ia64/xen-unstable

changeset 9831:0a5183b3e7bb

This patch adds support in the hypervisor for the policy name attribute
introduced into security policies. It also fixes a minor problem related
to handling unsupported boot policies.

Signed-off by: Reiner Sailer <sailer@us.ibm.com>
author smh22@firebug.cl.cam.ac.uk
date Mon Apr 24 10:51:20 2006 +0100 (2006-04-24)
parents 9a5bc502a77a
children ad30019015a2
files xen/acm/acm_core.c xen/acm/acm_policy.c xen/include/acm/acm_core.h xen/include/public/acm.h xen/include/public/acm_ops.h
line diff
     1.1 --- a/xen/acm/acm_core.c	Mon Apr 24 10:50:38 2006 +0100
     1.2 +++ b/xen/acm/acm_core.c	Mon Apr 24 10:51:20 2006 +0100
     1.3 @@ -70,17 +70,46 @@ acm_set_endian(void)
     1.4      u32 test = 1;
     1.5      if (*((u8 *)&test) == 1)
     1.6      {
     1.7 -        printk("ACM module running in LITTLE ENDIAN.\n");
     1.8 +        printkd("ACM module running in LITTLE ENDIAN.\n");
     1.9          little_endian = 1;
    1.10      }
    1.11      else
    1.12      {
    1.13 -        printk("ACM module running in BIG ENDIAN.\n");
    1.14 +        printkd("ACM module running in BIG ENDIAN.\n");
    1.15          little_endian = 0;
    1.16      }
    1.17  }
    1.18  
    1.19  int
    1.20 +acm_set_policy_reference(u8 * buf, u32 buf_size)
    1.21 +{
    1.22 +    struct acm_policy_reference_buffer *pr = (struct acm_policy_reference_buffer *)buf;
    1.23 +    acm_bin_pol.policy_reference_name = (char *)xmalloc_array(u8, ntohl(pr->len));
    1.24 +
    1.25 +    if (!acm_bin_pol.policy_reference_name)
    1.26 +        return -ENOMEM;
    1.27 +
    1.28 +    strcpy(acm_bin_pol.policy_reference_name, (char *)(buf + sizeof(struct acm_policy_reference_buffer)));
    1.29 +    printk("%s: Activating policy %s\n", __func__, acm_bin_pol.policy_reference_name);
    1.30 +    return 0;
    1.31 +}
    1.32 +
    1.33 +int
    1.34 +acm_dump_policy_reference(u8 *buf, u32 buf_size)
    1.35 +{
    1.36 +    struct acm_policy_reference_buffer *pr_buf = (struct acm_policy_reference_buffer *)buf;
    1.37 +    int ret = sizeof(struct acm_policy_reference_buffer) + strlen(acm_bin_pol.policy_reference_name) + 1;
    1.38 +
    1.39 +    if (buf_size < ret)
    1.40 +        return -EINVAL;
    1.41 +
    1.42 +    pr_buf->len = htonl(strlen(acm_bin_pol.policy_reference_name) + 1); /* including stringend '\0' */
    1.43 +    strcpy((char *)(buf + sizeof(struct acm_policy_reference_buffer)),
    1.44 +           acm_bin_pol.policy_reference_name);
    1.45 +    return ret;
    1.46 +}
    1.47 +
    1.48 +int
    1.49  acm_init_binary_policy(u32 policy_code)
    1.50  {
    1.51      int ret = ACM_OK;
    1.52 @@ -198,7 +227,7 @@ acm_setup(unsigned int *initrdidx,
    1.53                                  0);
    1.54              if (rc == ACM_OK)
    1.55              {
    1.56 -                printf("Policy len  0x%lx, start at %p.\n",_policy_len,_policy_start);
    1.57 +                printkd("Policy len  0x%lx, start at %p.\n",_policy_len,_policy_start);
    1.58                  if (i == 1)
    1.59                  {
    1.60                      if (mbi->mods_count > 2)
    1.61 @@ -218,6 +247,8 @@ acm_setup(unsigned int *initrdidx,
    1.62              else
    1.63              {
    1.64                  printk("Invalid policy. %d.th module line.\n", i+1);
    1.65 +                /* load default policy later */
    1.66 +                acm_active_security_policy = ACM_POLICY_UNDEFINED;
    1.67              }
    1.68          } /* end if a binary policy definition, i.e., (ntohl(pol->magic) == ACM_MAGIC ) */
    1.69      }
    1.70 @@ -239,10 +270,8 @@ acm_init(unsigned int *initrdidx,
    1.71  
    1.72      if (acm_active_security_policy != ACM_POLICY_UNDEFINED)
    1.73      {
    1.74 -        printk("%s: Boot-Policy. Enforcing %s: Primary %s, Secondary %s.\n", __func__,
    1.75 -               ACM_POLICY_NAME(acm_active_security_policy),
    1.76 -               ACM_POLICY_NAME(acm_bin_pol.primary_policy_code),
    1.77 -               ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
    1.78 +        printk("%s: Enforcing %s boot policy.\n", __func__,
    1.79 +               ACM_POLICY_NAME(acm_active_security_policy));
    1.80          goto out;
    1.81      }
    1.82      /* else continue with the minimal hardcoded default startup policy */
    1.83 @@ -254,6 +283,10 @@ acm_init(unsigned int *initrdidx,
    1.84          goto out;
    1.85      }
    1.86      acm_active_security_policy = ACM_DEFAULT_SECURITY_POLICY;
    1.87 +    if (acm_active_security_policy != ACM_NULL_POLICY)
    1.88 +        acm_bin_pol.policy_reference_name = "DEFAULT";
    1.89 +    else
    1.90 +        acm_bin_pol.policy_reference_name = "NULL";
    1.91  
    1.92   out:
    1.93      if (ret != ACM_OK)
    1.94 @@ -314,7 +347,7 @@ acm_init_domain_ssid(domid_t id, ssidref
    1.95          put_domain(subj);
    1.96          return ACM_INIT_SSID_ERROR;
    1.97      }
    1.98 -    printk("%s: assigned domain %x the ssidref=%x.\n",
    1.99 +    printkd("%s: assigned domain %x the ssidref=%x.\n",
   1.100             __func__, id, ssid->ssidref);
   1.101      put_domain(subj);
   1.102      return ACM_OK;
     2.1 --- a/xen/acm/acm_policy.c	Mon Apr 24 10:50:38 2006 +0100
     2.2 +++ b/xen/acm/acm_policy.c	Mon Apr 24 10:51:20 2006 +0100
     2.3 @@ -85,13 +85,19 @@ acm_set_policy(void *buf, u32 buf_size, 
     2.4      /* get bin_policy lock and rewrite policy (release old one) */
     2.5      write_lock(&acm_bin_pol_rwlock);
     2.6  
     2.7 -    /* 3. set primary policy data */
     2.8 +    /* 3. set label reference name */
     2.9 +    if (acm_set_policy_reference(buf + ntohl(pol->policy_reference_offset),
    2.10 +                                 ntohl(pol->primary_buffer_offset) -
    2.11 +                                 ntohl(pol->policy_reference_offset)))
    2.12 +        goto error_lock_free;
    2.13 +
    2.14 +    /* 4. set primary policy data */
    2.15      if (acm_primary_ops->set_binary_policy(buf + ntohl(pol->primary_buffer_offset),
    2.16                                             ntohl(pol->secondary_buffer_offset) -
    2.17                                             ntohl(pol->primary_buffer_offset)))
    2.18          goto error_lock_free;
    2.19  
    2.20 -    /* 4. set secondary policy data */
    2.21 +    /* 5. set secondary policy data */
    2.22      if (acm_secondary_ops->set_binary_policy(buf + ntohl(pol->secondary_buffer_offset),
    2.23                                               ntohl(pol->len) - 
    2.24                                               ntohl(pol->secondary_buffer_offset)))
    2.25 @@ -130,9 +136,18 @@ acm_get_policy(void *buf, u32 buf_size)
    2.26      bin_pol->secondary_policy_code = htonl(acm_bin_pol.secondary_policy_code);
    2.27  
    2.28      bin_pol->len = htonl(sizeof(struct acm_policy_buffer));
    2.29 +    bin_pol->policy_reference_offset = htonl(ntohl(bin_pol->len));
    2.30      bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len));
    2.31      bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len));
    2.32       
    2.33 +    ret = acm_dump_policy_reference(policy_buffer + ntohl(bin_pol->policy_reference_offset),
    2.34 +                                    buf_size - ntohl(bin_pol->policy_reference_offset));
    2.35 +    if (ret < 0)
    2.36 +        goto error_free_unlock;
    2.37 +
    2.38 +    bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
    2.39 +    bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len));
    2.40 +
    2.41      ret = acm_primary_ops->dump_binary_policy (policy_buffer + ntohl(bin_pol->primary_buffer_offset),
    2.42                                                 buf_size - ntohl(bin_pol->primary_buffer_offset));
    2.43      if (ret < 0)
    2.44 @@ -227,6 +242,14 @@ acm_get_ssid(ssidref_t ssidref, u8 *buf,
    2.45      acm_ssid->ssidref = ssidref;
    2.46      acm_ssid->primary_policy_code = acm_bin_pol.primary_policy_code;
    2.47      acm_ssid->secondary_policy_code = acm_bin_pol.secondary_policy_code;
    2.48 +
    2.49 +    acm_ssid->policy_reference_offset = acm_ssid->len;
    2.50 +    ret = acm_dump_policy_reference(ssid_buffer + acm_ssid->policy_reference_offset,
    2.51 +                                    buf_size - acm_ssid->policy_reference_offset);
    2.52 +    if (ret < 0)
    2.53 +        goto error_free_unlock;
    2.54 +
    2.55 +    acm_ssid->len += ret;
    2.56      acm_ssid->primary_types_offset = acm_ssid->len;
    2.57  
    2.58      /* ret >= 0 --> ret == max_types */
     3.1 --- a/xen/include/acm/acm_core.h	Mon Apr 24 10:50:38 2006 +0100
     3.2 +++ b/xen/include/acm/acm_core.h	Mon Apr 24 10:51:20 2006 +0100
     3.3 @@ -26,6 +26,7 @@
     3.4  
     3.5  /* Xen-internal representation of the binary policy */
     3.6  struct acm_binary_policy {
     3.7 +    char *policy_reference_name;
     3.8      u16 primary_policy_code;
     3.9      u16 secondary_policy_code;
    3.10  };
    3.11 @@ -124,7 +125,8 @@ int acm_get_policy(void *buf, u32 buf_si
    3.12  int acm_dump_statistics(void *buf, u16 buf_size);
    3.13  int acm_get_ssid(ssidref_t ssidref, u8 *buf, u16 buf_size);
    3.14  int acm_get_decision(ssidref_t ssidref1, ssidref_t ssidref2, enum acm_hook_type hook);
    3.15 -
    3.16 +int acm_set_policy_reference(u8 * buf, u32 buf_size);
    3.17 +int acm_dump_policy_reference(u8 *buf, u32 buf_size);
    3.18  #endif
    3.19  
    3.20  /*
     4.1 --- a/xen/include/public/acm.h	Mon Apr 24 10:50:38 2006 +0100
     4.2 +++ b/xen/include/public/acm.h	Mon Apr 24 10:51:20 2006 +0100
     4.3 @@ -51,17 +51,17 @@
     4.4  
     4.5  /* policy: */
     4.6  #define ACM_POLICY_NAME(X) \
     4.7 - ((X) == (ACM_NULL_POLICY)) ? "NULL policy" :                        \
     4.8 -    ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL policy" :        \
     4.9 -    ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT policy" : \
    4.10 -    ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \
    4.11 -     "UNDEFINED policy"
    4.12 + ((X) == (ACM_NULL_POLICY)) ? "NULL" :                        \
    4.13 +    ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL" :        \
    4.14 +    ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT" : \
    4.15 +    ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT" : \
    4.16 +     "UNDEFINED"
    4.17  
    4.18  /* the following policy versions must be increased
    4.19   * whenever the interpretation of the related
    4.20   * policy's data structure changes
    4.21   */
    4.22 -#define ACM_POLICY_VERSION 1
    4.23 +#define ACM_POLICY_VERSION 2
    4.24  #define ACM_CHWALL_VERSION 1
    4.25  #define ACM_STE_VERSION  1
    4.26  
    4.27 @@ -113,12 +113,17 @@ struct acm_policy_buffer {
    4.28      uint32_t policy_version; /* ACM_POLICY_VERSION */
    4.29      uint32_t magic;
    4.30      uint32_t len;
    4.31 +    uint32_t policy_reference_offset;
    4.32      uint32_t primary_policy_code;
    4.33      uint32_t primary_buffer_offset;
    4.34      uint32_t secondary_policy_code;
    4.35      uint32_t secondary_buffer_offset;
    4.36  };
    4.37  
    4.38 +struct acm_policy_reference_buffer {
    4.39 +    uint32_t len;
    4.40 +};
    4.41 +
    4.42  struct acm_chwall_policy_buffer {
    4.43      uint32_t policy_version; /* ACM_CHWALL_VERSION */
    4.44      uint32_t policy_code;
    4.45 @@ -160,6 +165,7 @@ struct acm_ste_stats_buffer {
    4.46  struct acm_ssid_buffer {
    4.47      uint32_t len;
    4.48      ssidref_t ssidref;
    4.49 +    uint32_t policy_reference_offset;
    4.50      uint32_t primary_policy_code;
    4.51      uint32_t primary_max_types;
    4.52      uint32_t primary_types_offset;
     5.1 --- a/xen/include/public/acm_ops.h	Mon Apr 24 10:50:38 2006 +0100
     5.2 +++ b/xen/include/public/acm_ops.h	Mon Apr 24 10:51:20 2006 +0100
     5.3 @@ -17,7 +17,7 @@
     5.4   * This makes sure that old versions of acm tools will stop working in a
     5.5   * well-defined way (rather than crashing the machine, for instance).
     5.6   */
     5.7 -#define ACM_INTERFACE_VERSION   0xAAAA0005
     5.8 +#define ACM_INTERFACE_VERSION   0xAAAA0006
     5.9  
    5.10  /************************************************************************/
    5.11