xsm/flask: Improve domain ID auditing in AVCs

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>

diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c
index 9475d926348cce2302d973db96217b7538f09396..3a60a3a0f35d6be9bed2064af074ce6c56393b31 100644 (file)
--- a/xen/xsm/flask/avc.c
+++ b/xen/xsm/flask/avc.c
@@ -539,7 +539,7 @@ static struct avc_node *avc_insert(u32 ssid, u32 tsid, u16 tclass,
 void avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested,
                struct av_decision *avd, int result, struct avc_audit_data *a)
 {
-    struct domain *d = current->domain;
+    struct domain *cdom = current->domain;
     u32 denied, audited;
 
     denied = requested & ~avd->allowed;
@@ -564,10 +564,17 @@ void avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested,
     avc_dump_av(tclass, audited);
     printk(" for ");
 
-    if ( a && a->d )
-        d = a->d;
-    if ( d )
-        printk("domid=%d ", d->domain_id);
+    if ( a && (a->sdom || a->tdom) )
+    {
+        if ( a->sdom && a->tdom && a->sdom != a->tdom )
+            printk("domid=%d target=%d ", a->sdom->domain_id, a->tdom->domain_id);
+        else if ( a->sdom )
+            printk("domid=%d ", a->sdom->domain_id);
+        else
+            printk("target=%d ", a->tdom->domain_id);
+    }
+    else if ( cdom )
+        printk("domid=%d ", cdom->domain_id);
     switch ( a ? a->type : 0 ) {
     case AVC_AUDIT_DATA_DEV:
         printk("device=0x%lx ", a->device);

diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index ad1013fed283bdc0dfe242e8810a2aea780be894..649c473d887fa71d803d0fd2255fe4c553a9521e 100644 (file)
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -37,11 +37,15 @@ static int domain_has_perm(struct domain *dom1, struct domain *dom2,
                            u16 class, u32 perms)
 {
     struct domain_security_struct *dsec1, *dsec2;
+    struct avc_audit_data ad;
+    AVC_AUDIT_DATA_INIT(&ad, NONE);
+    ad.sdom = dom1;
+    ad.tdom = dom2;
 
     dsec1 = dom1->ssid;
     dsec2 = dom2->ssid;
 
-    return avc_has_perm(dsec1->sid, dsec2->sid, class, perms, NULL);
+    return avc_has_perm(dsec1->sid, dsec2->sid, class, perms, &ad);
 }
 
 static int domain_has_evtchn(struct domain *d, struct evtchn *chn, u32 perms)
@@ -1323,6 +1327,7 @@ static int flask_mmu_normal_update(struct domain *d, struct domain *t,
     unsigned long fmfn;
     struct domain_security_struct *dsec;
     u32 fsid;
+    struct avc_audit_data ad;
 
     if (d != t)
         rc = domain_has_perm(d, t, SECCLASS_MMU, MMU__REMOTE_REMAP);
@@ -1337,13 +1342,22 @@ static int flask_mmu_normal_update(struct domain *d, struct domain *t,
     if ( l1e_get_flags(l1e_from_intpte(fpte)) & _PAGE_RW )
         map_perms |= MMU__MAP_WRITE;
 
+    AVC_AUDIT_DATA_INIT(&ad, RANGE);
     fmfn = get_gfn_untyped(f, l1e_get_pfn(l1e_from_intpte(fpte)));
 
+    ad.sdom = d;
+    ad.tdom = f;
+    ad.range.start = fpte;
+    ad.range.end = fmfn;
+
     rc = get_mfn_sid(fmfn, &fsid);
+
+    put_gfn(f, fmfn);
+
     if ( rc )
         return rc;
 
-    return avc_has_perm(dsec->sid, fsid, SECCLASS_MMU, map_perms, NULL);
+    return avc_has_perm(dsec->sid, fsid, SECCLASS_MMU, map_perms, &ad);
 }
 
 static int flask_mmu_machphys_update(struct domain *d, unsigned long mfn)

diff --git a/xen/xsm/flask/include/avc.h b/xen/xsm/flask/include/avc.h
index 1b19189d6b65d51808bd4c5c02cddbfce78fa24e..8fffbb65c075fa59f2873ad47a651dfd2f46ea7d 100644 (file)
--- a/xen/xsm/flask/include/avc.h
+++ b/xen/xsm/flask/include/avc.h
@@ -38,10 +38,12 @@ struct sk_buff;
 /* Auxiliary data to use in generating the audit record. */
 struct avc_audit_data {
     char    type;
+#define AVC_AUDIT_DATA_NONE  0
 #define AVC_AUDIT_DATA_DEV   1
 #define AVC_AUDIT_DATA_IRQ   2
 #define AVC_AUDIT_DATA_RANGE 3
-    struct domain *d;
+    struct domain *sdom;
+    struct domain *tdom;
     union {
         unsigned long device;
         int irq;