flask: clean up initialization and #defines

This removes the FLASK_DEVELOP and FLASK_BOOTPARAM configuration
parameters which have never been settable by users.  Disabling the
FLASK_DEVELOP configuration option has not produced a compiling
hypervisor for some time, and the FLASK_BOOTPARAM option will be
replaced with a more flexible boot parameter.

This also changes the return type of xsm_initcall_t to void to properly
reflect the fact that the caller ignores the return value.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/xen/include/xen/config.h b/xen/include/xen/config.h
index 7bef8a648df2db5115ace93d4488492c30eca3ec..d3d99114c78c2b85d9792b42aab3a48fb1c40c7b 100644 (file)
--- a/xen/include/xen/config.h
+++ b/xen/include/xen/config.h
@@ -100,10 +100,6 @@
 
 #ifdef FLASK_ENABLE
 #define XSM_MAGIC 0xf97cff8c
-/* Enable permissive mode (xl setenforce or flask_enforcing parameter) */
-#define FLASK_DEVELOP 1
-/* Allow runtime disabling of FLASK via the flask_enable parameter */
-#define FLASK_BOOTPARAM 1
 /* Maintain statistics on the access vector cache */
 #define FLASK_AVC_STATS 1
 #endif

diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 4ce089f9488e190ede46a246983df36c74fa0231..043773574f988d4cfdcb63c6bcfab7c558908d08 100644 (file)
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -42,7 +42,7 @@ typedef enum xsm_default xsm_default_t;
 extern char *policy_buffer;
 extern u32 policy_size;
 
-typedef int (*xsm_initcall_t)(void);
+typedef void (*xsm_initcall_t)(void);
 
 extern xsm_initcall_t __xsm_initcall_start[], __xsm_initcall_end[];
 

diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c
index fc6580e0b62e1279b6b5d549b05929cd6c9fc8ef..b1a4f8afeaf67f7affaf8052d00ac1db7560be9c 100644 (file)
--- a/xen/xsm/flask/avc.c
+++ b/xen/xsm/flask/avc.c
@@ -251,8 +251,6 @@ void __init avc_init(void)
     }
     atomic_set(&avc_cache.active_nodes, 0);
     atomic_set(&avc_cache.lru_hint, 0);
-
-    printk("AVC INITIALIZED\n");
 }
 
 int avc_get_hash_stats(struct xen_flask_hash_stats *arg)

diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c
index 7743aac7a6b2bc1bd8d8f27eb8d4a23bf678275f..0e893604d2b8beeccfc67c0f43e8b533c54e26ab 100644 (file)
--- a/xen/xsm/flask/flask_op.c
+++ b/xen/xsm/flask/flask_op.c
@@ -24,15 +24,11 @@
 #define _copy_to_guest copy_to_guest
 #define _copy_from_guest copy_from_guest
 
-#ifdef FLASK_DEVELOP
 int flask_enforcing = 0;
 integer_param("flask_enforcing", flask_enforcing);
-#endif
 
-#ifdef FLASK_BOOTPARAM
 int flask_enabled = 1;
 integer_param("flask_enabled", flask_enabled);
-#endif
 
 #define MAX_POLICY_SIZE 0x4000000
 

diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 65094bbe773fd8b218e28b949e2d44ff0aa0205c..dad5deb63e054408a8e915c38d246eb1d5586cbf 100644 (file)
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1626,14 +1626,14 @@ static struct xsm_operations flask_ops = {
 #endif
 };
 
-static __init int flask_init(void)
+static __init void flask_init(void)
 {
     int ret = 0;
 
     if ( !flask_enabled )
     {
         printk("Flask:  Disabled at boot.\n");
-        return 0;
+        return;
     }
 
     printk("Flask:  Initializing.\n");
@@ -1650,8 +1650,6 @@ static __init int flask_init(void)
         printk("Flask:  Starting in enforcing mode.\n");
     else
         printk("Flask:  Starting in permissive mode.\n");
-
-    return ret;
 }
 
 xsm_initcall(flask_init);

diff --git a/xen/xsm/flask/include/avc.h b/xen/xsm/flask/include/avc.h
index 42a5e4b1df30b991ad37145bdd8ed3f5d416faae..a00a6ebb365009aa19a92657a47e412eb1f0e8e4 100644 (file)
--- a/xen/xsm/flask/include/avc.h
+++ b/xen/xsm/flask/include/avc.h
@@ -17,11 +17,7 @@
 #include "av_permissions.h"
 #include "security.h"
 
-#ifdef FLASK_DEVELOP
 extern int flask_enforcing;
-#else
-#define flask_enforcing 1
-#endif
 
 /*
  * An entry in the AVC.

diff --git a/xen/xsm/flask/include/security.h b/xen/xsm/flask/include/security.h
index 348f018fc68e3c9d178b95fdfdb414d72f4b9570..dea0143aca5603de45cadb5680f860853c3355fd 100644 (file)
--- a/xen/xsm/flask/include/security.h
+++ b/xen/xsm/flask/include/security.h
@@ -35,12 +35,7 @@
 #define POLICYDB_VERSION_MIN   POLICYDB_VERSION_BASE
 #define POLICYDB_VERSION_MAX   POLICYDB_VERSION_BOUNDARY
 
-#ifdef FLASK_BOOTPARAM
 extern int flask_enabled;
-#else
-#define flask_enabled 1
-#endif
-
 extern int flask_mls_enabled;
 
 int security_load_policy(void * data, size_t len);