|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] acm: Modify the default ACM boot policy so that unlabeled domains can always start
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1207310368 -3600
# Node ID e52bf1822059b49f7b9809bda818e45f218fc8d6
# Parent 57febe0264e1472796319e1135873ab5d6bdad4d
acm: Modify the default ACM boot policy so that unlabeled domains can always
start
I am modifying the xen- and xend-internal default policy so that
unlabeled domains can always start. A more restrictive security policy
can then be set on top of that policy.
Signed-off-by: Stefan Beger <stefanb@xxxxxxxxxx>
---
tools/python/xen/util/acmpolicy.py | 26 +++++++++++++++++++++---
tools/security/Makefile | 2 -
xen/xsm/acm/acm_chinesewall_hooks.c | 8 +++++--
xen/xsm/acm/acm_simple_type_enforcement_hooks.c | 12 ++++++++---
4 files changed, 39 insertions(+), 9 deletions(-)
diff -r 57febe0264e1 -r e52bf1822059 tools/python/xen/util/acmpolicy.py
--- a/tools/python/xen/util/acmpolicy.py Fri Apr 04 10:48:01 2008 +0100
+++ b/tools/python/xen/util/acmpolicy.py Fri Apr 04 12:59:28 2008 +0100
@@ -76,6 +76,7 @@ DEFAULT_policy = \
" <SimpleTypeEnforcement>\n" +\
" <SimpleTypeEnforcementTypes>\n" +\
" <Type>SystemManagement</Type>\n" +\
+" <Type>__UNLABELED__</Type>\n" +\
" </SimpleTypeEnforcementTypes>\n" +\
" </SimpleTypeEnforcement>\n" +\
" <ChineseWall>\n" +\
@@ -89,12 +90,30 @@ DEFAULT_policy = \
" <Name%s>SystemManagement</Name>\n" +\
" <SimpleTypeEnforcementTypes>\n" +\
" <Type>SystemManagement</Type>\n" +\
+" <Type>__UNLABELED__</Type>\n" +\
+" </SimpleTypeEnforcementTypes>\n" +\
+" <ChineseWallTypes>\n" +\
+" <Type/>\n" +\
+" </ChineseWallTypes>\n" +\
+" </VirtualMachineLabel>\n" +\
+" <VirtualMachineLabel>\n" +\
+" <Name>__UNLABELED__</Name>\n" +\
+" <SimpleTypeEnforcementTypes>\n" +\
+" <Type>__UNLABELED__</Type>\n" +\
" </SimpleTypeEnforcementTypes>\n" +\
" <ChineseWallTypes>\n" +\
" <Type/>\n" +\
" </ChineseWallTypes>\n" +\
" </VirtualMachineLabel>\n" +\
" </SubjectLabels>\n" +\
+" <ObjectLabels>\n" +\
+" <ResourceLabel>\n" +\
+" <Name>__UNLABELED__</Name>\n" +\
+" <SimpleTypeEnforcementTypes>\n" +\
+" <Type>__UNLABELED__</Type>\n" +\
+" </SimpleTypeEnforcementTypes>\n" +\
+" </ResourceLabel>\n" +\
+" </ObjectLabels>\n" +\
" </SecurityLabelTemplate>\n" +\
"</SecurityPolicyDefinition>\n"
@@ -231,13 +250,14 @@ class ACMPolicy(XSPolicy):
"""
Determine whether this is the default policy
"""
- default = ['SystemManagement']
+ default = ['SystemManagement', ACM_LABEL_UNLABELED ]
if self.policy_get_virtualmachinelabel_names() == default and \
self.policy_get_bootstrap_vmlabel() == default[0] and \
self.policy_get_stetypes_types() == default and \
self.policy_get_stes_of_vmlabel(default[0]) == default and \
- self.policy_get_resourcelabel_names() == [] and \
- self.policy_get_chwall_types() == default and \
+ self.policy_get_stes_of_vmlabel(default[1]) == [default[1]] and \
+ self.policy_get_resourcelabel_names() == [default[1]] and \
+ self.policy_get_chwall_types() == [ default[0] ] and \
self.get_name() == "DEFAULT":
return True
return False
diff -r 57febe0264e1 -r e52bf1822059 tools/security/Makefile
--- a/tools/security/Makefile Fri Apr 04 10:48:01 2008 +0100
+++ b/tools/security/Makefile Fri Apr 04 12:59:28 2008 +0100
@@ -32,7 +32,7 @@ ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR
ACM_SCHEMA = security_policy.xsd
ACM_EXAMPLES = client_v1 test
-ACM_DEF_POLICIES = DEFAULT-UL
+ACM_DEF_POLICIES =
ACM_POLICY_SUFFIX = security_policy.xml
ifeq ($(ACM_SECURITY),y)
diff -r 57febe0264e1 -r e52bf1822059 xen/xsm/acm/acm_chinesewall_hooks.c
--- a/xen/xsm/acm/acm_chinesewall_hooks.c Fri Apr 04 10:48:01 2008 +0100
+++ b/xen/xsm/acm/acm_chinesewall_hooks.c Fri Apr 04 12:59:28 2008 +0100
@@ -637,8 +637,12 @@ static void chwall_domain_destroy(void *
static int chwall_is_default_policy(void)
{
- return ( (chwall_bin_pol.max_types == 1 ) &&
- (chwall_bin_pol.max_ssidrefs == 2 ) );
+ static const domaintype_t def_policy[2] = { 0x0, 0x0 };
+ return ( ( chwall_bin_pol.max_types == 1 ) &&
+ ( chwall_bin_pol.max_ssidrefs == 2 ) &&
+ ( memcmp(chwall_bin_pol.ssidrefs,
+ def_policy,
+ sizeof(def_policy)) == 0 ) );
}
diff -r 57febe0264e1 -r e52bf1822059
xen/xsm/acm/acm_simple_type_enforcement_hooks.c
--- a/xen/xsm/acm/acm_simple_type_enforcement_hooks.c Fri Apr 04 10:48:01
2008 +0100
+++ b/xen/xsm/acm/acm_simple_type_enforcement_hooks.c Fri Apr 04 12:59:28
2008 +0100
@@ -108,7 +108,7 @@ int acm_init_ste_policy(void)
int acm_init_ste_policy(void)
{
/* minimal startup policy; policy write-locked already */
- ste_bin_pol.max_types = 1;
+ ste_bin_pol.max_types = 2;
ste_bin_pol.max_ssidrefs = 1 + dom0_ste_ssidref;
ste_bin_pol.ssidrefs =
(domaintype_t *)xmalloc_array(domaintype_t,
@@ -123,7 +123,9 @@ int acm_init_ste_policy(void)
ste_bin_pol.max_ssidrefs);
/* initialize state so that dom0 can start up and communicate with itself
*/
+ ste_bin_pol.ssidrefs[ste_bin_pol.max_types - 1 ] = 1;
ste_bin_pol.ssidrefs[ste_bin_pol.max_types * dom0_ste_ssidref] = 1;
+ ste_bin_pol.ssidrefs[ste_bin_pol.max_types * dom0_ste_ssidref + 1] = 1;
/* init stats */
atomic_set(&(ste_bin_pol.ec_eval_count), 0);
@@ -868,8 +870,12 @@ static int
static int
ste_is_default_policy(void)
{
- return ((ste_bin_pol.max_types == 1) &&
- (ste_bin_pol.max_ssidrefs == 2));
+ const static domaintype_t def_policy[4] = { 0x0, 0x1, 0x1, 0x1};
+ return ((ste_bin_pol.max_types == 2) &&
+ (ste_bin_pol.max_ssidrefs == 2) &&
+ (memcmp(ste_bin_pol.ssidrefs,
+ def_policy,
+ sizeof(def_policy)) == 0));
}
/* now define the hook structure similarly to LSM */
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |