From: Machon Gregory <mbgrego@tycho.ncsc.mil>
To: xen-devel@lists.xensource.com
Subject: [PATCH] libxl: Exposed Flask XSM functionality
Date: Fri, 01 Apr 2011 18:12:38 -0400 [thread overview]
Message-ID: <4D964DD6.8060709@tycho.ncsc.mil> (raw)
[-- Attachment #1: Type: text/plain, Size: 633 bytes --]
Adds support for assigning a label to domains, obtaining and setting the
current enforcing mode, and loading a policy with xl command when the
Flask XSM is in use.
Signed-off-by: mbgrego@tycho.ncsc.mil
tools/libxl/libxl.c | 1
tools/libxl/libxl.idl | 3
tools/libxl/xl.h | 3
tools/libxl/xl_cmdimpl.c | 171
++++++++++++++++++++++++++++++++++++++++++++--
tools/libxl/xl_cmdtable.c | 18 ++++
xen/include/xsm/xsm.h | 6 +
xen/xsm/flask/flask_op.c | 3
7 files changed, 195 insertions(+), 10 deletions(-)
--
Machon Gregory
National Information Assurance Research Lab (NIARL)
[-- Attachment #2: xl_xsm_tools.patch --]
[-- Type: text/plain, Size: 9815 bytes --]
diff -r 89c23f58aa98 tools/libxl/libxl.c
--- a/tools/libxl/libxl.c Thu Mar 31 19:39:30 2011 +0100
+++ b/tools/libxl/libxl.c Fri Apr 01 17:41:35 2011 -0400
@@ -333,6 +333,7 @@
{
memcpy(&(xlinfo->uuid), xcinfo->handle, sizeof(xen_domain_handle_t));
xlinfo->domid = xcinfo->domain;
+ xlinfo->ssidref = xcinfo->ssidref;
xlinfo->dying = !!(xcinfo->flags&XEN_DOMINF_dying);
xlinfo->shutdown = !!(xcinfo->flags&XEN_DOMINF_shutdown);
diff -r 89c23f58aa98 tools/libxl/libxl.idl
--- a/tools/libxl/libxl.idl Thu Mar 31 19:39:30 2011 +0100
+++ b/tools/libxl/libxl.idl Fri Apr 01 17:41:35 2011 -0400
@@ -28,6 +28,7 @@
libxl_dominfo = Struct("dominfo",[
("uuid", libxl_uuid),
("domid", domid),
+ ("ssidref", uint32),
("running", BitField(uint8, 1)),
("blocked", BitField(uint8, 1)),
("paused", BitField(uint8, 1)),
@@ -77,7 +78,7 @@
("hvm", bool),
("hap", bool),
("oos", bool),
- ("ssidref", integer),
+ ("ssidref", uint32),
("name", string),
("uuid", libxl_uuid),
("xsdata", libxl_key_value_list),
diff -r 89c23f58aa98 tools/libxl/xl.h
--- a/tools/libxl/xl.h Thu Mar 31 19:39:30 2011 +0100
+++ b/tools/libxl/xl.h Fri Apr 01 17:41:35 2011 -0400
@@ -87,6 +87,9 @@
int main_cpupoolcpuremove(int argc, char **argv);
int main_cpupoolmigrate(int argc, char **argv);
int main_cpupoolnumasplit(int argc, char **argv);
+int main_getenforce(int argc, char **argv);
+int main_setenforce(int argc, char **argv);
+int main_loadpolicy(int argc, char **argv);
void help(const char *command);
diff -r 89c23f58aa98 tools/libxl/xl_cmdimpl.c
--- a/tools/libxl/xl_cmdimpl.c Thu Mar 31 19:39:30 2011 +0100
+++ b/tools/libxl/xl_cmdimpl.c Fri Apr 01 17:41:35 2011 -0400
@@ -640,6 +640,20 @@
libxl_init_create_info(c_info);
+ if (!xlu_cfg_get_string (config, "seclabel", &buf)) {
+ e = xc_flask_context_to_sid(ctx.xch, (char *)buf, strlen(buf),
+ &c_info->ssidref);
+ if (e) {
+ if (errno == ENOSYS) {
+ fprintf(stderr, "XSM Disabled: seclabel not supported\n");
+ }
+ else {
+ fprintf(stderr, "Invalid seclabel: %s\n", buf);
+ exit(1);
+ }
+ }
+ }
+
c_info->hvm = 0;
if (!xlu_cfg_get_string (config, "builder", &buf) &&
!strncmp(buf, "hvm", strlen(buf)))
@@ -2304,13 +2318,14 @@
}
}
-static void list_domains(int verbose, const libxl_dominfo *info, int nb_domain)
+static void list_domains(int verbose, int context, const libxl_dominfo *info, int nb_domain)
{
int i;
static const char shutdown_reason_letters[]= "-rscw";
printf("Name ID Mem VCPUs\tState\tTime(s)");
- if (verbose) printf(" UUID Reason-Code");
+ if (verbose) printf(" UUID Reason-Code\tSecurity Label");
+ if (context && !verbose) printf(" Security Label");
printf("\n");
for (i = 0; i < nb_domain; i++) {
char *domname;
@@ -2334,9 +2349,19 @@
free(domname);
if (verbose) {
printf(" " LIBXL_UUID_FMT, LIBXL_UUID_BYTES(info[i].uuid));
- if (info[i].shutdown) printf(" %8x", shutdown_reason);
- else printf(" %8s", "-");
- }
+ if (info[i].shutdown) printf(" %8x", shutdown_reason);
+ else printf(" %8s", "-");
+ }
+ if (verbose || context) {
+ int rc;
+ uint32_t size = XC_PAGE_SIZE;
+ char buf[size];
+ rc = xc_flask_sid_to_context(ctx.xch, info[i].ssidref, buf, size);
+ if (rc < 0)
+ printf(" -");
+ else
+ printf(" %s", buf);
+ }
putchar('\n');
}
}
@@ -3159,12 +3184,14 @@
int main_list(int argc, char **argv)
{
int opt, verbose = 0;
+ int context = 0;
int details = 0;
int option_index = 0;
static struct option long_options[] = {
{"long", 0, 0, 'l'},
{"help", 0, 0, 'h'},
{"verbose", 0, 0, 'v'},
+ {"context", 0, 0, 'Z'},
{0, 0, 0, 0}
};
@@ -3173,7 +3200,7 @@
int nb_domain, rc;
while (1) {
- opt = getopt_long(argc, argv, "lvh", long_options, &option_index);
+ opt = getopt_long(argc, argv, "lvhZ", long_options, &option_index);
if (opt == -1)
break;
@@ -3187,6 +3214,9 @@
case 'v':
verbose = 1;
break;
+ case 'Z':
+ context = 1;
+ break;
default:
fprintf(stderr, "option `%c' not supported.\n", optopt);
break;
@@ -3222,7 +3252,7 @@
if (details)
list_domains_details(info, nb_domain);
else
- list_domains(verbose, info, nb_domain);
+ list_domains(verbose, context, info, nb_domain);
free(info_free);
@@ -5921,3 +5951,130 @@
return ret;
}
+
+int main_getenforce(int argc, char **argv)
+{
+ int ret;
+
+ ret = xc_flask_getenforce(ctx.xch);
+
+ if (ret < 0) {
+ if (errno == ENOSYS)
+ printf("Disabled\n");
+ else
+ fprintf(stderr, "Failed to get enforcing mode (%i)\n", ret);
+ }
+ else if (ret == 1)
+ printf("Enforcing\n");
+ else if (ret == 0)
+ printf("Permissive\n");
+
+ return ret;
+}
+
+int main_setenforce(int argc, char **argv)
+{
+ int ret, mode = -1;
+ const char *p = NULL;
+
+ if (optind >= argc) {
+ help("setenforce");
+ return 2;
+ }
+
+ p = argv[optind];
+
+ if (!strcmp(p, "0"))
+ mode = 0;
+ else if (!strcmp(p, "1"))
+ mode = 1;
+ else if (!strcasecmp(p, "permissive"))
+ mode = 0;
+ else if (!strcasecmp(p, "enforcing"))
+ mode = 1;
+ else {
+ help("setenforce");
+ return 2;
+ }
+
+ ret = xc_flask_setenforce(ctx.xch, mode);
+
+ if (ret) {
+ if (errno == ENOSYS) {
+ fprintf(stderr, "Flask XSM disabled\n");
+ }
+ else
+ fprintf(stderr, "error occured while setting enforcing mode (%i)\n", ret);
+ }
+
+ return ret;
+}
+
+int main_loadpolicy(int argc, char **argv)
+{
+ const char *polFName;
+ int polFd = 0;
+ void *polMemCp = NULL;
+ struct stat info;
+ int ret;
+
+ if (optind >= argc) {
+ help("loadpolicy");
+ return 2;
+ }
+
+ polFName = argv[optind];
+ polFd = open(polFName, O_RDONLY);
+ if ( polFd < 0 )
+ {
+ fprintf(stderr, "Error occurred opening policy file '%s': %s\n",
+ polFName, strerror(errno));
+ ret = -1;
+ goto done;
+ }
+
+ ret = stat(polFName, &info);
+ if ( ret < 0 )
+ {
+ fprintf(stderr, "Error occurred retrieving information about"
+ "policy file '%s': %s\n", polFName, strerror(errno));
+ goto done;
+ }
+
+ polMemCp = malloc(info.st_size);
+
+ ret = read(polFd, polMemCp, info.st_size);
+ if ( ret < 0 )
+ {
+ fprintf(stderr, "Unable to read new Flask policy file: %s\n",
+ strerror(errno));
+ goto done;
+ }
+
+ ret = xc_flask_load(ctx.xch, polMemCp, info.st_size);
+
+ if ( ret < 0 )
+ {
+ if (errno == ENOSYS) {
+ fprintf(stderr, "Flask XSM disabled\n");
+ }
+ else
+ {
+ errno = -ret;
+ fprintf(stderr, "Unable to load new Flask policy: %s\n",
+ strerror(errno));
+ ret = -1;
+ }
+ }
+ else
+ {
+ printf("Successfully loaded policy.\n");
+ }
+
+done:
+ free(polMemCp);
+ if ( polFd > 0 )
+ close(polFd);
+
+ return ret;
+}
diff -r 89c23f58aa98 tools/libxl/xl_cmdtable.c
--- a/tools/libxl/xl_cmdtable.c Thu Mar 31 19:39:30 2011 +0100
+++ b/tools/libxl/xl_cmdtable.c Fri Apr 01 17:41:35 2011 -0400
@@ -36,7 +36,8 @@
"List information about all/some domains",
"[options] [Domain]\n",
"-l, --long Output all VM details\n"
- "-v, --verbose Prints out UUIDs",
+ "-v, --verbose Prints out UUIDs and security context\n"
+ "-Z, --context Prints out security context"
},
{ "destroy",
&main_destroy,
@@ -382,6 +383,21 @@
"Splits up the machine into one CPU pool per NUMA node",
"",
},
+ { "getenforce",
+ &main_getenforce,
+ "Returns the current enforcing mode of the Flask Xen security module",
+ "",
+ },
+ { "setenforce",
+ &main_setenforce,
+ "Sets the current enforcing mode of the Flask Xen security module",
+ "<1|0|Enforcing|Permissive>",
+ },
+ { "loadpolicy",
+ &main_loadpolicy,
+ "Loads a new policy int the Flask Xen security module",
+ "<policy file>",
+ },
};
int cmdtable_len = sizeof(cmd_table)/sizeof(struct cmd_spec);
diff -r 89c23f58aa98 xen/include/xsm/xsm.h
--- a/xen/include/xsm/xsm.h Thu Mar 31 19:39:30 2011 +0100
+++ b/xen/include/xsm/xsm.h Fri Apr 01 17:41:35 2011 -0400
@@ -427,7 +427,11 @@
static inline long __do_xsm_op (XEN_GUEST_HANDLE(xsm_op_t) op)
{
- return xsm_call(__do_xsm_op(op));
+#ifdef XSM_ENABLE
+ return xsm_ops->__do_xsm_op(op);
+#else
+ return -ENOSYS;
+#endif
}
#ifdef XSM_ENABLE
diff -r 89c23f58aa98 xen/xsm/flask/flask_op.c
--- a/xen/xsm/flask/flask_op.c Thu Mar 31 19:39:30 2011 +0100
+++ b/xen/xsm/flask/flask_op.c Fri Apr 01 17:41:35 2011 -0400
@@ -485,6 +485,9 @@
if ( length < 0 )
goto out;
+ if (len > count)
+ return -ERANGE;
+
memset(buf, 0, count);
memcpy(buf, context, len);
length = len;
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
next reply other threads:[~2011-04-01 22:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-01 22:12 Machon Gregory [this message]
2011-04-02 7:21 ` [PATCH] libxl: Exposed Flask XSM functionality Keir Fraser
2011-04-04 11:23 ` Stefano Stabellini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D964DD6.8060709@tycho.ncsc.mil \
--to=mbgrego@tycho.ncsc.mil \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).