From mboxrd@z Thu Jan  1 00:00:00 1970
From: Wei Liu <wei.liu2@citrix.com>
Subject: Re: [PATCH] xsm/flask: Handle policy load failures
 properly
Date: Mon, 23 Feb 2015 18:00:18 +0000
Message-ID: <20150223180018.GF20083@zion.uk.xensource.com>
References: <1424707899-18101-1-git-send-email-dgdegra@tycho.nsa.gov>
	<20150223164823.GD20083@zion.uk.xensource.com>
	<54EB6930.2040703@tycho.nsa.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <wei.liu2@citrix.com>) id 1YPxJ6-0002SW-TM
	for xen-devel@lists.xenproject.org; Mon, 23 Feb 2015 18:00:39 +0000
Content-Disposition: inline
In-Reply-To: <54EB6930.2040703@tycho.nsa.gov>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: xen-devel@lists.xenproject.org, julien.grall@linaro.org, Wei Liu <wei.liu2@citrix.com>
List-Id: xen-devel@lists.xenproject.org

On Mon, Feb 23, 2015 at 12:53:52PM -0500, Daniel De Graaf wrote:
> On 02/23/2015 11:48 AM, Wei Liu wrote:
> >On Mon, Feb 23, 2015 at 11:11:39AM -0500, Daniel De Graaf wrote:
> >[...]
> >>-    if ( flask_enforcing )
> >>+    if ( ret && policy_size )
> >>+        panic("Flask: Unable to load XSM policy");
> >>+
> >>+    if ( ret )
> >>+        printk("Flask:  Starting with no policy loaded.\n");
> >>+    else if ( flask_enforcing )
> >>          printk("Flask:  Starting in enforcing mode.\n");
> >
> >I have a question with regard to XSM in general.
> >
> >This branching gives me the impression that if no policy is provided
> >flask is not enforced even if you have flask_enforned=1. What mode is it
> >in? Enforcing or permissive? Is it in permissive mode until a policy is
> >loaded? Is it enforcing dummy policy (though it appears to pass every
> >check)?
> >
> >Wei.
> 
> When no policy is loaded, the FLASK policy is equivalent to an allow-all
> policy; see xen/xsm/flask/ss/services.c:security_compute_av where it
> bails out if !ss_initialized.  It could be considered as either enforcing
> or being permissive with an allow-all policy, but the actual access is
> the same.
> 
> When a policy is loaded later, the value of flask_enforcing will be used
> to decide if the policy is applied in enforcing or permissive mode; by
> that time, the value could also have been changed using xl setenforce.
> 

Thanks for the explanation.

> I decided to make the messages exclusive so that you could more easily
> tell by looking at a single line if the policy was loaded and enforced
> correctly.  Combining both pieces of information in a single line like
> the following would also work, if you think this would be better:
> 
> printk("Flask: Starting with%s policy loaded in %s mode.\n",
>        ret ? " no" : "", flask_enforcing ? "enforcing" : "permissive");
> 

Yes, I think this is clearer. Thanks.

Wei.

> -- 
> Daniel De Graaf
> National Security Agency