From patchwork Mon May 23 15:05:33 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel De Graaf <dgdegra@tycho.nsa.gov>
X-Patchwork-Id: 9131973
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	66FC260761 for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 23 May 2016 15:08:14 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5D8EA28237
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 23 May 2016 15:08:14 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 522652822F; Mon, 23 May 2016 15:08:14 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3A9C82822F
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 23 May 2016 15:08:13 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1b4rQn-0000z8-8T; Mon, 23 May 2016 15:06:09 +0000
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <dgdegra@tycho.nsa.gov>) id 1b4rQl-0000xF-OV
	for xen-devel@lists.xenproject.org; Mon, 23 May 2016 15:06:07 +0000
Received: from [85.158.139.211] by server-11.bemta-5.messagelabs.com id
	96/EF-02219-F5C13475; Mon, 23 May 2016 15:06:07 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrJLMWRWlGSWpSXmKPExsXCoZPKqRsn4xx
	u8OehsMX3LZOZHBg9Dn+4whLAGMWamZeUX5HAmrF8zgeWgm6BirOzzrM0MJ7k7WLk5JAQ8JOY
	s/wSI4jNKTCfReLsZbYuRi6g+H5GiQlT29lAEkICSxklGrfxgySEBLYxSmz7NJcJJMEmoCux4
	OBKMFtEQEni3qrJYDazQJHE5dWLwGxhATeJKcfvsYPYLAKqEjc/LAGzeQVcJZ5/7WaHuEJOYt
	uWPVBXuEnM3j8NyOYAWuYqMWWa8gRGvgWMDKsY1YtTi8pSi3SN9ZKKMtMzSnITM3N0DQ1M9XJ
	Ti4sT01NzEpOK9ZLzczcxAoOEAQh2MO7953SIUZKDSUmU9+QOp3AhvqT8lMqMxOKM+KLSnNTi
	Q4wyHBxKErxvpJzDhQSLUtNTK9Iyc4DhCpOW4OBREuH9A5LmLS5IzC3OTIdInWJUlBLnFZQGS
	giAJDJK8+DaYDFyiVFWSpiXEegQIZ6C1KLczBJU+VeM4hyMSsK8biBTeDLzSuCmvwJazAS0+K
	G0A8jikkSElFQD4zYxhaooj9tSnzxKXlid7K5/ZVjzT43XhqPxBX/KvxUJdo9OTTvVPbN0WZV
	Mw40HAm//VIqJKDjf+DWL7wZLflncifL250tKfhRlzp+ftHgP8+3ZedslCnPXFzmt8zm8kr30
	2455ie6PXG03zlwmNG/y1whfHYHEJn5pt+8s2WaLn1fcfWmnrMRSnJFoqMVcVJwIAI35V/aMA
	gAA
X-Env-Sender: dgdegra@tycho.nsa.gov
X-Msg-Ref: server-15.tower-206.messagelabs.com!1464015962!29076698!5
X-Originating-IP: [8.44.101.9]
X-SpamReason: No, hits=0.0 required=7.0 tests=
X-StarScan-Received: 
X-StarScan-Version: 8.34; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 9979 invoked from network); 23 May 2016 15:06:06 -0000
Received: from emsm-gh1-uea11.nsa.gov (HELO emsm-gh1-uea11.nsa.gov)
	(8.44.101.9)
	by server-15.tower-206.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
	encrypted SMTP; 23 May 2016 15:06:06 -0000
X-IronPort-AV: E=Sophos;i="5.26,356,1459814400"; d="scan'208";a="16352622"
IronPort-PHdr: =?us-ascii?q?9a23=3ANkmXQhwn2Cg7qBHXCy+O+j09IxM/srCxBDY+r6Qd?=
	=?us-ascii?q?0eweIJqq85mqBkHD//Il1AaPBtWKrakVwLWJ+4nbGkU+or+5+EgYd5JNUxJXwe?=
	=?us-ascii?q?43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6anHS+4HYoFwnlMkIt?=
	=?us-ascii?q?f6KuSt+U1JX8iL/60qaQSjsLrQL1Wal1IhSyoFeZnegtqqwmFJwMzADUqGBDYe?=
	=?us-ascii?q?VcyDAgD1uSmxHh+pX4p8Y7oGxtofZpy+psGeW/Jfx5HvRkC2E2PmZw6MD1uB3r?=
	=?us-ascii?q?SQqU+mBaQmgQigBPAQXO8Ff9RJiinDH9s79R0S+bMMm+Yb18di6r5qkjHBPnhC?=
	=?us-ascii?q?oILTcR7HDciss2irlS5h2muUoskMbvfIiJOa8mLevmdtQASD8EBJ5c?=
X-IPAS-Result: =?us-ascii?q?A2HqBADyG0NX/wHyM5BcHAGDGoFTt3GEFIYRAoEvTAEBAQE?=
	=?us-ascii?q?BAQICYieCLYIWAgR5EBg5VxmIL8R6AQEBBwIBJI9/hQ4FiASQM44gAoFnh28Mh?=
	=?us-ascii?q?TiPTGKECSAyiVEBAQE?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	23 May 2016 15:05:38 +0000
Received: from moss-nexus.infosec.tycho.ncsc.mil (moss-nexus [192.168.25.48])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id
	u4NF5YU9020519; Mon, 23 May 2016 11:05:38 -0400
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: xen-devel@lists.xenproject.org
Date: Mon, 23 May 2016 11:05:33 -0400
Message-Id: <1464015933-26891-6-git-send-email-dgdegra@tycho.nsa.gov>
X-Mailer: git-send-email 2.5.5
In-Reply-To: <1464015933-26891-1-git-send-email-dgdegra@tycho.nsa.gov>
References: <1464015933-26891-1-git-send-email-dgdegra@tycho.nsa.gov>
Cc: steve@zentific.com, Daniel De Graaf <dgdegra@tycho.nsa.gov>,
	cardoe@cardoe.com
Subject: [Xen-devel] [PATCH 5/5] flask/policy: comment out unused xenstore
	example
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
 tools/flask/policy/policy/access_vectors   | 32 +++++++++++++++---------------
 tools/flask/policy/policy/security_classes |  2 +-
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/tools/flask/policy/policy/access_vectors b/tools/flask/policy/policy/access_vectors
index 4fd61f1..8cca192 100644
--- a/tools/flask/policy/policy/access_vectors
+++ b/tools/flask/policy/policy/access_vectors
@@ -6,19 +6,19 @@
 # Note: this is an example; the xenstore daemon provided with Xen does
 # not yet include XSM support, and the exact permissions may be defined
 # differently if such support is added.
-class xenstore {
-	# read from keys owned by the target domain (if permissions allow)
-	read
-	# write to keys owned by the target domain (if permissions allow)
-	write
-	# change permissions of a key owned by the target domain
-	chmod
-	# change the owner of a key which was owned by the target domain
-	chown_from
-	# change the owner of a key to the target domain
-	chown_to
-	# access a key owned by the target domain without permission
-	override
-	# introduce a domain
-	introduce
-}
+#class xenstore {
+#	# read from keys owned by the target domain (if permissions allow)
+#	read
+#	# write to keys owned by the target domain (if permissions allow)
+#	write
+#	# change permissions of a key owned by the target domain
+#	chmod
+#	# change the owner of a key which was owned by the target domain
+#	chown_from
+#	# change the owner of a key to the target domain
+#	chown_to
+#	# access a key owned by the target domain without permission
+#	override
+#	# introduce a domain
+#	introduce
+#}
diff --git a/tools/flask/policy/policy/security_classes b/tools/flask/policy/policy/security_classes
index 56595e8..069faea 100644
--- a/tools/flask/policy/policy/security_classes
+++ b/tools/flask/policy/policy/security_classes
@@ -5,4 +5,4 @@
 # security policy.
 #
 # Access vectors for these classes must be defined in the access_vectors file.
-class xenstore
+#class xenstore