===== xen/acm/acm_core.c 1.1 vs edited =====
--- 1.1/xen/acm/acm_core.c	2005-06-21 07:28:06 +09:00
+++ edited/xen/acm/acm_core.c	2005-06-23 02:21:44 +09:00
@@ -69,67 +69,6 @@
     }
 }
 
-/* initialize global security policy for Xen; policy write-locked already */
-static void
-acm_init_binary_policy(void *primary, void *secondary)
-{
-	acm_bin_pol.primary_policy_code = 0;
-	acm_bin_pol.secondary_policy_code = 0;
-	acm_bin_pol.primary_binary_policy = primary;
-	acm_bin_pol.secondary_binary_policy = secondary;
-}
-
-int
-acm_init(void)
-{
-	int ret = -EINVAL;
-
-	acm_set_endian();
-	write_lock(&acm_bin_pol_rwlock);
-
-	if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_POLICY) {
-		acm_init_binary_policy(NULL, NULL);
-		acm_init_chwall_policy();
-		acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
-		acm_primary_ops = &acm_chinesewall_ops;
-		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
-		acm_secondary_ops = &acm_null_ops;
-		ret = ACM_OK;
-	} else if (ACM_USE_SECURITY_POLICY == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
-		acm_init_binary_policy(NULL, NULL);
-		acm_init_ste_policy();
-		acm_bin_pol.primary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
-		acm_primary_ops = &acm_simple_type_enforcement_ops;
-		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
-		acm_secondary_ops = &acm_null_ops;
-		ret = ACM_OK;
-	} else if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
-		acm_init_binary_policy(NULL, NULL);
-		acm_init_chwall_policy();
-		acm_init_ste_policy();
-		acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
-		acm_primary_ops = &acm_chinesewall_ops;
-		acm_bin_pol.secondary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
-		acm_secondary_ops = &acm_simple_type_enforcement_ops;
-		ret = ACM_OK;
-	} else if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) {
-		acm_init_binary_policy(NULL, NULL);
-		acm_bin_pol.primary_policy_code = ACM_NULL_POLICY;
-		acm_primary_ops = &acm_null_ops;
-		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
-		acm_secondary_ops = &acm_null_ops;
-		ret = ACM_OK;
-	}
-	write_unlock(&acm_bin_pol_rwlock);
-
-	if (ret != ACM_OK)
-		return -EINVAL;		
-	printk("%s: Enforcing Primary %s, Secondary %s.\n", __func__, 
-	       ACM_POLICY_NAME(acm_bin_pol.primary_policy_code), ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
-	return ACM_OK;
-}
-
-
 int
 acm_init_domain_ssid(domid_t id, ssidref_t ssidref)
 {
===== xen/include/acm/acm_hooks.h 1.2 vs edited =====
--- 1.2/xen/include/acm/acm_hooks.h	2005-06-22 23:18:11 +09:00
+++ edited/xen/include/acm/acm_hooks.h	2005-06-23 02:32:51 +09:00
@@ -30,6 +30,44 @@
 #include <public/event_channel.h>
 #include <asm/current.h>
 
+struct acm_operations {
+    /* policy management functions (must always be defined!) */
+    int  (*init_domain_ssid)           (void **ssid, ssidref_t ssidref);
+    void (*free_domain_ssid)           (void *ssid);
+    int  (*dump_binary_policy)         (u8 *buffer, u16 buf_size);
+    int  (*set_binary_policy)          (u8 *buffer, u16 buf_size);
+    int  (*dump_statistics)            (u8 *buffer, u16 buf_size);
+    /* domain management control hooks (can be NULL) */
+    int  (*pre_domain_create)          (void *subject_ssid, ssidref_t ssidref);
+    void (*post_domain_create)         (domid_t domid, ssidref_t ssidref);
+    void (*fail_domain_create)         (void *subject_ssid, ssidref_t ssidref);
+    void (*post_domain_destroy)        (void *object_ssid, domid_t id);
+    /* event channel control hooks  (can be NULL) */
+    int  (*pre_eventchannel_unbound)      (domid_t id);
+    void (*fail_eventchannel_unbound)     (domid_t id);
+    int  (*pre_eventchannel_interdomain)  (domid_t id1, domid_t id2);
+    int  (*fail_eventchannel_interdomain) (domid_t id1, domid_t id2);
+    /* grant table control hooks (can be NULL)  */
+    int  (*pre_grant_map_ref)          (domid_t id);
+    void (*fail_grant_map_ref)         (domid_t id);
+    int  (*pre_grant_setup)            (domid_t id);
+    void (*fail_grant_setup)           (domid_t id);
+};
+
+/* global variables */
+extern struct acm_operations *acm_primary_ops;
+extern struct acm_operations *acm_secondary_ops;
+
+/* if ACM_TRACE_MODE defined, all hooks should
+ * print a short trace message */
+/* #define ACM_TRACE_MODE */
+
+#ifdef ACM_TRACE_MODE
+# define traceprintk(fmt, args...) printk(fmt,## args)
+#else
+# define traceprintk(fmt, args...)
+#endif
+
 #if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
 
 static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 
@@ -51,20 +89,6 @@
 
 #else
 
-/* if ACM_TRACE_MODE defined, all hooks should
- * print a short trace message */
-/* #define ACM_TRACE_MODE */
-
-#ifdef ACM_TRACE_MODE
-# define traceprintk(fmt, args...) printk(fmt,## args)
-#else
-# define traceprintk(fmt, args...)
-#endif
-
-/* global variables */
-extern struct acm_operations *acm_primary_ops;
-extern struct acm_operations *acm_secondary_ops;
-
 /*********************************************************************
  * HOOK structure and meaning (justifies a few words about our model):
  * 
@@ -124,30 +148,6 @@
  *
  ********************************************************************/
 
-struct acm_operations {
-    /* policy management functions (must always be defined!) */
-    int  (*init_domain_ssid)           (void **ssid, ssidref_t ssidref);
-    void (*free_domain_ssid)           (void *ssid);
-    int  (*dump_binary_policy)         (u8 *buffer, u16 buf_size);
-    int  (*set_binary_policy)          (u8 *buffer, u16 buf_size);
-    int  (*dump_statistics)            (u8 *buffer, u16 buf_size);
-    /* domain management control hooks (can be NULL) */
-    int  (*pre_domain_create)          (void *subject_ssid, ssidref_t ssidref);
-    void (*post_domain_create)         (domid_t domid, ssidref_t ssidref);
-    void (*fail_domain_create)         (void *subject_ssid, ssidref_t ssidref);
-    void (*post_domain_destroy)        (void *object_ssid, domid_t id);
-    /* event channel control hooks  (can be NULL) */
-    int  (*pre_eventchannel_unbound)      (domid_t id);
-    void (*fail_eventchannel_unbound)     (domid_t id);
-    int  (*pre_eventchannel_interdomain)  (domid_t id1, domid_t id2);
-    int  (*fail_eventchannel_interdomain) (domid_t id1, domid_t id2);
-    /* grant table control hooks (can be NULL)  */
-    int  (*pre_grant_map_ref)          (domid_t id);
-    void (*fail_grant_map_ref)         (domid_t id);
-    int  (*pre_grant_setup)            (domid_t id);
-    void (*fail_grant_setup)           (domid_t id);
-};
-
 static inline int acm_pre_domain_create(void *subject_ssid, ssidref_t ssidref)
 {
     if ((acm_primary_ops->pre_domain_create != NULL) && 
@@ -342,7 +342,64 @@
     acm_post_domain_create(domid, ACM_DOM0_SSIDREF);
 }
 
-extern int acm_init(void);
+/* initialize global security policy for Xen; policy write-locked already */
+static inline void
+acm_init_binary_policy(void *primary, void *secondary)
+{
+	acm_bin_pol.primary_policy_code = 0;
+	acm_bin_pol.secondary_policy_code = 0;
+	acm_bin_pol.primary_binary_policy = primary;
+	acm_bin_pol.secondary_binary_policy = secondary;
+}
+
+static inline int acm_init(void)
+{
+	int ret = -EINVAL;
+
+	acm_set_endian();
+	write_lock(&acm_bin_pol_rwlock);
+
+	if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_POLICY) {
+		acm_init_binary_policy(NULL, NULL);
+		acm_init_chwall_policy();
+		acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
+		acm_primary_ops = &acm_chinesewall_ops;
+		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
+		acm_secondary_ops = &acm_null_ops;
+		ret = ACM_OK;
+	} else if (ACM_USE_SECURITY_POLICY == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
+		acm_init_binary_policy(NULL, NULL);
+		acm_init_ste_policy();
+		acm_bin_pol.primary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
+		acm_primary_ops = &acm_simple_type_enforcement_ops;
+		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
+		acm_secondary_ops = &acm_null_ops;
+		ret = ACM_OK;
+	} else if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
+		acm_init_binary_policy(NULL, NULL);
+		acm_init_chwall_policy();
+		acm_init_ste_policy();
+		acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
+		acm_primary_ops = &acm_chinesewall_ops;
+		acm_bin_pol.secondary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
+		acm_secondary_ops = &acm_simple_type_enforcement_ops;
+		ret = ACM_OK;
+	} else if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) {
+		acm_init_binary_policy(NULL, NULL);
+		acm_bin_pol.primary_policy_code = ACM_NULL_POLICY;
+		acm_primary_ops = &acm_null_ops;
+		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
+		acm_secondary_ops = &acm_null_ops;
+		ret = ACM_OK;
+	}
+	write_unlock(&acm_bin_pol_rwlock);
+
+	if (ret != ACM_OK)
+		return -EINVAL;		
+	printk("%s: Enforcing Primary %s, Secondary %s.\n", __func__, 
+	       ACM_POLICY_NAME(acm_bin_pol.primary_policy_code), ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
+	return ACM_OK;
+}
 
 #endif