# HG changeset patch
# User smh22@xxxxxxxxxxxxxxxxxxxx
# Node ID d18f732c0a5fa2b4a14c52c511c3b6db8cb950bb
# Parent 0301cccd14f1d89fd62fddd25abf276735636e83
The patches below clean-up sHype-related file names in the tools subtree
and security policy-versioning and data structures in the xen subtree
(ACM):
* the very generic tools directory name "policy" is changed to
"security" and the included "policy_tool" to "secpol_tool"
* the single constant POLICY_INTERFACE_VERSION is replaced
by ACM_INTERFACE_VERSION; the security policy headers are
versioned independently since the policy can be supplied
at boot time instead of through the hypervisor interface
Signed-off-by: Reiner Sailer <sailer@xxxxxxxxxxxxxx>
Signed-off-by: Steven Hand <steven@xxxxxxxxxxxxx>
diff -r 0301cccd14f1 -r d18f732c0a5f tools/Makefile
--- a/tools/Makefile Tue Aug 2 09:31:47 2005
+++ b/tools/Makefile Tue Aug 2 09:37:00 2005
@@ -12,7 +12,7 @@
SUBDIRS += xcutils
SUBDIRS += pygrub
SUBDIRS += firmware
-SUBDIRS += policy
+SUBDIRS += security
.PHONY: all install clean check check_clean ioemu eioemuinstall ioemuclean
diff -r 0301cccd14f1 -r d18f732c0a5f tools/misc/policyprocessor/XmlToBin.java
--- a/tools/misc/policyprocessor/XmlToBin.java Tue Aug 2 09:31:47 2005
+++ b/tools/misc/policyprocessor/XmlToBin.java Tue Aug 2 09:37:00 2005
@@ -4,6 +4,9 @@
* $Id: XmlToBin.java,v 1.3 2005/06/20 21:07:37 rvaldez Exp $
*
* Author: Ray Valdez
+ *
+ * Contributors:
+ * Reiner Sailer - adjust type-lengths
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
@@ -490,175 +493,139 @@
try {
- /* Write magic */
- writeIntToStream(binBuffer,ACM_MAGIC,index);
- index = u32Size;
-
- /* Write policy version */
- writeIntToStream(binBuffer,POLICY_INTERFACE_VERSION,index);
- index = index + u32Size;
-
- /* write len */
- writeIntToStream(binBuffer,binBuffer.length,index);
- index = index + u32Size;
+ index = 0;
+ /* fill in General Policy Version */
+ writeIntToStream(binBuffer, ACM_POLICY_VERSION, index);
+ index += u32Size;
+
+ /* Write magic */
+ writeIntToStream(binBuffer, ACM_MAGIC, index);
+ index += u32Size;
+
+ /* write len */
+ writeIntToStream(binBuffer, binBuffer.length, index);
+ index += u32Size;
} catch (IOException ee) {
- System.out.println(" GBPB:: got exception : " + ee);
- return null;
+ System.out.println(" GBPB:: got exception : " + ee);
+ return null;
}
int offset, address;
address = index;
if (null != partMap)
- offset = binaryBufferHeaderSz + resourceOffsetSz;
+ offset = binaryBufferHeaderSz + resourceOffsetSz;
else
- offset = binaryBufferHeaderSz;
+ offset = binaryBufferHeaderSz;
try {
-
- if (null == chwPolicy || null == stePolicy)
- {
- writeShortToStream(binBuffer,ACM_NULL_POLICY,index);
- index = index + u16Size;
-
- writeShortToStream(binBuffer,(short) 0,index);
- index = index + u16Size;
-
- writeShortToStream(binBuffer,ACM_NULL_POLICY,index);
- index = index + u16Size;
-
- writeShortToStream(binBuffer,(short) 0,index);
- index = index + u16Size;
-
- }
- index = address;
- if (null != chwPolicy)
- {
+ int skip = 0;
+
+ /* init with NULL policy setting */
+ writeIntToStream(binBuffer, ACM_NULL_POLICY, index);
+ writeIntToStream(binBuffer, 0, index + u32Size);
+ writeIntToStream(binBuffer, ACM_NULL_POLICY, index + 2*u32Size);
+ writeIntToStream(binBuffer, 0, index + 3*u32Size);
- /* Write policy name */
- writeShortToStream(binBuffer,ACM_CHINESE_WALL_POLICY,index);
- index = index + u16Size;
-
- /* Write offset */
- writeShortToStream(binBuffer,(short) offset,index);
- index = index + u16Size;
-
- /* Write payload. No need increment index */
- address = offset;
- System.arraycopy(chwPolicy, 0, binBuffer,address, chwPolicy.length);
- address = address + chwPolicy.length;
+ index = address;
+ if (null != chwPolicy) {
+ /* Write policy name */
+ writeIntToStream(binBuffer, ACM_CHINESE_WALL_POLICY, index);
+ index += u32Size;
+
+ /* Write offset */
+ writeIntToStream(binBuffer, offset, index);
+ index += u32Size;
+
+ /* Write payload. No need increment index */
+ address = offset;
+ System.arraycopy(chwPolicy, 0, binBuffer,address,
chwPolicy.length);
+ address = address + chwPolicy.length;
+ } else
+ skip += 2*u32Size;
+
if (null != stePolicy)
{
/* Write policy name */
-
writeShortToStream(binBuffer,ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,index);
- index = index + u16Size;
+ writeIntToStream(binBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,
index);
+ index += u32Size;
/* Write offset */
- writeShortToStream(binBuffer,(short) address,index);
- index = index + u16Size;
+ writeIntToStream(binBuffer, address, index);
+ index += u32Size;
/* Copy array */
System.arraycopy(stePolicy, 0, binBuffer,address,
stePolicy.length);
/* Update address */
address = address + stePolicy.length;
+ } else
+ skip += 2*u32Size;
+
+ /* Skip writing policy name and offset for each null policy*/
+ index += skip;
+
+ int size;
+ /* Assumes that you will always have a partition defined in policy */
+ if ( 0 < partMap.length) {
+ writeIntToStream(binBuffer, address, index);
+ index = address;
+
+ /* Compute num of VMs */
+ size = partMap.length / (3 * u16Size);
+
+ writeShortToStream(binBuffer, (short)size,index);
+ index = index + u16Size;
+
+ /* part, vlan and slot: each one consists of two entries */
+ offset = 3 * (2 * u16Size);
+ writeShortToStream(binBuffer, (short) offset,index);
+
+ /* Write partition array at offset */
+ System.arraycopy(partMap, 0, binBuffer,(offset + address),
partMap.length);
+ index = index + u16Size;
+ offset = offset + partMap.length;
+ }
+
+ if ( 0 < vlanMap.length) {
+ size = vlanMap.length / (2 * u16Size);
+ writeShortToStream(binBuffer, (short) size,index);
+ index = index + u16Size;
+
+ writeShortToStream(binBuffer, (short) offset,index);
+ index = index + u16Size;
+ System.arraycopy(vlanMap, 0, binBuffer,(offset + address),
vlanMap.length);
} else {
- /* Skip writing policy name and offset */
- index = index + 2 * u16Size;
-
- }
-
- } else {
-
- if (null != stePolicy)
- {
- /* Write policy name */
-
writeShortToStream(binBuffer,ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,index);
- index = index + u16Size;
-
- /* Write offset */
- address = offset;
- writeShortToStream(binBuffer, (short) offset,index);
- index = index + u16Size;
-
- /* Copy array */
- System.arraycopy(stePolicy, 0, binBuffer,address,
stePolicy.length);
- /* Update address */
- address = address + stePolicy.length;
-
- /* Increment index, since there is no secondary */
- index = index + secondaryPolicyCodeSz + secondaryBufferOffsetSz;
-
- }
-
- }
- int size;
- /* Assumes that you will always have a partition defined in policy */
- if ( 0 < partMap.length)
- {
- writeShortToStream(binBuffer, (short) address,index);
- index = address;
-
- /* Compute num of VMs */
- size = partMap.length / (3 * u16Size);
-
- writeShortToStream(binBuffer, (short)size,index);
- index = index + u16Size;
-
- /* part, vlan and slot: each one consists of two entries */
- offset = 3 * (2 * u16Size);
- writeShortToStream(binBuffer, (short) offset,index);
-
- /* Write partition array at offset */
- System.arraycopy(partMap, 0, binBuffer,(offset + address),
partMap.length);
- index = index + u16Size;
- offset = offset + partMap.length;
- }
-
- if ( 0 < vlanMap.length)
- {
- size = vlanMap.length / (2 * u16Size);
- writeShortToStream(binBuffer, (short) size,index);
- index = index + u16Size;
-
- writeShortToStream(binBuffer, (short) offset,index);
- index = index + u16Size;
- System.arraycopy(vlanMap, 0, binBuffer,(offset + address),
vlanMap.length);
- } else {
- /* Write vlan max */
- writeShortToStream(binBuffer, (short) 0,index);
- index = index + u16Size;
+ /* Write vlan max */
+ writeShortToStream(binBuffer, (short) 0,index);
+ index = index + u16Size;
- /* Write vlan offset */
- writeShortToStream(binBuffer, (short) 0,index);
- index = index + u16Size;
-
- }
-
- offset = offset + vlanMap.length;
- if ( 0 < slotMap.length)
- {
- size = slotMap.length / (3 * u16Size);
- writeShortToStream(binBuffer, (short) size,index);
- index = index + u16Size;
-
- writeShortToStream(binBuffer, (short) offset,index);
- index = index + u16Size;
- System.arraycopy(slotMap, 0, binBuffer,(offset + address),
slotMap.length);
- }
-
- } catch (IOException ee)
- {
- System.out.println(" GBPB:: got exception : " + ee);
- return null;
- }
-
- printDebug(" GBP:: Binary Policy ==> length " + binBuffer.length);
- if (debug)
- printHex(binBuffer,binBuffer.length);
-
- return binBuffer;
+ /* Write vlan offset */
+ writeShortToStream(binBuffer, (short) 0,index);
+ index = index + u16Size;
+ }
+
+ offset = offset + vlanMap.length;
+ if ( 0 < slotMap.length) {
+ size = slotMap.length / (3 * u16Size);
+ writeShortToStream(binBuffer, (short) size,index);
+ index = index + u16Size;
+
+ writeShortToStream(binBuffer, (short) offset,index);
+ index = index + u16Size;
+ System.arraycopy(slotMap, 0, binBuffer,(offset + address),
slotMap.length);
+ }
+ } catch (IOException ee) {
+ System.out.println(" GBPB:: got exception : " + ee);
+ return null;
+ }
+
+ printDebug(" GBP:: Binary Policy ==> length " + binBuffer.length);
+ if (debug)
+ printHex(binBuffer,binBuffer.length);
+
+ return binBuffer;
}
public byte[] generateChwBuffer(Vector Ssids, Vector ConflictSsids, Vector
ColorTypes)
@@ -668,28 +635,20 @@
int position = 0;
/* Get number of rTypes */
- short maxTypes = (short) ColorTypes.size();
+ int maxTypes = ColorTypes.size();
/* Get number of SSids entry */
- short maxSsids = (short) Ssids.size();
+ int maxSsids = Ssids.size();
/* Get number of conflict sets */
- short maxConflict = (short) ConflictSsids.size();
+ int maxConflict = ConflictSsids.size();
if (maxTypes * maxSsids == 0)
return null;
/*
- data structure acm_chwall_policy_buffer_t;
-
- uint16 policy_code;
- uint16 chwall_max_types;
- uint16 chwall_max_ssidrefs;
- uint16 chwall_max_conflictsets;
- uint16 chwall_ssid_offset;
- uint16 chwall_conflict_sets_offset;
- uint16 chwall_running_types_offset;
- uint16 chwall_conflict_aggregate_offset;
+ data structure acm_chwall_policy_buffer
+ se XmlToBinInterface.java
*/
int totalBytes = chwHeaderSize + u16Size *(maxTypes * (maxSsids +
maxConflict));
@@ -699,34 +658,38 @@
printDebug(" gCB:: chwall totalbytes : "+totalBytes);
try {
- index = 0;
- writeShortToStream(chwBuffer,ACM_CHINESE_WALL_POLICY,index);
- index = u16Size;
-
- writeShortToStream(chwBuffer,maxTypes,index);
- index = index + u16Size;
-
- writeShortToStream(chwBuffer,maxSsids,index);
- index = index + u16Size;
-
- writeShortToStream(chwBuffer,maxConflict,index);
- index = index + u16Size;
-
- /* Write chwall_ssid_offset */
- writeShortToStream(chwBuffer,chwHeaderSize,index);
- index = index + u16Size;
-
- /* Write chwall_conflict_sets_offset */
- writeShortToStream(chwBuffer,(short) address,index);
- index = index + u16Size;
-
- /* Write chwall_running_types_offset */
- writeShortToStream(chwBuffer,(short) 0,index);
- index = index + u16Size;
-
- /* Write chwall_conflict_aggregate_offset */
- writeShortToStream(chwBuffer,(short) 0,index);
- index = index + u16Size;
+ index = 0;
+ /* fill in General Policy Version */
+ writeIntToStream(chwBuffer, ACM_CHWALL_VERSION, index);
+ index += u32Size;
+
+ writeIntToStream(chwBuffer, ACM_CHINESE_WALL_POLICY, index);
+ index += u32Size;
+
+ writeIntToStream(chwBuffer, maxTypes, index);
+ index += u32Size;
+
+ writeIntToStream(chwBuffer, maxSsids, index);
+ index += u32Size;
+
+ writeIntToStream(chwBuffer, maxConflict, index);
+ index += u32Size;
+
+ /* Write chwall_ssid_offset */
+ writeIntToStream(chwBuffer, chwHeaderSize, index);
+ index += u32Size;
+
+ /* Write chwall_conflict_sets_offset */
+ writeIntToStream(chwBuffer, address, index);
+ index += u32Size;
+
+ /* Write chwall_running_types_offset */
+ writeIntToStream(chwBuffer, 0, index);
+ index += u32Size;
+
+ /* Write chwall_conflict_aggregate_offset */
+ writeIntToStream(chwBuffer, 0, index);
+ index += u32Size;
} catch (IOException ee) {
System.out.println(" gCB:: got exception : " + ee);
@@ -737,7 +700,6 @@
/* Create the SSids entry */
for (int i = 0; i < maxSsids; i++)
{
-
SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i);
/* Get chwall types */
ssidEntry.chwSsidPosition = i;
@@ -821,22 +783,16 @@
int position = 0;
/* Get number of colorTypes */
- short numColorTypes = (short) ColorTypes.size();
+ int numColorTypes = ColorTypes.size();
/* Get number of SSids entry */
- short numSsids = (short) Ssids.size();
+ int numSsids = Ssids.size();
if (numColorTypes * numSsids == 0)
return null;
- /* data structure: acm_ste_policy_buffer_t
- *
- * policy code (uint16) >
- * max_types (uint16) >
- * max_ssidrefs (uint16) > steHeaderSize
- * ssid_offset (uint16) >
- * DATA (colorTypes(size) * Ssids(size) *unit16)
- *
+ /* data structure: acm_ste_policy_buffer
+ * see XmlToBinInterface.java
* total bytes: steHeaderSize * 2B + colorTypes(size) * Ssids(size)
*
*/
@@ -844,18 +800,22 @@
try {
- index = 0;
- writeShortToStream(steBuffer,ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,index);
- index = u16Size;
-
- writeShortToStream(steBuffer,numColorTypes,index);
- index = index + u16Size;
-
- writeShortToStream(steBuffer,numSsids,index);
- index = index + u16Size;
-
- writeShortToStream(steBuffer,(short)steHeaderSize,index);
- index = index + u16Size;
+ index = 0;
+ writeIntToStream(steBuffer, ACM_STE_VERSION, index);
+ index += u32Size;
+
+ writeIntToStream(steBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,
index);
+ index += u32Size;
+
+ writeIntToStream(steBuffer, numColorTypes, index);
+ index += u32Size;
+
+ writeIntToStream(steBuffer, numSsids, index);
+ index += u32Size;
+
+ writeIntToStream(steBuffer, steHeaderSize, index);
+ index += u32Size;
+
} catch (IOException ee) {
System.out.println(" gSB:: got exception : " + ee);
@@ -1469,6 +1429,17 @@
XmlToBin genObj = new XmlToBin();
+ policy_version active_policy = new policy_version();
+
+ if ((active_policy.ACM_POLICY_VERSION != ACM_POLICY_VERSION) ||
+ (active_policy.ACM_CHWALL_VERSION != ACM_CHWALL_VERSION) ||
+ (active_policy.ACM_STE_VERSION != ACM_STE_VERSION)) {
+ System.out.println("ACM policy versions differ.");
+ System.out.println("Please verify that data structures are correct");
+ System.out.println("and then adjust the version numbers in
XmlToBinInterface.java.");
+ return;
+ }
+
for (int i = 0 ; i < args.length ; i++) {
diff -r 0301cccd14f1 -r d18f732c0a5f
tools/misc/policyprocessor/XmlToBinInterface.java
--- a/tools/misc/policyprocessor/XmlToBinInterface.java Tue Aug 2 09:31:47 2005
+++ b/tools/misc/policyprocessor/XmlToBinInterface.java Tue Aug 2 09:37:00 2005
@@ -19,37 +19,37 @@
*
* policy binary structures
*
- * typedef struct {
- * u32 magic;
+ * struct acm_policy_buffer {
+ * u32 policy_version; * ACM_POLICY_VERSION *
+ * u32 magic;
+ * u32 len;
+ * u32 primary_policy_code;
+ * u32 primary_buffer_offset;
+ * u32 secondary_policy_code;
+ * u32 secondary_buffer_offset;
+ * +u32 resource offset (not used yet in Xen)
+ * };
*
- * u32 policyversion;
- * u32 len;
*
- * u16 primary_policy_code;
- * u16 primary_buffer_offset;
- * u16 secondary_policy_code;
- * u16 secondary_buffer_offset;
- * u16 resource_offset;
+ * struct acm_ste_policy_buffer {
+ * u32 policy_version; * ACM_STE_VERSION *
+ * u32 policy_code;
+ * u32 ste_max_types;
+ * u32 ste_max_ssidrefs;
+ * u32 ste_ssid_offset;
+ * };
*
- * } acm_policy_buffer_t;
- *
- * typedef struct {
- * u16 policy_code;
- * u16 ste_max_types;
- * u16 ste_max_ssidrefs;
- * u16 ste_ssid_offset;
- * } acm_ste_policy_buffer_t;
- *
- * typedef struct {
- * uint16 policy_code;
- * uint16 chwall_max_types;
- * uint16 chwall_max_ssidrefs;
- * uint16 chwall_max_conflictsets;
- * uint16 chwall_ssid_offset;
- * uint16 chwall_conflict_sets_offset;
- * uint16 chwall_running_types_offset;
- * uint16 chwall_conflict_aggregate_offset;
- * } acm_chwall_policy_buffer_t;
+ * struct acm_chwall_policy_buffer {
+ * u32 policy_version; * ACM_CHWALL_VERSION *
+ * u32 policy_code;
+ * u32 chwall_max_types;
+ * u32 chwall_max_ssidrefs;
+ * u32 chwall_max_conflictsets;
+ * u32 chwall_ssid_offset;
+ * u32 chwall_conflict_sets_offset;
+ * u32 chwall_running_types_offset;
+ * u32 chwall_conflict_aggregate_offset;
+ * };
*
* typedef struct {
* u16 partition_max;
@@ -100,16 +100,17 @@
final int u16Size = 2;
/* num of bytes for acm_ste_policy_buffer_t */
- final short steHeaderSize = (4 * u16Size);
+ final int steHeaderSize = (5 * u32Size);
+
/* byte for acm_chinese_wall_policy_buffer_t */
- final short chwHeaderSize = (8 * u16Size);
+ final int chwHeaderSize = (9 * u32Size);
- final short primaryPolicyCodeSize = u16Size;
- final short primaryBufferOffsetSize = u16Size ;
+ final int primaryPolicyCodeSize = u32Size;
+ final int primaryBufferOffsetSize = u32Size ;
- final int secondaryPolicyCodeSz = u16Size;
- final int secondaryBufferOffsetSz = u16Size;
- final short resourceOffsetSz = u16Size;
+ final int secondaryPolicyCodeSz = u32Size;
+ final int secondaryBufferOffsetSz = u32Size;
+ final int resourceOffsetSz = u32Size;
final short partitionBufferSz = (2 * u16Size);
final short partitionEntrySz = (3 * u16Size);
@@ -120,16 +121,18 @@
final short vlanBufferSz = (2 * u16Size);
final short vlanEntrySz = (2 * u16Size);
- final short binaryBufferHeaderSz = (3 * u32Size + 4* u16Size);
-
- /* copied directlty from policy_ops.h */
- final int POLICY_INTERFACE_VERSION = 0xAAAA0003;
+ final int binaryBufferHeaderSz = (8 * u32Size); /* 8th not used in Xen */
/* copied directly from acm.h */
final int ACM_MAGIC = 0x0001debc;
- final short ACM_NULL_POLICY = 0;
- final short ACM_CHINESE_WALL_POLICY = 1;
- final short ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY = 2;
- final short ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY = 3;
- final short ACM_EMPTY_POLICY = 4;
+ final int ACM_NULL_POLICY = 0;
+ final int ACM_CHINESE_WALL_POLICY = 1;
+ final int ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY = 2;
+ final int ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY = 3;
+ final int ACM_EMPTY_POLICY = 4;
+
+ /* version for compatibility check */
+ final int ACM_POLICY_VERSION = 1;
+ final int ACM_STE_VERSION = 1;
+ final int ACM_CHWALL_VERSION = 1;
}
diff -r 0301cccd14f1 -r d18f732c0a5f
tools/misc/policyprocessor/xen_sample_def.xml
--- a/tools/misc/policyprocessor/xen_sample_def.xml Tue Aug 2 09:31:47 2005
+++ b/tools/misc/policyprocessor/xen_sample_def.xml Tue Aug 2 09:37:00 2005
@@ -37,7 +37,7 @@
</ConflictSet>
<ConflictSet>
- <ChWall>Q-Company</ChWall>
+ <ChWall>R-Company</ChWall>
<ChWall>V-Company</ChWall>
<ChWall>W-Company</ChWall>
</ConflictSet>
diff -r 0301cccd14f1 -r d18f732c0a5f xen/acm/acm_chinesewall_hooks.c
--- a/xen/acm/acm_chinesewall_hooks.c Tue Aug 2 09:31:47 2005
+++ b/xen/acm/acm_chinesewall_hooks.c Tue Aug 2 09:37:00 2005
@@ -110,45 +110,45 @@
struct acm_chwall_policy_buffer *chwall_buf = (struct
acm_chwall_policy_buffer *)buf;
int ret = 0;
- chwall_buf->chwall_max_types = htons(chwall_bin_pol.max_types);
- chwall_buf->chwall_max_ssidrefs = htons(chwall_bin_pol.max_ssidrefs);
- chwall_buf->policy_code = htons(ACM_CHINESE_WALL_POLICY);
- chwall_buf->chwall_ssid_offset = htons(sizeof(struct
acm_chwall_policy_buffer));
- chwall_buf->chwall_max_conflictsets =
htons(chwall_bin_pol.max_conflictsets);
+ chwall_buf->chwall_max_types = htonl(chwall_bin_pol.max_types);
+ chwall_buf->chwall_max_ssidrefs = htonl(chwall_bin_pol.max_ssidrefs);
+ chwall_buf->policy_code = htonl(ACM_CHINESE_WALL_POLICY);
+ chwall_buf->chwall_ssid_offset = htonl(sizeof(struct
acm_chwall_policy_buffer));
+ chwall_buf->chwall_max_conflictsets =
htonl(chwall_bin_pol.max_conflictsets);
chwall_buf->chwall_conflict_sets_offset =
- htons(
- ntohs(chwall_buf->chwall_ssid_offset) +
+ htonl(
+ ntohl(chwall_buf->chwall_ssid_offset) +
sizeof(domaintype_t) * chwall_bin_pol.max_ssidrefs *
chwall_bin_pol.max_types);
chwall_buf->chwall_running_types_offset =
- htons(
- ntohs(chwall_buf->chwall_conflict_sets_offset) +
+ htonl(
+ ntohl(chwall_buf->chwall_conflict_sets_offset) +
sizeof(domaintype_t) * chwall_bin_pol.max_conflictsets *
chwall_bin_pol.max_types);
chwall_buf->chwall_conflict_aggregate_offset =
- htons(
- ntohs(chwall_buf->chwall_running_types_offset) +
+ htonl(
+ ntohl(chwall_buf->chwall_running_types_offset) +
sizeof(domaintype_t) * chwall_bin_pol.max_types);
- ret = ntohs(chwall_buf->chwall_conflict_aggregate_offset) +
+ ret = ntohl(chwall_buf->chwall_conflict_aggregate_offset) +
sizeof(domaintype_t) * chwall_bin_pol.max_types;
/* now copy buffers over */
- arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_ssid_offset)),
+ arrcpy16((u16 *)(buf + ntohl(chwall_buf->chwall_ssid_offset)),
chwall_bin_pol.ssidrefs,
chwall_bin_pol.max_ssidrefs * chwall_bin_pol.max_types);
- arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_conflict_sets_offset)),
+ arrcpy16((u16 *)(buf + ntohl(chwall_buf->chwall_conflict_sets_offset)),
chwall_bin_pol.conflict_sets,
chwall_bin_pol.max_conflictsets * chwall_bin_pol.max_types);
- arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_running_types_offset)),
+ arrcpy16((u16 *)(buf + ntohl(chwall_buf->chwall_running_types_offset)),
chwall_bin_pol.running_types,
chwall_bin_pol.max_types);
- arrcpy16((u16 *)(buf +
ntohs(chwall_buf->chwall_conflict_aggregate_offset)),
+ arrcpy16((u16 *)(buf +
ntohl(chwall_buf->chwall_conflict_aggregate_offset)),
chwall_bin_pol.conflict_aggregate_set,
chwall_bin_pol.max_types);
return ret;
@@ -226,14 +226,20 @@
void *ssids = NULL, *conflict_sets = NULL, *running_types = NULL,
*conflict_aggregate_set = NULL;
/* rewrite the policy due to endianess */
- chwall_buf->policy_code =
ntohs(chwall_buf->policy_code);
- chwall_buf->chwall_max_types =
ntohs(chwall_buf->chwall_max_types);
- chwall_buf->chwall_max_ssidrefs =
ntohs(chwall_buf->chwall_max_ssidrefs);
- chwall_buf->chwall_max_conflictsets =
ntohs(chwall_buf->chwall_max_conflictsets);
- chwall_buf->chwall_ssid_offset =
ntohs(chwall_buf->chwall_ssid_offset);
- chwall_buf->chwall_conflict_sets_offset =
ntohs(chwall_buf->chwall_conflict_sets_offset);
- chwall_buf->chwall_running_types_offset =
ntohs(chwall_buf->chwall_running_types_offset);
- chwall_buf->chwall_conflict_aggregate_offset =
ntohs(chwall_buf->chwall_conflict_aggregate_offset);
+ chwall_buf->policy_code =
ntohl(chwall_buf->policy_code);
+ chwall_buf->policy_version =
ntohl(chwall_buf->policy_version);
+ chwall_buf->chwall_max_types =
ntohl(chwall_buf->chwall_max_types);
+ chwall_buf->chwall_max_ssidrefs =
ntohl(chwall_buf->chwall_max_ssidrefs);
+ chwall_buf->chwall_max_conflictsets =
ntohl(chwall_buf->chwall_max_conflictsets);
+ chwall_buf->chwall_ssid_offset =
ntohl(chwall_buf->chwall_ssid_offset);
+ chwall_buf->chwall_conflict_sets_offset =
ntohl(chwall_buf->chwall_conflict_sets_offset);
+ chwall_buf->chwall_running_types_offset =
ntohl(chwall_buf->chwall_running_types_offset);
+ chwall_buf->chwall_conflict_aggregate_offset =
ntohl(chwall_buf->chwall_conflict_aggregate_offset);
+
+ /* policy type and version checks */
+ if ((chwall_buf->policy_code != ACM_CHINESE_WALL_POLICY) ||
+ (chwall_buf->policy_version != ACM_CHWALL_VERSION))
+ return -EINVAL;
/* 1. allocate new buffers */
ssids = xmalloc_array(domaintype_t,
chwall_buf->chwall_max_types*chwall_buf->chwall_max_ssidrefs);
diff -r 0301cccd14f1 -r d18f732c0a5f xen/acm/acm_core.c
--- a/xen/acm/acm_core.c Tue Aug 2 09:31:47 2005
+++ b/xen/acm/acm_core.c Tue Aug 2 09:37:00 2005
@@ -120,7 +120,6 @@
if (ntohl(pol->magic) == ACM_MAGIC) {
rc = acm_set_policy((void *)_policy_start,
(u16)_policy_len,
- ACM_USE_SECURITY_POLICY,
0);
if (rc == ACM_OK) {
printf("Policy len 0x%lx, start at
%p.\n",_policy_len,_policy_start);
diff -r 0301cccd14f1 -r d18f732c0a5f xen/acm/acm_policy.c
--- a/xen/acm/acm_policy.c Tue Aug 2 09:31:47 2005
+++ b/xen/acm/acm_policy.c Tue Aug 2 09:37:00 2005
@@ -6,9 +6,8 @@
* Author:
* Reiner Sailer <sailer@xxxxxxxxxxxxxx>
*
- * Contributions:
+ * Contributors:
* Stefan Berger <stefanb@xxxxxxxxxxxxxx>
- * support for network-byte-order binary policies
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
@@ -27,29 +26,20 @@
#include <xen/lib.h>
#include <xen/delay.h>
#include <xen/sched.h>
-#include <public/policy_ops.h>
+#include <public/acm_ops.h>
#include <acm/acm_core.h>
#include <acm/acm_hooks.h>
#include <acm/acm_endian.h>
int
-acm_set_policy(void *buf, u16 buf_size, u16 policy, int isuserbuffer)
+acm_set_policy(void *buf, u16 buf_size, int isuserbuffer)
{
u8 *policy_buffer = NULL;
struct acm_policy_buffer *pol;
- if (policy != ACM_USE_SECURITY_POLICY) {
- printk("%s: Loading incompatible policy (running: %s).\n",
__func__,
- ACM_POLICY_NAME(ACM_USE_SECURITY_POLICY));
- return -EFAULT;
- }
- /* now check correct buffer sizes for policy combinations */
- if (policy == ACM_NULL_POLICY) {
- printkd("%s: NULL Policy, no policy needed.\n", __func__);
- goto out;
- }
if (buf_size < sizeof(struct acm_policy_buffer))
return -EFAULT;
+
/* 1. copy buffer from domain */
if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL)
goto error_free;
@@ -58,17 +48,17 @@
printk("%s: Error copying!\n",__func__);
goto error_free;
}
- } else {
+ } else
memcpy(policy_buffer, buf, buf_size);
- }
+
/* 2. some sanity checking */
pol = (struct acm_policy_buffer *)policy_buffer;
if ((ntohl(pol->magic) != ACM_MAGIC) ||
- (ntohs(pol->primary_policy_code) !=
acm_bin_pol.primary_policy_code) ||
- (ntohs(pol->secondary_policy_code) !=
acm_bin_pol.secondary_policy_code) ||
- (ntohl(pol->policyversion) != POLICY_INTERFACE_VERSION)) {
- printkd("%s: Wrong policy magics!\n", __func__);
+ (ntohl(pol->policy_version) != ACM_POLICY_VERSION) ||
+ (ntohl(pol->primary_policy_code) !=
acm_bin_pol.primary_policy_code) ||
+ (ntohl(pol->secondary_policy_code) !=
acm_bin_pol.secondary_policy_code)) {
+ printkd("%s: Wrong policy magics or versions!\n", __func__);
goto error_free;
}
if (buf_size != ntohl(pol->len)) {
@@ -79,21 +69,19 @@
/* get bin_policy lock and rewrite policy (release old one) */
write_lock(&acm_bin_pol_rwlock);
- /* 3. now get/set primary policy data */
- if (acm_primary_ops->set_binary_policy(buf +
ntohs(pol->primary_buffer_offset),
-
ntohs(pol->secondary_buffer_offset) -
-
ntohs(pol->primary_buffer_offset))) {
+ /* 3. set primary policy data */
+ if (acm_primary_ops->set_binary_policy(buf +
ntohl(pol->primary_buffer_offset),
+
ntohl(pol->secondary_buffer_offset) -
+
ntohl(pol->primary_buffer_offset))) {
goto error_lock_free;
}
- /* 4. now get/set secondary policy data */
- if (acm_secondary_ops->set_binary_policy(buf +
ntohs(pol->secondary_buffer_offset),
+ /* 4. set secondary policy data */
+ if (acm_secondary_ops->set_binary_policy(buf +
ntohl(pol->secondary_buffer_offset),
ntohl(pol->len) -
-
ntohs(pol->secondary_buffer_offset))) {
+
ntohl(pol->secondary_buffer_offset))) {
goto error_lock_free;
}
write_unlock(&acm_bin_pol_rwlock);
- out:
- printk("%s: Done .\n", __func__);
if (policy_buffer != NULL)
xfree(policy_buffer);
return ACM_OK;
@@ -121,26 +109,25 @@
/* future: read policy from file and set it */
bin_pol = (struct acm_policy_buffer *)policy_buffer;
bin_pol->magic = htonl(ACM_MAGIC);
- bin_pol->policyversion = htonl(POLICY_INTERFACE_VERSION);
- bin_pol->primary_policy_code = htons(acm_bin_pol.primary_policy_code);
- bin_pol->secondary_policy_code = htons(acm_bin_pol.secondary_policy_code);
+ bin_pol->primary_policy_code = htonl(acm_bin_pol.primary_policy_code);
+ bin_pol->secondary_policy_code = htonl(acm_bin_pol.secondary_policy_code);
bin_pol->len = htonl(sizeof(struct acm_policy_buffer));
- bin_pol->primary_buffer_offset = htons(ntohl(bin_pol->len));
- bin_pol->secondary_buffer_offset = htons(ntohl(bin_pol->len));
+ bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len));
+ bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len));
- ret = acm_primary_ops->dump_binary_policy (policy_buffer +
ntohs(bin_pol->primary_buffer_offset),
- buf_size -
ntohs(bin_pol->primary_buffer_offset));
+ ret = acm_primary_ops->dump_binary_policy (policy_buffer +
ntohl(bin_pol->primary_buffer_offset),
+ buf_size -
ntohl(bin_pol->primary_buffer_offset));
if (ret < 0) {
printk("%s: ERROR creating chwallpolicy buffer.\n", __func__);
read_unlock(&acm_bin_pol_rwlock);
return -1;
}
bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
- bin_pol->secondary_buffer_offset = htons(ntohl(bin_pol->len));
+ bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len));
- ret = acm_secondary_ops->dump_binary_policy(policy_buffer +
ntohs(bin_pol->secondary_buffer_offset),
- buf_size -
ntohs(bin_pol->secondary_buffer_offset));
+ ret = acm_secondary_ops->dump_binary_policy(policy_buffer +
ntohl(bin_pol->secondary_buffer_offset),
+ buf_size -
ntohl(bin_pol->secondary_buffer_offset));
if (ret < 0) {
printk("%s: ERROR creating chwallpolicy buffer.\n", __func__);
read_unlock(&acm_bin_pol_rwlock);
@@ -178,11 +165,10 @@
goto error_lock_free;
acm_stats.magic = htonl(ACM_MAGIC);
- acm_stats.policyversion = htonl(POLICY_INTERFACE_VERSION);
- acm_stats.primary_policy_code = htons(acm_bin_pol.primary_policy_code);
- acm_stats.secondary_policy_code =
htons(acm_bin_pol.secondary_policy_code);
- acm_stats.primary_stats_offset = htons(sizeof(struct acm_stats_buffer));
- acm_stats.secondary_stats_offset = htons(sizeof(struct acm_stats_buffer)
+ len1);
+ acm_stats.primary_policy_code = htonl(acm_bin_pol.primary_policy_code);
+ acm_stats.secondary_policy_code =
htonl(acm_bin_pol.secondary_policy_code);
+ acm_stats.primary_stats_offset = htonl(sizeof(struct acm_stats_buffer));
+ acm_stats.secondary_stats_offset = htonl(sizeof(struct acm_stats_buffer)
+ len1);
acm_stats.len = htonl(sizeof(struct acm_stats_buffer) + len1 + len2);
memcpy(stats_buffer, &acm_stats, sizeof(struct acm_stats_buffer));
diff -r 0301cccd14f1 -r d18f732c0a5f xen/acm/acm_simple_type_enforcement_hooks.c
--- a/xen/acm/acm_simple_type_enforcement_hooks.c Tue Aug 2 09:31:47 2005
+++ b/xen/acm/acm_simple_type_enforcement_hooks.c Tue Aug 2 09:37:00 2005
@@ -140,15 +140,15 @@
struct acm_ste_policy_buffer *ste_buf = (struct acm_ste_policy_buffer
*)buf;
int ret = 0;
- ste_buf->ste_max_types = htons(ste_bin_pol.max_types);
- ste_buf->ste_max_ssidrefs = htons(ste_bin_pol.max_ssidrefs);
- ste_buf->policy_code = htons(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
- ste_buf->ste_ssid_offset = htons(sizeof(struct acm_ste_policy_buffer));
- ret = ntohs(ste_buf->ste_ssid_offset) +
+ ste_buf->ste_max_types = htonl(ste_bin_pol.max_types);
+ ste_buf->ste_max_ssidrefs = htonl(ste_bin_pol.max_ssidrefs);
+ ste_buf->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
+ ste_buf->ste_ssid_offset = htonl(sizeof(struct acm_ste_policy_buffer));
+ ret = ntohl(ste_buf->ste_ssid_offset) +
sizeof(domaintype_t)*ste_bin_pol.max_ssidrefs*ste_bin_pol.max_types;
/* now copy buffer over */
- arrcpy(buf + ntohs(ste_buf->ste_ssid_offset),
+ arrcpy(buf + ntohl(ste_buf->ste_ssid_offset),
ste_bin_pol.ssidrefs,
sizeof(domaintype_t),
ste_bin_pol.max_ssidrefs*ste_bin_pol.max_types);
@@ -276,10 +276,16 @@
int i;
/* Convert endianess of policy */
- ste_buf->policy_code = ntohs(ste_buf->policy_code);
- ste_buf->ste_max_types = ntohs(ste_buf->ste_max_types);
- ste_buf->ste_max_ssidrefs = ntohs(ste_buf->ste_max_ssidrefs);
- ste_buf->ste_ssid_offset = ntohs(ste_buf->ste_ssid_offset);
+ ste_buf->policy_code = ntohl(ste_buf->policy_code);
+ ste_buf->policy_version = ntohl(ste_buf->policy_version);
+ ste_buf->ste_max_types = ntohl(ste_buf->ste_max_types);
+ ste_buf->ste_max_ssidrefs = ntohl(ste_buf->ste_max_ssidrefs);
+ ste_buf->ste_ssid_offset = ntohl(ste_buf->ste_ssid_offset);
+
+ /* policy type and version checks */
+ if ((ste_buf->policy_code != ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) ||
+ (ste_buf->policy_version != ACM_STE_VERSION))
+ return -EINVAL;
/* 1. create and copy-in new ssidrefs buffer */
ssidrefsbuf = xmalloc_array(u8,
sizeof(domaintype_t)*ste_buf->ste_max_types*ste_buf->ste_max_ssidrefs);
diff -r 0301cccd14f1 -r d18f732c0a5f xen/arch/x86/x86_32/entry.S
--- a/xen/arch/x86/x86_32/entry.S Tue Aug 2 09:31:47 2005
+++ b/xen/arch/x86/x86_32/entry.S Tue Aug 2 09:37:00 2005
@@ -751,7 +751,7 @@
.long do_boot_vcpu
.long do_ni_hypercall /* 25 */
.long do_mmuext_op
- .long do_policy_op /* 27 */
+ .long do_acm_op /* 27 */
.rept NR_hypercalls-((.-hypercall_table)/4)
.long do_ni_hypercall
.endr
diff -r 0301cccd14f1 -r d18f732c0a5f xen/arch/x86/x86_64/entry.S
--- a/xen/arch/x86/x86_64/entry.S Tue Aug 2 09:31:47 2005
+++ b/xen/arch/x86/x86_64/entry.S Tue Aug 2 09:37:00 2005
@@ -587,7 +587,7 @@
.quad do_boot_vcpu
.quad do_set_segment_base /* 25 */
.quad do_mmuext_op
- .quad do_policy_op
+ .quad do_acm_op
.rept NR_hypercalls-((.-hypercall_table)/4)
.quad do_ni_hypercall
.endr
diff -r 0301cccd14f1 -r d18f732c0a5f xen/include/acm/acm_core.h
--- a/xen/include/acm/acm_core.h Tue Aug 2 09:31:47 2005
+++ b/xen/include/acm/acm_core.h Tue Aug 2 09:37:00 2005
@@ -21,7 +21,7 @@
#include <xen/spinlock.h>
#include <public/acm.h>
#include <xen/acm_policy.h>
-#include <public/policy_ops.h>
+#include <public/acm_ops.h>
/* Xen-internal representation of the binary policy */
struct acm_binary_policy {
@@ -113,7 +113,7 @@
/* protos */
int acm_init_domain_ssid(domid_t id, ssidref_t ssidref);
int acm_free_domain_ssid(struct acm_ssid_domain *ssid);
-int acm_set_policy(void *buf, u16 buf_size, u16 policy, int isuserbuffer);
+int acm_set_policy(void *buf, u16 buf_size, int isuserbuffer);
int acm_get_policy(void *buf, u16 buf_size);
int acm_dump_statistics(void *buf, u16 buf_size);
diff -r 0301cccd14f1 -r d18f732c0a5f xen/include/public/acm.h
--- a/xen/include/public/acm.h Tue Aug 2 09:31:47 2005
+++ b/xen/include/public/acm.h Tue Aug 2 09:37:00 2005
@@ -71,6 +71,14 @@
(X == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "CHINESE
WALL AND SIMPLE TYPE ENFORCEMENT policy" : \
"UNDEFINED policy"
+/* the following policy versions must be increased
+ * whenever the interpretation of the related
+ * policy's data structure changes
+ */
+#define ACM_POLICY_VERSION 1
+#define ACM_CHWALL_VERSION 1
+#define ACM_STE_VERSION 1
+
/* defines a ssid reference used by xen */
typedef u32 ssidref_t;
@@ -102,46 +110,53 @@
#define ACM_MAGIC 0x0001debc
/* each offset in bytes from start of the struct they
- * the are part of */
+ * are part of */
+
/* each buffer consists of all policy information for
* the respective policy given in the policy code
+ *
+ * acm_policy_buffer, acm_chwall_policy_buffer,
+ * and acm_ste_policy_buffer need to stay 32-bit aligned
+ * because we create binary policies also with external
+ * tools that assume packed representations (e.g. the java tool)
*/
struct acm_policy_buffer {
+ u32 policy_version; /* ACM_POLICY_VERSION */
u32 magic;
- u32 policyversion;
u32 len;
- u16 primary_policy_code;
- u16 primary_buffer_offset;
- u16 secondary_policy_code;
- u16 secondary_buffer_offset;
+ u32 primary_policy_code;
+ u32 primary_buffer_offset;
+ u32 secondary_policy_code;
+ u32 secondary_buffer_offset;
};
struct acm_chwall_policy_buffer {
- u16 policy_code;
- u16 chwall_max_types;
- u16 chwall_max_ssidrefs;
- u16 chwall_max_conflictsets;
- u16 chwall_ssid_offset;
- u16 chwall_conflict_sets_offset;
- u16 chwall_running_types_offset;
- u16 chwall_conflict_aggregate_offset;
+ u32 policy_version; /* ACM_CHWALL_VERSION */
+ u32 policy_code;
+ u32 chwall_max_types;
+ u32 chwall_max_ssidrefs;
+ u32 chwall_max_conflictsets;
+ u32 chwall_ssid_offset;
+ u32 chwall_conflict_sets_offset;
+ u32 chwall_running_types_offset;
+ u32 chwall_conflict_aggregate_offset;
};
struct acm_ste_policy_buffer {
- u16 policy_code;
- u16 ste_max_types;
- u16 ste_max_ssidrefs;
- u16 ste_ssid_offset;
+ u32 policy_version; /* ACM_STE_VERSION */
+ u32 policy_code;
+ u32 ste_max_types;
+ u32 ste_max_ssidrefs;
+ u32 ste_ssid_offset;
};
struct acm_stats_buffer {
u32 magic;
- u32 policyversion;
u32 len;
- u16 primary_policy_code;
- u16 primary_stats_offset;
- u16 secondary_policy_code;
- u16 secondary_stats_offset;
+ u32 primary_policy_code;
+ u32 primary_stats_offset;
+ u32 secondary_policy_code;
+ u32 secondary_stats_offset;
};
struct acm_ste_stats_buffer {
diff -r 0301cccd14f1 -r d18f732c0a5f xen/include/public/xen.h
--- a/xen/include/public/xen.h Tue Aug 2 09:31:47 2005
+++ b/xen/include/public/xen.h Tue Aug 2 09:37:00 2005
@@ -58,7 +58,7 @@
#define __HYPERVISOR_boot_vcpu 24
#define __HYPERVISOR_set_segment_base 25 /* x86/64 only */
#define __HYPERVISOR_mmuext_op 26
-#define __HYPERVISOR_policy_op 27
+#define __HYPERVISOR_acm_op 27
/*
* VIRTUAL INTERRUPTS
diff -r 0301cccd14f1 -r d18f732c0a5f tools/policy/Makefile
--- a/tools/policy/Makefile Tue Aug 2 09:31:47 2005
+++ /dev/null Tue Aug 2 09:37:00 2005
@@ -1,36 +0,0 @@
-XEN_ROOT = ../..
-include $(XEN_ROOT)/tools/Rules.mk
-
-SRCS = policy_tool.c
-CFLAGS += -static
-CFLAGS += -Wall
-CFLAGS += -Werror
-CFLAGS += -O3
-CFLAGS += -fno-strict-aliasing
-CFLAGS += -I.
-
-all: build
-build: mk-symlinks
- $(MAKE) policy_tool
-
-default: all
-
-install: all
-
-policy_tool : policy_tool.c
- $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $<
-
-clean:
- rm -rf policy_tool xen
-
-
-LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse
-mk-symlinks:
- [ -e xen/linux ] || mkdir -p xen/linux
- [ -e xen/io ] || mkdir -p xen/io
- ( cd xen >/dev/null ; \
- ln -sf ../$(XEN_ROOT)/xen/include/public/*.h . )
- ( cd xen/io >/dev/null ; \
- ln -sf ../../$(XEN_ROOT)/xen/include/public/io/*.h . )
- ( cd xen/linux >/dev/null ; \
- ln -sf ../../$(LINUX_ROOT)/include/asm-xen/linux-public/*.h . )
diff -r 0301cccd14f1 -r d18f732c0a5f tools/policy/policy_tool.c
--- a/tools/policy/policy_tool.c Tue Aug 2 09:31:47 2005
+++ /dev/null Tue Aug 2 09:37:00 2005
@@ -1,552 +0,0 @@
-/****************************************************************
- * policy_tool.c
- *
- * Copyright (C) 2005 IBM Corporation
- *
- * Authors:
- * Reiner Sailer <sailer@xxxxxxxxxxxxxx>
- * Stefan Berger <stefanb@xxxxxxxxxxxxxx>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * sHype policy management tool. This code runs in a domain and
- * manages the Xen security policy by interacting with the
- * Xen access control module via a /proc/xen/privcmd proc-ioctl,
- * which is translated into a policy_op hypercall into Xen.
- *
- * todo: implement setpolicy to dynamically set a policy cache.
- */
-#include <unistd.h>
-#include <stdio.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <sys/mman.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <stdlib.h>
-#include <sys/ioctl.h>
-#include <string.h>
-#include <stdint.h>
-#include <netinet/in.h>
-
-typedef uint8_t u8;
-typedef uint16_t u16;
-typedef uint32_t u32;
-typedef uint64_t u64;
-typedef int8_t s8;
-typedef int16_t s16;
-typedef int32_t s32;
-typedef int64_t s64;
-
-#include <xen/acm.h>
-
-#include <xen/policy_ops.h>
-
-#include <xen/linux/privcmd.h>
-
-#define ERROR(_m, _a...) \
- fprintf(stderr, "ERROR: " _m "\n" , ## _a )
-
-#define PERROR(_m, _a...) \
- fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a , \
- errno, strerror(errno))
-
-static inline int do_policycmd(int xc_handle,
- unsigned int cmd,
- unsigned long data)
-{
- return ioctl(xc_handle, cmd, data);
-}
-
-static inline int do_xen_hypercall(int xc_handle,
- privcmd_hypercall_t *hypercall)
-{
- return do_policycmd(xc_handle,
- IOCTL_PRIVCMD_HYPERCALL,
- (unsigned long)hypercall);
-}
-
-static inline int do_policy_op(int xc_handle, policy_op_t *op)
-{
- int ret = -1;
- privcmd_hypercall_t hypercall;
-
- op->interface_version = POLICY_INTERFACE_VERSION;
-
- hypercall.op = __HYPERVISOR_policy_op;
- hypercall.arg[0] = (unsigned long)op;
-
- if ( mlock(op, sizeof(*op)) != 0 )
- {
- PERROR("Could not lock memory for Xen policy hypercall");
- goto out1;
- }
-
- if ( (ret = do_xen_hypercall(xc_handle, &hypercall)) < 0 )
- {
- if ( errno == EACCES )
- fprintf(stderr, "POLICY operation failed -- need to"
- " rebuild the user-space tool set?\n");
- goto out2;
- }
-
- out2: (void)munlock(op, sizeof(*op));
- out1: return ret;
-}
-
-/*************************** DUMPS *******************************/
-
-void acm_dump_chinesewall_buffer(void *buf, int buflen) {
-
- struct acm_chwall_policy_buffer *cwbuf = (struct
acm_chwall_policy_buffer *)buf;
- domaintype_t *ssids, *conflicts, *running_types, *conflict_aggregate;
- int i,j;
-
-
- if (htons(cwbuf->policy_code) != ACM_CHINESE_WALL_POLICY) {
- printf("CHINESE WALL POLICY CODE not found ERROR!!\n");
- return;
- }
- printf("\n\nChinese Wall policy:\n");
- printf("====================\n");
- printf("Max Types = %x.\n", ntohs(cwbuf->chwall_max_types));
- printf("Max Ssidrefs = %x.\n", ntohs(cwbuf->chwall_max_ssidrefs));
- printf("Max ConfSets = %x.\n", ntohs(cwbuf->chwall_max_conflictsets));
- printf("Ssidrefs Off = %x.\n", ntohs(cwbuf->chwall_ssid_offset));
- printf("Conflicts Off = %x.\n",
ntohs(cwbuf->chwall_conflict_sets_offset));
- printf("Runing T. Off = %x.\n",
ntohs(cwbuf->chwall_running_types_offset));
- printf("C. Agg. Off = %x.\n",
ntohs(cwbuf->chwall_conflict_aggregate_offset));
- printf("\nSSID To CHWALL-Type matrix:\n");
-
- ssids = (domaintype_t *)(buf + ntohs(cwbuf->chwall_ssid_offset));
- for(i=0; i< ntohs(cwbuf->chwall_max_ssidrefs); i++) {
- printf("\n ssidref%2x: ", i);
- for(j=0; j< ntohs(cwbuf->chwall_max_types); j++)
- printf("%02x ",
ntohs(ssids[i*ntohs(cwbuf->chwall_max_types) + j]));
- }
- printf("\n\nConfict Sets:\n");
- conflicts = (domaintype_t *)(buf +
ntohs(cwbuf->chwall_conflict_sets_offset));
- for(i=0; i< ntohs(cwbuf->chwall_max_conflictsets); i++) {
- printf("\n c-set%2x: ", i);
- for(j=0; j< ntohs(cwbuf->chwall_max_types); j++)
- printf("%02x ",
ntohs(conflicts[i*ntohs(cwbuf->chwall_max_types) +j]));
- }
- printf("\n");
-
- printf("\nRunning\nTypes: ");
- if (ntohs(cwbuf->chwall_running_types_offset)) {
- running_types = (domaintype_t *)(buf +
ntohs(cwbuf->chwall_running_types_offset));
- for(i=0; i< ntohs(cwbuf->chwall_max_types); i++) {
- printf("%02x ", ntohs(running_types[i]));
- }
- printf("\n");
- } else {
- printf("Not Reported!\n");
- }
- printf("\nConflict\nAggregate Set: ");
- if (ntohs(cwbuf->chwall_conflict_aggregate_offset)) {
- conflict_aggregate = (domaintype_t *)(buf +
ntohs(cwbuf->chwall_conflict_aggregate_offset));
- for(i=0; i< ntohs(cwbuf->chwall_max_types); i++) {
- printf("%02x ", ntohs(conflict_aggregate[i]));
- }
- printf("\n\n");
- } else {
- printf("Not Reported!\n");
- }
-}
-
-void acm_dump_ste_buffer(void *buf, int buflen) {
-
- struct acm_ste_policy_buffer *stebuf = (struct acm_ste_policy_buffer
*)buf;
- domaintype_t *ssids;
- int i,j;
-
-
- if (ntohs(stebuf->policy_code) != ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
- printf("SIMPLE TYPE ENFORCEMENT POLICY CODE not found
ERROR!!\n");
- return;
- }
- printf("\nSimple Type Enforcement policy:\n");
- printf("===============================\n");
- printf("Max Types = %x.\n", ntohs(stebuf->ste_max_types));
- printf("Max Ssidrefs = %x.\n", ntohs(stebuf->ste_max_ssidrefs));
- printf("Ssidrefs Off = %x.\n", ntohs(stebuf->ste_ssid_offset));
- printf("\nSSID To STE-Type matrix:\n");
-
- ssids = (domaintype_t *)(buf + ntohs(stebuf->ste_ssid_offset));
- for(i=0; i< ntohs(stebuf->ste_max_ssidrefs); i++) {
- printf("\n ssidref%2x: ", i);
- for(j=0; j< ntohs(stebuf->ste_max_types); j++)
- printf("%02x ",
ntohs(ssids[i*ntohs(stebuf->ste_max_types) +j]));
- }
- printf("\n\n");
-}
-
-void acm_dump_policy_buffer(void *buf, int buflen) {
- struct acm_policy_buffer *pol = (struct acm_policy_buffer *)buf;
-
- printf("\nPolicy dump:\n");
- printf("============\n");
- printf("Magic = %x.\n", ntohl(pol->magic));
- printf("PolVer = %x.\n", ntohl(pol->policyversion));
- printf("Len = %x.\n", ntohl(pol->len));
- printf("Primary = %s (c=%x, off=%x).\n",
- ACM_POLICY_NAME(ntohs(pol->primary_policy_code)),
- ntohs(pol->primary_policy_code),
ntohs(pol->primary_buffer_offset));
- printf("Secondary = %s (c=%x, off=%x).\n",
- ACM_POLICY_NAME(ntohs(pol->secondary_policy_code)),
- ntohs(pol->secondary_policy_code),
ntohs(pol->secondary_buffer_offset));
- switch (ntohs(pol->primary_policy_code)) {
- case ACM_CHINESE_WALL_POLICY:
-
acm_dump_chinesewall_buffer(buf+ntohs(pol->primary_buffer_offset),
- ntohl(pol->len) -
ntohs(pol->primary_buffer_offset));
- break;
- case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
- acm_dump_ste_buffer(buf+ntohs(pol->primary_buffer_offset),
- ntohl(pol->len) -
ntohs(pol->primary_buffer_offset));
- break;
- case ACM_NULL_POLICY:
- printf("Primary policy is NULL Policy (n/a).\n");
- break;
- default:
- printf("UNKNOWN POLICY!\n");
- }
- switch (ntohs(pol->secondary_policy_code)) {
- case ACM_CHINESE_WALL_POLICY:
-
acm_dump_chinesewall_buffer(buf+ntohs(pol->secondary_buffer_offset),
- ntohl(pol->len) -
ntohs(pol->secondary_buffer_offset));
- break;
- case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
- acm_dump_ste_buffer(buf+ntohs(pol->secondary_buffer_offset),
- ntohl(pol->len) -
ntohs(pol->secondary_buffer_offset));
- break;
- case ACM_NULL_POLICY:
- printf("Secondary policy is NULL Policy (n/a).\n");
- break;
- default:
- printf("UNKNOWN POLICY!\n");
- }
-}
-
-/*************************** set policy ****************************/
-
-int acm_domain_set_chwallpolicy(void *bufstart, int buflen) {
-#define CWALL_MAX_SSIDREFS 6
-#define CWALL_MAX_TYPES 10
-#define CWALL_MAX_CONFLICTSETS 2
-
- struct acm_chwall_policy_buffer *chwall_bin_pol = (struct
acm_chwall_policy_buffer *)bufstart;
- domaintype_t *ssidrefs, *conflicts;
- int ret = 0;
- int j;
-
- chwall_bin_pol->chwall_max_types = htons(CWALL_MAX_TYPES);
- chwall_bin_pol->chwall_max_ssidrefs = htons(CWALL_MAX_SSIDREFS);
- chwall_bin_pol->policy_code = htons(ACM_CHINESE_WALL_POLICY);
- chwall_bin_pol->chwall_ssid_offset = htons(sizeof(struct
acm_chwall_policy_buffer));
- chwall_bin_pol->chwall_max_conflictsets = htons(CWALL_MAX_CONFLICTSETS);
- chwall_bin_pol->chwall_conflict_sets_offset =
- htons(
- ntohs(chwall_bin_pol->chwall_ssid_offset) +
- sizeof(domaintype_t)*CWALL_MAX_SSIDREFS*CWALL_MAX_TYPES);
- chwall_bin_pol->chwall_running_types_offset = 0; /* not set */
- chwall_bin_pol->chwall_conflict_aggregate_offset = 0; /* not set */
- ret += sizeof(struct acm_chwall_policy_buffer);
- /* now push example ssids into the buffer (max_ssidrefs x max_types
entries) */
- /* check buffer size */
- if ((buflen - ret) <
(CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t)))
- return -1; /* not enough space */
-
- ssidrefs = (domaintype_t
*)(bufstart+ntohs(chwall_bin_pol->chwall_ssid_offset));
- memset(ssidrefs, 0,
CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t));
-
- /* now set type j-1 for ssidref i+1 */
- for(j=0; j<= CWALL_MAX_SSIDREFS; j++)
- if ((0 < j) &&( j <= CWALL_MAX_TYPES))
- ssidrefs[j*CWALL_MAX_TYPES + j - 1] = htons(1);
-
- ret += CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t);
- if ((buflen - ret) <
(CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES*sizeof(domaintype_t)))
- return -1; /* not enough space */
-
- /* now the chinese wall policy conflict sets*/
- conflicts = (domaintype_t *)(bufstart +
-
ntohs(chwall_bin_pol->chwall_conflict_sets_offset));
- memset((void *)conflicts, 0,
CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES*sizeof(domaintype_t));
- /* just 1 conflict set [0]={2,3}, [1]={1,5,6} */
- if (CWALL_MAX_TYPES > 3) {
- conflicts[2] = htons(1); conflicts[3] = htons(1); /* {2,3} */
- conflicts[CWALL_MAX_TYPES+1] = htons(1);
conflicts[CWALL_MAX_TYPES+5] = htons(1);
- conflicts[CWALL_MAX_TYPES+6] = htons(1);/* {0,5,6} */
- }
- ret += sizeof(domaintype_t)*CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES;
- return ret;
-}
-
-int acm_domain_set_stepolicy(void *bufstart, int buflen) {
-#define STE_MAX_SSIDREFS 6
-#define STE_MAX_TYPES 5
-
- struct acm_ste_policy_buffer *ste_bin_pol = (struct acm_ste_policy_buffer
*)bufstart;
- domaintype_t *ssidrefs;
- int j, ret = 0;
-
- ste_bin_pol->ste_max_types = htons(STE_MAX_TYPES);
- ste_bin_pol->ste_max_ssidrefs = htons(STE_MAX_SSIDREFS);
- ste_bin_pol->policy_code = htons(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
- ste_bin_pol->ste_ssid_offset = htons(sizeof(struct acm_ste_policy_buffer));
- ret += sizeof(struct acm_ste_policy_buffer);
- /* check buffer size */
- if ((buflen - ret) < (STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t)))
- return -1; /* not enough space */
-
- ssidrefs = (domaintype_t *)(bufstart+ntohs(ste_bin_pol->ste_ssid_offset));
- memset(ssidrefs, 0, STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t));
- /* all types 1 for ssidref 1 */
- for(j=0; j< STE_MAX_TYPES; j++)
- ssidrefs[1*STE_MAX_TYPES +j] = htons(1);
- /* now set type j-1 for ssidref j */
- for(j=0; j< STE_MAX_SSIDREFS; j++)
- if ((0 < j) &&( j <= STE_MAX_TYPES))
- ssidrefs[j*STE_MAX_TYPES + j - 1] = htons(1);
- ret += STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t);
- return ret;
-}
-
-#define MAX_PUSH_BUFFER 16384
-u8 push_buffer[MAX_PUSH_BUFFER];
-
-int acm_domain_setpolicy(int xc_handle)
-{
- int ret;
- struct acm_policy_buffer *bin_pol;
- policy_op_t op;
-
- /* future: read policy from file and set it */
- bin_pol = (struct acm_policy_buffer *)push_buffer;
- bin_pol->magic = htonl(ACM_MAGIC);
- bin_pol->policyversion = htonl(POLICY_INTERFACE_VERSION);
- bin_pol->primary_policy_code = htons(ACM_CHINESE_WALL_POLICY);
- bin_pol->secondary_policy_code =
htons(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
-
- bin_pol->len = htonl(sizeof(struct acm_policy_buffer));
- bin_pol->primary_buffer_offset = htons(ntohl(bin_pol->len));
- ret = acm_domain_set_chwallpolicy(push_buffer +
ntohs(bin_pol->primary_buffer_offset),
- MAX_PUSH_BUFFER -
ntohs(bin_pol->primary_buffer_offset));
- if (ret < 0) {
- printf("ERROR creating chwallpolicy buffer.\n");
- return -1;
- }
- bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
- bin_pol->secondary_buffer_offset = htons(ntohl(bin_pol->len));
- ret = acm_domain_set_stepolicy(push_buffer +
ntohs(bin_pol->secondary_buffer_offset),
- MAX_PUSH_BUFFER -
ntohs(bin_pol->secondary_buffer_offset));
- if (ret < 0) {
- printf("ERROR creating chwallpolicy buffer.\n");
- return -1;
- }
- bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
-
- /* dump it and then push it down into xen/acm */
- acm_dump_policy_buffer(push_buffer, ntohl(bin_pol->len));
- op.cmd = POLICY_SETPOLICY;
- op.u.setpolicy.pushcache = (void *)push_buffer;
- op.u.setpolicy.pushcache_size = ntohl(bin_pol->len);
- op.u.setpolicy.policy_type =
ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY;
- ret = do_policy_op(xc_handle, &op);
-
- if (ret)
- printf("ERROR setting policy. Use 'xm dmesg' to see details.\n");
- else
- printf("Successfully changed policy.\n");
- return ret;
-}
-
-/******************************* get policy ******************************/
-
-#define PULL_CACHE_SIZE 8192
-u8 pull_buffer[PULL_CACHE_SIZE];
-int acm_domain_getpolicy(int xc_handle)
-{
- policy_op_t op;
- int ret;
-
- memset(pull_buffer, 0x00, sizeof(pull_buffer));
- op.cmd = POLICY_GETPOLICY;
- op.u.getpolicy.pullcache = (void *)pull_buffer;
- op.u.getpolicy.pullcache_size = sizeof(pull_buffer);
- ret = do_policy_op(xc_handle, &op);
- /* dump policy */
- acm_dump_policy_buffer(pull_buffer, sizeof(pull_buffer));
- return ret;
-}
-
-/************************ load binary policy ******************************/
-
-int acm_domain_loadpolicy(int xc_handle,
- const char *filename)
-{
- struct stat mystat;
- int ret, fd;
- off_t len;
- u8 *buffer;
-
- if ((ret = stat(filename, &mystat))) {
- printf("File %s not found.\n",filename);
- goto out;
- }
-
- len = mystat.st_size;
- if ((buffer = malloc(len)) == NULL) {
- ret = -ENOMEM;
- goto out;
- }
- if ((fd = open(filename, O_RDONLY)) <= 0) {
- ret = -ENOENT;
- printf("File %s not found.\n",filename);
- goto free_out;
- }
- if (len == read(fd, buffer, len)) {
- policy_op_t op;
- /* dump it and then push it down into xen/acm */
- acm_dump_policy_buffer(buffer, len);
- op.cmd = POLICY_SETPOLICY;
- op.u.setpolicy.pushcache = (void *)buffer;
- op.u.setpolicy.pushcache_size = len;
- op.u.setpolicy.policy_type =
ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY;
- ret = do_policy_op(xc_handle, &op);
-
- if (ret)
- printf("ERROR setting policy. Use 'xm dmesg' to see
details.\n");
- else
- printf("Successfully changed policy.\n");
-
- } else {
- ret = -1;
- }
- close(fd);
- free_out:
- free(buffer);
- out:
- return ret;
-}
-
-/************************ dump hook statistics ******************************/
-void
-dump_ste_stats(struct acm_ste_stats_buffer *ste_stats)
-{
- printf("STE-Policy Security Hook Statistics:\n");
- printf("ste: event_channel eval_count = %d\n",
ntohl(ste_stats->ec_eval_count));
- printf("ste: event_channel denied_count = %d\n",
ntohl(ste_stats->ec_denied_count));
- printf("ste: event_channel cache_hit_count = %d\n",
ntohl(ste_stats->ec_cachehit_count));
- printf("ste:\n");
- printf("ste: grant_table eval_count = %d\n",
ntohl(ste_stats->gt_eval_count));
- printf("ste: grant_table denied_count = %d\n",
ntohl(ste_stats->gt_denied_count));
- printf("ste: grant_table cache_hit_count = %d\n",
ntohl(ste_stats->gt_cachehit_count));
-}
-
-#define PULL_STATS_SIZE 8192
-int acm_domain_dumpstats(int xc_handle)
-{
- u8 stats_buffer[PULL_STATS_SIZE];
- policy_op_t op;
- int ret;
- struct acm_stats_buffer *stats;
-
- memset(stats_buffer, 0x00, sizeof(stats_buffer));
- op.cmd = POLICY_DUMPSTATS;
- op.u.dumpstats.pullcache = (void *)stats_buffer;
- op.u.dumpstats.pullcache_size = sizeof(stats_buffer);
- ret = do_policy_op(xc_handle, &op);
-
- if (ret < 0) {
- printf("ERROR dumping policy stats. Use 'xm dmesg' to see details.\n");
- return ret;
- }
- stats = (struct acm_stats_buffer *)stats_buffer;
-
- printf("\nPolicy dump:\n");
- printf("============\n");
- printf("Magic = %x.\n", ntohl(stats->magic));
- printf("PolVer = %x.\n", ntohl(stats->policyversion));
- printf("Len = %x.\n", ntohl(stats->len));
-
- switch(ntohs(stats->primary_policy_code)) {
- case ACM_NULL_POLICY:
- printf("NULL Policy: No statistics apply.\n");
- break;
- case ACM_CHINESE_WALL_POLICY:
- printf("Chinese Wall Policy: No statistics apply.\n");
- break;
- case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
- dump_ste_stats((struct acm_ste_stats_buffer *)(stats_buffer +
ntohs(stats->primary_stats_offset)));
- break;
- default:
- printf("UNKNOWN PRIMARY POLICY ERROR!\n");
- }
- switch(ntohs(stats->secondary_policy_code)) {
- case ACM_NULL_POLICY:
- printf("NULL Policy: No statistics apply.\n");
- break;
- case ACM_CHINESE_WALL_POLICY:
- printf("Chinese Wall Policy: No statistics apply.\n");
- break;
- case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
- dump_ste_stats((struct acm_ste_stats_buffer *)(stats_buffer +
ntohs(stats->secondary_stats_offset)));
- break;
- default:
- printf("UNKNOWN SECONDARY POLICY ERROR!\n");
- }
- return ret;
-}
-
-/***************************** main **************************************/
-
-void
-usage(char *progname){
- printf("Use: %s \n"
- "\t setpolicy\n"
- "\t getpolicy\n"
- "\t dumpstats\n"
- "\t loadpolicy <binary policy file>\n", progname);
- exit(-1);
-}
-
-int
-main(int argc, char **argv) {
-
- int policycmd_fd, ret;
-
- if (argc < 2)
- usage(argv[0]);
-
- if ((policycmd_fd = open("/proc/xen/privcmd", O_RDONLY)) <= 0) {
- printf("ERROR: Could not open xen privcmd device!\n");
- exit(-1);
- }
-
- if (!strcmp(argv[1], "setpolicy")) {
- if (argc != 2)
- usage(argv[0]);
- ret = acm_domain_setpolicy(policycmd_fd);
- } else if (!strcmp(argv[1], "getpolicy")) {
- if (argc != 2)
- usage(argv[0]);
- ret = acm_domain_getpolicy(policycmd_fd);
- } else if (!strcmp(argv[1], "loadpolicy")) {
- if (argc != 3)
- usage(argv[0]);
- ret = acm_domain_loadpolicy(policycmd_fd, argv[2]);
- } else if (!strcmp(argv[1], "dumpstats")) {
- if (argc != 2)
- usage(argv[0]);
- ret = acm_domain_dumpstats(policycmd_fd);
- } else
- usage(argv[0]);
-
- close(policycmd_fd);
- return ret;
-}
diff -r 0301cccd14f1 -r d18f732c0a5f xen/common/policy_ops.c
--- a/xen/common/policy_ops.c Tue Aug 2 09:31:47 2005
+++ /dev/null Tue Aug 2 09:37:00 2005
@@ -1,133 +0,0 @@
-/******************************************************************************
- * policy_ops.c
- *
- * Copyright (C) 2005 IBM Corporation
- *
- * Author:
- * Reiner Sailer <sailer@xxxxxxxxxxxxxx>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * Process policy command requests from guest OS.
- *
- */
-
-#include <xen/config.h>
-#include <xen/types.h>
-#include <xen/lib.h>
-#include <xen/mm.h>
-#include <public/policy_ops.h>
-#include <xen/sched.h>
-#include <xen/event.h>
-#include <xen/trace.h>
-#include <xen/console.h>
-#include <asm/shadow.h>
-#include <public/sched_ctl.h>
-#include <acm/acm_hooks.h>
-
-#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
-
-long do_policy_op(policy_op_t *u_policy_op)
-{
- return -ENOSYS;
-}
-
-#else
-
-typedef enum policyoperation {
- POLICY, /* access to policy interface (early drop) */
- GETPOLICY, /* dump policy cache */
- SETPOLICY, /* set policy cache (controls security) */
- DUMPSTATS /* dump policy statistics */
-} policyoperation_t;
-
-int
-acm_authorize_policyops(struct domain *d, policyoperation_t pops)
-{
- /* all policy management functions are restricted to privileged domains,
- * soon we will introduce finer-grained privileges for policy operations
- */
- if (!IS_PRIV(d)) {
- printk("%s: Policy management authorization denied ERROR!\n",
- __func__);
- return ACM_ACCESS_DENIED;
- }
- return ACM_ACCESS_PERMITTED;
-}
-
-long do_policy_op(policy_op_t *u_policy_op)
-{
- long ret = 0;
- policy_op_t curop, *op = &curop;
-
- /* check here policy decision for policy commands */
- /* for now allow DOM0 only, later indepedently */
- if (acm_authorize_policyops(current->domain, POLICY))
- return -EACCES;
-
- if ( copy_from_user(op, u_policy_op, sizeof(*op)) )
- return -EFAULT;
-
- if ( op->interface_version != POLICY_INTERFACE_VERSION )
- return -EACCES;
-
- switch ( op->cmd )
- {
- case POLICY_SETPOLICY:
- {
- if (acm_authorize_policyops(current->domain, SETPOLICY))
- return -EACCES;
- printkd("%s: setting policy.\n", __func__);
- ret = acm_set_policy(
- op->u.setpolicy.pushcache,
- op->u.setpolicy.pushcache_size,
- op->u.setpolicy.policy_type,
- 1);
- if (ret == ACM_OK)
- ret = 0;
- else
- ret = -ESRCH;
- }
- break;
-
- case POLICY_GETPOLICY:
- {
- if (acm_authorize_policyops(current->domain, GETPOLICY))
- return -EACCES;
- printkd("%s: getting policy.\n", __func__);
- ret = acm_get_policy(
- op->u.getpolicy.pullcache,
- op->u.getpolicy.pullcache_size);
- if (ret == ACM_OK)
- ret = 0;
- else
- ret = -ESRCH;
- }
- break;
-
- case POLICY_DUMPSTATS:
- {
- if (acm_authorize_policyops(current->domain, DUMPSTATS))
- return -EACCES;
- printkd("%s: dumping statistics.\n", __func__);
- ret = acm_dump_statistics(
- op->u.dumpstats.pullcache,
- op->u.dumpstats.pullcache_size);
- if (ret == ACM_OK)
- ret = 0;
- else
- ret = -ESRCH;
- }
- break;
-
- default:
- ret = -ESRCH;
-
- }
- return ret;
-}
-
-#endif
diff -r 0301cccd14f1 -r d18f732c0a5f xen/include/public/policy_ops.h
--- a/xen/include/public/policy_ops.h Tue Aug 2 09:31:47 2005
+++ /dev/null Tue Aug 2 09:37:00 2005
@@ -1,70 +0,0 @@
-/******************************************************************************
- * policy_ops.h
- *
- * Copyright (C) 2005 IBM Corporation
- *
- * Author:
- * Reiner Sailer <sailer@xxxxxxxxxxxxxx>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * Process policy command requests from guest OS.
- * access checked by policy; not restricted to DOM0
- *
- */
-
-#ifndef __XEN_PUBLIC_POLICY_OPS_H__
-#define __XEN_PUBLIC_POLICY_OPS_H__
-
-#include "xen.h"
-#include "sched_ctl.h"
-
-/*
- * Make sure you increment the interface version whenever you modify this file!
- * This makes sure that old versions of policy tools will stop working in a
- * well-defined way (rather than crashing the machine, for instance).
- */
-#define POLICY_INTERFACE_VERSION 0xAAAA0003
-
-/************************************************************************/
-
-#define POLICY_SETPOLICY 4
-typedef struct policy_setpolicy {
- /* IN variables. */
- u16 policy_type;
- /* OUT variables */
- void *pushcache;
- u16 pushcache_size;
-} policy_setpolicy_t;
-
-
-#define POLICY_GETPOLICY 5
-typedef struct policy_getpolicy {
- /* IN variables. */
- u16 policy_type;
- /* OUT variables */
- void *pullcache;
- u16 pullcache_size;
-} policy_getpolicy_t;
-
-#define POLICY_DUMPSTATS 6
-typedef struct policy_dumpstats {
- void *pullcache;
- u16 pullcache_size;
-} policy_dumpstats_t;
-
-
-typedef struct policy_op {
- u32 cmd;
- u32 interface_version; /* POLICY_INTERFACE_VERSION */
- union {
- policy_setpolicy_t setpolicy;
- policy_getpolicy_t getpolicy;
- policy_dumpstats_t dumpstats;
- } u;
-} policy_op_t;
-
-#endif /* __XEN_PUBLIC_POLICY_OPS_H__ */
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home