ia64/xen-unstable

changeset 5536:1bbb7875ee6a

bitkeeper revision 1.1726.1.1 (42b973245ua3LQyqFtGRwXDwnRLDPw)

Compile-time ACM null-ops disables build of acm files.
Signed-off-by: Keir Fraser <keir@xensource.com>
author kaf24@firebug.cl.cam.ac.uk
date Wed Jun 22 14:18:12 2005 +0000 (2005-06-22)
parents 4ef3760d61f0
children 15498ad4f5e0
files .rootkeys xen/Makefile xen/Rules.mk xen/arch/x86/setup.c xen/common/policy_ops.c xen/include/acm/acm_hooks.h xen/include/public/acm_dom0_setup.h
line diff
     1.1 --- a/.rootkeys	Tue Jun 21 10:53:51 2005 +0000
     1.2 +++ b/.rootkeys	Wed Jun 22 14:18:12 2005 +0000
     1.3 @@ -1513,7 +1513,6 @@ 404f1bc4tWkB9Qr8RkKtZGW5eMQzhw xen/inclu
     1.4  422f27c8RHFkePhD34VIEpMMqofZcA xen/include/asm-x86/x86_emulate.h
     1.5  400304fcmRQmDdFYEzDh0wcBba9alg xen/include/public/COPYING
     1.6  42b742f6duiOTlZvysQkRYZHYBXqvg xen/include/public/acm.h
     1.7 -42b742f7TIMsQgUaNDJXp3QlBve2SQ xen/include/public/acm_dom0_setup.h
     1.8  421098b7OKb9YH_EUA_UpCxBjaqtgA xen/include/public/arch-ia64.h
     1.9  404f1bc68SXxmv0zQpXBWGrCzSyp8w xen/include/public/arch-x86_32.h
    1.10  404f1bc7IwU-qnH8mJeVu0YsNGMrcw xen/include/public/arch-x86_64.h
     2.1 --- a/xen/Makefile	Tue Jun 21 10:53:51 2005 +0000
     2.2 +++ b/xen/Makefile	Wed Jun 22 14:18:12 2005 +0000
     2.3 @@ -59,7 +59,9 @@ clean: delete-unfresh-files
     2.4  	$(MAKE) include/asm-$(TARGET_ARCH)/asm-offsets.h
     2.5  	$(MAKE) -C common
     2.6  	$(MAKE) -C drivers
     2.7 +ifdef ACM_USE_SECURITY_POLICY
     2.8  	$(MAKE) -C acm
     2.9 +endif
    2.10  	$(MAKE) -C arch/$(TARGET_ARCH)
    2.11  
    2.12  # drivers/char/console.o may contain static banner/compile info. Blow it away.
     3.1 --- a/xen/Rules.mk	Tue Jun 21 10:53:51 2005 +0000
     3.2 +++ b/xen/Rules.mk	Wed Jun 22 14:18:12 2005 +0000
     3.3 @@ -35,7 +35,9 @@ OBJS    += $(patsubst %.c,%.o,$(C_SRCS))
     3.4  ALL_OBJS := $(BASEDIR)/common/common.o
     3.5  ALL_OBJS += $(BASEDIR)/drivers/char/driver.o
     3.6  ALL_OBJS += $(BASEDIR)/drivers/acpi/driver.o
     3.7 +ifdef ACM_USE_SECURITY_POLICY
     3.8  ALL_OBJS += $(BASEDIR)/acm/acm.o
     3.9 +endif
    3.10  ALL_OBJS += $(BASEDIR)/arch/$(TARGET_ARCH)/arch.o
    3.11  
    3.12  
     4.1 --- a/xen/arch/x86/setup.c	Tue Jun 21 10:53:51 2005 +0000
     4.2 +++ b/xen/arch/x86/setup.c	Wed Jun 22 14:18:12 2005 +0000
     4.3 @@ -20,7 +20,7 @@
     4.4  #include <asm/desc.h>
     4.5  #include <asm/shadow.h>
     4.6  #include <asm/e820.h>
     4.7 -#include <public/acm_dom0_setup.h>
     4.8 +#include <acm/acm_hooks.h>
     4.9  
    4.10  extern void dmi_scan_machine(void);
    4.11  extern void generic_apic_probe(void);
    4.12 @@ -188,7 +188,7 @@ static void __init start_of_day(void)
    4.13  
    4.14      arch_init_memory();
    4.15  
    4.16 -    scheduler_init();	
    4.17 +    scheduler_init();
    4.18  
    4.19      identify_cpu(&boot_cpu_data);
    4.20      if ( cpu_has_fxsr )
    4.21 @@ -383,8 +383,8 @@ void __init __start_xen(multiboot_info_t
    4.22  
    4.23      init_xenheap_pages(xenheap_phys_start, xenheap_phys_end);
    4.24      printk("Xen heap: %luMB (%lukB)\n",
    4.25 -	   (xenheap_phys_end-xenheap_phys_start) >> 20,
    4.26 -	   (xenheap_phys_end-xenheap_phys_start) >> 10);
    4.27 +           (xenheap_phys_end-xenheap_phys_start) >> 20,
    4.28 +           (xenheap_phys_end-xenheap_phys_start) >> 10);
    4.29  
    4.30      early_boot = 0;
    4.31  
     5.1 --- a/xen/common/policy_ops.c	Tue Jun 21 10:53:51 2005 +0000
     5.2 +++ b/xen/common/policy_ops.c	Wed Jun 22 14:18:12 2005 +0000
     5.3 @@ -1,5 +1,5 @@
     5.4  /******************************************************************************
     5.5 - *policy_ops.c
     5.6 + * policy_ops.c
     5.7   * 
     5.8   * Copyright (C) 2005 IBM Corporation
     5.9   *
    5.10 @@ -14,6 +14,7 @@
    5.11   * Process policy command requests from guest OS.
    5.12   *
    5.13   */
    5.14 +
    5.15  #include <xen/config.h>
    5.16  #include <xen/types.h>
    5.17  #include <xen/lib.h>
    5.18 @@ -27,29 +28,39 @@
    5.19  #include <public/sched_ctl.h>
    5.20  #include <acm/acm_hooks.h>
    5.21  
    5.22 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
    5.23 +
    5.24 +long do_policy_op(policy_op_t *u_policy_op)
    5.25 +{
    5.26 +    return -ENOSYS;
    5.27 +}
    5.28 +
    5.29 +#else
    5.30 +
    5.31  /* function prototypes defined in acm/acm_policy.c */
    5.32  int acm_set_policy(void *buf, u16 buf_size, u16 policy);
    5.33  int acm_get_policy(void *buf, u16 buf_size);
    5.34  int acm_dump_statistics(void *buf, u16 buf_size);
    5.35  
    5.36  typedef enum policyoperation {
    5.37 -	POLICY,     /* access to policy interface (early drop) */
    5.38 -	GETPOLICY,  /* dump policy cache */
    5.39 -	SETPOLICY,  /* set policy cache (controls security) */
    5.40 -	DUMPSTATS   /* dump policy statistics */
    5.41 +    POLICY,     /* access to policy interface (early drop) */
    5.42 +    GETPOLICY,  /* dump policy cache */
    5.43 +    SETPOLICY,  /* set policy cache (controls security) */
    5.44 +    DUMPSTATS   /* dump policy statistics */
    5.45  } policyoperation_t;
    5.46  
    5.47  int
    5.48  acm_authorize_policyops(struct domain *d, policyoperation_t pops)
    5.49  {
    5.50 -	/* currently, all policy management functions are restricted to privileged domains,
    5.51 -	 * soon we will introduce finer-grained privileges for policy operations 
    5.52 -	 */
    5.53 -	if (!IS_PRIV(d)) {
    5.54 -		printk("%s: Policy management authorization denied ERROR!\n", __func__);
    5.55 -		return ACM_ACCESS_DENIED;
    5.56 -	}
    5.57 -	return ACM_ACCESS_PERMITTED;
    5.58 +    /* all policy management functions are restricted to privileged domains,
    5.59 +     * soon we will introduce finer-grained privileges for policy operations 
    5.60 +     */
    5.61 +    if (!IS_PRIV(d)) {
    5.62 +        printk("%s: Policy management authorization denied ERROR!\n",
    5.63 +               __func__);
    5.64 +        return ACM_ACCESS_DENIED;
    5.65 +    }
    5.66 +    return ACM_ACCESS_PERMITTED;
    5.67  }
    5.68  
    5.69  long do_policy_op(policy_op_t *u_policy_op)
    5.70 @@ -60,7 +71,7 @@ long do_policy_op(policy_op_t *u_policy_
    5.71      /* check here policy decision for policy commands */
    5.72      /* for now allow DOM0 only, later indepedently    */
    5.73      if (acm_authorize_policyops(current->domain, POLICY))
    5.74 -	    return -EACCES;
    5.75 +        return -EACCES;
    5.76  
    5.77      if ( copy_from_user(op, u_policy_op, sizeof(*op)) )
    5.78          return -EFAULT;
    5.79 @@ -73,9 +84,12 @@ long do_policy_op(policy_op_t *u_policy_
    5.80      case POLICY_SETPOLICY:
    5.81      {
    5.82          if (acm_authorize_policyops(current->domain, SETPOLICY))
    5.83 -		return -EACCES;
    5.84 -	printkd("%s: setting policy.\n", __func__);
    5.85 -	ret = acm_set_policy(op->u.setpolicy.pushcache, op->u.setpolicy.pushcache_size, op->u.setpolicy.policy_type);
    5.86 +            return -EACCES;
    5.87 +        printkd("%s: setting policy.\n", __func__);
    5.88 +        ret = acm_set_policy(
    5.89 +            op->u.setpolicy.pushcache, 
    5.90 +            op->u.setpolicy.pushcache_size, 
    5.91 +            op->u.setpolicy.policy_type);
    5.92          if (ret == ACM_OK)
    5.93              ret = 0;
    5.94          else
    5.95 @@ -86,9 +100,11 @@ long do_policy_op(policy_op_t *u_policy_
    5.96      case POLICY_GETPOLICY:
    5.97      {
    5.98          if (acm_authorize_policyops(current->domain, GETPOLICY))
    5.99 -		return -EACCES;
   5.100 +            return -EACCES;
   5.101          printkd("%s: getting policy.\n", __func__);
   5.102 -	ret = acm_get_policy(op->u.getpolicy.pullcache, op->u.getpolicy.pullcache_size);
   5.103 +        ret = acm_get_policy(
   5.104 +            op->u.getpolicy.pullcache, 
   5.105 +            op->u.getpolicy.pullcache_size);
   5.106          if (ret == ACM_OK)
   5.107              ret = 0;
   5.108          else
   5.109 @@ -99,9 +115,11 @@ long do_policy_op(policy_op_t *u_policy_
   5.110      case POLICY_DUMPSTATS:
   5.111      {
   5.112          if (acm_authorize_policyops(current->domain, DUMPSTATS))
   5.113 -		return -EACCES;
   5.114 -	printkd("%s: dumping statistics.\n", __func__);
   5.115 -	ret = acm_dump_statistics(op->u.dumpstats.pullcache, op->u.dumpstats.pullcache_size);
   5.116 +            return -EACCES;
   5.117 +        printkd("%s: dumping statistics.\n", __func__);
   5.118 +        ret = acm_dump_statistics(
   5.119 +            op->u.dumpstats.pullcache, 
   5.120 +            op->u.dumpstats.pullcache_size);
   5.121          if (ret == ACM_OK)
   5.122              ret = 0;
   5.123          else
   5.124 @@ -115,3 +133,5 @@ long do_policy_op(policy_op_t *u_policy_
   5.125      }
   5.126      return ret;
   5.127  }
   5.128 +
   5.129 +#endif
     6.1 --- a/xen/include/acm/acm_hooks.h	Tue Jun 21 10:53:51 2005 +0000
     6.2 +++ b/xen/include/acm/acm_hooks.h	Wed Jun 22 14:18:12 2005 +0000
     6.3 @@ -30,21 +30,42 @@
     6.4  #include <public/event_channel.h>
     6.5  #include <asm/current.h>
     6.6  
     6.7 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
     6.8 +
     6.9 +static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 
    6.10 +{ return 0; }
    6.11 +static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) 
    6.12 +{ return; }
    6.13 +static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) 
    6.14 +{ return; }
    6.15 +static inline int acm_pre_event_channel(evtchn_op_t *op) 
    6.16 +{ return 0; }
    6.17 +static inline int acm_pre_grant_map_ref(domid_t id) 
    6.18 +{ return 0; }
    6.19 +static inline int acm_pre_grant_setup(domid_t id) 
    6.20 +{ return 0; }
    6.21 +static inline int acm_init(void)
    6.22 +{ return 0; }
    6.23 +static inline void acm_post_domain0_create(domid_t domid) 
    6.24 +{ return; }
    6.25 +
    6.26 +#else
    6.27 +
    6.28  /* if ACM_TRACE_MODE defined, all hooks should
    6.29   * print a short trace message */
    6.30  /* #define ACM_TRACE_MODE */
    6.31  
    6.32  #ifdef ACM_TRACE_MODE
    6.33 -#  define traceprintk(fmt, args...) printk(fmt,## args)
    6.34 +# define traceprintk(fmt, args...) printk(fmt,## args)
    6.35  #else
    6.36 -#  define traceprintk(fmt, args...)
    6.37 +# define traceprintk(fmt, args...)
    6.38  #endif
    6.39  
    6.40  /* global variables */
    6.41  extern struct acm_operations *acm_primary_ops;
    6.42  extern struct acm_operations *acm_secondary_ops;
    6.43  
    6.44 -/**********************************************************************************************
    6.45 +/*********************************************************************
    6.46   * HOOK structure and meaning (justifies a few words about our model):
    6.47   * 
    6.48   * General idea: every policy-controlled system operation is reflected in a 
    6.49 @@ -60,7 +81,8 @@ extern struct acm_operations *acm_second
    6.50   *      ======================
    6.51   *      PRE-Hooks
    6.52   *		a) general authorization to guard a controlled system operation
    6.53 - *		b) prepare security state change (means: fail hook must be able to "undo" this)
    6.54 + *		b) prepare security state change
    6.55 + *                 (means: fail hook must be able to "undo" this)
    6.56   *
    6.57   *	POST-Hooks
    6.58   *		a) commit prepared state change
    6.59 @@ -100,238 +122,228 @@ extern struct acm_operations *acm_second
    6.60   *                                             \
    6.61   *                                            sys-ops error
    6.62   *
    6.63 - *************************************************************************************************/
    6.64 + ********************************************************************/
    6.65  
    6.66  struct acm_operations {
    6.67 -	/* policy management functions (must always be defined!) */
    6.68 -	int  (*init_domain_ssid)	       	(void **ssid, ssidref_t ssidref);
    6.69 -	void (*free_domain_ssid)	       	(void *ssid);
    6.70 -	int  (*dump_binary_policy)		(u8 *buffer, u16 buf_size);
    6.71 -	int  (*set_binary_policy)		(u8 *buffer, u16 buf_size);	
    6.72 -	int  (*dump_statistics)			(u8 *buffer, u16 buf_size);
    6.73 -	/* domain management control hooks (can be NULL) */
    6.74 -	int  (*pre_domain_create)              	(void *subject_ssid, ssidref_t ssidref);
    6.75 -	void (*post_domain_create) 		(domid_t domid, ssidref_t ssidref);
    6.76 -	void (*fail_domain_create)             	(void *subject_ssid, ssidref_t ssidref);
    6.77 -	void (*post_domain_destroy)		(void *object_ssid, domid_t id);
    6.78 -	/* event channel control hooks  (can be NULL) */
    6.79 -	int  (*pre_eventchannel_unbound)       	(domid_t id);
    6.80 -	void (*fail_eventchannel_unbound)      	(domid_t id);
    6.81 -	int  (*pre_eventchannel_interdomain)	(domid_t id1, domid_t id2);
    6.82 -	int  (*fail_eventchannel_interdomain)	(domid_t id1, domid_t id2);
    6.83 -	/* grant table control hooks (can be NULL)  */
    6.84 -	int  (*pre_grant_map_ref)       	(domid_t id);
    6.85 -	void (*fail_grant_map_ref)		(domid_t id);
    6.86 -	int  (*pre_grant_setup)       		(domid_t id);
    6.87 -	void (*fail_grant_setup)		(domid_t id);
    6.88 +    /* policy management functions (must always be defined!) */
    6.89 +    int  (*init_domain_ssid)           (void **ssid, ssidref_t ssidref);
    6.90 +    void (*free_domain_ssid)           (void *ssid);
    6.91 +    int  (*dump_binary_policy)         (u8 *buffer, u16 buf_size);
    6.92 +    int  (*set_binary_policy)          (u8 *buffer, u16 buf_size);
    6.93 +    int  (*dump_statistics)            (u8 *buffer, u16 buf_size);
    6.94 +    /* domain management control hooks (can be NULL) */
    6.95 +    int  (*pre_domain_create)          (void *subject_ssid, ssidref_t ssidref);
    6.96 +    void (*post_domain_create)         (domid_t domid, ssidref_t ssidref);
    6.97 +    void (*fail_domain_create)         (void *subject_ssid, ssidref_t ssidref);
    6.98 +    void (*post_domain_destroy)        (void *object_ssid, domid_t id);
    6.99 +    /* event channel control hooks  (can be NULL) */
   6.100 +    int  (*pre_eventchannel_unbound)      (domid_t id);
   6.101 +    void (*fail_eventchannel_unbound)     (domid_t id);
   6.102 +    int  (*pre_eventchannel_interdomain)  (domid_t id1, domid_t id2);
   6.103 +    int  (*fail_eventchannel_interdomain) (domid_t id1, domid_t id2);
   6.104 +    /* grant table control hooks (can be NULL)  */
   6.105 +    int  (*pre_grant_map_ref)          (domid_t id);
   6.106 +    void (*fail_grant_map_ref)         (domid_t id);
   6.107 +    int  (*pre_grant_setup)            (domid_t id);
   6.108 +    void (*fail_grant_setup)           (domid_t id);
   6.109  };
   6.110  
   6.111 -static inline int acm_pre_domain_create (void *subject_ssid, ssidref_t ssidref)
   6.112 +static inline int acm_pre_domain_create(void *subject_ssid, ssidref_t ssidref)
   6.113  {
   6.114 -	if ((acm_primary_ops->pre_domain_create != NULL) && 
   6.115 -		 acm_primary_ops->pre_domain_create (subject_ssid, ssidref))
   6.116 -		return ACM_ACCESS_DENIED;
   6.117 -	else if ((acm_secondary_ops->pre_domain_create != NULL) && 
   6.118 -		 acm_secondary_ops->pre_domain_create (subject_ssid, ssidref)) {
   6.119 -		/* roll-back primary */
   6.120 -		if (acm_primary_ops->fail_domain_create != NULL)
   6.121 -			acm_primary_ops->fail_domain_create (subject_ssid, ssidref);
   6.122 -		return ACM_ACCESS_DENIED;
   6.123 -	} else
   6.124 -		return ACM_ACCESS_PERMITTED;
   6.125 +    if ((acm_primary_ops->pre_domain_create != NULL) && 
   6.126 +        acm_primary_ops->pre_domain_create(subject_ssid, ssidref))
   6.127 +        return ACM_ACCESS_DENIED;
   6.128 +    else if ((acm_secondary_ops->pre_domain_create != NULL) && 
   6.129 +             acm_secondary_ops->pre_domain_create(subject_ssid, ssidref)) {
   6.130 +        /* roll-back primary */
   6.131 +        if (acm_primary_ops->fail_domain_create != NULL)
   6.132 +            acm_primary_ops->fail_domain_create(subject_ssid, ssidref);
   6.133 +        return ACM_ACCESS_DENIED;
   6.134 +    } else
   6.135 +        return ACM_ACCESS_PERMITTED;
   6.136  }
   6.137  
   6.138 -static inline void acm_post_domain_create (domid_t domid, ssidref_t ssidref)
   6.139 +static inline void acm_post_domain_create(domid_t domid, ssidref_t ssidref)
   6.140  {
   6.141 -	if (acm_primary_ops->post_domain_create != NULL)
   6.142 -		acm_primary_ops->post_domain_create (domid, ssidref);
   6.143 -	if (acm_secondary_ops->post_domain_create != NULL)
   6.144 -		acm_secondary_ops->post_domain_create (domid, ssidref);
   6.145 +    if (acm_primary_ops->post_domain_create != NULL)
   6.146 +        acm_primary_ops->post_domain_create(domid, ssidref);
   6.147 +    if (acm_secondary_ops->post_domain_create != NULL)
   6.148 +        acm_secondary_ops->post_domain_create(domid, ssidref);
   6.149  }
   6.150  
   6.151 -static inline void acm_fail_domain_create (void *subject_ssid, ssidref_t ssidref)
   6.152 +static inline void acm_fail_domain_create(
   6.153 +    void *subject_ssid, ssidref_t ssidref)
   6.154  {
   6.155 -	if (acm_primary_ops->fail_domain_create != NULL)
   6.156 -		acm_primary_ops->fail_domain_create (subject_ssid, ssidref);
   6.157 -	if (acm_secondary_ops->fail_domain_create != NULL)
   6.158 -		acm_secondary_ops->fail_domain_create (subject_ssid, ssidref);
   6.159 +    if (acm_primary_ops->fail_domain_create != NULL)
   6.160 +        acm_primary_ops->fail_domain_create(subject_ssid, ssidref);
   6.161 +    if (acm_secondary_ops->fail_domain_create != NULL)
   6.162 +        acm_secondary_ops->fail_domain_create(subject_ssid, ssidref);
   6.163  }
   6.164  
   6.165 -static inline void acm_post_domain_destroy (void *object_ssid, domid_t id)
   6.166 +static inline void acm_post_domain_destroy(void *object_ssid, domid_t id)
   6.167  {
   6.168 -	if (acm_primary_ops->post_domain_destroy != NULL)
   6.169 -		acm_primary_ops->post_domain_destroy (object_ssid, id);
   6.170 -	if (acm_secondary_ops->post_domain_destroy != NULL)
   6.171 -		acm_secondary_ops->post_domain_destroy (object_ssid, id);
   6.172 -	return;
   6.173 +    if (acm_primary_ops->post_domain_destroy != NULL)
   6.174 +        acm_primary_ops->post_domain_destroy(object_ssid, id);
   6.175 +    if (acm_secondary_ops->post_domain_destroy != NULL)
   6.176 +        acm_secondary_ops->post_domain_destroy(object_ssid, id);
   6.177 +    return;
   6.178  }
   6.179  
   6.180 -/*   event channel ops */
   6.181 -
   6.182 -static inline int acm_pre_eventchannel_unbound (domid_t id)
   6.183 +static inline int acm_pre_eventchannel_unbound(domid_t id)
   6.184  {
   6.185 -	if ((acm_primary_ops->pre_eventchannel_unbound != NULL) && 
   6.186 -	    acm_primary_ops->pre_eventchannel_unbound (id))
   6.187 -		return ACM_ACCESS_DENIED;
   6.188 -	else if ((acm_secondary_ops->pre_eventchannel_unbound != NULL) && 
   6.189 -		 acm_secondary_ops->pre_eventchannel_unbound (id)) {
   6.190 -		/* roll-back primary */
   6.191 -		if (acm_primary_ops->fail_eventchannel_unbound != NULL)
   6.192 -			acm_primary_ops->fail_eventchannel_unbound (id);
   6.193 -		return ACM_ACCESS_DENIED;
   6.194 -	} else
   6.195 -		return ACM_ACCESS_PERMITTED;
   6.196 +    if ((acm_primary_ops->pre_eventchannel_unbound != NULL) && 
   6.197 +        acm_primary_ops->pre_eventchannel_unbound(id))
   6.198 +        return ACM_ACCESS_DENIED;
   6.199 +    else if ((acm_secondary_ops->pre_eventchannel_unbound != NULL) && 
   6.200 +             acm_secondary_ops->pre_eventchannel_unbound(id)) {
   6.201 +        /* roll-back primary */
   6.202 +        if (acm_primary_ops->fail_eventchannel_unbound != NULL)
   6.203 +            acm_primary_ops->fail_eventchannel_unbound(id);
   6.204 +        return ACM_ACCESS_DENIED;
   6.205 +    } else
   6.206 +        return ACM_ACCESS_PERMITTED;
   6.207  }
   6.208  
   6.209 -static inline int acm_pre_eventchannel_interdomain (domid_t id1, domid_t id2)
   6.210 -{	
   6.211 -	if ((acm_primary_ops->pre_eventchannel_interdomain != NULL) &&
   6.212 -	    acm_primary_ops->pre_eventchannel_interdomain (id1, id2))
   6.213 -		return ACM_ACCESS_DENIED;
   6.214 -	else if ((acm_secondary_ops->pre_eventchannel_interdomain != NULL) &&
   6.215 -		 acm_secondary_ops->pre_eventchannel_interdomain (id1, id2)) {
   6.216 -		/* roll-back primary */
   6.217 -		if (acm_primary_ops->fail_eventchannel_interdomain != NULL)
   6.218 -			acm_primary_ops->fail_eventchannel_interdomain (id1, id2);
   6.219 -		return ACM_ACCESS_DENIED;
   6.220 -	} else
   6.221 -		return ACM_ACCESS_PERMITTED;
   6.222 +static inline int acm_pre_eventchannel_interdomain(domid_t id1, domid_t id2)
   6.223 +{
   6.224 +    if ((acm_primary_ops->pre_eventchannel_interdomain != NULL) &&
   6.225 +        acm_primary_ops->pre_eventchannel_interdomain(id1, id2))
   6.226 +        return ACM_ACCESS_DENIED;
   6.227 +    else if ((acm_secondary_ops->pre_eventchannel_interdomain != NULL) &&
   6.228 +             acm_secondary_ops->pre_eventchannel_interdomain(id1, id2)) {
   6.229 +        /* roll-back primary */
   6.230 +        if (acm_primary_ops->fail_eventchannel_interdomain != NULL)
   6.231 +            acm_primary_ops->fail_eventchannel_interdomain(id1, id2);
   6.232 +        return ACM_ACCESS_DENIED;
   6.233 +    } else
   6.234 +        return ACM_ACCESS_PERMITTED;
   6.235  }
   6.236  
   6.237 -/************ Xen inline hooks ***************/
   6.238 -
   6.239 -/* small macro to make the hooks more readable 
   6.240 - * (eliminates hooks if NULL policy is active)
   6.241 - */
   6.242 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
   6.243 -static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 
   6.244 -{ return 0; }
   6.245 -#else
   6.246  static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 
   6.247  {
   6.248 -	int ret = -EACCES;
   6.249 -	struct domain *d;
   6.250 +    int ret = -EACCES;
   6.251 +    struct domain *d;
   6.252  
   6.253 -	switch(op->cmd) {
   6.254 -	case DOM0_CREATEDOMAIN:
   6.255 -		ret = acm_pre_domain_create(current->domain->ssid, op->u.createdomain.ssidref);
   6.256 -		break;
   6.257 -	case DOM0_DESTROYDOMAIN:
   6.258 -		d = find_domain_by_id(op->u.destroydomain.domain);
   6.259 -		if (d != NULL) {
   6.260 -			*ssid = d->ssid; /* save for post destroy when d is gone */
   6.261 -			/* no policy-specific hook */
   6.262 -			put_domain(d);
   6.263 -			ret = 0;
   6.264 -		}
   6.265 -		break;
   6.266 -	default:
   6.267 -		ret = 0; /* ok */
   6.268 -	}
   6.269 -	return ret;
   6.270 +    switch(op->cmd) {
   6.271 +    case DOM0_CREATEDOMAIN:
   6.272 +        ret = acm_pre_domain_create(
   6.273 +            current->domain->ssid, op->u.createdomain.ssidref);
   6.274 +        break;
   6.275 +    case DOM0_DESTROYDOMAIN:
   6.276 +        d = find_domain_by_id(op->u.destroydomain.domain);
   6.277 +        if (d != NULL) {
   6.278 +            *ssid = d->ssid; /* save for post destroy when d is gone */
   6.279 +            /* no policy-specific hook */
   6.280 +            put_domain(d);
   6.281 +            ret = 0;
   6.282 +        }
   6.283 +        break;
   6.284 +    default:
   6.285 +        ret = 0; /* ok */
   6.286 +    }
   6.287 +    return ret;
   6.288  }
   6.289 -#endif
   6.290  
   6.291 -
   6.292 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
   6.293 -static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) 
   6.294 -{ return; }
   6.295 -#else
   6.296  static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) 
   6.297  {
   6.298 -	switch(op->cmd) {
   6.299 -	case DOM0_CREATEDOMAIN:
   6.300 -		/* initialialize shared sHype security labels for new domain */
   6.301 -		acm_init_domain_ssid(op->u.createdomain.domain, op->u.createdomain.ssidref);
   6.302 -		acm_post_domain_create(op->u.createdomain.domain, op->u.createdomain.ssidref);
   6.303 -		break;
   6.304 -	case DOM0_DESTROYDOMAIN:
   6.305 -		acm_post_domain_destroy(ssid, op->u.destroydomain.domain);
   6.306 -		/* free security ssid for the destroyed domain (also if running null policy */
   6.307 -		acm_free_domain_ssid((struct acm_ssid_domain *)ssid);
   6.308 -		break;
   6.309 -	}
   6.310 +    switch(op->cmd) {
   6.311 +    case DOM0_CREATEDOMAIN:
   6.312 +        /* initialialize shared sHype security labels for new domain */
   6.313 +        acm_init_domain_ssid(
   6.314 +            op->u.createdomain.domain, op->u.createdomain.ssidref);
   6.315 +        acm_post_domain_create(
   6.316 +            op->u.createdomain.domain, op->u.createdomain.ssidref);
   6.317 +        break;
   6.318 +    case DOM0_DESTROYDOMAIN:
   6.319 +        acm_post_domain_destroy(ssid, op->u.destroydomain.domain);
   6.320 +        /* free security ssid for the destroyed domain (also if null policy */
   6.321 +        acm_free_domain_ssid((struct acm_ssid_domain *)ssid);
   6.322 +        break;
   6.323 +    }
   6.324  }
   6.325 -#endif
   6.326  
   6.327 -
   6.328 -#if (ACM_USE_SECURITY_POLICy == ACM_NULL_POLICY)
   6.329 -static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) 
   6.330 -{ return; }
   6.331 -#else
   6.332  static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) 
   6.333  {
   6.334 -	switch(op->cmd) {
   6.335 -	case DOM0_CREATEDOMAIN:
   6.336 -		acm_fail_domain_create(current->domain->ssid, op->u.createdomain.ssidref);
   6.337 -		break;
   6.338 -	}
   6.339 +    switch(op->cmd) {
   6.340 +    case DOM0_CREATEDOMAIN:
   6.341 +        acm_fail_domain_create(
   6.342 +            current->domain->ssid, op->u.createdomain.ssidref);
   6.343 +        break;
   6.344 +    }
   6.345 +}
   6.346 +
   6.347 +static inline int acm_pre_event_channel(evtchn_op_t *op) 
   6.348 +{
   6.349 +    int ret = -EACCES;
   6.350 +
   6.351 +    switch(op->cmd) {
   6.352 +    case EVTCHNOP_alloc_unbound:
   6.353 +        ret = acm_pre_eventchannel_unbound(op->u.alloc_unbound.dom);
   6.354 +        break;
   6.355 +    case EVTCHNOP_bind_interdomain:
   6.356 +        ret = acm_pre_eventchannel_interdomain(
   6.357 +            op->u.bind_interdomain.dom1, op->u.bind_interdomain.dom2);
   6.358 +        break;
   6.359 +    default:
   6.360 +        ret = 0; /* ok */
   6.361 +    }
   6.362 +    return ret;
   6.363  }
   6.364 +
   6.365 +static inline int acm_pre_grant_map_ref(domid_t id)
   6.366 +{
   6.367 +    if ( (acm_primary_ops->pre_grant_map_ref != NULL) &&
   6.368 +         acm_primary_ops->pre_grant_map_ref(id) )
   6.369 +    {
   6.370 +        return ACM_ACCESS_DENIED;
   6.371 +    }
   6.372 +    else if ( (acm_secondary_ops->pre_grant_map_ref != NULL) &&
   6.373 +              acm_secondary_ops->pre_grant_map_ref(id) )
   6.374 +    {
   6.375 +        /* roll-back primary */
   6.376 +        if ( acm_primary_ops->fail_grant_map_ref != NULL )
   6.377 +            acm_primary_ops->fail_grant_map_ref(id);
   6.378 +        return ACM_ACCESS_DENIED;
   6.379 +    }
   6.380 +    else
   6.381 +    {
   6.382 +        return ACM_ACCESS_PERMITTED;
   6.383 +    }
   6.384 +}
   6.385 +
   6.386 +static inline int acm_pre_grant_setup(domid_t id)
   6.387 +{
   6.388 +    if ( (acm_primary_ops->pre_grant_setup != NULL) &&
   6.389 +         acm_primary_ops->pre_grant_setup(id) )
   6.390 +    {
   6.391 +        return ACM_ACCESS_DENIED;
   6.392 +    }
   6.393 +    else if ( (acm_secondary_ops->pre_grant_setup != NULL) &&
   6.394 +              acm_secondary_ops->pre_grant_setup(id) )
   6.395 +    {
   6.396 +        /* roll-back primary */
   6.397 +        if (acm_primary_ops->fail_grant_setup != NULL)
   6.398 +            acm_primary_ops->fail_grant_setup(id);
   6.399 +        return ACM_ACCESS_DENIED;
   6.400 +    }
   6.401 +    else
   6.402 +    {
   6.403 +        return ACM_ACCESS_PERMITTED;
   6.404 +    }
   6.405 +}
   6.406 +
   6.407 +/* predefined ssidref for DOM0 used by xen when creating DOM0 */
   6.408 +#define ACM_DOM0_SSIDREF        0
   6.409 +
   6.410 +static inline void acm_post_domain0_create(domid_t domid)
   6.411 +{
   6.412 +    /* initialialize shared sHype security labels for new domain */
   6.413 +    acm_init_domain_ssid(domid, ACM_DOM0_SSIDREF);
   6.414 +    acm_post_domain_create(domid, ACM_DOM0_SSIDREF);
   6.415 +}
   6.416 +
   6.417 +extern int acm_init(void);
   6.418 +
   6.419  #endif
   6.420  
   6.421 -
   6.422 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
   6.423 -static inline int acm_pre_event_channel(evtchn_op_t *op) 
   6.424 -{ return 0; }
   6.425 -#else
   6.426 -static inline int acm_pre_event_channel(evtchn_op_t *op) 
   6.427 -{
   6.428 -	int ret = -EACCES;
   6.429 -
   6.430 -	switch(op->cmd) {
   6.431 -	case EVTCHNOP_alloc_unbound:
   6.432 -		ret = acm_pre_eventchannel_unbound(op->u.alloc_unbound.dom);
   6.433 -		break;
   6.434 -	case EVTCHNOP_bind_interdomain:
   6.435 -		ret = acm_pre_eventchannel_interdomain(op->u.bind_interdomain.dom1, op->u.bind_interdomain.dom2);
   6.436 -		break;
   6.437 -	default:
   6.438 -		ret = 0; /* ok */
   6.439 -	}
   6.440 -	return ret;
   6.441 -}
   6.442  #endif
   6.443 -
   6.444 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
   6.445 -static inline int acm_pre_grant_map_ref(domid_t id) 
   6.446 -{ return 0; }
   6.447 -#else
   6.448 -static inline int acm_pre_grant_map_ref (domid_t id)
   6.449 -{
   6.450 -	if ((acm_primary_ops->pre_grant_map_ref != NULL) &&
   6.451 -	    acm_primary_ops->pre_grant_map_ref (id))
   6.452 -		return ACM_ACCESS_DENIED;
   6.453 -	else if ((acm_secondary_ops->pre_grant_map_ref != NULL) &&
   6.454 -		 acm_secondary_ops->pre_grant_map_ref (id)) {
   6.455 -		/* roll-back primary */
   6.456 -		if (acm_primary_ops->fail_grant_map_ref != NULL)
   6.457 -			acm_primary_ops->fail_grant_map_ref (id);
   6.458 -		return ACM_ACCESS_DENIED;
   6.459 -	} else
   6.460 -		return ACM_ACCESS_PERMITTED;
   6.461 -}
   6.462 -#endif
   6.463 -
   6.464 -
   6.465 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
   6.466 -static inline int acm_pre_grant_setup(domid_t id) 
   6.467 -{ return 0; }
   6.468 -#else
   6.469 -static inline int acm_pre_grant_setup (domid_t id)
   6.470 -{
   6.471 -	if ((acm_primary_ops->pre_grant_setup != NULL) &&
   6.472 -	    acm_primary_ops->pre_grant_setup (id))
   6.473 -		return ACM_ACCESS_DENIED;
   6.474 -	else if ((acm_secondary_ops->pre_grant_setup != NULL) &&
   6.475 -		 acm_secondary_ops->pre_grant_setup (id)) {
   6.476 -		/* roll-back primary */
   6.477 -		if (acm_primary_ops->fail_grant_setup != NULL)
   6.478 -			acm_primary_ops->fail_grant_setup (id);
   6.479 -		return ACM_ACCESS_DENIED;
   6.480 -	} else
   6.481 -		return ACM_ACCESS_PERMITTED;
   6.482 -}
   6.483 -#endif
   6.484 -
   6.485 -
   6.486 -#endif
     7.1 --- a/xen/include/public/acm_dom0_setup.h	Tue Jun 21 10:53:51 2005 +0000
     7.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     7.3 @@ -1,34 +0,0 @@
     7.4 -/****************************************************************
     7.5 - * acm_dom0_setup.h
     7.6 - * 
     7.7 - * Copyright (C) 2005 IBM Corporation
     7.8 - *
     7.9 - * Author:
    7.10 - * Reiner Sailer <sailer@watson.ibm.com>
    7.11 - *
    7.12 - * Includes necessary definitions to bring-up dom0
    7.13 - */
    7.14 -#include <acm/acm_hooks.h>
    7.15 -
    7.16 -extern int acm_init(void);
    7.17 -
    7.18 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
    7.19 -
    7.20 -static inline void acm_post_domain0_create(domid_t domid) 
    7.21 -{ 
    7.22 -	return; 
    7.23 -}
    7.24 -
    7.25 -#else
    7.26 -
    7.27 -/* predefined ssidref for DOM0 used by xen when creating DOM0 */
    7.28 -#define ACM_DOM0_SSIDREF	0
    7.29 -
    7.30 -static inline void acm_post_domain0_create(domid_t domid)
    7.31 -{
    7.32 -	/* initialialize shared sHype security labels for new domain */
    7.33 -	acm_init_domain_ssid(domid, ACM_DOM0_SSIDREF);
    7.34 -	acm_post_domain_create(domid, ACM_DOM0_SSIDREF);
    7.35 -}
    7.36 -
    7.37 -#endif