aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorkfraser@localhost.localdomain <kfraser@localhost.localdomain>2007-08-31 12:05:07 +0100
committerkfraser@localhost.localdomain <kfraser@localhost.localdomain>2007-08-31 12:05:07 +0100
commit61c6564d34361efda2d134145f3ce39796b23ed1 (patch)
tree4d6f5196f90c41ce349193d09c99a2e3a48177da
parent670a6002b949ebb60f7cb3e5d950e163d9314859 (diff)
downloadxen-61c6564d34361efda2d134145f3ce39796b23ed1.tar.gz
xen-61c6564d34361efda2d134145f3ce39796b23ed1.tar.bz2
xen-61c6564d34361efda2d134145f3ce39796b23ed1.zip
Cleanups after XSM checkin.
Signed-off-by: Keir Fraser <keir@xensource.com> --HG-- rename : xen/include/public/acm.h => xen/include/public/xsm/acm.h rename : xen/include/public/acm_ops.h => xen/include/public/xsm/acm_ops.h rename : xen/include/acm/acm_core.h => xen/include/xsm/acm/acm_core.h rename : xen/include/acm/acm_endian.h => xen/include/xsm/acm/acm_endian.h rename : xen/include/acm/acm_hooks.h => xen/include/xsm/acm/acm_hooks.h
-rw-r--r--.hgignore1
-rw-r--r--Config.mk12
-rw-r--r--tools/Rules.mk2
-rw-r--r--tools/libxc/xenctrl.h4
-rw-r--r--tools/python/xen/lowlevel/acm/acm.c5
-rw-r--r--tools/security/secpol_tool.c4
-rw-r--r--tools/security/secpol_xml2bin.c3
-rw-r--r--xen/Rules.mk8
-rw-r--r--xen/arch/ia64/xen/xensetup.c2
-rw-r--r--xen/arch/powerpc/setup.c2
-rw-r--r--xen/arch/x86/setup.c2
-rw-r--r--xen/include/public/xsm/acm.h (renamed from xen/include/public/acm.h)2
-rw-r--r--xen/include/public/xsm/acm_ops.h (renamed from xen/include/public/acm_ops.h)2
-rw-r--r--xen/include/xen/sched.h5
-rw-r--r--xen/include/xsm/acm/acm_core.h (renamed from xen/include/acm/acm_core.h)6
-rw-r--r--xen/include/xsm/acm/acm_endian.h (renamed from xen/include/acm/acm_endian.h)0
-rw-r--r--xen/include/xsm/acm/acm_hooks.h (renamed from xen/include/acm/acm_hooks.h)4
-rw-r--r--xen/xsm/acm/acm_chinesewall_hooks.c9
-rw-r--r--xen/xsm/acm/acm_core.c10
-rw-r--r--xen/xsm/acm/acm_null_hooks.c2
-rw-r--r--xen/xsm/acm/acm_ops.c6
-rw-r--r--xen/xsm/acm/acm_policy.c8
-rw-r--r--xen/xsm/acm/acm_simple_type_enforcement_hooks.c6
-rw-r--r--xen/xsm/acm/acm_xsm_hooks.c20
24 files changed, 61 insertions, 64 deletions
diff --git a/.hgignore b/.hgignore
index c7c91874fa..0b155addc5 100644
--- a/.hgignore
+++ b/.hgignore
@@ -151,6 +151,7 @@
^tools/python/build/.*$
^tools/security/secpol_tool$
^tools/security/xen/.*$
+^tools/security/xensec_tool$
^tools/tests/blowfish\.bin$
^tools/tests/blowfish\.h$
^tools/tests/test_x86_emulator$
diff --git a/Config.mk b/Config.mk
index 52cad41db3..909e21787e 100644
--- a/Config.mk
+++ b/Config.mk
@@ -79,19 +79,9 @@ LDFLAGS += $(foreach i, $(EXTRA_LIB), -L$(i))
CFLAGS += $(foreach i, $(EXTRA_INCLUDES), -I$(i))
# Enable XSM security module. Enabling XSM requires selection of an
-# XSM security module.
+# XSM security module (FLASK_ENABLE or ACM_SECURITY).
XSM_ENABLE ?= n
-ifeq ($(XSM_ENABLE),y)
FLASK_ENABLE ?= n
-ifeq ($(FLASK_ENABLE),y)
-FLASK_DEVELOP ?= y
-FLASK_BOOTPARAM ?= y
-FLASK_AVC_STATS ?= y
-endif
-endif
-
-# If ACM_SECURITY = y, then the access control module is compiled
-# into Xen and the policy type can be set by the boot policy file
ACM_SECURITY ?= n
# Optional components
diff --git a/tools/Rules.mk b/tools/Rules.mk
index 4d0b193a53..aab715989b 100644
--- a/tools/Rules.mk
+++ b/tools/Rules.mk
@@ -49,6 +49,8 @@ mk-symlinks:
( cd xen/hvm && ln -sf ../../$(XEN_ROOT)/xen/include/public/hvm/*.h . )
mkdir -p xen/io
( cd xen/io && ln -sf ../../$(XEN_ROOT)/xen/include/public/io/*.h . )
+ mkdir -p xen/xsm
+ ( cd xen/xsm && ln -sf ../../$(XEN_ROOT)/xen/include/public/xsm/*.h . )
mkdir -p xen/arch-x86
( cd xen/arch-x86 && ln -sf ../../$(XEN_ROOT)/xen/include/public/arch-x86/*.h . )
mkdir -p xen/foreign
diff --git a/tools/libxc/xenctrl.h b/tools/libxc/xenctrl.h
index 73ff16c2cf..591e6c25a3 100644
--- a/tools/libxc/xenctrl.h
+++ b/tools/libxc/xenctrl.h
@@ -26,8 +26,8 @@
#include <xen/event_channel.h>
#include <xen/sched.h>
#include <xen/memory.h>
-#include <xen/acm.h>
-#include <xen/acm_ops.h>
+#include <xen/xsm/acm.h>
+#include <xen/xsm/acm_ops.h>
#ifdef __ia64__
#define XC_PAGE_SHIFT 14
diff --git a/tools/python/xen/lowlevel/acm/acm.c b/tools/python/xen/lowlevel/acm/acm.c
index 9b59ea48ed..0a37ba3d92 100644
--- a/tools/python/xen/lowlevel/acm/acm.c
+++ b/tools/python/xen/lowlevel/acm/acm.c
@@ -18,6 +18,7 @@
*
* indent -i4 -kr -nut
*/
+
#include <Python.h>
#include <stdio.h>
@@ -27,8 +28,8 @@
#include <stdlib.h>
#include <sys/ioctl.h>
#include <netinet/in.h>
-#include <xen/acm.h>
-#include <xen/acm_ops.h>
+#include <xen/xsm/acm.h>
+#include <xen/xsm/acm_ops.h>
#include <xenctrl.h>
diff --git a/tools/security/secpol_tool.c b/tools/security/secpol_tool.c
index 9845ef6bb4..14b4bcc73d 100644
--- a/tools/security/secpol_tool.c
+++ b/tools/security/secpol_tool.c
@@ -34,8 +34,8 @@
#include <string.h>
#include <netinet/in.h>
#include <stdint.h>
-#include <xen/acm.h>
-#include <xen/acm_ops.h>
+#include <xen/xsm/acm.h>
+#include <xen/xsm/acm_ops.h>
#include <xenctrl.h>
diff --git a/tools/security/secpol_xml2bin.c b/tools/security/secpol_xml2bin.c
index 98ef3e1af3..0fbe8efcbd 100644
--- a/tools/security/secpol_xml2bin.c
+++ b/tools/security/secpol_xml2bin.c
@@ -22,6 +22,7 @@
*
* indent -i4 -kr -nut
*/
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -38,7 +39,7 @@
#include <libxml/tree.h>
#include <libxml/xmlreader.h>
#include <stdint.h>
-#include <xen/acm.h>
+#include <xen/xsm/acm.h>
#include "secpol_xml2bin.h"
diff --git a/xen/Rules.mk b/xen/Rules.mk
index acf739d8a8..b4abd642c7 100644
--- a/xen/Rules.mk
+++ b/xen/Rules.mk
@@ -57,11 +57,9 @@ ALL_OBJS-y += $(BASEDIR)/arch/$(TARGET_ARCH)/built_in.o
CFLAGS-y += -g -D__XEN__
CFLAGS-$(XSM_ENABLE) += -DXSM_ENABLE
-CFLAGS-$(FLASK_ENABLE) += -DFLASK_ENABLE -DXSM_MAGIC=0xf97cff8c
-CFLAGS-$(FLASK_DEVELOP) += -DFLASK_DEVELOP
-CFLAGS-$(FLASK_BOOTPARAM) += -DFLASK_BOOTPARAM
-CFLAGS-$(FLASK_AVC_STATS) += -DFLASK_AVC_STATS
-CFLAGS-$(ACM_SECURITY) += -DACM_SECURITY -DXSM_MAGIC=0xbcde0100
+CFLAGS-$(FLASK_ENABLE) += -DFLASK_ENABLE -DXSM_MAGIC=0xf97cff8c
+CFLAGS-$(FLASK_ENABLE) += -DFLASK_DEVELOP -DFLASK_BOOTPARAM -DFLASK_AVC_STATS
+CFLAGS-$(ACM_SECURITY) += -DACM_SECURITY -DXSM_MAGIC=0xbcde0100
CFLAGS-$(verbose) += -DVERBOSE
CFLAGS-$(crash_debug) += -DCRASH_DEBUG
CFLAGS-$(perfc) += -DPERF_COUNTERS
diff --git a/xen/arch/ia64/xen/xensetup.c b/xen/arch/ia64/xen/xensetup.c
index 8d2143eb0c..40b139f5d2 100644
--- a/xen/arch/ia64/xen/xensetup.c
+++ b/xen/arch/ia64/xen/xensetup.c
@@ -28,7 +28,7 @@
#include <asm/iosapic.h>
#include <xen/softirq.h>
#include <xen/rcupdate.h>
-#include <acm/acm_hooks.h>
+#include <xsm/acm/acm_hooks.h>
#include <asm/sn/simulator.h>
unsigned long xenheap_phys_end, total_pages;
diff --git a/xen/arch/powerpc/setup.c b/xen/arch/powerpc/setup.c
index 4607534c67..6abf10cf17 100644
--- a/xen/arch/powerpc/setup.c
+++ b/xen/arch/powerpc/setup.c
@@ -38,7 +38,7 @@
#include <xen/numa.h>
#include <xen/rcupdate.h>
#include <xen/version.h>
-#include <acm/acm_hooks.h>
+#include <xsm/acm/acm_hooks.h>
#include <public/version.h>
#include <asm/mpic.h>
#include <asm/processor.h>
diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index 5f6bd7330d..99b752ac38 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -32,7 +32,7 @@
#include <asm/desc.h>
#include <asm/paging.h>
#include <asm/e820.h>
-#include <acm/acm_hooks.h>
+#include <xsm/acm/acm_hooks.h>
#include <xen/kexec.h>
#include <asm/edd.h>
#include <xsm/xsm.h>
diff --git a/xen/include/public/acm.h b/xen/include/public/xsm/acm.h
index 79fc510746..09e7879238 100644
--- a/xen/include/public/acm.h
+++ b/xen/include/public/xsm/acm.h
@@ -26,7 +26,7 @@
#ifndef _XEN_PUBLIC_ACM_H
#define _XEN_PUBLIC_ACM_H
-#include "xen.h"
+#include "../xen.h"
/* if ACM_DEBUG defined, all hooks should
* print a short trace message (comment it out
diff --git a/xen/include/public/acm_ops.h b/xen/include/public/xsm/acm_ops.h
index 27a88720a7..1fef7a0f8b 100644
--- a/xen/include/public/acm_ops.h
+++ b/xen/include/public/xsm/acm_ops.h
@@ -26,7 +26,7 @@
#ifndef __XEN_PUBLIC_ACM_OPS_H__
#define __XEN_PUBLIC_ACM_OPS_H__
-#include "xen.h"
+#include "../xen.h"
#include "acm.h"
/*
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index 703b339918..9135ca3b44 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -10,7 +10,7 @@
#include <public/xen.h>
#include <public/domctl.h>
#include <public/vcpu.h>
-#include <public/acm.h>
+#include <public/xsm/acm.h>
#include <xen/time.h>
#include <xen/timer.h>
#include <xen/grant_table.h>
@@ -63,6 +63,9 @@ struct evtchn
u16 pirq; /* state == ECS_PIRQ */
u16 virq; /* state == ECS_VIRQ */
} u;
+#ifdef FLASK_ENABLE
+ void *ssid;
+#endif
};
int evtchn_init(struct domain *d);
diff --git a/xen/include/acm/acm_core.h b/xen/include/xsm/acm/acm_core.h
index 1db2f32120..b6d30d7c7b 100644
--- a/xen/include/acm/acm_core.h
+++ b/xen/include/xsm/acm/acm_core.h
@@ -21,9 +21,9 @@
#include <xen/spinlock.h>
#include <xen/list.h>
-#include <public/acm.h>
-#include <public/acm_ops.h>
-#include <acm/acm_endian.h>
+#include <public/xsm/acm.h>
+#include <public/xsm/acm_ops.h>
+#include <xsm/acm/acm_endian.h>
#define ACM_DEFAULT_SECURITY_POLICY \
ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
diff --git a/xen/include/acm/acm_endian.h b/xen/include/xsm/acm/acm_endian.h
index 11781dd4f4..11781dd4f4 100644
--- a/xen/include/acm/acm_endian.h
+++ b/xen/include/xsm/acm/acm_endian.h
diff --git a/xen/include/acm/acm_hooks.h b/xen/include/xsm/acm/acm_hooks.h
index 896a901250..54bd15e2a0 100644
--- a/xen/include/acm/acm_hooks.h
+++ b/xen/include/xsm/acm/acm_hooks.h
@@ -26,8 +26,8 @@
#include <xen/delay.h>
#include <xen/sched.h>
#include <xen/multiboot.h>
-#include <public/acm.h>
-#include <acm/acm_core.h>
+#include <public/xsm/acm.h>
+#include <xsm/acm/acm_core.h>
#include <public/domctl.h>
#include <public/event_channel.h>
#include <asm/current.h>
diff --git a/xen/xsm/acm/acm_chinesewall_hooks.c b/xen/xsm/acm/acm_chinesewall_hooks.c
index b05cecf9ae..5208d3ee45 100644
--- a/xen/xsm/acm/acm_chinesewall_hooks.c
+++ b/xen/xsm/acm/acm_chinesewall_hooks.c
@@ -36,12 +36,11 @@
#include <xen/lib.h>
#include <xen/delay.h>
#include <xen/sched.h>
-#include <public/acm.h>
+#include <public/xsm/acm.h>
#include <asm/atomic.h>
-#include <acm/acm_core.h>
-#include <acm/acm_hooks.h>
-#include <acm/acm_endian.h>
-#include <acm/acm_core.h>
+#include <xsm/acm/acm_core.h>
+#include <xsm/acm/acm_hooks.h>
+#include <xsm/acm/acm_endian.h>
ssidref_t dom0_chwall_ssidref = 0x0001;
diff --git a/xen/xsm/acm/acm_core.c b/xen/xsm/acm/acm_core.c
index 57a4370d71..59a281446d 100644
--- a/xen/xsm/acm/acm_core.c
+++ b/xen/xsm/acm/acm_core.c
@@ -1,4 +1,4 @@
-/****************************************************************
+#/****************************************************************
* acm_core.c
*
* Copyright (C) 2005 IBM Corporation
@@ -29,16 +29,16 @@
#include <xen/delay.h>
#include <xen/sched.h>
#include <xen/multiboot.h>
-#include <acm/acm_hooks.h>
-#include <acm/acm_endian.h>
+#include <xsm/acm/acm_hooks.h>
+#include <xsm/acm/acm_endian.h>
#include <xsm/xsm.h>
/* debug:
- * include/acm/acm_hooks.h defines a constant ACM_TRACE_MODE;
+ * include/xsm/acm/acm_hooks.h defines a constant ACM_TRACE_MODE;
* define/undefine this constant to receive / suppress any
* security hook debug output of sHype
*
- * include/public/acm.h defines a constant ACM_DEBUG
+ * include/public/xsm/acm.h defines a constant ACM_DEBUG
* define/undefine this constant to receive non-hook-related
* debug output.
*/
diff --git a/xen/xsm/acm/acm_null_hooks.c b/xen/xsm/acm/acm_null_hooks.c
index c3bd87f4f3..440ee61bd8 100644
--- a/xen/xsm/acm/acm_null_hooks.c
+++ b/xen/xsm/acm/acm_null_hooks.c
@@ -12,7 +12,7 @@
* License.
*/
-#include <acm/acm_hooks.h>
+#include <xsm/acm/acm_hooks.h>
static int
null_init_domain_ssid(void **ssid, ssidref_t ssidref)
diff --git a/xen/xsm/acm/acm_ops.c b/xen/xsm/acm/acm_ops.c
index e4f38ef113..8edd5d428b 100644
--- a/xen/xsm/acm/acm_ops.c
+++ b/xen/xsm/acm/acm_ops.c
@@ -18,14 +18,14 @@
#include <xen/types.h>
#include <xen/lib.h>
#include <xen/mm.h>
-#include <public/acm.h>
-#include <public/acm_ops.h>
+#include <public/xsm/acm.h>
+#include <public/xsm/acm_ops.h>
#include <xen/sched.h>
#include <xen/event.h>
#include <xen/trace.h>
#include <xen/console.h>
#include <xen/guest_access.h>
-#include <acm/acm_hooks.h>
+#include <xsm/acm/acm_hooks.h>
#ifndef ACM_SECURITY
diff --git a/xen/xsm/acm/acm_policy.c b/xen/xsm/acm/acm_policy.c
index e0c7bce544..6f334effa8 100644
--- a/xen/xsm/acm/acm_policy.c
+++ b/xen/xsm/acm/acm_policy.c
@@ -28,10 +28,10 @@
#include <xen/sched.h>
#include <xen/guest_access.h>
#include <public/xen.h>
-#include <acm/acm_core.h>
-#include <public/acm_ops.h>
-#include <acm/acm_hooks.h>
-#include <acm/acm_endian.h>
+#include <xsm/acm/acm_core.h>
+#include <public/xsm/acm_ops.h>
+#include <xsm/acm/acm_hooks.h>
+#include <xsm/acm/acm_endian.h>
#include <asm/current.h>
static int acm_check_deleted_ssidrefs(struct acm_sized_buffer *dels,
diff --git a/xen/xsm/acm/acm_simple_type_enforcement_hooks.c b/xen/xsm/acm/acm_simple_type_enforcement_hooks.c
index eaeb0a233b..652351ab05 100644
--- a/xen/xsm/acm/acm_simple_type_enforcement_hooks.c
+++ b/xen/xsm/acm/acm_simple_type_enforcement_hooks.c
@@ -28,10 +28,10 @@
#include <xen/lib.h>
#include <asm/types.h>
#include <asm/current.h>
-#include <acm/acm_hooks.h>
#include <asm/atomic.h>
-#include <acm/acm_endian.h>
-#include <acm/acm_core.h>
+#include <xsm/acm/acm_hooks.h>
+#include <xsm/acm/acm_endian.h>
+#include <xsm/acm/acm_core.h>
ssidref_t dom0_ste_ssidref = 0x0001;
diff --git a/xen/xsm/acm/acm_xsm_hooks.c b/xen/xsm/acm/acm_xsm_hooks.c
index 6affebdf23..6d3202b45f 100644
--- a/xen/xsm/acm/acm_xsm_hooks.c
+++ b/xen/xsm/acm/acm_xsm_hooks.c
@@ -20,34 +20,36 @@
*/
#include <xsm/xsm.h>
-#include <acm/acm_hooks.h>
-#include <public/acm.h>
+#include <xsm/acm/acm_hooks.h>
+#include <public/xsm/acm.h>
-static int acm_grant_mapref (struct domain *ld, struct domain *rd,
- uint32_t flags)
+static int acm_grant_mapref(
+ struct domain *ld, struct domain *rd, uint32_t flags)
{
domid_t id = rd->domain_id;
return acm_pre_grant_map_ref(id);
}
-static int acm_evtchn_unbound (struct domain *d1, struct evtchn *chn1, domid_t id2)
+static int acm_evtchn_unbound(
+ struct domain *d1, struct evtchn *chn1, domid_t id2)
{
domid_t id1 = d1->domain_id;
return acm_pre_eventchannel_unbound(id1, id2);
}
-static int acm_evtchn_interdomain (struct domain *d1, struct evtchn *chn1,
- struct domain *d2, struct evtchn *chn2)
+static int acm_evtchn_interdomain(
+ struct domain *d1, struct evtchn *chn1,
+ struct domain *d2, struct evtchn *chn2)
{
domid_t id2 = d2->domain_id;
return acm_pre_eventchannel_interdomain(id2);
}
-static void acm_security_domaininfo (struct domain *d,
- struct xen_domctl_getdomaininfo *info)
+static void acm_security_domaininfo(
+ struct domain *d, struct xen_domctl_getdomaininfo *info)
{
if ( d->ssid != NULL )
info->ssidref = ((struct acm_ssid_domain *)d->ssid)->ssidref;