Revert "convert FLASK_ENABLE to Kconfig"

This reverts commit b36bf230270baba4f0fe35b230ea8b80ebb2c4a7,
as osstest needs to be ready first.

diff --git a/Config.mk b/Config.mk
index 13159188cc73ebe9306d64b3855b81bd21ce0bed..a3be5ed91d3905e83c6159e08161bf8be52d6e2e 100644 (file)
--- a/Config.mk
+++ b/Config.mk
@@ -214,6 +214,7 @@ EMBEDDED_EXTRA_CFLAGS += -fno-exceptions
 
 # Enable XSM security module (by default, Flask).
 XSM_ENABLE ?= n
+FLASK_ENABLE ?= $(XSM_ENABLE)
 
 XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles
 # All the files at that location were downloaded from elsewhere on

diff --git a/INSTALL b/INSTALL
index c51447bdfea57fbf849c3748f282cdf1c1e023fb..b7e426c08505ce756d9eaaec69c46cb4202e142f 100644 (file)
--- a/INSTALL
+++ b/INSTALL
@@ -278,11 +278,7 @@ PYTHON_PREFIX_ARG=
 The hypervisor may be build with XSM support, which can be changed with
 the following variables.
 XSM_ENABLE=y
-
-The hypervisor may be build with Flask support, which can be changed
-by running:
-make -C xen menuconfig
-and enabling Flask in the 'Common Features' menu.
+FLASK_ENABLE=y
 
 Do a build for coverage.
 coverage=y

diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt
index f2f0fd47d7ab0503a9e88781ee307c800983ee43..7249f402c3b0a9c972db8ddcfe32ffb84bb7fcdc 100644 (file)
--- a/docs/misc/xsm-flask.txt
+++ b/docs/misc/xsm-flask.txt
@@ -172,9 +172,8 @@ Setting up FLASK
 ----------------
 
 Xen must be compiled with XSM and FLASK enabled; by default, the security
-framework is disabled. Edit Config.mk or the .config file to set XSM_ENABLE to
-"y" and running 'make -C xen menuconfig' and enabling FLASK inside 'Common
-Features'; this change requires a make clean and rebuild.
+framework is disabled. Edit Config.mk or the .config file to set XSM_ENABLE and
+FLASK_ENABLE to "y"; this change requires a make clean and rebuild.
 
 FLASK uses only one domain configuration parameter (seclabel) defining the
 full security label of the newly created domain. If using the example policy,

diff --git a/xen/Rules.mk b/xen/Rules.mk
index 9e4e6ff5dc4e90126dc5123f2196fbcc2131a32f..f7ddc69d8e63d36a5b1191b4226a297ee969090f 100644 (file)
--- a/xen/Rules.mk
+++ b/xen/Rules.mk
@@ -53,6 +53,7 @@ CFLAGS += -pipe -g -D__XEN__ -include $(BASEDIR)/include/xen/config.h
 CFLAGS += '-D__OBJECT_FILE__="$@"'
 
 CFLAGS-$(XSM_ENABLE)    += -DXSM_ENABLE
+CFLAGS-$(FLASK_ENABLE)  += -DFLASK_ENABLE
 CFLAGS-$(verbose)       += -DVERBOSE
 CFLAGS-$(crash_debug)   += -DCRASH_DEBUG
 CFLAGS-$(perfc)         += -DPERF_COUNTERS

diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 6373b7f3eb3a279fcd024de0081cd1d4bf6859ff..046e2574975431ecaa2efff4f6488a261c5385a0 100644 (file)
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -8,17 +8,6 @@ config COMPAT
          HVM and PV guests. HVMLoader makes 32-bit hypercalls irrespective
          of the destination runmode of the guest.
 
-config FLASK
-       bool "FLux Advanced Security Kernel support"
-       default n
-       --help---
-         Enables the FLASK (FLux Advanced Security Kernel) support which
-         provides a mandatory access control framework by which security
-         enforcement, isolation, and auditing can be achieved with fine
-         granular control via a security policy.
-
-         If unsure, say N.
-
 # Select HAS_DEVICE_TREE if device tree is supported
 config HAS_DEVICE_TREE
        bool

diff --git a/xen/include/Makefile b/xen/include/Makefile
index 9c8188b5f079131fd6614c078d2b0cbdc9cb4625..94ba3d8dcd570c808b0c73d2289cae6e051db651 100644 (file)
--- a/xen/include/Makefile
+++ b/xen/include/Makefile
@@ -28,7 +28,7 @@ headers-$(CONFIG_X86)     += compat/arch-x86/xen.h
 headers-$(CONFIG_X86)     += compat/arch-x86/xen-$(compat-arch-y).h
 headers-$(CONFIG_X86)     += compat/hvm/hvm_vcpu.h
 headers-y                 += compat/arch-$(compat-arch-y).h compat/pmu.h compat/xlat.h
-headers-$(CONFIG_FLASK)   += compat/xsm/flask_op.h
+headers-$(FLASK_ENABLE)   += compat/xsm/flask_op.h
 
 cppflags-y                := -include public/xen-compat.h
 cppflags-$(CONFIG_X86)    += -m32

diff --git a/xen/include/xen/config.h b/xen/include/xen/config.h
index bba015ac06eed5515cdfaddfb75675998b063ebc..75955999a6c9d86fae17322e1c08b8e5cf53b0ef 100644 (file)
--- a/xen/include/xen/config.h
+++ b/xen/include/xen/config.h
@@ -86,7 +86,7 @@
 #define mk_unsigned_long(x) x
 #endif /* !__ASSEMBLY__ */
 
-#ifdef CONFIG_FLASK
+#ifdef FLASK_ENABLE
 #define XSM_MAGIC 0xf97cff8c
 /* Maintain statistics on the access vector cache */
 #define FLASK_AVC_STATS 1

diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index 6ea3cc7cc8541e9ed0e8808cc02ad85801cf532c..fc61fc3be4f652fee2ee7b8c0d0a134d01605bd7 100644 (file)
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -119,7 +119,7 @@ struct evtchn
          */
         void *generic;
 #endif
-#ifdef CONFIG_FLASK
+#ifdef FLASK_ENABLE
         /*
          * Inlining the contents of the structure for FLASK avoids unneeded
          * allocations, and on 64-bit platforms with only FLASK enabled,

diff --git a/xen/xsm/Makefile b/xen/xsm/Makefile
index d29e71c3a48605898732297be7794fe9523d9265..16c13b507f80c85edeeb4809ec696902bd631568 100644 (file)
--- a/xen/xsm/Makefile
+++ b/xen/xsm/Makefile
@@ -4,4 +4,4 @@ obj-y += xsm_policy.o
 obj-y += dummy.o
 endif
 
-subdir-$(CONFIG_FLASK) += flask
+subdir-$(FLASK_ENABLE) += flask