ia64/xen-unstable

changeset 17386:e52bf1822059

acm: Modify the default ACM boot policy so that unlabeled domains can always start

I am modifying the xen- and xend-internal default policy so that
unlabeled domains can always start. A more restrictive security policy
can then be set on top of that policy.

Signed-off-by: Stefan Beger <stefanb@us.ibm.com>
author Keir Fraser <keir.fraser@citrix.com>
date Fri Apr 04 12:59:28 2008 +0100 (2008-04-04)
parents 57febe0264e1
children 585e3d56aded
files tools/python/xen/util/acmpolicy.py tools/security/Makefile xen/xsm/acm/acm_chinesewall_hooks.c xen/xsm/acm/acm_simple_type_enforcement_hooks.c
line diff
     1.1 --- a/tools/python/xen/util/acmpolicy.py	Fri Apr 04 10:48:01 2008 +0100
     1.2 +++ b/tools/python/xen/util/acmpolicy.py	Fri Apr 04 12:59:28 2008 +0100
     1.3 @@ -76,6 +76,7 @@ DEFAULT_policy = \
     1.4  "  <SimpleTypeEnforcement>\n" +\
     1.5  "    <SimpleTypeEnforcementTypes>\n" +\
     1.6  "      <Type>SystemManagement</Type>\n" +\
     1.7 +"      <Type>__UNLABELED__</Type>\n" +\
     1.8  "    </SimpleTypeEnforcementTypes>\n" +\
     1.9  "  </SimpleTypeEnforcement>\n" +\
    1.10  "  <ChineseWall>\n" +\
    1.11 @@ -89,12 +90,30 @@ DEFAULT_policy = \
    1.12  "        <Name%s>SystemManagement</Name>\n" +\
    1.13  "        <SimpleTypeEnforcementTypes>\n" +\
    1.14  "          <Type>SystemManagement</Type>\n" +\
    1.15 +"          <Type>__UNLABELED__</Type>\n" +\
    1.16 +"        </SimpleTypeEnforcementTypes>\n" +\
    1.17 +"        <ChineseWallTypes>\n" +\
    1.18 +"          <Type/>\n" +\
    1.19 +"        </ChineseWallTypes>\n" +\
    1.20 +"      </VirtualMachineLabel>\n" +\
    1.21 +"      <VirtualMachineLabel>\n" +\
    1.22 +"        <Name>__UNLABELED__</Name>\n" +\
    1.23 +"        <SimpleTypeEnforcementTypes>\n" +\
    1.24 +"          <Type>__UNLABELED__</Type>\n" +\
    1.25  "        </SimpleTypeEnforcementTypes>\n" +\
    1.26  "        <ChineseWallTypes>\n" +\
    1.27  "          <Type/>\n" +\
    1.28  "        </ChineseWallTypes>\n" +\
    1.29  "      </VirtualMachineLabel>\n" +\
    1.30  "    </SubjectLabels>\n" +\
    1.31 +"    <ObjectLabels>\n" +\
    1.32 +"      <ResourceLabel>\n" +\
    1.33 +"        <Name>__UNLABELED__</Name>\n" +\
    1.34 +"        <SimpleTypeEnforcementTypes>\n" +\
    1.35 +"          <Type>__UNLABELED__</Type>\n" +\
    1.36 +"        </SimpleTypeEnforcementTypes>\n" +\
    1.37 +"      </ResourceLabel>\n" +\
    1.38 +"    </ObjectLabels>\n" +\
    1.39  "  </SecurityLabelTemplate>\n" +\
    1.40  "</SecurityPolicyDefinition>\n"
    1.41  
    1.42 @@ -231,13 +250,14 @@ class ACMPolicy(XSPolicy):
    1.43          """
    1.44             Determine whether this is the default policy
    1.45          """
    1.46 -        default = ['SystemManagement']
    1.47 +        default = ['SystemManagement', ACM_LABEL_UNLABELED ]
    1.48          if self.policy_get_virtualmachinelabel_names() == default and \
    1.49             self.policy_get_bootstrap_vmlabel() == default[0] and \
    1.50             self.policy_get_stetypes_types() == default and \
    1.51             self.policy_get_stes_of_vmlabel(default[0]) == default and \
    1.52 -           self.policy_get_resourcelabel_names() == [] and \
    1.53 -           self.policy_get_chwall_types() == default and \
    1.54 +           self.policy_get_stes_of_vmlabel(default[1]) == [default[1]] and \
    1.55 +           self.policy_get_resourcelabel_names() == [default[1]] and \
    1.56 +           self.policy_get_chwall_types() == [ default[0] ] and \
    1.57             self.get_name() == "DEFAULT":
    1.58              return True
    1.59          return False
     2.1 --- a/tools/security/Makefile	Fri Apr 04 10:48:01 2008 +0100
     2.2 +++ b/tools/security/Makefile	Fri Apr 04 12:59:28 2008 +0100
     2.3 @@ -32,7 +32,7 @@ ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR
     2.4  
     2.5  ACM_SCHEMA        = security_policy.xsd
     2.6  ACM_EXAMPLES      = client_v1 test
     2.7 -ACM_DEF_POLICIES  = DEFAULT-UL
     2.8 +ACM_DEF_POLICIES  =
     2.9  ACM_POLICY_SUFFIX = security_policy.xml
    2.10  
    2.11  ifeq ($(ACM_SECURITY),y)
     3.1 --- a/xen/xsm/acm/acm_chinesewall_hooks.c	Fri Apr 04 10:48:01 2008 +0100
     3.2 +++ b/xen/xsm/acm/acm_chinesewall_hooks.c	Fri Apr 04 12:59:28 2008 +0100
     3.3 @@ -637,8 +637,12 @@ static void chwall_domain_destroy(void *
     3.4  
     3.5  static int chwall_is_default_policy(void)
     3.6  {
     3.7 -    return ( (chwall_bin_pol.max_types    == 1 ) &&
     3.8 -             (chwall_bin_pol.max_ssidrefs == 2 ) );
     3.9 +    static const domaintype_t def_policy[2] = { 0x0, 0x0 };
    3.10 +    return ( ( chwall_bin_pol.max_types    == 1 ) &&
    3.11 +             ( chwall_bin_pol.max_ssidrefs == 2 ) &&
    3.12 +             ( memcmp(chwall_bin_pol.ssidrefs,
    3.13 +                      def_policy,
    3.14 +                      sizeof(def_policy)) == 0 ) );
    3.15  }
    3.16  
    3.17  
     4.1 --- a/xen/xsm/acm/acm_simple_type_enforcement_hooks.c	Fri Apr 04 10:48:01 2008 +0100
     4.2 +++ b/xen/xsm/acm/acm_simple_type_enforcement_hooks.c	Fri Apr 04 12:59:28 2008 +0100
     4.3 @@ -108,7 +108,7 @@ static int share_common_type(struct doma
     4.4  int acm_init_ste_policy(void)
     4.5  {
     4.6      /* minimal startup policy; policy write-locked already */
     4.7 -    ste_bin_pol.max_types = 1;
     4.8 +    ste_bin_pol.max_types = 2;
     4.9      ste_bin_pol.max_ssidrefs = 1 + dom0_ste_ssidref;
    4.10      ste_bin_pol.ssidrefs =
    4.11              (domaintype_t *)xmalloc_array(domaintype_t,
    4.12 @@ -123,7 +123,9 @@ int acm_init_ste_policy(void)
    4.13                                      ste_bin_pol.max_ssidrefs);
    4.14  
    4.15      /* initialize state so that dom0 can start up and communicate with itself */
    4.16 +    ste_bin_pol.ssidrefs[ste_bin_pol.max_types - 1 ] = 1;
    4.17      ste_bin_pol.ssidrefs[ste_bin_pol.max_types * dom0_ste_ssidref] = 1;
    4.18 +    ste_bin_pol.ssidrefs[ste_bin_pol.max_types * dom0_ste_ssidref + 1] = 1;
    4.19  
    4.20      /* init stats */
    4.21      atomic_set(&(ste_bin_pol.ec_eval_count), 0);
    4.22 @@ -868,8 +870,12 @@ ste_authorization(ssidref_t ssidref1, ss
    4.23  static int
    4.24  ste_is_default_policy(void)
    4.25  {
    4.26 -    return ((ste_bin_pol.max_types    == 1) &&
    4.27 -            (ste_bin_pol.max_ssidrefs == 2));
    4.28 +    const static domaintype_t def_policy[4] = { 0x0, 0x1, 0x1, 0x1};
    4.29 +    return ((ste_bin_pol.max_types    == 2) &&
    4.30 +            (ste_bin_pol.max_ssidrefs == 2) &&
    4.31 +            (memcmp(ste_bin_pol.ssidrefs,
    4.32 +                    def_policy,
    4.33 +                    sizeof(def_policy)) == 0));
    4.34  }
    4.35  
    4.36  /* now define the hook structure similarly to LSM */