diff options
author | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-08-31 11:41:49 +0100 |
---|---|---|
committer | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-08-31 11:41:49 +0100 |
commit | 670a6002b949ebb60f7cb3e5d950e163d9314859 (patch) | |
tree | ffbe7deab63545d3bec5a41d750f4163908a5cbd | |
parent | d89af6295418a0aeccfbfffd840e2cc097744bc1 (diff) | |
download | xen-670a6002b949ebb60f7cb3e5d950e163d9314859.tar.gz xen-670a6002b949ebb60f7cb3e5d950e163d9314859.tar.bz2 xen-670a6002b949ebb60f7cb3e5d950e163d9314859.zip |
Xen Security Modules: ACM.
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
27 files changed, 114 insertions, 107 deletions
diff --git a/tools/flask/loadpolicy/flask-loadpolicy b/tools/flask/loadpolicy/flask-loadpolicy Binary files differnew file mode 100755 index 0000000000..61a0c80b33 --- /dev/null +++ b/tools/flask/loadpolicy/flask-loadpolicy diff --git a/tools/libxc/xc_acm.c b/tools/libxc/xc_acm.c index baa2002a19..b4d89d015f 100644 --- a/tools/libxc/xc_acm.c +++ b/tools/libxc/xc_acm.c @@ -81,7 +81,7 @@ int xc_acm_op(int xc_handle, int cmd, void *arg, unsigned long arg_size) acmctl.cmd = cmd; acmctl.interface_version = ACM_INTERFACE_VERSION; - hypercall.op = __HYPERVISOR_acm_op; + hypercall.op = __HYPERVISOR_xsm_op; hypercall.arg[0] = (unsigned long)&acmctl; if ( lock_pages(&acmctl, sizeof(acmctl)) != 0) { diff --git a/tools/python/xen/util/xsm/xsm.py b/tools/python/xen/util/xsm/xsm.py new file mode 100644 index 0000000000..92b8c3061b --- /dev/null +++ b/tools/python/xen/util/xsm/xsm.py @@ -0,0 +1,9 @@ +XEN_SECURITY_MODULE = "flask" +from xsm_core import * + +import xen.util.xsm.flask.flask as xsm_module + +xsm_init(xsm_module) +from xen.util.xsm.flask.flask import * +del xsm_module + diff --git a/xen/Makefile b/xen/Makefile index 456003ebb9..3b1403f990 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -55,7 +55,6 @@ _clean: delete-unfresh-files $(MAKE) -f $(BASEDIR)/Rules.mk -C include clean $(MAKE) -f $(BASEDIR)/Rules.mk -C common clean $(MAKE) -f $(BASEDIR)/Rules.mk -C drivers clean - $(MAKE) -f $(BASEDIR)/Rules.mk -C acm clean $(MAKE) -f $(BASEDIR)/Rules.mk -C xsm clean $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) clean rm -f include/asm *.o $(TARGET)* *~ core @@ -123,7 +122,7 @@ include/asm-$(TARGET_ARCH)/asm-offsets.h: arch/$(TARGET_ARCH)/asm-offsets.s build-headers: $(MAKE) -C include/public/foreign -SUBDIRS = xsm acm arch/$(TARGET_ARCH) common drivers +SUBDIRS = xsm arch/$(TARGET_ARCH) common drivers define all_sources ( find include/asm-$(TARGET_ARCH) -name '*.h' -print; \ find include -name 'asm-*' -prune -o -name '*.h' -print; \ diff --git a/xen/Rules.mk b/xen/Rules.mk index facb1bd2db..acf739d8a8 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -53,7 +53,6 @@ HDRS := $(filter-out %/asm-offsets.h,$(AHDRS)) ALL_OBJS-y += $(BASEDIR)/common/built_in.o ALL_OBJS-y += $(BASEDIR)/drivers/built_in.o ALL_OBJS-y += $(BASEDIR)/xsm/built_in.o -ALL_OBJS-$(ACM_SECURITY) += $(BASEDIR)/acm/built_in.o ALL_OBJS-y += $(BASEDIR)/arch/$(TARGET_ARCH)/built_in.o CFLAGS-y += -g -D__XEN__ @@ -62,7 +61,7 @@ CFLAGS-$(FLASK_ENABLE) += -DFLASK_ENABLE -DXSM_MAGIC=0xf97cff8c CFLAGS-$(FLASK_DEVELOP) += -DFLASK_DEVELOP CFLAGS-$(FLASK_BOOTPARAM) += -DFLASK_BOOTPARAM CFLAGS-$(FLASK_AVC_STATS) += -DFLASK_AVC_STATS -CFLAGS-$(ACM_SECURITY) += -DACM_SECURITY +CFLAGS-$(ACM_SECURITY) += -DACM_SECURITY -DXSM_MAGIC=0xbcde0100 CFLAGS-$(verbose) += -DVERBOSE CFLAGS-$(crash_debug) += -DCRASH_DEBUG CFLAGS-$(perfc) += -DPERF_COUNTERS diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index fcc5073fce..5f6bd7330d 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -220,40 +220,6 @@ static void __init percpu_init_areas(void) #endif } -/* Fetch acm policy module from multiboot modules. */ -static void __init extract_acm_policy( - multiboot_info_t *mbi, - unsigned int *initrdidx, - char **_policy_start, - unsigned long *_policy_len) -{ - int i; - module_t *mod = (module_t *)__va(mbi->mods_addr); - unsigned long start, policy_len; - char *policy_start; - - /* - * Try all modules and see whichever could be the binary policy. - * Adjust the initrdidx if module[1] is the binary policy. - */ - for ( i = mbi->mods_count-1; i >= 1; i-- ) - { - start = initial_images_start + (mod[i].mod_start-mod[0].mod_start); - policy_start = maddr_to_bootstrap_virt(start); - policy_len = mod[i].mod_end - mod[i].mod_start; - if ( acm_is_policy(policy_start, policy_len) ) - { - printk("Policy len 0x%lx, start at %p - module %d.\n", - policy_len, policy_start, i); - *_policy_start = policy_start; - *_policy_len = policy_len; - if ( i == 1 ) - *initrdidx = (mbi->mods_count > 2) ? 2 : 0; - break; - } - } -} - static void __init init_idle_domain(void) { struct domain *idle_domain; @@ -448,8 +414,6 @@ void __init __start_xen(unsigned long mbi_p) char *cmdline, *kextra; unsigned long _initrd_start = 0, _initrd_len = 0; unsigned int initrdidx = 1; - char *_policy_start = NULL; - unsigned long _policy_len = 0; multiboot_info_t *mbi = __va(mbi_p); module_t *mod = (module_t *)__va(mbi->mods_addr); unsigned long nr_pages, modules_length; @@ -1032,12 +996,6 @@ void __init __start_xen(unsigned long mbi_p) if ( opt_watchdog ) watchdog_enable(); - /* Extract policy from multiboot. */ - extract_acm_policy(mbi, &initrdidx, &_policy_start, &_policy_len); - - /* initialize access control security module */ - acm_init(_policy_start, _policy_len); - /* Create initial domain 0. */ dom0 = domain_create(0, 0, DOM0_SSIDREF); if ( (dom0 == NULL) || (alloc_vcpu(dom0, 0, 0) == NULL) ) diff --git a/xen/arch/x86/x86_32/entry.S b/xen/arch/x86/x86_32/entry.S index 6f243b8d1b..245622401d 100644 --- a/xen/arch/x86/x86_32/entry.S +++ b/xen/arch/x86/x86_32/entry.S @@ -665,7 +665,7 @@ ENTRY(hypercall_table) .long do_vcpu_op .long do_ni_hypercall /* 25 */ .long do_mmuext_op - .long do_acm_op + .long do_xsm_op .long do_nmi_op .long do_sched_op .long do_callback_op /* 30 */ @@ -676,7 +676,6 @@ ENTRY(hypercall_table) .long do_sysctl /* 35 */ .long do_domctl .long do_kexec_op - .long do_xsm_op .rept NR_hypercalls-((.-hypercall_table)/4) .long do_ni_hypercall .endr @@ -709,7 +708,7 @@ ENTRY(hypercall_args_table) .byte 3 /* do_vcpu_op */ .byte 0 /* do_ni_hypercall */ /* 25 */ .byte 4 /* do_mmuext_op */ - .byte 1 /* do_acm_op */ + .byte 1 /* do_xsm_op */ .byte 2 /* do_nmi_op */ .byte 2 /* do_sched_op */ .byte 2 /* do_callback_op */ /* 30 */ @@ -720,7 +719,6 @@ ENTRY(hypercall_args_table) .byte 1 /* do_sysctl */ /* 35 */ .byte 1 /* do_domctl */ .byte 2 /* do_kexec_op */ - .byte 1 /* do_xsm_op */ .rept NR_hypercalls-(.-hypercall_args_table) .byte 0 /* do_ni_hypercall */ .endr diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index fed4f66e98..8bf2dd010b 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -331,7 +331,7 @@ ENTRY(compat_hypercall_table) .quad compat_vcpu_op .quad compat_ni_hypercall /* 25 */ .quad compat_mmuext_op - .quad do_acm_op + .quad do_xsm_op .quad compat_nmi_op .quad compat_sched_op .quad compat_callback_op /* 30 */ @@ -374,7 +374,7 @@ ENTRY(compat_hypercall_args_table) .byte 3 /* compat_vcpu_op */ .byte 0 /* compat_ni_hypercall */ /* 25 */ .byte 4 /* compat_mmuext_op */ - .byte 1 /* do_acm_op */ + .byte 1 /* do_xsm_op */ .byte 2 /* compat_nmi_op */ .byte 2 /* compat_sched_op */ .byte 2 /* compat_callback_op */ /* 30 */ diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 69f2725304..b6f5011055 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -601,7 +601,7 @@ ENTRY(hypercall_table) .quad do_vcpu_op .quad do_set_segment_base /* 25 */ .quad do_mmuext_op - .quad do_acm_op + .quad do_xsm_op .quad do_nmi_op .quad do_sched_op .quad do_callback_op /* 30 */ @@ -612,7 +612,6 @@ ENTRY(hypercall_table) .quad do_sysctl /* 35 */ .quad do_domctl .quad do_kexec_op - .quad do_xsm_op .rept NR_hypercalls-((.-hypercall_table)/8) .quad do_ni_hypercall .endr @@ -645,7 +644,7 @@ ENTRY(hypercall_args_table) .byte 3 /* do_vcpu_op */ .byte 2 /* do_set_segment_base */ /* 25 */ .byte 4 /* do_mmuext_op */ - .byte 1 /* do_acm_op */ + .byte 1 /* do_xsm_op */ .byte 2 /* do_nmi_op */ .byte 2 /* do_sched_op */ .byte 2 /* do_callback_op */ /* 30 */ diff --git a/xen/common/Makefile b/xen/common/Makefile index ffd3565e51..e0ce3587e9 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -1,4 +1,3 @@ -obj-y += acm_ops.o obj-y += bitmap.o obj-y += domctl.o obj-y += domain.o diff --git a/xen/common/domain.c b/xen/common/domain.c index b7f68a236f..0e48eeeda4 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -28,7 +28,6 @@ #include <asm/debugger.h> #include <public/sched.h> #include <public/vcpu.h> -#include <acm/acm_hooks.h> #include <xsm/xsm.h> /* Protect updates/reads (resp.) of domain_list and domain_hash. */ @@ -189,7 +188,7 @@ struct domain *domain_create( domid_t domid, unsigned int domcr_flags, ssidref_t ssidref) { struct domain *d, **pd; - enum { INIT_evtchn = 1, INIT_gnttab = 2, INIT_acm = 4, INIT_arch = 8 }; + enum { INIT_evtchn = 1, INIT_gnttab = 2, INIT_arch = 8 }; int init_status = 0; if ( (d = alloc_domain(domid)) == NULL ) @@ -215,10 +214,6 @@ struct domain *domain_create( if ( grant_table_create(d) != 0 ) goto fail; init_status |= INIT_gnttab; - - if ( acm_domain_create(d, ssidref) != 0 ) - goto fail; - init_status |= INIT_acm; } if ( arch_domain_create(d) != 0 ) @@ -254,8 +249,6 @@ struct domain *domain_create( atomic_set(&d->refcnt, DOMAIN_DESTROYED); if ( init_status & INIT_arch ) arch_domain_destroy(d); - if ( init_status & INIT_acm ) - acm_domain_destroy(d); if ( init_status & INIT_gnttab ) grant_table_destroy(d); if ( init_status & INIT_evtchn ) @@ -483,8 +476,6 @@ static void complete_domain_destroy(struct rcu_head *head) sched_destroy_vcpu(v); } - acm_domain_destroy(d); - rangeset_domain_destroy(d); grant_table_destroy(d); diff --git a/xen/common/domctl.c b/xen/common/domctl.c index c1c391e82d..0b13cd9f69 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -23,7 +23,6 @@ #include <xen/paging.h> #include <asm/current.h> #include <public/domctl.h> -#include <acm/acm_hooks.h> #include <xsm/xsm.h> extern long arch_do_domctl( @@ -124,11 +123,6 @@ void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info) if ( is_hvm_domain(d) ) info->flags |= XEN_DOMINF_hvm_guest; - if ( d->ssid != NULL ) - info->ssidref = ((struct acm_ssid_domain *)d->ssid)->ssidref; - else - info->ssidref = ACM_DEFAULT_SSID; - xsm_security_domaininfo(d, info); info->tot_pages = d->tot_pages; diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index 145a238ccf..1ca80edb38 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -29,7 +29,6 @@ #include <public/xen.h> #include <public/event_channel.h> -#include <acm/acm_hooks.h> #include <xsm/xsm.h> #define bucket_from_port(d,p) \ @@ -122,9 +121,6 @@ static long evtchn_alloc_unbound(evtchn_alloc_unbound_t *alloc) domid_t dom = alloc->dom; long rc; - if ( (rc = acm_pre_eventchannel_unbound(dom, alloc->remote_dom)) != 0 ) - return rc; - if ( dom == DOMID_SELF ) dom = current->domain->domain_id; else if ( !IS_PRIV(current->domain) ) @@ -166,9 +162,6 @@ static long evtchn_bind_interdomain(evtchn_bind_interdomain_t *bind) domid_t rdom = bind->remote_dom; long rc; - if ( (rc = acm_pre_eventchannel_interdomain(rdom)) != 0 ) - return rc; - if ( rdom == DOMID_SELF ) rdom = current->domain->domain_id; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index e240452f14..67d0f5d3bd 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -32,7 +32,6 @@ #include <xen/trace.h> #include <xen/guest_access.h> #include <xen/domain_page.h> -#include <acm/acm_hooks.h> #include <xsm/xsm.h> #ifndef max_nr_grant_frames @@ -212,12 +211,6 @@ __gnttab_map_grant_ref( return; } - if ( acm_pre_grant_map_ref(op->dom) ) - { - op->status = GNTST_permission_denied; - return; - } - if ( unlikely((rd = rcu_lock_domain_by_id(op->dom)) == NULL) ) { gdprintk(XENLOG_INFO, "Could not find domain %d\n", op->dom); diff --git a/xen/include/acm/acm_hooks.h b/xen/include/acm/acm_hooks.h index becf554753..896a901250 100644 --- a/xen/include/acm/acm_hooks.h +++ b/xen/include/acm/acm_hooks.h @@ -145,8 +145,6 @@ static inline int acm_pre_grant_map_ref(domid_t id) { return 0; } static inline int acm_pre_grant_setup(domid_t id) { return 0; } -static inline int acm_init(char *policy_start, unsigned long policy_len) -{ return 0; } static inline int acm_is_policy(char *buf, unsigned long len) { return 0; } static inline int acm_sharing(ssidref_t ssidref1, ssidref_t ssidref2) @@ -331,8 +329,6 @@ static inline int acm_authorization(ssidref_t ssidref1, ssidref_t ssidref2) } -extern int acm_init(char *policy_start, unsigned long policy_len); - /* Return true iff buffer has an acm policy magic number. */ extern int acm_is_policy(char *buf, unsigned long len); diff --git a/xen/include/public/acm.h b/xen/include/public/acm.h index 7f37ff9469..79fc510746 100644 --- a/xen/include/public/acm.h +++ b/xen/include/public/acm.h @@ -150,8 +150,8 @@ struct acm_policy_version * tools that assume packed representations (e.g. the java tool) */ struct acm_policy_buffer { - uint32_t policy_version; /* ACM_POLICY_VERSION */ uint32_t magic; + uint32_t policy_version; /* ACM_POLICY_VERSION */ uint32_t len; uint32_t policy_reference_offset; uint32_t primary_policy_code; diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h index 0017c3fa5d..3a06ebfe21 100644 --- a/xen/include/public/xen.h +++ b/xen/include/public/xen.h @@ -69,7 +69,7 @@ #define __HYPERVISOR_vcpu_op 24 #define __HYPERVISOR_set_segment_base 25 /* x86/64 only */ #define __HYPERVISOR_mmuext_op 26 -#define __HYPERVISOR_acm_op 27 +#define __HYPERVISOR_xsm_op 27 #define __HYPERVISOR_nmi_op 28 #define __HYPERVISOR_sched_op 29 #define __HYPERVISOR_callback_op 30 @@ -80,7 +80,6 @@ #define __HYPERVISOR_sysctl 35 #define __HYPERVISOR_domctl 36 #define __HYPERVISOR_kexec_op 37 -#define __HYPERVISOR_xsm_op 38 /* Architecture-specific hypercall definitions. */ #define __HYPERVISOR_arch_0 48 diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h index 3fc9b3ee4f..5313b9a1d8 100644 --- a/xen/include/xen/hypercall.h +++ b/xen/include/xen/hypercall.h @@ -12,7 +12,6 @@ #include <public/domctl.h> #include <public/sysctl.h> #include <public/platform.h> -#include <public/acm_ops.h> #include <public/event_channel.h> #include <asm/hypercall.h> #include <xsm/xsm.h> @@ -98,10 +97,6 @@ do_vcpu_op( XEN_GUEST_HANDLE(void) arg); extern long -do_acm_op( - XEN_GUEST_HANDLE(xen_acmctl_t) arg); - -extern long do_nmi_op( unsigned int cmd, XEN_GUEST_HANDLE(void) arg); @@ -117,6 +112,10 @@ do_kexec_op( int arg1, XEN_GUEST_HANDLE(void) arg); +extern long +do_xsm_op( + XEN_GUEST_HANDLE(xsm_op_t) u_xsm_op); + #ifdef CONFIG_COMPAT extern int @@ -126,8 +125,4 @@ compat_memory_op( #endif -extern long -do_xsm_op( - XEN_GUEST_HANDLE(xsm_op_t) u_xsm_op); - #endif /* __XEN_HYPERCALL_H__ */ diff --git a/xen/xsm/Makefile b/xen/xsm/Makefile index 7099d3741f..725f98e377 100644 --- a/xen/xsm/Makefile +++ b/xen/xsm/Makefile @@ -5,3 +5,4 @@ obj-y += dummy.o endif subdir-$(FLASK_ENABLE) += flask +subdir-$(ACM_SECURITY) += acm diff --git a/xen/acm/Makefile b/xen/xsm/acm/Makefile index c16be20c3a..b3ddbc13c8 100644 --- a/xen/acm/Makefile +++ b/xen/xsm/acm/Makefile @@ -3,3 +3,5 @@ obj-y += acm_policy.o obj-y += acm_simple_type_enforcement_hooks.o obj-y += acm_chinesewall_hooks.o obj-y += acm_null_hooks.o +obj-y += acm_xsm_hooks.o +obj-y += acm_ops.o diff --git a/xen/acm/acm_chinesewall_hooks.c b/xen/xsm/acm/acm_chinesewall_hooks.c index b05cecf9ae..b05cecf9ae 100644 --- a/xen/acm/acm_chinesewall_hooks.c +++ b/xen/xsm/acm/acm_chinesewall_hooks.c diff --git a/xen/acm/acm_core.c b/xen/xsm/acm/acm_core.c index a989d4c581..57a4370d71 100644 --- a/xen/acm/acm_core.c +++ b/xen/xsm/acm/acm_core.c @@ -31,6 +31,7 @@ #include <xen/multiboot.h> #include <acm/acm_hooks.h> #include <acm/acm_endian.h> +#include <xsm/xsm.h> /* debug: * include/acm/acm_hooks.h defines a constant ACM_TRACE_MODE; @@ -49,6 +50,8 @@ void acm_init_ste_policy(void); extern struct acm_operations acm_chinesewall_ops, acm_simple_type_enforcement_ops, acm_null_ops; +extern struct xsm_operations acm_xsm_ops; + /* global ACM policy (now dynamically determined at boot time) */ u16 acm_active_security_policy = ACM_POLICY_UNDEFINED; @@ -269,14 +272,15 @@ acm_setup(char *policy_start, } -int __init -acm_init(char *policy_start, - unsigned long policy_len) +int +acm_init(void) { int ret = ACM_OK; + printk("ACM-XSM: Initializing.\n"); + /* first try to load the boot policy (uses its own locks) */ - acm_setup(policy_start, policy_len, 1); + acm_setup(policy_buffer, policy_size, 1); /* a user-provided policy may have any name; only matched during boot */ acm_accepted_boot_policy_name = NULL; @@ -311,9 +315,15 @@ acm_init(char *policy_start, /* here one could imagine a clean panic */ return -EINVAL; } + + if (register_xsm(&acm_xsm_ops)) + panic("ACM-XSM: Unable to register with XSM.\n"); + return ret; } +xsm_initcall(acm_init); + int acm_init_domain_ssid(struct domain *subj, ssidref_t ssidref) { struct acm_ssid_domain *ssid; diff --git a/xen/acm/acm_null_hooks.c b/xen/xsm/acm/acm_null_hooks.c index c3bd87f4f3..c3bd87f4f3 100644 --- a/xen/acm/acm_null_hooks.c +++ b/xen/xsm/acm/acm_null_hooks.c diff --git a/xen/common/acm_ops.c b/xen/xsm/acm/acm_ops.c index e4f38ef113..e4f38ef113 100644 --- a/xen/common/acm_ops.c +++ b/xen/xsm/acm/acm_ops.c diff --git a/xen/acm/acm_policy.c b/xen/xsm/acm/acm_policy.c index e0c7bce544..e0c7bce544 100644 --- a/xen/acm/acm_policy.c +++ b/xen/xsm/acm/acm_policy.c diff --git a/xen/acm/acm_simple_type_enforcement_hooks.c b/xen/xsm/acm/acm_simple_type_enforcement_hooks.c index eaeb0a233b..eaeb0a233b 100644 --- a/xen/acm/acm_simple_type_enforcement_hooks.c +++ b/xen/xsm/acm/acm_simple_type_enforcement_hooks.c diff --git a/xen/xsm/acm/acm_xsm_hooks.c b/xen/xsm/acm/acm_xsm_hooks.c new file mode 100644 index 0000000000..6affebdf23 --- /dev/null +++ b/xen/xsm/acm/acm_xsm_hooks.c @@ -0,0 +1,72 @@ +/**************************************************************** + * acm_xsm_hooks.c + * + * Copyright (C) 2005 IBM Corporation + * + * Author: + * Reiner Sailer <sailer@watson.ibm.com> + * + * Contributors: + * Michael LeMay, <mdlemay@epoch.ncsc.mil> + * George Coker, <gscoker@alpha.ncsc.mil> + * + * sHype hooks for XSM based on the original ACM hooks. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + * + */ + +#include <xsm/xsm.h> +#include <acm/acm_hooks.h> +#include <public/acm.h> + +static int acm_grant_mapref (struct domain *ld, struct domain *rd, + uint32_t flags) +{ + domid_t id = rd->domain_id; + + return acm_pre_grant_map_ref(id); +} + +static int acm_evtchn_unbound (struct domain *d1, struct evtchn *chn1, domid_t id2) +{ + domid_t id1 = d1->domain_id; + + return acm_pre_eventchannel_unbound(id1, id2); +} + +static int acm_evtchn_interdomain (struct domain *d1, struct evtchn *chn1, + struct domain *d2, struct evtchn *chn2) +{ + domid_t id2 = d2->domain_id; + + return acm_pre_eventchannel_interdomain(id2); +} + +static void acm_security_domaininfo (struct domain *d, + struct xen_domctl_getdomaininfo *info) +{ + if ( d->ssid != NULL ) + info->ssidref = ((struct acm_ssid_domain *)d->ssid)->ssidref; + else + info->ssidref = ACM_DEFAULT_SSID; +} + +extern long do_acm_op(XEN_GUEST_HANDLE(xsm_op_t) arg); + +struct xsm_operations acm_xsm_ops = { + .domain_create = acm_domain_create, + .free_security_domain = acm_domain_destroy, + + .grant_mapref = acm_grant_mapref, + + .evtchn_unbound = acm_evtchn_unbound, + .evtchn_interdomain = acm_evtchn_interdomain, + + .security_domaininfo = acm_security_domaininfo, + + .__do_xsm_op = do_acm_op, +}; |