ia64/xen-unstable

changeset 6286:509316987d65

Merge.

Signed-off-by: Steven Smith, sos22@cam.ac.uk
author sos22@douglas.cl.cam.ac.uk
date Fri Aug 19 10:50:15 2005 +0000 (2005-08-19)
parents 3d45fb64b064 7b6f55756f9c
children 66348ff38ec1
files Config.mk docs/src/user.tex linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32 linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_64 linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_64 linux-2.6-xen-sparse/arch/xen/i386/kernel/Makefile linux-2.6-xen-sparse/arch/xen/i386/kernel/i386_ksyms.c linux-2.6-xen-sparse/arch/xen/i386/kernel/pci-dma.c linux-2.6-xen-sparse/arch/xen/i386/kernel/process.c linux-2.6-xen-sparse/arch/xen/i386/kernel/smp.c linux-2.6-xen-sparse/arch/xen/i386/kernel/smpboot.c linux-2.6-xen-sparse/arch/xen/i386/kernel/swiotlb.c linux-2.6-xen-sparse/arch/xen/i386/kernel/time.c linux-2.6-xen-sparse/arch/xen/i386/mm/fault.c linux-2.6-xen-sparse/arch/xen/i386/mm/hypervisor.c linux-2.6-xen-sparse/arch/xen/i386/mm/init.c linux-2.6-xen-sparse/arch/xen/i386/mm/ioremap.c linux-2.6-xen-sparse/arch/xen/kernel/evtchn.c linux-2.6-xen-sparse/arch/xen/kernel/reboot.c linux-2.6-xen-sparse/arch/xen/kernel/skbuff.c linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup.c linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup64.c linux-2.6-xen-sparse/arch/xen/x86_64/mm/fault.c linux-2.6-xen-sparse/arch/xen/x86_64/mm/init.c linux-2.6-xen-sparse/drivers/xen/balloon/balloon.c linux-2.6-xen-sparse/drivers/xen/blkback/blkback.c linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c linux-2.6-xen-sparse/include/asm-xen/asm-i386/dma-mapping.h linux-2.6-xen-sparse/include/asm-xen/asm-i386/hypercall.h linux-2.6-xen-sparse/include/asm-xen/hypervisor.h linux-2.6-xen-sparse/include/asm-xen/xenbus.h patches/linux-2.6.12/workaround_double_br_del_if.patch tools/examples/network-bridge tools/python/xen/xend/server/event.py tools/python/xen/xend/server/relocate.py tools/python/xen/xm/create.py tools/python/xen/xm/main.py tools/security/Makefile tools/security/example.txt tools/security/install.txt tools/security/policies/chwall/chwall-security_label_template.xml tools/security/policies/chwall/chwall-security_policy.xml tools/security/policies/chwall_ste/chwall_ste-security_label_template.xml tools/security/policies/chwall_ste/chwall_ste-security_policy.xml tools/security/policies/null/null-security_label_template.xml tools/security/policies/null/null-security_policy.xml tools/security/policies/security_policy.xsd tools/security/policies/ste/ste-security_label_template.xml tools/security/policies/ste/ste-security_policy.xml tools/security/policy.txt tools/security/readme.txt tools/security/secpol_compat.h tools/security/secpol_tool.c tools/security/secpol_xml2bin.c tools/security/secpol_xml2bin.h tools/security/setlabel.sh tools/security/updategrub.sh xen/Rules.mk xen/arch/x86/domain.c xen/arch/x86/domain_build.c xen/arch/x86/mm.c xen/arch/x86/setup.c xen/arch/x86/time.c xen/arch/x86/traps.c xen/arch/x86/x86_32/traps.c xen/arch/x86/x86_64/traps.c xen/common/domain.c xen/common/event_channel.c xen/common/lib.c xen/common/schedule.c xen/drivers/char/console.c xen/include/asm-x86/e820.h xen/include/asm-x86/uaccess.h xen/include/public/xen.h
line diff
     1.1 --- a/Config.mk	Fri Aug 19 10:18:53 2005 +0000
     1.2 +++ b/Config.mk	Fri Aug 19 10:50:15 2005 +0000
     1.3 @@ -35,3 +35,11 @@ CFLAGS += $(foreach i, $(EXTRA_INCLUDES)
     1.4  
     1.5  # Choose the best mirror to download linux kernel
     1.6  KERNEL_REPO = http://www.kernel.org
     1.7 +
     1.8 +# ACM_USE_SECURITY_POLICY is set to security policy of Xen
     1.9 +# Supported models are:
    1.10 +#	ACM_NULL_POLICY (ACM will not be built with this policy)
    1.11 +#	ACM_CHINESE_WALL_POLICY
    1.12 +#	ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
    1.13 +#	ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
    1.14 +ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
     2.1 --- a/docs/misc/shype4xen_readme.txt	Fri Aug 19 10:18:53 2005 +0000
     2.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.3 @@ -1,588 +0,0 @@
     2.4 -Copyright: IBM Corporation (C)
     2.5 -20 June 2005
     2.6 -Author: Reiner Sailer
     2.7 -
     2.8 -This document is a very short introduction into the sHype access control 
     2.9 -security architecture implementation and how it is perceived by users. It 
    2.10 -is a very preliminary draft  for the courageous ones to get "their feet wet" 
    2.11 -and to be able to give feedback (via the xen-devel/xense-devel mailing lists).
    2.12 -
    2.13 -Install:
    2.14 -
    2.15 -cd into xeno-unstable.bk 
    2.16 -(use --dry-run option if you want to test the patch only)
    2.17 -patch -p1 -g0 < *tools.diff
    2.18 -patch -p1 -g0 < *xen.diff
    2.19 -
    2.20 -(no rejects, probably some line offsets)
    2.21 -
    2.22 -make uninstall; make mrproper; make; ./install.sh should install the default 
    2.23 -sHype into Xen (rebuild your initrd images if necessary). Reboot.
    2.24 -
    2.25 -Debug output: there are two triggers for debug output:
    2.26 -a) General sHype debug:
    2.27 -    xeno-unstable.bk/xen/include/public/acm.h
    2.28 -    undefine ACM_DEBUG to switch this debug off
    2.29 -
    2.30 -b) sHype enforcement hook trace: This prints a small trace for each enforcement 
    2.31 -hook that is executed. The trigger is in
    2.32 -    xeno-unstable.bk/xen/include/acm/acm_hooks.h
    2.33 -    undefine ACM_TRACE_MODE to switch this debug off
    2.34 -
    2.35 -1. The default NULL policy
    2.36 -***************************
    2.37 -When you apply the patches and startup xen, you should at first not notice any 
    2.38 -difference because the default policy is the "NULL" policy, which as the name 
    2.39 -implies does not enforce anything.
    2.40 -
    2.41 -To display the currently enforced policy, use the policy tool under xeno-
    2.42 -unstable.bk/tools/policy: policy_tool getpolicy. You should see output like the 
    2.43 -one below.
    2.44 -
    2.45 -[root@laptop policy]#./policy_tool getpolicy
    2.46 -
    2.47 -Policy dump:
    2.48 -============
    2.49 -Magic     = 1debc.
    2.50 -PolVer    = aaaa0000.
    2.51 -Len       = 14.
    2.52 -Primary   = NULL policy (c=0, off=14).
    2.53 -Secondary = NULL policy (c=0, off=14).
    2.54 -No primary policy (NULL).
    2.55 -No secondary policy (NULL).
    2.56 -
    2.57 -Policy dump End.
    2.58 -
    2.59 -Since this is a dump of a binary policy, it's not pretty. The important parts 
    2.60 -are the "Primary" and "Secondary" policy fields set to "NULL policy". sHype 
    2.61 -currently allows to set two independent policies; thus the two SSID-REF parts 
    2.62 -shown in 'xm list'. Right here: primary policy only means this policy is 
    2.63 -checked first, the secondary policy is checked if the primary results in 
    2.64 -"permitted access". The result of the combined policy is "permitted" if both 
    2.65 -policies return permitted (NULL policy always returns permitted). The result is 
    2.66 -"denied" if at least one of the policies returns "denied". Look into xeno-
    2.67 -unstable.bk/xen/include/acm/acm_hooks.h for the general hook structure 
    2.68 -integrating the policy decisions (if you like, you won't need it for the rest 
    2.69 -of the Readme file).
    2.70 -
    2.71 -2. Setting Chinese Wall and Simple Type Enforcement policies:
    2.72 -*************************************************************
    2.73 -
    2.74 -We'll get fast to the point. However, in order to understand what we are doing, 
    2.75 -we must at least understand the purpose of the policies that we are going to 
    2.76 -enforce. The two policies presented here are just examples and the 
    2.77 -implementation encourages adding new policies easily.
    2.78 -
    2.79 -2.1. Chinese Wall policy: "decides whether a domain can be started based on 
    2.80 -this domain's ssidref and the ssidrefs of the currently running domains". 
    2.81 -Generally, the Chinese wall policy allows specifying certain types (or classes 
    2.82 -or categories, whatever the preferred word) that conflict; we usually assign a 
    2.83 -type to a workload and the set of types of those workloads running in a domain 
    2.84 -make up the type set for this domain.  Each domain is assigned a set of types 
    2.85 -through its SSID-REF (we register Chinese Wall as primary policy, so the 
    2.86 -ssidref used for determining the Chinese Wall types is the one annotated with 
    2.87 -"p:" in xm list) since each SSID-REF points at a set of types. We'll see how 
    2.88 -SSIDREFs are represented in Xen later when we will look at the policy. (A good 
    2.89 -read for Chinese Wall is: Brewer/Nash The Chinese Wall Security Policy 1989.)
    2.90 -
    2.91 -So let's assume the Chinese Wall policy we are running distinguishes 10 types: 
    2.92 -t0 ... t9. Let us assume further that each SSID-REF points to a set that 
    2.93 -includes exactly one type (attached to domains that run workloads of a single 
    2.94 -type). SSID-REF 0 points to {t0}, ssidref 1 points to {t1} ... 9 points to 
    2.95 -{t9}. [This is actually the example policy we are going to push into xen later]
    2.96 -
    2.97 -Now the Chinese Wall policy allows you to define "Conflict type sets" and it 
    2.98 -guarantees that of any conflict set at most one type is "running" at any time. 
    2.99 -As an example, we have defined 2 conflict set: {t2, t3} and {t0, t5, t6}. 
   2.100 -Specifying these conflict sets, sHype ensures that at most one type of each set 
   2.101 -is running (either t2 or t3 but not both; either t0 or t5 or t6 but not 
   2.102 -multiple of them).
   2.103 -
   2.104 -The effect is that administrators can define which workload types cannot run 
   2.105 -simultaneously on a single Xen system. This is useful to limit the covert 
   2.106 -timing channels between such payloads or to ensure that payloads don't 
   2.107 -interfere with each other through existing resource dependencies.
   2.108 -
   2.109 -2.2. Simple Type Enforcement (ste) policy: "decides whether two domains can 
   2.110 -share data, e.g., setup event channels or grant tables to each other, based on 
   2.111 -the two domains' ssidref. This, as the name says, is a simple policy. Think of 
   2.112 -each type as of a single color. Each domain has one or more colors, i.e., the 
   2.113 -domains ssid for the ste policy points to a set that has set one or multiple 
   2.114 -types. Let us assume in our example policy we differentiate 5 colors (types) 
   2.115 -and define 5 different ssids referenced by ssidref=0..4. Each ssid shall have 
   2.116 -exactly one type set, i.e., describes a uni-color. Only ssid(0) has all types 
   2.117 -set, i.e., has all defined colors.
   2.118 -
   2.119 -Sharing is enforced by the ste policy by requiring that two domains that want 
   2.120 -to establish an event channel or grant pages to each other must have a common 
   2.121 -color. Currently all domains communicate through DOM0 by default; i.e., Domain0 
   2.122 -will necessarily have all colors to be able to create domains (thus, we will 
   2.123 -assign ssidref(0) to Domain0 in our example below.
   2.124 -
   2.125 -More complex mandatory access control policies governing sharing will follow; 
   2.126 -such policies are more sophisticated than the "color" scheme above by allowing 
   2.127 -more flexible (and complex :_) access control decisions than "share a color" or 
   2.128 -"don't share a color" and will be able to express finer-grained policies.
   2.129 -
   2.130 -
   2.131 -2.3 Binary Policy:
   2.132 -In the future, we will have a policy tool that takes as input a more humane 
   2.133 -policy description, using types such as development, home-banking, donated-
   2.134 -Grid, CorpA-Payload ... and translates the respective policy into what we see 
   2.135 -today as the binary policy using 1s and 0s and sets of them. For now, we must 
   2.136 -live with the binary policy when working with sHype.
   2.137 -
   2.138 -    
   2.139 -2.4 Exemplary use of a real sHype policy on Xen. To activate a real policy, 
   2.140 -edit the file (yes, this will soon be a compile option):
   2.141 -  xeno-unstable.bk/xen/include/public/acm.h
   2.142 -  Change: #define ACM_USE_SECURITY_POLICY ACM_NULL_POLICY
   2.143 -   To : #define ACM_USE_SECURITY_POLICY ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
   2.144 -   cd xeno-unstable.bk
   2.145 -   make mrproper
   2.146 -   make uninstall (manually remove /etc/xen.old if necessary)
   2.147 -   make
   2.148 -   ./install.sh      (recreate your kernel initrd's if necessary)
   2.149 -   Reboot into new xen.gz
   2.150 -     
   2.151 -After booting, check out 'xm dmesg'; should show somewhere in the middle:
   2.152 -
   2.153 -(XEN) acm_init: Enforcing Primary CHINESE WALL policy, Secondary SIMPLE TYPE 
   2.154 -ENFORCEMENT policy.
   2.155 -
   2.156 -Even though you can activate those policies in any combination and also 
   2.157 -independently, the policy tool currently only supports setting the policy for 
   2.158 -the above combination.
   2.159 -
   2.160 -Now look at the minimal startup policy with:
   2.161 -                xeno-unstable.bk/tools/policytool getpolicy
   2.162 -
   2.163 -You should see something like:
   2.164 -
   2.165 -[root@laptop policy]# ./policy_tool getpolicy
   2.166 -
   2.167 -Policy dump:
   2.168 -============
   2.169 -Magic     = 1debc.
   2.170 -PolVer    = aaaa0000.
   2.171 -Len       = 36.
   2.172 -Primary   = CHINESE WALL policy (c=1, off=14).
   2.173 -Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=2c).
   2.174 -
   2.175 -
   2.176 -Chinese Wall policy:
   2.177 -====================
   2.178 -Max Types     = 1.
   2.179 -Max Ssidrefs  = 1.
   2.180 -Max ConfSets  = 1.
   2.181 -Ssidrefs Off  = 10.
   2.182 -Conflicts Off = 12.
   2.183 -Runing T. Off = 14.
   2.184 -C. Agg. Off   = 16.
   2.185 -
   2.186 -SSID To CHWALL-Type matrix:
   2.187 -
   2.188 -   ssidref 0:  00 
   2.189 -
   2.190 -Confict Sets:
   2.191 -
   2.192 -   c-set 0:    00 
   2.193 -
   2.194 -Running
   2.195 -Types:         00 
   2.196 -
   2.197 -Conflict
   2.198 -Aggregate Set: 00 
   2.199 -
   2.200 -
   2.201 -Simple Type Enforcement policy:
   2.202 -===============================
   2.203 -Max Types     = 1.
   2.204 -Max Ssidrefs  = 1.
   2.205 -Ssidrefs Off  = 8.
   2.206 -
   2.207 -SSID To STE-Type matrix:
   2.208 -
   2.209 -   ssidref 0: 01 
   2.210 -
   2.211 -
   2.212 -Policy dump End.
   2.213 -
   2.214 -This is a minimal policy (of little use), except it will disable starting any 
   2.215 -domain that does not have ssidref set to 0x0. The Chinese Wall policy has 
   2.216 -nothing to enforce and the ste policy only knows one type, which is set for the 
   2.217 -only defined ssidref.
   2.218 -
   2.219 -The item that defines the ssidref in a domain configuration is:
   2.220 -
   2.221 -ssidref = 0x12345678
   2.222 -
   2.223 -Where ssidref is interpreted as a 32bit number, where the lower 16bits become 
   2.224 -the ssidref for the primary policy and the higher 16bits become the ssidref for 
   2.225 -the secondary policy. sHype currently supports two policies but this is an 
   2.226 -implementation decision and can be extended if necessary.
   2.227 -
   2.228 -This reference defines the security information of a domain. The meaning of the 
   2.229 -SSID-REF depends on the policy, so we explain it when we explain the real 
   2.230 -policies.
   2.231 -
   2.232 -
   2.233 -Setting a new Security Policy:
   2.234 -******************************
   2.235 -The policy tool with all its current limitations has one usable example policy 
   2.236 -compiled-in. Please try at this time to use the setpolicy command:
   2.237 -       xeno-unstable.bk/tools/policy/policy_tool setpolicy
   2.238 -
   2.239 -You should see a dump of the policy you are setting. It should say at the very 
   2.240 -end: 
   2.241 -
   2.242 -Policy successfully set.
   2.243 -
   2.244 -Now try to dump the currently enforced policy, which is the policy we have just 
   2.245 -set and the dynamic security state information of this policy 
   2.246 -(<<< ... some additional explanations)
   2.247 -
   2.248 -[root@laptop policy]# ./policy_tool getpolicy
   2.249 -
   2.250 -Policy dump:
   2.251 -============
   2.252 -Magic     = 1debc.
   2.253 -PolVer    = aaaa0000.
   2.254 -Len       = 112.
   2.255 -Primary   = CHINESE WALL policy (c=1, off=14).
   2.256 -Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
   2.257 -
   2.258 -
   2.259 -Chinese Wall policy:
   2.260 -====================
   2.261 -Max Types     = a.
   2.262 -Max Ssidrefs  = 5.
   2.263 -Max ConfSets  = 2.
   2.264 -Ssidrefs Off  = 10.
   2.265 -Conflicts Off = 74.
   2.266 -Runing T. Off = 9c.
   2.267 -C. Agg. Off   = b0.
   2.268 -
   2.269 -SSID To CHWALL-Type matrix:
   2.270 -
   2.271 -   ssidref 0:  01 00 00 00 00 00 00 00 00 00  <<< type0 is set for ssidref0
   2.272 -   ssidref 1:  00 01 00 00 00 00 00 00 00 00 
   2.273 -   ssidref 2:  00 00 01 00 00 00 00 00 00 00 
   2.274 -   ssidref 3:  00 00 00 01 00 00 00 00 00 00 
   2.275 -   ssidref 4:  00 00 00 00 01 00 00 00 00 00  <<< type4 is set for ssidref4
   2.276 -                                              <<< types 5-9 are unused
   2.277 -Confict Sets:
   2.278 -
   2.279 -   c-set 0:    00 00 01 01 00 00 00 00 00 00  <<< type2 and type3 never run together
   2.280 -   c-set 1:    01 00 00 00 00 01 01 00 00 00  <<< only one of types 0, 5 or 6 
   2.281 -                                              <<<   can run simultaneously
   2.282 -Running
   2.283 -Types:         01 00 00 00 00 00 00 00 00 00  <<< ref-count for types of running domains
   2.284 -
   2.285 -Conflict
   2.286 -Aggregate Set: 00 00 00 00 00 01 01 00 00 00  <<< aggregated set of types that                  
   2.287 -                                              <<< cannot run because they 
   2.288 -                                              <<< are in conflict set 1 and
   2.289 -                                              <<< (domain 0 is running w t0)
   2.290 -                                             
   2.291 -
   2.292 -Simple Type Enforcement policy:
   2.293 -===============================
   2.294 -Max Types     = 5.
   2.295 -Max Ssidrefs  = 5.
   2.296 -Ssidrefs Off  = 8.
   2.297 -
   2.298 -SSID To STE-Type matrix:
   2.299 -
   2.300 -   ssidref 0: 01 01 01 01 01                  <<< ssidref0 points to a set that                  
   2.301 -                                              <<< has all types set (colors)
   2.302 -   ssidref 1: 00 01 00 00 00                  <<< ssidref1 has color1 set
   2.303 -   ssidref 2: 00 00 01 00 00                  <<< ...
   2.304 -   ssidref 3: 00 00 00 01 00 
   2.305 -   ssidref 4: 00 00 00 00 01 
   2.306 -
   2.307 -
   2.308 -Policy dump End.
   2.309 -
   2.310 -
   2.311 -This is a small example policy with which we will demonstrate the enforcement.
   2.312 -
   2.313 -Starting Domains with policy enforcement
   2.314 -========================================
   2.315 -Now let us play with this policy. 
   2.316 -
   2.317 -Define 3 or 4 domain configurations. I use the following config using a ramdisk 
   2.318 -only and about 8MBytes of memory for each DomU (test purposes):
   2.319 -
   2.320 -#-------configuration xmsec1-------------------------
   2.321 -kernel = "/boot/vmlinuz-2.6.11-xenU"
   2.322 -ramdisk="/boot/U1_ramdisk.img"
   2.323 -#security reference identifier
   2.324 -ssidref= 0x00010001
   2.325 -memory = 10
   2.326 -name = "xmsec1"
   2.327 -cpu = -1   # leave to Xen to pick
   2.328 -# Number of network interfaces. Default is 1.
   2.329 -nics=1
   2.330 -dhcp="dhcp"
   2.331 -#-----------------------------------------------------
   2.332 -
   2.333 -xmsec2 and xmsec3 look the same except for the name and the ssidref line. Use 
   2.334 -your domain config file and add "ssidref = 0x00010001" to the first (xmsec1),  
   2.335 -"ssidref= 0x00020002" to the second (call it xmsec2), and "ssidref=0x00030003"  
   2.336 -to the third (we will call this one xmsec3).
   2.337 -
   2.338 -First start xmsec1: xm create -c xmsec1 (succeeds)
   2.339 -
   2.340 -Then
   2.341 -[root@laptop policy]# xm list 
   2.342 -Name              Id  Mem(MB)  CPU  State  Time(s)  Console  
   2.343 -Domain-0           0      620   0  r----     42.3            s:00/p:00
   2.344 -xmnosec            1        9   0  -b---      0.3    9601    s:00/p:05
   2.345 -xmsec1             2        9   0  -b---      0.2    9602    s:01/p:01
   2.346 -
   2.347 -Shows a new domain xmsec1 running with primary (here: chinese wall) ssidref 1 
   2.348 -and secondary (here: simple type enforcement) ssidref 1. The ssidrefs are  
   2.349 -independent and can differ for a domain.
   2.350 -
   2.351 -[root@laptop policy]# ./policy_tool getpolicy
   2.352 -
   2.353 -Policy dump:
   2.354 -============
   2.355 -Magic     = 1debc.
   2.356 -PolVer    = aaaa0000.
   2.357 -Len       = 112.
   2.358 -Primary   = CHINESE WALL policy (c=1, off=14).
   2.359 -Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
   2.360 -
   2.361 -
   2.362 -Chinese Wall policy:
   2.363 -====================
   2.364 -Max Types     = a.
   2.365 -Max Ssidrefs  = 5.
   2.366 -Max ConfSets  = 2.
   2.367 -Ssidrefs Off  = 10.
   2.368 -Conflicts Off = 74.
   2.369 -Runing T. Off = 9c.
   2.370 -C. Agg. Off   = b0.
   2.371 -
   2.372 -SSID To CHWALL-Type matrix:
   2.373 -
   2.374 -   ssidref 0:  01 00 00 00 00 00 00 00 00 00
   2.375 -   ssidref 1:  00 01 00 00 00 00 00 00 00 00
   2.376 -   ssidref 2:  00 00 01 00 00 00 00 00 00 00
   2.377 -   ssidref 3:  00 00 00 01 00 00 00 00 00 00
   2.378 -   ssidref 4:  00 00 00 00 01 00 00 00 00 00
   2.379 -
   2.380 -Confict Sets:
   2.381 -
   2.382 -   c-set 0:    00 00 01 01 00 00 00 00 00 00
   2.383 -   c-set 1:    01 00 00 00 00 01 01 00 00 00   <<< t1 is not part of any c-set
   2.384 -
   2.385 -Running
   2.386 -Types:         01 01 00 00 00 00 00 00 00 00   <<< xmsec1 has ssidref 1->type1
   2.387 -                  ^^                           <<< ref-count at position 1 incr
   2.388 -Conflict
   2.389 -Aggregate Set: 00 00 00 00 00 01 01 00 00 00   <<< domain 1 was allowed to       
   2.390 -                                               <<< start since type 1 was not
   2.391 -                                               <<< in conflict with running 
   2.392 -                                               <<< types
   2.393 -                                            
   2.394 -Simple Type Enforcement policy:
   2.395 -===============================
   2.396 -Max Types     = 5.
   2.397 -Max Ssidrefs  = 5.
   2.398 -Ssidrefs Off  = 8.
   2.399 -
   2.400 -SSID To STE-Type matrix:
   2.401 -
   2.402 -   ssidref 0: 01 01 01 01 01           <<< the ste policy does not maintain; we
   2.403 -   ssidref 1: 00 01 00 00 00   <--     <<< see that domain xmsec1 has ste 
   2.404 -   ssidref 2: 00 00 01 00 00           <<< ssidref1->type1 and has this type in
   2.405 -   ssidref 3: 00 00 00 01 00           <<< common with dom0
   2.406 -   ssidref 4: 00 00 00 00 01
   2.407 -
   2.408 -
   2.409 -Policy dump End.
   2.410 -
   2.411 -Look at sHype output in xen dmesg:
   2.412 -
   2.413 -[root@laptop xen]# xm dmesg
   2.414 -.
   2.415 -.
   2.416 -[somewhere near the very end]
   2.417 -(XEN) chwall_init_domain_ssid: determined chwall_ssidref to 1.
   2.418 -(XEN) ste_init_domain_ssid.
   2.419 -(XEN) ste_init_domain_ssid: determined ste_ssidref to 1.
   2.420 -(XEN) acm_init_domain_ssid: Instantiated individual ssid for domain 0x01.
   2.421 -(XEN) chwall_post_domain_create.
   2.422 -(XEN) ste_pre_eventchannel_interdomain.
   2.423 -(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
   2.424 -(XEN) shype_authorize_domops.
   2.425 -(XEN) ste_pre_eventchannel_interdomain.
   2.426 -(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
   2.427 -(XEN) ste_pre_eventchannel_interdomain.
   2.428 -(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
   2.429 -
   2.430 -
   2.431 -You can see that the chinese wall policy does not complain and that the ste 
   2.432 -policy makes three access control decisions for three event-channels setup 
   2.433 -between domain 0 and the new domain 1. Each time, the two domains share the 
   2.434 -type1 and setting up the eventchannel is permitted.
   2.435 -
   2.436 -
   2.437 -Starting up a second domain xmsec2:
   2.438 -
   2.439 -[root@laptop xen]# xm create -c xmsec2
   2.440 -Using config file "xmsec2".
   2.441 -Started domain xmsec2, console on port 9602
   2.442 -************ REMOTE CONSOLE: CTRL-] TO QUIT ********
   2.443 -Linux version 2.6.11-xenU (root@laptop.home.org) (gcc version 3.4.2 20041017 
   2.444 -(Red Hat 3.4.2-6.fc3)) #1 Wed Mar 30 13:14:31 EST 2005
   2.445 -.
   2.446 -.
   2.447 -.
   2.448 -[root@laptop policy]# xm list
   2.449 -Name              Id  Mem(MB)  CPU  State  Time(s)  Console  
   2.450 -Domain-0           0      620   0  r----     71.7            s:00/p:00
   2.451 -xmsec1             1        9   0  -b---      0.3    9601    s:01/p:01
   2.452 -xmsec2             2        7   0  -b---      0.3    9602    s:02/p:02   << our domain runs both policies with ssidref 2
   2.453 -
   2.454 -
   2.455 -[root@laptop policy]# ./policy_tool getpolicy
   2.456 -
   2.457 -Policy dump:
   2.458 -============
   2.459 -Magic     = 1debc.
   2.460 -PolVer    = aaaa0000.
   2.461 -Len       = 112.
   2.462 -Primary   = CHINESE WALL policy (c=1, off=14).
   2.463 -Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
   2.464 -
   2.465 -
   2.466 -Chinese Wall policy:
   2.467 -====================
   2.468 -Max Types     = a.
   2.469 -Max Ssidrefs  = 5.
   2.470 -Max ConfSets  = 2.
   2.471 -Ssidrefs Off  = 10.
   2.472 -Conflicts Off = 74.
   2.473 -Runing T. Off = 9c.
   2.474 -C. Agg. Off   = b0.
   2.475 -
   2.476 -SSID To CHWALL-Type matrix:
   2.477 -
   2.478 -   ssidref 0:  01 00 00 00 00 00 00 00 00 00
   2.479 -   ssidref 1:  00 01 00 00 00 00 00 00 00 00
   2.480 -   ssidref 2:  00 00 01 00 00 00 00 00 00 00   <<< our domain has type 2 set
   2.481 -   ssidref 3:  00 00 00 01 00 00 00 00 00 00
   2.482 -   ssidref 4:  00 00 00 00 01 00 00 00 00 00
   2.483 -
   2.484 -Confict Sets:
   2.485 -
   2.486 -   c-set 0:    00 00 01 01 00 00 00 00 00 00   <<< t2 is in c-set0 with type 3
   2.487 -   c-set 1:    01 00 00 00 00 01 01 00 00 00
   2.488 -
   2.489 -Running
   2.490 -Types:         01 01 01 00 00 00 00 00 00 00   <<< t2 is running since the 
   2.491 -                     ^^                        <<< current aggregate conflict
   2.492 -                                               <<< set (see above) does not 
   2.493 -                                               <<< include type 2
   2.494 -Conflict
   2.495 -Aggregate Set: 00 00 00 01 00 01 01 00 00 00   <<< type 3 is added to the 
   2.496 -                                               <<< conflict aggregate
   2.497 -
   2.498 -
   2.499 -Simple Type Enforcement policy:
   2.500 -===============================
   2.501 -Max Types     = 5.
   2.502 -Max Ssidrefs  = 5.
   2.503 -Ssidrefs Off  = 8.
   2.504 -
   2.505 -SSID To STE-Type matrix:
   2.506 -
   2.507 -   ssidref 0: 01 01 01 01 01
   2.508 -   ssidref 1: 00 01 00 00 00
   2.509 -   ssidref 2: 00 00 01 00 00
   2.510 -   ssidref 3: 00 00 00 01 00
   2.511 -   ssidref 4: 00 00 00 00 01
   2.512 -
   2.513 -
   2.514 -Policy dump End.
   2.515 -
   2.516 -
   2.517 -The sHype xen dmesg output looks similar to the one above when starting the 
   2.518 -first domain.
   2.519 -
   2.520 -Now we start xmsec3 and it has ssidref3. Thus, it tries to run as type3 which 
   2.521 -conflicts with running type2 (from xmsec2). As expected, creating this domain 
   2.522 -fails for security policy enforcement reasons.
   2.523 -
   2.524 -[root@laptop xen]# xm create -c xmsec3
   2.525 -Using config file "xmsec3".
   2.526 -Error: Error creating domain: (22, 'Invalid argument')
   2.527 -[root@laptop xen]#
   2.528 -
   2.529 -[root@laptop xen]# xm dmesg
   2.530 -.
   2.531 -.
   2.532 -[somewhere near the very end]
   2.533 -(XEN) chwall_pre_domain_create.
   2.534 -(XEN) chwall_pre_domain_create: CHINESE WALL CONFLICT in type 03.
   2.535 -
   2.536 -xmsec3 ssidref3 points to type3, which is in the current conflict aggregate 
   2.537 -set. This domain cannot start until domain xmsec2 is destroyed, at which time 
   2.538 -the aggregate conflict set is reduced and type3 is excluded from it. Then, 
   2.539 -xmsec3 can start. Of course, afterwards, xmsec2 cannot be restarted. Try it.
   2.540 -
   2.541 -3. Policy tool
   2.542 -**************
   2.543 -toos/policy/policy_tool.c
   2.544 -
   2.545 -a) ./policy_tool getpolicy
   2.546 -      prints the currently enforced policy
   2.547 -      (see for example section 1.)
   2.548 -
   2.549 -b) ./policy_tool setpolicy
   2.550 -      sets a predefined and hardcoded security
   2.551 -      policy (the one described in section 2.)
   2.552 -
   2.553 -c) ./policy_tool dumpstats
   2.554 -      prints some status information about the caching
   2.555 -      of access control decisions (number of cache hits
   2.556 -      and number of policy evaluations for grant_table
   2.557 -      and event channels).
   2.558 -
   2.559 -d) ./policy_tool loadpolicy <binary_policy_file>
   2.560 -      sets the policy defined in the <binary_policy_file>
   2.561 -      please use the policy_processor that is posted to this
   2.562 -      mailing list to create such a binary policy from an XML
   2.563 -      policy description
   2.564 -
   2.565 -4. Policy interface:
   2.566 -********************
   2.567 -The Policy interface is working in "network-byte-order" (big endian). The reason for this
   2.568 -is that policy files/management should be portable and independent of the platforms.
   2.569 -
   2.570 -Our policy interface enables managers to create a single binary policy file in a trusted
   2.571 -environment and distributed it to multiple systems for enforcement.
   2.572 -
   2.573 -5. Booting with a binary policy:
   2.574 -********************************
   2.575 -The grub configuration file can be adapted to boot the hypervisor with an
   2.576 -already active policy. To do this, a binary policy file - this can be
   2.577 -the same file as used by the policy_tool - should be placed into the boot
   2.578 -partition. The following entry from the grub configuration file shows how
   2.579 -a binary policy can be added to the system during boot time. Note that the 
   2.580 -binary policy must be of the same type that the hypervisor was compiled 
   2.581 -for. The policy module line should also only be added as the last module
   2.582 -line if XEN was compiled with the access control module (ACM).
   2.583 -
   2.584 -title XEN0 3.0 Devel
   2.585 -	kernel /xen.gz dom0_mem=400000
   2.586 -	module /vmlinuz-2.6.12-xen0 root=/dev/hda2 ro console=tty0
   2.587 -	module /initrd-2.6.12-xen0.img
   2.588 -	module /xen_sample_policy.bin
   2.589 -
   2.590 -
   2.591 -====================end-of file=======================================
     3.1 --- a/docs/src/user.tex	Fri Aug 19 10:18:53 2005 +0000
     3.2 +++ b/docs/src/user.tex	Fri Aug 19 10:50:15 2005 +0000
     3.3 @@ -1763,7 +1763,7 @@ editing \path{grub.conf}.
     3.4   physical address in the memory map will be ignored. This parameter
     3.5   may be specified with a B, K, M or G suffix, representing bytes,
     3.6   kilobytes, megabytes and gigabytes respectively. The
     3.7 - default unit, if no suffix is specified, is bytes.
     3.8 + default unit, if no suffix is specified, is kilobytes.
     3.9  
    3.10  \item [dom0\_mem=xxx ] 
    3.11   Set the amount of memory to be allocated to domain0. In Xen 3.x the parameter
     4.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32	Fri Aug 19 10:18:53 2005 +0000
     4.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32	Fri Aug 19 10:50:15 2005 +0000
     4.3 @@ -541,7 +541,7 @@ CONFIG_IP_NF_MATCH_IPRANGE=m
     4.4  # CONFIG_IP_NF_MATCH_STATE is not set
     4.5  # CONFIG_IP_NF_MATCH_CONNTRACK is not set
     4.6  # CONFIG_IP_NF_MATCH_OWNER is not set
     4.7 -# CONFIG_IP_NF_MATCH_PHYSDEV is not set
     4.8 +CONFIG_IP_NF_MATCH_PHYSDEV=y
     4.9  # CONFIG_IP_NF_MATCH_ADDRTYPE is not set
    4.10  # CONFIG_IP_NF_MATCH_REALM is not set
    4.11  # CONFIG_IP_NF_MATCH_SCTP is not set
    4.12 @@ -689,7 +689,7 @@ CONFIG_E1000=y
    4.13  # CONFIG_HAMACHI is not set
    4.14  # CONFIG_YELLOWFIN is not set
    4.15  # CONFIG_R8169 is not set
    4.16 -# CONFIG_SK98LIN is not set
    4.17 +CONFIG_SK98LIN=y
    4.18  # CONFIG_VIA_VELOCITY is not set
    4.19  CONFIG_TIGON3=y
    4.20  # CONFIG_BNX2 is not set
     5.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_64	Fri Aug 19 10:18:53 2005 +0000
     5.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_64	Fri Aug 19 10:50:15 2005 +0000
     5.3 @@ -480,7 +480,7 @@ CONFIG_IP_NF_MATCH_IPRANGE=m
     5.4  # CONFIG_IP_NF_MATCH_STATE is not set
     5.5  # CONFIG_IP_NF_MATCH_CONNTRACK is not set
     5.6  # CONFIG_IP_NF_MATCH_OWNER is not set
     5.7 -# CONFIG_IP_NF_MATCH_PHYSDEV is not set
     5.8 +CONFIG_IP_NF_MATCH_PHYSDEV=y
     5.9  # CONFIG_IP_NF_MATCH_ADDRTYPE is not set
    5.10  # CONFIG_IP_NF_MATCH_REALM is not set
    5.11  # CONFIG_IP_NF_MATCH_SCTP is not set
    5.12 @@ -611,7 +611,7 @@ CONFIG_E1000=y
    5.13  # CONFIG_HAMACHI is not set
    5.14  # CONFIG_YELLOWFIN is not set
    5.15  # CONFIG_R8169 is not set
    5.16 -# CONFIG_SK98LIN is not set
    5.17 +CONFIG_SK98LIN=y
    5.18  # CONFIG_VIA_VELOCITY is not set
    5.19  CONFIG_TIGON3=y
    5.20  # CONFIG_BNX2 is not set
     6.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_64	Fri Aug 19 10:18:53 2005 +0000
     6.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_64	Fri Aug 19 10:50:15 2005 +0000
     6.3 @@ -1,7 +1,7 @@
     6.4  #
     6.5  # Automatically generated make config: don't edit
     6.6 -# Linux kernel version: 2.6.12.4-xenU
     6.7 -# Mon Aug 15 19:25:22 2005
     6.8 +# Linux kernel version: 2.6.12-xenU
     6.9 +# Thu Aug 18 11:15:14 2005
    6.10  #
    6.11  CONFIG_XEN=y
    6.12  CONFIG_ARCH_XEN=y
    6.13 @@ -270,7 +270,10 @@ CONFIG_IP_ROUTE_FWMARK=y
    6.14  CONFIG_IP_ROUTE_MULTIPATH=y
    6.15  # CONFIG_IP_ROUTE_MULTIPATH_CACHED is not set
    6.16  CONFIG_IP_ROUTE_VERBOSE=y
    6.17 -# CONFIG_IP_PNP is not set
    6.18 +CONFIG_IP_PNP=y
    6.19 +CONFIG_IP_PNP_DHCP=y
    6.20 +CONFIG_IP_PNP_BOOTP=y
    6.21 +CONFIG_IP_PNP_RARP=y
    6.22  CONFIG_NET_IPIP=m
    6.23  CONFIG_NET_IPGRE=m
    6.24  CONFIG_NET_IPGRE_BROADCAST=y
     7.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/Makefile	Fri Aug 19 10:18:53 2005 +0000
     7.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/Makefile	Fri Aug 19 10:50:15 2005 +0000
     7.3 @@ -44,7 +44,7 @@ c-obj-$(CONFIG_HPET_TIMER) 	+= time_hpet
     7.4  c-obj-$(CONFIG_EFI) 		+= efi.o efi_stub.o
     7.5  c-obj-$(CONFIG_EARLY_PRINTK)	+= early_printk.o
     7.6  c-obj-$(CONFIG_SMP_ALTERNATIVES)+= smpalts.o
     7.7 -c-obj-$(CONFIG_SWIOTLB)		+= swiotlb.o
     7.8 +obj-$(CONFIG_SWIOTLB)		+= swiotlb.o
     7.9  
    7.10  EXTRA_AFLAGS   := -traditional
    7.11  
     8.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/pci-dma.c	Fri Aug 19 10:18:53 2005 +0000
     8.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/pci-dma.c	Fri Aug 19 10:50:15 2005 +0000
     8.3 @@ -24,13 +24,14 @@ struct dma_coherent_mem {
     8.4  	unsigned long	*bitmap;
     8.5  };
     8.6  
     8.7 -static void iommu_bug(void)
     8.8 -{
     8.9 -	printk(KERN_ALERT "Fatal DMA error! Please use 'swiotlb=force'\n");
    8.10 -	BUG();
    8.11 -}
    8.12 -
    8.13 -#define IOMMU_BUG_ON(test) do { if (unlikely(test)) iommu_bug(); } while(0)
    8.14 +#define IOMMU_BUG_ON(test)				\
    8.15 +do {							\
    8.16 +	if (unlikely(test)) {				\
    8.17 +		printk(KERN_ALERT "Fatal DMA error! "	\
    8.18 +		       "Please use 'swiotlb=force'\n");	\
    8.19 +		BUG();					\
    8.20 +	}						\
    8.21 +} while (0)
    8.22  
    8.23  int
    8.24  dma_map_sg(struct device *hwdev, struct scatterlist *sg, int nents,
     9.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/smp.c	Fri Aug 19 10:18:53 2005 +0000
     9.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/smp.c	Fri Aug 19 10:50:15 2005 +0000
     9.3 @@ -129,8 +129,6 @@ static inline int __prepare_ICR2 (unsign
     9.4  
     9.5  DECLARE_PER_CPU(int, ipi_to_evtchn[NR_IPIS]);
     9.6  
     9.7 -extern unsigned uber_debug;
     9.8 -
     9.9  static inline void __send_IPI_one(unsigned int cpu, int vector)
    9.10  {
    9.11  	unsigned int evtchn;
    9.12 @@ -144,9 +142,6 @@ static inline void __send_IPI_one(unsign
    9.13  		       synch_test_bit(evtchn, &s->evtchn_mask[0]))
    9.14  			;
    9.15  #endif
    9.16 -		if (uber_debug)
    9.17 -			printk("<0>Send ipi %d to %d evtchn %d.\n",
    9.18 -			       vector, cpu, evtchn);
    9.19  		notify_via_evtchn(evtchn);
    9.20  	} else
    9.21  		printk("send_IPI to unbound port %d/%d",
    9.22 @@ -605,7 +600,6 @@ irqreturn_t smp_call_function_interrupt(
    9.23  	void (*func) (void *info) = call_data->func;
    9.24  	void *info = call_data->info;
    9.25  	int wait = call_data->wait;
    9.26 -	extern unsigned uber_debug;
    9.27  
    9.28  	/*
    9.29  	 * Notify initiating CPU that I've grabbed the data and am
    9.30 @@ -617,9 +611,6 @@ irqreturn_t smp_call_function_interrupt(
    9.31  	 * At this point the info structure may be out of scope unless wait==1
    9.32  	 */
    9.33  	irq_enter();
    9.34 -	if (uber_debug && smp_processor_id())
    9.35 -		printk("<0>Processor %d calling %p.\n", smp_processor_id(),
    9.36 -		       func);
    9.37  	(*func)(info);
    9.38  	irq_exit();
    9.39  
    10.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/swiotlb.c	Fri Aug 19 10:18:53 2005 +0000
    10.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/swiotlb.c	Fri Aug 19 10:50:15 2005 +0000
    10.3 @@ -49,13 +49,14 @@ int swiotlb_force;
    10.4   * swiotlb_sync_single_*, to see if the memory was in fact allocated by this
    10.5   * API.
    10.6   */
    10.7 -static char *io_tlb_start, *io_tlb_end;
    10.8 +static char *iotlb_virt_start, *iotlb_virt_end;
    10.9 +static dma_addr_t iotlb_bus_start, iotlb_bus_end;
   10.10  
   10.11  /*
   10.12 - * The number of IO TLB blocks (in groups of 64) betweeen io_tlb_start and
   10.13 - * io_tlb_end.  This is command line adjustable via setup_io_tlb_npages.
   10.14 + * The number of IO TLB blocks (in groups of 64) betweeen iotlb_virt_start and
   10.15 + * iotlb_virt_end.  This is command line adjustable via setup_io_tlb_npages.
   10.16   */
   10.17 -static unsigned long io_tlb_nslabs;
   10.18 +static unsigned long iotlb_nslabs;
   10.19  
   10.20  /*
   10.21   * When the IOMMU overflows we return a fallback buffer. This sets the size.
   10.22 @@ -88,11 +89,11 @@ static DEFINE_SPINLOCK(io_tlb_lock);
   10.23  static int __init
   10.24  setup_io_tlb_npages(char *str)
   10.25  {
   10.26 +	/* Unlike ia64, the size is aperture in megabytes, not 'slabs'! */
   10.27  	if (isdigit(*str)) {
   10.28 -		io_tlb_nslabs = simple_strtoul(str, &str, 0) <<
   10.29 -			(PAGE_SHIFT - IO_TLB_SHIFT);
   10.30 -		/* avoid tail segment of size < IO_TLB_SEGSIZE */
   10.31 -		io_tlb_nslabs = ALIGN(io_tlb_nslabs, IO_TLB_SEGSIZE);
   10.32 +		iotlb_nslabs = simple_strtoul(str, &str, 0) <<
   10.33 +			(20 - IO_TLB_SHIFT);
   10.34 +		iotlb_nslabs = ALIGN(iotlb_nslabs, IO_TLB_SEGSIZE);
   10.35  	}
   10.36  	if (*str == ',')
   10.37  		++str;
   10.38 @@ -114,45 +115,56 @@ setup_io_tlb_npages(char *str)
   10.39  void
   10.40  swiotlb_init_with_default_size (size_t default_size)
   10.41  {
   10.42 -	unsigned long i;
   10.43 +	unsigned long i, bytes;
   10.44  
   10.45 -	if (!io_tlb_nslabs) {
   10.46 -		io_tlb_nslabs = (default_size >> PAGE_SHIFT);
   10.47 -		io_tlb_nslabs = ALIGN(io_tlb_nslabs, IO_TLB_SEGSIZE);
   10.48 +	if (!iotlb_nslabs) {
   10.49 +		iotlb_nslabs = (default_size >> IO_TLB_SHIFT);
   10.50 +		iotlb_nslabs = ALIGN(iotlb_nslabs, IO_TLB_SEGSIZE);
   10.51  	}
   10.52  
   10.53 +	bytes = iotlb_nslabs * (1UL << IO_TLB_SHIFT);
   10.54 +
   10.55  	/*
   10.56  	 * Get IO TLB memory from the low pages
   10.57  	 */
   10.58 -	io_tlb_start = alloc_bootmem_low_pages(io_tlb_nslabs *
   10.59 -					       (1 << IO_TLB_SHIFT));
   10.60 -	if (!io_tlb_start)
   10.61 -		panic("Cannot allocate SWIOTLB buffer");
   10.62 +	iotlb_virt_start = alloc_bootmem_low_pages(bytes);
   10.63 +	if (!iotlb_virt_start)
   10.64 +		panic("Cannot allocate SWIOTLB buffer!\n"
   10.65 +		      "Use dom0_mem Xen boot parameter to reserve\n"
   10.66 +		      "some DMA memory (e.g., dom0_mem=-128M).\n");
   10.67  
   10.68 -	xen_create_contiguous_region(
   10.69 -		(unsigned long)io_tlb_start, 
   10.70 -		get_order(io_tlb_nslabs * (1 << IO_TLB_SHIFT)));
   10.71 +	for (i = 0; i < iotlb_nslabs; i += IO_TLB_SEGSIZE)
   10.72 +		xen_create_contiguous_region(
   10.73 +			(unsigned long)iotlb_virt_start + (i << IO_TLB_SHIFT),
   10.74 +			get_order(IO_TLB_SEGSIZE << IO_TLB_SHIFT));
   10.75  
   10.76 -	io_tlb_end = io_tlb_start + io_tlb_nslabs * (1 << IO_TLB_SHIFT);
   10.77 +	iotlb_virt_end = iotlb_virt_start + bytes;
   10.78  
   10.79  	/*
   10.80  	 * Allocate and initialize the free list array.  This array is used
   10.81  	 * to find contiguous free memory regions of size up to IO_TLB_SEGSIZE
   10.82 -	 * between io_tlb_start and io_tlb_end.
   10.83 +	 * between iotlb_virt_start and iotlb_virt_end.
   10.84  	 */
   10.85 -	io_tlb_list = alloc_bootmem(io_tlb_nslabs * sizeof(int));
   10.86 -	for (i = 0; i < io_tlb_nslabs; i++)
   10.87 +	io_tlb_list = alloc_bootmem(iotlb_nslabs * sizeof(int));
   10.88 +	for (i = 0; i < iotlb_nslabs; i++)
   10.89   		io_tlb_list[i] = IO_TLB_SEGSIZE - OFFSET(i, IO_TLB_SEGSIZE);
   10.90  	io_tlb_index = 0;
   10.91  	io_tlb_orig_addr = alloc_bootmem(
   10.92 -		io_tlb_nslabs * sizeof(*io_tlb_orig_addr));
   10.93 +		iotlb_nslabs * sizeof(*io_tlb_orig_addr));
   10.94  
   10.95  	/*
   10.96  	 * Get the overflow emergency buffer
   10.97  	 */
   10.98  	io_tlb_overflow_buffer = alloc_bootmem_low(io_tlb_overflow);
   10.99 -	printk(KERN_INFO "Placing software IO TLB between 0x%lx - 0x%lx\n",
  10.100 -	       virt_to_bus(io_tlb_start), virt_to_bus(io_tlb_end-1));
  10.101 +	iotlb_bus_start = virt_to_bus(iotlb_virt_start);
  10.102 +	iotlb_bus_end   = iotlb_bus_start + bytes;
  10.103 +	printk(KERN_INFO "Software IO TLB enabled: \n"
  10.104 +	       " Aperture:     %lu megabytes\n"
  10.105 +	       " Bus range:    0x%016lx - 0x%016lx\n"
  10.106 +	       " Kernel range: 0x%016lx - 0x%016lx\n",
  10.107 +	       bytes >> 20,
  10.108 +	       (unsigned long)iotlb_bus_start, (unsigned long)iotlb_bus_end,
  10.109 +	       (unsigned long)iotlb_virt_start, (unsigned long)iotlb_virt_end);
  10.110  }
  10.111  
  10.112  void
  10.113 @@ -240,7 +252,7 @@ map_single(struct device *hwdev, struct 
  10.114  	{
  10.115  		wrap = index = ALIGN(io_tlb_index, stride);
  10.116  
  10.117 -		if (index >= io_tlb_nslabs)
  10.118 +		if (index >= iotlb_nslabs)
  10.119  			wrap = index = 0;
  10.120  
  10.121  		do {
  10.122 @@ -260,7 +272,7 @@ map_single(struct device *hwdev, struct 
  10.123  				      IO_TLB_SEGSIZE -1) && io_tlb_list[i];
  10.124  				     i--)
  10.125  					io_tlb_list[i] = ++count;
  10.126 -				dma_addr = io_tlb_start +
  10.127 +				dma_addr = iotlb_virt_start +
  10.128  					(index << IO_TLB_SHIFT);
  10.129  
  10.130  				/*
  10.131 @@ -268,13 +280,13 @@ map_single(struct device *hwdev, struct 
  10.132  				 * the next round.
  10.133  				 */
  10.134  				io_tlb_index = 
  10.135 -					((index + nslots) < io_tlb_nslabs
  10.136 +					((index + nslots) < iotlb_nslabs
  10.137  					 ? (index + nslots) : 0);
  10.138  
  10.139  				goto found;
  10.140  			}
  10.141  			index += stride;
  10.142 -			if (index >= io_tlb_nslabs)
  10.143 +			if (index >= iotlb_nslabs)
  10.144  				index = 0;
  10.145  		} while (index != wrap);
  10.146  
  10.147 @@ -304,7 +316,7 @@ unmap_single(struct device *hwdev, char 
  10.148  {
  10.149  	unsigned long flags;
  10.150  	int i, count, nslots = ALIGN(size, 1 << IO_TLB_SHIFT) >> IO_TLB_SHIFT;
  10.151 -	int index = (dma_addr - io_tlb_start) >> IO_TLB_SHIFT;
  10.152 +	int index = (dma_addr - iotlb_virt_start) >> IO_TLB_SHIFT;
  10.153  	struct phys_addr buffer = io_tlb_orig_addr[index];
  10.154  
  10.155  	/*
  10.156 @@ -345,7 +357,7 @@ unmap_single(struct device *hwdev, char 
  10.157  static void
  10.158  sync_single(struct device *hwdev, char *dma_addr, size_t size, int dir)
  10.159  {
  10.160 -	int index = (dma_addr - io_tlb_start) >> IO_TLB_SHIFT;
  10.161 +	int index = (dma_addr - iotlb_virt_start) >> IO_TLB_SHIFT;
  10.162  	struct phys_addr buffer = io_tlb_orig_addr[index];
  10.163  	BUG_ON((dir != DMA_FROM_DEVICE) && (dir != DMA_TO_DEVICE));
  10.164  	__sync_single(buffer, dma_addr, size, dir);
  10.165 @@ -431,11 +443,9 @@ void
  10.166  swiotlb_unmap_single(struct device *hwdev, dma_addr_t dev_addr, size_t size,
  10.167  		     int dir)
  10.168  {
  10.169 -	char *dma_addr = bus_to_virt(dev_addr);
  10.170 -
  10.171  	BUG_ON(dir == DMA_NONE);
  10.172 -	if (dma_addr >= io_tlb_start && dma_addr < io_tlb_end)
  10.173 -		unmap_single(hwdev, dma_addr, size, dir);
  10.174 +	if ((dev_addr >= iotlb_bus_start) && (dev_addr < iotlb_bus_end))
  10.175 +		unmap_single(hwdev, bus_to_virt(dev_addr), size, dir);
  10.176  }
  10.177  
  10.178  /*
  10.179 @@ -452,22 +462,18 @@ void
  10.180  swiotlb_sync_single_for_cpu(struct device *hwdev, dma_addr_t dev_addr,
  10.181  			    size_t size, int dir)
  10.182  {
  10.183 -	char *dma_addr = bus_to_virt(dev_addr);
  10.184 -
  10.185  	BUG_ON(dir == DMA_NONE);
  10.186 -	if (dma_addr >= io_tlb_start && dma_addr < io_tlb_end)
  10.187 -		sync_single(hwdev, dma_addr, size, dir);
  10.188 +	if ((dev_addr >= iotlb_bus_start) && (dev_addr < iotlb_bus_end))
  10.189 +		sync_single(hwdev, bus_to_virt(dev_addr), size, dir);
  10.190  }
  10.191  
  10.192  void
  10.193  swiotlb_sync_single_for_device(struct device *hwdev, dma_addr_t dev_addr,
  10.194  			       size_t size, int dir)
  10.195  {
  10.196 -	char *dma_addr = bus_to_virt(dev_addr);
  10.197 -
  10.198  	BUG_ON(dir == DMA_NONE);
  10.199 -	if (dma_addr >= io_tlb_start && dma_addr < io_tlb_end)
  10.200 -		sync_single(hwdev, dma_addr, size, dir);
  10.201 +	if ((dev_addr >= iotlb_bus_start) && (dev_addr < iotlb_bus_end))
  10.202 +		sync_single(hwdev, bus_to_virt(dev_addr), size, dir);
  10.203  }
  10.204  
  10.205  /*
  10.206 @@ -603,11 +609,9 @@ void
  10.207  swiotlb_unmap_page(struct device *hwdev, dma_addr_t dma_address,
  10.208  		   size_t size, enum dma_data_direction direction)
  10.209  {
  10.210 -	char *dma_addr = bus_to_virt(dma_address);
  10.211 -
  10.212  	BUG_ON(direction == DMA_NONE);
  10.213 -	if (dma_addr >= io_tlb_start && dma_addr < io_tlb_end)
  10.214 -		unmap_single(hwdev, dma_addr, size, direction);
  10.215 +	if ((dma_address >= iotlb_bus_start) && (dma_address < iotlb_bus_end))
  10.216 +		unmap_single(hwdev, bus_to_virt(dma_address), size, direction);
  10.217  }
  10.218  
  10.219  int
    11.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/mm/hypervisor.c	Fri Aug 19 10:18:53 2005 +0000
    11.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/mm/hypervisor.c	Fri Aug 19 10:50:15 2005 +0000
    11.3 @@ -59,124 +59,124 @@
    11.4  #ifndef CONFIG_XEN_SHADOW_MODE
    11.5  void xen_l1_entry_update(pte_t *ptr, pte_t val)
    11.6  {
    11.7 -    mmu_update_t u;
    11.8 -    u.ptr = virt_to_machine(ptr);
    11.9 -    u.val = pte_val_ma(val);
   11.10 -    BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   11.11 +	mmu_update_t u;
   11.12 +	u.ptr = virt_to_machine(ptr);
   11.13 +	u.val = pte_val_ma(val);
   11.14 +	BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   11.15  }
   11.16  
   11.17  void xen_l2_entry_update(pmd_t *ptr, pmd_t val)
   11.18  {
   11.19 -    mmu_update_t u;
   11.20 -    u.ptr = virt_to_machine(ptr);
   11.21 -    u.val = pmd_val_ma(val);
   11.22 -    BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   11.23 +	mmu_update_t u;
   11.24 +	u.ptr = virt_to_machine(ptr);
   11.25 +	u.val = pmd_val_ma(val);
   11.26 +	BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   11.27  }
   11.28  
   11.29  #ifdef CONFIG_X86_PAE
   11.30  void xen_l3_entry_update(pud_t *ptr, pud_t val)
   11.31  {
   11.32 -    mmu_update_t u;
   11.33 -    u.ptr = virt_to_machine(ptr);
   11.34 -    u.val = pud_val_ma(val);
   11.35 -    BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   11.36 +	mmu_update_t u;
   11.37 +	u.ptr = virt_to_machine(ptr);
   11.38 +	u.val = pud_val_ma(val);
   11.39 +	BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   11.40  }
   11.41  #endif
   11.42  
   11.43  #ifdef CONFIG_X86_64
   11.44  void xen_l3_entry_update(pud_t *ptr, pud_t val)
   11.45  {
   11.46 -    mmu_update_t u;
   11.47 -    u.ptr = virt_to_machine(ptr);
   11.48 -    u.val = val.pud;
   11.49 -    BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   11.50 +	mmu_update_t u;
   11.51 +	u.ptr = virt_to_machine(ptr);
   11.52 +	u.val = val.pud;
   11.53 +	BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   11.54  }
   11.55  
   11.56  void xen_l4_entry_update(pgd_t *ptr, pgd_t val)
   11.57  {
   11.58 -    mmu_update_t u;
   11.59 -    u.ptr = virt_to_machine(ptr);
   11.60 -    u.val = val.pgd;
   11.61 -    BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   11.62 +	mmu_update_t u;
   11.63 +	u.ptr = virt_to_machine(ptr);
   11.64 +	u.val = val.pgd;
   11.65 +	BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   11.66  }
   11.67  #endif /* CONFIG_X86_64 */
   11.68  #endif /* CONFIG_XEN_SHADOW_MODE */
   11.69  
   11.70  void xen_machphys_update(unsigned long mfn, unsigned long pfn)
   11.71  {
   11.72 -    mmu_update_t u;
   11.73 -    u.ptr = (mfn << PAGE_SHIFT) | MMU_MACHPHYS_UPDATE;
   11.74 -    u.val = pfn;
   11.75 -    BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   11.76 +	mmu_update_t u;
   11.77 +	u.ptr = (mfn << PAGE_SHIFT) | MMU_MACHPHYS_UPDATE;
   11.78 +	u.val = pfn;
   11.79 +	BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   11.80  }
   11.81  
   11.82  void xen_pt_switch(unsigned long ptr)
   11.83  {
   11.84 -    struct mmuext_op op;
   11.85 -    op.cmd = MMUEXT_NEW_BASEPTR;
   11.86 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
   11.87 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
   11.88 +	struct mmuext_op op;
   11.89 +	op.cmd = MMUEXT_NEW_BASEPTR;
   11.90 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
   11.91 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
   11.92  }
   11.93  
   11.94  void xen_new_user_pt(unsigned long ptr)
   11.95  {
   11.96 -    struct mmuext_op op;
   11.97 -    op.cmd = MMUEXT_NEW_USER_BASEPTR;
   11.98 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
   11.99 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.100 +	struct mmuext_op op;
  11.101 +	op.cmd = MMUEXT_NEW_USER_BASEPTR;
  11.102 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  11.103 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.104  }
  11.105  
  11.106  void xen_tlb_flush(void)
  11.107  {
  11.108 -    struct mmuext_op op;
  11.109 -    op.cmd = MMUEXT_TLB_FLUSH_LOCAL;
  11.110 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.111 +	struct mmuext_op op;
  11.112 +	op.cmd = MMUEXT_TLB_FLUSH_LOCAL;
  11.113 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.114  }
  11.115  
  11.116  void xen_invlpg(unsigned long ptr)
  11.117  {
  11.118 -    struct mmuext_op op;
  11.119 -    op.cmd = MMUEXT_INVLPG_LOCAL;
  11.120 -    op.linear_addr = ptr & PAGE_MASK;
  11.121 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.122 +	struct mmuext_op op;
  11.123 +	op.cmd = MMUEXT_INVLPG_LOCAL;
  11.124 +	op.linear_addr = ptr & PAGE_MASK;
  11.125 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.126  }
  11.127  
  11.128  #ifdef CONFIG_SMP
  11.129  
  11.130  void xen_tlb_flush_all(void)
  11.131  {
  11.132 -    struct mmuext_op op;
  11.133 -    op.cmd = MMUEXT_TLB_FLUSH_ALL;
  11.134 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.135 +	struct mmuext_op op;
  11.136 +	op.cmd = MMUEXT_TLB_FLUSH_ALL;
  11.137 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.138  }
  11.139  
  11.140  void xen_tlb_flush_mask(cpumask_t *mask)
  11.141  {
  11.142 -    struct mmuext_op op;
  11.143 -    if ( cpus_empty(*mask) )
  11.144 -        return;
  11.145 -    op.cmd = MMUEXT_TLB_FLUSH_MULTI;
  11.146 -    op.vcpumask = mask->bits;
  11.147 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.148 +	struct mmuext_op op;
  11.149 +	if ( cpus_empty(*mask) )
  11.150 +		return;
  11.151 +	op.cmd = MMUEXT_TLB_FLUSH_MULTI;
  11.152 +	op.vcpumask = mask->bits;
  11.153 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.154  }
  11.155  
  11.156  void xen_invlpg_all(unsigned long ptr)
  11.157  {
  11.158 -    struct mmuext_op op;
  11.159 -    op.cmd = MMUEXT_INVLPG_ALL;
  11.160 -    op.linear_addr = ptr & PAGE_MASK;
  11.161 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.162 +	struct mmuext_op op;
  11.163 +	op.cmd = MMUEXT_INVLPG_ALL;
  11.164 +	op.linear_addr = ptr & PAGE_MASK;
  11.165 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.166  }
  11.167  
  11.168  void xen_invlpg_mask(cpumask_t *mask, unsigned long ptr)
  11.169  {
  11.170 -    struct mmuext_op op;
  11.171 -    if ( cpus_empty(*mask) )
  11.172 -        return;
  11.173 -    op.cmd = MMUEXT_INVLPG_MULTI;
  11.174 -    op.vcpumask = mask->bits;
  11.175 -    op.linear_addr = ptr & PAGE_MASK;
  11.176 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.177 +	struct mmuext_op op;
  11.178 +	if ( cpus_empty(*mask) )
  11.179 +		return;
  11.180 +	op.cmd = MMUEXT_INVLPG_MULTI;
  11.181 +	op.vcpumask = mask->bits;
  11.182 +	op.linear_addr = ptr & PAGE_MASK;
  11.183 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.184  }
  11.185  
  11.186  #endif /* CONFIG_SMP */
  11.187 @@ -184,221 +184,281 @@ void xen_invlpg_mask(cpumask_t *mask, un
  11.188  #ifndef CONFIG_XEN_SHADOW_MODE
  11.189  void xen_pgd_pin(unsigned long ptr)
  11.190  {
  11.191 -    struct mmuext_op op;
  11.192 +	struct mmuext_op op;
  11.193  #ifdef CONFIG_X86_64
  11.194 -    op.cmd = MMUEXT_PIN_L4_TABLE;
  11.195 +	op.cmd = MMUEXT_PIN_L4_TABLE;
  11.196  #elif defined(CONFIG_X86_PAE)
  11.197 -    op.cmd = MMUEXT_PIN_L3_TABLE;
  11.198 +	op.cmd = MMUEXT_PIN_L3_TABLE;
  11.199  #else
  11.200 -    op.cmd = MMUEXT_PIN_L2_TABLE;
  11.201 +	op.cmd = MMUEXT_PIN_L2_TABLE;
  11.202  #endif
  11.203 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  11.204 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.205 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  11.206 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.207  }
  11.208  
  11.209  void xen_pgd_unpin(unsigned long ptr)
  11.210  {
  11.211 -    struct mmuext_op op;
  11.212 -    op.cmd = MMUEXT_UNPIN_TABLE;
  11.213 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  11.214 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.215 +	struct mmuext_op op;
  11.216 +	op.cmd = MMUEXT_UNPIN_TABLE;
  11.217 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  11.218 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.219  }
  11.220  
  11.221  void xen_pte_pin(unsigned long ptr)
  11.222  {
  11.223 -    struct mmuext_op op;
  11.224 -    op.cmd = MMUEXT_PIN_L1_TABLE;
  11.225 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  11.226 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.227 +	struct mmuext_op op;
  11.228 +	op.cmd = MMUEXT_PIN_L1_TABLE;
  11.229 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  11.230 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.231  }
  11.232  
  11.233  void xen_pte_unpin(unsigned long ptr)
  11.234  {
  11.235 -    struct mmuext_op op;
  11.236 -    op.cmd = MMUEXT_UNPIN_TABLE;
  11.237 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  11.238 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.239 +	struct mmuext_op op;
  11.240 +	op.cmd = MMUEXT_UNPIN_TABLE;
  11.241 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  11.242 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.243  }
  11.244  
  11.245  #ifdef CONFIG_X86_64
  11.246  void xen_pud_pin(unsigned long ptr)
  11.247  {
  11.248 -    struct mmuext_op op;
  11.249 -    op.cmd = MMUEXT_PIN_L3_TABLE;
  11.250 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  11.251 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.252 +	struct mmuext_op op;
  11.253 +	op.cmd = MMUEXT_PIN_L3_TABLE;
  11.254 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  11.255 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.256  }
  11.257  
  11.258  void xen_pud_unpin(unsigned long ptr)
  11.259  {
  11.260 -    struct mmuext_op op;
  11.261 -    op.cmd = MMUEXT_UNPIN_TABLE;
  11.262 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  11.263 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.264 +	struct mmuext_op op;
  11.265 +	op.cmd = MMUEXT_UNPIN_TABLE;
  11.266 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  11.267 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.268  }
  11.269  
  11.270  void xen_pmd_pin(unsigned long ptr)
  11.271  {
  11.272 -    struct mmuext_op op;
  11.273 -    op.cmd = MMUEXT_PIN_L2_TABLE;
  11.274 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  11.275 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.276 +	struct mmuext_op op;
  11.277 +	op.cmd = MMUEXT_PIN_L2_TABLE;
  11.278 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  11.279 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.280  }
  11.281  
  11.282  void xen_pmd_unpin(unsigned long ptr)
  11.283  {
  11.284 -    struct mmuext_op op;
  11.285 -    op.cmd = MMUEXT_UNPIN_TABLE;
  11.286 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  11.287 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.288 +	struct mmuext_op op;
  11.289 +	op.cmd = MMUEXT_UNPIN_TABLE;
  11.290 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  11.291 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.292  }
  11.293  #endif /* CONFIG_X86_64 */
  11.294  #endif /* CONFIG_XEN_SHADOW_MODE */
  11.295  
  11.296  void xen_set_ldt(unsigned long ptr, unsigned long len)
  11.297  {
  11.298 -    struct mmuext_op op;
  11.299 -    op.cmd = MMUEXT_SET_LDT;
  11.300 -    op.linear_addr = ptr;
  11.301 -    op.nr_ents = len;
  11.302 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.303 +	struct mmuext_op op;
  11.304 +	op.cmd = MMUEXT_SET_LDT;
  11.305 +	op.linear_addr = ptr;
  11.306 +	op.nr_ents = len;
  11.307 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  11.308 +}
  11.309 +
  11.310 +/*
  11.311 + * Bitmap is indexed by page number. If bit is set, the page is part of a
  11.312 + * xen_create_contiguous_region() area of memory.
  11.313 + */
  11.314 +unsigned long *contiguous_bitmap;
  11.315 +
  11.316 +static void contiguous_bitmap_set(
  11.317 +	unsigned long first_page, unsigned long nr_pages)
  11.318 +{
  11.319 +	unsigned long start_off, end_off, curr_idx, end_idx;
  11.320 +
  11.321 +	curr_idx  = first_page / BITS_PER_LONG;
  11.322 +	start_off = first_page & (BITS_PER_LONG-1);
  11.323 +	end_idx   = (first_page + nr_pages) / BITS_PER_LONG;
  11.324 +	end_off   = (first_page + nr_pages) & (BITS_PER_LONG-1);
  11.325 +
  11.326 +	if (curr_idx == end_idx) {
  11.327 +		contiguous_bitmap[curr_idx] |=
  11.328 +			((1UL<<end_off)-1) & -(1UL<<start_off);
  11.329 +	} else {
  11.330 +		contiguous_bitmap[curr_idx] |= -(1UL<<start_off);
  11.331 +		while ( ++curr_idx < end_idx )
  11.332 +			contiguous_bitmap[curr_idx] = ~0UL;
  11.333 +		contiguous_bitmap[curr_idx] |= (1UL<<end_off)-1;
  11.334 +	}
  11.335 +}
  11.336 +
  11.337 +static void contiguous_bitmap_clear(
  11.338 +	unsigned long first_page, unsigned long nr_pages)
  11.339 +{
  11.340 +	unsigned long start_off, end_off, curr_idx, end_idx;
  11.341 +
  11.342 +	curr_idx  = first_page / BITS_PER_LONG;
  11.343 +	start_off = first_page & (BITS_PER_LONG-1);
  11.344 +	end_idx   = (first_page + nr_pages) / BITS_PER_LONG;
  11.345 +	end_off   = (first_page + nr_pages) & (BITS_PER_LONG-1);
  11.346 +
  11.347 +	if (curr_idx == end_idx) {
  11.348 +		contiguous_bitmap[curr_idx] &=
  11.349 +			-(1UL<<end_off) | ((1UL<<start_off)-1);
  11.350 +	} else {
  11.351 +		contiguous_bitmap[curr_idx] &= (1UL<<start_off)-1;
  11.352 +		while ( ++curr_idx != end_idx )
  11.353 +			contiguous_bitmap[curr_idx] = 0;
  11.354 +		contiguous_bitmap[curr_idx] &= -(1UL<<end_off);
  11.355 +	}
  11.356  }
  11.357  
  11.358  /* Ensure multi-page extents are contiguous in machine memory. */
  11.359  void xen_create_contiguous_region(unsigned long vstart, unsigned int order)
  11.360  {
  11.361 -    pgd_t         *pgd; 
  11.362 -    pud_t         *pud; 
  11.363 -    pmd_t         *pmd;
  11.364 -    pte_t         *pte;
  11.365 -    unsigned long  mfn, i, flags;
  11.366 -
  11.367 -    scrub_pages(vstart, 1 << order);
  11.368 -
  11.369 -    balloon_lock(flags);
  11.370 +	pgd_t         *pgd; 
  11.371 +	pud_t         *pud; 
  11.372 +	pmd_t         *pmd;
  11.373 +	pte_t         *pte;
  11.374 +	unsigned long  mfn, i, flags;
  11.375  
  11.376 -    /* 1. Zap current PTEs, giving away the underlying pages. */
  11.377 -    for (i = 0; i < (1<<order); i++) {
  11.378 -        pgd = pgd_offset_k(vstart + (i*PAGE_SIZE));
  11.379 -        pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE)));
  11.380 -        pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE)));
  11.381 -        pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE)));
  11.382 -        mfn = pte_mfn(*pte);
  11.383 -        BUG_ON(HYPERVISOR_update_va_mapping(
  11.384 -            vstart + (i*PAGE_SIZE), __pte_ma(0), 0));
  11.385 -        phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] =
  11.386 -            INVALID_P2M_ENTRY;
  11.387 -        BUG_ON(HYPERVISOR_dom_mem_op(
  11.388 -            MEMOP_decrease_reservation, &mfn, 1, 0) != 1);
  11.389 -    }
  11.390 +	scrub_pages(vstart, 1 << order);
  11.391  
  11.392 -    /* 2. Get a new contiguous memory extent. */
  11.393 -    BUG_ON(HYPERVISOR_dom_mem_op(
  11.394 -	       MEMOP_increase_reservation, &mfn, 1, order | (32<<8)) != 1);
  11.395 +	balloon_lock(flags);
  11.396  
  11.397 -    /* 3. Map the new extent in place of old pages. */
  11.398 -    for (i = 0; i < (1<<order); i++) {
  11.399 -        BUG_ON(HYPERVISOR_update_va_mapping(
  11.400 -            vstart + (i*PAGE_SIZE),
  11.401 -            __pte_ma(((mfn+i)<<PAGE_SHIFT)|__PAGE_KERNEL), 0));
  11.402 -        xen_machphys_update(mfn+i, (__pa(vstart)>>PAGE_SHIFT)+i);
  11.403 -        phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = mfn+i;
  11.404 -    }
  11.405 +	/* 1. Zap current PTEs, giving away the underlying pages. */
  11.406 +	for (i = 0; i < (1<<order); i++) {
  11.407 +		pgd = pgd_offset_k(vstart + (i*PAGE_SIZE));
  11.408 +		pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE)));
  11.409 +		pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE)));
  11.410 +		pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE)));
  11.411 +		mfn = pte_mfn(*pte);
  11.412 +		BUG_ON(HYPERVISOR_update_va_mapping(
  11.413 +			vstart + (i*PAGE_SIZE), __pte_ma(0), 0));
  11.414 +		phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] =
  11.415 +			INVALID_P2M_ENTRY;
  11.416 +		BUG_ON(HYPERVISOR_dom_mem_op(
  11.417 +			MEMOP_decrease_reservation, &mfn, 1, 0) != 1);
  11.418 +	}
  11.419  
  11.420 -    flush_tlb_all();
  11.421 +	/* 2. Get a new contiguous memory extent. */
  11.422 +	BUG_ON(HYPERVISOR_dom_mem_op(
  11.423 +		MEMOP_increase_reservation, &mfn, 1, order | (32<<8)) != 1);
  11.424  
  11.425 -    balloon_unlock(flags);
  11.426 +	/* 3. Map the new extent in place of old pages. */
  11.427 +	for (i = 0; i < (1<<order); i++) {
  11.428 +		BUG_ON(HYPERVISOR_update_va_mapping(
  11.429 +			vstart + (i*PAGE_SIZE),
  11.430 +			pfn_pte_ma(mfn+i, PAGE_KERNEL), 0));
  11.431 +		xen_machphys_update(mfn+i, (__pa(vstart)>>PAGE_SHIFT)+i);
  11.432 +		phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = mfn+i;
  11.433 +	}
  11.434 +
  11.435 +	flush_tlb_all();
  11.436 +
  11.437 +	contiguous_bitmap_set(__pa(vstart) >> PAGE_SHIFT, 1UL << order);
  11.438 +
  11.439 +	balloon_unlock(flags);
  11.440  }
  11.441  
  11.442  void xen_destroy_contiguous_region(unsigned long vstart, unsigned int order)
  11.443  {
  11.444 -    pgd_t         *pgd; 
  11.445 -    pud_t         *pud; 
  11.446 -    pmd_t         *pmd;
  11.447 -    pte_t         *pte;
  11.448 -    unsigned long  mfn, i, flags;
  11.449 -
  11.450 -    scrub_pages(vstart, 1 << order);
  11.451 -
  11.452 -    balloon_lock(flags);
  11.453 +	pgd_t         *pgd; 
  11.454 +	pud_t         *pud; 
  11.455 +	pmd_t         *pmd;
  11.456 +	pte_t         *pte;
  11.457 +	unsigned long  mfn, i, flags;
  11.458  
  11.459 -    /* 1. Zap current PTEs, giving away the underlying pages. */
  11.460 -    for (i = 0; i < (1<<order); i++) {
  11.461 -        pgd = pgd_offset_k(vstart + (i*PAGE_SIZE));
  11.462 -        pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE)));
  11.463 -        pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE)));
  11.464 -        pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE)));
  11.465 -        mfn = pte_mfn(*pte);
  11.466 -        BUG_ON(HYPERVISOR_update_va_mapping(
  11.467 -            vstart + (i*PAGE_SIZE), __pte_ma(0), 0));
  11.468 -        phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] =
  11.469 -            INVALID_P2M_ENTRY;
  11.470 -        BUG_ON(HYPERVISOR_dom_mem_op(
  11.471 -            MEMOP_decrease_reservation, &mfn, 1, 0) != 1);
  11.472 -    }
  11.473 +	scrub_pages(vstart, 1 << order);
  11.474  
  11.475 -    /* 2. Map new pages in place of old pages. */
  11.476 -    for (i = 0; i < (1<<order); i++) {
  11.477 -        BUG_ON(HYPERVISOR_dom_mem_op(
  11.478 -            MEMOP_increase_reservation, &mfn, 1, 0) != 1);
  11.479 -        BUG_ON(HYPERVISOR_update_va_mapping(
  11.480 -            vstart + (i*PAGE_SIZE),
  11.481 -            __pte_ma((mfn<<PAGE_SHIFT)|__PAGE_KERNEL), 0));
  11.482 -        xen_machphys_update(mfn, (__pa(vstart)>>PAGE_SHIFT)+i);
  11.483 -        phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = mfn;
  11.484 -    }
  11.485 +	balloon_lock(flags);
  11.486  
  11.487 -    flush_tlb_all();
  11.488 +	contiguous_bitmap_clear(__pa(vstart) >> PAGE_SHIFT, 1UL << order);
  11.489  
  11.490 -    balloon_unlock(flags);
  11.491 +	/* 1. Zap current PTEs, giving away the underlying pages. */
  11.492 +	for (i = 0; i < (1<<order); i++) {
  11.493 +		pgd = pgd_offset_k(vstart + (i*PAGE_SIZE));
  11.494 +		pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE)));
  11.495 +		pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE)));
  11.496 +		pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE)));
  11.497 +		mfn = pte_mfn(*pte);
  11.498 +		BUG_ON(HYPERVISOR_update_va_mapping(
  11.499 +			vstart + (i*PAGE_SIZE), __pte_ma(0), 0));
  11.500 +		phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] =
  11.501 +			INVALID_P2M_ENTRY;
  11.502 +		BUG_ON(HYPERVISOR_dom_mem_op(
  11.503 +			MEMOP_decrease_reservation, &mfn, 1, 0) != 1);
  11.504 +	}
  11.505 +
  11.506 +	/* 2. Map new pages in place of old pages. */
  11.507 +	for (i = 0; i < (1<<order); i++) {
  11.508 +		BUG_ON(HYPERVISOR_dom_mem_op(
  11.509 +			MEMOP_increase_reservation, &mfn, 1, 0) != 1);
  11.510 +		BUG_ON(HYPERVISOR_update_va_mapping(
  11.511 +			vstart + (i*PAGE_SIZE),
  11.512 +			pfn_pte_ma(mfn, PAGE_KERNEL), 0));
  11.513 +		xen_machphys_update(mfn, (__pa(vstart)>>PAGE_SHIFT)+i);
  11.514 +		phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = mfn;
  11.515 +	}
  11.516 +
  11.517 +	flush_tlb_all();
  11.518 +
  11.519 +	balloon_unlock(flags);
  11.520  }
  11.521  
  11.522  
  11.523  unsigned long allocate_empty_lowmem_region(unsigned long pages)
  11.524  {
  11.525 -    pgd_t         *pgd;
  11.526 -    pud_t         *pud; 
  11.527 -    pmd_t         *pmd;
  11.528 -    pte_t         *pte;
  11.529 -    unsigned long *pfn_array;
  11.530 -    unsigned long  vstart;
  11.531 -    unsigned long  i;
  11.532 -    unsigned int   order = get_order(pages*PAGE_SIZE);
  11.533 -
  11.534 -    vstart = __get_free_pages(GFP_KERNEL, order);
  11.535 -    if ( vstart == 0 )
  11.536 -        return 0UL;
  11.537 -
  11.538 -    scrub_pages(vstart, 1 << order);
  11.539 -
  11.540 -    pfn_array = vmalloc((1<<order) * sizeof(*pfn_array));
  11.541 -    if ( pfn_array == NULL )
  11.542 -        BUG();
  11.543 +	pgd_t         *pgd;
  11.544 +	pud_t         *pud; 
  11.545 +	pmd_t         *pmd;
  11.546 +	pte_t         *pte;
  11.547 +	unsigned long *pfn_array;
  11.548 +	unsigned long  vstart;
  11.549 +	unsigned long  i;
  11.550 +	unsigned int   order = get_order(pages*PAGE_SIZE);
  11.551  
  11.552 -    for ( i = 0; i < (1<<order); i++ )
  11.553 -    {
  11.554 -        pgd = pgd_offset_k(   (vstart + (i*PAGE_SIZE)));
  11.555 -        pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE)));
  11.556 -        pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE)));
  11.557 -        pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE))); 
  11.558 -        pfn_array[i] = pte_mfn(*pte);
  11.559 +	vstart = __get_free_pages(GFP_KERNEL, order);
  11.560 +	if (vstart == 0)
  11.561 +		return 0UL;
  11.562 +
  11.563 +	scrub_pages(vstart, 1 << order);
  11.564 +
  11.565 +	pfn_array = vmalloc((1<<order) * sizeof(*pfn_array));
  11.566 +	BUG_ON(pfn_array == NULL);
  11.567 +
  11.568 +	for (i = 0; i < (1<<order); i++) {
  11.569 +		pgd = pgd_offset_k(   (vstart + (i*PAGE_SIZE)));
  11.570 +		pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE)));
  11.571 +		pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE)));
  11.572 +		pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE))); 
  11.573 +		pfn_array[i] = pte_mfn(*pte);
  11.574  #ifdef CONFIG_X86_64
  11.575 -        xen_l1_entry_update(pte, __pte(0));
  11.576 +		xen_l1_entry_update(pte, __pte(0));
  11.577  #else
  11.578 -        BUG_ON(HYPERVISOR_update_va_mapping(vstart + (i*PAGE_SIZE), 
  11.579 -					    __pte_ma(0), 0));
  11.580 +		BUG_ON(HYPERVISOR_update_va_mapping(vstart + (i*PAGE_SIZE), 
  11.581 +						    __pte_ma(0), 0));
  11.582  #endif
  11.583 -        phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] =
  11.584 -            INVALID_P2M_ENTRY;
  11.585 -    }
  11.586 +		phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] =
  11.587 +			INVALID_P2M_ENTRY;
  11.588 +	}
  11.589  
  11.590 -    flush_tlb_all();
  11.591 +	flush_tlb_all();
  11.592  
  11.593 -    balloon_put_pages(pfn_array, 1 << order);
  11.594 +	balloon_put_pages(pfn_array, 1 << order);
  11.595  
  11.596 -    vfree(pfn_array);
  11.597 +	vfree(pfn_array);
  11.598  
  11.599 -    return vstart;
  11.600 +	return vstart;
  11.601  }
  11.602  
  11.603  EXPORT_SYMBOL(allocate_empty_lowmem_region);
  11.604 +
  11.605 +/*
  11.606 + * Local variables:
  11.607 + *  c-file-style: "linux"
  11.608 + *  indent-tabs-mode: t
  11.609 + *  c-indent-level: 8
  11.610 + *  c-basic-offset: 8
  11.611 + *  tab-width: 8
  11.612 + * End:
  11.613 + */
    12.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/mm/init.c	Fri Aug 19 10:18:53 2005 +0000
    12.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/mm/init.c	Fri Aug 19 10:50:15 2005 +0000
    12.3 @@ -41,6 +41,8 @@
    12.4  #include <asm/sections.h>
    12.5  #include <asm-xen/hypervisor.h>
    12.6  
    12.7 +extern unsigned long *contiguous_bitmap;
    12.8 +
    12.9  #if defined(CONFIG_SWIOTLB)
   12.10  extern void swiotlb_init(void);
   12.11  int swiotlb;
   12.12 @@ -637,6 +639,11 @@ void __init mem_init(void)
   12.13  	int bad_ppro;
   12.14  	unsigned long pfn;
   12.15  
   12.16 +	contiguous_bitmap = alloc_bootmem_low_pages(
   12.17 +		(max_low_pfn + 2*BITS_PER_LONG) >> 3);
   12.18 +	BUG_ON(!contiguous_bitmap);
   12.19 +	memset(contiguous_bitmap, 0, (max_low_pfn + 2*BITS_PER_LONG) >> 3);
   12.20 +
   12.21  #if defined(CONFIG_SWIOTLB)
   12.22  	swiotlb_init();	
   12.23  #endif
    13.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/mm/ioremap.c	Fri Aug 19 10:18:53 2005 +0000
    13.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/mm/ioremap.c	Fri Aug 19 10:50:15 2005 +0000
    13.3 @@ -300,17 +300,17 @@ void __init bt_iounmap(void *addr, unsig
    13.4  
    13.5  
    13.6  static int direct_remap_area_pte_fn(pte_t *pte, 
    13.7 -                                    struct page *pte_page,
    13.8 -                                    unsigned long address, 
    13.9 -                                    void *data)
   13.10 +				    struct page *pte_page,
   13.11 +				    unsigned long address, 
   13.12 +				    void *data)
   13.13  {
   13.14 -        mmu_update_t **v = (mmu_update_t **)data;
   13.15 +	mmu_update_t **v = (mmu_update_t **)data;
   13.16  
   13.17 -        (*v)->ptr = (pfn_to_mfn(page_to_pfn(pte_page)) << PAGE_SHIFT)
   13.18 -                    | ((unsigned long)pte & ~PAGE_MASK);
   13.19 -        (*v)++;
   13.20 +	(*v)->ptr = ((physaddr_t)pfn_to_mfn(page_to_pfn(pte_page)) <<
   13.21 +		     PAGE_SHIFT) | ((unsigned long)pte & ~PAGE_MASK);
   13.22 +	(*v)++;
   13.23  
   13.24 -        return 0;
   13.25 +	return 0;
   13.26  }
   13.27  
   13.28  int direct_remap_area_pages(struct mm_struct *mm,
   13.29 @@ -397,6 +397,16 @@ int touch_pte_range(struct mm_struct *mm
   13.30  	}
   13.31  
   13.32  	return generic_page_range(mm, address, size, f, NULL);
   13.33 -}                 
   13.34 +} 
   13.35  
   13.36  EXPORT_SYMBOL(touch_pte_range);
   13.37 +
   13.38 +/*
   13.39 + * Local variables:
   13.40 + *  c-file-style: "linux"
   13.41 + *  indent-tabs-mode: t
   13.42 + *  c-indent-level: 8
   13.43 + *  c-basic-offset: 8
   13.44 + *  tab-width: 8
   13.45 + * End:
   13.46 + */
    14.1 --- a/linux-2.6-xen-sparse/arch/xen/kernel/evtchn.c	Fri Aug 19 10:18:53 2005 +0000
    14.2 +++ b/linux-2.6-xen-sparse/arch/xen/kernel/evtchn.c	Fri Aug 19 10:50:15 2005 +0000
    14.3 @@ -124,8 +124,6 @@ extern asmlinkage unsigned int do_IRQ(st
    14.4  
    14.5  #define VALID_EVTCHN(_chn) ((_chn) >= 0)
    14.6  
    14.7 -unsigned uber_debug;
    14.8 -
    14.9  /*
   14.10   * Force a proper event-channel callback from Xen after clearing the
   14.11   * callback mask. We do this in a very simple manner, by making a call
   14.12 @@ -160,11 +158,7 @@ asmlinkage void evtchn_do_upcall(struct 
   14.13              l2 &= ~(1 << l2i);
   14.14              
   14.15              port = (l1i << 5) + l2i;
   14.16 -	    if (uber_debug && cpu)
   14.17 -		printk("<0>Upcall to %d on %d.\n", port, cpu);
   14.18              if ( (irq = evtchn_to_irq[port]) != -1 ) {
   14.19 -		if (uber_debug && cpu)
   14.20 -		    printk("<0>IRQ %d.\n", irq);
   14.21                  do_IRQ(irq, regs);
   14.22  	    } else
   14.23                  evtchn_device_upcall(port);
    15.1 --- a/linux-2.6-xen-sparse/arch/xen/kernel/skbuff.c	Fri Aug 19 10:18:53 2005 +0000
    15.2 +++ b/linux-2.6-xen-sparse/arch/xen/kernel/skbuff.c	Fri Aug 19 10:50:15 2005 +0000
    15.3 @@ -5,8 +5,6 @@
    15.4  #include <linux/kernel.h>
    15.5  #include <linux/sched.h>
    15.6  #include <linux/slab.h>
    15.7 -#include <linux/string.h>
    15.8 -#include <linux/errno.h>
    15.9  #include <linux/netdevice.h>
   15.10  #include <linux/inetdevice.h>
   15.11  #include <linux/etherdevice.h>
   15.12 @@ -14,34 +12,86 @@
   15.13  #include <linux/init.h>
   15.14  #include <asm/io.h>
   15.15  #include <asm/page.h>
   15.16 -
   15.17 -EXPORT_SYMBOL(__dev_alloc_skb);
   15.18 +#include <asm-xen/hypervisor.h>
   15.19  
   15.20  /* Referenced in netback.c. */
   15.21  /*static*/ kmem_cache_t *skbuff_cachep;
   15.22  
   15.23 -/* Size must be cacheline-aligned (alloc_skb uses SKB_DATA_ALIGN). */
   15.24 -#define XEN_SKB_SIZE \
   15.25 -    ((PAGE_SIZE - sizeof(struct skb_shared_info)) & ~(SMP_CACHE_BYTES - 1))
   15.26 +#define MAX_SKBUFF_ORDER 2
   15.27 +static kmem_cache_t *skbuff_order_cachep[MAX_SKBUFF_ORDER + 1];
   15.28  
   15.29  struct sk_buff *__dev_alloc_skb(unsigned int length, int gfp_mask)
   15.30  {
   15.31 -    struct sk_buff *skb;
   15.32 -    skb = alloc_skb_from_cache(skbuff_cachep, length + 16, gfp_mask);
   15.33 -    if ( likely(skb != NULL) )
   15.34 -        skb_reserve(skb, 16);
   15.35 -    return skb;
   15.36 +	struct sk_buff *skb;
   15.37 +	int order;
   15.38 +
   15.39 +	length = SKB_DATA_ALIGN(length + 16);
   15.40 +	order = get_order(length + sizeof(struct skb_shared_info));
   15.41 +	if (order > MAX_SKBUFF_ORDER) {
   15.42 +		printk(KERN_ALERT "Attempt to allocate order %d skbuff. "
   15.43 +		       "Increase MAX_SKBUFF_ORDER.\n", order);
   15.44 +		return NULL;
   15.45 +	}
   15.46 +
   15.47 +	skb = alloc_skb_from_cache(
   15.48 +		skbuff_order_cachep[order], length, gfp_mask);
   15.49 +	if (skb != NULL)
   15.50 +		skb_reserve(skb, 16);
   15.51 +
   15.52 +	return skb;
   15.53  }
   15.54  
   15.55  static void skbuff_ctor(void *buf, kmem_cache_t *cachep, unsigned long unused)
   15.56  {
   15.57 -    scrub_pages(buf, 1);
   15.58 +	int order = 0;
   15.59 +
   15.60 +	while (skbuff_order_cachep[order] != cachep)
   15.61 +		order++;
   15.62 +
   15.63 +	if (order != 0)
   15.64 +		xen_create_contiguous_region((unsigned long)buf, order);
   15.65 +
   15.66 +	scrub_pages(buf, 1 << order);
   15.67 +}
   15.68 +
   15.69 +static void skbuff_dtor(void *buf, kmem_cache_t *cachep, unsigned long unused)
   15.70 +{
   15.71 +	int order = 0;
   15.72 +
   15.73 +	while (skbuff_order_cachep[order] != cachep)
   15.74 +		order++;
   15.75 +
   15.76 +	if (order != 0)
   15.77 +		xen_destroy_contiguous_region((unsigned long)buf, order);
   15.78  }
   15.79  
   15.80  static int __init skbuff_init(void)
   15.81  {
   15.82 -    skbuff_cachep = kmem_cache_create(
   15.83 -        "xen-skb", PAGE_SIZE, PAGE_SIZE, 0, skbuff_ctor, NULL);
   15.84 -    return 0;
   15.85 +	static char name[MAX_SKBUFF_ORDER + 1][20];
   15.86 +	unsigned long size;
   15.87 +	int order;
   15.88 +
   15.89 +	for (order = 0; order <= MAX_SKBUFF_ORDER; order++) {
   15.90 +		size = PAGE_SIZE << order;
   15.91 +		sprintf(name[order], "xen-skb-%lu", size);
   15.92 +		skbuff_order_cachep[order] = kmem_cache_create(
   15.93 +			name[order], size, size, 0, skbuff_ctor, skbuff_dtor);
   15.94 +	}
   15.95 +
   15.96 +	skbuff_cachep = skbuff_order_cachep[0];
   15.97 +
   15.98 +	return 0;
   15.99  }
  15.100  __initcall(skbuff_init);
  15.101 +
  15.102 +EXPORT_SYMBOL(__dev_alloc_skb);
  15.103 +
  15.104 +/*
  15.105 + * Local variables:
  15.106 + *  c-file-style: "linux"
  15.107 + *  indent-tabs-mode: t
  15.108 + *  c-indent-level: 8
  15.109 + *  c-basic-offset: 8
  15.110 + *  tab-width: 8
  15.111 + * End:
  15.112 + */
    16.1 --- a/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup.c	Fri Aug 19 10:18:53 2005 +0000
    16.2 +++ b/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup.c	Fri Aug 19 10:50:15 2005 +0000
    16.3 @@ -426,16 +426,10 @@ static __init void parse_cmdline_early (
    16.4  #ifdef CONFIG_XEN
    16.5  static void __init contig_initmem_init(void)
    16.6  {
    16.7 -        unsigned long bootmap_size, bootmap; 
    16.8 -
    16.9 -        bootmap_size = bootmem_bootmap_pages(end_pfn)<<PAGE_SHIFT;
   16.10 -        bootmap = start_pfn;
   16.11 -        bootmap_size = init_bootmem(bootmap, end_pfn);
   16.12 -        reserve_bootmem(bootmap, bootmap_size);
   16.13 -        
   16.14 -        free_bootmem(start_pfn << PAGE_SHIFT, (end_pfn - start_pfn) << PAGE_SHIFT);   
   16.15 -        reserve_bootmem(0, (PFN_PHYS(start_pfn) +
   16.16 -                            bootmap_size + PAGE_SIZE-1));
   16.17 +        unsigned long bootmap_size = init_bootmem(start_pfn, end_pfn);
   16.18 +        free_bootmem(0, end_pfn << PAGE_SHIFT);   
   16.19 +        /* XXX KAF: Why can't we leave low 1MB of memory free? */
   16.20 +        reserve_bootmem(0, (PFN_PHYS(start_pfn) + bootmap_size + PAGE_SIZE-1));
   16.21  }
   16.22  #else
   16.23  static void __init contig_initmem_init(void)
    17.1 --- a/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup64.c	Fri Aug 19 10:18:53 2005 +0000
    17.2 +++ b/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup64.c	Fri Aug 19 10:50:15 2005 +0000
    17.3 @@ -280,19 +280,16 @@ void __init cpu_init (void)
    17.4  	if (cpu) {
    17.5  		memcpy(cpu_gdt_table[cpu], cpu_gdt_table[0], GDT_SIZE);
    17.6  	}	
    17.7 -#endif
    17.8  
    17.9  	cpu_gdt_descr[cpu].size = GDT_SIZE;
   17.10  	cpu_gdt_descr[cpu].address = (unsigned long)cpu_gdt_table[cpu];
   17.11  
   17.12 -        cpu_gdt_init(&cpu_gdt_descr[cpu]);
   17.13 -
   17.14 -#ifndef CONFIG_XEN 
   17.15  	memcpy(me->thread.tls_array, cpu_gdt_table[cpu], GDT_ENTRY_TLS_ENTRIES * 8);
   17.16 -
   17.17  #else
   17.18   	memcpy(me->thread.tls_array, &get_cpu_gdt_table(cpu)[GDT_ENTRY_TLS_MIN],
   17.19  	    GDT_ENTRY_TLS_ENTRIES * 8);
   17.20 +
   17.21 +    cpu_gdt_init(&cpu_gdt_descr[cpu]);
   17.22  #endif
   17.23         
   17.24  	/*
    18.1 --- a/linux-2.6-xen-sparse/arch/xen/x86_64/mm/fault.c	Fri Aug 19 10:18:53 2005 +0000
    18.2 +++ b/linux-2.6-xen-sparse/arch/xen/x86_64/mm/fault.c	Fri Aug 19 10:50:15 2005 +0000
    18.3 @@ -250,7 +250,11 @@ static int vmalloc_fault(unsigned long a
    18.4  	   happen within a race in page table update. In the later
    18.5  	   case just flush. */
    18.6  
    18.7 -	pgd = pgd_offset(current->mm ?: &init_mm, address);
    18.8 +	/* On Xen the line below does not always work. Needs investigating! */
    18.9 +	/*pgd = pgd_offset(current->mm ?: &init_mm, address);*/
   18.10 +	pgd = (pgd_t *)per_cpu(cur_pgd, smp_processor_id());
   18.11 +	pgd += pgd_index(address);
   18.12 +
   18.13  	pgd_ref = pgd_offset_k(address);
   18.14  	if (pgd_none(*pgd_ref))
   18.15  		return -1;
    19.1 --- a/linux-2.6-xen-sparse/arch/xen/x86_64/mm/init.c	Fri Aug 19 10:18:53 2005 +0000
    19.2 +++ b/linux-2.6-xen-sparse/arch/xen/x86_64/mm/init.c	Fri Aug 19 10:50:15 2005 +0000
    19.3 @@ -40,6 +40,12 @@
    19.4  #include <asm/proto.h>
    19.5  #include <asm/smp.h>
    19.6  
    19.7 +extern unsigned long *contiguous_bitmap;
    19.8 +
    19.9 +#if defined(CONFIG_SWIOTLB)
   19.10 +extern void swiotlb_init(void);
   19.11 +#endif
   19.12 +
   19.13  #ifndef Dprintk
   19.14  #define Dprintk(x...)
   19.15  #endif
   19.16 @@ -794,8 +800,12 @@ void __init mem_init(void)
   19.17  	int codesize, reservedpages, datasize, initsize;
   19.18  	int tmp;
   19.19  
   19.20 +	contiguous_bitmap = alloc_bootmem_low_pages(
   19.21 +		(end_pfn + 2*BITS_PER_LONG) >> 3);
   19.22 +	BUG_ON(!contiguous_bitmap);
   19.23 +	memset(contiguous_bitmap, 0, (end_pfn + 2*BITS_PER_LONG) >> 3);
   19.24 +
   19.25  #if defined(CONFIG_SWIOTLB)
   19.26 -	extern void swiotlb_init(void);
   19.27  	swiotlb_init();	
   19.28  #endif
   19.29  
    20.1 --- a/linux-2.6-xen-sparse/drivers/xen/balloon/balloon.c	Fri Aug 19 10:18:53 2005 +0000
    20.2 +++ b/linux-2.6-xen-sparse/drivers/xen/balloon/balloon.c	Fri Aug 19 10:50:15 2005 +0000
    20.3 @@ -213,9 +213,7 @@ static void balloon_process(void *unused
    20.4              {
    20.5                  BUG_ON(HYPERVISOR_update_va_mapping(
    20.6                      (unsigned long)__va(pfn << PAGE_SHIFT),
    20.7 -                    __pte_ma((mfn_list[i] << PAGE_SHIFT) |
    20.8 -                             pgprot_val(PAGE_KERNEL)),
    20.9 -                    0));
   20.10 +                    pfn_pte_ma(mfn_list[i], PAGE_KERNEL), 0));
   20.11              }
   20.12  
   20.13              /* Finally, relinquish the memory back to the system allocator. */
    21.1 --- a/linux-2.6-xen-sparse/drivers/xen/blkback/blkback.c	Fri Aug 19 10:18:53 2005 +0000
    21.2 +++ b/linux-2.6-xen-sparse/drivers/xen/blkback/blkback.c	Fri Aug 19 10:50:15 2005 +0000
    21.3 @@ -406,21 +406,15 @@ static void dispatch_probe(blkif_t *blki
    21.4  #endif
    21.5  
    21.6  
    21.7 -#ifdef CONFIG_XEN_BLKDEV_TAP_BE
    21.8      if ( HYPERVISOR_update_va_mapping_otherdomain(
    21.9          MMAP_VADDR(pending_idx, 0),
   21.10 -        (pte_t) { (req->frame_and_sects[0] & PAGE_MASK) | __PAGE_KERNEL },
   21.11 +        pfn_pte_ma(req->frame_and_sects[0] >> PAGE_SHIFT, PAGE_KERNEL),
   21.12 +#ifdef CONFIG_XEN_BLKDEV_TAP_BE
   21.13          0, (blkif->is_blktap ? ID_TO_DOM(req->id) : blkif->domid) ) )
   21.14 -        
   21.15 -        goto out;
   21.16  #else
   21.17 -    if ( HYPERVISOR_update_va_mapping_otherdomain(
   21.18 -        MMAP_VADDR(pending_idx, 0),
   21.19 -        (pte_t) { (req->frame_and_sects[0] & PAGE_MASK) | __PAGE_KERNEL },
   21.20 -        0, blkif->domid) ) 
   21.21 -        
   21.22 +        0, blkif->domid) )
   21.23 +#endif
   21.24          goto out;
   21.25 -#endif
   21.26  #endif /* endif CONFIG_XEN_BLKDEV_GRANT */
   21.27     
   21.28      rsp = vbd_probe(blkif, (vdisk_t *)MMAP_VADDR(pending_idx, 0), 
    22.1 --- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c	Fri Aug 19 10:18:53 2005 +0000
    22.2 +++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c	Fri Aug 19 10:50:15 2005 +0000
    22.3 @@ -48,15 +48,7 @@ static const struct xenbus_device_id *
    22.4  match_device(const struct xenbus_device_id *arr, struct xenbus_device *dev)
    22.5  {
    22.6  	for (; !streq(arr->devicetype, ""); arr++) {
    22.7 -		if (!streq(arr->devicetype, dev->devicetype))
    22.8 -			continue;
    22.9 -
   22.10 -		/* If they don't care what subtype, it's a match. */
   22.11 -		if (streq(arr->subtype, ""))
   22.12 -			return arr;
   22.13 -
   22.14 -		/* If they care, device must have (same) subtype. */
   22.15 -		if (dev->subtype && streq(arr->subtype, dev->subtype))
   22.16 +		if (streq(arr->devicetype, dev->devicetype))
   22.17  			return arr;
   22.18  	}
   22.19  	return NULL;
   22.20 @@ -72,10 +64,102 @@ static int xenbus_match(struct device *_
   22.21  	return match_device(drv->ids, to_xenbus_device(_dev)) != NULL;
   22.22  }
   22.23  
   22.24 +struct xen_bus_type
   22.25 +{
   22.26 +	char *root;
   22.27 +	unsigned int levels;
   22.28 +	int (*get_bus_id)(char bus_id[BUS_ID_SIZE], const char *nodename);
   22.29 +	int (*probe)(const char *type, const char *dir);
   22.30 +	struct bus_type bus;
   22.31 +	struct device dev;
   22.32 +};
   22.33 +
   22.34 +/* device/<type>/<id> => <type>-<id> */
   22.35 +static int frontend_bus_id(char bus_id[BUS_ID_SIZE], const char *nodename)
   22.36 +{
   22.37 +	nodename = strchr(nodename, '/');
   22.38 +	if (!nodename || strlen(nodename + 1) >= BUS_ID_SIZE) {
   22.39 +		printk(KERN_WARNING "XENBUS: bad frontend %s\n", nodename);
   22.40 +		return -EINVAL;
   22.41 +	}
   22.42 +
   22.43 +	strlcpy(bus_id, nodename + 1, BUS_ID_SIZE);
   22.44 +	if (!strchr(bus_id, '/')) {
   22.45 +		printk(KERN_WARNING "XENBUS: bus_id %s no slash\n", bus_id);
   22.46 +		return -EINVAL;
   22.47 +	}
   22.48 +	*strchr(bus_id, '/') = '-';
   22.49 +	return 0;
   22.50 +}
   22.51 +
   22.52  /* Bus type for frontend drivers. */
   22.53 -static struct bus_type xenbus_type = {
   22.54 -	.name  = "xenbus",
   22.55 -	.match = xenbus_match,
   22.56 +static int xenbus_probe_frontend(const char *type, const char *name);
   22.57 +static struct xen_bus_type xenbus_frontend = {
   22.58 +	.root = "device",
   22.59 +	.levels = 2, 		/* device/type/<id> */
   22.60 +	.get_bus_id = frontend_bus_id,
   22.61 +	.probe = xenbus_probe_frontend,
   22.62 +	.bus = {
   22.63 +		.name  = "xen",
   22.64 +		.match = xenbus_match,
   22.65 +	},
   22.66 +	.dev = {
   22.67 +		.bus_id = "xen",
   22.68 +	},
   22.69 +};
   22.70 +
   22.71 +/* backend/<type>/<fe-uuid>/<id> => <type>-<fe-domid>-<id> */
   22.72 +static int backend_bus_id(char bus_id[BUS_ID_SIZE], const char *nodename)
   22.73 +{
   22.74 +	int domid, err;
   22.75 +	const char *devid, *type, *frontend;
   22.76 +	unsigned int typelen;
   22.77 +
   22.78 +	type = strchr(nodename, '/');
   22.79 +	if (!type)
   22.80 +		return -EINVAL;
   22.81 +	type++;
   22.82 +	typelen = strcspn(type, "/");
   22.83 +	if (!typelen || type[typelen] != '/')
   22.84 +		return -EINVAL;
   22.85 +
   22.86 +	devid = strrchr(nodename, '/') + 1;
   22.87 +
   22.88 +	err = xenbus_gather(nodename, "frontend-id", "%i", &domid,
   22.89 +			    "frontend", NULL, &frontend,
   22.90 +			    NULL);
   22.91 +	if (err)
   22.92 +		return err;
   22.93 +	if (strlen(frontend) == 0)
   22.94 +		err = -ERANGE;
   22.95 +
   22.96 +	if (!err && !xenbus_exists(frontend, ""))
   22.97 +		err = -ENOENT;
   22.98 +
   22.99 +	if (err) {
  22.100 +		kfree(frontend);
  22.101 +		return err;
  22.102 +	}
  22.103 +
  22.104 +	if (snprintf(bus_id, BUS_ID_SIZE,
  22.105 +		     "%.*s-%i-%s", typelen, type, domid, devid) >= BUS_ID_SIZE)
  22.106 +		return -ENOSPC;
  22.107 +	return 0;
  22.108 +}
  22.109 +
  22.110 +static int xenbus_probe_backend(const char *type, const char *uuid);
  22.111 +static struct xen_bus_type xenbus_backend = {
  22.112 +	.root = "backend",
  22.113 +	.levels = 3, 		/* backend/type/<frontend>/<id> */
  22.114 +	.get_bus_id = backend_bus_id,
  22.115 +	.probe = xenbus_probe_backend,
  22.116 +	.bus = {
  22.117 +		.name  = "xen-backend",
  22.118 +		.match = xenbus_match,
  22.119 +	},
  22.120 +	.dev = {
  22.121 +		.bus_id = "xen-backend",
  22.122 +	},
  22.123  };
  22.124  
  22.125  static int xenbus_dev_probe(struct device *_dev)
  22.126 @@ -104,12 +188,13 @@ static int xenbus_dev_remove(struct devi
  22.127  	return drv->remove(dev);
  22.128  }
  22.129  
  22.130 -int xenbus_register_driver(struct xenbus_driver *drv)
  22.131 +static int xenbus_register_driver(struct xenbus_driver *drv,
  22.132 +				  struct xen_bus_type *bus)
  22.133  {
  22.134  	int err;
  22.135  
  22.136  	drv->driver.name = drv->name;
  22.137 -	drv->driver.bus = &xenbus_type;
  22.138 +	drv->driver.bus = &bus->bus;
  22.139  	drv->driver.owner = drv->owner;
  22.140  	drv->driver.probe = xenbus_dev_probe;
  22.141  	drv->driver.remove = xenbus_dev_remove;
  22.142 @@ -120,6 +205,16 @@ int xenbus_register_driver(struct xenbus
  22.143  	return err;
  22.144  }
  22.145  
  22.146 +int xenbus_register_device(struct xenbus_driver *drv)
  22.147 +{
  22.148 +	return xenbus_register_driver(drv, &xenbus_frontend);
  22.149 +}
  22.150 +
  22.151 +int xenbus_register_backend(struct xenbus_driver *drv)
  22.152 +{
  22.153 +	return xenbus_register_driver(drv, &xenbus_backend);
  22.154 +}
  22.155 +
  22.156  void xenbus_unregister_driver(struct xenbus_driver *drv)
  22.157  {
  22.158  	down(&xenbus_lock);
  22.159 @@ -130,52 +225,98 @@ void xenbus_unregister_driver(struct xen
  22.160  struct xb_find_info
  22.161  {
  22.162  	struct xenbus_device *dev;
  22.163 -	const char *busid;
  22.164 +	const char *nodename;
  22.165  };
  22.166  
  22.167  static int cmp_dev(struct device *dev, void *data)
  22.168  {
  22.169 +	struct xenbus_device *xendev = to_xenbus_device(dev);
  22.170  	struct xb_find_info *info = data;
  22.171  
  22.172 -	if (streq(dev->bus_id, info->busid)) {
  22.173 -		info->dev = container_of(get_device(dev),
  22.174 -					 struct xenbus_device, dev);
  22.175 +	if (streq(xendev->nodename, info->nodename)) {
  22.176 +		info->dev = xendev;
  22.177 +		get_device(dev);
  22.178  		return 1;
  22.179  	}
  22.180  	return 0;
  22.181  }
  22.182  
  22.183 -/* FIXME: device_find is fixed in 2.6.13-rc2 according to Greg KH --RR */
  22.184 -struct xenbus_device *xenbus_device_find(const char *busid)
  22.185 +struct xenbus_device *xenbus_device_find(const char *nodename,
  22.186 +					 struct bus_type *bus)
  22.187  {
  22.188 -	struct xb_find_info info = { .dev = NULL, .busid = busid };
  22.189 +	struct xb_find_info info = { .dev = NULL, .nodename = nodename };
  22.190  
  22.191 -	bus_for_each_dev(&xenbus_type, NULL, &info, cmp_dev);
  22.192 +	bus_for_each_dev(bus, NULL, &info, cmp_dev);
  22.193  	return info.dev;
  22.194  }
  22.195  
  22.196 +static int cleanup_dev(struct device *dev, void *data)
  22.197 +{
  22.198 +	struct xenbus_device *xendev = to_xenbus_device(dev);
  22.199 +	struct xb_find_info *info = data;
  22.200 +	int len = strlen(info->nodename);
  22.201 +
  22.202 +	if (!strncmp(xendev->nodename, info->nodename, len)) {
  22.203 +		info->dev = xendev;
  22.204 +		get_device(dev);
  22.205 +		return 1;
  22.206 +	}
  22.207 +	return 0;
  22.208 +}
  22.209 +
  22.210 +static void xenbus_cleanup_devices(const char *path, struct bus_type *bus)
  22.211 +{
  22.212 +	struct xb_find_info info = { .nodename = path };
  22.213 +
  22.214 +	do {
  22.215 +		info.dev = NULL;
  22.216 +		bus_for_each_dev(bus, NULL, &info, cleanup_dev);
  22.217 +		if (info.dev) {
  22.218 +			device_unregister(&info.dev->dev);
  22.219 +			put_device(&info.dev->dev);
  22.220 +		}
  22.221 +	} while (info.dev);
  22.222 +}
  22.223  
  22.224  static void xenbus_release_device(struct device *dev)
  22.225  {
  22.226  	if (dev) {
  22.227  		struct xenbus_device *xendev = to_xenbus_device(dev);
  22.228  
  22.229 -		kfree(xendev->subtype);
  22.230  		kfree(xendev);
  22.231  	}
  22.232  }
  22.233 -/* devices/<typename>/<name> */
  22.234 -static int xenbus_probe_device(const char *dirpath, const char *devicetype,
  22.235 -			       const char *name)
  22.236 +
  22.237 +/* Simplified asprintf. */
  22.238 +static char *kasprintf(const char *fmt, ...)
  22.239 +{
  22.240 +	va_list ap;
  22.241 +	unsigned int len;
  22.242 +	char *p, dummy[1];
  22.243 +
  22.244 +	va_start(ap, fmt);
  22.245 +	/* FIXME: vsnprintf has a bug, NULL should work */
  22.246 +	len = vsnprintf(dummy, 0, fmt, ap);
  22.247 +	va_end(ap);
  22.248 +
  22.249 +	p = kmalloc(len + 1, GFP_KERNEL);
  22.250 +	if (!p)
  22.251 +		return NULL;
  22.252 +	va_start(ap, fmt);
  22.253 +	vsprintf(p, fmt, ap);
  22.254 +	va_end(ap);
  22.255 +	return p;
  22.256 +}
  22.257 +
  22.258 +static int xenbus_probe_node(struct xen_bus_type *bus,
  22.259 +			     const char *type,
  22.260 +			     const char *nodename)
  22.261  {
  22.262  	int err;
  22.263  	struct xenbus_device *xendev;
  22.264  	unsigned int stringlen;
  22.265  
  22.266 -	/* Nodename: /device/<typename>/<name>/ */
  22.267 -	stringlen = strlen(dirpath) + strlen(devicetype) + strlen(name) + 3;
  22.268 -	/* Typename */
  22.269 -	stringlen += strlen(devicetype) + 1;
  22.270 +	stringlen = strlen(nodename) + 1 + strlen(type) + 1;
  22.271  	xendev = kmalloc(sizeof(*xendev) + stringlen, GFP_KERNEL);
  22.272  	if (!xendev)
  22.273  		return -ENOMEM;
  22.274 @@ -183,38 +324,103 @@ static int xenbus_probe_device(const cha
  22.275  
  22.276  	/* Copy the strings into the extra space. */
  22.277  	xendev->nodename = (char *)(xendev + 1);
  22.278 -	sprintf(xendev->nodename, "%s/%s/%s", dirpath, devicetype, name);
  22.279 +	strcpy(xendev->nodename, nodename);
  22.280  	xendev->devicetype = xendev->nodename + strlen(xendev->nodename) + 1;
  22.281 -	strcpy(xendev->devicetype, devicetype);
  22.282 +	strcpy(xendev->devicetype, type);
  22.283  
  22.284 -	/* FIXME: look for "subtype" field. */
  22.285 -	snprintf(xendev->dev.bus_id, BUS_ID_SIZE, "%s-%s", devicetype, name);
  22.286 -	xendev->dev.bus = &xenbus_type;
  22.287 +	xendev->dev.parent = &bus->dev;
  22.288 +	xendev->dev.bus = &bus->bus;
  22.289  	xendev->dev.release = xenbus_release_device;
  22.290  
  22.291 +	err = bus->get_bus_id(xendev->dev.bus_id, xendev->nodename);
  22.292 +	if (err) {
  22.293 +		kfree(xendev);
  22.294 +		return err;
  22.295 +	}
  22.296 +
  22.297  	/* Register with generic device framework. */
  22.298  	err = device_register(&xendev->dev);
  22.299  	if (err) {
  22.300 -		printk("XENBUS: Registering device %s: error %i\n",
  22.301 -		       xendev->dev.bus_id, err);
  22.302 +		printk("XENBUS: Registering %s device %s: error %i\n",
  22.303 +		       bus->bus.name, xendev->dev.bus_id, err);
  22.304  		kfree(xendev);
  22.305  	}
  22.306  	return err;
  22.307  }
  22.308  
  22.309 -static int xenbus_probe_device_type(const char *dirpath, const char *typename)
  22.310 +/* device/<typename>/<name> */
  22.311 +static int xenbus_probe_frontend(const char *type, const char *name)
  22.312 +{
  22.313 +	char *nodename;
  22.314 +	int err;
  22.315 +
  22.316 +	nodename = kasprintf("%s/%s/%s", xenbus_frontend.root, type, name);
  22.317 +	if (!nodename)
  22.318 +		return -ENOMEM;
  22.319 +	
  22.320 +	err = xenbus_probe_node(&xenbus_frontend, type, nodename);
  22.321 +	kfree(nodename);
  22.322 +	return err;
  22.323 +}
  22.324 +
  22.325 +/* backend/<typename>/<frontend-uuid>/<name> */
  22.326 +static int xenbus_probe_backend_unit(const char *dir,
  22.327 +				     const char *type,
  22.328 +				     const char *name)
  22.329 +{
  22.330 +	char *nodename;
  22.331 +	int err;
  22.332 +
  22.333 +	nodename = kasprintf("%s/%s", dir, name);
  22.334 +	if (!nodename)
  22.335 +		return -ENOMEM;
  22.336 +
  22.337 +	err = xenbus_probe_node(&xenbus_backend, type, nodename);
  22.338 +	kfree(nodename);
  22.339 +	return err;
  22.340 +}
  22.341 +
  22.342 +/* backend/<typename>/<frontend-uuid> */
  22.343 +static int xenbus_probe_backend(const char *type, const char *uuid)
  22.344 +{
  22.345 +	char *nodename;
  22.346 +	int err = 0;
  22.347 +	char **dir;
  22.348 +	unsigned int i, dir_n = 0;
  22.349 +
  22.350 +	nodename = kasprintf("%s/%s/%s", xenbus_backend.root, type, uuid);
  22.351 +	if (!nodename)
  22.352 +		return -ENOMEM;
  22.353 +
  22.354 +	dir = xenbus_directory(nodename, "", &dir_n);
  22.355 +	if (IS_ERR(dir)) {
  22.356 +		kfree(nodename);
  22.357 +		return PTR_ERR(dir);
  22.358 +	}
  22.359 +
  22.360 +	for (i = 0; i < dir_n; i++) {
  22.361 +		err = xenbus_probe_backend_unit(nodename, type, dir[i]);
  22.362 +		if (err)
  22.363 +			break;
  22.364 +	}
  22.365 +	kfree(dir);
  22.366 +	kfree(nodename);
  22.367 +	return err;
  22.368 +}
  22.369 +
  22.370 +static int xenbus_probe_device_type(struct xen_bus_type *bus, const char *type)
  22.371  {
  22.372  	int err = 0;
  22.373  	char **dir;
  22.374  	unsigned int dir_n = 0;
  22.375  	int i;
  22.376  
  22.377 -	dir = xenbus_directory(dirpath, typename, &dir_n);
  22.378 +	dir = xenbus_directory(bus->root, type, &dir_n);
  22.379  	if (IS_ERR(dir))
  22.380  		return PTR_ERR(dir);
  22.381  
  22.382  	for (i = 0; i < dir_n; i++) {
  22.383 -		err = xenbus_probe_device(dirpath, typename, dir[i]);
  22.384 +		err = bus->probe(type, dir[i]);
  22.385  		if (err)
  22.386  			break;
  22.387  	}
  22.388 @@ -222,18 +428,18 @@ static int xenbus_probe_device_type(cons
  22.389  	return err;
  22.390  }
  22.391  
  22.392 -static int xenbus_probe_devices(const char *path)
  22.393 +static int xenbus_probe_devices(struct xen_bus_type *bus)
  22.394  {
  22.395  	int err = 0;
  22.396  	char **dir;
  22.397  	unsigned int i, dir_n;
  22.398  
  22.399 -	dir = xenbus_directory(path, "", &dir_n);
  22.400 +	dir = xenbus_directory(bus->root, "", &dir_n);
  22.401  	if (IS_ERR(dir))
  22.402  		return PTR_ERR(dir);
  22.403  
  22.404  	for (i = 0; i < dir_n; i++) {
  22.405 -		err = xenbus_probe_device_type(path, dir[i]);
  22.406 +		err = xenbus_probe_device_type(bus, dir[i]);
  22.407  		if (err)
  22.408  			break;
  22.409  	}
  22.410 @@ -251,58 +457,111 @@ static unsigned int char_count(const cha
  22.411  	return ret;
  22.412  }
  22.413  
  22.414 -static void dev_changed(struct xenbus_watch *watch, const char *node)
  22.415 +static int strsep_len(const char *str, char c, unsigned int len)
  22.416  {
  22.417 -	char busid[BUS_ID_SIZE];
  22.418 -	int exists;
  22.419 -	struct xenbus_device *dev;
  22.420 -	char *p;
  22.421 +	unsigned int i;
  22.422  
  22.423 -	/* Node is of form device/<type>/<identifier>[/...] */
  22.424 -	if (char_count(node, '/') != 2)
  22.425 -		return;
  22.426 +	for (i = 0; str[i]; i++)
  22.427 +		if (str[i] == c) {
  22.428 +			if (len == 0)
  22.429 +				return i;
  22.430 +			len--;
  22.431 +		}
  22.432 +	return (len == 0) ? i : -ERANGE;
  22.433 +}
  22.434  
  22.435 -	/* Created or deleted? */
  22.436 -	exists = xenbus_exists(node, "");
  22.437 +static void dev_changed(const char *node, struct xen_bus_type *bus)
  22.438 +{
  22.439 +	int exists, rootlen;
  22.440 +	struct xenbus_device *dev;
  22.441 +	char type[BUS_ID_SIZE];
  22.442 +	const char *p, *root;
  22.443  
  22.444 -	p = strchr(node, '/') + 1;
  22.445 -	if (strlen(p) + 1 > BUS_ID_SIZE) {
  22.446 -		printk("Device for node %s is too big!\n", node);
  22.447 +	if (char_count(node, '/') < 2)
  22.448 + 		return;
  22.449 +
  22.450 +	exists = xenbus_exists(node, "");
  22.451 +	if (!exists) {
  22.452 +		xenbus_cleanup_devices(node, &bus->bus);
  22.453  		return;
  22.454  	}
  22.455 -	/* Bus ID is name with / changed to - */
  22.456 -	strcpy(busid, p);
  22.457 -	*strchr(busid, '/') = '-';
  22.458  
  22.459 -	dev = xenbus_device_find(busid);
  22.460 -	printk("xenbus: device %s %s\n", busid, dev ? "exists" : "new");
  22.461 -	if (dev && !exists) {
  22.462 -		printk("xenbus: Unregistering device %s\n", busid);
  22.463 -		/* FIXME: free? */
  22.464 -		device_unregister(&dev->dev);
  22.465 -	} else if (!dev && exists) {
  22.466 -		printk("xenbus: Adding device %s\n", busid);
  22.467 -		/* Hack bus id back into two strings. */
  22.468 -		*strrchr(busid, '-') = '\0';
  22.469 -		xenbus_probe_device("device", busid, busid+strlen(busid)+1);
  22.470 -	} else
  22.471 -		printk("xenbus: strange, %s already %s\n", busid,
  22.472 -		       exists ? "exists" : "gone");
  22.473 -	if (dev)
  22.474 +	/* backend/<type>/... or device/<type>/... */
  22.475 +	p = strchr(node, '/') + 1;
  22.476 +	snprintf(type, BUS_ID_SIZE, "%.*s", strcspn(p, "/"), p);
  22.477 +	type[BUS_ID_SIZE-1] = '\0';
  22.478 +
  22.479 +	rootlen = strsep_len(node, '/', bus->levels);
  22.480 +	if (rootlen < 0)
  22.481 +		return;
  22.482 +	root = kasprintf("%.*s", rootlen, node);
  22.483 +	if (!root)
  22.484 +		return;
  22.485 +
  22.486 +	dev = xenbus_device_find(root, &bus->bus);
  22.487 +	if (!dev)
  22.488 +		xenbus_probe_node(bus, type, root);
  22.489 +	else
  22.490  		put_device(&dev->dev);
  22.491 +
  22.492 +	kfree(root);
  22.493 +}
  22.494 +
  22.495 +static void frontend_changed(struct xenbus_watch *watch, const char *node)
  22.496 +{
  22.497 +	dev_changed(node, &xenbus_frontend);
  22.498 +}
  22.499 +
  22.500 +static void backend_changed(struct xenbus_watch *watch, const char *node)
  22.501 +{
  22.502 +	dev_changed(node, &xenbus_backend);
  22.503  }
  22.504  
  22.505  /* We watch for devices appearing and vanishing. */
  22.506 -static struct xenbus_watch dev_watch = {
  22.507 -	/* FIXME: Ideally we'd only watch for changes 2 levels deep... */
  22.508 +static struct xenbus_watch fe_watch = {
  22.509  	.node = "device",
  22.510 -	.callback = dev_changed,
  22.511 +	.callback = frontend_changed,
  22.512  };
  22.513  
  22.514 +static struct xenbus_watch be_watch = {
  22.515 +	.node = "backend",
  22.516 +	.callback = backend_changed,
  22.517 +};
  22.518 +
  22.519 +static int suspend_dev(struct device *dev, void *data)
  22.520 +{
  22.521 +	int err = 0;
  22.522 +	struct xenbus_driver *drv = to_xenbus_driver(dev->driver);
  22.523 +	struct xenbus_device *xdev
  22.524 +		= container_of(dev, struct xenbus_device, dev);
  22.525 +
  22.526 +	if (drv->suspend)
  22.527 +		err = drv->suspend(xdev);
  22.528 +	if (err)
  22.529 +		printk("xenbus: suspend %s failed: %i\n", dev->bus_id, err);
  22.530 +	return 0;
  22.531 +}
  22.532 +
  22.533 +static int resume_dev(struct device *dev, void *data)
  22.534 +{
  22.535 +	int err = 0;
  22.536 +	struct xenbus_driver *drv = to_xenbus_driver(dev->driver);
  22.537 +	struct xenbus_device *xdev
  22.538 +		= container_of(dev, struct xenbus_device, dev);
  22.539 +
  22.540 +	if (drv->resume)
  22.541 +		err = drv->resume(xdev);
  22.542 +	if (err)
  22.543 +		printk("xenbus: resume %s failed: %i\n", dev->bus_id, err);
  22.544 +	return 0;
  22.545 +}
  22.546 +
  22.547  void xenbus_suspend(void)
  22.548  {
  22.549  	/* We keep lock, so no comms can happen as page moves. */
  22.550  	down(&xenbus_lock);
  22.551 +	bus_for_each_dev(&xenbus_frontend.bus, NULL, NULL, suspend_dev);
  22.552 +	bus_for_each_dev(&xenbus_backend.bus, NULL, NULL, suspend_dev);
  22.553  	xb_suspend_comms();
  22.554  }
  22.555  
  22.556 @@ -310,6 +569,8 @@ void xenbus_resume(void)
  22.557  {
  22.558  	xb_init_comms();
  22.559  	reregister_xenbus_watches();
  22.560 +	bus_for_each_dev(&xenbus_frontend.bus, NULL, NULL, resume_dev);
  22.561 +	bus_for_each_dev(&xenbus_backend.bus, NULL, NULL, resume_dev);
  22.562  	up(&xenbus_lock);
  22.563  }
  22.564  
  22.565 @@ -354,30 +615,23 @@ int do_xenbus_probe(void *unused)
  22.566  	}
  22.567  
  22.568  	down(&xenbus_lock);
  22.569 -	err = notifier_call_chain(&xenstore_chain, 0, 0);
  22.570 -	up(&xenbus_lock);
  22.571 -
  22.572 -	if (err == NOTIFY_BAD) {
  22.573 -		printk("%s: calling xenstore notify chain failed\n",
  22.574 -		       __FUNCTION__);
  22.575 -		return -EINVAL;
  22.576 -	}
  22.577 -
  22.578 -	err = 0;
  22.579 -
  22.580 -	down(&xenbus_lock);
  22.581  	/* Enumerate devices in xenstore. */
  22.582 -	xenbus_probe_devices("device");
  22.583 +	xenbus_probe_devices(&xenbus_frontend);
  22.584 +	xenbus_probe_devices(&xenbus_backend);
  22.585  	/* Watch for changes. */
  22.586 -	register_xenbus_watch(&dev_watch);
  22.587 +	register_xenbus_watch(&fe_watch);
  22.588 +	register_xenbus_watch(&be_watch);
  22.589  	up(&xenbus_lock);
  22.590  	return 0;
  22.591  }
  22.592  
  22.593  static int __init xenbus_probe_init(void)
  22.594  {
  22.595 -	bus_register(&xenbus_type);
  22.596 -
  22.597 +	bus_register(&xenbus_frontend.bus);
  22.598 +	bus_register(&xenbus_backend.bus);
  22.599 +	device_register(&xenbus_frontend.dev);
  22.600 +	device_register(&xenbus_backend.dev);
  22.601 +	
  22.602  	if (!xen_start_info.store_evtchn)
  22.603  		return 0;
  22.604  
    23.1 --- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c	Fri Aug 19 10:18:53 2005 +0000
    23.2 +++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c	Fri Aug 19 10:50:15 2005 +0000
    23.3 @@ -187,6 +187,7 @@ static char *join(const char *dir, const
    23.4  	static char buffer[4096];
    23.5  
    23.6  	BUG_ON(down_trylock(&xenbus_lock) == 0);
    23.7 +	/* XXX FIXME: might not be correct if name == "" */
    23.8  	BUG_ON(strlen(dir) + strlen("/") + strlen(name) + 1 > sizeof(buffer));
    23.9  
   23.10  	strcpy(buffer, dir);
   23.11 @@ -399,9 +400,12 @@ int xenbus_gather(const char *dir, ...)
   23.12  			ret = PTR_ERR(p);
   23.13  			break;
   23.14  		}
   23.15 -		if (sscanf(p, fmt, result) == 0)
   23.16 -			ret = -EINVAL;
   23.17 -		kfree(p);
   23.18 +		if (fmt) {
   23.19 +			if (sscanf(p, fmt, result) == 0)
   23.20 +				ret = -EINVAL;
   23.21 +			kfree(p);
   23.22 +		} else
   23.23 +			*(char **)result = p;
   23.24  	}
   23.25  	va_end(ap);
   23.26  	return ret;
    24.1 --- a/linux-2.6-xen-sparse/include/asm-xen/asm-i386/dma-mapping.h	Fri Aug 19 10:18:53 2005 +0000
    24.2 +++ b/linux-2.6-xen-sparse/include/asm-xen/asm-i386/dma-mapping.h	Fri Aug 19 10:50:15 2005 +0000
    24.3 @@ -26,7 +26,9 @@ address_needs_mapping(struct device *hwd
    24.4  static inline int
    24.5  range_straddles_page_boundary(void *p, size_t size)
    24.6  {
    24.7 -	return ((((unsigned long)p & ~PAGE_MASK) + size) > PAGE_SIZE);
    24.8 +	extern unsigned long *contiguous_bitmap;
    24.9 +	return (((((unsigned long)p & ~PAGE_MASK) + size) > PAGE_SIZE) &&
   24.10 +		!test_bit(__pa(p) >> PAGE_SHIFT, contiguous_bitmap));
   24.11  }
   24.12  
   24.13  #define dma_alloc_noncoherent(d, s, h, f) dma_alloc_coherent(d, s, h, f)
    25.1 --- a/linux-2.6-xen-sparse/include/asm-xen/xenbus.h	Fri Aug 19 10:18:53 2005 +0000
    25.2 +++ b/linux-2.6-xen-sparse/include/asm-xen/xenbus.h	Fri Aug 19 10:50:15 2005 +0000
    25.3 @@ -37,7 +37,6 @@
    25.4  /* A xenbus device. */
    25.5  struct xenbus_device {
    25.6  	char *devicetype;
    25.7 -	char *subtype;
    25.8  	char *nodename;
    25.9  	struct device dev;
   25.10  	int has_error;
   25.11 @@ -53,7 +52,6 @@ struct xenbus_device_id
   25.12  {
   25.13  	/* .../device/<device_type>/<identifier> */
   25.14  	char devicetype[32]; 	/* General class of device. */
   25.15 -	char subtype[32];	/* Contents of "subtype" for this device */
   25.16  };
   25.17  
   25.18  /* A xenbus driver. */
   25.19 @@ -61,9 +59,11 @@ struct xenbus_driver {
   25.20  	char *name;
   25.21  	struct module *owner;
   25.22  	const struct xenbus_device_id *ids;
   25.23 -	int  (*probe)    (struct xenbus_device * dev,
   25.24 -			  const struct xenbus_device_id * id);
   25.25 -	int  (*remove)   (struct xenbus_device * dev);
   25.26 +	int (*probe)(struct xenbus_device *dev,
   25.27 +		     const struct xenbus_device_id *id);
   25.28 +	int (*remove)(struct xenbus_device *dev);
   25.29 +	int (*suspend)(struct xenbus_device *dev);
   25.30 +	int (*resume)(struct xenbus_device *dev);
   25.31  	struct device_driver driver;
   25.32  };
   25.33  
   25.34 @@ -72,7 +72,8 @@ static inline struct xenbus_driver *to_x
   25.35  	return container_of(drv, struct xenbus_driver, driver);
   25.36  }
   25.37  
   25.38 -int xenbus_register_driver(struct xenbus_driver *drv);
   25.39 +int xenbus_register_device(struct xenbus_driver *drv);
   25.40 +int xenbus_register_backend(struct xenbus_driver *drv);
   25.41  void xenbus_unregister_driver(struct xenbus_driver *drv);
   25.42  
   25.43  /* Caller must hold this lock to call these functions: it's also held
    26.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    26.2 +++ b/patches/linux-2.6.12/workaround_double_br_del_if.patch	Fri Aug 19 10:50:15 2005 +0000
    26.3 @@ -0,0 +1,11 @@
    26.4 +--- linux-2.6.12/net/bridge/br_if.c	2005-06-17 14:48:29.000000000 -0500
    26.5 ++++ linux-2.6.12-xen0-smp/net/bridge/br_if.c	2005-08-18 15:17:27.302615846 -0500
    26.6 +@@ -382,7 +382,7 @@
    26.7 + {
    26.8 + 	struct net_bridge_port *p = dev->br_port;
    26.9 + 	
   26.10 +-	if (!p || p->br != br) 
   26.11 ++	if (!p || p->br != br || p->state == BR_STATE_DISABLED)
   26.12 + 		return -EINVAL;
   26.13 + 
   26.14 + 	br_sysfs_removeif(p);
    27.1 --- a/tools/examples/network-bridge	Fri Aug 19 10:18:53 2005 +0000
    27.2 +++ b/tools/examples/network-bridge	Fri Aug 19 10:50:15 2005 +0000
    27.3 @@ -51,7 +51,7 @@ for arg ; do export "${arg}" ; done
    27.4  
    27.5  bridge=${bridge:-xen-br0}
    27.6  netdev=${netdev:-eth0}
    27.7 -antispoof=${antispoof:-yes}
    27.8 +antispoof=${antispoof:-no}
    27.9  
   27.10  echo "*network $OP bridge=$bridge netdev=$netdev antispoof=$antispoof" >&2
   27.11  
    28.1 --- a/tools/misc/policyprocessor/Makefile	Fri Aug 19 10:18:53 2005 +0000
    28.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    28.3 @@ -1,42 +0,0 @@
    28.4 -XEN_ROOT = ../../..
    28.5 -include $(XEN_ROOT)/tools/Rules.mk
    28.6 -
    28.7 -CFLAGS   += -static
    28.8 -CFLAGS   += -Wall
    28.9 -CFLAGS   += -Werror
   28.10 -CFLAGS   += -O3
   28.11 -CFLAGS   += -fno-strict-aliasing
   28.12 -CFLAGS   += -I.
   28.13 -
   28.14 -all: build
   28.15 -
   28.16 -build: mk-symlinks
   28.17 -	$(MAKE) xml_to_bin
   28.18 -
   28.19 -default: all
   28.20 -
   28.21 -install: all
   28.22 -
   28.23 -xml_to_bin : make_include XmlToBin.java XmlToBinInterface.java SsidsEntry.java SecurityLabel.java myHandler.java
   28.24 -	javac XmlToBin.java
   28.25 -
   28.26 -make_include : c2j_include
   28.27 -	./c2j_include
   28.28 -
   28.29 -c2j_include: c2j_include.c
   28.30 -	$(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $<
   28.31 -
   28.32 -clean:
   28.33 -	rm -rf *.class xen c2j_include policy_version.java *.bin
   28.34 -
   28.35 -
   28.36 -LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse
   28.37 -mk-symlinks:
   28.38 -	[ -e xen/linux ] || mkdir -p xen/linux
   28.39 -	[ -e xen/io ]    || mkdir -p xen/io
   28.40 -	( cd xen >/dev/null ; \
   28.41 -	  ln -sf ../$(XEN_ROOT)/xen/include/public/*.h . )
   28.42 -	( cd xen/io >/dev/null ; \
   28.43 -	  ln -sf ../../$(XEN_ROOT)/xen/include/public/io/*.h . )
   28.44 -	( cd xen/linux >/dev/null ; \
   28.45 -	  ln -sf ../../$(LINUX_ROOT)/include/asm-xen/linux-public/*.h . )
    29.1 --- a/tools/misc/policyprocessor/SecurityLabel.java	Fri Aug 19 10:18:53 2005 +0000
    29.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    29.3 @@ -1,34 +0,0 @@
    29.4 -/**
    29.5 - * (C) Copyright IBM Corp. 2005
    29.6 - *
    29.7 - * $Id: SecurityLabel.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $
    29.8 - *
    29.9 - * Author: Ray Valdez
   29.10 - *
   29.11 - * This program is free software; you can redistribute it and/or
   29.12 - * modify it under the terms of the GNU General Public License as
   29.13 - * published by the Free Software Foundation, version 2 of the
   29.14 - * License.
   29.15 - *
   29.16 - * SecurityLabel Class.  
   29.17 - *
   29.18 - * <p>
   29.19 - *
   29.20 - * Keeps track of types.
   29.21 - *
   29.22 - * <p>
   29.23 - *
   29.24 - *
   29.25 - */
   29.26 -import java.util.*;
   29.27 -public class SecurityLabel
   29.28 -{
   29.29 - Vector ids;
   29.30 - Vector vlans;
   29.31 - Vector slots;
   29.32 - Vector steTypes;
   29.33 - int steSsidPosition;
   29.34 - Vector chwIDs;
   29.35 - Vector chwTypes;
   29.36 - int chwSsidPosition;
   29.37 -}
    30.1 --- a/tools/misc/policyprocessor/SecurityPolicySpec.xsd	Fri Aug 19 10:18:53 2005 +0000
    30.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    30.3 @@ -1,115 +0,0 @@
    30.4 -<?xml version="1.0" encoding="UTF-8"?>
    30.5 -<!-- Author: Ray Valdez, rvaldez@us.ibm.com -->
    30.6 -<!-- xml schema definition for xen xml policies -->
    30.7 -<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    30.8 -targetNamespace="http://www.ibm.com"
    30.9 -xmlns="http://www.ibm.com" 
   30.10 -elementFormDefault="qualified">
   30.11 -
   30.12 -<xsd:element name="TE" type="xsd:string" />
   30.13 -<xsd:element name="ChWall" type="xsd:string" />
   30.14 -
   30.15 -<xsd:element name="Definition">
   30.16 -  <xsd:complexType>
   30.17 - 	<xsd:sequence>
   30.18 -
   30.19 -	  <!-- simple type enforcement -->
   30.20 -	  <xsd:element name="Types" minOccurs ="0" maxOccurs="1">
   30.21 -		<xsd:complexType>
   30.22 -		  <xsd:sequence>
   30.23 -			<xsd:element ref="TE" minOccurs ="1" maxOccurs ="unbounded"/>
   30.24 -		  </xsd:sequence>
   30.25 -		</xsd:complexType>
   30.26 -	  </xsd:element>
   30.27 -
   30.28 -	  <!-- chinese wall -->
   30.29 -	  <!--   type definition -->
   30.30 -	  <xsd:element name="ChWallTypes" minOccurs ="0" maxOccurs="1">
   30.31 -		<xsd:complexType>
   30.32 -		  <xsd:sequence>
   30.33 -			<xsd:element ref="ChWall"  minOccurs ="1" maxOccurs ="unbounded"/>
   30.34 -
   30.35 -      	   	</xsd:sequence>
   30.36 -          </xsd:complexType>
   30.37 -	</xsd:element>
   30.38 -
   30.39 -  	<!--   conflict set -->
   30.40 -	  <xsd:element name="ConflictSet" minOccurs ="0" maxOccurs="unbounded">
   30.41 -		<xsd:complexType>
   30.42 -		  <xsd:sequence>
   30.43 -			<xsd:element ref="ChWall"  minOccurs ="2" maxOccurs ="unbounded"/>
   30.44 -		  </xsd:sequence>
   30.45 -		</xsd:complexType>
   30.46 -	</xsd:element>
   30.47 -
   30.48 -	</xsd:sequence>
   30.49 -  </xsd:complexType>
   30.50 -</xsd:element>
   30.51 -
   30.52 -<xsd:element name="Policy">
   30.53 -    <xsd:complexType>
   30.54 -      <xsd:sequence>
   30.55 -
   30.56 -	<xsd:element name="PolicyHeader">
   30.57 -    	<xsd:complexType>
   30.58 -      	   <xsd:all>
   30.59 -		<xsd:element name = "Name" type="xsd:string"/>
   30.60 -		<xsd:element name = "DateTime" type="xsd:dateTime"/>
   30.61 -		<xsd:element name = "Tag" minOccurs ="1" maxOccurs ="1" type="xsd:string"/>
   30.62 -		<xsd:element name = "TypeDefinition">
   30.63 -    		<xsd:complexType>
   30.64 -      	   	  <xsd:all>
   30.65 -			<xsd:element name = "url" type="xsd:string"/>
   30.66 -			<xsd:element name = "hash" minOccurs ="0" maxOccurs ="1" type="xsd:string"/>
   30.67 -      	   	  </xsd:all>
   30.68 -    		</xsd:complexType>
   30.69 -		</xsd:element>
   30.70 -
   30.71 -      	   </xsd:all>
   30.72 -    	</xsd:complexType>
   30.73 -	</xsd:element>
   30.74 -
   30.75 -	<xsd:element name="VM" minOccurs ="1" maxOccurs="unbounded">
   30.76 -    	  <xsd:complexType>
   30.77 -      	   <xsd:sequence>
   30.78 -		<xsd:element name="id" type="xsd:integer"/>
   30.79 -		<xsd:element ref="TE" minOccurs="0" maxOccurs="unbounded" />
   30.80 -		<xsd:element ref="ChWall" minOccurs ="0" maxOccurs="unbounded"/>
   30.81 -      	   </xsd:sequence>
   30.82 -    	  </xsd:complexType>
   30.83 -	</xsd:element>
   30.84 -
   30.85 -	<xsd:element name="Vlan" minOccurs ="0" maxOccurs="unbounded">
   30.86 -    	  <xsd:complexType>
   30.87 -      	   <xsd:sequence>
   30.88 -		<xsd:element name="vid" type="xsd:integer"/>
   30.89 -		<xsd:element ref="TE" minOccurs="1" maxOccurs="unbounded" />
   30.90 -      	   </xsd:sequence>
   30.91 -    	  </xsd:complexType>
   30.92 -	</xsd:element>
   30.93 -
   30.94 -	<xsd:element name="Slot" minOccurs ="0" maxOccurs="unbounded">
   30.95 -    	  <xsd:complexType>
   30.96 -      	   <xsd:sequence>
   30.97 -		<xsd:element name="bus" type="xsd:integer"/>
   30.98 -		<xsd:element name="slot" type="xsd:integer"/>
   30.99 -		<xsd:element ref="TE" minOccurs="1" maxOccurs="unbounded" />
  30.100 -      	   </xsd:sequence>
  30.101 -    	  </xsd:complexType>
  30.102 -	</xsd:element>
  30.103 -
  30.104 -
  30.105 -      </xsd:sequence>
  30.106 -    </xsd:complexType>
  30.107 -</xsd:element>
  30.108 -
  30.109 -<!-- root element -->
  30.110 -<xsd:element name="SecurityPolicySpec">
  30.111 -    <xsd:complexType>
  30.112 -      <xsd:choice>
  30.113 -		<xsd:element ref="Definition" minOccurs ="1" maxOccurs="unbounded"/>
  30.114 -		<xsd:element ref="Policy" minOccurs ="1" maxOccurs="unbounded"/>
  30.115 -      </xsd:choice>
  30.116 -    </xsd:complexType>
  30.117 -</xsd:element>
  30.118 -</xsd:schema>
    31.1 --- a/tools/misc/policyprocessor/SsidsEntry.java	Fri Aug 19 10:18:53 2005 +0000
    31.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    31.3 @@ -1,29 +0,0 @@
    31.4 -/**
    31.5 - * (C) Copyright IBM Corp. 2005
    31.6 - *
    31.7 - * $Id: SsidsEntry.java,v 1.2 2005/06/17 20:02:40 rvaldez Exp $
    31.8 - *
    31.9 - * Author: Ray Valdez
   31.10 - * 
   31.11 - * This program is free software; you can redistribute it and/or
   31.12 - * modify it under the terms of the GNU General Public License as
   31.13 - * published by the Free Software Foundation, version 2 of the
   31.14 - * License.
   31.15 - *
   31.16 - * SsidsEntry Class.  
   31.17 - * <p>
   31.18 - *
   31.19 - * Holds ssid information.
   31.20 - *
   31.21 - * <p>
   31.22 - *
   31.23 - *
   31.24 - */
   31.25 -public class SsidsEntry 
   31.26 - {
   31.27 -  int id;	/* used for partition and vlan */
   31.28 -  int bus;	/* used for slots */
   31.29 -  int slot;
   31.30 -  int ste = 0xffffffff;
   31.31 -  int chw = 0xffffffff;
   31.32 - }
    32.1 --- a/tools/misc/policyprocessor/XmlToBin.java	Fri Aug 19 10:18:53 2005 +0000
    32.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    32.3 @@ -1,1570 +0,0 @@
    32.4 -/**
    32.5 - * (C) Copyright IBM Corp. 2005
    32.6 - *
    32.7 - * $Id: XmlToBin.java,v 1.3 2005/06/20 21:07:37 rvaldez Exp $
    32.8 - *
    32.9 - * Author: Ray Valdez
   32.10 - *
   32.11 - * Contributors:
   32.12 - *         Reiner Sailer - adjust type-lengths
   32.13 - *
   32.14 - * This program is free software; you can redistribute it and/or
   32.15 - * modify it under the terms of the GNU General Public License as
   32.16 - * published by the Free Software Foundation, version 2 of the
   32.17 - * License.
   32.18 - *
   32.19 - * XmlToBin  Class.  
   32.20 - * <p>
   32.21 - *
   32.22 - * Translates a xml representation of a SHYPE policy into a binary  
   32.23 - * format.  The class processes an xml policy file based on elment tags 
   32.24 - * defined in a schema definition files: SecurityPolicySpec.xsd.
   32.25 - *
   32.26 - * XmlToBin Command line Options: 
   32.27 - *
   32.28 - *      -i              inputFile:      name of policyfile (.xml)
   32.29 - *      -o              outputFile:     name of binary policy file (Big Endian)
   32.30 - *      -xssid          SsidFile:       xen ssids to types text file
   32.31 - *      -xssidconf      SsidConf:   	xen conflict ssids to types text file
   32.32 - *      -debug                          turn on debug messages
   32.33 - *      -help                           help. This printout
   32.34 - *
   32.35 - * <p>
   32.36 - *
   32.37 - *
   32.38 - */
   32.39 -import java.util.*;
   32.40 -import java.io.*;
   32.41 -import java.io.IOException;
   32.42 -import java.io.FileNotFoundException;
   32.43 -import org.w3c.dom.Document;
   32.44 -import org.w3c.dom.Element;
   32.45 -import org.w3c.dom.Node;
   32.46 -import org.w3c.dom.Attr;
   32.47 -import org.w3c.dom.NodeList;
   32.48 -import org.w3c.dom.NamedNodeMap;
   32.49 -import org.xml.sax.*;
   32.50 -import javax.xml.parsers.*;
   32.51 -import org.xml.sax.helpers.*;
   32.52 -
   32.53 -public class XmlToBin 
   32.54 - implements XmlToBinInterface
   32.55 -{
   32.56 -  class SlotInfo {
   32.57 -	String bus;
   32.58 -	String slot;
   32.59 -  }
   32.60 -
   32.61 - boolean LittleEndian = false;
   32.62 - boolean debug = false;
   32.63 -
   32.64 - static final String JAXP_SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage";
   32.65 -
   32.66 - static final String W3C_XML_SCHEMA = "http://www.w3.org/2001/XMLSchema";
   32.67 -
   32.68 - public static void printUsage()
   32.69 - {
   32.70 -  System.out.println("XmlToBin Command line Options: ");
   32.71 -  System.out.println("\t-i\t\tinputFile:\tname of policyfile (.xml)");
   32.72 -  System.out.println("\t-o\t\toutputFile:\tname of binary policy file (Big Endian)");
   32.73 -  System.out.println("\t-xssid\t\tSsidFile:\tXen ssids to named types text file");
   32.74 -  System.out.println("\t-xssidconf\tSsidConfFile:\tXen conflict ssids to named types text file");
   32.75 -  System.out.println("\t-debug\t\t\t\tturn on debug messages");
   32.76 -  System.out.println("\t-help\t\t\t\thelp. This printout");
   32.77 -  return;
   32.78 - }
   32.79 -
   32.80 - public void printDebug(String message) 
   32.81 - {
   32.82 -  if (debug)
   32.83 -    System.out.println(message);
   32.84 - }
   32.85 -
   32.86 - public void writeBinPolicy(byte[] binPolicy, String outputFileName)
   32.87 -  throws Exception
   32.88 - {
   32.89 -    if (debug) 
   32.90 -    	printHex(binPolicy,binPolicy.length);
   32.91 -
   32.92 -    DataOutputStream writeObj = new DataOutputStream(
   32.93 -                                new FileOutputStream(outputFileName));
   32.94 -
   32.95 -    writeObj.write(binPolicy);
   32.96 -    writeObj.flush();
   32.97 -    writeObj.close();
   32.98 -    System.out.println(" wBP:: wrote outputfile: " + outputFileName);
   32.99 -
  32.100 -    return; 
  32.101 - }  
  32.102 -
  32.103 - public void writeXenTypeVectorFile(Vector list, String outputFileName)
  32.104 -  throws Exception
  32.105 - {
  32.106 -  PrintWriter out;
  32.107 -
  32.108 -  if (0 == list.size())
  32.109 -  {
  32.110 -   	printDebug(" wSTF : size of input is zero when writing :" + outputFileName); 
  32.111 -	return;
  32.112 -  }
  32.113 - out = new PrintWriter(
  32.114 -	 	new BufferedWriter(
  32.115 -                      new FileWriter(outputFileName)));
  32.116 -
  32.117 -
  32.118 -  for (int i = 0; i < list.size(); i++)
  32.119 -  {
  32.120 -	Vector	ee = (Vector) list.elementAt(i);
  32.121 -   	out.println(i + " " +ee.toString());
  32.122 -  } 
  32.123 -    out.close();
  32.124 -   
  32.125 -    return; 
  32.126 - }
  32.127 -
  32.128 - public void writeXenTypeFile(Vector list, String outputFileName, boolean slabel)
  32.129 -  throws Exception
  32.130 - {
  32.131 -  Vector entry; 
  32.132 -  String strTypes = "";
  32.133 -  SecurityLabel ee;
  32.134 -  PrintWriter out;
  32.135 -
  32.136 -  if (0 == list.size())
  32.137 -  {
  32.138 -   	printDebug(" wSTF : size of input is zero when writing :" + outputFileName); 
  32.139 -	return;
  32.140 -  }
  32.141 -  out = new PrintWriter(
  32.142 -	 	new BufferedWriter(
  32.143 -                      new FileWriter(outputFileName)));
  32.144 -
  32.145 -  for (int i = 0; i < list.size(); i++)
  32.146 -  {
  32.147 -	ee = (SecurityLabel) list.elementAt(i);
  32.148 -
  32.149 -	if (slabel)
  32.150 -	{
  32.151 -		entry = ee.steTypes; 
  32.152 -	} else {
  32.153 -
  32.154 -		entry = ee.chwTypes; 
  32.155 -	}
  32.156 -	if (null == entry) continue;
  32.157 -
  32.158 -	Enumeration e = entry.elements(); 
  32.159 -	while (e.hasMoreElements())
  32.160 -	{
  32.161 -  	  String typeName = (String) e.nextElement(); 
  32.162 -	  strTypes = strTypes + " " + typeName;
  32.163 -        }
  32.164 -    	  printDebug(" WXTF:: ssid : "+i +" :"+strTypes); 
  32.165 -   	  out.println(i +" "+strTypes);
  32.166 -	  strTypes = "";
  32.167 -  } 
  32.168 -  out.close();
  32.169 -   
  32.170 -  return; 
  32.171 - }
  32.172 -
  32.173 - public void setDebug(boolean value)
  32.174 - {
  32.175 -  debug=value;
  32.176 - }
  32.177 -
  32.178 - public void setEndian(boolean value)
  32.179 - {
  32.180 -  LittleEndian = value;
  32.181 - }
  32.182 -
  32.183 - public byte[] generateVlanSsids(Vector bagOfSsids)
  32.184 -  throws Exception
  32.185 - {
  32.186 -  /**
  32.187 -        typedef struct {
  32.188 -        u16 vlan;
  32.189 -        u16 ssid_ste;
  32.190 -        } acm_vlan_entry_t;
  32.191 -  **/
  32.192 -
  32.193 -  Hashtable  vlanSsid = new Hashtable();
  32.194 -  printDebug(" gVS::Size of bagOfSsids: "+ bagOfSsids.size());
  32.195 -
  32.196 -  /* Get the number of partitions */
  32.197 -  for (int i = 0; i < bagOfSsids.size(); i++)
  32.198 -  {
  32.199 -	SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
  32.200 -
  32.201 -	if (null == entry.vlans)
  32.202 -	  continue;
  32.203 -
  32.204 -	Enumeration e = entry.vlans.elements(); 
  32.205 -	while (e.hasMoreElements())
  32.206 -	{
  32.207 -  	  String id = (String) e.nextElement(); 
  32.208 -      	  printDebug(" gVS:: vlan: " + id + "has ste ssid: " + entry.steSsidPosition);
  32.209 -	  if (-1 == entry.steSsidPosition)
  32.210 -		continue;  
  32.211 -
  32.212 -	  /* Only use ste for vlan */
  32.213 -	  SsidsEntry  ssidsObj = new SsidsEntry();
  32.214 -
  32.215 -	  ssidsObj.id = Integer.parseInt(id); 
  32.216 -	  ssidsObj.ste = entry.steSsidPosition;
  32.217 -
  32.218 -	  if (vlanSsid.contains(id))
  32.219 -      	  	printDebug(" gVS:: Error already in the Hash part:" + ssidsObj.id);
  32.220 -	  else 
  32.221 - 		vlanSsid.put(id, ssidsObj);
  32.222 -      	  	printDebug(" gVS:: added part: " + id + "has ste ssid: " + entry.steSsidPosition);
  32.223 -	}
  32.224 -  }
  32.225 -
  32.226 -  /* allocate array */ 
  32.227 -  int numOfVlan = vlanSsid.size();
  32.228 -  int totalSize = (numOfVlan * vlanEntrySz);  
  32.229 -
  32.230 -  if (0 == numOfVlan) 
  32.231 -  {
  32.232 -  	printDebug(" gVS:: vlan: binary ==> zero");
  32.233 -        return new byte[0];
  32.234 -  }
  32.235 -
  32.236 -  byte[] vlanArray = new byte[totalSize];
  32.237 -
  32.238 -  int index = 0;
  32.239 -
  32.240 -  Enumeration e = vlanSsid.elements(); 
  32.241 -  while (e.hasMoreElements())
  32.242 -  {
  32.243 -  	SsidsEntry entry = (SsidsEntry) e.nextElement(); 
  32.244 -      	printDebug(" gVS:: part: " + entry.id + " ste ssid: " + entry.ste);
  32.245 -
  32.246 -	/* Write id */
  32.247 -   	writeShortToStream(vlanArray,(short)entry.id,index);
  32.248 -	index = index + u16Size;
  32.249 -
  32.250 -	/* write ste ssid */
  32.251 -   	writeShortToStream(vlanArray,(short) entry.ste,index);
  32.252 -	index = index + u16Size;
  32.253 -  }
  32.254 -
  32.255 -  printDebug(" gVS:: vlan: num of vlans  " + numOfVlan);
  32.256 -  printDebug(" gVS:: vlan: binary ==> Length "+ vlanArray.length);
  32.257 -
  32.258 -  if (debug) 
  32.259 -	printHex(vlanArray,vlanArray.length);
  32.260 -  printDebug("\n");
  32.261 -
  32.262 -  return vlanArray; 
  32.263 - }  
  32.264 -
  32.265 - public byte[] generateSlotSsids(Vector bagOfSsids)
  32.266 -  throws Exception
  32.267 - {
  32.268 -  /**
  32.269 -        typedef struct {
  32.270 -        u16 slot_max;
  32.271 -        u16 slot_offset;
  32.272 -        } acm_slot_buffer_t;
  32.273 -
  32.274 -        typedef struct {
  32.275 -        u16 bus;
  32.276 -        u16 slot;
  32.277 -        u16 ssid_ste;
  32.278 -        } acm_slot_entry_t;
  32.279 -  **/
  32.280 -  Hashtable  slotSsid = new Hashtable();
  32.281 -  printDebug(" gSS::Size of bagOfSsids: "+ bagOfSsids.size());
  32.282 -
  32.283 -  /* Find the number of VMs */ 
  32.284 -  for (int i = 0; i < bagOfSsids.size(); i++)
  32.285 -  {
  32.286 -	SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
  32.287 -
  32.288 -	if (null == entry.slots)
  32.289 -	  continue;
  32.290 -
  32.291 -	Enumeration e = entry.slots.elements(); 
  32.292 -	while (e.hasMoreElements())
  32.293 -	{
  32.294 -  	  SlotInfo item = (SlotInfo) e.nextElement(); 
  32.295 -      	  printDebug(" gSS:: bus slot: " + item.bus + " "+ item.slot + " " +  entry.steSsidPosition);
  32.296 -	  if (-1 == entry.steSsidPosition)
  32.297 -		continue;  
  32.298 -
  32.299 -	  SsidsEntry  ssidsObj = new SsidsEntry();
  32.300 -
  32.301 -	  String id = item.bus +" "+item.slot;
  32.302 -	  ssidsObj.bus = Integer.parseInt(item.bus); 
  32.303 -	  ssidsObj.slot = Integer.parseInt(item.slot); 
  32.304 -	  /* set ste ssid */
  32.305 -	  ssidsObj.ste = entry.steSsidPosition;
  32.306 -
  32.307 -	  if (slotSsid.contains(id))
  32.308 -      	  	printDebug(" gSS:: Error already in the Hash part:" + id);
  32.309 -	  else 
  32.310 -	  	slotSsid.put(id, ssidsObj);
  32.311 -
  32.312 -      	  	printDebug(" gSS:: added slot: " + id + "has ste ssid: " + entry.steSsidPosition);
  32.313 -	}
  32.314 -  }
  32.315 -
  32.316 -  /* allocate array */
  32.317 -  int numOfSlot = slotSsid.size();
  32.318 -
  32.319 -  if (0 == numOfSlot) 
  32.320 -  {
  32.321 -  	printDebug(" gVS:: slot: binary ==> zero");
  32.322 -        return new byte[0];
  32.323 -  }
  32.324 -
  32.325 -  int totalSize = (numOfSlot * slotEntrySz);  
  32.326 -
  32.327 -  byte[] slotArray = new byte[totalSize];
  32.328 -
  32.329 -  int index = 0;
  32.330 -
  32.331 -  Enumeration e = slotSsid.elements(); 
  32.332 -  while (e.hasMoreElements())
  32.333 -  {
  32.334 -  	SsidsEntry entry = (SsidsEntry) e.nextElement(); 
  32.335 -      	System.out.println(" gSS:: bus slot: " + entry.bus + " " + entry.slot + " ste ssid: " + entry.ste);
  32.336 -
  32.337 -	/* Write bus */
  32.338 -   	writeShortToStream(slotArray,(short)entry.bus,index);
  32.339 -	index = index + u16Size;
  32.340 -
  32.341 -	/* Write slot */ 
  32.342 -   	writeShortToStream(slotArray,(short)entry.slot,index);
  32.343 -	index = index + u16Size;
  32.344 -
  32.345 -	/* Write ste ssid */
  32.346 -   	writeShortToStream(slotArray,(short) entry.ste,index);
  32.347 -	index = index + u16Size;
  32.348 -
  32.349 -  }
  32.350 -   
  32.351 -  printDebug(" gSS:: slot: num of vlans  " + numOfSlot);
  32.352 -  printDebug(" gSS:: slot: binary ==> Length "+ slotArray.length);
  32.353 -
  32.354 -  if (debug) 
  32.355 - 	 printHex(slotArray,slotArray.length);
  32.356 -  printDebug("\n");
  32.357 -
  32.358 -  return slotArray; 
  32.359 -
  32.360 - }  
  32.361 -
  32.362 - public byte[] generatePartSsids(Vector bagOfSsids, Vector bagOfChwSsids)
  32.363 -  throws Exception
  32.364 - {
  32.365 -  /**
  32.366 -        typedef struct {
  32.367 -        u16 id;
  32.368 -        u16 ssid_ste;
  32.369 -        u16 ssid_chwall;
  32.370 -        } acm_partition_entry_t;
  32.371 -
  32.372 -  **/
  32.373 -  Hashtable  partSsid = new Hashtable();
  32.374 -  printDebug(" gPS::Size of bagOfSsids: "+ bagOfSsids.size());
  32.375 -
  32.376 -  /* Find the number of VMs */ 
  32.377 -  for (int i = 0; i < bagOfSsids.size(); i++)
  32.378 -  {
  32.379 -	SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
  32.380 -
  32.381 -	if (null == entry.ids)
  32.382 -	  continue;
  32.383 -
  32.384 -	Enumeration e = entry.ids.elements(); 
  32.385 -	while (e.hasMoreElements())
  32.386 -	{
  32.387 -  	  String id = (String) e.nextElement(); 
  32.388 -      	  printDebug(" gPS:: part: " + id + "has ste ssid: " + entry.steSsidPosition);
  32.389 -	  if (-1 == entry.steSsidPosition)
  32.390 -		continue;  
  32.391 -
  32.392 -	  SsidsEntry  ssidsObj = new SsidsEntry();
  32.393 -
  32.394 -	  ssidsObj.id = Integer.parseInt(id); 
  32.395 -	  ssidsObj.ste = entry.steSsidPosition;
  32.396 -
  32.397 -	  if (partSsid.contains(id))
  32.398 -      	  	printDebug(" gPS:: Error already in the Hash part:" + ssidsObj.id);
  32.399 -	  else 
  32.400 - 		partSsid.put(id, ssidsObj);
  32.401 -      	  	printDebug(" gPS:: added part: " + id + "has ste ssid: " + entry.steSsidPosition);
  32.402 -	}
  32.403 -
  32.404 -  }
  32.405 -
  32.406 -  for (int i = 0; i < bagOfChwSsids.size(); i++)
  32.407 -  {
  32.408 -	SecurityLabel entry = (SecurityLabel) bagOfChwSsids.elementAt(i);
  32.409 -
  32.410 -	Enumeration e = entry.chwIDs.elements(); 
  32.411 -	while (e.hasMoreElements())
  32.412 -	{
  32.413 -  	  String id = (String) e.nextElement(); 
  32.414 -      	  printDebug(" gPS:: part: " + id + "has chw ssid: " + entry.chwSsidPosition);
  32.415 -	  if (partSsid.containsKey(id))
  32.416 -	  {
  32.417 -		SsidsEntry item = (SsidsEntry) partSsid.get(id);
  32.418 -		item.chw = entry.chwSsidPosition;
  32.419 -      	  	printDebug(" gPS:: added :" + item.id +" chw: " + item.chw);
  32.420 -	  }
  32.421 -	  else 
  32.422 -	  {
  32.423 -      	  	printDebug(" gPS:: creating :" + id +" chw: " + entry.chwSsidPosition);
  32.424 -	  	SsidsEntry  ssidsObj = new SsidsEntry();
  32.425 -	  	ssidsObj.id = Integer.parseInt(id); 
  32.426 -	  	ssidsObj.chw = entry.chwSsidPosition;
  32.427 - 		partSsid.put(id, ssidsObj);
  32.428 -
  32.429 -	  }
  32.430 -	}
  32.431 -  }	  
  32.432 -
  32.433 -  /* Allocate array */
  32.434 -  int numOfPar = partSsid.size();
  32.435 -  int totalSize =  (numOfPar * partitionEntrySz);  
  32.436 -
  32.437 -  if (0 == numOfPar) 
  32.438 -  {
  32.439 -  	printDebug(" gPS:: part: binary ==> zero");
  32.440 -        return new byte[0];
  32.441 -  }
  32.442 -
  32.443 -  byte[] partArray = new byte[totalSize];
  32.444 -
  32.445 -  int index = 0;
  32.446 -
  32.447 -  Enumeration e = partSsid.elements(); 
  32.448 -  while (e.hasMoreElements())
  32.449 -  {
  32.450 -  	SsidsEntry entry = (SsidsEntry) e.nextElement(); 
  32.451 -      	printDebug(" gPS:: part: " + entry.id + " ste ssid: " + entry.ste + " chw ssid: "+ entry.chw);
  32.452 -
  32.453 -	/* Write id */
  32.454 -   	writeShortToStream(partArray,(short)entry.id,index);
  32.455 -	index = index + u16Size;
  32.456 -
  32.457 -	/* Write ste ssid */
  32.458 -   	writeShortToStream(partArray,(short) entry.ste,index);
  32.459 -	index = index + u16Size;
  32.460 -
  32.461 -	/* Write chw ssid */
  32.462 -   	writeShortToStream(partArray,(short) entry.chw,index);
  32.463 -	index = index + u16Size;
  32.464 -  }
  32.465 -
  32.466 -  printDebug(" gPS:: part: num of partitions  " + numOfPar);
  32.467 -  printDebug(" gPS:: part: binary ==> Length " + partArray.length);
  32.468 -
  32.469 -  if (debug) 
  32.470 -	printHex(partArray,partArray.length);
  32.471 -  printDebug("\n");
  32.472 -   
  32.473 -   return partArray; 
  32.474 - }
  32.475 -
  32.476 - public  byte[] GenBinaryPolicyBuffer(byte[] chwPolicy, byte[] stePolicy, byte [] partMap, byte[] vlanMap, byte[] slotMap)
  32.477 - {
  32.478 -  byte[] binBuffer;
  32.479 -  short chwSize =0;
  32.480 -  short steSize =0;
  32.481 -  int	index = 0;
  32.482 -
  32.483 -  /* Builds data structure acm_policy_buffer_t */
  32.484 -  /* Get number of colorTypes */
  32.485 -  if (null != chwPolicy)
  32.486 -	chwSize = (short) chwPolicy.length;
  32.487 -
  32.488 -  if (null != stePolicy)
  32.489 -    	steSize = (short) stePolicy.length;
  32.490 -
  32.491 -  int totalDataSize = chwSize + steSize + resourceOffsetSz +  3 *(2 * u16Size);
  32.492 -
  32.493 -  /*  Add vlan and slot */ 
  32.494 -  totalDataSize = totalDataSize +partMap.length + vlanMap.length + slotMap.length; 
  32.495 -  binBuffer = new byte[binaryBufferHeaderSz +totalDataSize];
  32.496 -	
  32.497 -
  32.498 -  try {
  32.499 -	  index = 0;
  32.500 -	  /* fill in General Policy Version */
  32.501 -	  writeIntToStream(binBuffer, ACM_POLICY_VERSION, index);
  32.502 -	  index += u32Size;
  32.503 -
  32.504 -	  /* Write magic */
  32.505 -	  writeIntToStream(binBuffer, ACM_MAGIC, index);
  32.506 -	  index += u32Size;
  32.507 -
  32.508 -	  /* write len */
  32.509 -	  writeIntToStream(binBuffer, binBuffer.length, index);
  32.510 -	  index += u32Size;
  32.511 -
  32.512 -  } catch (IOException ee) {
  32.513 -	  System.out.println(" GBPB:: got exception : " + ee);
  32.514 -	  return null;
  32.515 -  }
  32.516 -
  32.517 -  int offset, address;
  32.518 -  address = index;
  32.519 -
  32.520 -  if (null != partMap) 
  32.521 -	  offset = binaryBufferHeaderSz + resourceOffsetSz;
  32.522 -  else
  32.523 -	  offset = binaryBufferHeaderSz;
  32.524 -
  32.525 -  try {
  32.526 -	  int skip = 0;
  32.527 -
  32.528 -	  /* init with NULL policy setting */
  32.529 -	  writeIntToStream(binBuffer, ACM_NULL_POLICY, index);
  32.530 -	  writeIntToStream(binBuffer, 0, index + u32Size);
  32.531 -	  writeIntToStream(binBuffer, ACM_NULL_POLICY, index + 2*u32Size);
  32.532 -	  writeIntToStream(binBuffer, 0, index + 3*u32Size);
  32.533 -	  
  32.534 -	  index = address;
  32.535 -	  if (null != chwPolicy) {
  32.536 -	  
  32.537 -		  /* Write policy name */
  32.538 -		  writeIntToStream(binBuffer, ACM_CHINESE_WALL_POLICY, index);
  32.539 -		  index += u32Size;
  32.540 -
  32.541 -		  /* Write offset */
  32.542 -		  writeIntToStream(binBuffer, offset, index);
  32.543 -		  index += u32Size;
  32.544 -
  32.545 -		  /* Write payload. No need increment index */
  32.546 -		  address = offset;
  32.547 -		  System.arraycopy(chwPolicy, 0, binBuffer,address, chwPolicy.length);
  32.548 -		  address = address + chwPolicy.length;
  32.549 -	  } else
  32.550 -		  skip += 2*u32Size;
  32.551 -
  32.552 -	  if (null != stePolicy) 
  32.553 -	  {	
  32.554 -	  	/* Write policy name */
  32.555 -	  	writeIntToStream(binBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, index);
  32.556 -  	  	index += u32Size;
  32.557 -
  32.558 -	  	/* Write offset */
  32.559 -	  	writeIntToStream(binBuffer, address, index);
  32.560 -  	  	index += u32Size;
  32.561 -
  32.562 -		/* Copy array */
  32.563 -	  	System.arraycopy(stePolicy, 0, binBuffer,address, stePolicy.length);
  32.564 -		/* Update address */
  32.565 -		address = address + stePolicy.length;
  32.566 -	  } else
  32.567 -		 skip += 2*u32Size;
  32.568 -
  32.569 -	  /* Skip writing policy name and offset for each null policy*/
  32.570 -	  index +=  skip;
  32.571 -
  32.572 -	  int size;
  32.573 -	  /* Assumes that you will always have a partition defined in policy */
  32.574 -	  if ( 0 < partMap.length) {
  32.575 -		  writeIntToStream(binBuffer, address, index);
  32.576 -		  index = address;
  32.577 -
  32.578 -		  /* Compute num of VMs */
  32.579 -		  size = partMap.length / (3 * u16Size);
  32.580 -
  32.581 -		  writeShortToStream(binBuffer, (short)size,index);
  32.582 -		  index = index + u16Size;
  32.583 -
  32.584 -		  /* part, vlan and slot: each one consists of two entries */
  32.585 -		  offset = 3 * (2 * u16Size);
  32.586 -		  writeShortToStream(binBuffer, (short) offset,index);
  32.587 -
  32.588 -		  /* Write partition array at offset */
  32.589 -		  System.arraycopy(partMap, 0, binBuffer,(offset + address), partMap.length);
  32.590 -		  index = index + u16Size;
  32.591 -		  offset = offset + partMap.length;
  32.592 -	  }
  32.593 -
  32.594 -	  if ( 0 < vlanMap.length) {
  32.595 -		  size = vlanMap.length / (2 * u16Size);
  32.596 -		  writeShortToStream(binBuffer, (short) size,index);
  32.597 -		  index = index + u16Size;
  32.598 -
  32.599 -		  writeShortToStream(binBuffer, (short) offset,index);
  32.600 -		  index = index + u16Size;
  32.601 -		  System.arraycopy(vlanMap, 0, binBuffer,(offset + address), vlanMap.length);
  32.602 -	  } else {
  32.603 -		  /* Write vlan max */
  32.604 -		  writeShortToStream(binBuffer, (short) 0,index);
  32.605 -		  index = index + u16Size;
  32.606 - 
  32.607 -		  /* Write vlan offset */
  32.608 -		  writeShortToStream(binBuffer, (short) 0,index);
  32.609 -		  index = index + u16Size;
  32.610 -	  }
  32.611 -
  32.612 -	  offset = offset + vlanMap.length;
  32.613 -	  if ( 0 < slotMap.length) {
  32.614 -		  size = slotMap.length / (3 * u16Size);
  32.615 -		  writeShortToStream(binBuffer, (short) size,index);
  32.616 -		  index = index + u16Size;
  32.617 -
  32.618 -		  writeShortToStream(binBuffer, (short) offset,index);
  32.619 -		  index = index + u16Size;
  32.620 -		  System.arraycopy(slotMap, 0, binBuffer,(offset + address), slotMap.length);
  32.621 -	  }
  32.622 -  } catch (IOException ee) {
  32.623 -	  System.out.println(" GBPB:: got exception : " + ee);
  32.624 -	  return null;
  32.625 -  }
  32.626 -
  32.627 -  printDebug(" GBP:: Binary Policy ==> length " + binBuffer.length);
  32.628 -  if (debug)
  32.629 -	  printHex(binBuffer,binBuffer.length);
  32.630 -
  32.631 -  return  binBuffer;
  32.632 - } 
  32.633 -
  32.634 - public  byte[] generateChwBuffer(Vector Ssids, Vector ConflictSsids, Vector ColorTypes)
  32.635 - {
  32.636 -  byte[] chwBuffer;
  32.637 -  int index = 0;
  32.638 -  int position = 0;
  32.639 -
  32.640 -  /* Get number of rTypes */
  32.641 -  int maxTypes = ColorTypes.size();
  32.642 -
  32.643 -  /* Get number of SSids entry */
  32.644 -  int maxSsids = Ssids.size();
  32.645 -
  32.646 -  /* Get number of conflict sets */
  32.647 -  int maxConflict = ConflictSsids.size();
  32.648 -
  32.649 -   
  32.650 -  if (maxTypes * maxSsids == 0)
  32.651 -	return null; 
  32.652 -  /*
  32.653 -     data structure acm_chwall_policy_buffer
  32.654 -     se XmlToBinInterface.java
  32.655 -  */
  32.656 -  int totalBytes = chwHeaderSize  + u16Size *(maxTypes * (maxSsids + maxConflict)); 
  32.657 -
  32.658 -  chwBuffer = new byte[ totalBytes ];
  32.659 -  int address = chwHeaderSize + (u16Size * maxTypes * maxSsids );
  32.660 -
  32.661 -  printDebug(" gCB:: chwall totalbytes : "+totalBytes); 
  32.662 -
  32.663 -  try {
  32.664 -	  index = 0;
  32.665 -	  /* fill in General Policy Version */
  32.666 -	  writeIntToStream(chwBuffer, ACM_CHWALL_VERSION, index);
  32.667 -	  index += u32Size;
  32.668 -
  32.669 -	  writeIntToStream(chwBuffer, ACM_CHINESE_WALL_POLICY, index);
  32.670 -	  index += u32Size;
  32.671 -
  32.672 -	  writeIntToStream(chwBuffer, maxTypes, index);
  32.673 -	  index += u32Size;
  32.674 -
  32.675 -	  writeIntToStream(chwBuffer, maxSsids, index);
  32.676 -	  index += u32Size;
  32.677 -
  32.678 -	  writeIntToStream(chwBuffer, maxConflict, index);
  32.679 -	  index += u32Size;
  32.680 -
  32.681 -	  /*  Write chwall_ssid_offset */
  32.682 -	  writeIntToStream(chwBuffer, chwHeaderSize, index);
  32.683 -	  index += u32Size;
  32.684 -
  32.685 -	  /* Write chwall_conflict_sets_offset */
  32.686 -	  writeIntToStream(chwBuffer, address, index);
  32.687 -	  index += u32Size;
  32.688 -
  32.689 -	  /*  Write chwall_running_types_offset */
  32.690 -	  writeIntToStream(chwBuffer, 0, index);
  32.691 -	  index += u32Size;
  32.692 -
  32.693 -	  /*  Write chwall_conflict_aggregate_offset */
  32.694 -	  writeIntToStream(chwBuffer, 0, index);
  32.695 -	  index += u32Size;
  32.696 -
  32.697 -  } catch (IOException ee) {
  32.698 -    	System.out.println(" gCB:: got exception : " + ee); 
  32.699 -	return null;
  32.700 -  }
  32.701 -  int markPos = 0;
  32.702 -
  32.703 -  /* Create the SSids entry */
  32.704 -  for (int i = 0; i < maxSsids; i++)
  32.705 -  {
  32.706 -	SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i);
  32.707 -   	/* Get chwall types */
  32.708 -	ssidEntry.chwSsidPosition = i;
  32.709 -	Enumeration e = ssidEntry.chwTypes.elements(); 
  32.710 -	while (e.hasMoreElements())
  32.711 -	{
  32.712 -  	  String typeName = (String) e.nextElement(); 
  32.713 -      	  printDebug(" gCB:: Ssid "+ i+ ": has type : " + typeName);
  32.714 -	  position = ColorTypes.indexOf(typeName);
  32.715 -
  32.716 -	  if (position < 0) 
  32.717 -	  {
  32.718 -      	  	System.out.println (" gCB:: Error type : " + typeName + " not found in ColorTypes"); 
  32.719 -		return null; 
  32.720 -	  }
  32.721 -   	  printDebug(" GCB:: type : " + typeName + "  found in ColorTypes at position: " + position); 
  32.722 -	  markPos = ((i * maxTypes + position) * u16Size) + index;	
  32.723 -
  32.724 -	  try {
  32.725 -	  	writeShortToStream(chwBuffer,markSymbol,markPos);
  32.726 -  	  } catch (IOException ee) {
  32.727 -   	  	System.out.println(" gCB:: got exception : "); 
  32.728 -		return null; 
  32.729 -  	  }
  32.730 -	}
  32.731 -  }
  32.732 -
  32.733 -  if (debug) 
  32.734 -      printHex(chwBuffer,chwBuffer.length);
  32.735 -
  32.736 -  /* Add conflict set */
  32.737 -  index = address;
  32.738 -  for (int i = 0; i < maxConflict; i++)
  32.739 -  {
  32.740 -   	/* Get ste types */
  32.741 -	Vector entry = (Vector) ConflictSsids.elementAt(i);
  32.742 -	Enumeration e = entry.elements(); 
  32.743 -	while (e.hasMoreElements())
  32.744 -	{
  32.745 -  	  String typeName = (String) e.nextElement(); 
  32.746 -      	  printDebug (" GCB:: conflict Ssid "+ i+ ": has type : " + typeName);
  32.747 -	  position = ColorTypes.indexOf(typeName);
  32.748 -
  32.749 -	  if (position < 0) 
  32.750 -	  {
  32.751 -      	  	System.out.println (" GCB:: Error type : " + typeName + " not found in ColorTypes"); 
  32.752 -		return null; 
  32.753 -	  }
  32.754 -   	  printDebug(" GCB:: type : " + typeName + "  found in ColorTypes at position: " + position); 
  32.755 -	  markPos = ((i * maxTypes + position) * u16Size) + index;	
  32.756 -
  32.757 -	  try {
  32.758 -	  	writeShortToStream(chwBuffer,markSymbol,markPos);
  32.759 -  	  } catch (IOException ee) {
  32.760 -   	  	System.out.println(" GCB:: got exception : "); 
  32.761 -		return null; 
  32.762 -  	  }
  32.763 -	}
  32.764 -		
  32.765 -  } 
  32.766 -  printDebug(" gSB:: chw binary  ==> Length " + chwBuffer.length); 
  32.767 -  if (debug) 
  32.768 -   	printHex(chwBuffer,chwBuffer.length);
  32.769 -  printDebug("\n");
  32.770 -
  32.771 -  return chwBuffer;
  32.772 - }
  32.773 -
  32.774 -/**********************************************************************
  32.775 - Generate byte representation of policy using type information
  32.776 - <p>
  32.777 - @param Ssids    	      	Vector
  32.778 - @param ColorTypes         	Vector
  32.779 - <p>
  32.780 - @return bytes represenation of simple type enforcement policy 
  32.781 -**********************************************************************/
  32.782 - public  byte[] generateSteBuffer(Vector Ssids, Vector ColorTypes)
  32.783 - {
  32.784 -  byte[] steBuffer;
  32.785 -  int index = 0;
  32.786 -  int position = 0;
  32.787 -
  32.788 -  /* Get number of colorTypes */
  32.789 -  int numColorTypes = ColorTypes.size();
  32.790 -
  32.791 -  /* Get number of SSids entry */
  32.792 -  int numSsids = Ssids.size();
  32.793 -   
  32.794 -  if (numColorTypes * numSsids == 0)
  32.795 -	return null; 
  32.796 -
  32.797 -  /* data structure: acm_ste_policy_buffer
  32.798 -   * see XmlToBinInterface.java
  32.799 -   * total bytes: steHeaderSize * 2B + colorTypes(size) * Ssids(size)
  32.800 -   * 
  32.801 -  */
  32.802 -  steBuffer = new byte[ steHeaderSize + (numColorTypes * numSsids) * 2];
  32.803 -
  32.804 -  try {
  32.805 -	
  32.806 -	  index = 0;
  32.807 -	  writeIntToStream(steBuffer, ACM_STE_VERSION, index);
  32.808 -	  index += u32Size;
  32.809 -
  32.810 -	  writeIntToStream(steBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, index);
  32.811 -	  index += u32Size;
  32.812 -
  32.813 -	  writeIntToStream(steBuffer, numColorTypes, index);
  32.814 -	  index += u32Size;
  32.815 -
  32.816 -	  writeIntToStream(steBuffer, numSsids, index);
  32.817 -	  index += u32Size;
  32.818 -
  32.819 -	  writeIntToStream(steBuffer, steHeaderSize, index);
  32.820 -	  index += u32Size;
  32.821 -
  32.822 -
  32.823 -  } catch (IOException ee) {
  32.824 -	System.out.println(" gSB:: got exception : " + ee); 
  32.825 -	return null; 
  32.826 -  }
  32.827 -  int markPos = 0;
  32.828 -  for (int i = 0; i < numSsids; i++)
  32.829 -  {
  32.830 -	
  32.831 -	SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i);
  32.832 -	ssidEntry.steSsidPosition = i;
  32.833 -   	/* Get ste types */
  32.834 -	Enumeration e = ssidEntry.steTypes.elements(); 
  32.835 -	while (e.hasMoreElements())
  32.836 -	{
  32.837 -  	  String typeName = (String) e.nextElement(); 
  32.838 -      	  printDebug (" gSB:: Ssid "+ i+ ": has type : " + typeName);
  32.839 -	  position = ColorTypes.indexOf(typeName);
  32.840 -
  32.841 -	  if (position < 0) 
  32.842 -	  {
  32.843 -      	  	printDebug(" gSB:: Error type : " + typeName + " not found in ColorTypes"); 
  32.844 -		return null; 
  32.845 -	  }
  32.846 -   	  printDebug(" gSB:: type : " + typeName + "  found in ColorTypes at position: " + position); 
  32.847 -	  markPos = ((i * numColorTypes + position) * u16Size) + index;	
  32.848 -
  32.849 -	  try {
  32.850 -	  	writeShortToStream(steBuffer,markSymbol,markPos);
  32.851 -  	  } catch (IOException ee)
  32.852 -  	  {
  32.853 -   	  	System.out.println(" gSB:: got exception : "); 
  32.854 -		return null; 
  32.855 -  	  }
  32.856 -	}
  32.857 -		
  32.858 -  } 
  32.859 -
  32.860 -  printDebug(" gSB:: ste binary  ==> Length " + steBuffer.length); 
  32.861 -  if (debug) 
  32.862 - 	printHex(steBuffer,steBuffer.length);
  32.863 -  printDebug("\n");
  32.864 -
  32.865 -  return steBuffer;
  32.866 - }
  32.867 -
  32.868 - public static  void printHex(byte [] dataArray, int length)
  32.869 - {
  32.870 -  char[] hexChars = {'0', '1', '2', '3', '4', '5', '6', '7',
  32.871 -                '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
  32.872 -  int hexIndex;
  32.873 -  int value;
  32.874 -  int arraylength;
  32.875 -
  32.876 -  arraylength = length;
  32.877 -
  32.878 -  if (dataArray == null)
  32.879 -  {
  32.880 -        System.err.print("printHex: input byte array is null");
  32.881 -  }
  32.882 -
  32.883 -  if (length > dataArray.length || length < 0)
  32.884 -        arraylength = dataArray.length;
  32.885 -
  32.886 -  System.out.print("\n\t");
  32.887 -
  32.888 -  int i;
  32.889 -  for(i = 0; i < arraylength; )
  32.890 -  {
  32.891 -        value = dataArray[i] & 0xFF;
  32.892 -        hexIndex = (value >>> 4);
  32.893 -        System.out.print(hexChars[hexIndex]);
  32.894 -        hexIndex = (value & 0x0F);
  32.895 -        System.out.print(hexChars[hexIndex]);
  32.896 -
  32.897 -        i++;
  32.898 -        /* if done, print a final newline */
  32.899 -        if (i == arraylength) {
  32.900 -            if (arraylength < dataArray.length) {
  32.901 -                System.out.print("...");
  32.902 -            }
  32.903 -            System.out.println();
  32.904 -        }
  32.905 -        else if ((i % 24) == 0) {
  32.906 -            System.out.print("\n\t");
  32.907 -        }
  32.908 -        else if ((i % 4) == 0) {
  32.909 -                System.out.print(" ");
  32.910 -        }
  32.911 -  }
  32.912 -
  32.913 -  return;
  32.914 - }
  32.915 -
  32.916 -  
  32.917 - private void writeShortToStream(byte[] stream, short value, int index)
  32.918 -  throws IOException
  32.919 - {
  32.920 -  int littleEndian = 0;
  32.921 -  int byteVal;
  32.922 -
  32.923 -  if (index + 2 > stream.length)
  32.924 -  {
  32.925 -      throw new IOException("Writing beyond stream length: " +
  32.926 -                            stream.length + " writing at locations from: " + index + " to " + (index + 4));
  32.927 -  }
  32.928 -
  32.929 -  if (!LittleEndian)
  32.930 -  {
  32.931 -
  32.932 -	byteVal = value >> 8;
  32.933 -	stream[index ] = (byte) byteVal;
  32.934 -
  32.935 -	byteVal = value;
  32.936 -	stream[index + 1] = (byte) byteVal;
  32.937 -  } else {
  32.938 -	stream[index]  = (byte) ((value & 0x00ff) );
  32.939 -	stream[index + 1]  = (byte) ((value & 0xff00) >> 8);
  32.940 - }
  32.941 -  return;
  32.942 - }
  32.943 -
  32.944 - private void writeIntToStream(byte[] stream, int value, int index)
  32.945 -  throws IOException
  32.946 - {
  32.947 -  int littleEndian = 0;
  32.948 -  int byteVal;
  32.949 -
  32.950 -  if (4 > stream.length)
  32.951 -  {
  32.952 -      throw new IOException("writeIntToStream: stream length less than 4 bytes " +
  32.953 -                            stream.length);
  32.954 -  }
  32.955 -
  32.956 -  /* Do not Write beyond range */
  32.957 -  if (index + 4 > stream.length)
  32.958 -  {
  32.959 -      throw new IOException("writeIntToStream: writing beyond stream length: " +
  32.960 -                            stream.length + " writing at locations from: " + index + " to " + (index + 4));
  32.961 -  }
  32.962 -  if (!LittleEndian)
  32.963 -  {
  32.964 -	byteVal = value >>> 24;
  32.965 -	stream[index] = (byte) byteVal;
  32.966 -
  32.967 -	byteVal = value >> 16;
  32.968 -	stream[index + 1] = (byte) byteVal;
  32.969 -
  32.970 -	byteVal = value >> 8;
  32.971 -	stream[index + 2] = (byte) byteVal;
  32.972 -
  32.973 -	byteVal = value;
  32.974 -	stream[index + 3] = (byte) byteVal;
  32.975 -  } else {
  32.976 -	stream[index] = (byte) value;
  32.977 -	stream[index + 1]  = (byte) ((value & 0x0000ff00) >> 8);
  32.978 -	stream[index + 2]  = (byte) ((value & 0x00ff0000) >> 16);
  32.979 -	stream[index + 3] = (byte) ( value >>> 24);
  32.980 -  }
  32.981 -  return;
  32.982 - }
  32.983 -
  32.984 - public Document getDomTree(String xmlFileName)
  32.985 -  throws Exception, SAXException, ParserConfigurationException
  32.986 - {
  32.987 -  javax.xml.parsers.DocumentBuilderFactory dbf = 
  32.988 -	javax.xml.parsers.DocumentBuilderFactory.newInstance();
  32.989 -
  32.990 -  /* Turn on namespace aware and validation */
  32.991 -  dbf.setNamespaceAware(true);	
  32.992 -  dbf.setValidating(true);	
  32.993 -  dbf.setAttribute(JAXP_SCHEMA_LANGUAGE,W3C_XML_SCHEMA);
  32.994 -
  32.995 -  /* Checks that the document is well-formed */
  32.996 -  javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
  32.997 -
  32.998 -  myHandler errHandler= new myHandler();
  32.999 -  db.setErrorHandler(errHandler);
 32.1000 -  Document doc = db.parse(xmlFileName);
 32.1001 -
 32.1002 -  /* Checks for validation errors */
 32.1003 -  if (errHandler.isValid)
 32.1004 -       printDebug(" gDT:: Xml file: " + xmlFileName + " is valid");
 32.1005 -   else
 32.1006 -      throw new Exception("Xml file: " + xmlFileName + " is NOT valid");
 32.1007 -
 32.1008 -  return doc;
 32.1009 - }  
 32.1010 -
 32.1011 - public void processDomTree(
 32.1012 -	Document doc,
 32.1013 -	Vector bagOfSsids, 	
 32.1014 -	Vector bagOfTypes, 
 32.1015 -	Vector bagOfChwSsids, 
 32.1016 -	Vector bagOfChwTypes, 
 32.1017 -	Vector bagOfConflictSsids)
 32.1018 -  throws Exception, SAXException, ParserConfigurationException
 32.1019 - {
 32.1020 -  boolean found;
 32.1021 -
 32.1022 -  /* print the root Element */
 32.1023 -  Element root = doc.getDocumentElement();
 32.1024 -  printDebug ("\n pDT:: Document Element: Name = " + root.getNodeName() + ",Value = " + root.getNodeValue());
 32.1025 -
 32.1026 -  /* Go through the list of the root Element's Attributes */
 32.1027 -  NamedNodeMap nnm = root.getAttributes();
 32.1028 -  printDebug (" pDT:: # of Attributes: " + nnm.getLength());
 32.1029 -  for (int i = 0; i < nnm.getLength(); i++)
 32.1030 -  {
 32.1031 -         Node n = nnm.item (i);
 32.1032 -        printDebug (" pDT:: Attribute: Name = " + n.getNodeName() + ", Value = " 
 32.1033 -             + n.getNodeValue());
 32.1034 -  }
 32.1035 -
 32.1036 -  /* Retrieve the policy definition */ 
 32.1037 -  NodeList elementList = root.getElementsByTagName ("url");
 32.1038 -  String definitionFileName = elementList.item(0).getFirstChild().getNodeValue();  
 32.1039 -
 32.1040 -  String definitionHash = null;
 32.1041 -
 32.1042 -  /* Note that SecurityPolicySpec.xsd allows for 0 hash value! */
 32.1043 -  elementList = root.getElementsByTagName ("hash");
 32.1044 -  if (0 != elementList.getLength())
 32.1045 -      	definitionHash = elementList.item(0).getFirstChild().getNodeValue();  
 32.1046 -
 32.1047 -  Document definitionDoc = pGetDomDefinition(definitionFileName,definitionHash);
 32.1048 -  pGetTypes(definitionDoc,bagOfTypes, bagOfChwTypes, bagOfConflictSsids);
 32.1049 -
 32.1050 -
 32.1051 -  /* Get VM security information */
 32.1052 -  elementList = root.getElementsByTagName ("VM");
 32.1053 -  printDebug ("\n pDT:: partition length of NodeList:" + elementList.getLength());
 32.1054 -  /* Add default Ssid to Ste and Chw bags */			
 32.1055 -  SecurityLabel defEntry = new SecurityLabel();
 32.1056 -
 32.1057 -  defEntry.chwTypes = new Vector();
 32.1058 -  defEntry.steTypes = new Vector();
 32.1059 -  defEntry.chwIDs = new Vector();
 32.1060 -  defEntry.ids = new Vector();
 32.1061 -
 32.1062 -  defEntry.steSsidPosition =0;
 32.1063 -  defEntry.chwSsidPosition =0;
 32.1064 -  bagOfChwSsids.add(defEntry);
 32.1065 -  bagOfSsids.add(defEntry);
 32.1066 -
 32.1067 -  for (int x = 0; x < elementList.getLength(); x++)
 32.1068 -  {
 32.1069 -	found = false;
 32.1070 -
 32.1071 -        Node node = elementList.item (x);          
 32.1072 -
 32.1073 -	if (node.getNodeType() == Node.ELEMENT_NODE)
 32.1074 -	{
 32.1075 -	  printDebug (" pDT:: child: " + x + " is an element node" );
 32.1076 -	  Element e1 = (Element) node;
 32.1077 -
 32.1078 -  	  /* Get id */
 32.1079 -      	  NodeList elist = e1.getElementsByTagName ("id");
 32.1080 -      	  String idStr = elist.item(0).getFirstChild().getNodeValue();  
 32.1081 -      	  printDebug (" pDT:: id:" + idStr);
 32.1082 -
 32.1083 -	  /* Get TE */
 32.1084 -	  Vector colorTypes = new Vector();
 32.1085 -	  pConflictEntries(e1, "TE", bagOfTypes, colorTypes);
 32.1086 -
 32.1087 -	  Enumeration e = bagOfSsids.elements();
 32.1088 -	  while (e.hasMoreElements())
 32.1089 -	  {
 32.1090 -		SecurityLabel elem = (SecurityLabel) e.nextElement(); 
 32.1091 -		if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes))
 32.1092 -		{
 32.1093 -		  found = true;
 32.1094 -		  elem.ids.add(idStr);
 32.1095 -		}
 32.1096 -		
 32.1097 -	  }
 32.1098 -		if (!found && (0 < colorTypes.size()))
 32.1099 -		{
 32.1100 -		 SecurityLabel entry = new SecurityLabel();
 32.1101 -		 entry.steTypes = colorTypes;
 32.1102 -		 entry.ids = new Vector();
 32.1103 -		 entry.ids.add(idStr);
 32.1104 -		 bagOfSsids.add(entry);
 32.1105 -		}
 32.1106 -
 32.1107 -		/* Get Chinese wall type */
 32.1108 -	 	Vector chwTypes = new Vector();
 32.1109 -		pConflictEntries(e1, "ChWall", bagOfChwTypes, chwTypes);
 32.1110 -
 32.1111 -	        found = false;
 32.1112 -		e = bagOfChwSsids.elements();
 32.1113 -
 32.1114 -		while (e.hasMoreElements())
 32.1115 -		{
 32.1116 -  		  SecurityLabel elem = (SecurityLabel) e.nextElement(); 
 32.1117 -		  if ( elem.chwTypes.size() == chwTypes.size() && elem.chwTypes.containsAll(chwTypes))
 32.1118 -		  {
 32.1119 -		    found = true;
 32.1120 -		    elem.chwIDs.add(idStr);
 32.1121 -		  }
 32.1122 -		
 32.1123 -		}
 32.1124 -
 32.1125 -		if (!found && (0 < chwTypes.size()))
 32.1126 -		{
 32.1127 -		 SecurityLabel entry = new SecurityLabel();
 32.1128 -		 entry.chwTypes = chwTypes;
 32.1129 -		 entry.chwIDs = new Vector();
 32.1130 -		 entry.chwIDs.add(idStr);
 32.1131 -		 bagOfChwSsids.add(entry);
 32.1132 -		}
 32.1133 -      }
 32.1134 -  } 
 32.1135 -  return;
 32.1136 - }
 32.1137 -
 32.1138 - public Document pGetDomDefinition(
 32.1139 -	String definitionFileName, 
 32.1140 -	String definitionHash) 
 32.1141 -  throws Exception, SAXException, ParserConfigurationException
 32.1142 - {
 32.1143 -  printDebug("\n pGDD:: definition file name: " + definitionFileName);
 32.1144 -  printDebug("\n pGDD:: definition file hash: " + definitionHash);
 32.1145 -  
 32.1146 -  Document doc =  getDomTree(definitionFileName);
 32.1147 -  return doc; 
 32.1148 - }
 32.1149 -
 32.1150 - public void pGetTypes(
 32.1151 -	Document defDoc,
 32.1152 -	Vector bagOfTypes, 
 32.1153 -	Vector bagOfChwTypes, 
 32.1154 -	Vector bagOfConflictSsids)
 32.1155 -  throws Exception
 32.1156 - {
 32.1157 -
 32.1158 -
 32.1159 -  if (null == defDoc)
 32.1160 -      throw new Exception(" pGT:: definition file DOM is null ");
 32.1161 -
 32.1162 -  Element root = defDoc.getDocumentElement();
 32.1163 -
 32.1164 -  /* Get list of TE types */
 32.1165 -  NodeList elementList = root.getElementsByTagName ("Types");
 32.1166 -  printDebug ("\n pGT:: Types length of NodeList:" + elementList.getLength());
 32.1167 -  Element e1 = (Element) elementList.item (0);          
 32.1168 -  pGetEntries(e1,"TE",bagOfTypes);
 32.1169 -
 32.1170 -  /* Get list of Chinese types */
 32.1171 -  elementList = root.getElementsByTagName ("ChWallTypes");
 32.1172 -  printDebug ("\n pGT:: ChwTypes length of NodeList:" + elementList.getLength());
 32.1173 -  if (0 ==  elementList.getLength())
 32.1174 -  {
 32.1175 -  	printDebug ("\n pGT:: ChWallTypes has zero length: :" + elementList.getLength());
 32.1176 -  } else {
 32.1177 -	e1 = (Element) elementList.item (0);          
 32.1178 -	pGetEntries(e1,"ChWall",bagOfChwTypes);
 32.1179 -  }
 32.1180 -  printDebug (" pGT:: Total number of unique chw types: " + bagOfChwTypes.size());
 32.1181 -
 32.1182 -  /* Get Chinese type conflict sets */
 32.1183 -  elementList = root.getElementsByTagName ("ConflictSet");
 32.1184 -  printDebug ("\n pGT:: Conflict sets length of NodeList:" + elementList.getLength());
 32.1185 -  for (int x = 0; x < elementList.getLength(); x++)
 32.1186 -  {
 32.1187 - 	Vector conflictEntry  = new Vector();
 32.1188 -  	e1 = (Element) elementList.item (x);          
 32.1189 -  	printDebug ("\n pGT:: Conflict sets : " + x);
 32.1190 -
 32.1191 -	pConflictEntries(e1, "ChWall", bagOfChwTypes, conflictEntry);
 32.1192 -
 32.1193 -	if (conflictEntry.size() > 0)
 32.1194 -	{
 32.1195 -	  boolean found = false;
 32.1196 -	  Enumeration e = bagOfConflictSsids.elements();
 32.1197 -	
 32.1198 -	  while (e.hasMoreElements())
 32.1199 -	  {
 32.1200 -		Vector elem = (Vector) e.nextElement(); 
 32.1201 -		if (elem.size() == conflictEntry.size() && elem.containsAll(conflictEntry))
 32.1202 -	  	{
 32.1203 -	    	  found = true;
 32.1204 -	  	}
 32.1205 -		
 32.1206 -	  }
 32.1207 -	  if (!found)
 32.1208 -	  {
 32.1209 -		bagOfConflictSsids.add(conflictEntry);
 32.1210 -	  }
 32.1211 -  	}
 32.1212 -  }
 32.1213 -
 32.1214 - }
 32.1215 -
 32.1216 - public void  pGetEntries(Element doc, String tag, Vector typeBag)
 32.1217 -  throws Exception
 32.1218 - {
 32.1219 -
 32.1220 -  if (null == doc)
 32.1221 -      throw new Exception(" pGE:: Element doc is null");
 32.1222 -
 32.1223 -  if (null == typeBag)
 32.1224 -      throw new Exception(" pGE:: typeBag  is null");
 32.1225 -
 32.1226 -  NodeList elist = doc.getElementsByTagName (tag);
 32.1227 -  for (int j = 0; j < elist.getLength(); j++)
 32.1228 -  {
 32.1229 -  	Node knode = elist.item (j);          
 32.1230 -       	Node childNode = knode.getFirstChild();     
 32.1231 -       	String value = childNode.getNodeValue();
 32.1232 -
 32.1233 -	printDebug (" pGT:: "+ tag +" type: " + value);
 32.1234 -
 32.1235 -        /* Check if value is known */
 32.1236 -	if (!typeBag.contains(value))
 32.1237 -		typeBag.addElement(value);
 32.1238 -  }
 32.1239 - }
 32.1240 -
 32.1241 - public void  pConflictEntries(Element doc, String tag, Vector typeBag, Vector conflictEntry)
 32.1242 -  throws Exception
 32.1243 - {
 32.1244 -
 32.1245 -  if (null == doc)
 32.1246 -      throw new Exception(" pGE:: Element doc is null");
 32.1247 -
 32.1248 -  if (null == typeBag)
 32.1249 -      throw new Exception(" pGE:: typeBag  is null");
 32.1250 -
 32.1251 -  if (null == conflictEntry)
 32.1252 -      throw new Exception(" pGE:: typeBag  is null");
 32.1253 -
 32.1254 -
 32.1255 -  NodeList elist = doc.getElementsByTagName (tag);
 32.1256 -
 32.1257 -  for (int j = 0; j < elist.getLength(); j++)
 32.1258 -  {
 32.1259 -  	Node knode = elist.item (j);          
 32.1260 -       	Node childNode = knode.getFirstChild();     
 32.1261 -       	String value = childNode.getNodeValue();
 32.1262 -
 32.1263 -	printDebug (" pGE:: "+ tag +" type: " + value);
 32.1264 -
 32.1265 -        /* Check if value is known */
 32.1266 -	if (!typeBag.contains(value))
 32.1267 -      		throw new Exception(" pCE:: found undefined type set " + value);
 32.1268 -
 32.1269 -	if (!conflictEntry.contains(value))
 32.1270 -		conflictEntry.addElement(value);
 32.1271 -
 32.1272 -  }
 32.1273 - }
 32.1274 -
 32.1275 -  public void processDomTreeVlanSlot(
 32.1276 -	Document doc,
 32.1277 -	Vector bagOfSsids, 	
 32.1278 -	Vector bagOfTypes) 	
 32.1279 -  throws Exception
 32.1280 - {
 32.1281 -      boolean found;
 32.1282 -
 32.1283 -  printDebug(" pDTVS::Size of bagOfSsids: "+ bagOfSsids.size());
 32.1284 -  Element root = doc.getDocumentElement();
 32.1285 -
 32.1286 -  NodeList elementList = root.getElementsByTagName ("Vlan");
 32.1287 -  printDebug("\n pDTVS:: Vlan length of NodeList:" + elementList.getLength());
 32.1288 -
 32.1289 -  for (int x = 0; x < elementList.getLength(); x++)
 32.1290 -  {
 32.1291 -	found = false;
 32.1292 -
 32.1293 -        Node node = elementList.item (x);          
 32.1294 -
 32.1295 -	if (node.getNodeType() == Node.ELEMENT_NODE)
 32.1296 -	{
 32.1297 -	  printDebug(" pDTVS:: child: " + x + " is an element node" );
 32.1298 -	  Element e1 = (Element) node;
 32.1299 -
 32.1300 -	  /* Get vid */
 32.1301 -      	  NodeList elist = e1.getElementsByTagName ("vid");
 32.1302 -      	  String idStr = elist.item(0).getFirstChild().getNodeValue();  
 32.1303 -      	  printDebug (" pDTVS:: vid:" + idStr);
 32.1304 -
 32.1305 -	  /* Get TE */
 32.1306 -      	  elist = e1.getElementsByTagName ("TE");
 32.1307 -          printDebug (" pDTVS:: Total ste types: " + elist.getLength());
 32.1308 -
 32.1309 -	  Vector colorTypes = new Vector();
 32.1310 -	  for (int j = 0; j < elist.getLength(); j++)
 32.1311 -	  {
 32.1312 -		Node knode = elist.item (j);          
 32.1313 -        	Node childNode = knode.getFirstChild();     
 32.1314 -        	String value = childNode.getNodeValue();
 32.1315 -
 32.1316 -		printDebug (" pDT:: My color is: " + value);
 32.1317 -		if (!bagOfTypes.contains(value))
 32.1318 -		{
 32.1319 -      		  throw new IOException("pDT:: Vlan: " + idStr+ " has unknown type : "+ value);
 32.1320 -		}
 32.1321 -
 32.1322 -		if (!colorTypes.contains(value))
 32.1323 -		  colorTypes.addElement(value);
 32.1324 -	  }
 32.1325 -	  Enumeration e = bagOfSsids.elements();
 32.1326 -	  while (e.hasMoreElements())
 32.1327 -	  {
 32.1328 -		SecurityLabel elem = (SecurityLabel) e.nextElement(); 
 32.1329 -		if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes))
 32.1330 -		{
 32.1331 -		  found = true;
 32.1332 -		  if (null == elem.vlans)
 32.1333 -			elem.vlans = new Vector();
 32.1334 -		   elem.vlans.add(idStr);
 32.1335 -		}
 32.1336 -		
 32.1337 -	  }
 32.1338 -	  if (!found && (0 < colorTypes.size()))
 32.1339 -	  {
 32.1340 -		 SecurityLabel entry = new SecurityLabel();
 32.1341 -		 entry.steTypes = colorTypes;
 32.1342 -		 entry.vlans = new Vector();
 32.1343 -		 entry.vlans.add(idStr);
 32.1344 -		 bagOfSsids.add(entry);
 32.1345 -	  }
 32.1346 -
 32.1347 -	}
 32.1348 -  } 
 32.1349 -  printDebug(" pDTVS::After slot Size of bagOfSsids: "+ bagOfSsids.size());
 32.1350 -
 32.1351 -  elementList = root.getElementsByTagName ("Slot");
 32.1352 -  printDebug ("\n pDTVS:: Slot length of NodeList:" + elementList.getLength());
 32.1353 -
 32.1354 -  for (int x = 0; x < elementList.getLength(); x++)
 32.1355 -  {
 32.1356 -	found = false;
 32.1357 -
 32.1358 -        Node node = elementList.item (x);          
 32.1359 -
 32.1360 -	if (node.getNodeType() == Node.ELEMENT_NODE)
 32.1361 -	{
 32.1362 -	  printDebug(" pDT:: child: " + x + " is an element node" );
 32.1363 -	  Element e1 = (Element) node;
 32.1364 -
 32.1365 -
 32.1366 -	  /* Get slot and bus */
 32.1367 -	  SlotInfo item = new SlotInfo();
 32.1368 -
 32.1369 -	  NodeList elist = e1.getElementsByTagName ("bus");
 32.1370 -	  item.bus = elist.item(0).getFirstChild().getNodeValue();  
 32.1371 -      	  elist = e1.getElementsByTagName ("slot");
 32.1372 -      	  item.slot = elist.item(0).getFirstChild().getNodeValue();  
 32.1373 -      	  printDebug (" pDT:: bus and slot:" + item.bus + " "+ item.slot);
 32.1374 -
 32.1375 -	  /* Get TE */
 32.1376 -      	  elist = e1.getElementsByTagName ("TE");
 32.1377 -          printDebug (" pDT:: Total ste types: " + elist.getLength());
 32.1378 -
 32.1379 -	  Vector colorTypes = new Vector();
 32.1380 -	  for (int j = 0; j < elist.getLength(); j++)
 32.1381 -	  {
 32.1382 -        	Node knode = elist.item (j);          
 32.1383 -        	Node childNode = knode.getFirstChild();     
 32.1384 -        	String value = childNode.getNodeValue();
 32.1385 -
 32.1386 -		printDebug (" pDT:: My color is: " + value);
 32.1387 -		if (!bagOfTypes.contains(value))
 32.1388 -		{
 32.1389 -		  throw new IOException("pDT:: bus: " + item.bus + " slot: "+ item.slot + " has unknown type : "+ value);
 32.1390 -		}
 32.1391 -
 32.1392 -		if (!colorTypes.contains(value))
 32.1393 -		  colorTypes.addElement(value);
 32.1394 -		}
 32.1395 -
 32.1396 -		Enumeration e = bagOfSsids.elements();
 32.1397 -		while (e.hasMoreElements())
 32.1398 -		{
 32.1399 -  		  SecurityLabel elem = (SecurityLabel) e.nextElement(); 
 32.1400 -		  if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes))
 32.1401 -		  {
 32.1402 -			found = true;
 32.1403 -			if (null == elem.slots)
 32.1404 -			  elem.slots = new Vector();
 32.1405 -			elem.slots.add(item);
 32.1406 -
 32.1407 -		  }
 32.1408 -		
 32.1409 -		}
 32.1410 -
 32.1411 -		if (!found && (0 < colorTypes.size()))
 32.1412 -		{
 32.1413 -		  SecurityLabel entry = new SecurityLabel();
 32.1414 -		  entry.steTypes = colorTypes;
 32.1415 -		  entry.slots = new Vector();
 32.1416 -		  entry.slots.add(item);
 32.1417 -		  bagOfSsids.add(entry);
 32.1418 -		}
 32.1419 -
 32.1420 -	}
 32.1421 -  }
 32.1422 -  return;
 32.1423 - }
 32.1424 -
 32.1425 - public static void main (String[] args) 
 32.1426 - {
 32.1427 -  String xmlFileName = null;        	/* policy file */ 
 32.1428 -  String outputFileName = null;     	/* binary policy file */
 32.1429 -  String xenSsidOutputFileName = null; 	/* outputfile ssid to named types */	
 32.1430 -					/* outputfile conflicts ssid to named types */	
 32.1431 -  String xenSsidConfOutputFileName = null; 	
 32.1432 -
 32.1433 -  XmlToBin genObj = new XmlToBin(); 
 32.1434 -
 32.1435 -  policy_version active_policy = new policy_version();
 32.1436 -
 32.1437 -  if ((active_policy.ACM_POLICY_VERSION != ACM_POLICY_VERSION) ||
 32.1438 -      (active_policy.ACM_CHWALL_VERSION != ACM_CHWALL_VERSION) ||
 32.1439 -      (active_policy.ACM_STE_VERSION != ACM_STE_VERSION)) {
 32.1440 -	  System.out.println("ACM policy versions differ.");
 32.1441 -	  System.out.println("Please verify that data structures are correct");
 32.1442 -	  System.out.println("and then adjust the version numbers in XmlToBinInterface.java.");
 32.1443 -	  return;
 32.1444 -  }
 32.1445 -
 32.1446 -
 32.1447 -  for (int i = 0 ; i < args.length ; i++) {
 32.1448 -
 32.1449 -	if ( args[i].equals("-help"))  {
 32.1450 -          printUsage();
 32.1451 -          System.exit(1);
 32.1452 -
 32.1453 -        } else if ( args[i].equals("-i"))  {
 32.1454 -          i++;
 32.1455 -          if (i < args.length) {
 32.1456 -               xmlFileName = args[i];   
 32.1457 -          } else  {
 32.1458 -                System.out.println("-i argument needs parameter");
 32.1459 -                System.exit(1);
 32.1460 -          }
 32.1461 -
 32.1462 -	} else if ( args[i].equals("-o"))  {
 32.1463 -          i++;
 32.1464 -          if (i < args.length) {
 32.1465 -                outputFileName = args[i];   
 32.1466 -          } else {
 32.1467 -                System.out.println("-o argument needs parameter");
 32.1468 -                System.exit(1);
 32.1469 -          }
 32.1470 -
 32.1471 -	} else if ( args[i].equals("-xssid"))  {
 32.1472 -          i++;
 32.1473 -          if (i < args.length) {
 32.1474 -                 xenSsidOutputFileName = args[i];   
 32.1475 -          } else {
 32.1476 -                System.out.println("-xssid argument needs parameter");
 32.1477 -                System.exit(1);
 32.1478 -          }
 32.1479 -
 32.1480 -	} else if ( args[i].equals("-xssidconf"))  {
 32.1481 -          i++;
 32.1482 -          if (i < args.length) {
 32.1483 -                xenSsidConfOutputFileName = args[i]; 
 32.1484 -          } else {
 32.1485 -                System.out.println("-xssidconf argument needs parameter");
 32.1486 -                System.exit(1);
 32.1487 -          }
 32.1488 -	} else if ( args[i].equals("-debug"))  { /* turn on debug msg */
 32.1489 -	 	genObj.setDebug(true);
 32.1490 -        } else {
 32.1491 -          System.out.println("bad command line argument: " + args[i]);
 32.1492 -          printUsage();
 32.1493 -          System.exit(1);
 32.1494 -        }
 32.1495 -
 32.1496 -  }
 32.1497 -
 32.1498 -  if (xmlFileName == null)
 32.1499 -  { 
 32.1500 -	System.out.println("Need to specify input file -i option");
 32.1501 -        printUsage();
 32.1502 -        System.exit(1);
 32.1503 -  }
 32.1504 -
 32.1505 -
 32.1506 -  try 
 32.1507 -  {
 32.1508 -	/* Parse and validate */
 32.1509 - 	Document doc =  genObj.getDomTree(xmlFileName);
 32.1510 -
 32.1511 -	/* Vectors to hold sets of types */
 32.1512 -	Vector bagOfSsids = new Vector();
 32.1513 -	Vector bagOfTypes = new Vector();
 32.1514 -	Vector bagOfChwSsids = new Vector();
 32.1515 -	Vector bagOfChwTypes = new Vector();
 32.1516 -	Vector bagOfConflictSsids = new Vector();
 32.1517 -
 32.1518 -	Vector vlanMapSsids = new Vector();
 32.1519 -	Vector slotMapSsids = new Vector();
 32.1520 -
 32.1521 -	genObj.processDomTree(doc, bagOfSsids, bagOfTypes, bagOfChwSsids, bagOfChwTypes, bagOfConflictSsids);
 32.1522 -
 32.1523 -	genObj.processDomTreeVlanSlot(doc, bagOfSsids, bagOfTypes);
 32.1524 -
 32.1525 -	/* Get binary representation of policies */
 32.1526 -  	byte[] stePolicy = genObj.generateSteBuffer(bagOfSsids, bagOfTypes);
 32.1527 -  	byte[] chwPolicy = genObj.generateChwBuffer(bagOfChwSsids, bagOfConflictSsids,bagOfChwTypes);
 32.1528 -
 32.1529 -  	byte[] binPolicy = null;
 32.1530 - 	byte[] binaryPartionSsid = null;
 32.1531 -  	byte[] binaryVlanSsid = null;
 32.1532 -  	byte[] binarySlotSsid = null;
 32.1533 -
 32.1534 -	/* Get binary representation of partition to ssid mapping */
 32.1535 -  	binaryPartionSsid = genObj.generatePartSsids(bagOfSsids,bagOfChwSsids);
 32.1536 -
 32.1537 -	/* Get binary representation of vlan to ssid mapping */
 32.1538 -  	binaryVlanSsid = genObj.generateVlanSsids(bagOfSsids);
 32.1539 -
 32.1540 -	/* Get binary representation of slot to ssid mapping */
 32.1541 -  	binarySlotSsid = genObj.generateSlotSsids(bagOfSsids);
 32.1542 -
 32.1543 -	/* Generate binary representation: policy, partition, slot and vlan */
 32.1544 -  	binPolicy = genObj.GenBinaryPolicyBuffer(chwPolicy,stePolicy, binaryPartionSsid, binaryVlanSsid, binarySlotSsid);
 32.1545 -
 32.1546 -
 32.1547 -	/* Write binary policy into file */
 32.1548 -	if (null != outputFileName)
 32.1549 -	{
 32.1550 -  		genObj.writeBinPolicy(binPolicy, outputFileName);
 32.1551 -	} else {
 32.1552 -		System.out.println (" No binary policy generated, outputFileName:  " + outputFileName);
 32.1553 -	}
 32.1554 -
 32.1555 -	/* Print total number of types */
 32.1556 -	System.out.println (" Total number of unique ste types: " + bagOfTypes.size());
 32.1557 -	System.out.println (" Total number of Ssids : " + bagOfSsids.size());
 32.1558 -	System.out.println (" Total number of unique chw types: " + bagOfChwTypes.size());
 32.1559 -	System.out.println (" Total number of conflict ssids : " + bagOfConflictSsids.size());
 32.1560 -	System.out.println (" Total number of chw Ssids : " + bagOfChwSsids.size());
 32.1561 -
 32.1562 -   	if (null != xenSsidOutputFileName)
 32.1563 -  		genObj.writeXenTypeFile(bagOfSsids, xenSsidOutputFileName, true);
 32.1564 -
 32.1565 -   	if (null != xenSsidConfOutputFileName)
 32.1566 -  		genObj.writeXenTypeFile(bagOfChwSsids, xenSsidConfOutputFileName, false);
 32.1567 -    } 
 32.1568 -    catch (Exception e) 
 32.1569 -    {
 32.1570 -      e.printStackTrace();
 32.1571 -    }
 32.1572 -  }
 32.1573 -}
    33.1 --- a/tools/misc/policyprocessor/XmlToBinInterface.java	Fri Aug 19 10:18:53 2005 +0000
    33.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    33.3 @@ -1,138 +0,0 @@
    33.4 -/**
    33.5 - * (C) Copyright IBM Corp. 2005
    33.6 - *
    33.7 - * $Id: XmlToBinInterface.java,v 1.3 2005/06/20 21:07:37 rvaldez Exp $
    33.8 - *
    33.9 - * Author: Ray Valdez
   33.10 - *
   33.11 - * This program is free software; you can redistribute it and/or
   33.12 - * modify it under the terms of the GNU General Public License as
   33.13 - * published by the Free Software Foundation, version 2 of the
   33.14 - * License.
   33.15 - *
   33.16 - * XmlToBinInterface Class.  
   33.17 - * <p>
   33.18 - *
   33.19 - * Defines constants used by XmToBin.
   33.20 - *
   33.21 - * <p>
   33.22 - *
   33.23 - *	policy binary structures
   33.24 - *
   33.25 - * struct acm_policy_buffer {
   33.26 - *	u32 policy_version; * ACM_POLICY_VERSION *
   33.27 - *      u32 magic;
   33.28 - *	u32 len;
   33.29 - *	u32 primary_policy_code;
   33.30 - *	u32 primary_buffer_offset;
   33.31 - *	u32 secondary_policy_code;
   33.32 - *	u32 secondary_buffer_offset;
   33.33 - *      +u32 resource offset (not used yet in Xen)
   33.34 - * };
   33.35 - *
   33.36 - *
   33.37 - * struct acm_ste_policy_buffer {
   33.38 - *	u32 policy_version; * ACM_STE_VERSION *
   33.39 - *	u32 policy_code;
   33.40 - *	u32 ste_max_types;
   33.41 - *	u32 ste_max_ssidrefs;
   33.42 - *	u32 ste_ssid_offset;
   33.43 - * };
   33.44 - *
   33.45 - * struct acm_chwall_policy_buffer {
   33.46 - *	u32 policy_version; * ACM_CHWALL_VERSION *
   33.47 - *	u32 policy_code;
   33.48 - *	u32 chwall_max_types;
   33.49 - *	u32 chwall_max_ssidrefs;
   33.50 - *	u32 chwall_max_conflictsets;
   33.51 - *	u32 chwall_ssid_offset;
   33.52 - *	u32 chwall_conflict_sets_offset;
   33.53 - *	u32 chwall_running_types_offset;
   33.54 - *	u32 chwall_conflict_aggregate_offset;
   33.55 - * };
   33.56 - *
   33.57 - *	typedef struct {
   33.58 - *	u16 partition_max;
   33.59 - *	u16 partition_offset;
   33.60 - *	u16 vlan_max;
   33.61 - *	u16 vlan_offset;
   33.62 - *	u16 slot_max;
   33.63 - *	u16 slot_offset;
   33.64 - *	} acm_resource_buffer_t;
   33.65 - *
   33.66 - *	typedef struct {
   33.67 - *	u16 id;
   33.68 - *	u16 ssid_ste;
   33.69 - *	u16 ssid_chwall;
   33.70 - *	} acm_partition_entry_t;
   33.71 - *
   33.72 - *	typedef struct {
   33.73 - *	u16 vlan;
   33.74 - *	u16 ssid_ste;
   33.75 - *	} acm_vlan_entry_t;
   33.76 - *
   33.77 - *	typedef struct {
   33.78 - *	u16 bus;
   33.79 - *	u16 slot;
   33.80 - *	u16 ssid_ste;
   33.81 - *	} acm_slot_entry_t;
   33.82 - *
   33.83 - *       
   33.84 - *
   33.85 - */
   33.86 -public interface XmlToBinInterface
   33.87 -{
   33.88 -  /* policy code  (uint16) */
   33.89 -  final int policyCodeSize = 2;
   33.90 -
   33.91 -  /* max_types    (uint16) */
   33.92 -  final int maxTypesSize = 2;
   33.93 -
   33.94 -  /* max_ssidrefs (uint16) */
   33.95 -  final int maxSsidrefSize = 2;
   33.96 -
   33.97 -  /* ssid_offset  (uint32) */
   33.98 -  final int ssidOffsetSize = 2;
   33.99 -
  33.100 -  final short markSymbol = 0x0001;
  33.101 -
  33.102 -  final int u32Size = 4;
  33.103 -  final int u16Size = 2;
  33.104 -
  33.105 -  /* num of bytes for acm_ste_policy_buffer_t */
  33.106 -  final int steHeaderSize = (5 * u32Size);
  33.107 -
  33.108 -  /* byte for acm_chinese_wall_policy_buffer_t */
  33.109 -  final int chwHeaderSize = (9 * u32Size);
  33.110 -
  33.111 -  final int primaryPolicyCodeSize = u32Size;
  33.112 -  final int primaryBufferOffsetSize = u32Size ;
  33.113 -
  33.114 -  final int secondaryPolicyCodeSz = u32Size;
  33.115 -  final int secondaryBufferOffsetSz = u32Size;
  33.116 -  final int resourceOffsetSz = u32Size;
  33.117 -
  33.118 -  final short partitionBufferSz = (2 * u16Size);
  33.119 -  final short partitionEntrySz = (3 * u16Size);
  33.120 -
  33.121 -  final short slotBufferSz = (2 * u16Size);
  33.122 -  final short slotEntrySz = (3 * u16Size);
  33.123 -
  33.124 -  final short vlanBufferSz = (2 * u16Size);
  33.125 -  final short vlanEntrySz = (2 * u16Size);
  33.126 -
  33.127 -  final int binaryBufferHeaderSz = (8 * u32Size); /* 8th not used in Xen */
  33.128 -
  33.129 -  /* copied directly from acm.h */
  33.130 -  final int ACM_MAGIC  =  0x0001debc;
  33.131 -  final int ACM_NULL_POLICY = 0;
  33.132 -  final int ACM_CHINESE_WALL_POLICY = 1;
  33.133 -  final int ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY = 2;
  33.134 -  final int ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY = 3;
  33.135 -  final int ACM_EMPTY_POLICY = 4;
  33.136 -
  33.137 -  /* version for compatibility check */
  33.138 -  final int ACM_POLICY_VERSION = 1;
  33.139 -  final int ACM_STE_VERSION    = 1;
  33.140 -  final int ACM_CHWALL_VERSION = 1;
  33.141 -}
    34.1 --- a/tools/misc/policyprocessor/c2j_include.c	Fri Aug 19 10:18:53 2005 +0000
    34.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    34.3 @@ -1,57 +0,0 @@
    34.4 -/****************************************************************
    34.5 - * c2j_include.c
    34.6 - *
    34.7 - * Copyright (C) 2005 IBM Corporation
    34.8 - *
    34.9 - * Authors:
   34.10 - * Reiner Sailer <sailer@watson.ibm.com>
   34.11 - *
   34.12 - * This program is free software; you can redistribute it and/or
   34.13 - * modify it under the terms of the GNU General Public License as
   34.14 - * published by the Free Software Foundation, version 2 of the
   34.15 - * License.
   34.16 - *
   34.17 - * This tool makes some constants from acm.h available to the
   34.18 - * java policyprocessor for version checking.
   34.19 - */
   34.20 -#include <stdio.h>
   34.21 -#include <errno.h>
   34.22 -#include <stdlib.h>
   34.23 -#include <stdint.h>
   34.24 -
   34.25 -typedef uint8_t  u8;
   34.26 -typedef uint16_t u16;
   34.27 -typedef uint32_t u32;
   34.28 -typedef uint64_t u64;
   34.29 -typedef int8_t   s8;
   34.30 -typedef int16_t  s16;
   34.31 -typedef int32_t  s32;
   34.32 -typedef int64_t  s64;
   34.33 -
   34.34 -#include <xen/acm.h>
   34.35 -
   34.36 -char *filename = "policy_version.java";
   34.37 -
   34.38 -int main(int argc, char **argv)
   34.39 -{
   34.40 -
   34.41 -    FILE *fd;
   34.42 -    if ((fd = fopen(filename, "w")) <= 0)
   34.43 -    {
   34.44 -        printf("File %s not found.\n", filename);
   34.45 -        exit(-ENOENT);
   34.46 -    }
   34.47 -
   34.48 -    fprintf(fd, "/*\n * This file was automatically generated\n");
   34.49 -    fprintf(fd, " * Do not change it manually!\n */\n");
   34.50 -    fprintf(fd, "public class policy_version {\n");
   34.51 -    fprintf(fd, "	final int ACM_POLICY_VERSION = %x;\n",
   34.52 -            ACM_POLICY_VERSION);
   34.53 -    fprintf(fd, "	final int ACM_CHWALL_VERSION = %x;\n",
   34.54 -            ACM_CHWALL_VERSION);
   34.55 -    fprintf(fd, "	final int ACM_STE_VERSION = %x;\n",
   34.56 -            ACM_STE_VERSION);
   34.57 -    fprintf(fd, "}\n");
   34.58 -    fclose(fd);
   34.59 -    return 0;
   34.60 -}
    35.1 --- a/tools/misc/policyprocessor/myHandler.java	Fri Aug 19 10:18:53 2005 +0000
    35.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    35.3 @@ -1,47 +0,0 @@
    35.4 -/**
    35.5 - * (C) Copyright IBM Corp. 2005
    35.6 - *
    35.7 - * $Id: myHandler.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $
    35.8 - *
    35.9 - * Author: Ray Valdez
   35.10 - *
   35.11 - * This program is free software; you can redistribute it and/or
   35.12 - * modify it under the terms of the GNU General Public License as
   35.13 - * published by the Free Software Foundation, version 2 of the
   35.14 - * License.
   35.15 - *
   35.16 - * myHandler Class.  
   35.17 - *
   35.18 - * <p>
   35.19 - *
   35.20 - * A dummy class used for detecting XML validating/parsing errors.
   35.21 - *
   35.22 - * <p>
   35.23 - *
   35.24 - *
   35.25 - */
   35.26 -import org.xml.sax.helpers.*;
   35.27 -import org.xml.sax.SAXParseException;
   35.28 -
   35.29 -class myHandler extends DefaultHandler 
   35.30 -{ 
   35.31 - public boolean isValid = true;
   35.32 -
   35.33 - /* Notification of a recoverable error. */
   35.34 - public void error(SAXParseException se) 
   35.35 - { 
   35.36 -  isValid = false;
   35.37 - } 
   35.38 -
   35.39 - /* Notification of a non-recoverable error. */
   35.40 - public void fatalError(SAXParseException se) 
   35.41 - { 
   35.42 -  isValid = false;
   35.43 - } 
   35.44 -
   35.45 - /* Notification of a warning. */
   35.46 - public void warning(SAXParseException se) 
   35.47 - {
   35.48 -  isValid = false;
   35.49 - }
   35.50 -}
    36.1 --- a/tools/misc/policyprocessor/readme.install	Fri Aug 19 10:18:53 2005 +0000
    36.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    36.3 @@ -1,33 +0,0 @@
    36.4 -# Author: Ray Valdez, rvaldez@us.ibm.com 
    36.5 -# Version: 1.0
    36.6 -#
    36.7 -# install readme
    36.8 -#
    36.9 -PREREQUISITES:
   36.10 -
   36.11 -Prior to installation of the policy processor tool (XmlToBin) you must have...
   36.12 -
   36.13 - 1. Java version 1.4.2
   36.14 - 2. xmlParserAPIs.jar and xercesImpl.jar
   36.15 -
   36.16 -The above can be obtained from the Sun Developer Network web site at
   36.17 -http://java.sun.com/j2se/1.4.2/download.html.
   36.18 -
   36.19 -XmlParserAPIs and xercesImpl jars can be obtained from
   36.20 -http://www.apache.org/dist/xml/xerces-j (Xerces-J-bin.2.6.2.tar.gz,
   36.21 -for example).
   36.22 -
   36.23 -The tool has been tested with J2SE v1.4.2_08 JRE on Linux (32-bit
   36.24 -INTEL).
   36.25 -
   36.26 -INSTALLATION
   36.27 -
   36.28 -1. Set PATH to include $HOME_JAVA/bin and $HOME_JAVA/jre/bin
   36.29 -   where $HOME_JAVA is your java installation directory
   36.30 -
   36.31 -2. Compile XmlToBin:
   36.32 -   javac XmlToBin.java
   36.33 -	
   36.34 -USAGE
   36.35 -
   36.36 - See readme.xen
    37.1 --- a/tools/misc/policyprocessor/readme.xen	Fri Aug 19 10:18:53 2005 +0000
    37.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    37.3 @@ -1,65 +0,0 @@
    37.4 -# Author: Ray Valdez, rvaldez@us.ibm.com 
    37.5 -# Version: 1.0
    37.6 -#
    37.7 -# This readme describes the policy processor tool for sHype.
    37.8 -#
    37.9 -
   37.10 -Java program:
   37.11 -
   37.12 - java XmlToBin -i [file.xml] -o <file.bin> -xssid <SsidFile> -xssidconf <SsidConf>
   37.13 -
   37.14 - Command line options:
   37.15 -
   37.16 -        -i              inputFile:      name of policyfile (.xml)
   37.17 -        -o              outputFile:     name of binary policy file (Big Endian)
   37.18 -        -xssid          SsidFile:       xen ssids to named types text file
   37.19 -        -xssidconf      SsidConf:   	xen conflict ssids to types text file
   37.20 -        -debug                          turn on debug messages
   37.21 -        -help                           help. This printout
   37.22 -
   37.23 -Where:
   37.24 -
   37.25 -file.xml is the (input) xml policy file to be parsed and validated.
   37.26 -The syntax for file.xml is defined in the SecurityPolicySpec.xsd file.
   37.27 -file.bin is the (output) binary policy file generated by XmlToBin.
   37.28 -This binary policy can be activated in sHype. The binary policy file
   37.29 -is laid out in network byte order (i.e., big endian).  The SsidFile
   37.30 -file contains the mapping of type enforcement (TE) ssids to the "named
   37.31 -types".  Similarly, the SsidConf file contains the mapping of Chinese
   37.32 -Wall (ChWall) ssids to conflict named types. The ssidFile and SsidConf
   37.33 -files are used by Xen.
   37.34 -
   37.35 -Xml Schema and policy:
   37.36 -
   37.37 -The SecurityPolicySpec.xsd defines the syntax of a policy file. It
   37.38 -declares the tags that are used by XmlToBin to generate the binary
   37.39 -policy file. The tags that XmlToBin keys on are TE, ChWall, id, vid,
   37.40 -etc.  The xml files that describe a policy are simple.  Semantic
   37.41 -checking of a policy is performed mostly by XmlToBin.  A type, for
   37.42 -example, is a string. No fixed values are defined for types in Xml.
   37.43 -  
   37.44 -A policy consists of two Xml files: definition and policy. The
   37.45 -definition Xml declares the types that are permitted in the policy
   37.46 -Xml.  The policy Xml contains the assignment of labels to
   37.47 -subject/object (e.g., vm). This Xml file contains an explicit
   37.48 -reference to the definition Xml (e.g., <url>xen_sample_def.xml</url>).
   37.49 -The policy Xml is the one provided as a command line argument.
   37.50 -
   37.51 -
   37.52 -Files:
   37.53 -
   37.54 -*.java		      	- policy processor source 
   37.55 -xen_sample_policy.xml	- sample xml policy file
   37.56 -xen_sample_def.xml	- sample user defined types
   37.57 -SecurityPolicySpec.xsd 	- schema definition file
   37.58 -
   37.59 -
   37.60 -To generate the sample binary policy: 
   37.61 -
   37.62 -export CLASSPATH=$XERCES_HOME/xercesImpl.jar:$XERCES_HOME/xmlParserAPIs.jar:.
   37.63 -
   37.64 -java XmlToBin -i xen_sample_policy.xml -o xen_sample_policy.bin
   37.65 -
   37.66 -where $XERCES_HOME is the installation directory of the Apache Xerces-J
   37.67 -
   37.68 -
    38.1 --- a/tools/misc/policyprocessor/xen_sample_def.xml	Fri Aug 19 10:18:53 2005 +0000
    38.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    38.3 @@ -1,46 +0,0 @@
    38.4 -<?xml version="1.0"?>
    38.5 -<!-- Author: Ray Valdez, rvaldez@us.ibm.com -->
    38.6 -<!-- example policy type definition -->
    38.7 -<SecurityPolicySpec
    38.8 -xmlns="http://www.ibm.com"
    38.9 -xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   38.10 -xsi:schemaLocation="http://www.ibm.com SecurityPolicySpec.xsd">
   38.11 -
   38.12 -<Definition>
   38.13 -<!-- an example of a simple type enforcement type definition -->
   38.14 -  <Types>
   38.15 -        <TE>LOCAL-management</TE>
   38.16 -        <TE>R-Company-development</TE>
   38.17 -        <TE>S-Company-order</TE>
   38.18 -        <TE>T-Company-advertising</TE>
   38.19 -        <TE>U-Company-computing</TE>
   38.20 -		 <!-- TE nondevelopment  -->
   38.21 -  </Types>
   38.22 -
   38.23 -<!-- an example of a chinese wall type definition along with conflict sets-->
   38.24 -  <ChWallTypes>
   38.25 -		 <ChWall>Q-Company</ChWall>
   38.26 -		 <ChWall>R-Company</ChWall>
   38.27 -		 <ChWall>S-Company</ChWall>
   38.28 -		 <ChWall>T-Company</ChWall>
   38.29 -		 <ChWall>U-Company</ChWall>
   38.30 -		 <ChWall>V-Company</ChWall>
   38.31 -		 <ChWall>W-Company</ChWall>
   38.32 -		 <ChWall>X-Company</ChWall>
   38.33 -		 <ChWall>Y-Company</ChWall>
   38.34 -		 <ChWall>Z-Company</ChWall>
   38.35 -  </ChWallTypes>
   38.36 -
   38.37 -  <ConflictSet>
   38.38 -		 <ChWall>T-Company</ChWall>
   38.39 -		 <ChWall>S-Company</ChWall>
   38.40 -   </ConflictSet>
   38.41 -
   38.42 -   <ConflictSet>
   38.43 -		 <ChWall>R-Company</ChWall>
   38.44 -		 <ChWall>V-Company</ChWall>
   38.45 -		 <ChWall>W-Company</ChWall>
   38.46 -   </ConflictSet>
   38.47 -
   38.48 -</Definition>
   38.49 -</SecurityPolicySpec>
    39.1 --- a/tools/misc/policyprocessor/xen_sample_policy.xml	Fri Aug 19 10:18:53 2005 +0000
    39.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    39.3 @@ -1,58 +0,0 @@
    39.4 -<?xml version="1.0"?>
    39.5 -<!-- Author: Ray Valdez, rvaldez@us.ibm.com -->
    39.6 -<!-- example xen policy file -->
    39.7 -
    39.8 -<SecurityPolicySpec
    39.9 -xmlns="http://www.ibm.com"
   39.10 -xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   39.11 -xsi:schemaLocation="http://www.ibm.com SecurityPolicySpec.xsd">
   39.12 -<Policy>
   39.13 - <PolicyHeader>
   39.14 -        <Name>xen sample policy</Name>
   39.15 -        <DateTime>2005-05-20T16:56:00</DateTime>
   39.16 -        <Tag>foobar</Tag>
   39.17 -        <TypeDefinition>
   39.18 -          <url>xen_sample_def.xml</url>
   39.19 -          <hash>abcdef123456abcdef</hash>
   39.20 -        </TypeDefinition>
   39.21 - </PolicyHeader>
   39.22 -
   39.23 - <VM>
   39.24 -        <id> 0 </id>
   39.25 -        <TE>LOCAL-management</TE>
   39.26 -        <TE>R-Company-development</TE>
   39.27 -        <TE>S-Company-order</TE>
   39.28 -        <TE>T-Company-advertising</TE>
   39.29 -        <TE>U-Company-computing</TE>
   39.30 -		 <ChWall>Q-Company</ChWall>
   39.31 - </VM>
   39.32 -
   39.33 - <VM>
   39.34 -        <id> 1 </id>
   39.35 -        <TE>R-Company-development</TE>
   39.36 -		 <ChWall>R-Company</ChWall>
   39.37 - </VM>
   39.38 -
   39.39 - <VM>
   39.40 -        <id> 2 </id>
   39.41 -        <TE>S-Company-order</TE>
   39.42 -		 <ChWall>S-Company</ChWall>
   39.43 -
   39.44 - </VM>
   39.45 -
   39.46 - <VM>
   39.47 -        <id> 3 </id>
   39.48 -        <TE>T-Company-advertising</TE>
   39.49 -		 <ChWall>T-Company</ChWall>
   39.50 - </VM>
   39.51 -
   39.52 -
   39.53 - <VM>
   39.54 -        <id> 4 </id>
   39.55 -        <TE>U-Company-computing</TE>
   39.56 -		 <ChWall>U-Company</ChWall>
   39.57 - </VM>
   39.58 -
   39.59 -
   39.60 -</Policy>
   39.61 -</SecurityPolicySpec>
    40.1 --- a/tools/python/xen/xend/server/event.py	Fri Aug 19 10:18:53 2005 +0000
    40.2 +++ b/tools/python/xen/xend/server/event.py	Fri Aug 19 10:50:15 2005 +0000
    40.3 @@ -50,7 +50,7 @@ class EventProtocol(protocol.Protocol):
    40.4      def dataReceived(self, data):
    40.5          try:
    40.6              self.parser.input(data)
    40.7 -            if self.parser.ready():
    40.8 +            while(self.parser.ready()):
    40.9                  val = self.parser.get_val()
   40.10                  res = self.dispatch(val)
   40.11                  self.send_result(res)
    41.1 --- a/tools/python/xen/xend/server/relocate.py	Fri Aug 19 10:18:53 2005 +0000
    41.2 +++ b/tools/python/xen/xend/server/relocate.py	Fri Aug 19 10:50:15 2005 +0000
    41.3 @@ -42,7 +42,7 @@ class RelocationProtocol(protocol.Protoc
    41.4      def dataReceived(self, data):
    41.5          try:
    41.6              self.parser.input(data)
    41.7 -            if self.parser.ready():
    41.8 +            while(self.parser.ready()):
    41.9                  val = self.parser.get_val()
   41.10                  res = self.dispatch(val)
   41.11                  self.send_result(res)
    42.1 --- a/tools/python/xen/xm/create.py	Fri Aug 19 10:18:53 2005 +0000
    42.2 +++ b/tools/python/xen/xm/create.py	Fri Aug 19 10:50:15 2005 +0000
    42.3 @@ -23,6 +23,7 @@ import string
    42.4  import sys
    42.5  import socket
    42.6  import commands
    42.7 +import time
    42.8  
    42.9  import xen.lowlevel.xc
   42.10  
   42.11 @@ -674,18 +675,33 @@ def get_dom0_alloc():
   42.12      return 0
   42.13  
   42.14  def balloon_out(dom0_min_mem, opts):
   42.15 -    """Balloon out to get memory for domU, if necessarily"""
   42.16 +    """Balloon out memory from dom0 if necessary"""
   42.17      SLACK = 4
   42.18 +    timeout = 20 # 2s
   42.19 +    ret = 0
   42.20  
   42.21      xc = xen.lowlevel.xc.new()
   42.22      pinfo = xc.physinfo()
   42.23 -    free_mem = pinfo['free_pages']/256
   42.24 -    if free_mem < opts.vals.memory + SLACK:
   42.25 -        need_mem = opts.vals.memory + SLACK - free_mem
   42.26 -        cur_alloc = get_dom0_alloc()
   42.27 -        if cur_alloc - need_mem >= dom0_min_mem:
   42.28 -            server.xend_domain_mem_target_set(0, cur_alloc - need_mem)
   42.29 +    free_mem = pinfo['free_pages'] / 256
   42.30 +    domU_need_mem = opts.vals.memory + SLACK 
   42.31 +
   42.32 +    dom0_cur_alloc = get_dom0_alloc()
   42.33 +    dom0_new_alloc = dom0_cur_alloc - (domU_need_mem - free_mem)
   42.34 +
   42.35 +    if free_mem < domU_need_mem and dom0_new_alloc >= dom0_min_mem:
   42.36 +
   42.37 +        server.xend_domain_mem_target_set(0, dom0_new_alloc)
   42.38 +
   42.39 +        while dom0_cur_alloc > dom0_new_alloc and timeout > 0:
   42.40 +            time.sleep(0.1) # sleep 100ms
   42.41 +            dom0_cur_alloc = get_dom0_alloc()
   42.42 +            timeout -= 1
   42.43 +        
   42.44 +        if dom0_cur_alloc > dom0_new_alloc:
   42.45 +            ret = 1
   42.46 +    
   42.47      del xc
   42.48 +    return ret
   42.49  
   42.50  def main(argv):
   42.51      random.seed()
   42.52 @@ -717,7 +733,8 @@ def main(argv):
   42.53      else:
   42.54          dom0_min_mem = xroot.get_dom0_min_mem()
   42.55          if dom0_min_mem != 0:
   42.56 -            balloon_out(dom0_min_mem, opts)
   42.57 +            if balloon_out(dom0_min_mem, opts):
   42.58 +                return
   42.59  
   42.60          dom = make_domain(opts, config)
   42.61          if opts.vals.console_autoconnect:
    43.1 --- a/tools/python/xen/xm/main.py	Fri Aug 19 10:18:53 2005 +0000
    43.2 +++ b/tools/python/xen/xm/main.py	Fri Aug 19 10:50:15 2005 +0000
    43.3 @@ -200,7 +200,11 @@ def xm_migrate(args):
    43.4  def xm_list(args):
    43.5      use_long = 0
    43.6      show_vcpus = 0
    43.7 -    (options, params) = getopt(args, 'lv', ['long','vcpus'])
    43.8 +    try:
    43.9 +        (options, params) = getopt(args, 'lv', ['long','vcpus'])
   43.10 +    except GetoptError, opterr:
   43.11 +        err(opterr)
   43.12 +        sys.exit(1)
   43.13      
   43.14      n = len(params)
   43.15      for (k, v) in options:
    44.1 --- a/tools/security/Makefile	Fri Aug 19 10:18:53 2005 +0000
    44.2 +++ b/tools/security/Makefile	Fri Aug 19 10:50:15 2005 +0000
    44.3 @@ -2,27 +2,71 @@ XEN_ROOT = ../..
    44.4  include $(XEN_ROOT)/tools/Rules.mk
    44.5  
    44.6  SRCS     = secpol_tool.c
    44.7 -CFLAGS   += -static
    44.8  CFLAGS   += -Wall
    44.9  CFLAGS   += -Werror
   44.10  CFLAGS   += -O3
   44.11  CFLAGS   += -fno-strict-aliasing
   44.12 -CFLAGS   += -I.
   44.13 +CFLAGS   += -I. -I/usr/include/libxml2
   44.14 +CFLAGS_XML2BIN += $(shell xml2-config --cflags --libs )
   44.15 +#if above does not work, try  -L/usr/lib -lxml2 -lz -lpthread -lm
   44.16 +XML2VERSION = $(shell xml2-config --version )
   44.17 +VALIDATE_SCHEMA=$(shell if [[ $(XML2VERSION) < 2.6.20 ]]; then echo ""; else echo "-DVALIDATE_SCHEMA"; fi; )
   44.18  
   44.19 +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY)
   44.20 +POLICY=null
   44.21 +endif
   44.22 +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_POLICY)
   44.23 +POLICY=chwall
   44.24 +endif
   44.25 +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
   44.26 +POLICY=ste
   44.27 +endif
   44.28 +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)
   44.29 +POLICY=chwall_ste
   44.30 +endif
   44.31 +POLICYFILE=./policies/$(POLICY)/$(POLICY).bin
   44.32 +
   44.33 +ifneq ($(ACM_USE_SECURITY_POLICY), ACM_NULL_POLICY)
   44.34  all: build
   44.35 +
   44.36 +install:all
   44.37 +
   44.38 +default:all
   44.39 +else
   44.40 +all:
   44.41 +
   44.42 +install:
   44.43 +
   44.44 +default:
   44.45 +endif
   44.46 +
   44.47  build: mk-symlinks
   44.48  	$(MAKE) secpol_tool
   44.49 -
   44.50 -default: all
   44.51 +	$(MAKE) secpol_xml2bin
   44.52 +	chmod 700 ./setlabel.sh
   44.53 +	chmod 700 ./updategrub.sh
   44.54  
   44.55 -install: all
   44.56 -
   44.57 -secpol_tool : secpol_tool.c
   44.58 +secpol_tool : secpol_tool.c secpol_compat.h
   44.59  	$(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $<
   44.60  
   44.61 +secpol_xml2bin : secpol_xml2bin.c secpol_xml2bin.h secpol_compat.h
   44.62 +	$(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_XML2BIN) $(VALIDATE_SCHEMA) -o $@ $<
   44.63 +
   44.64  clean:
   44.65 -	rm -rf secpol_tool xen
   44.66 +	rm -rf secpol_tool secpol_xml2bin xen
   44.67  
   44.68 +policy_clean:
   44.69 +	rm -rf policies/*/*.bin policies/*/*.map
   44.70 +
   44.71 +mrproper: clean policy_clean
   44.72 +
   44.73 +
   44.74 +$(POLICYFILE) : build
   44.75 +	@./secpol_xml2bin $(POLICY) > /dev/null
   44.76 +
   44.77 +boot_install: $(POLICYFILE)
   44.78 +	@cp $(POLICYFILE) /boot
   44.79 +	@./updategrub.sh $(POLICY) $(PWD)/$(XEN_ROOT)
   44.80  
   44.81  LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse
   44.82  mk-symlinks:
    45.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    45.2 +++ b/tools/security/example.txt	Fri Aug 19 10:50:15 2005 +0000
    45.3 @@ -0,0 +1,269 @@
    45.4 +##
    45.5 +# example.txt <description to the xen access control architecture>
    45.6 +#
    45.7 +# Author:
    45.8 +# Reiner Sailer 08/15/2005 <sailer@watson.ibm.com>
    45.9 +#
   45.10 +#
   45.11 +# This file introduces into the tools to manage policies
   45.12 +# and to label domains and resources.
   45.13 +##
   45.14 +
   45.15 +We will show how to install and use the chwall_ste policy.
   45.16 +Other policies work similarly. Feedback welcome!
   45.17 +
   45.18 +
   45.19 +
   45.20 +1. Using secpol_xml2bin to translate the chwall_ste policy:
   45.21 +===========================================================
   45.22 +
   45.23 +#tools/security/secpol_xml2bin chwall_ste
   45.24 +
   45.25 +Successful execution should print:
   45.26 +
   45.27 +    [root@laptopxn security]# ./secpol_xml2bin chwall_ste
   45.28 +    Validating label file policies/chwall_ste/chwall_ste-security_label_template.xml...
   45.29 +    XML Schema policies/security_policy.xsd valid.
   45.30 +    Validating policy file policies/chwall_ste/chwall_ste-security_policy.xml...
   45.31 +    XML Schema policies/security_policy.xsd valid.
   45.32 +    Creating ssid mappings ...
   45.33 +    Creating label mappings ...
   45.34 +    Max chwall labels:  7
   45.35 +    Max chwall-types:   4
   45.36 +    Max chwall-ssids:   5
   45.37 +    Max ste labels:     14
   45.38 +    Max ste-types:      6
   45.39 +    Max ste-ssids:      10
   45.40 +
   45.41 +The tool looks in directory policies/chwall_ste for
   45.42 +the label and policy files.
   45.43 +
   45.44 +The default policy directory structure under tools/security looks like:
   45.45 +
   45.46 +policies
   45.47 +|-- security_policy.xsd
   45.48 +|-- chwall
   45.49 +|   |-- chwall-security_label_template.xml
   45.50 +|   `-- chwall-security_policy.xml
   45.51 +|-- chwall_ste
   45.52 +|   |-- chwall_ste-security_label_template.xml
   45.53 +|   `-- chwall_ste-security_policy.xml
   45.54 +|-- null
   45.55 +|   |-- null-security_label_template.xml
   45.56 +|   `-- null-security_policy.xml
   45.57 +`-- ste
   45.58 +    |-- ste-security_label_template.xml
   45.59 +    `-- ste-security_policy.xml
   45.60 +
   45.61 +policies/security_policy.xsd contains the schema against which both the
   45.62 +label-template and the policy files must validate during translation.
   45.63 +
   45.64 +policies/chwall_ste/chwall_ste-security_policy.xml defines the
   45.65 +policies and the types known to the policies.
   45.66 +
   45.67 +policies/chwall_ste/chwall_ste-security_label_template.xml contains
   45.68 +label definitions that group chwall and ste types together and make
   45.69 +them easier to use for users
   45.70 +
   45.71 +After executing the above secpol_xml2bin command, you will find 2 new
   45.72 +files in the policies/chwall_ste sub-directory:
   45.73 +
   45.74 +policies/chwall_ste/chwall_ste.map ... this file includes the mapping
   45.75 +of names from the xml files into their binary code representation.
   45.76 +
   45.77 +policies/chwall_ste/chwall_ste.bin ... this is the binary policy file,
   45.78 +the result of parsing the xml files and using the mapping to extract a
   45.79 +binary version that can be loaded into the hypervisor.
   45.80 +
   45.81 +
   45.82 +
   45.83 +2. Loading and activating the policy:
   45.84 +=====================================
   45.85 +
   45.86 +We assume that xen is already configured to use the chwall_ste policy;
   45.87 +please refer to install.txt for instructions.
   45.88 +
   45.89 +To activate the policy from the command line (assuming that the
   45.90 +currently established policy is the minimal boot-policy that is
   45.91 +hard-coded into the hypervisor:
   45.92 +
   45.93 +# ./secpol_tool loadpolicy policies/chwall_ste/chwall_ste.bin
   45.94 +
   45.95 +To activate the policy at next reboot:
   45.96 +
   45.97 +# cp policies/chwall_ste/chwall_ste.bin /boot
   45.98 +
   45.99 +Add a module line to your /boot/grub/grub.conf Xen entry.
  45.100 +My boot entry with chwall_ste enabled looks like this:
  45.101 +
  45.102 +    title Xen (2.6.12)
  45.103 +        root (hd0,5)
  45.104 +        kernel /boot/xen.gz dom0_mem=1200000 console=vga
  45.105 +        module /boot/vmlinuz-2.6.12-xen0 ro root=/dev/hda6 rhgb
  45.106 +        module /boot/initrd-2.6.12-xen0.img
  45.107 +        module /boot/chwall_ste.bin
  45.108 +
  45.109 +This tells the grub boot-loader to load the binary policy, which
  45.110 +the hypervisor will recognize. The hypervisor will then establish
  45.111 +this binary policy during boot instead of the minimal policy that
  45.112 +is hardcoded as default.
  45.113 +
  45.114 +If you have any trouble here, maks sure you have the access control
  45.115 +framework enabled (see: install.txt).
  45.116 +
  45.117 +
  45.118 +
  45.119 +3. Labeling domains:
  45.120 +====================
  45.121 +
  45.122 +a) Labeling Domain0:
  45.123 +
  45.124 +The chwall_ste-security_label_template.xml file includes an attribute
  45.125 +"bootstrap", which is set to the label name that will be assigned to
  45.126 +Dom0 (this label will be mapped to ssidref 1/1, the default for Dom0).
  45.127 +
  45.128 +b) Labeling User Domains:
  45.129 +
  45.130 +Use the script tools/security/setlabel.sh to choose a label and to
  45.131 +assign labels to user domains.
  45.132 +
  45.133 +To show available labels for the chwall_ste policy:
  45.134 +
  45.135 +#tools/security/setlabel.sh -l
  45.136 +
  45.137 +lists all available labels. For the default chwall_ste it should print
  45.138 +the following:
  45.139 +
  45.140 +    [root@laptopxn security]# ./setlabel.sh -l chwall_ste
  45.141 +    The following labels are available:
  45.142 +    dom_SystemManagement
  45.143 +    dom_HomeBanking
  45.144 +    dom_Fun
  45.145 +    dom_BoincClient
  45.146 +    dom_StorageDomain
  45.147 +    dom_NetworkDomain
  45.148 +
  45.149 +You need to have compiled the policy beforehand so that a .map file
  45.150 +exists. Setlabel.sh uses the mapping file created throughout the
  45.151 +policy translation to translate a user-friendly label string into a
  45.152 +ssidref-number that is eventually used by the Xen hypervisor.
  45.153 +
  45.154 +We distinguish two kinds of labels: a) VM labels (for domains) and RES
  45.155 +Labels (for resources). We are currently working on support for
  45.156 +resource labeling but will focus here on VM labels.
  45.157 +
  45.158 +Setlabel.sh only prints VM labels (which we have prefixed with "dom_")
  45.159 +since only those are used at this time.
  45.160 +
  45.161 +If you would like to assign the dom_HomeBanking label to one of your
  45.162 +user domains (which you hopefully keep clean), look at an example
  45.163 +domain configuration homebanking.xm:
  45.164 +
  45.165 +    #------HOMEBANKING---------
  45.166 +    kernel = "/boot/vmlinuz-2.6.12-xenU"
  45.167 +    ramdisk="/boot/U1_ramdisk.img"
  45.168 +    memory = 65
  45.169 +    name = "test34"
  45.170 +    cpu = -1   # leave to Xen to pick
  45.171 +    # Number of network interfaces. Default is 1.
  45.172 +    nics=1
  45.173 +    dhcp="dhcp"
  45.174 +    #-------------------------
  45.175 +
  45.176 +Now we label this domain
  45.177 +
  45.178 +[root@laptopxn security]# ./setlabel.sh homebanking.xm dom_HomeBanking chwall_ste
  45.179 +Mapped label 'dom_HomeBanking' to ssidref '0x00020002'.
  45.180 +
  45.181 +The domain configuration my look now like:
  45.182 +
  45.183 +    [root@laptopxn security]# cat homebanking.xm
  45.184 +    #------HOMEBANKING---------
  45.185 +    kernel = "/boot/vmlinuz-2.6.12-xenU"
  45.186 +    ramdisk="/boot/U1_ramdisk.img"
  45.187 +    memory = 65
  45.188 +    name = "test34"
  45.189 +    cpu = -1   # leave to Xen to pick
  45.190 +    # Number of network interfaces. Default is 1.
  45.191 +    nics=1
  45.192 +    dhcp="dhcp"
  45.193 +    #-------------------------
  45.194 +    #ACM_POLICY=chwall_ste-security_policy.xml
  45.195 +    #ACM_LABEL=dom_HomeBanking
  45.196 +    ssidref = 0x00020002
  45.197 +
  45.198 +You can see 3 new entries, two of which are comments.  The only value
  45.199 +that the hypervisor cares about is the ssidref that will reference
  45.200 +those types assigned to this label. You can look them up in the
  45.201 +xml label-template file for the chwall_ste policy.
  45.202 +
  45.203 +This script will eventually move into the domain management and will
  45.204 +be called when the domain is instantiated. For now, the setlabel
  45.205 +script must be run on domains whenever the policy files change since
  45.206 +the mapping between label names and ssidrefs can change in this case.
  45.207 +
  45.208 +
  45.209 +4. Starting a labeled domain
  45.210 +============================
  45.211 +
  45.212 +Now, start the domain:
  45.213 +    #xm create -c homebanking.xm
  45.214 +
  45.215 +
  45.216 +If you label another domain configuration as dom_Fun and try to start
  45.217 +it afterwards, its start will fail. Why?
  45.218 +
  45.219 +Because the running homebanking domain has the chinese wall type
  45.220 +"cw_Sensitive". The new domain dom_Fun has the chinese wall label
  45.221 +"cw_Distrusted". This domain is not allowed to run simultaneously
  45.222 +because of the defined conflict set
  45.223 +
  45.224 +			<conflictset name="Protection1">
  45.225 +				<type>cw_Sensitive</type>
  45.226 +				<type>cw_Distrusted</type>
  45.227 +			</conflictset>
  45.228 +
  45.229 +(in policies/chwall_ste/chwall_ste-security_policy.xml), which says
  45.230 +that only one of the types cw_sensitive and cw_Distrusted can run at a
  45.231 +time.
  45.232 +
  45.233 +If you save or shutdown the HomeBanking domain, you will be able to
  45.234 +start the "Fun" domain. You can look into the Xen log to see if a
  45.235 +domain was denied to start because of the access control framework
  45.236 +with the command 'xm dmesg'.
  45.237 +
  45.238 +It is important (and usually non-trivial) to define the labels in a
  45.239 +way that the semantics of the labels are enforced and supported by the
  45.240 +types and the conflict sets.
  45.241 +
  45.242 +Note: While the chinese wall policy enforcement is complete, the type
  45.243 +enforcement is currently enforced in the Xen hypervisor
  45.244 +only. Therefore, only point-to-point sharing with regard to the type
  45.245 +enforcement is currently controlled. We are working on enhancements to
  45.246 +Dom0 that enforce types also for network traffic that is routed
  45.247 +through Dom0 and on the enforcement of resource labeling when binding
  45.248 +resources to domains (e.g., enforcing types between domains and
  45.249 +hardware resources, such as disk partitions).
  45.250 +
  45.251 +
  45.252 +4. Adding your own policies
  45.253 +===========================
  45.254 +
  45.255 +Writing your own policy (e.g. "mypolicy") requires the following:
  45.256 +
  45.257 +a) the policy definition (types etc.) file
  45.258 +b) the label template definition (labels etc.) file
  45.259 +
  45.260 +If your policy name is "mypolicy", you need to create a
  45.261 +subdirectory mypolicy in tools/security/policies.
  45.262 +
  45.263 +Then you create
  45.264 +tools/security/policies/mypolicy/mypolicy-security_policy.xml and
  45.265 +tools/security/policies/mypolicy/mypolicy-security_label_template.xml.
  45.266 +
  45.267 +You need to keep to the schema as defined in
  45.268 +tools/security/security_policy.xsd since the translation tool
  45.269 +secpol_xml2bin is written against this schema.
  45.270 +
  45.271 +If you keep to the security policy schema, then you can use all the
  45.272 +tools described above. Refer to install.txt to install it.
    46.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    46.2 +++ b/tools/security/install.txt	Fri Aug 19 10:50:15 2005 +0000
    46.3 @@ -0,0 +1,67 @@
    46.4 +##
    46.5 +# install.txt <description to the xen access control architecture>
    46.6 +#
    46.7 +# Author:
    46.8 +# Reiner Sailer 08/15/2005 <sailer@watson.ibm.com>
    46.9 +#
   46.10 +#
   46.11 +# This file shows how to activate and install the access control
   46.12 +# framework.
   46.13 +##
   46.14 +
   46.15 +
   46.16 +INSTALLING A SECURITY POLICY IN XEN
   46.17 +===================================
   46.18 +
   46.19 +By default, the access control architecture is disabled in Xen. To
   46.20 +enable the access control architecture in Xen follow the steps below.
   46.21 +This description assumes that you want to install the Chinese Wall and
   46.22 +Simple Type Enforcement policy. Some file names need to be replaced
   46.23 +below to activate the Chinese Wall OR the Type Enforcement policy
   46.24 +exclusively (chwall_ste --> {chwall, ste}).
   46.25 +
   46.26 +1. enable access control in Xen
   46.27 +       # cd "xen_root"
   46.28 +       # edit/xemacs/vi Config.mk
   46.29 +
   46.30 +       change the line:
   46.31 +       ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
   46.32 +
   46.33 +       to:
   46.34 +       ACM_USE_SECURITY_POLICY ?= ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
   46.35 +
   46.36 +       # make all
   46.37 +       # ./install.sh
   46.38 +
   46.39 +2. compile the policy from xml to a binary format that can be loaded
   46.40 +   into the hypervisor for enforcement
   46.41 +       # cd tools/security
   46.42 +       # make
   46.43 +
   46.44 +       manual steps (alternative to make boot_install):
   46.45 +       #./secpol_xml2bin chwall_ste
   46.46 +       #cp policies/chwall_ste/chwall_ste.bin /boot
   46.47 +       #edit /boot/grub/grub.conf
   46.48 +        add the follwoing line to your xen boot entry:
   46.49 +       "module chwall_ste.bin"
   46.50 +
   46.51 +       alternatively, you can try our automatic translation and
   46.52 +       installation of the policy:
   46.53 +       # make boot_install
   46.54 +
   46.55 +       [we try hard to do the right thing to the right boot entry but
   46.56 +        please verify boot entry in /boot/grub/grub.conf afterwards;
   46.57 +        your xen boot entry should have an additional module line
   46.58 +        specifying a chwall_ste.bin file with the correct directory
   46.59 +        (e.g. "/" or "/boot").]
   46.60 +
   46.61 +
   46.62 +3. reboot into the newly compiled hypervisor
   46.63 +
   46.64 +        after boot
   46.65 +	#xm dmesg should show an entry about the policy being loaded
   46.66 +            during the boot process
   46.67 +
   46.68 +        #tools/security/secpol_tool getpolicy
   46.69 +            should print the new chwall_ste binary policy representation
   46.70 +
    47.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    47.2 +++ b/tools/security/policies/chwall/chwall-security_label_template.xml	Fri Aug 19 10:50:15 2005 +0000
    47.3 @@ -0,0 +1,76 @@
    47.4 +<?xml version="1.0"?>
    47.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    47.6 +<!--              This file defines the security labels, which can  -->
    47.7 +<!--              be attached to Domains and resources. Based on    -->
    47.8 +<!--              these labels, the access control module decides   -->
    47.9 +<!--              about sharing between Domains and about access    -->
   47.10 +<!--              of Domains to real resources.                     -->
   47.11 +
   47.12 +<SecurityLabelTemplate
   47.13 + xmlns="http://www.ibm.com"
   47.14 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   47.15 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   47.16 +   <LabelHeader>
   47.17 +      <Name>chwall-security_label_template</Name>
   47.18 +      <Date>2005-08-10</Date>
   47.19 +      <PolicyName>
   47.20 +         <Url>chwall-security_policy.xml</Url>
   47.21 +         <Reference>abcdef123456abcdef</Reference>
   47.22 +      </PolicyName>
   47.23 +   </LabelHeader>
   47.24 +
   47.25 +   <SubjectLabels bootstrap="dom_SystemManagement">
   47.26 +      <!-- single ste typed domains            -->
   47.27 +      <!-- ACM enforces that only domains with -->
   47.28 +      <!-- the same type can share information -->
   47.29 +      <!--                                     -->
   47.30 +      <!-- Bootstrap label is assigned to Dom0 -->
   47.31 +      <VirtualMachineLabel>
   47.32 +      	<Name>dom_HomeBanking</Name>
   47.33 +         <ChineseWallTypes>
   47.34 +            <Type>cw_Sensitive</Type>
   47.35 +         </ChineseWallTypes>
   47.36 +      </VirtualMachineLabel>
   47.37 +
   47.38 +      <VirtualMachineLabel>
   47.39 +      	<Name>dom_Fun</Name>
   47.40 +         <ChineseWallTypes>
   47.41 +            <Type>cw_Distrusted</Type>
   47.42 +         </ChineseWallTypes>
   47.43 +      </VirtualMachineLabel>
   47.44 +
   47.45 +      <VirtualMachineLabel>
   47.46 +        <!-- donating some cycles to seti@home -->
   47.47 +      	<Name>dom_BoincClient</Name>
   47.48 +         <ChineseWallTypes>
   47.49 +            <Type>cw_Isolated</Type>
   47.50 +         </ChineseWallTypes>
   47.51 +      </VirtualMachineLabel>
   47.52 +
   47.53 +      <!-- Domains with multiple ste types services; such domains   -->
   47.54 +      <!-- must keep the types inside their domain safely confined. -->
   47.55 +      <VirtualMachineLabel>
   47.56 +      	<Name>dom_SystemManagement</Name>
   47.57 +         <ChineseWallTypes>
   47.58 +            <Type>cw_SystemManagement</Type>
   47.59 +         </ChineseWallTypes>
   47.60 +      </VirtualMachineLabel>
   47.61 +
   47.62 +      <VirtualMachineLabel>
   47.63 +        <!-- serves persistent storage to other domains -->
   47.64 +      	<Name>dom_StorageDomain</Name>
   47.65 +         <ChineseWallTypes>
   47.66 +            <Type>cw_SystemManagement</Type>
   47.67 +         </ChineseWallTypes>
   47.68 +      </VirtualMachineLabel>
   47.69 +
   47.70 +      <VirtualMachineLabel>
   47.71 +        <!-- serves network access to other domains -->
   47.72 +      	<Name>dom_NetworkDomain</Name>
   47.73 +         <ChineseWallTypes>
   47.74 +            <Type>cw_SystemManagement</Type>
   47.75 +         </ChineseWallTypes>
   47.76 +      </VirtualMachineLabel>
   47.77 +   </SubjectLabels>
   47.78 +</SecurityLabelTemplate>
   47.79 +
    48.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    48.2 +++ b/tools/security/policies/chwall/chwall-security_policy.xml	Fri Aug 19 10:50:15 2005 +0000
    48.3 @@ -0,0 +1,36 @@
    48.4 +<?xml version="1.0" encoding="UTF-8"?>
    48.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    48.6 +<!--             This file defines the security policies, which     -->
    48.7 +<!--             can be enforced by the Xen Access Control Module.  -->
    48.8 +<!--             Currently: Chinese Wall and Simple Type Enforcement-->
    48.9 +<SecurityPolicyDefinition xmlns="http://www.ibm.com"
   48.10 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   48.11 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   48.12 +<PolicyHeader>
   48.13 +		<Name>chwall-security_policy</Name>
   48.14 +		<Date>2005-08-10</Date>
   48.15 +</PolicyHeader>
   48.16 +<!--                                             -->
   48.17 +<!-- example of a chinese wall type definition   -->
   48.18 +<!-- along with its conflict sets                -->
   48.19 +<!-- (typse in a confict set are exclusive, i.e. -->
   48.20 +<!--  once a Domain with one type of a set is    -->
   48.21 +<!--  running, no other Domain with another type -->
   48.22 +<!--  of the same conflict set can start.)       -->
   48.23 +	<ChineseWall priority="PrimaryPolicyComponent">
   48.24 +        <ChineseWallTypes>
   48.25 +            <Type>cw_SystemManagement</Type>
   48.26 +            <Type>cw_Sensitive</Type>
   48.27 +            <Type>cw_Isolated</Type>
   48.28 +            <Type>cw_Distrusted</Type>
   48.29 +        </ChineseWallTypes>
   48.30 +
   48.31 +        <ConflictSets>
   48.32 +        <Conflict name="Protection1">
   48.33 +            <Type>cw_Sensitive</Type>
   48.34 +            <Type>cw_Distrusted</Type>
   48.35 +        </Conflict>
   48.36 +        </ConflictSets>
   48.37 +	</ChineseWall>
   48.38 +</SecurityPolicyDefinition>
   48.39 +
    49.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    49.2 +++ b/tools/security/policies/chwall_ste/chwall_ste-security_label_template.xml	Fri Aug 19 10:50:15 2005 +0000
    49.3 @@ -0,0 +1,167 @@
    49.4 +<?xml version="1.0"?>
    49.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    49.6 +<!--              This file defines the security labels, which can  -->
    49.7 +<!--              be attached to Domains and resources. Based on    -->
    49.8 +<!--              these labels, the access control module decides   -->
    49.9 +<!--              about sharing between Domains and about access    -->
   49.10 +<!--              of Domains to real resources.                     -->
   49.11 +
   49.12 +<SecurityLabelTemplate
   49.13 + xmlns="http://www.ibm.com"
   49.14 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   49.15 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   49.16 +   <LabelHeader>
   49.17 +      <Name>chwall_ste-security_label_template</Name>
   49.18 +      <Date>2005-08-10</Date>
   49.19 +      <PolicyName>
   49.20 +         <Url>chwall_ste-security_policy.xml</Url>
   49.21 +         <Reference>abcdef123456abcdef</Reference>
   49.22 +      </PolicyName>
   49.23 +   </LabelHeader>
   49.24 +
   49.25 +   <SubjectLabels bootstrap="dom_SystemManagement">
   49.26 +      <!-- single ste typed domains            -->
   49.27 +      <!-- ACM enforces that only domains with -->
   49.28 +      <!-- the same type can share information -->
   49.29 +      <!--                                     -->
   49.30 +      <!-- Bootstrap label is assigned to Dom0 -->
   49.31 +      <VirtualMachineLabel>
   49.32 +      	<Name>dom_HomeBanking</Name>
   49.33 +         <SimpleTypeEnforcementTypes>
   49.34 +            <Type>ste_PersonalFinances</Type>
   49.35 +         </SimpleTypeEnforcementTypes>
   49.36 +
   49.37 +         <ChineseWallTypes>
   49.38 +            <Type>cw_Sensitive</Type>
   49.39 +         </ChineseWallTypes>
   49.40 +      </VirtualMachineLabel>
   49.41 +
   49.42 +      <VirtualMachineLabel>
   49.43 +      	<Name>dom_Fun</Name>
   49.44 +         <SimpleTypeEnforcementTypes>
   49.45 +            <Type>ste_InternetInsecure</Type>
   49.46 +         </SimpleTypeEnforcementTypes>
   49.47 +
   49.48 +         <ChineseWallTypes>
   49.49 +            <Type>cw_Distrusted</Type>
   49.50 +         </ChineseWallTypes>
   49.51 +      </VirtualMachineLabel>
   49.52 +
   49.53 +      <VirtualMachineLabel>
   49.54 +        <!-- donating some cycles to seti@home -->
   49.55 +      	<Name>dom_BoincClient</Name>
   49.56 +         <SimpleTypeEnforcementTypes>
   49.57 +            <Type>ste_DonatedCycles</Type>
   49.58 +         </SimpleTypeEnforcementTypes>
   49.59 +
   49.60 +         <ChineseWallTypes>
   49.61 +            <Type>cw_Isolated</Type>
   49.62 +         </ChineseWallTypes>
   49.63 +      </VirtualMachineLabel>
   49.64 +
   49.65 +      <!-- Domains with multiple ste types services; such domains   -->
   49.66 +      <!-- must keep the types inside their domain safely confined. -->
   49.67 +      <VirtualMachineLabel>
   49.68 +      	<Name>dom_SystemManagement</Name>
   49.69 +         <SimpleTypeEnforcementTypes>
   49.70 +            <!-- since dom0 needs access to every domain and -->
   49.71 +            <!-- resource right now ... -->
   49.72 +            <Type>ste_SystemManagement</Type>
   49.73 +            <Type>ste_PersonalFinances</Type>
   49.74 +            <Type>ste_InternetInsecure</Type>
   49.75 +            <Type>ste_DonatedCycles</Type>
   49.76 +            <Type>ste_PersistentStorageA</Type>
   49.77 +            <Type>ste_NetworkAdapter0</Type>
   49.78 +         </SimpleTypeEnforcementTypes>
   49.79 +
   49.80 +         <ChineseWallTypes>
   49.81 +            <Type>cw_SystemManagement</Type>
   49.82 +         </ChineseWallTypes>
   49.83 +      </VirtualMachineLabel>
   49.84 +
   49.85 +      <VirtualMachineLabel>
   49.86 +        <!-- serves persistent storage to other domains -->
   49.87 +      	<Name>dom_StorageDomain</Name>
   49.88 +         <SimpleTypeEnforcementTypes>
   49.89 +            <!-- access right to the resource (hard drive a) -->
   49.90 +            <Type>ste_PersistentStorageA</Type>
   49.91 +            <!-- can serve following types -->
   49.92 +            <Type>ste_PersonalFinances</Type>
   49.93 +            <Type>ste_InternetInsecure</Type>
   49.94 +         </SimpleTypeEnforcementTypes>
   49.95 +
   49.96 +         <ChineseWallTypes>
   49.97 +            <Type>cw_SystemManagement</Type>
   49.98 +         </ChineseWallTypes>
   49.99 +      </VirtualMachineLabel>
  49.100 +
  49.101 +      <VirtualMachineLabel>
  49.102 +        <!-- serves network access to other domains -->
  49.103 +      	<Name>dom_NetworkDomain</Name>
  49.104 +         <SimpleTypeEnforcementTypes>
  49.105 +            <!-- access right to the resource (ethernet card) -->
  49.106 +            <Type>ste_NetworkAdapter0</Type>
  49.107 +            <!-- can serve following types -->
  49.108 +            <Type>ste_PersonalFinances</Type>
  49.109 +            <Type>ste_InternetInsecure</Type>
  49.110 +            <Type>ste_DonatedCycles</Type>
  49.111 +         </SimpleTypeEnforcementTypes>
  49.112 +
  49.113 +         <ChineseWallTypes>
  49.114 +            <Type>cw_SystemManagement</Type>
  49.115 +         </ChineseWallTypes>
  49.116 +      </VirtualMachineLabel>
  49.117 +   </SubjectLabels>
  49.118 +
  49.119 +   <ObjectLabels>
  49.120 +      <ResourceLabel>
  49.121 +      	<Name>res_ManagementResource</Name>
  49.122 +         <SimpleTypeEnforcementTypes>
  49.123 +            <Type>ste_SystemManagement</Type>
  49.124 +         </SimpleTypeEnforcementTypes>
  49.125 +      </ResourceLabel>
  49.126 +
  49.127 +      <ResourceLabel>
  49.128 +      	<Name>res_HardDrive (hda)</Name>
  49.129 +         <SimpleTypeEnforcementTypes>
  49.130 +            <Type>ste_PersistentStorageA</Type>
  49.131 +         </SimpleTypeEnforcementTypes>
  49.132 +      </ResourceLabel>
  49.133 +
  49.134 +      <ResourceLabel>
  49.135 +      	<Name>res_LogicalDiskPartition1 (hda1)</Name>
  49.136 +         <SimpleTypeEnforcementTypes>
  49.137 +            <Type>ste_PersonalFinances</Type>
  49.138 +         </SimpleTypeEnforcementTypes>
  49.139 +      </ResourceLabel>
  49.140 +
  49.141 +      <ResourceLabel>
  49.142 +      	<Name>res_LogicalDiskPartition2 (hda2)</Name>
  49.143 +         <SimpleTypeEnforcementTypes>
  49.144 +            <Type>ste_InternetInsecure</Type>
  49.145 +         </SimpleTypeEnforcementTypes>
  49.146 +      </ResourceLabel>
  49.147 +
  49.148 +      <ResourceLabel>
  49.149 +      	<Name>res_EthernetCard</Name>
  49.150 +         <SimpleTypeEnforcementTypes>
  49.151 +            <Type>ste_NetworkAdapter0</Type>
  49.152 +         </SimpleTypeEnforcementTypes>
  49.153 +      </ResourceLabel>
  49.154 +
  49.155 +      <ResourceLabel>
  49.156 +      	<Name>res_SecurityToken</Name>
  49.157 +         <SimpleTypeEnforcementTypes>
  49.158 +            <Type>ste_PersonalFinances</Type>
  49.159 +         </SimpleTypeEnforcementTypes>
  49.160 +      </ResourceLabel>
  49.161 +
  49.162 +      <ResourceLabel>
  49.163 +      	<Name>res_GraphicsAdapter</Name>
  49.164 +         <SimpleTypeEnforcementTypes>
  49.165 +            <Type>ste_SystemManagement</Type>
  49.166 +         </SimpleTypeEnforcementTypes>
  49.167 +      </ResourceLabel>
  49.168 +   </ObjectLabels>
  49.169 +</SecurityLabelTemplate>
  49.170 +
    50.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    50.2 +++ b/tools/security/policies/chwall_ste/chwall_ste-security_policy.xml	Fri Aug 19 10:50:15 2005 +0000
    50.3 @@ -0,0 +1,49 @@
    50.4 +<?xml version="1.0" encoding="UTF-8"?>
    50.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    50.6 +<!--             This file defines the security policies, which     -->
    50.7 +<!--             can be enforced by the Xen Access Control Module.  -->
    50.8 +<!--             Currently: Chinese Wall and Simple Type Enforcement-->
    50.9 +<SecurityPolicyDefinition xmlns="http://www.ibm.com"
   50.10 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   50.11 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   50.12 +<PolicyHeader>
   50.13 +		<Name>chwall_ste-security_policy</Name>
   50.14 +		<Date>2005-08-10</Date>
   50.15 +</PolicyHeader>
   50.16 +<!--                                                        -->
   50.17 +<!-- example of a simple type enforcement policy definition -->
   50.18 +<!--                                                        -->
   50.19 +	<SimpleTypeEnforcement>
   50.20 +        <SimpleTypeEnforcementTypes>
   50.21 +            <Type>ste_SystemManagement</Type>   <!-- machine/security management -->
   50.22 +            <Type>ste_PersonalFinances</Type>   <!-- personal finances -->
   50.23 +            <Type>ste_InternetInsecure</Type>   <!-- games, active X, etc. -->
   50.24 +            <Type>ste_DonatedCycles</Type>      <!-- donation to BOINC/seti@home -->
   50.25 +            <Type>ste_PersistentStorageA</Type> <!-- domain managing the harddrive A-->
   50.26 +            <Type>ste_NetworkAdapter0</Type>    <!-- type of the domain managing ethernet adapter 0-->
   50.27 +        </SimpleTypeEnforcementTypes>
   50.28 +	</SimpleTypeEnforcement>
   50.29 +<!--                                             -->
   50.30 +<!-- example of a chinese wall type definition   -->
   50.31 +<!-- along with its conflict sets                -->
   50.32 +<!-- (typse in a confict set are exclusive, i.e. -->
   50.33 +<!--  once a Domain with one type of a set is    -->
   50.34 +<!--  running, no other Domain with another type -->
   50.35 +<!--  of the same conflict set can start.)       -->
   50.36 +	<ChineseWall priority="PrimaryPolicyComponent">
   50.37 +        <ChineseWallTypes>
   50.38 +            <Type>cw_SystemManagement</Type>
   50.39 +            <Type>cw_Sensitive</Type>
   50.40 +            <Type>cw_Isolated</Type>
   50.41 +            <Type>cw_Distrusted</Type>
   50.42 +        </ChineseWallTypes>
   50.43 +
   50.44 +        <ConflictSets>
   50.45 +        <Conflict name="Protection1">
   50.46 +            <Type>cw_Sensitive</Type>
   50.47 +            <Type>cw_Distrusted</Type>
   50.48 +        </Conflict>
   50.49 +        </ConflictSets>
   50.50 +	</ChineseWall>
   50.51 +</SecurityPolicyDefinition>
   50.52 +
    51.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    51.2 +++ b/tools/security/policies/null/null-security_label_template.xml	Fri Aug 19 10:50:15 2005 +0000
    51.3 @@ -0,0 +1,24 @@
    51.4 +<?xml version="1.0"?>
    51.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    51.6 +<!--              This file defines the security labels, which can  -->
    51.7 +<!--              be attached to Domains and resources. Based on    -->
    51.8 +<!--              these labels, the access control module decides   -->
    51.9 +<!--              about sharing between Domains and about access    -->
   51.10 +<!--              of Domains to real resources.                     -->
   51.11 +
   51.12 +<SecurityLabelTemplate
   51.13 + xmlns="http://www.ibm.com"
   51.14 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   51.15 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   51.16 +   <LabelHeader>
   51.17 +      <Name>null-security_label_template</Name>
   51.18 +
   51.19 +      <Date>2005-08-10</Date>
   51.20 +      <PolicyName>
   51.21 +         <Url>null-security_policy.xml</Url>
   51.22 +
   51.23 +         <Reference>abcdef123456abcdef</Reference>
   51.24 +      </PolicyName>
   51.25 +   </LabelHeader>
   51.26 +</SecurityLabelTemplate>
   51.27 +
    52.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    52.2 +++ b/tools/security/policies/null/null-security_policy.xml	Fri Aug 19 10:50:15 2005 +0000
    52.3 @@ -0,0 +1,14 @@
    52.4 +<?xml version="1.0" encoding="UTF-8"?>
    52.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    52.6 +<!--             This file defines the security policies, which     -->
    52.7 +<!--             can be enforced by the Xen Access Control Module.  -->
    52.8 +<!--             Currently: Chinese Wall and Simple Type Enforcement-->
    52.9 +<SecurityPolicyDefinition xmlns="http://www.ibm.com"
   52.10 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   52.11 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   52.12 +<PolicyHeader>
   52.13 +		<Name>null-security_policy</Name>
   52.14 +		<Date>2005-08-10</Date>
   52.15 +</PolicyHeader>
   52.16 +</SecurityPolicyDefinition>
   52.17 +
    53.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    53.2 +++ b/tools/security/policies/security_policy.xsd	Fri Aug 19 10:50:15 2005 +0000
    53.3 @@ -0,0 +1,138 @@
    53.4 +<?xml version="1.0" encoding="UTF-8"?>
    53.5 +<!-- Author: Ray Valdez, Reiner Sailer {rvaldez,sailer}@us.ibm.com -->
    53.6 +<!--         This file defines the schema, which is used to define -->
    53.7 +<!--         the security policy and the security labels in Xe.    -->
    53.8 +
    53.9 +<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.ibm.com" xmlns="http://www.ibm.com" elementFormDefault="qualified">
   53.10 +	<xsd:element name="SecurityPolicyDefinition">
   53.11 +		<xsd:complexType>
   53.12 +			<xsd:sequence>
   53.13 +				<xsd:element ref="PolicyHeader" minOccurs="0" maxOccurs="1"></xsd:element>
   53.14 +				<xsd:element ref="SimpleTypeEnforcement" minOccurs="0" maxOccurs="1"></xsd:element>
   53.15 +				<xsd:element ref="ChineseWall" minOccurs="0" maxOccurs="1"></xsd:element>
   53.16 +			</xsd:sequence>
   53.17 +		</xsd:complexType>
   53.18 +	</xsd:element>
   53.19 +	<xsd:element name="SecurityLabelTemplate">
   53.20 +		<xsd:complexType>
   53.21 +			<xsd:sequence>
   53.22 +				<xsd:element ref="LabelHeader" minOccurs="1" maxOccurs="1"></xsd:element>
   53.23 +				<xsd:element name="SubjectLabels" minOccurs="0" maxOccurs="1">
   53.24 +					<xsd:complexType>
   53.25 +						<xsd:sequence>
   53.26 +							<xsd:element ref="VirtualMachineLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
   53.27 +						</xsd:sequence>
   53.28 +						<xsd:attribute name="bootstrap" type="xsd:string" use="required"></xsd:attribute>
   53.29 +					</xsd:complexType>
   53.30 +				</xsd:element>
   53.31 +				<xsd:element name="ObjectLabels" minOccurs="0" maxOccurs="1">
   53.32 +					<xsd:complexType>
   53.33 +						<xsd:sequence>
   53.34 +							<xsd:element ref="ResourceLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
   53.35 +						</xsd:sequence>
   53.36 +					</xsd:complexType>
   53.37 +				</xsd:element>
   53.38 +			</xsd:sequence>
   53.39 +		</xsd:complexType>
   53.40 +	</xsd:element>
   53.41 +	<xsd:element name="PolicyHeader">
   53.42 +		<xsd:complexType>
   53.43 +			<xsd:sequence>
   53.44 +				<xsd:element ref="Name" minOccurs="1" maxOccurs="1" />
   53.45 +				<xsd:element ref="Date" minOccurs="1" maxOccurs="1" />
   53.46 +			</xsd:sequence>
   53.47 +		</xsd:complexType>
   53.48 +	</xsd:element>
   53.49 +	<xsd:element name="LabelHeader">
   53.50 +		<xsd:complexType>
   53.51 +			<xsd:sequence>
   53.52 +				<xsd:element ref="Name"></xsd:element>
   53.53 +				<xsd:element ref="Date" minOccurs="1" maxOccurs="1"></xsd:element>
   53.54 +				<xsd:element ref="PolicyName" minOccurs="1" maxOccurs="1"></xsd:element>
   53.55 +			</xsd:sequence>
   53.56 +		</xsd:complexType>
   53.57 +	</xsd:element>
   53.58 +	<xsd:element name="SimpleTypeEnforcement">
   53.59 +		<xsd:complexType>
   53.60 +			<xsd:sequence>
   53.61 +				<xsd:element ref="SimpleTypeEnforcementTypes" />
   53.62 +			</xsd:sequence>
   53.63 +			<xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
   53.64 +		</xsd:complexType>
   53.65 +	</xsd:element>
   53.66 +	<xsd:element name="ChineseWall">
   53.67 +		<xsd:complexType>
   53.68 +			<xsd:sequence>
   53.69 +				<xsd:element ref="ChineseWallTypes" />
   53.70 +				<xsd:element ref="ConflictSets" />
   53.71 +			</xsd:sequence>
   53.72 +			<xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
   53.73 +		</xsd:complexType>
   53.74 +	</xsd:element>
   53.75 +	<xsd:element name="ChineseWallTypes">
   53.76 +		<xsd:complexType>
   53.77 +			<xsd:sequence>
   53.78 +				<xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" />
   53.79 +			</xsd:sequence>
   53.80 +		</xsd:complexType>
   53.81 +	</xsd:element>
   53.82 +	<xsd:element name="ConflictSets">
   53.83 +		<xsd:complexType>
   53.84 +			<xsd:sequence>
   53.85 +				<xsd:element maxOccurs="unbounded" minOccurs="1" ref="Conflict" />
   53.86 +			</xsd:sequence>
   53.87 +		</xsd:complexType>
   53.88 +	</xsd:element>
   53.89 +	<xsd:element name="SimpleTypeEnforcementTypes">
   53.90 +		<xsd:complexType>
   53.91 +			<xsd:sequence>
   53.92 +				<xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" />
   53.93 +			</xsd:sequence>
   53.94 +		</xsd:complexType>
   53.95 +	</xsd:element>
   53.96 +	<xsd:element name="Conflict">
   53.97 +		<xsd:complexType>
   53.98 +			<xsd:sequence>
   53.99 +				<xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" />
  53.100 +			</xsd:sequence>
  53.101 +			<xsd:attribute name="name" type="xsd:string" use="optional"></xsd:attribute>
  53.102 +		</xsd:complexType>
  53.103 +	</xsd:element>
  53.104 +	<xsd:element name="VirtualMachineLabel">
  53.105 +		<xsd:complexType>
  53.106 +			<xsd:sequence>
  53.107 +				<xsd:element ref="Name"></xsd:element>
  53.108 +				<xsd:element ref="SimpleTypeEnforcementTypes" minOccurs="0" maxOccurs="unbounded" />
  53.109 +				<xsd:element ref="ChineseWallTypes" minOccurs="0" maxOccurs="unbounded" />
  53.110 +			</xsd:sequence>
  53.111 +		</xsd:complexType>
  53.112 +	</xsd:element>
  53.113 +	<xsd:element name="ResourceLabel">
  53.114 +		<xsd:complexType>
  53.115 +			<xsd:sequence>
  53.116 +				<xsd:element ref="Name"></xsd:element>
  53.117 +				<xsd:element ref="SimpleTypeEnforcementTypes" minOccurs="0" maxOccurs="unbounded" />
  53.118 +			</xsd:sequence>
  53.119 +		</xsd:complexType>
  53.120 +	</xsd:element>
  53.121 +	<xsd:element name="PolicyName">
  53.122 +		<xsd:complexType>
  53.123 +			<xsd:sequence>
  53.124 +				<xsd:element ref="Url" />
  53.125 +				<xsd:element ref="Reference" />
  53.126 +			</xsd:sequence>
  53.127 +		</xsd:complexType>
  53.128 +	</xsd:element>
  53.129 +	<xsd:element name="Date" type="xsd:string" />
  53.130 +	<xsd:element name="Name" type="xsd:string" />
  53.131 +	<xsd:element name="Type" type="xsd:string" />
  53.132 +	<xsd:element name="Reference" type="xsd:string" />
  53.133 +	<xsd:element name="Url"></xsd:element>
  53.134 +
  53.135 +	<xsd:simpleType name="PolicyOrder">
  53.136 +		<xsd:restriction base="xsd:string">
  53.137 +			<xsd:enumeration value="PrimaryPolicyComponent"></xsd:enumeration>
  53.138 +		</xsd:restriction>
  53.139 +	</xsd:simpleType>
  53.140 +
  53.141 +</xsd:schema>
    54.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    54.2 +++ b/tools/security/policies/ste/ste-security_label_template.xml	Fri Aug 19 10:50:15 2005 +0000
    54.3 @@ -0,0 +1,143 @@
    54.4 +<?xml version="1.0"?>
    54.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    54.6 +<!--              This file defines the security labels, which can  -->
    54.7 +<!--              be attached to Domains and resources. Based on    -->
    54.8 +<!--              these labels, the access control module decides   -->
    54.9 +<!--              about sharing between Domains and about access    -->
   54.10 +<!--              of Domains to real resources.                     -->
   54.11 +
   54.12 +<SecurityLabelTemplate
   54.13 + xmlns="http://www.ibm.com"
   54.14 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   54.15 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   54.16 +   <LabelHeader>
   54.17 +      <Name>ste-security_label_template</Name>
   54.18 +      <Date>2005-08-10</Date>
   54.19 +      <PolicyName>
   54.20 +         <Url>ste-security_policy.xml</Url>
   54.21 +         <Reference>abcdef123456abcdef</Reference>
   54.22 +      </PolicyName>
   54.23 +   </LabelHeader>
   54.24 +
   54.25 +   <SubjectLabels bootstrap="dom_SystemManagement">
   54.26 +      <!-- single ste typed domains            -->
   54.27 +      <!-- ACM enforces that only domains with -->
   54.28 +      <!-- the same type can share information -->
   54.29 +      <!--                                     -->
   54.30 +      <!-- Bootstrap label is assigned to Dom0 -->
   54.31 +      <VirtualMachineLabel>
   54.32 +      	<Name>dom_HomeBanking</Name>
   54.33 +         <SimpleTypeEnforcementTypes>
   54.34 +            <Type>ste_PersonalFinances</Type>
   54.35 +         </SimpleTypeEnforcementTypes>
   54.36 +      </VirtualMachineLabel>
   54.37 +
   54.38 +      <VirtualMachineLabel>
   54.39 +      	<Name>dom_Fun</Name>
   54.40 +         <SimpleTypeEnforcementTypes>
   54.41 +            <Type>ste_InternetInsecure</Type>
   54.42 +         </SimpleTypeEnforcementTypes>
   54.43 +      </VirtualMachineLabel>
   54.44 +
   54.45 +      <VirtualMachineLabel>
   54.46 +        <!-- donating some cycles to seti@home -->
   54.47 +      	<Name>dom_BoincClient</Name>
   54.48 +         <SimpleTypeEnforcementTypes>
   54.49 +            <Type>ste_DonatedCycles</Type>
   54.50 +         </SimpleTypeEnforcementTypes>
   54.51 +      </VirtualMachineLabel>
   54.52 +
   54.53 +      <!-- Domains with multiple ste types services; such domains   -->
   54.54 +      <!-- must keep the types inside their domain safely confined. -->
   54.55 +      <VirtualMachineLabel>
   54.56 +      	<Name>dom_SystemManagement</Name>
   54.57 +         <SimpleTypeEnforcementTypes>
   54.58 +            <!-- since dom0 needs access to every domain and -->
   54.59 +            <!-- resource right now ... -->
   54.60 +            <Type>ste_SystemManagement</Type>
   54.61 +            <Type>ste_PersonalFinances</Type>
   54.62 +            <Type>ste_InternetInsecure</Type>
   54.63 +            <Type>ste_DonatedCycles</Type>
   54.64 +            <Type>ste_PersistentStorageA</Type>
   54.65 +            <Type>ste_NetworkAdapter0</Type>
   54.66 +         </SimpleTypeEnforcementTypes>
   54.67 +      </VirtualMachineLabel>
   54.68 +
   54.69 +      <VirtualMachineLabel>
   54.70 +        <!-- serves persistent storage to other domains -->
   54.71 +      	<Name>dom_StorageDomain</Name>
   54.72 +         <SimpleTypeEnforcementTypes>
   54.73 +            <!-- access right to the resource (hard drive a) -->
   54.74 +            <Type>ste_PersistentStorageA</Type>
   54.75 +            <!-- can serve following types -->
   54.76 +            <Type>ste_PersonalFinances</Type>
   54.77 +            <Type>ste_InternetInsecure</Type>
   54.78 +         </SimpleTypeEnforcementTypes>
   54.79 +      </VirtualMachineLabel>
   54.80 +
   54.81 +      <VirtualMachineLabel>
   54.82 +        <!-- serves network access to other domains -->
   54.83 +      	<Name>dom_NetworkDomain</Name>
   54.84 +         <SimpleTypeEnforcementTypes>
   54.85 +            <!-- access right to the resource (ethernet card) -->
   54.86 +            <Type>ste_NetworkAdapter0</Type>
   54.87 +            <!-- can serve following types -->
   54.88 +            <Type>ste_PersonalFinances</Type>
   54.89 +            <Type>ste_InternetInsecure</Type>
   54.90 +            <Type>ste_DonatedCycles</Type>
   54.91 +         </SimpleTypeEnforcementTypes>
   54.92 +      </VirtualMachineLabel>
   54.93 +   </SubjectLabels>
   54.94 +
   54.95 +   <ObjectLabels>
   54.96 +      <ResourceLabel>
   54.97 +      	<Name>res_ManagementResource</Name>
   54.98 +         <SimpleTypeEnforcementTypes>
   54.99 +            <Type>ste_SystemManagement</Type>
  54.100 +         </SimpleTypeEnforcementTypes>
  54.101 +      </ResourceLabel>
  54.102 +
  54.103 +      <ResourceLabel>
  54.104 +      	<Name>res_HardDrive (hda)</Name>
  54.105 +         <SimpleTypeEnforcementTypes>
  54.106 +            <Type>ste_PersistentStorageA</Type>
  54.107 +         </SimpleTypeEnforcementTypes>
  54.108 +      </ResourceLabel>
  54.109 +
  54.110 +      <ResourceLabel>
  54.111 +      	<Name>res_LogicalDiskPartition1 (hda1)</Name>
  54.112 +         <SimpleTypeEnforcementTypes>
  54.113 +            <Type>ste_PersonalFinances</Type>
  54.114 +         </SimpleTypeEnforcementTypes>
  54.115 +      </ResourceLabel>
  54.116 +
  54.117 +      <ResourceLabel>
  54.118 +      	<Name>res_LogicalDiskPartition2 (hda2)</Name>
  54.119 +         <SimpleTypeEnforcementTypes>
  54.120 +            <Type>ste_InternetInsecure</Type>
  54.121 +         </SimpleTypeEnforcementTypes>
  54.122 +      </ResourceLabel>
  54.123 +
  54.124 +      <ResourceLabel>
  54.125 +      	<Name>res_EthernetCard</Name>
  54.126 +         <SimpleTypeEnforcementTypes>
  54.127 +            <Type>ste_NetworkAdapter0</Type>
  54.128 +         </SimpleTypeEnforcementTypes>
  54.129 +      </ResourceLabel>
  54.130 +
  54.131 +      <ResourceLabel>
  54.132 +      	<Name>res_SecurityToken</Name>
  54.133 +         <SimpleTypeEnforcementTypes>
  54.134 +            <Type>ste_PersonalFinances</Type>
  54.135 +         </SimpleTypeEnforcementTypes>
  54.136 +      </ResourceLabel>
  54.137 +
  54.138 +      <ResourceLabel>
  54.139 +      	<Name>res_GraphicsAdapter</Name>
  54.140 +         <SimpleTypeEnforcementTypes>
  54.141 +            <Type>ste_SystemManagement</Type>
  54.142 +         </SimpleTypeEnforcementTypes>
  54.143 +      </ResourceLabel>
  54.144 +   </ObjectLabels>
  54.145 +</SecurityLabelTemplate>
  54.146 +
    55.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    55.2 +++ b/tools/security/policies/ste/ste-security_policy.xml	Fri Aug 19 10:50:15 2005 +0000
    55.3 @@ -0,0 +1,27 @@
    55.4 +<?xml version="1.0" encoding="UTF-8"?>
    55.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    55.6 +<!--             This file defines the security policies, which     -->
    55.7 +<!--             can be enforced by the Xen Access Control Module.  -->
    55.8 +<!--             Currently: Chinese Wall and Simple Type Enforcement-->
    55.9 +<SecurityPolicyDefinition xmlns="http://www.ibm.com"
   55.10 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   55.11 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   55.12 +<PolicyHeader>
   55.13 +		<Name>ste-security_policy</Name>
   55.14 +		<Date>2005-08-10</Date>
   55.15 +</PolicyHeader>
   55.16 +<!--                                                        -->
   55.17 +<!-- example of a simple type enforcement policy definition -->
   55.18 +<!--                                                        -->
   55.19 +	<SimpleTypeEnforcement>
   55.20 +        <SimpleTypeEnforcementTypes>
   55.21 +            <Type>ste_SystemManagement</Type>   <!-- machine/security management -->
   55.22 +            <Type>ste_PersonalFinances</Type>   <!-- personal finances -->
   55.23 +            <Type>ste_InternetInsecure</Type>   <!-- games, active X, etc. -->
   55.24 +            <Type>ste_DonatedCycles</Type>      <!-- donation to BOINC/seti@home -->
   55.25 +            <Type>ste_PersistentStorageA</Type> <!-- domain managing the harddrive A-->
   55.26 +            <Type>ste_NetworkAdapter0</Type>    <!-- type of the domain managing ethernet adapter 0-->
   55.27 +        </SimpleTypeEnforcementTypes>
   55.28 +	</SimpleTypeEnforcement>
   55.29 +</SecurityPolicyDefinition>
   55.30 +
    56.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    56.2 +++ b/tools/security/policy.txt	Fri Aug 19 10:50:15 2005 +0000
    56.3 @@ -0,0 +1,405 @@
    56.4 +##
    56.5 +# policy.txt <description to the Xen access control architecture>
    56.6 +#
    56.7 +# Author:
    56.8 +# Reiner Sailer 08/15/2005 <sailer@watson.ibm.com>
    56.9 +#
   56.10 +#
   56.11 +# This file gives an overview of the security policies currently
   56.12 +# provided and also gives some reasoning about how to assign
   56.13 +# labels to domains.
   56.14 +##
   56.15 +
   56.16 +Xen access control policies
   56.17 +
   56.18 +
   56.19 +General explanation of supported security policies:
   56.20 +=====================================================
   56.21 +
   56.22 +We have implemented the mandatory access control architecture of our
   56.23 +hypervisor security architecture (sHype) for the Xen hypervisor. It
   56.24 +controls communication (in Xen: event channels, grant tables) between
   56.25 +Virtual Machines (from here on called domains) and through this the
   56.26 +virtual block devices, networking, and shared memory are implemented
   56.27 +on top of these communication means. While we have implemented the
   56.28 +described policies and access control architecture for other
   56.29 +hypervisor systems, we will describe below specifically its
   56.30 +implementation and use in the Xen hypervisor. The policy enforcement
   56.31 +is called mandatory regarding user domains since the policy it is
   56.32 +given by the security administration and enforced independently of the
   56.33 +user domains by the Xen hypervisor in cooperation with the domain
   56.34 +management.
   56.35 +
   56.36 +The access control architecture consists of three parts:
   56.37 +
   56.38 +i) The access control policy determines the "command set" of the ACM
   56.39 +and the hooks with which they can be configured to constrain the
   56.40 +sharing of virtual resources. The current access control architecture
   56.41 +implemented for Xen supports two policies: Chinese Wall and Simple
   56.42 +Type Enforcement, which we describe in turn below.
   56.43 +
   56.44 +
   56.45 +ii) The actually enforced policy instantiation uses the policy
   56.46 +language (i) to configure the Xen access control in a way that suits
   56.47 +the specific application (home desktop environment, company desktop,
   56.48 +Web server system, etc.). We have defined an exemplary policy
   56.49 +instantiation for Chinese Wall (chwall policy) and Simple Type
   56.50 +Enforcement (ste policy) for a desktop system. We offer these policies
   56.51 +in combination since they are controlling orthogonal events.
   56.52 +
   56.53 +
   56.54 +iii) The access control module (ACM) and related hooks are part of the
   56.55 +core hypervisor and their controls cannot be bypassed by domains. The
   56.56 +ACM and hooks are the active security components. We refer to
   56.57 +publications that describe how access control is enforced in the Xen
   56.58 +hypervisor using the ACM (access decision) and the hooks (decision
   56.59 +enforcement) inserted into the setup of event channels and grant
   56.60 +tables, and into domain operations (create, destroy, save, restore,
   56.61 +migrate). These controls decide based on the active policy
   56.62 +configuration (see i. and ii.) if the operation proceeds of if the
   56.63 +operation is aborted (denied).
   56.64 +
   56.65 +
   56.66 +In general, security policy instantiations in the Xen access control
   56.67 +framework are defined by two files:
   56.68 +
   56.69 +a) a single "policy-name"-security_policy.xml file that defines the
   56.70 +types known to the ACM and policy rules based on these types
   56.71 +
   56.72 +b) a single "policy-name"-security_label_template.xml file that
   56.73 +defines labels based on known types
   56.74 +
   56.75 +Every security policy has its own sub-directory under
   56.76 +"Xen-root"/tools/security/policies in order to simplify their
   56.77 +management and the security policy tools. We will describe those files
   56.78 +for our example policy (Chinese Wall and Simple Type Enforcement) in
   56.79 +more detail as we go along. Eventually, we will move towards a system
   56.80 +installation where the policies will reside under /etc.
   56.81 +
   56.82 +
   56.83 +CHINESE WALL
   56.84 +============
   56.85 +
   56.86 +The Chinese Wall policy enables the user to define "which workloads
   56.87 +(domain payloads) cannot run on a single physical system at the same
   56.88 +time". Why would we want to prevent workloads from running at the same
   56.89 +time on the same system? This supports requirements that can (but
   56.90 +don't have to) be rooted in the measure of trust into the isolation of
   56.91 +different domains that share the same hardware. Since the access
   56.92 +control architecture aims at high performance and non-intrusive
   56.93 +implementation, it currently does not address covert (timing) channels
   56.94 +and aims at medium assurance. Users can apply the Chinese Wall policy
   56.95 +to guarantee an air-gap between very sensitive payloads both regarding
   56.96 +covert information channels and regarding resource starvation.
   56.97 +
   56.98 +To enable the CW control, each domain is labeled with a set of Chinese
   56.99 +Wall types and CW Conflict Sets are defined which include those CW
  56.100 +types that cannot run simultaneously on the same hardware. This
  56.101 +interpretation of conflict sets is the only policy rule for the Chines
  56.102 +Wall policy.
  56.103 +
  56.104 +This is enforced by controlling the start of domains according to
  56.105 +their assigned CW worload types. Domains with Chinese Wall types that
  56.106 +appear in a common conflict set are running mutually exclusive on a
  56.107 +platform, i.e., once a domain with one of the cw-types of a conflict
  56.108 +set is running, no domain with another cw-type of the same conflict
  56.109 +set can start until the first domain is destroyed, paused, or migrated
  56.110 +away from the physical system (this assumes that such a partition can
  56.111 +no longer be observed). The idea is to assign cw-types according to
  56.112 +the type of payload that a domain runs and to use the Chinese Wall
  56.113 +policy to ensure that payload types can be differentiated by the
  56.114 +hypervisor and can be prevented from being executed on the same system
  56.115 +at the same time. Using the flexible CW policy maintains system
  56.116 +consolidation and workload-balancing while introducing guaranteed
  56.117 +constraints where necessary.
  56.118 +
  56.119 +
  56.120 +Example of a Chinese Wall Policy Instantiation
  56.121 +----------------------------------------------
  56.122 +
  56.123 +The file chwall-security_policy.xml defines the Chinese Wall types as
  56.124 +well as the conflict sets for our example policy (you find it in the
  56.125 +directory "xen_root"/tools/security/policies/chwall).
  56.126 +
  56.127 +It defines four Chinese Wall types (prefixed with cw_) with the
  56.128 +following meaning:
  56.129 +
  56.130 +* cw_SystemsManagement is a type identifying workloads for systems
  56.131 +management, e.g., domain management, device management, or hypervisor
  56.132 +management.
  56.133 +
  56.134 +* cw_Sensitive is identifying workloads that are critical to the user
  56.135 +for one reason or another.
  56.136 +
  56.137 +* cw_Distrusted is identifying workloads a user does not have much
  56.138 +confidence in. E.g. a domain used for surfing in the internet without
  56.139 +protection( i.e., active-X, java, java-script, executing web content)
  56.140 +or for (Internet) Games should be typed this way.
  56.141 +
  56.142 +* cw_Isolated is identifying workloads that are supposedly isolated by
  56.143 +use of the type enforcement policy (described below). For example, if
  56.144 +a user wants to donate cycles to seti@home, she can setup a separate
  56.145 +domain for a Boinc (http://boinc.ssl.berkeley.edu/) client, disable
  56.146 +this domain from accessing the hard drive and from communicating to
  56.147 +other local domains, and type it as cw_Isolated. We will look at a
  56.148 +specific example later.
  56.149 +
  56.150 +The example policy uses the defined types to define one conflict set:
  56.151 +Protection1 = {cw_Sensitive, cw_Distrusted}. This conflict set tells
  56.152 +the hypervisor that once a domain typed as cw_Sensitive is running, a
  56.153 +domain typed as cw_Distrusted cannot run concurrently (and the other
  56.154 +way round). With this policy, a domain typed as cw_Isolated is allowed
  56.155 +to run simultaneously with domains tagged as cw_Sensitive.
  56.156 +
  56.157 +Consequently, the access control module in the Xen hypervisor
  56.158 +distinguishes in this example policy 4 different workload types in
  56.159 +this example policy. It is the user's responsibility to type the
  56.160 +domains in a way that reflects the workloads of these domains and, in
  56.161 +the case of cw_Isolated, its properties, e.g. by configuring the
  56.162 +sharing capabilities of the domain accordingly by using the simple
  56.163 +type enforcement policy.
  56.164 +
  56.165 +Users can define their own or change the existing example policy
  56.166 +according to their working environment and security requirements. To
  56.167 +do so, replace the file chwall-security_policy.xml with the new
  56.168 +policy.
  56.169 +
  56.170 +
  56.171 +SIMPLE TYPE ENFORCEMENT
  56.172 +=======================
  56.173 +
  56.174 +The file ste-security_policy.xml defines the simple type enforcement
  56.175 +types for our example policy (you find it in the directory
  56.176 +"xen_root"/tools/security/policies/ste). The Simple Type Enforcement
  56.177 +policy defines which domains can share information with which other
  56.178 +domains. To this end, it controls
  56.179 +
  56.180 +i) inter-domain communication channels (e.g., network traffic, events,
  56.181 +and shared memory).
  56.182 +
  56.183 +ii) access of domains to physical resources (e.g., hard drive, network
  56.184 +cards, graphics adapter, keyboard).
  56.185 +
  56.186 +In order to enable the hypervisor to distinguish different domains and
  56.187 +the user to express access rules, the simple type enforcement defines
  56.188 +a set of types (ste_types).
  56.189 +
  56.190 +The policy defines that communication between domains is allowed if
  56.191 +the domains share a common STE type. As with the chwall types, STE
  56.192 +types should enable the differentiation of workloads. The simple type
  56.193 +enforcement access control implementation in the hypervisor enforces
  56.194 +that domains can only communicate (setup event channels, grant tables)
  56.195 +if they share a common type, i.e., both domains have assigned at least
  56.196 +on type in common. A domain can access a resource, if the domain and
  56.197 +the resource share a common type. Hence, assigning STE types to
  56.198 +domains and resources allows users to define constraints on sharing
  56.199 +between domains and to keep sensitive data confined from distrusted
  56.200 +domains.
  56.201 +
  56.202 +Domain <--> Domain Sharing
  56.203 +''''''''''''''''''''''''''
  56.204 +(implemented but its effective use requires factorization of Dom0)
  56.205 +
  56.206 +a) Domains with a single STE type (general user domains): Sharing
  56.207 +between such domains is enforced entirely by the hypervisor access
  56.208 +control. It is independent of the domains and does not require their
  56.209 +co-operation.
  56.210 +
  56.211 +b) Domains with multiple STE types: One example is a domain that
  56.212 +virtualizes a physical resource (e.g., hard drive) and serves it as
  56.213 +multiple virtual resources (virtual block drives) to other domains of
  56.214 +different types. The idea is that only a specific device domain has
  56.215 +assigned the type required to access the physical hard-drive. Logical
  56.216 +drives are then assigned the types of domains that have access to this
  56.217 +logical drive. Since the Xen hypervisor cannot distinguish between the
  56.218 +logical drives, the access control (type enforcement) is delegated to
  56.219 +the device domain, which has access to the types of domains requesting
  56.220 +to mount a logical drive as well as the types assigned to the
  56.221 +different available logical drives.
  56.222 +
  56.223 +Currently in Xen, Dom0 controls all hardware, needs to communicate
  56.224 +with all domains during their setup, and intercepts all communication
  56.225 +between domains. Consequently, Dom0 needs to be assigned all types
  56.226 +used and must be completely trusted to maintain the separation of
  56.227 +informatio ncoming from domains with different STE types. Thus a
  56.228 +refactoring of Dom0 is recommended for stronger confinement
  56.229 +guarantees.
  56.230 +
  56.231 +Domain --> RESOURCES Access
  56.232 +'''''''''''''''''''''''''''
  56.233 +(current work)
  56.234 +
  56.235 +We define for each resource that we want to distinguish a separate STE
  56.236 +type. Each STE type is assigned to the respective resource and to
  56.237 +those domains that are allowed to access this resource. Type
  56.238 +enforcement will guarantee that other domains cannot access this
  56.239 +resource since they don't share the resource's STE type.
  56.240 +
  56.241 +Since in the current implementation of Xen, Dom0 controls access to
  56.242 +all hardware (e.g., disk drives, network), Domain-->Resource access
  56.243 +control enforcement must be implemented in Dom0. This is possible
  56.244 +since Dom0 has access to both the domain configuration (including the
  56.245 +domain STE types) and the resource configuration (including the
  56.246 +resource STE types).
  56.247 +
  56.248 +For purposes of gaining higher assurance in the resulting system, it
  56.249 +may be desirable to reduce the size of dom0 by adding one or more
  56.250 +"device domains" (DDs). These DDs, e.g. providing storage or network
  56.251 +access, can support one or more physical devices, and manage
  56.252 +enforcement of MAC policy relevant for said devices. Security benefits
  56.253 +come from the smaller size of these DDs, as they can be more easily
  56.254 +audited than monolithic device driver domains. DDs can help to obtain
  56.255 +maximum security benefit from sHype.
  56.256 +
  56.257 +
  56.258 +Example of a Simple Type Enforcement Policy Instantiation
  56.259 +---------------------------------------------------------
  56.260 +
  56.261 +We define the following types:
  56.262 +
  56.263 +* ste_SystemManagement identifies workloads (and domains that runs
  56.264 +them) that must share information to accomplish the management of the
  56.265 +system
  56.266 +
  56.267 +* ste_PersonalFinances identifies workloads that are related to
  56.268 +sensitive programs such as HomeBanking applications or safely
  56.269 +configured web browsers for InternetBanking
  56.270 +
  56.271 +* ste_InternetInsecure identifies workloads that are very
  56.272 +function-rich and unrestricted to offer for example an environment
  56.273 +where internet games can run efficiently
  56.274 +
  56.275 +* ste_DonatedCycles identifies workloads that run on behalf of others,
  56.276 +e.g. a Boinc client
  56.277 +
  56.278 +* ste_PersistentStorage identifies workloads that have direct access
  56.279 +to persistent storage (e.g., hard drive)
  56.280 +
  56.281 +* ste_NetworkAccess identifies workload that have direct access to
  56.282 +network cards and related networks
  56.283 +
  56.284 +
  56.285 +
  56.286 +SECURITY LABEL TEMPLATES
  56.287 +========================
  56.288 +
  56.289 +We introduce security label templates because it is difficult for
  56.290 +users to ensure tagging of domains consistently and since there are
  56.291 +--as we have seen in the case of isolation-- useful dependencies
  56.292 +between the policies. Security Label Templates define type sets that
  56.293 +can be addressed by more user-friendly label names,
  56.294 +e.g. dom_Homebanking describes a typical typeset tagged to domains
  56.295 +used for sensitive Homebanking work-loads. Labels are defined in the
  56.296 +file
  56.297 +
  56.298 +Using Security Label Templates has multiple advantages:
  56.299 +a) easy reference of typical sets of type assignments
  56.300 +b) consistent interpretation of type combinations
  56.301 +c) meaningful application-level label names
  56.302 +
  56.303 +The definition of label templates depends on the combination of
  56.304 +policies that are used. We will describe some of the labels defined
  56.305 +for the Chinese Wall and Simple Type Enforcement combination.
  56.306 +
  56.307 +In the BoincClient example, the label_template file specifies that
  56.308 +this Label is assigned the Chinese Wall type cw_Isolated. We do this
  56.309 +assuming that this BoincClient is isolated against the rest of the
  56.310 +system infrastructure (no persistent memory, no sharing with local
  56.311 +domains). Since cw_Isolated is not included in any conflict set, it
  56.312 +can run at any time concurrently with any other domain. The
  56.313 +ste_DonatedCycles type assigned to the BoincClient reflect the
  56.314 +isolation assumption: it is only assigned to the dom_NetworkDomain
  56.315 +giving the BoincClient domain access to the network to communicate
  56.316 +with its BoincServer.
  56.317 +
  56.318 +The strategy for combining types into Labels is the following: First
  56.319 +we define a label for each type of general user domain
  56.320 +(workload-oriented). Then we define a new label for each physical
  56.321 +resource that shall be shared using a DD domain (e.g., disk) and for
  56.322 +each logical resource offered through this physical resource (logical
  56.323 +disk partition). We define then device domain labels (here:
  56.324 +dom_SystemManagement, dom_StorageDomain, dom_NetworkDomain) which
  56.325 +include the types of the physical resources (e.g. hda) their domains
  56.326 +need to connect to. Such physical resources can only be accessed
  56.327 +directly by device domains types with the respective device's STE
  56.328 +type. Additionally we assign to such a device domain Label the STE
  56.329 +types of those user domains that are allowed to access one of the
  56.330 +logical resources (e.g., hda1, hda2) built on top of this physical
  56.331 +resource through the device domain.
  56.332 +
  56.333 +
  56.334 +Label Construction Example:
  56.335 +---------------------------
  56.336 +
  56.337 +We define here a storage domain label for a domain that owns a real
  56.338 +disk drive and creates the logical disk partitions hda1 and hda2 which
  56.339 +it serves to domains labeled dom_HomeBanking and dom_Fun
  56.340 +respectively. The labels we refer to are defined in the label template
  56.341 +file policies/chwall_ste/chwall_ste-security-label-template.xml.
  56.342 +
  56.343 +step1: To distinguish different shared disk drives, we create a
  56.344 +separate Label and STE type for each of them. Here: we create a type
  56.345 +ste_PersistentStorageA for disk drive hda. If you have another disk
  56.346 +drive, you may define another persistent storage type
  56.347 +ste_PersistentStorageB in the chwall_ste-security_policy.xml.
  56.348 +
  56.349 +step2: To distinguish different domains, we create multiple domain
  56.350 +labels including different types. Here: label dom_HomeBanking includes
  56.351 +STE type ste_PersonalFinances, label dom_Fun includes STE type
  56.352 +ste_InternetInsecure.
  56.353 +
  56.354 +step3: The storage domain in charge of the hard drive A needs access
  56.355 +to this hard drive. Therefore the storage domain label
  56.356 +dom_StorageDomain must include the type assigned to the hard drive
  56.357 +(ste_PersistentStorageA).
  56.358 +
  56.359 +step4: In order to serve dom hda1 to domains labeled dom_HomeBanking
  56.360 +and hda2 to domains labeled dom_Fun, the storage domain label must
  56.361 +include the types of those domains as well (ste_PersonalFinance,
  56.362 +ste_InternetInsecure).
  56.363 +
  56.364 +step5: In order to keep the data for different types safely apart, the
  56.365 +different logical disk partitions must be assigned unique labels and
  56.366 +types, which are used inside the storage domain to extend the ACM
  56.367 +access enforcement to logical resources served from inside the storage
  56.368 +domain. We define labels "res_LogicalDiskPartition1 (hda1)" and assign
  56.369 +it to hda1 and "res_LogicalDiskPartition2 (hda2)" and assign it to
  56.370 +hda2. These labels must include the STE types of those domains that
  56.371 +are allowed to use them (e.g., ste_PersonalFinances for hda1).
  56.372 +
  56.373 +The overall mandatory access control is then enforced in 3 different
  56.374 +Xen components and these components use a single consistent policy to
  56.375 +co-operatively enforce the policy. In the storage domain example, we
  56.376 +have three components that co-operate:
  56.377 +
  56.378 +1. The ACM module inside the hypervisor enforces: communication between
  56.379 +user domains and the storage domain (only domains including types
  56.380 +ste_PersonalFinances or ste_InternetInsecure can communicate with the
  56.381 +storage domain and request access to logical resource). This confines
  56.382 +the sharing to the types assigned to the storage domain.
  56.383 +
  56.384 +2. The domain management will enforce (work in progress): assignment of
  56.385 +real resources (hda) to domains (storage domain) that share a
  56.386 +type with the resource.
  56.387 +
  56.388 +3. If the storage domain serves multiple STE types (as in our example),
  56.389 +it enforces (work in progress): that domains can access (mount)
  56.390 +logical resources only if they share an STE type with the respective
  56.391 +resource. In our example, domains with the STE type
  56.392 +ste_PersonalFinances can request access (mount) to logical resource
  56.393 +hda1 from the storage domain.
  56.394 +
  56.395 +If you look at the virtual machine label dom_StorageDomain, you will
  56.396 +see the minimal set of types assigned to our domain manageing disk
  56.397 +drive hda for serving logical disk partitions exclusively to
  56.398 +dom_HomeBanking and dom_Fun.
  56.399 +
  56.400 +Similary, network domains can confine access to the network or
  56.401 +network communication between user domains.
  56.402 +
  56.403 +As a result, device domains (e.g., storage domain, network domain)
  56.404 +must be simple and small to ensure their correct co-operation in the
  56.405 +type enforcement model. If such trust is not possible, then hardware
  56.406 +should be assigned exclusively to a single type (or to a single
  56.407 +partition) in which case the hypervisor ACM enforcement enforces the
  56.408 +types independently.
    57.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    57.2 +++ b/tools/security/readme.txt	Fri Aug 19 10:50:15 2005 +0000
    57.3 @@ -0,0 +1,29 @@
    57.4 +
    57.5 +##
    57.6 +# readme.txt <description to the xen access control architecture>
    57.7 +#
    57.8 +# Author:
    57.9 +# Reiner Sailer 08/15/2005 <sailer@watson.ibm.com>
   57.10 +#
   57.11 +#
   57.12 +# This file is a toc for information regarding
   57.13 +# the access control policy and tools in Xen.
   57.14 +##
   57.15 +
   57.16 +1. policy.txt:
   57.17 +
   57.18 +   describes the general reasoning and examples for access
   57.19 +   control policies in Xen
   57.20 +
   57.21 +
   57.22 +2. install.txt
   57.23 +
   57.24 +   describes the activation of the access control framework
   57.25 +   in Xen
   57.26 +
   57.27 +3. example.txt
   57.28 +
   57.29 +   describes the available tools for managing security policies
   57.30 +   in Xen and the tools to label domains
   57.31 +
   57.32 +
    58.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    58.2 +++ b/tools/security/secpol_compat.h	Fri Aug 19 10:50:15 2005 +0000
    58.3 @@ -0,0 +1,14 @@
    58.4 +/* secpol_compat.h
    58.5 + *     'translates' data types necessary to
    58.6 + *     include <xen/acm.h>
    58.7 + */
    58.8 +#include <stdint.h>
    58.9 +
   58.10 +typedef uint8_t  u8;
   58.11 +typedef uint16_t u16;
   58.12 +typedef uint32_t u32;
   58.13 +typedef uint64_t u64;
   58.14 +typedef int8_t   s8;
   58.15 +typedef int16_t  s16;
   58.16 +typedef int32_t  s32;
   58.17 +typedef int64_t  s64;
    59.1 --- a/tools/security/secpol_tool.c	Fri Aug 19 10:18:53 2005 +0000
    59.2 +++ b/tools/security/secpol_tool.c	Fri Aug 19 10:50:15 2005 +0000
    59.3 @@ -31,18 +31,8 @@
    59.4  #include <stdlib.h>
    59.5  #include <sys/ioctl.h>
    59.6  #include <string.h>
    59.7 -#include <stdint.h>
    59.8  #include <netinet/in.h>
    59.9 -
   59.10 -typedef uint8_t u8;
   59.11 -typedef uint16_t u16;
   59.12 -typedef uint32_t u32;
   59.13 -typedef uint64_t u64;
   59.14 -typedef int8_t s8;
   59.15 -typedef int16_t s16;
   59.16 -typedef int32_t s32;
   59.17 -typedef int64_t s64;
   59.18 -
   59.19 +#include "secpol_compat.h"
   59.20  #include <xen/acm.h>
   59.21  #include <xen/acm_ops.h>
   59.22  #include <xen/linux/privcmd.h>
   59.23 @@ -270,171 +260,6 @@ void acm_dump_policy_buffer(void *buf, i
   59.24      }
   59.25  }
   59.26  
   59.27 -/*************************** set policy ****************************/
   59.28 -
   59.29 -int acm_domain_set_chwallpolicy(void *bufstart, int buflen)
   59.30 -{
   59.31 -#define CWALL_MAX_SSIDREFS      	6
   59.32 -#define CWALL_MAX_TYPES             10
   59.33 -#define CWALL_MAX_CONFLICTSETS		2
   59.34 -
   59.35 -    struct acm_chwall_policy_buffer *chwall_bin_pol =
   59.36 -        (struct acm_chwall_policy_buffer *) bufstart;
   59.37 -    domaintype_t *ssidrefs, *conflicts;
   59.38 -    int ret = 0;
   59.39 -    int j;
   59.40 -
   59.41 -    chwall_bin_pol->chwall_max_types = htonl(CWALL_MAX_TYPES);
   59.42 -    chwall_bin_pol->chwall_max_ssidrefs = htonl(CWALL_MAX_SSIDREFS);
   59.43 -    chwall_bin_pol->policy_code = htonl(ACM_CHINESE_WALL_POLICY);
   59.44 -    chwall_bin_pol->policy_version = htonl(ACM_CHWALL_VERSION);
   59.45 -    chwall_bin_pol->chwall_ssid_offset =
   59.46 -        htonl(sizeof(struct acm_chwall_policy_buffer));
   59.47 -    chwall_bin_pol->chwall_max_conflictsets =
   59.48 -        htonl(CWALL_MAX_CONFLICTSETS);
   59.49 -    chwall_bin_pol->chwall_conflict_sets_offset =
   59.50 -        htonl(ntohl(chwall_bin_pol->chwall_ssid_offset) +
   59.51 -              sizeof(domaintype_t) * CWALL_MAX_SSIDREFS * CWALL_MAX_TYPES);
   59.52 -    chwall_bin_pol->chwall_running_types_offset = 0;    /* not set */
   59.53 -    chwall_bin_pol->chwall_conflict_aggregate_offset = 0;       /* not set */
   59.54 -    ret += sizeof(struct acm_chwall_policy_buffer);
   59.55 -    /* now push example ssids into the buffer (max_ssidrefs x max_types entries) */
   59.56 -    /* check buffer size */
   59.57 -    if ((buflen - ret) <
   59.58 -        (CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t)))
   59.59 -        return -1;              /* not enough space */
   59.60 -
   59.61 -    ssidrefs = (domaintype_t *) (bufstart +
   59.62 -                          ntohl(chwall_bin_pol->chwall_ssid_offset));
   59.63 -    memset(ssidrefs, 0,
   59.64 -           CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t));
   59.65 -
   59.66 -    /* now set type j-1 for ssidref i+1 */
   59.67 -    for (j = 0; j <= CWALL_MAX_SSIDREFS; j++)
   59.68 -        if ((0 < j) && (j <= CWALL_MAX_TYPES))
   59.69 -            ssidrefs[j * CWALL_MAX_TYPES + j - 1] = htons(1);
   59.70 -
   59.71 -    ret += CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t);
   59.72 -    if ((buflen - ret) <
   59.73 -        (CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES * sizeof(domaintype_t)))
   59.74 -        return -1;              /* not enough space */
   59.75 -
   59.76 -    /* now the chinese wall policy conflict sets */
   59.77 -    conflicts = (domaintype_t *) (bufstart +
   59.78 -                                  ntohl(chwall_bin_pol->
   59.79 -                                        chwall_conflict_sets_offset));
   59.80 -    memset((void *) conflicts, 0,
   59.81 -           CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES *
   59.82 -           sizeof(domaintype_t));
   59.83 -    /* just 1 conflict set [0]={2,3}, [1]={1,5,6} */
   59.84 -    if (CWALL_MAX_TYPES > 3)
   59.85 -    {
   59.86 -        conflicts[2] = htons(1);
   59.87 -        conflicts[3] = htons(1);        /* {2,3} */
   59.88 -        conflicts[CWALL_MAX_TYPES + 1] = htons(1);
   59.89 -        conflicts[CWALL_MAX_TYPES + 5] = htons(1);
   59.90 -        conflicts[CWALL_MAX_TYPES + 6] = htons(1);      /* {0,5,6} */
   59.91 -    }
   59.92 -    ret += sizeof(domaintype_t) * CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES;
   59.93 -    return ret;
   59.94 -}
   59.95 -
   59.96 -int acm_domain_set_stepolicy(void *bufstart, int buflen)
   59.97 -{
   59.98 -#define STE_MAX_SSIDREFS        6
   59.99 -#define STE_MAX_TYPES  	        5
  59.100 -
  59.101 -    struct acm_ste_policy_buffer *ste_bin_pol =
  59.102 -        (struct acm_ste_policy_buffer *) bufstart;
  59.103 -    domaintype_t *ssidrefs;
  59.104 -    int j, ret = 0;
  59.105 -
  59.106 -    ste_bin_pol->ste_max_types = htonl(STE_MAX_TYPES);
  59.107 -    ste_bin_pol->ste_max_ssidrefs = htonl(STE_MAX_SSIDREFS);
  59.108 -    ste_bin_pol->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
  59.109 -    ste_bin_pol->policy_version = htonl(ACM_STE_VERSION);
  59.110 -    ste_bin_pol->ste_ssid_offset =
  59.111 -        htonl(sizeof(struct acm_ste_policy_buffer));
  59.112 -    ret += sizeof(struct acm_ste_policy_buffer);
  59.113 -    /* check buffer size */
  59.114 -    if ((buflen - ret) <
  59.115 -        (STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t)))
  59.116 -        return -1;              /* not enough space */
  59.117 -
  59.118 -    ssidrefs =
  59.119 -        (domaintype_t *) (bufstart + ntohl(ste_bin_pol->ste_ssid_offset));
  59.120 -    memset(ssidrefs, 0,
  59.121 -           STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t));
  59.122 -    /* all types 1 for ssidref 1 */
  59.123 -    for (j = 0; j < STE_MAX_TYPES; j++)
  59.124 -        ssidrefs[1 * STE_MAX_TYPES + j] = htons(1);
  59.125 -    /* now set type j-1 for ssidref j */
  59.126 -    for (j = 0; j < STE_MAX_SSIDREFS; j++)
  59.127 -        if ((0 < j) && (j <= STE_MAX_TYPES))
  59.128 -            ssidrefs[j * STE_MAX_TYPES + j - 1] = htons(1);
  59.129 -    ret += STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t);
  59.130 -    return ret;
  59.131 -}
  59.132 -
  59.133 -#define MAX_PUSH_BUFFER 	16384
  59.134 -u8 push_buffer[MAX_PUSH_BUFFER];
  59.135 -
  59.136 -int acm_domain_setpolicy(int xc_handle)
  59.137 -{
  59.138 -    int ret;
  59.139 -    struct acm_policy_buffer *bin_pol;
  59.140 -    acm_op_t op;
  59.141 -
  59.142 -    /* future: read policy from file and set it */
  59.143 -    bin_pol = (struct acm_policy_buffer *) push_buffer;
  59.144 -    bin_pol->policy_version = htonl(ACM_POLICY_VERSION);
  59.145 -    bin_pol->magic = htonl(ACM_MAGIC);
  59.146 -    bin_pol->primary_policy_code = htonl(ACM_CHINESE_WALL_POLICY);
  59.147 -    bin_pol->secondary_policy_code =
  59.148 -        htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
  59.149 -
  59.150 -    bin_pol->len = htonl(sizeof(struct acm_policy_buffer));
  59.151 -    bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len));
  59.152 -    ret =
  59.153 -        acm_domain_set_chwallpolicy(push_buffer +
  59.154 -                                    ntohl(bin_pol->primary_buffer_offset),
  59.155 -                                    MAX_PUSH_BUFFER -
  59.156 -                                    ntohl(bin_pol->primary_buffer_offset));
  59.157 -    if (ret < 0)
  59.158 -    {
  59.159 -        printf("ERROR creating chwallpolicy buffer.\n");
  59.160 -        return -1;
  59.161 -    }
  59.162 -    bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
  59.163 -    bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len));
  59.164 -    ret = acm_domain_set_stepolicy(push_buffer +
  59.165 -                                 ntohl(bin_pol->secondary_buffer_offset),
  59.166 -                                 MAX_PUSH_BUFFER -
  59.167 -                                 ntohl(bin_pol->secondary_buffer_offset));
  59.168 -    if (ret < 0)
  59.169 -    {
  59.170 -        printf("ERROR creating chwallpolicy buffer.\n");
  59.171 -        return -1;
  59.172 -    }
  59.173 -    bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
  59.174 -
  59.175 -    /* dump it and then push it down into xen/acm */
  59.176 -    acm_dump_policy_buffer(push_buffer, ntohl(bin_pol->len));
  59.177 -
  59.178 -    op.cmd = ACM_SETPOLICY;
  59.179 -    op.interface_version = ACM_INTERFACE_VERSION;
  59.180 -    op.u.setpolicy.pushcache = (void *) push_buffer;
  59.181 -    op.u.setpolicy.pushcache_size = ntohl(bin_pol->len);
  59.182 -    ret = do_acm_op(xc_handle, &op);
  59.183 -
  59.184 -    if (ret)
  59.185 -        printf("ERROR setting policy. Use 'xm dmesg' to see details.\n");
  59.186 -    else
  59.187 -        printf("Successfully changed policy.\n");
  59.188 -
  59.189 -    return ret;
  59.190 -}
  59.191 -
  59.192  /******************************* get policy ******************************/
  59.193  
  59.194  #define PULL_CACHE_SIZE		8192
  59.195 @@ -602,7 +427,6 @@ int acm_domain_dumpstats(int xc_handle)
  59.196  void usage(char *progname)
  59.197  {
  59.198      printf("Use: %s \n"
  59.199 -           "\t setpolicy\n"
  59.200             "\t getpolicy\n"
  59.201             "\t dumpstats\n"
  59.202             "\t loadpolicy <binary policy file>\n", progname);
  59.203 @@ -623,12 +447,7 @@ int main(int argc, char **argv)
  59.204          exit(-1);
  59.205      }
  59.206  
  59.207 -    if (!strcmp(argv[1], "setpolicy"))
  59.208 -    {
  59.209 -        if (argc != 2)
  59.210 -            usage(argv[0]);
  59.211 -        ret = acm_domain_setpolicy(acm_cmd_fd);
  59.212 -    } else if (!strcmp(argv[1], "getpolicy")) {
  59.213 +    if (!strcmp(argv[1], "getpolicy")) {
  59.214          if (argc != 2)
  59.215              usage(argv[0]);
  59.216          ret = acm_domain_getpolicy(acm_cmd_fd);
    60.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    60.2 +++ b/tools/security/secpol_xml2bin.c	Fri Aug 19 10:50:15 2005 +0000
    60.3 @@ -0,0 +1,1396 @@
    60.4 +/****************************************************************
    60.5 + * secpol_xml2bin.c
    60.6 + *
    60.7 + * Copyright (C) 2005 IBM Corporation
    60.8 + *
    60.9 + * Author: Reiner Sailer <sailer@us.ibm.com>
   60.10 + *
   60.11 + * Maintained:
   60.12 + * Reiner Sailer <sailer@us.ibm.com>
   60.13 + * Ray Valdez <rvaldez@us.ibm.com>
   60.14 + *
   60.15 + * This program is free software; you can redistribute it and/or
   60.16 + * modify it under the terms of the GNU General Public License as
   60.17 + * published by the Free Software Foundation, version 2 of the
   60.18 + * License.
   60.19 + *
   60.20 + * sHype policy translation tool. This tool takes an XML
   60.21 + * policy specification as input and produces a binary
   60.22 + * policy file that can be loaded into Xen through the
   60.23 + * ACM operations (secpol_tool loadpolicy) interface or at
   60.24 + * boot time (grub module parameter)
   60.25 + *
   60.26 + * indent -i4 -kr -nut
   60.27 + */
   60.28 +#include <stdio.h>
   60.29 +#include <stdlib.h>
   60.30 +#include <string.h>
   60.31 +#include <errno.h>
   60.32 +#include <libgen.h>
   60.33 +#include <fcntl.h>
   60.34 +#include <unistd.h>
   60.35 +#include <sys/types.h>
   60.36 +#include <sys/stat.h>
   60.37 +#include <sys/queue.h>
   60.38 +#include <netinet/in.h>
   60.39 +#include <libxml/xmlschemas.h>
   60.40 +#include <libxml/parser.h>
   60.41 +#include <libxml/tree.h>
   60.42 +#include <libxml/xmlreader.h>
   60.43 +#include "secpol_compat.h"
   60.44 +#include <xen/acm.h>
   60.45 +
   60.46 +#include "secpol_xml2bin.h"
   60.47 +
   60.48 +#define DEBUG    0
   60.49 +
   60.50 +/* primary / secondary policy component setting */
   60.51 +enum policycomponent { CHWALL, STE, NULLPOLICY }
   60.52 +    primary = NULLPOLICY, secondary = NULLPOLICY;
   60.53 +
   60.54 +/* general list element for ste and chwall type queues */
   60.55 +struct type_entry {
   60.56 +    TAILQ_ENTRY(type_entry) entries;
   60.57 +    char *name;                 /* name of type from xml file */
   60.58 +    type_t mapping;             /* type mapping into 16bit */
   60.59 +};
   60.60 +
   60.61 +TAILQ_HEAD(tailhead, type_entry) ste_head, chwall_head;
   60.62 +
   60.63 +/* general list element for all label queues */
   60.64 +enum label_type { VM, RES, ANY };
   60.65 +struct ssid_entry {
   60.66 +    TAILQ_ENTRY(ssid_entry) entries;
   60.67 +    char *name;                 /* label name */
   60.68 +    enum label_type type;       /* type: VM / RESOURCE LABEL */
   60.69 +    u_int32_t num;              /* ssid or referenced ssid */
   60.70 +    int is_ref;                 /* if this entry references earlier ssid number */
   60.71 +    unsigned char *row;         /* index of types (if not a reference) */
   60.72 +};
   60.73 +
   60.74 +TAILQ_HEAD(tailhead_ssid, ssid_entry) ste_ssid_head, chwall_ssid_head,
   60.75 +    conflictsets_head;
   60.76 +struct ssid_entry *current_chwall_ssid_p = NULL;
   60.77 +struct ssid_entry *current_ste_ssid_p = NULL;
   60.78 +struct ssid_entry *current_conflictset_p = NULL;
   60.79 +
   60.80 +/* which label to assign to dom0 during boot */
   60.81 +char *bootstrap_label;
   60.82 +
   60.83 +u_int32_t max_ste_ssids = 0;
   60.84 +u_int32_t max_chwall_ssids = 0;
   60.85 +u_int32_t max_chwall_labels = 0;
   60.86 +u_int32_t max_ste_labels = 0;
   60.87 +u_int32_t max_conflictsets = 0;
   60.88 +
   60.89 +char *current_ssid_name;        /* store name until structure is allocated */
   60.90 +char *current_conflictset_name; /* store name until structure is allocated */
   60.91 +
   60.92 +/* dynamic list of type mappings for STE */
   60.93 +u_int32_t max_ste_types = 0;
   60.94 +
   60.95 +/* dynamic list of type mappings for CHWALL */
   60.96 +u_int32_t max_chwall_types = 0;
   60.97 +
   60.98 +/* dynamic list of conflict sets */
   60.99 +int max_conflict_set = 0;
  60.100 +
  60.101 +/* which policies are defined */
  60.102 +int have_ste = 0;
  60.103 +int have_chwall = 0;
  60.104 +
  60.105 +/* input/output file names */
  60.106 +char *policy_filename = NULL,
  60.107 +    *label_filename = NULL,
  60.108 +    *binary_filename = NULL, *mapping_filename = NULL;
  60.109 +
  60.110 +void usage(char *prg)
  60.111 +{
  60.112 +    printf("usage:\n%s policyname[-policy.xml/-security_label_template.xml]\n",
  60.113 +         prg);
  60.114 +    exit(EXIT_FAILURE);
  60.115 +}
  60.116 +
  60.117 +
  60.118 +/***************** policy-related parsing *********************/
  60.119 +
  60.120 +char *type_by_mapping(struct tailhead *head, u_int32_t mapping)
  60.121 +{
  60.122 +    struct type_entry *np;
  60.123 +    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
  60.124 +        if (np->mapping == mapping)
  60.125 +            return np->name;
  60.126 +    return NULL;
  60.127 +}
  60.128 +
  60.129 +
  60.130 +struct type_entry *lookup(struct tailhead *head, char *name)
  60.131 +{
  60.132 +    struct type_entry *np;
  60.133 +    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
  60.134 +        if (!(strcmp(np->name, name)))
  60.135 +            return np;
  60.136 +    return NULL;
  60.137 +}
  60.138 +
  60.139 +/* enforces single-entry lists */
  60.140 +int add_entry(struct tailhead *head, char *name, type_t mapping)
  60.141 +{
  60.142 +    struct type_entry *e;
  60.143 +    if (lookup(head, name))
  60.144 +    {
  60.145 +        printf("Error: Type >%s< defined more than once.\n", name);
  60.146 +        return -EFAULT;         /* already in the list */
  60.147 +    }
  60.148 +    if (!(e = malloc(sizeof(struct type_entry))))
  60.149 +        return -ENOMEM;
  60.150 +
  60.151 +    e->name = name;
  60.152 +    e->mapping = mapping;
  60.153 +    TAILQ_INSERT_TAIL(head, e, entries);
  60.154 +    return 0;
  60.155 +}
  60.156 +
  60.157 +int totoken(char *tok)
  60.158 +{
  60.159 +    int i;
  60.160 +    for (i = 0; token[i] != NULL; i++)
  60.161 +        if (!strcmp(token[i], tok))
  60.162 +            return i;
  60.163 +    return -EFAULT;
  60.164 +}
  60.165 +
  60.166 +/* conflictsets use the same data structure as ssids; since
  60.167 + * they are similar in structure (set of types)
  60.168 + */
  60.169 +int init_next_conflictset(void)
  60.170 +{
  60.171 +    struct ssid_entry *conflictset = malloc(sizeof(struct ssid_entry));
  60.172 +
  60.173 +    if (!conflictset)
  60.174 +        return -ENOMEM;
  60.175 +
  60.176 +    conflictset->name = current_conflictset_name;
  60.177 +    conflictset->num = max_conflictsets++;
  60.178 +    conflictset->is_ref = 0;    /* n/a for conflictsets */
  60.179 +        /**
  60.180 +         *  row: allocate one byte per type;
  60.181 +         *  [i] != 0 --> mapped type >i< is part of the conflictset
  60.182 +         */
  60.183 +    conflictset->row = malloc(max_chwall_types);
  60.184 +    if (!conflictset->row)
  60.185 +        return -ENOMEM;
  60.186 +
  60.187 +    memset(conflictset->row, 0, max_chwall_types);
  60.188 +    TAILQ_INSERT_TAIL(&conflictsets_head, conflictset, entries);
  60.189 +    current_conflictset_p = conflictset;
  60.190 +    return 0;
  60.191 +}
  60.192 +
  60.193 +int register_type(xmlNode * cur_node, xmlDocPtr doc, unsigned long state)
  60.194 +{
  60.195 +    xmlChar *text;
  60.196 +    struct type_entry *e;
  60.197 +
  60.198 +
  60.199 +    text = xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1);
  60.200 +    if (!text)
  60.201 +    {
  60.202 +        printf("Error reading type name!\n");
  60.203 +        return -EFAULT;
  60.204 +    }
  60.205 +
  60.206 +    switch (state) {
  60.207 +    case XML2BIN_stetype_S:
  60.208 +        if (add_entry(&ste_head, (char *) text, max_ste_types))
  60.209 +        {
  60.210 +            xmlFree(text);
  60.211 +            return -EFAULT;
  60.212 +        }
  60.213 +        max_ste_types++;
  60.214 +        break;
  60.215 +
  60.216 +    case XML2BIN_chwalltype_S:
  60.217 +        if (add_entry(&chwall_head, (char *) text, max_chwall_types))
  60.218 +        {
  60.219 +            xmlFree(text);
  60.220 +            return -EFAULT;
  60.221 +        }
  60.222 +        max_chwall_types++;
  60.223 +        break;
  60.224 +
  60.225 +    case XML2BIN_conflictsettype_S:
  60.226 +        /* a) search the type in the chwall_type list */
  60.227 +        e = lookup(&chwall_head, (char *) text);
  60.228 +        if (e == NULL)
  60.229 +        {
  60.230 +            printf("CS type >%s< not a CHWALL type.\n", text);
  60.231 +            xmlFree(text);
  60.232 +            return -EFAULT;
  60.233 +        }
  60.234 +        /* b) add type entry to the current cs set */
  60.235 +        if (current_conflictset_p->row[e->mapping])
  60.236 +        {
  60.237 +            printf("ERROR: Double entry of type >%s< in conflict set %d.\n",
  60.238 +                 text, current_conflictset_p->num);
  60.239 +            xmlFree(text);
  60.240 +            return -EFAULT;
  60.241 +        }
  60.242 +        current_conflictset_p->row[e->mapping] = 1;
  60.243 +        break;
  60.244 +
  60.245 +    default:
  60.246 +        printf("Incorrect type environment (state = %lx, text = %s).\n",
  60.247 +               state, text);
  60.248 +        xmlFree(text);
  60.249 +        return -EFAULT;
  60.250 +    }
  60.251 +    return 0;
  60.252 +}
  60.253 +
  60.254 +void set_component_type(xmlNode * cur_node, enum policycomponent pc)
  60.255 +{
  60.256 +    xmlChar *order;
  60.257 +
  60.258 +    if ((order = xmlGetProp(cur_node, (xmlChar *) PRIMARY_COMPONENT_ATTR_NAME))) {
  60.259 +        if (strcmp((char *) order, PRIMARY_COMPONENT))
  60.260 +        {
  60.261 +            printf("ERROR: Illegal attribut value >order=%s<.\n",
  60.262 +                   (char *) order);
  60.263 +            xmlFree(order);
  60.264 +            exit(EXIT_FAILURE);
  60.265 +        }
  60.266 +        if (primary != NULLPOLICY)
  60.267 +        {
  60.268 +            printf("ERROR: Primary Policy Component set twice!\n");
  60.269 +            exit(EXIT_FAILURE);
  60.270 +        }
  60.271 +        primary = pc;
  60.272 +        xmlFree(order);
  60.273 +    }
  60.274 +}
  60.275 +
  60.276 +void walk_policy(xmlNode * start, xmlDocPtr doc, unsigned long state)
  60.277 +{
  60.278 +    xmlNode *cur_node = NULL;
  60.279 +    int code;
  60.280 +
  60.281 +    for (cur_node = start; cur_node; cur_node = cur_node->next)
  60.282 +    {
  60.283 +        if ((code = totoken((char *) cur_node->name)) < 0)
  60.284 +        {
  60.285 +            printf("Unknown token: >%s<. Aborting.\n", cur_node->name);
  60.286 +            exit(EXIT_FAILURE);
  60.287 +        }
  60.288 +        switch (code) {         /* adjust state to new state */
  60.289 +        case XML2BIN_SECPOL:
  60.290 +        case XML2BIN_STETYPES:
  60.291 +        case XML2BIN_CHWALLTYPES:
  60.292 +        case XML2BIN_CONFLICTSETS:
  60.293 +            walk_policy(cur_node->children, doc, state | (1 << code));
  60.294 +            break;
  60.295 +
  60.296 +        case XML2BIN_STE:
  60.297 +            if (WRITTEN_AGAINST_ACM_STE_VERSION != ACM_STE_VERSION)
  60.298 +            {
  60.299 +                printf("ERROR: This program was written against another STE version.\n");
  60.300 +                exit(EXIT_FAILURE);
  60.301 +            }
  60.302 +            have_ste = 1;
  60.303 +            set_component_type(cur_node, STE);
  60.304 +            walk_policy(cur_node->children, doc, state | (1 << code));
  60.305 +            break;
  60.306 +
  60.307 +        case XML2BIN_CHWALL:
  60.308 +            if (WRITTEN_AGAINST_ACM_CHWALL_VERSION != ACM_CHWALL_VERSION)
  60.309 +            {
  60.310 +                printf("ERROR: This program was written against another CHWALL version.\n");
  60.311 +                exit(EXIT_FAILURE);
  60.312 +            }
  60.313 +            have_chwall = 1;
  60.314 +            set_component_type(cur_node, CHWALL);
  60.315 +            walk_policy(cur_node->children, doc, state | (1 << code));
  60.316 +            break;
  60.317 +
  60.318 +        case XML2BIN_CSTYPE:
  60.319 +            current_conflictset_name =
  60.320 +                (char *) xmlGetProp(cur_node, (xmlChar *) "name");
  60.321 +            if (!current_conflictset_name)
  60.322 +                current_conflictset_name = "";
  60.323 +
  60.324 +            if (init_next_conflictset())
  60.325 +            {
  60.326 +                printf
  60.327 +                    ("ERROR: creating new conflictset structure failed.\n");
  60.328 +                exit(EXIT_FAILURE);
  60.329 +            }
  60.330 +            walk_policy(cur_node->children, doc, state | (1 << code));
  60.331 +            break;
  60.332 +
  60.333 +        case XML2BIN_TYPE:
  60.334 +            if (register_type(cur_node, doc, state))
  60.335 +                exit(EXIT_FAILURE);
  60.336 +            /* type leaf */
  60.337 +            break;
  60.338 +
  60.339 +        case XML2BIN_TEXT:
  60.340 +        case XML2BIN_COMMENT:
  60.341 +        case XML2BIN_POLICYHEADER:
  60.342 +            /* leaf - nothing to do */
  60.343 +            break;
  60.344 +
  60.345 +        default:
  60.346 +            printf("Unkonwn token Error (%d)\n", code);
  60.347 +            exit(EXIT_FAILURE);
  60.348 +        }
  60.349 +
  60.350 +    }
  60.351 +    return;
  60.352 +}
  60.353 +
  60.354 +int create_type_mapping(xmlDocPtr doc)
  60.355 +{
  60.356 +    xmlNode *root_element = xmlDocGetRootElement(doc);
  60.357 +    struct type_entry *te;
  60.358 +    struct ssid_entry *se;
  60.359 +    int i;
  60.360 +
  60.361 +    printf("Creating ssid mappings ...\n");
  60.362 +
  60.363 +    /* initialize the ste and chwall type lists */
  60.364 +    TAILQ_INIT(&ste_head);
  60.365 +    TAILQ_INIT(&chwall_head);
  60.366 +    TAILQ_INIT(&conflictsets_head);
  60.367 +
  60.368 +    walk_policy(root_element, doc, XML2BIN_NULL);
  60.369 +
  60.370 +    /* determine primary/secondary policy component orders */
  60.371 +    if ((primary == NULLPOLICY) && have_chwall)
  60.372 +        primary = CHWALL;       /* default if not set */
  60.373 +    else if ((primary == NULLPOLICY) && have_ste)
  60.374 +        primary = STE;
  60.375 +
  60.376 +    switch (primary) {
  60.377 +
  60.378 +    case CHWALL:
  60.379 +        if (have_ste)
  60.380 +            secondary = STE;
  60.381 +        /* else default = NULLPOLICY */
  60.382 +        break;
  60.383 +
  60.384 +    case STE:
  60.385 +        if (have_chwall)
  60.386 +            secondary = CHWALL;
  60.387 +        /* else default = NULLPOLICY */
  60.388 +        break;
  60.389 +
  60.390 +    default:
  60.391 +        /* NULL/NULL policy */
  60.392 +        break;
  60.393 +    }
  60.394 +
  60.395 +    if (!DEBUG)
  60.396 +        return 0;
  60.397 +
  60.398 +    /* print queues */
  60.399 +    if (have_ste)
  60.400 +    {
  60.401 +        printf("STE-Type queue (%s):\n",
  60.402 +               (primary == STE) ? "PRIMARY" : "SECONDARY");
  60.403 +        for (te = ste_head.tqh_first; te != NULL;
  60.404 +             te = te->entries.tqe_next)
  60.405 +            printf("name=%22s, map=%x\n", te->name, te->mapping);
  60.406 +    }
  60.407 +    if (have_chwall)
  60.408 +    {
  60.409 +        printf("CHWALL-Type queue (%s):\n",
  60.410 +               (primary == CHWALL) ? "PRIMARY" : "SECONDARY");
  60.411 +        for (te = chwall_head.tqh_first; te != NULL;
  60.412 +             te = te->entries.tqe_next)
  60.413 +            printf("name=%s, map=%x\n", te->name, te->mapping);
  60.414 +
  60.415 +        printf("Conflictset queue (max=%d):\n", max_conflictsets);
  60.416 +        for (se = conflictsets_head.tqh_first; se != NULL;
  60.417 +             se = se->entries.tqe_next)
  60.418 +        {
  60.419 +            printf("conflictset name >%s<\n",
  60.420 +                   se->name ? se->name : "NONAME");
  60.421 +            for (i = 0; i < max_chwall_types; i++)
  60.422 +                if (se->row[i])
  60.423 +                    printf("#%x ", i);
  60.424 +            printf("\n");
  60.425 +        }
  60.426 +    }
  60.427 +    return 0;
  60.428 +}
  60.429 +
  60.430 +
  60.431 +/***************** template-related parsing *********************/
  60.432 +
  60.433 +/* add default ssid at head of ssid queues */
  60.434 +int init_ssid_queues(void)
  60.435 +{
  60.436 +    struct ssid_entry *default_ssid_chwall, *default_ssid_ste;
  60.437 +
  60.438 +    default_ssid_chwall = malloc(sizeof(struct ssid_entry));
  60.439 +    default_ssid_ste = malloc(sizeof(struct ssid_entry));
  60.440 +
  60.441 +    if ((!default_ssid_chwall) || (!default_ssid_ste))
  60.442 +        return -ENOMEM;
  60.443 +
  60.444 +    /* default chwall ssid */
  60.445 +    default_ssid_chwall->name = "DEFAULT";
  60.446 +    default_ssid_chwall->num = max_chwall_ssids++;
  60.447 +    default_ssid_chwall->is_ref = 0;
  60.448 +    default_ssid_chwall->type = ANY;
  60.449 +
  60.450 +    default_ssid_chwall->row = malloc(max_chwall_types);
  60.451 +
  60.452 +    if (!default_ssid_chwall->row)
  60.453 +        return -ENOMEM;
  60.454 +
  60.455 +    memset(default_ssid_chwall->row, 0, max_chwall_types);
  60.456 +
  60.457 +    TAILQ_INSERT_TAIL(&chwall_ssid_head, default_ssid_chwall, entries);
  60.458 +    current_chwall_ssid_p = default_ssid_chwall;
  60.459 +    max_chwall_labels++;
  60.460 +
  60.461 +    /* default ste ssid */
  60.462 +    default_ssid_ste->name = "DEFAULT";
  60.463 +    default_ssid_ste->num = max_ste_ssids++;
  60.464 +    default_ssid_ste->is_ref = 0;
  60.465 +    default_ssid_ste->type = ANY;
  60.466 +
  60.467 +    default_ssid_ste->row = malloc(max_ste_types);
  60.468 +
  60.469 +    if (!default_ssid_ste->row)
  60.470 +        return -ENOMEM;
  60.471 +
  60.472 +    memset(default_ssid_ste->row, 0, max_ste_types);
  60.473 +
  60.474 +    TAILQ_INSERT_TAIL(&ste_ssid_head, default_ssid_ste, entries);
  60.475 +    current_ste_ssid_p = default_ssid_ste;
  60.476 +    max_ste_labels++;
  60.477 +    return 0;
  60.478 +}
  60.479 +
  60.480 +int init_next_chwall_ssid(unsigned long state)
  60.481 +{
  60.482 +    struct ssid_entry *ssid = malloc(sizeof(struct ssid_entry));
  60.483 +
  60.484 +    if (!ssid)
  60.485 +        return -ENOMEM;
  60.486 +
  60.487 +    ssid->name = current_ssid_name;
  60.488 +    ssid->num = max_chwall_ssids++;
  60.489 +    ssid->is_ref = 0;
  60.490 +
  60.491 +    if (state & (1 << XML2BIN_VM))
  60.492 +        ssid->type = VM;
  60.493 +    else
  60.494 +        ssid->type = RES;
  60.495 +        /**
  60.496 +         *  row: allocate one byte per type;
  60.497 +         *  [i] != 0 --> mapped type >i< is part of the ssid
  60.498 +         */
  60.499 +    ssid->row = malloc(max_chwall_types);
  60.500 +    if (!ssid->row)
  60.501 +        return -ENOMEM;
  60.502 +
  60.503 +    memset(ssid->row, 0, max_chwall_types);
  60.504 +    TAILQ_INSERT_TAIL(&chwall_ssid_head, ssid, entries);
  60.505 +    current_chwall_ssid_p = ssid;
  60.506 +    max_chwall_labels++;
  60.507 +    return 0;
  60.508 +}
  60.509 +
  60.510 +int init_next_ste_ssid(unsigned long state)
  60.511 +{
  60.512 +    struct ssid_entry *ssid = malloc(sizeof(struct ssid_entry));
  60.513 +
  60.514 +    if (!ssid)
  60.515 +        return -ENOMEM;
  60.516 +
  60.517 +    ssid->name = current_ssid_name;
  60.518 +    ssid->num = max_ste_ssids++;
  60.519 +    ssid->is_ref = 0;
  60.520 +
  60.521 +    if (state & (1 << XML2BIN_VM))
  60.522 +        ssid->type = VM;
  60.523 +    else
  60.524 +        ssid->type = RES;
  60.525 +
  60.526 +        /**
  60.527 +         *  row: allocate one byte per type;
  60.528 +         *  [i] != 0 --> mapped type >i< is part of the ssid
  60.529 +         */
  60.530 +    ssid->row = malloc(max_ste_types);
  60.531 +    if (!ssid->row)
  60.532 +        return -ENOMEM;
  60.533 +
  60.534 +    memset(ssid->row, 0, max_ste_types);
  60.535 +    TAILQ_INSERT_TAIL(&ste_ssid_head, ssid, entries);
  60.536 +    current_ste_ssid_p = ssid;
  60.537 +    max_ste_labels++;
  60.538 +
  60.539 +    return 0;
  60.540 +}
  60.541 +
  60.542 +
  60.543 +/* adds a type to the current ssid */
  60.544 +int add_type(xmlNode * cur_node, xmlDocPtr doc, unsigned long state)
  60.545 +{
  60.546 +    xmlChar *text;
  60.547 +    struct type_entry *e;
  60.548 +
  60.549 +    text = xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1);
  60.550 +    if (!text)
  60.551 +    {
  60.552 +        printf("Error reading type name!\n");
  60.553 +        return -EFAULT;
  60.554 +    }
  60.555 +    /* same for all: 1. lookup type mapping, 2. mark type in ssid */
  60.556 +    switch (state) {
  60.557 +    case XML2BIN_VM_STE_S:
  60.558 +    case XML2BIN_RES_STE_S:
  60.559 +        /* lookup the type mapping and include the type mapping into the array */
  60.560 +        if (!(e = lookup(&ste_head, (char *) text)))
  60.561 +        {
  60.562 +            printf("ERROR: unknown VM STE type >%s<.\n", text);
  60.563 +            exit(EXIT_FAILURE);
  60.564 +        }
  60.565 +        if (current_ste_ssid_p->row[e->mapping])
  60.566 +            printf("Warning: double entry of VM STE type >%s<.\n", text);
  60.567 +
  60.568 +        current_ste_ssid_p->row[e->mapping] = 1;
  60.569 +        break;
  60.570 +
  60.571 +    case XML2BIN_VM_CHWALL_S:
  60.572 +        /* lookup the type mapping and include the type mapping into the array */
  60.573 +        if (!(e = lookup(&chwall_head, (char *) text)))
  60.574 +        {
  60.575 +            printf("ERROR: unknown VM CHWALL type >%s<.\n", text);
  60.576 +            exit(EXIT_FAILURE);
  60.577 +        }
  60.578 +        if (current_chwall_ssid_p->row[e->mapping])
  60.579 +            printf("Warning: double entry of VM CHWALL type >%s<.\n",
  60.580 +                   text);
  60.581 +
  60.582 +        current_chwall_ssid_p->row[e->mapping] = 1;
  60.583 +        break;
  60.584 +
  60.585 +    default:
  60.586 +        printf("Incorrect type environment (state = %lx, text = %s).\n",
  60.587 +               state, text);
  60.588 +        xmlFree(text);
  60.589 +        return -EFAULT;
  60.590 +    }
  60.591 +    return 0;
  60.592 +}
  60.593 +
  60.594 +void set_bootstrap_label(xmlNode * cur_node)
  60.595 +{
  60.596 +    xmlChar *order;
  60.597 +
  60.598 +    if ((order = xmlGetProp(cur_node, (xmlChar *) BOOTSTRAP_LABEL_ATTR_NAME)))
  60.599 +        bootstrap_label = (char *)order;
  60.600 +    else {
  60.601 +        printf("ERROR: No bootstrap label defined!\n");
  60.602 +        exit(EXIT_FAILURE);
  60.603 +    }
  60.604 +}
  60.605 +
  60.606 +void walk_labels(xmlNode * start, xmlDocPtr doc, unsigned long state)
  60.607 +{
  60.608 +    xmlNode *cur_node = NULL;
  60.609 +    int code;
  60.610 +
  60.611 +    for (cur_node = start; cur_node; cur_node = cur_node->next)
  60.612 +    {
  60.613 +        if ((code = totoken((char *) cur_node->name)) < 0)
  60.614 +        {
  60.615 +            printf("Unkonwn token: >%s<. Aborting.\n", cur_node->name);
  60.616 +            exit(EXIT_FAILURE);
  60.617 +        }
  60.618 +        switch (code) {         /* adjust state to new state */
  60.619 +
  60.620 +        case XML2BIN_SUBJECTS:
  60.621 +            set_bootstrap_label(cur_node);
  60.622 +            /* fall through */
  60.623 +        case XML2BIN_VM:
  60.624 +        case XML2BIN_RES:
  60.625 +        case XML2BIN_SECTEMPLATE:
  60.626 +        case XML2BIN_OBJECTS:
  60.627 +            walk_labels(cur_node->children, doc, state | (1 << code));
  60.628 +            break;
  60.629 +
  60.630 +        case XML2BIN_STETYPES:
  60.631 +            /* create new ssid entry to use and point current to it */
  60.632 +            if (init_next_ste_ssid(state))
  60.633 +            {
  60.634 +                printf("ERROR: creating new ste ssid structure failed.\n");
  60.635 +                exit(EXIT_FAILURE);
  60.636 +            }
  60.637 +            walk_labels(cur_node->children, doc, state | (1 << code));
  60.638 +
  60.639 +            break;
  60.640 +
  60.641 +        case XML2BIN_CHWALLTYPES:
  60.642 +            /* create new ssid entry to use and point current to it */
  60.643 +            if (init_next_chwall_ssid(state))
  60.644 +            {
  60.645 +                printf("ERROR: creating new chwall ssid structure failed.\n");
  60.646 +                exit(EXIT_FAILURE);
  60.647 +            }
  60.648 +            walk_labels(cur_node->children, doc, state | (1 << code));
  60.649 +
  60.650 +            break;
  60.651 +
  60.652 +        case XML2BIN_TYPE:
  60.653 +            /* add type to current ssid */
  60.654 +            if (add_type(cur_node, doc, state))
  60.655 +                exit(EXIT_FAILURE);
  60.656 +            break;
  60.657 +
  60.658 +        case XML2BIN_NAME:
  60.659 +            if ((state != XML2BIN_VM_S) && (state != XML2BIN_RES_S))
  60.660 +            {
  60.661 +                printf("ERROR: >name< out of VM/RES context.\n");
  60.662 +                exit(EXIT_FAILURE);
  60.663 +            }
  60.664 +            current_ssid_name = (char *)
  60.665 +                xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1);
  60.666 +
  60.667 +            if (!current_ssid_name)
  60.668 +            {
  60.669 +                printf("ERROR: empty >name<!\n");
  60.670 +                exit(EXIT_FAILURE);
  60.671 +            }
  60.672 +            break;
  60.673 +
  60.674 +        case XML2BIN_TEXT:
  60.675 +        case XML2BIN_COMMENT:
  60.676 +        case XML2BIN_LABELHEADER:
  60.677 +            break;
  60.678 +
  60.679 +        default:
  60.680 +            printf("Unkonwn token Error (%d)\n", code);
  60.681 +            exit(EXIT_FAILURE);
  60.682 +        }
  60.683 +
  60.684 +    }
  60.685 +    return;
  60.686 +}
  60.687 +
  60.688 +/* this function walks through a ssid queue
  60.689 + * and transforms double entries into references
  60.690 + * of the first definition (we need to keep the
  60.691 + * entry to map labels but we don't want double
  60.692 + * ssids in the binary policy
  60.693 + */
  60.694 +void
  60.695 +remove_doubles(struct tailhead_ssid *head,
  60.696 +                        u_int32_t max_types, u_int32_t * max_ssids)
  60.697 +{
  60.698 +    struct ssid_entry *np, *ni;
  60.699 +
  60.700 +    /* walk once through the list */
  60.701 +    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
  60.702 +    {
  60.703 +        /* now search from the start until np for the same entry */
  60.704 +        for (ni = head->tqh_first; ni != np; ni = ni->entries.tqe_next)
  60.705 +        {
  60.706 +            if (ni->is_ref)
  60.707 +                continue;
  60.708 +            if (memcmp(np->row, ni->row, max_types))
  60.709 +                continue;
  60.710 +            /* found one, set np reference to ni */
  60.711 +            np->is_ref = 1;
  60.712 +            np->num = ni->num;
  60.713 +            (*max_ssids)--;
  60.714 +        }
  60.715 +    }
  60.716 +
  60.717 +    /* now minimize the ssid numbers used (doubles introduce holes) */
  60.718 +    (*max_ssids) = 0; /* reset */
  60.719 +
  60.720 +    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
  60.721 +    {
  60.722 +        if (np->is_ref)
  60.723 +            continue;
  60.724 +
  60.725 +        if (np->num != (*max_ssids)) {
  60.726 +                /* first reset all later references to the new max_ssid */
  60.727 +                for (ni = np->entries.tqe_next; ni != NULL; ni = ni->entries.tqe_next)
  60.728 +                {
  60.729 +                    if (ni->num == np->num)
  60.730 +                        ni->num = (*max_ssids);
  60.731 +                }
  60.732 +                /* now reset num */
  60.733 +                np->num = (*max_ssids)++;
  60.734 +        }
  60.735 +        else
  60.736 +            (*max_ssids)++;
  60.737 +    }
  60.738 +}
  60.739 +
  60.740 +/*
  60.741 + * will go away as soon as we have non-static bootstrap ssidref for dom0
  60.742 + */
  60.743 +void fixup_bootstrap_label(struct tailhead_ssid *head,
  60.744 +                         u_int32_t max_types, u_int32_t * max_ssids)
  60.745 +{
  60.746 +    struct ssid_entry *np;
  60.747 +    int i;
  60.748 +
  60.749 +    /* should not happen if xml / xsd checks work */
  60.750 +    if (!bootstrap_label)
  60.751 +    {
  60.752 +        printf("ERROR: No bootstrap label defined.\n");
  60.753 +        exit(EXIT_FAILURE);
  60.754 +    }
  60.755 +
  60.756 +    /* search bootstrap_label */
  60.757 +    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
  60.758 +    {
  60.759 +        if (!strcmp(np->name, bootstrap_label))
  60.760 +        {
  60.761 +            break;
  60.762 +        }
  60.763 +    }
  60.764 +
  60.765 +    if (!np) {
  60.766 +        /* bootstrap label not found */
  60.767 +        printf("ERROR: Bootstrap label >%s< not found.\n", bootstrap_label);
  60.768 +        exit(EXIT_FAILURE);
  60.769 +    }
  60.770 +
  60.771 +    /* move this entry ahead in the list right after the default entry so it
  60.772 +     * receives ssidref 1/1 */
  60.773 +    TAILQ_REMOVE(head, np, entries);
  60.774 +    TAILQ_INSERT_AFTER(head, head->tqh_first, np, entries);
  60.775 +
  60.776 +    /* renumber the ssids (we could also just switch places with 1st element) */
  60.777 +    for (np = head->tqh_first, i=0; np != NULL; np = np->entries.tqe_next, i++)
  60.778 +        np->num   = i;
  60.779 +
  60.780 +}
  60.781 +
  60.782 +int create_ssid_mapping(xmlDocPtr doc)
  60.783 +{
  60.784 +    xmlNode *root_element = xmlDocGetRootElement(doc);
  60.785 +    struct ssid_entry *np;
  60.786 +    int i;
  60.787 +
  60.788 +    printf("Creating label mappings ...\n");
  60.789 +    /* initialize the ste and chwall type lists */
  60.790 +    TAILQ_INIT(&chwall_ssid_head);
  60.791 +    TAILQ_INIT(&ste_ssid_head);
  60.792 +
  60.793 +    /* init with default ssids */
  60.794 +    if (init_ssid_queues())
  60.795 +    {
  60.796 +        printf("ERROR adding default ssids.\n");
  60.797 +        exit(EXIT_FAILURE);
  60.798 +    }
  60.799 +
  60.800 +    /* now walk the template DOM tree and fill in ssids */
  60.801 +    walk_labels(root_element, doc, XML2BIN_NULL);
  60.802 +
  60.803 +    /*
  60.804 +     * now sort bootstrap label to the head of the list
  60.805 +     * (for now), dom0 assumes its label in the first
  60.806 +     * defined ssidref (1/1). 0/0 is the default non-Label
  60.807 +     */
  60.808 +    if (have_chwall)
  60.809 +        fixup_bootstrap_label(&chwall_ssid_head, max_chwall_types,
  60.810 +                                &max_chwall_ssids);
  60.811 +    if (have_ste)
  60.812 +        fixup_bootstrap_label(&ste_ssid_head, max_ste_types,
  60.813 +                                &max_ste_ssids);
  60.814 +
  60.815 +    /* remove any double entries (insert reference instead) */
  60.816 +    if (have_chwall)
  60.817 +        remove_doubles(&chwall_ssid_head, max_chwall_types,
  60.818 +                       &max_chwall_ssids);
  60.819 +    if (have_ste)
  60.820 +        remove_doubles(&ste_ssid_head, max_ste_types,
  60.821 +                       &max_ste_ssids);
  60.822 +
  60.823 +    if (!DEBUG)
  60.824 +        return 0;
  60.825 +
  60.826 +    /* print queues */
  60.827 +    if (have_chwall)
  60.828 +    {
  60.829 +        printf("CHWALL SSID queue (max ssidrefs=%d):\n", max_chwall_ssids);
  60.830 +        np = NULL;
  60.831 +        for (np = chwall_ssid_head.tqh_first; np != NULL;
  60.832 +             np = np->entries.tqe_next)
  60.833 +        {
  60.834 +            printf("SSID #%02u (Label=%s)\n", np->num, np->name);
  60.835 +            if (np->is_ref)
  60.836 +                printf("REFERENCE");
  60.837 +            else
  60.838 +                for (i = 0; i < max_chwall_types; i++)
  60.839 +                    if (np->row[i])
  60.840 +                        printf("#%02d ", i);
  60.841 +            printf("\n\n");
  60.842 +        }
  60.843 +    }
  60.844 +    if (have_ste)
  60.845 +    {
  60.846 +        printf("STE SSID queue (max ssidrefs=%d):\n", max_ste_ssids);
  60.847 +        np = NULL;
  60.848 +        for (np = ste_ssid_head.tqh_first; np != NULL;
  60.849 +             np = np->entries.tqe_next)
  60.850 +        {
  60.851 +            printf("SSID #%02u (Label=%s)\n", np->num, np->name);
  60.852 +            if (np->is_ref)
  60.853 +                printf("REFERENCE");
  60.854 +            else
  60.855 +                for (i = 0; i < max_ste_types; i++)
  60.856 +                    if (np->row[i])
  60.857 +                        printf("#%02d ", i);
  60.858 +            printf("\n\n");
  60.859 +        }
  60.860 +    }
  60.861 +    return 0;
  60.862 +}
  60.863 +
  60.864 +/***************** writing the binary policy *********************/
  60.865 +
  60.866 +/*
  60.867 + * the mapping file is ascii-based since it will likely be used from
  60.868 + * within scripts (using awk, grep, etc.);
  60.869 + *
  60.870 + * We print from high-level to low-level information so that with one
  60.871 + * pass, any symbol can be resolved (e.g. Label -> types)
  60.872 + */
  60.873 +int write_mapping(char *filename)
  60.874 +{
  60.875 +
  60.876 +    struct ssid_entry *e;
  60.877 +    struct type_entry *t;
  60.878 +    int i;
  60.879 +    FILE *file;
  60.880 +
  60.881 +    if ((file = fopen(filename, "w")) == NULL)
  60.882 +        return -EIO;
  60.883 +
  60.884 +    fprintf(file, "MAGIC                  %08x\n", ACM_MAGIC);
  60.885 +    fprintf(file, "POLICY                 %s\n",
  60.886 +            basename(policy_filename));
  60.887 +    fprintf(file, "BINARY                 %s\n",
  60.888 +            basename(binary_filename));
  60.889 +    if (have_chwall)
  60.890 +    {
  60.891 +        fprintf(file, "MAX-CHWALL-TYPES       %08x\n", max_chwall_types);
  60.892 +        fprintf(file, "MAX-CHWALL-SSIDS       %08x\n", max_chwall_ssids);
  60.893 +        fprintf(file, "MAX-CHWALL-LABELS      %08x\n", max_chwall_labels);
  60.894 +    }
  60.895 +    if (have_ste)
  60.896 +    {
  60.897 +        fprintf(file, "MAX-STE-TYPES          %08x\n", max_ste_types);
  60.898 +        fprintf(file, "MAX-STE-SSIDS          %08x\n", max_ste_ssids);
  60.899 +        fprintf(file, "MAX-STE-LABELS         %08x\n", max_ste_labels);
  60.900 +    }
  60.901 +    fprintf(file, "\n");
  60.902 +
  60.903 +    /* primary / secondary order for combined ssid synthesis/analysis
  60.904 +     * if no primary is named, then chwall is primary */
  60.905 +    switch (primary) {
  60.906 +    case CHWALL:
  60.907 +        fprintf(file, "PRIMARY                CHWALL\n");
  60.908 +        break;
  60.909 +
  60.910 +    case STE:
  60.911 +        fprintf(file, "PRIMARY                STE\n");
  60.912 +        break;
  60.913 +
  60.914 +    default:
  60.915 +        fprintf(file, "PRIMARY                NULL\n");
  60.916 +        break;
  60.917 +    }
  60.918 +
  60.919 +    switch (secondary) {
  60.920 +    case CHWALL:
  60.921 +        fprintf(file, "SECONDARY              CHWALL\n");
  60.922 +        break;
  60.923 +
  60.924 +    case STE:
  60.925 +        fprintf(file, "SECONDARY              STE\n");
  60.926 +        break;
  60.927 +
  60.928 +    default:
  60.929 +        fprintf(file, "SECONDARY              NULL\n");
  60.930 +        break;
  60.931 +    }
  60.932 +    fprintf(file, "\n");
  60.933 +
  60.934 +    /* first labels to ssid mappings */
  60.935 +    if (have_chwall)
  60.936 +    {
  60.937 +        for (e = chwall_ssid_head.tqh_first; e != NULL;
  60.938 +             e = e->entries.tqe_next)
  60.939 +        {
  60.940 +            fprintf(file, "LABEL->SSID %s CHWALL %-25s %8x\n",
  60.941 +                    (e->type ==
  60.942 +                     VM) ? "VM " : ((e->type == RES) ? "RES" : "ANY"),
  60.943 +                    e->name, e->num);
  60.944 +        }
  60.945 +        fprintf(file, "\n");
  60.946 +    }
  60.947 +    if (have_ste)
  60.948 +    {
  60.949 +        for (e = ste_ssid_head.tqh_first; e != NULL;
  60.950 +             e = e->entries.tqe_next)
  60.951 +        {
  60.952 +            fprintf(file, "LABEL->SSID %s STE    %-25s %8x\n",
  60.953 +                    (e->type ==
  60.954 +                     VM) ? "VM " : ((e->type == RES) ? "RES" : "ANY"),
  60.955 +                    e->name, e->num);
  60.956 +        }
  60.957 +        fprintf(file, "\n");
  60.958 +    }
  60.959 +
  60.960 +    /* second ssid to type mappings */
  60.961 +    if (have_chwall)
  60.962 +    {
  60.963 +        for (e = chwall_ssid_head.tqh_first; e != NULL;
  60.964 +             e = e->entries.tqe_next)
  60.965 +        {
  60.966 +            if (e->is_ref)
  60.967 +                continue;
  60.968 +
  60.969 +            fprintf(file, "SSID->TYPE CHWALL      %08x", e->num);
  60.970 +
  60.971 +            for (i = 0; i < max_chwall_types; i++)
  60.972 +                if (e->row[i])
  60.973 +                    fprintf(file, " %s", type_by_mapping(&chwall_head, i));
  60.974 +
  60.975 +            fprintf(file, "\n");
  60.976 +        }
  60.977 +        fprintf(file, "\n");
  60.978 +    }
  60.979 +    if (have_ste) {
  60.980 +        for (e = ste_ssid_head.tqh_first; e != NULL;
  60.981 +             e = e->entries.tqe_next)
  60.982 +        {
  60.983 +            if (e->is_ref)
  60.984 +                continue;
  60.985 +
  60.986 +            fprintf(file, "SSID->TYPE STE         %08x", e->num);
  60.987 +
  60.988 +            for (i = 0; i < max_ste_types; i++)
  60.989 +                if (e->row[i])
  60.990 +                    fprintf(file, " %s", type_by_mapping(&ste_head, i));
  60.991 +
  60.992 +            fprintf(file, "\n");
  60.993 +        }
  60.994 +        fprintf(file, "\n");
  60.995 +    }
  60.996 +    /* third type mappings */
  60.997 +    if (have_chwall)
  60.998 +    {
  60.999 +        for (t = chwall_head.tqh_first; t != NULL; t = t->entries.tqe_next)
 60.1000 +        {
 60.1001 +            fprintf(file, "TYPE CHWALL            %-25s %8x\n",
 60.1002 +                    t->name, t->mapping);
 60.1003 +        }
 60.1004 +        fprintf(file, "\n");
 60.1005 +    }
 60.1006 +    if (have_ste) {
 60.1007 +        for (t = ste_head.tqh_first; t != NULL; t = t->entries.tqe_next)
 60.1008 +        {
 60.1009 +            fprintf(file, "TYPE STE               %-25s %8x\n",
 60.1010 +                    t->name, t->mapping);
 60.1011 +        }
 60.1012 +        fprintf(file, "\n");
 60.1013 +    }
 60.1014 +    fclose(file);
 60.1015 +    return 0;
 60.1016 +}
 60.1017 +
 60.1018 +unsigned char *write_chwall_binary(u_int32_t * len_chwall)
 60.1019 +{
 60.1020 +    unsigned char *buf, *ptr;
 60.1021 +    struct acm_chwall_policy_buffer *chwall_header;
 60.1022 +    u_int32_t len;
 60.1023 +    struct ssid_entry *e;
 60.1024 +    int i;
 60.1025 +
 60.1026 +    if (!have_chwall)
 60.1027 +        return NULL;
 60.1028 +
 60.1029 +    len = sizeof(struct acm_chwall_policy_buffer) +
 60.1030 +        sizeof(type_t) * max_chwall_types * max_chwall_ssids +
 60.1031 +        sizeof(type_t) * max_chwall_types * max_conflictsets;
 60.1032 +
 60.1033 +    buf = malloc(len);
 60.1034 +    ptr = buf;
 60.1035 +
 60.1036 +    if (!buf)
 60.1037 +    {
 60.1038 +        printf("ERROR: out of memory allocating chwall buffer.\n");
 60.1039 +        exit(EXIT_FAILURE);
 60.1040 +    }
 60.1041 +    /* chwall has 3 parts : header, types, conflictsets */
 60.1042 +
 60.1043 +    chwall_header = (struct acm_chwall_policy_buffer *) buf;
 60.1044 +    chwall_header->chwall_max_types = htonl(max_chwall_types);
 60.1045 +    chwall_header->chwall_max_ssidrefs = htonl(max_chwall_ssids);
 60.1046 +    chwall_header->policy_code = htonl(ACM_CHINESE_WALL_POLICY);
 60.1047 +    chwall_header->policy_version = htonl(ACM_CHWALL_VERSION);
 60.1048 +    chwall_header->chwall_ssid_offset =
 60.1049 +        htonl(sizeof(struct acm_chwall_policy_buffer));
 60.1050 +    chwall_header->chwall_max_conflictsets = htonl(max_conflictsets);
 60.1051 +    chwall_header->chwall_conflict_sets_offset =
 60.1052 +        htonl(ntohl(chwall_header->chwall_ssid_offset) +
 60.1053 +              sizeof(domaintype_t) * max_chwall_ssids * max_chwall_types);
 60.1054 +    chwall_header->chwall_running_types_offset = 0;     /* not set, only retrieved */
 60.1055 +    chwall_header->chwall_conflict_aggregate_offset = 0;        /* not set, only retrieved */
 60.1056 +    ptr += sizeof(struct acm_chwall_policy_buffer);
 60.1057 +
 60.1058 +    /* types */
 60.1059 +    for (e = chwall_ssid_head.tqh_first; e != NULL;
 60.1060 +         e = e->entries.tqe_next)
 60.1061 +    {
 60.1062 +        if (e->is_ref)
 60.1063 +            continue;
 60.1064 +
 60.1065 +        for (i = 0; i < max_chwall_types; i++)
 60.1066 +            ((type_t *) ptr)[i] = htons((type_t) e->row[i]);
 60.1067 +
 60.1068 +        ptr += sizeof(type_t) * max_chwall_types;
 60.1069 +    }
 60.1070 +
 60.1071 +    /* conflictsets */
 60.1072 +    for (e = conflictsets_head.tqh_first; e != NULL;
 60.1073 +         e = e->entries.tqe_next)
 60.1074 +    {
 60.1075 +        for (i = 0; i < max_chwall_types; i++)
 60.1076 +            ((type_t *) ptr)[i] = htons((type_t) e->row[i]);
 60.1077 +
 60.1078 +        ptr += sizeof(type_t) * max_chwall_types;
 60.1079 +    }
 60.1080 +
 60.1081 +    if ((ptr - buf) != len)
 60.1082 +    {
 60.1083 +        printf("ERROR: wrong lengths in %s.\n", __func__);
 60.1084 +        exit(EXIT_FAILURE);
 60.1085 +    }
 60.1086 +
 60.1087 +    (*len_chwall) = len;
 60.1088 +    return buf;
 60.1089 +}
 60.1090 +
 60.1091 +unsigned char *write_ste_binary(u_int32_t * len_ste)
 60.1092 +{
 60.1093 +    unsigned char *buf, *ptr;
 60.1094 +    struct acm_ste_policy_buffer *ste_header;
 60.1095 +    struct ssid_entry *e;
 60.1096 +    u_int32_t len;
 60.1097 +    int i;
 60.1098 +
 60.1099 +    if (!have_ste)
 60.1100 +        return NULL;
 60.1101 +
 60.1102 +    len = sizeof(struct acm_ste_policy_buffer) +
 60.1103 +        sizeof(type_t) * max_ste_types * max_ste_ssids;
 60.1104 +
 60.1105 +    buf = malloc(len);
 60.1106 +    ptr = buf;
 60.1107 +
 60.1108 +    if (!buf)
 60.1109 +    {
 60.1110 +        printf("ERROR: out of memory allocating chwall buffer.\n");
 60.1111 +        exit(EXIT_FAILURE);
 60.1112 +    }
 60.1113 +
 60.1114 +    /* fill buffer */
 60.1115 +    ste_header = (struct acm_ste_policy_buffer *) buf;
 60.1116 +    ste_header->policy_version = htonl(ACM_STE_VERSION);
 60.1117 +    ste_header->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
 60.1118 +    ste_header->ste_max_types = htonl(max_ste_types);
 60.1119 +    ste_header->ste_max_ssidrefs = htonl(max_ste_ssids);
 60.1120 +    ste_header->ste_ssid_offset =
 60.1121 +        htonl(sizeof(struct acm_ste_policy_buffer));
 60.1122 +
 60.1123 +    ptr += sizeof(struct acm_ste_policy_buffer);
 60.1124 +
 60.1125 +    /* types */
 60.1126 +    for (e = ste_ssid_head.tqh_first; e != NULL; e = e->entries.tqe_next)
 60.1127 +    {
 60.1128 +        if (e->is_ref)
 60.1129 +            continue;
 60.1130 +
 60.1131 +        for (i = 0; i < max_ste_types; i++)
 60.1132 +            ((type_t *) ptr)[i] = htons((type_t) e->row[i]);
 60.1133 +
 60.1134 +        ptr += sizeof(type_t) * max_ste_types;
 60.1135 +    }
 60.1136 +
 60.1137 +    if ((ptr - buf) != len)
 60.1138 +    {
 60.1139 +        printf("ERROR: wrong lengths in %s.\n", __func__);
 60.1140 +        exit(EXIT_FAILURE);
 60.1141 +    }
 60.1142 +    (*len_ste) = len;
 60.1143 +    return buf;                 /* for now */
 60.1144 +}
 60.1145 +
 60.1146 +int write_binary(char *filename)
 60.1147 +{
 60.1148 +    struct acm_policy_buffer header;
 60.1149 +    unsigned char *ste_buffer = NULL, *chwall_buffer = NULL;
 60.1150 +    u_int32_t len;
 60.1151 +    int fd;
 60.1152 +
 60.1153 +    u_int32_t len_ste = 0, len_chwall = 0;      /* length of policy components */
 60.1154 +
 60.1155 +    /* open binary file */
 60.1156 +    if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR)) <= 0)
 60.1157 +        return -EIO;
 60.1158 +
 60.1159 +    ste_buffer = write_ste_binary(&len_ste);
 60.1160 +    chwall_buffer = write_chwall_binary(&len_chwall);
 60.1161 +
 60.1162 +    /* determine primary component (default chwall) */
 60.1163 +    header.policy_version = htonl(ACM_POLICY_VERSION);
 60.1164 +    header.magic = htonl(ACM_MAGIC);
 60.1165 +
 60.1166 +    len = sizeof(struct acm_policy_buffer);
 60.1167 +    if (have_chwall)
 60.1168 +        len += len_chwall;
 60.1169 +    if (have_ste)
 60.1170 +        len += len_ste;
 60.1171 +    header.len = htonl(len);
 60.1172 +
 60.1173 +    header.primary_buffer_offset = htonl(sizeof(struct acm_policy_buffer));
 60.1174 +    if (primary == CHWALL)
 60.1175 +    {
 60.1176 +        header.primary_policy_code = htonl(ACM_CHINESE_WALL_POLICY);
 60.1177 +        header.secondary_buffer_offset =
 60.1178 +            htonl((sizeof(struct acm_policy_buffer)) + len_chwall);
 60.1179 +    }
 60.1180 +    else if (primary == STE)
 60.1181 +    {
 60.1182 +        header.primary_policy_code =
 60.1183 +            htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
 60.1184 +        header.secondary_buffer_offset =
 60.1185 +            htonl((sizeof(struct acm_policy_buffer)) + len_ste);
 60.1186 +    }
 60.1187 +    else
 60.1188 +    {
 60.1189 +        /* null policy */
 60.1190 +        header.primary_policy_code = htonl(ACM_NULL_POLICY);
 60.1191 +        header.secondary_buffer_offset =
 60.1192 +            htonl(header.primary_buffer_offset);
 60.1193 +    }
 60.1194 +
 60.1195 +    if (secondary == CHWALL)
 60.1196 +        header.secondary_policy_code = htonl(ACM_CHINESE_WALL_POLICY);
 60.1197 +    else if (secondary == STE)
 60.1198 +        header.secondary_policy_code =
 60.1199 +            htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
 60.1200 +    else
 60.1201 +        header.secondary_policy_code = htonl(ACM_NULL_POLICY);
 60.1202 +
 60.1203 +    if (write(fd, (void *) &header, sizeof(struct acm_policy_buffer))
 60.1204 +        != sizeof(struct acm_policy_buffer))
 60.1205 +        return -EIO;
 60.1206 +
 60.1207 +    /* write primary policy component */
 60.1208 +    if (primary == CHWALL)
 60.1209 +    {
 60.1210 +        if (write(fd, chwall_buffer, len_chwall) != len_chwall)
 60.1211 +            return -EIO;
 60.1212 +    }
 60.1213 +    else if (primary == STE)
 60.1214 +    {
 60.1215 +        if (write(fd, ste_buffer, len_ste) != len_ste)
 60.1216 +            return -EIO;
 60.1217 +    } else
 60.1218 +        ;                     /* NULL POLICY has no policy data */
 60.1219 +
 60.1220 +    /* write secondary policy component */
 60.1221 +    if (secondary == CHWALL)
 60.1222 +    {
 60.1223 +        if (write(fd, chwall_buffer, len_chwall) != len_chwall)
 60.1224 +            return -EIO;
 60.1225 +    }
 60.1226 +    else if (secondary == STE)
 60.1227 +    {
 60.1228 +        if (write(fd, ste_buffer, len_ste) != len_ste)
 60.1229 +            return -EIO;
 60.1230 +    } else;                     /* NULL POLICY has no policy data */
 60.1231 +
 60.1232 +    close(fd);
 60.1233 +    return 0;
 60.1234 +}
 60.1235 +
 60.1236 +int is_valid(xmlDocPtr doc)
 60.1237 +{
 60.1238 +    int err = 0;
 60.1239 +    xmlSchemaPtr schema_ctxt = NULL;
 60.1240 +    xmlSchemaParserCtxtPtr schemaparser_ctxt = NULL;
 60.1241 +    xmlSchemaValidCtxtPtr schemavalid_ctxt = NULL;
 60.1242 +
 60.1243 +    schemaparser_ctxt = xmlSchemaNewParserCtxt(SCHEMA_FILENAME);
 60.1244 +    schema_ctxt = xmlSchemaParse(schemaparser_ctxt);
 60.1245 +    schemavalid_ctxt = xmlSchemaNewValidCtxt(schema_ctxt);
 60.1246 +
 60.1247 +#ifdef VALIDATE_SCHEMA
 60.1248 +    /* only tested to be available from libxml2-2.6.20 upwards */
 60.1249 +    if ((err = xmlSchemaIsValid(schemavalid_ctxt)) != 1)
 60.1250 +    {
 60.1251 +        printf("ERROR: Invalid schema file %s (err=%d)\n",
 60.1252 +               SCHEMA_FILENAME, err);
 60.1253 +        err = -EIO;
 60.1254 +        goto out;
 60.1255 +    }
 60.1256 +    else
 60.1257 +        printf("XML Schema %s valid.\n", SCHEMA_FILENAME);
 60.1258 +#endif
 60.1259 +    if ((err = xmlSchemaValidateDoc(schemavalid_ctxt, doc)))
 60.1260 +    {
 60.1261 +        err = -EIO;
 60.1262 +        goto out;
 60.1263 +    }
 60.1264 +  out:
 60.1265 +    xmlSchemaFreeValidCtxt(schemavalid_ctxt);
 60.1266 +    xmlSchemaFreeParserCtxt(schemaparser_ctxt);
 60.1267 +    xmlSchemaFree(schema_ctxt);
 60.1268 +    return (err != 0) ? 0 : 1;
 60.1269 +}
 60.1270 +
 60.1271 +int main(int argc, char **argv)
 60.1272 +{
 60.1273 +    xmlDocPtr labeldoc = NULL;
 60.1274 +    xmlDocPtr policydoc = NULL;
 60.1275 +
 60.1276 +    int err = EXIT_SUCCESS;
 60.1277 +
 60.1278 +    char *file_prefix;
 60.1279 +    int prefix_len;
 60.1280 +
 60.1281 +    if (ACM_POLICY_VERSION != WRITTEN_AGAINST_ACM_POLICY_VERSION)
 60.1282 +    {
 60.1283 +        printf("ERROR: This program was written against an older ACM version.\n");
 60.1284 +        exit(EXIT_FAILURE);
 60.1285 +    }
 60.1286 +
 60.1287 +    if (argc != 2)
 60.1288 +        usage(basename(argv[0]));
 60.1289 +
 60.1290 +    prefix_len = strlen(POLICY_SUBDIR) +
 60.1291 +        strlen(argv[1]) + 1 /* "/" */  +
 60.1292 +        strlen(argv[1]) + 1 /* "/" */ ;
 60.1293 +
 60.1294 +    file_prefix = malloc(prefix_len);
 60.1295 +    policy_filename = malloc(prefix_len + strlen(POLICY_EXTENSION));
 60.1296 +    label_filename = malloc(prefix_len + strlen(LABEL_EXTENSION));
 60.1297 +    binary_filename = malloc(prefix_len + strlen(BINARY_EXTENSION));
 60.1298 +    mapping_filename = malloc(prefix_len + strlen(MAPPING_EXTENSION));
 60.1299 +
 60.1300 +    if (!file_prefix || !policy_filename || !label_filename ||
 60.1301 +        !binary_filename || !mapping_filename)
 60.1302 +    {
 60.1303 +        printf("ERROR allocating file name memory.\n");
 60.1304 +        goto out2;
 60.1305 +    }
 60.1306 +
 60.1307 +    /* create input/output filenames out of prefix */
 60.1308 +    strcat(file_prefix, POLICY_SUBDIR);
 60.1309 +    strcat(file_prefix, argv[1]);
 60.1310 +    strcat(file_prefix, "/");
 60.1311 +    strcat(file_prefix, argv[1]);
 60.1312 +
 60.1313 +    strcpy(policy_filename, file_prefix);
 60.1314 +    strcpy(label_filename, file_prefix);
 60.1315 +    strcpy(binary_filename, file_prefix);
 60.1316 +    strcpy(mapping_filename, file_prefix);
 60.1317 +
 60.1318 +    strcat(policy_filename, POLICY_EXTENSION);
 60.1319 +    strcat(label_filename, LABEL_EXTENSION);
 60.1320 +    strcat(binary_filename, BINARY_EXTENSION);
 60.1321 +    strcat(mapping_filename, MAPPING_EXTENSION);
 60.1322 +
 60.1323 +    labeldoc = xmlParseFile(label_filename);
 60.1324 +
 60.1325 +    if (labeldoc == NULL)
 60.1326 +    {
 60.1327 +        printf("Error: could not parse file %s.\n", argv[1]);
 60.1328 +        goto out2;
 60.1329 +    }
 60.1330 +
 60.1331 +    printf("Validating label file %s...\n", label_filename);
 60.1332 +    if (!is_valid(labeldoc))
 60.1333 +    {
 60.1334 +        printf("ERROR: Failed schema-validation for file %s (err=%d)\n",
 60.1335 +               label_filename, err);
 60.1336 +        goto out1;
 60.1337 +    }
 60.1338 +
 60.1339 +    policydoc = xmlParseFile(policy_filename);
 60.1340 +
 60.1341 +    if (policydoc == NULL)
 60.1342 +    {
 60.1343 +        printf("Error: could not parse file %s.\n", argv[1]);
 60.1344 +        goto out1;
 60.1345 +    }
 60.1346 +
 60.1347 +    printf("Validating policy file %s...\n", policy_filename);
 60.1348 +
 60.1349 +    if (!is_valid(policydoc))
 60.1350 +    {
 60.1351 +        printf("ERROR: Failed schema-validation for file %s (err=%d)\n",
 60.1352 +               policy_filename, err);
 60.1353 +        goto out;
 60.1354 +    }
 60.1355 +
 60.1356 +    /* Init queues and parse policy */
 60.1357 +    create_type_mapping(policydoc);
 60.1358 +
 60.1359 +    /* create ssids */
 60.1360 +    create_ssid_mapping(labeldoc);
 60.1361 +
 60.1362 +    /* write label mapping file */
 60.1363 +    if (write_mapping(mapping_filename))
 60.1364 +    {
 60.1365 +        printf("ERROR: writing mapping file %s.\n", mapping_filename);
 60.1366 +        goto out;
 60.1367 +    }
 60.1368 +
 60.1369 +    /* write binary file */
 60.1370 +    if (write_binary(binary_filename))
 60.1371 +    {
 60.1372 +        printf("ERROR: writing binary file %s.\n", binary_filename);
 60.1373 +        goto out;
 60.1374 +    }
 60.1375 +
 60.1376 +    /* write stats */
 60.1377 +    if (have_chwall)
 60.1378 +    {
 60.1379 +        printf("Max chwall labels:  %u\n", max_chwall_labels);
 60.1380 +        printf("Max chwall-types:   %u\n", max_chwall_types);
 60.1381 +        printf("Max chwall-ssids:   %u\n", max_chwall_ssids);
 60.1382 +    }
 60.1383 +
 60.1384 +    if (have_ste)
 60.1385 +    {
 60.1386 +        printf("Max ste labels:     %u\n", max_ste_labels);
 60.1387 +        printf("Max ste-types:      %u\n", max_ste_types);
 60.1388 +        printf("Max ste-ssids:      %u\n", max_ste_ssids);
 60.1389 +    }
 60.1390 +    /* cleanup */
 60.1391 +  out:
 60.1392 +    xmlFreeDoc(policydoc);
 60.1393 +  out1:
 60.1394 +    xmlFreeDoc(labeldoc);
 60.1395 +  out2:
 60.1396 +    xmlCleanupParser();
 60.1397 +    return err;
 60.1398 +}
 60.1399 +
    61.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    61.2 +++ b/tools/security/secpol_xml2bin.h	Fri Aug 19 10:50:15 2005 +0000
    61.3 @@ -0,0 +1,139 @@
    61.4 +/****************************************************************
    61.5 + * secpol_xml2bin.h
    61.6 + *
    61.7 + * Copyright (C) 2005 IBM Corporation
    61.8 + *
    61.9 + * Authors:
   61.10 + * Reiner Sailer <sailer@watson.ibm.com>
   61.11 + *
   61.12 + * This program is free software; you can redistribute it and/or
   61.13 + * modify it under the terms of the GNU General Public License as
   61.14 + * published by the Free Software Foundation, version 2 of the
   61.15 + * License.
   61.16 + *
   61.17 + */
   61.18 +#define POLICY_SUBDIR       "policies/"
   61.19 +#define POLICY_EXTENSION    "-security_policy.xml"
   61.20 +#define LABEL_EXTENSION     "-security_label_template.xml"
   61.21 +#define BINARY_EXTENSION    ".bin"
   61.22 +#define MAPPING_EXTENSION   ".map"
   61.23 +#define PRIMARY_COMPONENT_ATTR_NAME "order"
   61.24 +#define BOOTSTRAP_LABEL_ATTR_NAME   "bootstrap"
   61.25 +#define PRIMARY_COMPONENT   "PrimaryPolicyComponent"
   61.26 +#define SCHEMA_FILENAME     "policies/security_policy.xsd"
   61.27 +
   61.28 +/* basic states (used as 1 << X) */
   61.29 +#define XML2BIN_SECPOL		    0   /* policy tokens */
   61.30 +#define XML2BIN_STE		        1
   61.31 +#define XML2BIN_CHWALL          2
   61.32 +#define XML2BIN_CONFLICTSETS   	3
   61.33 +#define XML2BIN_CSTYPE	    	4
   61.34 +
   61.35 +#define XML2BIN_SECTEMPLATE	    5   /* label tokens */
   61.36 +#define XML2BIN_POLICYHEADER   	6
   61.37 +#define XML2BIN_LABELHEADER     7
   61.38 +#define XML2BIN_SUBJECTS        8
   61.39 +#define XML2BIN_OBJECTS  	    9
   61.40 +#define XML2BIN_VM      	    10
   61.41 +#define XML2BIN_RES          	11
   61.42 +
   61.43 +#define XML2BIN_STETYPES	    12  /* shared tokens */
   61.44 +#define XML2BIN_CHWALLTYPES	    13
   61.45 +#define XML2BIN_TYPE		    14
   61.46 +#define XML2BIN_NAME            15
   61.47 +#define XML2BIN_TEXT		    16
   61.48 +#define XML2BIN_COMMENT	    	17
   61.49 +
   61.50 +/* type "data type" (currently 16bit) */
   61.51 +typedef u_int16_t type_t;
   61.52 +
   61.53 +/* list of known elements and token equivalent  *
   61.54 + * state constants and token positions must be  *
   61.55 + * in sync for correct state recognition        */
   61.56 +
   61.57 +char *token[20] =                       /* parser triggers */
   61.58 +{
   61.59 +    [0] = "SecurityPolicyDefinition",   /* policy xml */
   61.60 +    [1] = "SimpleTypeEnforcement",
   61.61 +    [2] = "ChineseWall",
   61.62 +    [3] = "ConflictSets",
   61.63 +    [4] = "Conflict",                   /* label-template xml */
   61.64 +    [5] = "SecurityLabelTemplate",
   61.65 +    [6] = "PolicyHeader",
   61.66 +    [7] = "LabelHeader",
   61.67 +    [8] = "SubjectLabels",
   61.68 +    [9] = "ObjectLabels",
   61.69 +    [10] = "VirtualMachineLabel",
   61.70 +    [11] = "ResourceLabel",
   61.71 +    [12] = "SimpleTypeEnforcementTypes",                  /* common tags */
   61.72 +    [13] = "ChineseWallTypes",
   61.73 +    [14] = "Type",
   61.74 +    [15] = "Name",
   61.75 +    [16] = "text",
   61.76 +    [17] = "comment",
   61.77 +    [18] = NULL,
   61.78 +};
   61.79 +
   61.80 +/* important combined states */
   61.81 +#define XML2BIN_NULL 		0
   61.82 +
   61.83 +/* policy xml parsing states _S */
   61.84 +
   61.85 +/* e.g., here we are in a <secpol,ste,stetypes> environment,  *
   61.86 + * so when finding a type element, we know where to put it    */
   61.87 +#define XML2BIN_stetype_S ((1 << XML2BIN_SECPOL) | \
   61.88 +				 (1 << XML2BIN_STE) | 	 \
   61.89 +				 (1 << XML2BIN_STETYPES))
   61.90 +
   61.91 +#define XML2BIN_chwalltype_S ((1 << XML2BIN_SECPOL) | \
   61.92 +				 (1 << XML2BIN_CHWALL) | \
   61.93 +				 (1 << XML2BIN_CHWALLTYPES))
   61.94 +
   61.95 +#define XML2BIN_conflictset_S ((1 << XML2BIN_SECPOL) | \
   61.96 +				 (1 << XML2BIN_CHWALL) | \
   61.97 +				 (1 << XML2BIN_CONFLICTSETS))
   61.98 +
   61.99 +#define XML2BIN_conflictsettype_S ((1 << XML2BIN_SECPOL) | \
  61.100 +				 (1 << XML2BIN_CHWALL) | \
  61.101 +				 (1 << XML2BIN_CONFLICTSETS) | \
  61.102 +				 (1 << XML2BIN_CSTYPE))
  61.103 +
  61.104 +
  61.105 +/* label xml states */
  61.106 +#define XML2BIN_VM_S ((1 << XML2BIN_SECTEMPLATE) | \
  61.107 +                      (1 << XML2BIN_SUBJECTS) |    \
  61.108 +                      (1 << XML2BIN_VM))
  61.109 +
  61.110 +#define XML2BIN_RES_S ((1 << XML2BIN_SECTEMPLATE) | \
  61.111 +                       (1 << XML2BIN_OBJECTS) |     \
  61.112 +                       (1 << XML2BIN_RES))
  61.113 +
  61.114 +#define XML2BIN_VM_STE_S ((1 << XML2BIN_SECTEMPLATE) | \
  61.115 +                        (1 << XML2BIN_SUBJECTS) | \
  61.116 +                        (1 << XML2BIN_VM) | \
  61.117 +                        (1 << XML2BIN_STETYPES))
  61.118 +
  61.119 +#define XML2BIN_VM_CHWALL_S ((1 << XML2BIN_SECTEMPLATE) | \
  61.120 +                           (1 << XML2BIN_SUBJECTS) | \
  61.121 +                           (1 << XML2BIN_VM) | \
  61.122 +                           (1 << XML2BIN_CHWALLTYPES))
  61.123 +
  61.124 +#define XML2BIN_RES_STE_S ((1 << XML2BIN_SECTEMPLATE) | \
  61.125 +                         (1 << XML2BIN_OBJECTS) | \
  61.126 +                         (1 << XML2BIN_RES) | \
  61.127 +                         (1 << XML2BIN_STETYPES))
  61.128 +
  61.129 +
  61.130 +
  61.131 +/* check versions of headers against which the
  61.132 + * xml2bin translation tool was written
  61.133 + */
  61.134 +
  61.135 +/* protects from unnoticed changes in struct acm_policy_buffer */
  61.136 +#define WRITTEN_AGAINST_ACM_POLICY_VERSION  1
  61.137 +
  61.138 +/* protects from unnoticed changes in struct acm_chwall_policy_buffer */
  61.139 +#define WRITTEN_AGAINST_ACM_CHWALL_VERSION  1
  61.140 +
  61.141 +/* protects from unnoticed changes in struct acm_ste_policy_buffer */
  61.142 +#define WRITTEN_AGAINST_ACM_STE_VERSION     1
    62.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    62.2 +++ b/tools/security/setlabel.sh	Fri Aug 19 10:50:15 2005 +0000
    62.3 @@ -0,0 +1,345 @@
    62.4 +#!/bin/sh
    62.5 +# *
    62.6 +# * setlabel
    62.7 +# *
    62.8 +# * Copyright (C) 2005 IBM Corporation
    62.9 +# *
   62.10 +# * Authors:
   62.11 +# * Stefan Berger <stefanb@us.ibm.com>
   62.12 +# *
   62.13 +# * This program is free software; you can redistribute it and/or
   62.14 +# * modify it under the terms of the GNU General Public License as
   62.15 +# * published by the Free Software Foundation, version 2 of the
   62.16 +# * License.
   62.17 +# *
   62.18 +# * 'setlabel' labels virtual machine (domain) configuration files with
   62.19 +# * security identifiers that can be enforced in Xen.
   62.20 +# *
   62.21 +# * 'setlabel -?' shows the usage of the program
   62.22 +# *
   62.23 +# * 'setlabel -l vmconfig-file' lists all available labels (only VM
   62.24 +# *            labels are used right now)
   62.25 +# *
   62.26 +# * 'setlabel vmconfig-file security-label map-file' inserts the 'ssidref'
   62.27 +# *                       that corresponds to the security-label under the
   62.28 +# *                       current policy (if policy changes, 'label'
   62.29 +# *                       must be re-run over the configuration files;
   62.30 +# *                       map-file is created during policy translation and
   62.31 +# *                       is found in the policy's directory
   62.32 +#
   62.33 +
   62.34 +if [ -z "$runbash" ]; then
   62.35 +	runbash="1"
   62.36 +	export runbash
   62.37 +	exec sh -c "bash $0 $*"
   62.38 +fi
   62.39 +
   62.40 +
   62.41 +usage ()
   62.42 +{
   62.43 +	echo "Usage: $0 [Option] <vmfile> <label> <policy name> "
   62.44 +	echo "    or $0 -l <policy name>"
   62.45 +	echo ""
   62.46 +	echo "Valid Options are:"
   62.47 +	echo "-r          : to relabel a file without being prompted"
   62.48 +	echo ""
   62.49 +	echo "vmfile      : XEN vm configuration file"
   62.50 +	echo "label       : the label to map"
   62.51 +	echo "policy name : the name of the policy, i.e. 'chwall'"
   62.52 +	echo ""
   62.53 +	echo "-l <policy name> is used to show valid labels in the map file"
   62.54 +	echo ""
   62.55 +}
   62.56 +
   62.57 +
   62.58 +findMapFile ()
   62.59 +{
   62.60 +	mapfile="./$1.map"
   62.61 +	if [ -r "$mapfile" ]; then
   62.62 +		return 1
   62.63 +	fi
   62.64 +
   62.65 +	mapfile="./policies/$1/$1.map"
   62.66 +	if [ -r "$mapfile" ]; then
   62.67 +		return 1
   62.68 +	fi
   62.69 +
   62.70 +	return 0
   62.71 +}
   62.72 +
   62.73 +showLabels ()
   62.74 +{
   62.75 +	mapfile=$1
   62.76 +	if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then
   62.77 +		echo "Cannot read from vm configuration file $vmfile."
   62.78 +		return -1
   62.79 +	fi
   62.80 +
   62.81 +	getPrimaryPolicy $mapfile
   62.82 +	getSecondaryPolicy $mapfile
   62.83 +
   62.84 +	echo "The following labels are available:"
   62.85 +	let line=1
   62.86 +	while [ 1 ]; do
   62.87 +		ITEM=`cat $mapfile |         \
   62.88 +		      awk -vline=$line       \
   62.89 +		          -vprimary=$primary \
   62.90 +		      '{                     \
   62.91 +		         if ($1 == "LABEL->SSID" &&  \
   62.92 +		             $2 == "VM" &&           \
   62.93 +		             $3 == primary ) {       \
   62.94 +		           ctr++;                    \
   62.95 +		           if (ctr == line) {        \
   62.96 +		             print $4;               \
   62.97 +		           }                         \
   62.98 +		         }                           \
   62.99 +		       } END {                       \
  62.100 +		       }'`
  62.101 +
  62.102 +		if [ "$ITEM" == "" ]; then
  62.103 +			break
  62.104 +		fi
  62.105 +		if [ "$secondary" != "NULL" ]; then
  62.106 +			LABEL=`cat $mapfile |     \
  62.107 +			       awk -vitem=$ITEM   \
  62.108 +			       '{
  62.109 +			          if ($1 == "LABEL->SSID" && \
  62.110 +			              $2 == "VM" &&          \
  62.111 +			              $3 == "CHWALL" &&      \
  62.112 +			              $4 == item ) {         \
  62.113 +			            result = item;           \
  62.114 +			          }                          \
  62.115 +			        } END {                      \
  62.116 +			            print result             \
  62.117 +			        }'`
  62.118 +		else
  62.119 +			LABEL=$ITEM
  62.120 +		fi
  62.121 +
  62.122 +		if [ "$LABEL" != "" ]; then
  62.123 +			echo "$LABEL"
  62.124 +			found=1
  62.125 +		fi
  62.126 +		let line=line+1
  62.127 +	done
  62.128 +	if [ "$found" != "1" ]; then
  62.129 +		echo "No labels found."
  62.130 +	fi
  62.131 +}
  62.132 +
  62.133 +getPrimaryPolicy ()
  62.134 +{
  62.135 +	mapfile=$1
  62.136 +	primary=`cat $mapfile  |   \
  62.137 +	         awk '             \
  62.138 +	          {                \
  62.139 +	            if ( $1 == "PRIMARY" ) { \
  62.140 +	              res=$2;                \
  62.141 +	            }                        \
  62.142 +	          } END {                    \
  62.143 +	            print res;               \
  62.144 +	          } '`
  62.145 +}
  62.146 +
  62.147 +getSecondaryPolicy ()
  62.148 +{
  62.149 +	mapfile=$1
  62.150 +	secondary=`cat $mapfile  |   \
  62.151 +	         awk '             \
  62.152 +	          {                \
  62.153 +	            if ( $1 == "SECONDARY" ) { \
  62.154 +	              res=$2;                \
  62.155 +	            }                        \
  62.156 +	          } END {                    \
  62.157 +	            print res;               \
  62.158 +	          } '`
  62.159 +}
  62.160 +
  62.161 +
  62.162 +getDefaultSsid ()
  62.163 +{
  62.164 +	mapfile=$1
  62.165 +	pol=$2
  62.166 +	RES=`cat $mapfile    \
  62.167 +	     awk -vpol=$pol  \
  62.168 +	      {              \
  62.169 +	        if ($1 == "LABEL->SSID" && \
  62.170 +	            $2 == "ANY"         && \
  62.171 +	            $3 == pol           && \
  62.172 +	            $4 == "DEFAULT"       ) {\
  62.173 +	              res=$5;                \
  62.174 +	        }                            \
  62.175 +	      } END {                        \
  62.176 +	        printf "%04x", strtonum(res) \
  62.177 +	     }'`
  62.178 +	echo "default NULL mapping is $RES"
  62.179 +	defaultssid=$RES
  62.180 +}
  62.181 +
  62.182 +relabel ()
  62.183 +{
  62.184 +	vmfile=$1
  62.185 +	label=$2
  62.186 +	mapfile=$3
  62.187 +	mode=$4
  62.188 +
  62.189 +	if [ ! -r "$vmfile" ]; then
  62.190 +		echo "Cannot read from vm configuration file $vmfile."
  62.191 +		return -1
  62.192 +	fi
  62.193 +
  62.194 +	if [ ! -w "$vmfile" ]; then
  62.195 +		echo "Cannot write to vm configuration file $vmfile."
  62.196 +		return -1
  62.197 +	fi
  62.198 +
  62.199 +	if [ ! -r "$mapfile" ] ; then
  62.200 +		echo "Cannot read mapping file $mapfile."
  62.201 +		return -1
  62.202 +	fi
  62.203 +
  62.204 +	# Determine which policy is primary, which sec.
  62.205 +	getPrimaryPolicy $mapfile
  62.206 +	getSecondaryPolicy $mapfile
  62.207 +
  62.208 +	# Calculate the primary policy's SSIDREF
  62.209 +	if [ "$primary" == "NULL" ]; then
  62.210 +		SSIDLO="0000"
  62.211 +	else
  62.212 +		SSIDLO=`cat $mapfile |                    \
  62.213 +		        awk -vlabel=$label                \
  62.214 +		            -vprimary=$primary            \
  62.215 +		           '{                             \
  62.216 +		              if ( $1 == "LABEL->SSID" && \
  62.217 +		                   $2 == "VM" &&          \
  62.218 +		                   $3 == primary  &&      \
  62.219 +		                   $4 == label ) {        \
  62.220 +		                result=$5                 \
  62.221 +		              }                           \
  62.222 +		           } END {                        \
  62.223 +		             if (result != "" )           \
  62.224 +		               {printf "%04x", strtonum(result)}\
  62.225 +		           }'`
  62.226 +	fi
  62.227 +
  62.228 +	# Calculate the secondary policy's SSIDREF
  62.229 +	if [ "$secondary" == "NULL" ]; then
  62.230 +		SSIDHI="0000"
  62.231 +	else
  62.232 +		SSIDHI=`cat $mapfile |                    \
  62.233 +		        awk -vlabel=$label                \
  62.234 +		            -vsecondary=$secondary        \
  62.235 +		           '{                             \
  62.236 +		              if ( $1 == "LABEL->SSID" && \
  62.237 +		                   $2 == "VM"          && \
  62.238 +		                   $3 == secondary     && \
  62.239 +		                   $4 == label ) {        \
  62.240 +		                result=$5                 \
  62.241 +		              }                           \
  62.242 +		            }  END {                      \
  62.243 +		              if (result != "" )          \
  62.244 +		                {printf "%04x", strtonum(result)}\
  62.245 +		            }'`
  62.246 +	fi
  62.247 +
  62.248 +	if [ "$SSIDLO" == "" -o \
  62.249 +	     "$SSIDHI" == "" ]; then
  62.250 +		echo "Could not map the given label '$label'."
  62.251 +		return -1
  62.252 +	fi
  62.253 +
  62.254 +	ACM_POLICY=`cat $mapfile |             \
  62.255 +	    awk ' { if ( $1 == "POLICY" ) {    \
  62.256 +	              result=$2                \
  62.257 +	            }                          \
  62.258 +	          }                            \
  62.259 +	          END {                        \
  62.260 +	            if (result != "") {        \
  62.261 +	              printf result            \
  62.262 +	            }                          \
  62.263 +	          }'`
  62.264 +
  62.265 +	if [ "$ACM_POLICY" == "" ]; then
  62.266 +		echo "Could not find 'POLICY' entry in map file."
  62.267 +		return -1
  62.268 +	fi
  62.269 +
  62.270 +	SSIDREF="0x$SSIDHI$SSIDLO"
  62.271 +
  62.272 +	if [ "$mode" != "relabel" ]; then
  62.273 +		RES=`cat $vmfile |  \
  62.274 +		     awk '{         \
  62.275 +		       if ( substr($1,0,7) == "ssidref" ) {\
  62.276 +		         print $0;             \
  62.277 +		       }                       \
  62.278 +		     }'`
  62.279 +		if [ "$RES" != "" ]; then
  62.280 +			echo "Do you want to overwrite the existing mapping ($RES)? (y/N)"
  62.281 +			read user
  62.282 +			if [ "$user" != "y" -a "$user" != "Y" ]; then
  62.283 +				echo "Aborted."
  62.284 +				return 0
  62.285 +			fi
  62.286 +		fi
  62.287 +	fi
  62.288 +
  62.289 +	#Write the output
  62.290 +	vmtmp1="/tmp/__setlabel.tmp1"
  62.291 +	vmtmp2="/tmp/__setlabel.tmp2"
  62.292 +	touch $vmtmp1
  62.293 +	touch $vmtmp2
  62.294 +	if [ ! -w "$vmtmp1" -o ! -w "$vmtmp2" ]; then
  62.295 +		echo "Cannot create temporary files. Aborting."
  62.296 +		return -1
  62.297 +	fi
  62.298 +	RES=`sed -e '/^#ACM_POLICY/d' $vmfile > $vmtmp1`
  62.299 +	RES=`sed -e '/^#ACM_LABEL/d' $vmtmp1 > $vmtmp2`
  62.300 +	RES=`sed -e '/^ssidref/d' $vmtmp2 > $vmtmp1`
  62.301 +	echo "#ACM_POLICY=$ACM_POLICY" >> $vmtmp1
  62.302 +	echo "#ACM_LABEL=$label" >> $vmtmp1
  62.303 +	echo "ssidref = $SSIDREF" >> $vmtmp1
  62.304 +	mv -f $vmtmp1 $vmfile
  62.305 +	rm -rf $vmtmp1 $vmtmp2
  62.306 +	echo "Mapped label '$label' to ssidref '$SSIDREF'."
  62.307 +}
  62.308 +
  62.309 +
  62.310 +
  62.311 +if [ "$1" == "-r" ]; then
  62.312 +	mode="relabel"
  62.313 +	shift
  62.314 +elif [ "$1" == "-l" ]; then
  62.315 +	mode="show"
  62.316 +	shift
  62.317 +elif [ "$1" == "-?" ]; then
  62.318 +	mode="usage"
  62.319 +fi
  62.320 +
  62.321 +if [ "$mode" == "show" ]; then
  62.322 +	if [ "$1" == "" ]; then
  62.323 +		usage
  62.324 +		exit -1;
  62.325 +	fi
  62.326 +	findMapFile $1
  62.327 +	res=$?
  62.328 +	if [ "$res" != "0" ]; then
  62.329 +		showLabels $mapfile
  62.330 +	else
  62.331 +		echo "Could not find map file for policy '$1'."
  62.332 +	fi
  62.333 +elif [ "$mode" == "usage" ]; then
  62.334 +	usage
  62.335 +else
  62.336 +	if [ "$3" == "" ]; then
  62.337 +		usage
  62.338 +		exit -1;
  62.339 +	fi
  62.340 +	findMapFile $3
  62.341 +	res=$?
  62.342 +	if [ "$res" != "0" ]; then
  62.343 +		relabel $1 $2 $mapfile $mode
  62.344 +	else
  62.345 +		echo "Could not find map file for policy '$3'."
  62.346 +	fi
  62.347 +
  62.348 +fi
    63.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    63.2 +++ b/tools/security/updategrub.sh	Fri Aug 19 10:50:15 2005 +0000
    63.3 @@ -0,0 +1,171 @@
    63.4 +#!/bin/sh
    63.5 +# *
    63.6 +# * updategrub
    63.7 +# *
    63.8 +# * Copyright (C) 2005 IBM Corporation
    63.9 +# *
   63.10 +# * Authors:
   63.11 +# * Stefan Berger <stefanb@us.ibm.com>
   63.12 +# *
   63.13 +# * This program is free software; you can redistribute it and/or
   63.14 +# * modify it under the terms of the GNU General Public License as
   63.15 +# * published by the Free Software Foundation, version 2 of the
   63.16 +# * License.
   63.17 +# *
   63.18 +# *
   63.19 +#
   63.20 +
   63.21 +if [ -z "$runbash" ]; then
   63.22 +	runbash="1"
   63.23 +	export runbash
   63.24 +	exec sh -c "bash $0 $*"
   63.25 +	exit
   63.26 +fi
   63.27 +
   63.28 +
   63.29 +# Show usage of this program
   63.30 +usage ()
   63.31 +{
   63.32 +	echo "Usage: $0 <policy name> <root of xen repository>"
   63.33 +	echo ""
   63.34 +	echo "<policy name>             : The name of the policy, i.e. xen_null"
   63.35 +	echo "<root of xen repository>  : The root of the XEN repositrory."
   63.36 +	echo ""
   63.37 +}
   63.38 +
   63.39 +# This function sets the global variable 'linux'
   63.40 +# to the name of the linux kernel that was compiled
   63.41 +# For now a pattern should do the trick
   63.42 +getLinuxVersion ()
   63.43 +{
   63.44 +	path=$1
   63.45 +	linux=""
   63.46 +	for f in $path/linux-*-xen0 ; do
   63.47 +		versionfile=$f/include/linux/version.h
   63.48 +		if [ -r $versionfile ]; then
   63.49 +			lnx=`cat $versionfile | \
   63.50 +			     grep UTS_RELEASE | \
   63.51 +			     awk '{             \
   63.52 +			       len=length($3);  \
   63.53 +			       print substr($3,2,len-2) }'`
   63.54 +		fi
   63.55 +		if [ "$lnx" != "" ]; then
   63.56 +			linux="[./0-9a-zA-z]*$lnx"
   63.57 +			return;
   63.58 +		fi
   63.59 +	done
   63.60 +
   63.61 +	#Last resort.
   63.62 +	linux="vmlinuz-2.[45678].[0-9]*[.0-9]*-xen0$"
   63.63 +}
   63.64 +
   63.65 +#Return where the grub.conf file is.
   63.66 +#I only know of one place it can be.
   63.67 +findGrubConf()
   63.68 +{
   63.69 +	grubconf="/boot/grub/grub.conf"
   63.70 +	if [ -w $grubconf ]; then
   63.71 +		return 1
   63.72 +	fi
   63.73 +	return 0
   63.74 +}
   63.75 +
   63.76 +
   63.77 +#Update the grub configuration file.
   63.78 +#Search for existing entries and replace the current
   63.79 +#policy entry with the policy passed to this script
   63.80 +#
   63.81 +#Arguments passed to this function
   63.82 +# 1st : the grub configuration file
   63.83 +# 2nd : the binary policy file name
   63.84 +# 3rd : the name or pattern of the linux kernel name to match
   63.85 +#
   63.86 +# The algorithm here is based on pattern matching
   63.87 +# and is working correctly if
   63.88 +# - under a title a line beginning with 'kernel' is found
   63.89 +#   whose following item ends with "xen.gz"
   63.90 +#   Example:  kernel /xen.gz dom0_mem=....
   63.91 +# - a module line matching the 3rd parameter is found
   63.92 +#
   63.93 +updateGrub ()
   63.94 +{
   63.95 +	grubconf=$1
   63.96 +	policyfile=$2
   63.97 +	linux=$3
   63.98 +
   63.99 +	tmpfile="/tmp/new_grub.conf"
  63.100 +
  63.101 +	cat $grubconf |                                \
  63.102 +	         awk -vpolicy=$policyfile              \
  63.103 +	             -vlinux=$linux '{                 \
  63.104 +	           if ( $1 == "title" ) {              \
  63.105 +	             kernelfound = 0;                  \
  63.106 +	             if ( policymaycome == 1 ){        \
  63.107 +	               printf ("\tmodule %s%s\n", path, policy);      \
  63.108 +	             }                                 \
  63.109 +	             policymaycome = 0;                \
  63.110 +	           }                                   \
  63.111 +	           else if ( $1 == "kernel" ) {        \
  63.112 +	             if ( match($2,"xen.gz$") ) {      \
  63.113 +	               path=substr($2,1,RSTART-1);     \
  63.114 +	               kernelfound = 1;                \
  63.115 +	             }                                 \
  63.116 +	           }                                   \
  63.117 +	           else if ( $1 == "module" &&         \
  63.118 +	                     kernelfound == 1 &&       \
  63.119 +	                     match($2,linux) ) {       \
  63.120 +	              policymaycome = 1;               \
  63.121 +	           }                                   \
  63.122 +	           else if ( $1 == "module" &&         \
  63.123 +	                     kernelfound == 1 &&       \
  63.124 +	                     policymaycome == 1 &&     \
  63.125 +	                     match($2,"[0-9a-zA-Z]*.bin$") ) { \
  63.126 +	              printf ("\tmodule %s%s\n", path, policy); \
  63.127 +	              policymaycome = 0;               \
  63.128 +	              kernelfound = 0;                 \
  63.129 +	              dontprint = 1;                   \
  63.130 +	           }                                   \
  63.131 +	           else if ( $1 == "" &&               \
  63.132 +	                     kernelfound == 1 &&       \
  63.133 +	                     policymaycome == 1) {     \
  63.134 +	              dontprint = 1;                   \
  63.135 +	           }                                   \
  63.136 +	           if (dontprint == 0) {               \
  63.137 +	             printf ("%s\n", $0);              \
  63.138 +	           }                                   \
  63.139 +	           dontprint = 0;                      \
  63.140 +	         } END {                               \
  63.141 +	           if ( policymaycome == 1 ) {         \
  63.142 +	             printf ("\tmodule %s%s\n", path, policy);  \
  63.143 +	           }                                   \
  63.144 +	         }' > $tmpfile
  63.145 +	if [ ! -r $tmpfile ]; then
  63.146 +		echo "Could not create temporary file! Aborting."
  63.147 +		exit -1
  63.148 +	fi
  63.149 +	mv -f $tmpfile $grubconf
  63.150 +}
  63.151 +
  63.152 +if [ "$1" == "" -o "$2" == "" ]; then
  63.153 +	usage
  63.154 +	exit -1
  63.155 +fi
  63.156 +
  63.157 +if [ "$1" == "-?" ]; then
  63.158 +	usage
  63.159 +	exit 0
  63.160 +fi
  63.161 +
  63.162 +policy=$1
  63.163 +policyfile=$policy.bin
  63.164 +
  63.165 +getLinuxVersion $2
  63.166 +
  63.167 +findGrubConf
  63.168 +ERR=$?
  63.169 +if [ $ERR -eq 0 ]; then
  63.170 +	echo "Could not find grub.conf. Aborting."
  63.171 +	exit -1
  63.172 +fi
  63.173 +
  63.174 +updateGrub $grubconf $policyfile $linux
    64.1 --- a/xen/Rules.mk	Fri Aug 19 10:18:53 2005 +0000
    64.2 +++ b/xen/Rules.mk	Fri Aug 19 10:50:15 2005 +0000
    64.3 @@ -11,14 +11,6 @@ optimize    ?= y
    64.4  domu_debug  ?= n
    64.5  crash_debug ?= n
    64.6  
    64.7 -# ACM_USE_SECURITY_POLICY is set to security policy of Xen
    64.8 -# Supported models are:
    64.9 -#	ACM_NULL_POLICY (ACM will not be built with this policy)
   64.10 -#	ACM_CHINESE_WALL_POLICY
   64.11 -#	ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
   64.12 -#	ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
   64.13 -ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
   64.14 -
   64.15  include $(BASEDIR)/../Config.mk
   64.16  
   64.17  # Set ARCH/SUBARCH appropriately.
    65.1 --- a/xen/arch/x86/domain_build.c	Fri Aug 19 10:18:53 2005 +0000
    65.2 +++ b/xen/arch/x86/domain_build.c	Fri Aug 19 10:50:15 2005 +0000
    65.3 @@ -22,16 +22,28 @@
    65.4  #include <asm/i387.h>
    65.5  #include <asm/shadow.h>
    65.6  
    65.7 -/* opt_dom0_mem: memory allocated to domain 0. */
    65.8 -static unsigned int opt_dom0_mem;
    65.9 +static long dom0_nrpages;
   65.10 +
   65.11 +/*
   65.12 + * dom0_mem:
   65.13 + *  If +ve:
   65.14 + *   * The specified amount of memory is allocated to domain 0.
   65.15 + *  If -ve:
   65.16 + *   * All of memory is allocated to domain 0, minus the specified amount.
   65.17 + *  If not specified: 
   65.18 + *   * All of memory is allocated to domain 0, minus 1/16th which is reserved
   65.19 + *     for uses such as DMA buffers (the reservation is clamped to 128MB).
   65.20 + */
   65.21  static void parse_dom0_mem(char *s)
   65.22  {
   65.23 -    unsigned long long bytes = parse_size_and_unit(s);
   65.24 -    /* If no unit is specified we default to kB units, not bytes. */
   65.25 -    if ( isdigit(s[strlen(s)-1]) )
   65.26 -        opt_dom0_mem = (unsigned int)bytes;
   65.27 -    else
   65.28 -        opt_dom0_mem = (unsigned int)(bytes >> 10);
   65.29 +    unsigned long long bytes;
   65.30 +    char *t = s;
   65.31 +    if ( *s == '-' )
   65.32 +        t++;
   65.33 +    bytes = parse_size_and_unit(t);
   65.34 +    dom0_nrpages = bytes >> PAGE_SHIFT;
   65.35 +    if ( *s == '-' )
   65.36 +        dom0_nrpages = -dom0_nrpages;
   65.37  }
   65.38  custom_param("dom0_mem", parse_dom0_mem);
   65.39  
   65.40 @@ -137,12 +149,30 @@ int construct_dom0(struct domain *d,
   65.41  
   65.42      printk("*** LOADING DOMAIN 0 ***\n");
   65.43  
   65.44 -    /* By default DOM0 is allocated all available memory. */
   65.45      d->max_pages = ~0U;
   65.46 -    if ( (nr_pages = opt_dom0_mem >> (PAGE_SHIFT - 10)) == 0 )
   65.47 +
   65.48 +    /*
   65.49 +     * If domain 0 allocation isn't specified, reserve 1/16th of available
   65.50 +     * memory for things like DMA buffers. This reservation is clamped to 
   65.51 +     * a maximum of 128MB.
   65.52 +     */
   65.53 +    if ( dom0_nrpages == 0 )
   65.54 +    {
   65.55 +        dom0_nrpages = avail_domheap_pages() +
   65.56 +            ((initrd_len + PAGE_SIZE - 1) >> PAGE_SHIFT) +
   65.57 +            ((image_len  + PAGE_SIZE - 1) >> PAGE_SHIFT);
   65.58 +        dom0_nrpages = min(dom0_nrpages / 16, 128L << (20 - PAGE_SHIFT));
   65.59 +        dom0_nrpages = -dom0_nrpages;
   65.60 +    }
   65.61 +
   65.62 +    /* Negative memory specification means "all memory - specified amount". */
   65.63 +    if ( dom0_nrpages < 0 )
   65.64          nr_pages = avail_domheap_pages() +
   65.65              ((initrd_len + PAGE_SIZE - 1) >> PAGE_SHIFT) +
   65.66 -            ((image_len  + PAGE_SIZE - 1) >> PAGE_SHIFT);
   65.67 +            ((image_len  + PAGE_SIZE - 1) >> PAGE_SHIFT) +
   65.68 +            dom0_nrpages;
   65.69 +    else
   65.70 +        nr_pages = dom0_nrpages;
   65.71  
   65.72      if ( (rc = parseelfimage(&dsi)) != 0 )
   65.73          return rc;
    66.1 --- a/xen/arch/x86/mm.c	Fri Aug 19 10:18:53 2005 +0000
    66.2 +++ b/xen/arch/x86/mm.c	Fri Aug 19 10:50:15 2005 +0000
    66.3 @@ -3061,7 +3061,7 @@ static int ptwr_emulated_update(
    66.4      }
    66.5  
    66.6      /* Turn a sub-word access into a full-word access. */
    66.7 -    if (bytes != sizeof(physaddr_t))
    66.8 +    if ( bytes != sizeof(physaddr_t) )
    66.9      {
   66.10          int           rc;
   66.11          physaddr_t    full;
   66.12 @@ -3078,6 +3078,10 @@ static int ptwr_emulated_update(
   66.13          val  &= (((physaddr_t)1 << (bytes*8)) - 1);
   66.14          val <<= (offset)*8;
   66.15          val  |= full;
   66.16 +        /* Also fill in missing parts of the cmpxchg old value. */
   66.17 +        old  &= (((physaddr_t)1 << (bytes*8)) - 1);
   66.18 +        old <<= (offset)*8;
   66.19 +        old  |= full;
   66.20      }
   66.21  
   66.22      /* Read the PTE that maps the page being updated. */
   66.23 @@ -3113,7 +3117,7 @@ static int ptwr_emulated_update(
   66.24      if ( do_cmpxchg )
   66.25      {
   66.26          ol1e = l1e_from_intpte(old);
   66.27 -        if ( cmpxchg((unsigned long *)pl1e, old, val) != old )
   66.28 +        if ( cmpxchg((intpte_t *)pl1e, old, val) != old )
   66.29          {
   66.30              unmap_domain_page(pl1e);
   66.31              put_page_from_l1e(nl1e, d);
   66.32 @@ -3301,8 +3305,8 @@ int ptwr_do_page_fault(struct domain *d,
   66.33      
   66.34      /* Finally, make the p.t. page writable by the guest OS. */
   66.35      l1e_add_flags(pte, _PAGE_RW);
   66.36 -    if ( unlikely(__copy_to_user(&linear_pg_table[l1_linear_offset(addr)],
   66.37 -                                 &pte, sizeof(pte))) )
   66.38 +    if ( unlikely(__put_user(pte.l1,
   66.39 +                             &linear_pg_table[l1_linear_offset(addr)].l1)) )
   66.40      {
   66.41          MEM_LOG("ptwr: Could not update pte at %p", (unsigned long *)
   66.42                  &linear_pg_table[l1_linear_offset(addr)]);
    67.1 --- a/xen/arch/x86/setup.c	Fri Aug 19 10:18:53 2005 +0000
    67.2 +++ b/xen/arch/x86/setup.c	Fri Aug 19 10:50:15 2005 +0000
    67.3 @@ -244,6 +244,8 @@ static void __init start_of_day(void)
    67.4  
    67.5  #define EARLY_FAIL() for ( ; ; ) __asm__ __volatile__ ( "hlt" )
    67.6  
    67.7 +static struct e820entry e820_raw[E820MAX];
    67.8 +
    67.9  void __init __start_xen(multiboot_info_t *mbi)
   67.10  {
   67.11      char *cmdline;
   67.12 @@ -253,7 +255,6 @@ void __init __start_xen(multiboot_info_t
   67.13      unsigned long _initrd_start = 0, _initrd_len = 0;
   67.14      unsigned int initrdidx = 1;
   67.15      physaddr_t s, e;
   67.16 -    struct e820entry e820_raw[E820MAX];
   67.17      int i, e820_raw_nr = 0, bytes = 0;
   67.18      struct ns16550_defaults ns16550 = {
   67.19          .data_bits = 8,
    68.1 --- a/xen/arch/x86/traps.c	Fri Aug 19 10:18:53 2005 +0000
    68.2 +++ b/xen/arch/x86/traps.c	Fri Aug 19 10:50:15 2005 +0000
    68.3 @@ -159,10 +159,8 @@ void show_trace(unsigned long *esp)
    68.4          addr = *stack++;
    68.5          if ( is_kernel_text(addr) )
    68.6          {
    68.7 -            if ( (i != 0) && ((i % 6) == 0) )
    68.8 -                printk("\n   ");
    68.9              printk("[<%p>]", _p(addr));
   68.10 -            print_symbol(" %s\n", addr);
   68.11 +            print_symbol(" %s\n   ", addr);
   68.12              i++;
   68.13          }
   68.14      }
    69.1 --- a/xen/arch/x86/x86_32/traps.c	Fri Aug 19 10:18:53 2005 +0000
    69.2 +++ b/xen/arch/x86/x86_32/traps.c	Fri Aug 19 10:50:15 2005 +0000
    69.3 @@ -66,8 +66,9 @@ void show_registers(struct cpu_user_regs
    69.4  
    69.5      printk("CPU:    %d\nEIP:    %04lx:[<%08lx>]",
    69.6             smp_processor_id(), (unsigned long)0xffff & regs->cs, eip);
    69.7 -    print_symbol(" %s\n", eip);
    69.8 -    printk("EFLAGS: %08lx   CONTEXT: %s\n", eflags, context);
    69.9 +    if ( !GUEST_MODE(regs) )
   69.10 +        print_symbol(" %s", eip);
   69.11 +    printk("\nEFLAGS: %08lx   CONTEXT: %s\n", eflags, context);
   69.12      printk("eax: %08x   ebx: %08x   ecx: %08x   edx: %08x\n",
   69.13             regs->eax, regs->ebx, regs->ecx, regs->edx);
   69.14      printk("esi: %08x   edi: %08x   ebp: %08x   esp: %08lx\n",
    70.1 --- a/xen/arch/x86/x86_64/traps.c	Fri Aug 19 10:18:53 2005 +0000
    70.2 +++ b/xen/arch/x86/x86_64/traps.c	Fri Aug 19 10:50:15 2005 +0000
    70.3 @@ -17,8 +17,9 @@ void show_registers(struct cpu_user_regs
    70.4  {
    70.5      printk("CPU:    %d\nEIP:    %04x:[<%016lx>]",
    70.6             smp_processor_id(), 0xffff & regs->cs, regs->rip);
    70.7 -    print_symbol(" %s\n", regs->rip);
    70.8 -    printk("EFLAGS: %016lx\n", regs->eflags);
    70.9 +    if ( !GUEST_MODE(regs) )
   70.10 +        print_symbol(" %s", regs->rip);
   70.11 +    printk("\nEFLAGS: %016lx\n", regs->eflags);
   70.12      printk("rax: %016lx   rbx: %016lx   rcx: %016lx   rdx: %016lx\n",
   70.13             regs->rax, regs->rbx, regs->rcx, regs->rdx);
   70.14      printk("rsi: %016lx   rdi: %016lx   rbp: %016lx   rsp: %016lx\n",
    71.1 --- a/xen/common/lib.c	Fri Aug 19 10:18:53 2005 +0000
    71.2 +++ b/xen/common/lib.c	Fri Aug 19 10:50:15 2005 +0000
    71.3 @@ -450,8 +450,10 @@ unsigned long long parse_size_and_unit(c
    71.4  		ret <<= 10;
    71.5  	case 'M': case 'm':
    71.6  		ret <<= 10;
    71.7 -	case 'K': case 'k':
    71.8 +	case 'K': case 'k': default:
    71.9  		ret <<= 10;
   71.10 +	case 'B': case 'b':
   71.11 +		break;
   71.12  	}
   71.13  
   71.14  	return ret;
    72.1 --- a/xen/drivers/char/console.c	Fri Aug 19 10:18:53 2005 +0000
    72.2 +++ b/xen/drivers/char/console.c	Fri Aug 19 10:50:15 2005 +0000
    72.3 @@ -652,8 +652,9 @@ static int __init debugtrace_init(void)
    72.4  void panic(const char *fmt, ...)
    72.5  {
    72.6      va_list args;
    72.7 -    char buf[128], cpustr[10];
    72.8 +    char buf[128];
    72.9      unsigned long flags;
   72.10 +    static spinlock_t lock = SPIN_LOCK_UNLOCKED;
   72.11      extern void machine_restart(char *);
   72.12      
   72.13      debugtrace_dump();
   72.14 @@ -665,16 +666,13 @@ void panic(const char *fmt, ...)
   72.15      debugger_trap_immediate();
   72.16  
   72.17      /* Spit out multiline message in one go. */
   72.18 -    spin_lock_irqsave(&console_lock, flags);
   72.19 -    __putstr("\n****************************************\n");
   72.20 -    __putstr("Panic on CPU");
   72.21 -    sprintf(cpustr, "%d", smp_processor_id());
   72.22 -    __putstr(cpustr);
   72.23 -    __putstr(":\n");
   72.24 -    __putstr(buf);
   72.25 -    __putstr("****************************************\n\n");
   72.26 -    __putstr("Reboot in five seconds...\n");
   72.27 -    spin_unlock_irqrestore(&console_lock, flags);
   72.28 +    spin_lock_irqsave(&lock, flags);
   72.29 +    printk("\n****************************************\n");
   72.30 +    printk("Panic on CPU %d:\n", smp_processor_id());
   72.31 +    printk(buf);
   72.32 +    printk("****************************************\n\n");
   72.33 +    printk("Reboot in five seconds...\n");
   72.34 +    spin_unlock_irqrestore(&lock, flags);
   72.35  
   72.36      watchdog_disable();
   72.37      mdelay(5000);
    73.1 --- a/xen/include/asm-x86/e820.h	Fri Aug 19 10:18:53 2005 +0000
    73.2 +++ b/xen/include/asm-x86/e820.h	Fri Aug 19 10:50:15 2005 +0000
    73.3 @@ -3,7 +3,7 @@
    73.4  
    73.5  #include <asm/page.h>
    73.6  
    73.7 -#define E820MAX	32
    73.8 +#define E820MAX	128
    73.9  
   73.10  #define E820_RAM          1
   73.11  #define E820_RESERVED     2
    74.1 --- a/xen/include/asm-x86/uaccess.h	Fri Aug 19 10:18:53 2005 +0000
    74.2 +++ b/xen/include/asm-x86/uaccess.h	Fri Aug 19 10:50:15 2005 +0000
    74.3 @@ -125,22 +125,20 @@ extern void __put_user_bad(void);
    74.4  	__pu_err;							\
    74.5  })							
    74.6  
    74.7 -#define __get_user_nocheck(x,ptr,size)				\
    74.8 -({								\
    74.9 -	long __gu_err, __gu_val;				\
   74.10 -	__get_user_size(__gu_val,(ptr),(size),__gu_err,-EFAULT);\
   74.11 -	(x) = (__typeof__(*(ptr)))__gu_val;			\
   74.12 -	__gu_err;						\
   74.13 +#define __get_user_nocheck(x,ptr,size)                          \
   74.14 +({                                                              \
   74.15 +	long __gu_err;                                          \
   74.16 +	__get_user_size((x),(ptr),(size),__gu_err,-EFAULT);     \
   74.17 +	__gu_err;                                               \
   74.18  })
   74.19  
   74.20 -#define __get_user_check(x,ptr,size)					\
   74.21 -({									\
   74.22 -	long __gu_err, __gu_val;					\
   74.23 -	__typeof__(*(ptr)) __user *__gu_addr = (ptr);			\
   74.24 -	__get_user_size(__gu_val,__gu_addr,(size),__gu_err,-EFAULT);	\
   74.25 -	(x) = (__typeof__(*(ptr)))__gu_val;				\
   74.26 -	if (!__addr_ok(__gu_addr)) __gu_err = -EFAULT;			\
   74.27 -	__gu_err;							\
   74.28 +#define __get_user_check(x,ptr,size)                            \
   74.29 +({                                                              \
   74.30 +	long __gu_err;                                          \
   74.31 +	__typeof__(*(ptr)) __user *__gu_addr = (ptr);           \
   74.32 +	__get_user_size((x),__gu_addr,(size),__gu_err,-EFAULT); \
   74.33 +	if (!__addr_ok(__gu_addr)) __gu_err = -EFAULT;          \
   74.34 +	__gu_err;                                               \
   74.35  })							
   74.36  
   74.37  struct __large_struct { unsigned long buf[100]; };