ia64/xen-unstable

view tools/security/secpol_xml2bin.h @ 7238:971e7c7411b3

Raise an exception if an error appears on the pipes to our children, and make
sure that the child's pipes are closed even under that exception. Move the
handling of POLLHUP to the end of the loop, so that we guarantee to read any
remaining data from the child if POLLHUP and POLLIN appear at the same time.

Signed-off-by: Ewan Mellor <ewan@xensource.com>
author emellor@ewan
date Thu Oct 06 10:13:11 2005 +0100 (2005-10-06)
parents 06d84bf87159
children 8aac8746047b
line source
1 /****************************************************************
2 * secpol_xml2bin.h
3 *
4 * Copyright (C) 2005 IBM Corporation
5 *
6 * Authors:
7 * Reiner Sailer <sailer@watson.ibm.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 *
14 */
15 #define POLICY_SUBDIR "policies/"
16 #define POLICY_EXTENSION "-security_policy.xml"
17 #define LABEL_EXTENSION "-security_label_template.xml"
18 #define BINARY_EXTENSION ".bin"
19 #define MAPPING_EXTENSION ".map"
20 #define PRIMARY_COMPONENT_ATTR_NAME "order"
21 #define BOOTSTRAP_LABEL_ATTR_NAME "bootstrap"
22 #define PRIMARY_COMPONENT "PrimaryPolicyComponent"
23 #define SCHEMA_FILENAME "policies/security_policy.xsd"
25 /* basic states (used as 1 << X) */
26 #define XML2BIN_SECPOL 0 /* policy tokens */
27 #define XML2BIN_STE 1
28 #define XML2BIN_CHWALL 2
29 #define XML2BIN_CONFLICTSETS 3
30 #define XML2BIN_CSTYPE 4
32 #define XML2BIN_SECTEMPLATE 5 /* label tokens */
33 #define XML2BIN_POLICYHEADER 6
34 #define XML2BIN_LABELHEADER 7
35 #define XML2BIN_SUBJECTS 8
36 #define XML2BIN_OBJECTS 9
37 #define XML2BIN_VM 10
38 #define XML2BIN_RES 11
40 #define XML2BIN_STETYPES 12 /* shared tokens */
41 #define XML2BIN_CHWALLTYPES 13
42 #define XML2BIN_TYPE 14
43 #define XML2BIN_NAME 15
44 #define XML2BIN_TEXT 16
45 #define XML2BIN_COMMENT 17
47 /* type "data type" (currently 16bit) */
48 typedef u_int16_t type_t;
50 /* list of known elements and token equivalent *
51 * state constants and token positions must be *
52 * in sync for correct state recognition */
54 char *token[20] = /* parser triggers */
55 {
56 [0] = "SecurityPolicyDefinition", /* policy xml */
57 [1] = "SimpleTypeEnforcement",
58 [2] = "ChineseWall",
59 [3] = "ConflictSets",
60 [4] = "Conflict", /* label-template xml */
61 [5] = "SecurityLabelTemplate",
62 [6] = "PolicyHeader",
63 [7] = "LabelHeader",
64 [8] = "SubjectLabels",
65 [9] = "ObjectLabels",
66 [10] = "VirtualMachineLabel",
67 [11] = "ResourceLabel",
68 [12] = "SimpleTypeEnforcementTypes", /* common tags */
69 [13] = "ChineseWallTypes",
70 [14] = "Type",
71 [15] = "Name",
72 [16] = "text",
73 [17] = "comment",
74 [18] = NULL,
75 };
77 /* important combined states */
78 #define XML2BIN_NULL 0
80 /* policy xml parsing states _S */
82 /* e.g., here we are in a <secpol,ste,stetypes> environment, *
83 * so when finding a type element, we know where to put it */
84 #define XML2BIN_stetype_S ((1 << XML2BIN_SECPOL) | \
85 (1 << XML2BIN_STE) | \
86 (1 << XML2BIN_STETYPES))
88 #define XML2BIN_chwalltype_S ((1 << XML2BIN_SECPOL) | \
89 (1 << XML2BIN_CHWALL) | \
90 (1 << XML2BIN_CHWALLTYPES))
92 #define XML2BIN_conflictset_S ((1 << XML2BIN_SECPOL) | \
93 (1 << XML2BIN_CHWALL) | \
94 (1 << XML2BIN_CONFLICTSETS))
96 #define XML2BIN_conflictsettype_S ((1 << XML2BIN_SECPOL) | \
97 (1 << XML2BIN_CHWALL) | \
98 (1 << XML2BIN_CONFLICTSETS) | \
99 (1 << XML2BIN_CSTYPE))
102 /* label xml states */
103 #define XML2BIN_VM_S ((1 << XML2BIN_SECTEMPLATE) | \
104 (1 << XML2BIN_SUBJECTS) | \
105 (1 << XML2BIN_VM))
107 #define XML2BIN_RES_S ((1 << XML2BIN_SECTEMPLATE) | \
108 (1 << XML2BIN_OBJECTS) | \
109 (1 << XML2BIN_RES))
111 #define XML2BIN_VM_STE_S ((1 << XML2BIN_SECTEMPLATE) | \
112 (1 << XML2BIN_SUBJECTS) | \
113 (1 << XML2BIN_VM) | \
114 (1 << XML2BIN_STETYPES))
116 #define XML2BIN_VM_CHWALL_S ((1 << XML2BIN_SECTEMPLATE) | \
117 (1 << XML2BIN_SUBJECTS) | \
118 (1 << XML2BIN_VM) | \
119 (1 << XML2BIN_CHWALLTYPES))
121 #define XML2BIN_RES_STE_S ((1 << XML2BIN_SECTEMPLATE) | \
122 (1 << XML2BIN_OBJECTS) | \
123 (1 << XML2BIN_RES) | \
124 (1 << XML2BIN_STETYPES))
128 /* check versions of headers against which the
129 * xml2bin translation tool was written
130 */
132 /* protects from unnoticed changes in struct acm_policy_buffer */
133 #define WRITTEN_AGAINST_ACM_POLICY_VERSION 1
135 /* protects from unnoticed changes in struct acm_chwall_policy_buffer */
136 #define WRITTEN_AGAINST_ACM_CHWALL_VERSION 1
138 /* protects from unnoticed changes in struct acm_ste_policy_buffer */
139 #define WRITTEN_AGAINST_ACM_STE_VERSION 1