diff options
author | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-08-31 11:21:35 +0100 |
---|---|---|
committer | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-08-31 11:21:35 +0100 |
commit | d046f361dc937d8fc179cc2da168f571726cb5a0 (patch) | |
tree | 578473169c1d081d7e3ed825d926377e4b8b9226 /xen/xsm/xsm_core.c | |
parent | 3d030c1164e2c7bfc4873368e14bae9cc0e23e16 (diff) | |
download | xen-d046f361dc937d8fc179cc2da168f571726cb5a0.tar.gz xen-d046f361dc937d8fc179cc2da168f571726cb5a0.tar.bz2 xen-d046f361dc937d8fc179cc2da168f571726cb5a0.zip |
Xen Security Modules: XSM
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
Diffstat (limited to 'xen/xsm/xsm_core.c')
-rw-r--r-- | xen/xsm/xsm_core.c | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c new file mode 100644 index 0000000000..d572f997c0 --- /dev/null +++ b/xen/xsm/xsm_core.c @@ -0,0 +1,118 @@ +/* + * This work is based on the LSM implementation in Linux 2.6.13.4. + * + * Author: George Coker, <gscoker@alpha.ncsc.mil> + * + * Contributors: Michael LeMay, <mdlemay@epoch.ncsc.mil> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * as published by the Free Software Foundation. + */ + +#include <xen/init.h> +#include <xen/errno.h> +#include <xen/lib.h> + +#include <xsm/xsm.h> + +#ifdef XSM_ENABLE + +#define XSM_FRAMEWORK_VERSION "1.0.0" + +extern struct xsm_operations dummy_xsm_ops; +extern void xsm_fixup_ops(struct xsm_operations *ops); + +struct xsm_operations *xsm_ops; + +static inline int verify(struct xsm_operations *ops) +{ + /* verify the security_operations structure exists */ + if ( !ops ) + return -EINVAL; + xsm_fixup_ops(ops); + return 0; +} + +static void __init do_xsm_initcalls(void) +{ + xsm_initcall_t *call; + call = __xsm_initcall_start; + while ( call < __xsm_initcall_end ) + { + (*call) (); + call++; + } +} + +int __init xsm_init(unsigned int *initrdidx, const multiboot_info_t *mbi, + unsigned long initial_images_start) +{ + int ret = 0; + + printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n"); + + if ( XSM_MAGIC ) + { + ret = xsm_policy_init(initrdidx, mbi, initial_images_start); + if ( ret ) + { + printk("%s: Error initializing policy.\n", __FUNCTION__); + return -EINVAL; + } + } + + if ( verify(&dummy_xsm_ops) ) + { + printk("%s could not verify " + "dummy_xsm_ops structure.\n", __FUNCTION__); + return -EIO; + } + + xsm_ops = &dummy_xsm_ops; + do_xsm_initcalls(); + + return 0; +} + +int register_xsm(struct xsm_operations *ops) +{ + if ( verify(ops) ) + { + printk("%s could not verify " + "security_operations structure.\n", __FUNCTION__); + return -EINVAL; + } + + if ( xsm_ops != &dummy_xsm_ops ) + return -EAGAIN; + + xsm_ops = ops; + + return 0; +} + + +int unregister_xsm(struct xsm_operations *ops) +{ + if ( ops != xsm_ops ) + { + printk("%s: trying to unregister " + "a security_opts structure that is not " + "registered, failing.\n", __FUNCTION__); + return -EINVAL; + } + + xsm_ops = &dummy_xsm_ops; + + return 0; +} + +#endif + +long do_xsm_op (XEN_GUEST_HANDLE(xsm_op_t) op) +{ + return __do_xsm_op(op); +} + + |