diff options
-rw-r--r-- | tools/flask/policy/policy/modules/xen/xen.if | 3 | ||||
-rw-r--r-- | xen/arch/x86/hvm/hvm.c | 6 | ||||
-rw-r--r-- | xen/include/xsm/dummy.h | 6 | ||||
-rw-r--r-- | xen/include/xsm/xsm.h | 6 | ||||
-rw-r--r-- | xen/xsm/dummy.c | 1 | ||||
-rw-r--r-- | xen/xsm/flask/hooks.c | 6 | ||||
-rw-r--r-- | xen/xsm/flask/policy/access_vectors | 2 |
7 files changed, 25 insertions, 5 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if index 18647c9327..3a59f38567 100644 --- a/tools/flask/policy/policy/modules/xen/xen.if +++ b/tools/flask/policy/policy/modules/xen/xen.if @@ -54,7 +54,8 @@ define(`create_domain_common', ` allow $1 $2:shadow enable; allow $1 $2:mmu { map_read map_write adjust memorymap physmap pinpage mmuext_op }; allow $1 $2:grant setup; - allow $1 $2:hvm { cacheattr getparam hvmctl irqlevel pciroute sethvmc setparam pcilevel trackdirtyvram }; + allow $1 $2:hvm { cacheattr getparam hvmctl irqlevel pciroute sethvmc + setparam pcilevel trackdirtyvram nested }; ') # create_domain(priv, target) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 38e87ce3af..8522963cb0 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -3909,11 +3909,9 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) rc = -EINVAL; break; case HVM_PARAM_NESTEDHVM: - if ( !IS_PRIV(current->domain) ) - { - rc = -EPERM; + rc = xsm_hvm_param_nested(XSM_PRIV, d); + if ( rc ) break; - } if ( a.value > 1 ) rc = -EINVAL; /* Remove the check below once we have diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 025936a5a1..191e493b43 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -473,6 +473,12 @@ static XSM_INLINE int xsm_hvm_param(XSM_DEFAULT_ARG struct domain *d, unsigned l return xsm_default_action(action, current->domain, d); } +static XSM_INLINE int xsm_hvm_param_nested(XSM_DEFAULT_ARG struct domain *d) +{ + XSM_ASSERT_ACTION(XSM_PRIV); + return xsm_default_action(action, current->domain, d); +} + #ifdef CONFIG_X86 static XSM_INLINE int xsm_shadow_control(XSM_DEFAULT_ARG struct domain *d, uint32_t op) { diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index cba744ce1a..fdc7a650d6 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -130,6 +130,7 @@ struct xsm_operations { long (*do_xsm_op) (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op); int (*hvm_param) (struct domain *d, unsigned long op); + int (*hvm_param_nested) (struct domain *d); #ifdef CONFIG_X86 int (*shadow_control) (struct domain *d, uint32_t op); @@ -493,6 +494,11 @@ static inline int xsm_hvm_param (xsm_default_t def, struct domain *d, unsigned l return xsm_ops->hvm_param(d, op); } +static inline int xsm_hvm_param_nested (xsm_default_t def, struct domain *d) +{ + return xsm_ops->hvm_param_nested(d); +} + #ifdef CONFIG_X86 static inline int xsm_shadow_control (xsm_default_t def, struct domain *d, uint32_t op) { diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 6f1e0b4860..21aef2add9 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -101,6 +101,7 @@ void xsm_fixup_ops (struct xsm_operations *ops) set_to_dummy_if_null(ops, tmem_op); set_to_dummy_if_null(ops, tmem_control); set_to_dummy_if_null(ops, hvm_param); + set_to_dummy_if_null(ops, hvm_param_nested); set_to_dummy_if_null(ops, do_xsm_op); diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 247c8a393b..23c523386b 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1092,6 +1092,11 @@ static int flask_hvm_param(struct domain *d, unsigned long op) return current_has_perm(d, SECCLASS_HVM, perm); } +static int flask_hvm_param_nested(struct domain *d) +{ + return current_has_perm(d, SECCLASS_HVM, HVM__NESTED); +} + #ifdef CONFIG_X86 static int flask_shadow_control(struct domain *d, uint32_t op) { @@ -1506,6 +1511,7 @@ static struct xsm_operations flask_ops = { .tmem_op = flask_tmem_op, .tmem_control = flask_tmem_control, .hvm_param = flask_hvm_param, + .hvm_param_nested = flask_hvm_param_nested, .do_xsm_op = do_flask_op, diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors index fdfc50245a..36b8b2c271 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -234,6 +234,8 @@ class hvm # source = domain whose memory is being shared # target = client domain share_mem +# HVMOP_set_param setting HVM_PARAM_NESTEDHVM + nested } # Class event describes event channels. Interdomain event channels have their |