aboutsummaryrefslogtreecommitdiffstats
path: root/tools/flask/libflask
diff options
context:
space:
mode:
authorkfraser@localhost.localdomain <kfraser@localhost.localdomain>2007-08-31 11:37:20 +0100
committerkfraser@localhost.localdomain <kfraser@localhost.localdomain>2007-08-31 11:37:20 +0100
commitd89af6295418a0aeccfbfffd840e2cc097744bc1 (patch)
tree3cc30a6482761f83c658547e5e4c64a2acf4cdf3 /tools/flask/libflask
parentb1ed04146414f7bbef7e76289b6d4b0bf79a3203 (diff)
downloadxen-d89af6295418a0aeccfbfffd840e2cc097744bc1.tar.gz
xen-d89af6295418a0aeccfbfffd840e2cc097744bc1.tar.bz2
xen-d89af6295418a0aeccfbfffd840e2cc097744bc1.zip
Xen Security Modules: Tools.
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
Diffstat (limited to 'tools/flask/libflask')
-rw-r--r--tools/flask/libflask/Makefile65
-rw-r--r--tools/flask/libflask/flask_op.c100
-rw-r--r--tools/flask/libflask/include/flask_op.h46
3 files changed, 211 insertions, 0 deletions
diff --git a/tools/flask/libflask/Makefile b/tools/flask/libflask/Makefile
new file mode 100644
index 0000000000..9c5cb770ff
--- /dev/null
+++ b/tools/flask/libflask/Makefile
@@ -0,0 +1,65 @@
+MAJOR = 1.0
+MINOR = 0
+
+XEN_ROOT = ../../..
+include $(XEN_ROOT)/tools/Rules.mk
+
+XEN_LIBXC = $(XEN_ROOT)/tools/libxc
+
+SRCS :=
+SRCS += flask_op.c
+
+CFLAGS += -Werror
+CFLAGS += -fno-strict-aliasing
+CFLAGS += $(INCLUDES) -I./include -I$(XEN_LIBXC)
+
+# Get gcc to generate the dependencies for us.
+CFLAGS += -Wp,-MD,.$(@F).d
+LDFLAGS += -L.
+DEPS = .*.d
+
+LIB_OBJS := $(patsubst %.c,%.o,$(SRCS))
+PIC_OBJS := $(patsubst %.c,%.opic,$(SRCS))
+
+LIB := libflask.a
+LIB += libflask.so libflask.so.$(MAJOR) libflask.so.$(MAJOR).$(MINOR)
+
+.PHONY: all
+all: build
+
+.PHONY: build
+build:
+ $(MAKE) $(LIB)
+
+.PHONY: install
+install: build
+ [ -d $(DESTDIR)/usr/$(LIBDIR) ] || $(INSTALL_DIR) $(DESTDIR)/usr/$(LIBDIR)
+ [ -d $(DESTDIR)/usr/include ] || $(INSTALL_DIR) $(DESTDIR)/usr/include
+ $(INSTALL_PROG) libflask.so.$(MAJOR).$(MINOR) $(DESTDIR)/usr/$(LIBDIR)
+ $(INSTALL_DATA) libflask.a $(DESTDIR)/usr/$(LIBDIR)
+ ln -sf libflask.so.$(MAJOR).$(MINOR) $(DESTDIR)/usr/$(LIBDIR)/libflask.so.$(MAJOR)
+ ln -sf libflask.so.$(MAJOR) $(DESTDIR)/usr/$(LIBDIR)/libflask.so
+ $(INSTALL_DATA) include/flask_op.h $(DESTDIR)/usr/include
+
+.PHONY: TAGS
+TAGS:
+ etags -t *.c *.h
+
+.PHONY: clean
+clean:
+ rm -rf *.a *.so* *.o *.opic *.rpm $(LIB) *~ $(DEPS) xen
+
+# libflask
+
+libflask.a: $(LIB_OBJS)
+ $(AR) rc $@ $^
+
+libflask.so: libflask.so.$(MAJOR)
+ ln -sf $< $@
+libflask.so.$(MAJOR): libflask.so.$(MAJOR).$(MINOR)
+ ln -sf $< $@
+
+libflask.so.$(MAJOR).$(MINOR): $(PIC_OBJS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -Wl,-soname -Wl,libflask.so.$(MAJOR) -shared -o $@ $^
+
+-include $(DEPS)
diff --git a/tools/flask/libflask/flask_op.c b/tools/flask/libflask/flask_op.c
new file mode 100644
index 0000000000..5ebadb51b7
--- /dev/null
+++ b/tools/flask/libflask/flask_op.c
@@ -0,0 +1,100 @@
+/*
+ *
+ * Authors: Michael LeMay, <mdlemay@epoch.ncsc.mil>
+ * George Coker, <gscoker@alpha.ncsc.mil>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ */
+
+#include <unistd.h>
+#include <stdio.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+#include <sys/ioctl.h>
+
+#include <xc_private.h>
+
+#include <flask_op.h>
+
+int flask_load(int xc_handle, char *buf, int size)
+{
+ int err;
+ flask_op_t op;
+
+ op.cmd = FLASK_LOAD;
+ op.buf = buf;
+ op.size = size;
+
+ if ( (err = do_flask_op(xc_handle, &op)) != 0 )
+ return err;
+
+ return 0;
+}
+
+int flask_context_to_sid(int xc_handle, char *buf, int size, uint32_t *sid)
+{
+ int err;
+ flask_op_t op;
+
+ op.cmd = FLASK_CONTEXT_TO_SID;
+ op.buf = buf;
+ op.size = size;
+
+ if ( (err = do_flask_op(xc_handle, &op)) != 0 )
+ return err;
+
+ sscanf(buf, "%u", sid);
+
+ return 0;
+}
+
+int flask_sid_to_context(int xc_handle, int sid, char *buf, int size)
+{
+ int err;
+ flask_op_t op;
+
+ op.cmd = FLASK_SID_TO_CONTEXT;
+ op.buf = buf;
+ op.size = size;
+
+ snprintf(buf, size, "%u", sid);
+
+ if ( (err = do_flask_op(xc_handle, &op)) != 0 )
+ return err;
+
+ return 0;
+}
+
+int do_flask_op(int xc_handle, flask_op_t *op)
+{
+ int ret = -1;
+ DECLARE_HYPERCALL;
+
+ hypercall.op = __HYPERVISOR_xsm_op;
+ hypercall.arg[0] = (unsigned long)op;
+
+ if ( mlock(op, sizeof(*op)) != 0 )
+ {
+ PERROR("Could not lock memory for Xen hypercall");
+ goto out;
+ }
+
+ if ( (ret = do_xen_hypercall(xc_handle, &hypercall)) < 0 )
+ {
+ if ( errno == EACCES )
+ fprintf(stderr, "XSM operation failed!\n");
+ }
+
+ safe_munlock(op, sizeof(*op));
+
+ out:
+ return ret;
+}
+
diff --git a/tools/flask/libflask/include/flask_op.h b/tools/flask/libflask/include/flask_op.h
new file mode 100644
index 0000000000..56cb213d67
--- /dev/null
+++ b/tools/flask/libflask/include/flask_op.h
@@ -0,0 +1,46 @@
+/*
+ *
+ * Authors: Michael LeMay, <mdlemay@epoch.ncsc.mil>
+ * George Coker, <gscoker@alpha.ncsc.mil>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ */
+
+#ifndef __FLASK_OP_H
+#define __FLASK_OP_H
+
+#define FLASK_LOAD 1
+#define FLASK_GETENFORCE 2
+#define FLASK_SETENFORCE 3
+#define FLASK_CONTEXT_TO_SID 4
+#define FLASK_SID_TO_CONTEXT 5
+#define FLASK_ACCESS 6
+#define FLASK_CREATE 7
+#define FLASK_RELABEL 8
+#define FLASK_USER 9
+#define FLASK_POLICYVERS 10
+#define FLASK_GETBOOL 11
+#define FLASK_SETBOOL 12
+#define FLASK_COMMITBOOLS 13
+#define FLASK_MLS 14
+#define FLASK_DISABLE 15
+#define FLASK_GETAVC_THRESHOLD 16
+#define FLASK_SETAVC_THRESHOLD 17
+#define FLASK_AVC_HASHSTATS 18
+#define FLASK_AVC_CACHESTATS 19
+#define FLASK_MEMBER 20
+
+typedef struct flask_op {
+ int cmd;
+ int size;
+ char *buf;
+} flask_op_t;
+
+int flask_load(int xc_handle, char *buf, int size);
+int flask_context_to_sid(int xc_handle, char *buf, int size, u_int32_t *sid);
+int flask_sid_to_context(int xc_handle, int sid, char *buf, int size);
+int do_flask_op(int xc_handle, flask_op_t *op);
+
+#endif