tools/policy/Makefile | 36 - tools/policy/policy_tool.c | 552 ------------------ tools/Makefile | 2 tools/misc/policyprocessor/Makefile | 42 + tools/misc/policyprocessor/XmlToBin.java | 369 +++++------- tools/misc/policyprocessor/XmlToBinInterface.java | 97 +-- tools/misc/policyprocessor/c2j_include.c | 57 + tools/misc/policyprocessor/xen_sample_def.xml | 2 tools/security/Makefile | 36 + tools/security/secpol_tool.c | 648 ++++++++++++++++++++++ 10 files changed, 1005 insertions(+), 836 deletions(-) Index: xen-unstable.hg-shype/tools/policy/Makefile =================================================================== --- xen-unstable.hg-shype.orig/tools/policy/Makefile +++ /dev/null @@ -1,36 +0,0 @@ -XEN_ROOT = ../.. -include $(XEN_ROOT)/tools/Rules.mk - -SRCS = policy_tool.c -CFLAGS += -static -CFLAGS += -Wall -CFLAGS += -Werror -CFLAGS += -O3 -CFLAGS += -fno-strict-aliasing -CFLAGS += -I. - -all: build -build: mk-symlinks - $(MAKE) policy_tool - -default: all - -install: all - -policy_tool : policy_tool.c - $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $< - -clean: - rm -rf policy_tool xen - - -LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse -mk-symlinks: - [ -e xen/linux ] || mkdir -p xen/linux - [ -e xen/io ] || mkdir -p xen/io - ( cd xen >/dev/null ; \ - ln -sf ../$(XEN_ROOT)/xen/include/public/*.h . ) - ( cd xen/io >/dev/null ; \ - ln -sf ../../$(XEN_ROOT)/xen/include/public/io/*.h . ) - ( cd xen/linux >/dev/null ; \ - ln -sf ../../$(LINUX_ROOT)/include/asm-xen/linux-public/*.h . ) Index: xen-unstable.hg-shype/tools/policy/policy_tool.c =================================================================== --- xen-unstable.hg-shype.orig/tools/policy/policy_tool.c +++ /dev/null @@ -1,552 +0,0 @@ -/**************************************************************** - * policy_tool.c - * - * Copyright (C) 2005 IBM Corporation - * - * Authors: - * Reiner Sailer - * Stefan Berger - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation, version 2 of the - * License. - * - * sHype policy management tool. This code runs in a domain and - * manages the Xen security policy by interacting with the - * Xen access control module via a /proc/xen/privcmd proc-ioctl, - * which is translated into a policy_op hypercall into Xen. - * - * todo: implement setpolicy to dynamically set a policy cache. - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -typedef uint8_t u8; -typedef uint16_t u16; -typedef uint32_t u32; -typedef uint64_t u64; -typedef int8_t s8; -typedef int16_t s16; -typedef int32_t s32; -typedef int64_t s64; - -#include - -#include - -#include - -#define ERROR(_m, _a...) \ - fprintf(stderr, "ERROR: " _m "\n" , ## _a ) - -#define PERROR(_m, _a...) \ - fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a , \ - errno, strerror(errno)) - -static inline int do_policycmd(int xc_handle, - unsigned int cmd, - unsigned long data) -{ - return ioctl(xc_handle, cmd, data); -} - -static inline int do_xen_hypercall(int xc_handle, - privcmd_hypercall_t *hypercall) -{ - return do_policycmd(xc_handle, - IOCTL_PRIVCMD_HYPERCALL, - (unsigned long)hypercall); -} - -static inline int do_policy_op(int xc_handle, policy_op_t *op) -{ - int ret = -1; - privcmd_hypercall_t hypercall; - - op->interface_version = POLICY_INTERFACE_VERSION; - - hypercall.op = __HYPERVISOR_policy_op; - hypercall.arg[0] = (unsigned long)op; - - if ( mlock(op, sizeof(*op)) != 0 ) - { - PERROR("Could not lock memory for Xen policy hypercall"); - goto out1; - } - - if ( (ret = do_xen_hypercall(xc_handle, &hypercall)) < 0 ) - { - if ( errno == EACCES ) - fprintf(stderr, "POLICY operation failed -- need to" - " rebuild the user-space tool set?\n"); - goto out2; - } - - out2: (void)munlock(op, sizeof(*op)); - out1: return ret; -} - -/*************************** DUMPS *******************************/ - -void acm_dump_chinesewall_buffer(void *buf, int buflen) { - - struct acm_chwall_policy_buffer *cwbuf = (struct acm_chwall_policy_buffer *)buf; - domaintype_t *ssids, *conflicts, *running_types, *conflict_aggregate; - int i,j; - - - if (htons(cwbuf->policy_code) != ACM_CHINESE_WALL_POLICY) { - printf("CHINESE WALL POLICY CODE not found ERROR!!\n"); - return; - } - printf("\n\nChinese Wall policy:\n"); - printf("====================\n"); - printf("Max Types = %x.\n", ntohs(cwbuf->chwall_max_types)); - printf("Max Ssidrefs = %x.\n", ntohs(cwbuf->chwall_max_ssidrefs)); - printf("Max ConfSets = %x.\n", ntohs(cwbuf->chwall_max_conflictsets)); - printf("Ssidrefs Off = %x.\n", ntohs(cwbuf->chwall_ssid_offset)); - printf("Conflicts Off = %x.\n", ntohs(cwbuf->chwall_conflict_sets_offset)); - printf("Runing T. Off = %x.\n", ntohs(cwbuf->chwall_running_types_offset)); - printf("C. Agg. Off = %x.\n", ntohs(cwbuf->chwall_conflict_aggregate_offset)); - printf("\nSSID To CHWALL-Type matrix:\n"); - - ssids = (domaintype_t *)(buf + ntohs(cwbuf->chwall_ssid_offset)); - for(i=0; i< ntohs(cwbuf->chwall_max_ssidrefs); i++) { - printf("\n ssidref%2x: ", i); - for(j=0; j< ntohs(cwbuf->chwall_max_types); j++) - printf("%02x ", ntohs(ssids[i*ntohs(cwbuf->chwall_max_types) + j])); - } - printf("\n\nConfict Sets:\n"); - conflicts = (domaintype_t *)(buf + ntohs(cwbuf->chwall_conflict_sets_offset)); - for(i=0; i< ntohs(cwbuf->chwall_max_conflictsets); i++) { - printf("\n c-set%2x: ", i); - for(j=0; j< ntohs(cwbuf->chwall_max_types); j++) - printf("%02x ", ntohs(conflicts[i*ntohs(cwbuf->chwall_max_types) +j])); - } - printf("\n"); - - printf("\nRunning\nTypes: "); - if (ntohs(cwbuf->chwall_running_types_offset)) { - running_types = (domaintype_t *)(buf + ntohs(cwbuf->chwall_running_types_offset)); - for(i=0; i< ntohs(cwbuf->chwall_max_types); i++) { - printf("%02x ", ntohs(running_types[i])); - } - printf("\n"); - } else { - printf("Not Reported!\n"); - } - printf("\nConflict\nAggregate Set: "); - if (ntohs(cwbuf->chwall_conflict_aggregate_offset)) { - conflict_aggregate = (domaintype_t *)(buf + ntohs(cwbuf->chwall_conflict_aggregate_offset)); - for(i=0; i< ntohs(cwbuf->chwall_max_types); i++) { - printf("%02x ", ntohs(conflict_aggregate[i])); - } - printf("\n\n"); - } else { - printf("Not Reported!\n"); - } -} - -void acm_dump_ste_buffer(void *buf, int buflen) { - - struct acm_ste_policy_buffer *stebuf = (struct acm_ste_policy_buffer *)buf; - domaintype_t *ssids; - int i,j; - - - if (ntohs(stebuf->policy_code) != ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) { - printf("SIMPLE TYPE ENFORCEMENT POLICY CODE not found ERROR!!\n"); - return; - } - printf("\nSimple Type Enforcement policy:\n"); - printf("===============================\n"); - printf("Max Types = %x.\n", ntohs(stebuf->ste_max_types)); - printf("Max Ssidrefs = %x.\n", ntohs(stebuf->ste_max_ssidrefs)); - printf("Ssidrefs Off = %x.\n", ntohs(stebuf->ste_ssid_offset)); - printf("\nSSID To STE-Type matrix:\n"); - - ssids = (domaintype_t *)(buf + ntohs(stebuf->ste_ssid_offset)); - for(i=0; i< ntohs(stebuf->ste_max_ssidrefs); i++) { - printf("\n ssidref%2x: ", i); - for(j=0; j< ntohs(stebuf->ste_max_types); j++) - printf("%02x ", ntohs(ssids[i*ntohs(stebuf->ste_max_types) +j])); - } - printf("\n\n"); -} - -void acm_dump_policy_buffer(void *buf, int buflen) { - struct acm_policy_buffer *pol = (struct acm_policy_buffer *)buf; - - printf("\nPolicy dump:\n"); - printf("============\n"); - printf("Magic = %x.\n", ntohl(pol->magic)); - printf("PolVer = %x.\n", ntohl(pol->policyversion)); - printf("Len = %x.\n", ntohl(pol->len)); - printf("Primary = %s (c=%x, off=%x).\n", - ACM_POLICY_NAME(ntohs(pol->primary_policy_code)), - ntohs(pol->primary_policy_code), ntohs(pol->primary_buffer_offset)); - printf("Secondary = %s (c=%x, off=%x).\n", - ACM_POLICY_NAME(ntohs(pol->secondary_policy_code)), - ntohs(pol->secondary_policy_code), ntohs(pol->secondary_buffer_offset)); - switch (ntohs(pol->primary_policy_code)) { - case ACM_CHINESE_WALL_POLICY: - acm_dump_chinesewall_buffer(buf+ntohs(pol->primary_buffer_offset), - ntohl(pol->len) - ntohs(pol->primary_buffer_offset)); - break; - case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: - acm_dump_ste_buffer(buf+ntohs(pol->primary_buffer_offset), - ntohl(pol->len) - ntohs(pol->primary_buffer_offset)); - break; - case ACM_NULL_POLICY: - printf("Primary policy is NULL Policy (n/a).\n"); - break; - default: - printf("UNKNOWN POLICY!\n"); - } - switch (ntohs(pol->secondary_policy_code)) { - case ACM_CHINESE_WALL_POLICY: - acm_dump_chinesewall_buffer(buf+ntohs(pol->secondary_buffer_offset), - ntohl(pol->len) - ntohs(pol->secondary_buffer_offset)); - break; - case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: - acm_dump_ste_buffer(buf+ntohs(pol->secondary_buffer_offset), - ntohl(pol->len) - ntohs(pol->secondary_buffer_offset)); - break; - case ACM_NULL_POLICY: - printf("Secondary policy is NULL Policy (n/a).\n"); - break; - default: - printf("UNKNOWN POLICY!\n"); - } -} - -/*************************** set policy ****************************/ - -int acm_domain_set_chwallpolicy(void *bufstart, int buflen) { -#define CWALL_MAX_SSIDREFS 6 -#define CWALL_MAX_TYPES 10 -#define CWALL_MAX_CONFLICTSETS 2 - - struct acm_chwall_policy_buffer *chwall_bin_pol = (struct acm_chwall_policy_buffer *)bufstart; - domaintype_t *ssidrefs, *conflicts; - int ret = 0; - int j; - - chwall_bin_pol->chwall_max_types = htons(CWALL_MAX_TYPES); - chwall_bin_pol->chwall_max_ssidrefs = htons(CWALL_MAX_SSIDREFS); - chwall_bin_pol->policy_code = htons(ACM_CHINESE_WALL_POLICY); - chwall_bin_pol->chwall_ssid_offset = htons(sizeof(struct acm_chwall_policy_buffer)); - chwall_bin_pol->chwall_max_conflictsets = htons(CWALL_MAX_CONFLICTSETS); - chwall_bin_pol->chwall_conflict_sets_offset = - htons( - ntohs(chwall_bin_pol->chwall_ssid_offset) + - sizeof(domaintype_t)*CWALL_MAX_SSIDREFS*CWALL_MAX_TYPES); - chwall_bin_pol->chwall_running_types_offset = 0; /* not set */ - chwall_bin_pol->chwall_conflict_aggregate_offset = 0; /* not set */ - ret += sizeof(struct acm_chwall_policy_buffer); - /* now push example ssids into the buffer (max_ssidrefs x max_types entries) */ - /* check buffer size */ - if ((buflen - ret) < (CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t))) - return -1; /* not enough space */ - - ssidrefs = (domaintype_t *)(bufstart+ntohs(chwall_bin_pol->chwall_ssid_offset)); - memset(ssidrefs, 0, CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t)); - - /* now set type j-1 for ssidref i+1 */ - for(j=0; j<= CWALL_MAX_SSIDREFS; j++) - if ((0 < j) &&( j <= CWALL_MAX_TYPES)) - ssidrefs[j*CWALL_MAX_TYPES + j - 1] = htons(1); - - ret += CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t); - if ((buflen - ret) < (CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES*sizeof(domaintype_t))) - return -1; /* not enough space */ - - /* now the chinese wall policy conflict sets*/ - conflicts = (domaintype_t *)(bufstart + - ntohs(chwall_bin_pol->chwall_conflict_sets_offset)); - memset((void *)conflicts, 0, CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES*sizeof(domaintype_t)); - /* just 1 conflict set [0]={2,3}, [1]={1,5,6} */ - if (CWALL_MAX_TYPES > 3) { - conflicts[2] = htons(1); conflicts[3] = htons(1); /* {2,3} */ - conflicts[CWALL_MAX_TYPES+1] = htons(1); conflicts[CWALL_MAX_TYPES+5] = htons(1); - conflicts[CWALL_MAX_TYPES+6] = htons(1);/* {0,5,6} */ - } - ret += sizeof(domaintype_t)*CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES; - return ret; -} - -int acm_domain_set_stepolicy(void *bufstart, int buflen) { -#define STE_MAX_SSIDREFS 6 -#define STE_MAX_TYPES 5 - - struct acm_ste_policy_buffer *ste_bin_pol = (struct acm_ste_policy_buffer *)bufstart; - domaintype_t *ssidrefs; - int j, ret = 0; - - ste_bin_pol->ste_max_types = htons(STE_MAX_TYPES); - ste_bin_pol->ste_max_ssidrefs = htons(STE_MAX_SSIDREFS); - ste_bin_pol->policy_code = htons(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); - ste_bin_pol->ste_ssid_offset = htons(sizeof(struct acm_ste_policy_buffer)); - ret += sizeof(struct acm_ste_policy_buffer); - /* check buffer size */ - if ((buflen - ret) < (STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t))) - return -1; /* not enough space */ - - ssidrefs = (domaintype_t *)(bufstart+ntohs(ste_bin_pol->ste_ssid_offset)); - memset(ssidrefs, 0, STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t)); - /* all types 1 for ssidref 1 */ - for(j=0; j< STE_MAX_TYPES; j++) - ssidrefs[1*STE_MAX_TYPES +j] = htons(1); - /* now set type j-1 for ssidref j */ - for(j=0; j< STE_MAX_SSIDREFS; j++) - if ((0 < j) &&( j <= STE_MAX_TYPES)) - ssidrefs[j*STE_MAX_TYPES + j - 1] = htons(1); - ret += STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t); - return ret; -} - -#define MAX_PUSH_BUFFER 16384 -u8 push_buffer[MAX_PUSH_BUFFER]; - -int acm_domain_setpolicy(int xc_handle) -{ - int ret; - struct acm_policy_buffer *bin_pol; - policy_op_t op; - - /* future: read policy from file and set it */ - bin_pol = (struct acm_policy_buffer *)push_buffer; - bin_pol->magic = htonl(ACM_MAGIC); - bin_pol->policyversion = htonl(POLICY_INTERFACE_VERSION); - bin_pol->primary_policy_code = htons(ACM_CHINESE_WALL_POLICY); - bin_pol->secondary_policy_code = htons(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); - - bin_pol->len = htonl(sizeof(struct acm_policy_buffer)); - bin_pol->primary_buffer_offset = htons(ntohl(bin_pol->len)); - ret = acm_domain_set_chwallpolicy(push_buffer + ntohs(bin_pol->primary_buffer_offset), - MAX_PUSH_BUFFER - ntohs(bin_pol->primary_buffer_offset)); - if (ret < 0) { - printf("ERROR creating chwallpolicy buffer.\n"); - return -1; - } - bin_pol->len = htonl(ntohl(bin_pol->len) + ret); - bin_pol->secondary_buffer_offset = htons(ntohl(bin_pol->len)); - ret = acm_domain_set_stepolicy(push_buffer + ntohs(bin_pol->secondary_buffer_offset), - MAX_PUSH_BUFFER - ntohs(bin_pol->secondary_buffer_offset)); - if (ret < 0) { - printf("ERROR creating chwallpolicy buffer.\n"); - return -1; - } - bin_pol->len = htonl(ntohl(bin_pol->len) + ret); - - /* dump it and then push it down into xen/acm */ - acm_dump_policy_buffer(push_buffer, ntohl(bin_pol->len)); - op.cmd = POLICY_SETPOLICY; - op.u.setpolicy.pushcache = (void *)push_buffer; - op.u.setpolicy.pushcache_size = ntohl(bin_pol->len); - op.u.setpolicy.policy_type = ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY; - ret = do_policy_op(xc_handle, &op); - - if (ret) - printf("ERROR setting policy. Use 'xm dmesg' to see details.\n"); - else - printf("Successfully changed policy.\n"); - return ret; -} - -/******************************* get policy ******************************/ - -#define PULL_CACHE_SIZE 8192 -u8 pull_buffer[PULL_CACHE_SIZE]; -int acm_domain_getpolicy(int xc_handle) -{ - policy_op_t op; - int ret; - - memset(pull_buffer, 0x00, sizeof(pull_buffer)); - op.cmd = POLICY_GETPOLICY; - op.u.getpolicy.pullcache = (void *)pull_buffer; - op.u.getpolicy.pullcache_size = sizeof(pull_buffer); - ret = do_policy_op(xc_handle, &op); - /* dump policy */ - acm_dump_policy_buffer(pull_buffer, sizeof(pull_buffer)); - return ret; -} - -/************************ load binary policy ******************************/ - -int acm_domain_loadpolicy(int xc_handle, - const char *filename) -{ - struct stat mystat; - int ret, fd; - off_t len; - u8 *buffer; - - if ((ret = stat(filename, &mystat))) { - printf("File %s not found.\n",filename); - goto out; - } - - len = mystat.st_size; - if ((buffer = malloc(len)) == NULL) { - ret = -ENOMEM; - goto out; - } - if ((fd = open(filename, O_RDONLY)) <= 0) { - ret = -ENOENT; - printf("File %s not found.\n",filename); - goto free_out; - } - if (len == read(fd, buffer, len)) { - policy_op_t op; - /* dump it and then push it down into xen/acm */ - acm_dump_policy_buffer(buffer, len); - op.cmd = POLICY_SETPOLICY; - op.u.setpolicy.pushcache = (void *)buffer; - op.u.setpolicy.pushcache_size = len; - op.u.setpolicy.policy_type = ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY; - ret = do_policy_op(xc_handle, &op); - - if (ret) - printf("ERROR setting policy. Use 'xm dmesg' to see details.\n"); - else - printf("Successfully changed policy.\n"); - - } else { - ret = -1; - } - close(fd); - free_out: - free(buffer); - out: - return ret; -} - -/************************ dump hook statistics ******************************/ -void -dump_ste_stats(struct acm_ste_stats_buffer *ste_stats) -{ - printf("STE-Policy Security Hook Statistics:\n"); - printf("ste: event_channel eval_count = %d\n", ntohl(ste_stats->ec_eval_count)); - printf("ste: event_channel denied_count = %d\n", ntohl(ste_stats->ec_denied_count)); - printf("ste: event_channel cache_hit_count = %d\n", ntohl(ste_stats->ec_cachehit_count)); - printf("ste:\n"); - printf("ste: grant_table eval_count = %d\n", ntohl(ste_stats->gt_eval_count)); - printf("ste: grant_table denied_count = %d\n", ntohl(ste_stats->gt_denied_count)); - printf("ste: grant_table cache_hit_count = %d\n", ntohl(ste_stats->gt_cachehit_count)); -} - -#define PULL_STATS_SIZE 8192 -int acm_domain_dumpstats(int xc_handle) -{ - u8 stats_buffer[PULL_STATS_SIZE]; - policy_op_t op; - int ret; - struct acm_stats_buffer *stats; - - memset(stats_buffer, 0x00, sizeof(stats_buffer)); - op.cmd = POLICY_DUMPSTATS; - op.u.dumpstats.pullcache = (void *)stats_buffer; - op.u.dumpstats.pullcache_size = sizeof(stats_buffer); - ret = do_policy_op(xc_handle, &op); - - if (ret < 0) { - printf("ERROR dumping policy stats. Use 'xm dmesg' to see details.\n"); - return ret; - } - stats = (struct acm_stats_buffer *)stats_buffer; - - printf("\nPolicy dump:\n"); - printf("============\n"); - printf("Magic = %x.\n", ntohl(stats->magic)); - printf("PolVer = %x.\n", ntohl(stats->policyversion)); - printf("Len = %x.\n", ntohl(stats->len)); - - switch(ntohs(stats->primary_policy_code)) { - case ACM_NULL_POLICY: - printf("NULL Policy: No statistics apply.\n"); - break; - case ACM_CHINESE_WALL_POLICY: - printf("Chinese Wall Policy: No statistics apply.\n"); - break; - case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: - dump_ste_stats((struct acm_ste_stats_buffer *)(stats_buffer + ntohs(stats->primary_stats_offset))); - break; - default: - printf("UNKNOWN PRIMARY POLICY ERROR!\n"); - } - switch(ntohs(stats->secondary_policy_code)) { - case ACM_NULL_POLICY: - printf("NULL Policy: No statistics apply.\n"); - break; - case ACM_CHINESE_WALL_POLICY: - printf("Chinese Wall Policy: No statistics apply.\n"); - break; - case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: - dump_ste_stats((struct acm_ste_stats_buffer *)(stats_buffer + ntohs(stats->secondary_stats_offset))); - break; - default: - printf("UNKNOWN SECONDARY POLICY ERROR!\n"); - } - return ret; -} - -/***************************** main **************************************/ - -void -usage(char *progname){ - printf("Use: %s \n" - "\t setpolicy\n" - "\t getpolicy\n" - "\t dumpstats\n" - "\t loadpolicy \n", progname); - exit(-1); -} - -int -main(int argc, char **argv) { - - int policycmd_fd, ret; - - if (argc < 2) - usage(argv[0]); - - if ((policycmd_fd = open("/proc/xen/privcmd", O_RDONLY)) <= 0) { - printf("ERROR: Could not open xen privcmd device!\n"); - exit(-1); - } - - if (!strcmp(argv[1], "setpolicy")) { - if (argc != 2) - usage(argv[0]); - ret = acm_domain_setpolicy(policycmd_fd); - } else if (!strcmp(argv[1], "getpolicy")) { - if (argc != 2) - usage(argv[0]); - ret = acm_domain_getpolicy(policycmd_fd); - } else if (!strcmp(argv[1], "loadpolicy")) { - if (argc != 3) - usage(argv[0]); - ret = acm_domain_loadpolicy(policycmd_fd, argv[2]); - } else if (!strcmp(argv[1], "dumpstats")) { - if (argc != 2) - usage(argv[0]); - ret = acm_domain_dumpstats(policycmd_fd); - } else - usage(argv[0]); - - close(policycmd_fd); - return ret; -} Index: xen-unstable.hg-shype/tools/Makefile =================================================================== --- xen-unstable.hg-shype.orig/tools/Makefile +++ xen-unstable.hg-shype/tools/Makefile @@ -12,7 +12,7 @@ SUBDIRS += xcs SUBDIRS += xcutils SUBDIRS += pygrub SUBDIRS += firmware -SUBDIRS += policy +SUBDIRS += security .PHONY: all install clean check check_clean ioemu eioemuinstall ioemuclean Index: xen-unstable.hg-shype/tools/security/Makefile =================================================================== --- /dev/null +++ xen-unstable.hg-shype/tools/security/Makefile @@ -0,0 +1,36 @@ +XEN_ROOT = ../.. +include $(XEN_ROOT)/tools/Rules.mk + +SRCS = secpol_tool.c +CFLAGS += -static +CFLAGS += -Wall +CFLAGS += -Werror +CFLAGS += -O3 +CFLAGS += -fno-strict-aliasing +CFLAGS += -I. + +all: build +build: mk-symlinks + $(MAKE) secpol_tool + +default: all + +install: all + +secpol_tool : secpol_tool.c + $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $< + +clean: + rm -rf secpol_tool xen + + +LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse +mk-symlinks: + [ -e xen/linux ] || mkdir -p xen/linux + [ -e xen/io ] || mkdir -p xen/io + ( cd xen >/dev/null ; \ + ln -sf ../$(XEN_ROOT)/xen/include/public/*.h . ) + ( cd xen/io >/dev/null ; \ + ln -sf ../../$(XEN_ROOT)/xen/include/public/io/*.h . ) + ( cd xen/linux >/dev/null ; \ + ln -sf ../../$(LINUX_ROOT)/include/asm-xen/linux-public/*.h . ) Index: xen-unstable.hg-shype/tools/security/secpol_tool.c =================================================================== --- /dev/null +++ xen-unstable.hg-shype/tools/security/secpol_tool.c @@ -0,0 +1,648 @@ +/**************************************************************** + * secpol_tool.c + * + * Copyright (C) 2005 IBM Corporation + * + * Authors: + * Reiner Sailer + * Stefan Berger + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + * + * sHype policy management tool. This code runs in a domain and + * manages the Xen security policy by interacting with the + * Xen access control module via a /proc/xen/privcmd proc-ioctl, + * which is translated into a acm_op hypercall into Xen. + * + * indent -i4 -kr -nut + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +typedef uint8_t u8; +typedef uint16_t u16; +typedef uint32_t u32; +typedef uint64_t u64; +typedef int8_t s8; +typedef int16_t s16; +typedef int32_t s32; +typedef int64_t s64; + +#include +#include +#include + +#define PERROR(_m, _a...) \ +fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a , \ + errno, strerror(errno)) + +static inline int do_policycmd(int xc_handle, unsigned int cmd, + unsigned long data) +{ + return ioctl(xc_handle, cmd, data); +} + +static inline int do_xen_hypercall(int xc_handle, + privcmd_hypercall_t * hypercall) +{ + return do_policycmd(xc_handle, + IOCTL_PRIVCMD_HYPERCALL, + (unsigned long) hypercall); +} + +static inline int do_acm_op(int xc_handle, acm_op_t * op) +{ + int ret = -1; + privcmd_hypercall_t hypercall; + + op->interface_version = ACM_INTERFACE_VERSION; + + hypercall.op = __HYPERVISOR_acm_op; + hypercall.arg[0] = (unsigned long) op; + + if (mlock(op, sizeof(*op)) != 0) + { + PERROR("Could not lock memory for Xen policy hypercall"); + goto out1; + } + + if ((ret = do_xen_hypercall(xc_handle, &hypercall)) < 0) + { + if (errno == EACCES) + fprintf(stderr, "ACM operation failed -- need to" + " rebuild the user-space tool set?\n"); + goto out2; + } + + out2:(void) munlock(op, sizeof(*op)); + out1:return ret; +} + +/*************************** DUMPS *******************************/ + +void acm_dump_chinesewall_buffer(void *buf, int buflen) +{ + + struct acm_chwall_policy_buffer *cwbuf = + (struct acm_chwall_policy_buffer *) buf; + domaintype_t *ssids, *conflicts, *running_types, *conflict_aggregate; + int i, j; + + + if (htonl(cwbuf->policy_code) != ACM_CHINESE_WALL_POLICY) + { + printf("CHINESE WALL POLICY CODE not found ERROR!!\n"); + return; + } + printf("\n\nChinese Wall policy:\n"); + printf("====================\n"); + printf("Policy version= %x.\n", ntohl(cwbuf->policy_version)); + printf("Max Types = %x.\n", ntohl(cwbuf->chwall_max_types)); + printf("Max Ssidrefs = %x.\n", ntohl(cwbuf->chwall_max_ssidrefs)); + printf("Max ConfSets = %x.\n", ntohl(cwbuf->chwall_max_conflictsets)); + printf("Ssidrefs Off = %x.\n", ntohl(cwbuf->chwall_ssid_offset)); + printf("Conflicts Off = %x.\n", + ntohl(cwbuf->chwall_conflict_sets_offset)); + printf("Runing T. Off = %x.\n", + ntohl(cwbuf->chwall_running_types_offset)); + printf("C. Agg. Off = %x.\n", + ntohl(cwbuf->chwall_conflict_aggregate_offset)); + printf("\nSSID To CHWALL-Type matrix:\n"); + + ssids = (domaintype_t *) (buf + ntohl(cwbuf->chwall_ssid_offset)); + for (i = 0; i < ntohl(cwbuf->chwall_max_ssidrefs); i++) + { + printf("\n ssidref%2x: ", i); + for (j = 0; j < ntohl(cwbuf->chwall_max_types); j++) + printf("%02x ", + ntohs(ssids[i * ntohl(cwbuf->chwall_max_types) + j])); + } + printf("\n\nConfict Sets:\n"); + conflicts = + (domaintype_t *) (buf + ntohl(cwbuf->chwall_conflict_sets_offset)); + for (i = 0; i < ntohl(cwbuf->chwall_max_conflictsets); i++) + { + printf("\n c-set%2x: ", i); + for (j = 0; j < ntohl(cwbuf->chwall_max_types); j++) + printf("%02x ", + ntohs(conflicts + [i * ntohl(cwbuf->chwall_max_types) + j])); + } + printf("\n"); + + printf("\nRunning\nTypes: "); + if (ntohl(cwbuf->chwall_running_types_offset)) + { + running_types = + (domaintype_t *) (buf + + ntohl(cwbuf->chwall_running_types_offset)); + for (i = 0; i < ntohl(cwbuf->chwall_max_types); i++) + { + printf("%02x ", ntohs(running_types[i])); + } + printf("\n"); + } else { + printf("Not Reported!\n"); + } + printf("\nConflict\nAggregate Set: "); + if (ntohl(cwbuf->chwall_conflict_aggregate_offset)) + { + conflict_aggregate = + (domaintype_t *) (buf + + ntohl(cwbuf->chwall_conflict_aggregate_offset)); + for (i = 0; i < ntohl(cwbuf->chwall_max_types); i++) + { + printf("%02x ", ntohs(conflict_aggregate[i])); + } + printf("\n\n"); + } else { + printf("Not Reported!\n"); + } +} + +void acm_dump_ste_buffer(void *buf, int buflen) +{ + + struct acm_ste_policy_buffer *stebuf = + (struct acm_ste_policy_buffer *) buf; + domaintype_t *ssids; + int i, j; + + + if (ntohl(stebuf->policy_code) != ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) { + printf("SIMPLE TYPE ENFORCEMENT POLICY CODE not found ERROR!!\n"); + return; + } + printf("\nSimple Type Enforcement policy:\n"); + printf("===============================\n"); + printf("Policy version= %x.\n", ntohl(stebuf->policy_version)); + printf("Max Types = %x.\n", ntohl(stebuf->ste_max_types)); + printf("Max Ssidrefs = %x.\n", ntohl(stebuf->ste_max_ssidrefs)); + printf("Ssidrefs Off = %x.\n", ntohl(stebuf->ste_ssid_offset)); + printf("\nSSID To STE-Type matrix:\n"); + + ssids = (domaintype_t *) (buf + ntohl(stebuf->ste_ssid_offset)); + for (i = 0; i < ntohl(stebuf->ste_max_ssidrefs); i++) + { + printf("\n ssidref%2x: ", i); + for (j = 0; j < ntohl(stebuf->ste_max_types); j++) + printf("%02x ", ntohs(ssids[i * ntohl(stebuf->ste_max_types) + j])); + } + printf("\n\n"); +} + +void acm_dump_policy_buffer(void *buf, int buflen) +{ + struct acm_policy_buffer *pol = (struct acm_policy_buffer *) buf; + + printf("\nPolicy dump:\n"); + printf("============\n"); + printf("PolicyVer = %x.\n", ntohl(pol->policy_version)); + printf("Magic = %x.\n", ntohl(pol->magic)); + printf("Len = %x.\n", ntohl(pol->len)); + printf("Primary = %s (c=%x, off=%x).\n", + ACM_POLICY_NAME(ntohl(pol->primary_policy_code)), + ntohl(pol->primary_policy_code), + ntohl(pol->primary_buffer_offset)); + printf("Secondary = %s (c=%x, off=%x).\n", + ACM_POLICY_NAME(ntohl(pol->secondary_policy_code)), + ntohl(pol->secondary_policy_code), + ntohl(pol->secondary_buffer_offset)); + switch (ntohl(pol->primary_policy_code)) + { + case ACM_CHINESE_WALL_POLICY: + acm_dump_chinesewall_buffer(buf + + ntohl(pol->primary_buffer_offset), + ntohl(pol->len) - + ntohl(pol->primary_buffer_offset)); + break; + + case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: + acm_dump_ste_buffer(buf + ntohl(pol->primary_buffer_offset), + ntohl(pol->len) - + ntohl(pol->primary_buffer_offset)); + break; + + case ACM_NULL_POLICY: + printf("Primary policy is NULL Policy (n/a).\n"); + break; + + default: + printf("UNKNOWN POLICY!\n"); + } + + switch (ntohl(pol->secondary_policy_code)) + { + case ACM_CHINESE_WALL_POLICY: + acm_dump_chinesewall_buffer(buf + + ntohl(pol->secondary_buffer_offset), + ntohl(pol->len) - + ntohl(pol->secondary_buffer_offset)); + break; + + case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: + acm_dump_ste_buffer(buf + ntohl(pol->secondary_buffer_offset), + ntohl(pol->len) - + ntohl(pol->secondary_buffer_offset)); + break; + + case ACM_NULL_POLICY: + printf("Secondary policy is NULL Policy (n/a).\n"); + break; + + default: + printf("UNKNOWN POLICY!\n"); + } +} + +/*************************** set policy ****************************/ + +int acm_domain_set_chwallpolicy(void *bufstart, int buflen) +{ +#define CWALL_MAX_SSIDREFS 6 +#define CWALL_MAX_TYPES 10 +#define CWALL_MAX_CONFLICTSETS 2 + + struct acm_chwall_policy_buffer *chwall_bin_pol = + (struct acm_chwall_policy_buffer *) bufstart; + domaintype_t *ssidrefs, *conflicts; + int ret = 0; + int j; + + chwall_bin_pol->chwall_max_types = htonl(CWALL_MAX_TYPES); + chwall_bin_pol->chwall_max_ssidrefs = htonl(CWALL_MAX_SSIDREFS); + chwall_bin_pol->policy_code = htonl(ACM_CHINESE_WALL_POLICY); + chwall_bin_pol->policy_version = htonl(ACM_CHWALL_VERSION); + chwall_bin_pol->chwall_ssid_offset = + htonl(sizeof(struct acm_chwall_policy_buffer)); + chwall_bin_pol->chwall_max_conflictsets = + htonl(CWALL_MAX_CONFLICTSETS); + chwall_bin_pol->chwall_conflict_sets_offset = + htonl(ntohl(chwall_bin_pol->chwall_ssid_offset) + + sizeof(domaintype_t) * CWALL_MAX_SSIDREFS * CWALL_MAX_TYPES); + chwall_bin_pol->chwall_running_types_offset = 0; /* not set */ + chwall_bin_pol->chwall_conflict_aggregate_offset = 0; /* not set */ + ret += sizeof(struct acm_chwall_policy_buffer); + /* now push example ssids into the buffer (max_ssidrefs x max_types entries) */ + /* check buffer size */ + if ((buflen - ret) < + (CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t))) + return -1; /* not enough space */ + + ssidrefs = (domaintype_t *) (bufstart + + ntohl(chwall_bin_pol->chwall_ssid_offset)); + memset(ssidrefs, 0, + CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t)); + + /* now set type j-1 for ssidref i+1 */ + for (j = 0; j <= CWALL_MAX_SSIDREFS; j++) + if ((0 < j) && (j <= CWALL_MAX_TYPES)) + ssidrefs[j * CWALL_MAX_TYPES + j - 1] = htons(1); + + ret += CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t); + if ((buflen - ret) < + (CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES * sizeof(domaintype_t))) + return -1; /* not enough space */ + + /* now the chinese wall policy conflict sets */ + conflicts = (domaintype_t *) (bufstart + + ntohl(chwall_bin_pol-> + chwall_conflict_sets_offset)); + memset((void *) conflicts, 0, + CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES * + sizeof(domaintype_t)); + /* just 1 conflict set [0]={2,3}, [1]={1,5,6} */ + if (CWALL_MAX_TYPES > 3) + { + conflicts[2] = htons(1); + conflicts[3] = htons(1); /* {2,3} */ + conflicts[CWALL_MAX_TYPES + 1] = htons(1); + conflicts[CWALL_MAX_TYPES + 5] = htons(1); + conflicts[CWALL_MAX_TYPES + 6] = htons(1); /* {0,5,6} */ + } + ret += sizeof(domaintype_t) * CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES; + return ret; +} + +int acm_domain_set_stepolicy(void *bufstart, int buflen) +{ +#define STE_MAX_SSIDREFS 6 +#define STE_MAX_TYPES 5 + + struct acm_ste_policy_buffer *ste_bin_pol = + (struct acm_ste_policy_buffer *) bufstart; + domaintype_t *ssidrefs; + int j, ret = 0; + + ste_bin_pol->ste_max_types = htonl(STE_MAX_TYPES); + ste_bin_pol->ste_max_ssidrefs = htonl(STE_MAX_SSIDREFS); + ste_bin_pol->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); + ste_bin_pol->policy_version = htonl(ACM_STE_VERSION); + ste_bin_pol->ste_ssid_offset = + htonl(sizeof(struct acm_ste_policy_buffer)); + ret += sizeof(struct acm_ste_policy_buffer); + /* check buffer size */ + if ((buflen - ret) < + (STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t))) + return -1; /* not enough space */ + + ssidrefs = + (domaintype_t *) (bufstart + ntohl(ste_bin_pol->ste_ssid_offset)); + memset(ssidrefs, 0, + STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t)); + /* all types 1 for ssidref 1 */ + for (j = 0; j < STE_MAX_TYPES; j++) + ssidrefs[1 * STE_MAX_TYPES + j] = htons(1); + /* now set type j-1 for ssidref j */ + for (j = 0; j < STE_MAX_SSIDREFS; j++) + if ((0 < j) && (j <= STE_MAX_TYPES)) + ssidrefs[j * STE_MAX_TYPES + j - 1] = htons(1); + ret += STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t); + return ret; +} + +#define MAX_PUSH_BUFFER 16384 +u8 push_buffer[MAX_PUSH_BUFFER]; + +int acm_domain_setpolicy(int xc_handle) +{ + int ret; + struct acm_policy_buffer *bin_pol; + acm_op_t op; + + /* future: read policy from file and set it */ + bin_pol = (struct acm_policy_buffer *) push_buffer; + bin_pol->policy_version = htonl(ACM_POLICY_VERSION); + bin_pol->magic = htonl(ACM_MAGIC); + bin_pol->primary_policy_code = htonl(ACM_CHINESE_WALL_POLICY); + bin_pol->secondary_policy_code = + htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); + + bin_pol->len = htonl(sizeof(struct acm_policy_buffer)); + bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len)); + ret = + acm_domain_set_chwallpolicy(push_buffer + + ntohl(bin_pol->primary_buffer_offset), + MAX_PUSH_BUFFER - + ntohl(bin_pol->primary_buffer_offset)); + if (ret < 0) + { + printf("ERROR creating chwallpolicy buffer.\n"); + return -1; + } + bin_pol->len = htonl(ntohl(bin_pol->len) + ret); + bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len)); + ret = acm_domain_set_stepolicy(push_buffer + + ntohl(bin_pol->secondary_buffer_offset), + MAX_PUSH_BUFFER - + ntohl(bin_pol->secondary_buffer_offset)); + if (ret < 0) + { + printf("ERROR creating chwallpolicy buffer.\n"); + return -1; + } + bin_pol->len = htonl(ntohl(bin_pol->len) + ret); + + /* dump it and then push it down into xen/acm */ + acm_dump_policy_buffer(push_buffer, ntohl(bin_pol->len)); + + op.cmd = ACM_SETPOLICY; + op.interface_version = ACM_INTERFACE_VERSION; + op.u.setpolicy.pushcache = (void *) push_buffer; + op.u.setpolicy.pushcache_size = ntohl(bin_pol->len); + ret = do_acm_op(xc_handle, &op); + + if (ret) + printf("ERROR setting policy. Use 'xm dmesg' to see details.\n"); + else + printf("Successfully changed policy.\n"); + + return ret; +} + +/******************************* get policy ******************************/ + +#define PULL_CACHE_SIZE 8192 +u8 pull_buffer[PULL_CACHE_SIZE]; +int acm_domain_getpolicy(int xc_handle) +{ + acm_op_t op; + int ret; + + memset(pull_buffer, 0x00, sizeof(pull_buffer)); + op.cmd = ACM_GETPOLICY; + op.interface_version = ACM_INTERFACE_VERSION; + op.u.getpolicy.pullcache = (void *) pull_buffer; + op.u.getpolicy.pullcache_size = sizeof(pull_buffer); + ret = do_acm_op(xc_handle, &op); + /* dump policy */ + acm_dump_policy_buffer(pull_buffer, sizeof(pull_buffer)); + return ret; +} + +/************************ load binary policy ******************************/ + +int acm_domain_loadpolicy(int xc_handle, const char *filename) +{ + struct stat mystat; + int ret, fd; + off_t len; + u8 *buffer; + + if ((ret = stat(filename, &mystat))) + { + printf("File %s not found.\n", filename); + goto out; + } + + len = mystat.st_size; + if ((buffer = malloc(len)) == NULL) + { + ret = -ENOMEM; + goto out; + } + if ((fd = open(filename, O_RDONLY)) <= 0) + { + ret = -ENOENT; + printf("File %s not found.\n", filename); + goto free_out; + } + if (len == read(fd, buffer, len)) + { + acm_op_t op; + /* dump it and then push it down into xen/acm */ + acm_dump_policy_buffer(buffer, len); + op.cmd = ACM_SETPOLICY; + op.interface_version = ACM_INTERFACE_VERSION; + op.u.setpolicy.pushcache = (void *) buffer; + op.u.setpolicy.pushcache_size = len; + ret = do_acm_op(xc_handle, &op); + + if (ret) + printf + ("ERROR setting policy. Use 'xm dmesg' to see details.\n"); + else + printf("Successfully changed policy.\n"); + + } else { + ret = -1; + } + close(fd); + free_out: + free(buffer); + out: + return ret; +} + +/************************ dump hook statistics ******************************/ +void dump_ste_stats(struct acm_ste_stats_buffer *ste_stats) +{ + printf("STE-Policy Security Hook Statistics:\n"); + printf("ste: event_channel eval_count = %d\n", + ntohl(ste_stats->ec_eval_count)); + printf("ste: event_channel denied_count = %d\n", + ntohl(ste_stats->ec_denied_count)); + printf("ste: event_channel cache_hit_count = %d\n", + ntohl(ste_stats->ec_cachehit_count)); + printf("ste:\n"); + printf("ste: grant_table eval_count = %d\n", + ntohl(ste_stats->gt_eval_count)); + printf("ste: grant_table denied_count = %d\n", + ntohl(ste_stats->gt_denied_count)); + printf("ste: grant_table cache_hit_count = %d\n", + ntohl(ste_stats->gt_cachehit_count)); +} + +#define PULL_STATS_SIZE 8192 +int acm_domain_dumpstats(int xc_handle) +{ + u8 stats_buffer[PULL_STATS_SIZE]; + acm_op_t op; + int ret; + struct acm_stats_buffer *stats; + + memset(stats_buffer, 0x00, sizeof(stats_buffer)); + op.cmd = ACM_DUMPSTATS; + op.interface_version = ACM_INTERFACE_VERSION; + op.u.dumpstats.pullcache = (void *) stats_buffer; + op.u.dumpstats.pullcache_size = sizeof(stats_buffer); + ret = do_acm_op(xc_handle, &op); + + if (ret < 0) + { + printf("ERROR dumping policy stats. Use 'xm dmesg' to see details.\n"); + return ret; + } + stats = (struct acm_stats_buffer *) stats_buffer; + + printf("\nPolicy dump:\n"); + printf("============\n"); + printf("Magic = %x.\n", ntohl(stats->magic)); + printf("Len = %x.\n", ntohl(stats->len)); + + switch (ntohl(stats->primary_policy_code)) + { + case ACM_NULL_POLICY: + printf("NULL Policy: No statistics apply.\n"); + break; + + case ACM_CHINESE_WALL_POLICY: + printf("Chinese Wall Policy: No statistics apply.\n"); + break; + + case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: + dump_ste_stats((struct acm_ste_stats_buffer *) (stats_buffer + + ntohl(stats-> + primary_stats_offset))); + break; + + default: + printf("UNKNOWN PRIMARY POLICY ERROR!\n"); + } + + switch (ntohl(stats->secondary_policy_code)) + { + case ACM_NULL_POLICY: + printf("NULL Policy: No statistics apply.\n"); + break; + + case ACM_CHINESE_WALL_POLICY: + printf("Chinese Wall Policy: No statistics apply.\n"); + break; + + case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: + dump_ste_stats((struct acm_ste_stats_buffer *) (stats_buffer + + ntohl(stats-> + secondary_stats_offset))); + break; + + default: + printf("UNKNOWN SECONDARY POLICY ERROR!\n"); + } + return ret; +} + +/***************************** main **************************************/ + +void usage(char *progname) +{ + printf("Use: %s \n" + "\t setpolicy\n" + "\t getpolicy\n" + "\t dumpstats\n" + "\t loadpolicy \n", progname); + exit(-1); +} + +int main(int argc, char **argv) +{ + + int acm_cmd_fd, ret; + + if (argc < 2) + usage(argv[0]); + + if ((acm_cmd_fd = open("/proc/xen/privcmd", O_RDONLY)) <= 0) + { + printf("ERROR: Could not open xen privcmd device!\n"); + exit(-1); + } + + if (!strcmp(argv[1], "setpolicy")) + { + if (argc != 2) + usage(argv[0]); + ret = acm_domain_setpolicy(acm_cmd_fd); + } else if (!strcmp(argv[1], "getpolicy")) { + if (argc != 2) + usage(argv[0]); + ret = acm_domain_getpolicy(acm_cmd_fd); + } else if (!strcmp(argv[1], "loadpolicy")) { + if (argc != 3) + usage(argv[0]); + ret = acm_domain_loadpolicy(acm_cmd_fd, argv[2]); + } else if (!strcmp(argv[1], "dumpstats")) { + if (argc != 2) + usage(argv[0]); + ret = acm_domain_dumpstats(acm_cmd_fd); + } else + usage(argv[0]); + + close(acm_cmd_fd); + return ret; +} Index: xen-unstable.hg-shype/tools/misc/policyprocessor/XmlToBin.java =================================================================== --- xen-unstable.hg-shype.orig/tools/misc/policyprocessor/XmlToBin.java +++ xen-unstable.hg-shype/tools/misc/policyprocessor/XmlToBin.java @@ -5,6 +5,9 @@ * * Author: Ray Valdez * + * Contributors: + * Reiner Sailer - adjust type-lengths + * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation, version 2 of the @@ -490,175 +493,139 @@ public class XmlToBin try { - /* Write magic */ - writeIntToStream(binBuffer,ACM_MAGIC,index); - index = u32Size; - - /* Write policy version */ - writeIntToStream(binBuffer,POLICY_INTERFACE_VERSION,index); - index = index + u32Size; - - /* write len */ - writeIntToStream(binBuffer,binBuffer.length,index); - index = index + u32Size; + index = 0; + /* fill in General Policy Version */ + writeIntToStream(binBuffer, ACM_POLICY_VERSION, index); + index += u32Size; + + /* Write magic */ + writeIntToStream(binBuffer, ACM_MAGIC, index); + index += u32Size; + + /* write len */ + writeIntToStream(binBuffer, binBuffer.length, index); + index += u32Size; } catch (IOException ee) { - System.out.println(" GBPB:: got exception : " + ee); - return null; + System.out.println(" GBPB:: got exception : " + ee); + return null; } int offset, address; address = index; if (null != partMap) - offset = binaryBufferHeaderSz + resourceOffsetSz; + offset = binaryBufferHeaderSz + resourceOffsetSz; else - offset = binaryBufferHeaderSz; + offset = binaryBufferHeaderSz; try { + int skip = 0; - if (null == chwPolicy || null == stePolicy) - { - writeShortToStream(binBuffer,ACM_NULL_POLICY,index); - index = index + u16Size; - - writeShortToStream(binBuffer,(short) 0,index); - index = index + u16Size; - - writeShortToStream(binBuffer,ACM_NULL_POLICY,index); - index = index + u16Size; - - writeShortToStream(binBuffer,(short) 0,index); - index = index + u16Size; - - } - index = address; - if (null != chwPolicy) - { + /* init with NULL policy setting */ + writeIntToStream(binBuffer, ACM_NULL_POLICY, index); + writeIntToStream(binBuffer, 0, index + u32Size); + writeIntToStream(binBuffer, ACM_NULL_POLICY, index + 2*u32Size); + writeIntToStream(binBuffer, 0, index + 3*u32Size); - /* Write policy name */ - writeShortToStream(binBuffer,ACM_CHINESE_WALL_POLICY,index); - index = index + u16Size; - - /* Write offset */ - writeShortToStream(binBuffer,(short) offset,index); - index = index + u16Size; - - /* Write payload. No need increment index */ - address = offset; - System.arraycopy(chwPolicy, 0, binBuffer,address, chwPolicy.length); - address = address + chwPolicy.length; + index = address; + if (null != chwPolicy) { - if (null != stePolicy) - { - /* Write policy name */ - writeShortToStream(binBuffer,ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,index); - index = index + u16Size; - - /* Write offset */ - writeShortToStream(binBuffer,(short) address,index); - index = index + u16Size; - - /* Copy array */ - System.arraycopy(stePolicy, 0, binBuffer,address, stePolicy.length); - /* Update address */ - address = address + stePolicy.length; - } else { - /* Skip writing policy name and offset */ - index = index + 2 * u16Size; - - } - - } else { + /* Write policy name */ + writeIntToStream(binBuffer, ACM_CHINESE_WALL_POLICY, index); + index += u32Size; + + /* Write offset */ + writeIntToStream(binBuffer, offset, index); + index += u32Size; + + /* Write payload. No need increment index */ + address = offset; + System.arraycopy(chwPolicy, 0, binBuffer,address, chwPolicy.length); + address = address + chwPolicy.length; + } else + skip += 2*u32Size; if (null != stePolicy) { /* Write policy name */ - writeShortToStream(binBuffer,ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,index); - index = index + u16Size; + writeIntToStream(binBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, index); + index += u32Size; /* Write offset */ - address = offset; - writeShortToStream(binBuffer, (short) offset,index); - index = index + u16Size; - + writeIntToStream(binBuffer, address, index); + index += u32Size; + /* Copy array */ System.arraycopy(stePolicy, 0, binBuffer,address, stePolicy.length); /* Update address */ address = address + stePolicy.length; + } else + skip += 2*u32Size; - /* Increment index, since there is no secondary */ - index = index + secondaryPolicyCodeSz + secondaryBufferOffsetSz; - - } - - } - int size; - /* Assumes that you will always have a partition defined in policy */ - if ( 0 < partMap.length) - { - writeShortToStream(binBuffer, (short) address,index); - index = address; - - /* Compute num of VMs */ - size = partMap.length / (3 * u16Size); - - writeShortToStream(binBuffer, (short)size,index); - index = index + u16Size; + /* Skip writing policy name and offset for each null policy*/ + index += skip; - /* part, vlan and slot: each one consists of two entries */ - offset = 3 * (2 * u16Size); - writeShortToStream(binBuffer, (short) offset,index); - - /* Write partition array at offset */ - System.arraycopy(partMap, 0, binBuffer,(offset + address), partMap.length); - index = index + u16Size; - offset = offset + partMap.length; - } + int size; + /* Assumes that you will always have a partition defined in policy */ + if ( 0 < partMap.length) { + writeIntToStream(binBuffer, address, index); + index = address; + + /* Compute num of VMs */ + size = partMap.length / (3 * u16Size); + + writeShortToStream(binBuffer, (short)size,index); + index = index + u16Size; + + /* part, vlan and slot: each one consists of two entries */ + offset = 3 * (2 * u16Size); + writeShortToStream(binBuffer, (short) offset,index); + + /* Write partition array at offset */ + System.arraycopy(partMap, 0, binBuffer,(offset + address), partMap.length); + index = index + u16Size; + offset = offset + partMap.length; + } - if ( 0 < vlanMap.length) - { - size = vlanMap.length / (2 * u16Size); - writeShortToStream(binBuffer, (short) size,index); - index = index + u16Size; - - writeShortToStream(binBuffer, (short) offset,index); - index = index + u16Size; - System.arraycopy(vlanMap, 0, binBuffer,(offset + address), vlanMap.length); - } else { - /* Write vlan max */ - writeShortToStream(binBuffer, (short) 0,index); - index = index + u16Size; + if ( 0 < vlanMap.length) { + size = vlanMap.length / (2 * u16Size); + writeShortToStream(binBuffer, (short) size,index); + index = index + u16Size; + + writeShortToStream(binBuffer, (short) offset,index); + index = index + u16Size; + System.arraycopy(vlanMap, 0, binBuffer,(offset + address), vlanMap.length); + } else { + /* Write vlan max */ + writeShortToStream(binBuffer, (short) 0,index); + index = index + u16Size; - /* Write vlan offset */ - writeShortToStream(binBuffer, (short) 0,index); - index = index + u16Size; - - } - - offset = offset + vlanMap.length; - if ( 0 < slotMap.length) - { - size = slotMap.length / (3 * u16Size); - writeShortToStream(binBuffer, (short) size,index); - index = index + u16Size; - - writeShortToStream(binBuffer, (short) offset,index); - index = index + u16Size; - System.arraycopy(slotMap, 0, binBuffer,(offset + address), slotMap.length); - } + /* Write vlan offset */ + writeShortToStream(binBuffer, (short) 0,index); + index = index + u16Size; + } - } catch (IOException ee) - { - System.out.println(" GBPB:: got exception : " + ee); - return null; - } + offset = offset + vlanMap.length; + if ( 0 < slotMap.length) { + size = slotMap.length / (3 * u16Size); + writeShortToStream(binBuffer, (short) size,index); + index = index + u16Size; + + writeShortToStream(binBuffer, (short) offset,index); + index = index + u16Size; + System.arraycopy(slotMap, 0, binBuffer,(offset + address), slotMap.length); + } + } catch (IOException ee) { + System.out.println(" GBPB:: got exception : " + ee); + return null; + } - printDebug(" GBP:: Binary Policy ==> length " + binBuffer.length); - if (debug) - printHex(binBuffer,binBuffer.length); + printDebug(" GBP:: Binary Policy ==> length " + binBuffer.length); + if (debug) + printHex(binBuffer,binBuffer.length); - return binBuffer; + return binBuffer; } public byte[] generateChwBuffer(Vector Ssids, Vector ConflictSsids, Vector ColorTypes) @@ -668,28 +635,20 @@ public class XmlToBin int position = 0; /* Get number of rTypes */ - short maxTypes = (short) ColorTypes.size(); + int maxTypes = ColorTypes.size(); /* Get number of SSids entry */ - short maxSsids = (short) Ssids.size(); + int maxSsids = Ssids.size(); /* Get number of conflict sets */ - short maxConflict = (short) ConflictSsids.size(); + int maxConflict = ConflictSsids.size(); if (maxTypes * maxSsids == 0) return null; /* - data structure acm_chwall_policy_buffer_t; - - uint16 policy_code; - uint16 chwall_max_types; - uint16 chwall_max_ssidrefs; - uint16 chwall_max_conflictsets; - uint16 chwall_ssid_offset; - uint16 chwall_conflict_sets_offset; - uint16 chwall_running_types_offset; - uint16 chwall_conflict_aggregate_offset; + data structure acm_chwall_policy_buffer + se XmlToBinInterface.java */ int totalBytes = chwHeaderSize + u16Size *(maxTypes * (maxSsids + maxConflict)); @@ -699,34 +658,38 @@ public class XmlToBin printDebug(" gCB:: chwall totalbytes : "+totalBytes); try { - index = 0; - writeShortToStream(chwBuffer,ACM_CHINESE_WALL_POLICY,index); - index = u16Size; - - writeShortToStream(chwBuffer,maxTypes,index); - index = index + u16Size; - - writeShortToStream(chwBuffer,maxSsids,index); - index = index + u16Size; - - writeShortToStream(chwBuffer,maxConflict,index); - index = index + u16Size; - - /* Write chwall_ssid_offset */ - writeShortToStream(chwBuffer,chwHeaderSize,index); - index = index + u16Size; - - /* Write chwall_conflict_sets_offset */ - writeShortToStream(chwBuffer,(short) address,index); - index = index + u16Size; - - /* Write chwall_running_types_offset */ - writeShortToStream(chwBuffer,(short) 0,index); - index = index + u16Size; - - /* Write chwall_conflict_aggregate_offset */ - writeShortToStream(chwBuffer,(short) 0,index); - index = index + u16Size; + index = 0; + /* fill in General Policy Version */ + writeIntToStream(chwBuffer, ACM_CHWALL_VERSION, index); + index += u32Size; + + writeIntToStream(chwBuffer, ACM_CHINESE_WALL_POLICY, index); + index += u32Size; + + writeIntToStream(chwBuffer, maxTypes, index); + index += u32Size; + + writeIntToStream(chwBuffer, maxSsids, index); + index += u32Size; + + writeIntToStream(chwBuffer, maxConflict, index); + index += u32Size; + + /* Write chwall_ssid_offset */ + writeIntToStream(chwBuffer, chwHeaderSize, index); + index += u32Size; + + /* Write chwall_conflict_sets_offset */ + writeIntToStream(chwBuffer, address, index); + index += u32Size; + + /* Write chwall_running_types_offset */ + writeIntToStream(chwBuffer, 0, index); + index += u32Size; + + /* Write chwall_conflict_aggregate_offset */ + writeIntToStream(chwBuffer, 0, index); + index += u32Size; } catch (IOException ee) { System.out.println(" gCB:: got exception : " + ee); @@ -737,7 +700,6 @@ public class XmlToBin /* Create the SSids entry */ for (int i = 0; i < maxSsids; i++) { - SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i); /* Get chwall types */ ssidEntry.chwSsidPosition = i; @@ -821,22 +783,16 @@ public class XmlToBin int position = 0; /* Get number of colorTypes */ - short numColorTypes = (short) ColorTypes.size(); + int numColorTypes = ColorTypes.size(); /* Get number of SSids entry */ - short numSsids = (short) Ssids.size(); + int numSsids = Ssids.size(); if (numColorTypes * numSsids == 0) return null; - /* data structure: acm_ste_policy_buffer_t - * - * policy code (uint16) > - * max_types (uint16) > - * max_ssidrefs (uint16) > steHeaderSize - * ssid_offset (uint16) > - * DATA (colorTypes(size) * Ssids(size) *unit16) - * + /* data structure: acm_ste_policy_buffer + * see XmlToBinInterface.java * total bytes: steHeaderSize * 2B + colorTypes(size) * Ssids(size) * */ @@ -844,18 +800,22 @@ public class XmlToBin try { - index = 0; - writeShortToStream(steBuffer,ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,index); - index = u16Size; + index = 0; + writeIntToStream(steBuffer, ACM_STE_VERSION, index); + index += u32Size; + + writeIntToStream(steBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, index); + index += u32Size; + + writeIntToStream(steBuffer, numColorTypes, index); + index += u32Size; - writeShortToStream(steBuffer,numColorTypes,index); - index = index + u16Size; + writeIntToStream(steBuffer, numSsids, index); + index += u32Size; - writeShortToStream(steBuffer,numSsids,index); - index = index + u16Size; + writeIntToStream(steBuffer, steHeaderSize, index); + index += u32Size; - writeShortToStream(steBuffer,(short)steHeaderSize,index); - index = index + u16Size; } catch (IOException ee) { System.out.println(" gSB:: got exception : " + ee); @@ -1469,6 +1429,17 @@ public class XmlToBin XmlToBin genObj = new XmlToBin(); + policy_version active_policy = new policy_version(); + + if ((active_policy.ACM_POLICY_VERSION != ACM_POLICY_VERSION) || + (active_policy.ACM_CHWALL_VERSION != ACM_CHWALL_VERSION) || + (active_policy.ACM_STE_VERSION != ACM_STE_VERSION)) { + System.out.println("ACM policy versions differ."); + System.out.println("Please verify that data structures are correct"); + System.out.println("and then adjust the version numbers in XmlToBinInterface.java."); + return; + } + for (int i = 0 ; i < args.length ; i++) { Index: xen-unstable.hg-shype/tools/misc/policyprocessor/XmlToBinInterface.java =================================================================== --- xen-unstable.hg-shype.orig/tools/misc/policyprocessor/XmlToBinInterface.java +++ xen-unstable.hg-shype/tools/misc/policyprocessor/XmlToBinInterface.java @@ -19,37 +19,37 @@ * * policy binary structures * - * typedef struct { - * u32 magic; - * - * u32 policyversion; - * u32 len; - * - * u16 primary_policy_code; - * u16 primary_buffer_offset; - * u16 secondary_policy_code; - * u16 secondary_buffer_offset; - * u16 resource_offset; - * - * } acm_policy_buffer_t; - * - * typedef struct { - * u16 policy_code; - * u16 ste_max_types; - * u16 ste_max_ssidrefs; - * u16 ste_ssid_offset; - * } acm_ste_policy_buffer_t; - * - * typedef struct { - * uint16 policy_code; - * uint16 chwall_max_types; - * uint16 chwall_max_ssidrefs; - * uint16 chwall_max_conflictsets; - * uint16 chwall_ssid_offset; - * uint16 chwall_conflict_sets_offset; - * uint16 chwall_running_types_offset; - * uint16 chwall_conflict_aggregate_offset; - * } acm_chwall_policy_buffer_t; + * struct acm_policy_buffer { + * u32 policy_version; * ACM_POLICY_VERSION * + * u32 magic; + * u32 len; + * u32 primary_policy_code; + * u32 primary_buffer_offset; + * u32 secondary_policy_code; + * u32 secondary_buffer_offset; + * +u32 resource offset (not used yet in Xen) + * }; + * + * + * struct acm_ste_policy_buffer { + * u32 policy_version; * ACM_STE_VERSION * + * u32 policy_code; + * u32 ste_max_types; + * u32 ste_max_ssidrefs; + * u32 ste_ssid_offset; + * }; + * + * struct acm_chwall_policy_buffer { + * u32 policy_version; * ACM_CHWALL_VERSION * + * u32 policy_code; + * u32 chwall_max_types; + * u32 chwall_max_ssidrefs; + * u32 chwall_max_conflictsets; + * u32 chwall_ssid_offset; + * u32 chwall_conflict_sets_offset; + * u32 chwall_running_types_offset; + * u32 chwall_conflict_aggregate_offset; + * }; * * typedef struct { * u16 partition_max; @@ -100,16 +100,17 @@ public interface XmlToBinInterface final int u16Size = 2; /* num of bytes for acm_ste_policy_buffer_t */ - final short steHeaderSize = (4 * u16Size); + final int steHeaderSize = (5 * u32Size); + /* byte for acm_chinese_wall_policy_buffer_t */ - final short chwHeaderSize = (8 * u16Size); + final int chwHeaderSize = (9 * u32Size); - final short primaryPolicyCodeSize = u16Size; - final short primaryBufferOffsetSize = u16Size ; + final int primaryPolicyCodeSize = u32Size; + final int primaryBufferOffsetSize = u32Size ; - final int secondaryPolicyCodeSz = u16Size; - final int secondaryBufferOffsetSz = u16Size; - final short resourceOffsetSz = u16Size; + final int secondaryPolicyCodeSz = u32Size; + final int secondaryBufferOffsetSz = u32Size; + final int resourceOffsetSz = u32Size; final short partitionBufferSz = (2 * u16Size); final short partitionEntrySz = (3 * u16Size); @@ -120,16 +121,18 @@ public interface XmlToBinInterface final short vlanBufferSz = (2 * u16Size); final short vlanEntrySz = (2 * u16Size); - final short binaryBufferHeaderSz = (3 * u32Size + 4* u16Size); - - /* copied directlty from policy_ops.h */ - final int POLICY_INTERFACE_VERSION = 0xAAAA0003; + final int binaryBufferHeaderSz = (8 * u32Size); /* 8th not used in Xen */ /* copied directly from acm.h */ final int ACM_MAGIC = 0x0001debc; - final short ACM_NULL_POLICY = 0; - final short ACM_CHINESE_WALL_POLICY = 1; - final short ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY = 2; - final short ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY = 3; - final short ACM_EMPTY_POLICY = 4; + final int ACM_NULL_POLICY = 0; + final int ACM_CHINESE_WALL_POLICY = 1; + final int ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY = 2; + final int ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY = 3; + final int ACM_EMPTY_POLICY = 4; + + /* version for compatibility check */ + final int ACM_POLICY_VERSION = 1; + final int ACM_STE_VERSION = 1; + final int ACM_CHWALL_VERSION = 1; } Index: xen-unstable.hg-shype/tools/misc/policyprocessor/xen_sample_def.xml =================================================================== --- xen-unstable.hg-shype.orig/tools/misc/policyprocessor/xen_sample_def.xml +++ xen-unstable.hg-shype/tools/misc/policyprocessor/xen_sample_def.xml @@ -37,7 +37,7 @@ xsi:schemaLocation="http://www.ibm.com S - Q-Company + R-Company V-Company W-Company Index: xen-unstable.hg-shype/tools/misc/policyprocessor/Makefile =================================================================== --- /dev/null +++ xen-unstable.hg-shype/tools/misc/policyprocessor/Makefile @@ -0,0 +1,42 @@ +XEN_ROOT = ../../.. +include $(XEN_ROOT)/tools/Rules.mk + +CFLAGS += -static +CFLAGS += -Wall +CFLAGS += -Werror +CFLAGS += -O3 +CFLAGS += -fno-strict-aliasing +CFLAGS += -I. + +all: build + +build: mk-symlinks + $(MAKE) xml_to_bin + +default: all + +install: all + +xml_to_bin : make_include XmlToBin.java XmlToBinInterface.java SsidsEntry.java SecurityLabel.java myHandler.java + javac XmlToBin.java + +make_include : c2j_include + ./c2j_include + +c2j_include: c2j_include.c + $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $< + +clean: + rm -rf *.class xen c2j_include policy_version.java *.bin + + +LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse +mk-symlinks: + [ -e xen/linux ] || mkdir -p xen/linux + [ -e xen/io ] || mkdir -p xen/io + ( cd xen >/dev/null ; \ + ln -sf ../$(XEN_ROOT)/xen/include/public/*.h . ) + ( cd xen/io >/dev/null ; \ + ln -sf ../../$(XEN_ROOT)/xen/include/public/io/*.h . ) + ( cd xen/linux >/dev/null ; \ + ln -sf ../../$(LINUX_ROOT)/include/asm-xen/linux-public/*.h . ) Index: xen-unstable.hg-shype/tools/misc/policyprocessor/c2j_include.c =================================================================== --- /dev/null +++ xen-unstable.hg-shype/tools/misc/policyprocessor/c2j_include.c @@ -0,0 +1,57 @@ +/**************************************************************** + * c2j_include.c + * + * Copyright (C) 2005 IBM Corporation + * + * Authors: + * Reiner Sailer + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + * + * This tool makes some constants from acm.h available to the + * java policyprocessor for version checking. + */ +#include +#include +#include +#include + +typedef uint8_t u8; +typedef uint16_t u16; +typedef uint32_t u32; +typedef uint64_t u64; +typedef int8_t s8; +typedef int16_t s16; +typedef int32_t s32; +typedef int64_t s64; + +#include + +char *filename = "policy_version.java"; + +int main(int argc, char **argv) +{ + + FILE *fd; + if ((fd = fopen(filename, "w")) <= 0) + { + printf("File %s not found.\n", filename); + exit(-ENOENT); + } + + fprintf(fd, "/*\n * This file was automatically generated\n"); + fprintf(fd, " * Do not change it manually!\n */\n"); + fprintf(fd, "public class policy_version {\n"); + fprintf(fd, " final int ACM_POLICY_VERSION = %x;\n", + ACM_POLICY_VERSION); + fprintf(fd, " final int ACM_CHWALL_VERSION = %x;\n", + ACM_CHWALL_VERSION); + fprintf(fd, " final int ACM_STE_VERSION = %x;\n", + ACM_STE_VERSION); + fprintf(fd, "}\n"); + fclose(fd); + return 0; +}