ia64/xen-unstable

view xen/include/acm/acm_core.h @ 8614:bd606783c6bf

remove unnecessary macro bdev_put which is an alias to blkdev_put.

Signed-off-by: Vincent Hanquez <vincent@xensource.com>
author vhanquez@kneesa.uk.xensource.com
date Mon Jan 16 21:13:29 2006 +0000 (2006-01-16)
parents cc1d77bba4b0
children 0a5183b3e7bb
line source
1 /****************************************************************
2 * acm_core.h
3 *
4 * Copyright (C) 2005 IBM Corporation
5 *
6 * Author:
7 * Reiner Sailer <sailer@watson.ibm.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 *
14 * sHype header file describing core data types and constants
15 * for the access control module and relevant policies
16 *
17 */
19 #ifndef _ACM_CORE_H
20 #define _ACM_CORE_H
22 #include <xen/spinlock.h>
23 #include <public/acm.h>
24 #include <xen/acm_policy.h>
25 #include <public/acm_ops.h>
27 /* Xen-internal representation of the binary policy */
28 struct acm_binary_policy {
29 u16 primary_policy_code;
30 u16 secondary_policy_code;
31 };
33 struct chwall_binary_policy {
34 u32 max_types;
35 u32 max_ssidrefs;
36 u32 max_conflictsets;
37 domaintype_t *ssidrefs; /* [max_ssidrefs][max_types] */
38 domaintype_t *conflict_aggregate_set; /* [max_types] */
39 domaintype_t *running_types; /* [max_types] */
40 domaintype_t *conflict_sets; /* [max_conflictsets][max_types]*/
41 };
43 struct ste_binary_policy {
44 u32 max_types;
45 u32 max_ssidrefs;
46 domaintype_t *ssidrefs; /* [max_ssidrefs][max_types] */
47 atomic_t ec_eval_count, gt_eval_count;
48 atomic_t ec_denied_count, gt_denied_count;
49 atomic_t ec_cachehit_count, gt_cachehit_count;
50 };
52 /* global acm policy */
53 extern u16 acm_active_security_policy;
54 extern struct acm_binary_policy acm_bin_pol;
55 extern struct chwall_binary_policy chwall_bin_pol;
56 extern struct ste_binary_policy ste_bin_pol;
57 /* use the lock when reading / changing binary policy ! */
58 extern rwlock_t acm_bin_pol_rwlock;
60 /* subject and object type definitions */
61 enum acm_datatype { DOMAIN };
63 /* defines number of access decisions to other domains can be cached
64 * one entry per domain, TE does not distinguish evtchn or grant_table */
65 #define ACM_TE_CACHE_SIZE 8
66 enum acm_ste_flag { VALID, FREE };
68 /* cache line:
69 * if cache_line.valid==VALID, then
70 * STE decision is cached as "permitted"
71 * on domain cache_line.id
72 */
73 struct acm_ste_cache_line {
74 enum acm_ste_flag valid;
75 domid_t id;
76 };
78 /* general definition of a subject security id */
79 struct acm_ssid_domain {
80 enum acm_datatype datatype; /* type of subject (e.g., partition) */
81 ssidref_t ssidref; /* combined security reference */
82 void *primary_ssid; /* primary policy ssid part (e.g. chinese wall) */
83 void *secondary_ssid; /* secondary policy ssid part (e.g. type enforcement) */
84 struct domain *subject; /* backpointer to subject structure */
85 domid_t domainid; /* replicate id */
86 };
88 /* chinese wall ssid type */
89 struct chwall_ssid {
90 ssidref_t chwall_ssidref;
91 };
93 /* simple type enforcement ssid type */
94 struct ste_ssid {
95 ssidref_t ste_ssidref;
96 struct acm_ste_cache_line ste_cache[ACM_TE_CACHE_SIZE]; /* decision cache */
97 };
99 /* macros to access ssidref for primary / secondary policy
100 * primary ssidref = lower 16 bit
101 * secondary ssidref = higher 16 bit
102 */
103 #define ACM_PRIMARY(ssidref) \
104 ((ssidref) & 0xffff)
106 #define ACM_SECONDARY(ssidref) \
107 ((ssidref) >> 16)
109 #define GET_SSIDREF(POLICY, ssidref) \
110 ((POLICY) == acm_bin_pol.primary_policy_code) ? \
111 ACM_PRIMARY(ssidref) : ACM_SECONDARY(ssidref)
113 /* macros to access ssid pointer for primary / secondary policy */
114 #define GET_SSIDP(POLICY, ssid) \
115 ((POLICY) == acm_bin_pol.primary_policy_code) ? \
116 ((ssid)->primary_ssid) : ((ssid)->secondary_ssid)
118 /* protos */
119 int acm_init_domain_ssid(domid_t id, ssidref_t ssidref);
120 void acm_free_domain_ssid(struct acm_ssid_domain *ssid);
121 int acm_init_binary_policy(u32 policy_code);
122 int acm_set_policy(void *buf, u32 buf_size, int isuserbuffer);
123 int acm_get_policy(void *buf, u32 buf_size);
124 int acm_dump_statistics(void *buf, u16 buf_size);
125 int acm_get_ssid(ssidref_t ssidref, u8 *buf, u16 buf_size);
126 int acm_get_decision(ssidref_t ssidref1, ssidref_t ssidref2, enum acm_hook_type hook);
128 #endif
130 /*
131 * Local variables:
132 * mode: C
133 * c-set-style: "BSD"
134 * c-basic-offset: 4
135 * tab-width: 4
136 * indent-tabs-mode: nil
137 * End:
138 */