1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
|
/*
* Copyright (c) 2007, IBM Corp.
* Copyright (c) 2007, XenSource Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef XEN_XSPOLICY_H
#define XEN_XSPOLICY_H
#include "xen_common.h"
#include "xen_xspolicy_decl.h"
#include "xen_string_string_map.h"
/*
* The XSPolicy and associated data structures.
*
*/
typedef int64_t xs_type;
typedef int64_t xs_instantiationflags;
enum xs_type {
XS_POLICY_ACM = (1 << 0),
};
enum xs_instantiationflags {
XS_INST_NONE = 0,
XS_INST_BOOT = (1 << 0),
XS_INST_LOAD = (1 << 1),
};
/* Error codes returned by xend following XSPolicy operations */
#define XSERR_BASE 0x1000
#define XSERR_SUCCESS 0
#define XSERR_GENERAL_FAILURE 1 + XSERR_BASE
#define XSERR_BAD_XML 2 + XSERR_BASE
#define XSERR_XML_PROCESSING 3 + XSERR_BASE
#define XSERR_POLICY_INCONSISTENT 4 + XSERR_BASE
#define XSERR_FILE_ERROR 5 + XSERR_BASE
#define XSERR_BAD_RESOURCE_FORMAT 6 + XSERR_BASE
#define XSERR_BAD_LABEL_FORMAT 7 + XSERR_BASE
#define XSERR_RESOURCE_NOT_LABELED 8 + XSERR_BASE
#define XSERR_RESOURCE_ALREADY_LABELED 9 + XSERR_BASE
#define XSERR_WRONG_POLICY_TYPE 10 + XSERR_BASE
#define XSERR_BOOTPOLICY_INSTALLED 11 + XSERR_BASE
#define XSERR_NO_DEFAULT_BOOT_TITLE 12 + XSERR_BASE
#define XSERR_POLICY_LOAD_FAILED 13 + XSERR_BASE
#define XSERR_POLICY_LOADED 14 + XSERR_BASE
#define XSERR_POLICY_TYPE_UNSUPPORTED 15 + XSERR_BASE
#define XSERR_BAD_CONFLICTSET 20 + XSERR_BASE
#define XSERR_RESOURCE_IN_USE 21 + XSERR_BASE
#define XSERR_BAD_POLICY_NAME 22 + XSERR_BASE
#define XSERR_RESOURCE_ACCESS 23 + XSERR_BASE
#define XSERR_HV_OP_FAILED 24 + XSERR_BASE
#define XSERR_BOOTPOLICY_INSTALL_ERROR 25 + XSERR_BASE
/**
* Free the given xen_xspolicy. The given handle must have been allocated
* by this library.
*/
extern void
xen_xspolicy_free(xen_xspolicy xspolicy);
typedef struct xen_xspolicy_set
{
size_t size;
xen_xspolicy *contents[];
} xen_xspolicy_set;
/**
* Allocate a xen_xspolicy_set of the given size.
*/
extern xen_xspolicy_set *
xen_xspolicy_set_alloc(size_t size);
/**
* Free the given xen_xspolicy_set. The given set must have been allocated
* by this library.
*/
extern void
xen_xspolicy_set_free(xen_xspolicy_set *set);
typedef struct xen_xspolicy_record
{
xen_xspolicy handle;
char *uuid;
char *repr;
xs_instantiationflags flags;
xs_type type;
} xen_xspolicy_record;
/**
* Allocate a xen_xspolicy_record.
*/
extern xen_xspolicy_record *
xen_xspolicy_record_alloc(void);
/**
* Free the given xen_xspolicy_record, and all referenced values. The
* given record must have been allocated by this library.
*/
extern void
xen_xspolicy_record_free(xen_xspolicy_record *record);
typedef struct xen_xspolicy_record_opt
{
bool is_record;
union
{
xen_xspolicy handle;
xen_xspolicy_record *record;
} u;
} xen_xspolicy_record_opt;
/**
* Allocate a xen_xspolicy_record_opt.
*/
extern xen_xspolicy_record_opt *
xen_xspolicy_record_opt_alloc(void);
/**
* Free the given xen_xspolicy_record_opt, and all referenced values. The
* given record_opt must have been allocated by this library.
*/
extern void
xen_xspolicy_record_opt_free(xen_xspolicy_record_opt *record_opt);
typedef struct xen_xspolicy_record_set
{
size_t size;
xen_xspolicy_record *contents[];
} xen_xspolicy_record_set;
/**
* Allocate a xen_xspolicy_record_set of the given size.
*/
extern xen_xspolicy_record_set *
xen_xspolicy_record_set_alloc(size_t size);
/**
* Free the given xen_xspolicy_record_set, and all referenced values. The
* given set must have been allocated by this library.
*/
extern void
xen_xspolicy_record_set_free(xen_xspolicy_record_set *set);
/**
* Data structures and function declarations for an XS Policy's state
* information.
*/
typedef struct xen_xs_policystate
{
xen_xspolicy_record_opt *xs_ref;
int64_t xserr;
char *repr;
xs_type type;
xs_instantiationflags flags;
char *version;
char *errors;
} xen_xs_policystate;
void
xen_xs_policystate_free(xen_xs_policystate *state);
/**
* Get the referenced policy's record.
*/
bool
xen_xspolicy_get_record(xen_session *session, xen_xspolicy_record **result,
xen_xspolicy xspolicy);
/**
* Get the UUID field of the given policy.
*/
bool
xen_xspolicy_get_uuid(xen_session *session, char **result,
xen_xspolicy xspolicy);
/**
* Get a policy given it's UUID
*/
bool
xen_xspolicy_get_by_uuid(xen_session *session, xen_xspolicy *result,
char *uuid);
/**
* Get the types of policies supported by the system.
*/
bool
xen_xspolicy_get_xstype(xen_session *session, xs_type *result);
/**
* Get information about the currently managed policy.
* (The API allows only one policy to be on the system.)
*/
bool
xen_xspolicy_get_xspolicy(xen_session *session, xen_xs_policystate **result);
/**
* Activate the referenced policy by loading it into the hypervisor.
*/
bool
xen_xspolicy_activate_xspolicy(xen_session *session, int64_t *result,
xen_xspolicy xspolicy,
xs_instantiationflags flags);
/**
* Set the system's policy to the given information comprising
* type of policy, the xml representation of the policy, some flags
* on whether to load the policy immediately and whether to overwrite
* an existing policy on the system.
*/
bool
xen_xspolicy_set_xspolicy(xen_session *session, xen_xs_policystate **result,
xs_type type, char *repr, int64_t flags,
bool overwrite);
/**
* Attempt to reset the system's policy to the DEFAULT policy for the
* respective policy type. This is done by updating the system and therefore
* underlies the same restrictions of a policy update. This operation may
* for example fail if other domains than Domain-0 are running and have
* different labels than Domain-0.
*/
bool
xen_xspolicy_reset_xspolicy(xen_session *session, xen_xs_policystate **result,
xs_type type);
/**
* Remove any policy from having the system booted with.
*/
extern bool
xen_xspolicy_rm_xsbootpolicy(xen_session *session);
/**
* Retrieve all labeled resources.
*/
extern bool
xen_xspolicy_get_labeled_resources(xen_session *session,
xen_string_string_map **resources);
/**
* Label a resource such as for example a hard drive partition or file
*/
extern bool
xen_xspolicy_set_resource_label(xen_session *session,
char *resource, char *label,
char *oldlabel);
/**
* Get the label of a resource.
*/
extern bool
xen_xspolicy_get_resource_label(xen_session *session, char **label,
char *resource);
#endif
|
