[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [Patch 2 / 8][ACM] - xen policy name support



This patch adds support in the hypervisor for the policy name attribute introduced into security policies. It also fixes a minor problem related to handling unsupported boot policies.

Signed-off by: Reiner Sailer <sailer@xxxxxxxxxx>

---
 xen/acm/acm_core.c           |   49 +++++++++++++++++++++++++++++++++++--------
 xen/acm/acm_policy.c         |   27 +++++++++++++++++++++--
 xen/include/acm/acm_core.h   |    4 ++-
 xen/include/public/acm.h     |   18 ++++++++++-----
 xen/include/public/acm_ops.h |    2 -
 5 files changed, 82 insertions(+), 18 deletions(-)

Index: xen-unstable.hg-shype/xen/acm/acm_core.c
===================================================================
--- xen-unstable.hg-shype.orig/xen/acm/acm_core.c
+++ xen-unstable.hg-shype/xen/acm/acm_core.c
@@ -70,17 +70,46 @@ acm_set_endian(void)
     u32 test = 1;
     if (*((u8 *)&test) == 1)
     {
-        printk("ACM module running in LITTLE ENDIAN.\n");
+        printkd("ACM module running in LITTLE ENDIAN.\n");
         little_endian = 1;
     }
     else
     {
-        printk("ACM module running in BIG ENDIAN.\n");
+        printkd("ACM module running in BIG ENDIAN.\n");
         little_endian = 0;
     }
 }
 
 int
+acm_set_policy_reference(u8 * buf, u32 buf_size)
+{
+    struct acm_policy_reference_buffer *pr = (struct 
acm_policy_reference_buffer *)buf;
+    acm_bin_pol.policy_reference_name = (char *)xmalloc_array(u8, 
ntohl(pr->len));
+
+    if (!acm_bin_pol.policy_reference_name)
+        return -ENOMEM;
+
+    strcpy(acm_bin_pol.policy_reference_name, (char *)(buf + sizeof(struct 
acm_policy_reference_buffer)));
+    printk("%s: Activating policy %s\n", __func__, 
acm_bin_pol.policy_reference_name);
+    return 0;
+}
+
+int
+acm_dump_policy_reference(u8 *buf, u32 buf_size)
+{
+    struct acm_policy_reference_buffer *pr_buf = (struct 
acm_policy_reference_buffer *)buf;
+    int ret = sizeof(struct acm_policy_reference_buffer) + 
strlen(acm_bin_pol.policy_reference_name) + 1;
+
+    if (buf_size < ret)
+        return -EINVAL;
+
+    pr_buf->len = htonl(strlen(acm_bin_pol.policy_reference_name) + 1); /* 
including stringend '\0' */
+    strcpy((char *)(buf + sizeof(struct acm_policy_reference_buffer)),
+           acm_bin_pol.policy_reference_name);
+    return ret;
+}
+
+int
 acm_init_binary_policy(u32 policy_code)
 {
     int ret = ACM_OK;
@@ -198,7 +227,7 @@ acm_setup(unsigned int *initrdidx,
                                 0);
             if (rc == ACM_OK)
             {
-                printf("Policy len  0x%lx, start at 
%p.\n",_policy_len,_policy_start);
+                printkd("Policy len  0x%lx, start at 
%p.\n",_policy_len,_policy_start);
                 if (i == 1)
                 {
                     if (mbi->mods_count > 2)
@@ -218,6 +247,8 @@ acm_setup(unsigned int *initrdidx,
             else
             {
                 printk("Invalid policy. %d.th module line.\n", i+1);
+                /* load default policy later */
+                acm_active_security_policy = ACM_POLICY_UNDEFINED;
             }
         } /* end if a binary policy definition, i.e., (ntohl(pol->magic) == 
ACM_MAGIC ) */
     }
@@ -239,10 +270,8 @@ acm_init(unsigned int *initrdidx,
 
     if (acm_active_security_policy != ACM_POLICY_UNDEFINED)
     {
-        printk("%s: Boot-Policy. Enforcing %s: Primary %s, Secondary %s.\n", 
__func__,
-               ACM_POLICY_NAME(acm_active_security_policy),
-               ACM_POLICY_NAME(acm_bin_pol.primary_policy_code),
-               ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
+        printk("%s: Enforcing %s boot policy.\n", __func__,
+               ACM_POLICY_NAME(acm_active_security_policy));
         goto out;
     }
     /* else continue with the minimal hardcoded default startup policy */
@@ -254,6 +283,10 @@ acm_init(unsigned int *initrdidx,
         goto out;
     }
     acm_active_security_policy = ACM_DEFAULT_SECURITY_POLICY;
+    if (acm_active_security_policy != ACM_NULL_POLICY)
+        acm_bin_pol.policy_reference_name = "DEFAULT";
+    else
+        acm_bin_pol.policy_reference_name = "NULL";
 
  out:
     if (ret != ACM_OK)
@@ -314,7 +347,7 @@ acm_init_domain_ssid(domid_t id, ssidref
         put_domain(subj);
         return ACM_INIT_SSID_ERROR;
     }
-    printk("%s: assigned domain %x the ssidref=%x.\n",
+    printkd("%s: assigned domain %x the ssidref=%x.\n",
            __func__, id, ssid->ssidref);
     put_domain(subj);
     return ACM_OK;
Index: xen-unstable.hg-shype/xen/acm/acm_policy.c
===================================================================
--- xen-unstable.hg-shype.orig/xen/acm/acm_policy.c
+++ xen-unstable.hg-shype/xen/acm/acm_policy.c
@@ -85,13 +85,19 @@ acm_set_policy(void *buf, u32 buf_size, 
     /* get bin_policy lock and rewrite policy (release old one) */
     write_lock(&acm_bin_pol_rwlock);
 
-    /* 3. set primary policy data */
+    /* 3. set label reference name */
+    if (acm_set_policy_reference(buf + ntohl(pol->policy_reference_offset),
+                                 ntohl(pol->primary_buffer_offset) -
+                                 ntohl(pol->policy_reference_offset)))
+        goto error_lock_free;
+
+    /* 4. set primary policy data */
     if (acm_primary_ops->set_binary_policy(buf + 
ntohl(pol->primary_buffer_offset),
                                            ntohl(pol->secondary_buffer_offset) 
-
                                            ntohl(pol->primary_buffer_offset)))
         goto error_lock_free;
 
-    /* 4. set secondary policy data */
+    /* 5. set secondary policy data */
     if (acm_secondary_ops->set_binary_policy(buf + 
ntohl(pol->secondary_buffer_offset),
                                              ntohl(pol->len) - 
                                              
ntohl(pol->secondary_buffer_offset)))
@@ -130,9 +136,18 @@ acm_get_policy(void *buf, u32 buf_size)
     bin_pol->secondary_policy_code = htonl(acm_bin_pol.secondary_policy_code);
 
     bin_pol->len = htonl(sizeof(struct acm_policy_buffer));
+    bin_pol->policy_reference_offset = htonl(ntohl(bin_pol->len));
     bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len));
     bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len));
      
+    ret = acm_dump_policy_reference(policy_buffer + 
ntohl(bin_pol->policy_reference_offset),
+                                    buf_size - 
ntohl(bin_pol->policy_reference_offset));
+    if (ret < 0)
+        goto error_free_unlock;
+
+    bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
+    bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len));
+
     ret = acm_primary_ops->dump_binary_policy (policy_buffer + 
ntohl(bin_pol->primary_buffer_offset),
                                                buf_size - 
ntohl(bin_pol->primary_buffer_offset));
     if (ret < 0)
@@ -227,6 +242,14 @@ acm_get_ssid(ssidref_t ssidref, u8 *buf,
     acm_ssid->ssidref = ssidref;
     acm_ssid->primary_policy_code = acm_bin_pol.primary_policy_code;
     acm_ssid->secondary_policy_code = acm_bin_pol.secondary_policy_code;
+
+    acm_ssid->policy_reference_offset = acm_ssid->len;
+    ret = acm_dump_policy_reference(ssid_buffer + 
acm_ssid->policy_reference_offset,
+                                    buf_size - 
acm_ssid->policy_reference_offset);
+    if (ret < 0)
+        goto error_free_unlock;
+
+    acm_ssid->len += ret;
     acm_ssid->primary_types_offset = acm_ssid->len;
 
     /* ret >= 0 --> ret == max_types */
Index: xen-unstable.hg-shype/xen/include/acm/acm_core.h
===================================================================
--- xen-unstable.hg-shype.orig/xen/include/acm/acm_core.h
+++ xen-unstable.hg-shype/xen/include/acm/acm_core.h
@@ -26,6 +26,7 @@
 
 /* Xen-internal representation of the binary policy */
 struct acm_binary_policy {
+    char *policy_reference_name;
     u16 primary_policy_code;
     u16 secondary_policy_code;
 };
@@ -124,7 +125,8 @@ int acm_get_policy(void *buf, u32 buf_si
 int acm_dump_statistics(void *buf, u16 buf_size);
 int acm_get_ssid(ssidref_t ssidref, u8 *buf, u16 buf_size);
 int acm_get_decision(ssidref_t ssidref1, ssidref_t ssidref2, enum 
acm_hook_type hook);
-
+int acm_set_policy_reference(u8 * buf, u32 buf_size);
+int acm_dump_policy_reference(u8 *buf, u32 buf_size);
 #endif
 
 /*
Index: xen-unstable.hg-shype/xen/include/public/acm.h
===================================================================
--- xen-unstable.hg-shype.orig/xen/include/public/acm.h
+++ xen-unstable.hg-shype/xen/include/public/acm.h
@@ -51,17 +51,17 @@
 
 /* policy: */
 #define ACM_POLICY_NAME(X) \
- ((X) == (ACM_NULL_POLICY)) ? "NULL policy" :                        \
-    ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL policy" :        \
-    ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT 
policy" : \
-    ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE 
WALL AND SIMPLE TYPE ENFORCEMENT policy" : \
-     "UNDEFINED policy"
+ ((X) == (ACM_NULL_POLICY)) ? "NULL" :                        \
+    ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL" :        \
+    ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT" 
: \
+    ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE 
WALL AND SIMPLE TYPE ENFORCEMENT" : \
+     "UNDEFINED"
 
 /* the following policy versions must be increased
  * whenever the interpretation of the related
  * policy's data structure changes
  */
-#define ACM_POLICY_VERSION 1
+#define ACM_POLICY_VERSION 2
 #define ACM_CHWALL_VERSION 1
 #define ACM_STE_VERSION  1
 
@@ -113,12 +113,17 @@ struct acm_policy_buffer {
     uint32_t policy_version; /* ACM_POLICY_VERSION */
     uint32_t magic;
     uint32_t len;
+    uint32_t policy_reference_offset;
     uint32_t primary_policy_code;
     uint32_t primary_buffer_offset;
     uint32_t secondary_policy_code;
     uint32_t secondary_buffer_offset;
 };
 
+struct acm_policy_reference_buffer {
+    uint32_t len;
+};
+
 struct acm_chwall_policy_buffer {
     uint32_t policy_version; /* ACM_CHWALL_VERSION */
     uint32_t policy_code;
@@ -160,6 +165,7 @@ struct acm_ste_stats_buffer {
 struct acm_ssid_buffer {
     uint32_t len;
     ssidref_t ssidref;
+    uint32_t policy_reference_offset;
     uint32_t primary_policy_code;
     uint32_t primary_max_types;
     uint32_t primary_types_offset;
Index: xen-unstable.hg-shype/xen/include/public/acm_ops.h
===================================================================
--- xen-unstable.hg-shype.orig/xen/include/public/acm_ops.h
+++ xen-unstable.hg-shype/xen/include/public/acm_ops.h
@@ -17,7 +17,7 @@
  * This makes sure that old versions of acm tools will stop working in a
  * well-defined way (rather than crashing the machine, for instance).
  */
-#define ACM_INTERFACE_VERSION   0xAAAA0005
+#define ACM_INTERFACE_VERSION   0xAAAA0006
 
 /************************************************************************/
 


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.