ia64/xen-unstable
changeset 5536:1bbb7875ee6a
bitkeeper revision 1.1726.1.1 (42b973245ua3LQyqFtGRwXDwnRLDPw)
Compile-time ACM null-ops disables build of acm files.
Signed-off-by: Keir Fraser <keir@xensource.com>
Compile-time ACM null-ops disables build of acm files.
Signed-off-by: Keir Fraser <keir@xensource.com>
| author | kaf24@firebug.cl.cam.ac.uk |
|---|---|
| date | Wed Jun 22 14:18:12 2005 +0000 (2005-06-22) |
| parents | 4ef3760d61f0 |
| children | 15498ad4f5e0 |
| files | .rootkeys xen/Makefile xen/Rules.mk xen/arch/x86/setup.c xen/common/policy_ops.c xen/include/acm/acm_hooks.h xen/include/public/acm_dom0_setup.h |
line diff
1.1 --- a/.rootkeys Tue Jun 21 10:53:51 2005 +0000 1.2 +++ b/.rootkeys Wed Jun 22 14:18:12 2005 +0000 1.3 @@ -1513,7 +1513,6 @@ 404f1bc4tWkB9Qr8RkKtZGW5eMQzhw xen/inclu 1.4 422f27c8RHFkePhD34VIEpMMqofZcA xen/include/asm-x86/x86_emulate.h 1.5 400304fcmRQmDdFYEzDh0wcBba9alg xen/include/public/COPYING 1.6 42b742f6duiOTlZvysQkRYZHYBXqvg xen/include/public/acm.h 1.7 -42b742f7TIMsQgUaNDJXp3QlBve2SQ xen/include/public/acm_dom0_setup.h 1.8 421098b7OKb9YH_EUA_UpCxBjaqtgA xen/include/public/arch-ia64.h 1.9 404f1bc68SXxmv0zQpXBWGrCzSyp8w xen/include/public/arch-x86_32.h 1.10 404f1bc7IwU-qnH8mJeVu0YsNGMrcw xen/include/public/arch-x86_64.h
2.1 --- a/xen/Makefile Tue Jun 21 10:53:51 2005 +0000 2.2 +++ b/xen/Makefile Wed Jun 22 14:18:12 2005 +0000 2.3 @@ -59,7 +59,9 @@ clean: delete-unfresh-files 2.4 $(MAKE) include/asm-$(TARGET_ARCH)/asm-offsets.h 2.5 $(MAKE) -C common 2.6 $(MAKE) -C drivers 2.7 +ifdef ACM_USE_SECURITY_POLICY 2.8 $(MAKE) -C acm 2.9 +endif 2.10 $(MAKE) -C arch/$(TARGET_ARCH) 2.11 2.12 # drivers/char/console.o may contain static banner/compile info. Blow it away.
3.1 --- a/xen/Rules.mk Tue Jun 21 10:53:51 2005 +0000 3.2 +++ b/xen/Rules.mk Wed Jun 22 14:18:12 2005 +0000 3.3 @@ -35,7 +35,9 @@ OBJS += $(patsubst %.c,%.o,$(C_SRCS)) 3.4 ALL_OBJS := $(BASEDIR)/common/common.o 3.5 ALL_OBJS += $(BASEDIR)/drivers/char/driver.o 3.6 ALL_OBJS += $(BASEDIR)/drivers/acpi/driver.o 3.7 +ifdef ACM_USE_SECURITY_POLICY 3.8 ALL_OBJS += $(BASEDIR)/acm/acm.o 3.9 +endif 3.10 ALL_OBJS += $(BASEDIR)/arch/$(TARGET_ARCH)/arch.o 3.11 3.12
4.1 --- a/xen/arch/x86/setup.c Tue Jun 21 10:53:51 2005 +0000 4.2 +++ b/xen/arch/x86/setup.c Wed Jun 22 14:18:12 2005 +0000 4.3 @@ -20,7 +20,7 @@ 4.4 #include <asm/desc.h> 4.5 #include <asm/shadow.h> 4.6 #include <asm/e820.h> 4.7 -#include <public/acm_dom0_setup.h> 4.8 +#include <acm/acm_hooks.h> 4.9 4.10 extern void dmi_scan_machine(void); 4.11 extern void generic_apic_probe(void); 4.12 @@ -188,7 +188,7 @@ static void __init start_of_day(void) 4.13 4.14 arch_init_memory(); 4.15 4.16 - scheduler_init(); 4.17 + scheduler_init(); 4.18 4.19 identify_cpu(&boot_cpu_data); 4.20 if ( cpu_has_fxsr ) 4.21 @@ -383,8 +383,8 @@ void __init __start_xen(multiboot_info_t 4.22 4.23 init_xenheap_pages(xenheap_phys_start, xenheap_phys_end); 4.24 printk("Xen heap: %luMB (%lukB)\n", 4.25 - (xenheap_phys_end-xenheap_phys_start) >> 20, 4.26 - (xenheap_phys_end-xenheap_phys_start) >> 10); 4.27 + (xenheap_phys_end-xenheap_phys_start) >> 20, 4.28 + (xenheap_phys_end-xenheap_phys_start) >> 10); 4.29 4.30 early_boot = 0; 4.31
5.1 --- a/xen/common/policy_ops.c Tue Jun 21 10:53:51 2005 +0000 5.2 +++ b/xen/common/policy_ops.c Wed Jun 22 14:18:12 2005 +0000 5.3 @@ -1,5 +1,5 @@ 5.4 /****************************************************************************** 5.5 - *policy_ops.c 5.6 + * policy_ops.c 5.7 * 5.8 * Copyright (C) 2005 IBM Corporation 5.9 * 5.10 @@ -14,6 +14,7 @@ 5.11 * Process policy command requests from guest OS. 5.12 * 5.13 */ 5.14 + 5.15 #include <xen/config.h> 5.16 #include <xen/types.h> 5.17 #include <xen/lib.h> 5.18 @@ -27,29 +28,39 @@ 5.19 #include <public/sched_ctl.h> 5.20 #include <acm/acm_hooks.h> 5.21 5.22 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 5.23 + 5.24 +long do_policy_op(policy_op_t *u_policy_op) 5.25 +{ 5.26 + return -ENOSYS; 5.27 +} 5.28 + 5.29 +#else 5.30 + 5.31 /* function prototypes defined in acm/acm_policy.c */ 5.32 int acm_set_policy(void *buf, u16 buf_size, u16 policy); 5.33 int acm_get_policy(void *buf, u16 buf_size); 5.34 int acm_dump_statistics(void *buf, u16 buf_size); 5.35 5.36 typedef enum policyoperation { 5.37 - POLICY, /* access to policy interface (early drop) */ 5.38 - GETPOLICY, /* dump policy cache */ 5.39 - SETPOLICY, /* set policy cache (controls security) */ 5.40 - DUMPSTATS /* dump policy statistics */ 5.41 + POLICY, /* access to policy interface (early drop) */ 5.42 + GETPOLICY, /* dump policy cache */ 5.43 + SETPOLICY, /* set policy cache (controls security) */ 5.44 + DUMPSTATS /* dump policy statistics */ 5.45 } policyoperation_t; 5.46 5.47 int 5.48 acm_authorize_policyops(struct domain *d, policyoperation_t pops) 5.49 { 5.50 - /* currently, all policy management functions are restricted to privileged domains, 5.51 - * soon we will introduce finer-grained privileges for policy operations 5.52 - */ 5.53 - if (!IS_PRIV(d)) { 5.54 - printk("%s: Policy management authorization denied ERROR!\n", __func__); 5.55 - return ACM_ACCESS_DENIED; 5.56 - } 5.57 - return ACM_ACCESS_PERMITTED; 5.58 + /* all policy management functions are restricted to privileged domains, 5.59 + * soon we will introduce finer-grained privileges for policy operations 5.60 + */ 5.61 + if (!IS_PRIV(d)) { 5.62 + printk("%s: Policy management authorization denied ERROR!\n", 5.63 + __func__); 5.64 + return ACM_ACCESS_DENIED; 5.65 + } 5.66 + return ACM_ACCESS_PERMITTED; 5.67 } 5.68 5.69 long do_policy_op(policy_op_t *u_policy_op) 5.70 @@ -60,7 +71,7 @@ long do_policy_op(policy_op_t *u_policy_ 5.71 /* check here policy decision for policy commands */ 5.72 /* for now allow DOM0 only, later indepedently */ 5.73 if (acm_authorize_policyops(current->domain, POLICY)) 5.74 - return -EACCES; 5.75 + return -EACCES; 5.76 5.77 if ( copy_from_user(op, u_policy_op, sizeof(*op)) ) 5.78 return -EFAULT; 5.79 @@ -73,9 +84,12 @@ long do_policy_op(policy_op_t *u_policy_ 5.80 case POLICY_SETPOLICY: 5.81 { 5.82 if (acm_authorize_policyops(current->domain, SETPOLICY)) 5.83 - return -EACCES; 5.84 - printkd("%s: setting policy.\n", __func__); 5.85 - ret = acm_set_policy(op->u.setpolicy.pushcache, op->u.setpolicy.pushcache_size, op->u.setpolicy.policy_type); 5.86 + return -EACCES; 5.87 + printkd("%s: setting policy.\n", __func__); 5.88 + ret = acm_set_policy( 5.89 + op->u.setpolicy.pushcache, 5.90 + op->u.setpolicy.pushcache_size, 5.91 + op->u.setpolicy.policy_type); 5.92 if (ret == ACM_OK) 5.93 ret = 0; 5.94 else 5.95 @@ -86,9 +100,11 @@ long do_policy_op(policy_op_t *u_policy_ 5.96 case POLICY_GETPOLICY: 5.97 { 5.98 if (acm_authorize_policyops(current->domain, GETPOLICY)) 5.99 - return -EACCES; 5.100 + return -EACCES; 5.101 printkd("%s: getting policy.\n", __func__); 5.102 - ret = acm_get_policy(op->u.getpolicy.pullcache, op->u.getpolicy.pullcache_size); 5.103 + ret = acm_get_policy( 5.104 + op->u.getpolicy.pullcache, 5.105 + op->u.getpolicy.pullcache_size); 5.106 if (ret == ACM_OK) 5.107 ret = 0; 5.108 else 5.109 @@ -99,9 +115,11 @@ long do_policy_op(policy_op_t *u_policy_ 5.110 case POLICY_DUMPSTATS: 5.111 { 5.112 if (acm_authorize_policyops(current->domain, DUMPSTATS)) 5.113 - return -EACCES; 5.114 - printkd("%s: dumping statistics.\n", __func__); 5.115 - ret = acm_dump_statistics(op->u.dumpstats.pullcache, op->u.dumpstats.pullcache_size); 5.116 + return -EACCES; 5.117 + printkd("%s: dumping statistics.\n", __func__); 5.118 + ret = acm_dump_statistics( 5.119 + op->u.dumpstats.pullcache, 5.120 + op->u.dumpstats.pullcache_size); 5.121 if (ret == ACM_OK) 5.122 ret = 0; 5.123 else 5.124 @@ -115,3 +133,5 @@ long do_policy_op(policy_op_t *u_policy_ 5.125 } 5.126 return ret; 5.127 } 5.128 + 5.129 +#endif
6.1 --- a/xen/include/acm/acm_hooks.h Tue Jun 21 10:53:51 2005 +0000 6.2 +++ b/xen/include/acm/acm_hooks.h Wed Jun 22 14:18:12 2005 +0000 6.3 @@ -30,21 +30,42 @@ 6.4 #include <public/event_channel.h> 6.5 #include <asm/current.h> 6.6 6.7 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 6.8 + 6.9 +static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 6.10 +{ return 0; } 6.11 +static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) 6.12 +{ return; } 6.13 +static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) 6.14 +{ return; } 6.15 +static inline int acm_pre_event_channel(evtchn_op_t *op) 6.16 +{ return 0; } 6.17 +static inline int acm_pre_grant_map_ref(domid_t id) 6.18 +{ return 0; } 6.19 +static inline int acm_pre_grant_setup(domid_t id) 6.20 +{ return 0; } 6.21 +static inline int acm_init(void) 6.22 +{ return 0; } 6.23 +static inline void acm_post_domain0_create(domid_t domid) 6.24 +{ return; } 6.25 + 6.26 +#else 6.27 + 6.28 /* if ACM_TRACE_MODE defined, all hooks should 6.29 * print a short trace message */ 6.30 /* #define ACM_TRACE_MODE */ 6.31 6.32 #ifdef ACM_TRACE_MODE 6.33 -# define traceprintk(fmt, args...) printk(fmt,## args) 6.34 +# define traceprintk(fmt, args...) printk(fmt,## args) 6.35 #else 6.36 -# define traceprintk(fmt, args...) 6.37 +# define traceprintk(fmt, args...) 6.38 #endif 6.39 6.40 /* global variables */ 6.41 extern struct acm_operations *acm_primary_ops; 6.42 extern struct acm_operations *acm_secondary_ops; 6.43 6.44 -/********************************************************************************************** 6.45 +/********************************************************************* 6.46 * HOOK structure and meaning (justifies a few words about our model): 6.47 * 6.48 * General idea: every policy-controlled system operation is reflected in a 6.49 @@ -60,7 +81,8 @@ extern struct acm_operations *acm_second 6.50 * ====================== 6.51 * PRE-Hooks 6.52 * a) general authorization to guard a controlled system operation 6.53 - * b) prepare security state change (means: fail hook must be able to "undo" this) 6.54 + * b) prepare security state change 6.55 + * (means: fail hook must be able to "undo" this) 6.56 * 6.57 * POST-Hooks 6.58 * a) commit prepared state change 6.59 @@ -100,238 +122,228 @@ extern struct acm_operations *acm_second 6.60 * \ 6.61 * sys-ops error 6.62 * 6.63 - *************************************************************************************************/ 6.64 + ********************************************************************/ 6.65 6.66 struct acm_operations { 6.67 - /* policy management functions (must always be defined!) */ 6.68 - int (*init_domain_ssid) (void **ssid, ssidref_t ssidref); 6.69 - void (*free_domain_ssid) (void *ssid); 6.70 - int (*dump_binary_policy) (u8 *buffer, u16 buf_size); 6.71 - int (*set_binary_policy) (u8 *buffer, u16 buf_size); 6.72 - int (*dump_statistics) (u8 *buffer, u16 buf_size); 6.73 - /* domain management control hooks (can be NULL) */ 6.74 - int (*pre_domain_create) (void *subject_ssid, ssidref_t ssidref); 6.75 - void (*post_domain_create) (domid_t domid, ssidref_t ssidref); 6.76 - void (*fail_domain_create) (void *subject_ssid, ssidref_t ssidref); 6.77 - void (*post_domain_destroy) (void *object_ssid, domid_t id); 6.78 - /* event channel control hooks (can be NULL) */ 6.79 - int (*pre_eventchannel_unbound) (domid_t id); 6.80 - void (*fail_eventchannel_unbound) (domid_t id); 6.81 - int (*pre_eventchannel_interdomain) (domid_t id1, domid_t id2); 6.82 - int (*fail_eventchannel_interdomain) (domid_t id1, domid_t id2); 6.83 - /* grant table control hooks (can be NULL) */ 6.84 - int (*pre_grant_map_ref) (domid_t id); 6.85 - void (*fail_grant_map_ref) (domid_t id); 6.86 - int (*pre_grant_setup) (domid_t id); 6.87 - void (*fail_grant_setup) (domid_t id); 6.88 + /* policy management functions (must always be defined!) */ 6.89 + int (*init_domain_ssid) (void **ssid, ssidref_t ssidref); 6.90 + void (*free_domain_ssid) (void *ssid); 6.91 + int (*dump_binary_policy) (u8 *buffer, u16 buf_size); 6.92 + int (*set_binary_policy) (u8 *buffer, u16 buf_size); 6.93 + int (*dump_statistics) (u8 *buffer, u16 buf_size); 6.94 + /* domain management control hooks (can be NULL) */ 6.95 + int (*pre_domain_create) (void *subject_ssid, ssidref_t ssidref); 6.96 + void (*post_domain_create) (domid_t domid, ssidref_t ssidref); 6.97 + void (*fail_domain_create) (void *subject_ssid, ssidref_t ssidref); 6.98 + void (*post_domain_destroy) (void *object_ssid, domid_t id); 6.99 + /* event channel control hooks (can be NULL) */ 6.100 + int (*pre_eventchannel_unbound) (domid_t id); 6.101 + void (*fail_eventchannel_unbound) (domid_t id); 6.102 + int (*pre_eventchannel_interdomain) (domid_t id1, domid_t id2); 6.103 + int (*fail_eventchannel_interdomain) (domid_t id1, domid_t id2); 6.104 + /* grant table control hooks (can be NULL) */ 6.105 + int (*pre_grant_map_ref) (domid_t id); 6.106 + void (*fail_grant_map_ref) (domid_t id); 6.107 + int (*pre_grant_setup) (domid_t id); 6.108 + void (*fail_grant_setup) (domid_t id); 6.109 }; 6.110 6.111 -static inline int acm_pre_domain_create (void *subject_ssid, ssidref_t ssidref) 6.112 +static inline int acm_pre_domain_create(void *subject_ssid, ssidref_t ssidref) 6.113 { 6.114 - if ((acm_primary_ops->pre_domain_create != NULL) && 6.115 - acm_primary_ops->pre_domain_create (subject_ssid, ssidref)) 6.116 - return ACM_ACCESS_DENIED; 6.117 - else if ((acm_secondary_ops->pre_domain_create != NULL) && 6.118 - acm_secondary_ops->pre_domain_create (subject_ssid, ssidref)) { 6.119 - /* roll-back primary */ 6.120 - if (acm_primary_ops->fail_domain_create != NULL) 6.121 - acm_primary_ops->fail_domain_create (subject_ssid, ssidref); 6.122 - return ACM_ACCESS_DENIED; 6.123 - } else 6.124 - return ACM_ACCESS_PERMITTED; 6.125 + if ((acm_primary_ops->pre_domain_create != NULL) && 6.126 + acm_primary_ops->pre_domain_create(subject_ssid, ssidref)) 6.127 + return ACM_ACCESS_DENIED; 6.128 + else if ((acm_secondary_ops->pre_domain_create != NULL) && 6.129 + acm_secondary_ops->pre_domain_create(subject_ssid, ssidref)) { 6.130 + /* roll-back primary */ 6.131 + if (acm_primary_ops->fail_domain_create != NULL) 6.132 + acm_primary_ops->fail_domain_create(subject_ssid, ssidref); 6.133 + return ACM_ACCESS_DENIED; 6.134 + } else 6.135 + return ACM_ACCESS_PERMITTED; 6.136 } 6.137 6.138 -static inline void acm_post_domain_create (domid_t domid, ssidref_t ssidref) 6.139 +static inline void acm_post_domain_create(domid_t domid, ssidref_t ssidref) 6.140 { 6.141 - if (acm_primary_ops->post_domain_create != NULL) 6.142 - acm_primary_ops->post_domain_create (domid, ssidref); 6.143 - if (acm_secondary_ops->post_domain_create != NULL) 6.144 - acm_secondary_ops->post_domain_create (domid, ssidref); 6.145 + if (acm_primary_ops->post_domain_create != NULL) 6.146 + acm_primary_ops->post_domain_create(domid, ssidref); 6.147 + if (acm_secondary_ops->post_domain_create != NULL) 6.148 + acm_secondary_ops->post_domain_create(domid, ssidref); 6.149 } 6.150 6.151 -static inline void acm_fail_domain_create (void *subject_ssid, ssidref_t ssidref) 6.152 +static inline void acm_fail_domain_create( 6.153 + void *subject_ssid, ssidref_t ssidref) 6.154 { 6.155 - if (acm_primary_ops->fail_domain_create != NULL) 6.156 - acm_primary_ops->fail_domain_create (subject_ssid, ssidref); 6.157 - if (acm_secondary_ops->fail_domain_create != NULL) 6.158 - acm_secondary_ops->fail_domain_create (subject_ssid, ssidref); 6.159 + if (acm_primary_ops->fail_domain_create != NULL) 6.160 + acm_primary_ops->fail_domain_create(subject_ssid, ssidref); 6.161 + if (acm_secondary_ops->fail_domain_create != NULL) 6.162 + acm_secondary_ops->fail_domain_create(subject_ssid, ssidref); 6.163 } 6.164 6.165 -static inline void acm_post_domain_destroy (void *object_ssid, domid_t id) 6.166 +static inline void acm_post_domain_destroy(void *object_ssid, domid_t id) 6.167 { 6.168 - if (acm_primary_ops->post_domain_destroy != NULL) 6.169 - acm_primary_ops->post_domain_destroy (object_ssid, id); 6.170 - if (acm_secondary_ops->post_domain_destroy != NULL) 6.171 - acm_secondary_ops->post_domain_destroy (object_ssid, id); 6.172 - return; 6.173 + if (acm_primary_ops->post_domain_destroy != NULL) 6.174 + acm_primary_ops->post_domain_destroy(object_ssid, id); 6.175 + if (acm_secondary_ops->post_domain_destroy != NULL) 6.176 + acm_secondary_ops->post_domain_destroy(object_ssid, id); 6.177 + return; 6.178 } 6.179 6.180 -/* event channel ops */ 6.181 - 6.182 -static inline int acm_pre_eventchannel_unbound (domid_t id) 6.183 +static inline int acm_pre_eventchannel_unbound(domid_t id) 6.184 { 6.185 - if ((acm_primary_ops->pre_eventchannel_unbound != NULL) && 6.186 - acm_primary_ops->pre_eventchannel_unbound (id)) 6.187 - return ACM_ACCESS_DENIED; 6.188 - else if ((acm_secondary_ops->pre_eventchannel_unbound != NULL) && 6.189 - acm_secondary_ops->pre_eventchannel_unbound (id)) { 6.190 - /* roll-back primary */ 6.191 - if (acm_primary_ops->fail_eventchannel_unbound != NULL) 6.192 - acm_primary_ops->fail_eventchannel_unbound (id); 6.193 - return ACM_ACCESS_DENIED; 6.194 - } else 6.195 - return ACM_ACCESS_PERMITTED; 6.196 + if ((acm_primary_ops->pre_eventchannel_unbound != NULL) && 6.197 + acm_primary_ops->pre_eventchannel_unbound(id)) 6.198 + return ACM_ACCESS_DENIED; 6.199 + else if ((acm_secondary_ops->pre_eventchannel_unbound != NULL) && 6.200 + acm_secondary_ops->pre_eventchannel_unbound(id)) { 6.201 + /* roll-back primary */ 6.202 + if (acm_primary_ops->fail_eventchannel_unbound != NULL) 6.203 + acm_primary_ops->fail_eventchannel_unbound(id); 6.204 + return ACM_ACCESS_DENIED; 6.205 + } else 6.206 + return ACM_ACCESS_PERMITTED; 6.207 } 6.208 6.209 -static inline int acm_pre_eventchannel_interdomain (domid_t id1, domid_t id2) 6.210 -{ 6.211 - if ((acm_primary_ops->pre_eventchannel_interdomain != NULL) && 6.212 - acm_primary_ops->pre_eventchannel_interdomain (id1, id2)) 6.213 - return ACM_ACCESS_DENIED; 6.214 - else if ((acm_secondary_ops->pre_eventchannel_interdomain != NULL) && 6.215 - acm_secondary_ops->pre_eventchannel_interdomain (id1, id2)) { 6.216 - /* roll-back primary */ 6.217 - if (acm_primary_ops->fail_eventchannel_interdomain != NULL) 6.218 - acm_primary_ops->fail_eventchannel_interdomain (id1, id2); 6.219 - return ACM_ACCESS_DENIED; 6.220 - } else 6.221 - return ACM_ACCESS_PERMITTED; 6.222 +static inline int acm_pre_eventchannel_interdomain(domid_t id1, domid_t id2) 6.223 +{ 6.224 + if ((acm_primary_ops->pre_eventchannel_interdomain != NULL) && 6.225 + acm_primary_ops->pre_eventchannel_interdomain(id1, id2)) 6.226 + return ACM_ACCESS_DENIED; 6.227 + else if ((acm_secondary_ops->pre_eventchannel_interdomain != NULL) && 6.228 + acm_secondary_ops->pre_eventchannel_interdomain(id1, id2)) { 6.229 + /* roll-back primary */ 6.230 + if (acm_primary_ops->fail_eventchannel_interdomain != NULL) 6.231 + acm_primary_ops->fail_eventchannel_interdomain(id1, id2); 6.232 + return ACM_ACCESS_DENIED; 6.233 + } else 6.234 + return ACM_ACCESS_PERMITTED; 6.235 } 6.236 6.237 -/************ Xen inline hooks ***************/ 6.238 - 6.239 -/* small macro to make the hooks more readable 6.240 - * (eliminates hooks if NULL policy is active) 6.241 - */ 6.242 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 6.243 -static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 6.244 -{ return 0; } 6.245 -#else 6.246 static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 6.247 { 6.248 - int ret = -EACCES; 6.249 - struct domain *d; 6.250 + int ret = -EACCES; 6.251 + struct domain *d; 6.252 6.253 - switch(op->cmd) { 6.254 - case DOM0_CREATEDOMAIN: 6.255 - ret = acm_pre_domain_create(current->domain->ssid, op->u.createdomain.ssidref); 6.256 - break; 6.257 - case DOM0_DESTROYDOMAIN: 6.258 - d = find_domain_by_id(op->u.destroydomain.domain); 6.259 - if (d != NULL) { 6.260 - *ssid = d->ssid; /* save for post destroy when d is gone */ 6.261 - /* no policy-specific hook */ 6.262 - put_domain(d); 6.263 - ret = 0; 6.264 - } 6.265 - break; 6.266 - default: 6.267 - ret = 0; /* ok */ 6.268 - } 6.269 - return ret; 6.270 + switch(op->cmd) { 6.271 + case DOM0_CREATEDOMAIN: 6.272 + ret = acm_pre_domain_create( 6.273 + current->domain->ssid, op->u.createdomain.ssidref); 6.274 + break; 6.275 + case DOM0_DESTROYDOMAIN: 6.276 + d = find_domain_by_id(op->u.destroydomain.domain); 6.277 + if (d != NULL) { 6.278 + *ssid = d->ssid; /* save for post destroy when d is gone */ 6.279 + /* no policy-specific hook */ 6.280 + put_domain(d); 6.281 + ret = 0; 6.282 + } 6.283 + break; 6.284 + default: 6.285 + ret = 0; /* ok */ 6.286 + } 6.287 + return ret; 6.288 } 6.289 -#endif 6.290 6.291 - 6.292 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 6.293 -static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) 6.294 -{ return; } 6.295 -#else 6.296 static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) 6.297 { 6.298 - switch(op->cmd) { 6.299 - case DOM0_CREATEDOMAIN: 6.300 - /* initialialize shared sHype security labels for new domain */ 6.301 - acm_init_domain_ssid(op->u.createdomain.domain, op->u.createdomain.ssidref); 6.302 - acm_post_domain_create(op->u.createdomain.domain, op->u.createdomain.ssidref); 6.303 - break; 6.304 - case DOM0_DESTROYDOMAIN: 6.305 - acm_post_domain_destroy(ssid, op->u.destroydomain.domain); 6.306 - /* free security ssid for the destroyed domain (also if running null policy */ 6.307 - acm_free_domain_ssid((struct acm_ssid_domain *)ssid); 6.308 - break; 6.309 - } 6.310 + switch(op->cmd) { 6.311 + case DOM0_CREATEDOMAIN: 6.312 + /* initialialize shared sHype security labels for new domain */ 6.313 + acm_init_domain_ssid( 6.314 + op->u.createdomain.domain, op->u.createdomain.ssidref); 6.315 + acm_post_domain_create( 6.316 + op->u.createdomain.domain, op->u.createdomain.ssidref); 6.317 + break; 6.318 + case DOM0_DESTROYDOMAIN: 6.319 + acm_post_domain_destroy(ssid, op->u.destroydomain.domain); 6.320 + /* free security ssid for the destroyed domain (also if null policy */ 6.321 + acm_free_domain_ssid((struct acm_ssid_domain *)ssid); 6.322 + break; 6.323 + } 6.324 } 6.325 -#endif 6.326 6.327 - 6.328 -#if (ACM_USE_SECURITY_POLICy == ACM_NULL_POLICY) 6.329 -static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) 6.330 -{ return; } 6.331 -#else 6.332 static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) 6.333 { 6.334 - switch(op->cmd) { 6.335 - case DOM0_CREATEDOMAIN: 6.336 - acm_fail_domain_create(current->domain->ssid, op->u.createdomain.ssidref); 6.337 - break; 6.338 - } 6.339 + switch(op->cmd) { 6.340 + case DOM0_CREATEDOMAIN: 6.341 + acm_fail_domain_create( 6.342 + current->domain->ssid, op->u.createdomain.ssidref); 6.343 + break; 6.344 + } 6.345 +} 6.346 + 6.347 +static inline int acm_pre_event_channel(evtchn_op_t *op) 6.348 +{ 6.349 + int ret = -EACCES; 6.350 + 6.351 + switch(op->cmd) { 6.352 + case EVTCHNOP_alloc_unbound: 6.353 + ret = acm_pre_eventchannel_unbound(op->u.alloc_unbound.dom); 6.354 + break; 6.355 + case EVTCHNOP_bind_interdomain: 6.356 + ret = acm_pre_eventchannel_interdomain( 6.357 + op->u.bind_interdomain.dom1, op->u.bind_interdomain.dom2); 6.358 + break; 6.359 + default: 6.360 + ret = 0; /* ok */ 6.361 + } 6.362 + return ret; 6.363 } 6.364 + 6.365 +static inline int acm_pre_grant_map_ref(domid_t id) 6.366 +{ 6.367 + if ( (acm_primary_ops->pre_grant_map_ref != NULL) && 6.368 + acm_primary_ops->pre_grant_map_ref(id) ) 6.369 + { 6.370 + return ACM_ACCESS_DENIED; 6.371 + } 6.372 + else if ( (acm_secondary_ops->pre_grant_map_ref != NULL) && 6.373 + acm_secondary_ops->pre_grant_map_ref(id) ) 6.374 + { 6.375 + /* roll-back primary */ 6.376 + if ( acm_primary_ops->fail_grant_map_ref != NULL ) 6.377 + acm_primary_ops->fail_grant_map_ref(id); 6.378 + return ACM_ACCESS_DENIED; 6.379 + } 6.380 + else 6.381 + { 6.382 + return ACM_ACCESS_PERMITTED; 6.383 + } 6.384 +} 6.385 + 6.386 +static inline int acm_pre_grant_setup(domid_t id) 6.387 +{ 6.388 + if ( (acm_primary_ops->pre_grant_setup != NULL) && 6.389 + acm_primary_ops->pre_grant_setup(id) ) 6.390 + { 6.391 + return ACM_ACCESS_DENIED; 6.392 + } 6.393 + else if ( (acm_secondary_ops->pre_grant_setup != NULL) && 6.394 + acm_secondary_ops->pre_grant_setup(id) ) 6.395 + { 6.396 + /* roll-back primary */ 6.397 + if (acm_primary_ops->fail_grant_setup != NULL) 6.398 + acm_primary_ops->fail_grant_setup(id); 6.399 + return ACM_ACCESS_DENIED; 6.400 + } 6.401 + else 6.402 + { 6.403 + return ACM_ACCESS_PERMITTED; 6.404 + } 6.405 +} 6.406 + 6.407 +/* predefined ssidref for DOM0 used by xen when creating DOM0 */ 6.408 +#define ACM_DOM0_SSIDREF 0 6.409 + 6.410 +static inline void acm_post_domain0_create(domid_t domid) 6.411 +{ 6.412 + /* initialialize shared sHype security labels for new domain */ 6.413 + acm_init_domain_ssid(domid, ACM_DOM0_SSIDREF); 6.414 + acm_post_domain_create(domid, ACM_DOM0_SSIDREF); 6.415 +} 6.416 + 6.417 +extern int acm_init(void); 6.418 + 6.419 #endif 6.420 6.421 - 6.422 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 6.423 -static inline int acm_pre_event_channel(evtchn_op_t *op) 6.424 -{ return 0; } 6.425 -#else 6.426 -static inline int acm_pre_event_channel(evtchn_op_t *op) 6.427 -{ 6.428 - int ret = -EACCES; 6.429 - 6.430 - switch(op->cmd) { 6.431 - case EVTCHNOP_alloc_unbound: 6.432 - ret = acm_pre_eventchannel_unbound(op->u.alloc_unbound.dom); 6.433 - break; 6.434 - case EVTCHNOP_bind_interdomain: 6.435 - ret = acm_pre_eventchannel_interdomain(op->u.bind_interdomain.dom1, op->u.bind_interdomain.dom2); 6.436 - break; 6.437 - default: 6.438 - ret = 0; /* ok */ 6.439 - } 6.440 - return ret; 6.441 -} 6.442 #endif 6.443 - 6.444 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 6.445 -static inline int acm_pre_grant_map_ref(domid_t id) 6.446 -{ return 0; } 6.447 -#else 6.448 -static inline int acm_pre_grant_map_ref (domid_t id) 6.449 -{ 6.450 - if ((acm_primary_ops->pre_grant_map_ref != NULL) && 6.451 - acm_primary_ops->pre_grant_map_ref (id)) 6.452 - return ACM_ACCESS_DENIED; 6.453 - else if ((acm_secondary_ops->pre_grant_map_ref != NULL) && 6.454 - acm_secondary_ops->pre_grant_map_ref (id)) { 6.455 - /* roll-back primary */ 6.456 - if (acm_primary_ops->fail_grant_map_ref != NULL) 6.457 - acm_primary_ops->fail_grant_map_ref (id); 6.458 - return ACM_ACCESS_DENIED; 6.459 - } else 6.460 - return ACM_ACCESS_PERMITTED; 6.461 -} 6.462 -#endif 6.463 - 6.464 - 6.465 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 6.466 -static inline int acm_pre_grant_setup(domid_t id) 6.467 -{ return 0; } 6.468 -#else 6.469 -static inline int acm_pre_grant_setup (domid_t id) 6.470 -{ 6.471 - if ((acm_primary_ops->pre_grant_setup != NULL) && 6.472 - acm_primary_ops->pre_grant_setup (id)) 6.473 - return ACM_ACCESS_DENIED; 6.474 - else if ((acm_secondary_ops->pre_grant_setup != NULL) && 6.475 - acm_secondary_ops->pre_grant_setup (id)) { 6.476 - /* roll-back primary */ 6.477 - if (acm_primary_ops->fail_grant_setup != NULL) 6.478 - acm_primary_ops->fail_grant_setup (id); 6.479 - return ACM_ACCESS_DENIED; 6.480 - } else 6.481 - return ACM_ACCESS_PERMITTED; 6.482 -} 6.483 -#endif 6.484 - 6.485 - 6.486 -#endif
7.1 --- a/xen/include/public/acm_dom0_setup.h Tue Jun 21 10:53:51 2005 +0000 7.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 7.3 @@ -1,34 +0,0 @@ 7.4 -/**************************************************************** 7.5 - * acm_dom0_setup.h 7.6 - * 7.7 - * Copyright (C) 2005 IBM Corporation 7.8 - * 7.9 - * Author: 7.10 - * Reiner Sailer <sailer@watson.ibm.com> 7.11 - * 7.12 - * Includes necessary definitions to bring-up dom0 7.13 - */ 7.14 -#include <acm/acm_hooks.h> 7.15 - 7.16 -extern int acm_init(void); 7.17 - 7.18 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 7.19 - 7.20 -static inline void acm_post_domain0_create(domid_t domid) 7.21 -{ 7.22 - return; 7.23 -} 7.24 - 7.25 -#else 7.26 - 7.27 -/* predefined ssidref for DOM0 used by xen when creating DOM0 */ 7.28 -#define ACM_DOM0_SSIDREF 0 7.29 - 7.30 -static inline void acm_post_domain0_create(domid_t domid) 7.31 -{ 7.32 - /* initialialize shared sHype security labels for new domain */ 7.33 - acm_init_domain_ssid(domid, ACM_DOM0_SSIDREF); 7.34 - acm_post_domain_create(domid, ACM_DOM0_SSIDREF); 7.35 -} 7.36 - 7.37 -#endif