@@ -62,6 +62,13 @@ define(`create_domain_common', `
setparam altp2mhvm altp2mhvm_op dm };
')
+# xen_build_domain(target)
+# Allow a domain to be created at boot by the hypervisor
+define(`xen_build_domain', `
+ allow xenboot_t $1:domain create;
+ allow xenboot_t $1_channel:event create;
+')
+
# create_domain(priv, target)
# Allow a domain to be created directly
define(`create_domain', `
@@ -24,6 +24,7 @@ attribute mls_priv;
################################################################################
# The hypervisor itself
+type xenboot_t, xen_type, mls_priv;
type xen_t, xen_type, mls_priv;
# Domain 0
@@ -2,6 +2,7 @@
# objects created before the policy is loaded or for objects that do not have a
# label defined in some other manner.
+sid xenboot gen_context(system_u:system_r:xenboot_t,s0)
sid xen gen_context(system_u:system_r:xen_t,s0)
sid dom0 gen_context(system_u:system_r:dom0_t,s0)
sid domxen gen_context(system_u:system_r:domxen_t,s0)
@@ -173,7 +173,7 @@ static int cf_check flask_domain_alloc_security(struct domain *d)
switch ( d->domain_id )
{
case DOMID_IDLE:
- dsec->sid = SECINITSID_XEN;
+ dsec->sid = SECINITSID_XENBOOT;
break;
case DOMID_XEN:
dsec->sid = SECINITSID_DOMXEN;
@@ -193,9 +193,14 @@ static int cf_check flask_domain_alloc_security(struct domain *d)
static int cf_check flask_set_system_active(void)
{
+ struct domain_security_struct *dsec;
struct domain *d = current->domain;
+ dsec = d->ssid;
+
ASSERT(d->is_privileged);
+ ASSERT(dsec->sid == SECINITSID_XENBOOT);
+ ASSERT(dsec->self_sid == SECINITSID_XENBOOT);
if ( d->domain_id != DOMID_IDLE )
{
@@ -210,6 +215,8 @@ static int cf_check flask_set_system_active(void)
*/
d->is_privileged = false;
+ dsec->self_sid = dsec->sid = SECINITSID_XEN;
+
return 0;
}
@@ -3,6 +3,7 @@
#
# Define initial security identifiers
#
+sid xenboot
sid xen
sid dom0
sid domio