ia64/xen-unstable

changeset 8048:a8ac8be1a889

I cleaned up acm_ops.c and eliminated returns inside the switch
statement. When we need locks, we can place them now around the switch
statement.

I also included the comments from Rusty and now return -EPERM for denied
permission errors.

Signed-off: Reiner Sailer <sailer@us.ibm.com>
author kaf24@firebug.cl.cam.ac.uk
date Fri Nov 25 09:15:08 2005 +0100 (2005-11-25)
parents cb215a84d1af
children 26b961b72153
files xen/common/acm_ops.c
line diff
     1.1 --- a/xen/common/acm_ops.c	Fri Nov 25 09:14:01 2005 +0100
     1.2 +++ b/xen/common/acm_ops.c	Fri Nov 25 09:15:08 2005 +0100
     1.3 @@ -49,15 +49,11 @@ enum acm_operation {
     1.4  
     1.5  int acm_authorize_acm_ops(struct domain *d, enum acm_operation pops)
     1.6  {
     1.7 -    /* all policy management functions are restricted to privileged domains,
     1.8 -     * soon we will introduce finer-grained privileges for policy operations
     1.9 -     */
    1.10 +    /* currently, policy management functions are restricted to privileged domains */
    1.11      if (!IS_PRIV(d))
    1.12 -    {
    1.13 -        printk("%s: ACM management authorization denied ERROR!\n", __func__);
    1.14 -        return ACM_ACCESS_DENIED;
    1.15 -    }
    1.16 -    return ACM_ACCESS_PERMITTED;
    1.17 +        return -EPERM;
    1.18 +
    1.19 +    return 0;
    1.20  }
    1.21  
    1.22  long do_acm_op(struct acm_op * u_acm_op)
    1.23 @@ -65,10 +61,8 @@ long do_acm_op(struct acm_op * u_acm_op)
    1.24      long ret = 0;
    1.25      struct acm_op curop, *op = &curop;
    1.26  
    1.27 -    /* check here policy decision for policy commands */
    1.28 -    /* for now allow DOM0 only, later indepedently    */
    1.29      if (acm_authorize_acm_ops(current->domain, POLICY))
    1.30 -        return -EACCES;
    1.31 +        return -EPERM;
    1.32  
    1.33      if (copy_from_user(op, u_acm_op, sizeof(*op)))
    1.34          return -EFAULT;
    1.35 @@ -80,43 +74,32 @@ long do_acm_op(struct acm_op * u_acm_op)
    1.36      {
    1.37      case ACM_SETPOLICY:
    1.38      {
    1.39 -        if (acm_authorize_acm_ops(current->domain, SETPOLICY))
    1.40 -            return -EACCES;
    1.41 -        printkd("%s: setting policy.\n", __func__);
    1.42 -        ret = acm_set_policy(op->u.setpolicy.pushcache,
    1.43 -                             op->u.setpolicy.pushcache_size, 1);
    1.44 -        if (ret == ACM_OK)
    1.45 -            ret = 0;
    1.46 -        else
    1.47 -            ret = -ESRCH;
    1.48 +        ret = acm_authorize_acm_ops(current->domain, SETPOLICY);
    1.49 +        if (!ret)
    1.50 +            ret = acm_set_policy(op->u.setpolicy.pushcache,
    1.51 +                                 op->u.setpolicy.pushcache_size, 1);
    1.52      }
    1.53      break;
    1.54  
    1.55      case ACM_GETPOLICY:
    1.56      {
    1.57 -        if (acm_authorize_acm_ops(current->domain, GETPOLICY))
    1.58 -            return -EACCES;
    1.59 -        printkd("%s: getting policy.\n", __func__);
    1.60 -        ret = acm_get_policy(op->u.getpolicy.pullcache,
    1.61 -                             op->u.getpolicy.pullcache_size);
    1.62 -        if (ret == ACM_OK)
    1.63 -            ret = 0;
    1.64 -        else
    1.65 -            ret = -ESRCH;
    1.66 +        ret = acm_authorize_acm_ops(current->domain, GETPOLICY);
    1.67 +        if (!ret)
    1.68 +            ret = acm_get_policy(op->u.getpolicy.pullcache,
    1.69 +                                 op->u.getpolicy.pullcache_size);
    1.70 +        if (!ret)
    1.71 +            copy_to_user(u_acm_op, op, sizeof(*op));
    1.72      }
    1.73      break;
    1.74  
    1.75      case ACM_DUMPSTATS:
    1.76      {
    1.77 -        if (acm_authorize_acm_ops(current->domain, DUMPSTATS))
    1.78 -            return -EACCES;
    1.79 -        printkd("%s: dumping statistics.\n", __func__);
    1.80 -        ret = acm_dump_statistics(op->u.dumpstats.pullcache,
    1.81 -                                  op->u.dumpstats.pullcache_size);
    1.82 -        if (ret == ACM_OK)
    1.83 -            ret = 0;
    1.84 -        else
    1.85 -            ret = -ESRCH;
    1.86 +        ret = acm_authorize_acm_ops(current->domain, DUMPSTATS);
    1.87 +        if (!ret)
    1.88 +            ret = acm_dump_statistics(op->u.dumpstats.pullcache,
    1.89 +                                      op->u.dumpstats.pullcache_size);
    1.90 +        if (!ret)
    1.91 +            copy_to_user(u_acm_op, op, sizeof(*op));
    1.92      }
    1.93      break;
    1.94  
    1.95 @@ -124,31 +107,39 @@ long do_acm_op(struct acm_op * u_acm_op)
    1.96      {
    1.97          ssidref_t ssidref;
    1.98  
    1.99 -        if (acm_authorize_acm_ops(current->domain, GETSSID))
   1.100 -            return -EACCES;
   1.101 -        printkd("%s: getting SSID.\n", __func__);
   1.102 +        ret = acm_authorize_acm_ops(current->domain, GETSSID);
   1.103 +        if (ret)
   1.104 +            break;
   1.105 +
   1.106          if (op->u.getssid.get_ssid_by == SSIDREF)
   1.107              ssidref = op->u.getssid.id.ssidref;
   1.108 -        else if (op->u.getssid.get_ssid_by == DOMAINID) {
   1.109 +        else if (op->u.getssid.get_ssid_by == DOMAINID)
   1.110 +        {
   1.111              struct domain *subj = find_domain_by_id(op->u.getssid.id.domainid);
   1.112              if (!subj)
   1.113 -                return -ESRCH; /* domain not found */
   1.114 -            if (subj->ssid == NULL) {
   1.115 +            {
   1.116 +                ret = -ESRCH; /* domain not found */
   1.117 +                break;
   1.118 +            }
   1.119 +            if (subj->ssid == NULL)
   1.120 +            {
   1.121                  put_domain(subj);
   1.122 -                return -ESRCH;
   1.123 +                ret = -ESRCH;
   1.124 +                break;
   1.125              }
   1.126              ssidref = ((struct acm_ssid_domain *)(subj->ssid))->ssidref;
   1.127              put_domain(subj);
   1.128 -        } else
   1.129 -            return -ESRCH;
   1.130 -
   1.131 +        }
   1.132 +        else
   1.133 +        {
   1.134 +            ret = -ESRCH;
   1.135 +            break;
   1.136 +        }
   1.137          ret = acm_get_ssid(ssidref,
   1.138                             op->u.getssid.ssidbuf,
   1.139                             op->u.getssid.ssidbuf_size);
   1.140 -        if (ret == ACM_OK)
   1.141 -            ret = 0;
   1.142 -        else
   1.143 -            ret = -ESRCH;
   1.144 +        if (!ret)
   1.145 +            copy_to_user(u_acm_op, op, sizeof(*op));
   1.146      }
   1.147      break;
   1.148  
   1.149 @@ -156,51 +147,75 @@ long do_acm_op(struct acm_op * u_acm_op)
   1.150      {
   1.151          ssidref_t ssidref1, ssidref2;
   1.152  
   1.153 -        if (acm_authorize_acm_ops(current->domain, GETDECISION)) {
   1.154 -            ret = -EACCES;
   1.155 -            goto out;
   1.156 -        }
   1.157 -        printkd("%s: getting access control decision.\n", __func__);
   1.158 -        if (op->u.getdecision.get_decision_by1 == SSIDREF) {
   1.159 +        ret = acm_authorize_acm_ops(current->domain, GETDECISION);
   1.160 +        if (ret)
   1.161 +            break;
   1.162 +
   1.163 +        if (op->u.getdecision.get_decision_by1 == SSIDREF)
   1.164              ssidref1 = op->u.getdecision.id1.ssidref;
   1.165 -        }
   1.166 -        else if (op->u.getdecision.get_decision_by1 == DOMAINID) {
   1.167 +        else if (op->u.getdecision.get_decision_by1 == DOMAINID)
   1.168 +        {
   1.169              struct domain *subj = find_domain_by_id(op->u.getdecision.id1.domainid);
   1.170 -            if (!subj) {
   1.171 +            if (!subj)
   1.172 +            {
   1.173                  ret = -ESRCH; /* domain not found */
   1.174 -                goto out;
   1.175 +                break;
   1.176              }
   1.177 -            if (subj->ssid == NULL) {
   1.178 +            if (subj->ssid == NULL)
   1.179 +            {
   1.180                  put_domain(subj);
   1.181                  ret = -ESRCH;
   1.182 -                goto out;
   1.183 +                break;
   1.184              }
   1.185              ssidref1 = ((struct acm_ssid_domain *)(subj->ssid))->ssidref;
   1.186              put_domain(subj);
   1.187 -        } else {
   1.188 +        }
   1.189 +        else
   1.190 +        {
   1.191              ret = -ESRCH;
   1.192 -            goto out;
   1.193 -        }
   1.194 -        if (op->u.getdecision.get_decision_by2 == SSIDREF) {
   1.195 -            ssidref2 = op->u.getdecision.id2.ssidref;
   1.196 +            break;
   1.197          }
   1.198 -        else if (op->u.getdecision.get_decision_by2 == DOMAINID) {
   1.199 +        if (op->u.getdecision.get_decision_by2 == SSIDREF)
   1.200 +            ssidref2 = op->u.getdecision.id2.ssidref;
   1.201 +        else if (op->u.getdecision.get_decision_by2 == DOMAINID)
   1.202 +        {
   1.203              struct domain *subj = find_domain_by_id(op->u.getdecision.id2.domainid);
   1.204 -            if (!subj) {
   1.205 +            if (!subj)
   1.206 +            {
   1.207                  ret = -ESRCH; /* domain not found */
   1.208 -                goto out;
   1.209 +                break;;
   1.210              }
   1.211 -            if (subj->ssid == NULL) {
   1.212 +            if (subj->ssid == NULL)
   1.213 +            {
   1.214                  put_domain(subj);
   1.215 -                return -ESRCH;
   1.216 +                ret = -ESRCH;
   1.217 +                break;
   1.218              }
   1.219              ssidref2 = ((struct acm_ssid_domain *)(subj->ssid))->ssidref;
   1.220              put_domain(subj);
   1.221 -        } else {
   1.222 +        }
   1.223 +        else
   1.224 +        {
   1.225              ret = -ESRCH;
   1.226 -            goto out;
   1.227 +            break;
   1.228          }
   1.229          ret = acm_get_decision(ssidref1, ssidref2, op->u.getdecision.hook);
   1.230 +
   1.231 +        if (ret == ACM_ACCESS_PERMITTED)
   1.232 +        {
   1.233 +            op->u.getdecision.acm_decision = ACM_ACCESS_PERMITTED;
   1.234 +            ret = 0;
   1.235 +        }
   1.236 +        else if  (ret == ACM_ACCESS_DENIED)
   1.237 +        {
   1.238 +            op->u.getdecision.acm_decision = ACM_ACCESS_DENIED;
   1.239 +            ret = 0;
   1.240 +        }
   1.241 +        else
   1.242 +            ret = -ESRCH;
   1.243 +
   1.244 +        if (!ret)
   1.245 +            copy_to_user(u_acm_op, op, sizeof(*op));
   1.246      }
   1.247      break;
   1.248  
   1.249 @@ -208,20 +223,6 @@ long do_acm_op(struct acm_op * u_acm_op)
   1.250          ret = -ESRCH;
   1.251      }
   1.252  
   1.253 - out:
   1.254 -    if (ret == ACM_ACCESS_PERMITTED) {
   1.255 -        op->u.getdecision.acm_decision = ACM_ACCESS_PERMITTED;
   1.256 -        ret = 0;
   1.257 -    } else if  (ret == ACM_ACCESS_DENIED) {
   1.258 -        op->u.getdecision.acm_decision = ACM_ACCESS_DENIED;
   1.259 -        ret = 0;
   1.260 -    } else {
   1.261 -        op->u.getdecision.acm_decision = ACM_ACCESS_DENIED;
   1.262 -        if (ret > 0)
   1.263 -            ret = -ret;
   1.264 -    }
   1.265 -    /* copy decision back to user space */
   1.266 -    copy_to_user(u_acm_op, op, sizeof(*op));
   1.267      return ret;
   1.268  }
   1.269