ia64/xen-unstable
changeset 9831:0a5183b3e7bb
This patch adds support in the hypervisor for the policy name attribute
introduced into security policies. It also fixes a minor problem related
to handling unsupported boot policies.
Signed-off by: Reiner Sailer <sailer@us.ibm.com>
introduced into security policies. It also fixes a minor problem related
to handling unsupported boot policies.
Signed-off by: Reiner Sailer <sailer@us.ibm.com>
| author | smh22@firebug.cl.cam.ac.uk |
|---|---|
| date | Mon Apr 24 10:51:20 2006 +0100 (2006-04-24) |
| parents | 9a5bc502a77a |
| children | ad30019015a2 |
| files | xen/acm/acm_core.c xen/acm/acm_policy.c xen/include/acm/acm_core.h xen/include/public/acm.h xen/include/public/acm_ops.h |
line diff
1.1 --- a/xen/acm/acm_core.c Mon Apr 24 10:50:38 2006 +0100 1.2 +++ b/xen/acm/acm_core.c Mon Apr 24 10:51:20 2006 +0100 1.3 @@ -70,17 +70,46 @@ acm_set_endian(void) 1.4 u32 test = 1; 1.5 if (*((u8 *)&test) == 1) 1.6 { 1.7 - printk("ACM module running in LITTLE ENDIAN.\n"); 1.8 + printkd("ACM module running in LITTLE ENDIAN.\n"); 1.9 little_endian = 1; 1.10 } 1.11 else 1.12 { 1.13 - printk("ACM module running in BIG ENDIAN.\n"); 1.14 + printkd("ACM module running in BIG ENDIAN.\n"); 1.15 little_endian = 0; 1.16 } 1.17 } 1.18 1.19 int 1.20 +acm_set_policy_reference(u8 * buf, u32 buf_size) 1.21 +{ 1.22 + struct acm_policy_reference_buffer *pr = (struct acm_policy_reference_buffer *)buf; 1.23 + acm_bin_pol.policy_reference_name = (char *)xmalloc_array(u8, ntohl(pr->len)); 1.24 + 1.25 + if (!acm_bin_pol.policy_reference_name) 1.26 + return -ENOMEM; 1.27 + 1.28 + strcpy(acm_bin_pol.policy_reference_name, (char *)(buf + sizeof(struct acm_policy_reference_buffer))); 1.29 + printk("%s: Activating policy %s\n", __func__, acm_bin_pol.policy_reference_name); 1.30 + return 0; 1.31 +} 1.32 + 1.33 +int 1.34 +acm_dump_policy_reference(u8 *buf, u32 buf_size) 1.35 +{ 1.36 + struct acm_policy_reference_buffer *pr_buf = (struct acm_policy_reference_buffer *)buf; 1.37 + int ret = sizeof(struct acm_policy_reference_buffer) + strlen(acm_bin_pol.policy_reference_name) + 1; 1.38 + 1.39 + if (buf_size < ret) 1.40 + return -EINVAL; 1.41 + 1.42 + pr_buf->len = htonl(strlen(acm_bin_pol.policy_reference_name) + 1); /* including stringend '\0' */ 1.43 + strcpy((char *)(buf + sizeof(struct acm_policy_reference_buffer)), 1.44 + acm_bin_pol.policy_reference_name); 1.45 + return ret; 1.46 +} 1.47 + 1.48 +int 1.49 acm_init_binary_policy(u32 policy_code) 1.50 { 1.51 int ret = ACM_OK; 1.52 @@ -198,7 +227,7 @@ acm_setup(unsigned int *initrdidx, 1.53 0); 1.54 if (rc == ACM_OK) 1.55 { 1.56 - printf("Policy len 0x%lx, start at %p.\n",_policy_len,_policy_start); 1.57 + printkd("Policy len 0x%lx, start at %p.\n",_policy_len,_policy_start); 1.58 if (i == 1) 1.59 { 1.60 if (mbi->mods_count > 2) 1.61 @@ -218,6 +247,8 @@ acm_setup(unsigned int *initrdidx, 1.62 else 1.63 { 1.64 printk("Invalid policy. %d.th module line.\n", i+1); 1.65 + /* load default policy later */ 1.66 + acm_active_security_policy = ACM_POLICY_UNDEFINED; 1.67 } 1.68 } /* end if a binary policy definition, i.e., (ntohl(pol->magic) == ACM_MAGIC ) */ 1.69 } 1.70 @@ -239,10 +270,8 @@ acm_init(unsigned int *initrdidx, 1.71 1.72 if (acm_active_security_policy != ACM_POLICY_UNDEFINED) 1.73 { 1.74 - printk("%s: Boot-Policy. Enforcing %s: Primary %s, Secondary %s.\n", __func__, 1.75 - ACM_POLICY_NAME(acm_active_security_policy), 1.76 - ACM_POLICY_NAME(acm_bin_pol.primary_policy_code), 1.77 - ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code)); 1.78 + printk("%s: Enforcing %s boot policy.\n", __func__, 1.79 + ACM_POLICY_NAME(acm_active_security_policy)); 1.80 goto out; 1.81 } 1.82 /* else continue with the minimal hardcoded default startup policy */ 1.83 @@ -254,6 +283,10 @@ acm_init(unsigned int *initrdidx, 1.84 goto out; 1.85 } 1.86 acm_active_security_policy = ACM_DEFAULT_SECURITY_POLICY; 1.87 + if (acm_active_security_policy != ACM_NULL_POLICY) 1.88 + acm_bin_pol.policy_reference_name = "DEFAULT"; 1.89 + else 1.90 + acm_bin_pol.policy_reference_name = "NULL"; 1.91 1.92 out: 1.93 if (ret != ACM_OK) 1.94 @@ -314,7 +347,7 @@ acm_init_domain_ssid(domid_t id, ssidref 1.95 put_domain(subj); 1.96 return ACM_INIT_SSID_ERROR; 1.97 } 1.98 - printk("%s: assigned domain %x the ssidref=%x.\n", 1.99 + printkd("%s: assigned domain %x the ssidref=%x.\n", 1.100 __func__, id, ssid->ssidref); 1.101 put_domain(subj); 1.102 return ACM_OK;
2.1 --- a/xen/acm/acm_policy.c Mon Apr 24 10:50:38 2006 +0100 2.2 +++ b/xen/acm/acm_policy.c Mon Apr 24 10:51:20 2006 +0100 2.3 @@ -85,13 +85,19 @@ acm_set_policy(void *buf, u32 buf_size, 2.4 /* get bin_policy lock and rewrite policy (release old one) */ 2.5 write_lock(&acm_bin_pol_rwlock); 2.6 2.7 - /* 3. set primary policy data */ 2.8 + /* 3. set label reference name */ 2.9 + if (acm_set_policy_reference(buf + ntohl(pol->policy_reference_offset), 2.10 + ntohl(pol->primary_buffer_offset) - 2.11 + ntohl(pol->policy_reference_offset))) 2.12 + goto error_lock_free; 2.13 + 2.14 + /* 4. set primary policy data */ 2.15 if (acm_primary_ops->set_binary_policy(buf + ntohl(pol->primary_buffer_offset), 2.16 ntohl(pol->secondary_buffer_offset) - 2.17 ntohl(pol->primary_buffer_offset))) 2.18 goto error_lock_free; 2.19 2.20 - /* 4. set secondary policy data */ 2.21 + /* 5. set secondary policy data */ 2.22 if (acm_secondary_ops->set_binary_policy(buf + ntohl(pol->secondary_buffer_offset), 2.23 ntohl(pol->len) - 2.24 ntohl(pol->secondary_buffer_offset))) 2.25 @@ -130,9 +136,18 @@ acm_get_policy(void *buf, u32 buf_size) 2.26 bin_pol->secondary_policy_code = htonl(acm_bin_pol.secondary_policy_code); 2.27 2.28 bin_pol->len = htonl(sizeof(struct acm_policy_buffer)); 2.29 + bin_pol->policy_reference_offset = htonl(ntohl(bin_pol->len)); 2.30 bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len)); 2.31 bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len)); 2.32 2.33 + ret = acm_dump_policy_reference(policy_buffer + ntohl(bin_pol->policy_reference_offset), 2.34 + buf_size - ntohl(bin_pol->policy_reference_offset)); 2.35 + if (ret < 0) 2.36 + goto error_free_unlock; 2.37 + 2.38 + bin_pol->len = htonl(ntohl(bin_pol->len) + ret); 2.39 + bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len)); 2.40 + 2.41 ret = acm_primary_ops->dump_binary_policy (policy_buffer + ntohl(bin_pol->primary_buffer_offset), 2.42 buf_size - ntohl(bin_pol->primary_buffer_offset)); 2.43 if (ret < 0) 2.44 @@ -227,6 +242,14 @@ acm_get_ssid(ssidref_t ssidref, u8 *buf, 2.45 acm_ssid->ssidref = ssidref; 2.46 acm_ssid->primary_policy_code = acm_bin_pol.primary_policy_code; 2.47 acm_ssid->secondary_policy_code = acm_bin_pol.secondary_policy_code; 2.48 + 2.49 + acm_ssid->policy_reference_offset = acm_ssid->len; 2.50 + ret = acm_dump_policy_reference(ssid_buffer + acm_ssid->policy_reference_offset, 2.51 + buf_size - acm_ssid->policy_reference_offset); 2.52 + if (ret < 0) 2.53 + goto error_free_unlock; 2.54 + 2.55 + acm_ssid->len += ret; 2.56 acm_ssid->primary_types_offset = acm_ssid->len; 2.57 2.58 /* ret >= 0 --> ret == max_types */
3.1 --- a/xen/include/acm/acm_core.h Mon Apr 24 10:50:38 2006 +0100 3.2 +++ b/xen/include/acm/acm_core.h Mon Apr 24 10:51:20 2006 +0100 3.3 @@ -26,6 +26,7 @@ 3.4 3.5 /* Xen-internal representation of the binary policy */ 3.6 struct acm_binary_policy { 3.7 + char *policy_reference_name; 3.8 u16 primary_policy_code; 3.9 u16 secondary_policy_code; 3.10 }; 3.11 @@ -124,7 +125,8 @@ int acm_get_policy(void *buf, u32 buf_si 3.12 int acm_dump_statistics(void *buf, u16 buf_size); 3.13 int acm_get_ssid(ssidref_t ssidref, u8 *buf, u16 buf_size); 3.14 int acm_get_decision(ssidref_t ssidref1, ssidref_t ssidref2, enum acm_hook_type hook); 3.15 - 3.16 +int acm_set_policy_reference(u8 * buf, u32 buf_size); 3.17 +int acm_dump_policy_reference(u8 *buf, u32 buf_size); 3.18 #endif 3.19 3.20 /*
4.1 --- a/xen/include/public/acm.h Mon Apr 24 10:50:38 2006 +0100 4.2 +++ b/xen/include/public/acm.h Mon Apr 24 10:51:20 2006 +0100 4.3 @@ -51,17 +51,17 @@ 4.4 4.5 /* policy: */ 4.6 #define ACM_POLICY_NAME(X) \ 4.7 - ((X) == (ACM_NULL_POLICY)) ? "NULL policy" : \ 4.8 - ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL policy" : \ 4.9 - ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT policy" : \ 4.10 - ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \ 4.11 - "UNDEFINED policy" 4.12 + ((X) == (ACM_NULL_POLICY)) ? "NULL" : \ 4.13 + ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL" : \ 4.14 + ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT" : \ 4.15 + ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT" : \ 4.16 + "UNDEFINED" 4.17 4.18 /* the following policy versions must be increased 4.19 * whenever the interpretation of the related 4.20 * policy's data structure changes 4.21 */ 4.22 -#define ACM_POLICY_VERSION 1 4.23 +#define ACM_POLICY_VERSION 2 4.24 #define ACM_CHWALL_VERSION 1 4.25 #define ACM_STE_VERSION 1 4.26 4.27 @@ -113,12 +113,17 @@ struct acm_policy_buffer { 4.28 uint32_t policy_version; /* ACM_POLICY_VERSION */ 4.29 uint32_t magic; 4.30 uint32_t len; 4.31 + uint32_t policy_reference_offset; 4.32 uint32_t primary_policy_code; 4.33 uint32_t primary_buffer_offset; 4.34 uint32_t secondary_policy_code; 4.35 uint32_t secondary_buffer_offset; 4.36 }; 4.37 4.38 +struct acm_policy_reference_buffer { 4.39 + uint32_t len; 4.40 +}; 4.41 + 4.42 struct acm_chwall_policy_buffer { 4.43 uint32_t policy_version; /* ACM_CHWALL_VERSION */ 4.44 uint32_t policy_code; 4.45 @@ -160,6 +165,7 @@ struct acm_ste_stats_buffer { 4.46 struct acm_ssid_buffer { 4.47 uint32_t len; 4.48 ssidref_t ssidref; 4.49 + uint32_t policy_reference_offset; 4.50 uint32_t primary_policy_code; 4.51 uint32_t primary_max_types; 4.52 uint32_t primary_types_offset;
5.1 --- a/xen/include/public/acm_ops.h Mon Apr 24 10:50:38 2006 +0100 5.2 +++ b/xen/include/public/acm_ops.h Mon Apr 24 10:51:20 2006 +0100 5.3 @@ -17,7 +17,7 @@ 5.4 * This makes sure that old versions of acm tools will stop working in a 5.5 * well-defined way (rather than crashing the machine, for instance). 5.6 */ 5.7 -#define ACM_INTERFACE_VERSION 0xAAAA0005 5.8 +#define ACM_INTERFACE_VERSION 0xAAAA0006 5.9 5.10 /************************************************************************/ 5.11