From patchwork Mon Jun 20 14:04:22 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel De Graaf X-Patchwork-Id: 9187561 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2446F607D1 for ; Mon, 20 Jun 2016 14:07:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 107DA2780C for ; Mon, 20 Jun 2016 14:07:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 058832793A; Mon, 20 Jun 2016 14:07:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id A2BA52780C for ; Mon, 20 Jun 2016 14:07:06 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bEzou-0001Fv-GR; Mon, 20 Jun 2016 14:04:56 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bEzos-00010r-Na for xen-devel@lists.xen.org; Mon, 20 Jun 2016 14:04:54 +0000 Received: from [193.109.254.147] by server-11.bemta-14.messagelabs.com id B5/11-01707-608F7675; Mon, 20 Jun 2016 14:04:54 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrDLMWRWlGSWpSXmKPExsXCoZPKocv6Iz3 c4FiTvsWSj4tZHBg9ju7+zRTAGMWamZeUX5HAmnH7ywn2ggb+ii87NjM1MC7i6WLk5JAQ8JM4 +uswexcjFwenwHQWiWPb37KBOBIC+xklfi7+wwLiCAm0M0oc6dvIAtIiJLCNUeLxZkEQm01AV 2LBwZVMILaIgLTEtc+XGUFsZgFtieZ3M9lBbGEBR4mes0fA4iwCqhJXTl8Gi/MKuEkc37eUFe IMOYmb5zqZQWxOoPj5L7eYIXa5SlycfJN1AiPfAkaGVYwaxalFZalFuoYWeklFmekZJbmJmTm 6hoYmermpxcWJ6ak5iUnFesn5uZsYgaFSz8DAuIPxyHbPQ4ySHExKorzTn6SHC/El5adUZiQW Z8QXleakFh9ilOHgUJLgZfkGlBMsSk1PrUjLzAEGLUxagoNHSYT331egNG9xQWJucWY6ROoUo 6KUOO87kIQASCKjNA+uDRYplxhlpYR5GRkYGIR4ClKLcjNLUOVfMYpzMCoJ8/4FmcKTmVcCN/ 0V0GImoMXL+sEWlyQipKQaGFu2SC65c2Xnv3er5TW2fo++kCjJPqXIol+t+4+asoR+xys1tXX iR3Yk/1Dd8ibLgWmBxGznNaULEq2nRc34khHU+9Ip4FXguh+dSzv0791K/PtU1EjnzoW57rls kwP3T1za8Vl2VtyVrU/q/wbGF02P4xe9tP7nuTrxlGk9+meM6y36TVPZq5VYijMSDbWYi4oTA UayOvKPAgAA X-Env-Sender: dgdegra@tycho.nsa.gov X-Msg-Ref: server-9.tower-27.messagelabs.com!1466431490!48752724!1 X-Originating-IP: [8.44.101.8] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 8.46; banners=-,-,- X-VirusChecked: Checked Received: (qmail 61962 invoked from network); 20 Jun 2016 14:04:53 -0000 Received: from smtp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) (8.44.101.8) by server-9.tower-27.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 20 Jun 2016 14:04:53 -0000 X-IronPort-AV: E=Sophos;i="5.26,498,1459814400"; d="scan'208";a="14811887" IronPort-PHdr: =?us-ascii?q?9a23=3ASlbWcx30vn5MJjJGsmDT+DRfVm0co7zxezQtwd8Z?= =?us-ascii?q?segQK/ad9pjvdHbS+e9qxAeQG96LurQV1qGI7OjJYi8p39WoiDg6aptCVhsI24?= =?us-ascii?q?09vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6kO74TNaIBjjLw09?= =?us-ascii?q?fr2zQd6DyZXqnL7ts7ToICx2xxOFKYtoKxu3qQiD/uI3uqBFbpgL9x3Sv3FTcP?= =?us-ascii?q?5Xz247bXianhL7+9vitMU7q3cYhuglv/Jkfe26Ov5gDO8QMDNzI20zocHmqxTH?= =?us-ascii?q?ZQ+O/WcHFHUblFxPGQeWwgv9W8Lduy37u+419CTSEtf/RL58DTit46pkUhbAlD?= =?us-ascii?q?YMNzl/9nrezMN3kvQI81qauxVjztuMM8muP/1kc/aYJ4sX?= X-IPAS-Result: =?us-ascii?q?A2FJBAAy92dX/wHyM5BdGwEBAYMggVO4V4QJhhcCgTFMAQE?= =?us-ascii?q?BAQEBAgJiJ4IxghsCBGsOEBg5VxmIMMBIAQEBBwIBJJAAhQ8FiBKQZI4qAolah?= =?us-ascii?q?UaPd1SEDCAyikgBAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 20 Jun 2016 14:04:40 +0000 Received: from moss-nexus.infosec.tycho.ncsc.mil (moss-nexus [192.168.25.48]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u5KE4U6B018300; Mon, 20 Jun 2016 10:04:31 -0400 From: Daniel De Graaf To: xen-devel@lists.xen.org Date: Mon, 20 Jun 2016 10:04:22 -0400 Message-Id: <1466431466-28055-14-git-send-email-dgdegra@tycho.nsa.gov> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1466431466-28055-1-git-send-email-dgdegra@tycho.nsa.gov> References: <1466431466-28055-1-git-send-email-dgdegra@tycho.nsa.gov> Cc: Daniel De Graaf Subject: [Xen-devel] [PATCH 13/17] xen: move FLASK entry under XSM in Kconfig X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Since enabling XSM is required to enable FLASK, place the option for FLASK below the one for XSM. In addition, since it does not make sense to enable XSM without any XSM providers, and FLASK is the only XSM provider, hide the option to disable FLASK under EXPERT. Signed-off-by: Daniel De Graaf --- xen/common/Kconfig | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index cd59574..6a51fd5 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -11,24 +11,6 @@ config COMPAT config CORE_PARKING bool -config FLASK - bool "FLux Advanced Security Kernel support" - default y - depends on XSM - ---help--- - Enables the FLASK (FLux Advanced Security Kernel) support which - provides a mandatory access control framework by which security - enforcement, isolation, and auditing can be achieved with fine - granular control via a security policy. - - If unsure, say N. - -config FLASK_AVC_STATS - def_bool y - depends on FLASK - ---help--- - Maintain statistics on the access vector cache - # Select HAS_DEVICE_TREE if device tree is supported config HAS_DEVICE_TREE bool @@ -137,6 +119,25 @@ config XSM If unsure, say N. +config FLASK + def_bool y + bool "FLux Advanced Security Kernel support" if EXPERT = "y" + depends on XSM + ---help--- + Enables FLASK (FLux Advanced Security Kernel) as the access control + mechanism used by the XSM framework. This provides a mandatory access + control framework by which security enforcement, isolation, and + auditing can be achieved with fine granular control via a security + policy. + + If unsure, say Y. + +config FLASK_AVC_STATS + def_bool y + depends on FLASK + ---help--- + Maintain statistics on the access vector cache + # Enable schedulers menu "Schedulers" visible if EXPERT = "y"