ia64/xen-unstable

changeset 5794:40be48f67a33

Somehow this file got zeroed out?!? Replacing it
author djm@kirby.fc.hp.com
date Sat Jul 09 07:25:29 2005 -0700 (2005-07-09)
parents c1a7ed266c7e
children 0e7741276468
files xen/include/public/acm.h
line diff
     1.1 --- a/xen/include/public/acm.h	Sat Jul 09 06:54:10 2005 -0700
     1.2 +++ b/xen/include/public/acm.h	Sat Jul 09 07:25:29 2005 -0700
     1.3 @@ -0,0 +1,157 @@
     1.4 +/****************************************************************
     1.5 + * acm.h
     1.6 + * 
     1.7 + * Copyright (C) 2005 IBM Corporation
     1.8 + *
     1.9 + * Author:
    1.10 + * Reiner Sailer <sailer@watson.ibm.com>
    1.11 + *
    1.12 + * Contributors:
    1.13 + * Stefan Berger <stefanb@watson.ibm.com> 
    1.14 + *	added network byte order support for binary policies
    1.15 + *
    1.16 + * This program is free software; you can redistribute it and/or
    1.17 + * modify it under the terms of the GNU General Public License as
    1.18 + * published by the Free Software Foundation, version 2 of the
    1.19 + * License.
    1.20 + *
    1.21 + * sHype general access control module header file.
    1.22 + *     here are all definitions that are shared between
    1.23 + *     xen-core, guest-kernels, and applications.
    1.24 + *
    1.25 + * todo: move from static policy choice to compile option.
    1.26 + */
    1.27 +
    1.28 +#ifndef _XEN_PUBLIC_ACM_H
    1.29 +#define _XEN_PUBLIC_ACM_H
    1.30 +
    1.31 +#include "xen.h"
    1.32 +#include "sched_ctl.h"
    1.33 +
    1.34 +/* if ACM_DEBUG defined, all hooks should
    1.35 + * print a short trace message (comment it out
    1.36 + * when not in testing mode )
    1.37 + */
    1.38 +/* #define ACM_DEBUG */
    1.39 +
    1.40 +#ifdef ACM_DEBUG
    1.41 +#  define printkd(fmt, args...) printk(fmt,## args)
    1.42 +#else
    1.43 +#  define printkd(fmt, args...)
    1.44 +#endif
    1.45 +
    1.46 +/* default ssid reference value if not supplied */
    1.47 +#define ACM_DEFAULT_SSID 	0x0
    1.48 +#define ACM_DEFAULT_LOCAL_SSID  0x0
    1.49 +
    1.50 +/* Internal ACM ERROR types */
    1.51 +#define ACM_OK				 0
    1.52 +#define ACM_UNDEF			-1
    1.53 +#define ACM_INIT_SSID_ERROR		-2
    1.54 +#define ACM_INIT_SOID_ERROR		-3
    1.55 +#define ACM_ERROR		        -4
    1.56 +
    1.57 +/* External ACCESS DECISIONS */
    1.58 +#define ACM_ACCESS_PERMITTED		0
    1.59 +#define ACM_ACCESS_DENIED		-111
    1.60 +#define ACM_NULL_POINTER_ERROR		-200
    1.61 +
    1.62 +#define ACM_MAX_POLICY  3
    1.63 +
    1.64 +#define ACM_NULL_POLICY	0
    1.65 +#define ACM_CHINESE_WALL_POLICY	1
    1.66 +#define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2
    1.67 +#define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY 3
    1.68 +
    1.69 +/* policy: */
    1.70 +#define ACM_POLICY_NAME(X) \
    1.71 +	(X == ACM_NULL_POLICY) ? "NULL policy" : \
    1.72 +	(X == ACM_CHINESE_WALL_POLICY) ? "CHINESE WALL policy" : \
    1.73 +	(X == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "SIMPLE TYPE ENFORCEMENT policy" : \
    1.74 +	(X == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \
    1.75 +	"UNDEFINED policy"
    1.76 +
    1.77 +/* defines a ssid reference used by xen */
    1.78 +typedef u32 ssidref_t;
    1.79 +
    1.80 +/* -------security policy relevant type definitions-------- */
    1.81 +
    1.82 +/* type identifier; compares to "equal" or "not equal" */
    1.83 +typedef u16 domaintype_t;
    1.84 +
    1.85 +/* CHINESE WALL POLICY DATA STRUCTURES
    1.86 + *
    1.87 + * current accumulated conflict type set:
    1.88 + * When a domain is started and has a type that is in
    1.89 + * a conflict set, the conflicting types are incremented in
    1.90 + * the aggregate set. When a domain is destroyed, the 
    1.91 + * conflicting types to its type are decremented.
    1.92 + * If a domain has multiple types, this procedure works over
    1.93 + * all those types.
    1.94 + *
    1.95 + * conflict_aggregate_set[i] holds the number of
    1.96 + *   running domains that have a conflict with type i.
    1.97 + *
    1.98 + * running_types[i] holds the number of running domains
    1.99 + *        that include type i in their ssidref-referenced type set
   1.100 + *
   1.101 + * conflict_sets[i][j] is "0" if type j has no conflict
   1.102 + *    with type i and is "1" otherwise.
   1.103 + */
   1.104 +/* high-16 = version, low-16 = check magic */
   1.105 +#define ACM_MAGIC		0x0001debc
   1.106 +
   1.107 +/* each offset in bytes from start of the struct they
   1.108 + *   the are part of */
   1.109 +/* each buffer consists of all policy information for
   1.110 + * the respective policy given in the policy code
   1.111 + */
   1.112 +struct acm_policy_buffer {
   1.113 +        u32 magic;
   1.114 +	u32 policyversion;
   1.115 +	u32 len;
   1.116 +	u16 primary_policy_code;
   1.117 +	u16 primary_buffer_offset;
   1.118 +	u16 secondary_policy_code;
   1.119 +	u16 secondary_buffer_offset;
   1.120 +};
   1.121 +
   1.122 +struct acm_chwall_policy_buffer {
   1.123 +	u16 policy_code;
   1.124 +	u16 chwall_max_types;
   1.125 +	u16 chwall_max_ssidrefs;
   1.126 +	u16 chwall_max_conflictsets;
   1.127 +	u16 chwall_ssid_offset;
   1.128 +	u16 chwall_conflict_sets_offset;
   1.129 +	u16 chwall_running_types_offset;
   1.130 +	u16 chwall_conflict_aggregate_offset;
   1.131 +};
   1.132 +
   1.133 +struct acm_ste_policy_buffer {
   1.134 +	u16 policy_code;
   1.135 +	u16 ste_max_types;
   1.136 +	u16 ste_max_ssidrefs;
   1.137 +	u16 ste_ssid_offset;
   1.138 +};
   1.139 +
   1.140 +struct acm_stats_buffer {
   1.141 +        u32 magic;
   1.142 +	u32 policyversion;
   1.143 +	u32 len;
   1.144 +	u16 primary_policy_code;
   1.145 +	u16 primary_stats_offset;
   1.146 +	u16 secondary_policy_code;
   1.147 +	u16 secondary_stats_offset;
   1.148 +};
   1.149 +
   1.150 +struct acm_ste_stats_buffer {
   1.151 +	u32 ec_eval_count;
   1.152 +	u32 gt_eval_count;
   1.153 +	u32 ec_denied_count;
   1.154 +	u32 gt_denied_count; 
   1.155 +	u32 ec_cachehit_count;
   1.156 +	u32 gt_cachehit_count;
   1.157 +};
   1.158 +
   1.159 +
   1.160 +#endif