All of lore.kernel.org
 help / color / mirror / Atom feed
From: aq <aquynh@gmail.com>
To: xen-devel <xen-devel@lists.xensource.com>,
	Keir Fraser <Keir.Fraser@cl.cam.ac.uk>
Subject: [PATCH] fix broken ACM
Date: Thu, 23 Jun 2005 02:40:16 +0900	[thread overview]
Message-ID: <9cde8bff05062210406b403295@mail.gmail.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 352 bytes --]

The latest change to ACM makes it fail to compile. This patch fixes the problem.

Signed-off-by: Nguyen Anh Quynh <aquynh@gmail.com>

$ diffstat acm.patch 
 acm/acm_core.c          |   61 ---------------------
 include/acm/acm_hooks.h |  135 ++++++++++++++++++++++++++++++++++--------------
 2 files changed, 96 insertions(+), 100 deletions(-)

[-- Attachment #2: acm.patch --]
[-- Type: application/octet-stream, Size: 9056 bytes --]

===== xen/acm/acm_core.c 1.1 vs edited =====
--- 1.1/xen/acm/acm_core.c	2005-06-21 07:28:06 +09:00
+++ edited/xen/acm/acm_core.c	2005-06-23 02:21:44 +09:00
@@ -69,67 +69,6 @@
     }
 }
 
-/* initialize global security policy for Xen; policy write-locked already */
-static void
-acm_init_binary_policy(void *primary, void *secondary)
-{
-	acm_bin_pol.primary_policy_code = 0;
-	acm_bin_pol.secondary_policy_code = 0;
-	acm_bin_pol.primary_binary_policy = primary;
-	acm_bin_pol.secondary_binary_policy = secondary;
-}
-
-int
-acm_init(void)
-{
-	int ret = -EINVAL;
-
-	acm_set_endian();
-	write_lock(&acm_bin_pol_rwlock);
-
-	if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_POLICY) {
-		acm_init_binary_policy(NULL, NULL);
-		acm_init_chwall_policy();
-		acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
-		acm_primary_ops = &acm_chinesewall_ops;
-		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
-		acm_secondary_ops = &acm_null_ops;
-		ret = ACM_OK;
-	} else if (ACM_USE_SECURITY_POLICY == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
-		acm_init_binary_policy(NULL, NULL);
-		acm_init_ste_policy();
-		acm_bin_pol.primary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
-		acm_primary_ops = &acm_simple_type_enforcement_ops;
-		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
-		acm_secondary_ops = &acm_null_ops;
-		ret = ACM_OK;
-	} else if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
-		acm_init_binary_policy(NULL, NULL);
-		acm_init_chwall_policy();
-		acm_init_ste_policy();
-		acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
-		acm_primary_ops = &acm_chinesewall_ops;
-		acm_bin_pol.secondary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
-		acm_secondary_ops = &acm_simple_type_enforcement_ops;
-		ret = ACM_OK;
-	} else if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) {
-		acm_init_binary_policy(NULL, NULL);
-		acm_bin_pol.primary_policy_code = ACM_NULL_POLICY;
-		acm_primary_ops = &acm_null_ops;
-		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
-		acm_secondary_ops = &acm_null_ops;
-		ret = ACM_OK;
-	}
-	write_unlock(&acm_bin_pol_rwlock);
-
-	if (ret != ACM_OK)
-		return -EINVAL;		
-	printk("%s: Enforcing Primary %s, Secondary %s.\n", __func__, 
-	       ACM_POLICY_NAME(acm_bin_pol.primary_policy_code), ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
-	return ACM_OK;
-}
-
-
 int
 acm_init_domain_ssid(domid_t id, ssidref_t ssidref)
 {
===== xen/include/acm/acm_hooks.h 1.2 vs edited =====
--- 1.2/xen/include/acm/acm_hooks.h	2005-06-22 23:18:11 +09:00
+++ edited/xen/include/acm/acm_hooks.h	2005-06-23 02:32:51 +09:00
@@ -30,6 +30,44 @@
 #include <public/event_channel.h>
 #include <asm/current.h>
 
+struct acm_operations {
+    /* policy management functions (must always be defined!) */
+    int  (*init_domain_ssid)           (void **ssid, ssidref_t ssidref);
+    void (*free_domain_ssid)           (void *ssid);
+    int  (*dump_binary_policy)         (u8 *buffer, u16 buf_size);
+    int  (*set_binary_policy)          (u8 *buffer, u16 buf_size);
+    int  (*dump_statistics)            (u8 *buffer, u16 buf_size);
+    /* domain management control hooks (can be NULL) */
+    int  (*pre_domain_create)          (void *subject_ssid, ssidref_t ssidref);
+    void (*post_domain_create)         (domid_t domid, ssidref_t ssidref);
+    void (*fail_domain_create)         (void *subject_ssid, ssidref_t ssidref);
+    void (*post_domain_destroy)        (void *object_ssid, domid_t id);
+    /* event channel control hooks  (can be NULL) */
+    int  (*pre_eventchannel_unbound)      (domid_t id);
+    void (*fail_eventchannel_unbound)     (domid_t id);
+    int  (*pre_eventchannel_interdomain)  (domid_t id1, domid_t id2);
+    int  (*fail_eventchannel_interdomain) (domid_t id1, domid_t id2);
+    /* grant table control hooks (can be NULL)  */
+    int  (*pre_grant_map_ref)          (domid_t id);
+    void (*fail_grant_map_ref)         (domid_t id);
+    int  (*pre_grant_setup)            (domid_t id);
+    void (*fail_grant_setup)           (domid_t id);
+};
+
+/* global variables */
+extern struct acm_operations *acm_primary_ops;
+extern struct acm_operations *acm_secondary_ops;
+
+/* if ACM_TRACE_MODE defined, all hooks should
+ * print a short trace message */
+/* #define ACM_TRACE_MODE */
+
+#ifdef ACM_TRACE_MODE
+# define traceprintk(fmt, args...) printk(fmt,## args)
+#else
+# define traceprintk(fmt, args...)
+#endif
+
 #if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
 
 static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 
@@ -51,20 +89,6 @@
 
 #else
 
-/* if ACM_TRACE_MODE defined, all hooks should
- * print a short trace message */
-/* #define ACM_TRACE_MODE */
-
-#ifdef ACM_TRACE_MODE
-# define traceprintk(fmt, args...) printk(fmt,## args)
-#else
-# define traceprintk(fmt, args...)
-#endif
-
-/* global variables */
-extern struct acm_operations *acm_primary_ops;
-extern struct acm_operations *acm_secondary_ops;
-
 /*********************************************************************
  * HOOK structure and meaning (justifies a few words about our model):
  * 
@@ -124,30 +148,6 @@
  *
  ********************************************************************/
 
-struct acm_operations {
-    /* policy management functions (must always be defined!) */
-    int  (*init_domain_ssid)           (void **ssid, ssidref_t ssidref);
-    void (*free_domain_ssid)           (void *ssid);
-    int  (*dump_binary_policy)         (u8 *buffer, u16 buf_size);
-    int  (*set_binary_policy)          (u8 *buffer, u16 buf_size);
-    int  (*dump_statistics)            (u8 *buffer, u16 buf_size);
-    /* domain management control hooks (can be NULL) */
-    int  (*pre_domain_create)          (void *subject_ssid, ssidref_t ssidref);
-    void (*post_domain_create)         (domid_t domid, ssidref_t ssidref);
-    void (*fail_domain_create)         (void *subject_ssid, ssidref_t ssidref);
-    void (*post_domain_destroy)        (void *object_ssid, domid_t id);
-    /* event channel control hooks  (can be NULL) */
-    int  (*pre_eventchannel_unbound)      (domid_t id);
-    void (*fail_eventchannel_unbound)     (domid_t id);
-    int  (*pre_eventchannel_interdomain)  (domid_t id1, domid_t id2);
-    int  (*fail_eventchannel_interdomain) (domid_t id1, domid_t id2);
-    /* grant table control hooks (can be NULL)  */
-    int  (*pre_grant_map_ref)          (domid_t id);
-    void (*fail_grant_map_ref)         (domid_t id);
-    int  (*pre_grant_setup)            (domid_t id);
-    void (*fail_grant_setup)           (domid_t id);
-};
-
 static inline int acm_pre_domain_create(void *subject_ssid, ssidref_t ssidref)
 {
     if ((acm_primary_ops->pre_domain_create != NULL) && 
@@ -342,7 +342,64 @@
     acm_post_domain_create(domid, ACM_DOM0_SSIDREF);
 }
 
-extern int acm_init(void);
+/* initialize global security policy for Xen; policy write-locked already */
+static inline void
+acm_init_binary_policy(void *primary, void *secondary)
+{
+	acm_bin_pol.primary_policy_code = 0;
+	acm_bin_pol.secondary_policy_code = 0;
+	acm_bin_pol.primary_binary_policy = primary;
+	acm_bin_pol.secondary_binary_policy = secondary;
+}
+
+static inline int acm_init(void)
+{
+	int ret = -EINVAL;
+
+	acm_set_endian();
+	write_lock(&acm_bin_pol_rwlock);
+
+	if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_POLICY) {
+		acm_init_binary_policy(NULL, NULL);
+		acm_init_chwall_policy();
+		acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
+		acm_primary_ops = &acm_chinesewall_ops;
+		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
+		acm_secondary_ops = &acm_null_ops;
+		ret = ACM_OK;
+	} else if (ACM_USE_SECURITY_POLICY == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
+		acm_init_binary_policy(NULL, NULL);
+		acm_init_ste_policy();
+		acm_bin_pol.primary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
+		acm_primary_ops = &acm_simple_type_enforcement_ops;
+		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
+		acm_secondary_ops = &acm_null_ops;
+		ret = ACM_OK;
+	} else if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
+		acm_init_binary_policy(NULL, NULL);
+		acm_init_chwall_policy();
+		acm_init_ste_policy();
+		acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
+		acm_primary_ops = &acm_chinesewall_ops;
+		acm_bin_pol.secondary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
+		acm_secondary_ops = &acm_simple_type_enforcement_ops;
+		ret = ACM_OK;
+	} else if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) {
+		acm_init_binary_policy(NULL, NULL);
+		acm_bin_pol.primary_policy_code = ACM_NULL_POLICY;
+		acm_primary_ops = &acm_null_ops;
+		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
+		acm_secondary_ops = &acm_null_ops;
+		ret = ACM_OK;
+	}
+	write_unlock(&acm_bin_pol_rwlock);
+
+	if (ret != ACM_OK)
+		return -EINVAL;		
+	printk("%s: Enforcing Primary %s, Secondary %s.\n", __func__, 
+	       ACM_POLICY_NAME(acm_bin_pol.primary_policy_code), ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
+	return ACM_OK;
+}
 
 #endif
 

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

             reply	other threads:[~2005-06-22 17:40 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-06-22 17:40 aq [this message]
2005-06-22 17:51 ` [PATCH] fix broken ACM Keir Fraser
2005-06-22 17:52   ` aq
2005-06-23  7:48     ` Keir Fraser
2005-06-23  8:04       ` aq
2005-06-23  8:14         ` Keir Fraser
2005-06-23  8:19           ` aq
2005-06-22 18:22   ` aq
2005-06-23  3:42 ` Stefan Berger
2005-06-23  3:56   ` aq
2005-06-23  4:18     ` Stefan Berger
2005-06-23  7:56       ` aq
2005-06-23 14:57         ` Stefan Berger
2005-06-23 15:16           ` Keir Fraser
2005-06-23 15:22             ` aq
2005-06-23 15:52               ` Keir Fraser
2005-06-23 22:06                 ` aq
2005-06-23 15:56               ` Stefan Berger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9cde8bff05062210406b403295@mail.gmail.com \
    --to=aquynh@gmail.com \
    --cc=Keir.Fraser@cl.cam.ac.uk \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.