From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vincent Hanquez Subject: [PATCH 1/3] merge libflask into libxenctrl Date: Tue, 22 Jun 2010 10:26:56 +0100 Message-ID: <1277198818-27090-2-git-send-email-vincent.hanquez@eu.citrix.com> References: <1277198818-27090-1-git-send-email-vincent.hanquez@eu.citrix.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------1.7.1" Return-path: In-Reply-To: <1277198818-27090-1-git-send-email-vincent.hanquez@eu.citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Xen Devel Cc: Vincent Hanquez List-Id: xen-devel@lists.xenproject.org --------------1.7.1 Content-Type: text/plain; charset="UTF-8"; format=fixed Content-Transfer-Encoding: quoted-printable Signed-off-by: Vincent Hanquez --- tools/libxc/xc_flask.c | 496 ++++++++++++++++++++++++++++++++++++++++++= ++++++ tools/libxc/xenctrl.h | 26 +++ 2 files changed, 522 insertions(+), 0 deletions(-) --------------1.7.1 Content-Type: text/x-patch; name="0001-merge-libflask-into-libxenctrl.patch" Content-Disposition: attachment; filename="0001-merge-libflask-into-libxenctrl.patch" Content-Transfer-Encoding: quoted-printable diff --git a/tools/libxc/xc_flask.c b/tools/libxc/xc_flask.c index 6982445..3b733e5 100644 --- a/tools/libxc/xc_flask.c +++ b/tools/libxc/xc_flask.c @@ -8,6 +8,24 @@ */ =20 #include "xc_private.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define OCON_PIRQ_STR "pirq" +#define OCON_IOPORT_STR "ioport" +#define OCON_IOMEM_STR "iomem" +#define OCON_DEVICE_STR "pcidevice" +#define INITCONTEXTLEN 256 =20 int xc_flask_op(xc_interface *xch, flask_op_t *op) { @@ -35,6 +53,484 @@ int xc_flask_op(xc_interface *xch, flask_op_t *op) return ret; } =20 +int xc_flask_load(xc_interface *xc_handle, char *buf, uint32_t size) +{ + int err; + flask_op_t op; + =20 + op.cmd =3D FLASK_LOAD; + op.buf =3D buf; + op.size =3D size; + =20 + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + return err; + + return 0; +} + +int xc_flask_context_to_sid(xc_interface *xc_handle, char *buf, uint32_t= size, uint32_t *sid) +{ + int err; + flask_op_t op; + =20 + op.cmd =3D FLASK_CONTEXT_TO_SID; + op.buf =3D buf; + op.size =3D size; + =20 + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + return err; + =20 + sscanf(buf, "%u", sid); + + return 0; +} + +int xc_flask_sid_to_context(xc_interface *xc_handle, int sid, char *buf,= uint32_t size) +{ + int err; + flask_op_t op; + =20 + op.cmd =3D FLASK_SID_TO_CONTEXT; + op.buf =3D buf; + op.size =3D size; + =20 + snprintf(buf, size, "%u", sid); + + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + return err; + + return 0; +} + +int xc_flask_getenforce(xc_interface *xc_handle) +{ + int err; + flask_op_t op; + char buf[20]; =20 + int size =3D 20; + int mode; +=20 + op.cmd =3D FLASK_GETENFORCE; + op.buf =3D buf; + op.size =3D size; + =20 + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + return err; + + sscanf(buf, "%i", &mode); + + return mode; +} + +int xc_flask_setenforce(xc_interface *xc_handle, int mode) +{ + int err; + flask_op_t op; + char buf[20]; + int size =3D 20;=20 +=20 + op.cmd =3D FLASK_SETENFORCE; + op.buf =3D buf; + op.size =3D size; + =20 + snprintf(buf, size, "%i", mode); +=20 + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + return err; + + return 0; +} + +int xc_flask_add_pirq(xc_interface *xc_handle, unsigned int pirq, char *= scontext) +{ + int err; + flask_op_t op; + char *buf; + char *pirq_s =3D OCON_PIRQ_STR; + int size =3D INITCONTEXTLEN + strlen(pirq_s) + (sizeof(unsigned int)= ) + + (sizeof(char) * 3); + + if ( (buf =3D (char *) malloc(size)) =3D=3D NULL ) + return -ENOMEM; + memset(buf, 0, size); + + op.cmd =3D FLASK_ADD_OCONTEXT; + snprintf(buf, size, "%s %255s %u", pirq_s, scontext, pirq); + op.buf =3D buf; + op.size =3D size; + + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + { + free(buf); + return err; + } + + free(buf); + return 0; + +} + +int xc_flask_add_ioport(xc_interface *xc_handle, unsigned long low, unsi= gned long high, + char *scontext) +{ + int err; + flask_op_t op; + char *buf; + char *ioport =3D OCON_IOPORT_STR; + int size =3D INITCONTEXTLEN + strlen(ioport) + + (sizeof(unsigned long) * 2) + (sizeof(char) * 4); + + if ( (buf =3D (char *) malloc(size)) =3D=3D NULL ) + return -ENOMEM; + memset(buf, 0, size); + + op.cmd =3D FLASK_ADD_OCONTEXT; + snprintf(buf, size, "%s %255s %lu %lu", ioport, scontext, low, high)= ; + op.buf =3D buf; + op.size =3D size; + + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + { + free(buf); + return err; + } + + free(buf); + return 0; + +} + +int xc_flask_add_iomem(xc_interface *xc_handle, unsigned long low, unsig= ned long high, + char *scontext) +{ + int err; + flask_op_t op; + char *buf; + char *iomem =3D OCON_IOMEM_STR; + int size =3D INITCONTEXTLEN + strlen(iomem) + + (sizeof(unsigned long) * 2) + (sizeof(char) * 4); + + if ( (buf =3D (char *) malloc(size)) =3D=3D NULL ) + return -ENOMEM; + memset(buf, 0, size); + + op.cmd =3D FLASK_ADD_OCONTEXT; + snprintf(buf, size, "%s %255s %lu %lu", iomem, scontext, low, high); + op.buf =3D buf; + op.size =3D size; + + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + { + free(buf); + return err; + } + + free(buf); + return 0; + +} + +int xc_flask_add_device(xc_interface *xc_handle, unsigned long device, c= har *scontext) +{ + int err; + flask_op_t op; + char *buf; + char *dev =3D OCON_DEVICE_STR; + int size =3D INITCONTEXTLEN + strlen(dev) + (sizeof(unsigned long)) = + + (sizeof(char) * 3); + + if ( (buf =3D (char *) malloc(size)) =3D=3D NULL ) + return -ENOMEM; + memset(buf, 0, size); + + op.cmd =3D FLASK_ADD_OCONTEXT; + snprintf(buf, size, "%s %255s %lu", dev, scontext, device); + op.buf =3D buf; + op.size =3D size; + + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + { + free(buf); + return err; + } + + free(buf); + return 0; + +} + +int xc_flask_del_pirq(xc_interface *xc_handle, unsigned int pirq) +{ + int err; + flask_op_t op; + char *buf; + char *pirq_s =3D OCON_PIRQ_STR; + int size =3D strlen(pirq_s) + (sizeof(unsigned int)) + + (sizeof(char) * 2); + + if ( (buf =3D (char *) malloc(size)) =3D=3D NULL ) + return -ENOMEM; + memset(buf, 0, size); + + op.cmd =3D FLASK_DEL_OCONTEXT; + snprintf(buf, size, "%s %u", pirq_s, pirq); + op.buf =3D buf; + op.size =3D size; + + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + { + free(buf); + return err; + } + + free(buf); + return 0; + +} + +int xc_flask_del_ioport(xc_interface *xc_handle, unsigned long low, unsi= gned long high) +{ + int err; + flask_op_t op; + char *buf; + char *ioport =3D OCON_IOPORT_STR; + int size =3D strlen(ioport) + (sizeof(unsigned long) * 2) + + (sizeof(char) * 3); + + if ( (buf =3D (char *) malloc(size)) =3D=3D NULL ) + return -ENOMEM; + memset(buf, 0, size); + + op.cmd =3D FLASK_DEL_OCONTEXT; + snprintf(buf, size, "%s %lu %lu", ioport, low, high); + op.buf =3D buf; + op.size =3D size; + + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + { + free(buf); + return err; + } + + free(buf); + return 0; + +} + +int xc_flask_del_iomem(xc_interface *xc_handle, unsigned long low, unsig= ned long high) +{ + int err; + flask_op_t op; + char *buf; + char *iomem =3D OCON_IOMEM_STR; + int size =3D strlen(iomem) + (sizeof(unsigned long) * 2) + + (sizeof(char) * 3); + + if ( (buf =3D (char *) malloc(size)) =3D=3D NULL ) + return -ENOMEM; + memset(buf, 0, size); + + op.cmd =3D FLASK_DEL_OCONTEXT; + snprintf(buf, size, "%s %lu %lu", iomem, low, high); + op.buf =3D buf; + op.size =3D size; + + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + { + free(buf); + return err; + } + + free(buf); + return 0; + +} + +int xc_flask_del_device(xc_interface *xc_handle, unsigned long device) +{ + int err; + flask_op_t op; + char *buf; + char *dev =3D OCON_DEVICE_STR; + int size =3D strlen(dev) + (sizeof(unsigned long)) + (sizeof(char) *= 2); + + if ( (buf =3D (char *) malloc(size)) =3D=3D NULL ) + return -ENOMEM; + memset(buf, 0, size); + + op.cmd =3D FLASK_DEL_OCONTEXT; + snprintf(buf, size, "%s %lu", dev, device); + op.buf =3D buf; + op.size =3D size; + + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + { + free(buf); + return err; + } + + free(buf); + return 0; + +} + +int xc_flask_access(xc_interface *xc_handle, const char *scon, const cha= r *tcon, + uint16_t tclass, uint32_t req, + uint32_t *allowed, uint32_t *decided, + uint32_t *auditallow, uint32_t *auditdeny, + uint32_t *seqno) +{ +/* maximum number of digits in a 16-bit decimal number: */ +#define MAX_SHORT_DEC_LEN 5 + + char *buf; + int bufLen; + int err; + flask_op_t op; + uint32_t dummy_allowed; + uint32_t dummy_decided; + uint32_t dummy_auditallow; + uint32_t dummy_auditdeny; + uint32_t dummy_seqno; + =20 + if (!allowed) + allowed =3D &dummy_allowed; + if (!decided) + decided =3D &dummy_decided; + if (!auditallow) + auditallow =3D &dummy_auditallow; + if (!auditdeny) + auditdeny =3D &dummy_auditdeny; + if (!seqno) + seqno =3D &dummy_seqno; + + if (!scon) + return -EINVAL; + if (!tcon) + return -EINVAL; + + bufLen =3D strlen(scon) + 1 + strlen(tcon) + 1 + + MAX_SHORT_DEC_LEN + 1 + + sizeof(req)*2 + 1; + buf =3D malloc(bufLen); + snprintf(buf, bufLen, "%s %s %hu %x", scon, tcon, tclass, req); + + op.cmd =3D FLASK_ACCESS; + op.buf =3D buf; + op.size =3D strlen(buf)+1; + =20 + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + { + free(buf); + return err; + } + =20 + if (sscanf(op.buf, "%x %x %x %x %u", + allowed, decided, + auditallow, auditdeny, + seqno) !=3D 5) { + err =3D -EILSEQ; + } + + err =3D ((*allowed & req) =3D=3D req)? 0 : -EPERM; + + return err; + +} + +int xc_flask_avc_hashstats(xc_interface *xc_handle, char *buf, int size) +{ + int err; + flask_op_t op; + =20 + op.cmd =3D FLASK_AVC_HASHSTATS; + op.buf =3D buf; + op.size =3D size; + =20 + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + { + free(buf); + return err; + } + + return 0; +} + +int xc_flask_avc_cachestats(xc_interface *xc_handle, char *buf, int size= ) +{ + int err; + flask_op_t op; + =20 + op.cmd =3D FLASK_AVC_CACHESTATS; + op.buf =3D buf; + op.size =3D size; + =20 + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + { + free(buf); + return err; + } + + return 0; +} + +int xc_flask_policyvers(xc_interface *xc_handle, char *buf, int size) +{ + int err; + flask_op_t op; + =20 + op.cmd =3D FLASK_POLICYVERS; + op.buf =3D buf; + op.size =3D size; + + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + { + free(buf); + return err; + } + + return 0; +} + +int xc_flask_getavc_threshold(xc_interface *xc_handle) +{ + int err; + flask_op_t op; + char buf[20]; =20 + int size =3D 20; + int threshold; +=20 + op.cmd =3D FLASK_GETAVC_THRESHOLD; + op.buf =3D buf; + op.size =3D size; + =20 + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + return err; + + sscanf(buf, "%i", &threshold); + + return threshold; +} + +int xc_flask_setavc_threshold(xc_interface *xc_handle, int threshold) +{ + int err; + flask_op_t op; + char buf[20]; =20 + int size =3D 20; +=20 + op.cmd =3D FLASK_SETAVC_THRESHOLD; + op.buf =3D buf; + op.size =3D size; + + snprintf(buf, size, "%i", threshold); +=20 + if ( (err =3D xc_flask_op(xc_handle, &op)) !=3D 0 ) + return err; + + return 0; +} + /* * Local variables: * mode: C diff --git a/tools/libxc/xenctrl.h b/tools/libxc/xenctrl.h index 705df1d..b6c0df3 100644 --- a/tools/libxc/xenctrl.h +++ b/tools/libxc/xenctrl.h @@ -1517,6 +1517,32 @@ int xc_memshr_debug_gref(xc_interface *xch, uint32_t domid, grant_ref_t gref); =20 +int xc_flask_load(xc_interface *xc_handle, char *buf, uint32_t size); +int xc_flask_context_to_sid(xc_interface *xc_handle, char *buf, uint32_t= size, uint32_t *sid); +int xc_flask_sid_to_context(xc_interface *xc_handle, int sid, char *buf,= uint32_t size); +int xc_flask_getenforce(xc_interface *xc_handle); +int xc_flask_setenforce(xc_interface *xc_handle, int mode); +int xc_flask_add_pirq(xc_interface *xc_handle, unsigned int pirq, char *= scontext); +int xc_flask_add_ioport(xc_interface *xc_handle, unsigned long low, unsi= gned long high, + char *scontext); +int xc_flask_add_iomem(xc_interface *xc_handle, unsigned long low, unsig= ned long high, + char *scontext); +int xc_flask_add_device(xc_interface *xc_handle, unsigned long device, c= har *scontext); +int xc_flask_del_pirq(xc_interface *xc_handle, unsigned int pirq); +int xc_flask_del_ioport(xc_interface *xc_handle, unsigned long low, unsi= gned long high); +int xc_flask_del_iomem(xc_interface *xc_handle, unsigned long low, unsig= ned long high); +int xc_flask_del_device(xc_interface *xc_handle, unsigned long device); +int xc_flask_access(xc_interface *xc_handle, const char *scon, const cha= r *tcon, + uint16_t tclass, uint32_t req, + uint32_t *allowed, uint32_t *decided, + uint32_t *auditallow, uint32_t *auditdeny, + uint32_t *seqno); +int xc_flask_avc_cachestats(xc_interface *xc_handle, char *buf, int size= ); +int xc_flask_policyvers(xc_interface *xc_handle, char *buf, int size); +int xc_flask_avc_hashstats(xc_interface *xc_handle, char *buf, int size)= ; +int xc_flask_getavc_threshold(xc_interface *xc_handle); +int xc_flask_setavc_threshold(xc_interface *xc_handle, int threshold); + struct elf_binary; void xc_elf_set_logfile(struct xc_interface *xch, struct elf_binary *elf= , int verbose); --------------1.7.1 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --------------1.7.1--