ia64/xen-unstable

view xen/acm/acm_policy.c @ 5704:9b73afea874e

Certain types of event channel are now auto-bound to vcpu0 by Xen.
Make sure that xenolinux agrees with this.
author sos22@douglas.cl.cam.ac.uk
date Fri Jul 08 15:35:43 2005 +0000 (2005-07-08)
parents 649cd37aa1ab
children ecb17ef5a587 b53a65034532
line source
1 /****************************************************************
2 * acm_policy.c
3 *
4 * Copyright (C) 2005 IBM Corporation
5 *
6 * Author:
7 * Reiner Sailer <sailer@watson.ibm.com>
8 *
9 * Contributions:
10 * Stefan Berger <stefanb@watson.ibm.com>
11 * support for network-byte-order binary policies
12 *
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License as
15 * published by the Free Software Foundation, version 2 of the
16 * License.
17 *
18 * sHype access control policy management for Xen.
19 * This interface allows policy tools in authorized
20 * domains to interact with the Xen access control module
21 *
22 */
24 #include <xen/config.h>
25 #include <xen/errno.h>
26 #include <xen/types.h>
27 #include <xen/lib.h>
28 #include <xen/delay.h>
29 #include <xen/sched.h>
30 #include <public/policy_ops.h>
31 #include <acm/acm_core.h>
32 #include <acm/acm_hooks.h>
33 #include <acm/acm_endian.h>
35 int
36 acm_set_policy(void *buf, u16 buf_size, u16 policy)
37 {
38 u8 *policy_buffer = NULL;
39 struct acm_policy_buffer *pol;
41 if (policy != ACM_USE_SECURITY_POLICY) {
42 printk("%s: Loading incompatible policy (running: %s).\n", __func__,
43 ACM_POLICY_NAME(ACM_USE_SECURITY_POLICY));
44 return -EFAULT;
45 }
46 /* now check correct buffer sizes for policy combinations */
47 if (policy == ACM_NULL_POLICY) {
48 printkd("%s: NULL Policy, no policy needed.\n", __func__);
49 goto out;
50 }
51 if (buf_size < sizeof(struct acm_policy_buffer))
52 return -EFAULT;
53 /* 1. copy buffer from domain */
54 if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL)
55 goto error_free;
56 if (copy_from_user(policy_buffer, buf, buf_size)) {
57 printk("%s: Error copying!\n",__func__);
58 goto error_free;
59 }
60 /* 2. some sanity checking */
61 pol = (struct acm_policy_buffer *)policy_buffer;
63 if ((ntohl(pol->magic) != ACM_MAGIC) ||
64 (ntohs(pol->primary_policy_code) != acm_bin_pol.primary_policy_code) ||
65 (ntohs(pol->secondary_policy_code) != acm_bin_pol.secondary_policy_code)) {
66 printkd("%s: Wrong policy magics!\n", __func__);
67 goto error_free;
68 }
69 if (buf_size != ntohl(pol->len)) {
70 printk("%s: ERROR in buf size.\n", __func__);
71 goto error_free;
72 }
74 /* get bin_policy lock and rewrite policy (release old one) */
75 write_lock(&acm_bin_pol_rwlock);
77 /* 3. now get/set primary policy data */
78 if (acm_primary_ops->set_binary_policy(buf + ntohs(pol->primary_buffer_offset),
79 ntohs(pol->secondary_buffer_offset) -
80 ntohs(pol->primary_buffer_offset))) {
81 goto error_lock_free;
82 }
83 /* 4. now get/set secondary policy data */
84 if (acm_secondary_ops->set_binary_policy(buf + ntohs(pol->secondary_buffer_offset),
85 ntohl(pol->len) -
86 ntohs(pol->secondary_buffer_offset))) {
87 goto error_lock_free;
88 }
89 write_unlock(&acm_bin_pol_rwlock);
90 out:
91 printk("%s: Done .\n", __func__);
92 if (policy_buffer != NULL)
93 xfree(policy_buffer);
94 return ACM_OK;
96 error_lock_free:
97 write_unlock(&acm_bin_pol_rwlock);
98 error_free:
99 printk("%s: Error setting policy.\n", __func__);
100 if (policy_buffer != NULL)
101 xfree(policy_buffer);
102 return -ENOMEM;
103 }
105 int
106 acm_get_policy(void *buf, u16 buf_size)
107 {
108 u8 *policy_buffer;
109 int ret;
110 struct acm_policy_buffer *bin_pol;
112 if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL)
113 return -ENOMEM;
115 read_lock(&acm_bin_pol_rwlock);
116 /* future: read policy from file and set it */
117 bin_pol = (struct acm_policy_buffer *)policy_buffer;
118 bin_pol->magic = htonl(ACM_MAGIC);
119 bin_pol->policyversion = htonl(POLICY_INTERFACE_VERSION);
120 bin_pol->primary_policy_code = htons(acm_bin_pol.primary_policy_code);
121 bin_pol->secondary_policy_code = htons(acm_bin_pol.secondary_policy_code);
123 bin_pol->len = htonl(sizeof(struct acm_policy_buffer));
124 bin_pol->primary_buffer_offset = htons(ntohl(bin_pol->len));
125 bin_pol->secondary_buffer_offset = htons(ntohl(bin_pol->len));
127 ret = acm_primary_ops->dump_binary_policy (policy_buffer + ntohs(bin_pol->primary_buffer_offset),
128 buf_size - ntohs(bin_pol->primary_buffer_offset));
129 if (ret < 0) {
130 printk("%s: ERROR creating chwallpolicy buffer.\n", __func__);
131 read_unlock(&acm_bin_pol_rwlock);
132 return -1;
133 }
134 bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
135 bin_pol->secondary_buffer_offset = htons(ntohl(bin_pol->len));
137 ret = acm_secondary_ops->dump_binary_policy(policy_buffer + ntohs(bin_pol->secondary_buffer_offset),
138 buf_size - ntohs(bin_pol->secondary_buffer_offset));
139 if (ret < 0) {
140 printk("%s: ERROR creating chwallpolicy buffer.\n", __func__);
141 read_unlock(&acm_bin_pol_rwlock);
142 return -1;
143 }
144 bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
145 read_unlock(&acm_bin_pol_rwlock);
146 if (copy_to_user(buf, policy_buffer, ntohl(bin_pol->len)))
147 return -EFAULT;
148 xfree(policy_buffer);
149 return ACM_OK;
150 }
152 int
153 acm_dump_statistics(void *buf, u16 buf_size)
154 {
155 /* send stats to user space */
156 u8 *stats_buffer;
157 int len1, len2;
158 struct acm_stats_buffer acm_stats;
160 if ((stats_buffer = xmalloc_array(u8, buf_size)) == NULL)
161 return -ENOMEM;
163 read_lock(&acm_bin_pol_rwlock);
165 len1 = acm_primary_ops->dump_statistics(stats_buffer + sizeof(struct acm_stats_buffer),
166 buf_size - sizeof(struct acm_stats_buffer));
167 if (len1 < 0)
168 goto error_lock_free;
170 len2 = acm_secondary_ops->dump_statistics(stats_buffer + sizeof(struct acm_stats_buffer) + len1,
171 buf_size - sizeof(struct acm_stats_buffer) - len1);
172 if (len2 < 0)
173 goto error_lock_free;
175 acm_stats.magic = htonl(ACM_MAGIC);
176 acm_stats.policyversion = htonl(POLICY_INTERFACE_VERSION);
177 acm_stats.primary_policy_code = htons(acm_bin_pol.primary_policy_code);
178 acm_stats.secondary_policy_code = htons(acm_bin_pol.secondary_policy_code);
179 acm_stats.primary_stats_offset = htons(sizeof(struct acm_stats_buffer));
180 acm_stats.secondary_stats_offset = htons(sizeof(struct acm_stats_buffer) + len1);
181 acm_stats.len = htonl(sizeof(struct acm_stats_buffer) + len1 + len2);
182 memcpy(stats_buffer, &acm_stats, sizeof(struct acm_stats_buffer));
184 if (copy_to_user(buf, stats_buffer, sizeof(struct acm_stats_buffer) + len1 + len2))
185 goto error_lock_free;
187 read_unlock(&acm_bin_pol_rwlock);
188 xfree(stats_buffer);
189 return ACM_OK;
191 error_lock_free:
192 read_unlock(&acm_bin_pol_rwlock);
193 xfree(stats_buffer);
194 return -EFAULT;
195 }
197 /*eof*/