ia64/xen-unstable

view xen/include/public/acm.h @ 5755:be1153585cb0

Fix hgignore regexps some more.
author kaf24@firebug.cl.cam.ac.uk
date Tue Jul 12 16:19:59 2005 +0000 (2005-07-12)
parents 8ad10be47849
children c1a7ed266c7e c1a7ed266c7e a83ac0806d6b
line source
1 /****************************************************************
2 * acm.h
3 *
4 * Copyright (C) 2005 IBM Corporation
5 *
6 * Author:
7 * Reiner Sailer <sailer@watson.ibm.com>
8 *
9 * Contributors:
10 * Stefan Berger <stefanb@watson.ibm.com>
11 * added network byte order support for binary policies
12 *
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License as
15 * published by the Free Software Foundation, version 2 of the
16 * License.
17 *
18 * sHype general access control module header file.
19 * here are all definitions that are shared between
20 * xen-core, guest-kernels, and applications.
21 *
22 * todo: move from static policy choice to compile option.
23 */
25 #ifndef _XEN_PUBLIC_ACM_H
26 #define _XEN_PUBLIC_ACM_H
28 #include "xen.h"
29 #include "sched_ctl.h"
31 /* if ACM_DEBUG defined, all hooks should
32 * print a short trace message (comment it out
33 * when not in testing mode )
34 */
35 /* #define ACM_DEBUG */
37 #ifdef ACM_DEBUG
38 # define printkd(fmt, args...) printk(fmt,## args)
39 #else
40 # define printkd(fmt, args...)
41 #endif
43 /* default ssid reference value if not supplied */
44 #define ACM_DEFAULT_SSID 0x0
45 #define ACM_DEFAULT_LOCAL_SSID 0x0
47 /* Internal ACM ERROR types */
48 #define ACM_OK 0
49 #define ACM_UNDEF -1
50 #define ACM_INIT_SSID_ERROR -2
51 #define ACM_INIT_SOID_ERROR -3
52 #define ACM_ERROR -4
54 /* External ACCESS DECISIONS */
55 #define ACM_ACCESS_PERMITTED 0
56 #define ACM_ACCESS_DENIED -111
57 #define ACM_NULL_POINTER_ERROR -200
59 #define ACM_MAX_POLICY 3
61 #define ACM_NULL_POLICY 0
62 #define ACM_CHINESE_WALL_POLICY 1
63 #define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2
64 #define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY 3
66 /* policy: */
67 #define ACM_POLICY_NAME(X) \
68 (X == ACM_NULL_POLICY) ? "NULL policy" : \
69 (X == ACM_CHINESE_WALL_POLICY) ? "CHINESE WALL policy" : \
70 (X == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "SIMPLE TYPE ENFORCEMENT policy" : \
71 (X == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \
72 "UNDEFINED policy"
74 /* defines a ssid reference used by xen */
75 typedef u32 ssidref_t;
77 /* -------security policy relevant type definitions-------- */
79 /* type identifier; compares to "equal" or "not equal" */
80 typedef u16 domaintype_t;
82 /* CHINESE WALL POLICY DATA STRUCTURES
83 *
84 * current accumulated conflict type set:
85 * When a domain is started and has a type that is in
86 * a conflict set, the conflicting types are incremented in
87 * the aggregate set. When a domain is destroyed, the
88 * conflicting types to its type are decremented.
89 * If a domain has multiple types, this procedure works over
90 * all those types.
91 *
92 * conflict_aggregate_set[i] holds the number of
93 * running domains that have a conflict with type i.
94 *
95 * running_types[i] holds the number of running domains
96 * that include type i in their ssidref-referenced type set
97 *
98 * conflict_sets[i][j] is "0" if type j has no conflict
99 * with type i and is "1" otherwise.
100 */
101 /* high-16 = version, low-16 = check magic */
102 #define ACM_MAGIC 0x0001debc
104 /* each offset in bytes from start of the struct they
105 * the are part of */
106 /* each buffer consists of all policy information for
107 * the respective policy given in the policy code
108 */
109 struct acm_policy_buffer {
110 u32 magic;
111 u32 policyversion;
112 u32 len;
113 u16 primary_policy_code;
114 u16 primary_buffer_offset;
115 u16 secondary_policy_code;
116 u16 secondary_buffer_offset;
117 };
119 struct acm_chwall_policy_buffer {
120 u16 policy_code;
121 u16 chwall_max_types;
122 u16 chwall_max_ssidrefs;
123 u16 chwall_max_conflictsets;
124 u16 chwall_ssid_offset;
125 u16 chwall_conflict_sets_offset;
126 u16 chwall_running_types_offset;
127 u16 chwall_conflict_aggregate_offset;
128 };
130 struct acm_ste_policy_buffer {
131 u16 policy_code;
132 u16 ste_max_types;
133 u16 ste_max_ssidrefs;
134 u16 ste_ssid_offset;
135 };
137 struct acm_stats_buffer {
138 u32 magic;
139 u32 policyversion;
140 u32 len;
141 u16 primary_policy_code;
142 u16 primary_stats_offset;
143 u16 secondary_policy_code;
144 u16 secondary_stats_offset;
145 };
147 struct acm_ste_stats_buffer {
148 u32 ec_eval_count;
149 u32 gt_eval_count;
150 u32 ec_denied_count;
151 u32 gt_denied_count;
152 u32 ec_cachehit_count;
153 u32 gt_cachehit_count;
154 };
157 #endif