Xen Security Modules: ACM.

Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>

6 files changed, 1 insertions, 243 deletions

diff --git a/xen/common/Makefile b/xen/common/Makefile
index ffd3565e51..e0ce3587e9 100644
--- a/xen/common/Makefile
+++ b/xen/common/Makefile
@@ -1,4 +1,3 @@
-obj-y += acm_ops.o
 obj-y += bitmap.o
 obj-y += domctl.o
 obj-y += domain.o
diff --git a/xen/common/acm_ops.c b/xen/common/acm_ops.c
deleted file mode 100644
index e4f38ef113..0000000000
--- a/xen/common/acm_ops.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/******************************************************************************
- * acm_ops.c
- *
- * Copyright (C) 2005 IBM Corporation
- *
- * Author:
- * Reiner Sailer <sailer@watson.ibm.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * Process acm command requests from guest OS.
- */
-
-#include <xen/config.h>
-#include <xen/types.h>
-#include <xen/lib.h>
-#include <xen/mm.h>
-#include <public/acm.h>
-#include <public/acm_ops.h>
-#include <xen/sched.h>
-#include <xen/event.h>
-#include <xen/trace.h>
-#include <xen/console.h>
-#include <xen/guest_access.h>
-#include <acm/acm_hooks.h>
-
-#ifndef ACM_SECURITY
-
-long do_acm_op(int cmd, XEN_GUEST_HANDLE(void) arg)
-{
-    return -ENOSYS;
-}
-
-#else
-
-int acm_authorize_acm_ops(struct domain *d)
-{
-    /* currently, policy management functions are restricted to privileged domains */
-    return (IS_PRIV(d) ? 0 : -EPERM);
-}
-
-
-long do_acm_op(XEN_GUEST_HANDLE(xen_acmctl_t) u_acmctl)
-{
-    long rc = -EFAULT;
-    struct xen_acmctl curop, *op = &curop;
-
-    if (acm_authorize_acm_ops(current->domain))
-        return -EPERM;
-
-    if ( copy_from_guest(op, u_acmctl, 1) )
-        return -EFAULT;
-
-    if (op->interface_version != ACM_INTERFACE_VERSION)
-        return -EACCES;
-
-    switch ( op->cmd )
-    {
-
-    case ACMOP_setpolicy: {
-        rc = acm_set_policy(op->u.setpolicy.pushcache,
-                            op->u.setpolicy.pushcache_size);
-        break;
-    }
-
-    case ACMOP_getpolicy: {
-        rc = acm_get_policy(op->u.getpolicy.pullcache,
-                            op->u.getpolicy.pullcache_size);
-        break;
-    }
-
-    case ACMOP_dumpstats: {
-        rc = acm_dump_statistics(op->u.dumpstats.pullcache,
-                                 op->u.dumpstats.pullcache_size);
-        break;
-    }
-
-    case ACMOP_getssid: {
-        ssidref_t ssidref;
-
-        if (op->u.getssid.get_ssid_by == ACM_GETBY_ssidref)
-            ssidref = op->u.getssid.id.ssidref;
-        else if (op->u.getssid.get_ssid_by == ACM_GETBY_domainid)
-        {
-            struct domain *subj = rcu_lock_domain_by_id(op->u.getssid.id.domainid);
-            if (!subj)
-            {
-                rc = -ESRCH; /* domain not found */
-                break;
-            }
-            if (subj->ssid == NULL)
-            {
-                rcu_unlock_domain(subj);
-                rc = -ESRCH;
-                break;
-            }
-            ssidref = ((struct acm_ssid_domain *)(subj->ssid))->ssidref;
-            rcu_unlock_domain(subj);
-        }
-        else
-        {
-            rc = -ESRCH;
-            break;
-        }
-        rc = acm_get_ssid(ssidref, op->u.getssid.ssidbuf,
-                          op->u.getssid.ssidbuf_size);
-        break;
-    }
-
-    case ACMOP_getdecision: {
-        ssidref_t ssidref1, ssidref2;
-
-        if (op->u.getdecision.get_decision_by1 == ACM_GETBY_ssidref)
-            ssidref1 = op->u.getdecision.id1.ssidref;
-        else if (op->u.getdecision.get_decision_by1 == ACM_GETBY_domainid)
-        {
-            struct domain *subj = rcu_lock_domain_by_id(op->u.getdecision.id1.domainid);
-            if (!subj)
-            {
-                rc = -ESRCH; /* domain not found */
-                break;
-            }
-            if (subj->ssid == NULL)
-            {
-                rcu_unlock_domain(subj);
-                rc = -ESRCH;
-                break;
-            }
-            ssidref1 = ((struct acm_ssid_domain *)(subj->ssid))->ssidref;
-            rcu_unlock_domain(subj);
-        }
-        else
-        {
-            rc = -ESRCH;
-            break;
-        }
-        if (op->u.getdecision.get_decision_by2 == ACM_GETBY_ssidref)
-            ssidref2 = op->u.getdecision.id2.ssidref;
-        else if (op->u.getdecision.get_decision_by2 == ACM_GETBY_domainid)
-        {
-            struct domain *subj = rcu_lock_domain_by_id(op->u.getdecision.id2.domainid);
-            if (!subj)
-            {
-                rc = -ESRCH; /* domain not found */
-                break;;
-            }
-            if (subj->ssid == NULL)
-            {
-                rcu_unlock_domain(subj);
-                rc = -ESRCH;
-                break;
-            }
-            ssidref2 = ((struct acm_ssid_domain *)(subj->ssid))->ssidref;
-            rcu_unlock_domain(subj);
-        }
-        else
-        {
-            rc = -ESRCH;
-            break;
-        }
-        rc = acm_get_decision(ssidref1, ssidref2, op->u.getdecision.hook);
-
-        if (rc == ACM_ACCESS_PERMITTED)
-        {
-            op->u.getdecision.acm_decision = ACM_ACCESS_PERMITTED;
-            rc = 0;
-        }
-        else if  (rc == ACM_ACCESS_DENIED)
-        {
-            op->u.getdecision.acm_decision = ACM_ACCESS_DENIED;
-            rc = 0;
-        }
-        else
-            rc = -ESRCH;
-
-        if ( (rc == 0) && (copy_to_guest(u_acmctl, op, 1) != 0) )
-            rc = -EFAULT;
-        break;
-    }
-
-    case ACMOP_chgpolicy: {
-        rc = acm_change_policy(&op->u.change_policy);
-        break;
-    }
-
-    case ACMOP_relabeldoms: {
-        rc = acm_relabel_domains(&op->u.relabel_doms);
-        break;
-    }
-
-    default:
-        rc = -ENOSYS;
-        break;
-    }
-
-    return rc;
-}
-
-#endif
-
-/*
- * Local variables:
- * mode: C
- * c-set-style: "BSD"
- * c-basic-offset: 4
- * tab-width: 4
- * indent-tabs-mode: nil
- * End:
- */
diff --git a/xen/common/domain.c b/xen/common/domain.c
index b7f68a236f..0e48eeeda4 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -28,7 +28,6 @@
 #include <asm/debugger.h>
 #include <public/sched.h>
 #include <public/vcpu.h>
-#include <acm/acm_hooks.h>
 #include <xsm/xsm.h>
 
 /* Protect updates/reads (resp.) of domain_list and domain_hash. */
@@ -189,7 +188,7 @@ struct domain *domain_create(
     domid_t domid, unsigned int domcr_flags, ssidref_t ssidref)
 {
     struct domain *d, **pd;
-    enum { INIT_evtchn = 1, INIT_gnttab = 2, INIT_acm = 4, INIT_arch = 8 }; 
+    enum { INIT_evtchn = 1, INIT_gnttab = 2, INIT_arch = 8 }; 
     int init_status = 0;
 
     if ( (d = alloc_domain(domid)) == NULL )
@@ -215,10 +214,6 @@ struct domain *domain_create(
         if ( grant_table_create(d) != 0 )
             goto fail;
         init_status |= INIT_gnttab;
-
-        if ( acm_domain_create(d, ssidref) != 0 )
-            goto fail;
-        init_status |= INIT_acm;
     }
 
     if ( arch_domain_create(d) != 0 )
@@ -254,8 +249,6 @@ struct domain *domain_create(
     atomic_set(&d->refcnt, DOMAIN_DESTROYED);
     if ( init_status & INIT_arch )
         arch_domain_destroy(d);
-    if ( init_status & INIT_acm )
-        acm_domain_destroy(d);
     if ( init_status & INIT_gnttab )
         grant_table_destroy(d);
     if ( init_status & INIT_evtchn )
@@ -483,8 +476,6 @@ static void complete_domain_destroy(struct rcu_head *head)
         sched_destroy_vcpu(v);
     }
 
-    acm_domain_destroy(d);
-
     rangeset_domain_destroy(d);
 
     grant_table_destroy(d);
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index c1c391e82d..0b13cd9f69 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -23,7 +23,6 @@
 #include <xen/paging.h>
 #include <asm/current.h>
 #include <public/domctl.h>
-#include <acm/acm_hooks.h>
 #include <xsm/xsm.h>
 
 extern long arch_do_domctl(
@@ -124,11 +123,6 @@ void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info)
     if ( is_hvm_domain(d) )
         info->flags |= XEN_DOMINF_hvm_guest;
 
-    if ( d->ssid != NULL )
-        info->ssidref = ((struct acm_ssid_domain *)d->ssid)->ssidref;
-    else    
-        info->ssidref = ACM_DEFAULT_SSID;
-
     xsm_security_domaininfo(d, info);
 
     info->tot_pages         = d->tot_pages;
diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c
index 145a238ccf..1ca80edb38 100644
--- a/xen/common/event_channel.c
+++ b/xen/common/event_channel.c
@@ -29,7 +29,6 @@
 
 #include <public/xen.h>
 #include <public/event_channel.h>
-#include <acm/acm_hooks.h>
 #include <xsm/xsm.h>
 
 #define bucket_from_port(d,p) \
@@ -122,9 +121,6 @@ static long evtchn_alloc_unbound(evtchn_alloc_unbound_t *alloc)
     domid_t        dom = alloc->dom;
     long           rc;
 
-    if ( (rc = acm_pre_eventchannel_unbound(dom, alloc->remote_dom)) != 0 )
-        return rc;
-
     if ( dom == DOMID_SELF )
         dom = current->domain->domain_id;
     else if ( !IS_PRIV(current->domain) )
@@ -166,9 +162,6 @@ static long evtchn_bind_interdomain(evtchn_bind_interdomain_t *bind)
     domid_t        rdom = bind->remote_dom;
     long           rc;
 
-    if ( (rc = acm_pre_eventchannel_interdomain(rdom)) != 0 )
-        return rc;
-
     if ( rdom == DOMID_SELF )
         rdom = current->domain->domain_id;
 
diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index e240452f14..67d0f5d3bd 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -32,7 +32,6 @@
 #include <xen/trace.h>
 #include <xen/guest_access.h>
 #include <xen/domain_page.h>
-#include <acm/acm_hooks.h>
 #include <xsm/xsm.h>
 
 #ifndef max_nr_grant_frames
@@ -212,12 +211,6 @@ __gnttab_map_grant_ref(
         return;
     }
 
-    if ( acm_pre_grant_map_ref(op->dom) )
-    {
-        op->status = GNTST_permission_denied;
-        return;
-    }
-
     if ( unlikely((rd = rcu_lock_domain_by_id(op->dom)) == NULL) )
     {
         gdprintk(XENLOG_INFO, "Could not find domain %d\n", op->dom);