headers-$(CONFIG_X86) += compat/arch-x86/xen.h
headers-$(CONFIG_X86) += compat/arch-x86/xen-$(compat-arch-y).h
headers-y += compat/arch-$(compat-arch-y).h compat/xlat.h
+headers-$(FLASK_ENABLE) += compat/xsm/flask_op.h
cppflags-y := -include public/xen-compat.h
cppflags-$(CONFIG_X86) += -m32
export PYTHON=$(PYTHON); \
grep -v '^[ ]*#' xlat.lst | \
while read what name hdr; do \
- $(SHELL) $(BASEDIR)/tools/get-fields.sh "$$what" compat_$$name $$(echo compat/$$hdr | sed 's,@arch@,$(compat-arch-y),g') || exit $$?; \
+ hdr="compat/$$(echo $$hdr | sed 's,@arch@,$(compat-arch-y),g')"; \
+ echo '$(headers-y)' | grep -q "$$hdr" || continue; \
+ $(SHELL) $(BASEDIR)/tools/get-fields.sh "$$what" compat_$$name $$hdr || exit $$?; \
done >$@.new
mv -f $@.new $@
! vcpu_set_singleshot_timer vcpu.h
? xenoprof_init xenoprof.h
? xenoprof_passive xenoprof.h
+? flask_access xsm/flask_op.h
+! flask_boolean xsm/flask_op.h
+? flask_cache_stats xsm/flask_op.h
+? flask_hash_stats xsm/flask_op.h
+! flask_load xsm/flask_op.h
+? flask_ocontext xsm/flask_op.h
+? flask_peersid xsm/flask_op.h
+? flask_relabel xsm/flask_op.h
+? flask_setavc_threshold xsm/flask_op.h
+? flask_setenforce xsm/flask_op.h
+! flask_sid_context xsm/flask_op.h
+? flask_transition xsm/flask_op.h
+! flask_userlist xsm/flask_op.h
* it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation.
*/
-
+#ifndef COMPAT
#include <xen/errno.h>
#include <xen/event.h>
#include <xsm/xsm.h>
#include <objsec.h>
#include <conditional.h>
+#define ret_t long
+#define _copy_to_guest copy_to_guest
+#define _copy_from_guest copy_from_guest
+
#ifdef FLASK_DEVELOP
int flask_enforcing = 0;
integer_param("flask_enforcing", flask_enforcing);
return 0;
}
+#endif /* COMPAT */
+
static int flask_security_user(struct xen_flask_userlist *arg)
{
char *user;
arg->size = nsids;
- if ( copy_to_guest(arg->u.sids, sids, nsids) )
+ if ( _copy_to_guest(arg->u.sids, sids, nsids) )
rv = -EFAULT;
xfree(sids);
return rv;
}
+#ifndef COMPAT
+
static int flask_security_relabel(struct xen_flask_transition *arg)
{
int rv;
return 0;
}
+#endif /* COMPAT */
+
static int flask_security_context(struct xen_flask_sid_context *arg)
{
int rv;
arg->size = len;
- if ( !rv && copy_to_guest(arg->context, context, len) )
+ if ( !rv && _copy_to_guest(arg->context, context, len) )
rv = -EFAULT;
xfree(context);
return rv;
}
+#ifndef COMPAT
+
int flask_disable(void)
{
static int flask_disabled = 0;
return rv;
}
+#endif /* COMPAT */
+
static int flask_security_resolve_bool(struct xen_flask_boolean *arg)
{
char *name;
return rv;
}
-static int flask_security_commit_bools(void)
-{
- int rv;
-
- spin_lock(&sel_sem);
-
- rv = domain_has_security(current->domain, SECURITY__SETBOOL);
- if ( rv )
- goto out;
-
- if ( bool_pending_values )
- rv = security_set_bools(bool_num, bool_pending_values);
-
- out:
- spin_unlock(&sel_sem);
- return rv;
-}
-
static int flask_security_get_bool(struct xen_flask_boolean *arg)
{
int rv;
rv = -ERANGE;
arg->size = nameout_len;
- if ( !rv && copy_to_guest(arg->name, nameout, nameout_len) )
+ if ( !rv && _copy_to_guest(arg->name, nameout, nameout_len) )
rv = -EFAULT;
xfree(nameout);
}
return rv;
}
+#ifndef COMPAT
+
+static int flask_security_commit_bools(void)
+{
+ int rv;
+
+ spin_lock(&sel_sem);
+
+ rv = domain_has_security(current->domain, SECURITY__SETBOOL);
+ if ( rv )
+ goto out;
+
+ if ( bool_pending_values )
+ rv = security_set_bools(bool_num, bool_pending_values);
+
+ out:
+ spin_unlock(&sel_sem);
+ return rv;
+}
+
static int flask_security_make_bools(void)
{
int ret = 0;
}
#endif
+#endif /* COMPAT */
static int flask_security_load(struct xen_flask_load *load)
{
if ( !buf )
return -ENOMEM;
- if ( copy_from_guest(buf, load->buffer, load->size) )
+ if ( _copy_from_guest(buf, load->buffer, load->size) )
{
ret = -EFAULT;
goto out_free;
return ret;
}
+#ifndef COMPAT
+
static int flask_ocontext_del(struct xen_flask_ocontext *arg)
{
int rv;
return rc;
}
-long do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op)
+#endif /* !COMPAT */
+
+ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op)
{
xen_flask_op_t op;
int rv;
out:
return rv;
}
+
+#ifndef COMPAT
+#undef _copy_to_guest
+#define _copy_to_guest copy_to_compat
+#undef _copy_from_guest
+#define _copy_from_guest copy_from_compat
+
+#include <compat/event_channel.h>
+#include <compat/xsm/flask_op.h>
+
+CHECK_flask_access;
+CHECK_flask_cache_stats;
+CHECK_flask_hash_stats;
+CHECK_flask_ocontext;
+CHECK_flask_peersid;
+CHECK_flask_relabel;
+CHECK_flask_setavc_threshold;
+CHECK_flask_setenforce;
+CHECK_flask_transition;
+
+#define COMPAT
+#define flask_copyin_string(ch, pb, sz, mx) ({ \
+ XEN_GUEST_HANDLE_PARAM(char) gh; \
+ guest_from_compat_handle(gh, ch); \
+ flask_copyin_string(gh, pb, sz, mx); \
+})
+
+#define xen_flask_load compat_flask_load
+#define flask_security_load compat_security_load
+
+#define xen_flask_userlist compat_flask_userlist
+#define flask_security_user compat_security_user
+
+#define xen_flask_sid_context compat_flask_sid_context
+#define flask_security_context compat_security_context
+#define flask_security_sid compat_security_sid
+
+#define xen_flask_boolean compat_flask_boolean
+#define flask_security_resolve_bool compat_security_resolve_bool
+#define flask_security_get_bool compat_security_get_bool
+#define flask_security_set_bool compat_security_set_bool
+
+#define xen_flask_op_t compat_flask_op_t
+#undef ret_t
+#define ret_t int
+#define do_flask_op compat_flask_op
+
+#include "flask_op.c"
+#endif
projects / people / royger / xen.git / commitdiff