Skip to content

Commit

Permalink
xsm, argo: XSM control for argo message send operation
Browse files Browse the repository at this point in the history
Default policy: allow.

Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

v3 Daniel/Jan: add to the default xsm policy for the send op
v3 Add Daniel's Acked-by
v2: reordered commit sequence to after sendv implementation
v1 feedback Jan #16: apply const to function signatures
v1 version was: Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
  • Loading branch information
dozylynx authored and andyhhp committed Jan 15, 2019
1 parent debc92b commit 0a75643
Show file tree
Hide file tree
Showing 7 changed files with 34 additions and 3 deletions.
7 changes: 4 additions & 3 deletions tools/flask/policy/modules/guest_features.te
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,11 @@ allow domain_type xen_t:xen tmem_op;
allow domain_type xen_t:xen2 pmu_use;

# Allow all domains:
# to register single-sender (unicast) rings to partner with any domain; and
# to register any-sender (wildcard) rings that can be sent to by any domain.
# to register single-sender (unicast) rings to partner with any domain;
# to register any-sender (wildcard) rings that can be sent to by any domain;
# and send messages to rings.
allow domain_type xen_t:argo { register_any_source };
allow domain_type domain_type:argo { register_single_source };
allow domain_type domain_type:argo { send register_single_source };

# Allow guest console output to the serial console. This is used by PV Linux
# and stub domains for early boot output, so don't audit even when we deny it.
Expand Down
8 changes: 8 additions & 0 deletions xen/common/argo.c
Original file line number Diff line number Diff line change
Expand Up @@ -1943,6 +1943,14 @@ sendv(struct domain *src_d, const xen_argo_addr_t *src_addr,
goto out_unlock;
}

ret = xsm_argo_send(src_d, dst_d);
if ( ret )
{
gprintk(XENLOG_ERR, "argo: XSM REJECTED %i -> %i\n",
src_addr->domain_id, dst_addr->domain_id);
goto out_unlock;
}

read_lock(&dst_d->argo->rings_L2_rwlock);

ring_info = find_ring_info_by_match(dst_d, dst_addr->aport,
Expand Down
6 changes: 6 additions & 0 deletions xen/include/xsm/dummy.h
Original file line number Diff line number Diff line change
Expand Up @@ -732,6 +732,12 @@ static XSM_INLINE int xsm_argo_register_any_source(struct domain *d)
return 0;
}

static XSM_INLINE int xsm_argo_send(const struct domain *d,
const struct domain *t)
{
return 0;
}

#endif /* CONFIG_ARGO */

#include <public/version.h>
Expand Down
6 changes: 6 additions & 0 deletions xen/include/xsm/xsm.h
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,7 @@ struct xsm_operations {
int (*argo_register_single_source) (const struct domain *d,
const struct domain *t);
int (*argo_register_any_source) (const struct domain *d);
int (*argo_send) (const struct domain *d, const struct domain *t);
#endif
};

Expand Down Expand Up @@ -715,6 +716,11 @@ static inline xsm_argo_register_any_source(const struct domain *d)
return xsm_ops->argo_register_any_source(d);
}

static inline int xsm_argo_send(const struct domain *d, const struct domain *t)
{
return xsm_ops->argo_send(d, t);
}

#endif /* CONFIG_ARGO */

#endif /* XSM_NO_WRAPPERS */
Expand Down
1 change: 1 addition & 0 deletions xen/xsm/dummy.c
Original file line number Diff line number Diff line change
Expand Up @@ -155,5 +155,6 @@ void __init xsm_fixup_ops (struct xsm_operations *ops)
#ifdef CONFIG_ARGO
set_to_dummy_if_null(ops, argo_register_single_source);
set_to_dummy_if_null(ops, argo_register_any_source);
set_to_dummy_if_null(ops, argo_send);
#endif
}
7 changes: 7 additions & 0 deletions xen/xsm/flask/hooks.c
Original file line number Diff line number Diff line change
Expand Up @@ -1732,6 +1732,12 @@ static int flask_argo_register_any_source(const struct domain *d)
return avc_has_perm(domain_sid(d), SECINITSID_XEN, SECCLASS_ARGO,
ARGO__REGISTER_ANY_SOURCE, NULL);
}

static int flask_argo_send(const struct domain *d, const struct domain *t)
{
return domain_has_perm(d, t, SECCLASS_ARGO, ARGO__SEND);
}

#endif

long do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op);
Expand Down Expand Up @@ -1871,6 +1877,7 @@ static struct xsm_operations flask_ops = {
#ifdef CONFIG_ARGO
.argo_register_single_source = flask_argo_register_single_source,
.argo_register_any_source = flask_argo_register_any_source,
.argo_send = flask_argo_send,
#endif
};

Expand Down
2 changes: 2 additions & 0 deletions xen/xsm/flask/policy/access_vectors
Original file line number Diff line number Diff line change
Expand Up @@ -541,4 +541,6 @@ class argo
# Domain requesting registration of a communication ring
# to receive messages from any other domain.
register_any_source
# Domain sending a message to another domain.
send
}

0 comments on commit 0a75643

Please sign in to comment.