From patchwork Mon Jun 20 14:04:15 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel De Graaf <dgdegra@tycho.nsa.gov>
X-Patchwork-Id: 9187535
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	D05C5607D1 for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 20 Jun 2016 14:06:40 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BC5BD2711E
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 20 Jun 2016 14:06:40 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id B071C27813; Mon, 20 Jun 2016 14:06:40 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.5 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED,
	URIBL_BLACK autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 2929B2711E
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 20 Jun 2016 14:06:40 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1bEzou-0001GV-PM; Mon, 20 Jun 2016 14:04:56 +0000
Received: from mail6.bemta6.messagelabs.com ([85.158.143.247])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <dgdegra@tycho.nsa.gov>) id 1bEzot-0001D7-1n
	for xen-devel@lists.xen.org; Mon, 20 Jun 2016 14:04:55 +0000
Received: from [85.158.143.35] by server-1.bemta-6.messagelabs.com id
	F9/B4-09256-608F7675; Mon, 20 Jun 2016 14:04:54 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrNLMWRWlGSWpSXmKPExsXCoZPKocv6Iz3
	cYFKfmcWSj4tZHBg9ju7+zRTAGMWamZeUX5HAmtF2rZGtYAd/xdFdk9kaGGfzdjFyckgI+En8
	OHqPpYuRi4NTYDGLxJan79lAHAmBQ4wS3VNus4NUCQm0M0p8eJ8OkhAS2MYo0XnuDxtIgk1AV
	2LBwZVMILaIgLTEtc+XGUFsZgFtieZ3M8GahQWsJLYu+g1mswioSnw5eYgZxOYVcJVYsaiBCe
	IMOYmb5zrB4pwCbhLnv9xihljsKnFx8k3WCYx8CxgZVjGqF6cWlaUW6RrqJRVlpmeU5CZm5ug
	aGpjp5aYWFyemp+YkJhXrJefnbmIEBgoDEOxg3Pnc6RCjJAeTkijv9Cfp4UJ8SfkplRmJxRnx
	RaU5qcWHGGU4OJQkeG9/A8oJFqWmp1akZeYAQxYmLcHBoyTCuw4kzVtckJhbnJkOkTrFqCglz
	vscJCEAksgozYNrg8XJJUZZKWFeRqBDhHgKUotyM0tQ5V8xinMwKgnzrgeZwpOZVwI3/RXQYi
	agxcv6wRaXJCKkpBoYxZVkzHSYbUXWtcp79u38MPV7/869/k4ljrfruKMs/yhnmETET/hXdXh
	BWl/RRp3mJ7u6bncfCPF78v7ci4vZn/bM4Y1U2/9Q3crT7VS2FscDR/bpTTbWTNNcLxkYR1h3
	SZ10z97Zr6x87NFy9676qqYHzKebQpQaMrX/uKSuiNqttbErX0GJpTgj0VCLuag4EQA7Faqfj
	gIAAA==
X-Env-Sender: dgdegra@tycho.nsa.gov
X-Msg-Ref: server-9.tower-21.messagelabs.com!1466431490!19792009!1
X-Originating-IP: [8.44.101.8]
X-SpamReason: No, hits=0.0 required=7.0 tests=
X-StarScan-Received: 
X-StarScan-Version: 8.46; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 51626 invoked from network); 20 Jun 2016 14:04:53 -0000
Received: from emsm-gh1-uea10.nsa.gov (HELO emsm-gh1-uea10.nsa.gov)
	(8.44.101.8)
	by server-9.tower-21.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
	encrypted SMTP; 20 Jun 2016 14:04:53 -0000
X-IronPort-AV: E=Sophos;i="5.26,498,1459814400"; d="scan'208";a="14811889"
IronPort-PHdr: =?us-ascii?q?9a23=3A+uNorxEx4fmbAAThSEq3qJ1GYnF86YWxBRYc798d?=
	=?us-ascii?q?s5kLTJ75oc2wAkXT6L1XgUPTWs2DsrQf27uQ4v2rBzNIyK3CmU5BWaQEbwUCh8?=
	=?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYsExnyfTB4?=
	=?us-ascii?q?Ov7yUtaLyZ/nhqbjptaNPE1hv3mUX/BbFF2OtwLft80b08NJC50a7V/3mEZOYP?=
	=?us-ascii?q?lc3mhyJFiezF7W78a0+4N/oWwL46pyv/NaVe3GW4hwDfkCVHV1e1wysd3ms1zP?=
	=?us-ascii?q?QBWC4lMYU34KiVxYDg6D6wv1DbnrtS6vmuN72SSedeH7BZ8uUD2sp/NnRxPlhz?=
	=?us-ascii?q?0OHyIo+2HQzMprheRUpwz39E83+JLdfIzAbKk2RajaZ95PADAZUw=3D=3D?=
X-IPAS-Result: =?us-ascii?q?A2FJBAAy92dX/wHyM5BdGwEBAYMggVO4V4QJhhcCgTFMAQE?=
	=?us-ascii?q?BAQEBAgJiJ4IxghsCBHkQGDlXGYgwwEgBAQEHAgEkkACFDwWIEpBkjioCgWeHc?=
	=?us-ascii?q?wyFOo93VIQMIDKKSAEBAQ?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea10.nsa.gov with ESMTP; 20 Jun 2016 14:04:42 +0000
Received: from moss-nexus.infosec.tycho.ncsc.mil (moss-nexus [192.168.25.48])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id
	u5KE4U64018300; Mon, 20 Jun 2016 10:04:30 -0400
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: xen-devel@lists.xen.org
Date: Mon, 20 Jun 2016 10:04:15 -0400
Message-Id: <1466431466-28055-7-git-send-email-dgdegra@tycho.nsa.gov>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1466431466-28055-1-git-send-email-dgdegra@tycho.nsa.gov>
References: <1466431466-28055-1-git-send-email-dgdegra@tycho.nsa.gov>
Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: [Xen-devel] [PATCH 06/17] flask/policy: remove unused example
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

The access vectors defined here have never been used by xenstore.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
---
 tools/flask/policy/policy/access_vectors   | 23 ++---------------------
 tools/flask/policy/policy/security_classes |  1 -
 2 files changed, 2 insertions(+), 22 deletions(-)

diff --git a/tools/flask/policy/policy/access_vectors b/tools/flask/policy/policy/access_vectors
index 4fd61f1..d9c69c0 100644
--- a/tools/flask/policy/policy/access_vectors
+++ b/tools/flask/policy/policy/access_vectors
@@ -1,24 +1,5 @@
 # Locally defined access vectors
 #
-# Define access vectors for the security classes defined in security_classes
+# Define access vectors for the security classes defined in security_classes.
+# Access vectors defined in this file should not be used by the hypervisor.
 #
-
-# Note: this is an example; the xenstore daemon provided with Xen does
-# not yet include XSM support, and the exact permissions may be defined
-# differently if such support is added.
-class xenstore {
-	# read from keys owned by the target domain (if permissions allow)
-	read
-	# write to keys owned by the target domain (if permissions allow)
-	write
-	# change permissions of a key owned by the target domain
-	chmod
-	# change the owner of a key which was owned by the target domain
-	chown_from
-	# change the owner of a key to the target domain
-	chown_to
-	# access a key owned by the target domain without permission
-	override
-	# introduce a domain
-	introduce
-}
diff --git a/tools/flask/policy/policy/security_classes b/tools/flask/policy/policy/security_classes
index 56595e8..0f0f9f3 100644
--- a/tools/flask/policy/policy/security_classes
+++ b/tools/flask/policy/policy/security_classes
@@ -5,4 +5,3 @@
 # security policy.
 #
 # Access vectors for these classes must be defined in the access_vectors file.
-class xenstore