[06/17] flask/policy: remove unused example

Message ID	1466431466-28055-7-git-send-email-dgdegra@tycho.nsa.gov (mailing list archive)
State	New, archived
Headers	show Return-Path: <xen-devel-bounces@lists.xen.org> IronPort-PHdr: =?us-ascii?q?9a23=3A+uNorxEx4fmbAAThSEq3qJ1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ75oc2wAkXT6L1XgUPTWs2DsrQf27uQ4v2rBzNIyK3CmU5BWaQEbwUCh8?= =?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYsExnyfTB4?= =?us-ascii?q?Ov7yUtaLyZ/nhqbjptaNPE1hv3mUX/BbFF2OtwLft80b08NJC50a7V/3mEZOYP?= =?us-ascii?q?lc3mhyJFiezF7W78a0+4N/oWwL46pyv/NaVe3GW4hwDfkCVHV1e1wysd3ms1zP?= =?us-ascii?q?QBWC4lMYU34KiVxYDg6D6wv1DbnrtS6vmuN72SSedeH7BZ8uUD2sp/NnRxPlhz?= =?us-ascii?q?0OHyIo+2HQzMprheRUpwz39E83+JLdfIzAbKk2RajaZ95PADAZUw=3D=3D?= From: Daniel De Graaf <dgdegra@tycho.nsa.gov> To: xen-devel@lists.xen.org Date: Mon, 20 Jun 2016 10:04:15 -0400 Message-Id: <1466431466-28055-7-git-send-email-dgdegra@tycho.nsa.gov> In-Reply-To: <1466431466-28055-1-git-send-email-dgdegra@tycho.nsa.gov> References: <1466431466-28055-1-git-send-email-dgdegra@tycho.nsa.gov> Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov> Subject: [Xen-devel] [PATCH 06/17] flask/policy: remove unused example Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>

Message ID

1466431466-28055-7-git-send-email-dgdegra@tycho.nsa.gov (mailing list archive)

State

New, archived

Headers

IronPort-PHdr: =?us-ascii?q?9a23=3A+uNorxEx4fmbAAThSEq3qJ1GYnF86YWxBRYc798d?=
	=?us-ascii?q?s5kLTJ75oc2wAkXT6L1XgUPTWs2DsrQf27uQ4v2rBzNIyK3CmU5BWaQEbwUCh8?=
	=?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYsExnyfTB4?=
	=?us-ascii?q?Ov7yUtaLyZ/nhqbjptaNPE1hv3mUX/BbFF2OtwLft80b08NJC50a7V/3mEZOYP?=
	=?us-ascii?q?lc3mhyJFiezF7W78a0+4N/oWwL46pyv/NaVe3GW4hwDfkCVHV1e1wysd3ms1zP?=
	=?us-ascii?q?QBWC4lMYU34KiVxYDg6D6wv1DbnrtS6vmuN72SSedeH7BZ8uUD2sp/NnRxPlhz?=
	=?us-ascii?q?0OHyIo+2HQzMprheRUpwz39E83+JLdfIzAbKk2RajaZ95PADAZUw=3D=3D?=
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: xen-devel@lists.xen.org
Date: Mon, 20 Jun 2016 10:04:15 -0400
Message-Id: <1466431466-28055-7-git-send-email-dgdegra@tycho.nsa.gov>
In-Reply-To: <1466431466-28055-1-git-send-email-dgdegra@tycho.nsa.gov>
References: <1466431466-28055-1-git-send-email-dgdegra@tycho.nsa.gov>
Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: [Xen-devel] [PATCH 06/17] flask/policy: remove unused example
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>

Commit Message

Daniel De Graaf June 20, 2016, 2:04 p.m. UTC

The access vectors defined here have never been used by xenstore.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
---
 tools/flask/policy/policy/access_vectors   | 23 ++---------------------
 tools/flask/policy/policy/security_classes |  1 -
 2 files changed, 2 insertions(+), 22 deletions(-)

diff --git a/tools/flask/policy/policy/access_vectors b/tools/flask/policy/policy/access_vectors
index 4fd61f1..d9c69c0 100644
--- a/tools/flask/policy/policy/access_vectors
+++ b/tools/flask/policy/policy/access_vectors
@@ -1,24 +1,5 @@ 
 # Locally defined access vectors
 #
-# Define access vectors for the security classes defined in security_classes
+# Define access vectors for the security classes defined in security_classes.
+# Access vectors defined in this file should not be used by the hypervisor.
 #
-
-# Note: this is an example; the xenstore daemon provided with Xen does
-# not yet include XSM support, and the exact permissions may be defined
-# differently if such support is added.
-class xenstore {
-	# read from keys owned by the target domain (if permissions allow)
-	read
-	# write to keys owned by the target domain (if permissions allow)
-	write
-	# change permissions of a key owned by the target domain
-	chmod
-	# change the owner of a key which was owned by the target domain
-	chown_from
-	# change the owner of a key to the target domain
-	chown_to
-	# access a key owned by the target domain without permission
-	override
-	# introduce a domain
-	introduce
-}
diff --git a/tools/flask/policy/policy/security_classes b/tools/flask/policy/policy/security_classes
index 56595e8..0f0f9f3 100644
--- a/tools/flask/policy/policy/security_classes
+++ b/tools/flask/policy/policy/security_classes
@@ -5,4 +5,3 @@ 
 # security policy.
 #
 # Access vectors for these classes must be defined in the access_vectors file.
-class xenstore

[06/17] flask/policy: remove unused example

Commit Message

Patch