xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: xen-devel@lists.xen.org
Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: [PATCH 07/15] flask: unify {get, set}vcpucontext permissions
Date: Thu,  9 Jun 2016 10:47:10 -0400	[thread overview]
Message-ID: <1465483638-9489-8-git-send-email-dgdegra@tycho.nsa.gov> (raw)
In-Reply-To: <1465483638-9489-1-git-send-email-dgdegra@tycho.nsa.gov>

These permissions were initially split because they were in separate
domctls, but this split is very unlikely to actually provide security
benefits: it would require a carefully contrived situation for a domain
to both need access to one type of CPU register and also need to be
prohibited from accessing another type.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
 tools/flask/policy/modules/dom0.te  |  1 -
 tools/flask/policy/modules/xen.if   |  7 +++----
 xen/xsm/flask/hooks.c               | 20 ++++++--------------
 xen/xsm/flask/policy/access_vectors | 16 ++++++----------
 4 files changed, 15 insertions(+), 29 deletions(-)

diff --git a/tools/flask/policy/modules/dom0.te b/tools/flask/policy/modules/dom0.te
index ef6a986..d228b24 100644
--- a/tools/flask/policy/modules/dom0.te
+++ b/tools/flask/policy/modules/dom0.te
@@ -34,7 +34,6 @@ allow dom0_t dom0_t:domain {
 	setvcpucontext max_vcpus setaffinity getaffinity getscheduler
 	getdomaininfo getvcpuinfo getvcpucontext setdomainmaxmem setdomainhandle
 	setdebugging hypercall settime setaddrsize getaddrsize trigger
-	getextvcpucontext setextvcpucontext getvcpuextstate setvcpuextstate
 	getpodtarget setpodtarget set_misc_info set_virq_handler
 };
 allow dom0_t dom0_t:domain2 {
diff --git a/tools/flask/policy/modules/xen.if b/tools/flask/policy/modules/xen.if
index 00d1bbb..fd96303 100644
--- a/tools/flask/policy/modules/xen.if
+++ b/tools/flask/policy/modules/xen.if
@@ -47,9 +47,8 @@ define(`declare_build_label', `
 
 define(`create_domain_common', `
 	allow $1 $2:domain { create max_vcpus setdomainmaxmem setaddrsize
-			getdomaininfo hypercall setvcpucontext setextvcpucontext
-			getscheduler getvcpuinfo getvcpuextstate getaddrsize
-			getaffinity setaffinity setvcpuextstate };
+			getdomaininfo hypercall setvcpucontext getscheduler
+			getvcpuinfo getaddrsize getaffinity setaffinity };
 	allow $1 $2:domain2 { set_cpuid settsc setscheduler setclaim
 			set_max_evtchn set_vnumainfo get_vnumainfo cacheflush
 			psr_cmt_op psr_cat_op soft_reset };
@@ -94,7 +93,7 @@ define(`migrate_domain_out', `
 	allow $1 domxen_t:mmu map_read;
 	allow $1 $2:hvm { gethvmc getparam irqlevel };
 	allow $1 $2:mmu { stat pageinfo map_read };
-	allow $1 $2:domain { getaddrsize getvcpucontext getextvcpucontext getvcpuextstate pause destroy };
+	allow $1 $2:domain { getaddrsize getvcpucontext pause destroy };
 	allow $1 $2:domain2 gettsc;
 	allow $1 $2:shadow { enable disable logdirty };
 ')
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 20d46c8..a8d45e7 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -630,10 +630,16 @@ static int flask_domctl(struct domain *d, int cmd)
     case XEN_DOMCTL_setdomainhandle:
         return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDOMAINHANDLE);
 
+    case XEN_DOMCTL_set_ext_vcpucontext:
+    case XEN_DOMCTL_set_vcpu_msrs:
     case XEN_DOMCTL_setvcpucontext:
+    case XEN_DOMCTL_setvcpuextstate:
         return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETVCPUCONTEXT);
 
+    case XEN_DOMCTL_get_ext_vcpucontext:
+    case XEN_DOMCTL_get_vcpu_msrs:
     case XEN_DOMCTL_getvcpucontext:
+    case XEN_DOMCTL_getvcpuextstate:
         return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUCONTEXT);
 
     case XEN_DOMCTL_getvcpuinfo:
@@ -675,20 +681,6 @@ static int flask_domctl(struct domain *d, int cmd)
     case XEN_DOMCTL_pin_mem_cacheattr:
         return current_has_perm(d, SECCLASS_HVM, HVM__CACHEATTR);
 
-    case XEN_DOMCTL_set_ext_vcpucontext:
-    case XEN_DOMCTL_set_vcpu_msrs:
-        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETEXTVCPUCONTEXT);
-
-    case XEN_DOMCTL_get_ext_vcpucontext:
-    case XEN_DOMCTL_get_vcpu_msrs:
-        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETEXTVCPUCONTEXT);
-
-    case XEN_DOMCTL_setvcpuextstate:
-        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETVCPUEXTSTATE);
-
-    case XEN_DOMCTL_getvcpuextstate:
-        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUEXTSTATE);
-
     case XEN_DOMCTL_sendtrigger:
         return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__TRIGGER);
 
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
index 3d29042..7e69ede 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -111,6 +111,9 @@ class xen2
 class domain
 {
 # XEN_DOMCTL_setvcpucontext
+# XEN_DOMCTL_setvcpuextstate
+# XEN_DOMCTL_set_ext_vcpucontext
+# XEN_DOMCTL_set_vcpu_msrs
     setvcpucontext
 # XEN_DOMCTL_pausedomain
     pause
@@ -142,6 +145,9 @@ class domain
 # XEN_DOMCTL_getvcpuinfo
     getvcpuinfo
 # XEN_DOMCTL_getvcpucontext
+# XEN_DOMCTL_get_ext_vcpucontext
+# XEN_DOMCTL_getvcpuextstate
+# XEN_DOMCTL_get_vcpu_msrs
     getvcpucontext
 # XEN_DOMCTL_max_mem
     setdomainmaxmem
@@ -166,16 +172,6 @@ class domain
     getaddrsize
 # XEN_DOMCTL_sendtrigger
     trigger
-# XEN_DOMCTL_get_ext_vcpucontext
-# XEN_DOMCTL_set_vcpu_msrs
-    getextvcpucontext
-# XEN_DOMCTL_set_ext_vcpucontext
-# XEN_DOMCTL_get_vcpu_msrs
-    setextvcpucontext
-# XEN_DOMCTL_getvcpuextstate
-    getvcpuextstate
-# XEN_DOMCTL_setvcpuextstate
-    setvcpuextstate
 # XENMEM_get_pod_target
     getpodtarget
 # XENMEM_set_pod_target
-- 
2.5.5


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

  parent reply	other threads:[~2016-06-09 14:47 UTC|newest]

Thread overview: 63+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-09 14:47 [PATCH 00/15] XSM/FLASK updates for 4.8 Daniel De Graaf
2016-06-09 14:47 ` [PATCH 01/15] flask/policy: split into modules Daniel De Graaf
2016-06-14 18:55   ` Konrad Rzeszutek Wilk
2016-06-20  5:15   ` Doug Goldstein
2016-06-09 14:47 ` [PATCH 02/15] flask/policy: split out rules for system_r Daniel De Graaf
2016-06-14 19:08   ` Konrad Rzeszutek Wilk
2016-06-20  5:21   ` Doug Goldstein
2016-06-09 14:47 ` [PATCH 03/15] flask/policy: move user definitions and constraints into modules Daniel De Graaf
2016-06-17 15:28   ` Konrad Rzeszutek Wilk
2016-06-17 16:49     ` Daniel De Graaf
2016-06-20  5:22   ` Doug Goldstein
2016-06-09 14:47 ` [PATCH 04/15] flask/policy: remove unused support for binary modules Daniel De Graaf
2016-06-20  5:22   ` Doug Goldstein
2016-06-09 14:47 ` [PATCH 05/15] flask/policy: xenstore stubdom policy Daniel De Graaf
2016-06-17 15:34   ` Konrad Rzeszutek Wilk
2016-06-20  5:22   ` Doug Goldstein
2016-06-09 14:47 ` [PATCH 06/15] flask/policy: remove unused example Daniel De Graaf
2016-06-17 15:34   ` Konrad Rzeszutek Wilk
2016-06-20  5:23   ` Doug Goldstein
2016-06-09 14:47 ` Daniel De Graaf [this message]
2016-06-17 15:37   ` [PATCH 07/15] flask: unify {get, set}vcpucontext permissions Konrad Rzeszutek Wilk
2016-06-09 14:47 ` [PATCH 08/15] flask: remove unused secondary context in ocontext Daniel De Graaf
2016-06-09 16:01   ` Jan Beulich
2016-06-09 16:38     ` Daniel De Graaf
2016-06-09 14:47 ` [PATCH 09/15] flask: remove unused AVC callback functions Daniel De Graaf
2016-06-09 14:47 ` [PATCH 10/15] flask: remove xen_flask_userlist operation Daniel De Graaf
2016-06-09 16:07   ` Jan Beulich
2016-06-09 16:43     ` Daniel De Graaf
2016-06-10  6:51       ` Jan Beulich
2016-06-10 13:08         ` Daniel De Graaf
2016-06-10 14:28           ` Jan Beulich
2016-06-09 14:47 ` [PATCH 11/15] flask: improve unknown permission handling Daniel De Graaf
2016-06-17 15:45   ` Konrad Rzeszutek Wilk
2016-06-17 17:02     ` Daniel De Graaf
2016-06-17 17:13       ` Konrad Rzeszutek Wilk
2016-06-17 17:20         ` Daniel De Graaf
2016-06-09 14:47 ` [PATCH 12/15] xen/xsm: remove .xsm_initcall.init section Daniel De Graaf
2016-06-09 15:14   ` Andrew Cooper
2016-06-09 16:11   ` Jan Beulich
2016-06-09 16:42     ` Daniel De Graaf
2016-06-17 15:50   ` Konrad Rzeszutek Wilk
2016-06-17 17:04     ` Daniel De Graaf
2016-06-17 17:14       ` Konrad Rzeszutek Wilk
2016-06-17 17:18         ` Daniel De Graaf
2016-06-17 17:21           ` Konrad Rzeszutek Wilk
2016-06-17 23:17             ` Daniel De Graaf
2016-06-09 14:47 ` [PATCH 13/15] xsm: annotate setup functions with __init Daniel De Graaf
2016-06-09 15:15   ` Andrew Cooper
2016-06-09 14:47 ` [PATCH 14/15] xsm: clean up unregistration Daniel De Graaf
2016-06-09 15:16   ` Andrew Cooper
2016-06-17 15:51   ` Konrad Rzeszutek Wilk
2016-06-09 14:47 ` [PATCH 15/15] xsm: add a default policy to .init.data Daniel De Graaf
2016-06-09 15:30   ` Andrew Cooper
2016-06-09 16:58     ` Daniel De Graaf
2016-06-10  7:15       ` Jan Beulich
2016-06-09 16:15   ` Jan Beulich
2016-06-09 16:53     ` Daniel De Graaf
2016-06-09 21:54       ` Doug Goldstein
2016-06-10 14:50         ` Daniel De Graaf
2016-06-10  6:53       ` Jan Beulich
2016-06-17 15:54   ` Konrad Rzeszutek Wilk
2016-06-17 16:00 ` [PATCH 00/15] XSM/FLASK updates for 4.8 Konrad Rzeszutek Wilk
2016-06-20  5:40 ` Doug Goldstein

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1465483638-9489-8-git-send-email-dgdegra@tycho.nsa.gov \
    --to=dgdegra@tycho.nsa.gov \
    --cc=xen-devel@lists.xen.org \
    --subject='Re: [PATCH 07/15] flask: unify {get, set}vcpucontext permissions' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
on how to clone and mirror all data and code used for this inbox