diff options
Diffstat (limited to 'xen/include/acm/acm_core.h')
-rw-r--r-- | xen/include/acm/acm_core.h | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/xen/include/acm/acm_core.h b/xen/include/acm/acm_core.h new file mode 100644 index 0000000000..e404b455ad --- /dev/null +++ b/xen/include/acm/acm_core.h @@ -0,0 +1,117 @@ +/**************************************************************** + * acm_core.h + * + * Copyright (C) 2005 IBM Corporation + * + * Author: + * Reiner Sailer <sailer@watson.ibm.com> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + * + * sHype header file describing core data types and constants + * for the access control module and relevant policies + * + */ +#ifndef _ACM_CORE_H +#define _ACM_CORE_H + +#include <xen/spinlock.h> +#include <public/acm.h> +#include <public/policy_ops.h> + +/* Xen-internal representation of the binary policy */ +struct acm_binary_policy { + u16 primary_policy_code; + u16 secondary_policy_code; + void *primary_binary_policy; + void *secondary_binary_policy; + +}; + +struct chwall_binary_policy { + u16 max_types; + u16 max_ssidrefs; + u16 max_conflictsets; + domaintype_t *ssidrefs; /* [max_ssidrefs][max_types] */ + domaintype_t *conflict_aggregate_set; /* [max_types] */ + domaintype_t *running_types; /* [max_types] */ + domaintype_t *conflict_sets; /* [max_conflictsets][max_types]*/ +}; + +struct ste_binary_policy { + u16 max_types; + u16 max_ssidrefs; + domaintype_t *ssidrefs; /* [max_ssidrefs][max_types] */ + atomic_t ec_eval_count, gt_eval_count; + atomic_t ec_denied_count, gt_denied_count; + atomic_t ec_cachehit_count, gt_cachehit_count; +}; + +/* global acm policy */ +extern struct acm_binary_policy acm_bin_pol; +extern struct chwall_binary_policy chwall_bin_pol; +extern struct ste_binary_policy ste_bin_pol; +/* use the lock when reading / changing binary policy ! */ +extern rwlock_t acm_bin_pol_rwlock; + +/* subject and object type definitions */ +enum acm_datatype { DOMAIN }; + +/* defines number of access decisions to other domains can be cached + * one entry per domain, TE does not distinguish evtchn or grant_table */ +#define ACM_TE_CACHE_SIZE 8 +enum acm_ste_flag { VALID, FREE }; + +/* cache line: + * if cache_line.valid==VALID, then + * STE decision is cached as "permitted" + * on domain cache_line.id + */ +struct acm_ste_cache_line { + enum acm_ste_flag valid; + domid_t id; +}; + +/* general definition of a subject security id */ +struct acm_ssid_domain { + enum acm_datatype datatype; /* type of subject (e.g., partition) */ + ssidref_t ssidref; /* combined security reference */ + void *primary_ssid; /* primary policy ssid part (e.g. chinese wall) */ + void *secondary_ssid; /* secondary policy ssid part (e.g. type enforcement) */ + struct domain *subject; /* backpointer to subject structure */ + domid_t domainid; /* replicate id */ +}; + +/* chinese wall ssid type */ +struct chwall_ssid { + ssidref_t chwall_ssidref; +}; + +/* simple type enforcement ssid type */ +struct ste_ssid { + ssidref_t ste_ssidref; + struct acm_ste_cache_line ste_cache[ACM_TE_CACHE_SIZE]; /* decision cache */ +}; + +/* macros to access ssidref for primary / secondary policy + * primary ssidref = lower 16 bit + * secondary ssidref = higher 16 bit + */ +#define GET_SSIDREF(POLICY, ssidref) \ + ((POLICY) == acm_bin_pol.primary_policy_code) ? \ + ((ssidref) & 0xffff) : ((ssidref) >> 16) + +/* macros to access ssid pointer for primary / secondary policy */ +#define GET_SSIDP(POLICY, ssid) \ + ((POLICY) == acm_bin_pol.primary_policy_code) ? \ + ((ssid)->primary_ssid) : ((ssid)->secondary_ssid) + +/* protos */ +int acm_init_domain_ssid(domid_t id, ssidref_t ssidref); +int acm_free_domain_ssid(struct acm_ssid_domain *ssid); + +#endif + |