[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v1 6/6] xsm: add tee access policy support

  • To: 'Volodymyr Babchuk' <volodymyr_babchuk@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
  • From: "DeGraaf, Daniel G" <dgdegra@xxxxxxx>
  • Date: Wed, 22 Aug 2018 22:44:30 +0000
  • Accept-language: en-US
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  • Delivery-date: Wed, 22 Aug 2018 22:45:04 +0000
  • Ironport-phdr: 9a23:9r6hhx3R+bHkCApqsmDT+DRfVm0co7zxezQtwd8ZsesQLvjxwZ3uMQTl6Ol3ixeRBMOHs60C07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9JDffwdFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUjq+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfVwZKPdec4RS3RHUMhfSidNBpqwY5UTA+YEO+tTsovzqEYUrRamBQeiGv7hyiNGiHH1x6060vguHw7J0wE7A9IBq3DZoMnpOKsOU+24yrTDwzXZb/NR3Dfw8IbEfB4/rv+NR7J/a9DeyUc3GwjYgFufs4rlPzKL2eQJrmOV7uRsXv+ohmE6pAF+vyagxsg2iobTnY8VzEvE+j9jzIY6It24Vld2bNi5G5VTryGXL5Z6Tt84T212pSo3yqcKtYClcCUI0pgr2h3SZ+Gff4SV/h7vTvidLSp4iX5/Zr6yiRS//VK+xuHhSMW4yEtGoytBn9XWqHwA1xPe5tKGR/dn4EutxCiD2gbO4e9eO080j7DUK5s5z741kZocrFrMEzftmEXzkK+WbkIk+vW06+j/YrXpuJucN4hshw/5L6ogmNKxDf05PAYMQmSX4Oqz2rL/8EHlXrlGlOE5kq7DsJDCP8gboLW5DBVP3oYs7Ba/ES+q0NUenXYZMFJIYA+Lg5TzN13QPfz1De2zj0qynDpp3fzKI77sDojVInjGirjhfLJ960BGyAo0yNBS/49bCr4cL/3tVU/xrsbXAwQ/Mwyv2enrEtp91oQAWW6XGK+WLLvSsUOU5uIoO+SMeI4VuDPmJvkq+fHui2U1mVgHfammxZEXcmy3Hux6I0WFZnrhmswBEXwWvgUkV+PlllmCUTpSZ3a0XqIx/TI7B5y8DYfFWI+thKaN3CChHp1ZfmpGEEyDEW/0d4WYXPcBcCGSIshnkjweT7euVpUt1B+vtA/+yLpqNe3U+jcCup3/0Nh6+fffmg019TxxF86dyX2CT3lonmMUQD87xKJ/oVF5yleCz6d4heZUFdNJ5/xTVgc6MYXRwPZgC9D3QA7OYtCJSFO+SNW8HT4xVs4xw8MJY0tlBtqigQ3M0DSlA78PjbOGH4A086LA0HjxIMZx0XDG1LI7gFU8TctPMnOmjLZl9wfPH47Jj1mZl6GyeKUSwiHN9X2PzW6PvEFFTgJ9SrnKXXEDZkvMrNT46VnOQKOpCbQiKgFB09KNKrNWat31ilVLXO3sONLDbGKrhWixCwyEya+LbIrtY2USwj/dBUYfng8P/HaGKRI+Biauom7EEDNuElfvaVv28eZisHO7UlM0zwaSYkxuybW1/AcZiuGCRPMNwL0EvDwsqzF1HFamw9LWEMCMpgV/c6Vae989501H1W3BvQxnIpOgN7xihkIZcwlvoUPu0BF3CoJdnskqqXMrzBByJrqD31xbbDyXwZDwOqDUKmTp4h+vc7TZ2lTE3NmK/acP7ewyq0//swGxCkoi73Jn3sFX03SH+JrKEQ4SUZPtXUY37BV6vKzaYjIj6I/OyXJsNqy0uCfY2901HOsl1gqgf9BHPaOFDgDyFdcWB8q0J+M2mFipdRUEPOZJ+aEqIsOqbeeJ2K+3POZ6nTKngn5L75x60kKJ7yB8UPLH344Zw/GE2QuKTzbyg0mmssDtloBLeyseEGSiySjiAI5efLVycJ0VBmezOcG42tR+h4L3W35Z+1+vHU8J2MiseUnaU1uokjNX0UMbsHm2g2OSxjZ/kywq4eLLwivKxOjzcQsdDWRCTmJikFTELJC9ipYRW03+K0BjhBajoEr32aVfjKB+NHXIB1dFeW7xNW4oGv+gu7zHb8NR5ZcAtSRMTP/6cV2cDLnnrE1J6S77G3piw2Vxez6mt5rjljRmmWmdKzB1t3OfdsZuj1+L6NPQSPFL1xIaVSJ4jn/RHVH6MN63q4a6jZDG56qSWk27X5RdNWHHxIWBuS/zyiciVRGwk/28gNTPFxMzlyD8yY85Bm3zsB/gb9yzhOyBOuV9cxwtXQWk5g==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AdQ6Z8ELAY9dUlmOQNGpLdFIPiB78w==
  • Thread-topic: [PATCH v1 6/6] xsm: add tee access policy support
> From: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>
> Sent: Wednesday, August 22, 2018 10:12 AM
> 
> As we don't want any guest to access limited resources of TEE, we need a way 
> to control who can work with it.
> 
> Thus, new access vector class "tee" is added with only ony operation "call" 
> so far. tee framework uses this to check if guest has a right
> to work with TEE.
> 
> Also, example security context domU_with_tee_t was added.
> 
> Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>

Are you planning to add more access vectors to this class in the future? 
Otherwise, it probably doesn't need its own class - since you use xen_t as the 
target, placing it in class xen/xen2 is preferred (like tmem and others are 
now).

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.