github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/apps/newfileproxy/NewfileproxyDomain/domain_template.fileproxy (about)

     1  config: {
     2    domain_info: {
     3      name: "Fileproxy"
     4      policy_keys_path: "policy_keys"
     5      guard_type: "AllowAll"
     6    }
     7  
     8    x509_info: {
     9      common_name: "FileProxyExampleTest"
    10      country: "US"
    11      state: "WA"
    12      organization: "CloudProxy"
    13    }
    14  
    15    acl_guard_info: {
    16      signed_acls_path: "acls"
    17    }
    18  
    19    datalog_guard_info: {
    20      signed_rules_path: "rules"
    21    }
    22  
    23    tpm_info: {
    24      tpm_path: "/dev/tpm0"
    25      aik_path: "aikblob"
    26      pcrs: "17,18"
    27    }
    28  }
    29  
    30  datalog_rules: "(forall P: forall Host: forall Hash: TrustedHost(Host) and TrustedProgramHash(Hash) and Subprin(P, Host, Hash) implies MemberProgram(P))"
    31  datalog_rules: "(forall P: forall Host: forall Hash: TrustedHost(Host) and TrustedContainerHash(Hash) and Subprin(P, Host, Hash) implies MemberProgram(P))"
    32  
    33  datalog_rules: "(forall P: forall VM: forall Guard: TrustedHost(VM) and TrustedGuard(Guard) and Subprin(P, VM, Guard) implies TrustedHost(P))"
    34  
    35  datalog_rules: "(forall P: forall VM: forall Host: TrustedHost(Host) and TrustedVMImage(VM) and Subprin(P, Host, VM) implies TrustedVM(P))"
    36  datalog_rules: "(forall P: forall VM: forall Hash: TrustedVM(VM) and TrustedHost(Hash) and Subprin(P, VM, Hash) implies TrustedHost(P))"
    37  
    38  datalog_rules: "(forall T: forall PCRs: forall P: TrustedTPM(T) and TrustedOS(PCRs) and Subprin(P, T, PCRs) implies TrustedHost(P))"
    39  
    40  datalog_rules: "(forall P: TrustedHost(P) implies Authorized(P, \"Execute\"))"
    41  datalog_rules: "(forall P: MemberProgram(P) implies Authorized(P, \"Execute\"))"
    42  
    43  host_predicate_name: "TrustedHost"
    44  
    45  # Note we reuse simpledomainservice
    46  program_paths: "/Domains/simpledomainservice"
    47  program_paths: "/Domains/fileclient"
    48  program_paths: "/Domains/fileserver"
    49  program_predicate_name: "TrustedProgramHash"
    50  
    51  container_paths: "demo_server.img.tgz"
    52  container_paths: "demo_client.img.tgz"
    53  container_predicate_name: "TrustedContainerHash"
    54  
    55  vm_paths: "coreos_production_qemu_image.img"
    56  vm_predicate_name: "TrustedVMImage"
    57  
    58  linux_host_paths: "linux_host.img.tgz"
    59  linux_host_predicate_name: "TrustedHost"
    60  
    61  guard_predicate_name: "TrustedGuard"
    62  tpm_predicate_name: "TrustedTPM"
    63  os_predicate_name: "TrustedOS"