From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ian Campbell Subject: Re: [PATCH] xsm/flask: Handle policy load failures properly Date: Tue, 24 Feb 2015 08:47:28 +0000 Message-ID: <1424767648.32223.3.camel@citrix.com> References: <1424707899-18101-1-git-send-email-dgdegra@tycho.nsa.gov> <20150223164823.GD20083@zion.uk.xensource.com> <54EB6930.2040703@tycho.nsa.gov> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YQB9U-00024Z-Sc for xen-devel@lists.xenproject.org; Tue, 24 Feb 2015 08:47:36 +0000 In-Reply-To: <54EB6930.2040703@tycho.nsa.gov> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Daniel De Graaf Cc: xen-devel@lists.xenproject.org, julien.grall@linaro.org, Wei Liu List-Id: xen-devel@lists.xenproject.org On Mon, 2015-02-23 at 12:53 -0500, Daniel De Graaf wrote: > When no policy is loaded, the FLASK policy is equivalent to an allow-all > policy; see xen/xsm/flask/ss/services.c:security_compute_av where it > bails out if !ss_initialized. It could be considered as either enforcing > or being permissive with an allow-all policy, but the actual access is > the same. Do you think anyone would want an option to be provided which causes Xen to fail to boot if a proper policy isn't provided (and loaded)? Similar to how iommu=force works. I can see how osstest testcases for xsm might want this to avoid accidentally testing with no policy, but not sure if it would be considered generally useful enough to be added. Ian.