From 09ae1e9ce6a849a196ed7a1a0525e4c34fb0b57a Mon Sep 17 00:00:00 2001 From: "kaf24@firebug.cl.cam.ac.uk" Date: Wed, 22 Jun 2005 14:18:12 +0000 Subject: bitkeeper revision 1.1726.1.1 (42b973245ua3LQyqFtGRwXDwnRLDPw) Compile-time ACM null-ops disables build of acm files. Signed-off-by: Keir Fraser --- .rootkeys | 1 - xen/Makefile | 2 + xen/Rules.mk | 2 + xen/arch/x86/setup.c | 8 +- xen/common/policy_ops.c | 64 ++++-- xen/include/acm/acm_hooks.h | 394 +++++++++++++++++++----------------- xen/include/public/acm_dom0_setup.h | 34 ---- 7 files changed, 253 insertions(+), 252 deletions(-) delete mode 100644 xen/include/public/acm_dom0_setup.h diff --git a/.rootkeys b/.rootkeys index f88922acce..514a54af3d 100644 --- a/.rootkeys +++ b/.rootkeys @@ -1513,7 +1513,6 @@ 422f27c8RHFkePhD34VIEpMMqofZcA xen/include/asm-x86/x86_emulate.h 400304fcmRQmDdFYEzDh0wcBba9alg xen/include/public/COPYING 42b742f6duiOTlZvysQkRYZHYBXqvg xen/include/public/acm.h -42b742f7TIMsQgUaNDJXp3QlBve2SQ xen/include/public/acm_dom0_setup.h 421098b7OKb9YH_EUA_UpCxBjaqtgA xen/include/public/arch-ia64.h 404f1bc68SXxmv0zQpXBWGrCzSyp8w xen/include/public/arch-x86_32.h 404f1bc7IwU-qnH8mJeVu0YsNGMrcw xen/include/public/arch-x86_64.h diff --git a/xen/Makefile b/xen/Makefile index 15b55fb24d..16ba9c2046 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -59,7 +59,9 @@ $(TARGET): delete-unfresh-files $(MAKE) include/asm-$(TARGET_ARCH)/asm-offsets.h $(MAKE) -C common $(MAKE) -C drivers +ifdef ACM_USE_SECURITY_POLICY $(MAKE) -C acm +endif $(MAKE) -C arch/$(TARGET_ARCH) # drivers/char/console.o may contain static banner/compile info. Blow it away. diff --git a/xen/Rules.mk b/xen/Rules.mk index c0b13ae368..76489cfa4b 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -35,7 +35,9 @@ OBJS += $(patsubst %.c,%.o,$(C_SRCS)) ALL_OBJS := $(BASEDIR)/common/common.o ALL_OBJS += $(BASEDIR)/drivers/char/driver.o ALL_OBJS += $(BASEDIR)/drivers/acpi/driver.o +ifdef ACM_USE_SECURITY_POLICY ALL_OBJS += $(BASEDIR)/acm/acm.o +endif ALL_OBJS += $(BASEDIR)/arch/$(TARGET_ARCH)/arch.o diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index ca7cf17aca..bb0da8c42f 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -20,7 +20,7 @@ #include #include #include -#include +#include extern void dmi_scan_machine(void); extern void generic_apic_probe(void); @@ -188,7 +188,7 @@ static void __init start_of_day(void) arch_init_memory(); - scheduler_init(); + scheduler_init(); identify_cpu(&boot_cpu_data); if ( cpu_has_fxsr ) @@ -383,8 +383,8 @@ void __init __start_xen(multiboot_info_t *mbi) init_xenheap_pages(xenheap_phys_start, xenheap_phys_end); printk("Xen heap: %luMB (%lukB)\n", - (xenheap_phys_end-xenheap_phys_start) >> 20, - (xenheap_phys_end-xenheap_phys_start) >> 10); + (xenheap_phys_end-xenheap_phys_start) >> 20, + (xenheap_phys_end-xenheap_phys_start) >> 10); early_boot = 0; diff --git a/xen/common/policy_ops.c b/xen/common/policy_ops.c index ff2b2f9ba4..11e28d25bc 100644 --- a/xen/common/policy_ops.c +++ b/xen/common/policy_ops.c @@ -1,5 +1,5 @@ /****************************************************************************** - *policy_ops.c + * policy_ops.c * * Copyright (C) 2005 IBM Corporation * @@ -14,6 +14,7 @@ * Process policy command requests from guest OS. * */ + #include #include #include @@ -27,29 +28,39 @@ #include #include +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) + +long do_policy_op(policy_op_t *u_policy_op) +{ + return -ENOSYS; +} + +#else + /* function prototypes defined in acm/acm_policy.c */ int acm_set_policy(void *buf, u16 buf_size, u16 policy); int acm_get_policy(void *buf, u16 buf_size); int acm_dump_statistics(void *buf, u16 buf_size); typedef enum policyoperation { - POLICY, /* access to policy interface (early drop) */ - GETPOLICY, /* dump policy cache */ - SETPOLICY, /* set policy cache (controls security) */ - DUMPSTATS /* dump policy statistics */ + POLICY, /* access to policy interface (early drop) */ + GETPOLICY, /* dump policy cache */ + SETPOLICY, /* set policy cache (controls security) */ + DUMPSTATS /* dump policy statistics */ } policyoperation_t; int acm_authorize_policyops(struct domain *d, policyoperation_t pops) { - /* currently, all policy management functions are restricted to privileged domains, - * soon we will introduce finer-grained privileges for policy operations - */ - if (!IS_PRIV(d)) { - printk("%s: Policy management authorization denied ERROR!\n", __func__); - return ACM_ACCESS_DENIED; - } - return ACM_ACCESS_PERMITTED; + /* all policy management functions are restricted to privileged domains, + * soon we will introduce finer-grained privileges for policy operations + */ + if (!IS_PRIV(d)) { + printk("%s: Policy management authorization denied ERROR!\n", + __func__); + return ACM_ACCESS_DENIED; + } + return ACM_ACCESS_PERMITTED; } long do_policy_op(policy_op_t *u_policy_op) @@ -60,7 +71,7 @@ long do_policy_op(policy_op_t *u_policy_op) /* check here policy decision for policy commands */ /* for now allow DOM0 only, later indepedently */ if (acm_authorize_policyops(current->domain, POLICY)) - return -EACCES; + return -EACCES; if ( copy_from_user(op, u_policy_op, sizeof(*op)) ) return -EFAULT; @@ -73,9 +84,12 @@ long do_policy_op(policy_op_t *u_policy_op) case POLICY_SETPOLICY: { if (acm_authorize_policyops(current->domain, SETPOLICY)) - return -EACCES; - printkd("%s: setting policy.\n", __func__); - ret = acm_set_policy(op->u.setpolicy.pushcache, op->u.setpolicy.pushcache_size, op->u.setpolicy.policy_type); + return -EACCES; + printkd("%s: setting policy.\n", __func__); + ret = acm_set_policy( + op->u.setpolicy.pushcache, + op->u.setpolicy.pushcache_size, + op->u.setpolicy.policy_type); if (ret == ACM_OK) ret = 0; else @@ -86,9 +100,11 @@ long do_policy_op(policy_op_t *u_policy_op) case POLICY_GETPOLICY: { if (acm_authorize_policyops(current->domain, GETPOLICY)) - return -EACCES; + return -EACCES; printkd("%s: getting policy.\n", __func__); - ret = acm_get_policy(op->u.getpolicy.pullcache, op->u.getpolicy.pullcache_size); + ret = acm_get_policy( + op->u.getpolicy.pullcache, + op->u.getpolicy.pullcache_size); if (ret == ACM_OK) ret = 0; else @@ -99,9 +115,11 @@ long do_policy_op(policy_op_t *u_policy_op) case POLICY_DUMPSTATS: { if (acm_authorize_policyops(current->domain, DUMPSTATS)) - return -EACCES; - printkd("%s: dumping statistics.\n", __func__); - ret = acm_dump_statistics(op->u.dumpstats.pullcache, op->u.dumpstats.pullcache_size); + return -EACCES; + printkd("%s: dumping statistics.\n", __func__); + ret = acm_dump_statistics( + op->u.dumpstats.pullcache, + op->u.dumpstats.pullcache_size); if (ret == ACM_OK) ret = 0; else @@ -115,3 +133,5 @@ long do_policy_op(policy_op_t *u_policy_op) } return ret; } + +#endif diff --git a/xen/include/acm/acm_hooks.h b/xen/include/acm/acm_hooks.h index 534d919ff4..7c5e3faa9d 100644 --- a/xen/include/acm/acm_hooks.h +++ b/xen/include/acm/acm_hooks.h @@ -30,21 +30,42 @@ #include #include +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) + +static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) +{ return 0; } +static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) +{ return; } +static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) +{ return; } +static inline int acm_pre_event_channel(evtchn_op_t *op) +{ return 0; } +static inline int acm_pre_grant_map_ref(domid_t id) +{ return 0; } +static inline int acm_pre_grant_setup(domid_t id) +{ return 0; } +static inline int acm_init(void) +{ return 0; } +static inline void acm_post_domain0_create(domid_t domid) +{ return; } + +#else + /* if ACM_TRACE_MODE defined, all hooks should * print a short trace message */ /* #define ACM_TRACE_MODE */ #ifdef ACM_TRACE_MODE -# define traceprintk(fmt, args...) printk(fmt,## args) +# define traceprintk(fmt, args...) printk(fmt,## args) #else -# define traceprintk(fmt, args...) +# define traceprintk(fmt, args...) #endif /* global variables */ extern struct acm_operations *acm_primary_ops; extern struct acm_operations *acm_secondary_ops; -/********************************************************************************************** +/********************************************************************* * HOOK structure and meaning (justifies a few words about our model): * * General idea: every policy-controlled system operation is reflected in a @@ -60,7 +81,8 @@ extern struct acm_operations *acm_secondary_ops; * ====================== * PRE-Hooks * a) general authorization to guard a controlled system operation - * b) prepare security state change (means: fail hook must be able to "undo" this) + * b) prepare security state change + * (means: fail hook must be able to "undo" this) * * POST-Hooks * a) commit prepared state change @@ -100,238 +122,228 @@ extern struct acm_operations *acm_secondary_ops; * \ * sys-ops error * - *************************************************************************************************/ + ********************************************************************/ struct acm_operations { - /* policy management functions (must always be defined!) */ - int (*init_domain_ssid) (void **ssid, ssidref_t ssidref); - void (*free_domain_ssid) (void *ssid); - int (*dump_binary_policy) (u8 *buffer, u16 buf_size); - int (*set_binary_policy) (u8 *buffer, u16 buf_size); - int (*dump_statistics) (u8 *buffer, u16 buf_size); - /* domain management control hooks (can be NULL) */ - int (*pre_domain_create) (void *subject_ssid, ssidref_t ssidref); - void (*post_domain_create) (domid_t domid, ssidref_t ssidref); - void (*fail_domain_create) (void *subject_ssid, ssidref_t ssidref); - void (*post_domain_destroy) (void *object_ssid, domid_t id); - /* event channel control hooks (can be NULL) */ - int (*pre_eventchannel_unbound) (domid_t id); - void (*fail_eventchannel_unbound) (domid_t id); - int (*pre_eventchannel_interdomain) (domid_t id1, domid_t id2); - int (*fail_eventchannel_interdomain) (domid_t id1, domid_t id2); - /* grant table control hooks (can be NULL) */ - int (*pre_grant_map_ref) (domid_t id); - void (*fail_grant_map_ref) (domid_t id); - int (*pre_grant_setup) (domid_t id); - void (*fail_grant_setup) (domid_t id); + /* policy management functions (must always be defined!) */ + int (*init_domain_ssid) (void **ssid, ssidref_t ssidref); + void (*free_domain_ssid) (void *ssid); + int (*dump_binary_policy) (u8 *buffer, u16 buf_size); + int (*set_binary_policy) (u8 *buffer, u16 buf_size); + int (*dump_statistics) (u8 *buffer, u16 buf_size); + /* domain management control hooks (can be NULL) */ + int (*pre_domain_create) (void *subject_ssid, ssidref_t ssidref); + void (*post_domain_create) (domid_t domid, ssidref_t ssidref); + void (*fail_domain_create) (void *subject_ssid, ssidref_t ssidref); + void (*post_domain_destroy) (void *object_ssid, domid_t id); + /* event channel control hooks (can be NULL) */ + int (*pre_eventchannel_unbound) (domid_t id); + void (*fail_eventchannel_unbound) (domid_t id); + int (*pre_eventchannel_interdomain) (domid_t id1, domid_t id2); + int (*fail_eventchannel_interdomain) (domid_t id1, domid_t id2); + /* grant table control hooks (can be NULL) */ + int (*pre_grant_map_ref) (domid_t id); + void (*fail_grant_map_ref) (domid_t id); + int (*pre_grant_setup) (domid_t id); + void (*fail_grant_setup) (domid_t id); }; -static inline int acm_pre_domain_create (void *subject_ssid, ssidref_t ssidref) +static inline int acm_pre_domain_create(void *subject_ssid, ssidref_t ssidref) { - if ((acm_primary_ops->pre_domain_create != NULL) && - acm_primary_ops->pre_domain_create (subject_ssid, ssidref)) - return ACM_ACCESS_DENIED; - else if ((acm_secondary_ops->pre_domain_create != NULL) && - acm_secondary_ops->pre_domain_create (subject_ssid, ssidref)) { - /* roll-back primary */ - if (acm_primary_ops->fail_domain_create != NULL) - acm_primary_ops->fail_domain_create (subject_ssid, ssidref); - return ACM_ACCESS_DENIED; - } else - return ACM_ACCESS_PERMITTED; + if ((acm_primary_ops->pre_domain_create != NULL) && + acm_primary_ops->pre_domain_create(subject_ssid, ssidref)) + return ACM_ACCESS_DENIED; + else if ((acm_secondary_ops->pre_domain_create != NULL) && + acm_secondary_ops->pre_domain_create(subject_ssid, ssidref)) { + /* roll-back primary */ + if (acm_primary_ops->fail_domain_create != NULL) + acm_primary_ops->fail_domain_create(subject_ssid, ssidref); + return ACM_ACCESS_DENIED; + } else + return ACM_ACCESS_PERMITTED; } -static inline void acm_post_domain_create (domid_t domid, ssidref_t ssidref) +static inline void acm_post_domain_create(domid_t domid, ssidref_t ssidref) { - if (acm_primary_ops->post_domain_create != NULL) - acm_primary_ops->post_domain_create (domid, ssidref); - if (acm_secondary_ops->post_domain_create != NULL) - acm_secondary_ops->post_domain_create (domid, ssidref); + if (acm_primary_ops->post_domain_create != NULL) + acm_primary_ops->post_domain_create(domid, ssidref); + if (acm_secondary_ops->post_domain_create != NULL) + acm_secondary_ops->post_domain_create(domid, ssidref); } -static inline void acm_fail_domain_create (void *subject_ssid, ssidref_t ssidref) +static inline void acm_fail_domain_create( + void *subject_ssid, ssidref_t ssidref) { - if (acm_primary_ops->fail_domain_create != NULL) - acm_primary_ops->fail_domain_create (subject_ssid, ssidref); - if (acm_secondary_ops->fail_domain_create != NULL) - acm_secondary_ops->fail_domain_create (subject_ssid, ssidref); + if (acm_primary_ops->fail_domain_create != NULL) + acm_primary_ops->fail_domain_create(subject_ssid, ssidref); + if (acm_secondary_ops->fail_domain_create != NULL) + acm_secondary_ops->fail_domain_create(subject_ssid, ssidref); } -static inline void acm_post_domain_destroy (void *object_ssid, domid_t id) +static inline void acm_post_domain_destroy(void *object_ssid, domid_t id) { - if (acm_primary_ops->post_domain_destroy != NULL) - acm_primary_ops->post_domain_destroy (object_ssid, id); - if (acm_secondary_ops->post_domain_destroy != NULL) - acm_secondary_ops->post_domain_destroy (object_ssid, id); - return; + if (acm_primary_ops->post_domain_destroy != NULL) + acm_primary_ops->post_domain_destroy(object_ssid, id); + if (acm_secondary_ops->post_domain_destroy != NULL) + acm_secondary_ops->post_domain_destroy(object_ssid, id); + return; } -/* event channel ops */ - -static inline int acm_pre_eventchannel_unbound (domid_t id) +static inline int acm_pre_eventchannel_unbound(domid_t id) { - if ((acm_primary_ops->pre_eventchannel_unbound != NULL) && - acm_primary_ops->pre_eventchannel_unbound (id)) - return ACM_ACCESS_DENIED; - else if ((acm_secondary_ops->pre_eventchannel_unbound != NULL) && - acm_secondary_ops->pre_eventchannel_unbound (id)) { - /* roll-back primary */ - if (acm_primary_ops->fail_eventchannel_unbound != NULL) - acm_primary_ops->fail_eventchannel_unbound (id); - return ACM_ACCESS_DENIED; - } else - return ACM_ACCESS_PERMITTED; + if ((acm_primary_ops->pre_eventchannel_unbound != NULL) && + acm_primary_ops->pre_eventchannel_unbound(id)) + return ACM_ACCESS_DENIED; + else if ((acm_secondary_ops->pre_eventchannel_unbound != NULL) && + acm_secondary_ops->pre_eventchannel_unbound(id)) { + /* roll-back primary */ + if (acm_primary_ops->fail_eventchannel_unbound != NULL) + acm_primary_ops->fail_eventchannel_unbound(id); + return ACM_ACCESS_DENIED; + } else + return ACM_ACCESS_PERMITTED; } -static inline int acm_pre_eventchannel_interdomain (domid_t id1, domid_t id2) -{ - if ((acm_primary_ops->pre_eventchannel_interdomain != NULL) && - acm_primary_ops->pre_eventchannel_interdomain (id1, id2)) - return ACM_ACCESS_DENIED; - else if ((acm_secondary_ops->pre_eventchannel_interdomain != NULL) && - acm_secondary_ops->pre_eventchannel_interdomain (id1, id2)) { - /* roll-back primary */ - if (acm_primary_ops->fail_eventchannel_interdomain != NULL) - acm_primary_ops->fail_eventchannel_interdomain (id1, id2); - return ACM_ACCESS_DENIED; - } else - return ACM_ACCESS_PERMITTED; +static inline int acm_pre_eventchannel_interdomain(domid_t id1, domid_t id2) +{ + if ((acm_primary_ops->pre_eventchannel_interdomain != NULL) && + acm_primary_ops->pre_eventchannel_interdomain(id1, id2)) + return ACM_ACCESS_DENIED; + else if ((acm_secondary_ops->pre_eventchannel_interdomain != NULL) && + acm_secondary_ops->pre_eventchannel_interdomain(id1, id2)) { + /* roll-back primary */ + if (acm_primary_ops->fail_eventchannel_interdomain != NULL) + acm_primary_ops->fail_eventchannel_interdomain(id1, id2); + return ACM_ACCESS_DENIED; + } else + return ACM_ACCESS_PERMITTED; } -/************ Xen inline hooks ***************/ - -/* small macro to make the hooks more readable - * (eliminates hooks if NULL policy is active) - */ -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) -static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) -{ return 0; } -#else static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) { - int ret = -EACCES; - struct domain *d; + int ret = -EACCES; + struct domain *d; - switch(op->cmd) { - case DOM0_CREATEDOMAIN: - ret = acm_pre_domain_create(current->domain->ssid, op->u.createdomain.ssidref); - break; - case DOM0_DESTROYDOMAIN: - d = find_domain_by_id(op->u.destroydomain.domain); - if (d != NULL) { - *ssid = d->ssid; /* save for post destroy when d is gone */ - /* no policy-specific hook */ - put_domain(d); - ret = 0; - } - break; - default: - ret = 0; /* ok */ - } - return ret; + switch(op->cmd) { + case DOM0_CREATEDOMAIN: + ret = acm_pre_domain_create( + current->domain->ssid, op->u.createdomain.ssidref); + break; + case DOM0_DESTROYDOMAIN: + d = find_domain_by_id(op->u.destroydomain.domain); + if (d != NULL) { + *ssid = d->ssid; /* save for post destroy when d is gone */ + /* no policy-specific hook */ + put_domain(d); + ret = 0; + } + break; + default: + ret = 0; /* ok */ + } + return ret; } -#endif - -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) -static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) -{ return; } -#else static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) { - switch(op->cmd) { - case DOM0_CREATEDOMAIN: - /* initialialize shared sHype security labels for new domain */ - acm_init_domain_ssid(op->u.createdomain.domain, op->u.createdomain.ssidref); - acm_post_domain_create(op->u.createdomain.domain, op->u.createdomain.ssidref); - break; - case DOM0_DESTROYDOMAIN: - acm_post_domain_destroy(ssid, op->u.destroydomain.domain); - /* free security ssid for the destroyed domain (also if running null policy */ - acm_free_domain_ssid((struct acm_ssid_domain *)ssid); - break; - } + switch(op->cmd) { + case DOM0_CREATEDOMAIN: + /* initialialize shared sHype security labels for new domain */ + acm_init_domain_ssid( + op->u.createdomain.domain, op->u.createdomain.ssidref); + acm_post_domain_create( + op->u.createdomain.domain, op->u.createdomain.ssidref); + break; + case DOM0_DESTROYDOMAIN: + acm_post_domain_destroy(ssid, op->u.destroydomain.domain); + /* free security ssid for the destroyed domain (also if null policy */ + acm_free_domain_ssid((struct acm_ssid_domain *)ssid); + break; + } } -#endif - -#if (ACM_USE_SECURITY_POLICy == ACM_NULL_POLICY) -static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) -{ return; } -#else static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) { - switch(op->cmd) { - case DOM0_CREATEDOMAIN: - acm_fail_domain_create(current->domain->ssid, op->u.createdomain.ssidref); - break; - } + switch(op->cmd) { + case DOM0_CREATEDOMAIN: + acm_fail_domain_create( + current->domain->ssid, op->u.createdomain.ssidref); + break; + } } -#endif - -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) -static inline int acm_pre_event_channel(evtchn_op_t *op) -{ return 0; } -#else static inline int acm_pre_event_channel(evtchn_op_t *op) { - int ret = -EACCES; + int ret = -EACCES; - switch(op->cmd) { - case EVTCHNOP_alloc_unbound: - ret = acm_pre_eventchannel_unbound(op->u.alloc_unbound.dom); - break; - case EVTCHNOP_bind_interdomain: - ret = acm_pre_eventchannel_interdomain(op->u.bind_interdomain.dom1, op->u.bind_interdomain.dom2); - break; - default: - ret = 0; /* ok */ - } - return ret; + switch(op->cmd) { + case EVTCHNOP_alloc_unbound: + ret = acm_pre_eventchannel_unbound(op->u.alloc_unbound.dom); + break; + case EVTCHNOP_bind_interdomain: + ret = acm_pre_eventchannel_interdomain( + op->u.bind_interdomain.dom1, op->u.bind_interdomain.dom2); + break; + default: + ret = 0; /* ok */ + } + return ret; } -#endif -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) -static inline int acm_pre_grant_map_ref(domid_t id) -{ return 0; } -#else -static inline int acm_pre_grant_map_ref (domid_t id) +static inline int acm_pre_grant_map_ref(domid_t id) { - if ((acm_primary_ops->pre_grant_map_ref != NULL) && - acm_primary_ops->pre_grant_map_ref (id)) - return ACM_ACCESS_DENIED; - else if ((acm_secondary_ops->pre_grant_map_ref != NULL) && - acm_secondary_ops->pre_grant_map_ref (id)) { - /* roll-back primary */ - if (acm_primary_ops->fail_grant_map_ref != NULL) - acm_primary_ops->fail_grant_map_ref (id); - return ACM_ACCESS_DENIED; - } else - return ACM_ACCESS_PERMITTED; + if ( (acm_primary_ops->pre_grant_map_ref != NULL) && + acm_primary_ops->pre_grant_map_ref(id) ) + { + return ACM_ACCESS_DENIED; + } + else if ( (acm_secondary_ops->pre_grant_map_ref != NULL) && + acm_secondary_ops->pre_grant_map_ref(id) ) + { + /* roll-back primary */ + if ( acm_primary_ops->fail_grant_map_ref != NULL ) + acm_primary_ops->fail_grant_map_ref(id); + return ACM_ACCESS_DENIED; + } + else + { + return ACM_ACCESS_PERMITTED; + } } -#endif +static inline int acm_pre_grant_setup(domid_t id) +{ + if ( (acm_primary_ops->pre_grant_setup != NULL) && + acm_primary_ops->pre_grant_setup(id) ) + { + return ACM_ACCESS_DENIED; + } + else if ( (acm_secondary_ops->pre_grant_setup != NULL) && + acm_secondary_ops->pre_grant_setup(id) ) + { + /* roll-back primary */ + if (acm_primary_ops->fail_grant_setup != NULL) + acm_primary_ops->fail_grant_setup(id); + return ACM_ACCESS_DENIED; + } + else + { + return ACM_ACCESS_PERMITTED; + } +} -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) -static inline int acm_pre_grant_setup(domid_t id) -{ return 0; } -#else -static inline int acm_pre_grant_setup (domid_t id) +/* predefined ssidref for DOM0 used by xen when creating DOM0 */ +#define ACM_DOM0_SSIDREF 0 + +static inline void acm_post_domain0_create(domid_t domid) { - if ((acm_primary_ops->pre_grant_setup != NULL) && - acm_primary_ops->pre_grant_setup (id)) - return ACM_ACCESS_DENIED; - else if ((acm_secondary_ops->pre_grant_setup != NULL) && - acm_secondary_ops->pre_grant_setup (id)) { - /* roll-back primary */ - if (acm_primary_ops->fail_grant_setup != NULL) - acm_primary_ops->fail_grant_setup (id); - return ACM_ACCESS_DENIED; - } else - return ACM_ACCESS_PERMITTED; + /* initialialize shared sHype security labels for new domain */ + acm_init_domain_ssid(domid, ACM_DOM0_SSIDREF); + acm_post_domain_create(domid, ACM_DOM0_SSIDREF); } -#endif +extern int acm_init(void); + +#endif #endif diff --git a/xen/include/public/acm_dom0_setup.h b/xen/include/public/acm_dom0_setup.h deleted file mode 100644 index 6604156ccf..0000000000 --- a/xen/include/public/acm_dom0_setup.h +++ /dev/null @@ -1,34 +0,0 @@ -/**************************************************************** - * acm_dom0_setup.h - * - * Copyright (C) 2005 IBM Corporation - * - * Author: - * Reiner Sailer - * - * Includes necessary definitions to bring-up dom0 - */ -#include - -extern int acm_init(void); - -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) - -static inline void acm_post_domain0_create(domid_t domid) -{ - return; -} - -#else - -/* predefined ssidref for DOM0 used by xen when creating DOM0 */ -#define ACM_DOM0_SSIDREF 0 - -static inline void acm_post_domain0_create(domid_t domid) -{ - /* initialialize shared sHype security labels for new domain */ - acm_init_domain_ssid(domid, ACM_DOM0_SSIDREF); - acm_post_domain_create(domid, ACM_DOM0_SSIDREF); -} - -#endif -- cgit v1.2.3