Hi,
It seems that this series is stale for a while with author's action needed for
Patch#1 [1] (and probably also need ack from flask maintainer for [2]). So this email
is a gentle reminder about this series. Thanks!
[1] https://patchwork.kernel.org/project/xen-devel/patch/20220531145646.10062-2-dpsmith@apertussolutions.com/
[2] https://patchwork.kernel.org/project/xen-devel/patch/20220531145646.10062-3-dpsmith@apertussolutions.com/
Kind regards,
Henry
> -----Original Message-----
> From: Xen-devel <xen-devel-bounces@lists.xenproject.org> On Behalf Of
> Daniel P. Smith
> Subject: [PATCH v8 0/2] Adds starting the idle domain privileged
>
> This series makes it so that the idle domain is started privileged under the
> default policy, which the SILO policy inherits, and under the flask policy. It
> then introduces a new one-way XSM hook, xsm_transition_running, that is
> hooked
> by an XSM policy to transition the idle domain to its running privilege level.
>
> Changes in v8:
> - adjusted panic messages in arm and x86 setup.c to be less than 80cols
> - fixed comment line that went over 80col
> - added line in patch #1 commit message to clarify the need is for domain
> creation
>
> Changes in v7:
> - adjusted error message in default and flask xsm_set_system_active hooks
> - merged panic messages in arm and x86 setup.c to a single line
>
> Changes in v6:
> - readded the setting of is_privileged in flask_set_system_active()
> - clarified comment on is_privileged in flask_set_system_active()
> - added ASSERT on is_privileged and self_sid in flask_set_system_active()
> - fixed err code returned on Arm for xsm_set_system_active() panic
> message
>
> Changes in v5:
> - dropped setting is_privileged in flask_set_system_active()
> - added err code returned by xsm_set_system_active() to panic message
>
> Changes in v4:
> - reworded patch 1 commit messaged
> - fixed whitespace to coding style
> - fixed comment to coding style
>
> Changes in v3:
> - renamed *_transition_running() to *_set_system_active()
> - changed the XSM hook set_system_active() from void to int return
> - added ASSERT check for the expected privilege level each XSM policy
> expected
> - replaced a check against is_privileged in each arch with checking the
> return
> value from the call to xsm_set_system_active()
>
> Changes in v2:
> - renamed flask_domain_runtime_security() to flask_transition_running()
> - added the missed assignment of self_sid
>
> Daniel P. Smith (2):
> xsm: create idle domain privileged and demote after setup
> flask: implement xsm_set_system_active
>
> tools/flask/policy/modules/xen.if | 6 +++++
> tools/flask/policy/modules/xen.te | 1 +
> tools/flask/policy/policy/initial_sids | 1 +
> xen/arch/arm/setup.c | 3 +++
> xen/arch/x86/setup.c | 4 ++++
> xen/common/sched/core.c | 7 +++++-
> xen/include/xsm/dummy.h | 17 ++++++++++++++
> xen/include/xsm/xsm.h | 6 +++++
> xen/xsm/dummy.c | 1 +
> xen/xsm/flask/hooks.c | 32 +++++++++++++++++++++++++-
> xen/xsm/flask/policy/initial_sids | 1 +
> 11 files changed, 77 insertions(+), 2 deletions(-)
>
> --
> 2.20.1
>