diff options
author | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-08-31 11:41:49 +0100 |
---|---|---|
committer | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-08-31 11:41:49 +0100 |
commit | 670a6002b949ebb60f7cb3e5d950e163d9314859 (patch) | |
tree | ffbe7deab63545d3bec5a41d750f4163908a5cbd /xen/common | |
parent | d89af6295418a0aeccfbfffd840e2cc097744bc1 (diff) | |
download | xen-670a6002b949ebb60f7cb3e5d950e163d9314859.tar.gz xen-670a6002b949ebb60f7cb3e5d950e163d9314859.tar.bz2 xen-670a6002b949ebb60f7cb3e5d950e163d9314859.zip |
Xen Security Modules: ACM.
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
Diffstat (limited to 'xen/common')
-rw-r--r-- | xen/common/Makefile | 1 | ||||
-rw-r--r-- | xen/common/acm_ops.c | 212 | ||||
-rw-r--r-- | xen/common/domain.c | 11 | ||||
-rw-r--r-- | xen/common/domctl.c | 6 | ||||
-rw-r--r-- | xen/common/event_channel.c | 7 | ||||
-rw-r--r-- | xen/common/grant_table.c | 7 |
6 files changed, 1 insertions, 243 deletions
diff --git a/xen/common/Makefile b/xen/common/Makefile index ffd3565e51..e0ce3587e9 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -1,4 +1,3 @@ -obj-y += acm_ops.o obj-y += bitmap.o obj-y += domctl.o obj-y += domain.o diff --git a/xen/common/acm_ops.c b/xen/common/acm_ops.c deleted file mode 100644 index e4f38ef113..0000000000 --- a/xen/common/acm_ops.c +++ /dev/null @@ -1,212 +0,0 @@ -/****************************************************************************** - * acm_ops.c - * - * Copyright (C) 2005 IBM Corporation - * - * Author: - * Reiner Sailer <sailer@watson.ibm.com> - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation, version 2 of the - * License. - * - * Process acm command requests from guest OS. - */ - -#include <xen/config.h> -#include <xen/types.h> -#include <xen/lib.h> -#include <xen/mm.h> -#include <public/acm.h> -#include <public/acm_ops.h> -#include <xen/sched.h> -#include <xen/event.h> -#include <xen/trace.h> -#include <xen/console.h> -#include <xen/guest_access.h> -#include <acm/acm_hooks.h> - -#ifndef ACM_SECURITY - -long do_acm_op(int cmd, XEN_GUEST_HANDLE(void) arg) -{ - return -ENOSYS; -} - -#else - -int acm_authorize_acm_ops(struct domain *d) -{ - /* currently, policy management functions are restricted to privileged domains */ - return (IS_PRIV(d) ? 0 : -EPERM); -} - - -long do_acm_op(XEN_GUEST_HANDLE(xen_acmctl_t) u_acmctl) -{ - long rc = -EFAULT; - struct xen_acmctl curop, *op = &curop; - - if (acm_authorize_acm_ops(current->domain)) - return -EPERM; - - if ( copy_from_guest(op, u_acmctl, 1) ) - return -EFAULT; - - if (op->interface_version != ACM_INTERFACE_VERSION) - return -EACCES; - - switch ( op->cmd ) - { - - case ACMOP_setpolicy: { - rc = acm_set_policy(op->u.setpolicy.pushcache, - op->u.setpolicy.pushcache_size); - break; - } - - case ACMOP_getpolicy: { - rc = acm_get_policy(op->u.getpolicy.pullcache, - op->u.getpolicy.pullcache_size); - break; - } - - case ACMOP_dumpstats: { - rc = acm_dump_statistics(op->u.dumpstats.pullcache, - op->u.dumpstats.pullcache_size); - break; - } - - case ACMOP_getssid: { - ssidref_t ssidref; - - if (op->u.getssid.get_ssid_by == ACM_GETBY_ssidref) - ssidref = op->u.getssid.id.ssidref; - else if (op->u.getssid.get_ssid_by == ACM_GETBY_domainid) - { - struct domain *subj = rcu_lock_domain_by_id(op->u.getssid.id.domainid); - if (!subj) - { - rc = -ESRCH; /* domain not found */ - break; - } - if (subj->ssid == NULL) - { - rcu_unlock_domain(subj); - rc = -ESRCH; - break; - } - ssidref = ((struct acm_ssid_domain *)(subj->ssid))->ssidref; - rcu_unlock_domain(subj); - } - else - { - rc = -ESRCH; - break; - } - rc = acm_get_ssid(ssidref, op->u.getssid.ssidbuf, - op->u.getssid.ssidbuf_size); - break; - } - - case ACMOP_getdecision: { - ssidref_t ssidref1, ssidref2; - - if (op->u.getdecision.get_decision_by1 == ACM_GETBY_ssidref) - ssidref1 = op->u.getdecision.id1.ssidref; - else if (op->u.getdecision.get_decision_by1 == ACM_GETBY_domainid) - { - struct domain *subj = rcu_lock_domain_by_id(op->u.getdecision.id1.domainid); - if (!subj) - { - rc = -ESRCH; /* domain not found */ - break; - } - if (subj->ssid == NULL) - { - rcu_unlock_domain(subj); - rc = -ESRCH; - break; - } - ssidref1 = ((struct acm_ssid_domain *)(subj->ssid))->ssidref; - rcu_unlock_domain(subj); - } - else - { - rc = -ESRCH; - break; - } - if (op->u.getdecision.get_decision_by2 == ACM_GETBY_ssidref) - ssidref2 = op->u.getdecision.id2.ssidref; - else if (op->u.getdecision.get_decision_by2 == ACM_GETBY_domainid) - { - struct domain *subj = rcu_lock_domain_by_id(op->u.getdecision.id2.domainid); - if (!subj) - { - rc = -ESRCH; /* domain not found */ - break;; - } - if (subj->ssid == NULL) - { - rcu_unlock_domain(subj); - rc = -ESRCH; - break; - } - ssidref2 = ((struct acm_ssid_domain *)(subj->ssid))->ssidref; - rcu_unlock_domain(subj); - } - else - { - rc = -ESRCH; - break; - } - rc = acm_get_decision(ssidref1, ssidref2, op->u.getdecision.hook); - - if (rc == ACM_ACCESS_PERMITTED) - { - op->u.getdecision.acm_decision = ACM_ACCESS_PERMITTED; - rc = 0; - } - else if (rc == ACM_ACCESS_DENIED) - { - op->u.getdecision.acm_decision = ACM_ACCESS_DENIED; - rc = 0; - } - else - rc = -ESRCH; - - if ( (rc == 0) && (copy_to_guest(u_acmctl, op, 1) != 0) ) - rc = -EFAULT; - break; - } - - case ACMOP_chgpolicy: { - rc = acm_change_policy(&op->u.change_policy); - break; - } - - case ACMOP_relabeldoms: { - rc = acm_relabel_domains(&op->u.relabel_doms); - break; - } - - default: - rc = -ENOSYS; - break; - } - - return rc; -} - -#endif - -/* - * Local variables: - * mode: C - * c-set-style: "BSD" - * c-basic-offset: 4 - * tab-width: 4 - * indent-tabs-mode: nil - * End: - */ diff --git a/xen/common/domain.c b/xen/common/domain.c index b7f68a236f..0e48eeeda4 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -28,7 +28,6 @@ #include <asm/debugger.h> #include <public/sched.h> #include <public/vcpu.h> -#include <acm/acm_hooks.h> #include <xsm/xsm.h> /* Protect updates/reads (resp.) of domain_list and domain_hash. */ @@ -189,7 +188,7 @@ struct domain *domain_create( domid_t domid, unsigned int domcr_flags, ssidref_t ssidref) { struct domain *d, **pd; - enum { INIT_evtchn = 1, INIT_gnttab = 2, INIT_acm = 4, INIT_arch = 8 }; + enum { INIT_evtchn = 1, INIT_gnttab = 2, INIT_arch = 8 }; int init_status = 0; if ( (d = alloc_domain(domid)) == NULL ) @@ -215,10 +214,6 @@ struct domain *domain_create( if ( grant_table_create(d) != 0 ) goto fail; init_status |= INIT_gnttab; - - if ( acm_domain_create(d, ssidref) != 0 ) - goto fail; - init_status |= INIT_acm; } if ( arch_domain_create(d) != 0 ) @@ -254,8 +249,6 @@ struct domain *domain_create( atomic_set(&d->refcnt, DOMAIN_DESTROYED); if ( init_status & INIT_arch ) arch_domain_destroy(d); - if ( init_status & INIT_acm ) - acm_domain_destroy(d); if ( init_status & INIT_gnttab ) grant_table_destroy(d); if ( init_status & INIT_evtchn ) @@ -483,8 +476,6 @@ static void complete_domain_destroy(struct rcu_head *head) sched_destroy_vcpu(v); } - acm_domain_destroy(d); - rangeset_domain_destroy(d); grant_table_destroy(d); diff --git a/xen/common/domctl.c b/xen/common/domctl.c index c1c391e82d..0b13cd9f69 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -23,7 +23,6 @@ #include <xen/paging.h> #include <asm/current.h> #include <public/domctl.h> -#include <acm/acm_hooks.h> #include <xsm/xsm.h> extern long arch_do_domctl( @@ -124,11 +123,6 @@ void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info) if ( is_hvm_domain(d) ) info->flags |= XEN_DOMINF_hvm_guest; - if ( d->ssid != NULL ) - info->ssidref = ((struct acm_ssid_domain *)d->ssid)->ssidref; - else - info->ssidref = ACM_DEFAULT_SSID; - xsm_security_domaininfo(d, info); info->tot_pages = d->tot_pages; diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index 145a238ccf..1ca80edb38 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -29,7 +29,6 @@ #include <public/xen.h> #include <public/event_channel.h> -#include <acm/acm_hooks.h> #include <xsm/xsm.h> #define bucket_from_port(d,p) \ @@ -122,9 +121,6 @@ static long evtchn_alloc_unbound(evtchn_alloc_unbound_t *alloc) domid_t dom = alloc->dom; long rc; - if ( (rc = acm_pre_eventchannel_unbound(dom, alloc->remote_dom)) != 0 ) - return rc; - if ( dom == DOMID_SELF ) dom = current->domain->domain_id; else if ( !IS_PRIV(current->domain) ) @@ -166,9 +162,6 @@ static long evtchn_bind_interdomain(evtchn_bind_interdomain_t *bind) domid_t rdom = bind->remote_dom; long rc; - if ( (rc = acm_pre_eventchannel_interdomain(rdom)) != 0 ) - return rc; - if ( rdom == DOMID_SELF ) rdom = current->domain->domain_id; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index e240452f14..67d0f5d3bd 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -32,7 +32,6 @@ #include <xen/trace.h> #include <xen/guest_access.h> #include <xen/domain_page.h> -#include <acm/acm_hooks.h> #include <xsm/xsm.h> #ifndef max_nr_grant_frames @@ -212,12 +211,6 @@ __gnttab_map_grant_ref( return; } - if ( acm_pre_grant_map_ref(op->dom) ) - { - op->status = GNTST_permission_denied; - return; - } - if ( unlikely((rd = rcu_lock_domain_by_id(op->dom)) == NULL) ) { gdprintk(XENLOG_INFO, "Could not find domain %d\n", op->dom); |