ia64/xen-unstable

changeset 6286:509316987d65

Merge.

Signed-off-by: Steven Smith, sos22@cam.ac.uk
author sos22@douglas.cl.cam.ac.uk
date Fri Aug 19 10:50:15 2005 +0000 (2005-08-19)
parents 3d45fb64b064 7b6f55756f9c
children 66348ff38ec1
files Config.mk docs/src/user.tex linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32 linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_64 linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_64 linux-2.6-xen-sparse/arch/xen/i386/kernel/Makefile linux-2.6-xen-sparse/arch/xen/i386/kernel/i386_ksyms.c linux-2.6-xen-sparse/arch/xen/i386/kernel/pci-dma.c linux-2.6-xen-sparse/arch/xen/i386/kernel/process.c linux-2.6-xen-sparse/arch/xen/i386/kernel/smp.c linux-2.6-xen-sparse/arch/xen/i386/kernel/smpboot.c linux-2.6-xen-sparse/arch/xen/i386/kernel/swiotlb.c linux-2.6-xen-sparse/arch/xen/i386/kernel/time.c linux-2.6-xen-sparse/arch/xen/i386/mm/fault.c linux-2.6-xen-sparse/arch/xen/i386/mm/hypervisor.c linux-2.6-xen-sparse/arch/xen/i386/mm/init.c linux-2.6-xen-sparse/arch/xen/i386/mm/ioremap.c linux-2.6-xen-sparse/arch/xen/kernel/evtchn.c linux-2.6-xen-sparse/arch/xen/kernel/reboot.c linux-2.6-xen-sparse/arch/xen/kernel/skbuff.c linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup.c linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup64.c linux-2.6-xen-sparse/arch/xen/x86_64/mm/fault.c linux-2.6-xen-sparse/arch/xen/x86_64/mm/init.c linux-2.6-xen-sparse/drivers/xen/balloon/balloon.c linux-2.6-xen-sparse/drivers/xen/blkback/blkback.c linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c linux-2.6-xen-sparse/include/asm-xen/asm-i386/dma-mapping.h linux-2.6-xen-sparse/include/asm-xen/asm-i386/hypercall.h linux-2.6-xen-sparse/include/asm-xen/hypervisor.h linux-2.6-xen-sparse/include/asm-xen/xenbus.h patches/linux-2.6.12/workaround_double_br_del_if.patch tools/examples/network-bridge tools/python/xen/xend/server/event.py tools/python/xen/xend/server/relocate.py tools/python/xen/xm/create.py tools/python/xen/xm/main.py tools/security/Makefile tools/security/example.txt tools/security/install.txt tools/security/policies/chwall/chwall-security_label_template.xml tools/security/policies/chwall/chwall-security_policy.xml tools/security/policies/chwall_ste/chwall_ste-security_label_template.xml tools/security/policies/chwall_ste/chwall_ste-security_policy.xml tools/security/policies/null/null-security_label_template.xml tools/security/policies/null/null-security_policy.xml tools/security/policies/security_policy.xsd tools/security/policies/ste/ste-security_label_template.xml tools/security/policies/ste/ste-security_policy.xml tools/security/policy.txt tools/security/readme.txt tools/security/secpol_compat.h tools/security/secpol_tool.c tools/security/secpol_xml2bin.c tools/security/secpol_xml2bin.h tools/security/setlabel.sh tools/security/updategrub.sh xen/Rules.mk xen/arch/x86/domain.c xen/arch/x86/domain_build.c xen/arch/x86/mm.c xen/arch/x86/setup.c xen/arch/x86/time.c xen/arch/x86/traps.c xen/arch/x86/x86_32/traps.c xen/arch/x86/x86_64/traps.c xen/common/domain.c xen/common/event_channel.c xen/common/lib.c xen/common/schedule.c xen/drivers/char/console.c xen/include/asm-x86/e820.h xen/include/asm-x86/uaccess.h xen/include/public/xen.h
line diff
     1.1 --- a/Config.mk	Fri Aug 19 10:18:53 2005 +0000
     1.2 +++ b/Config.mk	Fri Aug 19 10:50:15 2005 +0000
     1.3 @@ -35,3 +35,11 @@ CFLAGS += $(foreach i, $(EXTRA_INCLUDES)
     1.4  
     1.5  # Choose the best mirror to download linux kernel
     1.6  KERNEL_REPO = http://www.kernel.org
     1.7 +
     1.8 +# ACM_USE_SECURITY_POLICY is set to security policy of Xen
     1.9 +# Supported models are:
    1.10 +#	ACM_NULL_POLICY (ACM will not be built with this policy)
    1.11 +#	ACM_CHINESE_WALL_POLICY
    1.12 +#	ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
    1.13 +#	ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
    1.14 +ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
     2.1 --- a/docs/misc/shype4xen_readme.txt	Fri Aug 19 10:18:53 2005 +0000
     2.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.3 @@ -1,588 +0,0 @@
     2.4 -Copyright: IBM Corporation (C)
     2.5 -20 June 2005
     2.6 -Author: Reiner Sailer
     2.7 -
     2.8 -This document is a very short introduction into the sHype access control 
     2.9 -security architecture implementation and how it is perceived by users. It 
    2.10 -is a very preliminary draft  for the courageous ones to get "their feet wet" 
    2.11 -and to be able to give feedback (via the xen-devel/xense-devel mailing lists).
    2.12 -
    2.13 -Install:
    2.14 -
    2.15 -cd into xeno-unstable.bk 
    2.16 -(use --dry-run option if you want to test the patch only)
    2.17 -patch -p1 -g0 < *tools.diff
    2.18 -patch -p1 -g0 < *xen.diff
    2.19 -
    2.20 -(no rejects, probably some line offsets)
    2.21 -
    2.22 -make uninstall; make mrproper; make; ./install.sh should install the default 
    2.23 -sHype into Xen (rebuild your initrd images if necessary). Reboot.
    2.24 -
    2.25 -Debug output: there are two triggers for debug output:
    2.26 -a) General sHype debug:
    2.27 -    xeno-unstable.bk/xen/include/public/acm.h
    2.28 -    undefine ACM_DEBUG to switch this debug off
    2.29 -
    2.30 -b) sHype enforcement hook trace: This prints a small trace for each enforcement 
    2.31 -hook that is executed. The trigger is in
    2.32 -    xeno-unstable.bk/xen/include/acm/acm_hooks.h
    2.33 -    undefine ACM_TRACE_MODE to switch this debug off
    2.34 -
    2.35 -1. The default NULL policy
    2.36 -***************************
    2.37 -When you apply the patches and startup xen, you should at first not notice any 
    2.38 -difference because the default policy is the "NULL" policy, which as the name 
    2.39 -implies does not enforce anything.
    2.40 -
    2.41 -To display the currently enforced policy, use the policy tool under xeno-
    2.42 -unstable.bk/tools/policy: policy_tool getpolicy. You should see output like the 
    2.43 -one below.
    2.44 -
    2.45 -[root@laptop policy]#./policy_tool getpolicy
    2.46 -
    2.47 -Policy dump:
    2.48 -============
    2.49 -Magic     = 1debc.
    2.50 -PolVer    = aaaa0000.
    2.51 -Len       = 14.
    2.52 -Primary   = NULL policy (c=0, off=14).
    2.53 -Secondary = NULL policy (c=0, off=14).
    2.54 -No primary policy (NULL).
    2.55 -No secondary policy (NULL).
    2.56 -
    2.57 -Policy dump End.
    2.58 -
    2.59 -Since this is a dump of a binary policy, it's not pretty. The important parts 
    2.60 -are the "Primary" and "Secondary" policy fields set to "NULL policy". sHype 
    2.61 -currently allows to set two independent policies; thus the two SSID-REF parts 
    2.62 -shown in 'xm list'. Right here: primary policy only means this policy is 
    2.63 -checked first, the secondary policy is checked if the primary results in 
    2.64 -"permitted access". The result of the combined policy is "permitted" if both 
    2.65 -policies return permitted (NULL policy always returns permitted). The result is 
    2.66 -"denied" if at least one of the policies returns "denied". Look into xeno-
    2.67 -unstable.bk/xen/include/acm/acm_hooks.h for the general hook structure 
    2.68 -integrating the policy decisions (if you like, you won't need it for the rest 
    2.69 -of the Readme file).
    2.70 -
    2.71 -2. Setting Chinese Wall and Simple Type Enforcement policies:
    2.72 -*************************************************************
    2.73 -
    2.74 -We'll get fast to the point. However, in order to understand what we are doing, 
    2.75 -we must at least understand the purpose of the policies that we are going to 
    2.76 -enforce. The two policies presented here are just examples and the 
    2.77 -implementation encourages adding new policies easily.
    2.78 -
    2.79 -2.1. Chinese Wall policy: "decides whether a domain can be started based on 
    2.80 -this domain's ssidref and the ssidrefs of the currently running domains". 
    2.81 -Generally, the Chinese wall policy allows specifying certain types (or classes 
    2.82 -or categories, whatever the preferred word) that conflict; we usually assign a 
    2.83 -type to a workload and the set of types of those workloads running in a domain 
    2.84 -make up the type set for this domain.  Each domain is assigned a set of types 
    2.85 -through its SSID-REF (we register Chinese Wall as primary policy, so the 
    2.86 -ssidref used for determining the Chinese Wall types is the one annotated with 
    2.87 -"p:" in xm list) since each SSID-REF points at a set of types. We'll see how 
    2.88 -SSIDREFs are represented in Xen later when we will look at the policy. (A good 
    2.89 -read for Chinese Wall is: Brewer/Nash The Chinese Wall Security Policy 1989.)
    2.90 -
    2.91 -So let's assume the Chinese Wall policy we are running distinguishes 10 types: 
    2.92 -t0 ... t9. Let us assume further that each SSID-REF points to a set that 
    2.93 -includes exactly one type (attached to domains that run workloads of a single 
    2.94 -type). SSID-REF 0 points to {t0}, ssidref 1 points to {t1} ... 9 points to 
    2.95 -{t9}. [This is actually the example policy we are going to push into xen later]
    2.96 -
    2.97 -Now the Chinese Wall policy allows you to define "Conflict type sets" and it 
    2.98 -guarantees that of any conflict set at most one type is "running" at any time. 
    2.99 -As an example, we have defined 2 conflict set: {t2, t3} and {t0, t5, t6}. 
   2.100 -Specifying these conflict sets, sHype ensures that at most one type of each set 
   2.101 -is running (either t2 or t3 but not both; either t0 or t5 or t6 but not 
   2.102 -multiple of them).
   2.103 -
   2.104 -The effect is that administrators can define which workload types cannot run 
   2.105 -simultaneously on a single Xen system. This is useful to limit the covert 
   2.106 -timing channels between such payloads or to ensure that payloads don't 
   2.107 -interfere with each other through existing resource dependencies.
   2.108 -
   2.109 -2.2. Simple Type Enforcement (ste) policy: "decides whether two domains can 
   2.110 -share data, e.g., setup event channels or grant tables to each other, based on 
   2.111 -the two domains' ssidref. This, as the name says, is a simple policy. Think of 
   2.112 -each type as of a single color. Each domain has one or more colors, i.e., the 
   2.113 -domains ssid for the ste policy points to a set that has set one or multiple 
   2.114 -types. Let us assume in our example policy we differentiate 5 colors (types) 
   2.115 -and define 5 different ssids referenced by ssidref=0..4. Each ssid shall have 
   2.116 -exactly one type set, i.e., describes a uni-color. Only ssid(0) has all types 
   2.117 -set, i.e., has all defined colors.
   2.118 -
   2.119 -Sharing is enforced by the ste policy by requiring that two domains that want 
   2.120 -to establish an event channel or grant pages to each other must have a common 
   2.121 -color. Currently all domains communicate through DOM0 by default; i.e., Domain0 
   2.122 -will necessarily have all colors to be able to create domains (thus, we will 
   2.123 -assign ssidref(0) to Domain0 in our example below.
   2.124 -
   2.125 -More complex mandatory access control policies governing sharing will follow; 
   2.126 -such policies are more sophisticated than the "color" scheme above by allowing 
   2.127 -more flexible (and complex :_) access control decisions than "share a color" or 
   2.128 -"don't share a color" and will be able to express finer-grained policies.
   2.129 -
   2.130 -
   2.131 -2.3 Binary Policy:
   2.132 -In the future, we will have a policy tool that takes as input a more humane 
   2.133 -policy description, using types such as development, home-banking, donated-
   2.134 -Grid, CorpA-Payload ... and translates the respective policy into what we see 
   2.135 -today as the binary policy using 1s and 0s and sets of them. For now, we must 
   2.136 -live with the binary policy when working with sHype.
   2.137 -
   2.138 -    
   2.139 -2.4 Exemplary use of a real sHype policy on Xen. To activate a real policy, 
   2.140 -edit the file (yes, this will soon be a compile option):
   2.141 -  xeno-unstable.bk/xen/include/public/acm.h
   2.142 -  Change: #define ACM_USE_SECURITY_POLICY ACM_NULL_POLICY
   2.143 -   To : #define ACM_USE_SECURITY_POLICY ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
   2.144 -   cd xeno-unstable.bk
   2.145 -   make mrproper
   2.146 -   make uninstall (manually remove /etc/xen.old if necessary)
   2.147 -   make
   2.148 -   ./install.sh      (recreate your kernel initrd's if necessary)
   2.149 -   Reboot into new xen.gz
   2.150 -     
   2.151 -After booting, check out 'xm dmesg'; should show somewhere in the middle:
   2.152 -
   2.153 -(XEN) acm_init: Enforcing Primary CHINESE WALL policy, Secondary SIMPLE TYPE 
   2.154 -ENFORCEMENT policy.
   2.155 -
   2.156 -Even though you can activate those policies in any combination and also 
   2.157 -independently, the policy tool currently only supports setting the policy for 
   2.158 -the above combination.
   2.159 -
   2.160 -Now look at the minimal startup policy with:
   2.161 -                xeno-unstable.bk/tools/policytool getpolicy
   2.162 -
   2.163 -You should see something like:
   2.164 -
   2.165 -[root@laptop policy]# ./policy_tool getpolicy
   2.166 -
   2.167 -Policy dump:
   2.168 -============
   2.169 -Magic     = 1debc.
   2.170 -PolVer    = aaaa0000.
   2.171 -Len       = 36.
   2.172 -Primary   = CHINESE WALL policy (c=1, off=14).
   2.173 -Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=2c).
   2.174 -
   2.175 -
   2.176 -Chinese Wall policy:
   2.177 -====================
   2.178 -Max Types     = 1.
   2.179 -Max Ssidrefs  = 1.
   2.180 -Max ConfSets  = 1.
   2.181 -Ssidrefs Off  = 10.
   2.182 -Conflicts Off = 12.
   2.183 -Runing T. Off = 14.
   2.184 -C. Agg. Off   = 16.
   2.185 -
   2.186 -SSID To CHWALL-Type matrix:
   2.187 -
   2.188 -   ssidref 0:  00 
   2.189 -
   2.190 -Confict Sets:
   2.191 -
   2.192 -   c-set 0:    00 
   2.193 -
   2.194 -Running
   2.195 -Types:         00 
   2.196 -
   2.197 -Conflict
   2.198 -Aggregate Set: 00 
   2.199 -
   2.200 -
   2.201 -Simple Type Enforcement policy:
   2.202 -===============================
   2.203 -Max Types     = 1.
   2.204 -Max Ssidrefs  = 1.
   2.205 -Ssidrefs Off  = 8.
   2.206 -
   2.207 -SSID To STE-Type matrix:
   2.208 -
   2.209 -   ssidref 0: 01 
   2.210 -
   2.211 -
   2.212 -Policy dump End.
   2.213 -
   2.214 -This is a minimal policy (of little use), except it will disable starting any 
   2.215 -domain that does not have ssidref set to 0x0. The Chinese Wall policy has 
   2.216 -nothing to enforce and the ste policy only knows one type, which is set for the 
   2.217 -only defined ssidref.
   2.218 -
   2.219 -The item that defines the ssidref in a domain configuration is:
   2.220 -
   2.221 -ssidref = 0x12345678
   2.222 -
   2.223 -Where ssidref is interpreted as a 32bit number, where the lower 16bits become 
   2.224 -the ssidref for the primary policy and the higher 16bits become the ssidref for 
   2.225 -the secondary policy. sHype currently supports two policies but this is an 
   2.226 -implementation decision and can be extended if necessary.
   2.227 -
   2.228 -This reference defines the security information of a domain. The meaning of the 
   2.229 -SSID-REF depends on the policy, so we explain it when we explain the real 
   2.230 -policies.
   2.231 -
   2.232 -
   2.233 -Setting a new Security Policy:
   2.234 -******************************
   2.235 -The policy tool with all its current limitations has one usable example policy 
   2.236 -compiled-in. Please try at this time to use the setpolicy command:
   2.237 -       xeno-unstable.bk/tools/policy/policy_tool setpolicy
   2.238 -
   2.239 -You should see a dump of the policy you are setting. It should say at the very 
   2.240 -end: 
   2.241 -
   2.242 -Policy successfully set.
   2.243 -
   2.244 -Now try to dump the currently enforced policy, which is the policy we have just 
   2.245 -set and the dynamic security state information of this policy 
   2.246 -(<<< ... some additional explanations)
   2.247 -
   2.248 -[root@laptop policy]# ./policy_tool getpolicy
   2.249 -
   2.250 -Policy dump:
   2.251 -============
   2.252 -Magic     = 1debc.
   2.253 -PolVer    = aaaa0000.
   2.254 -Len       = 112.
   2.255 -Primary   = CHINESE WALL policy (c=1, off=14).
   2.256 -Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
   2.257 -
   2.258 -
   2.259 -Chinese Wall policy:
   2.260 -====================
   2.261 -Max Types     = a.
   2.262 -Max Ssidrefs  = 5.
   2.263 -Max ConfSets  = 2.
   2.264 -Ssidrefs Off  = 10.
   2.265 -Conflicts Off = 74.
   2.266 -Runing T. Off = 9c.
   2.267 -C. Agg. Off   = b0.
   2.268 -
   2.269 -SSID To CHWALL-Type matrix:
   2.270 -
   2.271 -   ssidref 0:  01 00 00 00 00 00 00 00 00 00  <<< type0 is set for ssidref0
   2.272 -   ssidref 1:  00 01 00 00 00 00 00 00 00 00 
   2.273 -   ssidref 2:  00 00 01 00 00 00 00 00 00 00 
   2.274 -   ssidref 3:  00 00 00 01 00 00 00 00 00 00 
   2.275 -   ssidref 4:  00 00 00 00 01 00 00 00 00 00  <<< type4 is set for ssidref4
   2.276 -                                              <<< types 5-9 are unused
   2.277 -Confict Sets:
   2.278 -
   2.279 -   c-set 0:    00 00 01 01 00 00 00 00 00 00  <<< type2 and type3 never run together
   2.280 -   c-set 1:    01 00 00 00 00 01 01 00 00 00  <<< only one of types 0, 5 or 6 
   2.281 -                                              <<<   can run simultaneously
   2.282 -Running
   2.283 -Types:         01 00 00 00 00 00 00 00 00 00  <<< ref-count for types of running domains
   2.284 -
   2.285 -Conflict
   2.286 -Aggregate Set: 00 00 00 00 00 01 01 00 00 00  <<< aggregated set of types that                  
   2.287 -                                              <<< cannot run because they 
   2.288 -                                              <<< are in conflict set 1 and
   2.289 -                                              <<< (domain 0 is running w t0)
   2.290 -                                             
   2.291 -
   2.292 -Simple Type Enforcement policy:
   2.293 -===============================
   2.294 -Max Types     = 5.
   2.295 -Max Ssidrefs  = 5.
   2.296 -Ssidrefs Off  = 8.
   2.297 -
   2.298 -SSID To STE-Type matrix:
   2.299 -
   2.300 -   ssidref 0: 01 01 01 01 01                  <<< ssidref0 points to a set that                  
   2.301 -                                              <<< has all types set (colors)
   2.302 -   ssidref 1: 00 01 00 00 00                  <<< ssidref1 has color1 set
   2.303 -   ssidref 2: 00 00 01 00 00                  <<< ...
   2.304 -   ssidref 3: 00 00 00 01 00 
   2.305 -   ssidref 4: 00 00 00 00 01 
   2.306 -
   2.307 -
   2.308 -Policy dump End.
   2.309 -
   2.310 -
   2.311 -This is a small example policy with which we will demonstrate the enforcement.
   2.312 -
   2.313 -Starting Domains with policy enforcement
   2.314 -========================================
   2.315 -Now let us play with this policy. 
   2.316 -
   2.317 -Define 3 or 4 domain configurations. I use the following config using a ramdisk 
   2.318 -only and about 8MBytes of memory for each DomU (test purposes):
   2.319 -
   2.320 -#-------configuration xmsec1-------------------------
   2.321 -kernel = "/boot/vmlinuz-2.6.11-xenU"
   2.322 -ramdisk="/boot/U1_ramdisk.img"
   2.323 -#security reference identifier
   2.324 -ssidref= 0x00010001
   2.325 -memory = 10
   2.326 -name = "xmsec1"
   2.327 -cpu = -1   # leave to Xen to pick
   2.328 -# Number of network interfaces. Default is 1.
   2.329 -nics=1
   2.330 -dhcp="dhcp"
   2.331 -#-----------------------------------------------------
   2.332 -
   2.333 -xmsec2 and xmsec3 look the same except for the name and the ssidref line. Use 
   2.334 -your domain config file and add "ssidref = 0x00010001" to the first (xmsec1),  
   2.335 -"ssidref= 0x00020002" to the second (call it xmsec2), and "ssidref=0x00030003"  
   2.336 -to the third (we will call this one xmsec3).
   2.337 -
   2.338 -First start xmsec1: xm create -c xmsec1 (succeeds)
   2.339 -
   2.340 -Then
   2.341 -[root@laptop policy]# xm list 
   2.342 -Name              Id  Mem(MB)  CPU  State  Time(s)  Console  
   2.343 -Domain-0           0      620   0  r----     42.3            s:00/p:00
   2.344 -xmnosec            1        9   0  -b---      0.3    9601    s:00/p:05
   2.345 -xmsec1             2        9   0  -b---      0.2    9602    s:01/p:01
   2.346 -
   2.347 -Shows a new domain xmsec1 running with primary (here: chinese wall) ssidref 1 
   2.348 -and secondary (here: simple type enforcement) ssidref 1. The ssidrefs are  
   2.349 -independent and can differ for a domain.
   2.350 -
   2.351 -[root@laptop policy]# ./policy_tool getpolicy
   2.352 -
   2.353 -Policy dump:
   2.354 -============
   2.355 -Magic     = 1debc.
   2.356 -PolVer    = aaaa0000.
   2.357 -Len       = 112.
   2.358 -Primary   = CHINESE WALL policy (c=1, off=14).
   2.359 -Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
   2.360 -
   2.361 -
   2.362 -Chinese Wall policy:
   2.363 -====================
   2.364 -Max Types     = a.
   2.365 -Max Ssidrefs  = 5.
   2.366 -Max ConfSets  = 2.
   2.367 -Ssidrefs Off  = 10.
   2.368 -Conflicts Off = 74.
   2.369 -Runing T. Off = 9c.
   2.370 -C. Agg. Off   = b0.
   2.371 -
   2.372 -SSID To CHWALL-Type matrix:
   2.373 -
   2.374 -   ssidref 0:  01 00 00 00 00 00 00 00 00 00
   2.375 -   ssidref 1:  00 01 00 00 00 00 00 00 00 00
   2.376 -   ssidref 2:  00 00 01 00 00 00 00 00 00 00
   2.377 -   ssidref 3:  00 00 00 01 00 00 00 00 00 00
   2.378 -   ssidref 4:  00 00 00 00 01 00 00 00 00 00
   2.379 -
   2.380 -Confict Sets:
   2.381 -
   2.382 -   c-set 0:    00 00 01 01 00 00 00 00 00 00
   2.383 -   c-set 1:    01 00 00 00 00 01 01 00 00 00   <<< t1 is not part of any c-set
   2.384 -
   2.385 -Running
   2.386 -Types:         01 01 00 00 00 00 00 00 00 00   <<< xmsec1 has ssidref 1->type1
   2.387 -                  ^^                           <<< ref-count at position 1 incr
   2.388 -Conflict
   2.389 -Aggregate Set: 00 00 00 00 00 01 01 00 00 00   <<< domain 1 was allowed to       
   2.390 -                                               <<< start since type 1 was not
   2.391 -                                               <<< in conflict with running 
   2.392 -                                               <<< types
   2.393 -                                            
   2.394 -Simple Type Enforcement policy:
   2.395 -===============================
   2.396 -Max Types     = 5.
   2.397 -Max Ssidrefs  = 5.
   2.398 -Ssidrefs Off  = 8.
   2.399 -
   2.400 -SSID To STE-Type matrix:
   2.401 -
   2.402 -   ssidref 0: 01 01 01 01 01           <<< the ste policy does not maintain; we
   2.403 -   ssidref 1: 00 01 00 00 00   <--     <<< see that domain xmsec1 has ste 
   2.404 -   ssidref 2: 00 00 01 00 00           <<< ssidref1->type1 and has this type in
   2.405 -   ssidref 3: 00 00 00 01 00           <<< common with dom0
   2.406 -   ssidref 4: 00 00 00 00 01
   2.407 -
   2.408 -
   2.409 -Policy dump End.
   2.410 -
   2.411 -Look at sHype output in xen dmesg:
   2.412 -
   2.413 -[root@laptop xen]# xm dmesg
   2.414 -.
   2.415 -.
   2.416 -[somewhere near the very end]
   2.417 -(XEN) chwall_init_domain_ssid: determined chwall_ssidref to 1.
   2.418 -(XEN) ste_init_domain_ssid.
   2.419 -(XEN) ste_init_domain_ssid: determined ste_ssidref to 1.
   2.420 -(XEN) acm_init_domain_ssid: Instantiated individual ssid for domain 0x01.
   2.421 -(XEN) chwall_post_domain_create.
   2.422 -(XEN) ste_pre_eventchannel_interdomain.
   2.423 -(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
   2.424 -(XEN) shype_authorize_domops.
   2.425 -(XEN) ste_pre_eventchannel_interdomain.
   2.426 -(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
   2.427 -(XEN) ste_pre_eventchannel_interdomain.
   2.428 -(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
   2.429 -
   2.430 -
   2.431 -You can see that the chinese wall policy does not complain and that the ste 
   2.432 -policy makes three access control decisions for three event-channels setup 
   2.433 -between domain 0 and the new domain 1. Each time, the two domains share the 
   2.434 -type1 and setting up the eventchannel is permitted.
   2.435 -
   2.436 -
   2.437 -Starting up a second domain xmsec2:
   2.438 -
   2.439 -[root@laptop xen]# xm create -c xmsec2
   2.440 -Using config file "xmsec2".
   2.441 -Started domain xmsec2, console on port 9602
   2.442 -************ REMOTE CONSOLE: CTRL-] TO QUIT ********
   2.443 -Linux version 2.6.11-xenU (root@laptop.home.org) (gcc version 3.4.2 20041017 
   2.444 -(Red Hat 3.4.2-6.fc3)) #1 Wed Mar 30 13:14:31 EST 2005
   2.445 -.
   2.446 -.
   2.447 -.
   2.448 -[root@laptop policy]# xm list
   2.449 -Name              Id  Mem(MB)  CPU  State  Time(s)  Console  
   2.450 -Domain-0           0      620   0  r----     71.7            s:00/p:00
   2.451 -xmsec1             1        9   0  -b---      0.3    9601    s:01/p:01
   2.452 -xmsec2             2        7   0  -b---      0.3    9602    s:02/p:02   << our domain runs both policies with ssidref 2
   2.453 -
   2.454 -
   2.455 -[root@laptop policy]# ./policy_tool getpolicy
   2.456 -
   2.457 -Policy dump:
   2.458 -============
   2.459 -Magic     = 1debc.
   2.460 -PolVer    = aaaa0000.
   2.461 -Len       = 112.
   2.462 -Primary   = CHINESE WALL policy (c=1, off=14).
   2.463 -Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
   2.464 -
   2.465 -
   2.466 -Chinese Wall policy:
   2.467 -====================
   2.468 -Max Types     = a.
   2.469 -Max Ssidrefs  = 5.
   2.470 -Max ConfSets  = 2.
   2.471 -Ssidrefs Off  = 10.
   2.472 -Conflicts Off = 74.
   2.473 -Runing T. Off = 9c.
   2.474 -C. Agg. Off   = b0.
   2.475 -
   2.476 -SSID To CHWALL-Type matrix:
   2.477 -
   2.478 -   ssidref 0:  01 00 00 00 00 00 00 00 00 00
   2.479 -   ssidref 1:  00 01 00 00 00 00 00 00 00 00
   2.480 -   ssidref 2:  00 00 01 00 00 00 00 00 00 00   <<< our domain has type 2 set
   2.481 -   ssidref 3:  00 00 00 01 00 00 00 00 00 00
   2.482 -   ssidref 4:  00 00 00 00 01 00 00 00 00 00
   2.483 -
   2.484 -Confict Sets:
   2.485 -
   2.486 -   c-set 0:    00 00 01 01 00 00 00 00 00 00   <<< t2 is in c-set0 with type 3
   2.487 -   c-set 1:    01 00 00 00 00 01 01 00 00 00
   2.488 -
   2.489 -Running
   2.490 -Types:         01 01 01 00 00 00 00 00 00 00   <<< t2 is running since the 
   2.491 -                     ^^                        <<< current aggregate conflict
   2.492 -                                               <<< set (see above) does not 
   2.493 -                                               <<< include type 2
   2.494 -Conflict
   2.495 -Aggregate Set: 00 00 00 01 00 01 01 00 00 00   <<< type 3 is added to the 
   2.496 -                                               <<< conflict aggregate
   2.497 -
   2.498 -
   2.499 -Simple Type Enforcement policy:
   2.500 -===============================
   2.501 -Max Types     = 5.
   2.502 -Max Ssidrefs  = 5.
   2.503 -Ssidrefs Off  = 8.
   2.504 -
   2.505 -SSID To STE-Type matrix:
   2.506 -
   2.507 -   ssidref 0: 01 01 01 01 01
   2.508 -   ssidref 1: 00 01 00 00 00
   2.509 -   ssidref 2: 00 00 01 00 00
   2.510 -   ssidref 3: 00 00 00 01 00
   2.511 -   ssidref 4: 00 00 00 00 01
   2.512 -
   2.513 -
   2.514 -Policy dump End.
   2.515 -
   2.516 -
   2.517 -The sHype xen dmesg output looks similar to the one above when starting the 
   2.518 -first domain.
   2.519 -
   2.520 -Now we start xmsec3 and it has ssidref3. Thus, it tries to run as type3 which 
   2.521 -conflicts with running type2 (from xmsec2). As expected, creating this domain 
   2.522 -fails for security policy enforcement reasons.
   2.523 -
   2.524 -[root@laptop xen]# xm create -c xmsec3
   2.525 -Using config file "xmsec3".
   2.526 -Error: Error creating domain: (22, 'Invalid argument')
   2.527 -[root@laptop xen]#
   2.528 -
   2.529 -[root@laptop xen]# xm dmesg
   2.530 -.
   2.531 -.
   2.532 -[somewhere near the very end]
   2.533 -(XEN) chwall_pre_domain_create.
   2.534 -(XEN) chwall_pre_domain_create: CHINESE WALL CONFLICT in type 03.
   2.535 -
   2.536 -xmsec3 ssidref3 points to type3, which is in the current conflict aggregate 
   2.537 -set. This domain cannot start until domain xmsec2 is destroyed, at which time 
   2.538 -the aggregate conflict set is reduced and type3 is excluded from it. Then, 
   2.539 -xmsec3 can start. Of course, afterwards, xmsec2 cannot be restarted. Try it.
   2.540 -
   2.541 -3. Policy tool
   2.542 -**************
   2.543 -toos/policy/policy_tool.c
   2.544 -
   2.545 -a) ./policy_tool getpolicy
   2.546 -      prints the currently enforced policy
   2.547 -      (see for example section 1.)
   2.548 -
   2.549 -b) ./policy_tool setpolicy
   2.550 -      sets a predefined and hardcoded security
   2.551 -      policy (the one described in section 2.)
   2.552 -
   2.553 -c) ./policy_tool dumpstats
   2.554 -      prints some status information about the caching
   2.555 -      of access control decisions (number of cache hits
   2.556 -      and number of policy evaluations for grant_table
   2.557 -      and event channels).
   2.558 -
   2.559 -d) ./policy_tool loadpolicy <binary_policy_file>
   2.560 -      sets the policy defined in the <binary_policy_file>
   2.561 -      please use the policy_processor that is posted to this
   2.562 -      mailing list to create such a binary policy from an XML
   2.563 -      policy description
   2.564 -
   2.565 -4. Policy interface:
   2.566 -********************
   2.567 -The Policy interface is working in "network-byte-order" (big endian). The reason for this
   2.568 -is that policy files/management should be portable and independent of the platforms.
   2.569 -
   2.570 -Our policy interface enables managers to create a single binary policy file in a trusted
   2.571 -environment and distributed it to multiple systems for enforcement.
   2.572 -
   2.573 -5. Booting with a binary policy:
   2.574 -********************************
   2.575 -The grub configuration file can be adapted to boot the hypervisor with an
   2.576 -already active policy. To do this, a binary policy file - this can be
   2.577 -the same file as used by the policy_tool - should be placed into the boot
   2.578 -partition. The following entry from the grub configuration file shows how
   2.579 -a binary policy can be added to the system during boot time. Note that the 
   2.580 -binary policy must be of the same type that the hypervisor was compiled 
   2.581 -for. The policy module line should also only be added as the last module
   2.582 -line if XEN was compiled with the access control module (ACM).
   2.583 -
   2.584 -title XEN0 3.0 Devel
   2.585 -	kernel /xen.gz dom0_mem=400000
   2.586 -	module /vmlinuz-2.6.12-xen0 root=/dev/hda2 ro console=tty0
   2.587 -	module /initrd-2.6.12-xen0.img
   2.588 -	module /xen_sample_policy.bin
   2.589 -
   2.590 -
   2.591 -====================end-of file=======================================
     3.1 --- a/docs/src/user.tex	Fri Aug 19 10:18:53 2005 +0000
     3.2 +++ b/docs/src/user.tex	Fri Aug 19 10:50:15 2005 +0000
     3.3 @@ -1763,7 +1763,7 @@ editing \path{grub.conf}.
     3.4   physical address in the memory map will be ignored. This parameter
     3.5   may be specified with a B, K, M or G suffix, representing bytes,
     3.6   kilobytes, megabytes and gigabytes respectively. The
     3.7 - default unit, if no suffix is specified, is bytes.
     3.8 + default unit, if no suffix is specified, is kilobytes.
     3.9  
    3.10  \item [dom0\_mem=xxx ] 
    3.11   Set the amount of memory to be allocated to domain0. In Xen 3.x the parameter
     4.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32	Fri Aug 19 10:18:53 2005 +0000
     4.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32	Fri Aug 19 10:50:15 2005 +0000
     4.3 @@ -541,7 +541,7 @@ CONFIG_IP_NF_MATCH_IPRANGE=m
     4.4  # CONFIG_IP_NF_MATCH_STATE is not set
     4.5  # CONFIG_IP_NF_MATCH_CONNTRACK is not set
     4.6  # CONFIG_IP_NF_MATCH_OWNER is not set
     4.7 -# CONFIG_IP_NF_MATCH_PHYSDEV is not set
     4.8 +CONFIG_IP_NF_MATCH_PHYSDEV=y
     4.9  # CONFIG_IP_NF_MATCH_ADDRTYPE is not set
    4.10  # CONFIG_IP_NF_MATCH_REALM is not set
    4.11  # CONFIG_IP_NF_MATCH_SCTP is not set
    4.12 @@ -689,7 +689,7 @@ CONFIG_E1000=y
    4.13  # CONFIG_HAMACHI is not set
    4.14  # CONFIG_YELLOWFIN is not set
    4.15  # CONFIG_R8169 is not set
    4.16 -# CONFIG_SK98LIN is not set
    4.17 +CONFIG_SK98LIN=y
    4.18  # CONFIG_VIA_VELOCITY is not set
    4.19  CONFIG_TIGON3=y
    4.20  # CONFIG_BNX2 is not set
     5.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_64	Fri Aug 19 10:18:53 2005 +0000
     5.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_64	Fri Aug 19 10:50:15 2005 +0000
     5.3 @@ -480,7 +480,7 @@ CONFIG_IP_NF_MATCH_IPRANGE=m
     5.4  # CONFIG_IP_NF_MATCH_STATE is not set
     5.5  # CONFIG_IP_NF_MATCH_CONNTRACK is not set
     5.6  # CONFIG_IP_NF_MATCH_OWNER is not set
     5.7 -# CONFIG_IP_NF_MATCH_PHYSDEV is not set
     5.8 +CONFIG_IP_NF_MATCH_PHYSDEV=y
     5.9  # CONFIG_IP_NF_MATCH_ADDRTYPE is not set
    5.10  # CONFIG_IP_NF_MATCH_REALM is not set
    5.11  # CONFIG_IP_NF_MATCH_SCTP is not set
    5.12 @@ -611,7 +611,7 @@ CONFIG_E1000=y
    5.13  # CONFIG_HAMACHI is not set
    5.14  # CONFIG_YELLOWFIN is not set
    5.15  # CONFIG_R8169 is not set
    5.16 -# CONFIG_SK98LIN is not set
    5.17 +CONFIG_SK98LIN=y
    5.18  # CONFIG_VIA_VELOCITY is not set
    5.19  CONFIG_TIGON3=y
    5.20  # CONFIG_BNX2 is not set
     6.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_64	Fri Aug 19 10:18:53 2005 +0000
     6.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_64	Fri Aug 19 10:50:15 2005 +0000
     6.3 @@ -1,7 +1,7 @@
     6.4  #
     6.5  # Automatically generated make config: don't edit
     6.6 -# Linux kernel version: 2.6.12.4-xenU
     6.7 -# Mon Aug 15 19:25:22 2005
     6.8 +# Linux kernel version: 2.6.12-xenU
     6.9 +# Thu Aug 18 11:15:14 2005
    6.10  #
    6.11  CONFIG_XEN=y
    6.12  CONFIG_ARCH_XEN=y
    6.13 @@ -270,7 +270,10 @@ CONFIG_IP_ROUTE_FWMARK=y
    6.14  CONFIG_IP_ROUTE_MULTIPATH=y
    6.15  # CONFIG_IP_ROUTE_MULTIPATH_CACHED is not set
    6.16  CONFIG_IP_ROUTE_VERBOSE=y
    6.17 -# CONFIG_IP_PNP is not set
    6.18 +CONFIG_IP_PNP=y
    6.19 +CONFIG_IP_PNP_DHCP=y
    6.20 +CONFIG_IP_PNP_BOOTP=y
    6.21 +CONFIG_IP_PNP_RARP=y
    6.22  CONFIG_NET_IPIP=m
    6.23  CONFIG_NET_IPGRE=m
    6.24  CONFIG_NET_IPGRE_BROADCAST=y
     7.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/Makefile	Fri Aug 19 10:18:53 2005 +0000
     7.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/Makefile	Fri Aug 19 10:50:15 2005 +0000
     7.3 @@ -44,7 +44,7 @@ c-obj-$(CONFIG_HPET_TIMER) 	+= time_hpet
     7.4  c-obj-$(CONFIG_EFI) 		+= efi.o efi_stub.o
     7.5  c-obj-$(CONFIG_EARLY_PRINTK)	+= early_printk.o
     7.6  c-obj-$(CONFIG_SMP_ALTERNATIVES)+= smpalts.o
     7.7 -c-obj-$(CONFIG_SWIOTLB)		+= swiotlb.o
     7.8 +obj-$(CONFIG_SWIOTLB)		+= swiotlb.o
     7.9  
    7.10  EXTRA_AFLAGS   := -traditional
    7.11  
     9.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/pci-dma.c	Fri Aug 19 10:18:53 2005 +0000
     9.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/pci-dma.c	Fri Aug 19 10:50:15 2005 +0000
     9.3 @@ -24,13 +24,14 @@ struct dma_coherent_mem {
     9.4  	unsigned long	*bitmap;
     9.5  };
     9.6  
     9.7 -static void iommu_bug(void)
     9.8 -{
     9.9 -	printk(KERN_ALERT "Fatal DMA error! Please use 'swiotlb=force'\n");
    9.10 -	BUG();
    9.11 -}
    9.12 -
    9.13 -#define IOMMU_BUG_ON(test) do { if (unlikely(test)) iommu_bug(); } while(0)
    9.14 +#define IOMMU_BUG_ON(test)				\
    9.15 +do {							\
    9.16 +	if (unlikely(test)) {				\
    9.17 +		printk(KERN_ALERT "Fatal DMA error! "	\
    9.18 +		       "Please use 'swiotlb=force'\n");	\
    9.19 +		BUG();					\
    9.20 +	}						\
    9.21 +} while (0)
    9.22  
    9.23  int
    9.24  dma_map_sg(struct device *hwdev, struct scatterlist *sg, int nents,
    11.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/smp.c	Fri Aug 19 10:18:53 2005 +0000
    11.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/smp.c	Fri Aug 19 10:50:15 2005 +0000
    11.3 @@ -129,8 +129,6 @@ static inline int __prepare_ICR2 (unsign
    11.4  
    11.5  DECLARE_PER_CPU(int, ipi_to_evtchn[NR_IPIS]);
    11.6  
    11.7 -extern unsigned uber_debug;
    11.8 -
    11.9  static inline void __send_IPI_one(unsigned int cpu, int vector)
   11.10  {
   11.11  	unsigned int evtchn;
   11.12 @@ -144,9 +142,6 @@ static inline void __send_IPI_one(unsign
   11.13  		       synch_test_bit(evtchn, &s->evtchn_mask[0]))
   11.14  			;
   11.15  #endif
   11.16 -		if (uber_debug)
   11.17 -			printk("<0>Send ipi %d to %d evtchn %d.\n",
   11.18 -			       vector, cpu, evtchn);
   11.19  		notify_via_evtchn(evtchn);
   11.20  	} else
   11.21  		printk("send_IPI to unbound port %d/%d",
   11.22 @@ -605,7 +600,6 @@ irqreturn_t smp_call_function_interrupt(
   11.23  	void (*func) (void *info) = call_data->func;
   11.24  	void *info = call_data->info;
   11.25  	int wait = call_data->wait;
   11.26 -	extern unsigned uber_debug;
   11.27  
   11.28  	/*
   11.29  	 * Notify initiating CPU that I've grabbed the data and am
   11.30 @@ -617,9 +611,6 @@ irqreturn_t smp_call_function_interrupt(
   11.31  	 * At this point the info structure may be out of scope unless wait==1
   11.32  	 */
   11.33  	irq_enter();
   11.34 -	if (uber_debug && smp_processor_id())
   11.35 -		printk("<0>Processor %d calling %p.\n", smp_processor_id(),
   11.36 -		       func);
   11.37  	(*func)(info);
   11.38  	irq_exit();
   11.39  
    13.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/swiotlb.c	Fri Aug 19 10:18:53 2005 +0000
    13.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/swiotlb.c	Fri Aug 19 10:50:15 2005 +0000
    13.3 @@ -49,13 +49,14 @@ int swiotlb_force;
    13.4   * swiotlb_sync_single_*, to see if the memory was in fact allocated by this
    13.5   * API.
    13.6   */
    13.7 -static char *io_tlb_start, *io_tlb_end;
    13.8 +static char *iotlb_virt_start, *iotlb_virt_end;
    13.9 +static dma_addr_t iotlb_bus_start, iotlb_bus_end;
   13.10  
   13.11  /*
   13.12 - * The number of IO TLB blocks (in groups of 64) betweeen io_tlb_start and
   13.13 - * io_tlb_end.  This is command line adjustable via setup_io_tlb_npages.
   13.14 + * The number of IO TLB blocks (in groups of 64) betweeen iotlb_virt_start and
   13.15 + * iotlb_virt_end.  This is command line adjustable via setup_io_tlb_npages.
   13.16   */
   13.17 -static unsigned long io_tlb_nslabs;
   13.18 +static unsigned long iotlb_nslabs;
   13.19  
   13.20  /*
   13.21   * When the IOMMU overflows we return a fallback buffer. This sets the size.
   13.22 @@ -88,11 +89,11 @@ static DEFINE_SPINLOCK(io_tlb_lock);
   13.23  static int __init
   13.24  setup_io_tlb_npages(char *str)
   13.25  {
   13.26 +	/* Unlike ia64, the size is aperture in megabytes, not 'slabs'! */
   13.27  	if (isdigit(*str)) {
   13.28 -		io_tlb_nslabs = simple_strtoul(str, &str, 0) <<
   13.29 -			(PAGE_SHIFT - IO_TLB_SHIFT);
   13.30 -		/* avoid tail segment of size < IO_TLB_SEGSIZE */
   13.31 -		io_tlb_nslabs = ALIGN(io_tlb_nslabs, IO_TLB_SEGSIZE);
   13.32 +		iotlb_nslabs = simple_strtoul(str, &str, 0) <<
   13.33 +			(20 - IO_TLB_SHIFT);
   13.34 +		iotlb_nslabs = ALIGN(iotlb_nslabs, IO_TLB_SEGSIZE);
   13.35  	}
   13.36  	if (*str == ',')
   13.37  		++str;
   13.38 @@ -114,45 +115,56 @@ setup_io_tlb_npages(char *str)
   13.39  void
   13.40  swiotlb_init_with_default_size (size_t default_size)
   13.41  {
   13.42 -	unsigned long i;
   13.43 +	unsigned long i, bytes;
   13.44  
   13.45 -	if (!io_tlb_nslabs) {
   13.46 -		io_tlb_nslabs = (default_size >> PAGE_SHIFT);
   13.47 -		io_tlb_nslabs = ALIGN(io_tlb_nslabs, IO_TLB_SEGSIZE);
   13.48 +	if (!iotlb_nslabs) {
   13.49 +		iotlb_nslabs = (default_size >> IO_TLB_SHIFT);
   13.50 +		iotlb_nslabs = ALIGN(iotlb_nslabs, IO_TLB_SEGSIZE);
   13.51  	}
   13.52  
   13.53 +	bytes = iotlb_nslabs * (1UL << IO_TLB_SHIFT);
   13.54 +
   13.55  	/*
   13.56  	 * Get IO TLB memory from the low pages
   13.57  	 */
   13.58 -	io_tlb_start = alloc_bootmem_low_pages(io_tlb_nslabs *
   13.59 -					       (1 << IO_TLB_SHIFT));
   13.60 -	if (!io_tlb_start)
   13.61 -		panic("Cannot allocate SWIOTLB buffer");
   13.62 +	iotlb_virt_start = alloc_bootmem_low_pages(bytes);
   13.63 +	if (!iotlb_virt_start)
   13.64 +		panic("Cannot allocate SWIOTLB buffer!\n"
   13.65 +		      "Use dom0_mem Xen boot parameter to reserve\n"
   13.66 +		      "some DMA memory (e.g., dom0_mem=-128M).\n");
   13.67  
   13.68 -	xen_create_contiguous_region(
   13.69 -		(unsigned long)io_tlb_start, 
   13.70 -		get_order(io_tlb_nslabs * (1 << IO_TLB_SHIFT)));
   13.71 +	for (i = 0; i < iotlb_nslabs; i += IO_TLB_SEGSIZE)
   13.72 +		xen_create_contiguous_region(
   13.73 +			(unsigned long)iotlb_virt_start + (i << IO_TLB_SHIFT),
   13.74 +			get_order(IO_TLB_SEGSIZE << IO_TLB_SHIFT));
   13.75  
   13.76 -	io_tlb_end = io_tlb_start + io_tlb_nslabs * (1 << IO_TLB_SHIFT);
   13.77 +	iotlb_virt_end = iotlb_virt_start + bytes;
   13.78  
   13.79  	/*
   13.80  	 * Allocate and initialize the free list array.  This array is used
   13.81  	 * to find contiguous free memory regions of size up to IO_TLB_SEGSIZE
   13.82 -	 * between io_tlb_start and io_tlb_end.
   13.83 +	 * between iotlb_virt_start and iotlb_virt_end.
   13.84  	 */
   13.85 -	io_tlb_list = alloc_bootmem(io_tlb_nslabs * sizeof(int));
   13.86 -	for (i = 0; i < io_tlb_nslabs; i++)
   13.87 +	io_tlb_list = alloc_bootmem(iotlb_nslabs * sizeof(int));
   13.88 +	for (i = 0; i < iotlb_nslabs; i++)
   13.89   		io_tlb_list[i] = IO_TLB_SEGSIZE - OFFSET(i, IO_TLB_SEGSIZE);
   13.90  	io_tlb_index = 0;
   13.91  	io_tlb_orig_addr = alloc_bootmem(
   13.92 -		io_tlb_nslabs * sizeof(*io_tlb_orig_addr));
   13.93 +		iotlb_nslabs * sizeof(*io_tlb_orig_addr));
   13.94  
   13.95  	/*
   13.96  	 * Get the overflow emergency buffer
   13.97  	 */
   13.98  	io_tlb_overflow_buffer = alloc_bootmem_low(io_tlb_overflow);
   13.99 -	printk(KERN_INFO "Placing software IO TLB between 0x%lx - 0x%lx\n",
  13.100 -	       virt_to_bus(io_tlb_start), virt_to_bus(io_tlb_end-1));
  13.101 +	iotlb_bus_start = virt_to_bus(iotlb_virt_start);
  13.102 +	iotlb_bus_end   = iotlb_bus_start + bytes;
  13.103 +	printk(KERN_INFO "Software IO TLB enabled: \n"
  13.104 +	       " Aperture:     %lu megabytes\n"
  13.105 +	       " Bus range:    0x%016lx - 0x%016lx\n"
  13.106 +	       " Kernel range: 0x%016lx - 0x%016lx\n",
  13.107 +	       bytes >> 20,
  13.108 +	       (unsigned long)iotlb_bus_start, (unsigned long)iotlb_bus_end,
  13.109 +	       (unsigned long)iotlb_virt_start, (unsigned long)iotlb_virt_end);
  13.110  }
  13.111  
  13.112  void
  13.113 @@ -240,7 +252,7 @@ map_single(struct device *hwdev, struct 
  13.114  	{
  13.115  		wrap = index = ALIGN(io_tlb_index, stride);
  13.116  
  13.117 -		if (index >= io_tlb_nslabs)
  13.118 +		if (index >= iotlb_nslabs)
  13.119  			wrap = index = 0;
  13.120  
  13.121  		do {
  13.122 @@ -260,7 +272,7 @@ map_single(struct device *hwdev, struct 
  13.123  				      IO_TLB_SEGSIZE -1) && io_tlb_list[i];
  13.124  				     i--)
  13.125  					io_tlb_list[i] = ++count;
  13.126 -				dma_addr = io_tlb_start +
  13.127 +				dma_addr = iotlb_virt_start +
  13.128  					(index << IO_TLB_SHIFT);
  13.129  
  13.130  				/*
  13.131 @@ -268,13 +280,13 @@ map_single(struct device *hwdev, struct 
  13.132  				 * the next round.
  13.133  				 */
  13.134  				io_tlb_index = 
  13.135 -					((index + nslots) < io_tlb_nslabs
  13.136 +					((index + nslots) < iotlb_nslabs
  13.137  					 ? (index + nslots) : 0);
  13.138  
  13.139  				goto found;
  13.140  			}
  13.141  			index += stride;
  13.142 -			if (index >= io_tlb_nslabs)
  13.143 +			if (index >= iotlb_nslabs)
  13.144  				index = 0;
  13.145  		} while (index != wrap);
  13.146  
  13.147 @@ -304,7 +316,7 @@ unmap_single(struct device *hwdev, char 
  13.148  {
  13.149  	unsigned long flags;
  13.150  	int i, count, nslots = ALIGN(size, 1 << IO_TLB_SHIFT) >> IO_TLB_SHIFT;
  13.151 -	int index = (dma_addr - io_tlb_start) >> IO_TLB_SHIFT;
  13.152 +	int index = (dma_addr - iotlb_virt_start) >> IO_TLB_SHIFT;
  13.153  	struct phys_addr buffer = io_tlb_orig_addr[index];
  13.154  
  13.155  	/*
  13.156 @@ -345,7 +357,7 @@ unmap_single(struct device *hwdev, char 
  13.157  static void
  13.158  sync_single(struct device *hwdev, char *dma_addr, size_t size, int dir)
  13.159  {
  13.160 -	int index = (dma_addr - io_tlb_start) >> IO_TLB_SHIFT;
  13.161 +	int index = (dma_addr - iotlb_virt_start) >> IO_TLB_SHIFT;
  13.162  	struct phys_addr buffer = io_tlb_orig_addr[index];
  13.163  	BUG_ON((dir != DMA_FROM_DEVICE) && (dir != DMA_TO_DEVICE));
  13.164  	__sync_single(buffer, dma_addr, size, dir);
  13.165 @@ -431,11 +443,9 @@ void
  13.166  swiotlb_unmap_single(struct device *hwdev, dma_addr_t dev_addr, size_t size,
  13.167  		     int dir)
  13.168  {
  13.169 -	char *dma_addr = bus_to_virt(dev_addr);
  13.170 -
  13.171  	BUG_ON(dir == DMA_NONE);
  13.172 -	if (dma_addr >= io_tlb_start && dma_addr < io_tlb_end)
  13.173 -		unmap_single(hwdev, dma_addr, size, dir);
  13.174 +	if ((dev_addr >= iotlb_bus_start) && (dev_addr < iotlb_bus_end))
  13.175 +		unmap_single(hwdev, bus_to_virt(dev_addr), size, dir);
  13.176  }
  13.177  
  13.178  /*
  13.179 @@ -452,22 +462,18 @@ void
  13.180  swiotlb_sync_single_for_cpu(struct device *hwdev, dma_addr_t dev_addr,
  13.181  			    size_t size, int dir)
  13.182  {
  13.183 -	char *dma_addr = bus_to_virt(dev_addr);
  13.184 -
  13.185  	BUG_ON(dir == DMA_NONE);
  13.186 -	if (dma_addr >= io_tlb_start && dma_addr < io_tlb_end)
  13.187 -		sync_single(hwdev, dma_addr, size, dir);
  13.188 +	if ((dev_addr >= iotlb_bus_start) && (dev_addr < iotlb_bus_end))
  13.189 +		sync_single(hwdev, bus_to_virt(dev_addr), size, dir);
  13.190  }
  13.191  
  13.192  void
  13.193  swiotlb_sync_single_for_device(struct device *hwdev, dma_addr_t dev_addr,
  13.194  			       size_t size, int dir)
  13.195  {
  13.196 -	char *dma_addr = bus_to_virt(dev_addr);
  13.197 -
  13.198  	BUG_ON(dir == DMA_NONE);
  13.199 -	if (dma_addr >= io_tlb_start && dma_addr < io_tlb_end)
  13.200 -		sync_single(hwdev, dma_addr, size, dir);
  13.201 +	if ((dev_addr >= iotlb_bus_start) && (dev_addr < iotlb_bus_end))
  13.202 +		sync_single(hwdev, bus_to_virt(dev_addr), size, dir);
  13.203  }
  13.204  
  13.205  /*
  13.206 @@ -603,11 +609,9 @@ void
  13.207  swiotlb_unmap_page(struct device *hwdev, dma_addr_t dma_address,
  13.208  		   size_t size, enum dma_data_direction direction)
  13.209  {
  13.210 -	char *dma_addr = bus_to_virt(dma_address);
  13.211 -
  13.212  	BUG_ON(direction == DMA_NONE);
  13.213 -	if (dma_addr >= io_tlb_start && dma_addr < io_tlb_end)
  13.214 -		unmap_single(hwdev, dma_addr, size, direction);
  13.215 +	if ((dma_address >= iotlb_bus_start) && (dma_address < iotlb_bus_end))
  13.216 +		unmap_single(hwdev, bus_to_virt(dma_address), size, direction);
  13.217  }
  13.218  
  13.219  int
    16.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/mm/hypervisor.c	Fri Aug 19 10:18:53 2005 +0000
    16.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/mm/hypervisor.c	Fri Aug 19 10:50:15 2005 +0000
    16.3 @@ -59,124 +59,124 @@
    16.4  #ifndef CONFIG_XEN_SHADOW_MODE
    16.5  void xen_l1_entry_update(pte_t *ptr, pte_t val)
    16.6  {
    16.7 -    mmu_update_t u;
    16.8 -    u.ptr = virt_to_machine(ptr);
    16.9 -    u.val = pte_val_ma(val);
   16.10 -    BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   16.11 +	mmu_update_t u;
   16.12 +	u.ptr = virt_to_machine(ptr);
   16.13 +	u.val = pte_val_ma(val);
   16.14 +	BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   16.15  }
   16.16  
   16.17  void xen_l2_entry_update(pmd_t *ptr, pmd_t val)
   16.18  {
   16.19 -    mmu_update_t u;
   16.20 -    u.ptr = virt_to_machine(ptr);
   16.21 -    u.val = pmd_val_ma(val);
   16.22 -    BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   16.23 +	mmu_update_t u;
   16.24 +	u.ptr = virt_to_machine(ptr);
   16.25 +	u.val = pmd_val_ma(val);
   16.26 +	BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   16.27  }
   16.28  
   16.29  #ifdef CONFIG_X86_PAE
   16.30  void xen_l3_entry_update(pud_t *ptr, pud_t val)
   16.31  {
   16.32 -    mmu_update_t u;
   16.33 -    u.ptr = virt_to_machine(ptr);
   16.34 -    u.val = pud_val_ma(val);
   16.35 -    BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   16.36 +	mmu_update_t u;
   16.37 +	u.ptr = virt_to_machine(ptr);
   16.38 +	u.val = pud_val_ma(val);
   16.39 +	BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   16.40  }
   16.41  #endif
   16.42  
   16.43  #ifdef CONFIG_X86_64
   16.44  void xen_l3_entry_update(pud_t *ptr, pud_t val)
   16.45  {
   16.46 -    mmu_update_t u;
   16.47 -    u.ptr = virt_to_machine(ptr);
   16.48 -    u.val = val.pud;
   16.49 -    BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   16.50 +	mmu_update_t u;
   16.51 +	u.ptr = virt_to_machine(ptr);
   16.52 +	u.val = val.pud;
   16.53 +	BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   16.54  }
   16.55  
   16.56  void xen_l4_entry_update(pgd_t *ptr, pgd_t val)
   16.57  {
   16.58 -    mmu_update_t u;
   16.59 -    u.ptr = virt_to_machine(ptr);
   16.60 -    u.val = val.pgd;
   16.61 -    BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   16.62 +	mmu_update_t u;
   16.63 +	u.ptr = virt_to_machine(ptr);
   16.64 +	u.val = val.pgd;
   16.65 +	BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   16.66  }
   16.67  #endif /* CONFIG_X86_64 */
   16.68  #endif /* CONFIG_XEN_SHADOW_MODE */
   16.69  
   16.70  void xen_machphys_update(unsigned long mfn, unsigned long pfn)
   16.71  {
   16.72 -    mmu_update_t u;
   16.73 -    u.ptr = (mfn << PAGE_SHIFT) | MMU_MACHPHYS_UPDATE;
   16.74 -    u.val = pfn;
   16.75 -    BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   16.76 +	mmu_update_t u;
   16.77 +	u.ptr = (mfn << PAGE_SHIFT) | MMU_MACHPHYS_UPDATE;
   16.78 +	u.val = pfn;
   16.79 +	BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0);
   16.80  }
   16.81  
   16.82  void xen_pt_switch(unsigned long ptr)
   16.83  {
   16.84 -    struct mmuext_op op;
   16.85 -    op.cmd = MMUEXT_NEW_BASEPTR;
   16.86 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
   16.87 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
   16.88 +	struct mmuext_op op;
   16.89 +	op.cmd = MMUEXT_NEW_BASEPTR;
   16.90 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
   16.91 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
   16.92  }
   16.93  
   16.94  void xen_new_user_pt(unsigned long ptr)
   16.95  {
   16.96 -    struct mmuext_op op;
   16.97 -    op.cmd = MMUEXT_NEW_USER_BASEPTR;
   16.98 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
   16.99 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.100 +	struct mmuext_op op;
  16.101 +	op.cmd = MMUEXT_NEW_USER_BASEPTR;
  16.102 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  16.103 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.104  }
  16.105  
  16.106  void xen_tlb_flush(void)
  16.107  {
  16.108 -    struct mmuext_op op;
  16.109 -    op.cmd = MMUEXT_TLB_FLUSH_LOCAL;
  16.110 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.111 +	struct mmuext_op op;
  16.112 +	op.cmd = MMUEXT_TLB_FLUSH_LOCAL;
  16.113 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.114  }
  16.115  
  16.116  void xen_invlpg(unsigned long ptr)
  16.117  {
  16.118 -    struct mmuext_op op;
  16.119 -    op.cmd = MMUEXT_INVLPG_LOCAL;
  16.120 -    op.linear_addr = ptr & PAGE_MASK;
  16.121 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.122 +	struct mmuext_op op;
  16.123 +	op.cmd = MMUEXT_INVLPG_LOCAL;
  16.124 +	op.linear_addr = ptr & PAGE_MASK;
  16.125 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.126  }
  16.127  
  16.128  #ifdef CONFIG_SMP
  16.129  
  16.130  void xen_tlb_flush_all(void)
  16.131  {
  16.132 -    struct mmuext_op op;
  16.133 -    op.cmd = MMUEXT_TLB_FLUSH_ALL;
  16.134 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.135 +	struct mmuext_op op;
  16.136 +	op.cmd = MMUEXT_TLB_FLUSH_ALL;
  16.137 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.138  }
  16.139  
  16.140  void xen_tlb_flush_mask(cpumask_t *mask)
  16.141  {
  16.142 -    struct mmuext_op op;
  16.143 -    if ( cpus_empty(*mask) )
  16.144 -        return;
  16.145 -    op.cmd = MMUEXT_TLB_FLUSH_MULTI;
  16.146 -    op.vcpumask = mask->bits;
  16.147 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.148 +	struct mmuext_op op;
  16.149 +	if ( cpus_empty(*mask) )
  16.150 +		return;
  16.151 +	op.cmd = MMUEXT_TLB_FLUSH_MULTI;
  16.152 +	op.vcpumask = mask->bits;
  16.153 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.154  }
  16.155  
  16.156  void xen_invlpg_all(unsigned long ptr)
  16.157  {
  16.158 -    struct mmuext_op op;
  16.159 -    op.cmd = MMUEXT_INVLPG_ALL;
  16.160 -    op.linear_addr = ptr & PAGE_MASK;
  16.161 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.162 +	struct mmuext_op op;
  16.163 +	op.cmd = MMUEXT_INVLPG_ALL;
  16.164 +	op.linear_addr = ptr & PAGE_MASK;
  16.165 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.166  }
  16.167  
  16.168  void xen_invlpg_mask(cpumask_t *mask, unsigned long ptr)
  16.169  {
  16.170 -    struct mmuext_op op;
  16.171 -    if ( cpus_empty(*mask) )
  16.172 -        return;
  16.173 -    op.cmd = MMUEXT_INVLPG_MULTI;
  16.174 -    op.vcpumask = mask->bits;
  16.175 -    op.linear_addr = ptr & PAGE_MASK;
  16.176 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.177 +	struct mmuext_op op;
  16.178 +	if ( cpus_empty(*mask) )
  16.179 +		return;
  16.180 +	op.cmd = MMUEXT_INVLPG_MULTI;
  16.181 +	op.vcpumask = mask->bits;
  16.182 +	op.linear_addr = ptr & PAGE_MASK;
  16.183 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.184  }
  16.185  
  16.186  #endif /* CONFIG_SMP */
  16.187 @@ -184,221 +184,281 @@ void xen_invlpg_mask(cpumask_t *mask, un
  16.188  #ifndef CONFIG_XEN_SHADOW_MODE
  16.189  void xen_pgd_pin(unsigned long ptr)
  16.190  {
  16.191 -    struct mmuext_op op;
  16.192 +	struct mmuext_op op;
  16.193  #ifdef CONFIG_X86_64
  16.194 -    op.cmd = MMUEXT_PIN_L4_TABLE;
  16.195 +	op.cmd = MMUEXT_PIN_L4_TABLE;
  16.196  #elif defined(CONFIG_X86_PAE)
  16.197 -    op.cmd = MMUEXT_PIN_L3_TABLE;
  16.198 +	op.cmd = MMUEXT_PIN_L3_TABLE;
  16.199  #else
  16.200 -    op.cmd = MMUEXT_PIN_L2_TABLE;
  16.201 +	op.cmd = MMUEXT_PIN_L2_TABLE;
  16.202  #endif
  16.203 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  16.204 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.205 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  16.206 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.207  }
  16.208  
  16.209  void xen_pgd_unpin(unsigned long ptr)
  16.210  {
  16.211 -    struct mmuext_op op;
  16.212 -    op.cmd = MMUEXT_UNPIN_TABLE;
  16.213 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  16.214 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.215 +	struct mmuext_op op;
  16.216 +	op.cmd = MMUEXT_UNPIN_TABLE;
  16.217 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  16.218 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.219  }
  16.220  
  16.221  void xen_pte_pin(unsigned long ptr)
  16.222  {
  16.223 -    struct mmuext_op op;
  16.224 -    op.cmd = MMUEXT_PIN_L1_TABLE;
  16.225 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  16.226 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.227 +	struct mmuext_op op;
  16.228 +	op.cmd = MMUEXT_PIN_L1_TABLE;
  16.229 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  16.230 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.231  }
  16.232  
  16.233  void xen_pte_unpin(unsigned long ptr)
  16.234  {
  16.235 -    struct mmuext_op op;
  16.236 -    op.cmd = MMUEXT_UNPIN_TABLE;
  16.237 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  16.238 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.239 +	struct mmuext_op op;
  16.240 +	op.cmd = MMUEXT_UNPIN_TABLE;
  16.241 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  16.242 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.243  }
  16.244  
  16.245  #ifdef CONFIG_X86_64
  16.246  void xen_pud_pin(unsigned long ptr)
  16.247  {
  16.248 -    struct mmuext_op op;
  16.249 -    op.cmd = MMUEXT_PIN_L3_TABLE;
  16.250 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  16.251 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.252 +	struct mmuext_op op;
  16.253 +	op.cmd = MMUEXT_PIN_L3_TABLE;
  16.254 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  16.255 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.256  }
  16.257  
  16.258  void xen_pud_unpin(unsigned long ptr)
  16.259  {
  16.260 -    struct mmuext_op op;
  16.261 -    op.cmd = MMUEXT_UNPIN_TABLE;
  16.262 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  16.263 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.264 +	struct mmuext_op op;
  16.265 +	op.cmd = MMUEXT_UNPIN_TABLE;
  16.266 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  16.267 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.268  }
  16.269  
  16.270  void xen_pmd_pin(unsigned long ptr)
  16.271  {
  16.272 -    struct mmuext_op op;
  16.273 -    op.cmd = MMUEXT_PIN_L2_TABLE;
  16.274 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  16.275 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.276 +	struct mmuext_op op;
  16.277 +	op.cmd = MMUEXT_PIN_L2_TABLE;
  16.278 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  16.279 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.280  }
  16.281  
  16.282  void xen_pmd_unpin(unsigned long ptr)
  16.283  {
  16.284 -    struct mmuext_op op;
  16.285 -    op.cmd = MMUEXT_UNPIN_TABLE;
  16.286 -    op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  16.287 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.288 +	struct mmuext_op op;
  16.289 +	op.cmd = MMUEXT_UNPIN_TABLE;
  16.290 +	op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT);
  16.291 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.292  }
  16.293  #endif /* CONFIG_X86_64 */
  16.294  #endif /* CONFIG_XEN_SHADOW_MODE */
  16.295  
  16.296  void xen_set_ldt(unsigned long ptr, unsigned long len)
  16.297  {
  16.298 -    struct mmuext_op op;
  16.299 -    op.cmd = MMUEXT_SET_LDT;
  16.300 -    op.linear_addr = ptr;
  16.301 -    op.nr_ents = len;
  16.302 -    BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.303 +	struct mmuext_op op;
  16.304 +	op.cmd = MMUEXT_SET_LDT;
  16.305 +	op.linear_addr = ptr;
  16.306 +	op.nr_ents = len;
  16.307 +	BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0);
  16.308 +}
  16.309 +
  16.310 +/*
  16.311 + * Bitmap is indexed by page number. If bit is set, the page is part of a
  16.312 + * xen_create_contiguous_region() area of memory.
  16.313 + */
  16.314 +unsigned long *contiguous_bitmap;
  16.315 +
  16.316 +static void contiguous_bitmap_set(
  16.317 +	unsigned long first_page, unsigned long nr_pages)
  16.318 +{
  16.319 +	unsigned long start_off, end_off, curr_idx, end_idx;
  16.320 +
  16.321 +	curr_idx  = first_page / BITS_PER_LONG;
  16.322 +	start_off = first_page & (BITS_PER_LONG-1);
  16.323 +	end_idx   = (first_page + nr_pages) / BITS_PER_LONG;
  16.324 +	end_off   = (first_page + nr_pages) & (BITS_PER_LONG-1);
  16.325 +
  16.326 +	if (curr_idx == end_idx) {
  16.327 +		contiguous_bitmap[curr_idx] |=
  16.328 +			((1UL<<end_off)-1) & -(1UL<<start_off);
  16.329 +	} else {
  16.330 +		contiguous_bitmap[curr_idx] |= -(1UL<<start_off);
  16.331 +		while ( ++curr_idx < end_idx )
  16.332 +			contiguous_bitmap[curr_idx] = ~0UL;
  16.333 +		contiguous_bitmap[curr_idx] |= (1UL<<end_off)-1;
  16.334 +	}
  16.335 +}
  16.336 +
  16.337 +static void contiguous_bitmap_clear(
  16.338 +	unsigned long first_page, unsigned long nr_pages)
  16.339 +{
  16.340 +	unsigned long start_off, end_off, curr_idx, end_idx;
  16.341 +
  16.342 +	curr_idx  = first_page / BITS_PER_LONG;
  16.343 +	start_off = first_page & (BITS_PER_LONG-1);
  16.344 +	end_idx   = (first_page + nr_pages) / BITS_PER_LONG;
  16.345 +	end_off   = (first_page + nr_pages) & (BITS_PER_LONG-1);
  16.346 +
  16.347 +	if (curr_idx == end_idx) {
  16.348 +		contiguous_bitmap[curr_idx] &=
  16.349 +			-(1UL<<end_off) | ((1UL<<start_off)-1);
  16.350 +	} else {
  16.351 +		contiguous_bitmap[curr_idx] &= (1UL<<start_off)-1;
  16.352 +		while ( ++curr_idx != end_idx )
  16.353 +			contiguous_bitmap[curr_idx] = 0;
  16.354 +		contiguous_bitmap[curr_idx] &= -(1UL<<end_off);
  16.355 +	}
  16.356  }
  16.357  
  16.358  /* Ensure multi-page extents are contiguous in machine memory. */
  16.359  void xen_create_contiguous_region(unsigned long vstart, unsigned int order)
  16.360  {
  16.361 -    pgd_t         *pgd; 
  16.362 -    pud_t         *pud; 
  16.363 -    pmd_t         *pmd;
  16.364 -    pte_t         *pte;
  16.365 -    unsigned long  mfn, i, flags;
  16.366 +	pgd_t         *pgd; 
  16.367 +	pud_t         *pud; 
  16.368 +	pmd_t         *pmd;
  16.369 +	pte_t         *pte;
  16.370 +	unsigned long  mfn, i, flags;
  16.371  
  16.372 -    scrub_pages(vstart, 1 << order);
  16.373 +	scrub_pages(vstart, 1 << order);
  16.374  
  16.375 -    balloon_lock(flags);
  16.376 +	balloon_lock(flags);
  16.377  
  16.378 -    /* 1. Zap current PTEs, giving away the underlying pages. */
  16.379 -    for (i = 0; i < (1<<order); i++) {
  16.380 -        pgd = pgd_offset_k(vstart + (i*PAGE_SIZE));
  16.381 -        pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE)));
  16.382 -        pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE)));
  16.383 -        pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE)));
  16.384 -        mfn = pte_mfn(*pte);
  16.385 -        BUG_ON(HYPERVISOR_update_va_mapping(
  16.386 -            vstart + (i*PAGE_SIZE), __pte_ma(0), 0));
  16.387 -        phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] =
  16.388 -            INVALID_P2M_ENTRY;
  16.389 -        BUG_ON(HYPERVISOR_dom_mem_op(
  16.390 -            MEMOP_decrease_reservation, &mfn, 1, 0) != 1);
  16.391 -    }
  16.392 +	/* 1. Zap current PTEs, giving away the underlying pages. */
  16.393 +	for (i = 0; i < (1<<order); i++) {
  16.394 +		pgd = pgd_offset_k(vstart + (i*PAGE_SIZE));
  16.395 +		pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE)));
  16.396 +		pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE)));
  16.397 +		pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE)));
  16.398 +		mfn = pte_mfn(*pte);
  16.399 +		BUG_ON(HYPERVISOR_update_va_mapping(
  16.400 +			vstart + (i*PAGE_SIZE), __pte_ma(0), 0));
  16.401 +		phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] =
  16.402 +			INVALID_P2M_ENTRY;
  16.403 +		BUG_ON(HYPERVISOR_dom_mem_op(
  16.404 +			MEMOP_decrease_reservation, &mfn, 1, 0) != 1);
  16.405 +	}
  16.406  
  16.407 -    /* 2. Get a new contiguous memory extent. */
  16.408 -    BUG_ON(HYPERVISOR_dom_mem_op(
  16.409 -	       MEMOP_increase_reservation, &mfn, 1, order | (32<<8)) != 1);
  16.410 +	/* 2. Get a new contiguous memory extent. */
  16.411 +	BUG_ON(HYPERVISOR_dom_mem_op(
  16.412 +		MEMOP_increase_reservation, &mfn, 1, order | (32<<8)) != 1);
  16.413  
  16.414 -    /* 3. Map the new extent in place of old pages. */
  16.415 -    for (i = 0; i < (1<<order); i++) {
  16.416 -        BUG_ON(HYPERVISOR_update_va_mapping(
  16.417 -            vstart + (i*PAGE_SIZE),
  16.418 -            __pte_ma(((mfn+i)<<PAGE_SHIFT)|__PAGE_KERNEL), 0));
  16.419 -        xen_machphys_update(mfn+i, (__pa(vstart)>>PAGE_SHIFT)+i);
  16.420 -        phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = mfn+i;
  16.421 -    }
  16.422 +	/* 3. Map the new extent in place of old pages. */
  16.423 +	for (i = 0; i < (1<<order); i++) {
  16.424 +		BUG_ON(HYPERVISOR_update_va_mapping(
  16.425 +			vstart + (i*PAGE_SIZE),
  16.426 +			pfn_pte_ma(mfn+i, PAGE_KERNEL), 0));
  16.427 +		xen_machphys_update(mfn+i, (__pa(vstart)>>PAGE_SHIFT)+i);
  16.428 +		phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = mfn+i;
  16.429 +	}
  16.430  
  16.431 -    flush_tlb_all();
  16.432 +	flush_tlb_all();
  16.433  
  16.434 -    balloon_unlock(flags);
  16.435 +	contiguous_bitmap_set(__pa(vstart) >> PAGE_SHIFT, 1UL << order);
  16.436 +
  16.437 +	balloon_unlock(flags);
  16.438  }
  16.439  
  16.440  void xen_destroy_contiguous_region(unsigned long vstart, unsigned int order)
  16.441  {
  16.442 -    pgd_t         *pgd; 
  16.443 -    pud_t         *pud; 
  16.444 -    pmd_t         *pmd;
  16.445 -    pte_t         *pte;
  16.446 -    unsigned long  mfn, i, flags;
  16.447 +	pgd_t         *pgd; 
  16.448 +	pud_t         *pud; 
  16.449 +	pmd_t         *pmd;
  16.450 +	pte_t         *pte;
  16.451 +	unsigned long  mfn, i, flags;
  16.452  
  16.453 -    scrub_pages(vstart, 1 << order);
  16.454 +	scrub_pages(vstart, 1 << order);
  16.455  
  16.456 -    balloon_lock(flags);
  16.457 +	balloon_lock(flags);
  16.458 +
  16.459 +	contiguous_bitmap_clear(__pa(vstart) >> PAGE_SHIFT, 1UL << order);
  16.460  
  16.461 -    /* 1. Zap current PTEs, giving away the underlying pages. */
  16.462 -    for (i = 0; i < (1<<order); i++) {
  16.463 -        pgd = pgd_offset_k(vstart + (i*PAGE_SIZE));
  16.464 -        pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE)));
  16.465 -        pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE)));
  16.466 -        pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE)));
  16.467 -        mfn = pte_mfn(*pte);
  16.468 -        BUG_ON(HYPERVISOR_update_va_mapping(
  16.469 -            vstart + (i*PAGE_SIZE), __pte_ma(0), 0));
  16.470 -        phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] =
  16.471 -            INVALID_P2M_ENTRY;
  16.472 -        BUG_ON(HYPERVISOR_dom_mem_op(
  16.473 -            MEMOP_decrease_reservation, &mfn, 1, 0) != 1);
  16.474 -    }
  16.475 +	/* 1. Zap current PTEs, giving away the underlying pages. */
  16.476 +	for (i = 0; i < (1<<order); i++) {
  16.477 +		pgd = pgd_offset_k(vstart + (i*PAGE_SIZE));
  16.478 +		pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE)));
  16.479 +		pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE)));
  16.480 +		pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE)));
  16.481 +		mfn = pte_mfn(*pte);
  16.482 +		BUG_ON(HYPERVISOR_update_va_mapping(
  16.483 +			vstart + (i*PAGE_SIZE), __pte_ma(0), 0));
  16.484 +		phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] =
  16.485 +			INVALID_P2M_ENTRY;
  16.486 +		BUG_ON(HYPERVISOR_dom_mem_op(
  16.487 +			MEMOP_decrease_reservation, &mfn, 1, 0) != 1);
  16.488 +	}
  16.489  
  16.490 -    /* 2. Map new pages in place of old pages. */
  16.491 -    for (i = 0; i < (1<<order); i++) {
  16.492 -        BUG_ON(HYPERVISOR_dom_mem_op(
  16.493 -            MEMOP_increase_reservation, &mfn, 1, 0) != 1);
  16.494 -        BUG_ON(HYPERVISOR_update_va_mapping(
  16.495 -            vstart + (i*PAGE_SIZE),
  16.496 -            __pte_ma((mfn<<PAGE_SHIFT)|__PAGE_KERNEL), 0));
  16.497 -        xen_machphys_update(mfn, (__pa(vstart)>>PAGE_SHIFT)+i);
  16.498 -        phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = mfn;
  16.499 -    }
  16.500 +	/* 2. Map new pages in place of old pages. */
  16.501 +	for (i = 0; i < (1<<order); i++) {
  16.502 +		BUG_ON(HYPERVISOR_dom_mem_op(
  16.503 +			MEMOP_increase_reservation, &mfn, 1, 0) != 1);
  16.504 +		BUG_ON(HYPERVISOR_update_va_mapping(
  16.505 +			vstart + (i*PAGE_SIZE),
  16.506 +			pfn_pte_ma(mfn, PAGE_KERNEL), 0));
  16.507 +		xen_machphys_update(mfn, (__pa(vstart)>>PAGE_SHIFT)+i);
  16.508 +		phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = mfn;
  16.509 +	}
  16.510  
  16.511 -    flush_tlb_all();
  16.512 +	flush_tlb_all();
  16.513  
  16.514 -    balloon_unlock(flags);
  16.515 +	balloon_unlock(flags);
  16.516  }
  16.517  
  16.518  
  16.519  unsigned long allocate_empty_lowmem_region(unsigned long pages)
  16.520  {
  16.521 -    pgd_t         *pgd;
  16.522 -    pud_t         *pud; 
  16.523 -    pmd_t         *pmd;
  16.524 -    pte_t         *pte;
  16.525 -    unsigned long *pfn_array;
  16.526 -    unsigned long  vstart;
  16.527 -    unsigned long  i;
  16.528 -    unsigned int   order = get_order(pages*PAGE_SIZE);
  16.529 +	pgd_t         *pgd;
  16.530 +	pud_t         *pud; 
  16.531 +	pmd_t         *pmd;
  16.532 +	pte_t         *pte;
  16.533 +	unsigned long *pfn_array;
  16.534 +	unsigned long  vstart;
  16.535 +	unsigned long  i;
  16.536 +	unsigned int   order = get_order(pages*PAGE_SIZE);
  16.537  
  16.538 -    vstart = __get_free_pages(GFP_KERNEL, order);
  16.539 -    if ( vstart == 0 )
  16.540 -        return 0UL;
  16.541 +	vstart = __get_free_pages(GFP_KERNEL, order);
  16.542 +	if (vstart == 0)
  16.543 +		return 0UL;
  16.544  
  16.545 -    scrub_pages(vstart, 1 << order);
  16.546 +	scrub_pages(vstart, 1 << order);
  16.547  
  16.548 -    pfn_array = vmalloc((1<<order) * sizeof(*pfn_array));
  16.549 -    if ( pfn_array == NULL )
  16.550 -        BUG();
  16.551 +	pfn_array = vmalloc((1<<order) * sizeof(*pfn_array));
  16.552 +	BUG_ON(pfn_array == NULL);
  16.553  
  16.554 -    for ( i = 0; i < (1<<order); i++ )
  16.555 -    {
  16.556 -        pgd = pgd_offset_k(   (vstart + (i*PAGE_SIZE)));
  16.557 -        pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE)));
  16.558 -        pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE)));
  16.559 -        pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE))); 
  16.560 -        pfn_array[i] = pte_mfn(*pte);
  16.561 +	for (i = 0; i < (1<<order); i++) {
  16.562 +		pgd = pgd_offset_k(   (vstart + (i*PAGE_SIZE)));
  16.563 +		pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE)));
  16.564 +		pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE)));
  16.565 +		pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE))); 
  16.566 +		pfn_array[i] = pte_mfn(*pte);
  16.567  #ifdef CONFIG_X86_64
  16.568 -        xen_l1_entry_update(pte, __pte(0));
  16.569 +		xen_l1_entry_update(pte, __pte(0));
  16.570  #else
  16.571 -        BUG_ON(HYPERVISOR_update_va_mapping(vstart + (i*PAGE_SIZE), 
  16.572 -					    __pte_ma(0), 0));
  16.573 +		BUG_ON(HYPERVISOR_update_va_mapping(vstart + (i*PAGE_SIZE), 
  16.574 +						    __pte_ma(0), 0));
  16.575  #endif
  16.576 -        phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] =
  16.577 -            INVALID_P2M_ENTRY;
  16.578 -    }
  16.579 +		phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] =
  16.580 +			INVALID_P2M_ENTRY;
  16.581 +	}
  16.582  
  16.583 -    flush_tlb_all();
  16.584 +	flush_tlb_all();
  16.585  
  16.586 -    balloon_put_pages(pfn_array, 1 << order);
  16.587 +	balloon_put_pages(pfn_array, 1 << order);
  16.588  
  16.589 -    vfree(pfn_array);
  16.590 +	vfree(pfn_array);
  16.591  
  16.592 -    return vstart;
  16.593 +	return vstart;
  16.594  }
  16.595  
  16.596  EXPORT_SYMBOL(allocate_empty_lowmem_region);
  16.597 +
  16.598 +/*
  16.599 + * Local variables:
  16.600 + *  c-file-style: "linux"
  16.601 + *  indent-tabs-mode: t
  16.602 + *  c-indent-level: 8
  16.603 + *  c-basic-offset: 8
  16.604 + *  tab-width: 8
  16.605 + * End:
  16.606 + */
    17.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/mm/init.c	Fri Aug 19 10:18:53 2005 +0000
    17.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/mm/init.c	Fri Aug 19 10:50:15 2005 +0000
    17.3 @@ -41,6 +41,8 @@
    17.4  #include <asm/sections.h>
    17.5  #include <asm-xen/hypervisor.h>
    17.6  
    17.7 +extern unsigned long *contiguous_bitmap;
    17.8 +
    17.9  #if defined(CONFIG_SWIOTLB)
   17.10  extern void swiotlb_init(void);
   17.11  int swiotlb;
   17.12 @@ -637,6 +639,11 @@ void __init mem_init(void)
   17.13  	int bad_ppro;
   17.14  	unsigned long pfn;
   17.15  
   17.16 +	contiguous_bitmap = alloc_bootmem_low_pages(
   17.17 +		(max_low_pfn + 2*BITS_PER_LONG) >> 3);
   17.18 +	BUG_ON(!contiguous_bitmap);
   17.19 +	memset(contiguous_bitmap, 0, (max_low_pfn + 2*BITS_PER_LONG) >> 3);
   17.20 +
   17.21  #if defined(CONFIG_SWIOTLB)
   17.22  	swiotlb_init();	
   17.23  #endif
    18.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/mm/ioremap.c	Fri Aug 19 10:18:53 2005 +0000
    18.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/mm/ioremap.c	Fri Aug 19 10:50:15 2005 +0000
    18.3 @@ -300,17 +300,17 @@ void __init bt_iounmap(void *addr, unsig
    18.4  
    18.5  
    18.6  static int direct_remap_area_pte_fn(pte_t *pte, 
    18.7 -                                    struct page *pte_page,
    18.8 -                                    unsigned long address, 
    18.9 -                                    void *data)
   18.10 +				    struct page *pte_page,
   18.11 +				    unsigned long address, 
   18.12 +				    void *data)
   18.13  {
   18.14 -        mmu_update_t **v = (mmu_update_t **)data;
   18.15 +	mmu_update_t **v = (mmu_update_t **)data;
   18.16  
   18.17 -        (*v)->ptr = (pfn_to_mfn(page_to_pfn(pte_page)) << PAGE_SHIFT)
   18.18 -                    | ((unsigned long)pte & ~PAGE_MASK);
   18.19 -        (*v)++;
   18.20 +	(*v)->ptr = ((physaddr_t)pfn_to_mfn(page_to_pfn(pte_page)) <<
   18.21 +		     PAGE_SHIFT) | ((unsigned long)pte & ~PAGE_MASK);
   18.22 +	(*v)++;
   18.23  
   18.24 -        return 0;
   18.25 +	return 0;
   18.26  }
   18.27  
   18.28  int direct_remap_area_pages(struct mm_struct *mm,
   18.29 @@ -397,6 +397,16 @@ int touch_pte_range(struct mm_struct *mm
   18.30  	}
   18.31  
   18.32  	return generic_page_range(mm, address, size, f, NULL);
   18.33 -}                 
   18.34 +} 
   18.35  
   18.36  EXPORT_SYMBOL(touch_pte_range);
   18.37 +
   18.38 +/*
   18.39 + * Local variables:
   18.40 + *  c-file-style: "linux"
   18.41 + *  indent-tabs-mode: t
   18.42 + *  c-indent-level: 8
   18.43 + *  c-basic-offset: 8
   18.44 + *  tab-width: 8
   18.45 + * End:
   18.46 + */
    19.1 --- a/linux-2.6-xen-sparse/arch/xen/kernel/evtchn.c	Fri Aug 19 10:18:53 2005 +0000
    19.2 +++ b/linux-2.6-xen-sparse/arch/xen/kernel/evtchn.c	Fri Aug 19 10:50:15 2005 +0000
    19.3 @@ -124,8 +124,6 @@ extern asmlinkage unsigned int do_IRQ(st
    19.4  
    19.5  #define VALID_EVTCHN(_chn) ((_chn) >= 0)
    19.6  
    19.7 -unsigned uber_debug;
    19.8 -
    19.9  /*
   19.10   * Force a proper event-channel callback from Xen after clearing the
   19.11   * callback mask. We do this in a very simple manner, by making a call
   19.12 @@ -160,11 +158,7 @@ asmlinkage void evtchn_do_upcall(struct 
   19.13              l2 &= ~(1 << l2i);
   19.14              
   19.15              port = (l1i << 5) + l2i;
   19.16 -	    if (uber_debug && cpu)
   19.17 -		printk("<0>Upcall to %d on %d.\n", port, cpu);
   19.18              if ( (irq = evtchn_to_irq[port]) != -1 ) {
   19.19 -		if (uber_debug && cpu)
   19.20 -		    printk("<0>IRQ %d.\n", irq);
   19.21                  do_IRQ(irq, regs);
   19.22  	    } else
   19.23                  evtchn_device_upcall(port);
    21.1 --- a/linux-2.6-xen-sparse/arch/xen/kernel/skbuff.c	Fri Aug 19 10:18:53 2005 +0000
    21.2 +++ b/linux-2.6-xen-sparse/arch/xen/kernel/skbuff.c	Fri Aug 19 10:50:15 2005 +0000
    21.3 @@ -5,8 +5,6 @@
    21.4  #include <linux/kernel.h>
    21.5  #include <linux/sched.h>
    21.6  #include <linux/slab.h>
    21.7 -#include <linux/string.h>
    21.8 -#include <linux/errno.h>
    21.9  #include <linux/netdevice.h>
   21.10  #include <linux/inetdevice.h>
   21.11  #include <linux/etherdevice.h>
   21.12 @@ -14,34 +12,86 @@
   21.13  #include <linux/init.h>
   21.14  #include <asm/io.h>
   21.15  #include <asm/page.h>
   21.16 -
   21.17 -EXPORT_SYMBOL(__dev_alloc_skb);
   21.18 +#include <asm-xen/hypervisor.h>
   21.19  
   21.20  /* Referenced in netback.c. */
   21.21  /*static*/ kmem_cache_t *skbuff_cachep;
   21.22  
   21.23 -/* Size must be cacheline-aligned (alloc_skb uses SKB_DATA_ALIGN). */
   21.24 -#define XEN_SKB_SIZE \
   21.25 -    ((PAGE_SIZE - sizeof(struct skb_shared_info)) & ~(SMP_CACHE_BYTES - 1))
   21.26 +#define MAX_SKBUFF_ORDER 2
   21.27 +static kmem_cache_t *skbuff_order_cachep[MAX_SKBUFF_ORDER + 1];
   21.28  
   21.29  struct sk_buff *__dev_alloc_skb(unsigned int length, int gfp_mask)
   21.30  {
   21.31 -    struct sk_buff *skb;
   21.32 -    skb = alloc_skb_from_cache(skbuff_cachep, length + 16, gfp_mask);
   21.33 -    if ( likely(skb != NULL) )
   21.34 -        skb_reserve(skb, 16);
   21.35 -    return skb;
   21.36 +	struct sk_buff *skb;
   21.37 +	int order;
   21.38 +
   21.39 +	length = SKB_DATA_ALIGN(length + 16);
   21.40 +	order = get_order(length + sizeof(struct skb_shared_info));
   21.41 +	if (order > MAX_SKBUFF_ORDER) {
   21.42 +		printk(KERN_ALERT "Attempt to allocate order %d skbuff. "
   21.43 +		       "Increase MAX_SKBUFF_ORDER.\n", order);
   21.44 +		return NULL;
   21.45 +	}
   21.46 +
   21.47 +	skb = alloc_skb_from_cache(
   21.48 +		skbuff_order_cachep[order], length, gfp_mask);
   21.49 +	if (skb != NULL)
   21.50 +		skb_reserve(skb, 16);
   21.51 +
   21.52 +	return skb;
   21.53  }
   21.54  
   21.55  static void skbuff_ctor(void *buf, kmem_cache_t *cachep, unsigned long unused)
   21.56  {
   21.57 -    scrub_pages(buf, 1);
   21.58 +	int order = 0;
   21.59 +
   21.60 +	while (skbuff_order_cachep[order] != cachep)
   21.61 +		order++;
   21.62 +
   21.63 +	if (order != 0)
   21.64 +		xen_create_contiguous_region((unsigned long)buf, order);
   21.65 +
   21.66 +	scrub_pages(buf, 1 << order);
   21.67 +}
   21.68 +
   21.69 +static void skbuff_dtor(void *buf, kmem_cache_t *cachep, unsigned long unused)
   21.70 +{
   21.71 +	int order = 0;
   21.72 +
   21.73 +	while (skbuff_order_cachep[order] != cachep)
   21.74 +		order++;
   21.75 +
   21.76 +	if (order != 0)
   21.77 +		xen_destroy_contiguous_region((unsigned long)buf, order);
   21.78  }
   21.79  
   21.80  static int __init skbuff_init(void)
   21.81  {
   21.82 -    skbuff_cachep = kmem_cache_create(
   21.83 -        "xen-skb", PAGE_SIZE, PAGE_SIZE, 0, skbuff_ctor, NULL);
   21.84 -    return 0;
   21.85 +	static char name[MAX_SKBUFF_ORDER + 1][20];
   21.86 +	unsigned long size;
   21.87 +	int order;
   21.88 +
   21.89 +	for (order = 0; order <= MAX_SKBUFF_ORDER; order++) {
   21.90 +		size = PAGE_SIZE << order;
   21.91 +		sprintf(name[order], "xen-skb-%lu", size);
   21.92 +		skbuff_order_cachep[order] = kmem_cache_create(
   21.93 +			name[order], size, size, 0, skbuff_ctor, skbuff_dtor);
   21.94 +	}
   21.95 +
   21.96 +	skbuff_cachep = skbuff_order_cachep[0];
   21.97 +
   21.98 +	return 0;
   21.99  }
  21.100  __initcall(skbuff_init);
  21.101 +
  21.102 +EXPORT_SYMBOL(__dev_alloc_skb);
  21.103 +
  21.104 +/*
  21.105 + * Local variables:
  21.106 + *  c-file-style: "linux"
  21.107 + *  indent-tabs-mode: t
  21.108 + *  c-indent-level: 8
  21.109 + *  c-basic-offset: 8
  21.110 + *  tab-width: 8
  21.111 + * End:
  21.112 + */
    22.1 --- a/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup.c	Fri Aug 19 10:18:53 2005 +0000
    22.2 +++ b/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup.c	Fri Aug 19 10:50:15 2005 +0000
    22.3 @@ -426,16 +426,10 @@ static __init void parse_cmdline_early (
    22.4  #ifdef CONFIG_XEN
    22.5  static void __init contig_initmem_init(void)
    22.6  {
    22.7 -        unsigned long bootmap_size, bootmap; 
    22.8 -
    22.9 -        bootmap_size = bootmem_bootmap_pages(end_pfn)<<PAGE_SHIFT;
   22.10 -        bootmap = start_pfn;
   22.11 -        bootmap_size = init_bootmem(bootmap, end_pfn);
   22.12 -        reserve_bootmem(bootmap, bootmap_size);
   22.13 -        
   22.14 -        free_bootmem(start_pfn << PAGE_SHIFT, (end_pfn - start_pfn) << PAGE_SHIFT);   
   22.15 -        reserve_bootmem(0, (PFN_PHYS(start_pfn) +
   22.16 -                            bootmap_size + PAGE_SIZE-1));
   22.17 +        unsigned long bootmap_size = init_bootmem(start_pfn, end_pfn);
   22.18 +        free_bootmem(0, end_pfn << PAGE_SHIFT);   
   22.19 +        /* XXX KAF: Why can't we leave low 1MB of memory free? */
   22.20 +        reserve_bootmem(0, (PFN_PHYS(start_pfn) + bootmap_size + PAGE_SIZE-1));
   22.21  }
   22.22  #else
   22.23  static void __init contig_initmem_init(void)
    23.1 --- a/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup64.c	Fri Aug 19 10:18:53 2005 +0000
    23.2 +++ b/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup64.c	Fri Aug 19 10:50:15 2005 +0000
    23.3 @@ -280,19 +280,16 @@ void __init cpu_init (void)
    23.4  	if (cpu) {
    23.5  		memcpy(cpu_gdt_table[cpu], cpu_gdt_table[0], GDT_SIZE);
    23.6  	}	
    23.7 -#endif
    23.8  
    23.9  	cpu_gdt_descr[cpu].size = GDT_SIZE;
   23.10  	cpu_gdt_descr[cpu].address = (unsigned long)cpu_gdt_table[cpu];
   23.11  
   23.12 -        cpu_gdt_init(&cpu_gdt_descr[cpu]);
   23.13 -
   23.14 -#ifndef CONFIG_XEN 
   23.15  	memcpy(me->thread.tls_array, cpu_gdt_table[cpu], GDT_ENTRY_TLS_ENTRIES * 8);
   23.16 -
   23.17  #else
   23.18   	memcpy(me->thread.tls_array, &get_cpu_gdt_table(cpu)[GDT_ENTRY_TLS_MIN],
   23.19  	    GDT_ENTRY_TLS_ENTRIES * 8);
   23.20 +
   23.21 +    cpu_gdt_init(&cpu_gdt_descr[cpu]);
   23.22  #endif
   23.23         
   23.24  	/*
    24.1 --- a/linux-2.6-xen-sparse/arch/xen/x86_64/mm/fault.c	Fri Aug 19 10:18:53 2005 +0000
    24.2 +++ b/linux-2.6-xen-sparse/arch/xen/x86_64/mm/fault.c	Fri Aug 19 10:50:15 2005 +0000
    24.3 @@ -250,7 +250,11 @@ static int vmalloc_fault(unsigned long a
    24.4  	   happen within a race in page table update. In the later
    24.5  	   case just flush. */
    24.6  
    24.7 -	pgd = pgd_offset(current->mm ?: &init_mm, address);
    24.8 +	/* On Xen the line below does not always work. Needs investigating! */
    24.9 +	/*pgd = pgd_offset(current->mm ?: &init_mm, address);*/
   24.10 +	pgd = (pgd_t *)per_cpu(cur_pgd, smp_processor_id());
   24.11 +	pgd += pgd_index(address);
   24.12 +
   24.13  	pgd_ref = pgd_offset_k(address);
   24.14  	if (pgd_none(*pgd_ref))
   24.15  		return -1;
    25.1 --- a/linux-2.6-xen-sparse/arch/xen/x86_64/mm/init.c	Fri Aug 19 10:18:53 2005 +0000
    25.2 +++ b/linux-2.6-xen-sparse/arch/xen/x86_64/mm/init.c	Fri Aug 19 10:50:15 2005 +0000
    25.3 @@ -40,6 +40,12 @@
    25.4  #include <asm/proto.h>
    25.5  #include <asm/smp.h>
    25.6  
    25.7 +extern unsigned long *contiguous_bitmap;
    25.8 +
    25.9 +#if defined(CONFIG_SWIOTLB)
   25.10 +extern void swiotlb_init(void);
   25.11 +#endif
   25.12 +
   25.13  #ifndef Dprintk
   25.14  #define Dprintk(x...)
   25.15  #endif
   25.16 @@ -794,8 +800,12 @@ void __init mem_init(void)
   25.17  	int codesize, reservedpages, datasize, initsize;
   25.18  	int tmp;
   25.19  
   25.20 +	contiguous_bitmap = alloc_bootmem_low_pages(
   25.21 +		(end_pfn + 2*BITS_PER_LONG) >> 3);
   25.22 +	BUG_ON(!contiguous_bitmap);
   25.23 +	memset(contiguous_bitmap, 0, (end_pfn + 2*BITS_PER_LONG) >> 3);
   25.24 +
   25.25  #if defined(CONFIG_SWIOTLB)
   25.26 -	extern void swiotlb_init(void);
   25.27  	swiotlb_init();	
   25.28  #endif
   25.29  
    26.1 --- a/linux-2.6-xen-sparse/drivers/xen/balloon/balloon.c	Fri Aug 19 10:18:53 2005 +0000
    26.2 +++ b/linux-2.6-xen-sparse/drivers/xen/balloon/balloon.c	Fri Aug 19 10:50:15 2005 +0000
    26.3 @@ -213,9 +213,7 @@ static void balloon_process(void *unused
    26.4              {
    26.5                  BUG_ON(HYPERVISOR_update_va_mapping(
    26.6                      (unsigned long)__va(pfn << PAGE_SHIFT),
    26.7 -                    __pte_ma((mfn_list[i] << PAGE_SHIFT) |
    26.8 -                             pgprot_val(PAGE_KERNEL)),
    26.9 -                    0));
   26.10 +                    pfn_pte_ma(mfn_list[i], PAGE_KERNEL), 0));
   26.11              }
   26.12  
   26.13              /* Finally, relinquish the memory back to the system allocator. */
    27.1 --- a/linux-2.6-xen-sparse/drivers/xen/blkback/blkback.c	Fri Aug 19 10:18:53 2005 +0000
    27.2 +++ b/linux-2.6-xen-sparse/drivers/xen/blkback/blkback.c	Fri Aug 19 10:50:15 2005 +0000
    27.3 @@ -406,21 +406,15 @@ static void dispatch_probe(blkif_t *blki
    27.4  #endif
    27.5  
    27.6  
    27.7 -#ifdef CONFIG_XEN_BLKDEV_TAP_BE
    27.8      if ( HYPERVISOR_update_va_mapping_otherdomain(
    27.9          MMAP_VADDR(pending_idx, 0),
   27.10 -        (pte_t) { (req->frame_and_sects[0] & PAGE_MASK) | __PAGE_KERNEL },
   27.11 +        pfn_pte_ma(req->frame_and_sects[0] >> PAGE_SHIFT, PAGE_KERNEL),
   27.12 +#ifdef CONFIG_XEN_BLKDEV_TAP_BE
   27.13          0, (blkif->is_blktap ? ID_TO_DOM(req->id) : blkif->domid) ) )
   27.14 -        
   27.15 -        goto out;
   27.16  #else
   27.17 -    if ( HYPERVISOR_update_va_mapping_otherdomain(
   27.18 -        MMAP_VADDR(pending_idx, 0),
   27.19 -        (pte_t) { (req->frame_and_sects[0] & PAGE_MASK) | __PAGE_KERNEL },
   27.20 -        0, blkif->domid) ) 
   27.21 -        
   27.22 +        0, blkif->domid) )
   27.23 +#endif
   27.24          goto out;
   27.25 -#endif
   27.26  #endif /* endif CONFIG_XEN_BLKDEV_GRANT */
   27.27     
   27.28      rsp = vbd_probe(blkif, (vdisk_t *)MMAP_VADDR(pending_idx, 0), 
    28.1 --- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c	Fri Aug 19 10:18:53 2005 +0000
    28.2 +++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c	Fri Aug 19 10:50:15 2005 +0000
    28.3 @@ -48,15 +48,7 @@ static const struct xenbus_device_id *
    28.4  match_device(const struct xenbus_device_id *arr, struct xenbus_device *dev)
    28.5  {
    28.6  	for (; !streq(arr->devicetype, ""); arr++) {
    28.7 -		if (!streq(arr->devicetype, dev->devicetype))
    28.8 -			continue;
    28.9 -
   28.10 -		/* If they don't care what subtype, it's a match. */
   28.11 -		if (streq(arr->subtype, ""))
   28.12 -			return arr;
   28.13 -
   28.14 -		/* If they care, device must have (same) subtype. */
   28.15 -		if (dev->subtype && streq(arr->subtype, dev->subtype))
   28.16 +		if (streq(arr->devicetype, dev->devicetype))
   28.17  			return arr;
   28.18  	}
   28.19  	return NULL;
   28.20 @@ -72,10 +64,102 @@ static int xenbus_match(struct device *_
   28.21  	return match_device(drv->ids, to_xenbus_device(_dev)) != NULL;
   28.22  }
   28.23  
   28.24 +struct xen_bus_type
   28.25 +{
   28.26 +	char *root;
   28.27 +	unsigned int levels;
   28.28 +	int (*get_bus_id)(char bus_id[BUS_ID_SIZE], const char *nodename);
   28.29 +	int (*probe)(const char *type, const char *dir);
   28.30 +	struct bus_type bus;
   28.31 +	struct device dev;
   28.32 +};
   28.33 +
   28.34 +/* device/<type>/<id> => <type>-<id> */
   28.35 +static int frontend_bus_id(char bus_id[BUS_ID_SIZE], const char *nodename)
   28.36 +{
   28.37 +	nodename = strchr(nodename, '/');
   28.38 +	if (!nodename || strlen(nodename + 1) >= BUS_ID_SIZE) {
   28.39 +		printk(KERN_WARNING "XENBUS: bad frontend %s\n", nodename);
   28.40 +		return -EINVAL;
   28.41 +	}
   28.42 +
   28.43 +	strlcpy(bus_id, nodename + 1, BUS_ID_SIZE);
   28.44 +	if (!strchr(bus_id, '/')) {
   28.45 +		printk(KERN_WARNING "XENBUS: bus_id %s no slash\n", bus_id);
   28.46 +		return -EINVAL;
   28.47 +	}
   28.48 +	*strchr(bus_id, '/') = '-';
   28.49 +	return 0;
   28.50 +}
   28.51 +
   28.52  /* Bus type for frontend drivers. */
   28.53 -static struct bus_type xenbus_type = {
   28.54 -	.name  = "xenbus",
   28.55 -	.match = xenbus_match,
   28.56 +static int xenbus_probe_frontend(const char *type, const char *name);
   28.57 +static struct xen_bus_type xenbus_frontend = {
   28.58 +	.root = "device",
   28.59 +	.levels = 2, 		/* device/type/<id> */
   28.60 +	.get_bus_id = frontend_bus_id,
   28.61 +	.probe = xenbus_probe_frontend,
   28.62 +	.bus = {
   28.63 +		.name  = "xen",
   28.64 +		.match = xenbus_match,
   28.65 +	},
   28.66 +	.dev = {
   28.67 +		.bus_id = "xen",
   28.68 +	},
   28.69 +};
   28.70 +
   28.71 +/* backend/<type>/<fe-uuid>/<id> => <type>-<fe-domid>-<id> */
   28.72 +static int backend_bus_id(char bus_id[BUS_ID_SIZE], const char *nodename)
   28.73 +{
   28.74 +	int domid, err;
   28.75 +	const char *devid, *type, *frontend;
   28.76 +	unsigned int typelen;
   28.77 +
   28.78 +	type = strchr(nodename, '/');
   28.79 +	if (!type)
   28.80 +		return -EINVAL;
   28.81 +	type++;
   28.82 +	typelen = strcspn(type, "/");
   28.83 +	if (!typelen || type[typelen] != '/')
   28.84 +		return -EINVAL;
   28.85 +
   28.86 +	devid = strrchr(nodename, '/') + 1;
   28.87 +
   28.88 +	err = xenbus_gather(nodename, "frontend-id", "%i", &domid,
   28.89 +			    "frontend", NULL, &frontend,
   28.90 +			    NULL);
   28.91 +	if (err)
   28.92 +		return err;
   28.93 +	if (strlen(frontend) == 0)
   28.94 +		err = -ERANGE;
   28.95 +
   28.96 +	if (!err && !xenbus_exists(frontend, ""))
   28.97 +		err = -ENOENT;
   28.98 +
   28.99 +	if (err) {
  28.100 +		kfree(frontend);
  28.101 +		return err;
  28.102 +	}
  28.103 +
  28.104 +	if (snprintf(bus_id, BUS_ID_SIZE,
  28.105 +		     "%.*s-%i-%s", typelen, type, domid, devid) >= BUS_ID_SIZE)
  28.106 +		return -ENOSPC;
  28.107 +	return 0;
  28.108 +}
  28.109 +
  28.110 +static int xenbus_probe_backend(const char *type, const char *uuid);
  28.111 +static struct xen_bus_type xenbus_backend = {
  28.112 +	.root = "backend",
  28.113 +	.levels = 3, 		/* backend/type/<frontend>/<id> */
  28.114 +	.get_bus_id = backend_bus_id,
  28.115 +	.probe = xenbus_probe_backend,
  28.116 +	.bus = {
  28.117 +		.name  = "xen-backend",
  28.118 +		.match = xenbus_match,
  28.119 +	},
  28.120 +	.dev = {
  28.121 +		.bus_id = "xen-backend",
  28.122 +	},
  28.123  };
  28.124  
  28.125  static int xenbus_dev_probe(struct device *_dev)
  28.126 @@ -104,12 +188,13 @@ static int xenbus_dev_remove(struct devi
  28.127  	return drv->remove(dev);
  28.128  }
  28.129  
  28.130 -int xenbus_register_driver(struct xenbus_driver *drv)
  28.131 +static int xenbus_register_driver(struct xenbus_driver *drv,
  28.132 +				  struct xen_bus_type *bus)
  28.133  {
  28.134  	int err;
  28.135  
  28.136  	drv->driver.name = drv->name;
  28.137 -	drv->driver.bus = &xenbus_type;
  28.138 +	drv->driver.bus = &bus->bus;
  28.139  	drv->driver.owner = drv->owner;
  28.140  	drv->driver.probe = xenbus_dev_probe;
  28.141  	drv->driver.remove = xenbus_dev_remove;
  28.142 @@ -120,6 +205,16 @@ int xenbus_register_driver(struct xenbus
  28.143  	return err;
  28.144  }
  28.145  
  28.146 +int xenbus_register_device(struct xenbus_driver *drv)
  28.147 +{
  28.148 +	return xenbus_register_driver(drv, &xenbus_frontend);
  28.149 +}
  28.150 +
  28.151 +int xenbus_register_backend(struct xenbus_driver *drv)
  28.152 +{
  28.153 +	return xenbus_register_driver(drv, &xenbus_backend);
  28.154 +}
  28.155 +
  28.156  void xenbus_unregister_driver(struct xenbus_driver *drv)
  28.157  {
  28.158  	down(&xenbus_lock);
  28.159 @@ -130,52 +225,98 @@ void xenbus_unregister_driver(struct xen
  28.160  struct xb_find_info
  28.161  {
  28.162  	struct xenbus_device *dev;
  28.163 -	const char *busid;
  28.164 +	const char *nodename;
  28.165  };
  28.166  
  28.167  static int cmp_dev(struct device *dev, void *data)
  28.168  {
  28.169 +	struct xenbus_device *xendev = to_xenbus_device(dev);
  28.170  	struct xb_find_info *info = data;
  28.171  
  28.172 -	if (streq(dev->bus_id, info->busid)) {
  28.173 -		info->dev = container_of(get_device(dev),
  28.174 -					 struct xenbus_device, dev);
  28.175 +	if (streq(xendev->nodename, info->nodename)) {
  28.176 +		info->dev = xendev;
  28.177 +		get_device(dev);
  28.178  		return 1;
  28.179  	}
  28.180  	return 0;
  28.181  }
  28.182  
  28.183 -/* FIXME: device_find is fixed in 2.6.13-rc2 according to Greg KH --RR */
  28.184 -struct xenbus_device *xenbus_device_find(const char *busid)
  28.185 +struct xenbus_device *xenbus_device_find(const char *nodename,
  28.186 +					 struct bus_type *bus)
  28.187  {
  28.188 -	struct xb_find_info info = { .dev = NULL, .busid = busid };
  28.189 +	struct xb_find_info info = { .dev = NULL, .nodename = nodename };
  28.190  
  28.191 -	bus_for_each_dev(&xenbus_type, NULL, &info, cmp_dev);
  28.192 +	bus_for_each_dev(bus, NULL, &info, cmp_dev);
  28.193  	return info.dev;
  28.194  }
  28.195  
  28.196 +static int cleanup_dev(struct device *dev, void *data)
  28.197 +{
  28.198 +	struct xenbus_device *xendev = to_xenbus_device(dev);
  28.199 +	struct xb_find_info *info = data;
  28.200 +	int len = strlen(info->nodename);
  28.201 +
  28.202 +	if (!strncmp(xendev->nodename, info->nodename, len)) {
  28.203 +		info->dev = xendev;
  28.204 +		get_device(dev);
  28.205 +		return 1;
  28.206 +	}
  28.207 +	return 0;
  28.208 +}
  28.209 +
  28.210 +static void xenbus_cleanup_devices(const char *path, struct bus_type *bus)
  28.211 +{
  28.212 +	struct xb_find_info info = { .nodename = path };
  28.213 +
  28.214 +	do {
  28.215 +		info.dev = NULL;
  28.216 +		bus_for_each_dev(bus, NULL, &info, cleanup_dev);
  28.217 +		if (info.dev) {
  28.218 +			device_unregister(&info.dev->dev);
  28.219 +			put_device(&info.dev->dev);
  28.220 +		}
  28.221 +	} while (info.dev);
  28.222 +}
  28.223  
  28.224  static void xenbus_release_device(struct device *dev)
  28.225  {
  28.226  	if (dev) {
  28.227  		struct xenbus_device *xendev = to_xenbus_device(dev);
  28.228  
  28.229 -		kfree(xendev->subtype);
  28.230  		kfree(xendev);
  28.231  	}
  28.232  }
  28.233 -/* devices/<typename>/<name> */
  28.234 -static int xenbus_probe_device(const char *dirpath, const char *devicetype,
  28.235 -			       const char *name)
  28.236 +
  28.237 +/* Simplified asprintf. */
  28.238 +static char *kasprintf(const char *fmt, ...)
  28.239 +{
  28.240 +	va_list ap;
  28.241 +	unsigned int len;
  28.242 +	char *p, dummy[1];
  28.243 +
  28.244 +	va_start(ap, fmt);
  28.245 +	/* FIXME: vsnprintf has a bug, NULL should work */
  28.246 +	len = vsnprintf(dummy, 0, fmt, ap);
  28.247 +	va_end(ap);
  28.248 +
  28.249 +	p = kmalloc(len + 1, GFP_KERNEL);
  28.250 +	if (!p)
  28.251 +		return NULL;
  28.252 +	va_start(ap, fmt);
  28.253 +	vsprintf(p, fmt, ap);
  28.254 +	va_end(ap);
  28.255 +	return p;
  28.256 +}
  28.257 +
  28.258 +static int xenbus_probe_node(struct xen_bus_type *bus,
  28.259 +			     const char *type,
  28.260 +			     const char *nodename)
  28.261  {
  28.262  	int err;
  28.263  	struct xenbus_device *xendev;
  28.264  	unsigned int stringlen;
  28.265  
  28.266 -	/* Nodename: /device/<typename>/<name>/ */
  28.267 -	stringlen = strlen(dirpath) + strlen(devicetype) + strlen(name) + 3;
  28.268 -	/* Typename */
  28.269 -	stringlen += strlen(devicetype) + 1;
  28.270 +	stringlen = strlen(nodename) + 1 + strlen(type) + 1;
  28.271  	xendev = kmalloc(sizeof(*xendev) + stringlen, GFP_KERNEL);
  28.272  	if (!xendev)
  28.273  		return -ENOMEM;
  28.274 @@ -183,38 +324,103 @@ static int xenbus_probe_device(const cha
  28.275  
  28.276  	/* Copy the strings into the extra space. */
  28.277  	xendev->nodename = (char *)(xendev + 1);
  28.278 -	sprintf(xendev->nodename, "%s/%s/%s", dirpath, devicetype, name);
  28.279 +	strcpy(xendev->nodename, nodename);
  28.280  	xendev->devicetype = xendev->nodename + strlen(xendev->nodename) + 1;
  28.281 -	strcpy(xendev->devicetype, devicetype);
  28.282 +	strcpy(xendev->devicetype, type);
  28.283  
  28.284 -	/* FIXME: look for "subtype" field. */
  28.285 -	snprintf(xendev->dev.bus_id, BUS_ID_SIZE, "%s-%s", devicetype, name);
  28.286 -	xendev->dev.bus = &xenbus_type;
  28.287 +	xendev->dev.parent = &bus->dev;
  28.288 +	xendev->dev.bus = &bus->bus;
  28.289  	xendev->dev.release = xenbus_release_device;
  28.290  
  28.291 +	err = bus->get_bus_id(xendev->dev.bus_id, xendev->nodename);
  28.292 +	if (err) {
  28.293 +		kfree(xendev);
  28.294 +		return err;
  28.295 +	}
  28.296 +
  28.297  	/* Register with generic device framework. */
  28.298  	err = device_register(&xendev->dev);
  28.299  	if (err) {
  28.300 -		printk("XENBUS: Registering device %s: error %i\n",
  28.301 -		       xendev->dev.bus_id, err);
  28.302 +		printk("XENBUS: Registering %s device %s: error %i\n",
  28.303 +		       bus->bus.name, xendev->dev.bus_id, err);
  28.304  		kfree(xendev);
  28.305  	}
  28.306  	return err;
  28.307  }
  28.308  
  28.309 -static int xenbus_probe_device_type(const char *dirpath, const char *typename)
  28.310 +/* device/<typename>/<name> */
  28.311 +static int xenbus_probe_frontend(const char *type, const char *name)
  28.312 +{
  28.313 +	char *nodename;
  28.314 +	int err;
  28.315 +
  28.316 +	nodename = kasprintf("%s/%s/%s", xenbus_frontend.root, type, name);
  28.317 +	if (!nodename)
  28.318 +		return -ENOMEM;
  28.319 +	
  28.320 +	err = xenbus_probe_node(&xenbus_frontend, type, nodename);
  28.321 +	kfree(nodename);
  28.322 +	return err;
  28.323 +}
  28.324 +
  28.325 +/* backend/<typename>/<frontend-uuid>/<name> */
  28.326 +static int xenbus_probe_backend_unit(const char *dir,
  28.327 +				     const char *type,
  28.328 +				     const char *name)
  28.329 +{
  28.330 +	char *nodename;
  28.331 +	int err;
  28.332 +
  28.333 +	nodename = kasprintf("%s/%s", dir, name);
  28.334 +	if (!nodename)
  28.335 +		return -ENOMEM;
  28.336 +
  28.337 +	err = xenbus_probe_node(&xenbus_backend, type, nodename);
  28.338 +	kfree(nodename);
  28.339 +	return err;
  28.340 +}
  28.341 +
  28.342 +/* backend/<typename>/<frontend-uuid> */
  28.343 +static int xenbus_probe_backend(const char *type, const char *uuid)
  28.344 +{
  28.345 +	char *nodename;
  28.346 +	int err = 0;
  28.347 +	char **dir;
  28.348 +	unsigned int i, dir_n = 0;
  28.349 +
  28.350 +	nodename = kasprintf("%s/%s/%s", xenbus_backend.root, type, uuid);
  28.351 +	if (!nodename)
  28.352 +		return -ENOMEM;
  28.353 +
  28.354 +	dir = xenbus_directory(nodename, "", &dir_n);
  28.355 +	if (IS_ERR(dir)) {
  28.356 +		kfree(nodename);
  28.357 +		return PTR_ERR(dir);
  28.358 +	}
  28.359 +
  28.360 +	for (i = 0; i < dir_n; i++) {
  28.361 +		err = xenbus_probe_backend_unit(nodename, type, dir[i]);
  28.362 +		if (err)
  28.363 +			break;
  28.364 +	}
  28.365 +	kfree(dir);
  28.366 +	kfree(nodename);
  28.367 +	return err;
  28.368 +}
  28.369 +
  28.370 +static int xenbus_probe_device_type(struct xen_bus_type *bus, const char *type)
  28.371  {
  28.372  	int err = 0;
  28.373  	char **dir;
  28.374  	unsigned int dir_n = 0;
  28.375  	int i;
  28.376  
  28.377 -	dir = xenbus_directory(dirpath, typename, &dir_n);
  28.378 +	dir = xenbus_directory(bus->root, type, &dir_n);
  28.379  	if (IS_ERR(dir))
  28.380  		return PTR_ERR(dir);
  28.381  
  28.382  	for (i = 0; i < dir_n; i++) {
  28.383 -		err = xenbus_probe_device(dirpath, typename, dir[i]);
  28.384 +		err = bus->probe(type, dir[i]);
  28.385  		if (err)
  28.386  			break;
  28.387  	}
  28.388 @@ -222,18 +428,18 @@ static int xenbus_probe_device_type(cons
  28.389  	return err;
  28.390  }
  28.391  
  28.392 -static int xenbus_probe_devices(const char *path)
  28.393 +static int xenbus_probe_devices(struct xen_bus_type *bus)
  28.394  {
  28.395  	int err = 0;
  28.396  	char **dir;
  28.397  	unsigned int i, dir_n;
  28.398  
  28.399 -	dir = xenbus_directory(path, "", &dir_n);
  28.400 +	dir = xenbus_directory(bus->root, "", &dir_n);
  28.401  	if (IS_ERR(dir))
  28.402  		return PTR_ERR(dir);
  28.403  
  28.404  	for (i = 0; i < dir_n; i++) {
  28.405 -		err = xenbus_probe_device_type(path, dir[i]);
  28.406 +		err = xenbus_probe_device_type(bus, dir[i]);
  28.407  		if (err)
  28.408  			break;
  28.409  	}
  28.410 @@ -251,58 +457,111 @@ static unsigned int char_count(const cha
  28.411  	return ret;
  28.412  }
  28.413  
  28.414 -static void dev_changed(struct xenbus_watch *watch, const char *node)
  28.415 +static int strsep_len(const char *str, char c, unsigned int len)
  28.416  {
  28.417 -	char busid[BUS_ID_SIZE];
  28.418 -	int exists;
  28.419 -	struct xenbus_device *dev;
  28.420 -	char *p;
  28.421 +	unsigned int i;
  28.422 +
  28.423 +	for (i = 0; str[i]; i++)
  28.424 +		if (str[i] == c) {
  28.425 +			if (len == 0)
  28.426 +				return i;
  28.427 +			len--;
  28.428 +		}
  28.429 +	return (len == 0) ? i : -ERANGE;
  28.430 +}
  28.431  
  28.432 -	/* Node is of form device/<type>/<identifier>[/...] */
  28.433 -	if (char_count(node, '/') != 2)
  28.434 -		return;
  28.435 +static void dev_changed(const char *node, struct xen_bus_type *bus)
  28.436 +{
  28.437 +	int exists, rootlen;
  28.438 +	struct xenbus_device *dev;
  28.439 +	char type[BUS_ID_SIZE];
  28.440 +	const char *p, *root;
  28.441  
  28.442 -	/* Created or deleted? */
  28.443 -	exists = xenbus_exists(node, "");
  28.444 +	if (char_count(node, '/') < 2)
  28.445 + 		return;
  28.446  
  28.447 -	p = strchr(node, '/') + 1;
  28.448 -	if (strlen(p) + 1 > BUS_ID_SIZE) {
  28.449 -		printk("Device for node %s is too big!\n", node);
  28.450 +	exists = xenbus_exists(node, "");
  28.451 +	if (!exists) {
  28.452 +		xenbus_cleanup_devices(node, &bus->bus);
  28.453  		return;
  28.454  	}
  28.455 -	/* Bus ID is name with / changed to - */
  28.456 -	strcpy(busid, p);
  28.457 -	*strchr(busid, '/') = '-';
  28.458 +
  28.459 +	/* backend/<type>/... or device/<type>/... */
  28.460 +	p = strchr(node, '/') + 1;
  28.461 +	snprintf(type, BUS_ID_SIZE, "%.*s", strcspn(p, "/"), p);
  28.462 +	type[BUS_ID_SIZE-1] = '\0';
  28.463 +
  28.464 +	rootlen = strsep_len(node, '/', bus->levels);
  28.465 +	if (rootlen < 0)
  28.466 +		return;
  28.467 +	root = kasprintf("%.*s", rootlen, node);
  28.468 +	if (!root)
  28.469 +		return;
  28.470  
  28.471 -	dev = xenbus_device_find(busid);
  28.472 -	printk("xenbus: device %s %s\n", busid, dev ? "exists" : "new");
  28.473 -	if (dev && !exists) {
  28.474 -		printk("xenbus: Unregistering device %s\n", busid);
  28.475 -		/* FIXME: free? */
  28.476 -		device_unregister(&dev->dev);
  28.477 -	} else if (!dev && exists) {
  28.478 -		printk("xenbus: Adding device %s\n", busid);
  28.479 -		/* Hack bus id back into two strings. */
  28.480 -		*strrchr(busid, '-') = '\0';
  28.481 -		xenbus_probe_device("device", busid, busid+strlen(busid)+1);
  28.482 -	} else
  28.483 -		printk("xenbus: strange, %s already %s\n", busid,
  28.484 -		       exists ? "exists" : "gone");
  28.485 -	if (dev)
  28.486 +	dev = xenbus_device_find(root, &bus->bus);
  28.487 +	if (!dev)
  28.488 +		xenbus_probe_node(bus, type, root);
  28.489 +	else
  28.490  		put_device(&dev->dev);
  28.491 +
  28.492 +	kfree(root);
  28.493 +}
  28.494 +
  28.495 +static void frontend_changed(struct xenbus_watch *watch, const char *node)
  28.496 +{
  28.497 +	dev_changed(node, &xenbus_frontend);
  28.498 +}
  28.499 +
  28.500 +static void backend_changed(struct xenbus_watch *watch, const char *node)
  28.501 +{
  28.502 +	dev_changed(node, &xenbus_backend);
  28.503  }
  28.504  
  28.505  /* We watch for devices appearing and vanishing. */
  28.506 -static struct xenbus_watch dev_watch = {
  28.507 -	/* FIXME: Ideally we'd only watch for changes 2 levels deep... */
  28.508 +static struct xenbus_watch fe_watch = {
  28.509  	.node = "device",
  28.510 -	.callback = dev_changed,
  28.511 +	.callback = frontend_changed,
  28.512 +};
  28.513 +
  28.514 +static struct xenbus_watch be_watch = {
  28.515 +	.node = "backend",
  28.516 +	.callback = backend_changed,
  28.517  };
  28.518  
  28.519 +static int suspend_dev(struct device *dev, void *data)
  28.520 +{
  28.521 +	int err = 0;
  28.522 +	struct xenbus_driver *drv = to_xenbus_driver(dev->driver);
  28.523 +	struct xenbus_device *xdev
  28.524 +		= container_of(dev, struct xenbus_device, dev);
  28.525 +
  28.526 +	if (drv->suspend)
  28.527 +		err = drv->suspend(xdev);
  28.528 +	if (err)
  28.529 +		printk("xenbus: suspend %s failed: %i\n", dev->bus_id, err);
  28.530 +	return 0;
  28.531 +}
  28.532 +
  28.533 +static int resume_dev(struct device *dev, void *data)
  28.534 +{
  28.535 +	int err = 0;
  28.536 +	struct xenbus_driver *drv = to_xenbus_driver(dev->driver);
  28.537 +	struct xenbus_device *xdev
  28.538 +		= container_of(dev, struct xenbus_device, dev);
  28.539 +
  28.540 +	if (drv->resume)
  28.541 +		err = drv->resume(xdev);
  28.542 +	if (err)
  28.543 +		printk("xenbus: resume %s failed: %i\n", dev->bus_id, err);
  28.544 +	return 0;
  28.545 +}
  28.546 +
  28.547  void xenbus_suspend(void)
  28.548  {
  28.549  	/* We keep lock, so no comms can happen as page moves. */
  28.550  	down(&xenbus_lock);
  28.551 +	bus_for_each_dev(&xenbus_frontend.bus, NULL, NULL, suspend_dev);
  28.552 +	bus_for_each_dev(&xenbus_backend.bus, NULL, NULL, suspend_dev);
  28.553  	xb_suspend_comms();
  28.554  }
  28.555  
  28.556 @@ -310,6 +569,8 @@ void xenbus_resume(void)
  28.557  {
  28.558  	xb_init_comms();
  28.559  	reregister_xenbus_watches();
  28.560 +	bus_for_each_dev(&xenbus_frontend.bus, NULL, NULL, resume_dev);
  28.561 +	bus_for_each_dev(&xenbus_backend.bus, NULL, NULL, resume_dev);
  28.562  	up(&xenbus_lock);
  28.563  }
  28.564  
  28.565 @@ -354,30 +615,23 @@ int do_xenbus_probe(void *unused)
  28.566  	}
  28.567  
  28.568  	down(&xenbus_lock);
  28.569 -	err = notifier_call_chain(&xenstore_chain, 0, 0);
  28.570 -	up(&xenbus_lock);
  28.571 -
  28.572 -	if (err == NOTIFY_BAD) {
  28.573 -		printk("%s: calling xenstore notify chain failed\n",
  28.574 -		       __FUNCTION__);
  28.575 -		return -EINVAL;
  28.576 -	}
  28.577 -
  28.578 -	err = 0;
  28.579 -
  28.580 -	down(&xenbus_lock);
  28.581  	/* Enumerate devices in xenstore. */
  28.582 -	xenbus_probe_devices("device");
  28.583 +	xenbus_probe_devices(&xenbus_frontend);
  28.584 +	xenbus_probe_devices(&xenbus_backend);
  28.585  	/* Watch for changes. */
  28.586 -	register_xenbus_watch(&dev_watch);
  28.587 +	register_xenbus_watch(&fe_watch);
  28.588 +	register_xenbus_watch(&be_watch);
  28.589  	up(&xenbus_lock);
  28.590  	return 0;
  28.591  }
  28.592  
  28.593  static int __init xenbus_probe_init(void)
  28.594  {
  28.595 -	bus_register(&xenbus_type);
  28.596 -
  28.597 +	bus_register(&xenbus_frontend.bus);
  28.598 +	bus_register(&xenbus_backend.bus);
  28.599 +	device_register(&xenbus_frontend.dev);
  28.600 +	device_register(&xenbus_backend.dev);
  28.601 +	
  28.602  	if (!xen_start_info.store_evtchn)
  28.603  		return 0;
  28.604  
    29.1 --- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c	Fri Aug 19 10:18:53 2005 +0000
    29.2 +++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c	Fri Aug 19 10:50:15 2005 +0000
    29.3 @@ -187,6 +187,7 @@ static char *join(const char *dir, const
    29.4  	static char buffer[4096];
    29.5  
    29.6  	BUG_ON(down_trylock(&xenbus_lock) == 0);
    29.7 +	/* XXX FIXME: might not be correct if name == "" */
    29.8  	BUG_ON(strlen(dir) + strlen("/") + strlen(name) + 1 > sizeof(buffer));
    29.9  
   29.10  	strcpy(buffer, dir);
   29.11 @@ -399,9 +400,12 @@ int xenbus_gather(const char *dir, ...)
   29.12  			ret = PTR_ERR(p);
   29.13  			break;
   29.14  		}
   29.15 -		if (sscanf(p, fmt, result) == 0)
   29.16 -			ret = -EINVAL;
   29.17 -		kfree(p);
   29.18 +		if (fmt) {
   29.19 +			if (sscanf(p, fmt, result) == 0)
   29.20 +				ret = -EINVAL;
   29.21 +			kfree(p);
   29.22 +		} else
   29.23 +			*(char **)result = p;
   29.24  	}
   29.25  	va_end(ap);
   29.26  	return ret;
    30.1 --- a/linux-2.6-xen-sparse/include/asm-xen/asm-i386/dma-mapping.h	Fri Aug 19 10:18:53 2005 +0000
    30.2 +++ b/linux-2.6-xen-sparse/include/asm-xen/asm-i386/dma-mapping.h	Fri Aug 19 10:50:15 2005 +0000
    30.3 @@ -26,7 +26,9 @@ address_needs_mapping(struct device *hwd
    30.4  static inline int
    30.5  range_straddles_page_boundary(void *p, size_t size)
    30.6  {
    30.7 -	return ((((unsigned long)p & ~PAGE_MASK) + size) > PAGE_SIZE);
    30.8 +	extern unsigned long *contiguous_bitmap;
    30.9 +	return (((((unsigned long)p & ~PAGE_MASK) + size) > PAGE_SIZE) &&
   30.10 +		!test_bit(__pa(p) >> PAGE_SHIFT, contiguous_bitmap));
   30.11  }
   30.12  
   30.13  #define dma_alloc_noncoherent(d, s, h, f) dma_alloc_coherent(d, s, h, f)
    33.1 --- a/linux-2.6-xen-sparse/include/asm-xen/xenbus.h	Fri Aug 19 10:18:53 2005 +0000
    33.2 +++ b/linux-2.6-xen-sparse/include/asm-xen/xenbus.h	Fri Aug 19 10:50:15 2005 +0000
    33.3 @@ -37,7 +37,6 @@
    33.4  /* A xenbus device. */
    33.5  struct xenbus_device {
    33.6  	char *devicetype;
    33.7 -	char *subtype;
    33.8  	char *nodename;
    33.9  	struct device dev;
   33.10  	int has_error;
   33.11 @@ -53,7 +52,6 @@ struct xenbus_device_id
   33.12  {
   33.13  	/* .../device/<device_type>/<identifier> */
   33.14  	char devicetype[32]; 	/* General class of device. */
   33.15 -	char subtype[32];	/* Contents of "subtype" for this device */
   33.16  };
   33.17  
   33.18  /* A xenbus driver. */
   33.19 @@ -61,9 +59,11 @@ struct xenbus_driver {
   33.20  	char *name;
   33.21  	struct module *owner;
   33.22  	const struct xenbus_device_id *ids;
   33.23 -	int  (*probe)    (struct xenbus_device * dev,
   33.24 -			  const struct xenbus_device_id * id);
   33.25 -	int  (*remove)   (struct xenbus_device * dev);
   33.26 +	int (*probe)(struct xenbus_device *dev,
   33.27 +		     const struct xenbus_device_id *id);
   33.28 +	int (*remove)(struct xenbus_device *dev);
   33.29 +	int (*suspend)(struct xenbus_device *dev);
   33.30 +	int (*resume)(struct xenbus_device *dev);
   33.31  	struct device_driver driver;
   33.32  };
   33.33  
   33.34 @@ -72,7 +72,8 @@ static inline struct xenbus_driver *to_x
   33.35  	return container_of(drv, struct xenbus_driver, driver);
   33.36  }
   33.37  
   33.38 -int xenbus_register_driver(struct xenbus_driver *drv);
   33.39 +int xenbus_register_device(struct xenbus_driver *drv);
   33.40 +int xenbus_register_backend(struct xenbus_driver *drv);
   33.41  void xenbus_unregister_driver(struct xenbus_driver *drv);
   33.42  
   33.43  /* Caller must hold this lock to call these functions: it's also held
    34.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    34.2 +++ b/patches/linux-2.6.12/workaround_double_br_del_if.patch	Fri Aug 19 10:50:15 2005 +0000
    34.3 @@ -0,0 +1,11 @@
    34.4 +--- linux-2.6.12/net/bridge/br_if.c	2005-06-17 14:48:29.000000000 -0500
    34.5 ++++ linux-2.6.12-xen0-smp/net/bridge/br_if.c	2005-08-18 15:17:27.302615846 -0500
    34.6 +@@ -382,7 +382,7 @@
    34.7 + {
    34.8 + 	struct net_bridge_port *p = dev->br_port;
    34.9 + 	
   34.10 +-	if (!p || p->br != br) 
   34.11 ++	if (!p || p->br != br || p->state == BR_STATE_DISABLED)
   34.12 + 		return -EINVAL;
   34.13 + 
   34.14 + 	br_sysfs_removeif(p);
    35.1 --- a/tools/examples/network-bridge	Fri Aug 19 10:18:53 2005 +0000
    35.2 +++ b/tools/examples/network-bridge	Fri Aug 19 10:50:15 2005 +0000
    35.3 @@ -51,7 +51,7 @@ for arg ; do export "${arg}" ; done
    35.4  
    35.5  bridge=${bridge:-xen-br0}
    35.6  netdev=${netdev:-eth0}
    35.7 -antispoof=${antispoof:-yes}
    35.8 +antispoof=${antispoof:-no}
    35.9  
   35.10  echo "*network $OP bridge=$bridge netdev=$netdev antispoof=$antispoof" >&2
   35.11  
    36.1 --- a/tools/misc/policyprocessor/Makefile	Fri Aug 19 10:18:53 2005 +0000
    36.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    36.3 @@ -1,42 +0,0 @@
    36.4 -XEN_ROOT = ../../..
    36.5 -include $(XEN_ROOT)/tools/Rules.mk
    36.6 -
    36.7 -CFLAGS   += -static
    36.8 -CFLAGS   += -Wall
    36.9 -CFLAGS   += -Werror
   36.10 -CFLAGS   += -O3
   36.11 -CFLAGS   += -fno-strict-aliasing
   36.12 -CFLAGS   += -I.
   36.13 -
   36.14 -all: build
   36.15 -
   36.16 -build: mk-symlinks
   36.17 -	$(MAKE) xml_to_bin
   36.18 -
   36.19 -default: all
   36.20 -
   36.21 -install: all
   36.22 -
   36.23 -xml_to_bin : make_include XmlToBin.java XmlToBinInterface.java SsidsEntry.java SecurityLabel.java myHandler.java
   36.24 -	javac XmlToBin.java
   36.25 -
   36.26 -make_include : c2j_include
   36.27 -	./c2j_include
   36.28 -
   36.29 -c2j_include: c2j_include.c
   36.30 -	$(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $<
   36.31 -
   36.32 -clean:
   36.33 -	rm -rf *.class xen c2j_include policy_version.java *.bin
   36.34 -
   36.35 -
   36.36 -LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse
   36.37 -mk-symlinks:
   36.38 -	[ -e xen/linux ] || mkdir -p xen/linux
   36.39 -	[ -e xen/io ]    || mkdir -p xen/io
   36.40 -	( cd xen >/dev/null ; \
   36.41 -	  ln -sf ../$(XEN_ROOT)/xen/include/public/*.h . )
   36.42 -	( cd xen/io >/dev/null ; \
   36.43 -	  ln -sf ../../$(XEN_ROOT)/xen/include/public/io/*.h . )
   36.44 -	( cd xen/linux >/dev/null ; \
   36.45 -	  ln -sf ../../$(LINUX_ROOT)/include/asm-xen/linux-public/*.h . )
    37.1 --- a/tools/misc/policyprocessor/SecurityLabel.java	Fri Aug 19 10:18:53 2005 +0000
    37.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    37.3 @@ -1,34 +0,0 @@
    37.4 -/**
    37.5 - * (C) Copyright IBM Corp. 2005
    37.6 - *
    37.7 - * $Id: SecurityLabel.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $
    37.8 - *
    37.9 - * Author: Ray Valdez
   37.10 - *
   37.11 - * This program is free software; you can redistribute it and/or
   37.12 - * modify it under the terms of the GNU General Public License as
   37.13 - * published by the Free Software Foundation, version 2 of the
   37.14 - * License.
   37.15 - *
   37.16 - * SecurityLabel Class.  
   37.17 - *
   37.18 - * <p>
   37.19 - *
   37.20 - * Keeps track of types.
   37.21 - *
   37.22 - * <p>
   37.23 - *
   37.24 - *
   37.25 - */
   37.26 -import java.util.*;
   37.27 -public class SecurityLabel
   37.28 -{
   37.29 - Vector ids;
   37.30 - Vector vlans;
   37.31 - Vector slots;
   37.32 - Vector steTypes;
   37.33 - int steSsidPosition;
   37.34 - Vector chwIDs;
   37.35 - Vector chwTypes;
   37.36 - int chwSsidPosition;
   37.37 -}
    38.1 --- a/tools/misc/policyprocessor/SecurityPolicySpec.xsd	Fri Aug 19 10:18:53 2005 +0000
    38.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    38.3 @@ -1,115 +0,0 @@
    38.4 -<?xml version="1.0" encoding="UTF-8"?>
    38.5 -<!-- Author: Ray Valdez, rvaldez@us.ibm.com -->
    38.6 -<!-- xml schema definition for xen xml policies -->
    38.7 -<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    38.8 -targetNamespace="http://www.ibm.com"
    38.9 -xmlns="http://www.ibm.com" 
   38.10 -elementFormDefault="qualified">
   38.11 -
   38.12 -<xsd:element name="TE" type="xsd:string" />
   38.13 -<xsd:element name="ChWall" type="xsd:string" />
   38.14 -
   38.15 -<xsd:element name="Definition">
   38.16 -  <xsd:complexType>
   38.17 - 	<xsd:sequence>
   38.18 -
   38.19 -	  <!-- simple type enforcement -->
   38.20 -	  <xsd:element name="Types" minOccurs ="0" maxOccurs="1">
   38.21 -		<xsd:complexType>
   38.22 -		  <xsd:sequence>
   38.23 -			<xsd:element ref="TE" minOccurs ="1" maxOccurs ="unbounded"/>
   38.24 -		  </xsd:sequence>
   38.25 -		</xsd:complexType>
   38.26 -	  </xsd:element>
   38.27 -
   38.28 -	  <!-- chinese wall -->
   38.29 -	  <!--   type definition -->
   38.30 -	  <xsd:element name="ChWallTypes" minOccurs ="0" maxOccurs="1">
   38.31 -		<xsd:complexType>
   38.32 -		  <xsd:sequence>
   38.33 -			<xsd:element ref="ChWall"  minOccurs ="1" maxOccurs ="unbounded"/>
   38.34 -
   38.35 -      	   	</xsd:sequence>
   38.36 -          </xsd:complexType>
   38.37 -	</xsd:element>
   38.38 -
   38.39 -  	<!--   conflict set -->
   38.40 -	  <xsd:element name="ConflictSet" minOccurs ="0" maxOccurs="unbounded">
   38.41 -		<xsd:complexType>
   38.42 -		  <xsd:sequence>
   38.43 -			<xsd:element ref="ChWall"  minOccurs ="2" maxOccurs ="unbounded"/>
   38.44 -		  </xsd:sequence>
   38.45 -		</xsd:complexType>
   38.46 -	</xsd:element>
   38.47 -
   38.48 -	</xsd:sequence>
   38.49 -  </xsd:complexType>
   38.50 -</xsd:element>
   38.51 -
   38.52 -<xsd:element name="Policy">
   38.53 -    <xsd:complexType>
   38.54 -      <xsd:sequence>
   38.55 -
   38.56 -	<xsd:element name="PolicyHeader">
   38.57 -    	<xsd:complexType>
   38.58 -      	   <xsd:all>
   38.59 -		<xsd:element name = "Name" type="xsd:string"/>
   38.60 -		<xsd:element name = "DateTime" type="xsd:dateTime"/>
   38.61 -		<xsd:element name = "Tag" minOccurs ="1" maxOccurs ="1" type="xsd:string"/>
   38.62 -		<xsd:element name = "TypeDefinition">
   38.63 -    		<xsd:complexType>
   38.64 -      	   	  <xsd:all>
   38.65 -			<xsd:element name = "url" type="xsd:string"/>
   38.66 -			<xsd:element name = "hash" minOccurs ="0" maxOccurs ="1" type="xsd:string"/>
   38.67 -      	   	  </xsd:all>
   38.68 -    		</xsd:complexType>
   38.69 -		</xsd:element>
   38.70 -
   38.71 -      	   </xsd:all>
   38.72 -    	</xsd:complexType>
   38.73 -	</xsd:element>
   38.74 -
   38.75 -	<xsd:element name="VM" minOccurs ="1" maxOccurs="unbounded">
   38.76 -    	  <xsd:complexType>
   38.77 -      	   <xsd:sequence>
   38.78 -		<xsd:element name="id" type="xsd:integer"/>
   38.79 -		<xsd:element ref="TE" minOccurs="0" maxOccurs="unbounded" />
   38.80 -		<xsd:element ref="ChWall" minOccurs ="0" maxOccurs="unbounded"/>
   38.81 -      	   </xsd:sequence>
   38.82 -    	  </xsd:complexType>
   38.83 -	</xsd:element>
   38.84 -
   38.85 -	<xsd:element name="Vlan" minOccurs ="0" maxOccurs="unbounded">
   38.86 -    	  <xsd:complexType>
   38.87 -      	   <xsd:sequence>
   38.88 -		<xsd:element name="vid" type="xsd:integer"/>
   38.89 -		<xsd:element ref="TE" minOccurs="1" maxOccurs="unbounded" />
   38.90 -      	   </xsd:sequence>
   38.91 -    	  </xsd:complexType>
   38.92 -	</xsd:element>
   38.93 -
   38.94 -	<xsd:element name="Slot" minOccurs ="0" maxOccurs="unbounded">
   38.95 -    	  <xsd:complexType>
   38.96 -      	   <xsd:sequence>
   38.97 -		<xsd:element name="bus" type="xsd:integer"/>
   38.98 -		<xsd:element name="slot" type="xsd:integer"/>
   38.99 -		<xsd:element ref="TE" minOccurs="1" maxOccurs="unbounded" />
  38.100 -      	   </xsd:sequence>
  38.101 -    	  </xsd:complexType>
  38.102 -	</xsd:element>
  38.103 -
  38.104 -
  38.105 -      </xsd:sequence>
  38.106 -    </xsd:complexType>
  38.107 -</xsd:element>
  38.108 -
  38.109 -<!-- root element -->
  38.110 -<xsd:element name="SecurityPolicySpec">
  38.111 -    <xsd:complexType>
  38.112 -      <xsd:choice>
  38.113 -		<xsd:element ref="Definition" minOccurs ="1" maxOccurs="unbounded"/>
  38.114 -		<xsd:element ref="Policy" minOccurs ="1" maxOccurs="unbounded"/>
  38.115 -      </xsd:choice>
  38.116 -    </xsd:complexType>
  38.117 -</xsd:element>
  38.118 -</xsd:schema>
    39.1 --- a/tools/misc/policyprocessor/SsidsEntry.java	Fri Aug 19 10:18:53 2005 +0000
    39.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    39.3 @@ -1,29 +0,0 @@
    39.4 -/**
    39.5 - * (C) Copyright IBM Corp. 2005
    39.6 - *
    39.7 - * $Id: SsidsEntry.java,v 1.2 2005/06/17 20:02:40 rvaldez Exp $
    39.8 - *
    39.9 - * Author: Ray Valdez
   39.10 - * 
   39.11 - * This program is free software; you can redistribute it and/or
   39.12 - * modify it under the terms of the GNU General Public License as
   39.13 - * published by the Free Software Foundation, version 2 of the
   39.14 - * License.
   39.15 - *
   39.16 - * SsidsEntry Class.  
   39.17 - * <p>
   39.18 - *
   39.19 - * Holds ssid information.
   39.20 - *
   39.21 - * <p>
   39.22 - *
   39.23 - *
   39.24 - */
   39.25 -public class SsidsEntry 
   39.26 - {
   39.27 -  int id;	/* used for partition and vlan */
   39.28 -  int bus;	/* used for slots */
   39.29 -  int slot;
   39.30 -  int ste = 0xffffffff;
   39.31 -  int chw = 0xffffffff;
   39.32 - }
    40.1 --- a/tools/misc/policyprocessor/XmlToBin.java	Fri Aug 19 10:18:53 2005 +0000
    40.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    40.3 @@ -1,1570 +0,0 @@
    40.4 -/**
    40.5 - * (C) Copyright IBM Corp. 2005
    40.6 - *
    40.7 - * $Id: XmlToBin.java,v 1.3 2005/06/20 21:07:37 rvaldez Exp $
    40.8 - *
    40.9 - * Author: Ray Valdez
   40.10 - *
   40.11 - * Contributors:
   40.12 - *         Reiner Sailer - adjust type-lengths
   40.13 - *
   40.14 - * This program is free software; you can redistribute it and/or
   40.15 - * modify it under the terms of the GNU General Public License as
   40.16 - * published by the Free Software Foundation, version 2 of the
   40.17 - * License.
   40.18 - *
   40.19 - * XmlToBin  Class.  
   40.20 - * <p>
   40.21 - *
   40.22 - * Translates a xml representation of a SHYPE policy into a binary  
   40.23 - * format.  The class processes an xml policy file based on elment tags 
   40.24 - * defined in a schema definition files: SecurityPolicySpec.xsd.
   40.25 - *
   40.26 - * XmlToBin Command line Options: 
   40.27 - *
   40.28 - *      -i              inputFile:      name of policyfile (.xml)
   40.29 - *      -o              outputFile:     name of binary policy file (Big Endian)
   40.30 - *      -xssid          SsidFile:       xen ssids to types text file
   40.31 - *      -xssidconf      SsidConf:   	xen conflict ssids to types text file
   40.32 - *      -debug                          turn on debug messages
   40.33 - *      -help                           help. This printout
   40.34 - *
   40.35 - * <p>
   40.36 - *
   40.37 - *
   40.38 - */
   40.39 -import java.util.*;
   40.40 -import java.io.*;
   40.41 -import java.io.IOException;
   40.42 -import java.io.FileNotFoundException;
   40.43 -import org.w3c.dom.Document;
   40.44 -import org.w3c.dom.Element;
   40.45 -import org.w3c.dom.Node;
   40.46 -import org.w3c.dom.Attr;
   40.47 -import org.w3c.dom.NodeList;
   40.48 -import org.w3c.dom.NamedNodeMap;
   40.49 -import org.xml.sax.*;
   40.50 -import javax.xml.parsers.*;
   40.51 -import org.xml.sax.helpers.*;
   40.52 -
   40.53 -public class XmlToBin 
   40.54 - implements XmlToBinInterface
   40.55 -{
   40.56 -  class SlotInfo {
   40.57 -	String bus;
   40.58 -	String slot;
   40.59 -  }
   40.60 -
   40.61 - boolean LittleEndian = false;
   40.62 - boolean debug = false;
   40.63 -
   40.64 - static final String JAXP_SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage";
   40.65 -
   40.66 - static final String W3C_XML_SCHEMA = "http://www.w3.org/2001/XMLSchema";
   40.67 -
   40.68 - public static void printUsage()
   40.69 - {
   40.70 -  System.out.println("XmlToBin Command line Options: ");
   40.71 -  System.out.println("\t-i\t\tinputFile:\tname of policyfile (.xml)");
   40.72 -  System.out.println("\t-o\t\toutputFile:\tname of binary policy file (Big Endian)");
   40.73 -  System.out.println("\t-xssid\t\tSsidFile:\tXen ssids to named types text file");
   40.74 -  System.out.println("\t-xssidconf\tSsidConfFile:\tXen conflict ssids to named types text file");
   40.75 -  System.out.println("\t-debug\t\t\t\tturn on debug messages");
   40.76 -  System.out.println("\t-help\t\t\t\thelp. This printout");
   40.77 -  return;
   40.78 - }
   40.79 -
   40.80 - public void printDebug(String message) 
   40.81 - {
   40.82 -  if (debug)
   40.83 -    System.out.println(message);
   40.84 - }
   40.85 -
   40.86 - public void writeBinPolicy(byte[] binPolicy, String outputFileName)
   40.87 -  throws Exception
   40.88 - {
   40.89 -    if (debug) 
   40.90 -    	printHex(binPolicy,binPolicy.length);
   40.91 -
   40.92 -    DataOutputStream writeObj = new DataOutputStream(
   40.93 -                                new FileOutputStream(outputFileName));
   40.94 -
   40.95 -    writeObj.write(binPolicy);
   40.96 -    writeObj.flush();
   40.97 -    writeObj.close();
   40.98 -    System.out.println(" wBP:: wrote outputfile: " + outputFileName);
   40.99 -
  40.100 -    return; 
  40.101 - }  
  40.102 -
  40.103 - public void writeXenTypeVectorFile(Vector list, String outputFileName)
  40.104 -  throws Exception
  40.105 - {
  40.106 -  PrintWriter out;
  40.107 -
  40.108 -  if (0 == list.size())
  40.109 -  {
  40.110 -   	printDebug(" wSTF : size of input is zero when writing :" + outputFileName); 
  40.111 -	return;
  40.112 -  }
  40.113 - out = new PrintWriter(
  40.114 -	 	new BufferedWriter(
  40.115 -                      new FileWriter(outputFileName)));
  40.116 -
  40.117 -
  40.118 -  for (int i = 0; i < list.size(); i++)
  40.119 -  {
  40.120 -	Vector	ee = (Vector) list.elementAt(i);
  40.121 -   	out.println(i + " " +ee.toString());
  40.122 -  } 
  40.123 -    out.close();
  40.124 -   
  40.125 -    return; 
  40.126 - }
  40.127 -
  40.128 - public void writeXenTypeFile(Vector list, String outputFileName, boolean slabel)
  40.129 -  throws Exception
  40.130 - {
  40.131 -  Vector entry; 
  40.132 -  String strTypes = "";
  40.133 -  SecurityLabel ee;
  40.134 -  PrintWriter out;
  40.135 -
  40.136 -  if (0 == list.size())
  40.137 -  {
  40.138 -   	printDebug(" wSTF : size of input is zero when writing :" + outputFileName); 
  40.139 -	return;
  40.140 -  }
  40.141 -  out = new PrintWriter(
  40.142 -	 	new BufferedWriter(
  40.143 -                      new FileWriter(outputFileName)));
  40.144 -
  40.145 -  for (int i = 0; i < list.size(); i++)
  40.146 -  {
  40.147 -	ee = (SecurityLabel) list.elementAt(i);
  40.148 -
  40.149 -	if (slabel)
  40.150 -	{
  40.151 -		entry = ee.steTypes; 
  40.152 -	} else {
  40.153 -
  40.154 -		entry = ee.chwTypes; 
  40.155 -	}
  40.156 -	if (null == entry) continue;
  40.157 -
  40.158 -	Enumeration e = entry.elements(); 
  40.159 -	while (e.hasMoreElements())
  40.160 -	{
  40.161 -  	  String typeName = (String) e.nextElement(); 
  40.162 -	  strTypes = strTypes + " " + typeName;
  40.163 -        }
  40.164 -    	  printDebug(" WXTF:: ssid : "+i +" :"+strTypes); 
  40.165 -   	  out.println(i +" "+strTypes);
  40.166 -	  strTypes = "";
  40.167 -  } 
  40.168 -  out.close();
  40.169 -   
  40.170 -  return; 
  40.171 - }
  40.172 -
  40.173 - public void setDebug(boolean value)
  40.174 - {
  40.175 -  debug=value;
  40.176 - }
  40.177 -
  40.178 - public void setEndian(boolean value)
  40.179 - {
  40.180 -  LittleEndian = value;
  40.181 - }
  40.182 -
  40.183 - public byte[] generateVlanSsids(Vector bagOfSsids)
  40.184 -  throws Exception
  40.185 - {
  40.186 -  /**
  40.187 -        typedef struct {
  40.188 -        u16 vlan;
  40.189 -        u16 ssid_ste;
  40.190 -        } acm_vlan_entry_t;
  40.191 -  **/
  40.192 -
  40.193 -  Hashtable  vlanSsid = new Hashtable();
  40.194 -  printDebug(" gVS::Size of bagOfSsids: "+ bagOfSsids.size());
  40.195 -
  40.196 -  /* Get the number of partitions */
  40.197 -  for (int i = 0; i < bagOfSsids.size(); i++)
  40.198 -  {
  40.199 -	SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
  40.200 -
  40.201 -	if (null == entry.vlans)
  40.202 -	  continue;
  40.203 -
  40.204 -	Enumeration e = entry.vlans.elements(); 
  40.205 -	while (e.hasMoreElements())
  40.206 -	{
  40.207 -  	  String id = (String) e.nextElement(); 
  40.208 -      	  printDebug(" gVS:: vlan: " + id + "has ste ssid: " + entry.steSsidPosition);
  40.209 -	  if (-1 == entry.steSsidPosition)
  40.210 -		continue;  
  40.211 -
  40.212 -	  /* Only use ste for vlan */
  40.213 -	  SsidsEntry  ssidsObj = new SsidsEntry();
  40.214 -
  40.215 -	  ssidsObj.id = Integer.parseInt(id); 
  40.216 -	  ssidsObj.ste = entry.steSsidPosition;
  40.217 -
  40.218 -	  if (vlanSsid.contains(id))
  40.219 -      	  	printDebug(" gVS:: Error already in the Hash part:" + ssidsObj.id);
  40.220 -	  else 
  40.221 - 		vlanSsid.put(id, ssidsObj);
  40.222 -      	  	printDebug(" gVS:: added part: " + id + "has ste ssid: " + entry.steSsidPosition);
  40.223 -	}
  40.224 -  }
  40.225 -
  40.226 -  /* allocate array */ 
  40.227 -  int numOfVlan = vlanSsid.size();
  40.228 -  int totalSize = (numOfVlan * vlanEntrySz);  
  40.229 -
  40.230 -  if (0 == numOfVlan) 
  40.231 -  {
  40.232 -  	printDebug(" gVS:: vlan: binary ==> zero");
  40.233 -        return new byte[0];
  40.234 -  }
  40.235 -
  40.236 -  byte[] vlanArray = new byte[totalSize];
  40.237 -
  40.238 -  int index = 0;
  40.239 -
  40.240 -  Enumeration e = vlanSsid.elements(); 
  40.241 -  while (e.hasMoreElements())
  40.242 -  {
  40.243 -  	SsidsEntry entry = (SsidsEntry) e.nextElement(); 
  40.244 -      	printDebug(" gVS:: part: " + entry.id + " ste ssid: " + entry.ste);
  40.245 -
  40.246 -	/* Write id */
  40.247 -   	writeShortToStream(vlanArray,(short)entry.id,index);
  40.248 -	index = index + u16Size;
  40.249 -
  40.250 -	/* write ste ssid */
  40.251 -   	writeShortToStream(vlanArray,(short) entry.ste,index);
  40.252 -	index = index + u16Size;
  40.253 -  }
  40.254 -
  40.255 -  printDebug(" gVS:: vlan: num of vlans  " + numOfVlan);
  40.256 -  printDebug(" gVS:: vlan: binary ==> Length "+ vlanArray.length);
  40.257 -
  40.258 -  if (debug) 
  40.259 -	printHex(vlanArray,vlanArray.length);
  40.260 -  printDebug("\n");
  40.261 -
  40.262 -  return vlanArray; 
  40.263 - }  
  40.264 -
  40.265 - public byte[] generateSlotSsids(Vector bagOfSsids)
  40.266 -  throws Exception
  40.267 - {
  40.268 -  /**
  40.269 -        typedef struct {
  40.270 -        u16 slot_max;
  40.271 -        u16 slot_offset;
  40.272 -        } acm_slot_buffer_t;
  40.273 -
  40.274 -        typedef struct {
  40.275 -        u16 bus;
  40.276 -        u16 slot;
  40.277 -        u16 ssid_ste;
  40.278 -        } acm_slot_entry_t;
  40.279 -  **/
  40.280 -  Hashtable  slotSsid = new Hashtable();
  40.281 -  printDebug(" gSS::Size of bagOfSsids: "+ bagOfSsids.size());
  40.282 -
  40.283 -  /* Find the number of VMs */ 
  40.284 -  for (int i = 0; i < bagOfSsids.size(); i++)
  40.285 -  {
  40.286 -	SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
  40.287 -
  40.288 -	if (null == entry.slots)
  40.289 -	  continue;
  40.290 -
  40.291 -	Enumeration e = entry.slots.elements(); 
  40.292 -	while (e.hasMoreElements())
  40.293 -	{
  40.294 -  	  SlotInfo item = (SlotInfo) e.nextElement(); 
  40.295 -      	  printDebug(" gSS:: bus slot: " + item.bus + " "+ item.slot + " " +  entry.steSsidPosition);
  40.296 -	  if (-1 == entry.steSsidPosition)
  40.297 -		continue;  
  40.298 -
  40.299 -	  SsidsEntry  ssidsObj = new SsidsEntry();
  40.300 -
  40.301 -	  String id = item.bus +" "+item.slot;
  40.302 -	  ssidsObj.bus = Integer.parseInt(item.bus); 
  40.303 -	  ssidsObj.slot = Integer.parseInt(item.slot); 
  40.304 -	  /* set ste ssid */
  40.305 -	  ssidsObj.ste = entry.steSsidPosition;
  40.306 -
  40.307 -	  if (slotSsid.contains(id))
  40.308 -      	  	printDebug(" gSS:: Error already in the Hash part:" + id);
  40.309 -	  else 
  40.310 -	  	slotSsid.put(id, ssidsObj);
  40.311 -
  40.312 -      	  	printDebug(" gSS:: added slot: " + id + "has ste ssid: " + entry.steSsidPosition);
  40.313 -	}
  40.314 -  }
  40.315 -
  40.316 -  /* allocate array */
  40.317 -  int numOfSlot = slotSsid.size();
  40.318 -
  40.319 -  if (0 == numOfSlot) 
  40.320 -  {
  40.321 -  	printDebug(" gVS:: slot: binary ==> zero");
  40.322 -        return new byte[0];
  40.323 -  }
  40.324 -
  40.325 -  int totalSize = (numOfSlot * slotEntrySz);  
  40.326 -
  40.327 -  byte[] slotArray = new byte[totalSize];
  40.328 -
  40.329 -  int index = 0;
  40.330 -
  40.331 -  Enumeration e = slotSsid.elements(); 
  40.332 -  while (e.hasMoreElements())
  40.333 -  {
  40.334 -  	SsidsEntry entry = (SsidsEntry) e.nextElement(); 
  40.335 -      	System.out.println(" gSS:: bus slot: " + entry.bus + " " + entry.slot + " ste ssid: " + entry.ste);
  40.336 -
  40.337 -	/* Write bus */
  40.338 -   	writeShortToStream(slotArray,(short)entry.bus,index);
  40.339 -	index = index + u16Size;
  40.340 -
  40.341 -	/* Write slot */ 
  40.342 -   	writeShortToStream(slotArray,(short)entry.slot,index);
  40.343 -	index = index + u16Size;
  40.344 -
  40.345 -	/* Write ste ssid */
  40.346 -   	writeShortToStream(slotArray,(short) entry.ste,index);
  40.347 -	index = index + u16Size;
  40.348 -
  40.349 -  }
  40.350 -   
  40.351 -  printDebug(" gSS:: slot: num of vlans  " + numOfSlot);
  40.352 -  printDebug(" gSS:: slot: binary ==> Length "+ slotArray.length);
  40.353 -
  40.354 -  if (debug) 
  40.355 - 	 printHex(slotArray,slotArray.length);
  40.356 -  printDebug("\n");
  40.357 -
  40.358 -  return slotArray; 
  40.359 -
  40.360 - }  
  40.361 -
  40.362 - public byte[] generatePartSsids(Vector bagOfSsids, Vector bagOfChwSsids)
  40.363 -  throws Exception
  40.364 - {
  40.365 -  /**
  40.366 -        typedef struct {
  40.367 -        u16 id;
  40.368 -        u16 ssid_ste;
  40.369 -        u16 ssid_chwall;
  40.370 -        } acm_partition_entry_t;
  40.371 -
  40.372 -  **/
  40.373 -  Hashtable  partSsid = new Hashtable();
  40.374 -  printDebug(" gPS::Size of bagOfSsids: "+ bagOfSsids.size());
  40.375 -
  40.376 -  /* Find the number of VMs */ 
  40.377 -  for (int i = 0; i < bagOfSsids.size(); i++)
  40.378 -  {
  40.379 -	SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
  40.380 -
  40.381 -	if (null == entry.ids)
  40.382 -	  continue;
  40.383 -
  40.384 -	Enumeration e = entry.ids.elements(); 
  40.385 -	while (e.hasMoreElements())
  40.386 -	{
  40.387 -  	  String id = (String) e.nextElement(); 
  40.388 -      	  printDebug(" gPS:: part: " + id + "has ste ssid: " + entry.steSsidPosition);
  40.389 -	  if (-1 == entry.steSsidPosition)
  40.390 -		continue;  
  40.391 -
  40.392 -	  SsidsEntry  ssidsObj = new SsidsEntry();
  40.393 -
  40.394 -	  ssidsObj.id = Integer.parseInt(id); 
  40.395 -	  ssidsObj.ste = entry.steSsidPosition;
  40.396 -
  40.397 -	  if (partSsid.contains(id))
  40.398 -      	  	printDebug(" gPS:: Error already in the Hash part:" + ssidsObj.id);
  40.399 -	  else 
  40.400 - 		partSsid.put(id, ssidsObj);
  40.401 -      	  	printDebug(" gPS:: added part: " + id + "has ste ssid: " + entry.steSsidPosition);
  40.402 -	}
  40.403 -
  40.404 -  }
  40.405 -
  40.406 -  for (int i = 0; i < bagOfChwSsids.size(); i++)
  40.407 -  {
  40.408 -	SecurityLabel entry = (SecurityLabel) bagOfChwSsids.elementAt(i);
  40.409 -
  40.410 -	Enumeration e = entry.chwIDs.elements(); 
  40.411 -	while (e.hasMoreElements())
  40.412 -	{
  40.413 -  	  String id = (String) e.nextElement(); 
  40.414 -      	  printDebug(" gPS:: part: " + id + "has chw ssid: " + entry.chwSsidPosition);
  40.415 -	  if (partSsid.containsKey(id))
  40.416 -	  {
  40.417 -		SsidsEntry item = (SsidsEntry) partSsid.get(id);
  40.418 -		item.chw = entry.chwSsidPosition;
  40.419 -      	  	printDebug(" gPS:: added :" + item.id +" chw: " + item.chw);
  40.420 -	  }
  40.421 -	  else 
  40.422 -	  {
  40.423 -      	  	printDebug(" gPS:: creating :" + id +" chw: " + entry.chwSsidPosition);
  40.424 -	  	SsidsEntry  ssidsObj = new SsidsEntry();
  40.425 -	  	ssidsObj.id = Integer.parseInt(id); 
  40.426 -	  	ssidsObj.chw = entry.chwSsidPosition;
  40.427 - 		partSsid.put(id, ssidsObj);
  40.428 -
  40.429 -	  }
  40.430 -	}
  40.431 -  }	  
  40.432 -
  40.433 -  /* Allocate array */
  40.434 -  int numOfPar = partSsid.size();
  40.435 -  int totalSize =  (numOfPar * partitionEntrySz);  
  40.436 -
  40.437 -  if (0 == numOfPar) 
  40.438 -  {
  40.439 -  	printDebug(" gPS:: part: binary ==> zero");
  40.440 -        return new byte[0];
  40.441 -  }
  40.442 -
  40.443 -  byte[] partArray = new byte[totalSize];
  40.444 -
  40.445 -  int index = 0;
  40.446 -
  40.447 -  Enumeration e = partSsid.elements(); 
  40.448 -  while (e.hasMoreElements())
  40.449 -  {
  40.450 -  	SsidsEntry entry = (SsidsEntry) e.nextElement(); 
  40.451 -      	printDebug(" gPS:: part: " + entry.id + " ste ssid: " + entry.ste + " chw ssid: "+ entry.chw);
  40.452 -
  40.453 -	/* Write id */
  40.454 -   	writeShortToStream(partArray,(short)entry.id,index);
  40.455 -	index = index + u16Size;
  40.456 -
  40.457 -	/* Write ste ssid */
  40.458 -   	writeShortToStream(partArray,(short) entry.ste,index);
  40.459 -	index = index + u16Size;
  40.460 -
  40.461 -	/* Write chw ssid */
  40.462 -   	writeShortToStream(partArray,(short) entry.chw,index);
  40.463 -	index = index + u16Size;
  40.464 -  }
  40.465 -
  40.466 -  printDebug(" gPS:: part: num of partitions  " + numOfPar);
  40.467 -  printDebug(" gPS:: part: binary ==> Length " + partArray.length);
  40.468 -
  40.469 -  if (debug) 
  40.470 -	printHex(partArray,partArray.length);
  40.471 -  printDebug("\n");
  40.472 -   
  40.473 -   return partArray; 
  40.474 - }
  40.475 -
  40.476 - public  byte[] GenBinaryPolicyBuffer(byte[] chwPolicy, byte[] stePolicy, byte [] partMap, byte[] vlanMap, byte[] slotMap)
  40.477 - {
  40.478 -  byte[] binBuffer;
  40.479 -  short chwSize =0;
  40.480 -  short steSize =0;
  40.481 -  int	index = 0;
  40.482 -
  40.483 -  /* Builds data structure acm_policy_buffer_t */
  40.484 -  /* Get number of colorTypes */
  40.485 -  if (null != chwPolicy)
  40.486 -	chwSize = (short) chwPolicy.length;
  40.487 -
  40.488 -  if (null != stePolicy)
  40.489 -    	steSize = (short) stePolicy.length;
  40.490 -
  40.491 -  int totalDataSize = chwSize + steSize + resourceOffsetSz +  3 *(2 * u16Size);
  40.492 -
  40.493 -  /*  Add vlan and slot */ 
  40.494 -  totalDataSize = totalDataSize +partMap.length + vlanMap.length + slotMap.length; 
  40.495 -  binBuffer = new byte[binaryBufferHeaderSz +totalDataSize];
  40.496 -	
  40.497 -
  40.498 -  try {
  40.499 -	  index = 0;
  40.500 -	  /* fill in General Policy Version */
  40.501 -	  writeIntToStream(binBuffer, ACM_POLICY_VERSION, index);
  40.502 -	  index += u32Size;
  40.503 -
  40.504 -	  /* Write magic */
  40.505 -	  writeIntToStream(binBuffer, ACM_MAGIC, index);
  40.506 -	  index += u32Size;
  40.507 -
  40.508 -	  /* write len */
  40.509 -	  writeIntToStream(binBuffer, binBuffer.length, index);
  40.510 -	  index += u32Size;
  40.511 -
  40.512 -  } catch (IOException ee) {
  40.513 -	  System.out.println(" GBPB:: got exception : " + ee);
  40.514 -	  return null;
  40.515 -  }
  40.516 -
  40.517 -  int offset, address;
  40.518 -  address = index;
  40.519 -
  40.520 -  if (null != partMap) 
  40.521 -	  offset = binaryBufferHeaderSz + resourceOffsetSz;
  40.522 -  else
  40.523 -	  offset = binaryBufferHeaderSz;
  40.524 -
  40.525 -  try {
  40.526 -	  int skip = 0;
  40.527 -
  40.528 -	  /* init with NULL policy setting */
  40.529 -	  writeIntToStream(binBuffer, ACM_NULL_POLICY, index);
  40.530 -	  writeIntToStream(binBuffer, 0, index + u32Size);
  40.531 -	  writeIntToStream(binBuffer, ACM_NULL_POLICY, index + 2*u32Size);
  40.532 -	  writeIntToStream(binBuffer, 0, index + 3*u32Size);
  40.533 -	  
  40.534 -	  index = address;
  40.535 -	  if (null != chwPolicy) {
  40.536 -	  
  40.537 -		  /* Write policy name */
  40.538 -		  writeIntToStream(binBuffer, ACM_CHINESE_WALL_POLICY, index);
  40.539 -		  index += u32Size;
  40.540 -
  40.541 -		  /* Write offset */
  40.542 -		  writeIntToStream(binBuffer, offset, index);
  40.543 -		  index += u32Size;
  40.544 -
  40.545 -		  /* Write payload. No need increment index */
  40.546 -		  address = offset;
  40.547 -		  System.arraycopy(chwPolicy, 0, binBuffer,address, chwPolicy.length);
  40.548 -		  address = address + chwPolicy.length;
  40.549 -	  } else
  40.550 -		  skip += 2*u32Size;
  40.551 -
  40.552 -	  if (null != stePolicy) 
  40.553 -	  {	
  40.554 -	  	/* Write policy name */
  40.555 -	  	writeIntToStream(binBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, index);
  40.556 -  	  	index += u32Size;
  40.557 -
  40.558 -	  	/* Write offset */
  40.559 -	  	writeIntToStream(binBuffer, address, index);
  40.560 -  	  	index += u32Size;
  40.561 -
  40.562 -		/* Copy array */
  40.563 -	  	System.arraycopy(stePolicy, 0, binBuffer,address, stePolicy.length);
  40.564 -		/* Update address */
  40.565 -		address = address + stePolicy.length;
  40.566 -	  } else
  40.567 -		 skip += 2*u32Size;
  40.568 -
  40.569 -	  /* Skip writing policy name and offset for each null policy*/
  40.570 -	  index +=  skip;
  40.571 -
  40.572 -	  int size;
  40.573 -	  /* Assumes that you will always have a partition defined in policy */
  40.574 -	  if ( 0 < partMap.length) {
  40.575 -		  writeIntToStream(binBuffer, address, index);
  40.576 -		  index = address;
  40.577 -
  40.578 -		  /* Compute num of VMs */
  40.579 -		  size = partMap.length / (3 * u16Size);
  40.580 -
  40.581 -		  writeShortToStream(binBuffer, (short)size,index);
  40.582 -		  index = index + u16Size;
  40.583 -
  40.584 -		  /* part, vlan and slot: each one consists of two entries */
  40.585 -		  offset = 3 * (2 * u16Size);
  40.586 -		  writeShortToStream(binBuffer, (short) offset,index);
  40.587 -
  40.588 -		  /* Write partition array at offset */
  40.589 -		  System.arraycopy(partMap, 0, binBuffer,(offset + address), partMap.length);
  40.590 -		  index = index + u16Size;
  40.591 -		  offset = offset + partMap.length;
  40.592 -	  }
  40.593 -
  40.594 -	  if ( 0 < vlanMap.length) {
  40.595 -		  size = vlanMap.length / (2 * u16Size);
  40.596 -		  writeShortToStream(binBuffer, (short) size,index);
  40.597 -		  index = index + u16Size;
  40.598 -
  40.599 -		  writeShortToStream(binBuffer, (short) offset,index);
  40.600 -		  index = index + u16Size;
  40.601 -		  System.arraycopy(vlanMap, 0, binBuffer,(offset + address), vlanMap.length);
  40.602 -	  } else {
  40.603 -		  /* Write vlan max */
  40.604 -		  writeShortToStream(binBuffer, (short) 0,index);
  40.605 -		  index = index + u16Size;
  40.606 - 
  40.607 -		  /* Write vlan offset */
  40.608 -		  writeShortToStream(binBuffer, (short) 0,index);
  40.609 -		  index = index + u16Size;
  40.610 -	  }
  40.611 -
  40.612 -	  offset = offset + vlanMap.length;
  40.613 -	  if ( 0 < slotMap.length) {
  40.614 -		  size = slotMap.length / (3 * u16Size);
  40.615 -		  writeShortToStream(binBuffer, (short) size,index);
  40.616 -		  index = index + u16Size;
  40.617 -
  40.618 -		  writeShortToStream(binBuffer, (short) offset,index);
  40.619 -		  index = index + u16Size;
  40.620 -		  System.arraycopy(slotMap, 0, binBuffer,(offset + address), slotMap.length);
  40.621 -	  }
  40.622 -  } catch (IOException ee) {
  40.623 -	  System.out.println(" GBPB:: got exception : " + ee);
  40.624 -	  return null;
  40.625 -  }
  40.626 -
  40.627 -  printDebug(" GBP:: Binary Policy ==> length " + binBuffer.length);
  40.628 -  if (debug)
  40.629 -	  printHex(binBuffer,binBuffer.length);
  40.630 -
  40.631 -  return  binBuffer;
  40.632 - } 
  40.633 -
  40.634 - public  byte[] generateChwBuffer(Vector Ssids, Vector ConflictSsids, Vector ColorTypes)
  40.635 - {
  40.636 -  byte[] chwBuffer;
  40.637 -  int index = 0;
  40.638 -  int position = 0;
  40.639 -
  40.640 -  /* Get number of rTypes */
  40.641 -  int maxTypes = ColorTypes.size();
  40.642 -
  40.643 -  /* Get number of SSids entry */
  40.644 -  int maxSsids = Ssids.size();
  40.645 -
  40.646 -  /* Get number of conflict sets */
  40.647 -  int maxConflict = ConflictSsids.size();
  40.648 -
  40.649 -   
  40.650 -  if (maxTypes * maxSsids == 0)
  40.651 -	return null; 
  40.652 -  /*
  40.653 -     data structure acm_chwall_policy_buffer
  40.654 -     se XmlToBinInterface.java
  40.655 -  */
  40.656 -  int totalBytes = chwHeaderSize  + u16Size *(maxTypes * (maxSsids + maxConflict)); 
  40.657 -
  40.658 -  chwBuffer = new byte[ totalBytes ];
  40.659 -  int address = chwHeaderSize + (u16Size * maxTypes * maxSsids );
  40.660 -
  40.661 -  printDebug(" gCB:: chwall totalbytes : "+totalBytes); 
  40.662 -
  40.663 -  try {
  40.664 -	  index = 0;
  40.665 -	  /* fill in General Policy Version */
  40.666 -	  writeIntToStream(chwBuffer, ACM_CHWALL_VERSION, index);
  40.667 -	  index += u32Size;
  40.668 -
  40.669 -	  writeIntToStream(chwBuffer, ACM_CHINESE_WALL_POLICY, index);
  40.670 -	  index += u32Size;
  40.671 -
  40.672 -	  writeIntToStream(chwBuffer, maxTypes, index);
  40.673 -	  index += u32Size;
  40.674 -
  40.675 -	  writeIntToStream(chwBuffer, maxSsids, index);
  40.676 -	  index += u32Size;
  40.677 -
  40.678 -	  writeIntToStream(chwBuffer, maxConflict, index);
  40.679 -	  index += u32Size;
  40.680 -
  40.681 -	  /*  Write chwall_ssid_offset */
  40.682 -	  writeIntToStream(chwBuffer, chwHeaderSize, index);
  40.683 -	  index += u32Size;
  40.684 -
  40.685 -	  /* Write chwall_conflict_sets_offset */
  40.686 -	  writeIntToStream(chwBuffer, address, index);
  40.687 -	  index += u32Size;
  40.688 -
  40.689 -	  /*  Write chwall_running_types_offset */
  40.690 -	  writeIntToStream(chwBuffer, 0, index);
  40.691 -	  index += u32Size;
  40.692 -
  40.693 -	  /*  Write chwall_conflict_aggregate_offset */
  40.694 -	  writeIntToStream(chwBuffer, 0, index);
  40.695 -	  index += u32Size;
  40.696 -
  40.697 -  } catch (IOException ee) {
  40.698 -    	System.out.println(" gCB:: got exception : " + ee); 
  40.699 -	return null;
  40.700 -  }
  40.701 -  int markPos = 0;
  40.702 -
  40.703 -  /* Create the SSids entry */
  40.704 -  for (int i = 0; i < maxSsids; i++)
  40.705 -  {
  40.706 -	SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i);
  40.707 -   	/* Get chwall types */
  40.708 -	ssidEntry.chwSsidPosition = i;
  40.709 -	Enumeration e = ssidEntry.chwTypes.elements(); 
  40.710 -	while (e.hasMoreElements())
  40.711 -	{
  40.712 -  	  String typeName = (String) e.nextElement(); 
  40.713 -      	  printDebug(" gCB:: Ssid "+ i+ ": has type : " + typeName);
  40.714 -	  position = ColorTypes.indexOf(typeName);
  40.715 -
  40.716 -	  if (position < 0) 
  40.717 -	  {
  40.718 -      	  	System.out.println (" gCB:: Error type : " + typeName + " not found in ColorTypes"); 
  40.719 -		return null; 
  40.720 -	  }
  40.721 -   	  printDebug(" GCB:: type : " + typeName + "  found in ColorTypes at position: " + position); 
  40.722 -	  markPos = ((i * maxTypes + position) * u16Size) + index;	
  40.723 -
  40.724 -	  try {
  40.725 -	  	writeShortToStream(chwBuffer,markSymbol,markPos);
  40.726 -  	  } catch (IOException ee) {
  40.727 -   	  	System.out.println(" gCB:: got exception : "); 
  40.728 -		return null; 
  40.729 -  	  }
  40.730 -	}
  40.731 -  }
  40.732 -
  40.733 -  if (debug) 
  40.734 -      printHex(chwBuffer,chwBuffer.length);
  40.735 -
  40.736 -  /* Add conflict set */
  40.737 -  index = address;
  40.738 -  for (int i = 0; i < maxConflict; i++)
  40.739 -  {
  40.740 -   	/* Get ste types */
  40.741 -	Vector entry = (Vector) ConflictSsids.elementAt(i);
  40.742 -	Enumeration e = entry.elements(); 
  40.743 -	while (e.hasMoreElements())
  40.744 -	{
  40.745 -  	  String typeName = (String) e.nextElement(); 
  40.746 -      	  printDebug (" GCB:: conflict Ssid "+ i+ ": has type : " + typeName);
  40.747 -	  position = ColorTypes.indexOf(typeName);
  40.748 -
  40.749 -	  if (position < 0) 
  40.750 -	  {
  40.751 -      	  	System.out.println (" GCB:: Error type : " + typeName + " not found in ColorTypes"); 
  40.752 -		return null; 
  40.753 -	  }
  40.754 -   	  printDebug(" GCB:: type : " + typeName + "  found in ColorTypes at position: " + position); 
  40.755 -	  markPos = ((i * maxTypes + position) * u16Size) + index;	
  40.756 -
  40.757 -	  try {
  40.758 -	  	writeShortToStream(chwBuffer,markSymbol,markPos);
  40.759 -  	  } catch (IOException ee) {
  40.760 -   	  	System.out.println(" GCB:: got exception : "); 
  40.761 -		return null; 
  40.762 -  	  }
  40.763 -	}
  40.764 -		
  40.765 -  } 
  40.766 -  printDebug(" gSB:: chw binary  ==> Length " + chwBuffer.length); 
  40.767 -  if (debug) 
  40.768 -   	printHex(chwBuffer,chwBuffer.length);
  40.769 -  printDebug("\n");
  40.770 -
  40.771 -  return chwBuffer;
  40.772 - }
  40.773 -
  40.774 -/**********************************************************************
  40.775 - Generate byte representation of policy using type information
  40.776 - <p>
  40.777 - @param Ssids    	      	Vector
  40.778 - @param ColorTypes         	Vector
  40.779 - <p>
  40.780 - @return bytes represenation of simple type enforcement policy 
  40.781 -**********************************************************************/
  40.782 - public  byte[] generateSteBuffer(Vector Ssids, Vector ColorTypes)
  40.783 - {
  40.784 -  byte[] steBuffer;
  40.785 -  int index = 0;
  40.786 -  int position = 0;
  40.787 -
  40.788 -  /* Get number of colorTypes */
  40.789 -  int numColorTypes = ColorTypes.size();
  40.790 -
  40.791 -  /* Get number of SSids entry */
  40.792 -  int numSsids = Ssids.size();
  40.793 -   
  40.794 -  if (numColorTypes * numSsids == 0)
  40.795 -	return null; 
  40.796 -
  40.797 -  /* data structure: acm_ste_policy_buffer
  40.798 -   * see XmlToBinInterface.java
  40.799 -   * total bytes: steHeaderSize * 2B + colorTypes(size) * Ssids(size)
  40.800 -   * 
  40.801 -  */
  40.802 -  steBuffer = new byte[ steHeaderSize + (numColorTypes * numSsids) * 2];
  40.803 -
  40.804 -  try {
  40.805 -	
  40.806 -	  index = 0;
  40.807 -	  writeIntToStream(steBuffer, ACM_STE_VERSION, index);
  40.808 -	  index += u32Size;
  40.809 -
  40.810 -	  writeIntToStream(steBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, index);
  40.811 -	  index += u32Size;
  40.812 -
  40.813 -	  writeIntToStream(steBuffer, numColorTypes, index);
  40.814 -	  index += u32Size;
  40.815 -
  40.816 -	  writeIntToStream(steBuffer, numSsids, index);
  40.817 -	  index += u32Size;
  40.818 -
  40.819 -	  writeIntToStream(steBuffer, steHeaderSize, index);
  40.820 -	  index += u32Size;
  40.821 -
  40.822 -
  40.823 -  } catch (IOException ee) {
  40.824 -	System.out.println(" gSB:: got exception : " + ee); 
  40.825 -	return null; 
  40.826 -  }
  40.827 -  int markPos = 0;
  40.828 -  for (int i = 0; i < numSsids; i++)
  40.829 -  {
  40.830 -	
  40.831 -	SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i);
  40.832 -	ssidEntry.steSsidPosition = i;
  40.833 -   	/* Get ste types */
  40.834 -	Enumeration e = ssidEntry.steTypes.elements(); 
  40.835 -	while (e.hasMoreElements())
  40.836 -	{
  40.837 -  	  String typeName = (String) e.nextElement(); 
  40.838 -      	  printDebug (" gSB:: Ssid "+ i+ ": has type : " + typeName);
  40.839 -	  position = ColorTypes.indexOf(typeName);
  40.840 -
  40.841 -	  if (position < 0) 
  40.842 -	  {
  40.843 -      	  	printDebug(" gSB:: Error type : " + typeName + " not found in ColorTypes"); 
  40.844 -		return null; 
  40.845 -	  }
  40.846 -   	  printDebug(" gSB:: type : " + typeName + "  found in ColorTypes at position: " + position); 
  40.847 -	  markPos = ((i * numColorTypes + position) * u16Size) + index;	
  40.848 -
  40.849 -	  try {
  40.850 -	  	writeShortToStream(steBuffer,markSymbol,markPos);
  40.851 -  	  } catch (IOException ee)
  40.852 -  	  {
  40.853 -   	  	System.out.println(" gSB:: got exception : "); 
  40.854 -		return null; 
  40.855 -  	  }
  40.856 -	}
  40.857 -		
  40.858 -  } 
  40.859 -
  40.860 -  printDebug(" gSB:: ste binary  ==> Length " + steBuffer.length); 
  40.861 -  if (debug) 
  40.862 - 	printHex(steBuffer,steBuffer.length);
  40.863 -  printDebug("\n");
  40.864 -
  40.865 -  return steBuffer;
  40.866 - }
  40.867 -
  40.868 - public static  void printHex(byte [] dataArray, int length)
  40.869 - {
  40.870 -  char[] hexChars = {'0', '1', '2', '3', '4', '5', '6', '7',
  40.871 -                '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
  40.872 -  int hexIndex;
  40.873 -  int value;
  40.874 -  int arraylength;
  40.875 -
  40.876 -  arraylength = length;
  40.877 -
  40.878 -  if (dataArray == null)
  40.879 -  {
  40.880 -        System.err.print("printHex: input byte array is null");
  40.881 -  }
  40.882 -
  40.883 -  if (length > dataArray.length || length < 0)
  40.884 -        arraylength = dataArray.length;
  40.885 -
  40.886 -  System.out.print("\n\t");
  40.887 -
  40.888 -  int i;
  40.889 -  for(i = 0; i < arraylength; )
  40.890 -  {
  40.891 -        value = dataArray[i] & 0xFF;
  40.892 -        hexIndex = (value >>> 4);
  40.893 -        System.out.print(hexChars[hexIndex]);
  40.894 -        hexIndex = (value & 0x0F);
  40.895 -        System.out.print(hexChars[hexIndex]);
  40.896 -
  40.897 -        i++;
  40.898 -        /* if done, print a final newline */
  40.899 -        if (i == arraylength) {
  40.900 -            if (arraylength < dataArray.length) {
  40.901 -                System.out.print("...");
  40.902 -            }
  40.903 -            System.out.println();
  40.904 -        }
  40.905 -        else if ((i % 24) == 0) {
  40.906 -            System.out.print("\n\t");
  40.907 -        }
  40.908 -        else if ((i % 4) == 0) {
  40.909 -                System.out.print(" ");
  40.910 -        }
  40.911 -  }
  40.912 -
  40.913 -  return;
  40.914 - }
  40.915 -
  40.916 -  
  40.917 - private void writeShortToStream(byte[] stream, short value, int index)
  40.918 -  throws IOException
  40.919 - {
  40.920 -  int littleEndian = 0;
  40.921 -  int byteVal;
  40.922 -
  40.923 -  if (index + 2 > stream.length)
  40.924 -  {
  40.925 -      throw new IOException("Writing beyond stream length: " +
  40.926 -                            stream.length + " writing at locations from: " + index + " to " + (index + 4));
  40.927 -  }
  40.928 -
  40.929 -  if (!LittleEndian)
  40.930 -  {
  40.931 -
  40.932 -	byteVal = value >> 8;
  40.933 -	stream[index ] = (byte) byteVal;
  40.934 -
  40.935 -	byteVal = value;
  40.936 -	stream[index + 1] = (byte) byteVal;
  40.937 -  } else {
  40.938 -	stream[index]  = (byte) ((value & 0x00ff) );
  40.939 -	stream[index + 1]  = (byte) ((value & 0xff00) >> 8);
  40.940 - }
  40.941 -  return;
  40.942 - }
  40.943 -
  40.944 - private void writeIntToStream(byte[] stream, int value, int index)
  40.945 -  throws IOException
  40.946 - {
  40.947 -  int littleEndian = 0;
  40.948 -  int byteVal;
  40.949 -
  40.950 -  if (4 > stream.length)
  40.951 -  {
  40.952 -      throw new IOException("writeIntToStream: stream length less than 4 bytes " +
  40.953 -                            stream.length);
  40.954 -  }
  40.955 -
  40.956 -  /* Do not Write beyond range */
  40.957 -  if (index + 4 > stream.length)
  40.958 -  {
  40.959 -      throw new IOException("writeIntToStream: writing beyond stream length: " +
  40.960 -                            stream.length + " writing at locations from: " + index + " to " + (index + 4));
  40.961 -  }
  40.962 -  if (!LittleEndian)
  40.963 -  {
  40.964 -	byteVal = value >>> 24;
  40.965 -	stream[index] = (byte) byteVal;
  40.966 -
  40.967 -	byteVal = value >> 16;
  40.968 -	stream[index + 1] = (byte) byteVal;
  40.969 -
  40.970 -	byteVal = value >> 8;
  40.971 -	stream[index + 2] = (byte) byteVal;
  40.972 -
  40.973 -	byteVal = value;
  40.974 -	stream[index + 3] = (byte) byteVal;
  40.975 -  } else {
  40.976 -	stream[index] = (byte) value;
  40.977 -	stream[index + 1]  = (byte) ((value & 0x0000ff00) >> 8);
  40.978 -	stream[index + 2]  = (byte) ((value & 0x00ff0000) >> 16);
  40.979 -	stream[index + 3] = (byte) ( value >>> 24);
  40.980 -  }
  40.981 -  return;
  40.982 - }
  40.983 -
  40.984 - public Document getDomTree(String xmlFileName)
  40.985 -  throws Exception, SAXException, ParserConfigurationException
  40.986 - {
  40.987 -  javax.xml.parsers.DocumentBuilderFactory dbf = 
  40.988 -	javax.xml.parsers.DocumentBuilderFactory.newInstance();
  40.989 -
  40.990 -  /* Turn on namespace aware and validation */
  40.991 -  dbf.setNamespaceAware(true);	
  40.992 -  dbf.setValidating(true);	
  40.993 -  dbf.setAttribute(JAXP_SCHEMA_LANGUAGE,W3C_XML_SCHEMA);
  40.994 -
  40.995 -  /* Checks that the document is well-formed */
  40.996 -  javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
  40.997 -
  40.998 -  myHandler errHandler= new myHandler();
  40.999 -  db.setErrorHandler(errHandler);
 40.1000 -  Document doc = db.parse(xmlFileName);
 40.1001 -
 40.1002 -  /* Checks for validation errors */
 40.1003 -  if (errHandler.isValid)
 40.1004 -       printDebug(" gDT:: Xml file: " + xmlFileName + " is valid");
 40.1005 -   else
 40.1006 -      throw new Exception("Xml file: " + xmlFileName + " is NOT valid");
 40.1007 -
 40.1008 -  return doc;
 40.1009 - }  
 40.1010 -
 40.1011 - public void processDomTree(
 40.1012 -	Document doc,
 40.1013 -	Vector bagOfSsids, 	
 40.1014 -	Vector bagOfTypes, 
 40.1015 -	Vector bagOfChwSsids, 
 40.1016 -	Vector bagOfChwTypes, 
 40.1017 -	Vector bagOfConflictSsids)
 40.1018 -  throws Exception, SAXException, ParserConfigurationException
 40.1019 - {
 40.1020 -  boolean found;
 40.1021 -
 40.1022 -  /* print the root Element */
 40.1023 -  Element root = doc.getDocumentElement();
 40.1024 -  printDebug ("\n pDT:: Document Element: Name = " + root.getNodeName() + ",Value = " + root.getNodeValue());
 40.1025 -
 40.1026 -  /* Go through the list of the root Element's Attributes */
 40.1027 -  NamedNodeMap nnm = root.getAttributes();
 40.1028 -  printDebug (" pDT:: # of Attributes: " + nnm.getLength());
 40.1029 -  for (int i = 0; i < nnm.getLength(); i++)
 40.1030 -  {
 40.1031 -         Node n = nnm.item (i);
 40.1032 -        printDebug (" pDT:: Attribute: Name = " + n.getNodeName() + ", Value = " 
 40.1033 -             + n.getNodeValue());
 40.1034 -  }
 40.1035 -
 40.1036 -  /* Retrieve the policy definition */ 
 40.1037 -  NodeList elementList = root.getElementsByTagName ("url");
 40.1038 -  String definitionFileName = elementList.item(0).getFirstChild().getNodeValue();  
 40.1039 -
 40.1040 -  String definitionHash = null;
 40.1041 -
 40.1042 -  /* Note that SecurityPolicySpec.xsd allows for 0 hash value! */
 40.1043 -  elementList = root.getElementsByTagName ("hash");
 40.1044 -  if (0 != elementList.getLength())
 40.1045 -      	definitionHash = elementList.item(0).getFirstChild().getNodeValue();  
 40.1046 -
 40.1047 -  Document definitionDoc = pGetDomDefinition(definitionFileName,definitionHash);
 40.1048 -  pGetTypes(definitionDoc,bagOfTypes, bagOfChwTypes, bagOfConflictSsids);
 40.1049 -
 40.1050 -
 40.1051 -  /* Get VM security information */
 40.1052 -  elementList = root.getElementsByTagName ("VM");
 40.1053 -  printDebug ("\n pDT:: partition length of NodeList:" + elementList.getLength());
 40.1054 -  /* Add default Ssid to Ste and Chw bags */			
 40.1055 -  SecurityLabel defEntry = new SecurityLabel();
 40.1056 -
 40.1057 -  defEntry.chwTypes = new Vector();
 40.1058 -  defEntry.steTypes = new Vector();
 40.1059 -  defEntry.chwIDs = new Vector();
 40.1060 -  defEntry.ids = new Vector();
 40.1061 -
 40.1062 -  defEntry.steSsidPosition =0;
 40.1063 -  defEntry.chwSsidPosition =0;
 40.1064 -  bagOfChwSsids.add(defEntry);
 40.1065 -  bagOfSsids.add(defEntry);
 40.1066 -
 40.1067 -  for (int x = 0; x < elementList.getLength(); x++)
 40.1068 -  {
 40.1069 -	found = false;
 40.1070 -
 40.1071 -        Node node = elementList.item (x);          
 40.1072 -
 40.1073 -	if (node.getNodeType() == Node.ELEMENT_NODE)
 40.1074 -	{
 40.1075 -	  printDebug (" pDT:: child: " + x + " is an element node" );
 40.1076 -	  Element e1 = (Element) node;
 40.1077 -
 40.1078 -  	  /* Get id */
 40.1079 -      	  NodeList elist = e1.getElementsByTagName ("id");
 40.1080 -      	  String idStr = elist.item(0).getFirstChild().getNodeValue();  
 40.1081 -      	  printDebug (" pDT:: id:" + idStr);
 40.1082 -
 40.1083 -	  /* Get TE */
 40.1084 -	  Vector colorTypes = new Vector();
 40.1085 -	  pConflictEntries(e1, "TE", bagOfTypes, colorTypes);
 40.1086 -
 40.1087 -	  Enumeration e = bagOfSsids.elements();
 40.1088 -	  while (e.hasMoreElements())
 40.1089 -	  {
 40.1090 -		SecurityLabel elem = (SecurityLabel) e.nextElement(); 
 40.1091 -		if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes))
 40.1092 -		{
 40.1093 -		  found = true;
 40.1094 -		  elem.ids.add(idStr);
 40.1095 -		}
 40.1096 -		
 40.1097 -	  }
 40.1098 -		if (!found && (0 < colorTypes.size()))
 40.1099 -		{
 40.1100 -		 SecurityLabel entry = new SecurityLabel();
 40.1101 -		 entry.steTypes = colorTypes;
 40.1102 -		 entry.ids = new Vector();
 40.1103 -		 entry.ids.add(idStr);
 40.1104 -		 bagOfSsids.add(entry);
 40.1105 -		}
 40.1106 -
 40.1107 -		/* Get Chinese wall type */
 40.1108 -	 	Vector chwTypes = new Vector();
 40.1109 -		pConflictEntries(e1, "ChWall", bagOfChwTypes, chwTypes);
 40.1110 -
 40.1111 -	        found = false;
 40.1112 -		e = bagOfChwSsids.elements();
 40.1113 -
 40.1114 -		while (e.hasMoreElements())
 40.1115 -		{
 40.1116 -  		  SecurityLabel elem = (SecurityLabel) e.nextElement(); 
 40.1117 -		  if ( elem.chwTypes.size() == chwTypes.size() && elem.chwTypes.containsAll(chwTypes))
 40.1118 -		  {
 40.1119 -		    found = true;
 40.1120 -		    elem.chwIDs.add(idStr);
 40.1121 -		  }
 40.1122 -		
 40.1123 -		}
 40.1124 -
 40.1125 -		if (!found && (0 < chwTypes.size()))
 40.1126 -		{
 40.1127 -		 SecurityLabel entry = new SecurityLabel();
 40.1128 -		 entry.chwTypes = chwTypes;
 40.1129 -		 entry.chwIDs = new Vector();
 40.1130 -		 entry.chwIDs.add(idStr);
 40.1131 -		 bagOfChwSsids.add(entry);
 40.1132 -		}
 40.1133 -      }
 40.1134 -  } 
 40.1135 -  return;
 40.1136 - }
 40.1137 -
 40.1138 - public Document pGetDomDefinition(
 40.1139 -	String definitionFileName, 
 40.1140 -	String definitionHash) 
 40.1141 -  throws Exception, SAXException, ParserConfigurationException
 40.1142 - {
 40.1143 -  printDebug("\n pGDD:: definition file name: " + definitionFileName);
 40.1144 -  printDebug("\n pGDD:: definition file hash: " + definitionHash);
 40.1145 -  
 40.1146 -  Document doc =  getDomTree(definitionFileName);
 40.1147 -  return doc; 
 40.1148 - }
 40.1149 -
 40.1150 - public void pGetTypes(
 40.1151 -	Document defDoc,
 40.1152 -	Vector bagOfTypes, 
 40.1153 -	Vector bagOfChwTypes, 
 40.1154 -	Vector bagOfConflictSsids)
 40.1155 -  throws Exception
 40.1156 - {
 40.1157 -
 40.1158 -
 40.1159 -  if (null == defDoc)
 40.1160 -      throw new Exception(" pGT:: definition file DOM is null ");
 40.1161 -
 40.1162 -  Element root = defDoc.getDocumentElement();
 40.1163 -
 40.1164 -  /* Get list of TE types */
 40.1165 -  NodeList elementList = root.getElementsByTagName ("Types");
 40.1166 -  printDebug ("\n pGT:: Types length of NodeList:" + elementList.getLength());
 40.1167 -  Element e1 = (Element) elementList.item (0);          
 40.1168 -  pGetEntries(e1,"TE",bagOfTypes);
 40.1169 -
 40.1170 -  /* Get list of Chinese types */
 40.1171 -  elementList = root.getElementsByTagName ("ChWallTypes");
 40.1172 -  printDebug ("\n pGT:: ChwTypes length of NodeList:" + elementList.getLength());
 40.1173 -  if (0 ==  elementList.getLength())
 40.1174 -  {
 40.1175 -  	printDebug ("\n pGT:: ChWallTypes has zero length: :" + elementList.getLength());
 40.1176 -  } else {
 40.1177 -	e1 = (Element) elementList.item (0);          
 40.1178 -	pGetEntries(e1,"ChWall",bagOfChwTypes);
 40.1179 -  }
 40.1180 -  printDebug (" pGT:: Total number of unique chw types: " + bagOfChwTypes.size());
 40.1181 -
 40.1182 -  /* Get Chinese type conflict sets */
 40.1183 -  elementList = root.getElementsByTagName ("ConflictSet");
 40.1184 -  printDebug ("\n pGT:: Conflict sets length of NodeList:" + elementList.getLength());
 40.1185 -  for (int x = 0; x < elementList.getLength(); x++)
 40.1186 -  {
 40.1187 - 	Vector conflictEntry  = new Vector();
 40.1188 -  	e1 = (Element) elementList.item (x);          
 40.1189 -  	printDebug ("\n pGT:: Conflict sets : " + x);
 40.1190 -
 40.1191 -	pConflictEntries(e1, "ChWall", bagOfChwTypes, conflictEntry);
 40.1192 -
 40.1193 -	if (conflictEntry.size() > 0)
 40.1194 -	{
 40.1195 -	  boolean found = false;
 40.1196 -	  Enumeration e = bagOfConflictSsids.elements();
 40.1197 -	
 40.1198 -	  while (e.hasMoreElements())
 40.1199 -	  {
 40.1200 -		Vector elem = (Vector) e.nextElement(); 
 40.1201 -		if (elem.size() == conflictEntry.size() && elem.containsAll(conflictEntry))
 40.1202 -	  	{
 40.1203 -	    	  found = true;
 40.1204 -	  	}
 40.1205 -		
 40.1206 -	  }
 40.1207 -	  if (!found)
 40.1208 -	  {
 40.1209 -		bagOfConflictSsids.add(conflictEntry);
 40.1210 -	  }
 40.1211 -  	}
 40.1212 -  }
 40.1213 -
 40.1214 - }
 40.1215 -
 40.1216 - public void  pGetEntries(Element doc, String tag, Vector typeBag)
 40.1217 -  throws Exception
 40.1218 - {
 40.1219 -
 40.1220 -  if (null == doc)
 40.1221 -      throw new Exception(" pGE:: Element doc is null");
 40.1222 -
 40.1223 -  if (null == typeBag)
 40.1224 -      throw new Exception(" pGE:: typeBag  is null");
 40.1225 -
 40.1226 -  NodeList elist = doc.getElementsByTagName (tag);
 40.1227 -  for (int j = 0; j < elist.getLength(); j++)
 40.1228 -  {
 40.1229 -  	Node knode = elist.item (j);          
 40.1230 -       	Node childNode = knode.getFirstChild();     
 40.1231 -       	String value = childNode.getNodeValue();
 40.1232 -
 40.1233 -	printDebug (" pGT:: "+ tag +" type: " + value);
 40.1234 -
 40.1235 -        /* Check if value is known */
 40.1236 -	if (!typeBag.contains(value))
 40.1237 -		typeBag.addElement(value);
 40.1238 -  }
 40.1239 - }
 40.1240 -
 40.1241 - public void  pConflictEntries(Element doc, String tag, Vector typeBag, Vector conflictEntry)
 40.1242 -  throws Exception
 40.1243 - {
 40.1244 -
 40.1245 -  if (null == doc)
 40.1246 -      throw new Exception(" pGE:: Element doc is null");
 40.1247 -
 40.1248 -  if (null == typeBag)
 40.1249 -      throw new Exception(" pGE:: typeBag  is null");
 40.1250 -
 40.1251 -  if (null == conflictEntry)
 40.1252 -      throw new Exception(" pGE:: typeBag  is null");
 40.1253 -
 40.1254 -
 40.1255 -  NodeList elist = doc.getElementsByTagName (tag);
 40.1256 -
 40.1257 -  for (int j = 0; j < elist.getLength(); j++)
 40.1258 -  {
 40.1259 -  	Node knode = elist.item (j);          
 40.1260 -       	Node childNode = knode.getFirstChild();     
 40.1261 -       	String value = childNode.getNodeValue();
 40.1262 -
 40.1263 -	printDebug (" pGE:: "+ tag +" type: " + value);
 40.1264 -
 40.1265 -        /* Check if value is known */
 40.1266 -	if (!typeBag.contains(value))
 40.1267 -      		throw new Exception(" pCE:: found undefined type set " + value);
 40.1268 -
 40.1269 -	if (!conflictEntry.contains(value))
 40.1270 -		conflictEntry.addElement(value);
 40.1271 -
 40.1272 -  }
 40.1273 - }
 40.1274 -
 40.1275 -  public void processDomTreeVlanSlot(
 40.1276 -	Document doc,
 40.1277 -	Vector bagOfSsids, 	
 40.1278 -	Vector bagOfTypes) 	
 40.1279 -  throws Exception
 40.1280 - {
 40.1281 -      boolean found;
 40.1282 -
 40.1283 -  printDebug(" pDTVS::Size of bagOfSsids: "+ bagOfSsids.size());
 40.1284 -  Element root = doc.getDocumentElement();
 40.1285 -
 40.1286 -  NodeList elementList = root.getElementsByTagName ("Vlan");
 40.1287 -  printDebug("\n pDTVS:: Vlan length of NodeList:" + elementList.getLength());
 40.1288 -
 40.1289 -  for (int x = 0; x < elementList.getLength(); x++)
 40.1290 -  {
 40.1291 -	found = false;
 40.1292 -
 40.1293 -        Node node = elementList.item (x);          
 40.1294 -
 40.1295 -	if (node.getNodeType() == Node.ELEMENT_NODE)
 40.1296 -	{
 40.1297 -	  printDebug(" pDTVS:: child: " + x + " is an element node" );
 40.1298 -	  Element e1 = (Element) node;
 40.1299 -
 40.1300 -	  /* Get vid */
 40.1301 -      	  NodeList elist = e1.getElementsByTagName ("vid");
 40.1302 -      	  String idStr = elist.item(0).getFirstChild().getNodeValue();  
 40.1303 -      	  printDebug (" pDTVS:: vid:" + idStr);
 40.1304 -
 40.1305 -	  /* Get TE */
 40.1306 -      	  elist = e1.getElementsByTagName ("TE");
 40.1307 -          printDebug (" pDTVS:: Total ste types: " + elist.getLength());
 40.1308 -
 40.1309 -	  Vector colorTypes = new Vector();
 40.1310 -	  for (int j = 0; j < elist.getLength(); j++)
 40.1311 -	  {
 40.1312 -		Node knode = elist.item (j);          
 40.1313 -        	Node childNode = knode.getFirstChild();     
 40.1314 -        	String value = childNode.getNodeValue();
 40.1315 -
 40.1316 -		printDebug (" pDT:: My color is: " + value);
 40.1317 -		if (!bagOfTypes.contains(value))
 40.1318 -		{
 40.1319 -      		  throw new IOException("pDT:: Vlan: " + idStr+ " has unknown type : "+ value);
 40.1320 -		}
 40.1321 -
 40.1322 -		if (!colorTypes.contains(value))
 40.1323 -		  colorTypes.addElement(value);
 40.1324 -	  }
 40.1325 -	  Enumeration e = bagOfSsids.elements();
 40.1326 -	  while (e.hasMoreElements())
 40.1327 -	  {
 40.1328 -		SecurityLabel elem = (SecurityLabel) e.nextElement(); 
 40.1329 -		if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes))
 40.1330 -		{
 40.1331 -		  found = true;
 40.1332 -		  if (null == elem.vlans)
 40.1333 -			elem.vlans = new Vector();
 40.1334 -		   elem.vlans.add(idStr);
 40.1335 -		}
 40.1336 -		
 40.1337 -	  }
 40.1338 -	  if (!found && (0 < colorTypes.size()))
 40.1339 -	  {
 40.1340 -		 SecurityLabel entry = new SecurityLabel();
 40.1341 -		 entry.steTypes = colorTypes;
 40.1342 -		 entry.vlans = new Vector();
 40.1343 -		 entry.vlans.add(idStr);
 40.1344 -		 bagOfSsids.add(entry);
 40.1345 -	  }
 40.1346 -
 40.1347 -	}
 40.1348 -  } 
 40.1349 -  printDebug(" pDTVS::After slot Size of bagOfSsids: "+ bagOfSsids.size());
 40.1350 -
 40.1351 -  elementList = root.getElementsByTagName ("Slot");
 40.1352 -  printDebug ("\n pDTVS:: Slot length of NodeList:" + elementList.getLength());
 40.1353 -
 40.1354 -  for (int x = 0; x < elementList.getLength(); x++)
 40.1355 -  {
 40.1356 -	found = false;
 40.1357 -
 40.1358 -        Node node = elementList.item (x);          
 40.1359 -
 40.1360 -	if (node.getNodeType() == Node.ELEMENT_NODE)
 40.1361 -	{
 40.1362 -	  printDebug(" pDT:: child: " + x + " is an element node" );
 40.1363 -	  Element e1 = (Element) node;
 40.1364 -
 40.1365 -
 40.1366 -	  /* Get slot and bus */
 40.1367 -	  SlotInfo item = new SlotInfo();
 40.1368 -
 40.1369 -	  NodeList elist = e1.getElementsByTagName ("bus");
 40.1370 -	  item.bus = elist.item(0).getFirstChild().getNodeValue();  
 40.1371 -      	  elist = e1.getElementsByTagName ("slot");
 40.1372 -      	  item.slot = elist.item(0).getFirstChild().getNodeValue();  
 40.1373 -      	  printDebug (" pDT:: bus and slot:" + item.bus + " "+ item.slot);
 40.1374 -
 40.1375 -	  /* Get TE */
 40.1376 -      	  elist = e1.getElementsByTagName ("TE");
 40.1377 -          printDebug (" pDT:: Total ste types: " + elist.getLength());
 40.1378 -
 40.1379 -	  Vector colorTypes = new Vector();
 40.1380 -	  for (int j = 0; j < elist.getLength(); j++)
 40.1381 -	  {
 40.1382 -        	Node knode = elist.item (j);          
 40.1383 -        	Node childNode = knode.getFirstChild();     
 40.1384 -        	String value = childNode.getNodeValue();
 40.1385 -
 40.1386 -		printDebug (" pDT:: My color is: " + value);
 40.1387 -		if (!bagOfTypes.contains(value))
 40.1388 -		{
 40.1389 -		  throw new IOException("pDT:: bus: " + item.bus + " slot: "+ item.slot + " has unknown type : "+ value);
 40.1390 -		}
 40.1391 -
 40.1392 -		if (!colorTypes.contains(value))
 40.1393 -		  colorTypes.addElement(value);
 40.1394 -		}
 40.1395 -
 40.1396 -		Enumeration e = bagOfSsids.elements();
 40.1397 -		while (e.hasMoreElements())
 40.1398 -		{
 40.1399 -  		  SecurityLabel elem = (SecurityLabel) e.nextElement(); 
 40.1400 -		  if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes))
 40.1401 -		  {
 40.1402 -			found = true;
 40.1403 -			if (null == elem.slots)
 40.1404 -			  elem.slots = new Vector();
 40.1405 -			elem.slots.add(item);
 40.1406 -
 40.1407 -		  }
 40.1408 -		
 40.1409 -		}
 40.1410 -
 40.1411 -		if (!found && (0 < colorTypes.size()))
 40.1412 -		{
 40.1413 -		  SecurityLabel entry = new SecurityLabel();
 40.1414 -		  entry.steTypes = colorTypes;
 40.1415 -		  entry.slots = new Vector();
 40.1416 -		  entry.slots.add(item);
 40.1417 -		  bagOfSsids.add(entry);
 40.1418 -		}
 40.1419 -
 40.1420 -	}
 40.1421 -  }
 40.1422 -  return;
 40.1423 - }
 40.1424 -
 40.1425 - public static void main (String[] args) 
 40.1426 - {
 40.1427 -  String xmlFileName = null;        	/* policy file */ 
 40.1428 -  String outputFileName = null;     	/* binary policy file */
 40.1429 -  String xenSsidOutputFileName = null; 	/* outputfile ssid to named types */	
 40.1430 -					/* outputfile conflicts ssid to named types */	
 40.1431 -  String xenSsidConfOutputFileName = null; 	
 40.1432 -
 40.1433 -  XmlToBin genObj = new XmlToBin(); 
 40.1434 -
 40.1435 -  policy_version active_policy = new policy_version();
 40.1436 -
 40.1437 -  if ((active_policy.ACM_POLICY_VERSION != ACM_POLICY_VERSION) ||
 40.1438 -      (active_policy.ACM_CHWALL_VERSION != ACM_CHWALL_VERSION) ||
 40.1439 -      (active_policy.ACM_STE_VERSION != ACM_STE_VERSION)) {
 40.1440 -	  System.out.println("ACM policy versions differ.");
 40.1441 -	  System.out.println("Please verify that data structures are correct");
 40.1442 -	  System.out.println("and then adjust the version numbers in XmlToBinInterface.java.");
 40.1443 -	  return;
 40.1444 -  }
 40.1445 -
 40.1446 -
 40.1447 -  for (int i = 0 ; i < args.length ; i++) {
 40.1448 -
 40.1449 -	if ( args[i].equals("-help"))  {
 40.1450 -          printUsage();
 40.1451 -          System.exit(1);
 40.1452 -
 40.1453 -        } else if ( args[i].equals("-i"))  {
 40.1454 -          i++;
 40.1455 -          if (i < args.length) {
 40.1456 -               xmlFileName = args[i];   
 40.1457 -          } else  {
 40.1458 -                System.out.println("-i argument needs parameter");
 40.1459 -                System.exit(1);
 40.1460 -          }
 40.1461 -
 40.1462 -	} else if ( args[i].equals("-o"))  {
 40.1463 -          i++;
 40.1464 -          if (i < args.length) {
 40.1465 -                outputFileName = args[i];   
 40.1466 -          } else {
 40.1467 -                System.out.println("-o argument needs parameter");
 40.1468 -                System.exit(1);
 40.1469 -          }
 40.1470 -
 40.1471 -	} else if ( args[i].equals("-xssid"))  {
 40.1472 -          i++;
 40.1473 -          if (i < args.length) {
 40.1474 -                 xenSsidOutputFileName = args[i];   
 40.1475 -          } else {
 40.1476 -                System.out.println("-xssid argument needs parameter");
 40.1477 -                System.exit(1);
 40.1478 -          }
 40.1479 -
 40.1480 -	} else if ( args[i].equals("-xssidconf"))  {
 40.1481 -          i++;
 40.1482 -          if (i < args.length) {
 40.1483 -                xenSsidConfOutputFileName = args[i]; 
 40.1484 -          } else {
 40.1485 -                System.out.println("-xssidconf argument needs parameter");
 40.1486 -                System.exit(1);
 40.1487 -          }
 40.1488 -	} else if ( args[i].equals("-debug"))  { /* turn on debug msg */
 40.1489 -	 	genObj.setDebug(true);
 40.1490 -        } else {
 40.1491 -          System.out.println("bad command line argument: " + args[i]);
 40.1492 -          printUsage();
 40.1493 -          System.exit(1);
 40.1494 -        }
 40.1495 -
 40.1496 -  }
 40.1497 -
 40.1498 -  if (xmlFileName == null)
 40.1499 -  { 
 40.1500 -	System.out.println("Need to specify input file -i option");
 40.1501 -        printUsage();
 40.1502 -        System.exit(1);
 40.1503 -  }
 40.1504 -
 40.1505 -
 40.1506 -  try 
 40.1507 -  {
 40.1508 -	/* Parse and validate */
 40.1509 - 	Document doc =  genObj.getDomTree(xmlFileName);
 40.1510 -
 40.1511 -	/* Vectors to hold sets of types */
 40.1512 -	Vector bagOfSsids = new Vector();
 40.1513 -	Vector bagOfTypes = new Vector();
 40.1514 -	Vector bagOfChwSsids = new Vector();
 40.1515 -	Vector bagOfChwTypes = new Vector();
 40.1516 -	Vector bagOfConflictSsids = new Vector();
 40.1517 -
 40.1518 -	Vector vlanMapSsids = new Vector();
 40.1519 -	Vector slotMapSsids = new Vector();
 40.1520 -
 40.1521 -	genObj.processDomTree(doc, bagOfSsids, bagOfTypes, bagOfChwSsids, bagOfChwTypes, bagOfConflictSsids);
 40.1522 -
 40.1523 -	genObj.processDomTreeVlanSlot(doc, bagOfSsids, bagOfTypes);
 40.1524 -
 40.1525 -	/* Get binary representation of policies */
 40.1526 -  	byte[] stePolicy = genObj.generateSteBuffer(bagOfSsids, bagOfTypes);
 40.1527 -  	byte[] chwPolicy = genObj.generateChwBuffer(bagOfChwSsids, bagOfConflictSsids,bagOfChwTypes);
 40.1528 -
 40.1529 -  	byte[] binPolicy = null;
 40.1530 - 	byte[] binaryPartionSsid = null;
 40.1531 -  	byte[] binaryVlanSsid = null;
 40.1532 -  	byte[] binarySlotSsid = null;
 40.1533 -
 40.1534 -	/* Get binary representation of partition to ssid mapping */
 40.1535 -  	binaryPartionSsid = genObj.generatePartSsids(bagOfSsids,bagOfChwSsids);
 40.1536 -
 40.1537 -	/* Get binary representation of vlan to ssid mapping */
 40.1538 -  	binaryVlanSsid = genObj.generateVlanSsids(bagOfSsids);
 40.1539 -
 40.1540 -	/* Get binary representation of slot to ssid mapping */
 40.1541 -  	binarySlotSsid = genObj.generateSlotSsids(bagOfSsids);
 40.1542 -
 40.1543 -	/* Generate binary representation: policy, partition, slot and vlan */
 40.1544 -  	binPolicy = genObj.GenBinaryPolicyBuffer(chwPolicy,stePolicy, binaryPartionSsid, binaryVlanSsid, binarySlotSsid);
 40.1545 -
 40.1546 -
 40.1547 -	/* Write binary policy into file */
 40.1548 -	if (null != outputFileName)
 40.1549 -	{
 40.1550 -  		genObj.writeBinPolicy(binPolicy, outputFileName);
 40.1551 -	} else {
 40.1552 -		System.out.println (" No binary policy generated, outputFileName:  " + outputFileName);
 40.1553 -	}
 40.1554 -
 40.1555 -	/* Print total number of types */
 40.1556 -	System.out.println (" Total number of unique ste types: " + bagOfTypes.size());
 40.1557 -	System.out.println (" Total number of Ssids : " + bagOfSsids.size());
 40.1558 -	System.out.println (" Total number of unique chw types: " + bagOfChwTypes.size());
 40.1559 -	System.out.println (" Total number of conflict ssids : " + bagOfConflictSsids.size());
 40.1560 -	System.out.println (" Total number of chw Ssids : " + bagOfChwSsids.size());
 40.1561 -
 40.1562 -   	if (null != xenSsidOutputFileName)
 40.1563 -  		genObj.writeXenTypeFile(bagOfSsids, xenSsidOutputFileName, true);
 40.1564 -
 40.1565 -   	if (null != xenSsidConfOutputFileName)
 40.1566 -  		genObj.writeXenTypeFile(bagOfChwSsids, xenSsidConfOutputFileName, false);
 40.1567 -    } 
 40.1568 -    catch (Exception e) 
 40.1569 -    {
 40.1570 -      e.printStackTrace();
 40.1571 -    }
 40.1572 -  }
 40.1573 -}
    41.1 --- a/tools/misc/policyprocessor/XmlToBinInterface.java	Fri Aug 19 10:18:53 2005 +0000
    41.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    41.3 @@ -1,138 +0,0 @@
    41.4 -/**
    41.5 - * (C) Copyright IBM Corp. 2005
    41.6 - *
    41.7 - * $Id: XmlToBinInterface.java,v 1.3 2005/06/20 21:07:37 rvaldez Exp $
    41.8 - *
    41.9 - * Author: Ray Valdez
   41.10 - *
   41.11 - * This program is free software; you can redistribute it and/or
   41.12 - * modify it under the terms of the GNU General Public License as
   41.13 - * published by the Free Software Foundation, version 2 of the
   41.14 - * License.
   41.15 - *
   41.16 - * XmlToBinInterface Class.  
   41.17 - * <p>
   41.18 - *
   41.19 - * Defines constants used by XmToBin.
   41.20 - *
   41.21 - * <p>
   41.22 - *
   41.23 - *	policy binary structures
   41.24 - *
   41.25 - * struct acm_policy_buffer {
   41.26 - *	u32 policy_version; * ACM_POLICY_VERSION *
   41.27 - *      u32 magic;
   41.28 - *	u32 len;
   41.29 - *	u32 primary_policy_code;
   41.30 - *	u32 primary_buffer_offset;
   41.31 - *	u32 secondary_policy_code;
   41.32 - *	u32 secondary_buffer_offset;
   41.33 - *      +u32 resource offset (not used yet in Xen)
   41.34 - * };
   41.35 - *
   41.36 - *
   41.37 - * struct acm_ste_policy_buffer {
   41.38 - *	u32 policy_version; * ACM_STE_VERSION *
   41.39 - *	u32 policy_code;
   41.40 - *	u32 ste_max_types;
   41.41 - *	u32 ste_max_ssidrefs;
   41.42 - *	u32 ste_ssid_offset;
   41.43 - * };
   41.44 - *
   41.45 - * struct acm_chwall_policy_buffer {
   41.46 - *	u32 policy_version; * ACM_CHWALL_VERSION *
   41.47 - *	u32 policy_code;
   41.48 - *	u32 chwall_max_types;
   41.49 - *	u32 chwall_max_ssidrefs;
   41.50 - *	u32 chwall_max_conflictsets;
   41.51 - *	u32 chwall_ssid_offset;
   41.52 - *	u32 chwall_conflict_sets_offset;
   41.53 - *	u32 chwall_running_types_offset;
   41.54 - *	u32 chwall_conflict_aggregate_offset;
   41.55 - * };
   41.56 - *
   41.57 - *	typedef struct {
   41.58 - *	u16 partition_max;
   41.59 - *	u16 partition_offset;
   41.60 - *	u16 vlan_max;
   41.61 - *	u16 vlan_offset;
   41.62 - *	u16 slot_max;
   41.63 - *	u16 slot_offset;
   41.64 - *	} acm_resource_buffer_t;
   41.65 - *
   41.66 - *	typedef struct {
   41.67 - *	u16 id;
   41.68 - *	u16 ssid_ste;
   41.69 - *	u16 ssid_chwall;
   41.70 - *	} acm_partition_entry_t;
   41.71 - *
   41.72 - *	typedef struct {
   41.73 - *	u16 vlan;
   41.74 - *	u16 ssid_ste;
   41.75 - *	} acm_vlan_entry_t;
   41.76 - *
   41.77 - *	typedef struct {
   41.78 - *	u16 bus;
   41.79 - *	u16 slot;
   41.80 - *	u16 ssid_ste;
   41.81 - *	} acm_slot_entry_t;
   41.82 - *
   41.83 - *       
   41.84 - *
   41.85 - */
   41.86 -public interface XmlToBinInterface
   41.87 -{
   41.88 -  /* policy code  (uint16) */
   41.89 -  final int policyCodeSize = 2;
   41.90 -
   41.91 -  /* max_types    (uint16) */
   41.92 -  final int maxTypesSize = 2;
   41.93 -
   41.94 -  /* max_ssidrefs (uint16) */
   41.95 -  final int maxSsidrefSize = 2;
   41.96 -
   41.97 -  /* ssid_offset  (uint32) */
   41.98 -  final int ssidOffsetSize = 2;
   41.99 -
  41.100 -  final short markSymbol = 0x0001;
  41.101 -
  41.102 -  final int u32Size = 4;
  41.103 -  final int u16Size = 2;
  41.104 -
  41.105 -  /* num of bytes for acm_ste_policy_buffer_t */
  41.106 -  final int steHeaderSize = (5 * u32Size);
  41.107 -
  41.108 -  /* byte for acm_chinese_wall_policy_buffer_t */
  41.109 -  final int chwHeaderSize = (9 * u32Size);
  41.110 -
  41.111 -  final int primaryPolicyCodeSize = u32Size;
  41.112 -  final int primaryBufferOffsetSize = u32Size ;
  41.113 -
  41.114 -  final int secondaryPolicyCodeSz = u32Size;
  41.115 -  final int secondaryBufferOffsetSz = u32Size;
  41.116 -  final int resourceOffsetSz = u32Size;
  41.117 -
  41.118 -  final short partitionBufferSz = (2 * u16Size);
  41.119 -  final short partitionEntrySz = (3 * u16Size);
  41.120 -
  41.121 -  final short slotBufferSz = (2 * u16Size);
  41.122 -  final short slotEntrySz = (3 * u16Size);
  41.123 -
  41.124 -  final short vlanBufferSz = (2 * u16Size);
  41.125 -  final short vlanEntrySz = (2 * u16Size);
  41.126 -
  41.127 -  final int binaryBufferHeaderSz = (8 * u32Size); /* 8th not used in Xen */
  41.128 -
  41.129 -  /* copied directly from acm.h */
  41.130 -  final int ACM_MAGIC  =  0x0001debc;
  41.131 -  final int ACM_NULL_POLICY = 0;
  41.132 -  final int ACM_CHINESE_WALL_POLICY = 1;
  41.133 -  final int ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY = 2;
  41.134 -  final int ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY = 3;
  41.135 -  final int ACM_EMPTY_POLICY = 4;
  41.136 -
  41.137 -  /* version for compatibility check */
  41.138 -  final int ACM_POLICY_VERSION = 1;
  41.139 -  final int ACM_STE_VERSION    = 1;
  41.140 -  final int ACM_CHWALL_VERSION = 1;
  41.141 -}
    42.1 --- a/tools/misc/policyprocessor/c2j_include.c	Fri Aug 19 10:18:53 2005 +0000
    42.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    42.3 @@ -1,57 +0,0 @@
    42.4 -/****************************************************************
    42.5 - * c2j_include.c
    42.6 - *
    42.7 - * Copyright (C) 2005 IBM Corporation
    42.8 - *
    42.9 - * Authors:
   42.10 - * Reiner Sailer <sailer@watson.ibm.com>
   42.11 - *
   42.12 - * This program is free software; you can redistribute it and/or
   42.13 - * modify it under the terms of the GNU General Public License as
   42.14 - * published by the Free Software Foundation, version 2 of the
   42.15 - * License.
   42.16 - *
   42.17 - * This tool makes some constants from acm.h available to the
   42.18 - * java policyprocessor for version checking.
   42.19 - */
   42.20 -#include <stdio.h>
   42.21 -#include <errno.h>
   42.22 -#include <stdlib.h>
   42.23 -#include <stdint.h>
   42.24 -
   42.25 -typedef uint8_t  u8;
   42.26 -typedef uint16_t u16;
   42.27 -typedef uint32_t u32;
   42.28 -typedef uint64_t u64;
   42.29 -typedef int8_t   s8;
   42.30 -typedef int16_t  s16;
   42.31 -typedef int32_t  s32;
   42.32 -typedef int64_t  s64;
   42.33 -
   42.34 -#include <xen/acm.h>
   42.35 -
   42.36 -char *filename = "policy_version.java";
   42.37 -
   42.38 -int main(int argc, char **argv)
   42.39 -{
   42.40 -
   42.41 -    FILE *fd;
   42.42 -    if ((fd = fopen(filename, "w")) <= 0)
   42.43 -    {
   42.44 -        printf("File %s not found.\n", filename);
   42.45 -        exit(-ENOENT);
   42.46 -    }
   42.47 -
   42.48 -    fprintf(fd, "/*\n * This file was automatically generated\n");
   42.49 -    fprintf(fd, " * Do not change it manually!\n */\n");
   42.50 -    fprintf(fd, "public class policy_version {\n");
   42.51 -    fprintf(fd, "	final int ACM_POLICY_VERSION = %x;\n",
   42.52 -            ACM_POLICY_VERSION);
   42.53 -    fprintf(fd, "	final int ACM_CHWALL_VERSION = %x;\n",
   42.54 -            ACM_CHWALL_VERSION);
   42.55 -    fprintf(fd, "	final int ACM_STE_VERSION = %x;\n",
   42.56 -            ACM_STE_VERSION);
   42.57 -    fprintf(fd, "}\n");
   42.58 -    fclose(fd);
   42.59 -    return 0;
   42.60 -}
    43.1 --- a/tools/misc/policyprocessor/myHandler.java	Fri Aug 19 10:18:53 2005 +0000
    43.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    43.3 @@ -1,47 +0,0 @@
    43.4 -/**
    43.5 - * (C) Copyright IBM Corp. 2005
    43.6 - *
    43.7 - * $Id: myHandler.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $
    43.8 - *
    43.9 - * Author: Ray Valdez
   43.10 - *
   43.11 - * This program is free software; you can redistribute it and/or
   43.12 - * modify it under the terms of the GNU General Public License as
   43.13 - * published by the Free Software Foundation, version 2 of the
   43.14 - * License.
   43.15 - *
   43.16 - * myHandler Class.  
   43.17 - *
   43.18 - * <p>
   43.19 - *
   43.20 - * A dummy class used for detecting XML validating/parsing errors.
   43.21 - *
   43.22 - * <p>
   43.23 - *
   43.24 - *
   43.25 - */
   43.26 -import org.xml.sax.helpers.*;
   43.27 -import org.xml.sax.SAXParseException;
   43.28 -
   43.29 -class myHandler extends DefaultHandler 
   43.30 -{ 
   43.31 - public boolean isValid = true;
   43.32 -
   43.33 - /* Notification of a recoverable error. */
   43.34 - public void error(SAXParseException se) 
   43.35 - { 
   43.36 -  isValid = false;
   43.37 - } 
   43.38 -
   43.39 - /* Notification of a non-recoverable error. */
   43.40 - public void fatalError(SAXParseException se) 
   43.41 - { 
   43.42 -  isValid = false;
   43.43 - } 
   43.44 -
   43.45 - /* Notification of a warning. */
   43.46 - public void warning(SAXParseException se) 
   43.47 - {
   43.48 -  isValid = false;
   43.49 - }
   43.50 -}
    44.1 --- a/tools/misc/policyprocessor/readme.install	Fri Aug 19 10:18:53 2005 +0000
    44.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    44.3 @@ -1,33 +0,0 @@
    44.4 -# Author: Ray Valdez, rvaldez@us.ibm.com 
    44.5 -# Version: 1.0
    44.6 -#
    44.7 -# install readme
    44.8 -#
    44.9 -PREREQUISITES:
   44.10 -
   44.11 -Prior to installation of the policy processor tool (XmlToBin) you must have...
   44.12 -
   44.13 - 1. Java version 1.4.2
   44.14 - 2. xmlParserAPIs.jar and xercesImpl.jar
   44.15 -
   44.16 -The above can be obtained from the Sun Developer Network web site at
   44.17 -http://java.sun.com/j2se/1.4.2/download.html.
   44.18 -
   44.19 -XmlParserAPIs and xercesImpl jars can be obtained from
   44.20 -http://www.apache.org/dist/xml/xerces-j (Xerces-J-bin.2.6.2.tar.gz,
   44.21 -for example).
   44.22 -
   44.23 -The tool has been tested with J2SE v1.4.2_08 JRE on Linux (32-bit
   44.24 -INTEL).
   44.25 -
   44.26 -INSTALLATION
   44.27 -
   44.28 -1. Set PATH to include $HOME_JAVA/bin and $HOME_JAVA/jre/bin
   44.29 -   where $HOME_JAVA is your java installation directory
   44.30 -
   44.31 -2. Compile XmlToBin:
   44.32 -   javac XmlToBin.java
   44.33 -	
   44.34 -USAGE
   44.35 -
   44.36 - See readme.xen
    45.1 --- a/tools/misc/policyprocessor/readme.xen	Fri Aug 19 10:18:53 2005 +0000
    45.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    45.3 @@ -1,65 +0,0 @@
    45.4 -# Author: Ray Valdez, rvaldez@us.ibm.com 
    45.5 -# Version: 1.0
    45.6 -#
    45.7 -# This readme describes the policy processor tool for sHype.
    45.8 -#
    45.9 -
   45.10 -Java program:
   45.11 -
   45.12 - java XmlToBin -i [file.xml] -o <file.bin> -xssid <SsidFile> -xssidconf <SsidConf>
   45.13 -
   45.14 - Command line options:
   45.15 -
   45.16 -        -i              inputFile:      name of policyfile (.xml)
   45.17 -        -o              outputFile:     name of binary policy file (Big Endian)
   45.18 -        -xssid          SsidFile:       xen ssids to named types text file
   45.19 -        -xssidconf      SsidConf:   	xen conflict ssids to types text file
   45.20 -        -debug                          turn on debug messages
   45.21 -        -help                           help. This printout
   45.22 -
   45.23 -Where:
   45.24 -
   45.25 -file.xml is the (input) xml policy file to be parsed and validated.
   45.26 -The syntax for file.xml is defined in the SecurityPolicySpec.xsd file.
   45.27 -file.bin is the (output) binary policy file generated by XmlToBin.
   45.28 -This binary policy can be activated in sHype. The binary policy file
   45.29 -is laid out in network byte order (i.e., big endian).  The SsidFile
   45.30 -file contains the mapping of type enforcement (TE) ssids to the "named
   45.31 -types".  Similarly, the SsidConf file contains the mapping of Chinese
   45.32 -Wall (ChWall) ssids to conflict named types. The ssidFile and SsidConf
   45.33 -files are used by Xen.
   45.34 -
   45.35 -Xml Schema and policy:
   45.36 -
   45.37 -The SecurityPolicySpec.xsd defines the syntax of a policy file. It
   45.38 -declares the tags that are used by XmlToBin to generate the binary
   45.39 -policy file. The tags that XmlToBin keys on are TE, ChWall, id, vid,
   45.40 -etc.  The xml files that describe a policy are simple.  Semantic
   45.41 -checking of a policy is performed mostly by XmlToBin.  A type, for
   45.42 -example, is a string. No fixed values are defined for types in Xml.
   45.43 -  
   45.44 -A policy consists of two Xml files: definition and policy. The
   45.45 -definition Xml declares the types that are permitted in the policy
   45.46 -Xml.  The policy Xml contains the assignment of labels to
   45.47 -subject/object (e.g., vm). This Xml file contains an explicit
   45.48 -reference to the definition Xml (e.g., <url>xen_sample_def.xml</url>).
   45.49 -The policy Xml is the one provided as a command line argument.
   45.50 -
   45.51 -
   45.52 -Files:
   45.53 -
   45.54 -*.java		      	- policy processor source 
   45.55 -xen_sample_policy.xml	- sample xml policy file
   45.56 -xen_sample_def.xml	- sample user defined types
   45.57 -SecurityPolicySpec.xsd 	- schema definition file
   45.58 -
   45.59 -
   45.60 -To generate the sample binary policy: 
   45.61 -
   45.62 -export CLASSPATH=$XERCES_HOME/xercesImpl.jar:$XERCES_HOME/xmlParserAPIs.jar:.
   45.63 -
   45.64 -java XmlToBin -i xen_sample_policy.xml -o xen_sample_policy.bin
   45.65 -
   45.66 -where $XERCES_HOME is the installation directory of the Apache Xerces-J
   45.67 -
   45.68 -
    46.1 --- a/tools/misc/policyprocessor/xen_sample_def.xml	Fri Aug 19 10:18:53 2005 +0000
    46.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    46.3 @@ -1,46 +0,0 @@
    46.4 -<?xml version="1.0"?>
    46.5 -<!-- Author: Ray Valdez, rvaldez@us.ibm.com -->
    46.6 -<!-- example policy type definition -->
    46.7 -<SecurityPolicySpec
    46.8 -xmlns="http://www.ibm.com"
    46.9 -xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   46.10 -xsi:schemaLocation="http://www.ibm.com SecurityPolicySpec.xsd">
   46.11 -
   46.12 -<Definition>
   46.13 -<!-- an example of a simple type enforcement type definition -->
   46.14 -  <Types>
   46.15 -        <TE>LOCAL-management</TE>
   46.16 -        <TE>R-Company-development</TE>
   46.17 -        <TE>S-Company-order</TE>
   46.18 -        <TE>T-Company-advertising</TE>
   46.19 -        <TE>U-Company-computing</TE>
   46.20 -		 <!-- TE nondevelopment  -->
   46.21 -  </Types>
   46.22 -
   46.23 -<!-- an example of a chinese wall type definition along with conflict sets-->
   46.24 -  <ChWallTypes>
   46.25 -		 <ChWall>Q-Company</ChWall>
   46.26 -		 <ChWall>R-Company</ChWall>
   46.27 -		 <ChWall>S-Company</ChWall>
   46.28 -		 <ChWall>T-Company</ChWall>
   46.29 -		 <ChWall>U-Company</ChWall>
   46.30 -		 <ChWall>V-Company</ChWall>
   46.31 -		 <ChWall>W-Company</ChWall>
   46.32 -		 <ChWall>X-Company</ChWall>
   46.33 -		 <ChWall>Y-Company</ChWall>
   46.34 -		 <ChWall>Z-Company</ChWall>
   46.35 -  </ChWallTypes>
   46.36 -
   46.37 -  <ConflictSet>
   46.38 -		 <ChWall>T-Company</ChWall>
   46.39 -		 <ChWall>S-Company</ChWall>
   46.40 -   </ConflictSet>
   46.41 -
   46.42 -   <ConflictSet>
   46.43 -		 <ChWall>R-Company</ChWall>
   46.44 -		 <ChWall>V-Company</ChWall>
   46.45 -		 <ChWall>W-Company</ChWall>
   46.46 -   </ConflictSet>
   46.47 -
   46.48 -</Definition>
   46.49 -</SecurityPolicySpec>
    47.1 --- a/tools/misc/policyprocessor/xen_sample_policy.xml	Fri Aug 19 10:18:53 2005 +0000
    47.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    47.3 @@ -1,58 +0,0 @@
    47.4 -<?xml version="1.0"?>
    47.5 -<!-- Author: Ray Valdez, rvaldez@us.ibm.com -->
    47.6 -<!-- example xen policy file -->
    47.7 -
    47.8 -<SecurityPolicySpec
    47.9 -xmlns="http://www.ibm.com"
   47.10 -xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   47.11 -xsi:schemaLocation="http://www.ibm.com SecurityPolicySpec.xsd">
   47.12 -<Policy>
   47.13 - <PolicyHeader>
   47.14 -        <Name>xen sample policy</Name>
   47.15 -        <DateTime>2005-05-20T16:56:00</DateTime>
   47.16 -        <Tag>foobar</Tag>
   47.17 -        <TypeDefinition>
   47.18 -          <url>xen_sample_def.xml</url>
   47.19 -          <hash>abcdef123456abcdef</hash>
   47.20 -        </TypeDefinition>
   47.21 - </PolicyHeader>
   47.22 -
   47.23 - <VM>
   47.24 -        <id> 0 </id>
   47.25 -        <TE>LOCAL-management</TE>
   47.26 -        <TE>R-Company-development</TE>
   47.27 -        <TE>S-Company-order</TE>
   47.28 -        <TE>T-Company-advertising</TE>
   47.29 -        <TE>U-Company-computing</TE>
   47.30 -		 <ChWall>Q-Company</ChWall>
   47.31 - </VM>
   47.32 -
   47.33 - <VM>
   47.34 -        <id> 1 </id>
   47.35 -        <TE>R-Company-development</TE>
   47.36 -		 <ChWall>R-Company</ChWall>
   47.37 - </VM>
   47.38 -
   47.39 - <VM>
   47.40 -        <id> 2 </id>
   47.41 -        <TE>S-Company-order</TE>
   47.42 -		 <ChWall>S-Company</ChWall>
   47.43 -
   47.44 - </VM>
   47.45 -
   47.46 - <VM>
   47.47 -        <id> 3 </id>
   47.48 -        <TE>T-Company-advertising</TE>
   47.49 -		 <ChWall>T-Company</ChWall>
   47.50 - </VM>
   47.51 -
   47.52 -
   47.53 - <VM>
   47.54 -        <id> 4 </id>
   47.55 -        <TE>U-Company-computing</TE>
   47.56 -		 <ChWall>U-Company</ChWall>
   47.57 - </VM>
   47.58 -
   47.59 -
   47.60 -</Policy>
   47.61 -</SecurityPolicySpec>
    48.1 --- a/tools/python/xen/xend/server/event.py	Fri Aug 19 10:18:53 2005 +0000
    48.2 +++ b/tools/python/xen/xend/server/event.py	Fri Aug 19 10:50:15 2005 +0000
    48.3 @@ -50,7 +50,7 @@ class EventProtocol(protocol.Protocol):
    48.4      def dataReceived(self, data):
    48.5          try:
    48.6              self.parser.input(data)
    48.7 -            if self.parser.ready():
    48.8 +            while(self.parser.ready()):
    48.9                  val = self.parser.get_val()
   48.10                  res = self.dispatch(val)
   48.11                  self.send_result(res)
    49.1 --- a/tools/python/xen/xend/server/relocate.py	Fri Aug 19 10:18:53 2005 +0000
    49.2 +++ b/tools/python/xen/xend/server/relocate.py	Fri Aug 19 10:50:15 2005 +0000
    49.3 @@ -42,7 +42,7 @@ class RelocationProtocol(protocol.Protoc
    49.4      def dataReceived(self, data):
    49.5          try:
    49.6              self.parser.input(data)
    49.7 -            if self.parser.ready():
    49.8 +            while(self.parser.ready()):
    49.9                  val = self.parser.get_val()
   49.10                  res = self.dispatch(val)
   49.11                  self.send_result(res)
    50.1 --- a/tools/python/xen/xm/create.py	Fri Aug 19 10:18:53 2005 +0000
    50.2 +++ b/tools/python/xen/xm/create.py	Fri Aug 19 10:50:15 2005 +0000
    50.3 @@ -23,6 +23,7 @@ import string
    50.4  import sys
    50.5  import socket
    50.6  import commands
    50.7 +import time
    50.8  
    50.9  import xen.lowlevel.xc
   50.10  
   50.11 @@ -674,18 +675,33 @@ def get_dom0_alloc():
   50.12      return 0
   50.13  
   50.14  def balloon_out(dom0_min_mem, opts):
   50.15 -    """Balloon out to get memory for domU, if necessarily"""
   50.16 +    """Balloon out memory from dom0 if necessary"""
   50.17      SLACK = 4
   50.18 +    timeout = 20 # 2s
   50.19 +    ret = 0
   50.20  
   50.21      xc = xen.lowlevel.xc.new()
   50.22      pinfo = xc.physinfo()
   50.23 -    free_mem = pinfo['free_pages']/256
   50.24 -    if free_mem < opts.vals.memory + SLACK:
   50.25 -        need_mem = opts.vals.memory + SLACK - free_mem
   50.26 -        cur_alloc = get_dom0_alloc()
   50.27 -        if cur_alloc - need_mem >= dom0_min_mem:
   50.28 -            server.xend_domain_mem_target_set(0, cur_alloc - need_mem)
   50.29 +    free_mem = pinfo['free_pages'] / 256
   50.30 +    domU_need_mem = opts.vals.memory + SLACK 
   50.31 +
   50.32 +    dom0_cur_alloc = get_dom0_alloc()
   50.33 +    dom0_new_alloc = dom0_cur_alloc - (domU_need_mem - free_mem)
   50.34 +
   50.35 +    if free_mem < domU_need_mem and dom0_new_alloc >= dom0_min_mem:
   50.36 +
   50.37 +        server.xend_domain_mem_target_set(0, dom0_new_alloc)
   50.38 +
   50.39 +        while dom0_cur_alloc > dom0_new_alloc and timeout > 0:
   50.40 +            time.sleep(0.1) # sleep 100ms
   50.41 +            dom0_cur_alloc = get_dom0_alloc()
   50.42 +            timeout -= 1
   50.43 +        
   50.44 +        if dom0_cur_alloc > dom0_new_alloc:
   50.45 +            ret = 1
   50.46 +    
   50.47      del xc
   50.48 +    return ret
   50.49  
   50.50  def main(argv):
   50.51      random.seed()
   50.52 @@ -717,7 +733,8 @@ def main(argv):
   50.53      else:
   50.54          dom0_min_mem = xroot.get_dom0_min_mem()
   50.55          if dom0_min_mem != 0:
   50.56 -            balloon_out(dom0_min_mem, opts)
   50.57 +            if balloon_out(dom0_min_mem, opts):
   50.58 +                return
   50.59  
   50.60          dom = make_domain(opts, config)
   50.61          if opts.vals.console_autoconnect:
    51.1 --- a/tools/python/xen/xm/main.py	Fri Aug 19 10:18:53 2005 +0000
    51.2 +++ b/tools/python/xen/xm/main.py	Fri Aug 19 10:50:15 2005 +0000
    51.3 @@ -200,7 +200,11 @@ def xm_migrate(args):
    51.4  def xm_list(args):
    51.5      use_long = 0
    51.6      show_vcpus = 0
    51.7 -    (options, params) = getopt(args, 'lv', ['long','vcpus'])
    51.8 +    try:
    51.9 +        (options, params) = getopt(args, 'lv', ['long','vcpus'])
   51.10 +    except GetoptError, opterr:
   51.11 +        err(opterr)
   51.12 +        sys.exit(1)
   51.13      
   51.14      n = len(params)
   51.15      for (k, v) in options:
    52.1 --- a/tools/security/Makefile	Fri Aug 19 10:18:53 2005 +0000
    52.2 +++ b/tools/security/Makefile	Fri Aug 19 10:50:15 2005 +0000
    52.3 @@ -2,28 +2,72 @@ XEN_ROOT = ../..
    52.4  include $(XEN_ROOT)/tools/Rules.mk
    52.5  
    52.6  SRCS     = secpol_tool.c
    52.7 -CFLAGS   += -static
    52.8  CFLAGS   += -Wall
    52.9  CFLAGS   += -Werror
   52.10  CFLAGS   += -O3
   52.11  CFLAGS   += -fno-strict-aliasing
   52.12 -CFLAGS   += -I.
   52.13 +CFLAGS   += -I. -I/usr/include/libxml2
   52.14 +CFLAGS_XML2BIN += $(shell xml2-config --cflags --libs )
   52.15 +#if above does not work, try  -L/usr/lib -lxml2 -lz -lpthread -lm
   52.16 +XML2VERSION = $(shell xml2-config --version )
   52.17 +VALIDATE_SCHEMA=$(shell if [[ $(XML2VERSION) < 2.6.20 ]]; then echo ""; else echo "-DVALIDATE_SCHEMA"; fi; )
   52.18  
   52.19 +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY)
   52.20 +POLICY=null
   52.21 +endif
   52.22 +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_POLICY)
   52.23 +POLICY=chwall
   52.24 +endif
   52.25 +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
   52.26 +POLICY=ste
   52.27 +endif
   52.28 +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)
   52.29 +POLICY=chwall_ste
   52.30 +endif
   52.31 +POLICYFILE=./policies/$(POLICY)/$(POLICY).bin
   52.32 +
   52.33 +ifneq ($(ACM_USE_SECURITY_POLICY), ACM_NULL_POLICY)
   52.34  all: build
   52.35 +
   52.36 +install:all
   52.37 +
   52.38 +default:all
   52.39 +else
   52.40 +all:
   52.41 +
   52.42 +install:
   52.43 +
   52.44 +default:
   52.45 +endif
   52.46 +
   52.47  build: mk-symlinks
   52.48  	$(MAKE) secpol_tool
   52.49 -
   52.50 -default: all
   52.51 +	$(MAKE) secpol_xml2bin
   52.52 +	chmod 700 ./setlabel.sh
   52.53 +	chmod 700 ./updategrub.sh
   52.54  
   52.55 -install: all
   52.56 -
   52.57 -secpol_tool : secpol_tool.c
   52.58 +secpol_tool : secpol_tool.c secpol_compat.h
   52.59  	$(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $<
   52.60  
   52.61 +secpol_xml2bin : secpol_xml2bin.c secpol_xml2bin.h secpol_compat.h
   52.62 +	$(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_XML2BIN) $(VALIDATE_SCHEMA) -o $@ $<
   52.63 +
   52.64  clean:
   52.65 -	rm -rf secpol_tool xen
   52.66 +	rm -rf secpol_tool secpol_xml2bin xen
   52.67 +
   52.68 +policy_clean:
   52.69 +	rm -rf policies/*/*.bin policies/*/*.map
   52.70 +
   52.71 +mrproper: clean policy_clean
   52.72  
   52.73  
   52.74 +$(POLICYFILE) : build
   52.75 +	@./secpol_xml2bin $(POLICY) > /dev/null
   52.76 +
   52.77 +boot_install: $(POLICYFILE)
   52.78 +	@cp $(POLICYFILE) /boot
   52.79 +	@./updategrub.sh $(POLICY) $(PWD)/$(XEN_ROOT)
   52.80 +
   52.81  LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse
   52.82  mk-symlinks:
   52.83  	[ -e xen/linux ] || mkdir -p xen/linux
    53.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    53.2 +++ b/tools/security/example.txt	Fri Aug 19 10:50:15 2005 +0000
    53.3 @@ -0,0 +1,269 @@
    53.4 +##
    53.5 +# example.txt <description to the xen access control architecture>
    53.6 +#
    53.7 +# Author:
    53.8 +# Reiner Sailer 08/15/2005 <sailer@watson.ibm.com>
    53.9 +#
   53.10 +#
   53.11 +# This file introduces into the tools to manage policies
   53.12 +# and to label domains and resources.
   53.13 +##
   53.14 +
   53.15 +We will show how to install and use the chwall_ste policy.
   53.16 +Other policies work similarly. Feedback welcome!
   53.17 +
   53.18 +
   53.19 +
   53.20 +1. Using secpol_xml2bin to translate the chwall_ste policy:
   53.21 +===========================================================
   53.22 +
   53.23 +#tools/security/secpol_xml2bin chwall_ste
   53.24 +
   53.25 +Successful execution should print:
   53.26 +
   53.27 +    [root@laptopxn security]# ./secpol_xml2bin chwall_ste
   53.28 +    Validating label file policies/chwall_ste/chwall_ste-security_label_template.xml...
   53.29 +    XML Schema policies/security_policy.xsd valid.
   53.30 +    Validating policy file policies/chwall_ste/chwall_ste-security_policy.xml...
   53.31 +    XML Schema policies/security_policy.xsd valid.
   53.32 +    Creating ssid mappings ...
   53.33 +    Creating label mappings ...
   53.34 +    Max chwall labels:  7
   53.35 +    Max chwall-types:   4
   53.36 +    Max chwall-ssids:   5
   53.37 +    Max ste labels:     14
   53.38 +    Max ste-types:      6
   53.39 +    Max ste-ssids:      10
   53.40 +
   53.41 +The tool looks in directory policies/chwall_ste for
   53.42 +the label and policy files.
   53.43 +
   53.44 +The default policy directory structure under tools/security looks like:
   53.45 +
   53.46 +policies
   53.47 +|-- security_policy.xsd
   53.48 +|-- chwall
   53.49 +|   |-- chwall-security_label_template.xml
   53.50 +|   `-- chwall-security_policy.xml
   53.51 +|-- chwall_ste
   53.52 +|   |-- chwall_ste-security_label_template.xml
   53.53 +|   `-- chwall_ste-security_policy.xml
   53.54 +|-- null
   53.55 +|   |-- null-security_label_template.xml
   53.56 +|   `-- null-security_policy.xml
   53.57 +`-- ste
   53.58 +    |-- ste-security_label_template.xml
   53.59 +    `-- ste-security_policy.xml
   53.60 +
   53.61 +policies/security_policy.xsd contains the schema against which both the
   53.62 +label-template and the policy files must validate during translation.
   53.63 +
   53.64 +policies/chwall_ste/chwall_ste-security_policy.xml defines the
   53.65 +policies and the types known to the policies.
   53.66 +
   53.67 +policies/chwall_ste/chwall_ste-security_label_template.xml contains
   53.68 +label definitions that group chwall and ste types together and make
   53.69 +them easier to use for users
   53.70 +
   53.71 +After executing the above secpol_xml2bin command, you will find 2 new
   53.72 +files in the policies/chwall_ste sub-directory:
   53.73 +
   53.74 +policies/chwall_ste/chwall_ste.map ... this file includes the mapping
   53.75 +of names from the xml files into their binary code representation.
   53.76 +
   53.77 +policies/chwall_ste/chwall_ste.bin ... this is the binary policy file,
   53.78 +the result of parsing the xml files and using the mapping to extract a
   53.79 +binary version that can be loaded into the hypervisor.
   53.80 +
   53.81 +
   53.82 +
   53.83 +2. Loading and activating the policy:
   53.84 +=====================================
   53.85 +
   53.86 +We assume that xen is already configured to use the chwall_ste policy;
   53.87 +please refer to install.txt for instructions.
   53.88 +
   53.89 +To activate the policy from the command line (assuming that the
   53.90 +currently established policy is the minimal boot-policy that is
   53.91 +hard-coded into the hypervisor:
   53.92 +
   53.93 +# ./secpol_tool loadpolicy policies/chwall_ste/chwall_ste.bin
   53.94 +
   53.95 +To activate the policy at next reboot:
   53.96 +
   53.97 +# cp policies/chwall_ste/chwall_ste.bin /boot
   53.98 +
   53.99 +Add a module line to your /boot/grub/grub.conf Xen entry.
  53.100 +My boot entry with chwall_ste enabled looks like this:
  53.101 +
  53.102 +    title Xen (2.6.12)
  53.103 +        root (hd0,5)
  53.104 +        kernel /boot/xen.gz dom0_mem=1200000 console=vga
  53.105 +        module /boot/vmlinuz-2.6.12-xen0 ro root=/dev/hda6 rhgb
  53.106 +        module /boot/initrd-2.6.12-xen0.img
  53.107 +        module /boot/chwall_ste.bin
  53.108 +
  53.109 +This tells the grub boot-loader to load the binary policy, which
  53.110 +the hypervisor will recognize. The hypervisor will then establish
  53.111 +this binary policy during boot instead of the minimal policy that
  53.112 +is hardcoded as default.
  53.113 +
  53.114 +If you have any trouble here, maks sure you have the access control
  53.115 +framework enabled (see: install.txt).
  53.116 +
  53.117 +
  53.118 +
  53.119 +3. Labeling domains:
  53.120 +====================
  53.121 +
  53.122 +a) Labeling Domain0:
  53.123 +
  53.124 +The chwall_ste-security_label_template.xml file includes an attribute
  53.125 +"bootstrap", which is set to the label name that will be assigned to
  53.126 +Dom0 (this label will be mapped to ssidref 1/1, the default for Dom0).
  53.127 +
  53.128 +b) Labeling User Domains:
  53.129 +
  53.130 +Use the script tools/security/setlabel.sh to choose a label and to
  53.131 +assign labels to user domains.
  53.132 +
  53.133 +To show available labels for the chwall_ste policy:
  53.134 +
  53.135 +#tools/security/setlabel.sh -l
  53.136 +
  53.137 +lists all available labels. For the default chwall_ste it should print
  53.138 +the following:
  53.139 +
  53.140 +    [root@laptopxn security]# ./setlabel.sh -l chwall_ste
  53.141 +    The following labels are available:
  53.142 +    dom_SystemManagement
  53.143 +    dom_HomeBanking
  53.144 +    dom_Fun
  53.145 +    dom_BoincClient
  53.146 +    dom_StorageDomain
  53.147 +    dom_NetworkDomain
  53.148 +
  53.149 +You need to have compiled the policy beforehand so that a .map file
  53.150 +exists. Setlabel.sh uses the mapping file created throughout the
  53.151 +policy translation to translate a user-friendly label string into a
  53.152 +ssidref-number that is eventually used by the Xen hypervisor.
  53.153 +
  53.154 +We distinguish two kinds of labels: a) VM labels (for domains) and RES
  53.155 +Labels (for resources). We are currently working on support for
  53.156 +resource labeling but will focus here on VM labels.
  53.157 +
  53.158 +Setlabel.sh only prints VM labels (which we have prefixed with "dom_")
  53.159 +since only those are used at this time.
  53.160 +
  53.161 +If you would like to assign the dom_HomeBanking label to one of your
  53.162 +user domains (which you hopefully keep clean), look at an example
  53.163 +domain configuration homebanking.xm:
  53.164 +
  53.165 +    #------HOMEBANKING---------
  53.166 +    kernel = "/boot/vmlinuz-2.6.12-xenU"
  53.167 +    ramdisk="/boot/U1_ramdisk.img"
  53.168 +    memory = 65
  53.169 +    name = "test34"
  53.170 +    cpu = -1   # leave to Xen to pick
  53.171 +    # Number of network interfaces. Default is 1.
  53.172 +    nics=1
  53.173 +    dhcp="dhcp"
  53.174 +    #-------------------------
  53.175 +
  53.176 +Now we label this domain
  53.177 +
  53.178 +[root@laptopxn security]# ./setlabel.sh homebanking.xm dom_HomeBanking chwall_ste
  53.179 +Mapped label 'dom_HomeBanking' to ssidref '0x00020002'.
  53.180 +
  53.181 +The domain configuration my look now like:
  53.182 +
  53.183 +    [root@laptopxn security]# cat homebanking.xm
  53.184 +    #------HOMEBANKING---------
  53.185 +    kernel = "/boot/vmlinuz-2.6.12-xenU"
  53.186 +    ramdisk="/boot/U1_ramdisk.img"
  53.187 +    memory = 65
  53.188 +    name = "test34"
  53.189 +    cpu = -1   # leave to Xen to pick
  53.190 +    # Number of network interfaces. Default is 1.
  53.191 +    nics=1
  53.192 +    dhcp="dhcp"
  53.193 +    #-------------------------
  53.194 +    #ACM_POLICY=chwall_ste-security_policy.xml
  53.195 +    #ACM_LABEL=dom_HomeBanking
  53.196 +    ssidref = 0x00020002
  53.197 +
  53.198 +You can see 3 new entries, two of which are comments.  The only value
  53.199 +that the hypervisor cares about is the ssidref that will reference
  53.200 +those types assigned to this label. You can look them up in the
  53.201 +xml label-template file for the chwall_ste policy.
  53.202 +
  53.203 +This script will eventually move into the domain management and will
  53.204 +be called when the domain is instantiated. For now, the setlabel
  53.205 +script must be run on domains whenever the policy files change since
  53.206 +the mapping between label names and ssidrefs can change in this case.
  53.207 +
  53.208 +
  53.209 +4. Starting a labeled domain
  53.210 +============================
  53.211 +
  53.212 +Now, start the domain:
  53.213 +    #xm create -c homebanking.xm
  53.214 +
  53.215 +
  53.216 +If you label another domain configuration as dom_Fun and try to start
  53.217 +it afterwards, its start will fail. Why?
  53.218 +
  53.219 +Because the running homebanking domain has the chinese wall type
  53.220 +"cw_Sensitive". The new domain dom_Fun has the chinese wall label
  53.221 +"cw_Distrusted". This domain is not allowed to run simultaneously
  53.222 +because of the defined conflict set
  53.223 +
  53.224 +			<conflictset name="Protection1">
  53.225 +				<type>cw_Sensitive</type>
  53.226 +				<type>cw_Distrusted</type>
  53.227 +			</conflictset>
  53.228 +
  53.229 +(in policies/chwall_ste/chwall_ste-security_policy.xml), which says
  53.230 +that only one of the types cw_sensitive and cw_Distrusted can run at a
  53.231 +time.
  53.232 +
  53.233 +If you save or shutdown the HomeBanking domain, you will be able to
  53.234 +start the "Fun" domain. You can look into the Xen log to see if a
  53.235 +domain was denied to start because of the access control framework
  53.236 +with the command 'xm dmesg'.
  53.237 +
  53.238 +It is important (and usually non-trivial) to define the labels in a
  53.239 +way that the semantics of the labels are enforced and supported by the
  53.240 +types and the conflict sets.
  53.241 +
  53.242 +Note: While the chinese wall policy enforcement is complete, the type
  53.243 +enforcement is currently enforced in the Xen hypervisor
  53.244 +only. Therefore, only point-to-point sharing with regard to the type
  53.245 +enforcement is currently controlled. We are working on enhancements to
  53.246 +Dom0 that enforce types also for network traffic that is routed
  53.247 +through Dom0 and on the enforcement of resource labeling when binding
  53.248 +resources to domains (e.g., enforcing types between domains and
  53.249 +hardware resources, such as disk partitions).
  53.250 +
  53.251 +
  53.252 +4. Adding your own policies
  53.253 +===========================
  53.254 +
  53.255 +Writing your own policy (e.g. "mypolicy") requires the following:
  53.256 +
  53.257 +a) the policy definition (types etc.) file
  53.258 +b) the label template definition (labels etc.) file
  53.259 +
  53.260 +If your policy name is "mypolicy", you need to create a
  53.261 +subdirectory mypolicy in tools/security/policies.
  53.262 +
  53.263 +Then you create
  53.264 +tools/security/policies/mypolicy/mypolicy-security_policy.xml and
  53.265 +tools/security/policies/mypolicy/mypolicy-security_label_template.xml.
  53.266 +
  53.267 +You need to keep to the schema as defined in
  53.268 +tools/security/security_policy.xsd since the translation tool
  53.269 +secpol_xml2bin is written against this schema.
  53.270 +
  53.271 +If you keep to the security policy schema, then you can use all the
  53.272 +tools described above. Refer to install.txt to install it.
    54.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    54.2 +++ b/tools/security/install.txt	Fri Aug 19 10:50:15 2005 +0000
    54.3 @@ -0,0 +1,67 @@
    54.4 +##
    54.5 +# install.txt <description to the xen access control architecture>
    54.6 +#
    54.7 +# Author:
    54.8 +# Reiner Sailer 08/15/2005 <sailer@watson.ibm.com>
    54.9 +#
   54.10 +#
   54.11 +# This file shows how to activate and install the access control
   54.12 +# framework.
   54.13 +##
   54.14 +
   54.15 +
   54.16 +INSTALLING A SECURITY POLICY IN XEN
   54.17 +===================================
   54.18 +
   54.19 +By default, the access control architecture is disabled in Xen. To
   54.20 +enable the access control architecture in Xen follow the steps below.
   54.21 +This description assumes that you want to install the Chinese Wall and
   54.22 +Simple Type Enforcement policy. Some file names need to be replaced
   54.23 +below to activate the Chinese Wall OR the Type Enforcement policy
   54.24 +exclusively (chwall_ste --> {chwall, ste}).
   54.25 +
   54.26 +1. enable access control in Xen
   54.27 +       # cd "xen_root"
   54.28 +       # edit/xemacs/vi Config.mk
   54.29 +
   54.30 +       change the line:
   54.31 +       ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
   54.32 +
   54.33 +       to:
   54.34 +       ACM_USE_SECURITY_POLICY ?= ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
   54.35 +
   54.36 +       # make all
   54.37 +       # ./install.sh
   54.38 +
   54.39 +2. compile the policy from xml to a binary format that can be loaded
   54.40 +   into the hypervisor for enforcement
   54.41 +       # cd tools/security
   54.42 +       # make
   54.43 +
   54.44 +       manual steps (alternative to make boot_install):
   54.45 +       #./secpol_xml2bin chwall_ste
   54.46 +       #cp policies/chwall_ste/chwall_ste.bin /boot
   54.47 +       #edit /boot/grub/grub.conf
   54.48 +        add the follwoing line to your xen boot entry:
   54.49 +       "module chwall_ste.bin"
   54.50 +
   54.51 +       alternatively, you can try our automatic translation and
   54.52 +       installation of the policy:
   54.53 +       # make boot_install
   54.54 +
   54.55 +       [we try hard to do the right thing to the right boot entry but
   54.56 +        please verify boot entry in /boot/grub/grub.conf afterwards;
   54.57 +        your xen boot entry should have an additional module line
   54.58 +        specifying a chwall_ste.bin file with the correct directory
   54.59 +        (e.g. "/" or "/boot").]
   54.60 +
   54.61 +
   54.62 +3. reboot into the newly compiled hypervisor
   54.63 +
   54.64 +        after boot
   54.65 +	#xm dmesg should show an entry about the policy being loaded
   54.66 +            during the boot process
   54.67 +
   54.68 +        #tools/security/secpol_tool getpolicy
   54.69 +            should print the new chwall_ste binary policy representation
   54.70 +
    55.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    55.2 +++ b/tools/security/policies/chwall/chwall-security_label_template.xml	Fri Aug 19 10:50:15 2005 +0000
    55.3 @@ -0,0 +1,76 @@
    55.4 +<?xml version="1.0"?>
    55.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    55.6 +<!--              This file defines the security labels, which can  -->
    55.7 +<!--              be attached to Domains and resources. Based on    -->
    55.8 +<!--              these labels, the access control module decides   -->
    55.9 +<!--              about sharing between Domains and about access    -->
   55.10 +<!--              of Domains to real resources.                     -->
   55.11 +
   55.12 +<SecurityLabelTemplate
   55.13 + xmlns="http://www.ibm.com"
   55.14 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   55.15 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   55.16 +   <LabelHeader>
   55.17 +      <Name>chwall-security_label_template</Name>
   55.18 +      <Date>2005-08-10</Date>
   55.19 +      <PolicyName>
   55.20 +         <Url>chwall-security_policy.xml</Url>
   55.21 +         <Reference>abcdef123456abcdef</Reference>
   55.22 +      </PolicyName>
   55.23 +   </LabelHeader>
   55.24 +
   55.25 +   <SubjectLabels bootstrap="dom_SystemManagement">
   55.26 +      <!-- single ste typed domains            -->
   55.27 +      <!-- ACM enforces that only domains with -->
   55.28 +      <!-- the same type can share information -->
   55.29 +      <!--                                     -->
   55.30 +      <!-- Bootstrap label is assigned to Dom0 -->
   55.31 +      <VirtualMachineLabel>
   55.32 +      	<Name>dom_HomeBanking</Name>
   55.33 +         <ChineseWallTypes>
   55.34 +            <Type>cw_Sensitive</Type>
   55.35 +         </ChineseWallTypes>
   55.36 +      </VirtualMachineLabel>
   55.37 +
   55.38 +      <VirtualMachineLabel>
   55.39 +      	<Name>dom_Fun</Name>
   55.40 +         <ChineseWallTypes>
   55.41 +            <Type>cw_Distrusted</Type>
   55.42 +         </ChineseWallTypes>
   55.43 +      </VirtualMachineLabel>
   55.44 +
   55.45 +      <VirtualMachineLabel>
   55.46 +        <!-- donating some cycles to seti@home -->
   55.47 +      	<Name>dom_BoincClient</Name>
   55.48 +         <ChineseWallTypes>
   55.49 +            <Type>cw_Isolated</Type>
   55.50 +         </ChineseWallTypes>
   55.51 +      </VirtualMachineLabel>
   55.52 +
   55.53 +      <!-- Domains with multiple ste types services; such domains   -->
   55.54 +      <!-- must keep the types inside their domain safely confined. -->
   55.55 +      <VirtualMachineLabel>
   55.56 +      	<Name>dom_SystemManagement</Name>
   55.57 +         <ChineseWallTypes>
   55.58 +            <Type>cw_SystemManagement</Type>
   55.59 +         </ChineseWallTypes>
   55.60 +      </VirtualMachineLabel>
   55.61 +
   55.62 +      <VirtualMachineLabel>
   55.63 +        <!-- serves persistent storage to other domains -->
   55.64 +      	<Name>dom_StorageDomain</Name>
   55.65 +         <ChineseWallTypes>
   55.66 +            <Type>cw_SystemManagement</Type>
   55.67 +         </ChineseWallTypes>
   55.68 +      </VirtualMachineLabel>
   55.69 +
   55.70 +      <VirtualMachineLabel>
   55.71 +        <!-- serves network access to other domains -->
   55.72 +      	<Name>dom_NetworkDomain</Name>
   55.73 +         <ChineseWallTypes>
   55.74 +            <Type>cw_SystemManagement</Type>
   55.75 +         </ChineseWallTypes>
   55.76 +      </VirtualMachineLabel>
   55.77 +   </SubjectLabels>
   55.78 +</SecurityLabelTemplate>
   55.79 +
    56.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    56.2 +++ b/tools/security/policies/chwall/chwall-security_policy.xml	Fri Aug 19 10:50:15 2005 +0000
    56.3 @@ -0,0 +1,36 @@
    56.4 +<?xml version="1.0" encoding="UTF-8"?>
    56.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    56.6 +<!--             This file defines the security policies, which     -->
    56.7 +<!--             can be enforced by the Xen Access Control Module.  -->
    56.8 +<!--             Currently: Chinese Wall and Simple Type Enforcement-->
    56.9 +<SecurityPolicyDefinition xmlns="http://www.ibm.com"
   56.10 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   56.11 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   56.12 +<PolicyHeader>
   56.13 +		<Name>chwall-security_policy</Name>
   56.14 +		<Date>2005-08-10</Date>
   56.15 +</PolicyHeader>
   56.16 +<!--                                             -->
   56.17 +<!-- example of a chinese wall type definition   -->
   56.18 +<!-- along with its conflict sets                -->
   56.19 +<!-- (typse in a confict set are exclusive, i.e. -->
   56.20 +<!--  once a Domain with one type of a set is    -->
   56.21 +<!--  running, no other Domain with another type -->
   56.22 +<!--  of the same conflict set can start.)       -->
   56.23 +	<ChineseWall priority="PrimaryPolicyComponent">
   56.24 +        <ChineseWallTypes>
   56.25 +            <Type>cw_SystemManagement</Type>
   56.26 +            <Type>cw_Sensitive</Type>
   56.27 +            <Type>cw_Isolated</Type>
   56.28 +            <Type>cw_Distrusted</Type>
   56.29 +        </ChineseWallTypes>
   56.30 +
   56.31 +        <ConflictSets>
   56.32 +        <Conflict name="Protection1">
   56.33 +            <Type>cw_Sensitive</Type>
   56.34 +            <Type>cw_Distrusted</Type>
   56.35 +        </Conflict>
   56.36 +        </ConflictSets>
   56.37 +	</ChineseWall>
   56.38 +</SecurityPolicyDefinition>
   56.39 +
    57.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    57.2 +++ b/tools/security/policies/chwall_ste/chwall_ste-security_label_template.xml	Fri Aug 19 10:50:15 2005 +0000
    57.3 @@ -0,0 +1,167 @@
    57.4 +<?xml version="1.0"?>
    57.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    57.6 +<!--              This file defines the security labels, which can  -->
    57.7 +<!--              be attached to Domains and resources. Based on    -->
    57.8 +<!--              these labels, the access control module decides   -->
    57.9 +<!--              about sharing between Domains and about access    -->
   57.10 +<!--              of Domains to real resources.                     -->
   57.11 +
   57.12 +<SecurityLabelTemplate
   57.13 + xmlns="http://www.ibm.com"
   57.14 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   57.15 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   57.16 +   <LabelHeader>
   57.17 +      <Name>chwall_ste-security_label_template</Name>
   57.18 +      <Date>2005-08-10</Date>
   57.19 +      <PolicyName>
   57.20 +         <Url>chwall_ste-security_policy.xml</Url>
   57.21 +         <Reference>abcdef123456abcdef</Reference>
   57.22 +      </PolicyName>
   57.23 +   </LabelHeader>
   57.24 +
   57.25 +   <SubjectLabels bootstrap="dom_SystemManagement">
   57.26 +      <!-- single ste typed domains            -->
   57.27 +      <!-- ACM enforces that only domains with -->
   57.28 +      <!-- the same type can share information -->
   57.29 +      <!--                                     -->
   57.30 +      <!-- Bootstrap label is assigned to Dom0 -->
   57.31 +      <VirtualMachineLabel>
   57.32 +      	<Name>dom_HomeBanking</Name>
   57.33 +         <SimpleTypeEnforcementTypes>
   57.34 +            <Type>ste_PersonalFinances</Type>
   57.35 +         </SimpleTypeEnforcementTypes>
   57.36 +
   57.37 +         <ChineseWallTypes>
   57.38 +            <Type>cw_Sensitive</Type>
   57.39 +         </ChineseWallTypes>
   57.40 +      </VirtualMachineLabel>
   57.41 +
   57.42 +      <VirtualMachineLabel>
   57.43 +      	<Name>dom_Fun</Name>
   57.44 +         <SimpleTypeEnforcementTypes>
   57.45 +            <Type>ste_InternetInsecure</Type>
   57.46 +         </SimpleTypeEnforcementTypes>
   57.47 +
   57.48 +         <ChineseWallTypes>
   57.49 +            <Type>cw_Distrusted</Type>
   57.50 +         </ChineseWallTypes>
   57.51 +      </VirtualMachineLabel>
   57.52 +
   57.53 +      <VirtualMachineLabel>
   57.54 +        <!-- donating some cycles to seti@home -->
   57.55 +      	<Name>dom_BoincClient</Name>
   57.56 +         <SimpleTypeEnforcementTypes>
   57.57 +            <Type>ste_DonatedCycles</Type>
   57.58 +         </SimpleTypeEnforcementTypes>
   57.59 +
   57.60 +         <ChineseWallTypes>
   57.61 +            <Type>cw_Isolated</Type>
   57.62 +         </ChineseWallTypes>
   57.63 +      </VirtualMachineLabel>
   57.64 +
   57.65 +      <!-- Domains with multiple ste types services; such domains   -->
   57.66 +      <!-- must keep the types inside their domain safely confined. -->
   57.67 +      <VirtualMachineLabel>
   57.68 +      	<Name>dom_SystemManagement</Name>
   57.69 +         <SimpleTypeEnforcementTypes>
   57.70 +            <!-- since dom0 needs access to every domain and -->
   57.71 +            <!-- resource right now ... -->
   57.72 +            <Type>ste_SystemManagement</Type>
   57.73 +            <Type>ste_PersonalFinances</Type>
   57.74 +            <Type>ste_InternetInsecure</Type>
   57.75 +            <Type>ste_DonatedCycles</Type>
   57.76 +            <Type>ste_PersistentStorageA</Type>
   57.77 +            <Type>ste_NetworkAdapter0</Type>
   57.78 +         </SimpleTypeEnforcementTypes>
   57.79 +
   57.80 +         <ChineseWallTypes>
   57.81 +            <Type>cw_SystemManagement</Type>
   57.82 +         </ChineseWallTypes>
   57.83 +      </VirtualMachineLabel>
   57.84 +
   57.85 +      <VirtualMachineLabel>
   57.86 +        <!-- serves persistent storage to other domains -->
   57.87 +      	<Name>dom_StorageDomain</Name>
   57.88 +         <SimpleTypeEnforcementTypes>
   57.89 +            <!-- access right to the resource (hard drive a) -->
   57.90 +            <Type>ste_PersistentStorageA</Type>
   57.91 +            <!-- can serve following types -->
   57.92 +            <Type>ste_PersonalFinances</Type>
   57.93 +            <Type>ste_InternetInsecure</Type>
   57.94 +         </SimpleTypeEnforcementTypes>
   57.95 +
   57.96 +         <ChineseWallTypes>
   57.97 +            <Type>cw_SystemManagement</Type>
   57.98 +         </ChineseWallTypes>
   57.99 +      </VirtualMachineLabel>
  57.100 +
  57.101 +      <VirtualMachineLabel>
  57.102 +        <!-- serves network access to other domains -->
  57.103 +      	<Name>dom_NetworkDomain</Name>
  57.104 +         <SimpleTypeEnforcementTypes>
  57.105 +            <!-- access right to the resource (ethernet card) -->
  57.106 +            <Type>ste_NetworkAdapter0</Type>
  57.107 +            <!-- can serve following types -->
  57.108 +            <Type>ste_PersonalFinances</Type>
  57.109 +            <Type>ste_InternetInsecure</Type>
  57.110 +            <Type>ste_DonatedCycles</Type>
  57.111 +         </SimpleTypeEnforcementTypes>
  57.112 +
  57.113 +         <ChineseWallTypes>
  57.114 +            <Type>cw_SystemManagement</Type>
  57.115 +         </ChineseWallTypes>
  57.116 +      </VirtualMachineLabel>
  57.117 +   </SubjectLabels>
  57.118 +
  57.119 +   <ObjectLabels>
  57.120 +      <ResourceLabel>
  57.121 +      	<Name>res_ManagementResource</Name>
  57.122 +         <SimpleTypeEnforcementTypes>
  57.123 +            <Type>ste_SystemManagement</Type>
  57.124 +         </SimpleTypeEnforcementTypes>
  57.125 +      </ResourceLabel>
  57.126 +
  57.127 +      <ResourceLabel>
  57.128 +      	<Name>res_HardDrive (hda)</Name>
  57.129 +         <SimpleTypeEnforcementTypes>
  57.130 +            <Type>ste_PersistentStorageA</Type>
  57.131 +         </SimpleTypeEnforcementTypes>
  57.132 +      </ResourceLabel>
  57.133 +
  57.134 +      <ResourceLabel>
  57.135 +      	<Name>res_LogicalDiskPartition1 (hda1)</Name>
  57.136 +         <SimpleTypeEnforcementTypes>
  57.137 +            <Type>ste_PersonalFinances</Type>
  57.138 +         </SimpleTypeEnforcementTypes>
  57.139 +      </ResourceLabel>
  57.140 +
  57.141 +      <ResourceLabel>
  57.142 +      	<Name>res_LogicalDiskPartition2 (hda2)</Name>
  57.143 +         <SimpleTypeEnforcementTypes>
  57.144 +            <Type>ste_InternetInsecure</Type>
  57.145 +         </SimpleTypeEnforcementTypes>
  57.146 +      </ResourceLabel>
  57.147 +
  57.148 +      <ResourceLabel>
  57.149 +      	<Name>res_EthernetCard</Name>
  57.150 +         <SimpleTypeEnforcementTypes>
  57.151 +            <Type>ste_NetworkAdapter0</Type>
  57.152 +         </SimpleTypeEnforcementTypes>
  57.153 +      </ResourceLabel>
  57.154 +
  57.155 +      <ResourceLabel>
  57.156 +      	<Name>res_SecurityToken</Name>
  57.157 +         <SimpleTypeEnforcementTypes>
  57.158 +            <Type>ste_PersonalFinances</Type>
  57.159 +         </SimpleTypeEnforcementTypes>
  57.160 +      </ResourceLabel>
  57.161 +
  57.162 +      <ResourceLabel>
  57.163 +      	<Name>res_GraphicsAdapter</Name>
  57.164 +         <SimpleTypeEnforcementTypes>
  57.165 +            <Type>ste_SystemManagement</Type>
  57.166 +         </SimpleTypeEnforcementTypes>
  57.167 +      </ResourceLabel>
  57.168 +   </ObjectLabels>
  57.169 +</SecurityLabelTemplate>
  57.170 +
    58.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    58.2 +++ b/tools/security/policies/chwall_ste/chwall_ste-security_policy.xml	Fri Aug 19 10:50:15 2005 +0000
    58.3 @@ -0,0 +1,49 @@
    58.4 +<?xml version="1.0" encoding="UTF-8"?>
    58.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    58.6 +<!--             This file defines the security policies, which     -->
    58.7 +<!--             can be enforced by the Xen Access Control Module.  -->
    58.8 +<!--             Currently: Chinese Wall and Simple Type Enforcement-->
    58.9 +<SecurityPolicyDefinition xmlns="http://www.ibm.com"
   58.10 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   58.11 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   58.12 +<PolicyHeader>
   58.13 +		<Name>chwall_ste-security_policy</Name>
   58.14 +		<Date>2005-08-10</Date>
   58.15 +</PolicyHeader>
   58.16 +<!--                                                        -->
   58.17 +<!-- example of a simple type enforcement policy definition -->
   58.18 +<!--                                                        -->
   58.19 +	<SimpleTypeEnforcement>
   58.20 +        <SimpleTypeEnforcementTypes>
   58.21 +            <Type>ste_SystemManagement</Type>   <!-- machine/security management -->
   58.22 +            <Type>ste_PersonalFinances</Type>   <!-- personal finances -->
   58.23 +            <Type>ste_InternetInsecure</Type>   <!-- games, active X, etc. -->
   58.24 +            <Type>ste_DonatedCycles</Type>      <!-- donation to BOINC/seti@home -->
   58.25 +            <Type>ste_PersistentStorageA</Type> <!-- domain managing the harddrive A-->
   58.26 +            <Type>ste_NetworkAdapter0</Type>    <!-- type of the domain managing ethernet adapter 0-->
   58.27 +        </SimpleTypeEnforcementTypes>
   58.28 +	</SimpleTypeEnforcement>
   58.29 +<!--                                             -->
   58.30 +<!-- example of a chinese wall type definition   -->
   58.31 +<!-- along with its conflict sets                -->
   58.32 +<!-- (typse in a confict set are exclusive, i.e. -->
   58.33 +<!--  once a Domain with one type of a set is    -->
   58.34 +<!--  running, no other Domain with another type -->
   58.35 +<!--  of the same conflict set can start.)       -->
   58.36 +	<ChineseWall priority="PrimaryPolicyComponent">
   58.37 +        <ChineseWallTypes>
   58.38 +            <Type>cw_SystemManagement</Type>
   58.39 +            <Type>cw_Sensitive</Type>
   58.40 +            <Type>cw_Isolated</Type>
   58.41 +            <Type>cw_Distrusted</Type>
   58.42 +        </ChineseWallTypes>
   58.43 +
   58.44 +        <ConflictSets>
   58.45 +        <Conflict name="Protection1">
   58.46 +            <Type>cw_Sensitive</Type>
   58.47 +            <Type>cw_Distrusted</Type>
   58.48 +        </Conflict>
   58.49 +        </ConflictSets>
   58.50 +	</ChineseWall>
   58.51 +</SecurityPolicyDefinition>
   58.52 +
    59.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    59.2 +++ b/tools/security/policies/null/null-security_label_template.xml	Fri Aug 19 10:50:15 2005 +0000
    59.3 @@ -0,0 +1,24 @@
    59.4 +<?xml version="1.0"?>
    59.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    59.6 +<!--              This file defines the security labels, which can  -->
    59.7 +<!--              be attached to Domains and resources. Based on    -->
    59.8 +<!--              these labels, the access control module decides   -->
    59.9 +<!--              about sharing between Domains and about access    -->
   59.10 +<!--              of Domains to real resources.                     -->
   59.11 +
   59.12 +<SecurityLabelTemplate
   59.13 + xmlns="http://www.ibm.com"
   59.14 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   59.15 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   59.16 +   <LabelHeader>
   59.17 +      <Name>null-security_label_template</Name>
   59.18 +
   59.19 +      <Date>2005-08-10</Date>
   59.20 +      <PolicyName>
   59.21 +         <Url>null-security_policy.xml</Url>
   59.22 +
   59.23 +         <Reference>abcdef123456abcdef</Reference>
   59.24 +      </PolicyName>
   59.25 +   </LabelHeader>
   59.26 +</SecurityLabelTemplate>
   59.27 +
    60.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    60.2 +++ b/tools/security/policies/null/null-security_policy.xml	Fri Aug 19 10:50:15 2005 +0000
    60.3 @@ -0,0 +1,14 @@
    60.4 +<?xml version="1.0" encoding="UTF-8"?>
    60.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    60.6 +<!--             This file defines the security policies, which     -->
    60.7 +<!--             can be enforced by the Xen Access Control Module.  -->
    60.8 +<!--             Currently: Chinese Wall and Simple Type Enforcement-->
    60.9 +<SecurityPolicyDefinition xmlns="http://www.ibm.com"
   60.10 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   60.11 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   60.12 +<PolicyHeader>
   60.13 +		<Name>null-security_policy</Name>
   60.14 +		<Date>2005-08-10</Date>
   60.15 +</PolicyHeader>
   60.16 +</SecurityPolicyDefinition>
   60.17 +
    61.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    61.2 +++ b/tools/security/policies/security_policy.xsd	Fri Aug 19 10:50:15 2005 +0000
    61.3 @@ -0,0 +1,138 @@
    61.4 +<?xml version="1.0" encoding="UTF-8"?>
    61.5 +<!-- Author: Ray Valdez, Reiner Sailer {rvaldez,sailer}@us.ibm.com -->
    61.6 +<!--         This file defines the schema, which is used to define -->
    61.7 +<!--         the security policy and the security labels in Xe.    -->
    61.8 +
    61.9 +<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.ibm.com" xmlns="http://www.ibm.com" elementFormDefault="qualified">
   61.10 +	<xsd:element name="SecurityPolicyDefinition">
   61.11 +		<xsd:complexType>
   61.12 +			<xsd:sequence>
   61.13 +				<xsd:element ref="PolicyHeader" minOccurs="0" maxOccurs="1"></xsd:element>
   61.14 +				<xsd:element ref="SimpleTypeEnforcement" minOccurs="0" maxOccurs="1"></xsd:element>
   61.15 +				<xsd:element ref="ChineseWall" minOccurs="0" maxOccurs="1"></xsd:element>
   61.16 +			</xsd:sequence>
   61.17 +		</xsd:complexType>
   61.18 +	</xsd:element>
   61.19 +	<xsd:element name="SecurityLabelTemplate">
   61.20 +		<xsd:complexType>
   61.21 +			<xsd:sequence>
   61.22 +				<xsd:element ref="LabelHeader" minOccurs="1" maxOccurs="1"></xsd:element>
   61.23 +				<xsd:element name="SubjectLabels" minOccurs="0" maxOccurs="1">
   61.24 +					<xsd:complexType>
   61.25 +						<xsd:sequence>
   61.26 +							<xsd:element ref="VirtualMachineLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
   61.27 +						</xsd:sequence>
   61.28 +						<xsd:attribute name="bootstrap" type="xsd:string" use="required"></xsd:attribute>
   61.29 +					</xsd:complexType>
   61.30 +				</xsd:element>
   61.31 +				<xsd:element name="ObjectLabels" minOccurs="0" maxOccurs="1">
   61.32 +					<xsd:complexType>
   61.33 +						<xsd:sequence>
   61.34 +							<xsd:element ref="ResourceLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
   61.35 +						</xsd:sequence>
   61.36 +					</xsd:complexType>
   61.37 +				</xsd:element>
   61.38 +			</xsd:sequence>
   61.39 +		</xsd:complexType>
   61.40 +	</xsd:element>
   61.41 +	<xsd:element name="PolicyHeader">
   61.42 +		<xsd:complexType>
   61.43 +			<xsd:sequence>
   61.44 +				<xsd:element ref="Name" minOccurs="1" maxOccurs="1" />
   61.45 +				<xsd:element ref="Date" minOccurs="1" maxOccurs="1" />
   61.46 +			</xsd:sequence>
   61.47 +		</xsd:complexType>
   61.48 +	</xsd:element>
   61.49 +	<xsd:element name="LabelHeader">
   61.50 +		<xsd:complexType>
   61.51 +			<xsd:sequence>
   61.52 +				<xsd:element ref="Name"></xsd:element>
   61.53 +				<xsd:element ref="Date" minOccurs="1" maxOccurs="1"></xsd:element>
   61.54 +				<xsd:element ref="PolicyName" minOccurs="1" maxOccurs="1"></xsd:element>
   61.55 +			</xsd:sequence>
   61.56 +		</xsd:complexType>
   61.57 +	</xsd:element>
   61.58 +	<xsd:element name="SimpleTypeEnforcement">
   61.59 +		<xsd:complexType>
   61.60 +			<xsd:sequence>
   61.61 +				<xsd:element ref="SimpleTypeEnforcementTypes" />
   61.62 +			</xsd:sequence>
   61.63 +			<xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
   61.64 +		</xsd:complexType>
   61.65 +	</xsd:element>
   61.66 +	<xsd:element name="ChineseWall">
   61.67 +		<xsd:complexType>
   61.68 +			<xsd:sequence>
   61.69 +				<xsd:element ref="ChineseWallTypes" />
   61.70 +				<xsd:element ref="ConflictSets" />
   61.71 +			</xsd:sequence>
   61.72 +			<xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
   61.73 +		</xsd:complexType>
   61.74 +	</xsd:element>
   61.75 +	<xsd:element name="ChineseWallTypes">
   61.76 +		<xsd:complexType>
   61.77 +			<xsd:sequence>
   61.78 +				<xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" />
   61.79 +			</xsd:sequence>
   61.80 +		</xsd:complexType>
   61.81 +	</xsd:element>
   61.82 +	<xsd:element name="ConflictSets">
   61.83 +		<xsd:complexType>
   61.84 +			<xsd:sequence>
   61.85 +				<xsd:element maxOccurs="unbounded" minOccurs="1" ref="Conflict" />
   61.86 +			</xsd:sequence>
   61.87 +		</xsd:complexType>
   61.88 +	</xsd:element>
   61.89 +	<xsd:element name="SimpleTypeEnforcementTypes">
   61.90 +		<xsd:complexType>
   61.91 +			<xsd:sequence>
   61.92 +				<xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" />
   61.93 +			</xsd:sequence>
   61.94 +		</xsd:complexType>
   61.95 +	</xsd:element>
   61.96 +	<xsd:element name="Conflict">
   61.97 +		<xsd:complexType>
   61.98 +			<xsd:sequence>
   61.99 +				<xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" />
  61.100 +			</xsd:sequence>
  61.101 +			<xsd:attribute name="name" type="xsd:string" use="optional"></xsd:attribute>
  61.102 +		</xsd:complexType>
  61.103 +	</xsd:element>
  61.104 +	<xsd:element name="VirtualMachineLabel">
  61.105 +		<xsd:complexType>
  61.106 +			<xsd:sequence>
  61.107 +				<xsd:element ref="Name"></xsd:element>
  61.108 +				<xsd:element ref="SimpleTypeEnforcementTypes" minOccurs="0" maxOccurs="unbounded" />
  61.109 +				<xsd:element ref="ChineseWallTypes" minOccurs="0" maxOccurs="unbounded" />
  61.110 +			</xsd:sequence>
  61.111 +		</xsd:complexType>
  61.112 +	</xsd:element>
  61.113 +	<xsd:element name="ResourceLabel">
  61.114 +		<xsd:complexType>
  61.115 +			<xsd:sequence>
  61.116 +				<xsd:element ref="Name"></xsd:element>
  61.117 +				<xsd:element ref="SimpleTypeEnforcementTypes" minOccurs="0" maxOccurs="unbounded" />
  61.118 +			</xsd:sequence>
  61.119 +		</xsd:complexType>
  61.120 +	</xsd:element>
  61.121 +	<xsd:element name="PolicyName">
  61.122 +		<xsd:complexType>
  61.123 +			<xsd:sequence>
  61.124 +				<xsd:element ref="Url" />
  61.125 +				<xsd:element ref="Reference" />
  61.126 +			</xsd:sequence>
  61.127 +		</xsd:complexType>
  61.128 +	</xsd:element>
  61.129 +	<xsd:element name="Date" type="xsd:string" />
  61.130 +	<xsd:element name="Name" type="xsd:string" />
  61.131 +	<xsd:element name="Type" type="xsd:string" />
  61.132 +	<xsd:element name="Reference" type="xsd:string" />
  61.133 +	<xsd:element name="Url"></xsd:element>
  61.134 +
  61.135 +	<xsd:simpleType name="PolicyOrder">
  61.136 +		<xsd:restriction base="xsd:string">
  61.137 +			<xsd:enumeration value="PrimaryPolicyComponent"></xsd:enumeration>
  61.138 +		</xsd:restriction>
  61.139 +	</xsd:simpleType>
  61.140 +
  61.141 +</xsd:schema>
    62.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    62.2 +++ b/tools/security/policies/ste/ste-security_label_template.xml	Fri Aug 19 10:50:15 2005 +0000
    62.3 @@ -0,0 +1,143 @@
    62.4 +<?xml version="1.0"?>
    62.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    62.6 +<!--              This file defines the security labels, which can  -->
    62.7 +<!--              be attached to Domains and resources. Based on    -->
    62.8 +<!--              these labels, the access control module decides   -->
    62.9 +<!--              about sharing between Domains and about access    -->
   62.10 +<!--              of Domains to real resources.                     -->
   62.11 +
   62.12 +<SecurityLabelTemplate
   62.13 + xmlns="http://www.ibm.com"
   62.14 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   62.15 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   62.16 +   <LabelHeader>
   62.17 +      <Name>ste-security_label_template</Name>
   62.18 +      <Date>2005-08-10</Date>
   62.19 +      <PolicyName>
   62.20 +         <Url>ste-security_policy.xml</Url>
   62.21 +         <Reference>abcdef123456abcdef</Reference>
   62.22 +      </PolicyName>
   62.23 +   </LabelHeader>
   62.24 +
   62.25 +   <SubjectLabels bootstrap="dom_SystemManagement">
   62.26 +      <!-- single ste typed domains            -->
   62.27 +      <!-- ACM enforces that only domains with -->
   62.28 +      <!-- the same type can share information -->
   62.29 +      <!--                                     -->
   62.30 +      <!-- Bootstrap label is assigned to Dom0 -->
   62.31 +      <VirtualMachineLabel>
   62.32 +      	<Name>dom_HomeBanking</Name>
   62.33 +         <SimpleTypeEnforcementTypes>
   62.34 +            <Type>ste_PersonalFinances</Type>
   62.35 +         </SimpleTypeEnforcementTypes>
   62.36 +      </VirtualMachineLabel>
   62.37 +
   62.38 +      <VirtualMachineLabel>
   62.39 +      	<Name>dom_Fun</Name>
   62.40 +         <SimpleTypeEnforcementTypes>
   62.41 +            <Type>ste_InternetInsecure</Type>
   62.42 +         </SimpleTypeEnforcementTypes>
   62.43 +      </VirtualMachineLabel>
   62.44 +
   62.45 +      <VirtualMachineLabel>
   62.46 +        <!-- donating some cycles to seti@home -->
   62.47 +      	<Name>dom_BoincClient</Name>
   62.48 +         <SimpleTypeEnforcementTypes>
   62.49 +            <Type>ste_DonatedCycles</Type>
   62.50 +         </SimpleTypeEnforcementTypes>
   62.51 +      </VirtualMachineLabel>
   62.52 +
   62.53 +      <!-- Domains with multiple ste types services; such domains   -->
   62.54 +      <!-- must keep the types inside their domain safely confined. -->
   62.55 +      <VirtualMachineLabel>
   62.56 +      	<Name>dom_SystemManagement</Name>
   62.57 +         <SimpleTypeEnforcementTypes>
   62.58 +            <!-- since dom0 needs access to every domain and -->
   62.59 +            <!-- resource right now ... -->
   62.60 +            <Type>ste_SystemManagement</Type>
   62.61 +            <Type>ste_PersonalFinances</Type>
   62.62 +            <Type>ste_InternetInsecure</Type>
   62.63 +            <Type>ste_DonatedCycles</Type>
   62.64 +            <Type>ste_PersistentStorageA</Type>
   62.65 +            <Type>ste_NetworkAdapter0</Type>
   62.66 +         </SimpleTypeEnforcementTypes>
   62.67 +      </VirtualMachineLabel>
   62.68 +
   62.69 +      <VirtualMachineLabel>
   62.70 +        <!-- serves persistent storage to other domains -->
   62.71 +      	<Name>dom_StorageDomain</Name>
   62.72 +         <SimpleTypeEnforcementTypes>
   62.73 +            <!-- access right to the resource (hard drive a) -->
   62.74 +            <Type>ste_PersistentStorageA</Type>
   62.75 +            <!-- can serve following types -->
   62.76 +            <Type>ste_PersonalFinances</Type>
   62.77 +            <Type>ste_InternetInsecure</Type>
   62.78 +         </SimpleTypeEnforcementTypes>
   62.79 +      </VirtualMachineLabel>
   62.80 +
   62.81 +      <VirtualMachineLabel>
   62.82 +        <!-- serves network access to other domains -->
   62.83 +      	<Name>dom_NetworkDomain</Name>
   62.84 +         <SimpleTypeEnforcementTypes>
   62.85 +            <!-- access right to the resource (ethernet card) -->
   62.86 +            <Type>ste_NetworkAdapter0</Type>
   62.87 +            <!-- can serve following types -->
   62.88 +            <Type>ste_PersonalFinances</Type>
   62.89 +            <Type>ste_InternetInsecure</Type>
   62.90 +            <Type>ste_DonatedCycles</Type>
   62.91 +         </SimpleTypeEnforcementTypes>
   62.92 +      </VirtualMachineLabel>
   62.93 +   </SubjectLabels>
   62.94 +
   62.95 +   <ObjectLabels>
   62.96 +      <ResourceLabel>
   62.97 +      	<Name>res_ManagementResource</Name>
   62.98 +         <SimpleTypeEnforcementTypes>
   62.99 +            <Type>ste_SystemManagement</Type>
  62.100 +         </SimpleTypeEnforcementTypes>
  62.101 +      </ResourceLabel>
  62.102 +
  62.103 +      <ResourceLabel>
  62.104 +      	<Name>res_HardDrive (hda)</Name>
  62.105 +         <SimpleTypeEnforcementTypes>
  62.106 +            <Type>ste_PersistentStorageA</Type>
  62.107 +         </SimpleTypeEnforcementTypes>
  62.108 +      </ResourceLabel>
  62.109 +
  62.110 +      <ResourceLabel>
  62.111 +      	<Name>res_LogicalDiskPartition1 (hda1)</Name>
  62.112 +         <SimpleTypeEnforcementTypes>
  62.113 +            <Type>ste_PersonalFinances</Type>
  62.114 +         </SimpleTypeEnforcementTypes>
  62.115 +      </ResourceLabel>
  62.116 +
  62.117 +      <ResourceLabel>
  62.118 +      	<Name>res_LogicalDiskPartition2 (hda2)</Name>
  62.119 +         <SimpleTypeEnforcementTypes>
  62.120 +            <Type>ste_InternetInsecure</Type>
  62.121 +         </SimpleTypeEnforcementTypes>
  62.122 +      </ResourceLabel>
  62.123 +
  62.124 +      <ResourceLabel>
  62.125 +      	<Name>res_EthernetCard</Name>
  62.126 +         <SimpleTypeEnforcementTypes>
  62.127 +            <Type>ste_NetworkAdapter0</Type>
  62.128 +         </SimpleTypeEnforcementTypes>
  62.129 +      </ResourceLabel>
  62.130 +
  62.131 +      <ResourceLabel>
  62.132 +      	<Name>res_SecurityToken</Name>
  62.133 +         <SimpleTypeEnforcementTypes>
  62.134 +            <Type>ste_PersonalFinances</Type>
  62.135 +         </SimpleTypeEnforcementTypes>
  62.136 +      </ResourceLabel>
  62.137 +
  62.138 +      <ResourceLabel>
  62.139 +      	<Name>res_GraphicsAdapter</Name>
  62.140 +         <SimpleTypeEnforcementTypes>
  62.141 +            <Type>ste_SystemManagement</Type>
  62.142 +         </SimpleTypeEnforcementTypes>
  62.143 +      </ResourceLabel>
  62.144 +   </ObjectLabels>
  62.145 +</SecurityLabelTemplate>
  62.146 +
    63.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    63.2 +++ b/tools/security/policies/ste/ste-security_policy.xml	Fri Aug 19 10:50:15 2005 +0000
    63.3 @@ -0,0 +1,27 @@
    63.4 +<?xml version="1.0" encoding="UTF-8"?>
    63.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    63.6 +<!--             This file defines the security policies, which     -->
    63.7 +<!--             can be enforced by the Xen Access Control Module.  -->
    63.8 +<!--             Currently: Chinese Wall and Simple Type Enforcement-->
    63.9 +<SecurityPolicyDefinition xmlns="http://www.ibm.com"
   63.10 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   63.11 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   63.12 +<PolicyHeader>
   63.13 +		<Name>ste-security_policy</Name>
   63.14 +		<Date>2005-08-10</Date>
   63.15 +</PolicyHeader>
   63.16 +<!--                                                        -->
   63.17 +<!-- example of a simple type enforcement policy definition -->
   63.18 +<!--                                                        -->
   63.19 +	<SimpleTypeEnforcement>
   63.20 +        <SimpleTypeEnforcementTypes>
   63.21 +            <Type>ste_SystemManagement</Type>   <!-- machine/security management -->
   63.22 +            <Type>ste_PersonalFinances</Type>   <!-- personal finances -->
   63.23 +            <Type>ste_InternetInsecure</Type>   <!-- games, active X, etc. -->
   63.24 +            <Type>ste_DonatedCycles</Type>      <!-- donation to BOINC/seti@home -->
   63.25 +            <Type>ste_PersistentStorageA</Type> <!-- domain managing the harddrive A-->
   63.26 +            <Type>ste_NetworkAdapter0</Type>    <!-- type of the domain managing ethernet adapter 0-->
   63.27 +        </SimpleTypeEnforcementTypes>
   63.28 +	</SimpleTypeEnforcement>
   63.29 +</SecurityPolicyDefinition>
   63.30 +
    64.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    64.2 +++ b/tools/security/policy.txt	Fri Aug 19 10:50:15 2005 +0000
    64.3 @@ -0,0 +1,405 @@
    64.4 +##
    64.5 +# policy.txt <description to the Xen access control architecture>
    64.6 +#
    64.7 +# Author:
    64.8 +# Reiner Sailer 08/15/2005 <sailer@watson.ibm.com>
    64.9 +#
   64.10 +#
   64.11 +# This file gives an overview of the security policies currently
   64.12 +# provided and also gives some reasoning about how to assign
   64.13 +# labels to domains.
   64.14 +##
   64.15 +
   64.16 +Xen access control policies
   64.17 +
   64.18 +
   64.19 +General explanation of supported security policies:
   64.20 +=====================================================
   64.21 +
   64.22 +We have implemented the mandatory access control architecture of our
   64.23 +hypervisor security architecture (sHype) for the Xen hypervisor. It
   64.24 +controls communication (in Xen: event channels, grant tables) between
   64.25 +Virtual Machines (from here on called domains) and through this the
   64.26 +virtual block devices, networking, and shared memory are implemented
   64.27 +on top of these communication means. While we have implemented the
   64.28 +described policies and access control architecture for other
   64.29 +hypervisor systems, we will describe below specifically its
   64.30 +implementation and use in the Xen hypervisor. The policy enforcement
   64.31 +is called mandatory regarding user domains since the policy it is
   64.32 +given by the security administration and enforced independently of the
   64.33 +user domains by the Xen hypervisor in cooperation with the domain
   64.34 +management.
   64.35 +
   64.36 +The access control architecture consists of three parts:
   64.37 +
   64.38 +i) The access control policy determines the "command set" of the ACM
   64.39 +and the hooks with which they can be configured to constrain the
   64.40 +sharing of virtual resources. The current access control architecture
   64.41 +implemented for Xen supports two policies: Chinese Wall and Simple
   64.42 +Type Enforcement, which we describe in turn below.
   64.43 +
   64.44 +
   64.45 +ii) The actually enforced policy instantiation uses the policy
   64.46 +language (i) to configure the Xen access control in a way that suits
   64.47 +the specific application (home desktop environment, company desktop,
   64.48 +Web server system, etc.). We have defined an exemplary policy
   64.49 +instantiation for Chinese Wall (chwall policy) and Simple Type
   64.50 +Enforcement (ste policy) for a desktop system. We offer these policies
   64.51 +in combination since they are controlling orthogonal events.
   64.52 +
   64.53 +
   64.54 +iii) The access control module (ACM) and related hooks are part of the
   64.55 +core hypervisor and their controls cannot be bypassed by domains. The
   64.56 +ACM and hooks are the active security components. We refer to
   64.57 +publications that describe how access control is enforced in the Xen
   64.58 +hypervisor using the ACM (access decision) and the hooks (decision
   64.59 +enforcement) inserted into the setup of event channels and grant
   64.60 +tables, and into domain operations (create, destroy, save, restore,
   64.61 +migrate). These controls decide based on the active policy
   64.62 +configuration (see i. and ii.) if the operation proceeds of if the
   64.63 +operation is aborted (denied).
   64.64 +
   64.65 +
   64.66 +In general, security policy instantiations in the Xen access control
   64.67 +framework are defined by two files:
   64.68 +
   64.69 +a) a single "policy-name"-security_policy.xml file that defines the
   64.70 +types known to the ACM and policy rules based on these types
   64.71 +
   64.72 +b) a single "policy-name"-security_label_template.xml file that
   64.73 +defines labels based on known types
   64.74 +
   64.75 +Every security policy has its own sub-directory under
   64.76 +"Xen-root"/tools/security/policies in order to simplify their
   64.77 +management and the security policy tools. We will describe those files
   64.78 +for our example policy (Chinese Wall and Simple Type Enforcement) in
   64.79 +more detail as we go along. Eventually, we will move towards a system
   64.80 +installation where the policies will reside under /etc.
   64.81 +
   64.82 +
   64.83 +CHINESE WALL
   64.84 +============
   64.85 +
   64.86 +The Chinese Wall policy enables the user to define "which workloads
   64.87 +(domain payloads) cannot run on a single physical system at the same
   64.88 +time". Why would we want to prevent workloads from running at the same
   64.89 +time on the same system? This supports requirements that can (but
   64.90 +don't have to) be rooted in the measure of trust into the isolation of
   64.91 +different domains that share the same hardware. Since the access
   64.92 +control architecture aims at high performance and non-intrusive
   64.93 +implementation, it currently does not address covert (timing) channels
   64.94 +and aims at medium assurance. Users can apply the Chinese Wall policy
   64.95 +to guarantee an air-gap between very sensitive payloads both regarding
   64.96 +covert information channels and regarding resource starvation.
   64.97 +
   64.98 +To enable the CW control, each domain is labeled with a set of Chinese
   64.99 +Wall types and CW Conflict Sets are defined which include those CW
  64.100 +types that cannot run simultaneously on the same hardware. This
  64.101 +interpretation of conflict sets is the only policy rule for the Chines
  64.102 +Wall policy.
  64.103 +
  64.104 +This is enforced by controlling the start of domains according to
  64.105 +their assigned CW worload types. Domains with Chinese Wall types that
  64.106 +appear in a common conflict set are running mutually exclusive on a
  64.107 +platform, i.e., once a domain with one of the cw-types of a conflict
  64.108 +set is running, no domain with another cw-type of the same conflict
  64.109 +set can start until the first domain is destroyed, paused, or migrated
  64.110 +away from the physical system (this assumes that such a partition can
  64.111 +no longer be observed). The idea is to assign cw-types according to
  64.112 +the type of payload that a domain runs and to use the Chinese Wall
  64.113 +policy to ensure that payload types can be differentiated by the
  64.114 +hypervisor and can be prevented from being executed on the same system
  64.115 +at the same time. Using the flexible CW policy maintains system
  64.116 +consolidation and workload-balancing while introducing guaranteed
  64.117 +constraints where necessary.
  64.118 +
  64.119 +
  64.120 +Example of a Chinese Wall Policy Instantiation
  64.121 +----------------------------------------------
  64.122 +
  64.123 +The file chwall-security_policy.xml defines the Chinese Wall types as
  64.124 +well as the conflict sets for our example policy (you find it in the
  64.125 +directory "xen_root"/tools/security/policies/chwall).
  64.126 +
  64.127 +It defines four Chinese Wall types (prefixed with cw_) with the
  64.128 +following meaning:
  64.129 +
  64.130 +* cw_SystemsManagement is a type identifying workloads for systems
  64.131 +management, e.g., domain management, device management, or hypervisor
  64.132 +management.
  64.133 +
  64.134 +* cw_Sensitive is identifying workloads that are critical to the user
  64.135 +for one reason or another.
  64.136 +
  64.137 +* cw_Distrusted is identifying workloads a user does not have much
  64.138 +confidence in. E.g. a domain used for surfing in the internet without
  64.139 +protection( i.e., active-X, java, java-script, executing web content)
  64.140 +or for (Internet) Games should be typed this way.
  64.141 +
  64.142 +* cw_Isolated is identifying workloads that are supposedly isolated by
  64.143 +use of the type enforcement policy (described below). For example, if
  64.144 +a user wants to donate cycles to seti@home, she can setup a separate
  64.145 +domain for a Boinc (http://boinc.ssl.berkeley.edu/) client, disable
  64.146 +this domain from accessing the hard drive and from communicating to
  64.147 +other local domains, and type it as cw_Isolated. We will look at a
  64.148 +specific example later.
  64.149 +
  64.150 +The example policy uses the defined types to define one conflict set:
  64.151 +Protection1 = {cw_Sensitive, cw_Distrusted}. This conflict set tells
  64.152 +the hypervisor that once a domain typed as cw_Sensitive is running, a
  64.153 +domain typed as cw_Distrusted cannot run concurrently (and the other
  64.154 +way round). With this policy, a domain typed as cw_Isolated is allowed
  64.155 +to run simultaneously with domains tagged as cw_Sensitive.
  64.156 +
  64.157 +Consequently, the access control module in the Xen hypervisor
  64.158 +distinguishes in this example policy 4 different workload types in
  64.159 +this example policy. It is the user's responsibility to type the
  64.160 +domains in a way that reflects the workloads of these domains and, in
  64.161 +the case of cw_Isolated, its properties, e.g. by configuring the
  64.162 +sharing capabilities of the domain accordingly by using the simple
  64.163 +type enforcement policy.
  64.164 +
  64.165 +Users can define their own or change the existing example policy
  64.166 +according to their working environment and security requirements. To
  64.167 +do so, replace the file chwall-security_policy.xml with the new
  64.168 +policy.
  64.169 +
  64.170 +
  64.171 +SIMPLE TYPE ENFORCEMENT
  64.172 +=======================
  64.173 +
  64.174 +The file ste-security_policy.xml defines the simple type enforcement
  64.175 +types for our example policy (you find it in the directory
  64.176 +"xen_root"/tools/security/policies/ste). The Simple Type Enforcement
  64.177 +policy defines which domains can share information with which other
  64.178 +domains. To this end, it controls
  64.179 +
  64.180 +i) inter-domain communication channels (e.g., network traffic, events,
  64.181 +and shared memory).
  64.182 +
  64.183 +ii) access of domains to physical resources (e.g., hard drive, network
  64.184 +cards, graphics adapter, keyboard).
  64.185 +
  64.186 +In order to enable the hypervisor to distinguish different domains and
  64.187 +the user to express access rules, the simple type enforcement defines
  64.188 +a set of types (ste_types).
  64.189 +
  64.190 +The policy defines that communication between domains is allowed if
  64.191 +the domains share a common STE type. As with the chwall types, STE
  64.192 +types should enable the differentiation of workloads. The simple type
  64.193 +enforcement access control implementation in the hypervisor enforces
  64.194 +that domains can only communicate (setup event channels, grant tables)
  64.195 +if they share a common type, i.e., both domains have assigned at least
  64.196 +on type in common. A domain can access a resource, if the domain and
  64.197 +the resource share a common type. Hence, assigning STE types to
  64.198 +domains and resources allows users to define constraints on sharing
  64.199 +between domains and to keep sensitive data confined from distrusted
  64.200 +domains.
  64.201 +
  64.202 +Domain <--> Domain Sharing
  64.203 +''''''''''''''''''''''''''
  64.204 +(implemented but its effective use requires factorization of Dom0)
  64.205 +
  64.206 +a) Domains with a single STE type (general user domains): Sharing
  64.207 +between such domains is enforced entirely by the hypervisor access
  64.208 +control. It is independent of the domains and does not require their
  64.209 +co-operation.
  64.210 +
  64.211 +b) Domains with multiple STE types: One example is a domain that
  64.212 +virtualizes a physical resource (e.g., hard drive) and serves it as
  64.213 +multiple virtual resources (virtual block drives) to other domains of
  64.214 +different types. The idea is that only a specific device domain has
  64.215 +assigned the type required to access the physical hard-drive. Logical
  64.216 +drives are then assigned the types of domains that have access to this
  64.217 +logical drive. Since the Xen hypervisor cannot distinguish between the
  64.218 +logical drives, the access control (type enforcement) is delegated to
  64.219 +the device domain, which has access to the types of domains requesting
  64.220 +to mount a logical drive as well as the types assigned to the
  64.221 +different available logical drives.
  64.222 +
  64.223 +Currently in Xen, Dom0 controls all hardware, needs to communicate
  64.224 +with all domains during their setup, and intercepts all communication
  64.225 +between domains. Consequently, Dom0 needs to be assigned all types
  64.226 +used and must be completely trusted to maintain the separation of
  64.227 +informatio ncoming from domains with different STE types. Thus a
  64.228 +refactoring of Dom0 is recommended for stronger confinement
  64.229 +guarantees.
  64.230 +
  64.231 +Domain --> RESOURCES Access
  64.232 +'''''''''''''''''''''''''''
  64.233 +(current work)
  64.234 +
  64.235 +We define for each resource that we want to distinguish a separate STE
  64.236 +type. Each STE type is assigned to the respective resource and to
  64.237 +those domains that are allowed to access this resource. Type
  64.238 +enforcement will guarantee that other domains cannot access this
  64.239 +resource since they don't share the resource's STE type.
  64.240 +
  64.241 +Since in the current implementation of Xen, Dom0 controls access to
  64.242 +all hardware (e.g., disk drives, network), Domain-->Resource access
  64.243 +control enforcement must be implemented in Dom0. This is possible
  64.244 +since Dom0 has access to both the domain configuration (including the
  64.245 +domain STE types) and the resource configuration (including the
  64.246 +resource STE types).
  64.247 +
  64.248 +For purposes of gaining higher assurance in the resulting system, it
  64.249 +may be desirable to reduce the size of dom0 by adding one or more
  64.250 +"device domains" (DDs). These DDs, e.g. providing storage or network
  64.251 +access, can support one or more physical devices, and manage
  64.252 +enforcement of MAC policy relevant for said devices. Security benefits
  64.253 +come from the smaller size of these DDs, as they can be more easily
  64.254 +audited than monolithic device driver domains. DDs can help to obtain
  64.255 +maximum security benefit from sHype.
  64.256 +
  64.257 +
  64.258 +Example of a Simple Type Enforcement Policy Instantiation
  64.259 +---------------------------------------------------------
  64.260 +
  64.261 +We define the following types:
  64.262 +
  64.263 +* ste_SystemManagement identifies workloads (and domains that runs
  64.264 +them) that must share information to accomplish the management of the
  64.265 +system
  64.266 +
  64.267 +* ste_PersonalFinances identifies workloads that are related to
  64.268 +sensitive programs such as HomeBanking applications or safely
  64.269 +configured web browsers for InternetBanking
  64.270 +
  64.271 +* ste_InternetInsecure identifies workloads that are very
  64.272 +function-rich and unrestricted to offer for example an environment
  64.273 +where internet games can run efficiently
  64.274 +
  64.275 +* ste_DonatedCycles identifies workloads that run on behalf of others,
  64.276 +e.g. a Boinc client
  64.277 +
  64.278 +* ste_PersistentStorage identifies workloads that have direct access
  64.279 +to persistent storage (e.g., hard drive)
  64.280 +
  64.281 +* ste_NetworkAccess identifies workload that have direct access to
  64.282 +network cards and related networks
  64.283 +
  64.284 +
  64.285 +
  64.286 +SECURITY LABEL TEMPLATES
  64.287 +========================
  64.288 +
  64.289 +We introduce security label templates because it is difficult for
  64.290 +users to ensure tagging of domains consistently and since there are
  64.291 +--as we have seen in the case of isolation-- useful dependencies
  64.292 +between the policies. Security Label Templates define type sets that
  64.293 +can be addressed by more user-friendly label names,
  64.294 +e.g. dom_Homebanking describes a typical typeset tagged to domains
  64.295 +used for sensitive Homebanking work-loads. Labels are defined in the
  64.296 +file
  64.297 +
  64.298 +Using Security Label Templates has multiple advantages:
  64.299 +a) easy reference of typical sets of type assignments
  64.300 +b) consistent interpretation of type combinations
  64.301 +c) meaningful application-level label names
  64.302 +
  64.303 +The definition of label templates depends on the combination of
  64.304 +policies that are used. We will describe some of the labels defined
  64.305 +for the Chinese Wall and Simple Type Enforcement combination.
  64.306 +
  64.307 +In the BoincClient example, the label_template file specifies that
  64.308 +this Label is assigned the Chinese Wall type cw_Isolated. We do this
  64.309 +assuming that this BoincClient is isolated against the rest of the
  64.310 +system infrastructure (no persistent memory, no sharing with local
  64.311 +domains). Since cw_Isolated is not included in any conflict set, it
  64.312 +can run at any time concurrently with any other domain. The
  64.313 +ste_DonatedCycles type assigned to the BoincClient reflect the
  64.314 +isolation assumption: it is only assigned to the dom_NetworkDomain
  64.315 +giving the BoincClient domain access to the network to communicate
  64.316 +with its BoincServer.
  64.317 +
  64.318 +The strategy for combining types into Labels is the following: First
  64.319 +we define a label for each type of general user domain
  64.320 +(workload-oriented). Then we define a new label for each physical
  64.321 +resource that shall be shared using a DD domain (e.g., disk) and for
  64.322 +each logical resource offered through this physical resource (logical
  64.323 +disk partition). We define then device domain labels (here:
  64.324 +dom_SystemManagement, dom_StorageDomain, dom_NetworkDomain) which
  64.325 +include the types of the physical resources (e.g. hda) their domains
  64.326 +need to connect to. Such physical resources can only be accessed
  64.327 +directly by device domains types with the respective device's STE
  64.328 +type. Additionally we assign to such a device domain Label the STE
  64.329 +types of those user domains that are allowed to access one of the
  64.330 +logical resources (e.g., hda1, hda2) built on top of this physical
  64.331 +resource through the device domain.
  64.332 +
  64.333 +
  64.334 +Label Construction Example:
  64.335 +---------------------------
  64.336 +
  64.337 +We define here a storage domain label for a domain that owns a real
  64.338 +disk drive and creates the logical disk partitions hda1 and hda2 which
  64.339 +it serves to domains labeled dom_HomeBanking and dom_Fun
  64.340 +respectively. The labels we refer to are defined in the label template
  64.341 +file policies/chwall_ste/chwall_ste-security-label-template.xml.
  64.342 +
  64.343 +step1: To distinguish different shared disk drives, we create a
  64.344 +separate Label and STE type for each of them. Here: we create a type
  64.345 +ste_PersistentStorageA for disk drive hda. If you have another disk
  64.346 +drive, you may define another persistent storage type
  64.347 +ste_PersistentStorageB in the chwall_ste-security_policy.xml.
  64.348 +
  64.349 +step2: To distinguish different domains, we create multiple domain
  64.350 +labels including different types. Here: label dom_HomeBanking includes
  64.351 +STE type ste_PersonalFinances, label dom_Fun includes STE type
  64.352 +ste_InternetInsecure.
  64.353 +
  64.354 +step3: The storage domain in charge of the hard drive A needs access
  64.355 +to this hard drive. Therefore the storage domain label
  64.356 +dom_StorageDomain must include the type assigned to the hard drive
  64.357 +(ste_PersistentStorageA).
  64.358 +
  64.359 +step4: In order to serve dom hda1 to domains labeled dom_HomeBanking
  64.360 +and hda2 to domains labeled dom_Fun, the storage domain label must
  64.361 +include the types of those domains as well (ste_PersonalFinance,
  64.362 +ste_InternetInsecure).
  64.363 +
  64.364 +step5: In order to keep the data for different types safely apart, the
  64.365 +different logical disk partitions must be assigned unique labels and
  64.366 +types, which are used inside the storage domain to extend the ACM
  64.367 +access enforcement to logical resources served from inside the storage
  64.368 +domain. We define labels "res_LogicalDiskPartition1 (hda1)" and assign
  64.369 +it to hda1 and "res_LogicalDiskPartition2 (hda2)" and assign it to
  64.370 +hda2. These labels must include the STE types of those domains that
  64.371 +are allowed to use them (e.g., ste_PersonalFinances for hda1).
  64.372 +
  64.373 +The overall mandatory access control is then enforced in 3 different
  64.374 +Xen components and these components use a single consistent policy to
  64.375 +co-operatively enforce the policy. In the storage domain example, we
  64.376 +have three components that co-operate:
  64.377 +
  64.378 +1. The ACM module inside the hypervisor enforces: communication between
  64.379 +user domains and the storage domain (only domains including types
  64.380 +ste_PersonalFinances or ste_InternetInsecure can communicate with the
  64.381 +storage domain and request access to logical resource). This confines
  64.382 +the sharing to the types assigned to the storage domain.
  64.383 +
  64.384 +2. The domain management will enforce (work in progress): assignment of
  64.385 +real resources (hda) to domains (storage domain) that share a
  64.386 +type with the resource.
  64.387 +
  64.388 +3. If the storage domain serves multiple STE types (as in our example),
  64.389 +it enforces (work in progress): that domains can access (mount)
  64.390 +logical resources only if they share an STE type with the respective
  64.391 +resource. In our example, domains with the STE type
  64.392 +ste_PersonalFinances can request access (mount) to logical resource
  64.393 +hda1 from the storage domain.
  64.394 +
  64.395 +If you look at the virtual machine label dom_StorageDomain, you will
  64.396 +see the minimal set of types assigned to our domain manageing disk
  64.397 +drive hda for serving logical disk partitions exclusively to
  64.398 +dom_HomeBanking and dom_Fun.
  64.399 +
  64.400 +Similary, network domains can confine access to the network or
  64.401 +network communication between user domains.
  64.402 +
  64.403 +As a result, device domains (e.g., storage domain, network domain)
  64.404 +must be simple and small to ensure their correct co-operation in the
  64.405 +type enforcement model. If such trust is not possible, then hardware
  64.406 +should be assigned exclusively to a single type (or to a single
  64.407 +partition) in which case the hypervisor ACM enforcement enforces the
  64.408 +types independently.
    65.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    65.2 +++ b/tools/security/readme.txt	Fri Aug 19 10:50:15 2005 +0000
    65.3 @@ -0,0 +1,29 @@
    65.4 +
    65.5 +##
    65.6 +# readme.txt <description to the xen access control architecture>
    65.7 +#
    65.8 +# Author:
    65.9 +# Reiner Sailer 08/15/2005 <sailer@watson.ibm.com>
   65.10 +#
   65.11 +#
   65.12 +# This file is a toc for information regarding
   65.13 +# the access control policy and tools in Xen.
   65.14 +##
   65.15 +
   65.16 +1. policy.txt:
   65.17 +
   65.18 +   describes the general reasoning and examples for access
   65.19 +   control policies in Xen
   65.20 +
   65.21 +
   65.22 +2. install.txt
   65.23 +
   65.24 +   describes the activation of the access control framework
   65.25 +   in Xen
   65.26 +
   65.27 +3. example.txt
   65.28 +
   65.29 +   describes the available tools for managing security policies
   65.30 +   in Xen and the tools to label domains
   65.31 +
   65.32 +
    66.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    66.2 +++ b/tools/security/secpol_compat.h	Fri Aug 19 10:50:15 2005 +0000
    66.3 @@ -0,0 +1,14 @@
    66.4 +/* secpol_compat.h
    66.5 + *     'translates' data types necessary to
    66.6 + *     include <xen/acm.h>
    66.7 + */
    66.8 +#include <stdint.h>
    66.9 +
   66.10 +typedef uint8_t  u8;
   66.11 +typedef uint16_t u16;
   66.12 +typedef uint32_t u32;
   66.13 +typedef uint64_t u64;
   66.14 +typedef int8_t   s8;
   66.15 +typedef int16_t  s16;
   66.16 +typedef int32_t  s32;
   66.17 +typedef int64_t  s64;
    67.1 --- a/tools/security/secpol_tool.c	Fri Aug 19 10:18:53 2005 +0000
    67.2 +++ b/tools/security/secpol_tool.c	Fri Aug 19 10:50:15 2005 +0000
    67.3 @@ -31,18 +31,8 @@
    67.4  #include <stdlib.h>
    67.5  #include <sys/ioctl.h>
    67.6  #include <string.h>
    67.7 -#include <stdint.h>
    67.8  #include <netinet/in.h>
    67.9 -
   67.10 -typedef uint8_t u8;
   67.11 -typedef uint16_t u16;
   67.12 -typedef uint32_t u32;
   67.13 -typedef uint64_t u64;
   67.14 -typedef int8_t s8;
   67.15 -typedef int16_t s16;
   67.16 -typedef int32_t s32;
   67.17 -typedef int64_t s64;
   67.18 -
   67.19 +#include "secpol_compat.h"
   67.20  #include <xen/acm.h>
   67.21  #include <xen/acm_ops.h>
   67.22  #include <xen/linux/privcmd.h>
   67.23 @@ -270,171 +260,6 @@ void acm_dump_policy_buffer(void *buf, i
   67.24      }
   67.25  }
   67.26  
   67.27 -/*************************** set policy ****************************/
   67.28 -
   67.29 -int acm_domain_set_chwallpolicy(void *bufstart, int buflen)
   67.30 -{
   67.31 -#define CWALL_MAX_SSIDREFS      	6
   67.32 -#define CWALL_MAX_TYPES             10
   67.33 -#define CWALL_MAX_CONFLICTSETS		2
   67.34 -
   67.35 -    struct acm_chwall_policy_buffer *chwall_bin_pol =
   67.36 -        (struct acm_chwall_policy_buffer *) bufstart;
   67.37 -    domaintype_t *ssidrefs, *conflicts;
   67.38 -    int ret = 0;
   67.39 -    int j;
   67.40 -
   67.41 -    chwall_bin_pol->chwall_max_types = htonl(CWALL_MAX_TYPES);
   67.42 -    chwall_bin_pol->chwall_max_ssidrefs = htonl(CWALL_MAX_SSIDREFS);
   67.43 -    chwall_bin_pol->policy_code = htonl(ACM_CHINESE_WALL_POLICY);
   67.44 -    chwall_bin_pol->policy_version = htonl(ACM_CHWALL_VERSION);
   67.45 -    chwall_bin_pol->chwall_ssid_offset =
   67.46 -        htonl(sizeof(struct acm_chwall_policy_buffer));
   67.47 -    chwall_bin_pol->chwall_max_conflictsets =
   67.48 -        htonl(CWALL_MAX_CONFLICTSETS);
   67.49 -    chwall_bin_pol->chwall_conflict_sets_offset =
   67.50 -        htonl(ntohl(chwall_bin_pol->chwall_ssid_offset) +
   67.51 -              sizeof(domaintype_t) * CWALL_MAX_SSIDREFS * CWALL_MAX_TYPES);
   67.52 -    chwall_bin_pol->chwall_running_types_offset = 0;    /* not set */
   67.53 -    chwall_bin_pol->chwall_conflict_aggregate_offset = 0;       /* not set */
   67.54 -    ret += sizeof(struct acm_chwall_policy_buffer);
   67.55 -    /* now push example ssids into the buffer (max_ssidrefs x max_types entries) */
   67.56 -    /* check buffer size */
   67.57 -    if ((buflen - ret) <
   67.58 -        (CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t)))
   67.59 -        return -1;              /* not enough space */
   67.60 -
   67.61 -    ssidrefs = (domaintype_t *) (bufstart +
   67.62 -                          ntohl(chwall_bin_pol->chwall_ssid_offset));
   67.63 -    memset(ssidrefs, 0,
   67.64 -           CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t));
   67.65 -
   67.66 -    /* now set type j-1 for ssidref i+1 */
   67.67 -    for (j = 0; j <= CWALL_MAX_SSIDREFS; j++)
   67.68 -        if ((0 < j) && (j <= CWALL_MAX_TYPES))
   67.69 -            ssidrefs[j * CWALL_MAX_TYPES + j - 1] = htons(1);
   67.70 -
   67.71 -    ret += CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t);
   67.72 -    if ((buflen - ret) <
   67.73 -        (CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES * sizeof(domaintype_t)))
   67.74 -        return -1;              /* not enough space */
   67.75 -
   67.76 -    /* now the chinese wall policy conflict sets */
   67.77 -    conflicts = (domaintype_t *) (bufstart +
   67.78 -                                  ntohl(chwall_bin_pol->
   67.79 -                                        chwall_conflict_sets_offset));
   67.80 -    memset((void *) conflicts, 0,
   67.81 -           CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES *
   67.82 -           sizeof(domaintype_t));
   67.83 -    /* just 1 conflict set [0]={2,3}, [1]={1,5,6} */
   67.84 -    if (CWALL_MAX_TYPES > 3)
   67.85 -    {
   67.86 -        conflicts[2] = htons(1);
   67.87 -        conflicts[3] = htons(1);        /* {2,3} */
   67.88 -        conflicts[CWALL_MAX_TYPES + 1] = htons(1);
   67.89 -        conflicts[CWALL_MAX_TYPES + 5] = htons(1);
   67.90 -        conflicts[CWALL_MAX_TYPES + 6] = htons(1);      /* {0,5,6} */
   67.91 -    }
   67.92 -    ret += sizeof(domaintype_t) * CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES;
   67.93 -    return ret;
   67.94 -}
   67.95 -
   67.96 -int acm_domain_set_stepolicy(void *bufstart, int buflen)
   67.97 -{
   67.98 -#define STE_MAX_SSIDREFS        6
   67.99 -#define STE_MAX_TYPES  	        5
  67.100 -
  67.101 -    struct acm_ste_policy_buffer *ste_bin_pol =
  67.102 -        (struct acm_ste_policy_buffer *) bufstart;
  67.103 -    domaintype_t *ssidrefs;
  67.104 -    int j, ret = 0;
  67.105 -
  67.106 -    ste_bin_pol->ste_max_types = htonl(STE_MAX_TYPES);
  67.107 -    ste_bin_pol->ste_max_ssidrefs = htonl(STE_MAX_SSIDREFS);
  67.108 -    ste_bin_pol->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
  67.109 -    ste_bin_pol->policy_version = htonl(ACM_STE_VERSION);
  67.110 -    ste_bin_pol->ste_ssid_offset =
  67.111 -        htonl(sizeof(struct acm_ste_policy_buffer));
  67.112 -    ret += sizeof(struct acm_ste_policy_buffer);
  67.113 -    /* check buffer size */
  67.114 -    if ((buflen - ret) <
  67.115 -        (STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t)))
  67.116 -        return -1;              /* not enough space */
  67.117 -
  67.118 -    ssidrefs =
  67.119 -        (domaintype_t *) (bufstart + ntohl(ste_bin_pol->ste_ssid_offset));
  67.120 -    memset(ssidrefs, 0,
  67.121 -           STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t));
  67.122 -    /* all types 1 for ssidref 1 */
  67.123 -    for (j = 0; j < STE_MAX_TYPES; j++)
  67.124 -        ssidrefs[1 * STE_MAX_TYPES + j] = htons(1);
  67.125 -    /* now set type j-1 for ssidref j */
  67.126 -    for (j = 0; j < STE_MAX_SSIDREFS; j++)
  67.127 -        if ((0 < j) && (j <= STE_MAX_TYPES))
  67.128 -            ssidrefs[j * STE_MAX_TYPES + j - 1] = htons(1);
  67.129 -    ret += STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t);
  67.130 -    return ret;
  67.131 -}
  67.132 -
  67.133 -#define MAX_PUSH_BUFFER 	16384
  67.134 -u8 push_buffer[MAX_PUSH_BUFFER];
  67.135 -
  67.136 -int acm_domain_setpolicy(int xc_handle)
  67.137 -{
  67.138 -    int ret;
  67.139 -    struct acm_policy_buffer *bin_pol;
  67.140 -    acm_op_t op;
  67.141 -
  67.142 -    /* future: read policy from file and set it */
  67.143 -    bin_pol = (struct acm_policy_buffer *) push_buffer;
  67.144 -    bin_pol->policy_version = htonl(ACM_POLICY_VERSION);
  67.145 -    bin_pol->magic = htonl(ACM_MAGIC);
  67.146 -    bin_pol->primary_policy_code = htonl(ACM_CHINESE_WALL_POLICY);
  67.147 -    bin_pol->secondary_policy_code =
  67.148 -        htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
  67.149 -
  67.150 -    bin_pol->len = htonl(sizeof(struct acm_policy_buffer));
  67.151 -    bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len));
  67.152 -    ret =
  67.153 -        acm_domain_set_chwallpolicy(push_buffer +
  67.154 -                                    ntohl(bin_pol->primary_buffer_offset),
  67.155 -                                    MAX_PUSH_BUFFER -
  67.156 -                                    ntohl(bin_pol->primary_buffer_offset));
  67.157 -    if (ret < 0)
  67.158 -    {
  67.159 -        printf("ERROR creating chwallpolicy buffer.\n");
  67.160 -        return -1;
  67.161 -    }
  67.162 -    bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
  67.163 -    bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len));
  67.164 -    ret = acm_domain_set_stepolicy(push_buffer +
  67.165 -                                 ntohl(bin_pol->secondary_buffer_offset),
  67.166 -                                 MAX_PUSH_BUFFER -
  67.167 -                                 ntohl(bin_pol->secondary_buffer_offset));
  67.168 -    if (ret < 0)
  67.169 -    {
  67.170 -        printf("ERROR creating chwallpolicy buffer.\n");
  67.171 -        return -1;
  67.172 -    }
  67.173 -    bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
  67.174 -
  67.175 -    /* dump it and then push it down into xen/acm */
  67.176 -    acm_dump_policy_buffer(push_buffer, ntohl(bin_pol->len));
  67.177 -
  67.178 -    op.cmd = ACM_SETPOLICY;
  67.179 -    op.interface_version = ACM_INTERFACE_VERSION;
  67.180 -    op.u.setpolicy.pushcache = (void *) push_buffer;
  67.181 -    op.u.setpolicy.pushcache_size = ntohl(bin_pol->len);
  67.182 -    ret = do_acm_op(xc_handle, &op);
  67.183 -
  67.184 -    if (ret)
  67.185 -        printf("ERROR setting policy. Use 'xm dmesg' to see details.\n");
  67.186 -    else
  67.187 -        printf("Successfully changed policy.\n");
  67.188 -
  67.189 -    return ret;
  67.190 -}
  67.191 -
  67.192  /******************************* get policy ******************************/
  67.193  
  67.194  #define PULL_CACHE_SIZE		8192
  67.195 @@ -602,7 +427,6 @@ int acm_domain_dumpstats(int xc_handle)
  67.196  void usage(char *progname)
  67.197  {
  67.198      printf("Use: %s \n"
  67.199 -           "\t setpolicy\n"
  67.200             "\t getpolicy\n"
  67.201             "\t dumpstats\n"
  67.202             "\t loadpolicy <binary policy file>\n", progname);
  67.203 @@ -623,12 +447,7 @@ int main(int argc, char **argv)
  67.204          exit(-1);
  67.205      }
  67.206  
  67.207 -    if (!strcmp(argv[1], "setpolicy"))
  67.208 -    {
  67.209 -        if (argc != 2)
  67.210 -            usage(argv[0]);
  67.211 -        ret = acm_domain_setpolicy(acm_cmd_fd);
  67.212 -    } else if (!strcmp(argv[1], "getpolicy")) {
  67.213 +    if (!strcmp(argv[1], "getpolicy")) {
  67.214          if (argc != 2)
  67.215              usage(argv[0]);
  67.216          ret = acm_domain_getpolicy(acm_cmd_fd);
    68.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    68.2 +++ b/tools/security/secpol_xml2bin.c	Fri Aug 19 10:50:15 2005 +0000
    68.3 @@ -0,0 +1,1396 @@
    68.4 +/****************************************************************
    68.5 + * secpol_xml2bin.c
    68.6 + *
    68.7 + * Copyright (C) 2005 IBM Corporation
    68.8 + *
    68.9 + * Author: Reiner Sailer <sailer@us.ibm.com>
   68.10 + *
   68.11 + * Maintained:
   68.12 + * Reiner Sailer <sailer@us.ibm.com>
   68.13 + * Ray Valdez <rvaldez@us.ibm.com>
   68.14 + *
   68.15 + * This program is free software; you can redistribute it and/or
   68.16 + * modify it under the terms of the GNU General Public License as
   68.17 + * published by the Free Software Foundation, version 2 of the
   68.18 + * License.
   68.19 + *
   68.20 + * sHype policy translation tool. This tool takes an XML
   68.21 + * policy specification as input and produces a binary
   68.22 + * policy file that can be loaded into Xen through the
   68.23 + * ACM operations (secpol_tool loadpolicy) interface or at
   68.24 + * boot time (grub module parameter)
   68.25 + *
   68.26 + * indent -i4 -kr -nut
   68.27 + */
   68.28 +#include <stdio.h>
   68.29 +#include <stdlib.h>
   68.30 +#include <string.h>
   68.31 +#include <errno.h>
   68.32 +#include <libgen.h>
   68.33 +#include <fcntl.h>
   68.34 +#include <unistd.h>
   68.35 +#include <sys/types.h>
   68.36 +#include <sys/stat.h>
   68.37 +#include <sys/queue.h>
   68.38 +#include <netinet/in.h>
   68.39 +#include <libxml/xmlschemas.h>
   68.40 +#include <libxml/parser.h>
   68.41 +#include <libxml/tree.h>
   68.42 +#include <libxml/xmlreader.h>
   68.43 +#include "secpol_compat.h"
   68.44 +#include <xen/acm.h>
   68.45 +
   68.46 +#include "secpol_xml2bin.h"
   68.47 +
   68.48 +#define DEBUG    0
   68.49 +
   68.50 +/* primary / secondary policy component setting */
   68.51 +enum policycomponent { CHWALL, STE, NULLPOLICY }
   68.52 +    primary = NULLPOLICY, secondary = NULLPOLICY;
   68.53 +
   68.54 +/* general list element for ste and chwall type queues */
   68.55 +struct type_entry {
   68.56 +    TAILQ_ENTRY(type_entry) entries;
   68.57 +    char *name;                 /* name of type from xml file */
   68.58 +    type_t mapping;             /* type mapping into 16bit */
   68.59 +};
   68.60 +
   68.61 +TAILQ_HEAD(tailhead, type_entry) ste_head, chwall_head;
   68.62 +
   68.63 +/* general list element for all label queues */
   68.64 +enum label_type { VM, RES, ANY };
   68.65 +struct ssid_entry {
   68.66 +    TAILQ_ENTRY(ssid_entry) entries;
   68.67 +    char *name;                 /* label name */
   68.68 +    enum label_type type;       /* type: VM / RESOURCE LABEL */
   68.69 +    u_int32_t num;              /* ssid or referenced ssid */
   68.70 +    int is_ref;                 /* if this entry references earlier ssid number */
   68.71 +    unsigned char *row;         /* index of types (if not a reference) */
   68.72 +};
   68.73 +
   68.74 +TAILQ_HEAD(tailhead_ssid, ssid_entry) ste_ssid_head, chwall_ssid_head,
   68.75 +    conflictsets_head;
   68.76 +struct ssid_entry *current_chwall_ssid_p = NULL;
   68.77 +struct ssid_entry *current_ste_ssid_p = NULL;
   68.78 +struct ssid_entry *current_conflictset_p = NULL;
   68.79 +
   68.80 +/* which label to assign to dom0 during boot */
   68.81 +char *bootstrap_label;
   68.82 +
   68.83 +u_int32_t max_ste_ssids = 0;
   68.84 +u_int32_t max_chwall_ssids = 0;
   68.85 +u_int32_t max_chwall_labels = 0;
   68.86 +u_int32_t max_ste_labels = 0;
   68.87 +u_int32_t max_conflictsets = 0;
   68.88 +
   68.89 +char *current_ssid_name;        /* store name until structure is allocated */
   68.90 +char *current_conflictset_name; /* store name until structure is allocated */
   68.91 +
   68.92 +/* dynamic list of type mappings for STE */
   68.93 +u_int32_t max_ste_types = 0;
   68.94 +
   68.95 +/* dynamic list of type mappings for CHWALL */
   68.96 +u_int32_t max_chwall_types = 0;
   68.97 +
   68.98 +/* dynamic list of conflict sets */
   68.99 +int max_conflict_set = 0;
  68.100 +
  68.101 +/* which policies are defined */
  68.102 +int have_ste = 0;
  68.103 +int have_chwall = 0;
  68.104 +
  68.105 +/* input/output file names */
  68.106 +char *policy_filename = NULL,
  68.107 +    *label_filename = NULL,
  68.108 +    *binary_filename = NULL, *mapping_filename = NULL;
  68.109 +
  68.110 +void usage(char *prg)
  68.111 +{
  68.112 +    printf("usage:\n%s policyname[-policy.xml/-security_label_template.xml]\n",
  68.113 +         prg);
  68.114 +    exit(EXIT_FAILURE);
  68.115 +}
  68.116 +
  68.117 +
  68.118 +/***************** policy-related parsing *********************/
  68.119 +
  68.120 +char *type_by_mapping(struct tailhead *head, u_int32_t mapping)
  68.121 +{
  68.122 +    struct type_entry *np;
  68.123 +    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
  68.124 +        if (np->mapping == mapping)
  68.125 +            return np->name;
  68.126 +    return NULL;
  68.127 +}
  68.128 +
  68.129 +
  68.130 +struct type_entry *lookup(struct tailhead *head, char *name)
  68.131 +{
  68.132 +    struct type_entry *np;
  68.133 +    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
  68.134 +        if (!(strcmp(np->name, name)))
  68.135 +            return np;
  68.136 +    return NULL;
  68.137 +}
  68.138 +
  68.139 +/* enforces single-entry lists */
  68.140 +int add_entry(struct tailhead *head, char *name, type_t mapping)
  68.141 +{
  68.142 +    struct type_entry *e;
  68.143 +    if (lookup(head, name))
  68.144 +    {
  68.145 +        printf("Error: Type >%s< defined more than once.\n", name);
  68.146 +        return -EFAULT;         /* already in the list */
  68.147 +    }
  68.148 +    if (!(e = malloc(sizeof(struct type_entry))))
  68.149 +        return -ENOMEM;
  68.150 +
  68.151 +    e->name = name;
  68.152 +    e->mapping = mapping;
  68.153 +    TAILQ_INSERT_TAIL(head, e, entries);
  68.154 +    return 0;
  68.155 +}
  68.156 +
  68.157 +int totoken(char *tok)
  68.158 +{
  68.159 +    int i;
  68.160 +    for (i = 0; token[i] != NULL; i++)
  68.161 +        if (!strcmp(token[i], tok))
  68.162 +            return i;
  68.163 +    return -EFAULT;
  68.164 +}
  68.165 +
  68.166 +/* conflictsets use the same data structure as ssids; since
  68.167 + * they are similar in structure (set of types)
  68.168 + */
  68.169 +int init_next_conflictset(void)
  68.170 +{
  68.171 +    struct ssid_entry *conflictset = malloc(sizeof(struct ssid_entry));
  68.172 +
  68.173 +    if (!conflictset)
  68.174 +        return -ENOMEM;
  68.175 +
  68.176 +    conflictset->name = current_conflictset_name;
  68.177 +    conflictset->num = max_conflictsets++;
  68.178 +    conflictset->is_ref = 0;    /* n/a for conflictsets */
  68.179 +        /**
  68.180 +         *  row: allocate one byte per type;
  68.181 +         *  [i] != 0 --> mapped type >i< is part of the conflictset
  68.182 +         */
  68.183 +    conflictset->row = malloc(max_chwall_types);
  68.184 +    if (!conflictset->row)
  68.185 +        return -ENOMEM;
  68.186 +
  68.187 +    memset(conflictset->row, 0, max_chwall_types);
  68.188 +    TAILQ_INSERT_TAIL(&conflictsets_head, conflictset, entries);
  68.189 +    current_conflictset_p = conflictset;
  68.190 +    return 0;
  68.191 +}
  68.192 +
  68.193 +int register_type(xmlNode * cur_node, xmlDocPtr doc, unsigned long state)
  68.194 +{
  68.195 +    xmlChar *text;
  68.196 +    struct type_entry *e;
  68.197 +
  68.198 +
  68.199 +    text = xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1);
  68.200 +    if (!text)
  68.201 +    {
  68.202 +        printf("Error reading type name!\n");
  68.203 +        return -EFAULT;
  68.204 +    }
  68.205 +
  68.206 +    switch (state) {
  68.207 +    case XML2BIN_stetype_S:
  68.208 +        if (add_entry(&ste_head, (char *) text, max_ste_types))
  68.209 +        {
  68.210 +            xmlFree(text);
  68.211 +            return -EFAULT;
  68.212 +        }
  68.213 +        max_ste_types++;
  68.214 +        break;
  68.215 +
  68.216 +    case XML2BIN_chwalltype_S:
  68.217 +        if (add_entry(&chwall_head, (char *) text, max_chwall_types))
  68.218 +        {
  68.219 +            xmlFree(text);
  68.220 +            return -EFAULT;
  68.221 +        }
  68.222 +        max_chwall_types++;
  68.223 +        break;
  68.224 +
  68.225 +    case XML2BIN_conflictsettype_S:
  68.226 +        /* a) search the type in the chwall_type list */
  68.227 +        e = lookup(&chwall_head, (char *) text);
  68.228 +        if (e == NULL)
  68.229 +        {
  68.230 +            printf("CS type >%s< not a CHWALL type.\n", text);
  68.231 +            xmlFree(text);
  68.232 +            return -EFAULT;
  68.233 +        }
  68.234 +        /* b) add type entry to the current cs set */
  68.235 +        if (current_conflictset_p->row[e->mapping])
  68.236 +        {
  68.237 +            printf("ERROR: Double entry of type >%s< in conflict set %d.\n",
  68.238 +                 text, current_conflictset_p->num);
  68.239 +            xmlFree(text);
  68.240 +            return -EFAULT;
  68.241 +        }
  68.242 +        current_conflictset_p->row[e->mapping] = 1;
  68.243 +        break;
  68.244 +
  68.245 +    default:
  68.246 +        printf("Incorrect type environment (state = %lx, text = %s).\n",
  68.247 +               state, text);
  68.248 +        xmlFree(text);
  68.249 +        return -EFAULT;
  68.250 +    }
  68.251 +    return 0;
  68.252 +}
  68.253 +
  68.254 +void set_component_type(xmlNode * cur_node, enum policycomponent pc)
  68.255 +{
  68.256 +    xmlChar *order;
  68.257 +
  68.258 +    if ((order = xmlGetProp(cur_node, (xmlChar *) PRIMARY_COMPONENT_ATTR_NAME))) {
  68.259 +        if (strcmp((char *) order, PRIMARY_COMPONENT))
  68.260 +        {
  68.261 +            printf("ERROR: Illegal attribut value >order=%s<.\n",
  68.262 +                   (char *) order);
  68.263 +            xmlFree(order);
  68.264 +            exit(EXIT_FAILURE);
  68.265 +        }
  68.266 +        if (primary != NULLPOLICY)
  68.267 +        {
  68.268 +            printf("ERROR: Primary Policy Component set twice!\n");
  68.269 +            exit(EXIT_FAILURE);
  68.270 +        }
  68.271 +        primary = pc;
  68.272 +        xmlFree(order);
  68.273 +    }
  68.274 +}
  68.275 +
  68.276 +void walk_policy(xmlNode * start, xmlDocPtr doc, unsigned long state)
  68.277 +{
  68.278 +    xmlNode *cur_node = NULL;
  68.279 +    int code;
  68.280 +
  68.281 +    for (cur_node = start; cur_node; cur_node = cur_node->next)
  68.282 +    {
  68.283 +        if ((code = totoken((char *) cur_node->name)) < 0)
  68.284 +        {
  68.285 +            printf("Unknown token: >%s<. Aborting.\n", cur_node->name);
  68.286 +            exit(EXIT_FAILURE);
  68.287 +        }
  68.288 +        switch (code) {         /* adjust state to new state */
  68.289 +        case XML2BIN_SECPOL:
  68.290 +        case XML2BIN_STETYPES:
  68.291 +        case XML2BIN_CHWALLTYPES:
  68.292 +        case XML2BIN_CONFLICTSETS:
  68.293 +            walk_policy(cur_node->children, doc, state | (1 << code));
  68.294 +            break;
  68.295 +
  68.296 +        case XML2BIN_STE:
  68.297 +            if (WRITTEN_AGAINST_ACM_STE_VERSION != ACM_STE_VERSION)
  68.298 +            {
  68.299 +                printf("ERROR: This program was written against another STE version.\n");
  68.300 +                exit(EXIT_FAILURE);
  68.301 +            }
  68.302 +            have_ste = 1;
  68.303 +            set_component_type(cur_node, STE);
  68.304 +            walk_policy(cur_node->children, doc, state | (1 << code));
  68.305 +            break;
  68.306 +
  68.307 +        case XML2BIN_CHWALL:
  68.308 +            if (WRITTEN_AGAINST_ACM_CHWALL_VERSION != ACM_CHWALL_VERSION)
  68.309 +            {
  68.310 +                printf("ERROR: This program was written against another CHWALL version.\n");
  68.311 +                exit(EXIT_FAILURE);
  68.312 +            }
  68.313 +            have_chwall = 1;
  68.314 +            set_component_type(cur_node, CHWALL);
  68.315 +            walk_policy(cur_node->children, doc, state | (1 << code));
  68.316 +            break;
  68.317 +
  68.318 +        case XML2BIN_CSTYPE:
  68.319 +            current_conflictset_name =
  68.320 +                (char *) xmlGetProp(cur_node, (xmlChar *) "name");
  68.321 +            if (!current_conflictset_name)
  68.322 +                current_conflictset_name = "";
  68.323 +
  68.324 +            if (init_next_conflictset())
  68.325 +            {
  68.326 +                printf
  68.327 +                    ("ERROR: creating new conflictset structure failed.\n");
  68.328 +                exit(EXIT_FAILURE);
  68.329 +            }
  68.330 +            walk_policy(cur_node->children, doc, state | (1 << code));
  68.331 +            break;
  68.332 +
  68.333 +        case XML2BIN_TYPE:
  68.334 +            if (register_type(cur_node, doc, state))
  68.335 +                exit(EXIT_FAILURE);
  68.336 +            /* type leaf */
  68.337 +            break;
  68.338 +
  68.339 +        case XML2BIN_TEXT:
  68.340 +        case XML2BIN_COMMENT:
  68.341 +        case XML2BIN_POLICYHEADER:
  68.342 +            /* leaf - nothing to do */
  68.343 +            break;
  68.344 +
  68.345 +        default:
  68.346 +            printf("Unkonwn token Error (%d)\n", code);
  68.347 +            exit(EXIT_FAILURE);
  68.348 +        }
  68.349 +
  68.350 +    }
  68.351 +    return;
  68.352 +}
  68.353 +
  68.354 +int create_type_mapping(xmlDocPtr doc)
  68.355 +{
  68.356 +    xmlNode *root_element = xmlDocGetRootElement(doc);
  68.357 +    struct type_entry *te;
  68.358 +    struct ssid_entry *se;
  68.359 +    int i;
  68.360 +
  68.361 +    printf("Creating ssid mappings ...\n");
  68.362 +
  68.363 +    /* initialize the ste and chwall type lists */
  68.364 +    TAILQ_INIT(&ste_head);
  68.365 +    TAILQ_INIT(&chwall_head);
  68.366 +    TAILQ_INIT(&conflictsets_head);
  68.367 +
  68.368 +    walk_policy(root_element, doc, XML2BIN_NULL);
  68.369 +
  68.370 +    /* determine primary/secondary policy component orders */
  68.371 +    if ((primary == NULLPOLICY) && have_chwall)
  68.372 +        primary = CHWALL;       /* default if not set */
  68.373 +    else if ((primary == NULLPOLICY) && have_ste)
  68.374 +        primary = STE;
  68.375 +
  68.376 +    switch (primary) {
  68.377 +
  68.378 +    case CHWALL:
  68.379 +        if (have_ste)
  68.380 +            secondary = STE;
  68.381 +        /* else default = NULLPOLICY */
  68.382 +        break;
  68.383 +
  68.384 +    case STE:
  68.385 +        if (have_chwall)
  68.386 +            secondary = CHWALL;
  68.387 +        /* else default = NULLPOLICY */
  68.388 +        break;
  68.389 +
  68.390 +    default:
  68.391 +        /* NULL/NULL policy */
  68.392 +        break;
  68.393 +    }
  68.394 +
  68.395 +    if (!DEBUG)
  68.396 +        return 0;
  68.397 +
  68.398 +    /* print queues */
  68.399 +    if (have_ste)
  68.400 +    {
  68.401 +        printf("STE-Type queue (%s):\n",
  68.402 +               (primary == STE) ? "PRIMARY" : "SECONDARY");
  68.403 +        for (te = ste_head.tqh_first; te != NULL;
  68.404 +             te = te->entries.tqe_next)
  68.405 +            printf("name=%22s, map=%x\n", te->name, te->mapping);
  68.406 +    }
  68.407 +    if (have_chwall)
  68.408 +    {
  68.409 +        printf("CHWALL-Type queue (%s):\n",
  68.410 +               (primary == CHWALL) ? "PRIMARY" : "SECONDARY");
  68.411 +        for (te = chwall_head.tqh_first; te != NULL;
  68.412 +             te = te->entries.tqe_next)
  68.413 +            printf("name=%s, map=%x\n", te->name, te->mapping);
  68.414 +
  68.415 +        printf("Conflictset queue (max=%d):\n", max_conflictsets);
  68.416 +        for (se = conflictsets_head.tqh_first; se != NULL;
  68.417 +             se = se->entries.tqe_next)
  68.418 +        {
  68.419 +            printf("conflictset name >%s<\n",
  68.420 +                   se->name ? se->name : "NONAME");
  68.421 +            for (i = 0; i < max_chwall_types; i++)
  68.422 +                if (se->row[i])
  68.423 +                    printf("#%x ", i);
  68.424 +            printf("\n");
  68.425 +        }
  68.426 +    }
  68.427 +    return 0;
  68.428 +}
  68.429 +
  68.430 +
  68.431 +/***************** template-related parsing *********************/
  68.432 +
  68.433 +/* add default ssid at head of ssid queues */
  68.434 +int init_ssid_queues(void)
  68.435 +{
  68.436 +    struct ssid_entry *default_ssid_chwall, *default_ssid_ste;
  68.437 +
  68.438 +    default_ssid_chwall = malloc(sizeof(struct ssid_entry));
  68.439 +    default_ssid_ste = malloc(sizeof(struct ssid_entry));
  68.440 +
  68.441 +    if ((!default_ssid_chwall) || (!default_ssid_ste))
  68.442 +        return -ENOMEM;
  68.443 +
  68.444 +    /* default chwall ssid */
  68.445 +    default_ssid_chwall->name = "DEFAULT";
  68.446 +    default_ssid_chwall->num = max_chwall_ssids++;
  68.447 +    default_ssid_chwall->is_ref = 0;
  68.448 +    default_ssid_chwall->type = ANY;
  68.449 +
  68.450 +    default_ssid_chwall->row = malloc(max_chwall_types);
  68.451 +
  68.452 +    if (!default_ssid_chwall->row)
  68.453 +        return -ENOMEM;
  68.454 +
  68.455 +    memset(default_ssid_chwall->row, 0, max_chwall_types);
  68.456 +
  68.457 +    TAILQ_INSERT_TAIL(&chwall_ssid_head, default_ssid_chwall, entries);
  68.458 +    current_chwall_ssid_p = default_ssid_chwall;
  68.459 +    max_chwall_labels++;
  68.460 +
  68.461 +    /* default ste ssid */
  68.462 +    default_ssid_ste->name = "DEFAULT";
  68.463 +    default_ssid_ste->num = max_ste_ssids++;
  68.464 +    default_ssid_ste->is_ref = 0;
  68.465 +    default_ssid_ste->type = ANY;
  68.466 +
  68.467 +    default_ssid_ste->row = malloc(max_ste_types);
  68.468 +
  68.469 +    if (!default_ssid_ste->row)
  68.470 +        return -ENOMEM;
  68.471 +
  68.472 +    memset(default_ssid_ste->row, 0, max_ste_types);
  68.473 +
  68.474 +    TAILQ_INSERT_TAIL(&ste_ssid_head, default_ssid_ste, entries);
  68.475 +    current_ste_ssid_p = default_ssid_ste;
  68.476 +    max_ste_labels++;
  68.477 +    return 0;
  68.478 +}
  68.479 +
  68.480 +int init_next_chwall_ssid(unsigned long state)
  68.481 +{
  68.482 +    struct ssid_entry *ssid = malloc(sizeof(struct ssid_entry));
  68.483 +
  68.484 +    if (!ssid)
  68.485 +        return -ENOMEM;
  68.486 +
  68.487 +    ssid->name = current_ssid_name;
  68.488 +    ssid->num = max_chwall_ssids++;
  68.489 +    ssid->is_ref = 0;
  68.490 +
  68.491 +    if (state & (1 << XML2BIN_VM))
  68.492 +        ssid->type = VM;
  68.493 +    else
  68.494 +        ssid->type = RES;
  68.495 +        /**
  68.496 +         *  row: allocate one byte per type;
  68.497 +         *  [i] != 0 --> mapped type >i< is part of the ssid
  68.498 +         */
  68.499 +    ssid->row = malloc(max_chwall_types);
  68.500 +    if (!ssid->row)
  68.501 +        return -ENOMEM;
  68.502 +
  68.503 +    memset(ssid->row, 0, max_chwall_types);
  68.504 +    TAILQ_INSERT_TAIL(&chwall_ssid_head, ssid, entries);
  68.505 +    current_chwall_ssid_p = ssid;
  68.506 +    max_chwall_labels++;
  68.507 +    return 0;
  68.508 +}
  68.509 +
  68.510 +int init_next_ste_ssid(unsigned long state)
  68.511 +{
  68.512 +    struct ssid_entry *ssid = malloc(sizeof(struct ssid_entry));
  68.513 +
  68.514 +    if (!ssid)
  68.515 +        return -ENOMEM;
  68.516 +
  68.517 +    ssid->name = current_ssid_name;
  68.518 +    ssid->num = max_ste_ssids++;
  68.519 +    ssid->is_ref = 0;
  68.520 +
  68.521 +    if (state & (1 << XML2BIN_VM))
  68.522 +        ssid->type = VM;
  68.523 +    else
  68.524 +        ssid->type = RES;
  68.525 +
  68.526 +        /**
  68.527 +         *  row: allocate one byte per type;
  68.528 +         *  [i] != 0 --> mapped type >i< is part of the ssid
  68.529 +         */
  68.530 +    ssid->row = malloc(max_ste_types);
  68.531 +    if (!ssid->row)
  68.532 +        return -ENOMEM;
  68.533 +
  68.534 +    memset(ssid->row, 0, max_ste_types);
  68.535 +    TAILQ_INSERT_TAIL(&ste_ssid_head, ssid, entries);
  68.536 +    current_ste_ssid_p = ssid;
  68.537 +    max_ste_labels++;
  68.538 +
  68.539 +    return 0;
  68.540 +}
  68.541 +
  68.542 +
  68.543 +/* adds a type to the current ssid */
  68.544 +int add_type(xmlNode * cur_node, xmlDocPtr doc, unsigned long state)
  68.545 +{
  68.546 +    xmlChar *text;
  68.547 +    struct type_entry *e;
  68.548 +
  68.549 +    text = xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1);
  68.550 +    if (!text)
  68.551 +    {
  68.552 +        printf("Error reading type name!\n");
  68.553 +        return -EFAULT;
  68.554 +    }
  68.555 +    /* same for all: 1. lookup type mapping, 2. mark type in ssid */
  68.556 +    switch (state) {
  68.557 +    case XML2BIN_VM_STE_S:
  68.558 +    case XML2BIN_RES_STE_S:
  68.559 +        /* lookup the type mapping and include the type mapping into the array */
  68.560 +        if (!(e = lookup(&ste_head, (char *) text)))
  68.561 +        {
  68.562 +            printf("ERROR: unknown VM STE type >%s<.\n", text);
  68.563 +            exit(EXIT_FAILURE);
  68.564 +        }
  68.565 +        if (current_ste_ssid_p->row[e->mapping])
  68.566 +            printf("Warning: double entry of VM STE type >%s<.\n", text);
  68.567 +
  68.568 +        current_ste_ssid_p->row[e->mapping] = 1;
  68.569 +        break;
  68.570 +
  68.571 +    case XML2BIN_VM_CHWALL_S:
  68.572 +        /* lookup the type mapping and include the type mapping into the array */
  68.573 +        if (!(e = lookup(&chwall_head, (char *) text)))
  68.574 +        {
  68.575 +            printf("ERROR: unknown VM CHWALL type >%s<.\n", text);
  68.576 +            exit(EXIT_FAILURE);
  68.577 +        }
  68.578 +        if (current_chwall_ssid_p->row[e->mapping])
  68.579 +            printf("Warning: double entry of VM CHWALL type >%s<.\n",
  68.580 +                   text);
  68.581 +
  68.582 +        current_chwall_ssid_p->row[e->mapping] = 1;
  68.583 +        break;
  68.584 +
  68.585 +    default:
  68.586 +        printf("Incorrect type environment (state = %lx, text = %s).\n",
  68.587 +               state, text);
  68.588 +        xmlFree(text);
  68.589 +        return -EFAULT;
  68.590 +    }
  68.591 +    return 0;
  68.592 +}
  68.593 +
  68.594 +void set_bootstrap_label(xmlNode * cur_node)
  68.595 +{
  68.596 +    xmlChar *order;
  68.597 +
  68.598 +    if ((order = xmlGetProp(cur_node, (xmlChar *) BOOTSTRAP_LABEL_ATTR_NAME)))
  68.599 +        bootstrap_label = (char *)order;
  68.600 +    else {
  68.601 +        printf("ERROR: No bootstrap label defined!\n");
  68.602 +        exit(EXIT_FAILURE);
  68.603 +    }
  68.604 +}
  68.605 +
  68.606 +void walk_labels(xmlNode * start, xmlDocPtr doc, unsigned long state)
  68.607 +{
  68.608 +    xmlNode *cur_node = NULL;
  68.609 +    int code;
  68.610 +
  68.611 +    for (cur_node = start; cur_node; cur_node = cur_node->next)
  68.612 +    {
  68.613 +        if ((code = totoken((char *) cur_node->name)) < 0)
  68.614 +        {
  68.615 +            printf("Unkonwn token: >%s<. Aborting.\n", cur_node->name);
  68.616 +            exit(EXIT_FAILURE);
  68.617 +        }
  68.618 +        switch (code) {         /* adjust state to new state */
  68.619 +
  68.620 +        case XML2BIN_SUBJECTS:
  68.621 +            set_bootstrap_label(cur_node);
  68.622 +            /* fall through */
  68.623 +        case XML2BIN_VM:
  68.624 +        case XML2BIN_RES:
  68.625 +        case XML2BIN_SECTEMPLATE:
  68.626 +        case XML2BIN_OBJECTS:
  68.627 +            walk_labels(cur_node->children, doc, state | (1 << code));
  68.628 +            break;
  68.629 +
  68.630 +        case XML2BIN_STETYPES:
  68.631 +            /* create new ssid entry to use and point current to it */
  68.632 +            if (init_next_ste_ssid(state))
  68.633 +            {
  68.634 +                printf("ERROR: creating new ste ssid structure failed.\n");
  68.635 +                exit(EXIT_FAILURE);
  68.636 +            }
  68.637 +            walk_labels(cur_node->children, doc, state | (1 << code));
  68.638 +
  68.639 +            break;
  68.640 +
  68.641 +        case XML2BIN_CHWALLTYPES:
  68.642 +            /* create new ssid entry to use and point current to it */
  68.643 +            if (init_next_chwall_ssid(state))
  68.644 +            {
  68.645 +                printf("ERROR: creating new chwall ssid structure failed.\n");
  68.646 +                exit(EXIT_FAILURE);
  68.647 +            }
  68.648 +            walk_labels(cur_node->children, doc, state | (1 << code));
  68.649 +
  68.650 +            break;
  68.651 +
  68.652 +        case XML2BIN_TYPE:
  68.653 +            /* add type to current ssid */
  68.654 +            if (add_type(cur_node, doc, state))
  68.655 +                exit(EXIT_FAILURE);
  68.656 +            break;
  68.657 +
  68.658 +        case XML2BIN_NAME:
  68.659 +            if ((state != XML2BIN_VM_S) && (state != XML2BIN_RES_S))
  68.660 +            {
  68.661 +                printf("ERROR: >name< out of VM/RES context.\n");
  68.662 +                exit(EXIT_FAILURE);
  68.663 +            }
  68.664 +            current_ssid_name = (char *)
  68.665 +                xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1);
  68.666 +
  68.667 +            if (!current_ssid_name)
  68.668 +            {
  68.669 +                printf("ERROR: empty >name<!\n");
  68.670 +                exit(EXIT_FAILURE);
  68.671 +            }
  68.672 +            break;
  68.673 +
  68.674 +        case XML2BIN_TEXT:
  68.675 +        case XML2BIN_COMMENT:
  68.676 +        case XML2BIN_LABELHEADER:
  68.677 +            break;
  68.678 +
  68.679 +        default:
  68.680 +            printf("Unkonwn token Error (%d)\n", code);
  68.681 +            exit(EXIT_FAILURE);
  68.682 +        }
  68.683 +
  68.684 +    }
  68.685 +    return;
  68.686 +}
  68.687 +
  68.688 +/* this function walks through a ssid queue
  68.689 + * and transforms double entries into references
  68.690 + * of the first definition (we need to keep the
  68.691 + * entry to map labels but we don't want double
  68.692 + * ssids in the binary policy
  68.693 + */
  68.694 +void
  68.695 +remove_doubles(struct tailhead_ssid *head,
  68.696 +                        u_int32_t max_types, u_int32_t * max_ssids)
  68.697 +{
  68.698 +    struct ssid_entry *np, *ni;
  68.699 +
  68.700 +    /* walk once through the list */
  68.701 +    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
  68.702 +    {
  68.703 +        /* now search from the start until np for the same entry */
  68.704 +        for (ni = head->tqh_first; ni != np; ni = ni->entries.tqe_next)
  68.705 +        {
  68.706 +            if (ni->is_ref)
  68.707 +                continue;
  68.708 +            if (memcmp(np->row, ni->row, max_types))
  68.709 +                continue;
  68.710 +            /* found one, set np reference to ni */
  68.711 +            np->is_ref = 1;
  68.712 +            np->num = ni->num;
  68.713 +            (*max_ssids)--;
  68.714 +        }
  68.715 +    }
  68.716 +
  68.717 +    /* now minimize the ssid numbers used (doubles introduce holes) */
  68.718 +    (*max_ssids) = 0; /* reset */
  68.719 +
  68.720 +    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
  68.721 +    {
  68.722 +        if (np->is_ref)
  68.723 +            continue;
  68.724 +
  68.725 +        if (np->num != (*max_ssids)) {
  68.726 +                /* first reset all later references to the new max_ssid */
  68.727 +                for (ni = np->entries.tqe_next; ni != NULL; ni = ni->entries.tqe_next)
  68.728 +                {
  68.729 +                    if (ni->num == np->num)
  68.730 +                        ni->num = (*max_ssids);
  68.731 +                }
  68.732 +                /* now reset num */
  68.733 +                np->num = (*max_ssids)++;
  68.734 +        }
  68.735 +        else
  68.736 +            (*max_ssids)++;
  68.737 +    }
  68.738 +}
  68.739 +
  68.740 +/*
  68.741 + * will go away as soon as we have non-static bootstrap ssidref for dom0
  68.742 + */
  68.743 +void fixup_bootstrap_label(struct tailhead_ssid *head,
  68.744 +                         u_int32_t max_types, u_int32_t * max_ssids)
  68.745 +{
  68.746 +    struct ssid_entry *np;
  68.747 +    int i;
  68.748 +
  68.749 +    /* should not happen if xml / xsd checks work */
  68.750 +    if (!bootstrap_label)
  68.751 +    {
  68.752 +        printf("ERROR: No bootstrap label defined.\n");
  68.753 +        exit(EXIT_FAILURE);
  68.754 +    }
  68.755 +
  68.756 +    /* search bootstrap_label */
  68.757 +    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
  68.758 +    {
  68.759 +        if (!strcmp(np->name, bootstrap_label))
  68.760 +        {
  68.761 +            break;
  68.762 +        }
  68.763 +    }
  68.764 +
  68.765 +    if (!np) {
  68.766 +        /* bootstrap label not found */
  68.767 +        printf("ERROR: Bootstrap label >%s< not found.\n", bootstrap_label);
  68.768 +        exit(EXIT_FAILURE);
  68.769 +    }
  68.770 +
  68.771 +    /* move this entry ahead in the list right after the default entry so it
  68.772 +     * receives ssidref 1/1 */
  68.773 +    TAILQ_REMOVE(head, np, entries);
  68.774 +    TAILQ_INSERT_AFTER(head, head->tqh_first, np, entries);
  68.775 +
  68.776 +    /* renumber the ssids (we could also just switch places with 1st element) */
  68.777 +    for (np = head->tqh_first, i=0; np != NULL; np = np->entries.tqe_next, i++)
  68.778 +        np->num   = i;
  68.779 +
  68.780 +}
  68.781 +
  68.782 +int create_ssid_mapping(xmlDocPtr doc)
  68.783 +{
  68.784 +    xmlNode *root_element = xmlDocGetRootElement(doc);
  68.785 +    struct ssid_entry *np;
  68.786 +    int i;
  68.787 +
  68.788 +    printf("Creating label mappings ...\n");
  68.789 +    /* initialize the ste and chwall type lists */
  68.790 +    TAILQ_INIT(&chwall_ssid_head);
  68.791 +    TAILQ_INIT(&ste_ssid_head);
  68.792 +
  68.793 +    /* init with default ssids */
  68.794 +    if (init_ssid_queues())
  68.795 +    {
  68.796 +        printf("ERROR adding default ssids.\n");
  68.797 +        exit(EXIT_FAILURE);
  68.798 +    }
  68.799 +
  68.800 +    /* now walk the template DOM tree and fill in ssids */
  68.801 +    walk_labels(root_element, doc, XML2BIN_NULL);
  68.802 +
  68.803 +    /*
  68.804 +     * now sort bootstrap label to the head of the list
  68.805 +     * (for now), dom0 assumes its label in the first
  68.806 +     * defined ssidref (1/1). 0/0 is the default non-Label
  68.807 +     */
  68.808 +    if (have_chwall)
  68.809 +        fixup_bootstrap_label(&chwall_ssid_head, max_chwall_types,
  68.810 +                                &max_chwall_ssids);
  68.811 +    if (have_ste)
  68.812 +        fixup_bootstrap_label(&ste_ssid_head, max_ste_types,
  68.813 +                                &max_ste_ssids);
  68.814 +
  68.815 +    /* remove any double entries (insert reference instead) */
  68.816 +    if (have_chwall)
  68.817 +        remove_doubles(&chwall_ssid_head, max_chwall_types,
  68.818 +                       &max_chwall_ssids);
  68.819 +    if (have_ste)
  68.820 +        remove_doubles(&ste_ssid_head, max_ste_types,
  68.821 +                       &max_ste_ssids);
  68.822 +
  68.823 +    if (!DEBUG)
  68.824 +        return 0;
  68.825 +
  68.826 +    /* print queues */
  68.827 +    if (have_chwall)
  68.828 +    {
  68.829 +        printf("CHWALL SSID queue (max ssidrefs=%d):\n", max_chwall_ssids);
  68.830 +        np = NULL;
  68.831 +        for (np = chwall_ssid_head.tqh_first; np != NULL;
  68.832 +             np = np->entries.tqe_next)
  68.833 +        {
  68.834 +            printf("SSID #%02u (Label=%s)\n", np->num, np->name);
  68.835 +            if (np->is_ref)
  68.836 +                printf("REFERENCE");
  68.837 +            else
  68.838 +                for (i = 0; i < max_chwall_types; i++)
  68.839 +                    if (np->row[i])
  68.840 +                        printf("#%02d ", i);
  68.841 +            printf("\n\n");
  68.842 +        }
  68.843 +    }
  68.844 +    if (have_ste)
  68.845 +    {
  68.846 +        printf("STE SSID queue (max ssidrefs=%d):\n", max_ste_ssids);
  68.847 +        np = NULL;
  68.848 +        for (np = ste_ssid_head.tqh_first; np != NULL;
  68.849 +             np = np->entries.tqe_next)
  68.850 +        {
  68.851 +            printf("SSID #%02u (Label=%s)\n", np->num, np->name);
  68.852 +            if (np->is_ref)
  68.853 +                printf("REFERENCE");
  68.854 +            else
  68.855 +                for (i = 0; i < max_ste_types; i++)
  68.856 +                    if (np->row[i])
  68.857 +                        printf("#%02d ", i);
  68.858 +            printf("\n\n");
  68.859 +        }
  68.860 +    }
  68.861 +    return 0;
  68.862 +}
  68.863 +
  68.864 +/***************** writing the binary policy *********************/
  68.865 +
  68.866 +/*
  68.867 + * the mapping file is ascii-based since it will likely be used from
  68.868 + * within scripts (using awk, grep, etc.);
  68.869 + *
  68.870 + * We print from high-level to low-level information so that with one
  68.871 + * pass, any symbol can be resolved (e.g. Label -> types)
  68.872 + */
  68.873 +int write_mapping(char *filename)
  68.874 +{
  68.875 +
  68.876 +    struct ssid_entry *e;
  68.877 +    struct type_entry *t;
  68.878 +    int i;
  68.879 +    FILE *file;
  68.880 +
  68.881 +    if ((file = fopen(filename, "w")) == NULL)
  68.882 +        return -EIO;
  68.883 +
  68.884 +    fprintf(file, "MAGIC                  %08x\n", ACM_MAGIC);
  68.885 +    fprintf(file, "POLICY                 %s\n",
  68.886 +            basename(policy_filename));
  68.887 +    fprintf(file, "BINARY                 %s\n",
  68.888 +            basename(binary_filename));
  68.889 +    if (have_chwall)
  68.890 +    {
  68.891 +        fprintf(file, "MAX-CHWALL-TYPES       %08x\n", max_chwall_types);
  68.892 +        fprintf(file, "MAX-CHWALL-SSIDS       %08x\n", max_chwall_ssids);
  68.893 +        fprintf(file, "MAX-CHWALL-LABELS      %08x\n", max_chwall_labels);
  68.894 +    }
  68.895 +    if (have_ste)
  68.896 +    {
  68.897 +        fprintf(file, "MAX-STE-TYPES          %08x\n", max_ste_types);
  68.898 +        fprintf(file, "MAX-STE-SSIDS          %08x\n", max_ste_ssids);
  68.899 +        fprintf(file, "MAX-STE-LABELS         %08x\n", max_ste_labels);
  68.900 +    }
  68.901 +    fprintf(file, "\n");
  68.902 +
  68.903 +    /* primary / secondary order for combined ssid synthesis/analysis
  68.904 +     * if no primary is named, then chwall is primary */
  68.905 +    switch (primary) {
  68.906 +    case CHWALL:
  68.907 +        fprintf(file, "PRIMARY                CHWALL\n");
  68.908 +        break;
  68.909 +
  68.910 +    case STE:
  68.911 +        fprintf(file, "PRIMARY                STE\n");
  68.912 +        break;
  68.913 +
  68.914 +    default:
  68.915 +        fprintf(file, "PRIMARY                NULL\n");
  68.916 +        break;
  68.917 +    }
  68.918 +
  68.919 +    switch (secondary) {
  68.920 +    case CHWALL:
  68.921 +        fprintf(file, "SECONDARY              CHWALL\n");
  68.922 +        break;
  68.923 +
  68.924 +    case STE:
  68.925 +        fprintf(file, "SECONDARY              STE\n");
  68.926 +        break;
  68.927 +
  68.928 +    default:
  68.929 +        fprintf(file, "SECONDARY              NULL\n");
  68.930 +        break;
  68.931 +    }
  68.932 +    fprintf(file, "\n");
  68.933 +
  68.934 +    /* first labels to ssid mappings */
  68.935 +    if (have_chwall)
  68.936 +    {
  68.937 +        for (e = chwall_ssid_head.tqh_first; e != NULL;
  68.938 +             e = e->entries.tqe_next)
  68.939 +        {
  68.940 +            fprintf(file, "LABEL->SSID %s CHWALL %-25s %8x\n",
  68.941 +                    (e->type ==
  68.942 +                     VM) ? "VM " : ((e->type == RES) ? "RES" : "ANY"),
  68.943 +                    e->name, e->num);
  68.944 +        }
  68.945 +        fprintf(file, "\n");
  68.946 +    }
  68.947 +    if (have_ste)
  68.948 +    {
  68.949 +        for (e = ste_ssid_head.tqh_first; e != NULL;
  68.950 +             e = e->entries.tqe_next)
  68.951 +        {
  68.952 +            fprintf(file, "LABEL->SSID %s STE    %-25s %8x\n",
  68.953 +                    (e->type ==
  68.954 +                     VM) ? "VM " : ((e->type == RES) ? "RES" : "ANY"),
  68.955 +                    e->name, e->num);
  68.956 +        }
  68.957 +        fprintf(file, "\n");
  68.958 +    }
  68.959 +
  68.960 +    /* second ssid to type mappings */
  68.961 +    if (have_chwall)
  68.962 +    {
  68.963 +        for (e = chwall_ssid_head.tqh_first; e != NULL;
  68.964 +             e = e->entries.tqe_next)
  68.965 +        {
  68.966 +            if (e->is_ref)
  68.967 +                continue;
  68.968 +
  68.969 +            fprintf(file, "SSID->TYPE CHWALL      %08x", e->num);
  68.970 +
  68.971 +            for (i = 0; i < max_chwall_types; i++)
  68.972 +                if (e->row[i])
  68.973 +                    fprintf(file, " %s", type_by_mapping(&chwall_head, i));
  68.974 +
  68.975 +            fprintf(file, "\n");
  68.976 +        }
  68.977 +        fprintf(file, "\n");
  68.978 +    }
  68.979 +    if (have_ste) {
  68.980 +        for (e = ste_ssid_head.tqh_first; e != NULL;
  68.981 +             e = e->entries.tqe_next)
  68.982 +        {
  68.983 +            if (e->is_ref)
  68.984 +                continue;
  68.985 +
  68.986 +            fprintf(file, "SSID->TYPE STE         %08x", e->num);
  68.987 +
  68.988 +            for (i = 0; i < max_ste_types; i++)
  68.989 +                if (e->row[i])
  68.990 +                    fprintf(file, " %s", type_by_mapping(&ste_head, i));
  68.991 +
  68.992 +            fprintf(file, "\n");
  68.993 +        }
  68.994 +        fprintf(file, "\n");
  68.995 +    }
  68.996 +    /* third type mappings */
  68.997 +    if (have_chwall)
  68.998 +    {
  68.999 +        for (t = chwall_head.tqh_first; t != NULL; t = t->entries.tqe_next)
 68.1000 +        {
 68.1001 +            fprintf(file, "TYPE CHWALL            %-25s %8x\n",
 68.1002 +                    t->name, t->mapping);
 68.1003 +        }
 68.1004 +        fprintf(file, "\n");
 68.1005 +    }
 68.1006 +    if (have_ste) {
 68.1007 +        for (t = ste_head.tqh_first; t != NULL; t = t->entries.tqe_next)
 68.1008 +        {
 68.1009 +            fprintf(file, "TYPE STE               %-25s %8x\n",
 68.1010 +                    t->name, t->mapping);
 68.1011 +        }
 68.1012 +        fprintf(file, "\n");
 68.1013 +    }
 68.1014 +    fclose(file);
 68.1015 +    return 0;
 68.1016 +}
 68.1017 +
 68.1018 +unsigned char *write_chwall_binary(u_int32_t * len_chwall)
 68.1019 +{
 68.1020 +    unsigned char *buf, *ptr;
 68.1021 +    struct acm_chwall_policy_buffer *chwall_header;
 68.1022 +    u_int32_t len;
 68.1023 +    struct ssid_entry *e;
 68.1024 +    int i;
 68.1025 +
 68.1026 +    if (!have_chwall)
 68.1027 +        return NULL;
 68.1028 +
 68.1029 +    len = sizeof(struct acm_chwall_policy_buffer) +
 68.1030 +        sizeof(type_t) * max_chwall_types * max_chwall_ssids +
 68.1031 +        sizeof(type_t) * max_chwall_types * max_conflictsets;
 68.1032 +
 68.1033 +    buf = malloc(len);
 68.1034 +    ptr = buf;
 68.1035 +
 68.1036 +    if (!buf)
 68.1037 +    {
 68.1038 +        printf("ERROR: out of memory allocating chwall buffer.\n");
 68.1039 +        exit(EXIT_FAILURE);
 68.1040 +    }
 68.1041 +    /* chwall has 3 parts : header, types, conflictsets */
 68.1042 +
 68.1043 +    chwall_header = (struct acm_chwall_policy_buffer *) buf;
 68.1044 +    chwall_header->chwall_max_types = htonl(max_chwall_types);
 68.1045 +    chwall_header->chwall_max_ssidrefs = htonl(max_chwall_ssids);
 68.1046 +    chwall_header->policy_code = htonl(ACM_CHINESE_WALL_POLICY);
 68.1047 +    chwall_header->policy_version = htonl(ACM_CHWALL_VERSION);
 68.1048 +    chwall_header->chwall_ssid_offset =
 68.1049 +        htonl(sizeof(struct acm_chwall_policy_buffer));
 68.1050 +    chwall_header->chwall_max_conflictsets = htonl(max_conflictsets);
 68.1051 +    chwall_header->chwall_conflict_sets_offset =
 68.1052 +        htonl(ntohl(chwall_header->chwall_ssid_offset) +
 68.1053 +              sizeof(domaintype_t) * max_chwall_ssids * max_chwall_types);
 68.1054 +    chwall_header->chwall_running_types_offset = 0;     /* not set, only retrieved */
 68.1055 +    chwall_header->chwall_conflict_aggregate_offset = 0;        /* not set, only retrieved */
 68.1056 +    ptr += sizeof(struct acm_chwall_policy_buffer);
 68.1057 +
 68.1058 +    /* types */
 68.1059 +    for (e = chwall_ssid_head.tqh_first; e != NULL;
 68.1060 +         e = e->entries.tqe_next)
 68.1061 +    {
 68.1062 +        if (e->is_ref)
 68.1063 +            continue;
 68.1064 +
 68.1065 +        for (i = 0; i < max_chwall_types; i++)
 68.1066 +            ((type_t *) ptr)[i] = htons((type_t) e->row[i]);
 68.1067 +
 68.1068 +        ptr += sizeof(type_t) * max_chwall_types;
 68.1069 +    }
 68.1070 +
 68.1071 +    /* conflictsets */
 68.1072 +    for (e = conflictsets_head.tqh_first; e != NULL;
 68.1073 +         e = e->entries.tqe_next)
 68.1074 +    {
 68.1075 +        for (i = 0; i < max_chwall_types; i++)
 68.1076 +            ((type_t *) ptr)[i] = htons((type_t) e->row[i]);
 68.1077 +
 68.1078 +        ptr += sizeof(type_t) * max_chwall_types;
 68.1079 +    }
 68.1080 +
 68.1081 +    if ((ptr - buf) != len)
 68.1082 +    {
 68.1083 +        printf("ERROR: wrong lengths in %s.\n", __func__);
 68.1084 +        exit(EXIT_FAILURE);
 68.1085 +    }
 68.1086 +
 68.1087 +    (*len_chwall) = len;
 68.1088 +    return buf;
 68.1089 +}
 68.1090 +
 68.1091 +unsigned char *write_ste_binary(u_int32_t * len_ste)
 68.1092 +{
 68.1093 +    unsigned char *buf, *ptr;
 68.1094 +    struct acm_ste_policy_buffer *ste_header;
 68.1095 +    struct ssid_entry *e;
 68.1096 +    u_int32_t len;
 68.1097 +    int i;
 68.1098 +
 68.1099 +    if (!have_ste)
 68.1100 +        return NULL;
 68.1101 +
 68.1102 +    len = sizeof(struct acm_ste_policy_buffer) +
 68.1103 +        sizeof(type_t) * max_ste_types * max_ste_ssids;
 68.1104 +
 68.1105 +    buf = malloc(len);
 68.1106 +    ptr = buf;
 68.1107 +
 68.1108 +    if (!buf)
 68.1109 +    {
 68.1110 +        printf("ERROR: out of memory allocating chwall buffer.\n");
 68.1111 +        exit(EXIT_FAILURE);
 68.1112 +    }
 68.1113 +
 68.1114 +    /* fill buffer */
 68.1115 +    ste_header = (struct acm_ste_policy_buffer *) buf;
 68.1116 +    ste_header->policy_version = htonl(ACM_STE_VERSION);
 68.1117 +    ste_header->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
 68.1118 +    ste_header->ste_max_types = htonl(max_ste_types);
 68.1119 +    ste_header->ste_max_ssidrefs = htonl(max_ste_ssids);
 68.1120 +    ste_header->ste_ssid_offset =
 68.1121 +        htonl(sizeof(struct acm_ste_policy_buffer));
 68.1122 +
 68.1123 +    ptr += sizeof(struct acm_ste_policy_buffer);
 68.1124 +
 68.1125 +    /* types */
 68.1126 +    for (e = ste_ssid_head.tqh_first; e != NULL; e = e->entries.tqe_next)
 68.1127 +    {
 68.1128 +        if (e->is_ref)
 68.1129 +            continue;
 68.1130 +
 68.1131 +        for (i = 0; i < max_ste_types; i++)
 68.1132 +            ((type_t *) ptr)[i] = htons((type_t) e->row[i]);
 68.1133 +
 68.1134 +        ptr += sizeof(type_t) * max_ste_types;
 68.1135 +    }
 68.1136 +
 68.1137 +    if ((ptr - buf) != len)
 68.1138 +    {
 68.1139 +        printf("ERROR: wrong lengths in %s.\n", __func__);
 68.1140 +        exit(EXIT_FAILURE);
 68.1141 +    }
 68.1142 +    (*len_ste) = len;
 68.1143 +    return buf;                 /* for now */
 68.1144 +}
 68.1145 +
 68.1146 +int write_binary(char *filename)
 68.1147 +{
 68.1148 +    struct acm_policy_buffer header;
 68.1149 +    unsigned char *ste_buffer = NULL, *chwall_buffer = NULL;
 68.1150 +    u_int32_t len;
 68.1151 +    int fd;
 68.1152 +
 68.1153 +    u_int32_t len_ste = 0, len_chwall = 0;      /* length of policy components */
 68.1154 +
 68.1155 +    /* open binary file */
 68.1156 +    if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR)) <= 0)
 68.1157 +        return -EIO;
 68.1158 +
 68.1159 +    ste_buffer = write_ste_binary(&len_ste);
 68.1160 +    chwall_buffer = write_chwall_binary(&len_chwall);
 68.1161 +
 68.1162 +    /* determine primary component (default chwall) */
 68.1163 +    header.policy_version = htonl(ACM_POLICY_VERSION);
 68.1164 +    header.magic = htonl(ACM_MAGIC);
 68.1165 +
 68.1166 +    len = sizeof(struct acm_policy_buffer);
 68.1167 +    if (have_chwall)
 68.1168 +        len += len_chwall;
 68.1169 +    if (have_ste)
 68.1170 +        len += len_ste;
 68.1171 +    header.len = htonl(len);
 68.1172 +
 68.1173 +    header.primary_buffer_offset = htonl(sizeof(struct acm_policy_buffer));
 68.1174 +    if (primary == CHWALL)
 68.1175 +    {
 68.1176 +        header.primary_policy_code = htonl(ACM_CHINESE_WALL_POLICY);
 68.1177 +        header.secondary_buffer_offset =
 68.1178 +            htonl((sizeof(struct acm_policy_buffer)) + len_chwall);
 68.1179 +    }
 68.1180 +    else if (primary == STE)
 68.1181 +    {
 68.1182 +        header.primary_policy_code =
 68.1183 +            htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
 68.1184 +        header.secondary_buffer_offset =
 68.1185 +            htonl((sizeof(struct acm_policy_buffer)) + len_ste);
 68.1186 +    }
 68.1187 +    else
 68.1188 +    {
 68.1189 +        /* null policy */
 68.1190 +        header.primary_policy_code = htonl(ACM_NULL_POLICY);
 68.1191 +        header.secondary_buffer_offset =
 68.1192 +            htonl(header.primary_buffer_offset);
 68.1193 +    }
 68.1194 +
 68.1195 +    if (secondary == CHWALL)
 68.1196 +        header.secondary_policy_code = htonl(ACM_CHINESE_WALL_POLICY);
 68.1197 +    else if (secondary == STE)
 68.1198 +        header.secondary_policy_code =
 68.1199 +            htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
 68.1200 +    else
 68.1201 +        header.secondary_policy_code = htonl(ACM_NULL_POLICY);
 68.1202 +
 68.1203 +    if (write(fd, (void *) &header, sizeof(struct acm_policy_buffer))
 68.1204 +        != sizeof(struct acm_policy_buffer))
 68.1205 +        return -EIO;
 68.1206 +
 68.1207 +    /* write primary policy component */
 68.1208 +    if (primary == CHWALL)
 68.1209 +    {
 68.1210 +        if (write(fd, chwall_buffer, len_chwall) != len_chwall)
 68.1211 +            return -EIO;
 68.1212 +    }
 68.1213 +    else if (primary == STE)
 68.1214 +    {
 68.1215 +        if (write(fd, ste_buffer, len_ste) != len_ste)
 68.1216 +            return -EIO;
 68.1217 +    } else
 68.1218 +        ;                     /* NULL POLICY has no policy data */
 68.1219 +
 68.1220 +    /* write secondary policy component */
 68.1221 +    if (secondary == CHWALL)
 68.1222 +    {
 68.1223 +        if (write(fd, chwall_buffer, len_chwall) != len_chwall)
 68.1224 +            return -EIO;
 68.1225 +    }
 68.1226 +    else if (secondary == STE)
 68.1227 +    {
 68.1228 +        if (write(fd, ste_buffer, len_ste) != len_ste)
 68.1229 +            return -EIO;
 68.1230 +    } else;                     /* NULL POLICY has no policy data */
 68.1231 +
 68.1232 +    close(fd);
 68.1233 +    return 0;
 68.1234 +}
 68.1235 +
 68.1236 +int is_valid(xmlDocPtr doc)
 68.1237 +{
 68.1238 +    int err = 0;
 68.1239 +    xmlSchemaPtr schema_ctxt = NULL;
 68.1240 +    xmlSchemaParserCtxtPtr schemaparser_ctxt = NULL;
 68.1241 +    xmlSchemaValidCtxtPtr schemavalid_ctxt = NULL;
 68.1242 +
 68.1243 +    schemaparser_ctxt = xmlSchemaNewParserCtxt(SCHEMA_FILENAME);
 68.1244 +    schema_ctxt = xmlSchemaParse(schemaparser_ctxt);
 68.1245 +    schemavalid_ctxt = xmlSchemaNewValidCtxt(schema_ctxt);
 68.1246 +
 68.1247 +#ifdef VALIDATE_SCHEMA
 68.1248 +    /* only tested to be available from libxml2-2.6.20 upwards */
 68.1249 +    if ((err = xmlSchemaIsValid(schemavalid_ctxt)) != 1)
 68.1250 +    {
 68.1251 +        printf("ERROR: Invalid schema file %s (err=%d)\n",
 68.1252 +               SCHEMA_FILENAME, err);
 68.1253 +        err = -EIO;
 68.1254 +        goto out;
 68.1255 +    }
 68.1256 +    else
 68.1257 +        printf("XML Schema %s valid.\n", SCHEMA_FILENAME);
 68.1258 +#endif
 68.1259 +    if ((err = xmlSchemaValidateDoc(schemavalid_ctxt, doc)))
 68.1260 +    {
 68.1261 +        err = -EIO;
 68.1262 +        goto out;
 68.1263 +    }
 68.1264 +  out:
 68.1265 +    xmlSchemaFreeValidCtxt(schemavalid_ctxt);
 68.1266 +    xmlSchemaFreeParserCtxt(schemaparser_ctxt);
 68.1267 +    xmlSchemaFree(schema_ctxt);
 68.1268 +    return (err != 0) ? 0 : 1;
 68.1269 +}
 68.1270 +
 68.1271 +int main(int argc, char **argv)
 68.1272 +{
 68.1273 +    xmlDocPtr labeldoc = NULL;
 68.1274 +    xmlDocPtr policydoc = NULL;
 68.1275 +
 68.1276 +    int err = EXIT_SUCCESS;
 68.1277 +
 68.1278 +    char *file_prefix;
 68.1279 +    int prefix_len;
 68.1280 +
 68.1281 +    if (ACM_POLICY_VERSION != WRITTEN_AGAINST_ACM_POLICY_VERSION)
 68.1282 +    {
 68.1283 +        printf("ERROR: This program was written against an older ACM version.\n");
 68.1284 +        exit(EXIT_FAILURE);
 68.1285 +    }
 68.1286 +
 68.1287 +    if (argc != 2)
 68.1288 +        usage(basename(argv[0]));
 68.1289 +
 68.1290 +    prefix_len = strlen(POLICY_SUBDIR) +
 68.1291 +        strlen(argv[1]) + 1 /* "/" */  +
 68.1292 +        strlen(argv[1]) + 1 /* "/" */ ;
 68.1293 +
 68.1294 +    file_prefix = malloc(prefix_len);
 68.1295 +    policy_filename = malloc(prefix_len + strlen(POLICY_EXTENSION));
 68.1296 +    label_filename = malloc(prefix_len + strlen(LABEL_EXTENSION));
 68.1297 +    binary_filename = malloc(prefix_len + strlen(BINARY_EXTENSION));
 68.1298 +    mapping_filename = malloc(prefix_len + strlen(MAPPING_EXTENSION));
 68.1299 +
 68.1300 +    if (!file_prefix || !policy_filename || !label_filename ||
 68.1301 +        !binary_filename || !mapping_filename)
 68.1302 +    {
 68.1303 +        printf("ERROR allocating file name memory.\n");
 68.1304 +        goto out2;
 68.1305 +    }
 68.1306 +
 68.1307 +    /* create input/output filenames out of prefix */
 68.1308 +    strcat(file_prefix, POLICY_SUBDIR);
 68.1309 +    strcat(file_prefix, argv[1]);
 68.1310 +    strcat(file_prefix, "/");
 68.1311 +    strcat(file_prefix, argv[1]);
 68.1312 +
 68.1313 +    strcpy(policy_filename, file_prefix);
 68.1314 +    strcpy(label_filename, file_prefix);
 68.1315 +    strcpy(binary_filename, file_prefix);
 68.1316 +    strcpy(mapping_filename, file_prefix);
 68.1317 +
 68.1318 +    strcat(policy_filename, POLICY_EXTENSION);
 68.1319 +    strcat(label_filename, LABEL_EXTENSION);
 68.1320 +    strcat(binary_filename, BINARY_EXTENSION);
 68.1321 +    strcat(mapping_filename, MAPPING_EXTENSION);
 68.1322 +
 68.1323 +    labeldoc = xmlParseFile(label_filename);
 68.1324 +
 68.1325 +    if (labeldoc == NULL)
 68.1326 +    {
 68.1327 +        printf("Error: could not parse file %s.\n", argv[1]);
 68.1328 +        goto out2;
 68.1329 +    }
 68.1330 +
 68.1331 +    printf("Validating label file %s...\n", label_filename);
 68.1332 +    if (!is_valid(labeldoc))
 68.1333 +    {
 68.1334 +        printf("ERROR: Failed schema-validation for file %s (err=%d)\n",
 68.1335 +               label_filename, err);
 68.1336 +        goto out1;
 68.1337 +    }
 68.1338 +
 68.1339 +    policydoc = xmlParseFile(policy_filename);
 68.1340 +
 68.1341 +    if (policydoc == NULL)
 68.1342 +    {
 68.1343 +        printf("Error: could not parse file %s.\n", argv[1]);
 68.1344 +        goto out1;
 68.1345 +    }
 68.1346 +
 68.1347 +    printf("Validating policy file %s...\n", policy_filename);
 68.1348 +
 68.1349 +    if (!is_valid(policydoc))
 68.1350 +    {
 68.1351 +        printf("ERROR: Failed schema-validation for file %s (err=%d)\n",
 68.1352 +               policy_filename, err);
 68.1353 +        goto out;
 68.1354 +    }
 68.1355 +
 68.1356 +    /* Init queues and parse policy */
 68.1357 +    create_type_mapping(policydoc);
 68.1358 +
 68.1359 +    /* create ssids */
 68.1360 +    create_ssid_mapping(labeldoc);
 68.1361 +
 68.1362 +    /* write label mapping file */
 68.1363 +    if (write_mapping(mapping_filename))
 68.1364 +    {
 68.1365 +        printf("ERROR: writing mapping file %s.\n", mapping_filename);
 68.1366 +        goto out;
 68.1367 +    }
 68.1368 +
 68.1369 +    /* write binary file */
 68.1370 +    if (write_binary(binary_filename))
 68.1371 +    {
 68.1372 +        printf("ERROR: writing binary file %s.\n", binary_filename);
 68.1373 +        goto out;
 68.1374 +    }
 68.1375 +
 68.1376 +    /* write stats */
 68.1377 +    if (have_chwall)
 68.1378 +    {
 68.1379 +        printf("Max chwall labels:  %u\n", max_chwall_labels);
 68.1380 +        printf("Max chwall-types:   %u\n", max_chwall_types);
 68.1381 +        printf("Max chwall-ssids:   %u\n", max_chwall_ssids);
 68.1382 +    }
 68.1383 +
 68.1384 +    if (have_ste)
 68.1385 +    {
 68.1386 +        printf("Max ste labels:     %u\n", max_ste_labels);
 68.1387 +        printf("Max ste-types:      %u\n", max_ste_types);
 68.1388 +        printf("Max ste-ssids:      %u\n", max_ste_ssids);
 68.1389 +    }
 68.1390 +    /* cleanup */
 68.1391 +  out:
 68.1392 +    xmlFreeDoc(policydoc);
 68.1393 +  out1:
 68.1394 +    xmlFreeDoc(labeldoc);
 68.1395 +  out2:
 68.1396 +    xmlCleanupParser();
 68.1397 +    return err;
 68.1398 +}
 68.1399 +
    69.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    69.2 +++ b/tools/security/secpol_xml2bin.h	Fri Aug 19 10:50:15 2005 +0000
    69.3 @@ -0,0 +1,139 @@
    69.4 +/****************************************************************
    69.5 + * secpol_xml2bin.h
    69.6 + *
    69.7 + * Copyright (C) 2005 IBM Corporation
    69.8 + *
    69.9 + * Authors:
   69.10 + * Reiner Sailer <sailer@watson.ibm.com>
   69.11 + *
   69.12 + * This program is free software; you can redistribute it and/or
   69.13 + * modify it under the terms of the GNU General Public License as
   69.14 + * published by the Free Software Foundation, version 2 of the
   69.15 + * License.
   69.16 + *
   69.17 + */
   69.18 +#define POLICY_SUBDIR       "policies/"
   69.19 +#define POLICY_EXTENSION    "-security_policy.xml"
   69.20 +#define LABEL_EXTENSION     "-security_label_template.xml"
   69.21 +#define BINARY_EXTENSION    ".bin"
   69.22 +#define MAPPING_EXTENSION   ".map"
   69.23 +#define PRIMARY_COMPONENT_ATTR_NAME "order"
   69.24 +#define BOOTSTRAP_LABEL_ATTR_NAME   "bootstrap"
   69.25 +#define PRIMARY_COMPONENT   "PrimaryPolicyComponent"
   69.26 +#define SCHEMA_FILENAME     "policies/security_policy.xsd"
   69.27 +
   69.28 +/* basic states (used as 1 << X) */
   69.29 +#define XML2BIN_SECPOL		    0   /* policy tokens */
   69.30 +#define XML2BIN_STE		        1
   69.31 +#define XML2BIN_CHWALL          2
   69.32 +#define XML2BIN_CONFLICTSETS   	3
   69.33 +#define XML2BIN_CSTYPE	    	4
   69.34 +
   69.35 +#define XML2BIN_SECTEMPLATE	    5   /* label tokens */
   69.36 +#define XML2BIN_POLICYHEADER   	6
   69.37 +#define XML2BIN_LABELHEADER     7
   69.38 +#define XML2BIN_SUBJECTS        8
   69.39 +#define XML2BIN_OBJECTS  	    9
   69.40 +#define XML2BIN_VM      	    10
   69.41 +#define XML2BIN_RES          	11
   69.42 +
   69.43 +#define XML2BIN_STETYPES	    12  /* shared tokens */
   69.44 +#define XML2BIN_CHWALLTYPES	    13
   69.45 +#define XML2BIN_TYPE		    14
   69.46 +#define XML2BIN_NAME            15
   69.47 +#define XML2BIN_TEXT		    16
   69.48 +#define XML2BIN_COMMENT	    	17
   69.49 +
   69.50 +/* type "data type" (currently 16bit) */
   69.51 +typedef u_int16_t type_t;
   69.52 +
   69.53 +/* list of known elements and token equivalent  *
   69.54 + * state constants and token positions must be  *
   69.55 + * in sync for correct state recognition        */
   69.56 +
   69.57 +char *token[20] =                       /* parser triggers */
   69.58 +{
   69.59 +    [0] = "SecurityPolicyDefinition",   /* policy xml */
   69.60 +    [1] = "SimpleTypeEnforcement",
   69.61 +    [2] = "ChineseWall",
   69.62 +    [3] = "ConflictSets",
   69.63 +    [4] = "Conflict",                   /* label-template xml */
   69.64 +    [5] = "SecurityLabelTemplate",
   69.65 +    [6] = "PolicyHeader",
   69.66 +    [7] = "LabelHeader",
   69.67 +    [8] = "SubjectLabels",
   69.68 +    [9] = "ObjectLabels",
   69.69 +    [10] = "VirtualMachineLabel",
   69.70 +    [11] = "ResourceLabel",
   69.71 +    [12] = "SimpleTypeEnforcementTypes",                  /* common tags */
   69.72 +    [13] = "ChineseWallTypes",
   69.73 +    [14] = "Type",
   69.74 +    [15] = "Name",
   69.75 +    [16] = "text",
   69.76 +    [17] = "comment",
   69.77 +    [18] = NULL,
   69.78 +};
   69.79 +
   69.80 +/* important combined states */
   69.81 +#define XML2BIN_NULL 		0
   69.82 +
   69.83 +/* policy xml parsing states _S */
   69.84 +
   69.85 +/* e.g., here we are in a <secpol,ste,stetypes> environment,  *
   69.86 + * so when finding a type element, we know where to put it    */
   69.87 +#define XML2BIN_stetype_S ((1 << XML2BIN_SECPOL) | \
   69.88 +				 (1 << XML2BIN_STE) | 	 \
   69.89 +				 (1 << XML2BIN_STETYPES))
   69.90 +
   69.91 +#define XML2BIN_chwalltype_S ((1 << XML2BIN_SECPOL) | \
   69.92 +				 (1 << XML2BIN_CHWALL) | \
   69.93 +				 (1 << XML2BIN_CHWALLTYPES))
   69.94 +
   69.95 +#define XML2BIN_conflictset_S ((1 << XML2BIN_SECPOL) | \
   69.96 +				 (1 << XML2BIN_CHWALL) | \
   69.97 +				 (1 << XML2BIN_CONFLICTSETS))
   69.98 +
   69.99 +#define XML2BIN_conflictsettype_S ((1 << XML2BIN_SECPOL) | \
  69.100 +				 (1 << XML2BIN_CHWALL) | \
  69.101 +				 (1 << XML2BIN_CONFLICTSETS) | \
  69.102 +				 (1 << XML2BIN_CSTYPE))
  69.103 +
  69.104 +
  69.105 +/* label xml states */
  69.106 +#define XML2BIN_VM_S ((1 << XML2BIN_SECTEMPLATE) | \
  69.107 +                      (1 << XML2BIN_SUBJECTS) |    \
  69.108 +                      (1 << XML2BIN_VM))
  69.109 +
  69.110 +#define XML2BIN_RES_S ((1 << XML2BIN_SECTEMPLATE) | \
  69.111 +                       (1 << XML2BIN_OBJECTS) |     \
  69.112 +                       (1 << XML2BIN_RES))
  69.113 +
  69.114 +#define XML2BIN_VM_STE_S ((1 << XML2BIN_SECTEMPLATE) | \
  69.115 +                        (1 << XML2BIN_SUBJECTS) | \
  69.116 +                        (1 << XML2BIN_VM) | \
  69.117 +                        (1 << XML2BIN_STETYPES))
  69.118 +
  69.119 +#define XML2BIN_VM_CHWALL_S ((1 << XML2BIN_SECTEMPLATE) | \
  69.120 +                           (1 << XML2BIN_SUBJECTS) | \
  69.121 +                           (1 << XML2BIN_VM) | \
  69.122 +                           (1 << XML2BIN_CHWALLTYPES))
  69.123 +
  69.124 +#define XML2BIN_RES_STE_S ((1 << XML2BIN_SECTEMPLATE) | \
  69.125 +                         (1 << XML2BIN_OBJECTS) | \
  69.126 +                         (1 << XML2BIN_RES) | \
  69.127 +                         (1 << XML2BIN_STETYPES))
  69.128 +
  69.129 +
  69.130 +
  69.131 +/* check versions of headers against which the
  69.132 + * xml2bin translation tool was written
  69.133 + */
  69.134 +
  69.135 +/* protects from unnoticed changes in struct acm_policy_buffer */
  69.136 +#define WRITTEN_AGAINST_ACM_POLICY_VERSION  1
  69.137 +
  69.138 +/* protects from unnoticed changes in struct acm_chwall_policy_buffer */
  69.139 +#define WRITTEN_AGAINST_ACM_CHWALL_VERSION  1
  69.140 +
  69.141 +/* protects from unnoticed changes in struct acm_ste_policy_buffer */
  69.142 +#define WRITTEN_AGAINST_ACM_STE_VERSION     1
    70.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    70.2 +++ b/tools/security/setlabel.sh	Fri Aug 19 10:50:15 2005 +0000
    70.3 @@ -0,0 +1,345 @@
    70.4 +#!/bin/sh
    70.5 +# *
    70.6 +# * setlabel
    70.7 +# *
    70.8 +# * Copyright (C) 2005 IBM Corporation
    70.9 +# *
   70.10 +# * Authors:
   70.11 +# * Stefan Berger <stefanb@us.ibm.com>
   70.12 +# *
   70.13 +# * This program is free software; you can redistribute it and/or
   70.14 +# * modify it under the terms of the GNU General Public License as
   70.15 +# * published by the Free Software Foundation, version 2 of the
   70.16 +# * License.
   70.17 +# *
   70.18 +# * 'setlabel' labels virtual machine (domain) configuration files with
   70.19 +# * security identifiers that can be enforced in Xen.
   70.20 +# *
   70.21 +# * 'setlabel -?' shows the usage of the program
   70.22 +# *
   70.23 +# * 'setlabel -l vmconfig-file' lists all available labels (only VM
   70.24 +# *            labels are used right now)
   70.25 +# *
   70.26 +# * 'setlabel vmconfig-file security-label map-file' inserts the 'ssidref'
   70.27 +# *                       that corresponds to the security-label under the
   70.28 +# *                       current policy (if policy changes, 'label'
   70.29 +# *                       must be re-run over the configuration files;
   70.30 +# *                       map-file is created during policy translation and
   70.31 +# *                       is found in the policy's directory
   70.32 +#
   70.33 +
   70.34 +if [ -z "$runbash" ]; then
   70.35 +	runbash="1"
   70.36 +	export runbash
   70.37 +	exec sh -c "bash $0 $*"
   70.38 +fi
   70.39 +
   70.40 +
   70.41 +usage ()
   70.42 +{
   70.43 +	echo "Usage: $0 [Option] <vmfile> <label> <policy name> "
   70.44 +	echo "    or $0 -l <policy name>"
   70.45 +	echo ""
   70.46 +	echo "Valid Options are:"
   70.47 +	echo "-r          : to relabel a file without being prompted"
   70.48 +	echo ""
   70.49 +	echo "vmfile      : XEN vm configuration file"
   70.50 +	echo "label       : the label to map"
   70.51 +	echo "policy name : the name of the policy, i.e. 'chwall'"
   70.52 +	echo ""
   70.53 +	echo "-l <policy name> is used to show valid labels in the map file"
   70.54 +	echo ""
   70.55 +}
   70.56 +
   70.57 +
   70.58 +findMapFile ()
   70.59 +{
   70.60 +	mapfile="./$1.map"
   70.61 +	if [ -r "$mapfile" ]; then
   70.62 +		return 1
   70.63 +	fi
   70.64 +
   70.65 +	mapfile="./policies/$1/$1.map"
   70.66 +	if [ -r "$mapfile" ]; then
   70.67 +		return 1
   70.68 +	fi
   70.69 +
   70.70 +	return 0
   70.71 +}
   70.72 +
   70.73 +showLabels ()
   70.74 +{
   70.75 +	mapfile=$1
   70.76 +	if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then
   70.77 +		echo "Cannot read from vm configuration file $vmfile."
   70.78 +		return -1
   70.79 +	fi
   70.80 +
   70.81 +	getPrimaryPolicy $mapfile
   70.82 +	getSecondaryPolicy $mapfile
   70.83 +
   70.84 +	echo "The following labels are available:"
   70.85 +	let line=1
   70.86 +	while [ 1 ]; do
   70.87 +		ITEM=`cat $mapfile |         \
   70.88 +		      awk -vline=$line       \
   70.89 +		          -vprimary=$primary \
   70.90 +		      '{                     \
   70.91 +		         if ($1 == "LABEL->SSID" &&  \
   70.92 +		             $2 == "VM" &&           \
   70.93 +		             $3 == primary ) {       \
   70.94 +		           ctr++;                    \
   70.95 +		           if (ctr == line) {        \
   70.96 +		             print $4;               \
   70.97 +		           }                         \
   70.98 +		         }                           \
   70.99 +		       } END {                       \
  70.100 +		       }'`
  70.101 +
  70.102 +		if [ "$ITEM" == "" ]; then
  70.103 +			break
  70.104 +		fi
  70.105 +		if [ "$secondary" != "NULL" ]; then
  70.106 +			LABEL=`cat $mapfile |     \
  70.107 +			       awk -vitem=$ITEM   \
  70.108 +			       '{
  70.109 +			          if ($1 == "LABEL->SSID" && \
  70.110 +			              $2 == "VM" &&          \
  70.111 +			              $3 == "CHWALL" &&      \
  70.112 +			              $4 == item ) {         \
  70.113 +			            result = item;           \
  70.114 +			          }                          \
  70.115 +			        } END {                      \
  70.116 +			            print result             \
  70.117 +			        }'`
  70.118 +		else
  70.119 +			LABEL=$ITEM
  70.120 +		fi
  70.121 +
  70.122 +		if [ "$LABEL" != "" ]; then
  70.123 +			echo "$LABEL"
  70.124 +			found=1
  70.125 +		fi
  70.126 +		let line=line+1
  70.127 +	done
  70.128 +	if [ "$found" != "1" ]; then
  70.129 +		echo "No labels found."
  70.130 +	fi
  70.131 +}
  70.132 +
  70.133 +getPrimaryPolicy ()
  70.134 +{
  70.135 +	mapfile=$1
  70.136 +	primary=`cat $mapfile  |   \
  70.137 +	         awk '             \
  70.138 +	          {                \
  70.139 +	            if ( $1 == "PRIMARY" ) { \
  70.140 +	              res=$2;                \
  70.141 +	            }                        \
  70.142 +	          } END {                    \
  70.143 +	            print res;               \
  70.144 +	          } '`
  70.145 +}
  70.146 +
  70.147 +getSecondaryPolicy ()
  70.148 +{
  70.149 +	mapfile=$1
  70.150 +	secondary=`cat $mapfile  |   \
  70.151 +	         awk '             \
  70.152 +	          {                \
  70.153 +	            if ( $1 == "SECONDARY" ) { \
  70.154 +	              res=$2;                \
  70.155 +	            }                        \
  70.156 +	          } END {                    \
  70.157 +	            print res;               \
  70.158 +	          } '`
  70.159 +}
  70.160 +
  70.161 +
  70.162 +getDefaultSsid ()
  70.163 +{
  70.164 +	mapfile=$1
  70.165 +	pol=$2
  70.166 +	RES=`cat $mapfile    \
  70.167 +	     awk -vpol=$pol  \
  70.168 +	      {              \
  70.169 +	        if ($1 == "LABEL->SSID" && \
  70.170 +	            $2 == "ANY"         && \
  70.171 +	            $3 == pol           && \
  70.172 +	            $4 == "DEFAULT"       ) {\
  70.173 +	              res=$5;                \
  70.174 +	        }                            \
  70.175 +	      } END {                        \
  70.176 +	        printf "%04x", strtonum(res) \
  70.177 +	     }'`
  70.178 +	echo "default NULL mapping is $RES"
  70.179 +	defaultssid=$RES
  70.180 +}
  70.181 +
  70.182 +relabel ()
  70.183 +{
  70.184 +	vmfile=$1
  70.185 +	label=$2
  70.186 +	mapfile=$3
  70.187 +	mode=$4
  70.188 +
  70.189 +	if [ ! -r "$vmfile" ]; then
  70.190 +		echo "Cannot read from vm configuration file $vmfile."
  70.191 +		return -1
  70.192 +	fi
  70.193 +
  70.194 +	if [ ! -w "$vmfile" ]; then
  70.195 +		echo "Cannot write to vm configuration file $vmfile."
  70.196 +		return -1
  70.197 +	fi
  70.198 +
  70.199 +	if [ ! -r "$mapfile" ] ; then
  70.200 +		echo "Cannot read mapping file $mapfile."
  70.201 +		return -1
  70.202 +	fi
  70.203 +
  70.204 +	# Determine which policy is primary, which sec.
  70.205 +	getPrimaryPolicy $mapfile
  70.206 +	getSecondaryPolicy $mapfile
  70.207 +
  70.208 +	# Calculate the primary policy's SSIDREF
  70.209 +	if [ "$primary" == "NULL" ]; then
  70.210 +		SSIDLO="0000"
  70.211 +	else
  70.212 +		SSIDLO=`cat $mapfile |                    \
  70.213 +		        awk -vlabel=$label                \
  70.214 +		            -vprimary=$primary            \
  70.215 +		           '{                             \
  70.216 +		              if ( $1 == "LABEL->SSID" && \
  70.217 +		                   $2 == "VM" &&          \
  70.218 +		                   $3 == primary  &&      \
  70.219 +		                   $4 == label ) {        \
  70.220 +		                result=$5                 \
  70.221 +		              }                           \
  70.222 +		           } END {                        \
  70.223 +		             if (result != "" )           \
  70.224 +		               {printf "%04x", strtonum(result)}\
  70.225 +		           }'`
  70.226 +	fi
  70.227 +
  70.228 +	# Calculate the secondary policy's SSIDREF
  70.229 +	if [ "$secondary" == "NULL" ]; then
  70.230 +		SSIDHI="0000"
  70.231 +	else
  70.232 +		SSIDHI=`cat $mapfile |                    \
  70.233 +		        awk -vlabel=$label                \
  70.234 +		            -vsecondary=$secondary        \
  70.235 +		           '{                             \
  70.236 +		              if ( $1 == "LABEL->SSID" && \
  70.237 +		                   $2 == "VM"          && \
  70.238 +		                   $3 == secondary     && \
  70.239 +		                   $4 == label ) {        \
  70.240 +		                result=$5                 \
  70.241 +		              }                           \
  70.242 +		            }  END {                      \
  70.243 +		              if (result != "" )          \
  70.244 +		                {printf "%04x", strtonum(result)}\
  70.245 +		            }'`
  70.246 +	fi
  70.247 +
  70.248 +	if [ "$SSIDLO" == "" -o \
  70.249 +	     "$SSIDHI" == "" ]; then
  70.250 +		echo "Could not map the given label '$label'."
  70.251 +		return -1
  70.252 +	fi
  70.253 +
  70.254 +	ACM_POLICY=`cat $mapfile |             \
  70.255 +	    awk ' { if ( $1 == "POLICY" ) {    \
  70.256 +	              result=$2                \
  70.257 +	            }                          \
  70.258 +	          }                            \
  70.259 +	          END {                        \
  70.260 +	            if (result != "") {        \
  70.261 +	              printf result            \
  70.262 +	            }                          \
  70.263 +	          }'`
  70.264 +
  70.265 +	if [ "$ACM_POLICY" == "" ]; then
  70.266 +		echo "Could not find 'POLICY' entry in map file."
  70.267 +		return -1
  70.268 +	fi
  70.269 +
  70.270 +	SSIDREF="0x$SSIDHI$SSIDLO"
  70.271 +
  70.272 +	if [ "$mode" != "relabel" ]; then
  70.273 +		RES=`cat $vmfile |  \
  70.274 +		     awk '{         \
  70.275 +		       if ( substr($1,0,7) == "ssidref" ) {\
  70.276 +		         print $0;             \
  70.277 +		       }                       \
  70.278 +		     }'`
  70.279 +		if [ "$RES" != "" ]; then
  70.280 +			echo "Do you want to overwrite the existing mapping ($RES)? (y/N)"
  70.281 +			read user
  70.282 +			if [ "$user" != "y" -a "$user" != "Y" ]; then
  70.283 +				echo "Aborted."
  70.284 +				return 0
  70.285 +			fi
  70.286 +		fi
  70.287 +	fi
  70.288 +
  70.289 +	#Write the output
  70.290 +	vmtmp1="/tmp/__setlabel.tmp1"
  70.291 +	vmtmp2="/tmp/__setlabel.tmp2"
  70.292 +	touch $vmtmp1
  70.293 +	touch $vmtmp2
  70.294 +	if [ ! -w "$vmtmp1" -o ! -w "$vmtmp2" ]; then
  70.295 +		echo "Cannot create temporary files. Aborting."
  70.296 +		return -1
  70.297 +	fi
  70.298 +	RES=`sed -e '/^#ACM_POLICY/d' $vmfile > $vmtmp1`
  70.299 +	RES=`sed -e '/^#ACM_LABEL/d' $vmtmp1 > $vmtmp2`
  70.300 +	RES=`sed -e '/^ssidref/d' $vmtmp2 > $vmtmp1`
  70.301 +	echo "#ACM_POLICY=$ACM_POLICY" >> $vmtmp1
  70.302 +	echo "#ACM_LABEL=$label" >> $vmtmp1
  70.303 +	echo "ssidref = $SSIDREF" >> $vmtmp1
  70.304 +	mv -f $vmtmp1 $vmfile
  70.305 +	rm -rf $vmtmp1 $vmtmp2
  70.306 +	echo "Mapped label '$label' to ssidref '$SSIDREF'."
  70.307 +}
  70.308 +
  70.309 +
  70.310 +
  70.311 +if [ "$1" == "-r" ]; then
  70.312 +	mode="relabel"
  70.313 +	shift
  70.314 +elif [ "$1" == "-l" ]; then
  70.315 +	mode="show"
  70.316 +	shift
  70.317 +elif [ "$1" == "-?" ]; then
  70.318 +	mode="usage"
  70.319 +fi
  70.320 +
  70.321 +if [ "$mode" == "show" ]; then
  70.322 +	if [ "$1" == "" ]; then
  70.323 +		usage
  70.324 +		exit -1;
  70.325 +	fi
  70.326 +	findMapFile $1
  70.327 +	res=$?
  70.328 +	if [ "$res" != "0" ]; then
  70.329 +		showLabels $mapfile
  70.330 +	else
  70.331 +		echo "Could not find map file for policy '$1'."
  70.332 +	fi
  70.333 +elif [ "$mode" == "usage" ]; then
  70.334 +	usage
  70.335 +else
  70.336 +	if [ "$3" == "" ]; then
  70.337 +		usage
  70.338 +		exit -1;
  70.339 +	fi
  70.340 +	findMapFile $3
  70.341 +	res=$?
  70.342 +	if [ "$res" != "0" ]; then
  70.343 +		relabel $1 $2 $mapfile $mode
  70.344 +	else
  70.345 +		echo "Could not find map file for policy '$3'."
  70.346 +	fi
  70.347 +
  70.348 +fi
    71.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    71.2 +++ b/tools/security/updategrub.sh	Fri Aug 19 10:50:15 2005 +0000
    71.3 @@ -0,0 +1,171 @@
    71.4 +#!/bin/sh
    71.5 +# *
    71.6 +# * updategrub
    71.7 +# *
    71.8 +# * Copyright (C) 2005 IBM Corporation
    71.9 +# *
   71.10 +# * Authors:
   71.11 +# * Stefan Berger <stefanb@us.ibm.com>
   71.12 +# *
   71.13 +# * This program is free software; you can redistribute it and/or
   71.14 +# * modify it under the terms of the GNU General Public License as
   71.15 +# * published by the Free Software Foundation, version 2 of the
   71.16 +# * License.
   71.17 +# *
   71.18 +# *
   71.19 +#
   71.20 +
   71.21 +if [ -z "$runbash" ]; then
   71.22 +	runbash="1"
   71.23 +	export runbash
   71.24 +	exec sh -c "bash $0 $*"
   71.25 +	exit
   71.26 +fi
   71.27 +
   71.28 +
   71.29 +# Show usage of this program
   71.30 +usage ()
   71.31 +{
   71.32 +	echo "Usage: $0 <policy name> <root of xen repository>"
   71.33 +	echo ""
   71.34 +	echo "<policy name>             : The name of the policy, i.e. xen_null"
   71.35 +	echo "<root of xen repository>  : The root of the XEN repositrory."
   71.36 +	echo ""
   71.37 +}
   71.38 +
   71.39 +# This function sets the global variable 'linux'
   71.40 +# to the name of the linux kernel that was compiled
   71.41 +# For now a pattern should do the trick
   71.42 +getLinuxVersion ()
   71.43 +{
   71.44 +	path=$1
   71.45 +	linux=""
   71.46 +	for f in $path/linux-*-xen0 ; do
   71.47 +		versionfile=$f/include/linux/version.h
   71.48 +		if [ -r $versionfile ]; then
   71.49 +			lnx=`cat $versionfile | \
   71.50 +			     grep UTS_RELEASE | \
   71.51 +			     awk '{             \
   71.52 +			       len=length($3);  \
   71.53 +			       print substr($3,2,len-2) }'`
   71.54 +		fi
   71.55 +		if [ "$lnx" != "" ]; then
   71.56 +			linux="[./0-9a-zA-z]*$lnx"
   71.57 +			return;
   71.58 +		fi
   71.59 +	done
   71.60 +
   71.61 +	#Last resort.
   71.62 +	linux="vmlinuz-2.[45678].[0-9]*[.0-9]*-xen0$"
   71.63 +}
   71.64 +
   71.65 +#Return where the grub.conf file is.
   71.66 +#I only know of one place it can be.
   71.67 +findGrubConf()
   71.68 +{
   71.69 +	grubconf="/boot/grub/grub.conf"
   71.70 +	if [ -w $grubconf ]; then
   71.71 +		return 1
   71.72 +	fi
   71.73 +	return 0
   71.74 +}
   71.75 +
   71.76 +
   71.77 +#Update the grub configuration file.
   71.78 +#Search for existing entries and replace the current
   71.79 +#policy entry with the policy passed to this script
   71.80 +#
   71.81 +#Arguments passed to this function
   71.82 +# 1st : the grub configuration file
   71.83 +# 2nd : the binary policy file name
   71.84 +# 3rd : the name or pattern of the linux kernel name to match
   71.85 +#
   71.86 +# The algorithm here is based on pattern matching
   71.87 +# and is working correctly if
   71.88 +# - under a title a line beginning with 'kernel' is found
   71.89 +#   whose following item ends with "xen.gz"
   71.90 +#   Example:  kernel /xen.gz dom0_mem=....
   71.91 +# - a module line matching the 3rd parameter is found
   71.92 +#
   71.93 +updateGrub ()
   71.94 +{
   71.95 +	grubconf=$1
   71.96 +	policyfile=$2
   71.97 +	linux=$3
   71.98 +
   71.99 +	tmpfile="/tmp/new_grub.conf"
  71.100 +
  71.101 +	cat $grubconf |                                \
  71.102 +	         awk -vpolicy=$policyfile              \
  71.103 +	             -vlinux=$linux '{                 \
  71.104 +	           if ( $1 == "title" ) {              \
  71.105 +	             kernelfound = 0;                  \
  71.106 +	             if ( policymaycome == 1 ){        \
  71.107 +	               printf ("\tmodule %s%s\n", path, policy);      \
  71.108 +	             }                                 \
  71.109 +	             policymaycome = 0;                \
  71.110 +	           }                                   \
  71.111 +	           else if ( $1 == "kernel" ) {        \
  71.112 +	             if ( match($2,"xen.gz$") ) {      \
  71.113 +	               path=substr($2,1,RSTART-1);     \
  71.114 +	               kernelfound = 1;                \
  71.115 +	             }                                 \
  71.116 +	           }                                   \
  71.117 +	           else if ( $1 == "module" &&         \
  71.118 +	                     kernelfound == 1 &&       \
  71.119 +	                     match($2,linux) ) {       \
  71.120 +	              policymaycome = 1;               \
  71.121 +	           }                                   \
  71.122 +	           else if ( $1 == "module" &&         \
  71.123 +	                     kernelfound == 1 &&       \
  71.124 +	                     policymaycome == 1 &&     \
  71.125 +	                     match($2,"[0-9a-zA-Z]*.bin$") ) { \
  71.126 +	              printf ("\tmodule %s%s\n", path, policy); \
  71.127 +	              policymaycome = 0;               \
  71.128 +	              kernelfound = 0;                 \
  71.129 +	              dontprint = 1;                   \
  71.130 +	           }                                   \
  71.131 +	           else if ( $1 == "" &&               \
  71.132 +	                     kernelfound == 1 &&       \
  71.133 +	                     policymaycome == 1) {     \
  71.134 +	              dontprint = 1;                   \
  71.135 +	           }                                   \
  71.136 +	           if (dontprint == 0) {               \
  71.137 +	             printf ("%s\n", $0);              \
  71.138 +	           }                                   \
  71.139 +	           dontprint = 0;                      \
  71.140 +	         } END {                               \
  71.141 +	           if ( policymaycome == 1 ) {         \
  71.142 +	             printf ("\tmodule %s%s\n", path, policy);  \
  71.143 +	           }                                   \
  71.144 +	         }' > $tmpfile
  71.145 +	if [ ! -r $tmpfile ]; then
  71.146 +		echo "Could not create temporary file! Aborting."
  71.147 +		exit -1
  71.148 +	fi
  71.149 +	mv -f $tmpfile $grubconf
  71.150 +}
  71.151 +
  71.152 +if [ "$1" == "" -o "$2" == "" ]; then
  71.153 +	usage
  71.154 +	exit -1
  71.155 +fi
  71.156 +
  71.157 +if [ "$1" == "-?" ]; then
  71.158 +	usage
  71.159 +	exit 0
  71.160 +fi
  71.161 +
  71.162 +policy=$1
  71.163 +policyfile=$policy.bin
  71.164 +
  71.165 +getLinuxVersion $2
  71.166 +
  71.167 +findGrubConf
  71.168 +ERR=$?
  71.169 +if [ $ERR -eq 0 ]; then
  71.170 +	echo "Could not find grub.conf. Aborting."
  71.171 +	exit -1
  71.172 +fi
  71.173 +
  71.174 +updateGrub $grubconf $policyfile $linux
    72.1 --- a/xen/Rules.mk	Fri Aug 19 10:18:53 2005 +0000
    72.2 +++ b/xen/Rules.mk	Fri Aug 19 10:50:15 2005 +0000
    72.3 @@ -11,14 +11,6 @@ optimize    ?= y
    72.4  domu_debug  ?= n
    72.5  crash_debug ?= n
    72.6  
    72.7 -# ACM_USE_SECURITY_POLICY is set to security policy of Xen
    72.8 -# Supported models are:
    72.9 -#	ACM_NULL_POLICY (ACM will not be built with this policy)
   72.10 -#	ACM_CHINESE_WALL_POLICY
   72.11 -#	ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
   72.12 -#	ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
   72.13 -ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
   72.14 -
   72.15  include $(BASEDIR)/../Config.mk
   72.16  
   72.17  # Set ARCH/SUBARCH appropriately.
    74.1 --- a/xen/arch/x86/domain_build.c	Fri Aug 19 10:18:53 2005 +0000
    74.2 +++ b/xen/arch/x86/domain_build.c	Fri Aug 19 10:50:15 2005 +0000
    74.3 @@ -22,16 +22,28 @@
    74.4  #include <asm/i387.h>
    74.5  #include <asm/shadow.h>
    74.6  
    74.7 -/* opt_dom0_mem: memory allocated to domain 0. */
    74.8 -static unsigned int opt_dom0_mem;
    74.9 +static long dom0_nrpages;
   74.10 +
   74.11 +/*
   74.12 + * dom0_mem:
   74.13 + *  If +ve:
   74.14 + *   * The specified amount of memory is allocated to domain 0.
   74.15 + *  If -ve:
   74.16 + *   * All of memory is allocated to domain 0, minus the specified amount.
   74.17 + *  If not specified: 
   74.18 + *   * All of memory is allocated to domain 0, minus 1/16th which is reserved
   74.19 + *     for uses such as DMA buffers (the reservation is clamped to 128MB).
   74.20 + */
   74.21  static void parse_dom0_mem(char *s)
   74.22  {
   74.23 -    unsigned long long bytes = parse_size_and_unit(s);
   74.24 -    /* If no unit is specified we default to kB units, not bytes. */
   74.25 -    if ( isdigit(s[strlen(s)-1]) )
   74.26 -        opt_dom0_mem = (unsigned int)bytes;
   74.27 -    else
   74.28 -        opt_dom0_mem = (unsigned int)(bytes >> 10);
   74.29 +    unsigned long long bytes;
   74.30 +    char *t = s;
   74.31 +    if ( *s == '-' )
   74.32 +        t++;
   74.33 +    bytes = parse_size_and_unit(t);
   74.34 +    dom0_nrpages = bytes >> PAGE_SHIFT;
   74.35 +    if ( *s == '-' )
   74.36 +        dom0_nrpages = -dom0_nrpages;
   74.37  }
   74.38  custom_param("dom0_mem", parse_dom0_mem);
   74.39  
   74.40 @@ -137,12 +149,30 @@ int construct_dom0(struct domain *d,
   74.41  
   74.42      printk("*** LOADING DOMAIN 0 ***\n");
   74.43  
   74.44 -    /* By default DOM0 is allocated all available memory. */
   74.45      d->max_pages = ~0U;
   74.46 -    if ( (nr_pages = opt_dom0_mem >> (PAGE_SHIFT - 10)) == 0 )
   74.47 +
   74.48 +    /*
   74.49 +     * If domain 0 allocation isn't specified, reserve 1/16th of available
   74.50 +     * memory for things like DMA buffers. This reservation is clamped to 
   74.51 +     * a maximum of 128MB.
   74.52 +     */
   74.53 +    if ( dom0_nrpages == 0 )
   74.54 +    {
   74.55 +        dom0_nrpages = avail_domheap_pages() +
   74.56 +            ((initrd_len + PAGE_SIZE - 1) >> PAGE_SHIFT) +
   74.57 +            ((image_len  + PAGE_SIZE - 1) >> PAGE_SHIFT);
   74.58 +        dom0_nrpages = min(dom0_nrpages / 16, 128L << (20 - PAGE_SHIFT));
   74.59 +        dom0_nrpages = -dom0_nrpages;
   74.60 +    }
   74.61 +
   74.62 +    /* Negative memory specification means "all memory - specified amount". */
   74.63 +    if ( dom0_nrpages < 0 )
   74.64          nr_pages = avail_domheap_pages() +
   74.65              ((initrd_len + PAGE_SIZE - 1) >> PAGE_SHIFT) +
   74.66 -            ((image_len  + PAGE_SIZE - 1) >> PAGE_SHIFT);
   74.67 +            ((image_len  + PAGE_SIZE - 1) >> PAGE_SHIFT) +
   74.68 +            dom0_nrpages;
   74.69 +    else
   74.70 +        nr_pages = dom0_nrpages;
   74.71  
   74.72      if ( (rc = parseelfimage(&dsi)) != 0 )
   74.73          return rc;
    75.1 --- a/xen/arch/x86/mm.c	Fri Aug 19 10:18:53 2005 +0000
    75.2 +++ b/xen/arch/x86/mm.c	Fri Aug 19 10:50:15 2005 +0000
    75.3 @@ -3061,7 +3061,7 @@ static int ptwr_emulated_update(
    75.4      }
    75.5  
    75.6      /* Turn a sub-word access into a full-word access. */
    75.7 -    if (bytes != sizeof(physaddr_t))
    75.8 +    if ( bytes != sizeof(physaddr_t) )
    75.9      {
   75.10          int           rc;
   75.11          physaddr_t    full;
   75.12 @@ -3078,6 +3078,10 @@ static int ptwr_emulated_update(
   75.13          val  &= (((physaddr_t)1 << (bytes*8)) - 1);
   75.14          val <<= (offset)*8;
   75.15          val  |= full;
   75.16 +        /* Also fill in missing parts of the cmpxchg old value. */
   75.17 +        old  &= (((physaddr_t)1 << (bytes*8)) - 1);
   75.18 +        old <<= (offset)*8;
   75.19 +        old  |= full;
   75.20      }
   75.21  
   75.22      /* Read the PTE that maps the page being updated. */
   75.23 @@ -3113,7 +3117,7 @@ static int ptwr_emulated_update(
   75.24      if ( do_cmpxchg )
   75.25      {
   75.26          ol1e = l1e_from_intpte(old);
   75.27 -        if ( cmpxchg((unsigned long *)pl1e, old, val) != old )
   75.28 +        if ( cmpxchg((intpte_t *)pl1e, old, val) != old )
   75.29          {
   75.30              unmap_domain_page(pl1e);
   75.31              put_page_from_l1e(nl1e, d);
   75.32 @@ -3301,8 +3305,8 @@ int ptwr_do_page_fault(struct domain *d,
   75.33      
   75.34      /* Finally, make the p.t. page writable by the guest OS. */
   75.35      l1e_add_flags(pte, _PAGE_RW);
   75.36 -    if ( unlikely(__copy_to_user(&linear_pg_table[l1_linear_offset(addr)],
   75.37 -                                 &pte, sizeof(pte))) )
   75.38 +    if ( unlikely(__put_user(pte.l1,
   75.39 +                             &linear_pg_table[l1_linear_offset(addr)].l1)) )
   75.40      {
   75.41          MEM_LOG("ptwr: Could not update pte at %p", (unsigned long *)
   75.42                  &linear_pg_table[l1_linear_offset(addr)]);
    76.1 --- a/xen/arch/x86/setup.c	Fri Aug 19 10:18:53 2005 +0000
    76.2 +++ b/xen/arch/x86/setup.c	Fri Aug 19 10:50:15 2005 +0000
    76.3 @@ -244,6 +244,8 @@ static void __init start_of_day(void)
    76.4  
    76.5  #define EARLY_FAIL() for ( ; ; ) __asm__ __volatile__ ( "hlt" )
    76.6  
    76.7 +static struct e820entry e820_raw[E820MAX];
    76.8 +
    76.9  void __init __start_xen(multiboot_info_t *mbi)
   76.10  {
   76.11      char *cmdline;
   76.12 @@ -253,7 +255,6 @@ void __init __start_xen(multiboot_info_t
   76.13      unsigned long _initrd_start = 0, _initrd_len = 0;
   76.14      unsigned int initrdidx = 1;
   76.15      physaddr_t s, e;
   76.16 -    struct e820entry e820_raw[E820MAX];
   76.17      int i, e820_raw_nr = 0, bytes = 0;
   76.18      struct ns16550_defaults ns16550 = {
   76.19          .data_bits = 8,
    78.1 --- a/xen/arch/x86/traps.c	Fri Aug 19 10:18:53 2005 +0000
    78.2 +++ b/xen/arch/x86/traps.c	Fri Aug 19 10:50:15 2005 +0000
    78.3 @@ -159,10 +159,8 @@ void show_trace(unsigned long *esp)
    78.4          addr = *stack++;
    78.5          if ( is_kernel_text(addr) )
    78.6          {
    78.7 -            if ( (i != 0) && ((i % 6) == 0) )
    78.8 -                printk("\n   ");
    78.9              printk("[<%p>]", _p(addr));
   78.10 -            print_symbol(" %s\n", addr);
   78.11 +            print_symbol(" %s\n   ", addr);
   78.12              i++;
   78.13          }
   78.14      }
    79.1 --- a/xen/arch/x86/x86_32/traps.c	Fri Aug 19 10:18:53 2005 +0000
    79.2 +++ b/xen/arch/x86/x86_32/traps.c	Fri Aug 19 10:50:15 2005 +0000
    79.3 @@ -66,8 +66,9 @@ void show_registers(struct cpu_user_regs
    79.4  
    79.5      printk("CPU:    %d\nEIP:    %04lx:[<%08lx>]",
    79.6             smp_processor_id(), (unsigned long)0xffff & regs->cs, eip);
    79.7 -    print_symbol(" %s\n", eip);
    79.8 -    printk("EFLAGS: %08lx   CONTEXT: %s\n", eflags, context);
    79.9 +    if ( !GUEST_MODE(regs) )
   79.10 +        print_symbol(" %s", eip);
   79.11 +    printk("\nEFLAGS: %08lx   CONTEXT: %s\n", eflags, context);
   79.12      printk("eax: %08x   ebx: %08x   ecx: %08x   edx: %08x\n",
   79.13             regs->eax, regs->ebx, regs->ecx, regs->edx);
   79.14      printk("esi: %08x   edi: %08x   ebp: %08x   esp: %08lx\n",
    80.1 --- a/xen/arch/x86/x86_64/traps.c	Fri Aug 19 10:18:53 2005 +0000
    80.2 +++ b/xen/arch/x86/x86_64/traps.c	Fri Aug 19 10:50:15 2005 +0000
    80.3 @@ -17,8 +17,9 @@ void show_registers(struct cpu_user_regs
    80.4  {
    80.5      printk("CPU:    %d\nEIP:    %04x:[<%016lx>]",
    80.6             smp_processor_id(), 0xffff & regs->cs, regs->rip);
    80.7 -    print_symbol(" %s\n", regs->rip);
    80.8 -    printk("EFLAGS: %016lx\n", regs->eflags);
    80.9 +    if ( !GUEST_MODE(regs) )
   80.10 +        print_symbol(" %s", regs->rip);
   80.11 +    printk("\nEFLAGS: %016lx\n", regs->eflags);
   80.12      printk("rax: %016lx   rbx: %016lx   rcx: %016lx   rdx: %016lx\n",
   80.13             regs->rax, regs->rbx, regs->rcx, regs->rdx);
   80.14      printk("rsi: %016lx   rdi: %016lx   rbp: %016lx   rsp: %016lx\n",
    83.1 --- a/xen/common/lib.c	Fri Aug 19 10:18:53 2005 +0000
    83.2 +++ b/xen/common/lib.c	Fri Aug 19 10:50:15 2005 +0000
    83.3 @@ -450,8 +450,10 @@ unsigned long long parse_size_and_unit(c
    83.4  		ret <<= 10;
    83.5  	case 'M': case 'm':
    83.6  		ret <<= 10;
    83.7 -	case 'K': case 'k':
    83.8 +	case 'K': case 'k': default:
    83.9  		ret <<= 10;
   83.10 +	case 'B': case 'b':
   83.11 +		break;
   83.12  	}
   83.13  
   83.14  	return ret;
    85.1 --- a/xen/drivers/char/console.c	Fri Aug 19 10:18:53 2005 +0000
    85.2 +++ b/xen/drivers/char/console.c	Fri Aug 19 10:50:15 2005 +0000
    85.3 @@ -652,8 +652,9 @@ static int __init debugtrace_init(void)
    85.4  void panic(const char *fmt, ...)
    85.5  {
    85.6      va_list args;
    85.7 -    char buf[128], cpustr[10];
    85.8 +    char buf[128];
    85.9      unsigned long flags;
   85.10 +    static spinlock_t lock = SPIN_LOCK_UNLOCKED;
   85.11      extern void machine_restart(char *);
   85.12      
   85.13      debugtrace_dump();
   85.14 @@ -665,16 +666,13 @@ void panic(const char *fmt, ...)
   85.15      debugger_trap_immediate();
   85.16  
   85.17      /* Spit out multiline message in one go. */
   85.18 -    spin_lock_irqsave(&console_lock, flags);
   85.19 -    __putstr("\n****************************************\n");
   85.20 -    __putstr("Panic on CPU");
   85.21 -    sprintf(cpustr, "%d", smp_processor_id());
   85.22 -    __putstr(cpustr);
   85.23 -    __putstr(":\n");
   85.24 -    __putstr(buf);
   85.25 -    __putstr("****************************************\n\n");
   85.26 -    __putstr("Reboot in five seconds...\n");
   85.27 -    spin_unlock_irqrestore(&console_lock, flags);
   85.28 +    spin_lock_irqsave(&lock, flags);
   85.29 +    printk("\n****************************************\n");
   85.30 +    printk("Panic on CPU %d:\n", smp_processor_id());
   85.31 +    printk(buf);
   85.32 +    printk("****************************************\n\n");
   85.33 +    printk("Reboot in five seconds...\n");
   85.34 +    spin_unlock_irqrestore(&lock, flags);
   85.35  
   85.36      watchdog_disable();
   85.37      mdelay(5000);
    86.1 --- a/xen/include/asm-x86/e820.h	Fri Aug 19 10:18:53 2005 +0000
    86.2 +++ b/xen/include/asm-x86/e820.h	Fri Aug 19 10:50:15 2005 +0000
    86.3 @@ -3,7 +3,7 @@
    86.4  
    86.5  #include <asm/page.h>
    86.6  
    86.7 -#define E820MAX	32
    86.8 +#define E820MAX	128
    86.9  
   86.10  #define E820_RAM          1
   86.11  #define E820_RESERVED     2
    87.1 --- a/xen/include/asm-x86/uaccess.h	Fri Aug 19 10:18:53 2005 +0000
    87.2 +++ b/xen/include/asm-x86/uaccess.h	Fri Aug 19 10:50:15 2005 +0000
    87.3 @@ -125,22 +125,20 @@ extern void __put_user_bad(void);
    87.4  	__pu_err;							\
    87.5  })							
    87.6  
    87.7 -#define __get_user_nocheck(x,ptr,size)				\
    87.8 -({								\
    87.9 -	long __gu_err, __gu_val;				\
   87.10 -	__get_user_size(__gu_val,(ptr),(size),__gu_err,-EFAULT);\
   87.11 -	(x) = (__typeof__(*(ptr)))__gu_val;			\
   87.12 -	__gu_err;						\
   87.13 +#define __get_user_nocheck(x,ptr,size)                          \
   87.14 +({                                                              \
   87.15 +	long __gu_err;                                          \
   87.16 +	__get_user_size((x),(ptr),(size),__gu_err,-EFAULT);     \
   87.17 +	__gu_err;                                               \
   87.18  })
   87.19  
   87.20 -#define __get_user_check(x,ptr,size)					\
   87.21 -({									\
   87.22 -	long __gu_err, __gu_val;					\
   87.23 -	__typeof__(*(ptr)) __user *__gu_addr = (ptr);			\
   87.24 -	__get_user_size(__gu_val,__gu_addr,(size),__gu_err,-EFAULT);	\
   87.25 -	(x) = (__typeof__(*(ptr)))__gu_val;				\
   87.26 -	if (!__addr_ok(__gu_addr)) __gu_err = -EFAULT;			\
   87.27 -	__gu_err;							\
   87.28 +#define __get_user_check(x,ptr,size)                            \
   87.29 +({                                                              \
   87.30 +	long __gu_err;                                          \
   87.31 +	__typeof__(*(ptr)) __user *__gu_addr = (ptr);           \
   87.32 +	__get_user_size((x),__gu_addr,(size),__gu_err,-EFAULT); \
   87.33 +	if (!__addr_ok(__gu_addr)) __gu_err = -EFAULT;          \
   87.34 +	__gu_err;                                               \
   87.35  })							
   87.36  
   87.37  struct __large_struct { unsigned long buf[100]; };