[Xen-changelog] [xen master] libxl: assign a default ssidref (XSM label) to guests

[patchbot@xxxxxxx]

commit b521422bd9c12719e6848c1be340df667ef41b52
Author:     Ian Campbell <ian.campbell@xxxxxxxxxx>
AuthorDate: Wed May 20 15:39:00 2015 +0100
Commit:     Ian Campbell <ian.campbell@xxxxxxxxxx>
CommitDate: Thu May 21 15:25:53 2015 +0100

    libxl: assign a default ssidref (XSM label) to guests
    
    We have now arranged for SECINITSID_DOMU and SECINITSID_DOMDM to be
    defined (correspondng to system_u:system_r:domU_t and
    system_u:system_r:dm_dom_t respectively in the default policy). Use
    these as the default for the SSID of every (stub)domain.
    
    Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
    Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
    Cc: Wei.Liu2@xxxxxxxxxx
    Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx>
    Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
 tools/libxl/libxl_create.c |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c
index 0a2359e..86384d2 100644
--- a/tools/libxl/libxl_create.c
+++ b/tools/libxl/libxl_create.c
@@ -25,6 +25,8 @@
 #include <xen/hvm/hvm_info_table.h>
 #include <xen/hvm/e820.h>
 
+#include <xen-xsm/flask/flask.h>
+
 int libxl__domain_create_info_setdefault(libxl__gc *gc,
                                          libxl_domain_create_info *c_info)
 {
@@ -42,6 +44,9 @@ int libxl__domain_create_info_setdefault(libxl__gc *gc,
     libxl_defbool_setdefault(&c_info->run_hotplug_scripts, true);
     libxl_defbool_setdefault(&c_info->driver_domain, false);
 
+    if (!c_info->ssidref)
+        c_info->ssidref = SECINITSID_DOMU;
+
     return 0;
 }
 
@@ -111,6 +116,10 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc,
 
     libxl_defbool_setdefault(&b_info->device_model_stubdomain, false);
 
+    if (libxl_defbool_val(b_info->device_model_stubdomain) &&
+        !b_info->device_model_ssidref)
+        b_info->device_model_ssidref = SECINITSID_DOMDM;
+
     if (!b_info->device_model_version) {
         if (b_info->type == LIBXL_DOMAIN_TYPE_HVM) {
             if (libxl_defbool_val(b_info->device_model_stubdomain)) {
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog