xen/common/policy_ops.c | 133 ---------------------------- xen/include/public/policy_ops.h | 70 -------------- xen/acm/acm_chinesewall_hooks.c | 54 ++++++----- xen/acm/acm_core.c | 1 xen/acm/acm_policy.c | 74 ++++++--------- xen/acm/acm_simple_type_enforcement_hooks.c | 26 +++-- xen/arch/x86/x86_32/entry.S | 2 xen/arch/x86/x86_64/entry.S | 2 xen/common/acm_ops.c | 127 ++++++++++++++++++++++++++ xen/include/acm/acm_core.h | 4 xen/include/public/acm.h | 61 ++++++++---- xen/include/public/acm_ops.h | 66 +++++++++++++ xen/include/public/xen.h | 2 13 files changed, 312 insertions(+), 310 deletions(-) Index: xen-unstable.hg-shype/xen/include/public/acm_ops.h =================================================================== --- /dev/null +++ xen-unstable.hg-shype/xen/include/public/acm_ops.h @@ -0,0 +1,66 @@ +/****************************************************************************** + * acm_ops.h + * + * Copyright (C) 2005 IBM Corporation + * + * Author: + * Reiner Sailer + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + * + * Process acm policy command requests from guest OS. + * access checked by policy; not restricted to DOM0 + * + */ + +#ifndef __XEN_PUBLIC_ACM_OPS_H__ +#define __XEN_PUBLIC_ACM_OPS_H__ + +#include "xen.h" +#include "sched_ctl.h" + +/* + * Make sure you increment the interface version whenever you modify this file! + * This makes sure that old versions of acm tools will stop working in a + * well-defined way (rather than crashing the machine, for instance). + */ +#define ACM_INTERFACE_VERSION 0xAAAA0003 + +/************************************************************************/ + +#define ACM_SETPOLICY 4 +typedef struct acm_setpolicy { + /* OUT variables */ + void *pushcache; + u16 pushcache_size; +} acm_setpolicy_t; + + +#define ACM_GETPOLICY 5 +typedef struct acm_getpolicy { + /* OUT variables */ + void *pullcache; + u16 pullcache_size; +} acm_getpolicy_t; + +#define ACM_DUMPSTATS 6 +typedef struct acm_dumpstats { + void *pullcache; + u16 pullcache_size; +} acm_dumpstats_t; + + +typedef struct acm_op { + u32 cmd; + u32 interface_version; /* ACM_INTERFACE_VERSION */ + union { + acm_setpolicy_t setpolicy; + acm_getpolicy_t getpolicy; + acm_dumpstats_t dumpstats; + } u; +} acm_op_t; + +#endif /* __XEN_PUBLIC_ACM_OPS_H__ */ Index: xen-unstable.hg-shype/xen/include/public/policy_ops.h =================================================================== --- xen-unstable.hg-shype.orig/xen/include/public/policy_ops.h +++ /dev/null @@ -1,70 +0,0 @@ -/****************************************************************************** - * policy_ops.h - * - * Copyright (C) 2005 IBM Corporation - * - * Author: - * Reiner Sailer - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation, version 2 of the - * License. - * - * Process policy command requests from guest OS. - * access checked by policy; not restricted to DOM0 - * - */ - -#ifndef __XEN_PUBLIC_POLICY_OPS_H__ -#define __XEN_PUBLIC_POLICY_OPS_H__ - -#include "xen.h" -#include "sched_ctl.h" - -/* - * Make sure you increment the interface version whenever you modify this file! - * This makes sure that old versions of policy tools will stop working in a - * well-defined way (rather than crashing the machine, for instance). - */ -#define POLICY_INTERFACE_VERSION 0xAAAA0003 - -/************************************************************************/ - -#define POLICY_SETPOLICY 4 -typedef struct policy_setpolicy { - /* IN variables. */ - u16 policy_type; - /* OUT variables */ - void *pushcache; - u16 pushcache_size; -} policy_setpolicy_t; - - -#define POLICY_GETPOLICY 5 -typedef struct policy_getpolicy { - /* IN variables. */ - u16 policy_type; - /* OUT variables */ - void *pullcache; - u16 pullcache_size; -} policy_getpolicy_t; - -#define POLICY_DUMPSTATS 6 -typedef struct policy_dumpstats { - void *pullcache; - u16 pullcache_size; -} policy_dumpstats_t; - - -typedef struct policy_op { - u32 cmd; - u32 interface_version; /* POLICY_INTERFACE_VERSION */ - union { - policy_setpolicy_t setpolicy; - policy_getpolicy_t getpolicy; - policy_dumpstats_t dumpstats; - } u; -} policy_op_t; - -#endif /* __XEN_PUBLIC_POLICY_OPS_H__ */ Index: xen-unstable.hg-shype/xen/common/acm_ops.c =================================================================== --- /dev/null +++ xen-unstable.hg-shype/xen/common/acm_ops.c @@ -0,0 +1,127 @@ +/****************************************************************************** + * acm_ops.c + * + * Copyright (C) 2005 IBM Corporation + * + * Author: + * Reiner Sailer + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + * + * Process acm command requests from guest OS. + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) + +long do_acm_op(acm_op_t * u_acm_op) +{ + return -ENOSYS; +} + +#else + +typedef enum acm_operation { + POLICY, /* access to policy interface (early drop) */ + GETPOLICY, /* dump policy cache */ + SETPOLICY, /* set policy cache (controls security) */ + DUMPSTATS /* dump policy statistics */ +} acm_operation_t; + +int acm_authorize_acm_ops(struct domain *d, acm_operation_t pops) +{ + /* all policy management functions are restricted to privileged domains, + * soon we will introduce finer-grained privileges for policy operations + */ + if (!IS_PRIV(d)) + { + printk("%s: ACM management authorization denied ERROR!\n", __func__); + return ACM_ACCESS_DENIED; + } + return ACM_ACCESS_PERMITTED; +} + +long do_acm_op(acm_op_t * u_acm_op) +{ + long ret = 0; + acm_op_t curop, *op = &curop; + + /* check here policy decision for policy commands */ + /* for now allow DOM0 only, later indepedently */ + if (acm_authorize_acm_ops(current->domain, POLICY)) + return -EACCES; + + if (copy_from_user(op, u_acm_op, sizeof(*op))) + return -EFAULT; + + if (op->interface_version != ACM_INTERFACE_VERSION) + return -EACCES; + + switch (op->cmd) + { + case ACM_SETPOLICY: + { + if (acm_authorize_acm_ops(current->domain, SETPOLICY)) + return -EACCES; + printkd("%s: setting policy.\n", __func__); + ret = acm_set_policy(op->u.setpolicy.pushcache, + op->u.setpolicy.pushcache_size, 1); + if (ret == ACM_OK) + ret = 0; + else + ret = -ESRCH; + } + break; + + case ACM_GETPOLICY: + { + if (acm_authorize_acm_ops(current->domain, GETPOLICY)) + return -EACCES; + printkd("%s: getting policy.\n", __func__); + ret = acm_get_policy(op->u.getpolicy.pullcache, + op->u.getpolicy.pullcache_size); + if (ret == ACM_OK) + ret = 0; + else + ret = -ESRCH; + } + break; + + case ACM_DUMPSTATS: + { + if (acm_authorize_acm_ops(current->domain, DUMPSTATS)) + return -EACCES; + printkd("%s: dumping statistics.\n", __func__); + ret = acm_dump_statistics(op->u.dumpstats.pullcache, + op->u.dumpstats.pullcache_size); + if (ret == ACM_OK) + ret = 0; + else + ret = -ESRCH; + } + break; + + default: + ret = -ESRCH; + + } + return ret; +} + +#endif Index: xen-unstable.hg-shype/xen/include/public/acm.h =================================================================== --- xen-unstable.hg-shype.orig/xen/include/public/acm.h +++ xen-unstable.hg-shype/xen/include/public/acm.h @@ -71,6 +71,14 @@ (X == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \ "UNDEFINED policy" +/* the following policy versions must be increased + * whenever the interpretation of the related + * policy's data structure changes + */ +#define ACM_POLICY_VERSION 1 +#define ACM_CHWALL_VERSION 1 +#define ACM_STE_VERSION 1 + /* defines a ssid reference used by xen */ typedef u32 ssidref_t; @@ -102,46 +110,53 @@ typedef u16 domaintype_t; #define ACM_MAGIC 0x0001debc /* each offset in bytes from start of the struct they - * the are part of */ + * are part of */ + /* each buffer consists of all policy information for * the respective policy given in the policy code + * + * acm_policy_buffer, acm_chwall_policy_buffer, + * and acm_ste_policy_buffer need to stay 32-bit aligned + * because we create binary policies also with external + * tools that assume packed representations (e.g. the java tool) */ struct acm_policy_buffer { + u32 policy_version; /* ACM_POLICY_VERSION */ u32 magic; - u32 policyversion; u32 len; - u16 primary_policy_code; - u16 primary_buffer_offset; - u16 secondary_policy_code; - u16 secondary_buffer_offset; + u32 primary_policy_code; + u32 primary_buffer_offset; + u32 secondary_policy_code; + u32 secondary_buffer_offset; }; struct acm_chwall_policy_buffer { - u16 policy_code; - u16 chwall_max_types; - u16 chwall_max_ssidrefs; - u16 chwall_max_conflictsets; - u16 chwall_ssid_offset; - u16 chwall_conflict_sets_offset; - u16 chwall_running_types_offset; - u16 chwall_conflict_aggregate_offset; + u32 policy_version; /* ACM_CHWALL_VERSION */ + u32 policy_code; + u32 chwall_max_types; + u32 chwall_max_ssidrefs; + u32 chwall_max_conflictsets; + u32 chwall_ssid_offset; + u32 chwall_conflict_sets_offset; + u32 chwall_running_types_offset; + u32 chwall_conflict_aggregate_offset; }; struct acm_ste_policy_buffer { - u16 policy_code; - u16 ste_max_types; - u16 ste_max_ssidrefs; - u16 ste_ssid_offset; + u32 policy_version; /* ACM_STE_VERSION */ + u32 policy_code; + u32 ste_max_types; + u32 ste_max_ssidrefs; + u32 ste_ssid_offset; }; struct acm_stats_buffer { u32 magic; - u32 policyversion; u32 len; - u16 primary_policy_code; - u16 primary_stats_offset; - u16 secondary_policy_code; - u16 secondary_stats_offset; + u32 primary_policy_code; + u32 primary_stats_offset; + u32 secondary_policy_code; + u32 secondary_stats_offset; }; struct acm_ste_stats_buffer { Index: xen-unstable.hg-shype/xen/acm/acm_chinesewall_hooks.c =================================================================== --- xen-unstable.hg-shype.orig/xen/acm/acm_chinesewall_hooks.c +++ xen-unstable.hg-shype/xen/acm/acm_chinesewall_hooks.c @@ -110,45 +110,45 @@ chwall_dump_policy(u8 *buf, u16 buf_size struct acm_chwall_policy_buffer *chwall_buf = (struct acm_chwall_policy_buffer *)buf; int ret = 0; - chwall_buf->chwall_max_types = htons(chwall_bin_pol.max_types); - chwall_buf->chwall_max_ssidrefs = htons(chwall_bin_pol.max_ssidrefs); - chwall_buf->policy_code = htons(ACM_CHINESE_WALL_POLICY); - chwall_buf->chwall_ssid_offset = htons(sizeof(struct acm_chwall_policy_buffer)); - chwall_buf->chwall_max_conflictsets = htons(chwall_bin_pol.max_conflictsets); + chwall_buf->chwall_max_types = htonl(chwall_bin_pol.max_types); + chwall_buf->chwall_max_ssidrefs = htonl(chwall_bin_pol.max_ssidrefs); + chwall_buf->policy_code = htonl(ACM_CHINESE_WALL_POLICY); + chwall_buf->chwall_ssid_offset = htonl(sizeof(struct acm_chwall_policy_buffer)); + chwall_buf->chwall_max_conflictsets = htonl(chwall_bin_pol.max_conflictsets); chwall_buf->chwall_conflict_sets_offset = - htons( - ntohs(chwall_buf->chwall_ssid_offset) + + htonl( + ntohl(chwall_buf->chwall_ssid_offset) + sizeof(domaintype_t) * chwall_bin_pol.max_ssidrefs * chwall_bin_pol.max_types); chwall_buf->chwall_running_types_offset = - htons( - ntohs(chwall_buf->chwall_conflict_sets_offset) + + htonl( + ntohl(chwall_buf->chwall_conflict_sets_offset) + sizeof(domaintype_t) * chwall_bin_pol.max_conflictsets * chwall_bin_pol.max_types); chwall_buf->chwall_conflict_aggregate_offset = - htons( - ntohs(chwall_buf->chwall_running_types_offset) + + htonl( + ntohl(chwall_buf->chwall_running_types_offset) + sizeof(domaintype_t) * chwall_bin_pol.max_types); - ret = ntohs(chwall_buf->chwall_conflict_aggregate_offset) + + ret = ntohl(chwall_buf->chwall_conflict_aggregate_offset) + sizeof(domaintype_t) * chwall_bin_pol.max_types; /* now copy buffers over */ - arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_ssid_offset)), + arrcpy16((u16 *)(buf + ntohl(chwall_buf->chwall_ssid_offset)), chwall_bin_pol.ssidrefs, chwall_bin_pol.max_ssidrefs * chwall_bin_pol.max_types); - arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_conflict_sets_offset)), + arrcpy16((u16 *)(buf + ntohl(chwall_buf->chwall_conflict_sets_offset)), chwall_bin_pol.conflict_sets, chwall_bin_pol.max_conflictsets * chwall_bin_pol.max_types); - arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_running_types_offset)), + arrcpy16((u16 *)(buf + ntohl(chwall_buf->chwall_running_types_offset)), chwall_bin_pol.running_types, chwall_bin_pol.max_types); - arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_conflict_aggregate_offset)), + arrcpy16((u16 *)(buf + ntohl(chwall_buf->chwall_conflict_aggregate_offset)), chwall_bin_pol.conflict_aggregate_set, chwall_bin_pol.max_types); return ret; @@ -226,14 +226,20 @@ chwall_set_policy(u8 *buf, u16 buf_size) void *ssids = NULL, *conflict_sets = NULL, *running_types = NULL, *conflict_aggregate_set = NULL; /* rewrite the policy due to endianess */ - chwall_buf->policy_code = ntohs(chwall_buf->policy_code); - chwall_buf->chwall_max_types = ntohs(chwall_buf->chwall_max_types); - chwall_buf->chwall_max_ssidrefs = ntohs(chwall_buf->chwall_max_ssidrefs); - chwall_buf->chwall_max_conflictsets = ntohs(chwall_buf->chwall_max_conflictsets); - chwall_buf->chwall_ssid_offset = ntohs(chwall_buf->chwall_ssid_offset); - chwall_buf->chwall_conflict_sets_offset = ntohs(chwall_buf->chwall_conflict_sets_offset); - chwall_buf->chwall_running_types_offset = ntohs(chwall_buf->chwall_running_types_offset); - chwall_buf->chwall_conflict_aggregate_offset = ntohs(chwall_buf->chwall_conflict_aggregate_offset); + chwall_buf->policy_code = ntohl(chwall_buf->policy_code); + chwall_buf->policy_version = ntohl(chwall_buf->policy_version); + chwall_buf->chwall_max_types = ntohl(chwall_buf->chwall_max_types); + chwall_buf->chwall_max_ssidrefs = ntohl(chwall_buf->chwall_max_ssidrefs); + chwall_buf->chwall_max_conflictsets = ntohl(chwall_buf->chwall_max_conflictsets); + chwall_buf->chwall_ssid_offset = ntohl(chwall_buf->chwall_ssid_offset); + chwall_buf->chwall_conflict_sets_offset = ntohl(chwall_buf->chwall_conflict_sets_offset); + chwall_buf->chwall_running_types_offset = ntohl(chwall_buf->chwall_running_types_offset); + chwall_buf->chwall_conflict_aggregate_offset = ntohl(chwall_buf->chwall_conflict_aggregate_offset); + + /* policy type and version checks */ + if ((chwall_buf->policy_code != ACM_CHINESE_WALL_POLICY) || + (chwall_buf->policy_version != ACM_CHWALL_VERSION)) + return -EINVAL; /* 1. allocate new buffers */ ssids = xmalloc_array(domaintype_t, chwall_buf->chwall_max_types*chwall_buf->chwall_max_ssidrefs); Index: xen-unstable.hg-shype/xen/acm/acm_simple_type_enforcement_hooks.c =================================================================== --- xen-unstable.hg-shype.orig/xen/acm/acm_simple_type_enforcement_hooks.c +++ xen-unstable.hg-shype/xen/acm/acm_simple_type_enforcement_hooks.c @@ -140,15 +140,15 @@ ste_dump_policy(u8 *buf, u16 buf_size) { struct acm_ste_policy_buffer *ste_buf = (struct acm_ste_policy_buffer *)buf; int ret = 0; - ste_buf->ste_max_types = htons(ste_bin_pol.max_types); - ste_buf->ste_max_ssidrefs = htons(ste_bin_pol.max_ssidrefs); - ste_buf->policy_code = htons(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); - ste_buf->ste_ssid_offset = htons(sizeof(struct acm_ste_policy_buffer)); - ret = ntohs(ste_buf->ste_ssid_offset) + + ste_buf->ste_max_types = htonl(ste_bin_pol.max_types); + ste_buf->ste_max_ssidrefs = htonl(ste_bin_pol.max_ssidrefs); + ste_buf->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); + ste_buf->ste_ssid_offset = htonl(sizeof(struct acm_ste_policy_buffer)); + ret = ntohl(ste_buf->ste_ssid_offset) + sizeof(domaintype_t)*ste_bin_pol.max_ssidrefs*ste_bin_pol.max_types; /* now copy buffer over */ - arrcpy(buf + ntohs(ste_buf->ste_ssid_offset), + arrcpy(buf + ntohl(ste_buf->ste_ssid_offset), ste_bin_pol.ssidrefs, sizeof(domaintype_t), ste_bin_pol.max_ssidrefs*ste_bin_pol.max_types); @@ -276,10 +276,16 @@ ste_set_policy(u8 *buf, u16 buf_size) int i; /* Convert endianess of policy */ - ste_buf->policy_code = ntohs(ste_buf->policy_code); - ste_buf->ste_max_types = ntohs(ste_buf->ste_max_types); - ste_buf->ste_max_ssidrefs = ntohs(ste_buf->ste_max_ssidrefs); - ste_buf->ste_ssid_offset = ntohs(ste_buf->ste_ssid_offset); + ste_buf->policy_code = ntohl(ste_buf->policy_code); + ste_buf->policy_version = ntohl(ste_buf->policy_version); + ste_buf->ste_max_types = ntohl(ste_buf->ste_max_types); + ste_buf->ste_max_ssidrefs = ntohl(ste_buf->ste_max_ssidrefs); + ste_buf->ste_ssid_offset = ntohl(ste_buf->ste_ssid_offset); + + /* policy type and version checks */ + if ((ste_buf->policy_code != ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) || + (ste_buf->policy_version != ACM_STE_VERSION)) + return -EINVAL; /* 1. create and copy-in new ssidrefs buffer */ ssidrefsbuf = xmalloc_array(u8, sizeof(domaintype_t)*ste_buf->ste_max_types*ste_buf->ste_max_ssidrefs); Index: xen-unstable.hg-shype/xen/include/acm/acm_core.h =================================================================== --- xen-unstable.hg-shype.orig/xen/include/acm/acm_core.h +++ xen-unstable.hg-shype/xen/include/acm/acm_core.h @@ -21,7 +21,7 @@ #include #include #include -#include +#include /* Xen-internal representation of the binary policy */ struct acm_binary_policy { @@ -113,7 +113,7 @@ struct ste_ssid { /* protos */ int acm_init_domain_ssid(domid_t id, ssidref_t ssidref); int acm_free_domain_ssid(struct acm_ssid_domain *ssid); -int acm_set_policy(void *buf, u16 buf_size, u16 policy, int isuserbuffer); +int acm_set_policy(void *buf, u16 buf_size, int isuserbuffer); int acm_get_policy(void *buf, u16 buf_size); int acm_dump_statistics(void *buf, u16 buf_size); Index: xen-unstable.hg-shype/xen/arch/x86/x86_32/entry.S =================================================================== --- xen-unstable.hg-shype.orig/xen/arch/x86/x86_32/entry.S +++ xen-unstable.hg-shype/xen/arch/x86/x86_32/entry.S @@ -751,7 +751,7 @@ ENTRY(hypercall_table) .long do_boot_vcpu .long do_ni_hypercall /* 25 */ .long do_mmuext_op - .long do_policy_op /* 27 */ + .long do_acm_op /* 27 */ .rept NR_hypercalls-((.-hypercall_table)/4) .long do_ni_hypercall .endr Index: xen-unstable.hg-shype/xen/include/public/xen.h =================================================================== --- xen-unstable.hg-shype.orig/xen/include/public/xen.h +++ xen-unstable.hg-shype/xen/include/public/xen.h @@ -58,7 +58,7 @@ #define __HYPERVISOR_boot_vcpu 24 #define __HYPERVISOR_set_segment_base 25 /* x86/64 only */ #define __HYPERVISOR_mmuext_op 26 -#define __HYPERVISOR_policy_op 27 +#define __HYPERVISOR_acm_op 27 /* * VIRTUAL INTERRUPTS Index: xen-unstable.hg-shype/xen/common/policy_ops.c =================================================================== --- xen-unstable.hg-shype.orig/xen/common/policy_ops.c +++ /dev/null @@ -1,133 +0,0 @@ -/****************************************************************************** - * policy_ops.c - * - * Copyright (C) 2005 IBM Corporation - * - * Author: - * Reiner Sailer - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation, version 2 of the - * License. - * - * Process policy command requests from guest OS. - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) - -long do_policy_op(policy_op_t *u_policy_op) -{ - return -ENOSYS; -} - -#else - -typedef enum policyoperation { - POLICY, /* access to policy interface (early drop) */ - GETPOLICY, /* dump policy cache */ - SETPOLICY, /* set policy cache (controls security) */ - DUMPSTATS /* dump policy statistics */ -} policyoperation_t; - -int -acm_authorize_policyops(struct domain *d, policyoperation_t pops) -{ - /* all policy management functions are restricted to privileged domains, - * soon we will introduce finer-grained privileges for policy operations - */ - if (!IS_PRIV(d)) { - printk("%s: Policy management authorization denied ERROR!\n", - __func__); - return ACM_ACCESS_DENIED; - } - return ACM_ACCESS_PERMITTED; -} - -long do_policy_op(policy_op_t *u_policy_op) -{ - long ret = 0; - policy_op_t curop, *op = &curop; - - /* check here policy decision for policy commands */ - /* for now allow DOM0 only, later indepedently */ - if (acm_authorize_policyops(current->domain, POLICY)) - return -EACCES; - - if ( copy_from_user(op, u_policy_op, sizeof(*op)) ) - return -EFAULT; - - if ( op->interface_version != POLICY_INTERFACE_VERSION ) - return -EACCES; - - switch ( op->cmd ) - { - case POLICY_SETPOLICY: - { - if (acm_authorize_policyops(current->domain, SETPOLICY)) - return -EACCES; - printkd("%s: setting policy.\n", __func__); - ret = acm_set_policy( - op->u.setpolicy.pushcache, - op->u.setpolicy.pushcache_size, - op->u.setpolicy.policy_type, - 1); - if (ret == ACM_OK) - ret = 0; - else - ret = -ESRCH; - } - break; - - case POLICY_GETPOLICY: - { - if (acm_authorize_policyops(current->domain, GETPOLICY)) - return -EACCES; - printkd("%s: getting policy.\n", __func__); - ret = acm_get_policy( - op->u.getpolicy.pullcache, - op->u.getpolicy.pullcache_size); - if (ret == ACM_OK) - ret = 0; - else - ret = -ESRCH; - } - break; - - case POLICY_DUMPSTATS: - { - if (acm_authorize_policyops(current->domain, DUMPSTATS)) - return -EACCES; - printkd("%s: dumping statistics.\n", __func__); - ret = acm_dump_statistics( - op->u.dumpstats.pullcache, - op->u.dumpstats.pullcache_size); - if (ret == ACM_OK) - ret = 0; - else - ret = -ESRCH; - } - break; - - default: - ret = -ESRCH; - - } - return ret; -} - -#endif Index: xen-unstable.hg-shype/xen/arch/x86/x86_64/entry.S =================================================================== --- xen-unstable.hg-shype.orig/xen/arch/x86/x86_64/entry.S +++ xen-unstable.hg-shype/xen/arch/x86/x86_64/entry.S @@ -587,7 +587,7 @@ ENTRY(hypercall_table) .quad do_boot_vcpu .quad do_set_segment_base /* 25 */ .quad do_mmuext_op - .quad do_policy_op + .quad do_acm_op .rept NR_hypercalls-((.-hypercall_table)/4) .quad do_ni_hypercall .endr Index: xen-unstable.hg-shype/xen/acm/acm_policy.c =================================================================== --- xen-unstable.hg-shype.orig/xen/acm/acm_policy.c +++ xen-unstable.hg-shype/xen/acm/acm_policy.c @@ -6,9 +6,8 @@ * Author: * Reiner Sailer * - * Contributions: + * Contributors: * Stefan Berger - * support for network-byte-order binary policies * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as @@ -27,29 +26,20 @@ #include #include #include -#include +#include #include #include #include int -acm_set_policy(void *buf, u16 buf_size, u16 policy, int isuserbuffer) +acm_set_policy(void *buf, u16 buf_size, int isuserbuffer) { u8 *policy_buffer = NULL; struct acm_policy_buffer *pol; - if (policy != ACM_USE_SECURITY_POLICY) { - printk("%s: Loading incompatible policy (running: %s).\n", __func__, - ACM_POLICY_NAME(ACM_USE_SECURITY_POLICY)); - return -EFAULT; - } - /* now check correct buffer sizes for policy combinations */ - if (policy == ACM_NULL_POLICY) { - printkd("%s: NULL Policy, no policy needed.\n", __func__); - goto out; - } if (buf_size < sizeof(struct acm_policy_buffer)) return -EFAULT; + /* 1. copy buffer from domain */ if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL) goto error_free; @@ -58,17 +48,17 @@ acm_set_policy(void *buf, u16 buf_size, printk("%s: Error copying!\n",__func__); goto error_free; } - } else { + } else memcpy(policy_buffer, buf, buf_size); - } + /* 2. some sanity checking */ pol = (struct acm_policy_buffer *)policy_buffer; if ((ntohl(pol->magic) != ACM_MAGIC) || - (ntohs(pol->primary_policy_code) != acm_bin_pol.primary_policy_code) || - (ntohs(pol->secondary_policy_code) != acm_bin_pol.secondary_policy_code) || - (ntohl(pol->policyversion) != POLICY_INTERFACE_VERSION)) { - printkd("%s: Wrong policy magics!\n", __func__); + (ntohl(pol->policy_version) != ACM_POLICY_VERSION) || + (ntohl(pol->primary_policy_code) != acm_bin_pol.primary_policy_code) || + (ntohl(pol->secondary_policy_code) != acm_bin_pol.secondary_policy_code)) { + printkd("%s: Wrong policy magics or versions!\n", __func__); goto error_free; } if (buf_size != ntohl(pol->len)) { @@ -79,21 +69,19 @@ acm_set_policy(void *buf, u16 buf_size, /* get bin_policy lock and rewrite policy (release old one) */ write_lock(&acm_bin_pol_rwlock); - /* 3. now get/set primary policy data */ - if (acm_primary_ops->set_binary_policy(buf + ntohs(pol->primary_buffer_offset), - ntohs(pol->secondary_buffer_offset) - - ntohs(pol->primary_buffer_offset))) { + /* 3. set primary policy data */ + if (acm_primary_ops->set_binary_policy(buf + ntohl(pol->primary_buffer_offset), + ntohl(pol->secondary_buffer_offset) - + ntohl(pol->primary_buffer_offset))) { goto error_lock_free; } - /* 4. now get/set secondary policy data */ - if (acm_secondary_ops->set_binary_policy(buf + ntohs(pol->secondary_buffer_offset), + /* 4. set secondary policy data */ + if (acm_secondary_ops->set_binary_policy(buf + ntohl(pol->secondary_buffer_offset), ntohl(pol->len) - - ntohs(pol->secondary_buffer_offset))) { + ntohl(pol->secondary_buffer_offset))) { goto error_lock_free; } write_unlock(&acm_bin_pol_rwlock); - out: - printk("%s: Done .\n", __func__); if (policy_buffer != NULL) xfree(policy_buffer); return ACM_OK; @@ -121,26 +109,25 @@ acm_get_policy(void *buf, u16 buf_size) /* future: read policy from file and set it */ bin_pol = (struct acm_policy_buffer *)policy_buffer; bin_pol->magic = htonl(ACM_MAGIC); - bin_pol->policyversion = htonl(POLICY_INTERFACE_VERSION); - bin_pol->primary_policy_code = htons(acm_bin_pol.primary_policy_code); - bin_pol->secondary_policy_code = htons(acm_bin_pol.secondary_policy_code); + bin_pol->primary_policy_code = htonl(acm_bin_pol.primary_policy_code); + bin_pol->secondary_policy_code = htonl(acm_bin_pol.secondary_policy_code); bin_pol->len = htonl(sizeof(struct acm_policy_buffer)); - bin_pol->primary_buffer_offset = htons(ntohl(bin_pol->len)); - bin_pol->secondary_buffer_offset = htons(ntohl(bin_pol->len)); + bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len)); + bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len)); - ret = acm_primary_ops->dump_binary_policy (policy_buffer + ntohs(bin_pol->primary_buffer_offset), - buf_size - ntohs(bin_pol->primary_buffer_offset)); + ret = acm_primary_ops->dump_binary_policy (policy_buffer + ntohl(bin_pol->primary_buffer_offset), + buf_size - ntohl(bin_pol->primary_buffer_offset)); if (ret < 0) { printk("%s: ERROR creating chwallpolicy buffer.\n", __func__); read_unlock(&acm_bin_pol_rwlock); return -1; } bin_pol->len = htonl(ntohl(bin_pol->len) + ret); - bin_pol->secondary_buffer_offset = htons(ntohl(bin_pol->len)); + bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len)); - ret = acm_secondary_ops->dump_binary_policy(policy_buffer + ntohs(bin_pol->secondary_buffer_offset), - buf_size - ntohs(bin_pol->secondary_buffer_offset)); + ret = acm_secondary_ops->dump_binary_policy(policy_buffer + ntohl(bin_pol->secondary_buffer_offset), + buf_size - ntohl(bin_pol->secondary_buffer_offset)); if (ret < 0) { printk("%s: ERROR creating chwallpolicy buffer.\n", __func__); read_unlock(&acm_bin_pol_rwlock); @@ -178,11 +165,10 @@ acm_dump_statistics(void *buf, u16 buf_s goto error_lock_free; acm_stats.magic = htonl(ACM_MAGIC); - acm_stats.policyversion = htonl(POLICY_INTERFACE_VERSION); - acm_stats.primary_policy_code = htons(acm_bin_pol.primary_policy_code); - acm_stats.secondary_policy_code = htons(acm_bin_pol.secondary_policy_code); - acm_stats.primary_stats_offset = htons(sizeof(struct acm_stats_buffer)); - acm_stats.secondary_stats_offset = htons(sizeof(struct acm_stats_buffer) + len1); + acm_stats.primary_policy_code = htonl(acm_bin_pol.primary_policy_code); + acm_stats.secondary_policy_code = htonl(acm_bin_pol.secondary_policy_code); + acm_stats.primary_stats_offset = htonl(sizeof(struct acm_stats_buffer)); + acm_stats.secondary_stats_offset = htonl(sizeof(struct acm_stats_buffer) + len1); acm_stats.len = htonl(sizeof(struct acm_stats_buffer) + len1 + len2); memcpy(stats_buffer, &acm_stats, sizeof(struct acm_stats_buffer)); Index: xen-unstable.hg-shype/xen/acm/acm_core.c =================================================================== --- xen-unstable.hg-shype.orig/xen/acm/acm_core.c +++ xen-unstable.hg-shype/xen/acm/acm_core.c @@ -120,7 +120,6 @@ acm_setup(unsigned int *initrdidx, if (ntohl(pol->magic) == ACM_MAGIC) { rc = acm_set_policy((void *)_policy_start, (u16)_policy_len, - ACM_USE_SECURITY_POLICY, 0); if (rc == ACM_OK) { printf("Policy len 0x%lx, start at %p.\n",_policy_len,_policy_start);