ia64/xen-unstable

changeset 18436:44f039c4aee4

xsm: refactor IO hooks/sysctl hooks

- The patch refactors the IO resource checks into the rangeset add/del
code. This produces a much more architecture friendly implementation and
ensures that HVM and paravirtualized guests are checked consistently.

- The patch removes the following hooks in support of the refactoring
of the IO resource checks:
- xsm_irq_permission
- xsm_iomem_permission
- xsm_ioport_permission

- The patch adds the following hooks in support of the refactoring of
the IO resource checks:
- xsm_add_range
- xsm_remove_range

- These IO refactoring changes are transparent to any pre-existing
Flask policies.

- The patch adds also adds hooks for sysctl functionality that was
added since the last major XSM patch. The following hooks were added:
- xsm_set_target
- xsm_debug_keys
- xsm_getcpuinfo
- xsm_availheap
- xsm_firmware_info
- xsm_acpi_sleep
- xsm_change_freq
- xsm_getidletime
- xsm_sendtrigger
- xsm_test_assign_device
- xsm_assign_device
- xsm_deassign_device
- xsm_bind_pt_irq
- xsm_pin_mem_cacheattr
- xsm_ext_vcpucontext

Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
author Keir Fraser <keir.fraser@citrix.com>
date Thu Sep 04 11:25:09 2008 +0100 (2008-09-04)
parents 5b133625223a
children 294fc8fc4ba0
files xen/arch/x86/domctl.c xen/arch/x86/platform_hypercall.c xen/common/domctl.c xen/common/rangeset.c xen/common/sysctl.c xen/include/xsm/xsm.h xen/xsm/dummy.c xen/xsm/flask/hooks.c xen/xsm/flask/include/av_perm_to_string.h xen/xsm/flask/include/av_permissions.h xen/xsm/flask/include/flask.h xen/xsm/flask/include/initial_sid_to_string.h xen/xsm/flask/include/security.h xen/xsm/flask/ss/policydb.h xen/xsm/flask/ss/services.c
line diff
     1.1 --- a/xen/arch/x86/domctl.c	Thu Sep 04 11:23:08 2008 +0100
     1.2 +++ b/xen/arch/x86/domctl.c	Thu Sep 04 11:25:09 2008 +0100
     1.3 @@ -68,14 +68,6 @@ long arch_do_domctl(
     1.4          if ( unlikely((d = rcu_lock_domain_by_id(domctl->domain)) == NULL) )
     1.5              break;
     1.6  
     1.7 -        ret = xsm_ioport_permission(d, fp, 
     1.8 -                                    domctl->u.ioport_permission.allow_access);
     1.9 -        if ( ret )
    1.10 -        {
    1.11 -            rcu_unlock_domain(d);
    1.12 -            break;
    1.13 -        }
    1.14 -
    1.15          if ( np == 0 )
    1.16              ret = 0;
    1.17          else if ( domctl->u.ioport_permission.allow_access )
    1.18 @@ -550,6 +542,10 @@ long arch_do_domctl(
    1.19          if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
    1.20              break;
    1.21  
    1.22 +        ret = xsm_sendtrigger(d);
    1.23 +        if ( ret )
    1.24 +            goto sendtrigger_out;
    1.25 +
    1.26          ret = -EINVAL;
    1.27          if ( domctl->u.sendtrigger.vcpu >= MAX_VIRT_CPUS )
    1.28              goto sendtrigger_out;
    1.29 @@ -628,6 +624,10 @@ long arch_do_domctl(
    1.30          bus = (domctl->u.assign_device.machine_bdf >> 16) & 0xff;
    1.31          devfn = (domctl->u.assign_device.machine_bdf >> 8) & 0xff;
    1.32  
    1.33 +        ret = xsm_test_assign_device(domctl->u.assign_device.machine_bdf);
    1.34 +        if ( ret )
    1.35 +            break;
    1.36 +
    1.37          if ( device_assigned(bus, devfn) )
    1.38          {
    1.39              gdprintk(XENLOG_ERR, "XEN_DOMCTL_test_assign_device: "
    1.40 @@ -655,6 +655,11 @@ long arch_do_domctl(
    1.41                  "XEN_DOMCTL_assign_device: get_domain_by_id() failed\n");
    1.42              break;
    1.43          }
    1.44 +
    1.45 +        ret = xsm_assign_device(d, domctl->u.assign_device.machine_bdf);
    1.46 +        if ( ret )
    1.47 +            goto assign_device_out;
    1.48 +
    1.49          bus = (domctl->u.assign_device.machine_bdf >> 16) & 0xff;
    1.50          devfn = (domctl->u.assign_device.machine_bdf >> 8) & 0xff;
    1.51  
    1.52 @@ -680,6 +685,7 @@ long arch_do_domctl(
    1.53                       "assign device (%x:%x:%x) failed\n",
    1.54                       bus, PCI_SLOT(devfn), PCI_FUNC(devfn));
    1.55  
    1.56 +    assign_device_out:
    1.57          put_domain(d);
    1.58      }
    1.59      break;
    1.60 @@ -700,6 +706,11 @@ long arch_do_domctl(
    1.61                  "XEN_DOMCTL_deassign_device: get_domain_by_id() failed\n"); 
    1.62              break;
    1.63          }
    1.64 +
    1.65 +        ret = xsm_assign_device(d, domctl->u.assign_device.machine_bdf);
    1.66 +        if ( ret )
    1.67 +            goto deassign_device_out;
    1.68 +
    1.69          bus = (domctl->u.assign_device.machine_bdf >> 16) & 0xff;
    1.70          devfn = (domctl->u.assign_device.machine_bdf >> 8) & 0xff;
    1.71  
    1.72 @@ -720,6 +731,8 @@ long arch_do_domctl(
    1.73          deassign_device(d, bus, devfn);
    1.74          gdprintk(XENLOG_INFO, "XEN_DOMCTL_deassign_device: bdf = %x:%x:%x\n",
    1.75              bus, PCI_SLOT(devfn), PCI_FUNC(devfn));
    1.76 +
    1.77 +    deassign_device_out:
    1.78          put_domain(d);
    1.79      }
    1.80      break;
    1.81 @@ -733,10 +746,17 @@ long arch_do_domctl(
    1.82          if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
    1.83              break;
    1.84          bind = &(domctl->u.bind_pt_irq);
    1.85 +
    1.86 +        ret = xsm_bind_pt_irq(d, bind);
    1.87 +        if ( ret )
    1.88 +            goto bind_out;
    1.89 +
    1.90          if ( iommu_enabled )
    1.91              ret = pt_irq_create_bind_vtd(d, bind);
    1.92          if ( ret < 0 )
    1.93              gdprintk(XENLOG_ERR, "pt_irq_create_bind failed!\n");
    1.94 +
    1.95 +    bind_out:
    1.96          rcu_unlock_domain(d);
    1.97      }
    1.98      break;    
    1.99 @@ -877,11 +897,16 @@ long arch_do_domctl(
   1.100          if ( d == NULL )
   1.101              break;
   1.102  
   1.103 +        ret = xsm_pin_mem_cacheattr(d);
   1.104 +        if ( ret )
   1.105 +            goto pin_out;
   1.106 +
   1.107          ret = hvm_set_mem_pinned_cacheattr(
   1.108              d, domctl->u.pin_mem_cacheattr.start,
   1.109              domctl->u.pin_mem_cacheattr.end,
   1.110              domctl->u.pin_mem_cacheattr.type);
   1.111  
   1.112 +    pin_out:
   1.113          rcu_unlock_domain(d);
   1.114      }
   1.115      break;
   1.116 @@ -900,6 +925,10 @@ long arch_do_domctl(
   1.117          if ( d == NULL )
   1.118              break;
   1.119  
   1.120 +        ret = xsm_ext_vcpucontext(d, domctl->cmd);
   1.121 +        if ( ret )
   1.122 +            goto ext_vcpucontext_out;
   1.123 +
   1.124          ret = -ESRCH;
   1.125          if ( (evc->vcpu >= MAX_VIRT_CPUS) ||
   1.126               ((v = d->vcpu[evc->vcpu]) == NULL) )
     2.1 --- a/xen/arch/x86/platform_hypercall.c	Thu Sep 04 11:23:08 2008 +0100
     2.2 +++ b/xen/arch/x86/platform_hypercall.c	Thu Sep 04 11:25:09 2008 +0100
     2.3 @@ -192,6 +192,10 @@ ret_t do_platform_op(XEN_GUEST_HANDLE(xe
     2.4      break;
     2.5  
     2.6      case XENPF_firmware_info:
     2.7 +        ret = xsm_firmware_info();
     2.8 +        if ( ret )
     2.9 +            break;
    2.10 +
    2.11          switch ( op->u.firmware_info.type )
    2.12          {
    2.13          case XEN_FW_DISK_INFO: {
    2.14 @@ -280,10 +284,18 @@ ret_t do_platform_op(XEN_GUEST_HANDLE(xe
    2.15          break;
    2.16  
    2.17      case XENPF_enter_acpi_sleep:
    2.18 +        ret = xsm_acpi_sleep();
    2.19 +        if ( ret )
    2.20 +            break;
    2.21 +
    2.22          ret = acpi_enter_sleep(&op->u.enter_acpi_sleep);
    2.23          break;
    2.24  
    2.25      case XENPF_change_freq:
    2.26 +        ret = xsm_change_freq();
    2.27 +        if ( ret )
    2.28 +            break;
    2.29 +
    2.30          ret = -ENOSYS;
    2.31          if ( cpufreq_controller != FREQCTL_dom0_kernel )
    2.32              break;
    2.33 @@ -306,6 +318,10 @@ ret_t do_platform_op(XEN_GUEST_HANDLE(xe
    2.34          XEN_GUEST_HANDLE(uint8) cpumap_bitmap;
    2.35          XEN_GUEST_HANDLE(uint64) idletimes;
    2.36  
    2.37 +        ret = xsm_getidletime();
    2.38 +        if ( ret )
    2.39 +            break;
    2.40 +
    2.41          ret = -ENOSYS;
    2.42          if ( cpufreq_controller != FREQCTL_dom0_kernel )
    2.43              break;
     3.1 --- a/xen/common/domctl.c	Thu Sep 04 11:23:08 2008 +0100
     3.2 +++ b/xen/common/domctl.c	Thu Sep 04 11:25:09 2008 +0100
     3.3 @@ -726,16 +726,11 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
     3.4          if ( d == NULL )
     3.5              break;
     3.6  
     3.7 -        ret = xsm_irq_permission(d, pirq, op->u.irq_permission.allow_access);
     3.8 -        if ( ret )
     3.9 -            goto irq_permission_out;
    3.10 -        
    3.11          if ( op->u.irq_permission.allow_access )
    3.12              ret = irq_permit_access(d, pirq);
    3.13          else
    3.14              ret = irq_deny_access(d, pirq);
    3.15  
    3.16 -    irq_permission_out:
    3.17          rcu_unlock_domain(d);
    3.18      }
    3.19      break;
    3.20 @@ -755,16 +750,11 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
    3.21          if ( d == NULL )
    3.22              break;
    3.23  
    3.24 -        ret = xsm_iomem_permission(d, mfn, op->u.iomem_permission.allow_access);
    3.25 -        if ( ret )
    3.26 -            goto iomem_permission_out;
    3.27 -
    3.28          if ( op->u.iomem_permission.allow_access )
    3.29              ret = iomem_permit_access(d, mfn, mfn + nr_mfns - 1);
    3.30          else
    3.31              ret = iomem_deny_access(d, mfn, mfn + nr_mfns - 1);
    3.32  
    3.33 -    iomem_permission_out:
    3.34          rcu_unlock_domain(d);
    3.35      }
    3.36      break;
    3.37 @@ -812,6 +802,12 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
    3.38              goto set_target_out;
    3.39          }
    3.40  
    3.41 +        ret = xsm_set_target(d, e);
    3.42 +        if ( ret ) {
    3.43 +            put_domain(e);
    3.44 +            goto set_target_out;            
    3.45 +        }
    3.46 +
    3.47          /* Hold reference on @e until we destroy @d. */
    3.48          d->target = e;
    3.49  
     4.1 --- a/xen/common/rangeset.c	Thu Sep 04 11:23:08 2008 +0100
     4.2 +++ b/xen/common/rangeset.c	Thu Sep 04 11:25:09 2008 +0100
     4.3 @@ -10,6 +10,7 @@
     4.4  #include <xen/sched.h>
     4.5  #include <xen/errno.h>
     4.6  #include <xen/rangeset.h>
     4.7 +#include <xsm/xsm.h>
     4.8  
     4.9  /* An inclusive range [s,e] and pointer to next range in ascending order. */
    4.10  struct range {
    4.11 @@ -96,6 +97,10 @@ int rangeset_add_range(
    4.12      struct range *x, *y;
    4.13      int rc = 0;
    4.14  
    4.15 +    rc = xsm_add_range(r->domain, r->name, s, e);
    4.16 +    if ( rc )
    4.17 +        return rc;
    4.18 +
    4.19      ASSERT(s <= e);
    4.20  
    4.21      spin_lock(&r->lock);
    4.22 @@ -164,6 +169,10 @@ int rangeset_remove_range(
    4.23      struct range *x, *y, *t;
    4.24      int rc = 0;
    4.25  
    4.26 +    rc = xsm_remove_range(r->domain, r->name, s, e);
    4.27 +    if ( rc )
    4.28 +        return rc;
    4.29 +
    4.30      ASSERT(s <= e);
    4.31  
    4.32      spin_lock(&r->lock);
     5.1 --- a/xen/common/sysctl.c	Thu Sep 04 11:23:08 2008 +0100
     5.2 +++ b/xen/common/sysctl.c	Thu Sep 04 11:25:09 2008 +0100
     5.3 @@ -149,6 +149,10 @@ long do_sysctl(XEN_GUEST_HANDLE(xen_sysc
     5.4          char c;
     5.5          uint32_t i;
     5.6  
     5.7 +        ret = xsm_debug_keys();
     5.8 +        if ( ret )
     5.9 +            break;
    5.10 +
    5.11          for ( i = 0; i < op->u.debug_keys.nr_keys; i++ )
    5.12          {
    5.13              if ( copy_from_guest_offset(&c, op->u.debug_keys.keys, i, 1) )
    5.14 @@ -166,6 +170,10 @@ long do_sysctl(XEN_GUEST_HANDLE(xen_sysc
    5.15  
    5.16          nr_cpus = min_t(uint32_t, op->u.getcpuinfo.max_cpus, NR_CPUS);
    5.17  
    5.18 +        ret = xsm_getcpuinfo();
    5.19 +        if ( ret )
    5.20 +            break;
    5.21 +
    5.22          for ( i = 0; i < nr_cpus; i++ )
    5.23          {
    5.24              /* Assume no holes in idle-vcpu map. */
    5.25 @@ -188,6 +196,10 @@ long do_sysctl(XEN_GUEST_HANDLE(xen_sysc
    5.26  
    5.27      case XEN_SYSCTL_availheap:
    5.28      { 
    5.29 +        ret = xsm_availheap();
    5.30 +        if ( ret )
    5.31 +            break;
    5.32 +
    5.33          op->u.availheap.avail_bytes = avail_domheap_pages_region(
    5.34              op->u.availheap.node,
    5.35              op->u.availheap.min_bitwidth,
     6.1 --- a/xen/include/xsm/xsm.h	Thu Sep 04 11:23:08 2008 +0100
     6.2 +++ b/xen/include/xsm/xsm.h	Thu Sep 04 11:25:09 2008 +0100
     6.3 @@ -64,16 +64,17 @@ struct xsm_operations {
     6.4      int (*getvcpucontext) (struct domain *d);
     6.5      int (*getvcpuinfo) (struct domain *d);
     6.6      int (*domain_settime) (struct domain *d);
     6.7 +    int (*set_target) (struct domain *d, struct domain *e);
     6.8      int (*tbufcontrol) (void);
     6.9      int (*readconsole) (uint32_t clear);
    6.10      int (*sched_id) (void);
    6.11      int (*setdomainmaxmem) (struct domain *d);
    6.12      int (*setdomainhandle) (struct domain *d);
    6.13      int (*setdebugging) (struct domain *d);
    6.14 -    int (*irq_permission) (struct domain *d, uint8_t pirq, uint8_t access);
    6.15 -    int (*iomem_permission) (struct domain *d, unsigned long mfn, 
    6.16 -                                                                uint8_t access);
    6.17      int (*perfcontrol) (void);
    6.18 +    int (*debug_keys) (void);
    6.19 +    int (*getcpuinfo) (void);
    6.20 +    int (*availheap) (void);
    6.21  
    6.22      int (*evtchn_unbound) (struct domain *d, struct evtchn *chn, domid_t id2);
    6.23      int (*evtchn_interdomain) (struct domain *d1, struct evtchn *chn1,
    6.24 @@ -106,13 +107,13 @@ struct xsm_operations {
    6.25  
    6.26      int (*kexec) (void);
    6.27      int (*schedop_shutdown) (struct domain *d1, struct domain *d2);
    6.28 +    int (*add_range) (struct domain *d, char *name, unsigned long s, unsigned long e);
    6.29 +    int (*remove_range) (struct domain *d, char *name, unsigned long s, unsigned long e);
    6.30  
    6.31      long (*__do_xsm_op) (XEN_GUEST_HANDLE(xsm_op_t) op);
    6.32  
    6.33  #ifdef CONFIG_X86
    6.34      int (*shadow_control) (struct domain *d, uint32_t op);
    6.35 -    int (*ioport_permission) (struct domain *d, uint32_t ioport, 
    6.36 -                                                                uint8_t access);
    6.37      int (*getpageframeinfo) (struct page_info *page);
    6.38      int (*getmemlist) (struct domain *d);
    6.39      int (*hypercall_init) (struct domain *d);
    6.40 @@ -130,6 +131,10 @@ struct xsm_operations {
    6.41      int (*microcode) (void);
    6.42      int (*physinfo) (void);
    6.43      int (*platform_quirk) (uint32_t);
    6.44 +    int (*firmware_info) (void);
    6.45 +    int (*acpi_sleep) (void);
    6.46 +    int (*change_freq) (void);
    6.47 +    int (*getidletime) (void);
    6.48      int (*machine_memory_map) (void);
    6.49      int (*domain_memory_map) (struct domain *d);
    6.50      int (*mmu_normal_update) (struct domain *d, intpte_t fpte);
    6.51 @@ -137,6 +142,13 @@ struct xsm_operations {
    6.52      int (*update_va_mapping) (struct domain *d, l1_pgentry_t pte);
    6.53      int (*add_to_physmap) (struct domain *d1, struct domain *d2);
    6.54      int (*remove_from_physmap) (struct domain *d1, struct domain *d2);
    6.55 +    int (*sendtrigger) (struct domain *d);
    6.56 +    int (*test_assign_device) (uint32_t machine_bdf);
    6.57 +    int (*assign_device) (struct domain *d, uint32_t machine_bdf);
    6.58 +    int (*deassign_device) (struct domain *d, uint32_t machine_bdf);
    6.59 +    int (*bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind);
    6.60 +    int (*pin_mem_cacheattr) (struct domain *d);
    6.61 +    int (*ext_vcpucontext) (struct domain *d, uint32_t cmd);
    6.62  #endif
    6.63  };
    6.64  
    6.65 @@ -215,6 +227,11 @@ static inline int xsm_domain_settime (st
    6.66      return xsm_call(domain_settime(d));
    6.67  }
    6.68  
    6.69 +static inline int xsm_set_target (struct domain *d, struct domain *e)
    6.70 +{
    6.71 +    return xsm_call(set_target(d, e));
    6.72 +}
    6.73 +
    6.74  static inline int xsm_tbufcontrol (void)
    6.75  {
    6.76      return xsm_call(tbufcontrol());
    6.77 @@ -245,23 +262,26 @@ static inline int xsm_setdebugging (stru
    6.78      return xsm_call(setdebugging(d));
    6.79  }
    6.80  
    6.81 -static inline int xsm_irq_permission (struct domain *d, uint8_t pirq,
    6.82 -                                                                uint8_t access)
    6.83 -{
    6.84 -    return xsm_call(irq_permission(d, pirq, access));
    6.85 -} 
    6.86 -
    6.87 -static inline int xsm_iomem_permission (struct domain *d, unsigned long mfn,
    6.88 -                                                                uint8_t access)
    6.89 -{
    6.90 -    return xsm_call(iomem_permission(d, mfn, access));
    6.91 -}
    6.92 -
    6.93  static inline int xsm_perfcontrol (void)
    6.94  {
    6.95      return xsm_call(perfcontrol());
    6.96  }
    6.97  
    6.98 +static inline int xsm_debug_keys (void)
    6.99 +{
   6.100 +    return xsm_call(debug_keys());
   6.101 +}
   6.102 +
   6.103 +static inline int xsm_availheap (void)
   6.104 +{
   6.105 +    return xsm_call(availheap());
   6.106 +}
   6.107 +
   6.108 +static inline int xsm_getcpuinfo (void)
   6.109 +{
   6.110 +    return xsm_call(getcpuinfo());
   6.111 +}
   6.112 +
   6.113  static inline int xsm_evtchn_unbound (struct domain *d1, struct evtchn *chn,
   6.114                                                                      domid_t id2)
   6.115  {
   6.116 @@ -387,6 +407,18 @@ static inline int xsm_schedop_shutdown (
   6.117      return xsm_call(schedop_shutdown(d1, d2));
   6.118  }
   6.119  
   6.120 +static inline int xsm_add_range (struct domain *d, char *name, unsigned long s,
   6.121 +                                                                        unsigned long e)
   6.122 +{
   6.123 +    return xsm_call(add_range(d, name, s, e));
   6.124 +}
   6.125 + 
   6.126 +static inline int xsm_remove_range (struct domain *d, char *name, unsigned long s,
   6.127 +                                                                        unsigned long e)
   6.128 +{
   6.129 +    return xsm_call(remove_range(d, name, s, e));
   6.130 +}
   6.131 +
   6.132  static inline long __do_xsm_op (XEN_GUEST_HANDLE(xsm_op_t) op)
   6.133  {
   6.134      return xsm_call(__do_xsm_op(op));
   6.135 @@ -413,12 +445,6 @@ static inline int xsm_shadow_control (st
   6.136      return xsm_call(shadow_control(d, op));
   6.137  }
   6.138  
   6.139 -static inline int xsm_ioport_permission (struct domain *d, uint32_t ioport,
   6.140 -                                                                uint8_t access)
   6.141 -{
   6.142 -    return xsm_call(ioport_permission(d, ioport, access));
   6.143 -}
   6.144 -
   6.145  static inline int xsm_getpageframeinfo (struct page_info *page)
   6.146  {
   6.147      return xsm_call(getpageframeinfo(page));
   6.148 @@ -504,6 +530,26 @@ static inline int xsm_platform_quirk (ui
   6.149      return xsm_call(platform_quirk(quirk));
   6.150  }
   6.151  
   6.152 +static inline int xsm_firmware_info (void)
   6.153 +{
   6.154 +    return xsm_call(firmware_info());
   6.155 +}
   6.156 +
   6.157 +static inline int xsm_acpi_sleep (void)
   6.158 +{
   6.159 +    return xsm_call(acpi_sleep());
   6.160 +}
   6.161 +
   6.162 +static inline int xsm_change_freq (void)
   6.163 +{
   6.164 +    return xsm_call(change_freq());
   6.165 +}
   6.166 +
   6.167 +static inline int xsm_getidletime (void)
   6.168 +{
   6.169 +    return xsm_call(getidletime());
   6.170 +}
   6.171 +
   6.172  static inline int xsm_machine_memory_map(void)
   6.173  {
   6.174      return xsm_call(machine_memory_map());
   6.175 @@ -538,6 +584,42 @@ static inline int xsm_remove_from_physma
   6.176  {
   6.177      return xsm_call(remove_from_physmap(d1, d2));
   6.178  }
   6.179 +
   6.180 +static inline int xsm_sendtrigger(struct domain *d)
   6.181 +{
   6.182 +    return xsm_call(sendtrigger(d));
   6.183 +}
   6.184 +
   6.185 +static inline int xsm_test_assign_device(uint32_t machine_bdf)
   6.186 +{
   6.187 +    return xsm_call(test_assign_device(machine_bdf));
   6.188 +}
   6.189 +
   6.190 +static inline int xsm_assign_device(struct domain *d, uint32_t machine_bdf)
   6.191 +{
   6.192 +    return xsm_call(assign_device(d, machine_bdf));
   6.193 +}
   6.194 +
   6.195 +static inline int xsm_deassign_device(struct domain *d, uint32_t machine_bdf)
   6.196 +{
   6.197 +    return xsm_call(deassign_device(d, machine_bdf));
   6.198 +}
   6.199 +
   6.200 +static inline int xsm_bind_pt_irq(struct domain *d, 
   6.201 +                                                struct xen_domctl_bind_pt_irq *bind)
   6.202 +{
   6.203 +    return xsm_call(bind_pt_irq(d, bind));
   6.204 +}
   6.205 +
   6.206 +static inline int xsm_pin_mem_cacheattr(struct domain *d)
   6.207 +{
   6.208 +    return xsm_call(pin_mem_cacheattr(d));
   6.209 +}
   6.210 +
   6.211 +static inline int xsm_ext_vcpucontext(struct domain *d, uint32_t cmd)
   6.212 +{
   6.213 +    return xsm_call(ext_vcpucontext(d, cmd));
   6.214 +}
   6.215  #endif /* CONFIG_X86 */
   6.216  
   6.217  #endif /* __XSM_H */
     7.1 --- a/xen/xsm/dummy.c	Thu Sep 04 11:23:08 2008 +0100
     7.2 +++ b/xen/xsm/dummy.c	Thu Sep 04 11:25:09 2008 +0100
     7.3 @@ -84,6 +84,11 @@ static int dummy_domain_settime (struct 
     7.4      return 0;
     7.5  }
     7.6  
     7.7 +static int dummy_set_target (struct domain *d, struct domain *e)
     7.8 +{
     7.9 +    return 0;
    7.10 +}
    7.11 +
    7.12  static int dummy_tbufcontrol (void)
    7.13  {
    7.14      return 0;
    7.15 @@ -114,18 +119,22 @@ static int dummy_setdebugging (struct do
    7.16      return 0;
    7.17  }
    7.18  
    7.19 -static int dummy_irq_permission (struct domain *d, uint8_t pirq, uint8_t access)
    7.20 +static int dummy_perfcontrol (void)
    7.21  {
    7.22      return 0;
    7.23  }
    7.24  
    7.25 -static int dummy_iomem_permission (struct domain *d, unsigned long mfn,
    7.26 -                                                                uint8_t access)
    7.27 +static int dummy_debug_keys (void)
    7.28  {
    7.29      return 0;
    7.30  }
    7.31  
    7.32 -static int dummy_perfcontrol (void)
    7.33 +static int dummy_getcpuinfo (void)
    7.34 +{
    7.35 +    return 0;
    7.36 +}
    7.37 +
    7.38 +static int dummy_availheap (void)
    7.39  {
    7.40      return 0;
    7.41  }
    7.42 @@ -259,14 +268,19 @@ static long dummy___do_xsm_op(XEN_GUEST_
    7.43      return -ENOSYS;
    7.44  }
    7.45  
    7.46 -#ifdef CONFIG_X86
    7.47 -static int dummy_shadow_control (struct domain *d, uint32_t op)
    7.48 +static int dummy_add_range (struct domain *d, char *name, unsigned long s, unsigned long e)
    7.49  {
    7.50      return 0;
    7.51  }
    7.52  
    7.53 -static int dummy_ioport_permission (struct domain *d, uint32_t ioport, 
    7.54 -                                                                uint8_t access)
    7.55 +static int dummy_remove_range (struct domain *d, char *name, unsigned long s, 
    7.56 +                                                                        unsigned long e)
    7.57 +{
    7.58 +    return 0;
    7.59 +}
    7.60 +
    7.61 +#ifdef CONFIG_X86
    7.62 +static int dummy_shadow_control (struct domain *d, uint32_t op)
    7.63  {
    7.64      return 0;
    7.65  }
    7.66 @@ -356,6 +370,26 @@ static int dummy_platform_quirk (uint32_
    7.67      return 0;
    7.68  }
    7.69  
    7.70 +static int dummy_firmware_info (void)
    7.71 +{
    7.72 +    return 0;
    7.73 +}
    7.74 +
    7.75 +static int dummy_acpi_sleep (void)
    7.76 +{
    7.77 +    return 0;
    7.78 +}
    7.79 +
    7.80 +static int dummy_change_freq (void)
    7.81 +{
    7.82 +    return 0;
    7.83 +}
    7.84 +
    7.85 +static int dummy_getidletime (void)
    7.86 +{
    7.87 +    return 0;
    7.88 +}
    7.89 +
    7.90  static int dummy_machine_memory_map (void)
    7.91  {
    7.92      return 0;
    7.93 @@ -386,6 +420,41 @@ static int dummy_add_to_physmap (struct 
    7.94      return 0;
    7.95  }
    7.96  
    7.97 +static int dummy_sendtrigger (struct domain *d)
    7.98 +{
    7.99 +    return 0;
   7.100 +}
   7.101 +
   7.102 +static int dummy_test_assign_device (uint32_t machine_bdf)
   7.103 +{
   7.104 +    return 0;
   7.105 +}
   7.106 +
   7.107 +static int dummy_assign_device (struct domain *d, uint32_t machine_bdf)
   7.108 +{
   7.109 +    return 0;
   7.110 +}
   7.111 +
   7.112 +static int dummy_deassign_device (struct domain *d, uint32_t machine_bdf)
   7.113 +{
   7.114 +    return 0;
   7.115 +}
   7.116 +
   7.117 +static int dummy_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq *bind)
   7.118 +{
   7.119 +    return 0;
   7.120 +}
   7.121 +
   7.122 +static int dummy_pin_mem_cacheattr (struct domain *d)
   7.123 +{
   7.124 +    return 0;
   7.125 +}
   7.126 +
   7.127 +static int dummy_ext_vcpucontext (struct domain *d, uint32_t cmd)
   7.128 +{
   7.129 +    return 0;
   7.130 +}
   7.131 +
   7.132  static int dummy_remove_from_physmap (struct domain *d1, struct domain *d2)
   7.133  {
   7.134      return 0;
   7.135 @@ -420,15 +489,17 @@ void xsm_fixup_ops (struct xsm_operation
   7.136      set_to_dummy_if_null(ops, getvcpucontext);
   7.137      set_to_dummy_if_null(ops, getvcpuinfo);
   7.138      set_to_dummy_if_null(ops, domain_settime);
   7.139 +    set_to_dummy_if_null(ops, set_target);
   7.140      set_to_dummy_if_null(ops, tbufcontrol);
   7.141      set_to_dummy_if_null(ops, readconsole);
   7.142      set_to_dummy_if_null(ops, sched_id);
   7.143      set_to_dummy_if_null(ops, setdomainmaxmem);
   7.144      set_to_dummy_if_null(ops, setdomainhandle);
   7.145      set_to_dummy_if_null(ops, setdebugging);
   7.146 -    set_to_dummy_if_null(ops, irq_permission);
   7.147 -    set_to_dummy_if_null(ops, iomem_permission);
   7.148      set_to_dummy_if_null(ops, perfcontrol);
   7.149 +    set_to_dummy_if_null(ops, debug_keys);
   7.150 +    set_to_dummy_if_null(ops, getcpuinfo);
   7.151 +    set_to_dummy_if_null(ops, availheap);
   7.152  
   7.153      set_to_dummy_if_null(ops, evtchn_unbound);
   7.154      set_to_dummy_if_null(ops, evtchn_interdomain);
   7.155 @@ -461,11 +532,13 @@ void xsm_fixup_ops (struct xsm_operation
   7.156      set_to_dummy_if_null(ops, kexec);
   7.157      set_to_dummy_if_null(ops, schedop_shutdown);
   7.158  
   7.159 +    set_to_dummy_if_null(ops, add_range);
   7.160 +    set_to_dummy_if_null(ops, remove_range);
   7.161 +
   7.162      set_to_dummy_if_null(ops, __do_xsm_op);
   7.163  
   7.164  #ifdef CONFIG_X86
   7.165      set_to_dummy_if_null(ops, shadow_control);
   7.166 -    set_to_dummy_if_null(ops, ioport_permission);
   7.167      set_to_dummy_if_null(ops, getpageframeinfo);
   7.168      set_to_dummy_if_null(ops, getmemlist);
   7.169      set_to_dummy_if_null(ops, hypercall_init);
   7.170 @@ -483,6 +556,10 @@ void xsm_fixup_ops (struct xsm_operation
   7.171      set_to_dummy_if_null(ops, microcode);
   7.172      set_to_dummy_if_null(ops, physinfo);
   7.173      set_to_dummy_if_null(ops, platform_quirk);
   7.174 +    set_to_dummy_if_null(ops, firmware_info);
   7.175 +    set_to_dummy_if_null(ops, acpi_sleep);
   7.176 +    set_to_dummy_if_null(ops, change_freq);
   7.177 +    set_to_dummy_if_null(ops, getidletime);
   7.178      set_to_dummy_if_null(ops, machine_memory_map);
   7.179      set_to_dummy_if_null(ops, domain_memory_map);
   7.180      set_to_dummy_if_null(ops, mmu_normal_update);
   7.181 @@ -490,5 +567,12 @@ void xsm_fixup_ops (struct xsm_operation
   7.182      set_to_dummy_if_null(ops, update_va_mapping);
   7.183      set_to_dummy_if_null(ops, add_to_physmap);
   7.184      set_to_dummy_if_null(ops, remove_from_physmap);
   7.185 +    set_to_dummy_if_null(ops, sendtrigger);
   7.186 +    set_to_dummy_if_null(ops, test_assign_device);
   7.187 +    set_to_dummy_if_null(ops, assign_device);
   7.188 +    set_to_dummy_if_null(ops, deassign_device);
   7.189 +    set_to_dummy_if_null(ops, bind_pt_irq);
   7.190 +    set_to_dummy_if_null(ops, pin_mem_cacheattr);
   7.191 +    set_to_dummy_if_null(ops, ext_vcpucontext);
   7.192  #endif
   7.193  }
     8.1 --- a/xen/xsm/flask/hooks.c	Thu Sep 04 11:23:08 2008 +0100
     8.2 +++ b/xen/xsm/flask/hooks.c	Thu Sep 04 11:25:09 2008 +0100
     8.3 @@ -129,8 +129,7 @@ static int flask_evtchn_unbound(struct d
     8.4      if ( rc )
     8.5          goto out;
     8.6  
     8.7 -    rc = avc_has_perm(dsec->sid, newsid, SECCLASS_EVENT,
     8.8 -                                            EVENT__CREATE|EVENT__ALLOC, NULL);
     8.9 +    rc = avc_has_perm(dsec->sid, newsid, SECCLASS_EVENT, EVENT__CREATE, NULL);
    8.10      if ( rc )
    8.11          goto out;
    8.12  
    8.13 @@ -210,7 +209,22 @@ static void flask_evtchn_close_post(stru
    8.14  
    8.15  static int flask_evtchn_send(struct domain *d, struct evtchn *chn)
    8.16  {
    8.17 -    return domain_has_evtchn(d, chn, EVENT__SEND);
    8.18 +    int rc;
    8.19 +
    8.20 +    switch ( chn->state )
    8.21 +    {
    8.22 +    case ECS_INTERDOMAIN:
    8.23 +        rc = domain_has_evtchn(d, chn, EVENT__SEND);
    8.24 +    break;
    8.25 +    case ECS_IPI:
    8.26 +    case ECS_UNBOUND:
    8.27 +        rc = 0;
    8.28 +    break;
    8.29 +    default:
    8.30 +        rc = -EPERM;
    8.31 +    }
    8.32 +
    8.33 +    return rc;
    8.34  }
    8.35  
    8.36  static int flask_evtchn_status(struct domain *d, struct evtchn *chn)
    8.37 @@ -506,22 +520,22 @@ static int flask_domain_create(struct do
    8.38  
    8.39      dsec1 = current->domain->ssid;
    8.40  
    8.41 -    if ( dsec1->create_sid == SECSID_NULL )
    8.42 -        dsec1->create_sid = ssidref;
    8.43 +    if ( dsec1->create_sid == SECSID_NULL ) 
    8.44 +		dsec1->create_sid = ssidref;
    8.45  
    8.46 -    rc = avc_has_perm(dsec1->sid, dsec1->create_sid, SECCLASS_DOMAIN, 
    8.47 -                                                        DOMAIN__CREATE, NULL);
    8.48 -    if ( rc )
    8.49 +	rc = avc_has_perm(dsec1->sid, dsec1->create_sid, SECCLASS_DOMAIN, 
    8.50 +          		                                          DOMAIN__CREATE, NULL);
    8.51 +	if ( rc )
    8.52      {
    8.53 -        dsec1->create_sid = SECSID_NULL;
    8.54 -        return rc;
    8.55 +	    dsec1->create_sid = SECSID_NULL;
    8.56 +		return rc;
    8.57      }
    8.58  
    8.59      dsec2 = d->ssid;
    8.60      dsec2->sid = dsec1->create_sid;
    8.61  
    8.62 -    dsec1->create_sid = SECSID_NULL;
    8.63 -    dsec2->create_sid = SECSID_NULL;
    8.64 +	dsec1->create_sid = SECSID_NULL;
    8.65 +	dsec2->create_sid = SECSID_NULL;
    8.66  
    8.67      return rc;
    8.68  }
    8.69 @@ -592,6 +606,11 @@ static int flask_domain_settime(struct d
    8.70      return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, DOMAIN__SETTIME);
    8.71  }
    8.72  
    8.73 +static int flask_set_target(struct domain *d, struct domain *e)
    8.74 +{
    8.75 +    return domain_has_perm(d, e, SECCLASS_DOMAIN, DOMAIN__SET_TARGET);
    8.76 +}
    8.77 +
    8.78  static int flask_tbufcontrol(void)
    8.79  {
    8.80      return domain_has_xen(current->domain, SECCLASS_XEN);
    8.81 @@ -630,6 +649,21 @@ static int flask_setdebugging(struct dom
    8.82                                                          DOMAIN__SETDEBUGGING);
    8.83  }
    8.84  
    8.85 +static int flask_debug_keys(void)
    8.86 +{
    8.87 +    return domain_has_xen(current->domain, XEN__DEBUG);
    8.88 +}
    8.89 +
    8.90 +static int flask_getcpuinfo(void)
    8.91 +{
    8.92 +    return domain_has_xen(current->domain, XEN__GETCPUINFO);
    8.93 +}
    8.94 +
    8.95 +static int flask_availheap(void)
    8.96 +{
    8.97 +    return domain_has_xen(current->domain, XEN__HEAP);
    8.98 +}
    8.99 +
   8.100  static inline u32 resource_to_perm(uint8_t access)
   8.101  {
   8.102      if ( access )
   8.103 @@ -638,7 +672,7 @@ static inline u32 resource_to_perm(uint8
   8.104          return RESOURCE__REMOVE;
   8.105  }
   8.106  
   8.107 -static int flask_irq_permission(struct domain *d, uint8_t pirq, uint8_t access)
   8.108 +static int irq_has_perm(struct domain *d, uint8_t pirq, uint8_t access)
   8.109  {
   8.110      u32 perm;
   8.111      u32 rsid;
   8.112 @@ -665,16 +699,17 @@ static int flask_irq_permission(struct d
   8.113          return rc;
   8.114  
   8.115      rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, perm, NULL);
   8.116 -
   8.117      if ( rc )
   8.118          return rc;
   8.119  
   8.120 -    return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, 
   8.121 +    if ( access )
   8.122 +        return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, 
   8.123                                                          RESOURCE__USE, NULL);
   8.124 +    else
   8.125 +        return rc;
   8.126  }
   8.127  
   8.128 -static int flask_iomem_permission(struct domain *d, unsigned long mfn, 
   8.129 -                                                                uint8_t access)
   8.130 +static int iomem_has_perm(struct domain *d, unsigned long mfn, uint8_t access)
   8.131  {
   8.132      u32 perm;
   8.133      u32 rsid;
   8.134 @@ -684,7 +719,6 @@ static int flask_iomem_permission(struct
   8.135  
   8.136      rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
   8.137                                                      resource_to_perm(access));
   8.138 -
   8.139      if ( rc )
   8.140          return rc;
   8.141  
   8.142 @@ -743,8 +777,7 @@ static int flask_shadow_control(struct d
   8.143      return domain_has_perm(current->domain, d, SECCLASS_SHADOW, perm);
   8.144  }
   8.145  
   8.146 -static int flask_ioport_permission(struct domain *d, uint32_t ioport, 
   8.147 -                                                                uint8_t access)
   8.148 +static int ioport_has_perm(struct domain *d, uint32_t ioport, uint8_t access)
   8.149  {
   8.150      u32 perm;
   8.151      u32 rsid;
   8.152 @@ -774,8 +807,11 @@ static int flask_ioport_permission(struc
   8.153      if ( rc )
   8.154          return rc;
   8.155  
   8.156 -    return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, 
   8.157 +    if ( access )
   8.158 +        return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, 
   8.159                                                          RESOURCE__USE, NULL);    
   8.160 +    else
   8.161 +        return rc;
   8.162  }
   8.163  
   8.164  static int flask_getpageframeinfo(struct page_info *page)
   8.165 @@ -953,6 +989,26 @@ static int flask_platform_quirk(uint32_t
   8.166                                                              XEN__QUIRK, NULL);
   8.167  }
   8.168  
   8.169 +static int flask_firmware_info(void)
   8.170 +{
   8.171 +    return domain_has_xen(current->domain, XEN__FIRMWARE);
   8.172 +}
   8.173 +
   8.174 +static int flask_acpi_sleep(void)
   8.175 +{
   8.176 +    return domain_has_xen(current->domain, XEN__SLEEP);
   8.177 +}
   8.178 +
   8.179 +static int flask_change_freq(void)
   8.180 +{
   8.181 +    return domain_has_xen(current->domain, XEN__FREQUENCY);
   8.182 +}
   8.183 +
   8.184 +static int flask_getidletime(void)
   8.185 +{
   8.186 +    return domain_has_xen(current->domain, XEN__GETIDLE);
   8.187 +}
   8.188 +
   8.189  static int flask_machine_memory_map(void)
   8.190  {
   8.191      struct domain_security_struct *dsec;
   8.192 @@ -1033,8 +1089,163 @@ static int flask_remove_from_physmap(str
   8.193  {
   8.194      return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PHYSMAP);
   8.195  }
   8.196 +
   8.197 +static int flask_sendtrigger(struct domain *d)
   8.198 +{
   8.199 +    return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, DOMAIN__TRIGGER);
   8.200 +}
   8.201 +
   8.202 +static int flask_test_assign_device(uint32_t machine_bdf)
   8.203 +{
   8.204 +    u32 rsid;
   8.205 +    int rc = -EPERM;
   8.206 +    struct domain_security_struct *ssec = current->domain->ssid;
   8.207 +
   8.208 +    rc = security_device_sid(machine_bdf, &rsid);
   8.209 +    if ( rc )
   8.210 +        return rc;
   8.211 +
   8.212 +    return rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE, NULL);
   8.213 +}
   8.214 +
   8.215 +static int flask_assign_device(struct domain *d, uint32_t machine_bdf)
   8.216 +{
   8.217 +    u32 rsid;
   8.218 +    int rc = -EPERM;
   8.219 +    struct domain_security_struct *ssec, *tsec;
   8.220 +
   8.221 +    rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, RESOURCE__ADD);
   8.222 +    if ( rc )
   8.223 +        return rc;
   8.224 +
   8.225 +    rc = security_device_sid(machine_bdf, &rsid);
   8.226 +    if ( rc )
   8.227 +        return rc;
   8.228 +
   8.229 +    ssec = current->domain->ssid;
   8.230 +    rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, RESOURCE__ADD_DEVICE, NULL);
   8.231 +    if ( rc )
   8.232 +        return rc;
   8.233 +
   8.234 +    tsec = d->ssid;
   8.235 +    return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, RESOURCE__USE, NULL);
   8.236 +}
   8.237 +
   8.238 +static int flask_deassign_device(struct domain *d, uint32_t machine_bdf)
   8.239 +{
   8.240 +    u32 rsid;
   8.241 +    int rc = -EPERM;
   8.242 +    struct domain_security_struct *ssec = current->domain->ssid;
   8.243 +
   8.244 +    rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
   8.245 +    if ( rc )
   8.246 +        return rc;
   8.247 +
   8.248 +    rc = security_device_sid(machine_bdf, &rsid);
   8.249 +    if ( rc )
   8.250 +        return rc;
   8.251 +
   8.252 +    return rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, RESOURCE__REMOVE_DEVICE, NULL);
   8.253 +}
   8.254 +
   8.255 +static int flask_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq *bind)
   8.256 +{
   8.257 +    u32 rsid;
   8.258 +    int rc = -EPERM;
   8.259 +    struct domain_security_struct *ssec, *tsec;
   8.260 +
   8.261 +    rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, RESOURCE__ADD);
   8.262 +    if ( rc )
   8.263 +        return rc;
   8.264 +
   8.265 +    rc = security_pirq_sid(bind->machine_irq, &rsid);
   8.266 +    if ( rc )
   8.267 +        return rc;
   8.268 +
   8.269 +    ssec = current->domain->ssid;
   8.270 +    rc = avc_has_perm(ssec->sid, rsid, SECCLASS_HVM, HVM__BIND_IRQ, NULL);
   8.271 +    if ( rc )
   8.272 +        return rc;
   8.273 +
   8.274 +    tsec = d->ssid;
   8.275 +    return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, RESOURCE__USE, NULL);
   8.276 +}
   8.277 +
   8.278 +static int flask_pin_mem_cacheattr (struct domain *d)
   8.279 +{
   8.280 +    return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__CACHEATTR);
   8.281 +}
   8.282 +
   8.283 +static int flask_ext_vcpucontext (struct domain *d, uint32_t cmd)
   8.284 +{
   8.285 +    u32 perm;
   8.286 +
   8.287 +    switch ( cmd )
   8.288 +    {
   8.289 +        case XEN_DOMCTL_set_ext_vcpucontext:
   8.290 +            perm = DOMAIN__SETEXTVCPUCONTEXT;
   8.291 +        break;
   8.292 +        case XEN_DOMCTL_get_ext_vcpucontext:
   8.293 +            perm = DOMAIN__GETEXTVCPUCONTEXT;
   8.294 +        break;
   8.295 +        default:
   8.296 +            return -EPERM;
   8.297 +    }
   8.298 +
   8.299 +    return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, perm);
   8.300 +}
   8.301  #endif
   8.302  
   8.303 +static int io_has_perm(struct domain *d, char *name, unsigned long s, 
   8.304 +                                                    unsigned long e, u32 access)
   8.305 +{
   8.306 +    int rc = -EPERM;
   8.307 +
   8.308 +    if ( strcmp(name, "I/O Memory") == 0 )
   8.309 +    {
   8.310 +        rc = iomem_has_perm(d, s, access);
   8.311 +        if ( rc )
   8.312 +            return rc;
   8.313 +
   8.314 +        if ( s != e )
   8.315 +            rc = iomem_has_perm(d, s, access);
   8.316 +    }
   8.317 +    else if ( strcmp(name, "Interrupts") == 0 )
   8.318 +    {
   8.319 +        rc = irq_has_perm(d, s, access);
   8.320 +        if ( rc )
   8.321 +            return rc;
   8.322 +
   8.323 +        if ( s != e )
   8.324 +            rc = irq_has_perm(d, e, access);
   8.325 +    }
   8.326 +#ifdef CONFIG_X86
   8.327 +    else if ( strcmp(name, "I/O Ports") == 0 )
   8.328 +    {
   8.329 +        rc = ioport_has_perm(d, s, access);
   8.330 +        if ( rc )
   8.331 +            return rc;
   8.332 +
   8.333 +        if ( s != e )
   8.334 +            rc = ioport_has_perm(d, e, access);
   8.335 +    }
   8.336 +#endif
   8.337 +
   8.338 +    return rc;    
   8.339 +}
   8.340 +
   8.341 +static int flask_add_range(struct domain *d, char *name, unsigned long s,
   8.342 +                                                                    unsigned long e)
   8.343 +{
   8.344 +    return io_has_perm(d, name, s, e, 1);
   8.345 +}
   8.346 +
   8.347 +static int flask_remove_range(struct domain *d, char *name, unsigned long s,
   8.348 +                                                                    unsigned long e)
   8.349 +{
   8.350 +    return io_has_perm(d, name, s, e, 0);
   8.351 +}
   8.352 +
   8.353  long do_flask_op(XEN_GUEST_HANDLE(xsm_op_t) u_flask_op);
   8.354  
   8.355  static struct xsm_operations flask_ops = {
   8.356 @@ -1052,15 +1263,17 @@ static struct xsm_operations flask_ops =
   8.357      .getvcpucontext = flask_getvcpucontext,
   8.358      .getvcpuinfo = flask_getvcpuinfo,
   8.359      .domain_settime = flask_domain_settime,
   8.360 +    .set_target = flask_set_target,
   8.361      .tbufcontrol = flask_tbufcontrol,
   8.362      .readconsole = flask_readconsole,
   8.363      .sched_id = flask_sched_id,
   8.364      .setdomainmaxmem = flask_setdomainmaxmem,
   8.365      .setdomainhandle = flask_setdomainhandle,
   8.366      .setdebugging = flask_setdebugging,
   8.367 -    .irq_permission = flask_irq_permission,
   8.368 -    .iomem_permission = flask_iomem_permission,
   8.369      .perfcontrol = flask_perfcontrol,
   8.370 +    .debug_keys = flask_debug_keys,
   8.371 +    .getcpuinfo = flask_getcpuinfo,
   8.372 +    .availheap = flask_availheap,
   8.373  
   8.374      .evtchn_unbound = flask_evtchn_unbound,
   8.375      .evtchn_interdomain = flask_evtchn_interdomain,
   8.376 @@ -1093,11 +1306,13 @@ static struct xsm_operations flask_ops =
   8.377      .kexec = flask_kexec,
   8.378      .schedop_shutdown = flask_schedop_shutdown,
   8.379  
   8.380 +    .add_range = flask_add_range,
   8.381 +    .remove_range = flask_remove_range,
   8.382 +
   8.383      .__do_xsm_op = do_flask_op,
   8.384  
   8.385  #ifdef CONFIG_X86
   8.386      .shadow_control = flask_shadow_control,
   8.387 -    .ioport_permission = flask_ioport_permission,
   8.388      .getpageframeinfo = flask_getpageframeinfo,
   8.389      .getmemlist = flask_getmemlist,
   8.390      .hypercall_init = flask_hypercall_init,
   8.391 @@ -1114,6 +1329,10 @@ static struct xsm_operations flask_ops =
   8.392      .microcode = flask_microcode,
   8.393      .physinfo = flask_physinfo,
   8.394      .platform_quirk = flask_platform_quirk,
   8.395 +    .firmware_info = flask_firmware_info,
   8.396 +    .acpi_sleep = flask_acpi_sleep,
   8.397 +    .change_freq = flask_change_freq,
   8.398 +    .getidletime = flask_getidletime,
   8.399      .machine_memory_map = flask_machine_memory_map,
   8.400      .domain_memory_map = flask_domain_memory_map,
   8.401      .mmu_normal_update = flask_mmu_normal_update,
   8.402 @@ -1121,6 +1340,13 @@ static struct xsm_operations flask_ops =
   8.403      .update_va_mapping = flask_update_va_mapping,
   8.404      .add_to_physmap = flask_add_to_physmap,
   8.405      .remove_from_physmap = flask_remove_from_physmap,
   8.406 +    .sendtrigger = flask_sendtrigger,
   8.407 +    .test_assign_device = flask_test_assign_device,
   8.408 +    .assign_device = flask_assign_device,
   8.409 +    .deassign_device = flask_deassign_device,
   8.410 +    .bind_pt_irq = flask_bind_pt_irq,
   8.411 +    .pin_mem_cacheattr = flask_pin_mem_cacheattr,
   8.412 +    .ext_vcpucontext = flask_ext_vcpucontext,
   8.413  #endif
   8.414  };
   8.415  
     9.1 --- a/xen/xsm/flask/include/av_perm_to_string.h	Thu Sep 04 11:23:08 2008 +0100
     9.2 +++ b/xen/xsm/flask/include/av_perm_to_string.h	Thu Sep 04 11:25:09 2008 +0100
     9.3 @@ -17,11 +17,19 @@
     9.4     S_(SECCLASS_XEN, XEN__PRIVPROFILE, "privprofile")
     9.5     S_(SECCLASS_XEN, XEN__NONPRIVPROFILE, "nonprivprofile")
     9.6     S_(SECCLASS_XEN, XEN__KEXEC, "kexec")
     9.7 +   S_(SECCLASS_XEN, XEN__FIRMWARE, "firmware")
     9.8 +   S_(SECCLASS_XEN, XEN__SLEEP, "sleep")
     9.9 +   S_(SECCLASS_XEN, XEN__FREQUENCY, "frequency")
    9.10 +   S_(SECCLASS_XEN, XEN__GETIDLE, "getidle")
    9.11 +   S_(SECCLASS_XEN, XEN__DEBUG, "debug")
    9.12 +   S_(SECCLASS_XEN, XEN__GETCPUINFO, "getcpuinfo")
    9.13 +   S_(SECCLASS_XEN, XEN__HEAP, "heap")
    9.14     S_(SECCLASS_DOMAIN, DOMAIN__SETVCPUCONTEXT, "setvcpucontext")
    9.15     S_(SECCLASS_DOMAIN, DOMAIN__PAUSE, "pause")
    9.16     S_(SECCLASS_DOMAIN, DOMAIN__UNPAUSE, "unpause")
    9.17     S_(SECCLASS_DOMAIN, DOMAIN__RESUME, "resume")
    9.18     S_(SECCLASS_DOMAIN, DOMAIN__CREATE, "create")
    9.19 +   S_(SECCLASS_DOMAIN, DOMAIN__TRANSITION, "transition")
    9.20     S_(SECCLASS_DOMAIN, DOMAIN__MAX_VCPUS, "max_vcpus")
    9.21     S_(SECCLASS_DOMAIN, DOMAIN__DESTROY, "destroy")
    9.22     S_(SECCLASS_DOMAIN, DOMAIN__SETVCPUAFFINITY, "setvcpuaffinity")
    9.23 @@ -34,11 +42,14 @@
    9.24     S_(SECCLASS_DOMAIN, DOMAIN__SETDOMAINHANDLE, "setdomainhandle")
    9.25     S_(SECCLASS_DOMAIN, DOMAIN__SETDEBUGGING, "setdebugging")
    9.26     S_(SECCLASS_DOMAIN, DOMAIN__HYPERCALL, "hypercall")
    9.27 -   S_(SECCLASS_DOMAIN, DOMAIN__TRANSITION, "transition")
    9.28     S_(SECCLASS_DOMAIN, DOMAIN__SETTIME, "settime")
    9.29 +   S_(SECCLASS_DOMAIN, DOMAIN__SET_TARGET, "set_target")
    9.30     S_(SECCLASS_DOMAIN, DOMAIN__SHUTDOWN, "shutdown")
    9.31     S_(SECCLASS_DOMAIN, DOMAIN__SETADDRSIZE, "setaddrsize")
    9.32     S_(SECCLASS_DOMAIN, DOMAIN__GETADDRSIZE, "getaddrsize")
    9.33 +   S_(SECCLASS_DOMAIN, DOMAIN__TRIGGER, "trigger")
    9.34 +   S_(SECCLASS_DOMAIN, DOMAIN__GETEXTVCPUCONTEXT, "getextvcpucontext")
    9.35 +   S_(SECCLASS_DOMAIN, DOMAIN__SETEXTVCPUCONTEXT, "setextvcpucontext")
    9.36     S_(SECCLASS_HVM, HVM__SETHVMC, "sethvmc")
    9.37     S_(SECCLASS_HVM, HVM__GETHVMC, "gethvmc")
    9.38     S_(SECCLASS_HVM, HVM__SETPARAM, "setparam")
    9.39 @@ -46,14 +57,13 @@
    9.40     S_(SECCLASS_HVM, HVM__PCILEVEL, "pcilevel")
    9.41     S_(SECCLASS_HVM, HVM__IRQLEVEL, "irqlevel")
    9.42     S_(SECCLASS_HVM, HVM__PCIROUTE, "pciroute")
    9.43 +   S_(SECCLASS_HVM, HVM__BIND_IRQ, "bind_irq")
    9.44 +   S_(SECCLASS_HVM, HVM__CACHEATTR, "cacheattr")
    9.45     S_(SECCLASS_EVENT, EVENT__BIND, "bind")
    9.46 -   S_(SECCLASS_EVENT, EVENT__CLOSE, "close")
    9.47     S_(SECCLASS_EVENT, EVENT__SEND, "send")
    9.48     S_(SECCLASS_EVENT, EVENT__STATUS, "status")
    9.49 -   S_(SECCLASS_EVENT, EVENT__UNMASK, "unmask")
    9.50     S_(SECCLASS_EVENT, EVENT__NOTIFY, "notify")
    9.51     S_(SECCLASS_EVENT, EVENT__CREATE, "create")
    9.52 -   S_(SECCLASS_EVENT, EVENT__ALLOC, "alloc")
    9.53     S_(SECCLASS_EVENT, EVENT__VECTOR, "vector")
    9.54     S_(SECCLASS_EVENT, EVENT__RESET, "reset")
    9.55     S_(SECCLASS_GRANT, GRANT__MAP_READ, "map_read")
    9.56 @@ -87,6 +97,9 @@
    9.57     S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_IOPORT, "remove_ioport")
    9.58     S_(SECCLASS_RESOURCE, RESOURCE__ADD_IOMEM, "add_iomem")
    9.59     S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_IOMEM, "remove_iomem")
    9.60 +   S_(SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE, "stat_device")
    9.61 +   S_(SECCLASS_RESOURCE, RESOURCE__ADD_DEVICE, "add_device")
    9.62 +   S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_DEVICE, "remove_device")
    9.63     S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av")
    9.64     S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create")
    9.65     S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member")
    10.1 --- a/xen/xsm/flask/include/av_permissions.h	Thu Sep 04 11:23:08 2008 +0100
    10.2 +++ b/xen/xsm/flask/include/av_permissions.h	Thu Sep 04 11:25:09 2008 +0100
    10.3 @@ -17,29 +17,40 @@
    10.4  #define XEN__PRIVPROFILE                          0x00008000UL
    10.5  #define XEN__NONPRIVPROFILE                       0x00010000UL
    10.6  #define XEN__KEXEC                                0x00020000UL
    10.7 +#define XEN__FIRMWARE                             0x00040000UL
    10.8 +#define XEN__SLEEP                                0x00080000UL
    10.9 +#define XEN__FREQUENCY                            0x00100000UL
   10.10 +#define XEN__GETIDLE                              0x00200000UL
   10.11 +#define XEN__DEBUG                                0x00400000UL
   10.12 +#define XEN__GETCPUINFO                           0x00800000UL
   10.13 +#define XEN__HEAP                                 0x01000000UL
   10.14  
   10.15  #define DOMAIN__SETVCPUCONTEXT                    0x00000001UL
   10.16  #define DOMAIN__PAUSE                             0x00000002UL
   10.17  #define DOMAIN__UNPAUSE                           0x00000004UL
   10.18  #define DOMAIN__RESUME                            0x00000008UL
   10.19  #define DOMAIN__CREATE                            0x00000010UL
   10.20 -#define DOMAIN__MAX_VCPUS                         0x00000020UL
   10.21 -#define DOMAIN__DESTROY                           0x00000040UL
   10.22 -#define DOMAIN__SETVCPUAFFINITY                   0x00000080UL
   10.23 -#define DOMAIN__GETVCPUAFFINITY                   0x00000100UL
   10.24 -#define DOMAIN__SCHEDULER                         0x00000200UL
   10.25 -#define DOMAIN__GETDOMAININFO                     0x00000400UL
   10.26 -#define DOMAIN__GETVCPUINFO                       0x00000800UL
   10.27 -#define DOMAIN__GETVCPUCONTEXT                    0x00001000UL
   10.28 -#define DOMAIN__SETDOMAINMAXMEM                   0x00002000UL
   10.29 -#define DOMAIN__SETDOMAINHANDLE                   0x00004000UL
   10.30 -#define DOMAIN__SETDEBUGGING                      0x00008000UL
   10.31 -#define DOMAIN__HYPERCALL                         0x00010000UL
   10.32 -#define DOMAIN__TRANSITION                        0x00020000UL
   10.33 +#define DOMAIN__TRANSITION                        0x00000020UL
   10.34 +#define DOMAIN__MAX_VCPUS                         0x00000040UL
   10.35 +#define DOMAIN__DESTROY                           0x00000080UL
   10.36 +#define DOMAIN__SETVCPUAFFINITY                   0x00000100UL
   10.37 +#define DOMAIN__GETVCPUAFFINITY                   0x00000200UL
   10.38 +#define DOMAIN__SCHEDULER                         0x00000400UL
   10.39 +#define DOMAIN__GETDOMAININFO                     0x00000800UL
   10.40 +#define DOMAIN__GETVCPUINFO                       0x00001000UL
   10.41 +#define DOMAIN__GETVCPUCONTEXT                    0x00002000UL
   10.42 +#define DOMAIN__SETDOMAINMAXMEM                   0x00004000UL
   10.43 +#define DOMAIN__SETDOMAINHANDLE                   0x00008000UL
   10.44 +#define DOMAIN__SETDEBUGGING                      0x00010000UL
   10.45 +#define DOMAIN__HYPERCALL                         0x00020000UL
   10.46  #define DOMAIN__SETTIME                           0x00040000UL
   10.47 -#define DOMAIN__SHUTDOWN                          0x00080000UL
   10.48 -#define DOMAIN__SETADDRSIZE                       0x00100000UL
   10.49 -#define DOMAIN__GETADDRSIZE                       0x00200000UL
   10.50 +#define DOMAIN__SET_TARGET                        0x00080000UL
   10.51 +#define DOMAIN__SHUTDOWN                          0x00100000UL
   10.52 +#define DOMAIN__SETADDRSIZE                       0x00200000UL
   10.53 +#define DOMAIN__GETADDRSIZE                       0x00400000UL
   10.54 +#define DOMAIN__TRIGGER                           0x00800000UL
   10.55 +#define DOMAIN__GETEXTVCPUCONTEXT                 0x01000000UL
   10.56 +#define DOMAIN__SETEXTVCPUCONTEXT                 0x02000000UL
   10.57  
   10.58  #define HVM__SETHVMC                              0x00000001UL
   10.59  #define HVM__GETHVMC                              0x00000002UL
   10.60 @@ -48,17 +59,16 @@
   10.61  #define HVM__PCILEVEL                             0x00000010UL
   10.62  #define HVM__IRQLEVEL                             0x00000020UL
   10.63  #define HVM__PCIROUTE                             0x00000040UL
   10.64 +#define HVM__BIND_IRQ                             0x00000080UL
   10.65 +#define HVM__CACHEATTR                            0x00000100UL
   10.66  
   10.67  #define EVENT__BIND                               0x00000001UL
   10.68 -#define EVENT__CLOSE                              0x00000002UL
   10.69 -#define EVENT__SEND                               0x00000004UL
   10.70 -#define EVENT__STATUS                             0x00000008UL
   10.71 -#define EVENT__UNMASK                             0x00000010UL
   10.72 -#define EVENT__NOTIFY                             0x00000020UL
   10.73 -#define EVENT__CREATE                             0x00000040UL
   10.74 -#define EVENT__ALLOC                              0x00000080UL
   10.75 -#define EVENT__VECTOR                             0x00000100UL
   10.76 -#define EVENT__RESET                              0x00000200UL
   10.77 +#define EVENT__SEND                               0x00000002UL
   10.78 +#define EVENT__STATUS                             0x00000004UL
   10.79 +#define EVENT__NOTIFY                             0x00000008UL
   10.80 +#define EVENT__CREATE                             0x00000010UL
   10.81 +#define EVENT__VECTOR                             0x00000020UL
   10.82 +#define EVENT__RESET                              0x00000040UL
   10.83  
   10.84  #define GRANT__MAP_READ                           0x00000001UL
   10.85  #define GRANT__MAP_WRITE                          0x00000002UL
   10.86 @@ -94,6 +104,9 @@
   10.87  #define RESOURCE__REMOVE_IOPORT                   0x00000040UL
   10.88  #define RESOURCE__ADD_IOMEM                       0x00000080UL
   10.89  #define RESOURCE__REMOVE_IOMEM                    0x00000100UL
   10.90 +#define RESOURCE__STAT_DEVICE                     0x00000200UL
   10.91 +#define RESOURCE__ADD_DEVICE                      0x00000400UL
   10.92 +#define RESOURCE__REMOVE_DEVICE                   0x00000800UL
   10.93  
   10.94  #define SECURITY__COMPUTE_AV                      0x00000001UL
   10.95  #define SECURITY__COMPUTE_CREATE                  0x00000002UL
    11.1 --- a/xen/xsm/flask/include/flask.h	Thu Sep 04 11:23:08 2008 +0100
    11.2 +++ b/xen/xsm/flask/include/flask.h	Thu Sep 04 11:25:09 2008 +0100
    11.3 @@ -1,6 +1,6 @@
    11.4  /* This file is automatically generated.  Do not edit. */
    11.5 -#ifndef _FLASK_FLASK_H_
    11.6 -#define _FLASK_FLASK_H_
    11.7 +#ifndef _SELINUX_FLASK_H_
    11.8 +#define _SELINUX_FLASK_H_
    11.9  
   11.10  /*
   11.11   * Security object class definitions
   11.12 @@ -27,10 +27,9 @@
   11.13  #define SECINITSID_SECURITY                             7
   11.14  #define SECINITSID_IOPORT                               8
   11.15  #define SECINITSID_IOMEM                                9
   11.16 -#define SECINITSID_VCPU                                 10
   11.17 -#define SECINITSID_VIRQ                                 11
   11.18 -#define SECINITSID_PIRQ                                 12
   11.19 +#define SECINITSID_PIRQ                                 10
   11.20 +#define SECINITSID_DEVICE                               11
   11.21  
   11.22 -#define SECINITSID_NUM                                  12
   11.23 +#define SECINITSID_NUM                                  11
   11.24  
   11.25  #endif
    12.1 --- a/xen/xsm/flask/include/initial_sid_to_string.h	Thu Sep 04 11:23:08 2008 +0100
    12.2 +++ b/xen/xsm/flask/include/initial_sid_to_string.h	Thu Sep 04 11:25:09 2008 +0100
    12.3 @@ -11,8 +11,7 @@ static char *initial_sid_to_string[] =
    12.4      "security",
    12.5      "ioport",
    12.6      "iomem",
    12.7 -    "vcpu",
    12.8 -    "virq",
    12.9      "pirq",
   12.10 +    "device",
   12.11  };
   12.12  
    13.1 --- a/xen/xsm/flask/include/security.h	Thu Sep 04 11:23:08 2008 +0100
    13.2 +++ b/xen/xsm/flask/include/security.h	Thu Sep 04 11:25:09 2008 +0100
    13.3 @@ -69,14 +69,12 @@ int security_get_user_sids(u32 callsid, 
    13.4  
    13.5  int security_pirq_sid(int pirq, u32 *out_sid);
    13.6  
    13.7 -int security_virq_sid(int virq, u32 *out_sid);
    13.8 -
    13.9 -int security_vcpu_sid(int vcpu, u32 *out_sid);
   13.10 -
   13.11  int security_iomem_sid(unsigned long, u32 *out_sid);
   13.12  
   13.13  int security_ioport_sid(u32 ioport, u32 *out_sid);
   13.14  
   13.15 +int security_device_sid(u32 device, u32 *out_sid);
   13.16 +
   13.17  int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
   13.18                                                                      u16 tclass);
   13.19  
    14.1 --- a/xen/xsm/flask/ss/policydb.h	Thu Sep 04 11:23:08 2008 +0100
    14.2 +++ b/xen/xsm/flask/ss/policydb.h	Thu Sep 04 11:25:09 2008 +0100
    14.3 @@ -133,10 +133,9 @@ struct ocontext {
    14.4      union {
    14.5          char *name;    /* name of initial SID, fs, netif, fstype, path */
    14.6          int pirq;
    14.7 -        int virq;
    14.8 -        int vcpu;
    14.9          u32 ioport;
   14.10          unsigned long iomem;
   14.11 +        u32 device;
   14.12      } u;
   14.13      struct context context[2];    /* security context(s) */
   14.14      u32 sid[2];    /* SID(s) */
   14.15 @@ -157,11 +156,11 @@ struct ocontext {
   14.16  /* object context array indices */
   14.17  #define OCON_ISID    0    /* initial SIDs */
   14.18  #define OCON_PIRQ    1    /* physical irqs */
   14.19 -#define OCON_VIRQ    2    /* virtual irqs */
   14.20 -#define OCON_VCPU    3    /* virtual cpus */
   14.21 -#define OCON_IOPORT  4    /* io ports */
   14.22 -#define OCON_IOMEM   5    /* io memory */
   14.23 -#define OCON_DUMMY   6
   14.24 +#define OCON_IOPORT  2    /* io ports */
   14.25 +#define OCON_IOMEM   3    /* io memory */
   14.26 +#define OCON_DEVICE  4    /* pci devices */
   14.27 +#define OCON_DUMMY1  5    /* reserved */
   14.28 +#define OCON_DUMMY2  6    /* reserved */
   14.29  #define OCON_NUM     7
   14.30  
   14.31  /* The policy database */
    15.1 --- a/xen/xsm/flask/ss/services.c	Thu Sep 04 11:23:08 2008 +0100
    15.2 +++ b/xen/xsm/flask/ss/services.c	Thu Sep 04 11:25:09 2008 +0100
    15.3 @@ -1418,6 +1418,46 @@ out:
    15.4      return rc;
    15.5  }
    15.6  
    15.7 +/**
    15.8 + * security_ioport_sid - Obtain the SID for an ioport.
    15.9 + * @ioport: ioport
   15.10 + * @out_sid: security identifier
   15.11 + */
   15.12 +int security_device_sid(u32 device, u32 *out_sid)
   15.13 +{
   15.14 +    struct ocontext *c;
   15.15 +    int rc = 0;
   15.16 +
   15.17 +    POLICY_RDLOCK;
   15.18 +
   15.19 +    c = policydb.ocontexts[OCON_DEVICE];
   15.20 +    while ( c )
   15.21 +    {
   15.22 +        if ( c->u.device == device )
   15.23 +            break;
   15.24 +        c = c->next;
   15.25 +    }
   15.26 +
   15.27 +    if ( c )
   15.28 +    {
   15.29 +        if ( !c->sid[0] )
   15.30 +        {
   15.31 +            rc = sidtab_context_to_sid(&sidtab, &c->context[0], &c->sid[0]);
   15.32 +            if ( rc )
   15.33 +                goto out;
   15.34 +        }
   15.35 +        *out_sid = c->sid[0];
   15.36 +    }
   15.37 +    else
   15.38 +    {
   15.39 +        *out_sid = SECINITSID_DEVICE;
   15.40 +    }
   15.41 +
   15.42 +out:
   15.43 +    POLICY_RDUNLOCK;
   15.44 +    return rc;
   15.45 +}
   15.46 +
   15.47  #define SIDS_NEL 25
   15.48  
   15.49  /**