aboutsummaryrefslogtreecommitdiffstats
path: root/tools/flask/policy/policy/modules/xen/xen.if
diff options
context:
space:
mode:
Diffstat (limited to 'tools/flask/policy/policy/modules/xen/xen.if')
-rw-r--r--tools/flask/policy/policy/modules/xen/xen.if150
1 files changed, 77 insertions, 73 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if
index 1b508987f2..cd240d8f7d 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -1,92 +1,96 @@
-###############################################################################
-#
-# create_domain(priv_dom, domain, channel)
-#
-################################################################################
-define(`create_domain', `
- type $2, domain_type;
- allow $1 $2:domain {create max_vcpus setdomainmaxmem
- setaddrsize getdomaininfo hypercall
- setvcpucontext scheduler unpause
- getvcpuinfo getaddrsize getvcpuaffinity};
- allow $1 $2:shadow {enable};
- allow $1 $2:mmu {map_read map_write adjust physmap};
- allow $2 $2:mmu {adjust physmap};
- allow $1 $3:event {create};
-')
-
-###############################################################################
-#
-# create_hvm_dom(priv_dom, domain, channel)
-#
-################################################################################
-define(`create_hvm_dom', `
- create_domain($1, $2, $3)
- allow $1 $2:hvm { setparam getparam cacheattr pciroute irqlevel pcilevel trackdirtyvram };
- allow $2 $2:hvm setparam;
-')
+# Macro definitions for FLASK policy
-###############################################################################
-#
-# create_pv_dom(priv_dom, domain, channel, iodomain)
-#
-################################################################################
-define(`create_pv_dom', `
- create_domain($1, $2, $3)
- allow $1 $2:mmu {memorymap pinpage};
- allow $2 $2:mmu {map_read map_write pinpage};
- allow $2 $4:mmu {map_read};
-
- allow $2 $2:grant {query setup};
- allow $1 $2:grant {map_read unmap};
-')
################################################################################
#
-# manage_domain(priv_dom, domain)
+# Domain creation and setup
#
################################################################################
-define(`manage_domain', `
- allow $1 $2:domain {pause destroy};
+# declare_domain(type)
+# Declare a type as a domain type, and allow basic domain setup
+define(`declare_domain', `
+ type $1, domain_type;
+ allow $1 $1:grant { query setup };
+ allow $1 $1:mmu { adjust physmap map_read map_write stat pinpage };
+ allow $1 $1:hvm { getparam setparam };
+')
+
+# create_domain(priv, target)
+# Allow a domain to be created
+define(`create_domain', `
+ allow $1 $2:domain { create max_vcpus setdomainmaxmem setaddrsize
+ getdomaininfo hypercall setvcpucontext scheduler
+ unpause getvcpuinfo getvcpuextstate getaddrsize
+ getvcpuaffinity };
+ allow $1 $2:security check_context;
+ allow $1 $2:shadow enable;
+ allow $1 $2:mmu {map_read map_write adjust memorymap physmap pinpage};
+ allow $1 $2:grant setup;
+ allow $1 $2:hvm { cacheattr getparam hvmctl irqlevel pciroute setparam };
+ allow $1 $2_$1_channel:event create;
')
################################################################################
#
-# create_channel(caller, peer, channel)
+# Inter-domain communication
#
################################################################################
+
+# create_channel(source, dest, chan-label)
+# This allows an event channel to be created from domains with labels
+# <source> to <dest> and will label it <chan-label>
define(`create_channel', `
type $3, event_type;
type_transition $1 $2:event $3;
- allow $1 $3:event {create};
- allow $3 $2:event {bind};
+ allow $1 $3:event { create send status };
+ allow $3 $2:event { bind };
')
-###############################################################################
-#
-# create_passthrough_resource(priv_dom, domain, resource)
-#
-###############################################################################
-define(`create_passthrough_resource', `
- type $3, resource_type;
- allow $1 $2:resource {add remove};
- allow $1 ioport_t:resource {add_ioport use};
- allow $1 iomem_t:resource {add_iomem use};
- allow $1 irq_t:resource {add_irq use};
- allow $1 domio_t:mmu {map_read map_write};
- allow $2 domio_t:mmu {map_write};
- allow $2 irq_t:resource {use};
- allow $1 $3:resource {add_irq add_iomem add_ioport remove_irq remove_iomem remove_ioport use add_device remove_device};
- allow $2 $3:resource {use add_ioport add_iomem remove_ioport remove_iomem};
- allow $2 $3:mmu {map_read map_write};
+
+# domain_event_comms(dom1, dom2)
+# Allow two domain types to communicate using event channels
+define(`domain_event_comms', `
+ create_channel($1, $2, $1_$2_channel)
+ create_channel($2, $1, $2_$1_channel)
+')
+
+# domain_comms(dom1, dom2)
+# Allow two domain types to communicate using grants and event channels
+define(`domain_comms', `
+ domain_event_comms($1, $2)
+ allow $1 $2:grant { map_read map_write copy unmap };
+ allow $2 $1:grant { map_read map_write copy unmap };
+')
+
+# domain_self_comms(domain)
+# Allow a domain types to communicate with others of its type using grants
+# and event channels (this includes event channels to DOMID_SELF)
+define(`domain_self_comms', `
+ create_channel($1, $1, $1_self_channel)
+ allow $1 $1:grant { map_read map_write copy unmap };
')
-###############################################################################
+
+################################################################################
#
-# create_hvm_resource(priv_dom, domain, resource)
+# Device types and delegation (PCI passthrough)
#
-###############################################################################
-define(`create_hvm_resource', `
- type $3, resource_type;
- allow $1 $2:resource {add remove};
- allow $1 $3:hvm {bind_irq};
- allow $1 $3:resource {stat_device add_device remove_device add_irq remove_irq add_iomem remove_iomem add_ioport remove_ioport};
- allow $2 $3:resource {use};
+################################################################################
+
+# use_device(domain, device)
+# Allow a device to be used by a domain
+define(`use_device', `
+ allow $1 $2:resource use;
+ allow $1 $2:mmu { map_read map_write };
+')
+
+# admin_device(domain, device)
+# Allow a device to be used and delegated by a domain
+define(`admin_device', `
+ allow $1 $2:resource { setup stat_device add_device add_irq add_iomem add_ioport remove_device remove_irq remove_iomem remove_ioport };
+ allow $1 $2:hvm bind_irq;
+ use_device($1, $2)
+')
+
+# delegate_devices(priv-domain, target-domain)
+# Allow devices to be delegated
+define(`delegate_devices', `
+ allow $1 $2:resource { add remove };
')
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 14:40:37 +0000