github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/apps/newfileproxy/NewfileproxyDomain/domain_template.fileproxy (about) 1 config: { 2 domain_info: { 3 name: "Fileproxy" 4 policy_keys_path: "policy_keys" 5 guard_type: "AllowAll" 6 } 7 8 x509_info: { 9 common_name: "FileProxyExampleTest" 10 country: "US" 11 state: "WA" 12 organization: "CloudProxy" 13 } 14 15 acl_guard_info: { 16 signed_acls_path: "acls" 17 } 18 19 datalog_guard_info: { 20 signed_rules_path: "rules" 21 } 22 23 tpm_info: { 24 tpm_path: "/dev/tpm0" 25 aik_path: "aikblob" 26 pcrs: "17,18" 27 } 28 } 29 30 datalog_rules: "(forall P: forall Host: forall Hash: TrustedHost(Host) and TrustedProgramHash(Hash) and Subprin(P, Host, Hash) implies MemberProgram(P))" 31 datalog_rules: "(forall P: forall Host: forall Hash: TrustedHost(Host) and TrustedContainerHash(Hash) and Subprin(P, Host, Hash) implies MemberProgram(P))" 32 33 datalog_rules: "(forall P: forall VM: forall Guard: TrustedHost(VM) and TrustedGuard(Guard) and Subprin(P, VM, Guard) implies TrustedHost(P))" 34 35 datalog_rules: "(forall P: forall VM: forall Host: TrustedHost(Host) and TrustedVMImage(VM) and Subprin(P, Host, VM) implies TrustedVM(P))" 36 datalog_rules: "(forall P: forall VM: forall Hash: TrustedVM(VM) and TrustedHost(Hash) and Subprin(P, VM, Hash) implies TrustedHost(P))" 37 38 datalog_rules: "(forall T: forall PCRs: forall P: TrustedTPM(T) and TrustedOS(PCRs) and Subprin(P, T, PCRs) implies TrustedHost(P))" 39 40 datalog_rules: "(forall P: TrustedHost(P) implies Authorized(P, \"Execute\"))" 41 datalog_rules: "(forall P: MemberProgram(P) implies Authorized(P, \"Execute\"))" 42 43 host_predicate_name: "TrustedHost" 44 45 # Note we reuse simpledomainservice 46 program_paths: "/Domains/simpledomainservice" 47 program_paths: "/Domains/fileclient" 48 program_paths: "/Domains/fileserver" 49 program_predicate_name: "TrustedProgramHash" 50 51 container_paths: "demo_server.img.tgz" 52 container_paths: "demo_client.img.tgz" 53 container_predicate_name: "TrustedContainerHash" 54 55 vm_paths: "coreos_production_qemu_image.img" 56 vm_predicate_name: "TrustedVMImage" 57 58 linux_host_paths: "linux_host.img.tgz" 59 linux_host_predicate_name: "TrustedHost" 60 61 guard_predicate_name: "TrustedGuard" 62 tpm_predicate_name: "TrustedTPM" 63 os_predicate_name: "TrustedOS"