xsm/flask: add domain relabel support

This adds the ability to change a domain's XSM label after creation. The new label will be used for all future access checks; however, existing event channels and memory mappings will remain valid even if their creation would be denied by the new label. With appropriate security policy and hooks in the domain builder, this can be used to create domains that the domain builder does not have access to after building. It can also be used to allow a domain to drop privileges - for example, prior to launching a user-supplied kernel loaded by a pv-grub stubdom. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
author: Daniel De Graaf <dgdegra@tycho.nsa.gov> 2012-09-17 21:12:21 +0100
committer: Daniel De Graaf <dgdegra@tycho.nsa.gov> 2012-09-17 21:12:21 +0100
commit: fdbb35aaea778f8457728cde49d5918916c33470 (patch)
tree: c414a0a7c1aab313f5c085f26624d86809b3ad88 /tools/flask
parent: f6db6c7b888e0cdb42d653bd551f5d6490b33ad5 (diff)
download: xen-fdbb35aaea778f8457728cde49d5918916c33470.tar.gz
xen-fdbb35aaea778f8457728cde49d5918916c33470.tar.bz2
xen-fdbb35aaea778f8457728cde49d5918916c33470.zip
3 files changed, 9 insertions, 1 deletions
diff --git a/tools/flask/policy/policy/flask/access_vectors b/tools/flask/policy/policy/flask/access_vectors
index a884312b01..c7e29abb32 100644
--- a/tools/flask/policy/policy/flask/access_vectors
+++ b/tools/flask/policy/policy/flask/access_vectors
@@ -73,6 +73,13 @@ class domain
 	set_virq_handler
 }
 
+class domain2
+{
+	relabelfrom
+	relabelto
+	relabelself
+}
+
 class hvm
 {
     sethvmc
diff --git a/tools/flask/policy/policy/flask/security_classes b/tools/flask/policy/policy/flask/security_classes
index 2ca35d277b..ef134a7457 100644
--- a/tools/flask/policy/policy/flask/security_classes
+++ b/tools/flask/policy/policy/flask/security_classes
@@ -9,6 +9,7 @@
 
 class xen
 class domain
+class domain2
 class hvm
 class mmu
 class resource
diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te
index 9cc5240b5c..9550397f8e 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -169,7 +169,7 @@ delegate_devices(dom0_t, domU_t)
 ################################################################################
 
 # Domains must be declared using domain_type
-neverallow * ~domain_type:domain create;
+neverallow * ~domain_type:domain { create transition };
 
 # Resources must be declared using resource_type
 neverallow * ~resource_type:resource use;
author	Daniel De Graaf <dgdegra@tycho.nsa.gov>	2012-09-17 21:12:21 +0100
committer	Daniel De Graaf <dgdegra@tycho.nsa.gov>	2012-09-17 21:12:21 +0100
commit	fdbb35aaea778f8457728cde49d5918916c33470 (patch)
tree	c414a0a7c1aab313f5c085f26624d86809b3ad88 /tools/flask
parent	f6db6c7b888e0cdb42d653bd551f5d6490b33ad5 (diff)
download	xen-fdbb35aaea778f8457728cde49d5918916c33470.tar.gz xen-fdbb35aaea778f8457728cde49d5918916c33470.tar.bz2 xen-fdbb35aaea778f8457728cde49d5918916c33470.zip