ChangeSet 1.1727, 2005/06/22 15:18:12+01:00, kaf24@xxxxxxxxxxxxxxxxxxxx
Compile-time ACM null-ops disables build of acm files.
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
b/xen/Makefile | 2
b/xen/Rules.mk | 2
b/xen/arch/x86/setup.c | 8
b/xen/common/policy_ops.c | 64 +++--
b/xen/include/acm/acm_hooks.h | 436 ++++++++++++++++++------------------
xen/include/public/acm_dom0_setup.h | 34 --
6 files changed, 274 insertions(+), 272 deletions(-)
diff -Nru a/xen/Makefile b/xen/Makefile
--- a/xen/Makefile 2005-06-22 11:03:11 -04:00
+++ b/xen/Makefile 2005-06-22 11:03:11 -04:00
@@ -59,7 +59,9 @@
$(MAKE) include/asm-$(TARGET_ARCH)/asm-offsets.h
$(MAKE) -C common
$(MAKE) -C drivers
+ifdef ACM_USE_SECURITY_POLICY
$(MAKE) -C acm
+endif
$(MAKE) -C arch/$(TARGET_ARCH)
# drivers/char/console.o may contain static banner/compile info. Blow it away.
diff -Nru a/xen/Rules.mk b/xen/Rules.mk
--- a/xen/Rules.mk 2005-06-22 11:03:11 -04:00
+++ b/xen/Rules.mk 2005-06-22 11:03:11 -04:00
@@ -35,7 +35,9 @@
ALL_OBJS := $(BASEDIR)/common/common.o
ALL_OBJS += $(BASEDIR)/drivers/char/driver.o
ALL_OBJS += $(BASEDIR)/drivers/acpi/driver.o
+ifdef ACM_USE_SECURITY_POLICY
ALL_OBJS += $(BASEDIR)/acm/acm.o
+endif
ALL_OBJS += $(BASEDIR)/arch/$(TARGET_ARCH)/arch.o
diff -Nru a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
--- a/xen/arch/x86/setup.c 2005-06-22 11:03:11 -04:00
+++ b/xen/arch/x86/setup.c 2005-06-22 11:03:11 -04:00
@@ -20,7 +20,7 @@
#include <asm/desc.h>
#include <asm/shadow.h>
#include <asm/e820.h>
-#include <public/acm_dom0_setup.h>
+#include <acm/acm_hooks.h>
extern void dmi_scan_machine(void);
extern void generic_apic_probe(void);
@@ -188,7 +188,7 @@
arch_init_memory();
- scheduler_init();
+ scheduler_init();
identify_cpu(&boot_cpu_data);
if ( cpu_has_fxsr )
@@ -383,8 +383,8 @@
init_xenheap_pages(xenheap_phys_start, xenheap_phys_end);
printk("Xen heap: %luMB (%lukB)\n",
- (xenheap_phys_end-xenheap_phys_start) >> 20,
- (xenheap_phys_end-xenheap_phys_start) >> 10);
+ (xenheap_phys_end-xenheap_phys_start) >> 20,
+ (xenheap_phys_end-xenheap_phys_start) >> 10);
early_boot = 0;
diff -Nru a/xen/common/policy_ops.c b/xen/common/policy_ops.c
--- a/xen/common/policy_ops.c 2005-06-22 11:03:11 -04:00
+++ b/xen/common/policy_ops.c 2005-06-22 11:03:11 -04:00
@@ -1,5 +1,5 @@
/******************************************************************************
- *policy_ops.c
+ * policy_ops.c
*
* Copyright (C) 2005 IBM Corporation
*
@@ -14,6 +14,7 @@
* Process policy command requests from guest OS.
*
*/
+
#include <xen/config.h>
#include <xen/types.h>
#include <xen/lib.h>
@@ -27,29 +28,39 @@
#include <public/sched_ctl.h>
#include <acm/acm_hooks.h>
+#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
+
+long do_policy_op(policy_op_t *u_policy_op)
+{
+ return -ENOSYS;
+}
+
+#else
+
/* function prototypes defined in acm/acm_policy.c */
int acm_set_policy(void *buf, u16 buf_size, u16 policy);
int acm_get_policy(void *buf, u16 buf_size);
int acm_dump_statistics(void *buf, u16 buf_size);
typedef enum policyoperation {
- POLICY, /* access to policy interface (early drop) */
- GETPOLICY, /* dump policy cache */
- SETPOLICY, /* set policy cache (controls security) */
- DUMPSTATS /* dump policy statistics */
+ POLICY, /* access to policy interface (early drop) */
+ GETPOLICY, /* dump policy cache */
+ SETPOLICY, /* set policy cache (controls security) */
+ DUMPSTATS /* dump policy statistics */
} policyoperation_t;
int
acm_authorize_policyops(struct domain *d, policyoperation_t pops)
{
- /* currently, all policy management functions are restricted to
privileged domains,
- * soon we will introduce finer-grained privileges for policy
operations
- */
- if (!IS_PRIV(d)) {
- printk("%s: Policy management authorization denied ERROR!\n",
__func__);
- return ACM_ACCESS_DENIED;
- }
- return ACM_ACCESS_PERMITTED;
+ /* all policy management functions are restricted to privileged domains,
+ * soon we will introduce finer-grained privileges for policy operations
+ */
+ if (!IS_PRIV(d)) {
+ printk("%s: Policy management authorization denied ERROR!\n",
+ __func__);
+ return ACM_ACCESS_DENIED;
+ }
+ return ACM_ACCESS_PERMITTED;
}
long do_policy_op(policy_op_t *u_policy_op)
@@ -60,7 +71,7 @@
/* check here policy decision for policy commands */
/* for now allow DOM0 only, later indepedently */
if (acm_authorize_policyops(current->domain, POLICY))
- return -EACCES;
+ return -EACCES;
if ( copy_from_user(op, u_policy_op, sizeof(*op)) )
return -EFAULT;
@@ -73,9 +84,12 @@
case POLICY_SETPOLICY:
{
if (acm_authorize_policyops(current->domain, SETPOLICY))
- return -EACCES;
- printkd("%s: setting policy.\n", __func__);
- ret = acm_set_policy(op->u.setpolicy.pushcache,
op->u.setpolicy.pushcache_size, op->u.setpolicy.policy_type);
+ return -EACCES;
+ printkd("%s: setting policy.\n", __func__);
+ ret = acm_set_policy(
+ op->u.setpolicy.pushcache,
+ op->u.setpolicy.pushcache_size,
+ op->u.setpolicy.policy_type);
if (ret == ACM_OK)
ret = 0;
else
@@ -86,9 +100,11 @@
case POLICY_GETPOLICY:
{
if (acm_authorize_policyops(current->domain, GETPOLICY))
- return -EACCES;
+ return -EACCES;
printkd("%s: getting policy.\n", __func__);
- ret = acm_get_policy(op->u.getpolicy.pullcache,
op->u.getpolicy.pullcache_size);
+ ret = acm_get_policy(
+ op->u.getpolicy.pullcache,
+ op->u.getpolicy.pullcache_size);
if (ret == ACM_OK)
ret = 0;
else
@@ -99,9 +115,11 @@
case POLICY_DUMPSTATS:
{
if (acm_authorize_policyops(current->domain, DUMPSTATS))
- return -EACCES;
- printkd("%s: dumping statistics.\n", __func__);
- ret = acm_dump_statistics(op->u.dumpstats.pullcache,
op->u.dumpstats.pullcache_size);
+ return -EACCES;
+ printkd("%s: dumping statistics.\n", __func__);
+ ret = acm_dump_statistics(
+ op->u.dumpstats.pullcache,
+ op->u.dumpstats.pullcache_size);
if (ret == ACM_OK)
ret = 0;
else
@@ -115,3 +133,5 @@
}
return ret;
}
+
+#endif
diff -Nru a/xen/include/acm/acm_hooks.h b/xen/include/acm/acm_hooks.h
--- a/xen/include/acm/acm_hooks.h 2005-06-22 11:03:11 -04:00
+++ b/xen/include/acm/acm_hooks.h 2005-06-22 11:03:11 -04:00
@@ -30,21 +30,42 @@
#include <public/event_channel.h>
#include <asm/current.h>
+#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
+
+static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid)
+{ return 0; }
+static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid)
+{ return; }
+static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid)
+{ return; }
+static inline int acm_pre_event_channel(evtchn_op_t *op)
+{ return 0; }
+static inline int acm_pre_grant_map_ref(domid_t id)
+{ return 0; }
+static inline int acm_pre_grant_setup(domid_t id)
+{ return 0; }
+static inline int acm_init(void)
+{ return 0; }
+static inline void acm_post_domain0_create(domid_t domid)
+{ return; }
+
+#else
+
/* if ACM_TRACE_MODE defined, all hooks should
* print a short trace message */
/* #define ACM_TRACE_MODE */
#ifdef ACM_TRACE_MODE
-# define traceprintk(fmt, args...) printk(fmt,## args)
+# define traceprintk(fmt, args...) printk(fmt,## args)
#else
-# define traceprintk(fmt, args...)
+# define traceprintk(fmt, args...)
#endif
/* global variables */
extern struct acm_operations *acm_primary_ops;
extern struct acm_operations *acm_secondary_ops;
-/**********************************************************************************************
+/*********************************************************************
* HOOK structure and meaning (justifies a few words about our model):
*
* General idea: every policy-controlled system operation is reflected in a
@@ -60,7 +81,8 @@
* ======================
* PRE-Hooks
* a) general authorization to guard a controlled system operation
- * b) prepare security state change (means: fail hook must be able
to "undo" this)
+ * b) prepare security state change
+ * (means: fail hook must be able to "undo" this)
*
* POST-Hooks
* a) commit prepared state change
@@ -100,238 +122,228 @@
* \
* sys-ops error
*
-
*************************************************************************************************/
+ ********************************************************************/
struct acm_operations {
- /* policy management functions (must always be defined!) */
- int (*init_domain_ssid) (void **ssid, ssidref_t
ssidref);
- void (*free_domain_ssid) (void *ssid);
- int (*dump_binary_policy) (u8 *buffer, u16 buf_size);
- int (*set_binary_policy) (u8 *buffer, u16 buf_size);
- int (*dump_statistics) (u8 *buffer, u16 buf_size);
- /* domain management control hooks (can be NULL) */
- int (*pre_domain_create) (void *subject_ssid, ssidref_t
ssidref);
- void (*post_domain_create) (domid_t domid, ssidref_t
ssidref);
- void (*fail_domain_create) (void *subject_ssid, ssidref_t
ssidref);
- void (*post_domain_destroy) (void *object_ssid, domid_t id);
- /* event channel control hooks (can be NULL) */
- int (*pre_eventchannel_unbound) (domid_t id);
- void (*fail_eventchannel_unbound) (domid_t id);
- int (*pre_eventchannel_interdomain) (domid_t id1, domid_t id2);
- int (*fail_eventchannel_interdomain) (domid_t id1, domid_t id2);
- /* grant table control hooks (can be NULL) */
- int (*pre_grant_map_ref) (domid_t id);
- void (*fail_grant_map_ref) (domid_t id);
- int (*pre_grant_setup) (domid_t id);
- void (*fail_grant_setup) (domid_t id);
+ /* policy management functions (must always be defined!) */
+ int (*init_domain_ssid) (void **ssid, ssidref_t ssidref);
+ void (*free_domain_ssid) (void *ssid);
+ int (*dump_binary_policy) (u8 *buffer, u16 buf_size);
+ int (*set_binary_policy) (u8 *buffer, u16 buf_size);
+ int (*dump_statistics) (u8 *buffer, u16 buf_size);
+ /* domain management control hooks (can be NULL) */
+ int (*pre_domain_create) (void *subject_ssid, ssidref_t ssidref);
+ void (*post_domain_create) (domid_t domid, ssidref_t ssidref);
+ void (*fail_domain_create) (void *subject_ssid, ssidref_t ssidref);
+ void (*post_domain_destroy) (void *object_ssid, domid_t id);
+ /* event channel control hooks (can be NULL) */
+ int (*pre_eventchannel_unbound) (domid_t id);
+ void (*fail_eventchannel_unbound) (domid_t id);
+ int (*pre_eventchannel_interdomain) (domid_t id1, domid_t id2);
+ int (*fail_eventchannel_interdomain) (domid_t id1, domid_t id2);
+ /* grant table control hooks (can be NULL) */
+ int (*pre_grant_map_ref) (domid_t id);
+ void (*fail_grant_map_ref) (domid_t id);
+ int (*pre_grant_setup) (domid_t id);
+ void (*fail_grant_setup) (domid_t id);
};
-static inline int acm_pre_domain_create (void *subject_ssid, ssidref_t ssidref)
+static inline int acm_pre_domain_create(void *subject_ssid, ssidref_t ssidref)
{
- if ((acm_primary_ops->pre_domain_create != NULL) &&
- acm_primary_ops->pre_domain_create (subject_ssid, ssidref))
- return ACM_ACCESS_DENIED;
- else if ((acm_secondary_ops->pre_domain_create != NULL) &&
- acm_secondary_ops->pre_domain_create (subject_ssid, ssidref)) {
- /* roll-back primary */
- if (acm_primary_ops->fail_domain_create != NULL)
- acm_primary_ops->fail_domain_create (subject_ssid,
ssidref);
- return ACM_ACCESS_DENIED;
- } else
- return ACM_ACCESS_PERMITTED;
-}
-
-static inline void acm_post_domain_create (domid_t domid, ssidref_t ssidref)
-{
- if (acm_primary_ops->post_domain_create != NULL)
- acm_primary_ops->post_domain_create (domid, ssidref);
- if (acm_secondary_ops->post_domain_create != NULL)
- acm_secondary_ops->post_domain_create (domid, ssidref);
-}
-
-static inline void acm_fail_domain_create (void *subject_ssid, ssidref_t
ssidref)
-{
- if (acm_primary_ops->fail_domain_create != NULL)
- acm_primary_ops->fail_domain_create (subject_ssid, ssidref);
- if (acm_secondary_ops->fail_domain_create != NULL)
- acm_secondary_ops->fail_domain_create (subject_ssid, ssidref);
-}
-
-static inline void acm_post_domain_destroy (void *object_ssid, domid_t id)
-{
- if (acm_primary_ops->post_domain_destroy != NULL)
- acm_primary_ops->post_domain_destroy (object_ssid, id);
- if (acm_secondary_ops->post_domain_destroy != NULL)
- acm_secondary_ops->post_domain_destroy (object_ssid, id);
- return;
-}
-
-/* event channel ops */
-
-static inline int acm_pre_eventchannel_unbound (domid_t id)
-{
- if ((acm_primary_ops->pre_eventchannel_unbound != NULL) &&
- acm_primary_ops->pre_eventchannel_unbound (id))
- return ACM_ACCESS_DENIED;
- else if ((acm_secondary_ops->pre_eventchannel_unbound != NULL) &&
- acm_secondary_ops->pre_eventchannel_unbound (id)) {
- /* roll-back primary */
- if (acm_primary_ops->fail_eventchannel_unbound != NULL)
- acm_primary_ops->fail_eventchannel_unbound (id);
- return ACM_ACCESS_DENIED;
- } else
- return ACM_ACCESS_PERMITTED;
-}
-
-static inline int acm_pre_eventchannel_interdomain (domid_t id1, domid_t id2)
-{
- if ((acm_primary_ops->pre_eventchannel_interdomain != NULL) &&
- acm_primary_ops->pre_eventchannel_interdomain (id1, id2))
- return ACM_ACCESS_DENIED;
- else if ((acm_secondary_ops->pre_eventchannel_interdomain != NULL) &&
- acm_secondary_ops->pre_eventchannel_interdomain (id1, id2)) {
- /* roll-back primary */
- if (acm_primary_ops->fail_eventchannel_interdomain != NULL)
- acm_primary_ops->fail_eventchannel_interdomain (id1,
id2);
- return ACM_ACCESS_DENIED;
- } else
- return ACM_ACCESS_PERMITTED;
-}
-
-/************ Xen inline hooks ***************/
-
-/* small macro to make the hooks more readable
- * (eliminates hooks if NULL policy is active)
- */
-#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
-static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid)
-{ return 0; }
-#else
+ if ((acm_primary_ops->pre_domain_create != NULL) &&
+ acm_primary_ops->pre_domain_create(subject_ssid, ssidref))
+ return ACM_ACCESS_DENIED;
+ else if ((acm_secondary_ops->pre_domain_create != NULL) &&
+ acm_secondary_ops->pre_domain_create(subject_ssid, ssidref)) {
+ /* roll-back primary */
+ if (acm_primary_ops->fail_domain_create != NULL)
+ acm_primary_ops->fail_domain_create(subject_ssid, ssidref);
+ return ACM_ACCESS_DENIED;
+ } else
+ return ACM_ACCESS_PERMITTED;
+}
+
+static inline void acm_post_domain_create(domid_t domid, ssidref_t ssidref)
+{
+ if (acm_primary_ops->post_domain_create != NULL)
+ acm_primary_ops->post_domain_create(domid, ssidref);
+ if (acm_secondary_ops->post_domain_create != NULL)
+ acm_secondary_ops->post_domain_create(domid, ssidref);
+}
+
+static inline void acm_fail_domain_create(
+ void *subject_ssid, ssidref_t ssidref)
+{
+ if (acm_primary_ops->fail_domain_create != NULL)
+ acm_primary_ops->fail_domain_create(subject_ssid, ssidref);
+ if (acm_secondary_ops->fail_domain_create != NULL)
+ acm_secondary_ops->fail_domain_create(subject_ssid, ssidref);
+}
+
+static inline void acm_post_domain_destroy(void *object_ssid, domid_t id)
+{
+ if (acm_primary_ops->post_domain_destroy != NULL)
+ acm_primary_ops->post_domain_destroy(object_ssid, id);
+ if (acm_secondary_ops->post_domain_destroy != NULL)
+ acm_secondary_ops->post_domain_destroy(object_ssid, id);
+ return;
+}
+
+static inline int acm_pre_eventchannel_unbound(domid_t id)
+{
+ if ((acm_primary_ops->pre_eventchannel_unbound != NULL) &&
+ acm_primary_ops->pre_eventchannel_unbound(id))
+ return ACM_ACCESS_DENIED;
+ else if ((acm_secondary_ops->pre_eventchannel_unbound != NULL) &&
+ acm_secondary_ops->pre_eventchannel_unbound(id)) {
+ /* roll-back primary */
+ if (acm_primary_ops->fail_eventchannel_unbound != NULL)
+ acm_primary_ops->fail_eventchannel_unbound(id);
+ return ACM_ACCESS_DENIED;
+ } else
+ return ACM_ACCESS_PERMITTED;
+}
+
+static inline int acm_pre_eventchannel_interdomain(domid_t id1, domid_t id2)
+{
+ if ((acm_primary_ops->pre_eventchannel_interdomain != NULL) &&
+ acm_primary_ops->pre_eventchannel_interdomain(id1, id2))
+ return ACM_ACCESS_DENIED;
+ else if ((acm_secondary_ops->pre_eventchannel_interdomain != NULL) &&
+ acm_secondary_ops->pre_eventchannel_interdomain(id1, id2)) {
+ /* roll-back primary */
+ if (acm_primary_ops->fail_eventchannel_interdomain != NULL)
+ acm_primary_ops->fail_eventchannel_interdomain(id1, id2);
+ return ACM_ACCESS_DENIED;
+ } else
+ return ACM_ACCESS_PERMITTED;
+}
+
static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid)
{
- int ret = -EACCES;
- struct domain *d;
+ int ret = -EACCES;
+ struct domain *d;
- switch(op->cmd) {
- case DOM0_CREATEDOMAIN:
- ret = acm_pre_domain_create(current->domain->ssid,
op->u.createdomain.ssidref);
- break;
- case DOM0_DESTROYDOMAIN:
- d = find_domain_by_id(op->u.destroydomain.domain);
- if (d != NULL) {
- *ssid = d->ssid; /* save for post destroy when d is
gone */
- /* no policy-specific hook */
- put_domain(d);
- ret = 0;
- }
- break;
- default:
- ret = 0; /* ok */
- }
- return ret;
+ switch(op->cmd) {
+ case DOM0_CREATEDOMAIN:
+ ret = acm_pre_domain_create(
+ current->domain->ssid, op->u.createdomain.ssidref);
+ break;
+ case DOM0_DESTROYDOMAIN:
+ d = find_domain_by_id(op->u.destroydomain.domain);
+ if (d != NULL) {
+ *ssid = d->ssid; /* save for post destroy when d is gone */
+ /* no policy-specific hook */
+ put_domain(d);
+ ret = 0;
+ }
+ break;
+ default:
+ ret = 0; /* ok */
+ }
+ return ret;
}
-#endif
-
-#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
-static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid)
-{ return; }
-#else
static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid)
{
- switch(op->cmd) {
- case DOM0_CREATEDOMAIN:
- /* initialialize shared sHype security labels for new domain */
- acm_init_domain_ssid(op->u.createdomain.domain,
op->u.createdomain.ssidref);
- acm_post_domain_create(op->u.createdomain.domain,
op->u.createdomain.ssidref);
- break;
- case DOM0_DESTROYDOMAIN:
- acm_post_domain_destroy(ssid, op->u.destroydomain.domain);
- /* free security ssid for the destroyed domain (also if running
null policy */
- acm_free_domain_ssid((struct acm_ssid_domain *)ssid);
- break;
- }
+ switch(op->cmd) {
+ case DOM0_CREATEDOMAIN:
+ /* initialialize shared sHype security labels for new domain */
+ acm_init_domain_ssid(
+ op->u.createdomain.domain, op->u.createdomain.ssidref);
+ acm_post_domain_create(
+ op->u.createdomain.domain, op->u.createdomain.ssidref);
+ break;
+ case DOM0_DESTROYDOMAIN:
+ acm_post_domain_destroy(ssid, op->u.destroydomain.domain);
+ /* free security ssid for the destroyed domain (also if null policy */
+ acm_free_domain_ssid((struct acm_ssid_domain *)ssid);
+ break;
+ }
}
-#endif
-
-#if (ACM_USE_SECURITY_POLICy == ACM_NULL_POLICY)
-static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid)
-{ return; }
-#else
static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid)
{
- switch(op->cmd) {
- case DOM0_CREATEDOMAIN:
- acm_fail_domain_create(current->domain->ssid,
op->u.createdomain.ssidref);
- break;
- }
+ switch(op->cmd) {
+ case DOM0_CREATEDOMAIN:
+ acm_fail_domain_create(
+ current->domain->ssid, op->u.createdomain.ssidref);
+ break;
+ }
}
-#endif
-
-#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
-static inline int acm_pre_event_channel(evtchn_op_t *op)
-{ return 0; }
-#else
static inline int acm_pre_event_channel(evtchn_op_t *op)
{
- int ret = -EACCES;
+ int ret = -EACCES;
- switch(op->cmd) {
- case EVTCHNOP_alloc_unbound:
- ret = acm_pre_eventchannel_unbound(op->u.alloc_unbound.dom);
- break;
- case EVTCHNOP_bind_interdomain:
- ret =
acm_pre_eventchannel_interdomain(op->u.bind_interdomain.dom1,
op->u.bind_interdomain.dom2);
- break;
- default:
- ret = 0; /* ok */
- }
- return ret;
+ switch(op->cmd) {
+ case EVTCHNOP_alloc_unbound:
+ ret = acm_pre_eventchannel_unbound(op->u.alloc_unbound.dom);
+ break;
+ case EVTCHNOP_bind_interdomain:
+ ret = acm_pre_eventchannel_interdomain(
+ op->u.bind_interdomain.dom1, op->u.bind_interdomain.dom2);
+ break;
+ default:
+ ret = 0; /* ok */
+ }
+ return ret;
+}
+
+static inline int acm_pre_grant_map_ref(domid_t id)
+{
+ if ( (acm_primary_ops->pre_grant_map_ref != NULL) &&
+ acm_primary_ops->pre_grant_map_ref(id) )
+ {
+ return ACM_ACCESS_DENIED;
+ }
+ else if ( (acm_secondary_ops->pre_grant_map_ref != NULL) &&
+ acm_secondary_ops->pre_grant_map_ref(id) )
+ {
+ /* roll-back primary */
+ if ( acm_primary_ops->fail_grant_map_ref != NULL )
+ acm_primary_ops->fail_grant_map_ref(id);
+ return ACM_ACCESS_DENIED;
+ }
+ else
+ {
+ return ACM_ACCESS_PERMITTED;
+ }
+}
+
+static inline int acm_pre_grant_setup(domid_t id)
+{
+ if ( (acm_primary_ops->pre_grant_setup != NULL) &&
+ acm_primary_ops->pre_grant_setup(id) )
+ {
+ return ACM_ACCESS_DENIED;
+ }
+ else if ( (acm_secondary_ops->pre_grant_setup != NULL) &&
+ acm_secondary_ops->pre_grant_setup(id) )
+ {
+ /* roll-back primary */
+ if (acm_primary_ops->fail_grant_setup != NULL)
+ acm_primary_ops->fail_grant_setup(id);
+ return ACM_ACCESS_DENIED;
+ }
+ else
+ {
+ return ACM_ACCESS_PERMITTED;
+ }
+}
+
+/* predefined ssidref for DOM0 used by xen when creating DOM0 */
+#define ACM_DOM0_SSIDREF 0
+
+static inline void acm_post_domain0_create(domid_t domid)
+{
+ /* initialialize shared sHype security labels for new domain */
+ acm_init_domain_ssid(domid, ACM_DOM0_SSIDREF);
+ acm_post_domain_create(domid, ACM_DOM0_SSIDREF);
}
-#endif
-
-#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
-static inline int acm_pre_grant_map_ref(domid_t id)
-{ return 0; }
-#else
-static inline int acm_pre_grant_map_ref (domid_t id)
-{
- if ((acm_primary_ops->pre_grant_map_ref != NULL) &&
- acm_primary_ops->pre_grant_map_ref (id))
- return ACM_ACCESS_DENIED;
- else if ((acm_secondary_ops->pre_grant_map_ref != NULL) &&
- acm_secondary_ops->pre_grant_map_ref (id)) {
- /* roll-back primary */
- if (acm_primary_ops->fail_grant_map_ref != NULL)
- acm_primary_ops->fail_grant_map_ref (id);
- return ACM_ACCESS_DENIED;
- } else
- return ACM_ACCESS_PERMITTED;
-}
-#endif
+extern int acm_init(void);
-#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
-static inline int acm_pre_grant_setup(domid_t id)
-{ return 0; }
-#else
-static inline int acm_pre_grant_setup (domid_t id)
-{
- if ((acm_primary_ops->pre_grant_setup != NULL) &&
- acm_primary_ops->pre_grant_setup (id))
- return ACM_ACCESS_DENIED;
- else if ((acm_secondary_ops->pre_grant_setup != NULL) &&
- acm_secondary_ops->pre_grant_setup (id)) {
- /* roll-back primary */
- if (acm_primary_ops->fail_grant_setup != NULL)
- acm_primary_ops->fail_grant_setup (id);
- return ACM_ACCESS_DENIED;
- } else
- return ACM_ACCESS_PERMITTED;
-}
#endif
-
#endif
diff -Nru a/xen/include/public/acm_dom0_setup.h
b/xen/include/public/acm_dom0_setup.h
--- a/xen/include/public/acm_dom0_setup.h 2005-06-22 11:03:11 -04:00
+++ /dev/null Wed Dec 31 16:00:00 196900
@@ -1,34 +0,0 @@
-/****************************************************************
- * acm_dom0_setup.h
- *
- * Copyright (C) 2005 IBM Corporation
- *
- * Author:
- * Reiner Sailer <sailer@xxxxxxxxxxxxxx>
- *
- * Includes necessary definitions to bring-up dom0
- */
-#include <acm/acm_hooks.h>
-
-extern int acm_init(void);
-
-#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
-
-static inline void acm_post_domain0_create(domid_t domid)
-{
- return;
-}
-
-#else
-
-/* predefined ssidref for DOM0 used by xen when creating DOM0 */
-#define ACM_DOM0_SSIDREF 0
-
-static inline void acm_post_domain0_create(domid_t domid)
-{
- /* initialialize shared sHype security labels for new domain */
- acm_init_domain_ssid(domid, ACM_DOM0_SSIDREF);
- acm_post_domain_create(domid, ACM_DOM0_SSIDREF);
-}
-
-#endif
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|