Index: root/xen-unstable.hg/tools/python/xen/util/acmpolicy.py
===================================================================
--- root.orig/xen-unstable.hg/tools/python/xen/util/acmpolicy.py
+++ root/xen-unstable.hg/tools/python/xen/util/acmpolicy.py
@@ -76,6 +76,7 @@ DEFAULT_policy = \
" \n" +\
" \n" +\
" SystemManagement\n" +\
+" __UNLABELED__\n" +\
" \n" +\
" \n" +\
" \n" +\
@@ -89,12 +90,30 @@ DEFAULT_policy = \
" SystemManagement\n" +\
" \n" +\
" SystemManagement\n" +\
+" __UNLABELED__\n" +\
+" \n" +\
+" \n" +\
+" \n" +\
+" \n" +\
+" \n" +\
+" \n" +\
+" __UNLABELED__\n" +\
+" \n" +\
+" __UNLABELED__\n" +\
" \n" +\
" \n" +\
" \n" +\
" \n" +\
" \n" +\
" \n" +\
+" \n" +\
+" \n" +\
+" __UNLABELED__\n" +\
+" \n" +\
+" __UNLABELED__\n" +\
+" \n" +\
+" \n" +\
+" \n" +\
" \n" +\
"\n"
@@ -231,13 +250,14 @@ class ACMPolicy(XSPolicy):
"""
Determine whether this is the default policy
"""
- default = ['SystemManagement']
+ default = ['SystemManagement', ACM_LABEL_UNLABELED ]
if self.policy_get_virtualmachinelabel_names() == default and \
self.policy_get_bootstrap_vmlabel() == default[0] and \
self.policy_get_stetypes_types() == default and \
self.policy_get_stes_of_vmlabel(default[0]) == default and \
- self.policy_get_resourcelabel_names() == [] and \
- self.policy_get_chwall_types() == default and \
+ self.policy_get_stes_of_vmlabel(default[1]) == [default[1]] and \
+ self.policy_get_resourcelabel_names() == [default[1]] and \
+ self.policy_get_chwall_types() == [ default[0] ] and \
self.get_name() == "DEFAULT":
return True
return False
Index: root/xen-unstable.hg/xen/xsm/acm/acm_simple_type_enforcement_hooks.c
===================================================================
--- root.orig/xen-unstable.hg/xen/xsm/acm/acm_simple_type_enforcement_hooks.c
+++ root/xen-unstable.hg/xen/xsm/acm/acm_simple_type_enforcement_hooks.c
@@ -108,7 +108,7 @@ static int share_common_type(struct doma
int acm_init_ste_policy(void)
{
/* minimal startup policy; policy write-locked already */
- ste_bin_pol.max_types = 1;
+ ste_bin_pol.max_types = 2;
ste_bin_pol.max_ssidrefs = 1 + dom0_ste_ssidref;
ste_bin_pol.ssidrefs =
(domaintype_t *)xmalloc_array(domaintype_t,
@@ -123,7 +123,9 @@ int acm_init_ste_policy(void)
ste_bin_pol.max_ssidrefs);
/* initialize state so that dom0 can start up and communicate with itself */
+ ste_bin_pol.ssidrefs[ste_bin_pol.max_types - 1 ] = 1;
ste_bin_pol.ssidrefs[ste_bin_pol.max_types * dom0_ste_ssidref] = 1;
+ ste_bin_pol.ssidrefs[ste_bin_pol.max_types * dom0_ste_ssidref + 1] = 1;
/* init stats */
atomic_set(&(ste_bin_pol.ec_eval_count), 0);
@@ -866,8 +868,12 @@ ste_authorization(ssidref_t ssidref1, ss
static int
ste_is_default_policy(void)
{
- return ((ste_bin_pol.max_types == 1) &&
- (ste_bin_pol.max_ssidrefs == 2));
+ const static domaintype_t def_policy[4] = { 0x0, 0x1, 0x1, 0x1};
+ return ((ste_bin_pol.max_types == 2) &&
+ (ste_bin_pol.max_ssidrefs == 2) &&
+ (memcmp(ste_bin_pol.ssidrefs,
+ def_policy,
+ sizeof(def_policy)) == 0));
}
/* now define the hook structure similarly to LSM */
Index: root/xen-unstable.hg/tools/security/policies/DEFAULT-UL-security_policy.xml
===================================================================
--- root.orig/xen-unstable.hg/tools/security/policies/DEFAULT-UL-security_policy.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-
-
-
- DEFAULT-UL
- 1.0
-
-
-
- SystemManagement
- __UNLABELED__
-
-
-
-
- SystemManagement
-
-
-
-
-
- SystemManagement
-
- SystemManagement
- __UNLABELED__
-
-
-
-
-
-
- __UNLABELED__
-
- __UNLABELED__
-
-
-
-
-
-
-
-
Index: root/xen-unstable.hg/tools/security/Makefile
===================================================================
--- root.orig/xen-unstable.hg/tools/security/Makefile
+++ root/xen-unstable.hg/tools/security/Makefile
@@ -32,7 +32,7 @@ ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR
ACM_SCHEMA = security_policy.xsd
ACM_EXAMPLES = client_v1 test
-ACM_DEF_POLICIES = DEFAULT-UL
+ACM_DEF_POLICIES =
ACM_POLICY_SUFFIX = security_policy.xml
ACM_SETUP_TOOL = python/acm.py
Index: root/xen-unstable.hg/xen/xsm/acm/acm_chinesewall_hooks.c
===================================================================
--- root.orig/xen-unstable.hg/xen/xsm/acm/acm_chinesewall_hooks.c
+++ root/xen-unstable.hg/xen/xsm/acm/acm_chinesewall_hooks.c
@@ -637,8 +637,12 @@ static void chwall_domain_destroy(void *
static int chwall_is_default_policy(void)
{
- return ( (chwall_bin_pol.max_types == 1 ) &&
- (chwall_bin_pol.max_ssidrefs == 2 ) );
+ static const domaintype_t def_policy[2] = { 0x0, 0x0 };
+ return ( ( chwall_bin_pol.max_types == 1 ) &&
+ ( chwall_bin_pol.max_ssidrefs == 2 ) &&
+ ( memcmp(chwall_bin_pol.ssidrefs,
+ def_policy,
+ sizeof(def_policy)) == 0 ) );
}