From patchwork Thu Jun  9 14:47:09 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel De Graaf <dgdegra@tycho.nsa.gov>
X-Patchwork-Id: 9167193
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	44677604DB for <patchwork-xen-devel@patchwork.kernel.org>;
	Thu,  9 Jun 2016 14:49:34 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 36DDF264F4
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Thu,  9 Jun 2016 14:49:34 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 2B6702834F; Thu,  9 Jun 2016 14:49:34 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D107D264F4
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Thu,  9 Jun 2016 14:49:33 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1bB1FF-0005BO-Ci; Thu, 09 Jun 2016 14:47:41 +0000
Received: from mail6.bemta14.messagelabs.com ([193.109.254.103])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <dgdegra@tycho.nsa.gov>) id 1bB1FD-00059J-Vw
	for xen-devel@lists.xen.org; Thu, 09 Jun 2016 14:47:40 +0000
Received: from [193.109.254.147] by server-15.bemta-14.messagelabs.com id
	73/1A-29877-B8189575; Thu, 09 Jun 2016 14:47:39 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrFLMWRWlGSWpSXmKPExsXCoZPKqdvVGBl
	ucGOlusWSj4tZHBg9ju7+zRTAGMWamZeUX5HAmnFp41L2gjN8Fed3NbE1MO7g6WLk4JAQ8JPY
	urmgi5GLg1NgPovE28sLWUAcCYFDjBLnNxxmA3GEBJYySjy9P4cFwtnKKLFo4nWmLkZODjYBX
	YkFB1eC2SIC0hLXPl9mBLGZBbQlmt/NZAexhQWsJK7MWApmswioSrw5MZkNxOYVcJFY+mM6mC
	0hICexbcsesF5OAVeJN+dfsoGcJwRUs/Cn1wRGvgWMDKsY1YtTi8pSi3Qt9ZKKMtMzSnITM3N
	0DQ1N9HJTi4sT01NzEpOK9ZLzczcxAsOEAQh2MPZPcT7EKMnBpCTK610SGS7El5SfUpmRWJwR
	X1Sak1p8iFGGg0NJgrekASgnWJSanlqRlpkDDFiYtAQHj5II7xKQNG9xQWJucWY6ROoUo6KUO
	K8FSEIAJJFRmgfXBouSS4yyUsK8jECHCPEUpBblZpagyr9iFOdgVBLmrQKZwpOZVwI3/RXQYi
	agxcuPhIMsLklESEk1MNq02ZcuTWq/+Txh/5ZTxXMdhSu/l+xwTlvh235+Gjv3q4gZl038v36
	dH8P5ZecZ21XOblzHf4S++SvWrXaugN82t/TG6pMG7x2zVs9Ti6850MP/6pZXCe8V/TM9+24/
	c86btkHQ7u9W5wojmycnty1dGiL08Nc5xpVmGxyWd8zfOq+VR+Je3kolluKMREMt5qLiRADld
	OYDjQIAAA==
X-Env-Sender: dgdegra@tycho.nsa.gov
X-Msg-Ref: server-11.tower-27.messagelabs.com!1465483657!38210977!1
X-Originating-IP: [8.44.101.9]
X-SpamReason: No, hits=0.0 required=7.0 tests=
X-StarScan-Received: 
X-StarScan-Version: 8.46; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 33412 invoked from network); 9 Jun 2016 14:47:38 -0000
Received: from smtp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) (8.44.101.9)
	by server-11.tower-27.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
	encrypted SMTP; 9 Jun 2016 14:47:38 -0000
X-IronPort-AV: E=Sophos;i="5.26,445,1459814400"; d="scan'208";a="16783303"
IronPort-PHdr: =?us-ascii?q?9a23=3ApKPB/hLabOeMOcq7sdmcpTZWNBhigK39O0sv0rFi?=
	=?us-ascii?q?tYgULP3xwZ3uMQTl6Ol3ixeRBMOAu6MC1Led7PqocFdDyKjCmUhKSIZLWR4BhJ?=
	=?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBy?=
	=?us-ascii?q?brysXNWC3oLoiqvtodX6WEZhunmUWftKNhK4rAHc5IE9oLBJDeIP8CbPuWZCYO?=
	=?us-ascii?q?9MxGlldhq5lhf44dqsrtY4q3wD888784Z8dYmyP+FiFf0LRAghZnA44ojnuAfO?=
	=?us-ascii?q?SSOL52AASSMGnxwOBBLKvz/gWZKkniL8t+d5kAWXdeLsRLk6EWCu4KtmRwXhoD?=
	=?us-ascii?q?sWPD4+tmfMg4p/i7wN80HpnAB234OBONLdD/F5ZK6IOIlCSA=3D=3D?=
X-IPAS-Result: =?us-ascii?q?A2FtBABJgFlX/wHyM5BeGwEBAYMggVO5CIQJhhMCgTVMAQE?=
	=?us-ascii?q?BAQEBAgJiJ4IwghYCBHkQGDlXGYgvvioBAQEHAgEkkACFDgWICJBNjicCgWeHc?=
	=?us-ascii?q?gyFOY9lVIQKIDKKCAEBAQ?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	09 Jun 2016 14:47:36 +0000
Received: from moss-nexus.infosec.tycho.ncsc.mil (moss-nexus [192.168.25.48])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id
	u59ElSN8018061; Thu, 9 Jun 2016 10:47:28 -0400
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: xen-devel@lists.xen.org
Date: Thu,  9 Jun 2016 10:47:09 -0400
Message-Id: <1465483638-9489-7-git-send-email-dgdegra@tycho.nsa.gov>
X-Mailer: git-send-email 2.5.5
In-Reply-To: <1465483638-9489-1-git-send-email-dgdegra@tycho.nsa.gov>
References: <1465483638-9489-1-git-send-email-dgdegra@tycho.nsa.gov>
Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: [Xen-devel] [PATCH 06/15] flask/policy: remove unused example
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

The access vectors defined here have never been used by xenstore.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
---
 tools/flask/policy/policy/access_vectors   | 23 ++---------------------
 tools/flask/policy/policy/security_classes |  1 -
 2 files changed, 2 insertions(+), 22 deletions(-)

diff --git a/tools/flask/policy/policy/access_vectors b/tools/flask/policy/policy/access_vectors
index 4fd61f1..d9c69c0 100644
--- a/tools/flask/policy/policy/access_vectors
+++ b/tools/flask/policy/policy/access_vectors
@@ -1,24 +1,5 @@
 # Locally defined access vectors
 #
-# Define access vectors for the security classes defined in security_classes
+# Define access vectors for the security classes defined in security_classes.
+# Access vectors defined in this file should not be used by the hypervisor.
 #
-
-# Note: this is an example; the xenstore daemon provided with Xen does
-# not yet include XSM support, and the exact permissions may be defined
-# differently if such support is added.
-class xenstore {
-	# read from keys owned by the target domain (if permissions allow)
-	read
-	# write to keys owned by the target domain (if permissions allow)
-	write
-	# change permissions of a key owned by the target domain
-	chmod
-	# change the owner of a key which was owned by the target domain
-	chown_from
-	# change the owner of a key to the target domain
-	chown_to
-	# access a key owned by the target domain without permission
-	override
-	# introduce a domain
-	introduce
-}
diff --git a/tools/flask/policy/policy/security_classes b/tools/flask/policy/policy/security_classes
index 56595e8..0f0f9f3 100644
--- a/tools/flask/policy/policy/security_classes
+++ b/tools/flask/policy/policy/security_classes
@@ -5,4 +5,3 @@
 # security policy.
 #
 # Access vectors for these classes must be defined in the access_vectors file.
-class xenstore