[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] Merge



# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1277331882 -3600
# Node ID b54f9c9f9144f5f2d02a18a4f2841f9c5f361d5b
# Parent  f908097d4ca45446d85fcb1e4935c83273399ab6
# Parent  f2f0b687f74d640bd0761c64272e8edbc56c2fab
Merge
---
 tools/hotplug/Linux/init.d/xend   |    4 
 tools/libxc/xc_flask.c            |  357 ++++++++++++++++++++++++++++++++++++++
 tools/libxc/xenctrl.h             |   26 ++
 tools/libxl/libxl.c               |    4 
 tools/libxl/libxl_device.c        |   77 +++++---
 tools/libxl/libxl_internal.h      |    4 
 tools/python/xen/lowlevel/xc/xc.c |  251 ++++++++++++++++++++++++++
 7 files changed, 689 insertions(+), 34 deletions(-)

diff -r f908097d4ca4 -r b54f9c9f9144 tools/hotplug/Linux/init.d/xend
--- a/tools/hotplug/Linux/init.d/xend   Wed Jun 23 23:23:57 2010 +0100
+++ b/tools/hotplug/Linux/init.d/xend   Wed Jun 23 23:24:42 2010 +0100
@@ -37,6 +37,10 @@ function await_daemons_up
 
 case "$1" in
   start)
+       if [ -z "`ps -C xenconsoled -o pid=`" ]; then
+               echo "xencommons should be started first."
+               exit 1
+       fi
        mkdir -p /var/lock/subsys
        touch /var/lock/subsys/xend
        xend start
diff -r f908097d4ca4 -r b54f9c9f9144 tools/libxc/xc_flask.c
--- a/tools/libxc/xc_flask.c    Wed Jun 23 23:23:57 2010 +0100
+++ b/tools/libxc/xc_flask.c    Wed Jun 23 23:24:42 2010 +0100
@@ -8,6 +8,24 @@
  */
 
 #include "xc_private.h"
+#include <unistd.h>
+#include <stdio.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <sys/ioctl.h>
+#include <stdint.h>
+
+#define OCON_PIRQ_STR   "pirq"
+#define OCON_IOPORT_STR "ioport"
+#define OCON_IOMEM_STR  "iomem"
+#define OCON_DEVICE_STR "pcidevice"
+#define INITCONTEXTLEN  256
 
 int xc_flask_op(xc_interface *xch, flask_op_t *op)
 {
@@ -33,6 +51,345 @@ int xc_flask_op(xc_interface *xch, flask
 
  out:
     return ret;
+}
+
+int xc_flask_load(xc_interface *xc_handle, char *buf, uint32_t size)
+{
+    int err;
+    flask_op_t op;
+    
+    op.cmd = FLASK_LOAD;
+    op.buf = buf;
+    op.size = size;
+    
+    if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
+        return err;
+
+    return 0;
+}
+
+int xc_flask_context_to_sid(xc_interface *xc_handle, char *buf, uint32_t size, 
uint32_t *sid)
+{
+    int err;
+    flask_op_t op;
+    
+    op.cmd = FLASK_CONTEXT_TO_SID;
+    op.buf = buf;
+    op.size = size;
+    
+    if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
+        return err;
+    
+    sscanf(buf, "%u", sid);
+
+    return 0;
+}
+
+int xc_flask_sid_to_context(xc_interface *xc_handle, int sid, char *buf, 
uint32_t size)
+{
+    int err;
+    flask_op_t op;
+    
+    op.cmd = FLASK_SID_TO_CONTEXT;
+    op.buf = buf;
+    op.size = size;
+    
+    snprintf(buf, size, "%u", sid);
+
+    if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
+        return err;
+
+    return 0;
+}
+
+int xc_flask_getenforce(xc_interface *xc_handle)
+{
+    int err;
+    flask_op_t op;
+    char buf[20];            
+    int size = 20;
+    int mode;
+ 
+    op.cmd = FLASK_GETENFORCE;
+    op.buf = buf;
+    op.size = size;
+    
+    if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
+        return err;
+
+    sscanf(buf, "%i", &mode);
+
+    return mode;
+}
+
+int xc_flask_setenforce(xc_interface *xc_handle, int mode)
+{
+    int err;
+    flask_op_t op;
+    char buf[20];
+    int size = 20; 
+ 
+    op.cmd = FLASK_SETENFORCE;
+    op.buf = buf;
+    op.size = size;
+   
+    snprintf(buf, size, "%i", mode);
+ 
+    if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
+        return err;
+
+    return 0;
+}
+
+static int xc_flask_add(xc_interface *xc_handle, char *cat, char *arg, char 
*scontext)
+{
+    char buf[512];
+    flask_op_t op;
+
+    memset(buf, 0, 512);
+    snprintf(buf, 512, "%s %255s %s", cat, scontext, arg);
+    op.cmd = FLASK_ADD_OCONTEXT;
+    op.buf = buf;
+    op.size = 512;
+    
+    return xc_flask_op(xc_handle, &op);
+}
+
+int xc_flask_add_pirq(xc_interface *xc_handle, unsigned int pirq, char 
*scontext)
+{
+    char arg[16];
+
+    snprintf(arg, 16, "%u", pirq);
+    return xc_flask_add(xc_handle, OCON_PIRQ_STR, arg, scontext);
+}
+
+int xc_flask_add_ioport(xc_interface *xc_handle, unsigned long low, unsigned 
long high,
+                      char *scontext)
+{
+    char arg[64];
+
+    snprintf(arg, 64, "%lu %lu", low, high);
+    return xc_flask_add(xc_handle, OCON_IOPORT_STR, arg, scontext);
+}
+
+int xc_flask_add_iomem(xc_interface *xc_handle, unsigned long low, unsigned 
long high,
+                     char *scontext)
+{
+    char arg[64];
+
+    snprintf(arg, 64, "%lu %lu", low, high);
+    return xc_flask_add(xc_handle, OCON_IOMEM_STR, arg, scontext);
+}
+
+int xc_flask_add_device(xc_interface *xc_handle, unsigned long device, char 
*scontext)
+{
+    char arg[32];
+
+    snprintf(arg, 32, "%lu", device);
+    return xc_flask_add(xc_handle, OCON_DEVICE_STR, arg, scontext);
+}
+
+static int xc_flask_del(xc_interface *xc_handle, char *cat, char *arg)
+{
+    char buf[256];
+    flask_op_t op;
+
+    memset(buf, 0, 256);
+    snprintf(buf, 256, "%s %s", cat, arg);
+    op.cmd = FLASK_DEL_OCONTEXT;
+    op.buf = buf;
+    op.size = 256;
+    
+    return xc_flask_op(xc_handle, &op);
+}
+
+int xc_flask_del_pirq(xc_interface *xc_handle, unsigned int pirq)
+{
+    char arg[16];
+
+    snprintf(arg, 16, "%u", pirq);
+    return xc_flask_del(xc_handle, OCON_PIRQ_STR, arg);
+}
+
+int xc_flask_del_ioport(xc_interface *xc_handle, unsigned long low, unsigned 
long high)
+{
+    char arg[64];
+
+    snprintf(arg, 64, "%lu %lu", low, high);
+    return xc_flask_del(xc_handle, OCON_IOPORT_STR, arg);
+}
+
+int xc_flask_del_iomem(xc_interface *xc_handle, unsigned long low, unsigned 
long high)
+{
+    char arg[64];
+
+    snprintf(arg, 64, "%lu %lu", low, high);
+    return xc_flask_del(xc_handle, OCON_IOMEM_STR, arg);
+}
+
+int xc_flask_del_device(xc_interface *xc_handle, unsigned long device)
+{
+    char arg[32];
+
+    snprintf(arg, 32, "%lu", device);
+    return xc_flask_del(xc_handle, OCON_DEVICE_STR, arg);
+}
+
+int xc_flask_access(xc_interface *xc_handle, const char *scon, const char 
*tcon,
+                uint16_t tclass, uint32_t req,
+                uint32_t *allowed, uint32_t *decided,
+                uint32_t *auditallow, uint32_t *auditdeny,
+                uint32_t *seqno)
+{
+/* maximum number of digits in a 16-bit decimal number: */
+#define MAX_SHORT_DEC_LEN 5
+
+    char *buf;
+    int bufLen;
+    int err;
+    flask_op_t op;
+    uint32_t dummy_allowed;
+    uint32_t dummy_decided;
+    uint32_t dummy_auditallow;
+    uint32_t dummy_auditdeny;
+    uint32_t dummy_seqno;
+  
+    if (!allowed)
+        allowed = &dummy_allowed;
+    if (!decided)
+        decided = &dummy_decided;
+    if (!auditallow)
+        auditallow = &dummy_auditallow;
+    if (!auditdeny)
+        auditdeny = &dummy_auditdeny;
+    if (!seqno)
+        seqno = &dummy_seqno;
+
+    if (!scon)
+        return -EINVAL;
+    if (!tcon)
+        return -EINVAL;
+
+    bufLen = strlen(scon) + 1 + strlen(tcon) + 1 +
+        MAX_SHORT_DEC_LEN + 1 +
+        sizeof(req)*2 + 1;
+    buf = malloc(bufLen);
+    snprintf(buf, bufLen, "%s %s %hu %x", scon, tcon, tclass, req);
+
+    op.cmd = FLASK_ACCESS;
+    op.buf = buf;
+    op.size = strlen(buf)+1;
+    
+    if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
+    {
+        free(buf);
+        return err;
+    }
+   
+    if (sscanf(op.buf, "%x %x %x %x %u",
+               allowed, decided,
+               auditallow, auditdeny,
+               seqno) != 5) {
+        err = -EILSEQ;
+    }
+
+    err = ((*allowed & req) == req)? 0 : -EPERM;
+
+    return err;
+
+}
+
+int xc_flask_avc_hashstats(xc_interface *xc_handle, char *buf, int size)
+{
+    int err;
+    flask_op_t op;
+  
+    op.cmd = FLASK_AVC_HASHSTATS;
+    op.buf = buf;
+    op.size = size;
+  
+    if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
+    {
+        free(buf);
+        return err;
+    }
+
+    return 0;
+}
+
+int xc_flask_avc_cachestats(xc_interface *xc_handle, char *buf, int size)
+{
+    int err;
+    flask_op_t op;
+  
+    op.cmd = FLASK_AVC_CACHESTATS;
+    op.buf = buf;
+    op.size = size;
+  
+    if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
+    {
+        free(buf);
+        return err;
+    }
+
+    return 0;
+}
+
+int xc_flask_policyvers(xc_interface *xc_handle, char *buf, int size)
+{
+    int err;
+    flask_op_t op;
+  
+    op.cmd = FLASK_POLICYVERS;
+    op.buf = buf;
+    op.size = size;
+
+    if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
+    {
+        free(buf);
+        return err;
+    }
+
+    return 0;
+}
+
+int xc_flask_getavc_threshold(xc_interface *xc_handle)
+{
+    int err;
+    flask_op_t op;
+    char buf[20];            
+    int size = 20;
+    int threshold;
+ 
+    op.cmd = FLASK_GETAVC_THRESHOLD;
+    op.buf = buf;
+    op.size = size;
+    
+    if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
+        return err;
+
+    sscanf(buf, "%i", &threshold);
+
+    return threshold;
+}
+
+int xc_flask_setavc_threshold(xc_interface *xc_handle, int threshold)
+{
+    int err;
+    flask_op_t op;
+    char buf[20];            
+    int size = 20;
+ 
+    op.cmd = FLASK_SETAVC_THRESHOLD;
+    op.buf = buf;
+    op.size = size;
+
+    snprintf(buf, size, "%i", threshold);
+ 
+    if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
+        return err;
+
+    return 0;
 }
 
 /*
diff -r f908097d4ca4 -r b54f9c9f9144 tools/libxc/xenctrl.h
--- a/tools/libxc/xenctrl.h     Wed Jun 23 23:23:57 2010 +0100
+++ b/tools/libxc/xenctrl.h     Wed Jun 23 23:24:42 2010 +0100
@@ -1517,6 +1517,32 @@ int xc_memshr_debug_gref(xc_interface *x
                          uint32_t domid,
                          grant_ref_t gref);
 
+int xc_flask_load(xc_interface *xc_handle, char *buf, uint32_t size);
+int xc_flask_context_to_sid(xc_interface *xc_handle, char *buf, uint32_t size, 
uint32_t *sid);
+int xc_flask_sid_to_context(xc_interface *xc_handle, int sid, char *buf, 
uint32_t size);
+int xc_flask_getenforce(xc_interface *xc_handle);
+int xc_flask_setenforce(xc_interface *xc_handle, int mode);
+int xc_flask_add_pirq(xc_interface *xc_handle, unsigned int pirq, char 
*scontext);
+int xc_flask_add_ioport(xc_interface *xc_handle, unsigned long low, unsigned 
long high,
+                      char *scontext);
+int xc_flask_add_iomem(xc_interface *xc_handle, unsigned long low, unsigned 
long high,
+                     char *scontext);
+int xc_flask_add_device(xc_interface *xc_handle, unsigned long device, char 
*scontext);
+int xc_flask_del_pirq(xc_interface *xc_handle, unsigned int pirq);
+int xc_flask_del_ioport(xc_interface *xc_handle, unsigned long low, unsigned 
long high);
+int xc_flask_del_iomem(xc_interface *xc_handle, unsigned long low, unsigned 
long high);
+int xc_flask_del_device(xc_interface *xc_handle, unsigned long device);
+int xc_flask_access(xc_interface *xc_handle, const char *scon, const char 
*tcon,
+                  uint16_t tclass, uint32_t req,
+                  uint32_t *allowed, uint32_t *decided,
+                  uint32_t *auditallow, uint32_t *auditdeny,
+                  uint32_t *seqno);
+int xc_flask_avc_cachestats(xc_interface *xc_handle, char *buf, int size);
+int xc_flask_policyvers(xc_interface *xc_handle, char *buf, int size);
+int xc_flask_avc_hashstats(xc_interface *xc_handle, char *buf, int size);
+int xc_flask_getavc_threshold(xc_interface *xc_handle);
+int xc_flask_setavc_threshold(xc_interface *xc_handle, int threshold);
+
 struct elf_binary;
 void xc_elf_set_logfile(struct xc_interface *xch, struct elf_binary *elf,
                         int verbose);
diff -r f908097d4ca4 -r b54f9c9f9144 tools/libxl/libxl.c
--- a/tools/libxl/libxl.c       Wed Jun 23 23:23:57 2010 +0100
+++ b/tools/libxl/libxl.c       Wed Jun 23 23:24:42 2010 +0100
@@ -2381,7 +2381,7 @@ int libxl_device_pci_add(struct libxl_ct
 
     /* TODO: check if the device can be assigned */
 
-    libxl_device_pci_flr(ctx, pcidev->domain, pcidev->bus, pcidev->dev, 
pcidev->func);
+    libxl_device_pci_reset(ctx, pcidev->domain, pcidev->bus, pcidev->dev, 
pcidev->func);
 
     stubdomid = libxl_get_stubdom_id(ctx, domid);
     if (stubdomid != 0) {
@@ -2551,7 +2551,7 @@ skip1:
         fclose(f);
     }
 out:
-    libxl_device_pci_flr(ctx, pcidev->domain, pcidev->bus, pcidev->dev, 
pcidev->func);
+    libxl_device_pci_reset(ctx, pcidev->domain, pcidev->bus, pcidev->dev, 
pcidev->func);
 
     if (!libxl_is_stubdom(ctx, domid, NULL)) {
         rc = xc_deassign_device(ctx->xch, domid, pcidev->value);
diff -r f908097d4ca4 -r b54f9c9f9144 tools/libxl/libxl_device.c
--- a/tools/libxl/libxl_device.c        Wed Jun 23 23:23:57 2010 +0100
+++ b/tools/libxl/libxl_device.c        Wed Jun 23 23:24:42 2010 +0100
@@ -22,6 +22,8 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <unistd.h>
+#include <fcntl.h>
+
 
 #include "libxl.h"
 #include "libxl_internal.h"
@@ -389,22 +391,36 @@ int libxl_device_del(struct libxl_ctx *c
     return 0;
 }
 
-int libxl_device_pci_flr(struct libxl_ctx *ctx, unsigned int domain, unsigned 
int bus,
+int libxl_device_pci_reset(struct libxl_ctx *ctx, unsigned int domain, 
unsigned int bus,
                          unsigned int dev, unsigned int func)
 {
-    char *do_flr = "/sys/bus/pci/drivers/pciback/do_flr";
-    FILE *fd;
-
-    fd = fopen(do_flr, "w");
-    if (fd != NULL) {
-        fprintf(fd, PCI_BDF, domain, bus, dev, func);
-        fclose(fd);
-        return 0;
+    char *reset = "/sys/bus/pci/drivers/pciback/do_flr";
+    int fd, rc;
+
+    fd = open(reset, O_WRONLY);
+    if (fd > 0) {
+        char *buf = libxl_sprintf(ctx, PCI_BDF, domain, bus, dev, func);
+        rc = write(fd, buf, strlen(buf));
+        if (rc < 0)
+            XL_LOG(ctx, XL_LOG_ERROR, "write to %s returned %d", reset, rc);
+        close(fd);
+        return rc < 0 ? rc : 0;
+    }
+    if (errno != ENOENT)
+        XL_LOG_ERRNO(ctx, XL_LOG_ERROR, "Failed to access pciback path %s", 
reset);
+    reset = libxl_sprintf(ctx, "/sys/bus/pci/devices/"PCI_BDF"/reset", domain, 
bus, dev, func);
+    fd = open(reset, O_WRONLY);
+    if (fd > 0) {
+        rc = write(fd, "1", 1);
+        if (rc < 0)
+            XL_LOG_ERRNO(ctx, XL_LOG_ERROR, "write to %s returned %d", reset, 
rc);
+        close(fd);
+        return rc < 0 ? rc : 0;
     }
     if (errno == ENOENT) {
-        XL_LOG(ctx, XL_LOG_ERROR, "Pciback doesn't support do_flr, cannot flr 
the device");
+        XL_LOG(ctx, XL_LOG_ERROR, "The kernel doesn't support PCI device reset 
from sysfs");
     } else {
-        XL_LOG_ERRNO(ctx, XL_LOG_ERROR, "Failed to access pciback path %s", 
do_flr);
+        XL_LOG_ERRNO(ctx, XL_LOG_ERROR, "Failed to access reset path %s", 
reset);
     }
     return -1;
 }
@@ -418,7 +434,7 @@ int libxl_wait_for_device_model(struct l
     char *path;
     char *p;
     unsigned int len;
-    int rc;
+    int rc = 0;
     struct xs_handle *xsh;
     int nfds;
     fd_set rfds;
@@ -432,28 +448,29 @@ int libxl_wait_for_device_model(struct l
     tv.tv_sec = LIBXL_DEVICE_MODEL_START_TIMEOUT;
     tv.tv_usec = 0;
     nfds = xs_fileno(xsh) + 1;
-    while (tv.tv_sec > 0) {
+    while (rc > 0 || (!rc && tv.tv_sec > 0)) {
+        p = xs_read(xsh, XBT_NULL, path, &len);
+        if (p && (!state || !strcmp(state, p))) {
+            free(p);
+            xs_unwatch(xsh, path, path);
+            xs_daemon_close(xsh);
+            if (check_callback) {
+                rc = check_callback(ctx, check_callback_userdata);
+                if (rc) return rc;
+            }
+            return 0;
+        }
+        free(p);
+again:
         FD_ZERO(&rfds);
         FD_SET(xs_fileno(xsh), &rfds);
-        if (select(nfds, &rfds, NULL, NULL, &tv) > 0) {
+        rc = select(nfds, &rfds, NULL, NULL, &tv);
+        if (rc > 0) {
             l = xs_read_watch(xsh, &num);
-            if (l != NULL) {
+            if (l != NULL)
                 free(l);
-                p = xs_read(xsh, XBT_NULL, path, &len);
-                if (!p)
-                    continue;
-                if (!state || !strcmp(state, p)) {
-                    free(p);
-                    xs_unwatch(xsh, path, path);
-                    xs_daemon_close(xsh);
-                    if (check_callback) {
-                        rc = check_callback(ctx, check_callback_userdata);
-                        if (rc) return rc;
-                    }
-                    return 0;
-                }
-                free(p);
-            }
+            else
+                goto again;
         }
     }
     xs_unwatch(xsh, path, path);
diff -r f908097d4ca4 -r b54f9c9f9144 tools/libxl/libxl_internal.h
--- a/tools/libxl/libxl_internal.h      Wed Jun 23 23:23:57 2010 +0100
+++ b/tools/libxl/libxl_internal.h      Wed Jun 23 23:24:42 2010 +0100
@@ -162,8 +162,8 @@ int libxl_wait_for_device_model(struct l
                                                       void *userdata),
                                 void *check_callback_userdata);
 int libxl_wait_for_backend(struct libxl_ctx *ctx, char *be_path, char *state);
-int libxl_device_pci_flr(struct libxl_ctx *ctx, unsigned int domain, unsigned 
int bus,
-                         unsigned int dev, unsigned int func);
+int libxl_device_pci_reset(struct libxl_ctx *ctx, unsigned int domain, 
unsigned int bus,
+                           unsigned int dev, unsigned int func);
 
 /* from xenguest (helper */
 int hvm_build_set_params(xc_interface *handle, uint32_t domid,
diff -r f908097d4ca4 -r b54f9c9f9144 tools/python/xen/lowlevel/xc/xc.c
--- a/tools/python/xen/lowlevel/xc/xc.c Wed Jun 23 23:23:57 2010 +0100
+++ b/tools/python/xen/lowlevel/xc/xc.c Wed Jun 23 23:24:42 2010 +0100
@@ -33,6 +33,8 @@
 
 #define PKG "xen.lowlevel.xc"
 #define CLS "xc"
+
+#define FLASK_CTX_LEN 1024
 
 static PyObject *xc_error_obj, *zero;
 
@@ -2078,6 +2080,202 @@ static PyObject *pyxc_cpupool_freeinfo(X
     return cpumap_to_cpulist(cpumap);
 }
 
+static PyObject *pyflask_context_to_sid(PyObject *self, PyObject *args,
+                                                                 PyObject 
*kwds)
+{
+    xc_interface *xc_handle;
+    char *ctx;
+    char *buf;
+    uint32_t len;
+    uint32_t sid;
+    int ret;
+
+    static char *kwd_list[] = { "context", NULL };
+
+    if ( !PyArg_ParseTupleAndKeywords(args, kwds, "s", kwd_list,
+                                      &ctx) )
+        return NULL;
+
+    len = strlen(ctx);
+
+    buf = malloc(len);
+    if (!buf) {
+        errno = -ENOMEM;
+        PyErr_SetFromErrno(xc_error_obj);
+    }
+    
+    memcpy(buf, ctx, len);
+    
+    xc_handle = xc_interface_open(0,0,0);
+    if (!xc_handle) {
+        free(buf);
+        return PyErr_SetFromErrno(xc_error_obj);
+    }
+    
+    ret = xc_flask_context_to_sid(xc_handle, buf, len, &sid);
+        
+    xc_interface_close(xc_handle);
+
+    free(buf);
+    
+    if ( ret != 0 ) {
+        errno = -ret;
+        return PyErr_SetFromErrno(xc_error_obj);
+    }
+
+    return PyInt_FromLong(sid);
+}
+
+static PyObject *pyflask_sid_to_context(PyObject *self, PyObject *args,
+                                                                 PyObject 
*kwds)
+{
+    xc_interface *xc_handle;
+    uint32_t sid;
+    char ctx[FLASK_CTX_LEN];
+    uint32_t ctx_len = FLASK_CTX_LEN;
+    int ret;
+
+    static char *kwd_list[] = { "sid", NULL };
+
+    if ( !PyArg_ParseTupleAndKeywords(args, kwds, "i", kwd_list,
+                                      &sid) )
+        return NULL;
+
+    xc_handle = xc_interface_open(0,0,0);
+    if (!xc_handle) {
+        return PyErr_SetFromErrno(xc_error_obj);
+    }
+    
+    ret = xc_flask_sid_to_context(xc_handle, sid, ctx, ctx_len);
+    
+    xc_interface_close(xc_handle);
+    
+    if ( ret != 0 ) {
+        errno = -ret;
+        return PyErr_SetFromErrno(xc_error_obj);
+    }
+
+    return Py_BuildValue("s", ctx, ctx_len);
+}
+
+static PyObject *pyflask_load(PyObject *self, PyObject *args, PyObject *kwds)
+{
+    xc_interface *xc_handle;
+    char *policy;
+    uint32_t len;
+    int ret;
+
+    static char *kwd_list[] = { "policy", NULL };
+  
+    if( !PyArg_ParseTupleAndKeywords(args, kwds, "s#", kwd_list, &policy, 
&len) )
+        return NULL;
+
+    xc_handle = xc_interface_open(0,0,0);
+    if (!xc_handle) {
+        return PyErr_SetFromErrno(xc_error_obj);
+    }
+
+    ret = xc_flask_load(xc_handle, policy, len);
+
+    xc_interface_close(xc_handle);
+
+    if ( ret != 0 ) {
+        errno = -ret;
+        return PyErr_SetFromErrno(xc_error_obj);
+    }
+
+    return Py_BuildValue("i", ret);
+}
+
+static PyObject *pyflask_getenforce(PyObject *self)
+{
+    xc_interface *xc_handle;
+    int ret;
+
+    xc_handle = xc_interface_open(0,0,0);
+    if (!xc_handle) {
+        return PyErr_SetFromErrno(xc_error_obj);
+    }
+    
+    ret = xc_flask_getenforce(xc_handle);
+    
+    xc_interface_close(xc_handle);
+    
+    if ( ret < 0 ) {
+        errno = -ret;
+        return PyErr_SetFromErrno(xc_error_obj);
+    }
+
+    return Py_BuildValue("i", ret);
+}
+
+static PyObject *pyflask_setenforce(PyObject *self, PyObject *args,
+                                                            PyObject *kwds)
+{
+    xc_interface *xc_handle;
+    int mode;
+    int ret;
+
+    static char *kwd_list[] = { "mode", NULL };
+
+    if ( !PyArg_ParseTupleAndKeywords(args, kwds, "i", kwd_list,
+                                      &mode) )
+        return NULL;
+
+    xc_handle = xc_interface_open(0,0,0);
+    if (!xc_handle) {
+        return PyErr_SetFromErrno(xc_error_obj);
+    }
+    
+    ret = xc_flask_setenforce(xc_handle, mode);
+    
+    xc_interface_close(xc_handle);
+    
+    if ( ret != 0 ) {
+        errno = -ret;
+        return PyErr_SetFromErrno(xc_error_obj);
+    }
+
+    return Py_BuildValue("i", ret);
+}
+
+static PyObject *pyflask_access(PyObject *self, PyObject *args,
+                                                       PyObject *kwds)
+{
+    xc_interface *xc_handle;
+    char *tcon, *scon;
+    uint16_t tclass;
+    uint32_t req, allowed, decided, auditallow, auditdeny, seqno;
+    int ret;
+
+    static char *kwd_list[] = { "src_context", "tar_context", 
+                                "tar_class", "req_permissions",
+                                "decided", "auditallow","auditdeny",
+                                "seqno", NULL };
+
+    if ( !PyArg_ParseTupleAndKeywords(args, kwds, "ssil|llll", kwd_list,
+                                      &scon, &tcon, &tclass, &req, &decided,
+                                      &auditallow, &auditdeny, &seqno) )
+        return NULL;
+
+    xc_handle = xc_interface_open(0,0,0);
+    if (!xc_handle) {
+        return PyErr_SetFromErrno(xc_error_obj);
+    }
+    
+    ret = xc_flask_access(xc_handle, scon, tcon, tclass, req, &allowed, 
&decided,
+                        &auditallow, &auditdeny, &seqno);
+        
+    xc_interface_close(xc_handle);
+
+    if ( ret != 0 ) {
+        errno = -ret;
+        return PyErr_SetFromErrno(xc_error_obj);
+    }
+
+    return Py_BuildValue("i",ret);
+}
+
 static PyMethodDef pyxc_methods[] = {
     { "domain_create", 
       (PyCFunction)pyxc_domain_create, 
@@ -2676,6 +2874,59 @@ static PyMethodDef pyxc_methods[] = {
       METH_NOARGS, "\n"
       "Get info about cpus not in any cpupool.\n"
       "Returns: [list]: List of CPUs\n" },
+
+    { "flask_context_to_sid",
+      (PyCFunction)pyflask_context_to_sid,
+      METH_KEYWORDS, "\n"
+      "Convert a context string to a dynamic SID.\n"
+      " context [str]: String specifying context to be converted\n"
+      "Returns: [int]: Numeric SID on success; -1 on error.\n" },
+
+    { "flask_sid_to_context",
+      (PyCFunction)pyflask_sid_to_context,
+      METH_KEYWORDS, "\n"
+      "Convert a dynamic SID to context string.\n"
+      " context [int]: SID to be converted\n"
+      "Returns: [str]: Numeric SID on success; -1 on error.\n" },
+
+    { "flask_load",
+      (PyCFunction)pyflask_load,
+      METH_KEYWORDS, "\n"
+      "Loads a policy into the hypervisor.\n"
+      " policy [str]: policy to be load\n"
+      "Returns: [int]: 0 on success; -1 on failure.\n" }, 
+      
+    { "flask_getenforce",
+      (PyCFunction)pyflask_getenforce,
+      METH_NOARGS, "\n"
+      "Returns the current mode of the Flask XSM module.\n"
+      "Returns: [int]: 0 for permissive; 1 for enforcing; -1 on failure.\n" }, 
+
+    { "flask_setenforce",
+      (PyCFunction)pyflask_setenforce,
+      METH_KEYWORDS, "\n"
+      "Modifies the current mode for the Flask XSM module.\n"
+      " mode [int]: mode to change to\n"
+      "Returns: [int]: 0 on success; -1 on failure.\n" }, 
+
+    { "flask_access",
+      (PyCFunction)pyflask_access,
+      METH_KEYWORDS, "\n"
+      "Returns whether a source context has access to target context based on \
+       class and permissions requested.\n"
+      " scon [str]: source context\n"
+      " tcon [str]: target context\n"
+      " tclass [int]: target security class\n"
+      " req [int] requested permissions\n"
+      " allowed [int] permissions allow for the target class between the 
source \
+        and target context\n"
+      " decided [int] the permissions that were returned in the allowed \
+        parameter\n"
+      " auditallow [int] permissions set to audit on allow\n"
+      " auditdeny [int] permissions set to audit on deny\n"
+      " seqno [int] not used\n"
+      "Returns: [int]: 0 on all permission granted; -1 if any permissions are \
+       denied\n" }, 
 
     { NULL, NULL, 0, NULL }
 };

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.