From patchwork Tue Apr 28 14:32:35 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@citrix.com>
X-Patchwork-Id: 47684
Return-Path: <patchwork-forward+bncBDPILVOKSELBBBF472UQKGQE5WY43WQ@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-la0-f72.google.com (mail-la0-f72.google.com
 [209.85.215.72])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 2F9F92121F
 for <linaro@patches.linaro.org>; Tue, 28 Apr 2015 14:49:42 +0000 (UTC)
Received: by laat2 with SMTP id t2sf35199372laa.2
 for <linaro@patches.linaro.org>; Tue, 28 Apr 2015 07:49:40 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to
 :references:mime-version:cc:subject:precedence:list-id
 :list-unsubscribe:list-post:list-help:list-subscribe:content-type
 :content-transfer-encoding:sender:errors-to:x-original-sender
 :x-original-authentication-results:mailing-list:list-archive;
 bh=qzxeSdvG1gCKJpqz6e1/9wRGRxvFZkjeYByqPaFituk=;
 b=INajTfJCg+fFma7b0Xdpjw0c677lPpObh8p1CWnPcMY7XpDA2UER+yHltb4hM5Ss1d
 mBMFzeMn2Xw7Tqaq6b0UF+63IvtRFeWtK/ZU/U6NOJbtyPITBCfv2NSDJOAsPMSjh5Wb
 vet7Yk5sAe0V0f26Ym46aC1w1s/aHYz6lgAp5ppl/m7rw2NXkoV30RsgHRV597hl+MF5
 1jstq5LhqsR2mVpJpCgzjFSDJ38FWrP4y1duJzEj8BvI1yWkL/jWQG4L6pJgWnvaGr0r
 OgpOMU75ap+JJGV7qi9GrvM+k36gdjXnmA/f4DJuDaHNZUfSO8t94z1AsT3xF62FQeDp
 GXFQ==
X-Gm-Message-State: ALoCoQka7NJAkCI+bOt90zzubCxN6KGLlguNe7A2zxqFenJR1RO8etlG6QV5N5WDYIUWgrtg6wqn
X-Received: by 10.152.87.140 with SMTP id ay12mr10469473lab.8.1430232580872; 
 Tue, 28 Apr 2015 07:49:40 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.152.203.227 with SMTP id kt3ls71974lac.18.gmail; Tue, 28 Apr
 2015 07:49:40 -0700 (PDT)
X-Received: by 10.152.43.225 with SMTP id z1mr14125215lal.53.1430232580678; 
 Tue, 28 Apr 2015 07:49:40 -0700 (PDT)
Received: from mail-lb0-f174.google.com (mail-lb0-f174.google.com.
 [209.85.217.174])
 by mx.google.com with ESMTPS id o1si17231002lbc.8.2015.04.28.07.49.40
 for <patchwork-forward@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 28 Apr 2015 07:49:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.174 as permitted sender) client-ip=209.85.217.174; 
Received: by lbbzk7 with SMTP id zk7so109293086lbb.0
 for <patchwork-forward@linaro.org>;
 Tue, 28 Apr 2015 07:49:40 -0700 (PDT)
X-Received: by 10.152.8.78 with SMTP id p14mr14949765laa.19.1430232580558;
 Tue, 28 Apr 2015 07:49:40 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.67.65 with SMTP id l1csp1932332lbt;
 Tue, 28 Apr 2015 07:49:39 -0700 (PDT)
X-Received: by 10.140.232.14 with SMTP id d14mr12649951qhc.79.1430232570280; 
 Tue, 28 Apr 2015 07:49:30 -0700 (PDT)
Received: from lists.xen.org (lists.xen.org. [50.57.142.19])
 by mx.google.com with ESMTPS id
 g88si18637244qkh.61.2015.04.28.07.49.29
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Tue, 28 Apr 2015 07:49:30 -0700 (PDT)
Received-SPF: none (google.com: xen-devel-bounces@lists.xen.org does not
 designate permitted sender hosts) client-ip=50.57.142.19; 
Received: from localhost ([127.0.0.1] helo=lists.xen.org)
 by lists.xen.org with esmtp (Exim 4.72)
 (envelope-from <xen-devel-bounces@lists.xen.org>)
 id 1Yn6oF-00014X-DS; Tue, 28 Apr 2015 14:48:27 +0000
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
 by lists.xen.org with esmtp (Exim 4.72)
 (envelope-from <julien.grall@citrix.com>) id 1Yn6oD-00013z-UX
 for xen-devel@lists.xenproject.org; Tue, 28 Apr 2015 14:48:26 +0000
Received: from [85.158.139.211] by server-3.bemta-5.messagelabs.com id
 E6/01-30545-9BD9F355; Tue, 28 Apr 2015 14:48:25 +0000
X-Env-Sender: julien.grall@citrix.com
X-Msg-Ref: server-12.tower-206.messagelabs.com!1430232502!11277468!1
X-Originating-IP: [66.165.176.63]
X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: 
 VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni42MyA9PiAzMDYwNDg=\n,
 received_headers: No Received headers
X-StarScan-Received: 
X-StarScan-Version: 6.13.14; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 6272 invoked from network); 28 Apr 2015 14:48:24 -0000
Received: from smtp02.citrix.com (HELO SMTP02.CITRIX.COM) (66.165.176.63)
 by server-12.tower-206.messagelabs.com with RC4-SHA encrypted SMTP;
 28 Apr 2015 14:48:24 -0000
X-IronPort-AV: E=Sophos;i="5.11,664,1422921600"; d="scan'208";a="259453135"
From: Julien Grall <julien.grall@citrix.com>
To: <xen-devel@lists.xenproject.org>
Date: Tue, 28 Apr 2015 15:32:35 +0100
Message-ID: <1430231563-25648-12-git-send-email-julien.grall@citrix.com>
X-Mailer: git-send-email 2.1.4
In-Reply-To: <1430231563-25648-1-git-send-email-julien.grall@citrix.com>
References: <1430231563-25648-1-git-send-email-julien.grall@citrix.com>
MIME-Version: 1.0
X-DLP: MIA2
Cc: stefano.stabellini@citrix.com, Daniel De Graaf <dgdegra@tycho.nsa.gov>, 
 Julien Grall <julien.grall@linaro.org>, tim@xen.org,
 ian.campbell@citrix.com
Subject: [Xen-devel] [PATCH v6 11/19] xen/xsm: Add helpers to check
 permission for device tree passthrough
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: patch@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.174 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>

From: Julien Grall <julien.grall@linaro.org>

This is a follow-up of commit 525ee49 "xsm: add device tree labeling
support" which add support for device tree labelling in flask.

Those helpers will be use latter when non-pci passthrough (i.e device
tree) will be added.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
    Changes in v6:
        - Rebase on the latest staging (conflict with in
          xsm/flask/hooks.c with memaccess changes)

    Changes in v5:
        - Add Ian and Daniel's ack

    Changes in v4:
        - Patch added
---
 xen/include/xsm/dummy.h             | 23 +++++++++++++
 xen/include/xsm/xsm.h               | 27 +++++++++++++++
 xen/xsm/dummy.c                     |  6 ++++
 xen/xsm/flask/avc.c                 |  3 ++
 xen/xsm/flask/hooks.c               | 69 ++++++++++++++++++++++++++++++++++++-
 xen/xsm/flask/include/avc.h         |  2 ++
 xen/xsm/flask/policy/access_vectors |  2 +-
 7 files changed, 130 insertions(+), 2 deletions(-)

diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index faeb096..f044c0f 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -350,6 +350,29 @@ static XSM_INLINE int xsm_deassign_device(XSM_DEFAULT_ARG struct domain *d, uint
 
 #endif /* HAS_PASSTHROUGH && HAS_PCI */
 
+#if defined(HAS_PASSTHROUGH) && defined(HAS_DEVICE_TREE)
+static XSM_INLINE int xsm_test_assign_dtdevice(XSM_DEFAULT_ARG const char *dtpath)
+{
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, NULL);
+}
+
+static XSM_INLINE int xsm_assign_dtdevice(XSM_DEFAULT_ARG struct domain *d,
+                                          const char *dtpath)
+{
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, d);
+}
+
+static XSM_INLINE int xsm_deassign_dtdevice(XSM_DEFAULT_ARG struct domain *d,
+                                            const char *dtpath)
+{
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, d);
+}
+
+#endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */
+
 static XSM_INLINE int xsm_resource_plug_core(XSM_DEFAULT_VOID)
 {
     XSM_ASSERT_ACTION(XSM_HOOK);
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index bbd4a18..c872d44 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -121,6 +121,12 @@ struct xsm_operations {
     int (*deassign_device) (struct domain *d, uint32_t machine_bdf);
 #endif
 
+#if defined(HAS_PASSTHROUGH) && defined(HAS_DEVICE_TREE)
+    int (*test_assign_dtdevice) (const char *dtpath);
+    int (*assign_dtdevice) (struct domain *d, const char *dtpath);
+    int (*deassign_dtdevice) (struct domain *d, const char *dtpath);
+#endif
+
     int (*resource_plug_core) (void);
     int (*resource_unplug_core) (void);
     int (*resource_plug_pci) (uint32_t machine_bdf);
@@ -482,6 +488,27 @@ static inline int xsm_deassign_device(xsm_default_t def, struct domain *d, uint3
 }
 #endif /* HAS_PASSTHROUGH && HAS_PCI) */
 
+#if defined(HAS_PASSTHROUGH) && defined(HAS_DEVICE_TREE)
+static inline int xsm_assign_dtdevice(xsm_default_t def, struct domain *d,
+                                      const char *dtpath)
+{
+    return xsm_ops->assign_dtdevice(d, dtpath);
+}
+
+static inline int xsm_test_assign_dtdevice(xsm_default_t def,
+                                           const char *dtpath)
+{
+    return xsm_ops->test_assign_dtdevice(dtpath);
+}
+
+static inline int xsm_deassign_dtdevice(xsm_default_t def, struct domain *d,
+                                        const char *dtpath)
+{
+    return xsm_ops->deassign_dtdevice(d, dtpath);
+}
+
+#endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */
+
 static inline int xsm_resource_plug_pci (xsm_default_t def, uint32_t machine_bdf)
 {
     return xsm_ops->resource_plug_pci(machine_bdf);
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 041ccf9..e84b0e4 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -96,6 +96,12 @@ void xsm_fixup_ops (struct xsm_operations *ops)
     set_to_dummy_if_null(ops, deassign_device);
 #endif
 
+#if defined(HAS_PASSTHROUGH) && defined(HAS_DEVICE_TREE)
+    set_to_dummy_if_null(ops, test_assign_dtdevice);
+    set_to_dummy_if_null(ops, assign_dtdevice);
+    set_to_dummy_if_null(ops, deassign_dtdevice);
+#endif
+
     set_to_dummy_if_null(ops, resource_plug_core);
     set_to_dummy_if_null(ops, resource_unplug_core);
     set_to_dummy_if_null(ops, resource_plug_pci);
diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c
index b1a4f8a..31bc702 100644
--- a/xen/xsm/flask/avc.c
+++ b/xen/xsm/flask/avc.c
@@ -600,6 +600,9 @@ void avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested,
     case AVC_AUDIT_DATA_MEMORY:
         avc_printk(&buf, "pte=%#lx mfn=%#lx ", a->memory.pte, a->memory.mfn);
         break;
+    case AVC_AUDIT_DATA_DTDEV:
+        avc_printk(&buf, "dtdevice=%s ", a->dtdev);
+        break;
     }
 
     avc_dump_query(&buf, ssid, tsid, tclass);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 29865d2..01b12bf 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -587,7 +587,12 @@ static int flask_domctl(struct domain *d, int cmd)
     case XEN_DOMCTL_shadow_op:
     case XEN_DOMCTL_ioport_permission:
     case XEN_DOMCTL_ioport_mapping:
-    /* These have individual XSM hooks (drivers/passthrough/iommu.c) */
+#endif
+#ifdef HAS_PASSTHROUGH
+    /*
+     * These have individual XSM hooks
+     * (drivers/passthrough/{pci,device_tree.c)
+     */
     case XEN_DOMCTL_get_device_group:
     case XEN_DOMCTL_test_assign_device:
     case XEN_DOMCTL_assign_device:
@@ -1258,6 +1263,62 @@ static int flask_deassign_device(struct domain *d, uint32_t machine_bdf)
 }
 #endif /* HAS_PASSTHROUGH && HAS_PCI */
 
+#if defined(HAS_PASSTHROUGH) && defined(HAS_DEVICE_TREE)
+static int flask_test_assign_dtdevice(const char *dtpath)
+{
+    u32 rsid;
+    int rc = -EPERM;
+
+    rc = security_devicetree_sid(dtpath, &rsid);
+    if ( rc )
+        return rc;
+
+    return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE,
+                                NULL);
+}
+
+static int flask_assign_dtdevice(struct domain *d, const char *dtpath)
+{
+    u32 dsid, rsid;
+    int rc = -EPERM;
+    struct avc_audit_data ad;
+
+    rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD);
+    if ( rc )
+        return rc;
+
+    rc = security_devicetree_sid(dtpath, &rsid);
+    if ( rc )
+        return rc;
+
+    AVC_AUDIT_DATA_INIT(&ad, DTDEV);
+    ad.dtdev = dtpath;
+    rc = avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__ADD_DEVICE, &ad);
+    if ( rc )
+        return rc;
+
+    dsid = domain_sid(d);
+    return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, RESOURCE__USE, &ad);
+}
+
+static int flask_deassign_dtdevice(struct domain *d, const char *dtpath)
+{
+    u32 rsid;
+    int rc = -EPERM;
+
+    rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
+    if ( rc )
+        return rc;
+
+    rc = security_devicetree_sid(dtpath, &rsid);
+    if ( rc )
+        return rc;
+
+    return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__REMOVE_DEVICE,
+                                NULL);
+}
+#endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */
+
 #ifdef CONFIG_X86
 static int flask_do_mca(void)
 {
@@ -1627,6 +1688,12 @@ static struct xsm_operations flask_ops = {
     .deassign_device = flask_deassign_device,
 #endif
 
+#if defined(HAS_PASSTHROUGH) && defined(HAS_DEVICE_TREE)
+    .test_assign_dtdevice = flask_test_assign_dtdevice,
+    .assign_dtdevice = flask_assign_dtdevice,
+    .deassign_dtdevice = flask_deassign_dtdevice,
+#endif
+
 #ifdef CONFIG_X86
     .do_mca = flask_do_mca,
     .shadow_control = flask_shadow_control,
diff --git a/xen/xsm/flask/include/avc.h b/xen/xsm/flask/include/avc.h
index c7a99fc..4283562 100644
--- a/xen/xsm/flask/include/avc.h
+++ b/xen/xsm/flask/include/avc.h
@@ -39,6 +39,7 @@ struct avc_audit_data {
 #define AVC_AUDIT_DATA_IRQ   2
 #define AVC_AUDIT_DATA_RANGE 3
 #define AVC_AUDIT_DATA_MEMORY 4
+#define AVC_AUDIT_DATA_DTDEV 5
     struct domain *sdom;
     struct domain *tdom;
     union {
@@ -52,6 +53,7 @@ struct avc_audit_data {
             unsigned long pte;
             unsigned long mfn;
         } memory;
+        const char *dtdev;
     };
 };
 
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
index af4a6ae..9886438 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -424,7 +424,7 @@ class resource
     remove_iomem
 # XEN_DOMCTL_get_device_group, XEN_DOMCTL_test_assign_device:
 #  source = domain making the hypercall
-#  target = PCI device being queried
+#  target = device being queried
     stat_device
 # XEN_DOMCTL_assign_device
     add_device