Cleanups after XSM checkin.

Signed-off-by: Keir Fraser <keir@xensource.com> --HG-- rename : xen/include/public/acm.h => xen/include/public/xsm/acm.h rename : xen/include/public/acm_ops.h => xen/include/public/xsm/acm_ops.h rename : xen/include/acm/acm_core.h => xen/include/xsm/acm/acm_core.h rename : xen/include/acm/acm_endian.h => xen/include/xsm/acm/acm_endian.h rename : xen/include/acm/acm_hooks.h => xen/include/xsm/acm/acm_hooks.h
author: kfraser@localhost.localdomain <kfraser@localhost.localdomain> 2007-08-31 12:05:07 +0100
committer: kfraser@localhost.localdomain <kfraser@localhost.localdomain> 2007-08-31 12:05:07 +0100
commit: 61c6564d34361efda2d134145f3ce39796b23ed1 (patch)
tree: 4d6f5196f90c41ce349193d09c99a2e3a48177da
parent: 670a6002b949ebb60f7cb3e5d950e163d9314859 (diff)
download: xen-61c6564d34361efda2d134145f3ce39796b23ed1.tar.gz
xen-61c6564d34361efda2d134145f3ce39796b23ed1.tar.bz2
xen-61c6564d34361efda2d134145f3ce39796b23ed1.zip
24 files changed, 61 insertions, 64 deletions
diff --git a/.hgignore b/.hgignore
index c7c91874fa..0b155addc5 100644
--- a/.hgignore
+++ b/.hgignore
@@ -151,6 +151,7 @@
 ^tools/python/build/.*$
 ^tools/security/secpol_tool$
 ^tools/security/xen/.*$
+^tools/security/xensec_tool$
 ^tools/tests/blowfish\.bin$
 ^tools/tests/blowfish\.h$
 ^tools/tests/test_x86_emulator$
diff --git a/Config.mk b/Config.mk
index 52cad41db3..909e21787e 100644
--- a/Config.mk
+++ b/Config.mk
@@ -79,19 +79,9 @@ LDFLAGS += $(foreach i, $(EXTRA_LIB), -L$(i))
 CFLAGS += $(foreach i, $(EXTRA_INCLUDES), -I$(i))
 
 # Enable XSM security module.  Enabling XSM requires selection of an 
-# XSM security module.
+# XSM security module (FLASK_ENABLE or ACM_SECURITY).
 XSM_ENABLE ?= n
-ifeq ($(XSM_ENABLE),y)
 FLASK_ENABLE ?= n
-ifeq ($(FLASK_ENABLE),y)
-FLASK_DEVELOP ?= y
-FLASK_BOOTPARAM ?= y
-FLASK_AVC_STATS ?= y
-endif
-endif
-
-# If ACM_SECURITY = y, then the access control module is compiled
-# into Xen and the policy type can be set by the boot policy file
 ACM_SECURITY ?= n
 
 # Optional components
diff --git a/tools/Rules.mk b/tools/Rules.mk
index 4d0b193a53..aab715989b 100644
--- a/tools/Rules.mk
+++ b/tools/Rules.mk
@@ -49,6 +49,8 @@ mk-symlinks:
 	( cd xen/hvm && ln -sf ../../$(XEN_ROOT)/xen/include/public/hvm/*.h . )
 	mkdir -p xen/io
 	( cd xen/io && ln -sf ../../$(XEN_ROOT)/xen/include/public/io/*.h . )
+	mkdir -p xen/xsm
+	( cd xen/xsm && ln -sf ../../$(XEN_ROOT)/xen/include/public/xsm/*.h . )
 	mkdir -p xen/arch-x86
 	( cd xen/arch-x86 && ln -sf ../../$(XEN_ROOT)/xen/include/public/arch-x86/*.h . )
 	mkdir -p xen/foreign
diff --git a/tools/libxc/xenctrl.h b/tools/libxc/xenctrl.h
index 73ff16c2cf..591e6c25a3 100644
--- a/tools/libxc/xenctrl.h
+++ b/tools/libxc/xenctrl.h
@@ -26,8 +26,8 @@
 #include <xen/event_channel.h>
 #include <xen/sched.h>
 #include <xen/memory.h>
-#include <xen/acm.h>
-#include <xen/acm_ops.h>
+#include <xen/xsm/acm.h>
+#include <xen/xsm/acm_ops.h>
 
 #ifdef __ia64__
 #define XC_PAGE_SHIFT           14
diff --git a/tools/python/xen/lowlevel/acm/acm.c b/tools/python/xen/lowlevel/acm/acm.c
index 9b59ea48ed..0a37ba3d92 100644
--- a/tools/python/xen/lowlevel/acm/acm.c
+++ b/tools/python/xen/lowlevel/acm/acm.c
@@ -18,6 +18,7 @@
  *
  * indent -i4 -kr -nut
  */
+
 #include <Python.h>
 
 #include <stdio.h>
@@ -27,8 +28,8 @@
 #include <stdlib.h>
 #include <sys/ioctl.h>
 #include <netinet/in.h>
-#include <xen/acm.h>
-#include <xen/acm_ops.h>
+#include <xen/xsm/acm.h>
+#include <xen/xsm/acm_ops.h>
 
 #include <xenctrl.h>
 
diff --git a/tools/security/secpol_tool.c b/tools/security/secpol_tool.c
index 9845ef6bb4..14b4bcc73d 100644
--- a/tools/security/secpol_tool.c
+++ b/tools/security/secpol_tool.c
@@ -34,8 +34,8 @@
 #include <string.h>
 #include <netinet/in.h>
 #include <stdint.h>
-#include <xen/acm.h>
-#include <xen/acm_ops.h>
+#include <xen/xsm/acm.h>
+#include <xen/xsm/acm_ops.h>
 
 #include <xenctrl.h>
 
diff --git a/tools/security/secpol_xml2bin.c b/tools/security/secpol_xml2bin.c
index 98ef3e1af3..0fbe8efcbd 100644
--- a/tools/security/secpol_xml2bin.c
+++ b/tools/security/secpol_xml2bin.c
@@ -22,6 +22,7 @@
  *
  * indent -i4 -kr -nut
  */
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -38,7 +39,7 @@
 #include <libxml/tree.h>
 #include <libxml/xmlreader.h>
 #include <stdint.h>
-#include <xen/acm.h>
+#include <xen/xsm/acm.h>
 
 #include "secpol_xml2bin.h"
 
diff --git a/xen/Rules.mk b/xen/Rules.mk
index acf739d8a8..b4abd642c7 100644
--- a/xen/Rules.mk
+++ b/xen/Rules.mk
@@ -57,11 +57,9 @@ ALL_OBJS-y               += $(BASEDIR)/arch/$(TARGET_ARCH)/built_in.o
 
 CFLAGS-y                += -g -D__XEN__
 CFLAGS-$(XSM_ENABLE)    += -DXSM_ENABLE
-CFLAGS-$(FLASK_ENABLE)    += -DFLASK_ENABLE -DXSM_MAGIC=0xf97cff8c
-CFLAGS-$(FLASK_DEVELOP)   += -DFLASK_DEVELOP
-CFLAGS-$(FLASK_BOOTPARAM) += -DFLASK_BOOTPARAM
-CFLAGS-$(FLASK_AVC_STATS) += -DFLASK_AVC_STATS
-CFLAGS-$(ACM_SECURITY)    += -DACM_SECURITY -DXSM_MAGIC=0xbcde0100
+CFLAGS-$(FLASK_ENABLE)  += -DFLASK_ENABLE -DXSM_MAGIC=0xf97cff8c
+CFLAGS-$(FLASK_ENABLE)  += -DFLASK_DEVELOP -DFLASK_BOOTPARAM -DFLASK_AVC_STATS
+CFLAGS-$(ACM_SECURITY)  += -DACM_SECURITY -DXSM_MAGIC=0xbcde0100
 CFLAGS-$(verbose)       += -DVERBOSE
 CFLAGS-$(crash_debug)   += -DCRASH_DEBUG
 CFLAGS-$(perfc)         += -DPERF_COUNTERS
diff --git a/xen/arch/ia64/xen/xensetup.c b/xen/arch/ia64/xen/xensetup.c
index 8d2143eb0c..40b139f5d2 100644
--- a/xen/arch/ia64/xen/xensetup.c
+++ b/xen/arch/ia64/xen/xensetup.c
@@ -28,7 +28,7 @@
 #include <asm/iosapic.h>
 #include <xen/softirq.h>
 #include <xen/rcupdate.h>
-#include <acm/acm_hooks.h>
+#include <xsm/acm/acm_hooks.h>
 #include <asm/sn/simulator.h>
 
 unsigned long xenheap_phys_end, total_pages;
diff --git a/xen/arch/powerpc/setup.c b/xen/arch/powerpc/setup.c
index 4607534c67..6abf10cf17 100644
--- a/xen/arch/powerpc/setup.c
+++ b/xen/arch/powerpc/setup.c
@@ -38,7 +38,7 @@
 #include <xen/numa.h>
 #include <xen/rcupdate.h>
 #include <xen/version.h>
-#include <acm/acm_hooks.h>
+#include <xsm/acm/acm_hooks.h>
 #include <public/version.h>
 #include <asm/mpic.h>
 #include <asm/processor.h>
diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index 5f6bd7330d..99b752ac38 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -32,7 +32,7 @@
 #include <asm/desc.h>
 #include <asm/paging.h>
 #include <asm/e820.h>
-#include <acm/acm_hooks.h>
+#include <xsm/acm/acm_hooks.h>
 #include <xen/kexec.h>
 #include <asm/edd.h>
 #include <xsm/xsm.h>
diff --git a/xen/include/public/acm.h b/xen/include/public/xsm/acm.h
index 79fc510746..09e7879238 100644
--- a/xen/include/public/acm.h
+++ b/xen/include/public/xsm/acm.h
@@ -26,7 +26,7 @@
 #ifndef _XEN_PUBLIC_ACM_H
 #define _XEN_PUBLIC_ACM_H
 
-#include "xen.h"
+#include "../xen.h"
 
 /* if ACM_DEBUG defined, all hooks should
  * print a short trace message (comment it out
diff --git a/xen/include/public/acm_ops.h b/xen/include/public/xsm/acm_ops.h
index 27a88720a7..1fef7a0f8b 100644
--- a/xen/include/public/acm_ops.h
+++ b/xen/include/public/xsm/acm_ops.h
@@ -26,7 +26,7 @@
 #ifndef __XEN_PUBLIC_ACM_OPS_H__
 #define __XEN_PUBLIC_ACM_OPS_H__
 
-#include "xen.h"
+#include "../xen.h"
 #include "acm.h"
 
 /*
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index 703b339918..9135ca3b44 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -10,7 +10,7 @@
 #include <public/xen.h>
 #include <public/domctl.h>
 #include <public/vcpu.h>
-#include <public/acm.h>
+#include <public/xsm/acm.h>
 #include <xen/time.h>
 #include <xen/timer.h>
 #include <xen/grant_table.h>
@@ -63,6 +63,9 @@ struct evtchn
         u16 pirq;      /* state == ECS_PIRQ */
         u16 virq;      /* state == ECS_VIRQ */
     } u;
+#ifdef FLASK_ENABLE
+    void *ssid;
+#endif
 };
 
 int  evtchn_init(struct domain *d);
diff --git a/xen/include/acm/acm_core.h b/xen/include/xsm/acm/acm_core.h
index 1db2f32120..b6d30d7c7b 100644
--- a/xen/include/acm/acm_core.h
+++ b/xen/include/xsm/acm/acm_core.h
@@ -21,9 +21,9 @@
 
 #include <xen/spinlock.h>
 #include <xen/list.h>
-#include <public/acm.h>
-#include <public/acm_ops.h>
-#include <acm/acm_endian.h>
+#include <public/xsm/acm.h>
+#include <public/xsm/acm_ops.h>
+#include <xsm/acm/acm_endian.h>
 
 #define ACM_DEFAULT_SECURITY_POLICY \
         ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
diff --git a/xen/include/acm/acm_endian.h b/xen/include/xsm/acm/acm_endian.h
index 11781dd4f4..11781dd4f4 100644
--- a/xen/include/acm/acm_endian.h
+++ b/xen/include/xsm/acm/acm_endian.h
diff --git a/xen/include/acm/acm_hooks.h b/xen/include/xsm/acm/acm_hooks.h
index 896a901250..54bd15e2a0 100644
--- a/xen/include/acm/acm_hooks.h
+++ b/xen/include/xsm/acm/acm_hooks.h
@@ -26,8 +26,8 @@
 #include <xen/delay.h>
 #include <xen/sched.h>
 #include <xen/multiboot.h>
-#include <public/acm.h>
-#include <acm/acm_core.h>
+#include <public/xsm/acm.h>
+#include <xsm/acm/acm_core.h>
 #include <public/domctl.h>
 #include <public/event_channel.h>
 #include <asm/current.h>
diff --git a/xen/xsm/acm/acm_chinesewall_hooks.c b/xen/xsm/acm/acm_chinesewall_hooks.c
index b05cecf9ae..5208d3ee45 100644
--- a/xen/xsm/acm/acm_chinesewall_hooks.c
+++ b/xen/xsm/acm/acm_chinesewall_hooks.c
@@ -36,12 +36,11 @@
 #include <xen/lib.h>
 #include <xen/delay.h>
 #include <xen/sched.h>
-#include <public/acm.h>
+#include <public/xsm/acm.h>
 #include <asm/atomic.h>
-#include <acm/acm_core.h>
-#include <acm/acm_hooks.h>
-#include <acm/acm_endian.h>
-#include <acm/acm_core.h>
+#include <xsm/acm/acm_core.h>
+#include <xsm/acm/acm_hooks.h>
+#include <xsm/acm/acm_endian.h>
 
 ssidref_t dom0_chwall_ssidref = 0x0001;
 
diff --git a/xen/xsm/acm/acm_core.c b/xen/xsm/acm/acm_core.c
index 57a4370d71..59a281446d 100644
--- a/xen/xsm/acm/acm_core.c
+++ b/xen/xsm/acm/acm_core.c
@@ -1,4 +1,4 @@
-/****************************************************************
+#/****************************************************************
  * acm_core.c
  * 
  * Copyright (C) 2005 IBM Corporation
@@ -29,16 +29,16 @@
 #include <xen/delay.h>
 #include <xen/sched.h>
 #include <xen/multiboot.h>
-#include <acm/acm_hooks.h>
-#include <acm/acm_endian.h>
+#include <xsm/acm/acm_hooks.h>
+#include <xsm/acm/acm_endian.h>
 #include <xsm/xsm.h>
 
 /* debug: 
- *   include/acm/acm_hooks.h defines a constant ACM_TRACE_MODE;
+ *   include/xsm/acm/acm_hooks.h defines a constant ACM_TRACE_MODE;
  *   define/undefine this constant to receive / suppress any
  *   security hook debug output of sHype
  *
- *   include/public/acm.h defines a constant ACM_DEBUG
+ *   include/public/xsm/acm.h defines a constant ACM_DEBUG
  *   define/undefine this constant to receive non-hook-related
  *   debug output.
  */
diff --git a/xen/xsm/acm/acm_null_hooks.c b/xen/xsm/acm/acm_null_hooks.c
index c3bd87f4f3..440ee61bd8 100644
--- a/xen/xsm/acm/acm_null_hooks.c
+++ b/xen/xsm/acm/acm_null_hooks.c
@@ -12,7 +12,7 @@
  * License.
  */
 
-#include <acm/acm_hooks.h>
+#include <xsm/acm/acm_hooks.h>
 
 static int
 null_init_domain_ssid(void **ssid, ssidref_t ssidref)
diff --git a/xen/xsm/acm/acm_ops.c b/xen/xsm/acm/acm_ops.c
index e4f38ef113..8edd5d428b 100644
--- a/xen/xsm/acm/acm_ops.c
+++ b/xen/xsm/acm/acm_ops.c
@@ -18,14 +18,14 @@
 #include <xen/types.h>
 #include <xen/lib.h>
 #include <xen/mm.h>
-#include <public/acm.h>
-#include <public/acm_ops.h>
+#include <public/xsm/acm.h>
+#include <public/xsm/acm_ops.h>
 #include <xen/sched.h>
 #include <xen/event.h>
 #include <xen/trace.h>
 #include <xen/console.h>
 #include <xen/guest_access.h>
-#include <acm/acm_hooks.h>
+#include <xsm/acm/acm_hooks.h>
 
 #ifndef ACM_SECURITY
 
diff --git a/xen/xsm/acm/acm_policy.c b/xen/xsm/acm/acm_policy.c
index e0c7bce544..6f334effa8 100644
--- a/xen/xsm/acm/acm_policy.c
+++ b/xen/xsm/acm/acm_policy.c
@@ -28,10 +28,10 @@
 #include <xen/sched.h>
 #include <xen/guest_access.h>
 #include <public/xen.h>
-#include <acm/acm_core.h>
-#include <public/acm_ops.h>
-#include <acm/acm_hooks.h>
-#include <acm/acm_endian.h>
+#include <xsm/acm/acm_core.h>
+#include <public/xsm/acm_ops.h>
+#include <xsm/acm/acm_hooks.h>
+#include <xsm/acm/acm_endian.h>
 #include <asm/current.h>
 
 static int acm_check_deleted_ssidrefs(struct acm_sized_buffer *dels,
diff --git a/xen/xsm/acm/acm_simple_type_enforcement_hooks.c b/xen/xsm/acm/acm_simple_type_enforcement_hooks.c
index eaeb0a233b..652351ab05 100644
--- a/xen/xsm/acm/acm_simple_type_enforcement_hooks.c
+++ b/xen/xsm/acm/acm_simple_type_enforcement_hooks.c
@@ -28,10 +28,10 @@
 #include <xen/lib.h>
 #include <asm/types.h>
 #include <asm/current.h>
-#include <acm/acm_hooks.h>
 #include <asm/atomic.h>
-#include <acm/acm_endian.h>
-#include <acm/acm_core.h>
+#include <xsm/acm/acm_hooks.h>
+#include <xsm/acm/acm_endian.h>
+#include <xsm/acm/acm_core.h>
 
 ssidref_t dom0_ste_ssidref = 0x0001;
 
diff --git a/xen/xsm/acm/acm_xsm_hooks.c b/xen/xsm/acm/acm_xsm_hooks.c
index 6affebdf23..6d3202b45f 100644
--- a/xen/xsm/acm/acm_xsm_hooks.c
+++ b/xen/xsm/acm/acm_xsm_hooks.c
@@ -20,34 +20,36 @@
  */
 
 #include <xsm/xsm.h>
-#include <acm/acm_hooks.h>
-#include <public/acm.h>
+#include <xsm/acm/acm_hooks.h>
+#include <public/xsm/acm.h>
 
-static int acm_grant_mapref (struct domain *ld, struct domain *rd,
-                                                                 uint32_t flags) 
+static int acm_grant_mapref(
+    struct domain *ld, struct domain *rd, uint32_t flags) 
 {
     domid_t id = rd->domain_id;
 
     return acm_pre_grant_map_ref(id);
 }
 
-static int acm_evtchn_unbound (struct domain *d1, struct evtchn *chn1, domid_t id2) 
+static int acm_evtchn_unbound(
+    struct domain *d1, struct evtchn *chn1, domid_t id2) 
 {
     domid_t id1 = d1->domain_id;
     
     return acm_pre_eventchannel_unbound(id1, id2);
 }
 
-static int acm_evtchn_interdomain (struct domain *d1, struct evtchn *chn1, 
-                                        struct domain *d2, struct evtchn *chn2) 
+static int acm_evtchn_interdomain(
+    struct domain *d1, struct evtchn *chn1, 
+    struct domain *d2, struct evtchn *chn2) 
 {
     domid_t id2 = d2->domain_id;
 
     return acm_pre_eventchannel_interdomain(id2);
 }
 
-static void acm_security_domaininfo (struct domain *d, 
-                                        struct xen_domctl_getdomaininfo *info)
+static void acm_security_domaininfo(
+    struct domain *d, struct xen_domctl_getdomaininfo *info)
 {
     if ( d->ssid != NULL )
         info->ssidref = ((struct acm_ssid_domain *)d->ssid)->ssidref;
author	kfraser@localhost.localdomain <kfraser@localhost.localdomain>	2007-08-31 12:05:07 +0100
committer	kfraser@localhost.localdomain <kfraser@localhost.localdomain>	2007-08-31 12:05:07 +0100
commit	61c6564d34361efda2d134145f3ce39796b23ed1 (patch)
tree	4d6f5196f90c41ce349193d09c99a2e3a48177da
parent	670a6002b949ebb60f7cb3e5d950e163d9314859 (diff)
download	xen-61c6564d34361efda2d134145f3ce39796b23ed1.tar.gz xen-61c6564d34361efda2d134145f3ce39796b23ed1.tar.bz2 xen-61c6564d34361efda2d134145f3ce39796b23ed1.zip