ia64/xen-unstable

changeset 17359:05ac689a9473

xen: XSPolicy.can_run hypervisor support

Add functionality for checking whether a domain is in a conflict set
with existing domains.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author Keir Fraser <keir.fraser@citrix.com>
date Tue Apr 01 10:06:58 2008 +0100 (2008-04-01)
parents 76c4af29842f
children 6a7a61c26b14
files xen/include/public/xsm/acm.h xen/include/xsm/acm/acm_hooks.h xen/xsm/acm/acm_chinesewall_hooks.c xen/xsm/acm/acm_policy.c xen/xsm/acm/acm_simple_type_enforcement_hooks.c
line diff
     1.1 --- a/xen/include/public/xsm/acm.h	Tue Apr 01 10:05:52 2008 +0100
     1.2 +++ b/xen/include/public/xsm/acm.h	Tue Apr 01 10:06:58 2008 +0100
     1.3 @@ -102,6 +102,7 @@ typedef uint32_t ssidref_t;
     1.4  #define ACMHOOK_none          0
     1.5  #define ACMHOOK_sharing       1
     1.6  #define ACMHOOK_authorization 2
     1.7 +#define ACMHOOK_conflictset   3
     1.8  
     1.9  /* -------security policy relevant type definitions-------- */
    1.10  
     2.1 --- a/xen/include/xsm/acm/acm_hooks.h	Tue Apr 01 10:05:52 2008 +0100
     2.2 +++ b/xen/include/xsm/acm/acm_hooks.h	Tue Apr 01 10:06:58 2008 +0100
     2.3 @@ -116,6 +116,7 @@ struct acm_operations {
     2.4                                          ssidref_t ssidref2);
     2.5      int (*authorization)               (ssidref_t ssidref1,
     2.6                                          ssidref_t ssidref2);
     2.7 +    int (*conflictset)                 (ssidref_t ssidref1);
     2.8      /* determine whether the default policy is installed */
     2.9      int (*is_default_policy)           (void);
    2.10  };
    2.11 @@ -151,6 +152,8 @@ static inline int acm_sharing(ssidref_t 
    2.12  { return 0; }
    2.13  static inline int acm_authorization(ssidref_t ssidref1, ssidref_t ssidref2)
    2.14  { return 0; }
    2.15 +static inline int acm_conflictset(ssidref_t ssidref1)
    2.16 +{ return 0; }
    2.17  static inline int acm_domain_create(struct domain *d, ssidref_t ssidref)
    2.18  { return 0; }
    2.19  static inline void acm_domain_destroy(struct domain *d)
    2.20 @@ -329,6 +332,17 @@ static inline int acm_authorization(ssid
    2.21  }
    2.22  
    2.23  
    2.24 +static inline int acm_conflictset(ssidref_t ssidref1)
    2.25 +{
    2.26 +    if ((acm_primary_ops->conflictset != NULL) &&
    2.27 +        acm_primary_ops->conflictset(ssidref1))
    2.28 +        return ACM_ACCESS_DENIED;
    2.29 +    else if ((acm_secondary_ops->conflictset != NULL) &&
    2.30 +             acm_secondary_ops->conflictset(ssidref1))
    2.31 +        return ACM_ACCESS_DENIED;
    2.32 +    return ACM_ACCESS_PERMITTED;
    2.33 +}
    2.34 +
    2.35  /* Return true iff buffer has an acm policy magic number.  */
    2.36  extern int acm_is_policy(char *buf, unsigned long len);
    2.37  
     3.1 --- a/xen/xsm/acm/acm_chinesewall_hooks.c	Tue Apr 01 10:05:52 2008 +0100
     3.2 +++ b/xen/xsm/acm/acm_chinesewall_hooks.c	Tue Apr 01 10:06:58 2008 +0100
     3.3 @@ -641,6 +641,41 @@ static int chwall_is_default_policy(void
     3.4               (chwall_bin_pol.max_ssidrefs == 2 ) );
     3.5  }
     3.6  
     3.7 +
     3.8 +static int chwall_is_in_conflictset(ssidref_t ssidref1)
     3.9 +{
    3.10 +    /* is ssidref1 in conflict with any running domains ? */
    3.11 +    int rc = 0;
    3.12 +    int i, j;
    3.13 +    ssidref_t ssid_chwall;
    3.14 +
    3.15 +    read_lock(&acm_bin_pol_rwlock);
    3.16 +
    3.17 +    ssid_chwall = GET_SSIDREF(ACM_CHINESE_WALL_POLICY, ssidref1);
    3.18 +
    3.19 +    if ( ssid_chwall >= 0 && ssid_chwall < chwall_bin_pol.max_ssidrefs ) {
    3.20 +        for ( i = 0; i < chwall_bin_pol.max_conflictsets && rc == 0; i++ ) {
    3.21 +            for ( j = 0; j < chwall_bin_pol.max_types; j++ ) {
    3.22 +                if ( chwall_bin_pol.conflict_aggregate_set
    3.23 +                                 [i * chwall_bin_pol.max_types + j] &&
    3.24 +                     chwall_bin_pol.ssidrefs
    3.25 +                                 [ssid_chwall * chwall_bin_pol.max_types + j])
    3.26 +                {
    3.27 +                    rc = 1;
    3.28 +                    break;
    3.29 +                }
    3.30 +            }
    3.31 +        }
    3.32 +    } else {
    3.33 +        rc = 1;
    3.34 +    }
    3.35 +
    3.36 +    read_unlock(&acm_bin_pol_rwlock);
    3.37 +
    3.38 +    return rc;
    3.39 +}
    3.40 +
    3.41 +
    3.42  struct acm_operations acm_chinesewall_ops = {
    3.43      /* policy management services */
    3.44      .init_domain_ssid = chwall_init_domain_ssid,
    3.45 @@ -666,6 +701,7 @@ struct acm_operations acm_chinesewall_op
    3.46      /* generic domain-requested decision hooks */
    3.47      .sharing = NULL,
    3.48      .authorization = NULL,
    3.49 +    .conflictset = chwall_is_in_conflictset,
    3.50  
    3.51      .is_default_policy = chwall_is_default_policy,
    3.52  };
     4.1 --- a/xen/xsm/acm/acm_policy.c	Tue Apr 01 10:05:52 2008 +0100
     4.2 +++ b/xen/xsm/acm/acm_policy.c	Tue Apr 01 10:06:58 2008 +0100
     4.3 @@ -446,6 +446,9 @@ acm_get_decision(ssidref_t ssidref1, ssi
     4.4          ret = acm_authorization(ssidref1, ssidref2);
     4.5          break;
     4.6  
     4.7 +    case ACMHOOK_conflictset:
     4.8 +        ret = acm_conflictset(ssidref1);
     4.9 +
    4.10      default:
    4.11          /* deny */
    4.12          break;
     5.1 --- a/xen/xsm/acm/acm_simple_type_enforcement_hooks.c	Tue Apr 01 10:05:52 2008 +0100
     5.2 +++ b/xen/xsm/acm/acm_simple_type_enforcement_hooks.c	Tue Apr 01 10:06:58 2008 +0100
     5.3 @@ -899,8 +899,10 @@ struct acm_operations acm_simple_type_en
     5.4      .fail_grant_map_ref     = NULL,
     5.5      .pre_grant_setup        = ste_pre_grant_setup,
     5.6      .fail_grant_setup       = NULL,
     5.7 +    /* generic domain-requested decision hooks */
     5.8      .sharing                = ste_sharing,
     5.9      .authorization          = ste_authorization,
    5.10 +    .conflictset            = NULL,
    5.11  
    5.12      .is_default_policy      = ste_is_default_policy,
    5.13  };