};
typedef enum xsm_default xsm_default_t;
-extern char *policy_buffer;
-extern u32 policy_size;
-
struct xsm_operations {
void (*security_domaininfo) (struct domain *d,
struct xen_domctl_getdomaininfo *info);
void *(*bootstrap_map)(const module_t *));
extern int xsm_multiboot_policy_init(unsigned long *module_map,
const multiboot_info_t *mbi,
- void *(*bootstrap_map)(const module_t *));
+ void *(*bootstrap_map)(const module_t *),
+ void **policy_buffer,
+ size_t *policy_size);
#endif
#ifdef CONFIG_HAS_DEVICE_TREE
extern int xsm_dt_init(void);
-extern int xsm_dt_policy_init(void);
+extern int xsm_dt_policy_init(void **policy_buffer, size_t *policy_size);
extern bool has_xsm_magic(paddr_t);
#endif
extern void xsm_fixup_ops(struct xsm_operations *ops);
#ifdef CONFIG_FLASK
-extern void flask_init(void);
+extern void flask_init(const void *policy_buffer, size_t policy_size);
#else
-static inline void flask_init(void)
+static inline void flask_init(const void *policy_buffer, size_t policy_size)
{
}
#endif
.xen_version = flask_xen_version,
};
-__init void flask_init(void)
+void __init flask_init(const void *policy_buffer, size_t policy_size)
{
int ret = -ENOENT;
extern enum flask_bootparam_t flask_bootparam;
extern int flask_mls_enabled;
-int security_load_policy(void * data, size_t len);
+int security_load_policy(const void *data, size_t len);
struct av_decision {
u32 allowed;
#define TARGET_XEN_OLD 0
struct policy_file {
- char *data;
+ const char *data;
size_t len;
};
* This function will flush the access vector cache after
* loading the new policy.
*/
-int security_load_policy(void *data, size_t len)
+int security_load_policy(const void *data, size_t len)
{
struct policydb oldpolicydb, newpolicydb;
struct sidtab oldsidtab, newsidtab;
return 0;
}
-static int __init xsm_core_init(void)
+static int __init xsm_core_init(const void *policy_buffer, size_t policy_size)
{
if ( verify(&dummy_xsm_ops) )
{
}
xsm_ops = &dummy_xsm_ops;
- flask_init();
+ flask_init(policy_buffer, policy_size);
return 0;
}
void *(*bootstrap_map)(const module_t *))
{
int ret = 0;
+ void *policy_buffer = NULL;
+ size_t policy_size = 0;
printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n");
if ( XSM_MAGIC )
{
- ret = xsm_multiboot_policy_init(module_map, mbi, bootstrap_map);
+ ret = xsm_multiboot_policy_init(module_map, mbi, bootstrap_map,
+ &policy_buffer, &policy_size);
if ( ret )
{
bootstrap_map(NULL);
}
}
- ret = xsm_core_init();
+ ret = xsm_core_init(policy_buffer, policy_size);
bootstrap_map(NULL);
return 0;
int __init xsm_dt_init(void)
{
int ret = 0;
+ void *policy_buffer = NULL;
+ size_t policy_size = 0;
printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n");
if ( XSM_MAGIC )
{
- ret = xsm_dt_policy_init();
+ ret = xsm_dt_policy_init(&policy_buffer, &policy_size);
if ( ret )
{
printk("%s: Error initializing policy (rc = %d).\n",
}
}
- ret = xsm_core_init();
+ ret = xsm_core_init(policy_buffer, policy_size);
xfree(policy_buffer);
# include <xen/device_tree.h>
#endif
-char *__initdata policy_buffer = NULL;
-u32 __initdata policy_size = 0;
-
#ifdef CONFIG_MULTIBOOT
int __init xsm_multiboot_policy_init(unsigned long *module_map,
const multiboot_info_t *mbi,
- void *(*bootstrap_map)(const module_t *))
+ void *(*bootstrap_map)(const module_t *),
+ void **policy_buffer,
+ size_t *policy_size)
{
int i;
module_t *mod = (module_t *)__va(mbi->mods_addr);
if ( (xsm_magic_t)(*_policy_start) == XSM_MAGIC )
{
- policy_buffer = (char *)_policy_start;
- policy_size = _policy_len;
+ *policy_buffer = _policy_start;
+ *policy_size = _policy_len;
printk("Policy len %#lx, start at %p.\n",
_policy_len,_policy_start);
#endif
#ifdef CONFIG_HAS_DEVICE_TREE
-int __init xsm_dt_policy_init(void)
+int __init xsm_dt_policy_init(void **policy_buffer, size_t *policy_size)
{
struct bootmodule *mod = boot_module_find_by_kind(BOOTMOD_XSM);
paddr_t paddr, len;
printk("xsm: Policy len = 0x%"PRIpaddr" start at 0x%"PRIpaddr"\n",
len, paddr);
- policy_buffer = xmalloc_bytes(len);
- if ( !policy_buffer )
+ *policy_buffer = xmalloc_bytes(len);
+ if ( !*policy_buffer )
return -ENOMEM;
- copy_from_paddr(policy_buffer, paddr, len);
- policy_size = len;
+ copy_from_paddr(*policy_buffer, paddr, len);
+ *policy_size = len;
return 0;
}
projects / xen.git / commitdiff