[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 09/18] xsm/flask: Add checks on the domain performing the set_target operation



The existing domain__set_target check only verifies that the source and
target domains can be associated. We also need to check that the
privileged domain making this association is allowed to do so.

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
 tools/flask/policy/policy/flask/access_vectors | 2 ++
 xen/xsm/flask/hooks.c                          | 7 +++++++
 xen/xsm/flask/include/av_perm_to_string.h      | 2 ++
 xen/xsm/flask/include/av_permissions.h         | 2 ++
 4 files changed, 13 insertions(+)

diff --git a/tools/flask/policy/policy/flask/access_vectors 
b/tools/flask/policy/policy/flask/access_vectors
index c7e29ab..11d02da 100644
--- a/tools/flask/policy/policy/flask/access_vectors
+++ b/tools/flask/policy/policy/flask/access_vectors
@@ -78,6 +78,8 @@ class domain2
        relabelfrom
        relabelto
        relabelself
+       make_priv_for
+       set_as_target
 }
 
 class hvm
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 5923710..f8aff14 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -637,6 +637,13 @@ static int flask_domain_settime(struct domain *d)
 
 static int flask_set_target(struct domain *d, struct domain *e)
 {
+    int rc;
+    rc = domain_has_perm(current->domain, d, SECCLASS_DOMAIN2, 
DOMAIN2__MAKE_PRIV_FOR);
+    if ( rc )
+        return rc;
+    rc = domain_has_perm(current->domain, e, SECCLASS_DOMAIN2, 
DOMAIN2__SET_AS_TARGET);
+    if ( rc )
+        return rc;
     return domain_has_perm(d, e, SECCLASS_DOMAIN, DOMAIN__SET_TARGET);
 }
 
diff --git a/xen/xsm/flask/include/av_perm_to_string.h 
b/xen/xsm/flask/include/av_perm_to_string.h
index e7e2058..10f8e80 100644
--- a/xen/xsm/flask/include/av_perm_to_string.h
+++ b/xen/xsm/flask/include/av_perm_to_string.h
@@ -64,6 +64,8 @@
    S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELFROM, "relabelfrom")
    S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELTO, "relabelto")
    S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELSELF, "relabelself")
+   S_(SECCLASS_DOMAIN2, DOMAIN2__MAKE_PRIV_FOR, "make_priv_for")
+   S_(SECCLASS_DOMAIN2, DOMAIN2__SET_AS_TARGET, "set_as_target")
    S_(SECCLASS_HVM, HVM__SETHVMC, "sethvmc")
    S_(SECCLASS_HVM, HVM__GETHVMC, "gethvmc")
    S_(SECCLASS_HVM, HVM__SETPARAM, "setparam")
diff --git a/xen/xsm/flask/include/av_permissions.h 
b/xen/xsm/flask/include/av_permissions.h
index cb1c5dc..f7cfee1 100644
--- a/xen/xsm/flask/include/av_permissions.h
+++ b/xen/xsm/flask/include/av_permissions.h
@@ -66,6 +66,8 @@
 #define DOMAIN2__RELABELFROM                      0x00000001UL
 #define DOMAIN2__RELABELTO                        0x00000002UL
 #define DOMAIN2__RELABELSELF                      0x00000004UL
+#define DOMAIN2__MAKE_PRIV_FOR                    0x00000008UL
+#define DOMAIN2__SET_AS_TARGET                    0x00000010UL
 
 #define HVM__SETHVMC                              0x00000001UL
 #define HVM__GETHVMC                              0x00000002UL
-- 
1.7.11.2


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.