This is a modification of Tristan's previously posted patch. I have
tried to isolate architecture-dependent parts into functions that are
kept in architecture-specific include files. For example, the code that
deals with starting up ACM on the x86 architecture has been moved to
include/asm-x86/acm.h. There the policy is tried to be picked from the
multiboot structure.
If other architectures can recycle some of the x86-specific code, such
as for example the multiboot-related code, then I guess this could be
moved to shared code areas.
The easiest way to support ACM is to call acm_init(NULL,0); from within
the setup function if for some reason the machine cannot be started with
a policy.
Signed-off-by: Stefan Berger <[EMAIL PROTECTED]>
(patch based on previously posted patch by Tristan on 9/5/6)
Index: root/xen-unstable.hg/xen/acm/acm_core.c
===================================================================
--- root.orig/xen-unstable.hg/xen/acm/acm_core.c
+++ root/xen-unstable.hg/xen/acm/acm_core.c
@@ -100,9 +100,11 @@ acm_dump_policy_reference(u8 *buf, u32 b
struct acm_policy_reference_buffer *pr_buf = (struct acm_policy_reference_buffer *)buf;
int ret = sizeof(struct acm_policy_reference_buffer) + strlen(acm_bin_pol.policy_reference_name) + 1;
+ ret = (ret + 7) & ~7;
if (buf_size < ret)
return -EINVAL;
+ memset(buf, 0, ret);
pr_buf->len = htonl(strlen(acm_bin_pol.policy_reference_name) + 1); /* including stringend '\0' */
strcpy((char *)(buf + sizeof(struct acm_policy_reference_buffer)),
acm_bin_pol.policy_reference_name);
@@ -187,85 +189,58 @@ acm_init_binary_policy(u32 policy_code)
return ret;
}
+int
+acm_is_policy(char *buf, unsigned long len)
+{
+ struct acm_policy_buffer *pol;
+
+ if (buf == NULL || len < sizeof(struct acm_policy_buffer))
+ return 0;
+
+ pol = (struct acm_policy_buffer *)buf;
+ return ntohl(pol->magic) == ACM_MAGIC;
+}
+
+
static int
-acm_setup(unsigned int *initrdidx,
- const multiboot_info_t *mbi,
- unsigned long initial_images_start)
+acm_setup(char *policy_start,
+ unsigned long policy_len)
{
- int i;
- module_t *mod = (module_t *)__va(mbi->mods_addr);
int rc = ACM_OK;
+ struct acm_policy_buffer *pol;
+
+ if (policy_start == NULL || policy_len < sizeof(struct acm_policy_buffer))
+ return rc;
- if (mbi->mods_count > 1)
- *initrdidx = 1;
+ pol = (struct acm_policy_buffer *)policy_start;
+ if (ntohl(pol->magic) != ACM_MAGIC)
+ return rc;
- /*
- * Try all modules and see whichever could be the binary policy.
- * Adjust the initrdidx if module[1] is the binary policy.
- */
- for (i = mbi->mods_count-1; i >= 1; i--)
+ rc = do_acm_set_policy((void *)policy_start, (u32)policy_len);
+ if (rc == ACM_OK)
+ {
+ printkd("Policy len 0x%lx, start at %p.\n",policy_len,policy_start);
+ }
+ else
{
- struct acm_policy_buffer *pol;
- char *_policy_start;
- unsigned long _policy_len;
-#if defined(__i386__)
- _policy_start = (char *)(initial_images_start + (mod[i].mod_start-mod[0].mod_start));
-#elif defined(__x86_64__)
- _policy_start = __va(initial_images_start + (mod[i].mod_start-mod[0].mod_start));
-#else
-#error Architecture unsupported by sHype
-#endif
- _policy_len = mod[i].mod_end - mod[i].mod_start;
- if (_policy_len < sizeof(struct acm_policy_buffer))
- continue; /* not a policy */
-
- pol = (struct acm_policy_buffer *)_policy_start;
- if (ntohl(pol->magic) == ACM_MAGIC)
- {
- rc = do_acm_set_policy((void *)_policy_start,
- (u32)_policy_len);
- if (rc == ACM_OK)
- {
- printkd("Policy len 0x%lx, start at %p.\n",_policy_len,_policy_start);
- if (i == 1)
- {
- if (mbi->mods_count > 2)
- {
- *initrdidx = 2;
- }
- else {
- *initrdidx = 0;
- }
- }
- else
- {
- *initrdidx = 1;
- }
- break;
- }
- else
- {
- printk("Invalid policy. %d.th module line.\n", i+1);
- /* load default policy later */
- acm_active_security_policy = ACM_POLICY_UNDEFINED;
- }
- } /* end if a binary policy definition, i.e., (ntohl(pol->magic) == ACM_MAGIC ) */
+ printk("Invalid policy.\n");
+ /* load default policy later */
+ acm_active_security_policy = ACM_POLICY_UNDEFINED;
}
return rc;
}
int
-acm_init(unsigned int *initrdidx,
- const multiboot_info_t *mbi,
- unsigned long initial_images_start)
+acm_init(char *policy_start,
+ unsigned long policy_len)
{
int ret = ACM_OK;
acm_set_endian();
/* first try to load the boot policy (uses its own locks) */
- acm_setup(initrdidx, mbi, initial_images_start);
+ acm_setup(policy_start, policy_len);
if (acm_active_security_policy != ACM_POLICY_UNDEFINED)
{
Index: root/xen-unstable.hg/xen/arch/x86/setup.c
===================================================================
--- root.orig/xen-unstable.hg/xen/arch/x86/setup.c
+++ root/xen-unstable.hg/xen/arch/x86/setup.c
@@ -25,6 +25,7 @@
#include <asm/desc.h>
#include <asm/shadow.h>
#include <asm/e820.h>
+#include <asm/acm.h>
#include <acm/acm_hooks.h>
extern void dmi_scan_machine(void);
@@ -560,7 +561,7 @@ void __init __start_xen(multiboot_info_t
watchdog_enable();
/* initialize access control security module */
- acm_init(&initrdidx, mbi, initial_images_start);
+ acm_x86_init(mbi, &initrdidx, initial_images_start);
/* Create initial domain 0. */
dom0 = domain_create(0);
Index: root/xen-unstable.hg/xen/include/acm/acm_hooks.h
===================================================================
--- root.orig/xen-unstable.hg/xen/include/acm/acm_hooks.h
+++ root/xen-unstable.hg/xen/include/acm/acm_hooks.h
@@ -25,7 +25,6 @@
#include <xen/lib.h>
#include <xen/delay.h>
#include <xen/sched.h>
-#include <xen/multiboot.h>
#include <public/acm.h>
#include <acm/acm_core.h>
#include <public/domctl.h>
@@ -143,15 +142,10 @@ static inline int acm_pre_grant_map_ref(
{ return 0; }
static inline int acm_pre_grant_setup(domid_t id)
{ return 0; }
-static inline int acm_init(unsigned int *initrdidx,
- const multiboot_info_t *mbi,
- unsigned long start)
-{ return 0; }
static inline void acm_post_domain0_create(domid_t domid)
{ return; }
static inline int acm_sharing(ssidref_t ssidref1, ssidref_t ssidref2)
{ return 0; }
-
#else
static inline int acm_pre_domain_create(void *subject_ssid, ssidref_t ssidref)
@@ -369,9 +363,11 @@ static inline int acm_sharing(ssidref_t
return ACM_ACCESS_PERMITTED;
}
-extern int acm_init(unsigned int *initrdidx,
- const multiboot_info_t *mbi,
- unsigned long start);
+
+extern int acm_init(char *policy_start, unsigned long policy_len);
+
+/* Return true iff buffer has an acm policy magic number. */
+extern int acm_is_policy(char *buf, unsigned long len);
#endif
Index: root/xen-unstable.hg/xen/acm/Makefile
===================================================================
--- root.orig/xen-unstable.hg/xen/acm/Makefile
+++ root/xen-unstable.hg/xen/acm/Makefile
@@ -3,3 +3,5 @@ obj-y += acm_policy.o
obj-y += acm_simple_type_enforcement_hooks.o
obj-y += acm_chinesewall_hooks.o
obj-y += acm_null_hooks.o
+obj-$(x86_32) += acm_multiboot.o
+obj-$(x86_64) += acm_multiboot.o
Index: root/xen-unstable.hg/xen/acm/acm_multiboot.c
===================================================================
--- /dev/null
+++ root/xen-unstable.hg/xen/acm/acm_multiboot.c
@@ -0,0 +1,2 @@
+#include <acm/acm_hooks.h>
+
Index: root/xen-unstable.hg/xen/include/asm-x86/acm.h
===================================================================
--- /dev/null
+++ root/xen-unstable.hg/xen/include/asm-x86/acm.h
@@ -0,0 +1,91 @@
+#ifndef _XEN_ASM_ACM_H
+#define _XEN_ASM_ACM_H
+
+#include <xen/multiboot.h>
+#include <acm/acm_hooks.h>
+
+#ifdef ACM_SECURITY
+
+/* Fetch acm policy module from multiboot modules. */
+static inline void
+extract_acm_policy(multiboot_info_t *mbi,
+ unsigned int *initrdidx,
+ unsigned long initial_images_start,
+ char **_policy_start, unsigned long *_policy_len)
+{
+ int i;
+ module_t *mod = (module_t *)__va(mbi->mods_addr);
+
+ if ( mbi->mods_count > 1 )
+ *initrdidx = 1;
+
+ /*
+ * Try all modules and see whichever could be the binary policy.
+ * Adjust the initrdidx if module[1] is the binary policy.
+ */
+ for ( i = mbi->mods_count-1; i >= 1; i-- )
+ {
+ unsigned long start;
+ char *policy_start;
+ unsigned long policy_len;
+
+ start = initial_images_start + (mod[i].mod_start-mod[0].mod_start);
+#if defined(__i386__)
+ policy_start = (char *)start;
+#elif defined(__x86_64__)
+ policy_start = __va(start);
+#endif
+ policy_len = mod[i].mod_end - mod[i].mod_start;
+ if ( acm_is_policy(policy_start, policy_len) )
+ {
+ printf("Policy len 0x%lx, start at %p - module %d.\n",
+ policy_len, policy_start, i);
+ *_policy_start = policy_start;
+ *_policy_len = policy_len;
+ if ( i == 1 )
+ {
+ if (mbi->mods_count > 2)
+ *initrdidx = 2;
+ else
+ *initrdidx = 0;
+ }
+ else
+ *initrdidx = 1;
+ break;
+ }
+ }
+}
+
+static inline
+int acm_x86_init(multiboot_info_t *mbi,
+ unsigned int *initrdidx,
+ unsigned long initial_images_start)
+{
+ char *_policy_start = NULL;
+ unsigned long _policy_len = 0;
+ /* Extract policy from multiboot. */
+ extract_acm_policy(mbi,
+ initrdidx,
+ initial_images_start,
+ &_policy_start, &_policy_len);
+
+ /*
+ * Initialize access control security module no matter whether
+ * a policy has been found or not.
+ */
+ return acm_init(_policy_start, _policy_len);
+}
+
+#else
+
+static inline
+int acm_x86_init(multiboot_info_t *mbi,
+ unsigned int *initrdidx,
+ unsigned long initial_images_start)
+{
+ return 0;
+}
+
+#endif
+
+#endif
_______________________________________________
Xen-ppc-devel mailing list
Xen-ppc-devel@lists.xensource.com
http://lists.xensource.com/xen-ppc-devel
