direct-io.hg

view xen/common/policy_ops.c @ 5517:10e9028c8e3d

bitkeeper revision 1.1718.1.10 (42b7b19aqOS_1M8I4pIOFjiTPYWV-g)

Merge bk://xenbits.xensource.com/xen-unstable.bk
into spot.cl.cam.ac.uk:C:/Documents and Settings/iap10/xen-unstable.bk
author iap10@spot.cl.cam.ac.uk
date Tue Jun 21 06:20:10 2005 +0000 (2005-06-21)
parents aa52b853c28b
children 649cd37aa1ab
line source
1 /******************************************************************************
2 *policy_ops.c
3 *
4 * Copyright (C) 2005 IBM Corporation
5 *
6 * Author:
7 * Reiner Sailer <sailer@watson.ibm.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 *
14 * Process policy command requests from guest OS.
15 *
16 */
17 #include <xen/config.h>
18 #include <xen/types.h>
19 #include <xen/lib.h>
20 #include <xen/mm.h>
21 #include <public/policy_ops.h>
22 #include <xen/sched.h>
23 #include <xen/event.h>
24 #include <xen/trace.h>
25 #include <xen/console.h>
26 #include <asm/shadow.h>
27 #include <public/sched_ctl.h>
28 #include <acm/acm_hooks.h>
30 /* function prototypes defined in acm/acm_policy.c */
31 int acm_set_policy(void *buf, u16 buf_size, u16 policy);
32 int acm_get_policy(void *buf, u16 buf_size);
33 int acm_dump_statistics(void *buf, u16 buf_size);
35 typedef enum policyoperation {
36 POLICY, /* access to policy interface (early drop) */
37 GETPOLICY, /* dump policy cache */
38 SETPOLICY, /* set policy cache (controls security) */
39 DUMPSTATS /* dump policy statistics */
40 } policyoperation_t;
42 int
43 acm_authorize_policyops(struct domain *d, policyoperation_t pops)
44 {
45 /* currently, all policy management functions are restricted to privileged domains,
46 * soon we will introduce finer-grained privileges for policy operations
47 */
48 if (!IS_PRIV(d)) {
49 printk("%s: Policy management authorization denied ERROR!\n", __func__);
50 return ACM_ACCESS_DENIED;
51 }
52 return ACM_ACCESS_PERMITTED;
53 }
55 long do_policy_op(policy_op_t *u_policy_op)
56 {
57 long ret = 0;
58 policy_op_t curop, *op = &curop;
60 /* check here policy decision for policy commands */
61 /* for now allow DOM0 only, later indepedently */
62 if (acm_authorize_policyops(current->domain, POLICY))
63 return -EACCES;
65 if ( copy_from_user(op, u_policy_op, sizeof(*op)) )
66 return -EFAULT;
68 if ( op->interface_version != POLICY_INTERFACE_VERSION )
69 return -EACCES;
71 switch ( op->cmd )
72 {
73 case POLICY_SETPOLICY:
74 {
75 if (acm_authorize_policyops(current->domain, SETPOLICY))
76 return -EACCES;
77 printkd("%s: setting policy.\n", __func__);
78 ret = acm_set_policy(op->u.setpolicy.pushcache, op->u.setpolicy.pushcache_size, op->u.setpolicy.policy_type);
79 if (ret == ACM_OK)
80 ret = 0;
81 else
82 ret = -ESRCH;
83 }
84 break;
86 case POLICY_GETPOLICY:
87 {
88 if (acm_authorize_policyops(current->domain, GETPOLICY))
89 return -EACCES;
90 printkd("%s: getting policy.\n", __func__);
91 ret = acm_get_policy(op->u.getpolicy.pullcache, op->u.getpolicy.pullcache_size);
92 if (ret == ACM_OK)
93 ret = 0;
94 else
95 ret = -ESRCH;
96 }
97 break;
99 case POLICY_DUMPSTATS:
100 {
101 if (acm_authorize_policyops(current->domain, DUMPSTATS))
102 return -EACCES;
103 printkd("%s: dumping statistics.\n", __func__);
104 ret = acm_dump_statistics(op->u.dumpstats.pullcache, op->u.dumpstats.pullcache_size);
105 if (ret == ACM_OK)
106 ret = 0;
107 else
108 ret = -ESRCH;
109 }
110 break;
112 default:
113 ret = -ESRCH;
115 }
116 return ret;
117 }