Index: root/xen-unstable.hg/xen/acm/acm_core.c =================================================================== --- root.orig/xen-unstable.hg/xen/acm/acm_core.c +++ root/xen-unstable.hg/xen/acm/acm_core.c @@ -100,9 +100,11 @@ acm_dump_policy_reference(u8 *buf, u32 b struct acm_policy_reference_buffer *pr_buf = (struct acm_policy_reference_buffer *)buf; int ret = sizeof(struct acm_policy_reference_buffer) + strlen(acm_bin_pol.policy_reference_name) + 1; + ret = (ret + 7) & ~7; if (buf_size < ret) return -EINVAL; + memset(buf, 0, ret); pr_buf->len = htonl(strlen(acm_bin_pol.policy_reference_name) + 1); /* including stringend '\0' */ strcpy((char *)(buf + sizeof(struct acm_policy_reference_buffer)), acm_bin_pol.policy_reference_name); @@ -187,85 +189,58 @@ acm_init_binary_policy(u32 policy_code) return ret; } +int +acm_is_policy(char *buf, unsigned long len) +{ + struct acm_policy_buffer *pol; + + if (buf == NULL || len < sizeof(struct acm_policy_buffer)) + return 0; + + pol = (struct acm_policy_buffer *)buf; + return ntohl(pol->magic) == ACM_MAGIC; +} + + static int -acm_setup(unsigned int *initrdidx, - const multiboot_info_t *mbi, - unsigned long initial_images_start) +acm_setup(char *policy_start, + unsigned long policy_len) { - int i; - module_t *mod = (module_t *)__va(mbi->mods_addr); int rc = ACM_OK; + struct acm_policy_buffer *pol; + + if (policy_start == NULL || policy_len < sizeof(struct acm_policy_buffer)) + return rc; - if (mbi->mods_count > 1) - *initrdidx = 1; + pol = (struct acm_policy_buffer *)policy_start; + if (ntohl(pol->magic) != ACM_MAGIC) + return rc; - /* - * Try all modules and see whichever could be the binary policy. - * Adjust the initrdidx if module[1] is the binary policy. - */ - for (i = mbi->mods_count-1; i >= 1; i--) + rc = do_acm_set_policy((void *)policy_start, (u32)policy_len); + if (rc == ACM_OK) + { + printkd("Policy len 0x%lx, start at %p.\n",policy_len,policy_start); + } + else { - struct acm_policy_buffer *pol; - char *_policy_start; - unsigned long _policy_len; -#if defined(__i386__) - _policy_start = (char *)(initial_images_start + (mod[i].mod_start-mod[0].mod_start)); -#elif defined(__x86_64__) - _policy_start = __va(initial_images_start + (mod[i].mod_start-mod[0].mod_start)); -#else -#error Architecture unsupported by sHype -#endif - _policy_len = mod[i].mod_end - mod[i].mod_start; - if (_policy_len < sizeof(struct acm_policy_buffer)) - continue; /* not a policy */ - - pol = (struct acm_policy_buffer *)_policy_start; - if (ntohl(pol->magic) == ACM_MAGIC) - { - rc = do_acm_set_policy((void *)_policy_start, - (u32)_policy_len); - if (rc == ACM_OK) - { - printkd("Policy len 0x%lx, start at %p.\n",_policy_len,_policy_start); - if (i == 1) - { - if (mbi->mods_count > 2) - { - *initrdidx = 2; - } - else { - *initrdidx = 0; - } - } - else - { - *initrdidx = 1; - } - break; - } - else - { - printk("Invalid policy. %d.th module line.\n", i+1); - /* load default policy later */ - acm_active_security_policy = ACM_POLICY_UNDEFINED; - } - } /* end if a binary policy definition, i.e., (ntohl(pol->magic) == ACM_MAGIC ) */ + printk("Invalid policy.\n"); + /* load default policy later */ + acm_active_security_policy = ACM_POLICY_UNDEFINED; } return rc; } int -acm_init(unsigned int *initrdidx, - const multiboot_info_t *mbi, - unsigned long initial_images_start) +acm_init(char *policy_start, + unsigned long policy_len) { int ret = ACM_OK; acm_set_endian(); /* first try to load the boot policy (uses its own locks) */ - acm_setup(initrdidx, mbi, initial_images_start); + acm_setup(policy_start, policy_len); if (acm_active_security_policy != ACM_POLICY_UNDEFINED) { Index: root/xen-unstable.hg/xen/arch/x86/setup.c =================================================================== --- root.orig/xen-unstable.hg/xen/arch/x86/setup.c +++ root/xen-unstable.hg/xen/arch/x86/setup.c @@ -25,6 +25,7 @@ #include #include #include +#include #include extern void dmi_scan_machine(void); @@ -560,7 +561,7 @@ void __init __start_xen(multiboot_info_t watchdog_enable(); /* initialize access control security module */ - acm_init(&initrdidx, mbi, initial_images_start); + acm_x86_init(mbi, &initrdidx, initial_images_start); /* Create initial domain 0. */ dom0 = domain_create(0); Index: root/xen-unstable.hg/xen/include/acm/acm_hooks.h =================================================================== --- root.orig/xen-unstable.hg/xen/include/acm/acm_hooks.h +++ root/xen-unstable.hg/xen/include/acm/acm_hooks.h @@ -25,7 +25,6 @@ #include #include #include -#include #include #include #include @@ -143,15 +142,10 @@ static inline int acm_pre_grant_map_ref( { return 0; } static inline int acm_pre_grant_setup(domid_t id) { return 0; } -static inline int acm_init(unsigned int *initrdidx, - const multiboot_info_t *mbi, - unsigned long start) -{ return 0; } static inline void acm_post_domain0_create(domid_t domid) { return; } static inline int acm_sharing(ssidref_t ssidref1, ssidref_t ssidref2) { return 0; } - #else static inline int acm_pre_domain_create(void *subject_ssid, ssidref_t ssidref) @@ -369,9 +363,11 @@ static inline int acm_sharing(ssidref_t return ACM_ACCESS_PERMITTED; } -extern int acm_init(unsigned int *initrdidx, - const multiboot_info_t *mbi, - unsigned long start); + +extern int acm_init(char *policy_start, unsigned long policy_len); + +/* Return true iff buffer has an acm policy magic number. */ +extern int acm_is_policy(char *buf, unsigned long len); #endif Index: root/xen-unstable.hg/xen/acm/Makefile =================================================================== --- root.orig/xen-unstable.hg/xen/acm/Makefile +++ root/xen-unstable.hg/xen/acm/Makefile @@ -3,3 +3,5 @@ obj-y += acm_policy.o obj-y += acm_simple_type_enforcement_hooks.o obj-y += acm_chinesewall_hooks.o obj-y += acm_null_hooks.o +obj-$(x86_32) += acm_multiboot.o +obj-$(x86_64) += acm_multiboot.o Index: root/xen-unstable.hg/xen/acm/acm_multiboot.c =================================================================== --- /dev/null +++ root/xen-unstable.hg/xen/acm/acm_multiboot.c @@ -0,0 +1,2 @@ +#include + Index: root/xen-unstable.hg/xen/include/asm-x86/acm.h =================================================================== --- /dev/null +++ root/xen-unstable.hg/xen/include/asm-x86/acm.h @@ -0,0 +1,91 @@ +#ifndef _XEN_ASM_ACM_H +#define _XEN_ASM_ACM_H + +#include +#include + +#ifdef ACM_SECURITY + +/* Fetch acm policy module from multiboot modules. */ +static inline void +extract_acm_policy(multiboot_info_t *mbi, + unsigned int *initrdidx, + unsigned long initial_images_start, + char **_policy_start, unsigned long *_policy_len) +{ + int i; + module_t *mod = (module_t *)__va(mbi->mods_addr); + + if ( mbi->mods_count > 1 ) + *initrdidx = 1; + + /* + * Try all modules and see whichever could be the binary policy. + * Adjust the initrdidx if module[1] is the binary policy. + */ + for ( i = mbi->mods_count-1; i >= 1; i-- ) + { + unsigned long start; + char *policy_start; + unsigned long policy_len; + + start = initial_images_start + (mod[i].mod_start-mod[0].mod_start); +#if defined(__i386__) + policy_start = (char *)start; +#elif defined(__x86_64__) + policy_start = __va(start); +#endif + policy_len = mod[i].mod_end - mod[i].mod_start; + if ( acm_is_policy(policy_start, policy_len) ) + { + printf("Policy len 0x%lx, start at %p - module %d.\n", + policy_len, policy_start, i); + *_policy_start = policy_start; + *_policy_len = policy_len; + if ( i == 1 ) + { + if (mbi->mods_count > 2) + *initrdidx = 2; + else + *initrdidx = 0; + } + else + *initrdidx = 1; + break; + } + } +} + +static inline +int acm_x86_init(multiboot_info_t *mbi, + unsigned int *initrdidx, + unsigned long initial_images_start) +{ + char *_policy_start = NULL; + unsigned long _policy_len = 0; + /* Extract policy from multiboot. */ + extract_acm_policy(mbi, + initrdidx, + initial_images_start, + &_policy_start, &_policy_len); + + /* + * Initialize access control security module no matter whether + * a policy has been found or not. + */ + return acm_init(_policy_start, _policy_len); +} + +#else + +static inline +int acm_x86_init(multiboot_info_t *mbi, + unsigned int *initrdidx, + unsigned long initial_images_start) +{ + return 0; +} + +#endif + +#endif