From patchwork Thu Aug 5 14:06:39 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Daniel P. Smith" X-Patchwork-Id: 12421223 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6DB8DC4338F for ; Thu, 5 Aug 2021 14:07:57 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D918E60E53 for ; Thu, 5 Aug 2021 14:07:56 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org D918E60E53 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=apertussolutions.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.164252.300517 (Exim 4.92) (envelope-from ) id 1mBe2H-00029u-D5; Thu, 05 Aug 2021 14:07:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 164252.300517; Thu, 05 Aug 2021 14:07:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mBe2H-00029n-99; Thu, 05 Aug 2021 14:07:49 +0000 Received: by outflank-mailman (input) for mailman id 164252; Thu, 05 Aug 2021 14:07:48 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mBe2G-0001zB-Da for xen-devel@lists.xenproject.org; Thu, 05 Aug 2021 14:07:48 +0000 Received: from sender4-of-o51.zoho.com (unknown [136.143.188.51]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 184f06bb-dc13-495d-9fc9-36a59ee35e1c; Thu, 05 Aug 2021 14:07:47 +0000 (UTC) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 162817244586698.78117808058039; Thu, 5 Aug 2021 07:07:25 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 184f06bb-dc13-495d-9fc9-36a59ee35e1c ARC-Seal: i=1; a=rsa-sha256; t=1628172453; cv=none; d=zohomail.com; s=zohoarc; b=LrgabP+/WrfB8/58NDSrdZl8XfMrI1k8C5srWUD9ZOR+3kM+khDUIv+kAmM4hsOEbXXfPwLI5IcY3mpNrewnZcJXUvMGjcDSRZAfi+tIhXUHPbqDn9q8lv+fuzUMsN5lZd9LpujYeBcMUzW8+vgXYd89EAHm8UBpRNp5WS2JVC8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628172453; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=oBtJAYzQJ3xOPC4nmZs464PFZEvqwBEbkKJJO08ZKyQ=; b=PKSUS4+JnBYPN4X/yoVRQ26POggrQjg3stq6DVXQ59KT6UISdT/IuXd5KSoceOBzJWmOr+R/Q72uqmXwcHO0N2LV+ticzAMtEDPnxl1efKEvGkUCGxbdsHfXegHD9EIoR3p8aXXjqRamLMO7JT+ZAl6vntNYoaAFf7J1LH2A7P8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1628172453; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding; bh=oBtJAYzQJ3xOPC4nmZs464PFZEvqwBEbkKJJO08ZKyQ=; b=XB3STg4hlk3olDoIWK5H3yvE3dgP/2j8c4oAPcGn9VhsYe1tAe3Nmw+nPcv4cGL1 wNRqXS8mI+vQ/uQCqlTE5klTl8k6wE4bxzQoukuA5FOLgPAjAuQlsWHF3NjPaarFXAY bZM3KlARlDVJfwdfcTVY0HocNEL1wbJuXZL8j8Jo= From: "Daniel P. Smith" To: "Daniel P. Smith" , xen-devel@lists.xenproject.org Cc: Andrew Cooper , George Dunlap , Ian Jackson , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu , Daniel De Graaf Subject: [PATCH v3 2/7] xsm: remove the ability to disable flask Date: Thu, 5 Aug 2021 10:06:39 -0400 Message-Id: <20210805140644.357-3-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210805140644.357-1-dpsmith@apertussolutions.com> References: <20210805140644.357-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 X-ZohoMailClient: External On Linux when SELinux is put into permissive mode the descretionary access controls are still in place. Whereas for Xen when the enforcing state of flask is set to permissive, all operations for all domains would succeed, i.e. it does not fall back to the default access controls. To provide a means to mimic a similar but not equivalent behavior, a flask op is present to allow a one-time switch back to the default access controls, aka the "dummy policy". This patch removes this flask op to enforce a consistent XSM usage model that a reboot of Xen is required to change the XSM policy module in use. Signed-off-by: Daniel P. Smith --- xen/include/public/xsm/flask_op.h | 2 +- xen/xsm/flask/flask_op.c | 30 ------------------------------ 2 files changed, 1 insertion(+), 31 deletions(-) diff --git a/xen/include/public/xsm/flask_op.h b/xen/include/public/xsm/flask_op.h index 16af7bc22f..b41dd6dac8 100644 --- a/xen/include/public/xsm/flask_op.h +++ b/xen/include/public/xsm/flask_op.h @@ -188,7 +188,7 @@ struct xen_flask_op { #define FLASK_SETBOOL 12 #define FLASK_COMMITBOOLS 13 #define FLASK_MLS 14 -#define FLASK_DISABLE 15 +#define FLASK_DISABLE 15 /* No longer implemented */ #define FLASK_GETAVC_THRESHOLD 16 #define FLASK_SETAVC_THRESHOLD 17 #define FLASK_AVC_HASHSTATS 18 diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index 01e52138a1..f41c025391 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -223,32 +223,6 @@ static int flask_security_sid(struct xen_flask_sid_context *arg) #ifndef COMPAT -static int flask_disable(void) -{ - static int flask_disabled = 0; - - if ( ss_initialized ) - { - /* Not permitted after initial policy load. */ - return -EINVAL; - } - - if ( flask_disabled ) - { - /* Only do this once. */ - return -EINVAL; - } - - printk("Flask: Disabled at runtime.\n"); - - flask_disabled = 1; - - /* Reset xsm_ops to the original module. */ - xsm_ops = &dummy_xsm_ops; - - return 0; -} - static int flask_security_setavc_threshold(struct xen_flask_setavc_threshold *arg) { int rv = 0; @@ -698,10 +672,6 @@ ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op) rv = flask_mls_enabled; break; - case FLASK_DISABLE: - rv = flask_disable(); - break; - case FLASK_GETAVC_THRESHOLD: rv = avc_cache_threshold; break;