Merge pull request #32 from tsirakisn/argo-st9

S9: [argo] Replace v4v with argo
OpenXT · Jun 20, 2019 · 41658b5 · 41658b5
2 parents 7ed8fe7 + 7fdf290
commit 41658b5
Show file tree

Hide file tree

Showing 15 changed files with 169 additions and 45 deletions.
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
@@ -547,9 +547,3 @@ class argo
     # Domain sending a message to another domain.
     send
 }
-
-class v4v
-{
-    send
-    use
-}
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
@@ -20,6 +20,5 @@ class grant
 class security
 class version
 class argo
-class v4v
 
 # FLASK
diff --git a/policy/modules/xen/dom0.if b/policy/modules/xen/dom0.if
@@ -109,26 +109,46 @@ interface(`dom0_copy_grant',`
 ')
 ########################################
 ## <summary>
+##  Allow the specified domain to
+##  register an argo ring with Xen
+##  that can receive a msg only from
+##  dom0.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type of the domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dom0_argo_register_single_source',`
+	gen_require(`
+		type dom0_t;
+	')
+
+	allow $1 dom0_t:argo register_single_source;
+')
+########################################
+## <summary>
 ##	Allow the specified type to send
-##	data via v4v to dom0
+##	data via argo to dom0
 ## </summary>
 ## <param name="type">
 ##	<summary>
 ##	Type of the domain allowed access.
 ##	</summary>
 ## </param>
 #
-interface(`dom0_send_v4v',`
+interface(`dom0_send_argo',`
 	gen_require(`
 		type dom0_t;
 	')
 
-	allow $1 self:v4v use;
-	allow $1 dom0_t:v4v send;
+	allow $1 self:argo enable;
+	allow $1 dom0_t:argo send;
 ')
 ########################################
 ## <summary>
-##	Allow dom0 to send data via v4v to
+##	Allow dom0 to send data via argo to
 ##	the specified domain.
 ## </summary>
 ## <param name="type">
@@ -137,13 +157,13 @@ interface(`dom0_send_v4v',`
 ##	</summary>
 ## </param>
 #
-interface(`dom0_recv_v4v',`
+interface(`dom0_recv_argo',`
 	gen_require(`
 		type dom0_t;
 	')
 
-	allow dom0_t self:v4v use;
-	allow dom0_t $1:v4v send;
+	allow dom0_t self:argo enable;
+	allow dom0_t $1:argo send;
 ')
 ########################################
 ## <summary>

diff --git a/policy/modules/xen/dom0.te b/policy/modules/xen/dom0.te
@@ -45,7 +45,7 @@ allow dom0_t self:domain2 { setscheduler };
 
 allow dom0_t self:event { bind create };
 allow dom0_t self:resource { add remove setup };
-dom0_send_v4v(dom0_t)
+dom0_send_argo(dom0_t)
 
 allow dom0_t evchn0-0_t:event send;
 
@@ -58,15 +58,20 @@ allow dom0_t xen_t:xen mca_op;
 allow dom0_t xen_t:xen2 get_cpu_featureset;
 
 domio_map_rw_mmu(dom0_t)
+argo_register_any_source(dom0_t)
+uivm_argo_register_single_source(dom0_t)
+ndvm_argo_register_single_source(dom0_t)
+stubdom_argo_register_single_source(dom0_t)
+argo_enable(dom0_t)
 
 # dom0 access to service VMs
 ndvm_manage_resource(dom0_t)
-ndvm_send_v4v(dom0_t)
+ndvm_send_argo(dom0_t)
 ndvm_use(dom0_t)
 ndvm_map_write_grant(dom0_t)
 ndvm_resource_map(dom0_t)
 
-uivm_send_v4v(dom0_t)
+uivm_send_argo(dom0_t)
 uivm_map_write_grant(dom0_t)
 uivm_resource_map(dom0_t)
 
@@ -80,7 +85,7 @@ nilfvm_map_write_grant(dom0_t)
 nilfvm_resource_map(dom0_t)
 
 stubdom_copy_grant(dom0_t)
-stubdom_send_v4v(dom0_t)
+stubdom_send_argo(dom0_t)
 stubdom_map_write_grant(dom0_t)
 stubdom_resource_map(dom0_t)
 

diff --git a/policy/modules/xen/guesthvm.te b/policy/modules/xen/guesthvm.te
@@ -76,9 +76,10 @@ nilfvm_use(hvm_guest_t)
 dom0_copy_grant(hvm_guest_t)
 dom0_map_write_grant_guest(hvm_guest_t)
 dom0_pt_guest_iommu_nointremap(hvm_guest_t)
-# Uncomment these if you wish to allow guests to use v4v.
-#dom0_send_v4v(hvm_guest_t)
-#dom0_recv_v4v(hvm_guest_t)
+# Uncomment these if you wish to allow guests to use argo.
+#dom0_send_argo(hvm_guest_t)
+#dom0_recv_argo(hvm_guest_t)
 stubdom_ioemu(hvm_guest_t)
 # The no-stubdom case
 dom0_ioemu(hvm_guest_t)
+argo_enable(hvm_guest_t)
diff --git a/policy/modules/xen/icavm.te b/policy/modules/xen/icavm.te
@@ -52,7 +52,7 @@ ndvm_event_src(icavm_t, ndvm-icavm_evchn_t)
 
 ndvm_use(icavm_t)
 ndvm_copy_grant(icavm_t)
-dom0_send_v4v(icavm_t)
-dom0_recv_v4v(icavm_t)
+dom0_send_argo(icavm_t)
+dom0_recv_argo(icavm_t)
 dom0_copy_grant(icavm_t)
 xen_write_console(icavm_t)
diff --git a/policy/modules/xen/ndvm.if b/policy/modules/xen/ndvm.if
@@ -74,22 +74,42 @@ interface(`ndvm_manage_resource',`
 ')
 ########################################
 ## <summary>
+##  Allow the specified domain to
+##  register an argo ring with Xen
+##  that can receive a msg only from
+##  the ndvm.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type of the domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`ndvm_argo_register_single_source',`
+	gen_require(`
+		type ndvm_t;
+	')
+
+	allow $1 ndvm_t:argo register_single_source;
+')
+########################################
+## <summary>
 ##	Allow the specified domain to
-##	send data to the NDVM via v4v.
+##	send data to the NDVM via argo.
 ## </summary>
 ## <param name="type">
 ##	<summary>
 ##	Type of the domain allowe access.
 ##	</summary>
 ## </param>
 #
-interface(`ndvm_send_v4v',`
+interface(`ndvm_send_argo',`
 	gen_require(`
 		type ndvm_t;
 	')
 
-	allow $1 self:v4v use;
-	allow $1 ndvm_t:v4v send;
+	allow $1 self:argo enable;
+	allow $1 ndvm_t:argo send;
 ')
 ########################################
 ## <summary>

diff --git a/policy/modules/xen/ndvm.te b/policy/modules/xen/ndvm.te
@@ -51,7 +51,7 @@ stubdom_event_src(ndvm_t, stubdom-ndvm_evchn_t)
 #
 
 dom0_pt_guest_iommu_nointremap(ndvm_t)
-dom0_send_v4v(ndvm_t)
+dom0_send_argo(ndvm_t)
 domio_map_write_mmu(ndvm_t)
 ioport_use_resource_iommu_nointremap(ndvm_t)
 iomem_map_rw_mmu(ndvm_t)
@@ -60,11 +60,13 @@ pirq_remove_resource(ndvm_t)
 pirq_use_resource_iommu_nointremap(ndvm_t)
 syncvm_remove_resource(ndvm_t)
 stubdom_ioemu(ndvm_t)
-uivm_send_v4v(ndvm_t)
+uivm_send_argo(ndvm_t)
 xen_write_console(ndvm_t)
 dom0_map_write_grant(ndvm_t)
 hvm_guest_map_write_grant(ndvm_t)
 stubdom_map_write_grant(ndvm_t)
 syncvm_map_write_grant(ndvm_t)
 icavm_map_write_grant(ndvm_t)
 nilfvm_map_write_grant(ndvm_t)
+argo_register_any_source(ndvm_t)
+argo_enable(ndvm_t)
diff --git a/policy/modules/xen/nilfvm.te b/policy/modules/xen/nilfvm.te
@@ -50,8 +50,8 @@ ndvm_event_src(nilfvm_t, ndvm-nilfvm_evchn_t)
 #
 
 dom0_copy_grant(nilfvm_t)
-dom0_recv_v4v(nilfvm_t)
-dom0_send_v4v(nilfvm_t)
+dom0_recv_argo(nilfvm_t)
+dom0_send_argo(nilfvm_t)
 ndvm_use(nilfvm_t)
 ndvm_copy_grant(nilfvm_t)
 stubdom_map_write_grant(nilfvm_t)

diff --git a/policy/modules/xen/stubdom.if b/policy/modules/xen/stubdom.if
@@ -115,22 +115,42 @@ interface(`stubdom_copy_grant',`
 ')
 ########################################
 ## <summary>
+##  Allow the specified domain to
+##  register an argo ring with Xen
+##  that can receive a msg only from
+##  the stubdom.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type of the domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`stubdom_argo_register_single_source',`
+	gen_require(`
+		type stubdom_t;
+	')
+
+	allow $1 stubdom_t:argo register_single_source;
+')
+########################################
+## <summary>
 ##	Allow the specified type to send
-##	data via v4v to stubdom
+##	data via argo to stubdom
 ## </summary>
 ## <param name="type">
 ##	<summary>
 ##	Type of the domain allowed access.
 ##	</summary>
 ## </param>
 #
-interface(`stubdom_send_v4v',`
+interface(`stubdom_send_argo',`
 	gen_require(`
 		type stubdom_t;
 	')
 
-	allow $1 self:v4v use;
-	allow $1 stubdom_t:v4v send;
+	allow $1 self:argo enable;
+	allow $1 stubdom_t:argo send;
 ')
 ########################################
 ## <summary>

diff --git a/policy/modules/xen/stubdom.te b/policy/modules/xen/stubdom.te
@@ -55,12 +55,15 @@ allow stubdom_t self:grant copy;
 allow stubdom_t self:resource remove;
 
 dom0_copy_grant(stubdom_t)
-dom0_send_v4v(stubdom_t)
+dom0_send_argo(stubdom_t)
 iomem_map_rw_mmu(stubdom_t)
 ndvm_use(stubdom_t)
 ndvm_copy_grant(stubdom_t)
 nilfvm_use(stubdom_t)
 xen_write_console(stubdom_t)
+argo_register_any_source(stubdom_t)
+dom0_argo_register_single_source(stubdom_t)
+argo_enable(stubdom_t)
 
 # pci pass through
 iomem_add_resource(stubdom_t)

diff --git a/policy/modules/xen/syncvm.te b/policy/modules/xen/syncvm.te
@@ -50,6 +50,6 @@ ndvm_event_src(syncvm_t, ndvm-syncvm_evchn_t)
 
 ndvm_use(syncvm_t)
 ndvm_copy_grant(syncvm_t)
-dom0_recv_v4v(syncvm_t)
-dom0_send_v4v(syncvm_t)
+dom0_recv_argo(syncvm_t)
+dom0_send_argo(syncvm_t)
 xen_write_console(syncvm_t)
diff --git a/policy/modules/xen/uivm.if b/policy/modules/xen/uivm.if
@@ -18,24 +18,44 @@
 
 # <summary>User Interface Domain</summary>
 
+########################################
+## <summary>
+##  Allow the specified domain to
+##  register an argo ring with Xen
+##  that can receive a msg only from
+##  the uivm.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type of the domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`uivm_argo_register_single_source',`
+	gen_require(`
+		type uivm_t;
+	')
+
+	allow $1 uivm_t:argo register_single_source;
+')
 ########################################
 ## <summary>
 ##	Allow the specified domain to
-##	send data to the UIVM via v4v.
+##	send data to the UIVM via argo.
 ## </summary>
 ## <param name="type">
 ##	<summary>
 ##	Type of the domain allowe access.
 ##	</summary>
 ## </param>
 #
-interface(`uivm_send_v4v',`
+interface(`uivm_send_argo',`
 	gen_require(`
 		type uivm_t;
 	')
 
-	allow $1 self:v4v use;
-	allow $1 uivm_t:v4v send;
+	allow $1 self:argo enable;
+	allow $1 uivm_t:argo send;
 ')
 
 ########################################

diff --git a/policy/modules/xen/uivm.te b/policy/modules/xen/uivm.te
@@ -40,8 +40,10 @@ dom0_event_src(uivm_t, dom0-uivm_evchn_t)
 # UIVM local policy
 #
 
-dom0_send_v4v(uivm_t)
-ndvm_send_v4v(uivm_t)
+dom0_send_argo(uivm_t)
+ndvm_send_argo(uivm_t)
 iomem_map_read_mmu(uivm_t)
 xen_write_console(uivm_t)
 dom0_copy_grant(uivm_t)
+argo_register_any_source(uivm_t)
+argo_enable(uivm_t)