[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 03/10] xsm: remove the ability to disable flask

  • To: xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Mon, 12 Jul 2021 16:32:26 -0400
  • Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626121629; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=d8fvO/Y/tL6tNfEYDxIkBWTObzNZmpuF9LQtKCVWxKw=; b=cjS+iWNY2hiV2AfL9+jkkvK8QqDbE2aZxk7TU6K7UxyJhWjq5GJobc3V5X7fREi0rcGY/bjr33dpOYI+R12eUViRrwsWL4dGsW+TRTJM1k0yhxzog9aokK+nfytrgYYcFXtP+KTjWNaz4DlRQn/9TW8zLq5AogiSO2G+7b3ATw8=
  • Arc-seal: i=1; a=rsa-sha256; t=1626121629; cv=none; d=zohomail.com; s=zohoarc; b=CPvP9wgoNh6e900cWHvPfPJAqIhFY/wuJyLEBOu8t9t9WRfyXknfQETgfOIlgNPUZop5fkKHKbtaIy+QadstSZhxt7fu8art7m/Zo2ult0YPOMBWJKAEGk8yipZD2alZz9brtAhicKUfu27Ayf8uJoOnIVuzI1nPBIn9hVKnaVs=
  • Cc: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  • Delivery-date: Mon, 12 Jul 2021 20:27:35 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
The flask XSM module provided the ability to switch from flask back to
the dummy XSM module during runtime. With this removal the only way to
switch between XSM modules is at boot time.

Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
---
 xen/xsm/flask/flask_op.c | 32 --------------------------------
 1 file changed, 32 deletions(-)

diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c
index 32e079d676..f41c025391 100644
--- a/xen/xsm/flask/flask_op.c
+++ b/xen/xsm/flask/flask_op.c
@@ -223,34 +223,6 @@ static int flask_security_sid(struct xen_flask_sid_context 
*arg)
 
 #ifndef COMPAT
 
-static int flask_disable(void)
-{
-    static int flask_disabled = 0;
-    struct xsm_operations default_ops;
-
-    if ( ss_initialized )
-    {
-        /* Not permitted after initial policy load. */
-        return -EINVAL;
-    }
-
-    if ( flask_disabled )
-    {
-        /* Only do this once. */
-        return -EINVAL;
-    }
-
-    printk("Flask:  Disabled at runtime.\n");
-
-    flask_disabled = 1;
-
-    /* Reset xsm_ops to the original module. */
-    xsm_fixup_ops(&default_ops);
-    xsm_ops = default_ops;
-
-    return 0;
-}
-
 static int flask_security_setavc_threshold(struct xen_flask_setavc_threshold 
*arg)
 {
     int rv = 0;
@@ -700,10 +672,6 @@ ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) 
u_flask_op)
         rv = flask_mls_enabled;
         break;    
 
-    case FLASK_DISABLE:
-        rv = flask_disable();
-        break;
-
     case FLASK_GETAVC_THRESHOLD:
         rv = avc_cache_threshold;
         break;
-- 
2.20.1

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.