ia64/xen-unstable

changeset 6597:0161d68cff37

This patch:

* adds a get_ssid ACM command that allows privileged domains to retrieve
types for either a given ssid reference or a given domain id (of a running
domain); this command can be used to extend access control into device
domains, e.g., to control network traffic currently moving through Domain
0 uncontrolled by the ACM policy

* adds a script getlabel.sh that allows users inside Dom0 to retrieve the
label for a given ssid reference or a given domain id (multiple labels
might map onto a single ssid reference)

* cleans up label-related code in tools/security by merging common
functions into labelfuncs.sh

* cleans up ACM code related to above changes (eventually approximating a
common coding style)

Signed-off-by Reiner Sailer <sailer@us.ibm.com>
Signed-off by Stefan Berger <stefanb@us.ibm.com>
author kaf24@firebug.cl.cam.ac.uk
date Fri Sep 02 07:59:12 2005 +0000 (2005-09-02)
parents c76a8c8b7132
children 02e104bf03c0
files tools/security/Makefile tools/security/secpol_tool.c tools/security/setlabel.sh xen/acm/acm_chinesewall_hooks.c xen/acm/acm_core.c xen/acm/acm_null_hooks.c xen/acm/acm_policy.c xen/acm/acm_simple_type_enforcement_hooks.c xen/common/acm_ops.c xen/include/acm/acm_core.h xen/include/acm/acm_hooks.h xen/include/public/acm.h xen/include/public/acm_ops.h
line diff
     1.1 --- a/tools/security/Makefile	Fri Sep 02 07:55:45 2005 +0000
     1.2 +++ b/tools/security/Makefile	Fri Sep 02 07:59:12 2005 +0000
     1.3 @@ -45,6 +45,7 @@ build: mk-symlinks
     1.4  	$(MAKE) secpol_xml2bin
     1.5  	chmod 700 ./setlabel.sh
     1.6  	chmod 700 ./updategrub.sh
     1.7 +	chmod 700 ./getlabel.sh
     1.8  
     1.9  secpol_tool : secpol_tool.c secpol_compat.h
    1.10  	$(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $<
     2.1 --- a/tools/security/secpol_tool.c	Fri Sep 02 07:55:45 2005 +0000
     2.2 +++ b/tools/security/secpol_tool.c	Fri Sep 02 07:59:12 2005 +0000
     2.3 @@ -25,6 +25,7 @@
     2.4  #include <stdio.h>
     2.5  #include <errno.h>
     2.6  #include <fcntl.h>
     2.7 +#include <getopt.h>
     2.8  #include <sys/mman.h>
     2.9  #include <sys/types.h>
    2.10  #include <sys/stat.h>
    2.11 @@ -41,6 +42,17 @@
    2.12  fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a ,	\
    2.13                  errno, strerror(errno))
    2.14  
    2.15 +void usage(char *progname)
    2.16 +{
    2.17 +    printf("Use: %s \n"
    2.18 +           "\t getpolicy\n"
    2.19 +           "\t dumpstats\n"
    2.20 +           "\t loadpolicy <binary policy file>\n"
    2.21 +           "\t getssid -d <domainid> [-f]\n"
    2.22 +		   "\t getssid -s <ssidref> [-f]\n", progname);
    2.23 +    exit(-1);
    2.24 +}
    2.25 +
    2.26  static inline int do_policycmd(int xc_handle, unsigned int cmd,
    2.27                                 unsigned long data)
    2.28  {
    2.29 @@ -320,7 +332,7 @@ int acm_domain_loadpolicy(int xc_handle,
    2.30  
    2.31          if (ret)
    2.32              printf
    2.33 -                ("ERROR setting policy. Use 'xm dmesg' to see details.\n");
    2.34 +                ("ERROR setting policy. Try 'xm dmesg' to see details.\n");
    2.35          else
    2.36              printf("Successfully changed policy.\n");
    2.37  
    2.38 @@ -370,7 +382,7 @@ int acm_domain_dumpstats(int xc_handle)
    2.39  
    2.40      if (ret < 0)
    2.41      {
    2.42 -        printf("ERROR dumping policy stats. Use 'xm dmesg' to see details.\n");
    2.43 +        printf("ERROR dumping policy stats. Try 'xm dmesg' to see details.\n");
    2.44          return ret;
    2.45      }
    2.46      stats = (struct acm_stats_buffer *) stats_buffer;
    2.47 @@ -421,18 +433,122 @@ int acm_domain_dumpstats(int xc_handle)
    2.48      }
    2.49      return ret;
    2.50  }
    2.51 +/************************ get ssidref & types ******************************/
    2.52 +/*
    2.53 + * the ssid (types) can be looked up either by domain id or by ssidref
    2.54 + */
    2.55 +int acm_domain_getssid(int xc_handle, int argc, char * const argv[])
    2.56 +{
    2.57 +    /* this includes header and a set of types */
    2.58 +    #define MAX_SSIDBUFFER  2000
    2.59 +    int ret, i;
    2.60 +    acm_op_t op;
    2.61 +    struct acm_ssid_buffer *hdr;
    2.62 +    unsigned char *buf;
    2.63 +	int nice_print = 1;
    2.64 +
    2.65 +    op.cmd = ACM_GETSSID;
    2.66 +    op.interface_version = ACM_INTERFACE_VERSION;
    2.67 +	op.u.getssid.get_ssid_by = UNSET;
    2.68 +	/* arguments
    2.69 +	   -d ... domain id to look up
    2.70 +	   -s ... ssidref number to look up
    2.71 +	   -f ... formatted print (scripts depend on this format)
    2.72 +	*/
    2.73 +	while (1)
    2.74 +    {
    2.75 +		int c = getopt(argc, argv, "d:s:f");
    2.76 +		if (c == -1)
    2.77 +			break;
    2.78 +		if (c == 'd')
    2.79 +        {
    2.80 +			if (op.u.getssid.get_ssid_by != UNSET)
    2.81 +				usage(argv[0]);
    2.82 +			op.u.getssid.get_ssid_by = DOMAINID;
    2.83 +			op.u.getssid.id.domainid = strtoul(optarg, NULL, 0);
    2.84 +		}
    2.85 +		else if (c== 's')
    2.86 +        {
    2.87 +			if (op.u.getssid.get_ssid_by != UNSET)
    2.88 +				usage(argv[0]);
    2.89 +			op.u.getssid.get_ssid_by = SSIDREF;
    2.90 +			op.u.getssid.id.ssidref = strtoul(optarg, NULL, 0);
    2.91 +		}
    2.92 +		else if (c== 'f')
    2.93 +		{
    2.94 +			nice_print = 0;
    2.95 +		}
    2.96 +		else
    2.97 +			usage(argv[0]);
    2.98 +	}
    2.99 +	if (op.u.getssid.get_ssid_by == UNSET)
   2.100 +		usage(argv[0]);
   2.101 +
   2.102 +	buf = malloc(MAX_SSIDBUFFER);
   2.103 +    if (!buf)
   2.104 +        return -ENOMEM;
   2.105 +
   2.106 +    /* dump it and then push it down into xen/acm */
   2.107 +    op.u.getssid.ssidbuf = buf;   /* out */
   2.108 +    op.u.getssid.ssidbuf_size = MAX_SSIDBUFFER;
   2.109 +    ret = do_acm_op(xc_handle, &op);
   2.110 +
   2.111 +    if (ret)
   2.112 +    {
   2.113 +        printf("ERROR getting ssidref. Try 'xm dmesg' to see details.\n");
   2.114 +        goto out;
   2.115 +    }
   2.116 +    hdr = (struct acm_ssid_buffer *)buf;
   2.117 +    if (hdr->len > MAX_SSIDBUFFER)
   2.118 +    {
   2.119 +        printf("ERROR: Buffer length inconsistent (ret=%d, hdr->len=%d)!\n",
   2.120 +               ret, hdr->len);
   2.121 +            return -EIO;
   2.122 +    }
   2.123 +	if (nice_print)
   2.124 +    {
   2.125 +		printf("SSID: ssidref = 0x%08x \n", hdr->ssidref);
   2.126 +		printf("      P: %s, max_types = %d\n",
   2.127 +			   ACM_POLICY_NAME(hdr->primary_policy_code), hdr->primary_max_types);
   2.128 +		printf("	  Types: ");
   2.129 +		for (i=0; i< hdr->primary_max_types; i++)
   2.130 +			if (buf[hdr->primary_types_offset + i])
   2.131 +				printf("%02x ", i);
   2.132 +			else
   2.133 +				printf("-- ");
   2.134 +		printf("\n");
   2.135 +
   2.136 +		printf("      S: %s, max_types = %d\n",
   2.137 +			   ACM_POLICY_NAME(hdr->secondary_policy_code), hdr->secondary_max_types);
   2.138 +		printf("	  Types: ");
   2.139 +		for (i=0; i< hdr->secondary_max_types; i++)
   2.140 +			if (buf[hdr->secondary_types_offset + i])
   2.141 +				printf("%02x ", i);
   2.142 +			else
   2.143 +				printf("-- ");
   2.144 +		printf("\n");
   2.145 +	}
   2.146 +	else
   2.147 +    {
   2.148 +		/* formatted print for use with scripts (.sh)
   2.149 +		 *  update scripts when updating here (usually
   2.150 +		 *  used in combination with -d to determine a
   2.151 +		 *  running domain's label
   2.152 +		 */
   2.153 +		printf("SSID: ssidref = 0x%08x \n", hdr->ssidref);
   2.154 +	}
   2.155 +
   2.156 +    /* return ste ssidref */
   2.157 +    if (hdr->primary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
   2.158 +        ret = (hdr->ssidref) & 0xffff;
   2.159 +    else if (hdr->secondary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
   2.160 +        ret = (hdr->ssidref) >> 16;
   2.161 + out:
   2.162 +    return ret;
   2.163 +}
   2.164  
   2.165  /***************************** main **************************************/
   2.166  
   2.167 -void usage(char *progname)
   2.168 -{
   2.169 -    printf("Use: %s \n"
   2.170 -           "\t getpolicy\n"
   2.171 -           "\t dumpstats\n"
   2.172 -           "\t loadpolicy <binary policy file>\n", progname);
   2.173 -    exit(-1);
   2.174 -}
   2.175 -
   2.176  int main(int argc, char **argv)
   2.177  {
   2.178  
   2.179 @@ -459,6 +575,8 @@ int main(int argc, char **argv)
   2.180          if (argc != 2)
   2.181              usage(argv[0]);
   2.182          ret = acm_domain_dumpstats(acm_cmd_fd);
   2.183 +    } else if (!strcmp(argv[1], "getssid")) {
   2.184 +        ret = acm_domain_getssid(acm_cmd_fd, argc, argv);
   2.185      } else
   2.186          usage(argv[0]);
   2.187  
     3.1 --- a/tools/security/setlabel.sh	Fri Sep 02 07:55:45 2005 +0000
     3.2 +++ b/tools/security/setlabel.sh	Fri Sep 02 07:59:12 2005 +0000
     3.3 @@ -34,277 +34,29 @@ if [ -z "$runbash" ]; then
     3.4  	exec sh -c "bash $0 $*"
     3.5  fi
     3.6  
     3.7 +export PATH=$PATH:.
     3.8 +source labelfuncs.sh
     3.9  
    3.10  usage ()
    3.11  {
    3.12 -	echo "Usage: $0 [Option] <vmfile> <label> <policy name> "
    3.13 -	echo "    or $0 -l <policy name>"
    3.14 +	echo "Usage: $0 [Option] <vmfile> <label> [<policy name>]"
    3.15 +	echo "    or $0 -l [<policy name>]"
    3.16  	echo ""
    3.17 -	echo "Valid Options are:"
    3.18 +	echo "Valid options are:"
    3.19  	echo "-r          : to relabel a file without being prompted"
    3.20  	echo ""
    3.21  	echo "vmfile      : XEN vm configuration file"
    3.22 -	echo "label       : the label to map"
    3.23 +	echo "label       : the label to map to an ssidref"
    3.24  	echo "policy name : the name of the policy, i.e. 'chwall'"
    3.25 +	echo "              If the policy name is omitted, it is attempted"
    3.26 +	echo "              to find the current policy's name in grub.conf."
    3.27  	echo ""
    3.28 -	echo "-l <policy name> is used to show valid labels in the map file"
    3.29 +	echo "-l [<policy name>] is used to show valid labels in the map file of"
    3.30 +	echo "                   the given or current policy."
    3.31  	echo ""
    3.32  }
    3.33  
    3.34  
    3.35 -findMapFile ()
    3.36 -{
    3.37 -	mapfile="./$1.map"
    3.38 -	if [ -r "$mapfile" ]; then
    3.39 -		return 1
    3.40 -	fi
    3.41 -
    3.42 -	mapfile="./policies/$1/$1.map"
    3.43 -	if [ -r "$mapfile" ]; then
    3.44 -		return 1
    3.45 -	fi
    3.46 -
    3.47 -	return 0
    3.48 -}
    3.49 -
    3.50 -showLabels ()
    3.51 -{
    3.52 -	mapfile=$1
    3.53 -	if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then
    3.54 -		echo "Cannot read from vm configuration file $vmfile."
    3.55 -		return -1
    3.56 -	fi
    3.57 -
    3.58 -	getPrimaryPolicy $mapfile
    3.59 -	getSecondaryPolicy $mapfile
    3.60 -
    3.61 -	echo "The following labels are available:"
    3.62 -	let line=1
    3.63 -	while [ 1 ]; do
    3.64 -		ITEM=`cat $mapfile |         \
    3.65 -		      awk -vline=$line       \
    3.66 -		          -vprimary=$primary \
    3.67 -		      '{                     \
    3.68 -		         if ($1 == "LABEL->SSID" &&  \
    3.69 -		             $2 == "VM" &&           \
    3.70 -		             $3 == primary ) {       \
    3.71 -		           ctr++;                    \
    3.72 -		           if (ctr == line) {        \
    3.73 -		             print $4;               \
    3.74 -		           }                         \
    3.75 -		         }                           \
    3.76 -		       } END {                       \
    3.77 -		       }'`
    3.78 -
    3.79 -		if [ "$ITEM" == "" ]; then
    3.80 -			break
    3.81 -		fi
    3.82 -		if [ "$secondary" != "NULL" ]; then
    3.83 -			LABEL=`cat $mapfile |     \
    3.84 -			       awk -vitem=$ITEM   \
    3.85 -			       '{
    3.86 -			          if ($1 == "LABEL->SSID" && \
    3.87 -			              $2 == "VM" &&          \
    3.88 -			              $3 == "CHWALL" &&      \
    3.89 -			              $4 == item ) {         \
    3.90 -			            result = item;           \
    3.91 -			          }                          \
    3.92 -			        } END {                      \
    3.93 -			            print result             \
    3.94 -			        }'`
    3.95 -		else
    3.96 -			LABEL=$ITEM
    3.97 -		fi
    3.98 -
    3.99 -		if [ "$LABEL" != "" ]; then
   3.100 -			echo "$LABEL"
   3.101 -			found=1
   3.102 -		fi
   3.103 -		let line=line+1
   3.104 -	done
   3.105 -	if [ "$found" != "1" ]; then
   3.106 -		echo "No labels found."
   3.107 -	fi
   3.108 -}
   3.109 -
   3.110 -getPrimaryPolicy ()
   3.111 -{
   3.112 -	mapfile=$1
   3.113 -	primary=`cat $mapfile  |   \
   3.114 -	         awk '             \
   3.115 -	          {                \
   3.116 -	            if ( $1 == "PRIMARY" ) { \
   3.117 -	              res=$2;                \
   3.118 -	            }                        \
   3.119 -	          } END {                    \
   3.120 -	            print res;               \
   3.121 -	          } '`
   3.122 -}
   3.123 -
   3.124 -getSecondaryPolicy ()
   3.125 -{
   3.126 -	mapfile=$1
   3.127 -	secondary=`cat $mapfile  |   \
   3.128 -	         awk '             \
   3.129 -	          {                \
   3.130 -	            if ( $1 == "SECONDARY" ) { \
   3.131 -	              res=$2;                \
   3.132 -	            }                        \
   3.133 -	          } END {                    \
   3.134 -	            print res;               \
   3.135 -	          } '`
   3.136 -}
   3.137 -
   3.138 -
   3.139 -getDefaultSsid ()
   3.140 -{
   3.141 -	mapfile=$1
   3.142 -	pol=$2
   3.143 -	RES=`cat $mapfile    \
   3.144 -	     awk -vpol=$pol  \
   3.145 -	      {              \
   3.146 -	        if ($1 == "LABEL->SSID" && \
   3.147 -	            $2 == "ANY"         && \
   3.148 -	            $3 == pol           && \
   3.149 -	            $4 == "DEFAULT"       ) {\
   3.150 -	              res=$5;                \
   3.151 -	        }                            \
   3.152 -	      } END {                        \
   3.153 -	        printf "%04x", strtonum(res) \
   3.154 -	     }'`
   3.155 -	echo "default NULL mapping is $RES"
   3.156 -	defaultssid=$RES
   3.157 -}
   3.158 -
   3.159 -relabel ()
   3.160 -{
   3.161 -	vmfile=$1
   3.162 -	label=$2
   3.163 -	mapfile=$3
   3.164 -	mode=$4
   3.165 -
   3.166 -	if [ ! -r "$vmfile" ]; then
   3.167 -		echo "Cannot read from vm configuration file $vmfile."
   3.168 -		return -1
   3.169 -	fi
   3.170 -
   3.171 -	if [ ! -w "$vmfile" ]; then
   3.172 -		echo "Cannot write to vm configuration file $vmfile."
   3.173 -		return -1
   3.174 -	fi
   3.175 -
   3.176 -	if [ ! -r "$mapfile" ] ; then
   3.177 -		echo "Cannot read mapping file $mapfile."
   3.178 -		return -1
   3.179 -	fi
   3.180 -
   3.181 -	# Determine which policy is primary, which sec.
   3.182 -	getPrimaryPolicy $mapfile
   3.183 -	getSecondaryPolicy $mapfile
   3.184 -
   3.185 -	# Calculate the primary policy's SSIDREF
   3.186 -	if [ "$primary" == "NULL" ]; then
   3.187 -		SSIDLO="0000"
   3.188 -	else
   3.189 -		SSIDLO=`cat $mapfile |                    \
   3.190 -		        awk -vlabel=$label                \
   3.191 -		            -vprimary=$primary            \
   3.192 -		           '{                             \
   3.193 -		              if ( $1 == "LABEL->SSID" && \
   3.194 -		                   $2 == "VM" &&          \
   3.195 -		                   $3 == primary  &&      \
   3.196 -		                   $4 == label ) {        \
   3.197 -		                result=$5                 \
   3.198 -		              }                           \
   3.199 -		           } END {                        \
   3.200 -		             if (result != "" )           \
   3.201 -		               {printf "%04x", strtonum(result)}\
   3.202 -		           }'`
   3.203 -	fi
   3.204 -
   3.205 -	# Calculate the secondary policy's SSIDREF
   3.206 -	if [ "$secondary" == "NULL" ]; then
   3.207 -		SSIDHI="0000"
   3.208 -	else
   3.209 -		SSIDHI=`cat $mapfile |                    \
   3.210 -		        awk -vlabel=$label                \
   3.211 -		            -vsecondary=$secondary        \
   3.212 -		           '{                             \
   3.213 -		              if ( $1 == "LABEL->SSID" && \
   3.214 -		                   $2 == "VM"          && \
   3.215 -		                   $3 == secondary     && \
   3.216 -		                   $4 == label ) {        \
   3.217 -		                result=$5                 \
   3.218 -		              }                           \
   3.219 -		            }  END {                      \
   3.220 -		              if (result != "" )          \
   3.221 -		                {printf "%04x", strtonum(result)}\
   3.222 -		            }'`
   3.223 -	fi
   3.224 -
   3.225 -	if [ "$SSIDLO" == "" -o \
   3.226 -	     "$SSIDHI" == "" ]; then
   3.227 -		echo "Could not map the given label '$label'."
   3.228 -		return -1
   3.229 -	fi
   3.230 -
   3.231 -	ACM_POLICY=`cat $mapfile |             \
   3.232 -	    awk ' { if ( $1 == "POLICY" ) {    \
   3.233 -	              result=$2                \
   3.234 -	            }                          \
   3.235 -	          }                            \
   3.236 -	          END {                        \
   3.237 -	            if (result != "") {        \
   3.238 -	              printf result            \
   3.239 -	            }                          \
   3.240 -	          }'`
   3.241 -
   3.242 -	if [ "$ACM_POLICY" == "" ]; then
   3.243 -		echo "Could not find 'POLICY' entry in map file."
   3.244 -		return -1
   3.245 -	fi
   3.246 -
   3.247 -	SSIDREF="0x$SSIDHI$SSIDLO"
   3.248 -
   3.249 -	if [ "$mode" != "relabel" ]; then
   3.250 -		RES=`cat $vmfile |  \
   3.251 -		     awk '{         \
   3.252 -		       if ( substr($1,0,7) == "ssidref" ) {\
   3.253 -		         print $0;             \
   3.254 -		       }                       \
   3.255 -		     }'`
   3.256 -		if [ "$RES" != "" ]; then
   3.257 -			echo "Do you want to overwrite the existing mapping ($RES)? (y/N)"
   3.258 -			read user
   3.259 -			if [ "$user" != "y" -a "$user" != "Y" ]; then
   3.260 -				echo "Aborted."
   3.261 -				return 0
   3.262 -			fi
   3.263 -		fi
   3.264 -	fi
   3.265 -
   3.266 -	#Write the output
   3.267 -	vmtmp1="/tmp/__setlabel.tmp1"
   3.268 -	vmtmp2="/tmp/__setlabel.tmp2"
   3.269 -	touch $vmtmp1
   3.270 -	touch $vmtmp2
   3.271 -	if [ ! -w "$vmtmp1" -o ! -w "$vmtmp2" ]; then
   3.272 -		echo "Cannot create temporary files. Aborting."
   3.273 -		return -1
   3.274 -	fi
   3.275 -	RES=`sed -e '/^#ACM_POLICY/d' $vmfile > $vmtmp1`
   3.276 -	RES=`sed -e '/^#ACM_LABEL/d' $vmtmp1 > $vmtmp2`
   3.277 -	RES=`sed -e '/^ssidref/d' $vmtmp2 > $vmtmp1`
   3.278 -	echo "#ACM_POLICY=$ACM_POLICY" >> $vmtmp1
   3.279 -	echo "#ACM_LABEL=$label" >> $vmtmp1
   3.280 -	echo "ssidref = $SSIDREF" >> $vmtmp1
   3.281 -	mv -f $vmtmp1 $vmfile
   3.282 -	rm -rf $vmtmp1 $vmtmp2
   3.283 -	echo "Mapped label '$label' to ssidref '$SSIDREF'."
   3.284 -}
   3.285 -
   3.286 -
   3.287 -
   3.288  if [ "$1" == "-r" ]; then
   3.289  	mode="relabel"
   3.290  	shift
   3.291 @@ -317,10 +69,25 @@ fi
   3.292  
   3.293  if [ "$mode" == "show" ]; then
   3.294  	if [ "$1" == "" ]; then
   3.295 -		usage
   3.296 -		exit -1;
   3.297 +		findGrubConf
   3.298 +		ret=$?
   3.299 +		if [ $ret -eq 0 ]; then
   3.300 +			echo "Could not find grub.conf"
   3.301 +			exit -1;
   3.302 +		fi
   3.303 +		findPolicyInGrub $grubconf
   3.304 +		if [ "$policy" != "" ]; then
   3.305 +			echo "Assuming policy to be '$policy'.";
   3.306 +		else
   3.307 +			echo "Could not find policy."
   3.308 +			exit -1;
   3.309 +		fi
   3.310 +	else
   3.311 +		policy=$3;
   3.312  	fi
   3.313 -	findMapFile $1
   3.314 +
   3.315 +
   3.316 +	findMapFile $policy
   3.317  	res=$?
   3.318  	if [ "$res" != "0" ]; then
   3.319  		showLabels $mapfile
   3.320 @@ -330,11 +97,29 @@ if [ "$mode" == "show" ]; then
   3.321  elif [ "$mode" == "usage" ]; then
   3.322  	usage
   3.323  else
   3.324 -	if [ "$3" == "" ]; then
   3.325 +	if [ "$2" == "" ]; then
   3.326  		usage
   3.327 -		exit -1;
   3.328 +		exit -1
   3.329  	fi
   3.330 -	findMapFile $3
   3.331 +	if [ "$3" == "" ]; then
   3.332 +		findGrubConf
   3.333 +		ret=$?
   3.334 +		if [ $ret -eq 0 ]; then
   3.335 +			echo "Could not find grub.conf"
   3.336 +			exit -1;
   3.337 +		fi
   3.338 +		findPolicyInGrub $grubconf
   3.339 +		if [ "$policy" != "" ]; then
   3.340 +			echo "Assuming policy to be '$policy'.";
   3.341 +		else
   3.342 +			echo "Could not find policy."
   3.343 +			exit -1;
   3.344 +		fi
   3.345 +
   3.346 +	else
   3.347 +		policy=$3;
   3.348 +	fi
   3.349 +	findMapFile $policy
   3.350  	res=$?
   3.351  	if [ "$res" != "0" ]; then
   3.352  		relabel $1 $2 $mapfile $mode
     4.1 --- a/xen/acm/acm_chinesewall_hooks.c	Fri Sep 02 07:55:45 2005 +0000
     4.2 +++ b/xen/acm/acm_chinesewall_hooks.c	Fri Sep 02 07:59:12 2005 +0000
     4.3 @@ -310,6 +310,28 @@ chwall_dump_stats(u8 *buf, u16 len)
     4.4  	return 0;
     4.5  }
     4.6  
     4.7 +static int
     4.8 +chwall_dump_ssid_types(ssidref_t ssidref, u8 *buf, u16 len)
     4.9 +{
    4.10 +    int i;
    4.11 +
    4.12 +    /* fill in buffer */
    4.13 +    if (chwall_bin_pol.max_types > len)
    4.14 +        return -EFAULT;
    4.15 +
    4.16 +	if (ssidref >= chwall_bin_pol.max_ssidrefs)
    4.17 +		return -EFAULT;
    4.18 +
    4.19 +    /* read types for chwall ssidref */
    4.20 +    for(i=0; i< chwall_bin_pol.max_types; i++) {
    4.21 +        if (chwall_bin_pol.ssidrefs[ssidref * chwall_bin_pol.max_types + i])
    4.22 +            buf[i] = 1;
    4.23 +        else
    4.24 +            buf[i] = 0;
    4.25 +    }
    4.26 +    return chwall_bin_pol.max_types;
    4.27 +}
    4.28 +
    4.29  /***************************
    4.30   * Authorization functions
    4.31   ***************************/
    4.32 @@ -492,6 +514,7 @@ struct acm_operations acm_chinesewall_op
    4.33  	.dump_binary_policy		= chwall_dump_policy,
    4.34  	.set_binary_policy		= chwall_set_policy,
    4.35  	.dump_statistics		= chwall_dump_stats,
    4.36 +    .dump_ssid_types        = chwall_dump_ssid_types,
    4.37  	/* domain management control hooks */
    4.38  	.pre_domain_create     		= chwall_pre_domain_create,
    4.39  	.post_domain_create		= chwall_post_domain_create,
     5.1 --- a/xen/acm/acm_core.c	Fri Sep 02 07:55:45 2005 +0000
     5.2 +++ b/xen/acm/acm_core.c	Fri Sep 02 07:59:12 2005 +0000
     5.3 @@ -64,17 +64,18 @@ u8 little_endian = 1;
     5.4  void acm_set_endian(void)
     5.5  {
     5.6      u32 test = 1;
     5.7 -    if (*((u8 *)&test) == 1) {
     5.8 +    if (*((u8 *)&test) == 1)
     5.9 +    {
    5.10        	printk("ACM module running in LITTLE ENDIAN.\n");
    5.11 -	little_endian = 1;
    5.12 -    } else {
    5.13 -	printk("ACM module running in BIG ENDIAN.\n");
    5.14 -	little_endian = 0;
    5.15 +        little_endian = 1;
    5.16 +    }
    5.17 +    else
    5.18 +    {
    5.19 +        printk("ACM module running in BIG ENDIAN.\n");
    5.20 +        little_endian = 0;
    5.21      }
    5.22  }
    5.23  
    5.24 -#if (ACM_USE_SECURITY_POLICY != ACM_NULL_POLICY)
    5.25 -
    5.26  /* initialize global security policy for Xen; policy write-locked already */
    5.27  static void
    5.28  acm_init_binary_policy(void *primary, void *secondary)
    5.29 @@ -101,7 +102,8 @@ acm_setup(unsigned int *initrdidx,
    5.30       * Try all modules and see whichever could be the binary policy.
    5.31       * Adjust the initrdidx if module[1] is the binary policy.
    5.32       */
    5.33 -    for (i = mbi->mods_count-1; i >= 1; i--) {
    5.34 +    for (i = mbi->mods_count-1; i >= 1; i--)
    5.35 +    {
    5.36          struct acm_policy_buffer *pol;
    5.37          char *_policy_start; 
    5.38          unsigned long _policy_len;
    5.39 @@ -117,23 +119,32 @@ acm_setup(unsigned int *initrdidx,
    5.40  		continue; /* not a policy */
    5.41  
    5.42          pol = (struct acm_policy_buffer *)_policy_start;
    5.43 -        if (ntohl(pol->magic) == ACM_MAGIC) {
    5.44 +        if (ntohl(pol->magic) == ACM_MAGIC)
    5.45 +        {
    5.46              rc = acm_set_policy((void *)_policy_start,
    5.47                                  (u16)_policy_len,
    5.48                                  0);
    5.49 -            if (rc == ACM_OK) {
    5.50 +            if (rc == ACM_OK)
    5.51 +            {
    5.52                  printf("Policy len  0x%lx, start at %p.\n",_policy_len,_policy_start);
    5.53 -                if (i == 1) {
    5.54 -                    if (mbi->mods_count > 2) {
    5.55 +                if (i == 1)
    5.56 +                {
    5.57 +                    if (mbi->mods_count > 2)
    5.58 +                    {
    5.59                          *initrdidx = 2;
    5.60 -                    } else {
    5.61 +                    }
    5.62 +                    else {
    5.63                          *initrdidx = 0;
    5.64                      }
    5.65 -                } else {
    5.66 +                }
    5.67 +                else
    5.68 +                {
    5.69                      *initrdidx = 1;
    5.70                  }
    5.71                  break;
    5.72 -            } else {
    5.73 +            }
    5.74 +            else
    5.75 +            {
    5.76              	printk("Invalid policy. %d.th module line.\n", i+1);
    5.77              }
    5.78          } /* end if a binary policy definition, i.e., (ntohl(pol->magic) == ACM_MAGIC ) */
    5.79 @@ -147,57 +158,85 @@ acm_init(unsigned int *initrdidx,
    5.80           const multiboot_info_t *mbi,
    5.81           unsigned long initial_images_start)
    5.82  {
    5.83 -	int ret = -EINVAL;
    5.84 +	int ret = ACM_OK;
    5.85  
    5.86 -	acm_set_endian();
    5.87 +    acm_set_endian();
    5.88  	write_lock(&acm_bin_pol_rwlock);
    5.89 +    acm_init_binary_policy(NULL, NULL);
    5.90  
    5.91 -	if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_POLICY) {
    5.92 -		acm_init_binary_policy(NULL, NULL);
    5.93 -		acm_init_chwall_policy();
    5.94 +    /* set primary policy component */
    5.95 +    switch ((ACM_USE_SECURITY_POLICY) & 0x0f)
    5.96 +    {
    5.97 +
    5.98 +    case ACM_CHINESE_WALL_POLICY:
    5.99 +        acm_init_chwall_policy();
   5.100  		acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
   5.101  		acm_primary_ops = &acm_chinesewall_ops;
   5.102 -		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
   5.103 -		acm_secondary_ops = &acm_null_ops;
   5.104 -		ret = ACM_OK;
   5.105 -	} else if (ACM_USE_SECURITY_POLICY == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
   5.106 -		acm_init_binary_policy(NULL, NULL);
   5.107 -		acm_init_ste_policy();
   5.108 +        break;
   5.109 +
   5.110 +    case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
   5.111 +        acm_init_ste_policy();
   5.112  		acm_bin_pol.primary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
   5.113  		acm_primary_ops = &acm_simple_type_enforcement_ops;
   5.114 +        break;
   5.115 +
   5.116 +    default:
   5.117 +        /* NULL or Unknown policy not allowed primary;
   5.118 +         * NULL/NULL will not compile this code */
   5.119 +        ret = -EINVAL;
   5.120 +        goto out;
   5.121 +    }
   5.122 +
   5.123 +    /* secondary policy component part */
   5.124 +    switch ((ACM_USE_SECURITY_POLICY) >> 4) {
   5.125 +    case ACM_NULL_POLICY:
   5.126  		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
   5.127  		acm_secondary_ops = &acm_null_ops;
   5.128 -		ret = ACM_OK;
   5.129 -	} else if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
   5.130 -		acm_init_binary_policy(NULL, NULL);
   5.131 +		break;
   5.132 +
   5.133 +    case ACM_CHINESE_WALL_POLICY:
   5.134 +        if (acm_bin_pol.primary_policy_code == ACM_CHINESE_WALL_POLICY)
   5.135 +        {   /* not a valid combination */
   5.136 +            ret = -EINVAL;
   5.137 +            goto out;
   5.138 +        }
   5.139  		acm_init_chwall_policy();
   5.140 +        acm_bin_pol.secondary_policy_code = ACM_CHINESE_WALL_POLICY;
   5.141 +		acm_secondary_ops = &acm_chinesewall_ops;
   5.142 +        break;
   5.143 +
   5.144 +    case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
   5.145 +        if (acm_bin_pol.primary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
   5.146 +        {   /* not a valid combination */
   5.147 +            ret = -EINVAL;
   5.148 +            goto out;
   5.149 +        }
   5.150  		acm_init_ste_policy();
   5.151 -		acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
   5.152 -		acm_primary_ops = &acm_chinesewall_ops;
   5.153  		acm_bin_pol.secondary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
   5.154  		acm_secondary_ops = &acm_simple_type_enforcement_ops;
   5.155 -		ret = ACM_OK;
   5.156 -	} else if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) {
   5.157 -		acm_init_binary_policy(NULL, NULL);
   5.158 -		acm_bin_pol.primary_policy_code = ACM_NULL_POLICY;
   5.159 -		acm_primary_ops = &acm_null_ops;
   5.160 -		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
   5.161 -		acm_secondary_ops = &acm_null_ops;
   5.162 -		ret = ACM_OK;
   5.163 -	}
   5.164 +        break;
   5.165 +
   5.166 +    default:
   5.167 +        ret = -EINVAL;
   5.168 +        goto out;
   5.169 +    }
   5.170 +
   5.171 + out:
   5.172  	write_unlock(&acm_bin_pol_rwlock);
   5.173  
   5.174  	if (ret != ACM_OK)
   5.175 -		return -EINVAL;		
   5.176 +    {
   5.177 +        printk("%s: Error setting policies.\n", __func__);
   5.178 +        /* here one could imagine a clean panic */
   5.179 +		return -EINVAL;
   5.180 +	}
   5.181  	acm_setup(initrdidx, mbi, initial_images_start);
   5.182  	printk("%s: Enforcing Primary %s, Secondary %s.\n", __func__, 
   5.183 -	       ACM_POLICY_NAME(acm_bin_pol.primary_policy_code), ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
   5.184 +	       ACM_POLICY_NAME(acm_bin_pol.primary_policy_code),
   5.185 +           ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
   5.186  	return ret;
   5.187  }
   5.188  
   5.189 -
   5.190 -#endif
   5.191 -
   5.192  int
   5.193  acm_init_domain_ssid(domid_t id, ssidref_t ssidref)
   5.194  {
   5.195 @@ -205,7 +244,8 @@ acm_init_domain_ssid(domid_t id, ssidref
   5.196  	struct domain *subj = find_domain_by_id(id);
   5.197  	int ret1, ret2;
   5.198  	
   5.199 -	if (subj == NULL) {
   5.200 +	if (subj == NULL)
   5.201 +    {
   5.202  		printk("%s: ACM_NULL_POINTER ERROR (id=%x).\n", __func__, id);
   5.203  		return ACM_NULL_POINTER_ERROR;
   5.204  	}
   5.205 @@ -235,14 +275,16 @@ acm_init_domain_ssid(domid_t id, ssidref
   5.206  	else
   5.207  		ret2 = ACM_OK;
   5.208  
   5.209 -	if ((ret1 != ACM_OK) || (ret2 != ACM_OK)) {
   5.210 +	if ((ret1 != ACM_OK) || (ret2 != ACM_OK))
   5.211 +    {
   5.212  		printk("%s: ERROR instantiating individual ssids for domain 0x%02x.\n",
   5.213  		       __func__, subj->domain_id);
   5.214  		acm_free_domain_ssid(ssid);	
   5.215  	        put_domain(subj);
   5.216  		return ACM_INIT_SSID_ERROR;
   5.217  	}
   5.218 -	printk("%s: assigned domain %x the ssidref=%x.\n", __func__, id, ssid->ssidref);
   5.219 +	printk("%s: assigned domain %x the ssidref=%x.\n",
   5.220 +           __func__, id, ssid->ssidref);
   5.221  	put_domain(subj);
   5.222  	return ACM_OK;
   5.223  }
   5.224 @@ -254,11 +296,12 @@ acm_free_domain_ssid(struct acm_ssid_dom
   5.225  	domid_t id;
   5.226  
   5.227  	/* domain is already gone, just ssid is left */
   5.228 -	if (ssid == NULL) {
   5.229 +	if (ssid == NULL)
   5.230 +    {
   5.231  		printk("%s: ACM_NULL_POINTER ERROR.\n", __func__);
   5.232  		return ACM_NULL_POINTER_ERROR;
   5.233  	}
   5.234 -       	id = ssid->domainid;
   5.235 +    id = ssid->domainid;
   5.236  	ssid->subject  	     = NULL;
   5.237  
   5.238  	if (acm_primary_ops->free_domain_ssid != NULL) /* null policy */
   5.239 @@ -268,6 +311,7 @@ acm_free_domain_ssid(struct acm_ssid_dom
   5.240  		acm_secondary_ops->free_domain_ssid(ssid->secondary_ssid);
   5.241  	ssid->secondary_ssid = NULL;
   5.242  	xfree(ssid);
   5.243 -	printkd("%s: Freed individual domain ssid (domain=%02x).\n",__func__, id);
   5.244 +	printkd("%s: Freed individual domain ssid (domain=%02x).\n",
   5.245 +            __func__, id);
   5.246  	return ACM_OK;
   5.247  }
     6.1 --- a/xen/acm/acm_null_hooks.c	Fri Sep 02 07:55:45 2005 +0000
     6.2 +++ b/xen/acm/acm_null_hooks.c	Fri Sep 02 07:59:12 2005 +0000
     6.3 @@ -14,13 +14,13 @@
     6.4  #include <acm/acm_hooks.h>
     6.5  
     6.6  static int
     6.7 -null_init_domain_ssid(void **chwall_ssid, ssidref_t ssidref)
     6.8 +null_init_domain_ssid(void **ssid, ssidref_t ssidref)
     6.9  {
    6.10  	return ACM_OK;
    6.11  }
    6.12  
    6.13  static void
    6.14 -null_free_domain_ssid(void *chwall_ssid)
    6.15 +null_free_domain_ssid(void *ssid)
    6.16  {
    6.17  	return;
    6.18  }
    6.19 @@ -44,6 +44,14 @@ null_dump_stats(u8 *buf, u16 buf_size)
    6.20  	return 0;
    6.21  }
    6.22  
    6.23 +static int
    6.24 +null_dump_ssid_types(ssidref_t ssidref, u8 *buffer, u16 buf_size)
    6.25 +{
    6.26 +    /* no types */
    6.27 +    return 0;
    6.28 +}
    6.29 +
    6.30 +
    6.31  /* now define the hook structure similarly to LSM */
    6.32  struct acm_operations acm_null_ops = {
    6.33  	.init_domain_ssid		= null_init_domain_ssid,
    6.34 @@ -51,6 +59,7 @@ struct acm_operations acm_null_ops = {
    6.35  	.dump_binary_policy           	= null_dump_binary_policy,
    6.36  	.set_binary_policy		= null_set_binary_policy,
    6.37  	.dump_statistics	        = null_dump_stats,
    6.38 +    .dump_ssid_types        = null_dump_ssid_types,
    6.39  	/* domain management control hooks */
    6.40  	.pre_domain_create     		= NULL,
    6.41  	.post_domain_create		= NULL,
     7.1 --- a/xen/acm/acm_policy.c	Fri Sep 02 07:55:45 2005 +0000
     7.2 +++ b/xen/acm/acm_policy.c	Fri Sep 02 07:59:12 2005 +0000
     7.3 @@ -26,8 +26,8 @@
     7.4  #include <xen/lib.h>
     7.5  #include <xen/delay.h>
     7.6  #include <xen/sched.h>
     7.7 +#include <acm/acm_core.h>
     7.8  #include <public/acm_ops.h>
     7.9 -#include <acm/acm_core.h>
    7.10  #include <acm/acm_hooks.h>
    7.11  #include <acm/acm_endian.h>
    7.12  
    7.13 @@ -37,14 +37,16 @@ acm_set_policy(void *buf, u16 buf_size, 
    7.14  	u8 *policy_buffer = NULL;
    7.15  	struct acm_policy_buffer *pol;
    7.16  	
    7.17 -     	if (buf_size < sizeof(struct acm_policy_buffer))
    7.18 +    if (buf_size < sizeof(struct acm_policy_buffer))
    7.19  		return -EFAULT;
    7.20  
    7.21  	/* 1. copy buffer from domain */
    7.22  	if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL)
    7.23 -	    goto error_free;
    7.24 +	    return -ENOMEM;
    7.25 +
    7.26  	if (isuserbuffer) {
    7.27 -		if (copy_from_user(policy_buffer, buf, buf_size)) {
    7.28 +		if (copy_from_user(policy_buffer, buf, buf_size))
    7.29 +        {
    7.30  			printk("%s: Error copying!\n",__func__);
    7.31  			goto error_free;
    7.32  		}
    7.33 @@ -57,11 +59,13 @@ acm_set_policy(void *buf, u16 buf_size, 
    7.34  	if ((ntohl(pol->magic) != ACM_MAGIC) || 
    7.35  	    (ntohl(pol->policy_version) != ACM_POLICY_VERSION) ||
    7.36  	    (ntohl(pol->primary_policy_code) != acm_bin_pol.primary_policy_code) ||
    7.37 -	    (ntohl(pol->secondary_policy_code) != acm_bin_pol.secondary_policy_code)) {
    7.38 +	    (ntohl(pol->secondary_policy_code) != acm_bin_pol.secondary_policy_code))
    7.39 +    {
    7.40  		printkd("%s: Wrong policy magics or versions!\n", __func__);
    7.41  		goto error_free;
    7.42  	}
    7.43 -	if (buf_size != ntohl(pol->len)) {
    7.44 +	if (buf_size != ntohl(pol->len))
    7.45 +    {
    7.46  		printk("%s: ERROR in buf size.\n", __func__);
    7.47  		goto error_free;
    7.48  	}
    7.49 @@ -72,27 +76,25 @@ acm_set_policy(void *buf, u16 buf_size, 
    7.50  	/* 3. set primary policy data */
    7.51  	if (acm_primary_ops->set_binary_policy(buf + ntohl(pol->primary_buffer_offset),
    7.52                                                 ntohl(pol->secondary_buffer_offset) -
    7.53 -					       ntohl(pol->primary_buffer_offset))) {
    7.54 +					       ntohl(pol->primary_buffer_offset)))
    7.55  		goto error_lock_free;
    7.56 -	}
    7.57 +
    7.58  	/* 4. set secondary policy data */
    7.59  	if (acm_secondary_ops->set_binary_policy(buf + ntohl(pol->secondary_buffer_offset),
    7.60  						 ntohl(pol->len) - 
    7.61 -						 ntohl(pol->secondary_buffer_offset))) {
    7.62 +						 ntohl(pol->secondary_buffer_offset)))
    7.63  		goto error_lock_free;
    7.64 -	}
    7.65 +
    7.66  	write_unlock(&acm_bin_pol_rwlock);
    7.67 -	if (policy_buffer != NULL)
    7.68 -		xfree(policy_buffer);
    7.69 +	xfree(policy_buffer);
    7.70  	return ACM_OK;
    7.71  
    7.72   error_lock_free:
    7.73  	write_unlock(&acm_bin_pol_rwlock);
    7.74   error_free:
    7.75  	printk("%s: Error setting policy.\n", __func__);
    7.76 -	if (policy_buffer != NULL)
    7.77 -		xfree(policy_buffer);
    7.78 -	return -ENOMEM;
    7.79 +    xfree(policy_buffer);
    7.80 +	return -EFAULT;
    7.81  }
    7.82  
    7.83  int
    7.84 @@ -102,11 +104,14 @@ acm_get_policy(void *buf, u16 buf_size)
    7.85       int ret;
    7.86       struct acm_policy_buffer *bin_pol;
    7.87  	
    7.88 +    if (buf_size < sizeof(struct acm_policy_buffer))
    7.89 +		return -EFAULT;
    7.90 +
    7.91       if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL)
    7.92  	    return -ENOMEM;
    7.93  
    7.94       read_lock(&acm_bin_pol_rwlock);
    7.95 -     /* future: read policy from file and set it */
    7.96 +
    7.97       bin_pol = (struct acm_policy_buffer *)policy_buffer;
    7.98       bin_pol->magic = htonl(ACM_MAGIC);
    7.99       bin_pol->primary_policy_code = htonl(acm_bin_pol.primary_policy_code);
   7.100 @@ -118,27 +123,30 @@ acm_get_policy(void *buf, u16 buf_size)
   7.101       
   7.102       ret = acm_primary_ops->dump_binary_policy (policy_buffer + ntohl(bin_pol->primary_buffer_offset),
   7.103  				       buf_size - ntohl(bin_pol->primary_buffer_offset));
   7.104 -     if (ret < 0) {
   7.105 -	     printk("%s: ERROR creating chwallpolicy buffer.\n", __func__);
   7.106 -	     read_unlock(&acm_bin_pol_rwlock);
   7.107 -	     return -1;
   7.108 -     }
   7.109 +     if (ret < 0)
   7.110 +         goto error_free_unlock;
   7.111 +
   7.112       bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
   7.113       bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len));
   7.114  
   7.115       ret = acm_secondary_ops->dump_binary_policy(policy_buffer + ntohl(bin_pol->secondary_buffer_offset),
   7.116  				    buf_size - ntohl(bin_pol->secondary_buffer_offset));
   7.117 -     if (ret < 0) {
   7.118 -	     printk("%s: ERROR creating chwallpolicy buffer.\n", __func__);
   7.119 -	     read_unlock(&acm_bin_pol_rwlock);
   7.120 -	     return -1;
   7.121 -     }
   7.122 +     if (ret < 0)
   7.123 +         goto error_free_unlock;
   7.124 +
   7.125       bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
   7.126 +     if (copy_to_user(buf, policy_buffer, ntohl(bin_pol->len)))
   7.127 +	     goto error_free_unlock;
   7.128 +
   7.129       read_unlock(&acm_bin_pol_rwlock);
   7.130 -     if (copy_to_user(buf, policy_buffer, ntohl(bin_pol->len)))
   7.131 -	     return -EFAULT;
   7.132       xfree(policy_buffer);
   7.133       return ACM_OK;
   7.134 +
   7.135 + error_free_unlock:
   7.136 +     read_unlock(&acm_bin_pol_rwlock);
   7.137 +     printk("%s: Error getting policy.\n", __func__);
   7.138 +     xfree(policy_buffer);
   7.139 +     return -EFAULT;
   7.140  }
   7.141  
   7.142  int
   7.143 @@ -185,4 +193,62 @@ acm_dump_statistics(void *buf, u16 buf_s
   7.144       return -EFAULT;
   7.145  }
   7.146  
   7.147 +
   7.148 +int
   7.149 +acm_get_ssid(ssidref_t ssidref, u8 *buf, u16 buf_size)
   7.150 +{
   7.151 +    /* send stats to user space */
   7.152 +     u8 *ssid_buffer;
   7.153 +     int ret;
   7.154 +     struct acm_ssid_buffer *acm_ssid;
   7.155 +     if (buf_size < sizeof(struct acm_ssid_buffer))
   7.156 +		return -EFAULT;
   7.157 +
   7.158 +     if ((ssid_buffer = xmalloc_array(u8, buf_size)) == NULL)
   7.159 +	    return -ENOMEM;
   7.160 +
   7.161 +     read_lock(&acm_bin_pol_rwlock);
   7.162 +
   7.163 +     acm_ssid = (struct acm_ssid_buffer *)ssid_buffer;
   7.164 +     acm_ssid->len = sizeof(struct acm_ssid_buffer);
   7.165 +     acm_ssid->ssidref = ssidref;
   7.166 +     acm_ssid->primary_policy_code = acm_bin_pol.primary_policy_code;
   7.167 +     acm_ssid->secondary_policy_code = acm_bin_pol.secondary_policy_code;
   7.168 +     acm_ssid->primary_types_offset = acm_ssid->len;
   7.169 +
   7.170 +     /* ret >= 0 --> ret == max_types */
   7.171 +     ret = acm_primary_ops->dump_ssid_types(ACM_PRIMARY(ssidref),
   7.172 +                                            ssid_buffer + acm_ssid->primary_types_offset,
   7.173 +                                            buf_size - acm_ssid->primary_types_offset);
   7.174 +     if (ret < 0)
   7.175 +         goto error_free_unlock;
   7.176 +
   7.177 +     acm_ssid->len += ret;
   7.178 +     acm_ssid->primary_max_types = ret;
   7.179 +
   7.180 +     acm_ssid->secondary_types_offset = acm_ssid->len;
   7.181 +
   7.182 +     ret = acm_secondary_ops->dump_ssid_types(ACM_SECONDARY(ssidref),
   7.183 +                                              ssid_buffer + acm_ssid->secondary_types_offset,
   7.184 +                                              buf_size - acm_ssid->secondary_types_offset);
   7.185 +     if (ret < 0)
   7.186 +         goto error_free_unlock;
   7.187 +
   7.188 +     acm_ssid->len += ret;
   7.189 +     acm_ssid->secondary_max_types = ret;
   7.190 +
   7.191 +     if (copy_to_user(buf, ssid_buffer, acm_ssid->len))
   7.192 +	     goto error_free_unlock;
   7.193 +
   7.194 +     read_unlock(&acm_bin_pol_rwlock);
   7.195 +     xfree(ssid_buffer);
   7.196 +     return ACM_OK;
   7.197 +
   7.198 + error_free_unlock:
   7.199 +     read_unlock(&acm_bin_pol_rwlock);
   7.200 +     printk("%s: Error getting ssid.\n", __func__);
   7.201 +     xfree(ssid_buffer);
   7.202 +     return -ENOMEM;
   7.203 +}
   7.204 +
   7.205  /*eof*/
     8.1 --- a/xen/acm/acm_simple_type_enforcement_hooks.c	Fri Sep 02 07:55:45 2005 +0000
     8.2 +++ b/xen/acm/acm_simple_type_enforcement_hooks.c	Fri Sep 02 07:59:12 2005 +0000
     8.3 @@ -383,6 +383,27 @@ ste_dump_stats(u8 *buf, u16 buf_len)
     8.4      return sizeof(struct acm_ste_stats_buffer);
     8.5  }
     8.6  
     8.7 +static int
     8.8 +ste_dump_ssid_types(ssidref_t ssidref, u8 *buf, u16 len)
     8.9 +{
    8.10 +    int i;
    8.11 +
    8.12 +    /* fill in buffer */
    8.13 +    if (ste_bin_pol.max_types > len)
    8.14 +        return -EFAULT;
    8.15 +
    8.16 +	if (ssidref >= ste_bin_pol.max_ssidrefs)
    8.17 +		return -EFAULT;
    8.18 +
    8.19 +    /* read types for chwall ssidref */
    8.20 +    for(i=0; i< ste_bin_pol.max_types; i++) {
    8.21 +		if (ste_bin_pol.ssidrefs[ssidref * ste_bin_pol.max_types + i])
    8.22 +            buf[i] = 1;
    8.23 +        else
    8.24 +            buf[i] = 0;
    8.25 +    }
    8.26 +    return ste_bin_pol.max_types;
    8.27 +}
    8.28  
    8.29  /* we need to go through this before calling the hooks,
    8.30   * returns 1 == cache hit */
    8.31 @@ -625,22 +646,23 @@ struct acm_operations acm_simple_type_en
    8.32  	/* policy management services */
    8.33  	.init_domain_ssid		= ste_init_domain_ssid,
    8.34  	.free_domain_ssid		= ste_free_domain_ssid,
    8.35 -	.dump_binary_policy    	       	= ste_dump_policy,
    8.36 -	.set_binary_policy     		= ste_set_policy,
    8.37 +	.dump_binary_policy     = ste_dump_policy,
    8.38 +	.set_binary_policy      = ste_set_policy,
    8.39  	.dump_statistics		= ste_dump_stats,
    8.40 +    .dump_ssid_types        = ste_dump_ssid_types,
    8.41  	/* domain management control hooks */
    8.42  	.pre_domain_create     		= ste_pre_domain_create,
    8.43 -	.post_domain_create		= NULL,
    8.44 -	.fail_domain_create		= NULL,
    8.45 -	.post_domain_destroy		= ste_post_domain_destroy,
    8.46 +	.post_domain_create	    = NULL,
    8.47 +	.fail_domain_create     = NULL,
    8.48 +	.post_domain_destroy    = ste_post_domain_destroy,
    8.49  	/* event channel control hooks */
    8.50 -	.pre_eventchannel_unbound      	= ste_pre_eventchannel_unbound,
    8.51 +	.pre_eventchannel_unbound   = ste_pre_eventchannel_unbound,
    8.52  	.fail_eventchannel_unbound	= NULL,
    8.53  	.pre_eventchannel_interdomain	= ste_pre_eventchannel_interdomain,
    8.54  	.fail_eventchannel_interdomain  = NULL,
    8.55  	/* grant table control hooks */
    8.56 -	.pre_grant_map_ref       	= ste_pre_grant_map_ref,
    8.57 -	.fail_grant_map_ref		= NULL,
    8.58 -	.pre_grant_setup	       	= ste_pre_grant_setup,
    8.59 -	.fail_grant_setup		= NULL,
    8.60 +	.pre_grant_map_ref      = ste_pre_grant_map_ref,
    8.61 +	.fail_grant_map_ref     = NULL,
    8.62 +	.pre_grant_setup        = ste_pre_grant_setup,
    8.63 +	.fail_grant_setup       = NULL,
    8.64  };
     9.1 --- a/xen/common/acm_ops.c	Fri Sep 02 07:55:45 2005 +0000
     9.2 +++ b/xen/common/acm_ops.c	Fri Sep 02 07:59:12 2005 +0000
     9.3 @@ -19,6 +19,7 @@
     9.4  #include <xen/types.h>
     9.5  #include <xen/lib.h>
     9.6  #include <xen/mm.h>
     9.7 +#include <public/acm.h>
     9.8  #include <public/acm_ops.h>
     9.9  #include <xen/sched.h>
    9.10  #include <xen/event.h>
    9.11 @@ -41,7 +42,8 @@ typedef enum acm_operation {
    9.12      POLICY,                     /* access to policy interface (early drop) */
    9.13      GETPOLICY,                  /* dump policy cache */
    9.14      SETPOLICY,                  /* set policy cache (controls security) */
    9.15 -    DUMPSTATS                   /* dump policy statistics */
    9.16 +    DUMPSTATS,                  /* dump policy statistics */
    9.17 +    GETSSID                     /* retrieve ssidref for domain id */
    9.18  } acm_operation_t;
    9.19  
    9.20  int acm_authorize_acm_ops(struct domain *d, acm_operation_t pops)
    9.21 @@ -117,6 +119,35 @@ long do_acm_op(acm_op_t * u_acm_op)
    9.22          }
    9.23          break;
    9.24  
    9.25 +    case ACM_GETSSID:
    9.26 +        {
    9.27 +			ssidref_t ssidref;
    9.28 +
    9.29 +            if (acm_authorize_acm_ops(current->domain, GETSSID))
    9.30 +                return -EACCES;
    9.31 +
    9.32 +			if (op->u.getssid.get_ssid_by == SSIDREF)
    9.33 +				ssidref = op->u.getssid.id.ssidref;
    9.34 +			else if (op->u.getssid.get_ssid_by == DOMAINID) {
    9.35 +				struct domain *subj = find_domain_by_id(op->u.getssid.id.domainid);
    9.36 +				if (!subj)
    9.37 +					return -ESRCH; /* domain not found */
    9.38 +
    9.39 +				ssidref = ((struct acm_ssid_domain *)(subj->ssid))->ssidref;
    9.40 +				put_domain(subj);
    9.41 +			} else
    9.42 +				return -ESRCH;
    9.43 +
    9.44 +            ret = acm_get_ssid(ssidref,
    9.45 +                               op->u.getssid.ssidbuf,
    9.46 +                               op->u.getssid.ssidbuf_size);
    9.47 +            if (ret == ACM_OK)
    9.48 +                ret = 0;
    9.49 +            else
    9.50 +                ret = -ESRCH;
    9.51 +        }
    9.52 +        break;
    9.53 +
    9.54      default:
    9.55          ret = -ESRCH;
    9.56  
    10.1 --- a/xen/include/acm/acm_core.h	Fri Sep 02 07:55:45 2005 +0000
    10.2 +++ b/xen/include/acm/acm_core.h	Fri Sep 02 07:59:12 2005 +0000
    10.3 @@ -101,9 +101,15 @@ struct ste_ssid {
    10.4   *	primary ssidref   = lower 16 bit
    10.5   *      secondary ssidref = higher 16 bit
    10.6   */
    10.7 +#define ACM_PRIMARY(ssidref) \
    10.8 +	((ssidref) & 0xffff)
    10.9 +
   10.10 +#define ACM_SECONDARY(ssidref) \
   10.11 +	((ssidref) >> 16)
   10.12 +
   10.13  #define GET_SSIDREF(POLICY, ssidref) \
   10.14  	((POLICY) == acm_bin_pol.primary_policy_code) ? \
   10.15 -	((ssidref) & 0xffff) : ((ssidref) >> 16)
   10.16 +	ACM_PRIMARY(ssidref) : ACM_SECONDARY(ssidref)
   10.17  
   10.18  /* macros to access ssid pointer for primary / secondary policy */
   10.19  #define GET_SSIDP(POLICY, ssid) \
   10.20 @@ -116,6 +122,7 @@ int acm_free_domain_ssid(struct acm_ssid
   10.21  int acm_set_policy(void *buf, u16 buf_size, int isuserbuffer);
   10.22  int acm_get_policy(void *buf, u16 buf_size);
   10.23  int acm_dump_statistics(void *buf, u16 buf_size);
   10.24 +int acm_get_ssid(ssidref_t ssidref, u8 *buf, u16 buf_size);
   10.25  
   10.26  #endif
   10.27  
    11.1 --- a/xen/include/acm/acm_hooks.h	Fri Sep 02 07:55:45 2005 +0000
    11.2 +++ b/xen/include/acm/acm_hooks.h	Fri Sep 02 07:59:12 2005 +0000
    11.3 @@ -92,6 +92,7 @@ struct acm_operations {
    11.4      int  (*dump_binary_policy)         (u8 *buffer, u16 buf_size);
    11.5      int  (*set_binary_policy)          (u8 *buffer, u16 buf_size);
    11.6      int  (*dump_statistics)            (u8 *buffer, u16 buf_size);
    11.7 +    int  (*dump_ssid_types)            (ssidref_t ssidref, u8 *buffer, u16 buf_size);
    11.8      /* domain management control hooks (can be NULL) */
    11.9      int  (*pre_domain_create)          (void *subject_ssid, ssidref_t ssidref);
   11.10      void (*post_domain_create)         (domid_t domid, ssidref_t ssidref);
    12.1 --- a/xen/include/public/acm.h	Fri Sep 02 07:55:45 2005 +0000
    12.2 +++ b/xen/include/public/acm.h	Fri Sep 02 07:59:12 2005 +0000
    12.3 @@ -56,20 +56,22 @@
    12.4  #define ACM_ACCESS_DENIED		-111
    12.5  #define ACM_NULL_POINTER_ERROR		-200
    12.6  
    12.7 -#define ACM_MAX_POLICY  3
    12.8 -
    12.9 +/* primary policy in lower 4 bits */
   12.10  #define ACM_NULL_POLICY	0
   12.11  #define ACM_CHINESE_WALL_POLICY	1
   12.12  #define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2
   12.13 -#define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY 3
   12.14 +
   12.15 +/* combinations have secondary policy component in higher 4bit */
   12.16 +#define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY \
   12.17 +    ((ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY << 4) | ACM_CHINESE_WALL_POLICY)
   12.18  
   12.19  /* policy: */
   12.20  #define ACM_POLICY_NAME(X) \
   12.21 -	(X == ACM_NULL_POLICY) ? "NULL policy" : \
   12.22 -	(X == ACM_CHINESE_WALL_POLICY) ? "CHINESE WALL policy" : \
   12.23 -	(X == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "SIMPLE TYPE ENFORCEMENT policy" : \
   12.24 -	(X == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \
   12.25 -	"UNDEFINED policy"
   12.26 +	((X) == (ACM_NULL_POLICY)) ? "NULL policy" :                        \
   12.27 +    ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL policy" :        \
   12.28 +    ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT policy" : \
   12.29 +    ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \
   12.30 +     "UNDEFINED policy"
   12.31  
   12.32  /* the following policy versions must be increased
   12.33   * whenever the interpretation of the related
   12.34 @@ -122,7 +124,7 @@ typedef u16 domaintype_t;
   12.35   */
   12.36  struct acm_policy_buffer {
   12.37  	u32 policy_version; /* ACM_POLICY_VERSION */
   12.38 -        u32 magic;
   12.39 +    u32 magic;
   12.40  	u32 len;
   12.41  	u32 primary_policy_code;
   12.42  	u32 primary_buffer_offset;
   12.43 @@ -151,7 +153,7 @@ struct acm_ste_policy_buffer {
   12.44  };
   12.45  
   12.46  struct acm_stats_buffer {
   12.47 -        u32 magic;
   12.48 +    u32 magic;
   12.49  	u32 len;
   12.50  	u32 primary_policy_code;
   12.51  	u32 primary_stats_offset;
   12.52 @@ -168,5 +170,15 @@ struct acm_ste_stats_buffer {
   12.53  	u32 gt_cachehit_count;
   12.54  };
   12.55  
   12.56 +struct acm_ssid_buffer {
   12.57 +	u32 len;
   12.58 +    ssidref_t ssidref;
   12.59 +	u32 primary_policy_code;
   12.60 +	u32 primary_max_types;
   12.61 +    u32 primary_types_offset;
   12.62 +	u32 secondary_policy_code;
   12.63 +    u32 secondary_max_types;
   12.64 +	u32 secondary_types_offset;
   12.65 +};
   12.66  
   12.67  #endif
    13.1 --- a/xen/include/public/acm_ops.h	Fri Sep 02 07:55:45 2005 +0000
    13.2 +++ b/xen/include/public/acm_ops.h	Fri Sep 02 07:59:12 2005 +0000
    13.3 @@ -1,3 +1,4 @@
    13.4 +
    13.5  /******************************************************************************
    13.6   * acm_ops.h
    13.7   *
    13.8 @@ -27,7 +28,7 @@
    13.9   * This makes sure that old versions of acm tools will stop working in a
   13.10   * well-defined way (rather than crashing the machine, for instance).
   13.11   */
   13.12 -#define ACM_INTERFACE_VERSION   0xAAAA0003
   13.13 +#define ACM_INTERFACE_VERSION   0xAAAA0004
   13.14  
   13.15  /************************************************************************/
   13.16  
   13.17 @@ -46,6 +47,7 @@ typedef struct acm_getpolicy {
   13.18      u16 pullcache_size;
   13.19  } acm_getpolicy_t;
   13.20  
   13.21 +
   13.22  #define ACM_DUMPSTATS        	6
   13.23  typedef struct acm_dumpstats {
   13.24      void *pullcache;
   13.25 @@ -53,6 +55,18 @@ typedef struct acm_dumpstats {
   13.26  } acm_dumpstats_t;
   13.27  
   13.28  
   13.29 +#define ACM_GETSSID          	7
   13.30 +enum get_type {UNSET, SSIDREF, DOMAINID};
   13.31 +typedef struct acm_getssid {
   13.32 +	enum get_type get_ssid_by;
   13.33 +	union {
   13.34 +		domaintype_t domainid;
   13.35 +		ssidref_t    ssidref;
   13.36 +	} id;
   13.37 +    void *ssidbuf;
   13.38 +    u16 ssidbuf_size;
   13.39 +} acm_getssid_t;
   13.40 +
   13.41  typedef struct acm_op {
   13.42      u32 cmd;
   13.43      u32 interface_version;      /* ACM_INTERFACE_VERSION */
   13.44 @@ -60,6 +74,7 @@ typedef struct acm_op {
   13.45          acm_setpolicy_t setpolicy;
   13.46          acm_getpolicy_t getpolicy;
   13.47          acm_dumpstats_t dumpstats;
   13.48 +        acm_getssid_t getssid;
   13.49      } u;
   13.50  } acm_op_t;
   13.51