes in v6:
> - readded the setting of is_privileged in flask_set_system_active()
> - clarified comment on is_privileged in flask_set_system_active()
> - added ASSERT on is_privileged and self_sid in flask_set_system_active()
> - fixed err code returned on Arm for xsm_set_system_active() panic
> message
> 
> Changes in v5:
> - dropped setting is_privileged in flask_set_system_active()
> - added err code returned by xsm_set_system_active() to panic message
> 
> Changes in v4:
> - reworded patch 1 commit messaged
> - fixed whitespace to coding style
> - fixed comment to coding style
> 
> Changes in v3:
> - renamed *_transition_running() to *_set_system_active()
> - changed the XSM hook set_system_active() from void to int return
> - added ASSERT check for the expected privilege level each XSM policy
> expected
> - replaced a check against is_privileged in each arch with checking the
> return
>   value from the call to xsm_set_system_active()
> 
> Changes in v2:
> - renamed flask_domain_runtime_security() to flask_transition_running()
> - added the missed assignment of self_sid
> 
> Daniel P. Smith (2):
>   xsm: create idle domain privileged and demote after setup
>   flask: implement xsm_set_system_active
> 
>  tools/flask/policy/modules/xen.if      |  6 +++++
>  tools/flask/policy/modules/xen.te      |  1 +
>  tools/flask/policy/policy/initial_sids |  1 +
>  xen/arch/arm/setup.c                   |  3 +++
>  xen/arch/x86/setup.c                   |  4 ++++
>  xen/common/sched/core.c                |  7 +++++-
>  xen/include/xsm/dummy.h                | 17 ++++++++++++++
>  xen/include/xsm/xsm.h                  |  6 +++++
>  xen/xsm/dummy.c                        |  1 +
>  xen/xsm/flask/hooks.c                  | 32 +++++++++++++++++++++++++-
>  xen/xsm/flask/policy/initial_sids      |  1 +
>  11 files changed, 77 insertions(+), 2 deletions(-)
> 
> --
> 2.20.1
>