diff options
author | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-08-31 11:37:20 +0100 |
---|---|---|
committer | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-08-31 11:37:20 +0100 |
commit | d89af6295418a0aeccfbfffd840e2cc097744bc1 (patch) | |
tree | 3cc30a6482761f83c658547e5e4c64a2acf4cdf3 /tools/flask/libflask | |
parent | b1ed04146414f7bbef7e76289b6d4b0bf79a3203 (diff) | |
download | xen-d89af6295418a0aeccfbfffd840e2cc097744bc1.tar.gz xen-d89af6295418a0aeccfbfffd840e2cc097744bc1.tar.bz2 xen-d89af6295418a0aeccfbfffd840e2cc097744bc1.zip |
Xen Security Modules: Tools.
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
Diffstat (limited to 'tools/flask/libflask')
-rw-r--r-- | tools/flask/libflask/Makefile | 65 | ||||
-rw-r--r-- | tools/flask/libflask/flask_op.c | 100 | ||||
-rw-r--r-- | tools/flask/libflask/include/flask_op.h | 46 |
3 files changed, 211 insertions, 0 deletions
diff --git a/tools/flask/libflask/Makefile b/tools/flask/libflask/Makefile new file mode 100644 index 0000000000..9c5cb770ff --- /dev/null +++ b/tools/flask/libflask/Makefile @@ -0,0 +1,65 @@ +MAJOR = 1.0 +MINOR = 0 + +XEN_ROOT = ../../.. +include $(XEN_ROOT)/tools/Rules.mk + +XEN_LIBXC = $(XEN_ROOT)/tools/libxc + +SRCS := +SRCS += flask_op.c + +CFLAGS += -Werror +CFLAGS += -fno-strict-aliasing +CFLAGS += $(INCLUDES) -I./include -I$(XEN_LIBXC) + +# Get gcc to generate the dependencies for us. +CFLAGS += -Wp,-MD,.$(@F).d +LDFLAGS += -L. +DEPS = .*.d + +LIB_OBJS := $(patsubst %.c,%.o,$(SRCS)) +PIC_OBJS := $(patsubst %.c,%.opic,$(SRCS)) + +LIB := libflask.a +LIB += libflask.so libflask.so.$(MAJOR) libflask.so.$(MAJOR).$(MINOR) + +.PHONY: all +all: build + +.PHONY: build +build: + $(MAKE) $(LIB) + +.PHONY: install +install: build + [ -d $(DESTDIR)/usr/$(LIBDIR) ] || $(INSTALL_DIR) $(DESTDIR)/usr/$(LIBDIR) + [ -d $(DESTDIR)/usr/include ] || $(INSTALL_DIR) $(DESTDIR)/usr/include + $(INSTALL_PROG) libflask.so.$(MAJOR).$(MINOR) $(DESTDIR)/usr/$(LIBDIR) + $(INSTALL_DATA) libflask.a $(DESTDIR)/usr/$(LIBDIR) + ln -sf libflask.so.$(MAJOR).$(MINOR) $(DESTDIR)/usr/$(LIBDIR)/libflask.so.$(MAJOR) + ln -sf libflask.so.$(MAJOR) $(DESTDIR)/usr/$(LIBDIR)/libflask.so + $(INSTALL_DATA) include/flask_op.h $(DESTDIR)/usr/include + +.PHONY: TAGS +TAGS: + etags -t *.c *.h + +.PHONY: clean +clean: + rm -rf *.a *.so* *.o *.opic *.rpm $(LIB) *~ $(DEPS) xen + +# libflask + +libflask.a: $(LIB_OBJS) + $(AR) rc $@ $^ + +libflask.so: libflask.so.$(MAJOR) + ln -sf $< $@ +libflask.so.$(MAJOR): libflask.so.$(MAJOR).$(MINOR) + ln -sf $< $@ + +libflask.so.$(MAJOR).$(MINOR): $(PIC_OBJS) + $(CC) $(CFLAGS) $(LDFLAGS) -Wl,-soname -Wl,libflask.so.$(MAJOR) -shared -o $@ $^ + +-include $(DEPS) diff --git a/tools/flask/libflask/flask_op.c b/tools/flask/libflask/flask_op.c new file mode 100644 index 0000000000..5ebadb51b7 --- /dev/null +++ b/tools/flask/libflask/flask_op.c @@ -0,0 +1,100 @@ +/* + * + * Authors: Michael LeMay, <mdlemay@epoch.ncsc.mil> + * George Coker, <gscoker@alpha.ncsc.mil> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * as published by the Free Software Foundation. + */ + +#include <unistd.h> +#include <stdio.h> +#include <errno.h> +#include <fcntl.h> +#include <string.h> +#include <sys/mman.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <stdlib.h> +#include <sys/ioctl.h> + +#include <xc_private.h> + +#include <flask_op.h> + +int flask_load(int xc_handle, char *buf, int size) +{ + int err; + flask_op_t op; + + op.cmd = FLASK_LOAD; + op.buf = buf; + op.size = size; + + if ( (err = do_flask_op(xc_handle, &op)) != 0 ) + return err; + + return 0; +} + +int flask_context_to_sid(int xc_handle, char *buf, int size, uint32_t *sid) +{ + int err; + flask_op_t op; + + op.cmd = FLASK_CONTEXT_TO_SID; + op.buf = buf; + op.size = size; + + if ( (err = do_flask_op(xc_handle, &op)) != 0 ) + return err; + + sscanf(buf, "%u", sid); + + return 0; +} + +int flask_sid_to_context(int xc_handle, int sid, char *buf, int size) +{ + int err; + flask_op_t op; + + op.cmd = FLASK_SID_TO_CONTEXT; + op.buf = buf; + op.size = size; + + snprintf(buf, size, "%u", sid); + + if ( (err = do_flask_op(xc_handle, &op)) != 0 ) + return err; + + return 0; +} + +int do_flask_op(int xc_handle, flask_op_t *op) +{ + int ret = -1; + DECLARE_HYPERCALL; + + hypercall.op = __HYPERVISOR_xsm_op; + hypercall.arg[0] = (unsigned long)op; + + if ( mlock(op, sizeof(*op)) != 0 ) + { + PERROR("Could not lock memory for Xen hypercall"); + goto out; + } + + if ( (ret = do_xen_hypercall(xc_handle, &hypercall)) < 0 ) + { + if ( errno == EACCES ) + fprintf(stderr, "XSM operation failed!\n"); + } + + safe_munlock(op, sizeof(*op)); + + out: + return ret; +} + diff --git a/tools/flask/libflask/include/flask_op.h b/tools/flask/libflask/include/flask_op.h new file mode 100644 index 0000000000..56cb213d67 --- /dev/null +++ b/tools/flask/libflask/include/flask_op.h @@ -0,0 +1,46 @@ +/* + * + * Authors: Michael LeMay, <mdlemay@epoch.ncsc.mil> + * George Coker, <gscoker@alpha.ncsc.mil> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * as published by the Free Software Foundation. + */ + +#ifndef __FLASK_OP_H +#define __FLASK_OP_H + +#define FLASK_LOAD 1 +#define FLASK_GETENFORCE 2 +#define FLASK_SETENFORCE 3 +#define FLASK_CONTEXT_TO_SID 4 +#define FLASK_SID_TO_CONTEXT 5 +#define FLASK_ACCESS 6 +#define FLASK_CREATE 7 +#define FLASK_RELABEL 8 +#define FLASK_USER 9 +#define FLASK_POLICYVERS 10 +#define FLASK_GETBOOL 11 +#define FLASK_SETBOOL 12 +#define FLASK_COMMITBOOLS 13 +#define FLASK_MLS 14 +#define FLASK_DISABLE 15 +#define FLASK_GETAVC_THRESHOLD 16 +#define FLASK_SETAVC_THRESHOLD 17 +#define FLASK_AVC_HASHSTATS 18 +#define FLASK_AVC_CACHESTATS 19 +#define FLASK_MEMBER 20 + +typedef struct flask_op { + int cmd; + int size; + char *buf; +} flask_op_t; + +int flask_load(int xc_handle, char *buf, int size); +int flask_context_to_sid(int xc_handle, char *buf, int size, u_int32_t *sid); +int flask_sid_to_context(int xc_handle, int sid, char *buf, int size); +int do_flask_op(int xc_handle, flask_op_t *op); + +#endif |