From 2b7a98eed8069cb6fe1b967236d80d0a8cf2913e Mon Sep 17 00:00:00 2001
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Date: Fri, 11 Jan 2013 10:37:10 +0000
Subject: xsm/flask: Add checks on the domain performing the set_target
 operation

The existing domain__set_target check only verifies that the source
and target domains can be associated. We also need to check that the
privileged domain making this association is allowed to do so.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
---
 xen/xsm/flask/hooks.c               | 7 +++++++
 xen/xsm/flask/policy/access_vectors | 2 ++
 2 files changed, 9 insertions(+)

(limited to 'xen/xsm')

diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 63f936b420..c2a1de034c 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -577,6 +577,13 @@ static int flask_domain_settime(struct domain *d)
 
 static int flask_set_target(struct domain *d, struct domain *e)
 {
+    int rc;
+    rc = domain_has_perm(current->domain, d, SECCLASS_DOMAIN2, DOMAIN2__MAKE_PRIV_FOR);
+    if ( rc )
+        return rc;
+    rc = domain_has_perm(current->domain, e, SECCLASS_DOMAIN2, DOMAIN2__SET_AS_TARGET);
+    if ( rc )
+        return rc;
     return domain_has_perm(d, e, SECCLASS_DOMAIN, DOMAIN__SET_TARGET);
 }
 
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
index c7e29abb32..11d02da49f 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -78,6 +78,8 @@ class domain2
 	relabelfrom
 	relabelto
 	relabelself
+	make_priv_for
+	set_as_target
 }
 
 class hvm
-- 
cgit v1.2.3