[Xen-devel] [PATCH] ACM: adding get_ssid command and cleanup

This patch:

* adds a get_ssid ACM command that allows privileged domains to retrieve types for either a given ssid reference or a given domain id (of a running domain); this command can be used to extend access control into device domains, e.g., to control network traffic currently moving through Domain 0 uncontrolled by the ACM policy

* adds a script getlabel.sh that allows users inside Dom0 to retrieve the label for a given ssid reference or a given domain id (multiple labels might map onto a single ssid reference)

* cleans up label-related code in tools/security by merging common functions into labelfuncs.sh

* cleans up ACM code related to above changes (eventually approximating a common coding style)

Comments welcome.

Thanks
Reiner

Signed-off-by Reiner Sailer <sailer@xxxxxxxxxx>
Signed-off by Stefan Berger <stefanb@xxxxxxxxxx>

get_ssid.diff
Description: Binary data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

[Xense-devel] Labeling resources, David Palmer

Next by Date:

Re: [Xense-devel] [PATCH] ACM: adding get_ssid command and cleanup, David Palmer

Previous by Thread:

[Xense-devel] Labeling resources, David Palmer

Next by Thread:

Re: [Xense-devel] [PATCH] ACM: adding get_ssid command and cleanup, David Palmer

Indexes:

[Date] [Thread] [Top] [All Lists]