From dfb32a89d40f3a45203895c63810305daecdc420 Mon Sep 17 00:00:00 2001
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Date: Fri, 11 Jan 2013 10:49:10 +0000
Subject: xen/xsm: distinguish scheduler get/set operations

Add getscheduler and setscheduler permissions to replace the
monolithic scheduler permission in the scheduler_op domctl and sysctl.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
---
 xen/xsm/dummy.c                     |  2 ++
 xen/xsm/flask/hooks.c               | 44 +++++++++++++++++++++++++++++++------
 xen/xsm/flask/policy/access_vectors |  7 +++---
 3 files changed, 43 insertions(+), 10 deletions(-)

(limited to 'xen/xsm')

diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 22c66e534b..529a724e71 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -32,6 +32,8 @@ void xsm_fixup_ops (struct xsm_operations *ops)
     set_to_dummy_if_null(ops, security_domaininfo);
     set_to_dummy_if_null(ops, domain_create);
     set_to_dummy_if_null(ops, getdomaininfo);
+    set_to_dummy_if_null(ops, domctl_scheduler_op);
+    set_to_dummy_if_null(ops, sysctl_scheduler_op);
     set_to_dummy_if_null(ops, set_target);
     set_to_dummy_if_null(ops, domctl);
     set_to_dummy_if_null(ops, sysctl);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 222ab3e651..ba67502927 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -517,6 +517,38 @@ static int flask_getdomaininfo(struct domain *d)
     return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETDOMAININFO);
 }
 
+static int flask_domctl_scheduler_op(struct domain *d, int op)
+{
+    switch ( op )
+    {
+    case XEN_DOMCTL_SCHEDOP_putinfo:
+        return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SETSCHEDULER);
+
+    case XEN_DOMCTL_SCHEDOP_getinfo:
+        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETSCHEDULER);
+
+    default:
+        printk("flask_domctl_scheduler_op: Unknown op %d\n", op);
+        return -EPERM;
+    }
+}
+
+static int flask_sysctl_scheduler_op(int op)
+{
+    switch ( op )
+    {
+    case XEN_DOMCTL_SCHEDOP_putinfo:
+        return domain_has_xen(current->domain, XEN__SETSCHEDULER);
+
+    case XEN_DOMCTL_SCHEDOP_getinfo:
+        return domain_has_xen(current->domain, XEN__GETSCHEDULER);
+
+    default:
+        printk("flask_domctl_scheduler_op: Unknown op %d\n", op);
+        return -EPERM;
+    }
+}
+
 static int flask_set_target(struct domain *d, struct domain *t)
 {
     int rc;
@@ -548,6 +580,7 @@ static int flask_domctl(struct domain *d, int cmd)
     /* These have individual XSM hooks (common/domctl.c) */
     case XEN_DOMCTL_createdomain:
     case XEN_DOMCTL_getdomaininfo:
+    case XEN_DOMCTL_scheduler_op:
     case XEN_DOMCTL_irq_permission:
     case XEN_DOMCTL_iomem_permission:
     case XEN_DOMCTL_set_target:
@@ -586,9 +619,6 @@ static int flask_domctl(struct domain *d, int cmd)
     case XEN_DOMCTL_resumedomain:
         return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__RESUME);
 
-    case XEN_DOMCTL_scheduler_op:
-        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SCHEDULER);
-
     case XEN_DOMCTL_max_vcpus:
         return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__MAX_VCPUS);
 
@@ -704,6 +734,7 @@ static int flask_sysctl(int cmd)
     case XEN_SYSCTL_readconsole:
     case XEN_SYSCTL_getdomaininfolist:
     case XEN_SYSCTL_page_offline_op:
+    case XEN_SYSCTL_scheduler_op:
 #ifdef CONFIG_X86
     case XEN_SYSCTL_cpu_hotplug:
 #endif
@@ -713,7 +744,7 @@ static int flask_sysctl(int cmd)
         return domain_has_xen(current->domain, XEN__TBUFCONTROL);
 
     case XEN_SYSCTL_sched_id:
-        return domain_has_xen(current->domain, XEN__SCHEDULER);
+        return domain_has_xen(current->domain, XEN__GETSCHEDULER);
 
     case XEN_SYSCTL_perfc_op:
         return domain_has_xen(current->domain, XEN__PERFCONTROL);
@@ -739,9 +770,6 @@ static int flask_sysctl(int cmd)
     case XEN_SYSCTL_cpupool_op:
         return domain_has_xen(current->domain, XEN__CPUPOOL_OP);
 
-    case XEN_SYSCTL_scheduler_op:
-        return domain_has_xen(current->domain, XEN__SCHED_OP);
-
     case XEN_SYSCTL_physinfo:
     case XEN_SYSCTL_topologyinfo:
     case XEN_SYSCTL_numainfo:
@@ -1408,6 +1436,8 @@ static struct xsm_operations flask_ops = {
     .security_domaininfo = flask_security_domaininfo,
     .domain_create = flask_domain_create,
     .getdomaininfo = flask_getdomaininfo,
+    .domctl_scheduler_op = flask_domctl_scheduler_op,
+    .sysctl_scheduler_op = flask_sysctl_scheduler_op,
     .set_target = flask_set_target,
     .domctl = flask_domctl,
     .sysctl = flask_sysctl,
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
index 7a7e253a93..b982cf5c88 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -5,7 +5,6 @@
 
 class xen
 {
-	scheduler
 	settime
 	tbufcontrol
 	readconsole
@@ -34,9 +33,10 @@ class xen
 	mca_op
 	lockprof
 	cpupool_op
-	sched_op
 	tmem_op
 	tmem_control
+	getscheduler
+	setscheduler
 }
 
 class domain
@@ -51,7 +51,7 @@ class domain
     destroy
     setvcpuaffinity
 	getvcpuaffinity
-	scheduler
+	getscheduler
 	getdomaininfo
 	getvcpuinfo
 	getvcpucontext
@@ -85,6 +85,7 @@ class domain2
 	set_cpuid
 	gettsc
 	settsc
+	setscheduler
 }
 
 class hvm
-- 
cgit v1.2.3