This patch:

* adds a C-based security policy translation tool to Xen (secpol_xml2bin) 
and removes the current Java 
security policy translator (Java dependencies).  The C-based tool 
integrates into the Xen source tree build 
and install (using gnome libxml2 for XML parsing). See install.txt.

* introduces security labels and related tools. Users can now use 
semantic-rich label names to put security-tags 
on domains. See example.txt, policy.txt.

* moves the security configuration (currently ACM_USE_SECURITY_POLICY) 
from xen/Rules.mk 
into a separate top-level Security.mk file  (it is needed by the 
tools/security and xen/acm).

Both xen/acm and tools/security are built during the Xen build process 
only if ACM_USE_SECURITY_POLICY 
is not ACM_NULL_POLICY (which is the default setting).

Signed-off-by Reiner Sailer <sailer@us.ibm.com>
Signed-off by Stefan Berger <stefanb@us.ibm.com>
Signed-off by Ray Valdez <rvaldez@us.ibm.com>

1 files changed, 8 insertions, 0 deletions

diff --git a/Config.mk b/Config.mk
index 2eb5eae86f..76180e6b26 100644
--- a/Config.mk
+++ b/Config.mk
@@ -35,3 +35,11 @@ CFLAGS += $(foreach i, $(EXTRA_INCLUDES), -I$(i))
 
 # Choose the best mirror to download linux kernel
 KERNEL_REPO = http://www.kernel.org
+
+# ACM_USE_SECURITY_POLICY is set to security policy of Xen
+# Supported models are:
+#	ACM_NULL_POLICY (ACM will not be built with this policy)
+#	ACM_CHINESE_WALL_POLICY
+#	ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
+#	ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
+ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY