|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 1/2] xen/xsm: Introduce new boot parameter xsm
Introduce new boot parameter xsm to choose which xsm module is enabled,
and set default to dummy.
Signed-off-by: Xin Li <xin.li@xxxxxxxxxx>
---
CC: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
CC: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
CC: Stefano Stabellini <sstabellini@xxxxxxxxxx>
CC: Tim Deegan <tim@xxxxxxx>
CC: Wei Liu <wei.liu2@xxxxxxxxxx>
CC: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>
CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CC: Ming Lu <ming.lu@xxxxxxxxxx>
v2
To further discuss:
1) is "dummy" a good command line option?
other choices: basic", "trivial", or "simple"
---
docs/misc/xen-command-line.markdown | 13 ++++++++++
xen/xsm/xsm_core.c | 39 ++++++++++++++++++++++++++++-
2 files changed, 51 insertions(+), 1 deletion(-)
diff --git a/docs/misc/xen-command-line.markdown
b/docs/misc/xen-command-line.markdown
index 075e5ea159..7ca34aa273 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -865,6 +865,19 @@ hardware domain is architecture dependent.
Note that specifying zero as domU value means zero, while for dom0 it means
to use the default.
+### xsm
+> `= dummy | flask`
+
+> Default: `dummy`
+
+Specify which XSM module should be enabled. This option is only available if
+the hypervisor was compiled with XSM support.
+
+* `dummy`: this is the default choice. No special restriction will be applied.
+ it's also used when XSM is compiled out.
+* `flask`: this is the policy based access control. To choose this, the
+ separated option in kconfig must also be enabled.
+
### flask
> `= permissive | enforcing | late | disabled`
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index cddcf7aa51..d4668edad7 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -31,6 +31,30 @@
struct xsm_operations *xsm_ops;
+enum xsm_bootparam {
+ XSM_BOOTPARAM_DUMMY,
+ XSM_BOOTPARAM_FLASK,
+};
+
+static enum xsm_bootparam __initdata xsm_bootparam = XSM_BOOTPARAM_DUMMY;
+static int __init parse_xsm_param(const char *s)
+{
+ int rc = 0;
+
+ if ( !strcmp(s, "dummy") )
+ xsm_bootparam = XSM_BOOTPARAM_DUMMY;
+#ifdef CONFIG_XSM_FLASK
+ else if ( !strcmp(s, "flask") )
+ xsm_bootparam = XSM_BOOTPARAM_FLASK;
+#endif
+ else
+ rc = -EINVAL;
+
+ return rc;
+}
+
+custom_param("xsm", parse_xsm_param);
+
static inline int verify(struct xsm_operations *ops)
{
/* verify the security_operations structure exists */
@@ -57,7 +81,20 @@ static int __init xsm_core_init(const void *policy_buffer,
size_t policy_size)
}
xsm_ops = &dummy_xsm_ops;
- flask_init(policy_buffer, policy_size);
+
+ switch ( xsm_bootparam )
+ {
+ case XSM_BOOTPARAM_DUMMY:
+ break;
+
+ case XSM_BOOTPARAM_FLASK:
+ flask_init(policy_buffer, policy_size);
+ break;
+
+ default:
+ printk("XSM: Invalid value for xsm= boot parameter.\n");
+ break;
+ }
return 0;
}
--
2.18.0
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |