Index: root/xen-unstable.hg/xen/acm/acm_core.c
===================================================================
--- root.orig/xen-unstable.hg/xen/acm/acm_core.c
+++ root/xen-unstable.hg/xen/acm/acm_core.c
@@ -100,9 +100,11 @@ acm_dump_policy_reference(u8 *buf, u32 b
     struct acm_policy_reference_buffer *pr_buf = (struct acm_policy_reference_buffer *)buf;
     int ret = sizeof(struct acm_policy_reference_buffer) + strlen(acm_bin_pol.policy_reference_name) + 1;
 
+    ret = (ret + 7) & ~7;
     if (buf_size < ret)
         return -EINVAL;
 
+    memset(buf, 0, ret);
     pr_buf->len = htonl(strlen(acm_bin_pol.policy_reference_name) + 1); /* including stringend '\0' */
     strcpy((char *)(buf + sizeof(struct acm_policy_reference_buffer)),
            acm_bin_pol.policy_reference_name);
@@ -187,85 +189,58 @@ acm_init_binary_policy(u32 policy_code)
     return ret;
 }
 
+int
+acm_is_policy(char *buf, unsigned long len)
+{
+    struct acm_policy_buffer *pol;
+
+    if (buf == NULL || len < sizeof(struct acm_policy_buffer))
+        return 0;
+
+    pol = (struct acm_policy_buffer *)buf;
+    return ntohl(pol->magic) == ACM_MAGIC;
+}
+
+
 static int
-acm_setup(unsigned int *initrdidx,
-          const multiboot_info_t *mbi,
-          unsigned long initial_images_start)
+acm_setup(char *policy_start,
+          unsigned long policy_len)
 {
-    int i;
-    module_t *mod = (module_t *)__va(mbi->mods_addr);
     int rc = ACM_OK;
+    struct acm_policy_buffer *pol;
+
+    if (policy_start == NULL || policy_len < sizeof(struct acm_policy_buffer))
+        return rc;
 
-    if (mbi->mods_count > 1)
-        *initrdidx = 1;
+    pol = (struct acm_policy_buffer *)policy_start;
+    if (ntohl(pol->magic) != ACM_MAGIC)
+        return rc;
 
-    /*
-     * Try all modules and see whichever could be the binary policy.
-     * Adjust the initrdidx if module[1] is the binary policy.
-     */
-    for (i = mbi->mods_count-1; i >= 1; i--)
+    rc = do_acm_set_policy((void *)policy_start, (u32)policy_len);
+    if (rc == ACM_OK)
+    {
+        printkd("Policy len  0x%lx, start at %p.\n",policy_len,policy_start);
+    }
+    else
     {
-        struct acm_policy_buffer *pol;
-        char *_policy_start;
-        unsigned long _policy_len;
-#if defined(__i386__)
-        _policy_start = (char *)(initial_images_start + (mod[i].mod_start-mod[0].mod_start));
-#elif defined(__x86_64__)
-        _policy_start = __va(initial_images_start + (mod[i].mod_start-mod[0].mod_start));
-#else
-#error Architecture unsupported by sHype
-#endif
-        _policy_len   = mod[i].mod_end - mod[i].mod_start;
-        if (_policy_len < sizeof(struct acm_policy_buffer))
-            continue; /* not a policy */
-
-        pol = (struct acm_policy_buffer *)_policy_start;
-        if (ntohl(pol->magic) == ACM_MAGIC)
-        {
-            rc = do_acm_set_policy((void *)_policy_start,
-                                   (u32)_policy_len);
-            if (rc == ACM_OK)
-            {
-                printkd("Policy len  0x%lx, start at %p.\n",_policy_len,_policy_start);
-                if (i == 1)
-                {
-                    if (mbi->mods_count > 2)
-                    {
-                        *initrdidx = 2;
-                    }
-                    else {
-                        *initrdidx = 0;
-                    }
-                }
-                else
-                {
-                    *initrdidx = 1;
-                }
-                break;
-            }
-            else
-            {
-                printk("Invalid policy. %d.th module line.\n", i+1);
-                /* load default policy later */
-                acm_active_security_policy = ACM_POLICY_UNDEFINED;
-            }
-        } /* end if a binary policy definition, i.e., (ntohl(pol->magic) == ACM_MAGIC ) */
+        printk("Invalid policy.\n");
+        /* load default policy later */
+        acm_active_security_policy = ACM_POLICY_UNDEFINED;
     }
     return rc;
 }
 
 
 int
-acm_init(unsigned int *initrdidx,
-         const multiboot_info_t *mbi,
-         unsigned long initial_images_start)
+acm_init(char *policy_start,
+         unsigned long policy_len)
 {
     int ret = ACM_OK;
 
     acm_set_endian();
 
     /* first try to load the boot policy (uses its own locks) */
-    acm_setup(initrdidx, mbi, initial_images_start);
+    acm_setup(policy_start, policy_len);
 
     if (acm_active_security_policy != ACM_POLICY_UNDEFINED)
     {
Index: root/xen-unstable.hg/xen/arch/x86/setup.c
===================================================================
--- root.orig/xen-unstable.hg/xen/arch/x86/setup.c
+++ root/xen-unstable.hg/xen/arch/x86/setup.c
@@ -25,6 +25,7 @@
 #include <asm/desc.h>
 #include <asm/shadow.h>
 #include <asm/e820.h>
+#include <asm/acm.h>
 #include <acm/acm_hooks.h>
 
 extern void dmi_scan_machine(void);
@@ -560,7 +561,7 @@ void __init __start_xen(multiboot_info_t
         watchdog_enable();
 
     /* initialize access control security module */
-    acm_init(&initrdidx, mbi, initial_images_start);
+    acm_x86_init(mbi, &initrdidx, initial_images_start);
 
     /* Create initial domain 0. */
     dom0 = domain_create(0);
Index: root/xen-unstable.hg/xen/include/acm/acm_hooks.h
===================================================================
--- root.orig/xen-unstable.hg/xen/include/acm/acm_hooks.h
+++ root/xen-unstable.hg/xen/include/acm/acm_hooks.h
@@ -25,7 +25,6 @@
 #include <xen/lib.h>
 #include <xen/delay.h>
 #include <xen/sched.h>
-#include <xen/multiboot.h>
 #include <public/acm.h>
 #include <acm/acm_core.h>
 #include <public/domctl.h>
@@ -143,15 +142,10 @@ static inline int acm_pre_grant_map_ref(
 { return 0; }
 static inline int acm_pre_grant_setup(domid_t id) 
 { return 0; }
-static inline int acm_init(unsigned int *initrdidx,
-                           const multiboot_info_t *mbi,
-                           unsigned long start)
-{ return 0; }
 static inline void acm_post_domain0_create(domid_t domid) 
 { return; }
 static inline int acm_sharing(ssidref_t ssidref1, ssidref_t ssidref2)
 { return 0; }
-
 #else
 
 static inline int acm_pre_domain_create(void *subject_ssid, ssidref_t ssidref)
@@ -369,9 +363,11 @@ static inline int acm_sharing(ssidref_t 
         return ACM_ACCESS_PERMITTED;
 }
 
-extern int acm_init(unsigned int *initrdidx,
-                    const multiboot_info_t *mbi,
-                    unsigned long start);
+
+extern int acm_init(char *policy_start, unsigned long policy_len);
+
+/* Return true iff buffer has an acm policy magic number.  */
+extern int acm_is_policy(char *buf, unsigned long len);
 
 #endif
 
Index: root/xen-unstable.hg/xen/acm/Makefile
===================================================================
--- root.orig/xen-unstable.hg/xen/acm/Makefile
+++ root/xen-unstable.hg/xen/acm/Makefile
@@ -3,3 +3,5 @@ obj-y += acm_policy.o
 obj-y += acm_simple_type_enforcement_hooks.o
 obj-y += acm_chinesewall_hooks.o
 obj-y += acm_null_hooks.o
+obj-$(x86_32) += acm_multiboot.o
+obj-$(x86_64) += acm_multiboot.o
Index: root/xen-unstable.hg/xen/acm/acm_multiboot.c
===================================================================
--- /dev/null
+++ root/xen-unstable.hg/xen/acm/acm_multiboot.c
@@ -0,0 +1,2 @@
+#include <acm/acm_hooks.h>
+
Index: root/xen-unstable.hg/xen/include/asm-x86/acm.h
===================================================================
--- /dev/null
+++ root/xen-unstable.hg/xen/include/asm-x86/acm.h
@@ -0,0 +1,91 @@
+#ifndef _XEN_ASM_ACM_H
+#define _XEN_ASM_ACM_H
+
+#include <xen/multiboot.h>
+#include <acm/acm_hooks.h>
+
+#ifdef ACM_SECURITY
+
+/* Fetch acm policy module from multiboot modules.  */
+static inline void
+extract_acm_policy(multiboot_info_t *mbi,
+                   unsigned int *initrdidx,
+                   unsigned long initial_images_start,
+                   char **_policy_start, unsigned long *_policy_len)
+{
+    int i;
+    module_t *mod = (module_t *)__va(mbi->mods_addr);
+
+    if ( mbi->mods_count > 1 )
+        *initrdidx = 1;
+
+    /*
+     * Try all modules and see whichever could be the binary policy.
+     * Adjust the initrdidx if module[1] is the binary policy.
+     */
+    for ( i = mbi->mods_count-1; i >= 1; i-- )
+    {
+        unsigned long start;
+        char *policy_start;
+        unsigned long policy_len;
+
+        start = initial_images_start + (mod[i].mod_start-mod[0].mod_start);
+#if defined(__i386__)
+        policy_start = (char *)start;
+#elif defined(__x86_64__)
+        policy_start = __va(start);
+#endif
+        policy_len   = mod[i].mod_end - mod[i].mod_start;
+        if ( acm_is_policy(policy_start, policy_len) )
+        {
+            printf("Policy len  0x%lx, start at %p - module %d.\n",
+                   policy_len, policy_start, i);
+            *_policy_start = policy_start;
+            *_policy_len = policy_len;
+            if ( i == 1 )
+            {
+                if (mbi->mods_count > 2)
+                    *initrdidx = 2;
+                else
+                    *initrdidx = 0;
+            }
+            else
+                *initrdidx = 1;
+            break;
+        }
+    }
+}
+
+static inline
+int acm_x86_init(multiboot_info_t *mbi,
+                 unsigned int *initrdidx,
+                 unsigned long initial_images_start)
+{
+    char *_policy_start = NULL;
+    unsigned long _policy_len = 0;
+    /* Extract policy from multiboot.  */
+    extract_acm_policy(mbi,
+                       initrdidx,
+                       initial_images_start,
+                       &_policy_start, &_policy_len);
+
+    /*
+     * Initialize access control security module no matter whether
+     * a policy has been found or not.
+     */
+    return acm_init(_policy_start, _policy_len);
+}
+
+#else
+
+static inline
+int acm_x86_init(multiboot_info_t *mbi,
+                 unsigned int *initrdidx,
+                 unsigned long initial_images_start)
+{
+    return 0;
+}
+
+#endif
+
+#endif