|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH 2/2] flask: implement xsm_transtion_running
On Wed, Apr 20, 2022 at 1:03 PM Daniel P. Smith
<dpsmith@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> This commit implements full support for starting the idle domain privileged by
> introducing a new flask label xenboot_t which the idle domain is labeled with
> at creation. It then provides the implementation for the XSM hook
> xsm_transition_running to relabel the idle domain to the existing xen_t flask
> label.
>
> In the reference flask policy a new macro, xen_build_domain(target), is
> introduced for creating policies for dom0less/hyperlaunch allowing the
> hypervisor to create and assign the necessary resources for domain
> construction.
>
> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
> ---
> @@ -188,6 +188,7 @@ static int cf_check flask_domain_alloc_security(struct
> domain *d)
>
> static void cf_check flask_domain_runtime_security(void)
> {
> + struct domain_security_struct *dsec;
> struct domain *d = current->domain;
>
> if ( d->domain_id != DOMID_IDLE )
> @@ -198,6 +199,9 @@ static void cf_check flask_domain_runtime_security(void)
> * set to false for the consistency check(s) in the setup code.
> */
> d->is_privileged = false;
> +
> + dsec = d->ssid;
> + dsec->sid = SECINITSID_XEN;
I think you also want
dsec->self_sid = dsec->sid;
so self also changes to xen_t.
Otherwise I think it looks good,
I was wondering if you were going to require xenboot_t -> xen_t
permissions, but manually setting the sid fields side-steps that.
That seems nicer than requiring policy rules for the transition.
Hmmm, cross referencing other flask code, often after assigning
self_sid there is this call to potentially re-calculate it:
security_transition_sid(dsec->sid, dsec->sid, SECCLASS_DOMAIN,
&dsec->self_sid);
But it isn't used for system domains, so omitting it seems fine.
Regards,
Jason
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |