ia64/xen-unstable

changeset 7935:cc1d77bba4b0

Enable the Xen hypervisor ACM security policy to be determined at boot
time (instead of at compile time). Allows a single xen.gz binary to
run under different security policy types, which simplifies
distributions considerably. To this end, we replace the current single
compile switch in Config.mk with the following two:

1. ACM_SECURITY (y/n) if "n", then the ACM is not compiled and no security
policies can be configured at boot time. If "y", then the ACM is compiled
and can be configured into any of the available policy types (null,
chwall, ste, chwall_ste) by specifying a valid boot policy .bin file in
the grub boot configuration.

2. ACM_DEFAULT_SECURITY_POLICY (null / chwall / ste / chwall_ste)
specifies the policy into which Xen defaults in the case that security is
enabled but no boot policy file is specified, or the specified policy file
is invalid (wrong version, magic, corrupted, ...)

While the type of the enabled policy (null, ste, ...) is decided once
during boot for the whole boot cycle, the policy instantiation can be
changed during operation as usual with the security tools.

Signed-off by: Tomas Lendacky <toml@us.ibm.com>
Signed-off by: Reiner Sailer <sailer@us.ibm.com>
author kaf24@firebug.cl.cam.ac.uk
date Sat Nov 19 10:35:38 2005 +0100 (2005-11-19)
parents f5dafee503ba
children aad88a902892
files Config.mk tools/security/Makefile tools/security/install.txt xen/Makefile xen/Rules.mk xen/acm/acm_core.c xen/acm/acm_policy.c xen/common/acm_ops.c xen/include/acm/acm_core.h xen/include/acm/acm_hooks.h xen/include/public/acm.h
line diff
     1.1 --- a/Config.mk	Sat Nov 19 10:29:28 2005 +0100
     1.2 +++ b/Config.mk	Sat Nov 19 10:35:38 2005 +0100
     1.3 @@ -44,13 +44,21 @@ CFLAGS += $(foreach i, $(EXTRA_INCLUDES)
     1.4  # Choose the best mirror to download linux kernel
     1.5  KERNEL_REPO = http://www.kernel.org
     1.6  
     1.7 -# ACM_USE_SECURITY_POLICY is set to security policy of Xen
     1.8 +# If ACM_SECURITY = y, then the access control module is compiled
     1.9 +# into Xen and the policy type can be set by the boot policy file
    1.10 +#        y - Build the Xen ACM framework
    1.11 +#        n - Do not build the Xen ACM framework
    1.12 +ACM_SECURITY ?= n
    1.13 +
    1.14 +# If ACM_SECURITY = y and no boot policy file is installed,
    1.15 +# then the ACM defaults to the security policy set by
    1.16 +# ACM_DEFAULT_SECURITY_POLICY
    1.17  # Supported models are:
    1.18 -#	ACM_NULL_POLICY (ACM will not be built with this policy)
    1.19 +#	ACM_NULL_POLICY
    1.20  #	ACM_CHINESE_WALL_POLICY
    1.21  #	ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
    1.22  #	ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
    1.23 -ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
    1.24 +ACM_DEFAULT_SECURITY_POLICY ?= ACM_NULL_POLICY
    1.25  
    1.26  # Optional components
    1.27  XENSTAT_XENTOP ?= y
     2.1 --- a/tools/security/Makefile	Sat Nov 19 10:29:28 2005 +0100
     2.2 +++ b/tools/security/Makefile	Sat Nov 19 10:35:38 2005 +0100
     2.3 @@ -12,21 +12,21 @@ CFLAGS_XML2BIN += $(shell xml2-config --
     2.4  XML2VERSION = $(shell xml2-config --version )
     2.5  VALIDATE_SCHEMA=$(shell if [[ $(XML2VERSION) < 2.6.20 ]]; then echo ""; else echo "-DVALIDATE_SCHEMA"; fi; )
     2.6  
     2.7 -ifeq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY)
     2.8 +ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_NULL_POLICY)
     2.9  POLICY=null
    2.10  endif
    2.11 -ifeq ($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_POLICY)
    2.12 +ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_CHINESE_WALL_POLICY)
    2.13  POLICY=chwall
    2.14  endif
    2.15 -ifeq ($(ACM_USE_SECURITY_POLICY),ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
    2.16 +ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
    2.17  POLICY=ste
    2.18  endif
    2.19 -ifeq ($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)
    2.20 +ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)
    2.21  POLICY=chwall_ste
    2.22  endif
    2.23  POLICYFILE=./policies/$(POLICY)/$(POLICY).bin
    2.24  
    2.25 -ifneq ($(ACM_USE_SECURITY_POLICY), ACM_NULL_POLICY)
    2.26 +ifeq ($(ACM_SECURITY),y)
    2.27  all: build
    2.28  
    2.29  install:all
    2.30 @@ -55,7 +55,7 @@ secpol_xml2bin : secpol_xml2bin.c secpol
    2.31  	$(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_XML2BIN) $(VALIDATE_SCHEMA) -o $@ $<
    2.32  
    2.33  clean:
    2.34 -	rm -rf secpol_tool secpol_xml2bin xen
    2.35 +	rm -rf secpol_tool secpol_xml2bin xen get_decision
    2.36  
    2.37  policy_clean:
    2.38  	rm -rf policies/*/*.bin policies/*/*.map
     3.1 --- a/tools/security/install.txt	Sat Nov 19 10:29:28 2005 +0100
     3.2 +++ b/tools/security/install.txt	Sat Nov 19 10:35:38 2005 +0100
     3.3 @@ -24,11 +24,13 @@ 1. enable access control in Xen
     3.4         # cd "xen_root"
     3.5         # edit/xemacs/vi Config.mk
     3.6  
     3.7 -       change the line:
     3.8 -       ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
     3.9 +       change the lines:
    3.10 +       ACM_SECURITY ?= n
    3.11 +       ACM_DEFAULT_SECURITY_POLICY ?= ACM_NULL_POLICY
    3.12  
    3.13         to:
    3.14 -       ACM_USE_SECURITY_POLICY ?= ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
    3.15 +       ACM_SECURITY ?= y
    3.16 +       ACM_DEFAULT_SECURITY_POLICY ?= ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
    3.17  
    3.18         # make all
    3.19         # ./install.sh
     4.1 --- a/xen/Makefile	Sat Nov 19 10:29:28 2005 +0100
     4.2 +++ b/xen/Makefile	Sat Nov 19 10:35:38 2005 +0100
     4.3 @@ -57,7 +57,7 @@ clean: delete-unfresh-files
     4.4  	$(MAKE) include/asm-$(TARGET_ARCH)/asm-offsets.h
     4.5  	$(MAKE) -C common
     4.6  	$(MAKE) -C drivers
     4.7 -ifneq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY)
     4.8 +ifeq ($(ACM_SECURITY),y)
     4.9  	$(MAKE) -C acm
    4.10  endif
    4.11  	$(MAKE) -C arch/$(TARGET_ARCH)
    4.12 @@ -79,8 +79,8 @@ include/xen/acm_policy.h:
    4.13  	  echo " *"; \
    4.14  	  echo " */"; \
    4.15  	  echo ""; \
    4.16 -	  echo "#ifndef ACM_USE_SECURITY_POLICY"; \
    4.17 -	  echo "#define ACM_USE_SECURITY_POLICY $(ACM_USE_SECURITY_POLICY)"; \
    4.18 +	  echo "#ifndef ACM_DEFAULT_SECURITY_POLICY"; \
    4.19 +	  echo "#define ACM_DEFAULT_SECURITY_POLICY $(ACM_DEFAULT_SECURITY_POLICY)"; \
    4.20  	  echo "#endif") >$@
    4.21  
    4.22  # compile.h contains dynamic build info. Rebuilt on every 'make' invocation.
     5.1 --- a/xen/Rules.mk	Sat Nov 19 10:29:28 2005 +0100
     5.2 +++ b/xen/Rules.mk	Sat Nov 19 10:35:38 2005 +0100
     5.3 @@ -37,8 +37,9 @@ OBJS    += $(patsubst %.c,%.o,$(C_SRCS))
     5.4  ALL_OBJS := $(BASEDIR)/common/common.o
     5.5  ALL_OBJS += $(BASEDIR)/drivers/char/driver.o
     5.6  ALL_OBJS += $(BASEDIR)/drivers/acpi/driver.o
     5.7 -ifneq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY)
     5.8 +ifeq ($(ACM_SECURITY),y)
     5.9  ALL_OBJS += $(BASEDIR)/acm/acm.o
    5.10 +CFLAGS += -DACM_SECURITY
    5.11  endif
    5.12  ALL_OBJS += $(BASEDIR)/arch/$(TARGET_ARCH)/arch.o
    5.13  
     6.1 --- a/xen/acm/acm_core.c	Sat Nov 19 10:29:28 2005 +0100
     6.2 +++ b/xen/acm/acm_core.c	Sat Nov 19 10:35:38 2005 +0100
     6.3 @@ -49,6 +49,9 @@ void acm_init_ste_policy(void);
     6.4  extern struct acm_operations acm_chinesewall_ops, 
     6.5      acm_simple_type_enforcement_ops, acm_null_ops;
     6.6  
     6.7 +/* global ACM policy  (now dynamically determined at boot time) */
     6.8 +u16 acm_active_security_policy = ACM_POLICY_UNDEFINED;
     6.9 +
    6.10  /* global ops structs called by the hooks */
    6.11  struct acm_operations *acm_primary_ops = NULL;
    6.12  /* called in hook if-and-only-if primary succeeds */
    6.13 @@ -61,7 +64,8 @@ rwlock_t acm_bin_pol_rwlock = RW_LOCK_UN
    6.14  
    6.15  /* until we have endian support in Xen, we discover it at runtime */
    6.16  u8 little_endian = 1;
    6.17 -void acm_set_endian(void)
    6.18 +void
    6.19 +acm_set_endian(void)
    6.20  {
    6.21      u32 test = 1;
    6.22      if (*((u8 *)&test) == 1)
    6.23 @@ -76,14 +80,82 @@ void acm_set_endian(void)
    6.24      }
    6.25  }
    6.26  
    6.27 -/* initialize global security policy for Xen; policy write-locked already */
    6.28 -static void
    6.29 -acm_init_binary_policy(void *primary, void *secondary)
    6.30 +int
    6.31 +acm_init_binary_policy(u32 policy_code)
    6.32  {
    6.33 -    acm_bin_pol.primary_policy_code = 0;
    6.34 -    acm_bin_pol.secondary_policy_code = 0;
    6.35 -    acm_bin_pol.primary_binary_policy = primary;
    6.36 -    acm_bin_pol.secondary_binary_policy = secondary;
    6.37 +    int ret = ACM_OK;
    6.38 +
    6.39 +    acm_bin_pol.primary_policy_code = (policy_code & 0x0f);
    6.40 +    acm_bin_pol.secondary_policy_code = (policy_code >> 4) & 0x0f;
    6.41 +
    6.42 +    write_lock(&acm_bin_pol_rwlock);
    6.43 +
    6.44 +    /* set primary policy component */
    6.45 +    switch ((policy_code) & 0x0f)
    6.46 +    {
    6.47 +
    6.48 +    case ACM_CHINESE_WALL_POLICY:
    6.49 +        acm_init_chwall_policy();
    6.50 +        acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
    6.51 +        acm_primary_ops = &acm_chinesewall_ops;
    6.52 +        break;
    6.53 +
    6.54 +    case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
    6.55 +        acm_init_ste_policy();
    6.56 +        acm_bin_pol.primary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
    6.57 +        acm_primary_ops = &acm_simple_type_enforcement_ops;
    6.58 +        break;
    6.59 +
    6.60 +    case ACM_NULL_POLICY:
    6.61 +        acm_bin_pol.primary_policy_code = ACM_NULL_POLICY;
    6.62 +        acm_primary_ops = &acm_null_ops;
    6.63 +        break;
    6.64 +
    6.65 +    default:
    6.66 +        /* Unknown policy not allowed primary */
    6.67 +        ret = -EINVAL;
    6.68 +        goto out;
    6.69 +    }
    6.70 +
    6.71 +    /* secondary policy component part */
    6.72 +    switch ((policy_code) >> 4)
    6.73 +    {
    6.74 +
    6.75 +    case ACM_NULL_POLICY:
    6.76 +        acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
    6.77 +        acm_secondary_ops = &acm_null_ops;
    6.78 +        break;
    6.79 +
    6.80 +    case ACM_CHINESE_WALL_POLICY:
    6.81 +        if (acm_bin_pol.primary_policy_code == ACM_CHINESE_WALL_POLICY)
    6.82 +        {   /* not a valid combination */
    6.83 +            ret = -EINVAL;
    6.84 +            goto out;
    6.85 +        }
    6.86 +        acm_init_chwall_policy();
    6.87 +        acm_bin_pol.secondary_policy_code = ACM_CHINESE_WALL_POLICY;
    6.88 +        acm_secondary_ops = &acm_chinesewall_ops;
    6.89 +        break;
    6.90 +
    6.91 +    case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
    6.92 +        if (acm_bin_pol.primary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
    6.93 +        {   /* not a valid combination */
    6.94 +            ret = -EINVAL;
    6.95 +            goto out;
    6.96 +        }
    6.97 +        acm_init_ste_policy();
    6.98 +        acm_bin_pol.secondary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
    6.99 +        acm_secondary_ops = &acm_simple_type_enforcement_ops;
   6.100 +        break;
   6.101 +
   6.102 +    default:
   6.103 +        ret = -EINVAL;
   6.104 +        goto out;
   6.105 +    }
   6.106 +
   6.107 + out:
   6.108 +    write_unlock(&acm_bin_pol_rwlock);
   6.109 +    return ret;
   6.110  }
   6.111  
   6.112  static int
   6.113 @@ -161,83 +233,35 @@ acm_init(unsigned int *initrdidx,
   6.114      int ret = ACM_OK;
   6.115  
   6.116      acm_set_endian();
   6.117 -    write_lock(&acm_bin_pol_rwlock);
   6.118 -    acm_init_binary_policy(NULL, NULL);
   6.119  
   6.120 -    /* set primary policy component */
   6.121 -    switch ((ACM_USE_SECURITY_POLICY) & 0x0f)
   6.122 -    {
   6.123 +    /* first try to load the boot policy (uses its own locks) */
   6.124 +    acm_setup(initrdidx, mbi, initial_images_start);
   6.125  
   6.126 -    case ACM_CHINESE_WALL_POLICY:
   6.127 -        acm_init_chwall_policy();
   6.128 -        acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
   6.129 -        acm_primary_ops = &acm_chinesewall_ops;
   6.130 -        break;
   6.131 +    if (acm_active_security_policy != ACM_POLICY_UNDEFINED)
   6.132 +    {
   6.133 +        printk("%s: Boot-Policy. Enforcing %s: Primary %s, Secondary %s.\n", __func__,
   6.134 +               ACM_POLICY_NAME(acm_active_security_policy),
   6.135 +               ACM_POLICY_NAME(acm_bin_pol.primary_policy_code),
   6.136 +               ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
   6.137 +        goto out;
   6.138 +    }
   6.139 +    /* else continue with the minimal hardcoded default startup policy */
   6.140 +    printk("%s: Loading default policy (%s).\n",
   6.141 +           __func__, ACM_POLICY_NAME(ACM_DEFAULT_SECURITY_POLICY));
   6.142  
   6.143 -    case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
   6.144 -        acm_init_ste_policy();
   6.145 -        acm_bin_pol.primary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
   6.146 -        acm_primary_ops = &acm_simple_type_enforcement_ops;
   6.147 -        break;
   6.148 -
   6.149 -    default:
   6.150 -        /* NULL or Unknown policy not allowed primary;
   6.151 -         * NULL/NULL will not compile this code */
   6.152 +    if (acm_init_binary_policy(ACM_DEFAULT_SECURITY_POLICY)) {
   6.153          ret = -EINVAL;
   6.154          goto out;
   6.155      }
   6.156 -
   6.157 -    /* secondary policy component part */
   6.158 -    switch ((ACM_USE_SECURITY_POLICY) >> 4) {
   6.159 -    case ACM_NULL_POLICY:
   6.160 -        acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
   6.161 -        acm_secondary_ops = &acm_null_ops;
   6.162 -        break;
   6.163 -
   6.164 -    case ACM_CHINESE_WALL_POLICY:
   6.165 -        if (acm_bin_pol.primary_policy_code == ACM_CHINESE_WALL_POLICY)
   6.166 -        {   /* not a valid combination */
   6.167 -            ret = -EINVAL;
   6.168 -            goto out;
   6.169 -        }
   6.170 -        acm_init_chwall_policy();
   6.171 -        acm_bin_pol.secondary_policy_code = ACM_CHINESE_WALL_POLICY;
   6.172 -        acm_secondary_ops = &acm_chinesewall_ops;
   6.173 -        break;
   6.174 -
   6.175 -    case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
   6.176 -        if (acm_bin_pol.primary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
   6.177 -        {   /* not a valid combination */
   6.178 -            ret = -EINVAL;
   6.179 -            goto out;
   6.180 -        }
   6.181 -        acm_init_ste_policy();
   6.182 -        acm_bin_pol.secondary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
   6.183 -        acm_secondary_ops = &acm_simple_type_enforcement_ops;
   6.184 -        break;
   6.185 -
   6.186 -    default:
   6.187 -        ret = -EINVAL;
   6.188 -        goto out;
   6.189 -    }
   6.190 +    acm_active_security_policy = ACM_DEFAULT_SECURITY_POLICY;
   6.191  
   6.192   out:
   6.193 -    write_unlock(&acm_bin_pol_rwlock);
   6.194 -
   6.195      if (ret != ACM_OK)
   6.196      {
   6.197          printk("%s: Error initializing policies.\n", __func__);
   6.198          /* here one could imagine a clean panic */
   6.199          return -EINVAL;
   6.200      }
   6.201 -    if (acm_setup(initrdidx, mbi, initial_images_start) != ACM_OK)
   6.202 -    {
   6.203 -        printk("%s: Error loading policy at boot time.\n", __func__);
   6.204 -        /* ignore, just continue with the minimal hardcoded startup policy */
   6.205 -    }
   6.206 -    printk("%s: Enforcing Primary %s, Secondary %s.\n", __func__, 
   6.207 -           ACM_POLICY_NAME(acm_bin_pol.primary_policy_code),
   6.208 -           ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
   6.209      return ret;
   6.210  }
   6.211  
   6.212 @@ -265,7 +289,7 @@ acm_init_domain_ssid(domid_t id, ssidref
   6.213      ssid->primary_ssid   = NULL;
   6.214      ssid->secondary_ssid = NULL;
   6.215  
   6.216 -    if (ACM_USE_SECURITY_POLICY != ACM_NULL_POLICY)
   6.217 +    if (acm_active_security_policy != ACM_NULL_POLICY)
   6.218          ssid->ssidref = ssidref;
   6.219      else
   6.220          ssid->ssidref = ACM_DEFAULT_SSID;
     7.1 --- a/xen/acm/acm_policy.c	Sat Nov 19 10:29:28 2005 +0100
     7.2 +++ b/xen/acm/acm_policy.c	Sat Nov 19 10:35:38 2005 +0100
     7.3 @@ -56,17 +56,29 @@ acm_set_policy(void *buf, u32 buf_size, 
     7.4      /* 2. some sanity checking */
     7.5      pol = (struct acm_policy_buffer *)policy_buffer;
     7.6  
     7.7 -    if ((ntohl(pol->magic) != ACM_MAGIC) || 
     7.8 -        (ntohl(pol->policy_version) != ACM_POLICY_VERSION) ||
     7.9 -        (ntohl(pol->primary_policy_code) != acm_bin_pol.primary_policy_code) ||
    7.10 +    if ((ntohl(pol->magic) != ACM_MAGIC) ||
    7.11 +        (buf_size != ntohl(pol->len)) ||
    7.12 +        (ntohl(pol->policy_version) != ACM_POLICY_VERSION))
    7.13 +    {
    7.14 +        printk("%s: ERROR in Magic, Version, or buf size.\n", __func__);
    7.15 +        goto error_free;
    7.16 +    }
    7.17 +
    7.18 +    if (acm_active_security_policy == ACM_POLICY_UNDEFINED) {
    7.19 +        /* setup the policy with the boot policy */
    7.20 +        if (acm_init_binary_policy((ntohl(pol->secondary_policy_code) << 4) |
    7.21 +                                   ntohl(pol->primary_policy_code))) {
    7.22 +            goto error_free;
    7.23 +        }
    7.24 +        acm_active_security_policy =
    7.25 +            (acm_bin_pol.secondary_policy_code << 4) | acm_bin_pol.primary_policy_code;
    7.26 +    }
    7.27 +
    7.28 +    /* once acm_active_security_policy is set, it cannot be changed */
    7.29 +    if ((ntohl(pol->primary_policy_code) != acm_bin_pol.primary_policy_code) ||
    7.30          (ntohl(pol->secondary_policy_code) != acm_bin_pol.secondary_policy_code))
    7.31      {
    7.32 -        printkd("%s: Wrong policy magics or versions!\n", __func__);
    7.33 -        goto error_free;
    7.34 -    }
    7.35 -    if (buf_size != ntohl(pol->len))
    7.36 -    {
    7.37 -        printk("%s: ERROR in buf size.\n", __func__);
    7.38 +        printkd("%s: Wrong policy type in boot policy!\n", __func__);
    7.39          goto error_free;
    7.40      }
    7.41  
     8.1 --- a/xen/common/acm_ops.c	Sat Nov 19 10:29:28 2005 +0100
     8.2 +++ b/xen/common/acm_ops.c	Sat Nov 19 10:35:38 2005 +0100
     8.3 @@ -29,7 +29,7 @@
     8.4  #include <public/sched_ctl.h>
     8.5  #include <acm/acm_hooks.h>
     8.6  
     8.7 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
     8.8 +#ifndef ACM_SECURITY
     8.9  
    8.10  long do_acm_op(struct acm_op * u_acm_op)
    8.11  {
     9.1 --- a/xen/include/acm/acm_core.h	Sat Nov 19 10:29:28 2005 +0100
     9.2 +++ b/xen/include/acm/acm_core.h	Sat Nov 19 10:35:38 2005 +0100
     9.3 @@ -28,9 +28,6 @@
     9.4  struct acm_binary_policy {
     9.5      u16 primary_policy_code;
     9.6      u16 secondary_policy_code;
     9.7 -    void *primary_binary_policy;                                 
     9.8 -    void *secondary_binary_policy;
     9.9 - 
    9.10  };
    9.11  
    9.12  struct chwall_binary_policy {
    9.13 @@ -53,6 +50,7 @@ struct ste_binary_policy {
    9.14  };
    9.15  
    9.16  /* global acm policy */
    9.17 +extern u16 acm_active_security_policy;
    9.18  extern struct acm_binary_policy acm_bin_pol;
    9.19  extern struct chwall_binary_policy chwall_bin_pol;
    9.20  extern struct ste_binary_policy ste_bin_pol;
    9.21 @@ -120,6 +118,7 @@ struct ste_ssid {
    9.22  /* protos */
    9.23  int acm_init_domain_ssid(domid_t id, ssidref_t ssidref);
    9.24  void acm_free_domain_ssid(struct acm_ssid_domain *ssid);
    9.25 +int acm_init_binary_policy(u32 policy_code);
    9.26  int acm_set_policy(void *buf, u32 buf_size, int isuserbuffer);
    9.27  int acm_get_policy(void *buf, u32 buf_size);
    9.28  int acm_dump_statistics(void *buf, u16 buf_size);
    10.1 --- a/xen/include/acm/acm_hooks.h	Sat Nov 19 10:29:28 2005 +0100
    10.2 +++ b/xen/include/acm/acm_hooks.h	Sat Nov 19 10:35:38 2005 +0100
    10.3 @@ -127,7 +127,7 @@ extern struct acm_operations *acm_second
    10.4  # define traceprintk(fmt, args...)
    10.5  #endif
    10.6  
    10.7 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
    10.8 +#ifndef ACM_SECURITY
    10.9  
   10.10  static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 
   10.11  { return 0; }
    11.1 --- a/xen/include/public/acm.h	Sat Nov 19 10:29:28 2005 +0100
    11.2 +++ b/xen/include/public/acm.h	Sat Nov 19 10:35:38 2005 +0100
    11.3 @@ -60,6 +60,7 @@
    11.4  #define ACM_NULL_POLICY 0
    11.5  #define ACM_CHINESE_WALL_POLICY 1
    11.6  #define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2
    11.7 +#define ACM_POLICY_UNDEFINED 15
    11.8  
    11.9  /* combinations have secondary policy component in higher 4bit */
   11.10  #define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY \