WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] acm: Modify the default ACM boot policy s

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] acm: Modify the default ACM boot policy so that unlabeled domains can always start
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 08 Apr 2008 02:01:31 -0700
Delivery-date: Tue, 08 Apr 2008 02:04:50 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1207310368 -3600
# Node ID e52bf1822059b49f7b9809bda818e45f218fc8d6
# Parent  57febe0264e1472796319e1135873ab5d6bdad4d
acm: Modify the default ACM boot policy so that unlabeled domains can always 
start

I am modifying the xen- and xend-internal default policy so that
unlabeled domains can always start. A more restrictive security policy
can then be set on top of that policy.

Signed-off-by: Stefan Beger <stefanb@xxxxxxxxxx>
---
 tools/python/xen/util/acmpolicy.py              |   26 +++++++++++++++++++++---
 tools/security/Makefile                         |    2 -
 xen/xsm/acm/acm_chinesewall_hooks.c             |    8 +++++--
 xen/xsm/acm/acm_simple_type_enforcement_hooks.c |   12 ++++++++---
 4 files changed, 39 insertions(+), 9 deletions(-)

diff -r 57febe0264e1 -r e52bf1822059 tools/python/xen/util/acmpolicy.py
--- a/tools/python/xen/util/acmpolicy.py        Fri Apr 04 10:48:01 2008 +0100
+++ b/tools/python/xen/util/acmpolicy.py        Fri Apr 04 12:59:28 2008 +0100
@@ -76,6 +76,7 @@ DEFAULT_policy = \
 "  <SimpleTypeEnforcement>\n" +\
 "    <SimpleTypeEnforcementTypes>\n" +\
 "      <Type>SystemManagement</Type>\n" +\
+"      <Type>__UNLABELED__</Type>\n" +\
 "    </SimpleTypeEnforcementTypes>\n" +\
 "  </SimpleTypeEnforcement>\n" +\
 "  <ChineseWall>\n" +\
@@ -89,12 +90,30 @@ DEFAULT_policy = \
 "        <Name%s>SystemManagement</Name>\n" +\
 "        <SimpleTypeEnforcementTypes>\n" +\
 "          <Type>SystemManagement</Type>\n" +\
+"          <Type>__UNLABELED__</Type>\n" +\
+"        </SimpleTypeEnforcementTypes>\n" +\
+"        <ChineseWallTypes>\n" +\
+"          <Type/>\n" +\
+"        </ChineseWallTypes>\n" +\
+"      </VirtualMachineLabel>\n" +\
+"      <VirtualMachineLabel>\n" +\
+"        <Name>__UNLABELED__</Name>\n" +\
+"        <SimpleTypeEnforcementTypes>\n" +\
+"          <Type>__UNLABELED__</Type>\n" +\
 "        </SimpleTypeEnforcementTypes>\n" +\
 "        <ChineseWallTypes>\n" +\
 "          <Type/>\n" +\
 "        </ChineseWallTypes>\n" +\
 "      </VirtualMachineLabel>\n" +\
 "    </SubjectLabels>\n" +\
+"    <ObjectLabels>\n" +\
+"      <ResourceLabel>\n" +\
+"        <Name>__UNLABELED__</Name>\n" +\
+"        <SimpleTypeEnforcementTypes>\n" +\
+"          <Type>__UNLABELED__</Type>\n" +\
+"        </SimpleTypeEnforcementTypes>\n" +\
+"      </ResourceLabel>\n" +\
+"    </ObjectLabels>\n" +\
 "  </SecurityLabelTemplate>\n" +\
 "</SecurityPolicyDefinition>\n"
 
@@ -231,13 +250,14 @@ class ACMPolicy(XSPolicy):
         """
            Determine whether this is the default policy
         """
-        default = ['SystemManagement']
+        default = ['SystemManagement', ACM_LABEL_UNLABELED ]
         if self.policy_get_virtualmachinelabel_names() == default and \
            self.policy_get_bootstrap_vmlabel() == default[0] and \
            self.policy_get_stetypes_types() == default and \
            self.policy_get_stes_of_vmlabel(default[0]) == default and \
-           self.policy_get_resourcelabel_names() == [] and \
-           self.policy_get_chwall_types() == default and \
+           self.policy_get_stes_of_vmlabel(default[1]) == [default[1]] and \
+           self.policy_get_resourcelabel_names() == [default[1]] and \
+           self.policy_get_chwall_types() == [ default[0] ] and \
            self.get_name() == "DEFAULT":
             return True
         return False
diff -r 57febe0264e1 -r e52bf1822059 tools/security/Makefile
--- a/tools/security/Makefile   Fri Apr 04 10:48:01 2008 +0100
+++ b/tools/security/Makefile   Fri Apr 04 12:59:28 2008 +0100
@@ -32,7 +32,7 @@ ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR
 
 ACM_SCHEMA        = security_policy.xsd
 ACM_EXAMPLES      = client_v1 test
-ACM_DEF_POLICIES  = DEFAULT-UL
+ACM_DEF_POLICIES  =
 ACM_POLICY_SUFFIX = security_policy.xml
 
 ifeq ($(ACM_SECURITY),y)
diff -r 57febe0264e1 -r e52bf1822059 xen/xsm/acm/acm_chinesewall_hooks.c
--- a/xen/xsm/acm/acm_chinesewall_hooks.c       Fri Apr 04 10:48:01 2008 +0100
+++ b/xen/xsm/acm/acm_chinesewall_hooks.c       Fri Apr 04 12:59:28 2008 +0100
@@ -637,8 +637,12 @@ static void chwall_domain_destroy(void *
 
 static int chwall_is_default_policy(void)
 {
-    return ( (chwall_bin_pol.max_types    == 1 ) &&
-             (chwall_bin_pol.max_ssidrefs == 2 ) );
+    static const domaintype_t def_policy[2] = { 0x0, 0x0 };
+    return ( ( chwall_bin_pol.max_types    == 1 ) &&
+             ( chwall_bin_pol.max_ssidrefs == 2 ) &&
+             ( memcmp(chwall_bin_pol.ssidrefs,
+                      def_policy,
+                      sizeof(def_policy)) == 0 ) );
 }
 
 
diff -r 57febe0264e1 -r e52bf1822059 
xen/xsm/acm/acm_simple_type_enforcement_hooks.c
--- a/xen/xsm/acm/acm_simple_type_enforcement_hooks.c   Fri Apr 04 10:48:01 
2008 +0100
+++ b/xen/xsm/acm/acm_simple_type_enforcement_hooks.c   Fri Apr 04 12:59:28 
2008 +0100
@@ -108,7 +108,7 @@ int acm_init_ste_policy(void)
 int acm_init_ste_policy(void)
 {
     /* minimal startup policy; policy write-locked already */
-    ste_bin_pol.max_types = 1;
+    ste_bin_pol.max_types = 2;
     ste_bin_pol.max_ssidrefs = 1 + dom0_ste_ssidref;
     ste_bin_pol.ssidrefs =
             (domaintype_t *)xmalloc_array(domaintype_t,
@@ -123,7 +123,9 @@ int acm_init_ste_policy(void)
                                     ste_bin_pol.max_ssidrefs);
 
     /* initialize state so that dom0 can start up and communicate with itself 
*/
+    ste_bin_pol.ssidrefs[ste_bin_pol.max_types - 1 ] = 1;
     ste_bin_pol.ssidrefs[ste_bin_pol.max_types * dom0_ste_ssidref] = 1;
+    ste_bin_pol.ssidrefs[ste_bin_pol.max_types * dom0_ste_ssidref + 1] = 1;
 
     /* init stats */
     atomic_set(&(ste_bin_pol.ec_eval_count), 0);
@@ -868,8 +870,12 @@ static int
 static int
 ste_is_default_policy(void)
 {
-    return ((ste_bin_pol.max_types    == 1) &&
-            (ste_bin_pol.max_ssidrefs == 2));
+    const static domaintype_t def_policy[4] = { 0x0, 0x1, 0x1, 0x1};
+    return ((ste_bin_pol.max_types    == 2) &&
+            (ste_bin_pol.max_ssidrefs == 2) &&
+            (memcmp(ste_bin_pol.ssidrefs,
+                    def_policy,
+                    sizeof(def_policy)) == 0));
 }
 
 /* now define the hook structure similarly to LSM */

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] acm: Modify the default ACM boot policy so that unlabeled domains can always start, Xen patchbot-unstable <=