xenbits.xensource.com Git - xen.git/commit

author	Daniel P. Smith <dpsmith@apertussolutions.com>
	Mon, 4 Jul 2022 12:47:00 +0000 (14:47 +0200)
committer	Jan Beulich <jbeulich@suse.com>
	Mon, 4 Jul 2022 12:47:00 +0000 (14:47 +0200)
commit	a0bb0960e5ed2d6b59aff5c0eae74d8347bab32b
tree	980f6dbbcf188ffdb7056d39e74452246bb3b76c	tree
parent	4b540e8c9f72b904198364bc7b8261ed2dbb36fa	commit \| diff

flask: implement xsm_set_system_active

This commit implements full support for starting the idle domain privileged by
introducing a new flask label xenboot_t which the idle domain is labeled with
at creation. It then provides the implementation for the XSM hook
xsm_set_system_active to relabel the idle domain to the existing xen_t flask
label.

In the reference flask policy a new macro, xen_build_domain(target), is
introduced for creating policies for dom0less/hyperlaunch allowing the
hypervisor to create and assign the necessary resources for domain
construction.

Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
Reviewed-by: Jason Andryuk <jandryuk@gmail.com>
Reviewed-by: Luca Fancellu <luca.fancellu@arm.com>
Tested-by: Luca Fancellu <luca.fancellu@arm.com>
Reviewed-by: Rahul Singh <rahul.singh@arm.com>
Tested-by: Rahul Singh <rahul.singh@arm.com>

tools/flask/policy/modules/xen.if		diff \| blob \| blame \| history
tools/flask/policy/modules/xen.te		diff \| blob \| blame \| history
tools/flask/policy/policy/initial_sids		diff \| blob \| blame \| history
xen/xsm/flask/hooks.c		diff \| blob \| blame \| history
xen/xsm/flask/policy/initial_sids		diff \| blob \| blame \| history