From patchwork Thu Jun  9 14:47:08 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel De Graaf <dgdegra@tycho.nsa.gov>
X-Patchwork-Id: 9167199
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	048A0604DB for <patchwork-xen-devel@patchwork.kernel.org>;
	Thu,  9 Jun 2016 14:49:37 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EB419265B9
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Thu,  9 Jun 2016 14:49:36 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id E00C6264F4; Thu,  9 Jun 2016 14:49:36 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 9230F264F4
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Thu,  9 Jun 2016 14:49:36 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1bB1F7-0004v9-RE; Thu, 09 Jun 2016 14:47:33 +0000
Received: from mail6.bemta6.messagelabs.com ([85.158.143.247])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <dgdegra@tycho.nsa.gov>) id 1bB1F6-0004tz-Fb
	for xen-devel@lists.xen.org; Thu, 09 Jun 2016 14:47:32 +0000
Received: from [85.158.143.35] by server-1.bemta-6.messagelabs.com id
	CD/14-30266-38189575; Thu, 09 Jun 2016 14:47:31 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrNLMWRWlGSWpSXmKPExsXCoZPKqdvcGBl
	usPUNn8WSj4tZHBg9ju7+zRTAGMWamZeUX5HAmvHg1DGmgiOCFVs3XmRpYNzO38XIySEh4Cfx
	fPEFti5GLg5OgaUsEqs+XWIEcSQE9jBKXDnVyAziCAksZZRou/6eDcLZyiixdmErG0g/m4Cux
	IKDK5lAbBEBaYlrny8zgtjMAtoSze9msoPYwgI2Eu9nPwKLswioSlx/OpUZxOYVcJFY8P89M8
	QdchLbtuwBq+EUcJV4c/4l0HwOoGUuEgt/ek1g5FvAyLCKUb04tagstUjXSC+pKDM9oyQ3MTN
	H19DATC83tbg4MT01JzGpWC85P3cTIzBQGIBgB+Oyv06HGCU5mJREeb1LIsOF+JLyUyozEosz
	4otKc1KLDzHKcHAoSfByNwDlBItS01Mr0jJzgCELk5bg4FES4f1QD5TmLS5IzC3OTIdInWJUl
	BLntQDpEwBJZJTmwbXB4uQSo6yUMC8j0CFCPAWpRbmZJajyrxjFORiVhHntQabwZOaVwE1/Bb
	SYCWjx8iPhIItLEhFSUg2MQpfSDlswNzlP31jPeviuc3rQ8VCXt077dnpXtvqGfOx9Y/H1/Lk
	TLOEhW1jXLf+Z+er6QVaHpen8gYId8z72Pgv/mOhqUpFzmmt17u0dD9Md+HdZrI7a7n/m6/K4
	zf5Ly3zCam8rX1pr/1C7NebCrTdHZ895wFj7+qnLIv0luRZnN5t7bc7VUmIpzkg01GIuKk4EA
	HgIb4iOAgAA
X-Env-Sender: dgdegra@tycho.nsa.gov
X-Msg-Ref: server-12.tower-21.messagelabs.com!1465483650!18280129!1
X-Originating-IP: [8.44.101.9]
X-SpamReason: No, hits=0.0 required=7.0 tests=
X-StarScan-Received: 
X-StarScan-Version: 8.46; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 16067 invoked from network); 9 Jun 2016 14:47:31 -0000
Received: from emsm-gh1-uea11.nsa.gov (HELO emsm-gh1-uea11.nsa.gov)
	(8.44.101.9)
	by server-12.tower-21.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
	encrypted SMTP; 9 Jun 2016 14:47:31 -0000
X-IronPort-AV: E=Sophos;i="5.26,445,1459814400"; d="scan'208";a="16783286"
IronPort-PHdr: =?us-ascii?q?9a23=3ANMlHrxX9c9+Oeu0QB/lW1ROgebrV8LGtZVwlr6E/?=
	=?us-ascii?q?grcLSJyIuqrYZhKGt8tkgFKBZ4jH8fUM07OQ6PCxHzNdqsnb+Fk5M7VyFDY9wf?=
	=?us-ascii?q?0MmAIhBMPXQWbaF9XNKxIAIcJZSVV+9Gu6O0UGUOz3ZlnVv2HgpWVKQka3CwN5?=
	=?us-ascii?q?K6zPF5LIiIzvjqbpq8yVPFgD22D1SIgxBSv1hD2ZjtMRj4pmJ/R54TryiVwMRd?=
	=?us-ascii?q?5rw3h1L0mYhRf265T41pdi9yNNp6BprJYYAu3HZaBwcZh0RHRjaTh0t4XXskzT?=
	=?us-ascii?q?QA3K6nYCX2E+lhtTHxOD/Bz8GJDrvXjUrO14jQWTO8z7SfgYVHyN9a5iRle8hC?=
	=?us-ascii?q?gLOjEj+UnLm8dwi+RduxvnqBthld2HKLqJPeZzK/uONegRQnBMC4MLDyE=3D?=
X-IPAS-Result: =?us-ascii?q?A2FtBABJgFlX/wHyM5BeGwEBAYMggVO5CIQJhhMCgTVMAQE?=
	=?us-ascii?q?BAQEBAgJiJ4IwghYCBHkQGDlXGYgvvioBAQEBBgIBJJAAhQ4FmFWOJwKJWYVFj?=
	=?us-ascii?q?2VUhAogMooIAQEB?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	09 Jun 2016 14:47:29 +0000
Received: from moss-nexus.infosec.tycho.ncsc.mil (moss-nexus [192.168.25.48])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id
	u59ElSN7018061; Thu, 9 Jun 2016 10:47:28 -0400
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: xen-devel@lists.xen.org
Date: Thu,  9 Jun 2016 10:47:08 -0400
Message-Id: <1465483638-9489-6-git-send-email-dgdegra@tycho.nsa.gov>
X-Mailer: git-send-email 2.5.5
In-Reply-To: <1465483638-9489-1-git-send-email-dgdegra@tycho.nsa.gov>
References: <1465483638-9489-1-git-send-email-dgdegra@tycho.nsa.gov>
Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: [Xen-devel] [PATCH 05/15] flask/policy: xenstore stubdom policy
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

This adds the xenstore_t type to the example policy for use by a
xenstore stub domain.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
---
 tools/flask/policy/modules/modules.conf |  3 +++
 tools/flask/policy/modules/xenstore.te  | 24 ++++++++++++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 tools/flask/policy/modules/xenstore.te

diff --git a/tools/flask/policy/modules/modules.conf b/tools/flask/policy/modules/modules.conf
index 9aac6a0..dd10884 100644
--- a/tools/flask/policy/modules/modules.conf
+++ b/tools/flask/policy/modules/modules.conf
@@ -33,6 +33,9 @@ nomigrate = on
 # Example device policy.  Also see policy/device_contexts.
 nic_dev = on
 
+# Xenstore stub domain.
+xenstore = on
+
 # This allows any domain type to be created using the system_r role.  When it is
 # disabled, domains not using the default types (dom0_t, domU_t, dm_dom_t) must
 # use another role (such as vm_r from the vm_role module below).
diff --git a/tools/flask/policy/modules/xenstore.te b/tools/flask/policy/modules/xenstore.te
new file mode 100644
index 0000000..519566a
--- /dev/null
+++ b/tools/flask/policy/modules/xenstore.te
@@ -0,0 +1,24 @@
+################################################################################
+#
+# Xenstore stubdomain
+#
+################################################################################
+declare_singleton_domain(xenstore_t)
+create_domain(dom0_t, xenstore_t)
+manage_domain(dom0_t, xenstore_t)
+
+# Xenstore requires the global VIRQ for domain destroy operations
+allow dom0_t xenstore_t:domain set_virq_handler;
+# Current xenstore stubdom uses the hypervisor console, not "xl console"
+allow xenstore_t xen_t:xen writeconsole;
+# Xenstore queries domaininfo on all domains
+allow xenstore_t domain_type:domain getdomaininfo;
+
+# As a shortcut, the following 3 rules are used instead of adding a domain_comms
+# rule between xenstore_t and every domain type that talks to xenstore
+create_channel(xenstore_t, domain_type, xenstore_t_channel)
+allow event_type xenstore_t: event bind;
+allow xenstore_t domain_type:grant { map_read map_write unmap };
+
+# Xenstore is a utility domain, so it should use the system role
+role system_r types xenstore_t;