xsm: Move flask policy files into hypervisor (missed from earlier commit).

Signed-off-by: Keir Fraser <keir@xen.org>

--HG--
rename : tools/flask/policy/policy/flask/access_vectors => xen/xsm/flask/policy/access_vectors
rename : tools/flask/policy/policy/flask/initial_sids => xen/xsm/flask/policy/initial_sids
rename : tools/flask/policy/policy/flask/mkaccess_vector.sh => xen/xsm/flask/policy/mkaccess_vector.sh
rename : tools/flask/policy/policy/flask/mkflask.sh => xen/xsm/flask/policy/mkflask.sh
rename : tools/flask/policy/policy/flask/security_classes => xen/xsm/flask/policy/security_classes

5 files changed, 0 insertions, 448 deletions

diff --git a/tools/flask/policy/policy/flask/access_vectors b/tools/flask/policy/policy/flask/access_vectors
deleted file mode 100644
index c7e29abb32..0000000000
--- a/tools/flask/policy/policy/flask/access_vectors
+++ /dev/null
@@ -1,178 +0,0 @@
-#
-# Define the access vectors.
-#
-# class class_name { permission_name ... }
-
-class xen
-{
-	scheduler
-	settime
-	tbufcontrol
-	readconsole
-	clearconsole
-	perfcontrol
-	mtrr_add
-	mtrr_del
-	mtrr_read
-	microcode
-	physinfo
-	quirk
-    writeconsole
-    readapic
-    writeapic
-    privprofile
-    nonprivprofile
-    kexec
-	firmware
-	sleep
-	frequency
-	getidle
-	debug
-	getcpuinfo
-	heap
-	pm_op
-	mca_op
-	lockprof
-	cpupool_op
-	sched_op
-}
-
-class domain
-{
-	setvcpucontext
-	pause
-	unpause
-    resume
-    create
-    transition
-    max_vcpus
-    destroy
-    setvcpuaffinity
-	getvcpuaffinity
-	scheduler
-	getdomaininfo
-	getvcpuinfo
-	getvcpucontext
-	setdomainmaxmem
-	setdomainhandle
-	setdebugging
-	hypercall
-    settime
-    set_target
-    shutdown
-    setaddrsize
-    getaddrsize
-	trigger
-	getextvcpucontext
-	setextvcpucontext
-	getvcpuextstate
-	setvcpuextstate
-	getpodtarget
-	setpodtarget
-	set_misc_info
-	set_virq_handler
-}
-
-class domain2
-{
-	relabelfrom
-	relabelto
-	relabelself
-}
-
-class hvm
-{
-    sethvmc
-    gethvmc
-    setparam
-    getparam
-    pcilevel
-    irqlevel
-    pciroute
-	bind_irq
-	cacheattr
-    trackdirtyvram
-    hvmctl
-    mem_event
-    mem_sharing
-}
-
-class event
-{
-	bind
-	send
-	status
-	notify
-	create
-    reset
-}
-
-class grant
-{
-	map_read
-	map_write
-	unmap
-	transfer
-	setup
-    copy
-    query
-}
-
-class mmu
-{
-	map_read
-	map_write
-	pageinfo
-	pagelist
-    adjust
-    stat
-    translategp
-	updatemp
-    physmap
-    pinpage
-    mfnlist
-    memorymap
-    remote_remap
-}
-
-class shadow
-{
-	disable
-	enable
-    logdirty
-}
-
-class resource
-{
-	add
-	remove
-	use
-	add_irq
-	remove_irq
-	add_ioport
-	remove_ioport
-	add_iomem
-	remove_iomem
-	stat_device
-	add_device
-	remove_device
-	plug
-	unplug
-	setup
-}
-
-class security
-{
-	compute_av
-	compute_create
-	compute_member
-	check_context
-	load_policy
-	compute_relabel
-	compute_user
-	setenforce
-	setbool
-	setsecparam
-        add_ocontext
-        del_ocontext
-}
diff --git a/tools/flask/policy/policy/flask/initial_sids b/tools/flask/policy/policy/flask/initial_sids
deleted file mode 100644
index e508bde976..0000000000
--- a/tools/flask/policy/policy/flask/initial_sids
+++ /dev/null
@@ -1,16 +0,0 @@
-# FLASK
-
-#
-# Define initial security identifiers 
-#
-sid xen
-sid dom0
-sid domio
-sid domxen
-sid unlabeled
-sid security
-sid ioport
-sid iomem
-sid irq
-sid device
-# FLASK
diff --git a/tools/flask/policy/policy/flask/mkaccess_vector.sh b/tools/flask/policy/policy/flask/mkaccess_vector.sh
deleted file mode 100644
index 8ec87f7b8c..0000000000
--- a/tools/flask/policy/policy/flask/mkaccess_vector.sh
+++ /dev/null
@@ -1,138 +0,0 @@
-#!/bin/sh -
-#
-
-# FLASK
-
-set -e
-
-awk=$1
-shift
-
-# output files
-av_permissions="include/av_permissions.h"
-av_perm_to_string="include/av_perm_to_string.h"
-
-cat $* | $awk "
-BEGIN	{
-		outfile = \"$av_permissions\"
-		avpermfile = \"$av_perm_to_string\"
-		"'
-		nextstate = "COMMON_OR_AV";
-		printf("/* This file is automatically generated.  Do not edit. */\n") > outfile;
-		printf("/* This file is automatically generated.  Do not edit. */\n") > avpermfile;
-;
-	}
-/^[ \t]*#/	{ 
-			next;
-		}
-$1 == "class"	{
-			if (nextstate != "COMMON_OR_AV" &&
-			    nextstate != "CLASS_OR_CLASS-OPENBRACKET")
-			{
-				printf("Parse error:  Unexpected class definition on line %d\n", NR);
-				next;	
-			}
-
-			tclass = $2;
-
-			if (tclass in av_defined)
-			{
-				printf("Duplicate access vector definition for %s on line %d\n", tclass, NR);
-				next;
-			} 
-			av_defined[tclass] = 1;
-
-			permission = 1;
-
-			nextstate = "INHERITS_OR_CLASS-OPENBRACKET";
-			next;
-		}
-$1 == "{"	{ 
-			if (nextstate != "INHERITS_OR_CLASS-OPENBRACKET" &&
-			    nextstate != "CLASS_OR_CLASS-OPENBRACKET" &&
-			    nextstate != "COMMON-OPENBRACKET")
-			{
-				printf("Parse error:  Unexpected { on line %d\n", NR);
-				next;
-			}
-
-			if (nextstate == "INHERITS_OR_CLASS-OPENBRACKET")
-				nextstate = "CLASS-CLOSEBRACKET";
-
-			if (nextstate == "CLASS_OR_CLASS-OPENBRACKET")
-				nextstate = "CLASS-CLOSEBRACKET";
-
-			if (nextstate == "COMMON-OPENBRACKET")
-				nextstate = "COMMON-CLOSEBRACKET";
-		}
-/[a-z][a-z_]*/	{
-			if (nextstate != "COMMON-CLOSEBRACKET" &&
-			    nextstate != "CLASS-CLOSEBRACKET")
-			{
-				printf("Parse error:  Unexpected symbol %s on line %d\n", $1, NR);		
-				next;
-			}
-
-			if (nextstate == "COMMON-CLOSEBRACKET")
-			{
-				if ((common_name,$1) in common_perms)
-				{
-					printf("Duplicate permission %s for common %s on line %d.\n", $1, common_name, NR);
-					next;
-				}
-
-				common_perms[common_name,$1] = permission;
-
-				printf("#define COMMON_%s__%s", toupper(common_name), toupper($1)) > outfile; 
-
-				printf("    S_(\"%s\")\n", $1) > cpermfile;
-			}
-			else
-			{
-				if ((tclass,$1) in av_perms)
-				{
-					printf("Duplicate permission %s for %s on line %d.\n", $1, tclass, NR);
-					next;
-				}
-
-				av_perms[tclass,$1] = permission;
-		
-				printf("#define %s__%s", toupper(tclass), toupper($1)) > outfile; 
-
-				printf("   S_(SECCLASS_%s, %s__%s, \"%s\")\n", toupper(tclass), toupper(tclass), toupper($1), $1) > avpermfile; 
-			}
-
-			spaces = 40 - (length($1) + length(tclass));
-			if (spaces < 1)
-			      spaces = 1;
-
-			for (i = 0; i < spaces; i++) 
-				printf(" ") > outfile; 
-			printf("0x%08xUL\n", permission) > outfile; 
-			permission = permission * 2;
-		}
-$1 == "}"	{
-			if (nextstate != "CLASS-CLOSEBRACKET" && 
-			    nextstate != "COMMON-CLOSEBRACKET")
-			{
-				printf("Parse error:  Unexpected } on line %d\n", NR);
-				next;
-			}
-
-			if (nextstate == "COMMON-CLOSEBRACKET")
-			{
-				common_base[common_name] = permission;
-				printf("TE_(common_%s_perm_to_string)\n\n", common_name) > cpermfile; 
-			}
-
-			printf("\n") > outfile;
-
-			nextstate = "COMMON_OR_AV";
-		}
-END	{
-		if (nextstate != "COMMON_OR_AV" && nextstate != "CLASS_OR_CLASS-OPENBRACKET")
-			printf("Parse error:  Unexpected end of file\n");
-
-	}'
-
-# FLASK
diff --git a/tools/flask/policy/policy/flask/mkflask.sh b/tools/flask/policy/policy/flask/mkflask.sh
deleted file mode 100644
index e8d8fb5d2c..0000000000
--- a/tools/flask/policy/policy/flask/mkflask.sh
+++ /dev/null
@@ -1,95 +0,0 @@
-#!/bin/sh -
-#
-
-# FLASK
-
-set -e
-
-awk=$1
-shift 1
-
-# output file
-output_file="include/flask.h"
-debug_file="include/class_to_string.h"
-debug_file2="include/initial_sid_to_string.h"
-
-cat $* | $awk "
-BEGIN	{
-		outfile = \"$output_file\"
-		debugfile = \"$debug_file\"
-		debugfile2 = \"$debug_file2\"
-		"'
-		nextstate = "CLASS";
-
-		printf("/* This file is automatically generated.  Do not edit. */\n") > outfile;
-
-		printf("#ifndef _SELINUX_FLASK_H_\n") > outfile;
-		printf("#define _SELINUX_FLASK_H_\n") > outfile;
-		printf("\n/*\n * Security object class definitions\n */\n") > outfile;
-		printf("/* This file is automatically generated.  Do not edit. */\n") > debugfile;
-		printf("/*\n * Security object class definitions\n */\n") > debugfile;
-		printf("    S_(\"null\")\n") > debugfile;
-		printf("/* This file is automatically generated.  Do not edit. */\n") > debugfile2;
-		printf("static char *initial_sid_to_string[] =\n{\n") > debugfile2;
-		printf("    \"null\",\n") > debugfile2;
-	}
-/^[ \t]*#/	{ 
-			next;
-		}
-$1 == "class"	{ 
-			if (nextstate != "CLASS")
-			{
-				printf("Parse error:  Unexpected class definition on line %d\n", NR);
-				next;	
-			}
-
-			if ($2 in class_found)
-			{
-				printf("Duplicate class definition for %s on line %d.\n", $2, NR);
-				next;
-			}	
-			class_found[$2] = 1;
-
-			class_value++;
-
-			printf("#define SECCLASS_%s", toupper($2)) > outfile;
-			for (i = 0; i < 40 - length($2); i++) 
-				printf(" ") > outfile; 
-			printf("%d\n", class_value) > outfile; 
-
-			printf("    S_(\"%s\")\n", $2) > debugfile;
-		}
-$1 == "sid"	{ 
-			if (nextstate == "CLASS")
-			{
-			    nextstate = "SID";
-			    printf("\n/*\n * Security identifier indices for initial entities\n */\n") > outfile;			    
-			}
-
-			if ($2 in sid_found)
-			{
-				printf("Duplicate SID definition for %s on line %d.\n", $2, NR);
-				next;
-			}	
-			sid_found[$2] = 1;
-			sid_value++;
-
-			printf("#define SECINITSID_%s", toupper($2)) > outfile;
-			for (i = 0; i < 37 - length($2); i++) 
-				printf(" ") > outfile; 
-			printf("%d\n", sid_value) > outfile; 
-			printf("    \"%s\",\n", $2) > debugfile2;
-		}
-END	{
-		if (nextstate != "SID")
-			printf("Parse error:  Unexpected end of file\n");
-
-		printf("\n#define SECINITSID_NUM") > outfile;
-		for (i = 0; i < 34; i++) 
-			printf(" ") > outfile; 
-		printf("%d\n", sid_value) > outfile; 
-		printf("\n#endif\n") > outfile;
-		printf("};\n\n") > debugfile2;
-	}'
-
-# FLASK
diff --git a/tools/flask/policy/policy/flask/security_classes b/tools/flask/policy/policy/flask/security_classes
deleted file mode 100644
index ef134a7457..0000000000
--- a/tools/flask/policy/policy/flask/security_classes
+++ /dev/null
@@ -1,21 +0,0 @@
-# FLASK
-
-#
-# Define the security object classes 
-#
-
-# Classes marked as userspace are classes
-# for userspace object managers
-
-class xen
-class domain
-class domain2
-class hvm
-class mmu
-class resource
-class shadow
-class event
-class grant
-class security
-
-# FLASK