# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1220523909 -3600
# Node ID 44f039c4aee498ef47103c94cc9e7b78575b0e85
# Parent 5b133625223ad0d95b80467535ff1384d6317f16
xsm: refactor IO hooks/sysctl hooks
- The patch refactors the IO resource checks into the rangeset add/del
code. This produces a much more architecture friendly implementation and
ensures that HVM and paravirtualized guests are checked consistently.
- The patch removes the following hooks in support of the refactoring
of the IO resource checks:
- xsm_irq_permission
- xsm_iomem_permission
- xsm_ioport_permission
- The patch adds the following hooks in support of the refactoring of
the IO resource checks:
- xsm_add_range
- xsm_remove_range
- These IO refactoring changes are transparent to any pre-existing
Flask policies.
- The patch adds also adds hooks for sysctl functionality that was
added since the last major XSM patch. The following hooks were added:
- xsm_set_target
- xsm_debug_keys
- xsm_getcpuinfo
- xsm_availheap
- xsm_firmware_info
- xsm_acpi_sleep
- xsm_change_freq
- xsm_getidletime
- xsm_sendtrigger
- xsm_test_assign_device
- xsm_assign_device
- xsm_deassign_device
- xsm_bind_pt_irq
- xsm_pin_mem_cacheattr
- xsm_ext_vcpucontext
Signed-off-by: George Coker <gscoker@xxxxxxxxxxxxxx>
---
xen/arch/x86/domctl.c | 45 +++-
xen/arch/x86/platform_hypercall.c | 16 +
xen/common/domctl.c | 16 -
xen/common/rangeset.c | 9
xen/common/sysctl.c | 12 +
xen/include/xsm/xsm.h | 128 +++++++++--
xen/xsm/dummy.c | 124 +++++++++--
xen/xsm/flask/hooks.c | 288 +++++++++++++++++++++++---
xen/xsm/flask/include/av_perm_to_string.h | 21 +
xen/xsm/flask/include/av_permissions.h | 63 +++--
xen/xsm/flask/include/flask.h | 11
xen/xsm/flask/include/initial_sid_to_string.h | 3
xen/xsm/flask/include/security.h | 6
xen/xsm/flask/ss/policydb.h | 13 -
xen/xsm/flask/ss/services.c | 40 +++
15 files changed, 655 insertions(+), 140 deletions(-)
diff -r 5b133625223a -r 44f039c4aee4 xen/arch/x86/domctl.c
--- a/xen/arch/x86/domctl.c Thu Sep 04 11:23:08 2008 +0100
+++ b/xen/arch/x86/domctl.c Thu Sep 04 11:25:09 2008 +0100
@@ -68,14 +68,6 @@ long arch_do_domctl(
if ( unlikely((d = rcu_lock_domain_by_id(domctl->domain)) == NULL) )
break;
- ret = xsm_ioport_permission(d, fp,
- domctl->u.ioport_permission.allow_access);
- if ( ret )
- {
- rcu_unlock_domain(d);
- break;
- }
-
if ( np == 0 )
ret = 0;
else if ( domctl->u.ioport_permission.allow_access )
@@ -550,6 +542,10 @@ long arch_do_domctl(
if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
break;
+ ret = xsm_sendtrigger(d);
+ if ( ret )
+ goto sendtrigger_out;
+
ret = -EINVAL;
if ( domctl->u.sendtrigger.vcpu >= MAX_VIRT_CPUS )
goto sendtrigger_out;
@@ -628,6 +624,10 @@ long arch_do_domctl(
bus = (domctl->u.assign_device.machine_bdf >> 16) & 0xff;
devfn = (domctl->u.assign_device.machine_bdf >> 8) & 0xff;
+ ret = xsm_test_assign_device(domctl->u.assign_device.machine_bdf);
+ if ( ret )
+ break;
+
if ( device_assigned(bus, devfn) )
{
gdprintk(XENLOG_ERR, "XEN_DOMCTL_test_assign_device: "
@@ -655,6 +655,11 @@ long arch_do_domctl(
"XEN_DOMCTL_assign_device: get_domain_by_id() failed\n");
break;
}
+
+ ret = xsm_assign_device(d, domctl->u.assign_device.machine_bdf);
+ if ( ret )
+ goto assign_device_out;
+
bus = (domctl->u.assign_device.machine_bdf >> 16) & 0xff;
devfn = (domctl->u.assign_device.machine_bdf >> 8) & 0xff;
@@ -680,6 +685,7 @@ long arch_do_domctl(
"assign device (%x:%x:%x) failed\n",
bus, PCI_SLOT(devfn), PCI_FUNC(devfn));
+ assign_device_out:
put_domain(d);
}
break;
@@ -700,6 +706,11 @@ long arch_do_domctl(
"XEN_DOMCTL_deassign_device: get_domain_by_id() failed\n");
break;
}
+
+ ret = xsm_assign_device(d, domctl->u.assign_device.machine_bdf);
+ if ( ret )
+ goto deassign_device_out;
+
bus = (domctl->u.assign_device.machine_bdf >> 16) & 0xff;
devfn = (domctl->u.assign_device.machine_bdf >> 8) & 0xff;
@@ -720,6 +731,8 @@ long arch_do_domctl(
deassign_device(d, bus, devfn);
gdprintk(XENLOG_INFO, "XEN_DOMCTL_deassign_device: bdf = %x:%x:%x\n",
bus, PCI_SLOT(devfn), PCI_FUNC(devfn));
+
+ deassign_device_out:
put_domain(d);
}
break;
@@ -733,10 +746,17 @@ long arch_do_domctl(
if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
break;
bind = &(domctl->u.bind_pt_irq);
+
+ ret = xsm_bind_pt_irq(d, bind);
+ if ( ret )
+ goto bind_out;
+
if ( iommu_enabled )
ret = pt_irq_create_bind_vtd(d, bind);
if ( ret < 0 )
gdprintk(XENLOG_ERR, "pt_irq_create_bind failed!\n");
+
+ bind_out:
rcu_unlock_domain(d);
}
break;
@@ -877,11 +897,16 @@ long arch_do_domctl(
if ( d == NULL )
break;
+ ret = xsm_pin_mem_cacheattr(d);
+ if ( ret )
+ goto pin_out;
+
ret = hvm_set_mem_pinned_cacheattr(
d, domctl->u.pin_mem_cacheattr.start,
domctl->u.pin_mem_cacheattr.end,
domctl->u.pin_mem_cacheattr.type);
+ pin_out:
rcu_unlock_domain(d);
}
break;
@@ -899,6 +924,10 @@ long arch_do_domctl(
d = rcu_lock_domain_by_id(domctl->domain);
if ( d == NULL )
break;
+
+ ret = xsm_ext_vcpucontext(d, domctl->cmd);
+ if ( ret )
+ goto ext_vcpucontext_out;
ret = -ESRCH;
if ( (evc->vcpu >= MAX_VIRT_CPUS) ||
diff -r 5b133625223a -r 44f039c4aee4 xen/arch/x86/platform_hypercall.c
--- a/xen/arch/x86/platform_hypercall.c Thu Sep 04 11:23:08 2008 +0100
+++ b/xen/arch/x86/platform_hypercall.c Thu Sep 04 11:25:09 2008 +0100
@@ -192,6 +192,10 @@ ret_t do_platform_op(XEN_GUEST_HANDLE(xe
break;
case XENPF_firmware_info:
+ ret = xsm_firmware_info();
+ if ( ret )
+ break;
+
switch ( op->u.firmware_info.type )
{
case XEN_FW_DISK_INFO: {
@@ -280,10 +284,18 @@ ret_t do_platform_op(XEN_GUEST_HANDLE(xe
break;
case XENPF_enter_acpi_sleep:
+ ret = xsm_acpi_sleep();
+ if ( ret )
+ break;
+
ret = acpi_enter_sleep(&op->u.enter_acpi_sleep);
break;
case XENPF_change_freq:
+ ret = xsm_change_freq();
+ if ( ret )
+ break;
+
ret = -ENOSYS;
if ( cpufreq_controller != FREQCTL_dom0_kernel )
break;
@@ -305,6 +317,10 @@ ret_t do_platform_op(XEN_GUEST_HANDLE(xe
cpumask_t cpumap;
XEN_GUEST_HANDLE(uint8) cpumap_bitmap;
XEN_GUEST_HANDLE(uint64) idletimes;
+
+ ret = xsm_getidletime();
+ if ( ret )
+ break;
ret = -ENOSYS;
if ( cpufreq_controller != FREQCTL_dom0_kernel )
diff -r 5b133625223a -r 44f039c4aee4 xen/common/domctl.c
--- a/xen/common/domctl.c Thu Sep 04 11:23:08 2008 +0100
+++ b/xen/common/domctl.c Thu Sep 04 11:25:09 2008 +0100
@@ -726,16 +726,11 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
if ( d == NULL )
break;
- ret = xsm_irq_permission(d, pirq, op->u.irq_permission.allow_access);
- if ( ret )
- goto irq_permission_out;
-
if ( op->u.irq_permission.allow_access )
ret = irq_permit_access(d, pirq);
else
ret = irq_deny_access(d, pirq);
- irq_permission_out:
rcu_unlock_domain(d);
}
break;
@@ -754,17 +749,12 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
d = rcu_lock_domain_by_id(op->domain);
if ( d == NULL )
break;
-
- ret = xsm_iomem_permission(d, mfn,
op->u.iomem_permission.allow_access);
- if ( ret )
- goto iomem_permission_out;
if ( op->u.iomem_permission.allow_access )
ret = iomem_permit_access(d, mfn, mfn + nr_mfns - 1);
else
ret = iomem_deny_access(d, mfn, mfn + nr_mfns - 1);
- iomem_permission_out:
rcu_unlock_domain(d);
}
break;
@@ -810,6 +800,12 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
{
put_domain(e);
goto set_target_out;
+ }
+
+ ret = xsm_set_target(d, e);
+ if ( ret ) {
+ put_domain(e);
+ goto set_target_out;
}
/* Hold reference on @e until we destroy @d. */
diff -r 5b133625223a -r 44f039c4aee4 xen/common/rangeset.c
--- a/xen/common/rangeset.c Thu Sep 04 11:23:08 2008 +0100
+++ b/xen/common/rangeset.c Thu Sep 04 11:25:09 2008 +0100
@@ -10,6 +10,7 @@
#include <xen/sched.h>
#include <xen/errno.h>
#include <xen/rangeset.h>
+#include <xsm/xsm.h>
/* An inclusive range [s,e] and pointer to next range in ascending order. */
struct range {
@@ -95,6 +96,10 @@ int rangeset_add_range(
{
struct range *x, *y;
int rc = 0;
+
+ rc = xsm_add_range(r->domain, r->name, s, e);
+ if ( rc )
+ return rc;
ASSERT(s <= e);
@@ -164,6 +169,10 @@ int rangeset_remove_range(
struct range *x, *y, *t;
int rc = 0;
+ rc = xsm_remove_range(r->domain, r->name, s, e);
+ if ( rc )
+ return rc;
+
ASSERT(s <= e);
spin_lock(&r->lock);
diff -r 5b133625223a -r 44f039c4aee4 xen/common/sysctl.c
--- a/xen/common/sysctl.c Thu Sep 04 11:23:08 2008 +0100
+++ b/xen/common/sysctl.c Thu Sep 04 11:25:09 2008 +0100
@@ -149,6 +149,10 @@ long do_sysctl(XEN_GUEST_HANDLE(xen_sysc
char c;
uint32_t i;
+ ret = xsm_debug_keys();
+ if ( ret )
+ break;
+
for ( i = 0; i < op->u.debug_keys.nr_keys; i++ )
{
if ( copy_from_guest_offset(&c, op->u.debug_keys.keys, i, 1) )
@@ -166,6 +170,10 @@ long do_sysctl(XEN_GUEST_HANDLE(xen_sysc
nr_cpus = min_t(uint32_t, op->u.getcpuinfo.max_cpus, NR_CPUS);
+ ret = xsm_getcpuinfo();
+ if ( ret )
+ break;
+
for ( i = 0; i < nr_cpus; i++ )
{
/* Assume no holes in idle-vcpu map. */
@@ -188,6 +196,10 @@ long do_sysctl(XEN_GUEST_HANDLE(xen_sysc
case XEN_SYSCTL_availheap:
{
+ ret = xsm_availheap();
+ if ( ret )
+ break;
+
op->u.availheap.avail_bytes = avail_domheap_pages_region(
op->u.availheap.node,
op->u.availheap.min_bitwidth,
diff -r 5b133625223a -r 44f039c4aee4 xen/include/xsm/xsm.h
--- a/xen/include/xsm/xsm.h Thu Sep 04 11:23:08 2008 +0100
+++ b/xen/include/xsm/xsm.h Thu Sep 04 11:25:09 2008 +0100
@@ -64,16 +64,17 @@ struct xsm_operations {
int (*getvcpucontext) (struct domain *d);
int (*getvcpuinfo) (struct domain *d);
int (*domain_settime) (struct domain *d);
+ int (*set_target) (struct domain *d, struct domain *e);
int (*tbufcontrol) (void);
int (*readconsole) (uint32_t clear);
int (*sched_id) (void);
int (*setdomainmaxmem) (struct domain *d);
int (*setdomainhandle) (struct domain *d);
int (*setdebugging) (struct domain *d);
- int (*irq_permission) (struct domain *d, uint8_t pirq, uint8_t access);
- int (*iomem_permission) (struct domain *d, unsigned long mfn,
- uint8_t
access);
int (*perfcontrol) (void);
+ int (*debug_keys) (void);
+ int (*getcpuinfo) (void);
+ int (*availheap) (void);
int (*evtchn_unbound) (struct domain *d, struct evtchn *chn, domid_t id2);
int (*evtchn_interdomain) (struct domain *d1, struct evtchn *chn1,
@@ -106,13 +107,13 @@ struct xsm_operations {
int (*kexec) (void);
int (*schedop_shutdown) (struct domain *d1, struct domain *d2);
+ int (*add_range) (struct domain *d, char *name, unsigned long s, unsigned
long e);
+ int (*remove_range) (struct domain *d, char *name, unsigned long s,
unsigned long e);
long (*__do_xsm_op) (XEN_GUEST_HANDLE(xsm_op_t) op);
#ifdef CONFIG_X86
int (*shadow_control) (struct domain *d, uint32_t op);
- int (*ioport_permission) (struct domain *d, uint32_t ioport,
- uint8_t
access);
int (*getpageframeinfo) (struct page_info *page);
int (*getmemlist) (struct domain *d);
int (*hypercall_init) (struct domain *d);
@@ -130,6 +131,10 @@ struct xsm_operations {
int (*microcode) (void);
int (*physinfo) (void);
int (*platform_quirk) (uint32_t);
+ int (*firmware_info) (void);
+ int (*acpi_sleep) (void);
+ int (*change_freq) (void);
+ int (*getidletime) (void);
int (*machine_memory_map) (void);
int (*domain_memory_map) (struct domain *d);
int (*mmu_normal_update) (struct domain *d, intpte_t fpte);
@@ -137,6 +142,13 @@ struct xsm_operations {
int (*update_va_mapping) (struct domain *d, l1_pgentry_t pte);
int (*add_to_physmap) (struct domain *d1, struct domain *d2);
int (*remove_from_physmap) (struct domain *d1, struct domain *d2);
+ int (*sendtrigger) (struct domain *d);
+ int (*test_assign_device) (uint32_t machine_bdf);
+ int (*assign_device) (struct domain *d, uint32_t machine_bdf);
+ int (*deassign_device) (struct domain *d, uint32_t machine_bdf);
+ int (*bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind);
+ int (*pin_mem_cacheattr) (struct domain *d);
+ int (*ext_vcpucontext) (struct domain *d, uint32_t cmd);
#endif
};
@@ -215,6 +227,11 @@ static inline int xsm_domain_settime (st
return xsm_call(domain_settime(d));
}
+static inline int xsm_set_target (struct domain *d, struct domain *e)
+{
+ return xsm_call(set_target(d, e));
+}
+
static inline int xsm_tbufcontrol (void)
{
return xsm_call(tbufcontrol());
@@ -245,21 +262,24 @@ static inline int xsm_setdebugging (stru
return xsm_call(setdebugging(d));
}
-static inline int xsm_irq_permission (struct domain *d, uint8_t pirq,
- uint8_t access)
-{
- return xsm_call(irq_permission(d, pirq, access));
-}
-
-static inline int xsm_iomem_permission (struct domain *d, unsigned long mfn,
- uint8_t access)
-{
- return xsm_call(iomem_permission(d, mfn, access));
-}
-
static inline int xsm_perfcontrol (void)
{
return xsm_call(perfcontrol());
+}
+
+static inline int xsm_debug_keys (void)
+{
+ return xsm_call(debug_keys());
+}
+
+static inline int xsm_availheap (void)
+{
+ return xsm_call(availheap());
+}
+
+static inline int xsm_getcpuinfo (void)
+{
+ return xsm_call(getcpuinfo());
}
static inline int xsm_evtchn_unbound (struct domain *d1, struct evtchn *chn,
@@ -385,6 +405,18 @@ static inline int xsm_schedop_shutdown (
static inline int xsm_schedop_shutdown (struct domain *d1, struct domain *d2)
{
return xsm_call(schedop_shutdown(d1, d2));
+}
+
+static inline int xsm_add_range (struct domain *d, char *name, unsigned long s,
+
unsigned long e)
+{
+ return xsm_call(add_range(d, name, s, e));
+}
+
+static inline int xsm_remove_range (struct domain *d, char *name, unsigned
long s,
+
unsigned long e)
+{
+ return xsm_call(remove_range(d, name, s, e));
}
static inline long __do_xsm_op (XEN_GUEST_HANDLE(xsm_op_t) op)
@@ -413,12 +445,6 @@ static inline int xsm_shadow_control (st
return xsm_call(shadow_control(d, op));
}
-static inline int xsm_ioport_permission (struct domain *d, uint32_t ioport,
- uint8_t access)
-{
- return xsm_call(ioport_permission(d, ioport, access));
-}
-
static inline int xsm_getpageframeinfo (struct page_info *page)
{
return xsm_call(getpageframeinfo(page));
@@ -504,6 +530,26 @@ static inline int xsm_platform_quirk (ui
return xsm_call(platform_quirk(quirk));
}
+static inline int xsm_firmware_info (void)
+{
+ return xsm_call(firmware_info());
+}
+
+static inline int xsm_acpi_sleep (void)
+{
+ return xsm_call(acpi_sleep());
+}
+
+static inline int xsm_change_freq (void)
+{
+ return xsm_call(change_freq());
+}
+
+static inline int xsm_getidletime (void)
+{
+ return xsm_call(getidletime());
+}
+
static inline int xsm_machine_memory_map(void)
{
return xsm_call(machine_memory_map());
@@ -538,6 +584,42 @@ static inline int xsm_remove_from_physma
{
return xsm_call(remove_from_physmap(d1, d2));
}
+
+static inline int xsm_sendtrigger(struct domain *d)
+{
+ return xsm_call(sendtrigger(d));
+}
+
+static inline int xsm_test_assign_device(uint32_t machine_bdf)
+{
+ return xsm_call(test_assign_device(machine_bdf));
+}
+
+static inline int xsm_assign_device(struct domain *d, uint32_t machine_bdf)
+{
+ return xsm_call(assign_device(d, machine_bdf));
+}
+
+static inline int xsm_deassign_device(struct domain *d, uint32_t machine_bdf)
+{
+ return xsm_call(deassign_device(d, machine_bdf));
+}
+
+static inline int xsm_bind_pt_irq(struct domain *d,
+ struct xen_domctl_bind_pt_irq
*bind)
+{
+ return xsm_call(bind_pt_irq(d, bind));
+}
+
+static inline int xsm_pin_mem_cacheattr(struct domain *d)
+{
+ return xsm_call(pin_mem_cacheattr(d));
+}
+
+static inline int xsm_ext_vcpucontext(struct domain *d, uint32_t cmd)
+{
+ return xsm_call(ext_vcpucontext(d, cmd));
+}
#endif /* CONFIG_X86 */
#endif /* __XSM_H */
diff -r 5b133625223a -r 44f039c4aee4 xen/xsm/dummy.c
--- a/xen/xsm/dummy.c Thu Sep 04 11:23:08 2008 +0100
+++ b/xen/xsm/dummy.c Thu Sep 04 11:25:09 2008 +0100
@@ -84,6 +84,11 @@ static int dummy_domain_settime (struct
return 0;
}
+static int dummy_set_target (struct domain *d, struct domain *e)
+{
+ return 0;
+}
+
static int dummy_tbufcontrol (void)
{
return 0;
@@ -114,18 +119,22 @@ static int dummy_setdebugging (struct do
return 0;
}
-static int dummy_irq_permission (struct domain *d, uint8_t pirq, uint8_t
access)
-{
- return 0;
-}
-
-static int dummy_iomem_permission (struct domain *d, unsigned long mfn,
- uint8_t access)
-{
- return 0;
-}
-
static int dummy_perfcontrol (void)
+{
+ return 0;
+}
+
+static int dummy_debug_keys (void)
+{
+ return 0;
+}
+
+static int dummy_getcpuinfo (void)
+{
+ return 0;
+}
+
+static int dummy_availheap (void)
{
return 0;
}
@@ -259,18 +268,23 @@ static long dummy___do_xsm_op(XEN_GUEST_
return -ENOSYS;
}
+static int dummy_add_range (struct domain *d, char *name, unsigned long s,
unsigned long e)
+{
+ return 0;
+}
+
+static int dummy_remove_range (struct domain *d, char *name, unsigned long s,
+
unsigned long e)
+{
+ return 0;
+}
+
#ifdef CONFIG_X86
static int dummy_shadow_control (struct domain *d, uint32_t op)
{
return 0;
}
-static int dummy_ioport_permission (struct domain *d, uint32_t ioport,
- uint8_t access)
-{
- return 0;
-}
-
static int dummy_getpageframeinfo (struct page_info *page)
{
return 0;
@@ -356,6 +370,26 @@ static int dummy_platform_quirk (uint32_
return 0;
}
+static int dummy_firmware_info (void)
+{
+ return 0;
+}
+
+static int dummy_acpi_sleep (void)
+{
+ return 0;
+}
+
+static int dummy_change_freq (void)
+{
+ return 0;
+}
+
+static int dummy_getidletime (void)
+{
+ return 0;
+}
+
static int dummy_machine_memory_map (void)
{
return 0;
@@ -382,6 +416,41 @@ static int dummy_update_va_mapping (stru
}
static int dummy_add_to_physmap (struct domain *d1, struct domain *d2)
+{
+ return 0;
+}
+
+static int dummy_sendtrigger (struct domain *d)
+{
+ return 0;
+}
+
+static int dummy_test_assign_device (uint32_t machine_bdf)
+{
+ return 0;
+}
+
+static int dummy_assign_device (struct domain *d, uint32_t machine_bdf)
+{
+ return 0;
+}
+
+static int dummy_deassign_device (struct domain *d, uint32_t machine_bdf)
+{
+ return 0;
+}
+
+static int dummy_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq
*bind)
+{
+ return 0;
+}
+
+static int dummy_pin_mem_cacheattr (struct domain *d)
+{
+ return 0;
+}
+
+static int dummy_ext_vcpucontext (struct domain *d, uint32_t cmd)
{
return 0;
}
@@ -420,15 +489,17 @@ void xsm_fixup_ops (struct xsm_operation
set_to_dummy_if_null(ops, getvcpucontext);
set_to_dummy_if_null(ops, getvcpuinfo);
set_to_dummy_if_null(ops, domain_settime);
+ set_to_dummy_if_null(ops, set_target);
set_to_dummy_if_null(ops, tbufcontrol);
set_to_dummy_if_null(ops, readconsole);
set_to_dummy_if_null(ops, sched_id);
set_to_dummy_if_null(ops, setdomainmaxmem);
set_to_dummy_if_null(ops, setdomainhandle);
set_to_dummy_if_null(ops, setdebugging);
- set_to_dummy_if_null(ops, irq_permission);
- set_to_dummy_if_null(ops, iomem_permission);
set_to_dummy_if_null(ops, perfcontrol);
+ set_to_dummy_if_null(ops, debug_keys);
+ set_to_dummy_if_null(ops, getcpuinfo);
+ set_to_dummy_if_null(ops, availheap);
set_to_dummy_if_null(ops, evtchn_unbound);
set_to_dummy_if_null(ops, evtchn_interdomain);
@@ -461,11 +532,13 @@ void xsm_fixup_ops (struct xsm_operation
set_to_dummy_if_null(ops, kexec);
set_to_dummy_if_null(ops, schedop_shutdown);
+ set_to_dummy_if_null(ops, add_range);
+ set_to_dummy_if_null(ops, remove_range);
+
set_to_dummy_if_null(ops, __do_xsm_op);
#ifdef CONFIG_X86
set_to_dummy_if_null(ops, shadow_control);
- set_to_dummy_if_null(ops, ioport_permission);
set_to_dummy_if_null(ops, getpageframeinfo);
set_to_dummy_if_null(ops, getmemlist);
set_to_dummy_if_null(ops, hypercall_init);
@@ -483,6 +556,10 @@ void xsm_fixup_ops (struct xsm_operation
set_to_dummy_if_null(ops, microcode);
set_to_dummy_if_null(ops, physinfo);
set_to_dummy_if_null(ops, platform_quirk);
+ set_to_dummy_if_null(ops, firmware_info);
+ set_to_dummy_if_null(ops, acpi_sleep);
+ set_to_dummy_if_null(ops, change_freq);
+ set_to_dummy_if_null(ops, getidletime);
set_to_dummy_if_null(ops, machine_memory_map);
set_to_dummy_if_null(ops, domain_memory_map);
set_to_dummy_if_null(ops, mmu_normal_update);
@@ -490,5 +567,12 @@ void xsm_fixup_ops (struct xsm_operation
set_to_dummy_if_null(ops, update_va_mapping);
set_to_dummy_if_null(ops, add_to_physmap);
set_to_dummy_if_null(ops, remove_from_physmap);
+ set_to_dummy_if_null(ops, sendtrigger);
+ set_to_dummy_if_null(ops, test_assign_device);
+ set_to_dummy_if_null(ops, assign_device);
+ set_to_dummy_if_null(ops, deassign_device);
+ set_to_dummy_if_null(ops, bind_pt_irq);
+ set_to_dummy_if_null(ops, pin_mem_cacheattr);
+ set_to_dummy_if_null(ops, ext_vcpucontext);
#endif
}
diff -r 5b133625223a -r 44f039c4aee4 xen/xsm/flask/hooks.c
--- a/xen/xsm/flask/hooks.c Thu Sep 04 11:23:08 2008 +0100
+++ b/xen/xsm/flask/hooks.c Thu Sep 04 11:25:09 2008 +0100
@@ -129,8 +129,7 @@ static int flask_evtchn_unbound(struct d
if ( rc )
goto out;
- rc = avc_has_perm(dsec->sid, newsid, SECCLASS_EVENT,
- EVENT__CREATE|EVENT__ALLOC, NULL);
+ rc = avc_has_perm(dsec->sid, newsid, SECCLASS_EVENT, EVENT__CREATE, NULL);
if ( rc )
goto out;
@@ -210,7 +209,22 @@ static void flask_evtchn_close_post(stru
static int flask_evtchn_send(struct domain *d, struct evtchn *chn)
{
- return domain_has_evtchn(d, chn, EVENT__SEND);
+ int rc;
+
+ switch ( chn->state )
+ {
+ case ECS_INTERDOMAIN:
+ rc = domain_has_evtchn(d, chn, EVENT__SEND);
+ break;
+ case ECS_IPI:
+ case ECS_UNBOUND:
+ rc = 0;
+ break;
+ default:
+ rc = -EPERM;
+ }
+
+ return rc;
}
static int flask_evtchn_status(struct domain *d, struct evtchn *chn)
@@ -506,22 +520,22 @@ static int flask_domain_create(struct do
dsec1 = current->domain->ssid;
- if ( dsec1->create_sid == SECSID_NULL )
- dsec1->create_sid = ssidref;
-
- rc = avc_has_perm(dsec1->sid, dsec1->create_sid, SECCLASS_DOMAIN,
- DOMAIN__CREATE, NULL);
- if ( rc )
- {
- dsec1->create_sid = SECSID_NULL;
- return rc;
+ if ( dsec1->create_sid == SECSID_NULL )
+ dsec1->create_sid = ssidref;
+
+ rc = avc_has_perm(dsec1->sid, dsec1->create_sid, SECCLASS_DOMAIN,
+
DOMAIN__CREATE, NULL);
+ if ( rc )
+ {
+ dsec1->create_sid = SECSID_NULL;
+ return rc;
}
dsec2 = d->ssid;
dsec2->sid = dsec1->create_sid;
- dsec1->create_sid = SECSID_NULL;
- dsec2->create_sid = SECSID_NULL;
+ dsec1->create_sid = SECSID_NULL;
+ dsec2->create_sid = SECSID_NULL;
return rc;
}
@@ -592,6 +606,11 @@ static int flask_domain_settime(struct d
return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
DOMAIN__SETTIME);
}
+static int flask_set_target(struct domain *d, struct domain *e)
+{
+ return domain_has_perm(d, e, SECCLASS_DOMAIN, DOMAIN__SET_TARGET);
+}
+
static int flask_tbufcontrol(void)
{
return domain_has_xen(current->domain, SECCLASS_XEN);
@@ -628,6 +647,21 @@ static int flask_setdebugging(struct dom
{
return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
DOMAIN__SETDEBUGGING);
+}
+
+static int flask_debug_keys(void)
+{
+ return domain_has_xen(current->domain, XEN__DEBUG);
+}
+
+static int flask_getcpuinfo(void)
+{
+ return domain_has_xen(current->domain, XEN__GETCPUINFO);
+}
+
+static int flask_availheap(void)
+{
+ return domain_has_xen(current->domain, XEN__HEAP);
}
static inline u32 resource_to_perm(uint8_t access)
@@ -638,7 +672,7 @@ static inline u32 resource_to_perm(uint8
return RESOURCE__REMOVE;
}
-static int flask_irq_permission(struct domain *d, uint8_t pirq, uint8_t access)
+static int irq_has_perm(struct domain *d, uint8_t pirq, uint8_t access)
{
u32 perm;
u32 rsid;
@@ -665,16 +699,17 @@ static int flask_irq_permission(struct d
return rc;
rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, perm, NULL);
-
- if ( rc )
- return rc;
-
- return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE,
+ if ( rc )
+ return rc;
+
+ if ( access )
+ return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE,
RESOURCE__USE, NULL);
-}
-
-static int flask_iomem_permission(struct domain *d, unsigned long mfn,
- uint8_t access)
+ else
+ return rc;
+}
+
+static int iomem_has_perm(struct domain *d, unsigned long mfn, uint8_t access)
{
u32 perm;
u32 rsid;
@@ -684,7 +719,6 @@ static int flask_iomem_permission(struct
rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
resource_to_perm(access));
-
if ( rc )
return rc;
@@ -743,8 +777,7 @@ static int flask_shadow_control(struct d
return domain_has_perm(current->domain, d, SECCLASS_SHADOW, perm);
}
-static int flask_ioport_permission(struct domain *d, uint32_t ioport,
- uint8_t access)
+static int ioport_has_perm(struct domain *d, uint32_t ioport, uint8_t access)
{
u32 perm;
u32 rsid;
@@ -774,8 +807,11 @@ static int flask_ioport_permission(struc
if ( rc )
return rc;
- return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE,
+ if ( access )
+ return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE,
RESOURCE__USE, NULL);
+ else
+ return rc;
}
static int flask_getpageframeinfo(struct page_info *page)
@@ -951,6 +987,26 @@ static int flask_platform_quirk(uint32_t
return avc_has_perm(dsec->sid, SECINITSID_XEN, SECCLASS_XEN,
XEN__QUIRK, NULL);
+}
+
+static int flask_firmware_info(void)
+{
+ return domain_has_xen(current->domain, XEN__FIRMWARE);
+}
+
+static int flask_acpi_sleep(void)
+{
+ return domain_has_xen(current->domain, XEN__SLEEP);
+}
+
+static int flask_change_freq(void)
+{
+ return domain_has_xen(current->domain, XEN__FREQUENCY);
+}
+
+static int flask_getidletime(void)
+{
+ return domain_has_xen(current->domain, XEN__GETIDLE);
}
static int flask_machine_memory_map(void)
@@ -1033,7 +1089,162 @@ static int flask_remove_from_physmap(str
{
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PHYSMAP);
}
+
+static int flask_sendtrigger(struct domain *d)
+{
+ return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
DOMAIN__TRIGGER);
+}
+
+static int flask_test_assign_device(uint32_t machine_bdf)
+{
+ u32 rsid;
+ int rc = -EPERM;
+ struct domain_security_struct *ssec = current->domain->ssid;
+
+ rc = security_device_sid(machine_bdf, &rsid);
+ if ( rc )
+ return rc;
+
+ return rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE,
RESOURCE__STAT_DEVICE, NULL);
+}
+
+static int flask_assign_device(struct domain *d, uint32_t machine_bdf)
+{
+ u32 rsid;
+ int rc = -EPERM;
+ struct domain_security_struct *ssec, *tsec;
+
+ rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, RESOURCE__ADD);
+ if ( rc )
+ return rc;
+
+ rc = security_device_sid(machine_bdf, &rsid);
+ if ( rc )
+ return rc;
+
+ ssec = current->domain->ssid;
+ rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE,
RESOURCE__ADD_DEVICE, NULL);
+ if ( rc )
+ return rc;
+
+ tsec = d->ssid;
+ return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, RESOURCE__USE,
NULL);
+}
+
+static int flask_deassign_device(struct domain *d, uint32_t machine_bdf)
+{
+ u32 rsid;
+ int rc = -EPERM;
+ struct domain_security_struct *ssec = current->domain->ssid;
+
+ rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
RESOURCE__REMOVE);
+ if ( rc )
+ return rc;
+
+ rc = security_device_sid(machine_bdf, &rsid);
+ if ( rc )
+ return rc;
+
+ return rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE,
RESOURCE__REMOVE_DEVICE, NULL);
+}
+
+static int flask_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq
*bind)
+{
+ u32 rsid;
+ int rc = -EPERM;
+ struct domain_security_struct *ssec, *tsec;
+
+ rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, RESOURCE__ADD);
+ if ( rc )
+ return rc;
+
+ rc = security_pirq_sid(bind->machine_irq, &rsid);
+ if ( rc )
+ return rc;
+
+ ssec = current->domain->ssid;
+ rc = avc_has_perm(ssec->sid, rsid, SECCLASS_HVM, HVM__BIND_IRQ, NULL);
+ if ( rc )
+ return rc;
+
+ tsec = d->ssid;
+ return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, RESOURCE__USE,
NULL);
+}
+
+static int flask_pin_mem_cacheattr (struct domain *d)
+{
+ return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__CACHEATTR);
+}
+
+static int flask_ext_vcpucontext (struct domain *d, uint32_t cmd)
+{
+ u32 perm;
+
+ switch ( cmd )
+ {
+ case XEN_DOMCTL_set_ext_vcpucontext:
+ perm = DOMAIN__SETEXTVCPUCONTEXT;
+ break;
+ case XEN_DOMCTL_get_ext_vcpucontext:
+ perm = DOMAIN__GETEXTVCPUCONTEXT;
+ break;
+ default:
+ return -EPERM;
+ }
+
+ return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, perm);
+}
#endif
+
+static int io_has_perm(struct domain *d, char *name, unsigned long s,
+ unsigned long e, u32
access)
+{
+ int rc = -EPERM;
+
+ if ( strcmp(name, "I/O Memory") == 0 )
+ {
+ rc = iomem_has_perm(d, s, access);
+ if ( rc )
+ return rc;
+
+ if ( s != e )
+ rc = iomem_has_perm(d, s, access);
+ }
+ else if ( strcmp(name, "Interrupts") == 0 )
+ {
+ rc = irq_has_perm(d, s, access);
+ if ( rc )
+ return rc;
+
+ if ( s != e )
+ rc = irq_has_perm(d, e, access);
+ }
+#ifdef CONFIG_X86
+ else if ( strcmp(name, "I/O Ports") == 0 )
+ {
+ rc = ioport_has_perm(d, s, access);
+ if ( rc )
+ return rc;
+
+ if ( s != e )
+ rc = ioport_has_perm(d, e, access);
+ }
+#endif
+
+ return rc;
+}
+
+static int flask_add_range(struct domain *d, char *name, unsigned long s,
+ unsigned
long e)
+{
+ return io_has_perm(d, name, s, e, 1);
+}
+
+static int flask_remove_range(struct domain *d, char *name, unsigned long s,
+ unsigned
long e)
+{
+ return io_has_perm(d, name, s, e, 0);
+}
long do_flask_op(XEN_GUEST_HANDLE(xsm_op_t) u_flask_op);
@@ -1052,15 +1263,17 @@ static struct xsm_operations flask_ops =
.getvcpucontext = flask_getvcpucontext,
.getvcpuinfo = flask_getvcpuinfo,
.domain_settime = flask_domain_settime,
+ .set_target = flask_set_target,
.tbufcontrol = flask_tbufcontrol,
.readconsole = flask_readconsole,
.sched_id = flask_sched_id,
.setdomainmaxmem = flask_setdomainmaxmem,
.setdomainhandle = flask_setdomainhandle,
.setdebugging = flask_setdebugging,
- .irq_permission = flask_irq_permission,
- .iomem_permission = flask_iomem_permission,
.perfcontrol = flask_perfcontrol,
+ .debug_keys = flask_debug_keys,
+ .getcpuinfo = flask_getcpuinfo,
+ .availheap = flask_availheap,
.evtchn_unbound = flask_evtchn_unbound,
.evtchn_interdomain = flask_evtchn_interdomain,
@@ -1093,11 +1306,13 @@ static struct xsm_operations flask_ops =
.kexec = flask_kexec,
.schedop_shutdown = flask_schedop_shutdown,
+ .add_range = flask_add_range,
+ .remove_range = flask_remove_range,
+
.__do_xsm_op = do_flask_op,
#ifdef CONFIG_X86
.shadow_control = flask_shadow_control,
- .ioport_permission = flask_ioport_permission,
.getpageframeinfo = flask_getpageframeinfo,
.getmemlist = flask_getmemlist,
.hypercall_init = flask_hypercall_init,
@@ -1114,6 +1329,10 @@ static struct xsm_operations flask_ops =
.microcode = flask_microcode,
.physinfo = flask_physinfo,
.platform_quirk = flask_platform_quirk,
+ .firmware_info = flask_firmware_info,
+ .acpi_sleep = flask_acpi_sleep,
+ .change_freq = flask_change_freq,
+ .getidletime = flask_getidletime,
.machine_memory_map = flask_machine_memory_map,
.domain_memory_map = flask_domain_memory_map,
.mmu_normal_update = flask_mmu_normal_update,
@@ -1121,6 +1340,13 @@ static struct xsm_operations flask_ops =
.update_va_mapping = flask_update_va_mapping,
.add_to_physmap = flask_add_to_physmap,
.remove_from_physmap = flask_remove_from_physmap,
+ .sendtrigger = flask_sendtrigger,
+ .test_assign_device = flask_test_assign_device,
+ .assign_device = flask_assign_device,
+ .deassign_device = flask_deassign_device,
+ .bind_pt_irq = flask_bind_pt_irq,
+ .pin_mem_cacheattr = flask_pin_mem_cacheattr,
+ .ext_vcpucontext = flask_ext_vcpucontext,
#endif
};
diff -r 5b133625223a -r 44f039c4aee4 xen/xsm/flask/include/av_perm_to_string.h
--- a/xen/xsm/flask/include/av_perm_to_string.h Thu Sep 04 11:23:08 2008 +0100
+++ b/xen/xsm/flask/include/av_perm_to_string.h Thu Sep 04 11:25:09 2008 +0100
@@ -17,11 +17,19 @@
S_(SECCLASS_XEN, XEN__PRIVPROFILE, "privprofile")
S_(SECCLASS_XEN, XEN__NONPRIVPROFILE, "nonprivprofile")
S_(SECCLASS_XEN, XEN__KEXEC, "kexec")
+ S_(SECCLASS_XEN, XEN__FIRMWARE, "firmware")
+ S_(SECCLASS_XEN, XEN__SLEEP, "sleep")
+ S_(SECCLASS_XEN, XEN__FREQUENCY, "frequency")
+ S_(SECCLASS_XEN, XEN__GETIDLE, "getidle")
+ S_(SECCLASS_XEN, XEN__DEBUG, "debug")
+ S_(SECCLASS_XEN, XEN__GETCPUINFO, "getcpuinfo")
+ S_(SECCLASS_XEN, XEN__HEAP, "heap")
S_(SECCLASS_DOMAIN, DOMAIN__SETVCPUCONTEXT, "setvcpucontext")
S_(SECCLASS_DOMAIN, DOMAIN__PAUSE, "pause")
S_(SECCLASS_DOMAIN, DOMAIN__UNPAUSE, "unpause")
S_(SECCLASS_DOMAIN, DOMAIN__RESUME, "resume")
S_(SECCLASS_DOMAIN, DOMAIN__CREATE, "create")
+ S_(SECCLASS_DOMAIN, DOMAIN__TRANSITION, "transition")
S_(SECCLASS_DOMAIN, DOMAIN__MAX_VCPUS, "max_vcpus")
S_(SECCLASS_DOMAIN, DOMAIN__DESTROY, "destroy")
S_(SECCLASS_DOMAIN, DOMAIN__SETVCPUAFFINITY, "setvcpuaffinity")
@@ -34,11 +42,14 @@
S_(SECCLASS_DOMAIN, DOMAIN__SETDOMAINHANDLE, "setdomainhandle")
S_(SECCLASS_DOMAIN, DOMAIN__SETDEBUGGING, "setdebugging")
S_(SECCLASS_DOMAIN, DOMAIN__HYPERCALL, "hypercall")
- S_(SECCLASS_DOMAIN, DOMAIN__TRANSITION, "transition")
S_(SECCLASS_DOMAIN, DOMAIN__SETTIME, "settime")
+ S_(SECCLASS_DOMAIN, DOMAIN__SET_TARGET, "set_target")
S_(SECCLASS_DOMAIN, DOMAIN__SHUTDOWN, "shutdown")
S_(SECCLASS_DOMAIN, DOMAIN__SETADDRSIZE, "setaddrsize")
S_(SECCLASS_DOMAIN, DOMAIN__GETADDRSIZE, "getaddrsize")
+ S_(SECCLASS_DOMAIN, DOMAIN__TRIGGER, "trigger")
+ S_(SECCLASS_DOMAIN, DOMAIN__GETEXTVCPUCONTEXT, "getextvcpucontext")
+ S_(SECCLASS_DOMAIN, DOMAIN__SETEXTVCPUCONTEXT, "setextvcpucontext")
S_(SECCLASS_HVM, HVM__SETHVMC, "sethvmc")
S_(SECCLASS_HVM, HVM__GETHVMC, "gethvmc")
S_(SECCLASS_HVM, HVM__SETPARAM, "setparam")
@@ -46,14 +57,13 @@
S_(SECCLASS_HVM, HVM__PCILEVEL, "pcilevel")
S_(SECCLASS_HVM, HVM__IRQLEVEL, "irqlevel")
S_(SECCLASS_HVM, HVM__PCIROUTE, "pciroute")
+ S_(SECCLASS_HVM, HVM__BIND_IRQ, "bind_irq")
+ S_(SECCLASS_HVM, HVM__CACHEATTR, "cacheattr")
S_(SECCLASS_EVENT, EVENT__BIND, "bind")
- S_(SECCLASS_EVENT, EVENT__CLOSE, "close")
S_(SECCLASS_EVENT, EVENT__SEND, "send")
S_(SECCLASS_EVENT, EVENT__STATUS, "status")
- S_(SECCLASS_EVENT, EVENT__UNMASK, "unmask")
S_(SECCLASS_EVENT, EVENT__NOTIFY, "notify")
S_(SECCLASS_EVENT, EVENT__CREATE, "create")
- S_(SECCLASS_EVENT, EVENT__ALLOC, "alloc")
S_(SECCLASS_EVENT, EVENT__VECTOR, "vector")
S_(SECCLASS_EVENT, EVENT__RESET, "reset")
S_(SECCLASS_GRANT, GRANT__MAP_READ, "map_read")
@@ -87,6 +97,9 @@
S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_IOPORT, "remove_ioport")
S_(SECCLASS_RESOURCE, RESOURCE__ADD_IOMEM, "add_iomem")
S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_IOMEM, "remove_iomem")
+ S_(SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE, "stat_device")
+ S_(SECCLASS_RESOURCE, RESOURCE__ADD_DEVICE, "add_device")
+ S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_DEVICE, "remove_device")
S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av")
S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create")
S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member")
diff -r 5b133625223a -r 44f039c4aee4 xen/xsm/flask/include/av_permissions.h
--- a/xen/xsm/flask/include/av_permissions.h Thu Sep 04 11:23:08 2008 +0100
+++ b/xen/xsm/flask/include/av_permissions.h Thu Sep 04 11:25:09 2008 +0100
@@ -17,29 +17,40 @@
#define XEN__PRIVPROFILE 0x00008000UL
#define XEN__NONPRIVPROFILE 0x00010000UL
#define XEN__KEXEC 0x00020000UL
+#define XEN__FIRMWARE 0x00040000UL
+#define XEN__SLEEP 0x00080000UL
+#define XEN__FREQUENCY 0x00100000UL
+#define XEN__GETIDLE 0x00200000UL
+#define XEN__DEBUG 0x00400000UL
+#define XEN__GETCPUINFO 0x00800000UL
+#define XEN__HEAP 0x01000000UL
#define DOMAIN__SETVCPUCONTEXT 0x00000001UL
#define DOMAIN__PAUSE 0x00000002UL
#define DOMAIN__UNPAUSE 0x00000004UL
#define DOMAIN__RESUME 0x00000008UL
#define DOMAIN__CREATE 0x00000010UL
-#define DOMAIN__MAX_VCPUS 0x00000020UL
-#define DOMAIN__DESTROY 0x00000040UL
-#define DOMAIN__SETVCPUAFFINITY 0x00000080UL
-#define DOMAIN__GETVCPUAFFINITY 0x00000100UL
-#define DOMAIN__SCHEDULER 0x00000200UL
-#define DOMAIN__GETDOMAININFO 0x00000400UL
-#define DOMAIN__GETVCPUINFO 0x00000800UL
-#define DOMAIN__GETVCPUCONTEXT 0x00001000UL
-#define DOMAIN__SETDOMAINMAXMEM 0x00002000UL
-#define DOMAIN__SETDOMAINHANDLE 0x00004000UL
-#define DOMAIN__SETDEBUGGING 0x00008000UL
-#define DOMAIN__HYPERCALL 0x00010000UL
-#define DOMAIN__TRANSITION 0x00020000UL
+#define DOMAIN__TRANSITION 0x00000020UL
+#define DOMAIN__MAX_VCPUS 0x00000040UL
+#define DOMAIN__DESTROY 0x00000080UL
+#define DOMAIN__SETVCPUAFFINITY 0x00000100UL
+#define DOMAIN__GETVCPUAFFINITY 0x00000200UL
+#define DOMAIN__SCHEDULER 0x00000400UL
+#define DOMAIN__GETDOMAININFO 0x00000800UL
+#define DOMAIN__GETVCPUINFO 0x00001000UL
+#define DOMAIN__GETVCPUCONTEXT 0x00002000UL
+#define DOMAIN__SETDOMAINMAXMEM 0x00004000UL
+#define DOMAIN__SETDOMAINHANDLE 0x00008000UL
+#define DOMAIN__SETDEBUGGING 0x00010000UL
+#define DOMAIN__HYPERCALL 0x00020000UL
#define DOMAIN__SETTIME 0x00040000UL
-#define DOMAIN__SHUTDOWN 0x00080000UL
-#define DOMAIN__SETADDRSIZE 0x00100000UL
-#define DOMAIN__GETADDRSIZE 0x00200000UL
+#define DOMAIN__SET_TARGET 0x00080000UL
+#define DOMAIN__SHUTDOWN 0x00100000UL
+#define DOMAIN__SETADDRSIZE 0x00200000UL
+#define DOMAIN__GETADDRSIZE 0x00400000UL
+#define DOMAIN__TRIGGER 0x00800000UL
+#define DOMAIN__GETEXTVCPUCONTEXT 0x01000000UL
+#define DOMAIN__SETEXTVCPUCONTEXT 0x02000000UL
#define HVM__SETHVMC 0x00000001UL
#define HVM__GETHVMC 0x00000002UL
@@ -48,17 +59,16 @@
#define HVM__PCILEVEL 0x00000010UL
#define HVM__IRQLEVEL 0x00000020UL
#define HVM__PCIROUTE 0x00000040UL
+#define HVM__BIND_IRQ 0x00000080UL
+#define HVM__CACHEATTR 0x00000100UL
#define EVENT__BIND 0x00000001UL
-#define EVENT__CLOSE 0x00000002UL
-#define EVENT__SEND 0x00000004UL
-#define EVENT__STATUS 0x00000008UL
-#define EVENT__UNMASK 0x00000010UL
-#define EVENT__NOTIFY 0x00000020UL
-#define EVENT__CREATE 0x00000040UL
-#define EVENT__ALLOC 0x00000080UL
-#define EVENT__VECTOR 0x00000100UL
-#define EVENT__RESET 0x00000200UL
+#define EVENT__SEND 0x00000002UL
+#define EVENT__STATUS 0x00000004UL
+#define EVENT__NOTIFY 0x00000008UL
+#define EVENT__CREATE 0x00000010UL
+#define EVENT__VECTOR 0x00000020UL
+#define EVENT__RESET 0x00000040UL
#define GRANT__MAP_READ 0x00000001UL
#define GRANT__MAP_WRITE 0x00000002UL
@@ -94,6 +104,9 @@
#define RESOURCE__REMOVE_IOPORT 0x00000040UL
#define RESOURCE__ADD_IOMEM 0x00000080UL
#define RESOURCE__REMOVE_IOMEM 0x00000100UL
+#define RESOURCE__STAT_DEVICE 0x00000200UL
+#define RESOURCE__ADD_DEVICE 0x00000400UL
+#define RESOURCE__REMOVE_DEVICE 0x00000800UL
#define SECURITY__COMPUTE_AV 0x00000001UL
#define SECURITY__COMPUTE_CREATE 0x00000002UL
diff -r 5b133625223a -r 44f039c4aee4 xen/xsm/flask/include/flask.h
--- a/xen/xsm/flask/include/flask.h Thu Sep 04 11:23:08 2008 +0100
+++ b/xen/xsm/flask/include/flask.h Thu Sep 04 11:25:09 2008 +0100
@@ -1,6 +1,6 @@
/* This file is automatically generated. Do not edit. */
-#ifndef _FLASK_FLASK_H_
-#define _FLASK_FLASK_H_
+#ifndef _SELINUX_FLASK_H_
+#define _SELINUX_FLASK_H_
/*
* Security object class definitions
@@ -27,10 +27,9 @@
#define SECINITSID_SECURITY 7
#define SECINITSID_IOPORT 8
#define SECINITSID_IOMEM 9
-#define SECINITSID_VCPU 10
-#define SECINITSID_VIRQ 11
-#define SECINITSID_PIRQ 12
+#define SECINITSID_PIRQ 10
+#define SECINITSID_DEVICE 11
-#define SECINITSID_NUM 12
+#define SECINITSID_NUM 11
#endif
diff -r 5b133625223a -r 44f039c4aee4
xen/xsm/flask/include/initial_sid_to_string.h
--- a/xen/xsm/flask/include/initial_sid_to_string.h Thu Sep 04 11:23:08
2008 +0100
+++ b/xen/xsm/flask/include/initial_sid_to_string.h Thu Sep 04 11:25:09
2008 +0100
@@ -11,8 +11,7 @@ static char *initial_sid_to_string[] =
"security",
"ioport",
"iomem",
- "vcpu",
- "virq",
"pirq",
+ "device",
};
diff -r 5b133625223a -r 44f039c4aee4 xen/xsm/flask/include/security.h
--- a/xen/xsm/flask/include/security.h Thu Sep 04 11:23:08 2008 +0100
+++ b/xen/xsm/flask/include/security.h Thu Sep 04 11:25:09 2008 +0100
@@ -69,13 +69,11 @@ int security_get_user_sids(u32 callsid,
int security_pirq_sid(int pirq, u32 *out_sid);
-int security_virq_sid(int virq, u32 *out_sid);
-
-int security_vcpu_sid(int vcpu, u32 *out_sid);
-
int security_iomem_sid(unsigned long, u32 *out_sid);
int security_ioport_sid(u32 ioport, u32 *out_sid);
+
+int security_device_sid(u32 device, u32 *out_sid);
int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
u16
tclass);
diff -r 5b133625223a -r 44f039c4aee4 xen/xsm/flask/ss/policydb.h
--- a/xen/xsm/flask/ss/policydb.h Thu Sep 04 11:23:08 2008 +0100
+++ b/xen/xsm/flask/ss/policydb.h Thu Sep 04 11:25:09 2008 +0100
@@ -133,10 +133,9 @@ struct ocontext {
union {
char *name; /* name of initial SID, fs, netif, fstype, path */
int pirq;
- int virq;
- int vcpu;
u32 ioport;
unsigned long iomem;
+ u32 device;
} u;
struct context context[2]; /* security context(s) */
u32 sid[2]; /* SID(s) */
@@ -157,11 +156,11 @@ struct ocontext {
/* object context array indices */
#define OCON_ISID 0 /* initial SIDs */
#define OCON_PIRQ 1 /* physical irqs */
-#define OCON_VIRQ 2 /* virtual irqs */
-#define OCON_VCPU 3 /* virtual cpus */
-#define OCON_IOPORT 4 /* io ports */
-#define OCON_IOMEM 5 /* io memory */
-#define OCON_DUMMY 6
+#define OCON_IOPORT 2 /* io ports */
+#define OCON_IOMEM 3 /* io memory */
+#define OCON_DEVICE 4 /* pci devices */
+#define OCON_DUMMY1 5 /* reserved */
+#define OCON_DUMMY2 6 /* reserved */
#define OCON_NUM 7
/* The policy database */
diff -r 5b133625223a -r 44f039c4aee4 xen/xsm/flask/ss/services.c
--- a/xen/xsm/flask/ss/services.c Thu Sep 04 11:23:08 2008 +0100
+++ b/xen/xsm/flask/ss/services.c Thu Sep 04 11:25:09 2008 +0100
@@ -1418,6 +1418,46 @@ out:
return rc;
}
+/**
+ * security_ioport_sid - Obtain the SID for an ioport.
+ * @ioport: ioport
+ * @out_sid: security identifier
+ */
+int security_device_sid(u32 device, u32 *out_sid)
+{
+ struct ocontext *c;
+ int rc = 0;
+
+ POLICY_RDLOCK;
+
+ c = policydb.ocontexts[OCON_DEVICE];
+ while ( c )
+ {
+ if ( c->u.device == device )
+ break;
+ c = c->next;
+ }
+
+ if ( c )
+ {
+ if ( !c->sid[0] )
+ {
+ rc = sidtab_context_to_sid(&sidtab, &c->context[0], &c->sid[0]);
+ if ( rc )
+ goto out;
+ }
+ *out_sid = c->sid[0];
+ }
+ else
+ {
+ *out_sid = SECINITSID_DEVICE;
+ }
+
+out:
+ POLICY_RDUNLOCK;
+ return rc;
+}
+
#define SIDS_NEL 25
/**
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home