|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] flask: Update flask_op hypercall structure
# HG changeset patch
# User Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
# Date 1328533640 28800
# Node ID bf326829102b4778cc1f98cd677234362335f831
# Parent 28b85ad1fe4e98b336a3ef41eaa89c6a1b7e866a
flask: Update flask_op hypercall structure
Instead of placing string parsing inside the hypervisor, use binary
structures like other Xen hypercalls do.
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Committed-by: Keir Fraser <keir@xxxxxxx>
---
diff -r 28b85ad1fe4e -r bf326829102b tools/libxc/xc_flask.c
--- a/tools/libxc/xc_flask.c Mon Feb 06 05:04:32 2012 -0800
+++ b/tools/libxc/xc_flask.c Mon Feb 06 05:07:20 2012 -0800
@@ -30,18 +30,21 @@
#include <sys/ioctl.h>
#include <stdint.h>
-#define OCON_PIRQ_STR "pirq"
-#define OCON_IOPORT_STR "ioport"
-#define OCON_IOMEM_STR "iomem"
-#define OCON_DEVICE_STR "pcidevice"
+#define OCON_ISID 0 /* initial SIDs */
+#define OCON_PIRQ 1 /* physical irqs */
+#define OCON_IOPORT 2 /* io ports */
+#define OCON_IOMEM 3 /* io memory */
+#define OCON_DEVICE 4 /* pci devices */
#define INITCONTEXTLEN 256
-int xc_flask_op(xc_interface *xch, flask_op_t *op)
+int xc_flask_op(xc_interface *xch, xen_flask_op_t *op)
{
int ret = -1;
DECLARE_HYPERCALL;
DECLARE_HYPERCALL_BOUNCE(op, sizeof(*op), XC_HYPERCALL_BUFFER_BOUNCE_BOTH);
+ op->interface_version = XEN_FLASK_INTERFACE_VERSION;
+
if ( xc_hypercall_bounce_pre(xch, op) )
{
PERROR("Could not bounce memory for flask op hypercall");
@@ -63,402 +66,360 @@
return ret;
}
-int xc_flask_load(xc_interface *xc_handle, char *buf, uint32_t size)
+int xc_flask_load(xc_interface *xch, char *buf, uint32_t size)
{
int err;
- flask_op_t op;
+ DECLARE_FLASK_OP;
+ DECLARE_HYPERCALL_BOUNCE(buf, size, XC_HYPERCALL_BUFFER_BOUNCE_IN);
+ if ( xc_hypercall_bounce_pre(xch, buf) )
+ {
+ PERROR("Could not bounce memory for flask op hypercall");
+ return -1;
+ }
+
+ op.cmd = FLASK_LOAD;
+ op.u.load.size = size;
+ set_xen_guest_handle(op.u.load.buffer, buf);
- op.cmd = FLASK_LOAD;
- op.buf = buf;
- op.size = size;
-
- if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
- return err;
+ err = xc_flask_op(xch, &op);
- return 0;
+ xc_hypercall_bounce_post(xch, buf);
+
+ return err;
}
-int xc_flask_context_to_sid(xc_interface *xc_handle, char *buf, uint32_t size,
uint32_t *sid)
+int xc_flask_context_to_sid(xc_interface *xch, char *buf, uint32_t size,
uint32_t *sid)
{
int err;
- flask_op_t op;
+ DECLARE_FLASK_OP;
+ DECLARE_HYPERCALL_BOUNCE(buf, size, XC_HYPERCALL_BUFFER_BOUNCE_IN);
+
+ if ( xc_hypercall_bounce_pre(xch, buf) )
+ {
+ PERROR("Could not bounce memory for flask op hypercall");
+ return -1;
+ }
+
+ op.cmd = FLASK_CONTEXT_TO_SID;
+ op.u.sid_context.size = size;
+ set_xen_guest_handle(op.u.sid_context.context, buf);
- op.cmd = FLASK_CONTEXT_TO_SID;
- op.buf = buf;
- op.size = size;
-
- if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
- return err;
-
- sscanf(buf, "%u", sid);
+ err = xc_flask_op(xch, &op);
- return 0;
+ if ( !err )
+ *sid = op.u.sid_context.sid;
+
+ xc_hypercall_bounce_post(xch, buf);
+
+ return err;
}
-int xc_flask_sid_to_context(xc_interface *xc_handle, int sid, char *buf,
uint32_t size)
+int xc_flask_sid_to_context(xc_interface *xch, int sid, char *buf, uint32_t
size)
{
int err;
- flask_op_t op;
+ DECLARE_FLASK_OP;
+ DECLARE_HYPERCALL_BOUNCE(buf, size, XC_HYPERCALL_BUFFER_BOUNCE_OUT);
+
+ if ( xc_hypercall_bounce_pre(xch, buf) )
+ {
+ PERROR("Could not bounce memory for flask op hypercall");
+ return -1;
+ }
+
+ op.cmd = FLASK_SID_TO_CONTEXT;
+ op.u.sid_context.sid = sid;
+ op.u.sid_context.size = size;
+ set_xen_guest_handle(op.u.sid_context.context, buf);
- op.cmd = FLASK_SID_TO_CONTEXT;
- op.buf = buf;
- op.size = size;
-
- snprintf(buf, size, "%u", sid);
+ err = xc_flask_op(xch, &op);
- if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
- return err;
-
- return 0;
+ xc_hypercall_bounce_post(xch, buf);
+
+ return err;
}
-int xc_flask_getenforce(xc_interface *xc_handle)
+int xc_flask_getenforce(xc_interface *xch)
{
- int err;
- flask_op_t op;
- char buf[20];
- int size = 20;
- int mode;
-
+ DECLARE_FLASK_OP;
op.cmd = FLASK_GETENFORCE;
- op.buf = buf;
- op.size = size;
- if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
- return err;
-
- sscanf(buf, "%i", &mode);
-
- return mode;
+ return xc_flask_op(xch, &op);
}
-int xc_flask_setenforce(xc_interface *xc_handle, int mode)
+int xc_flask_setenforce(xc_interface *xch, int mode)
{
- int err;
- flask_op_t op;
- char buf[20];
- int size = 20;
-
+ DECLARE_FLASK_OP;
op.cmd = FLASK_SETENFORCE;
- op.buf = buf;
- op.size = size;
+ op.u.enforce.enforcing = mode;
- snprintf(buf, size, "%i", mode);
-
- if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
- return err;
-
- return 0;
+ return xc_flask_op(xch, &op);
}
-int xc_flask_getbool_byid(xc_interface *xc_handle, int id, char *name,
uint32_t size, int *curr, int *pend)
+int xc_flask_getbool_byid(xc_interface *xch, int id, char *name, uint32_t
size, int *curr, int *pend)
{
- flask_op_t op;
- char buf[255];
int rv;
+ DECLARE_FLASK_OP;
+ DECLARE_HYPERCALL_BOUNCE(name, size, XC_HYPERCALL_BUFFER_BOUNCE_OUT);
- op.cmd = FLASK_GETBOOL2;
- op.buf = buf;
- op.size = 255;
+ if ( xc_hypercall_bounce_pre(xch, name) )
+ {
+ PERROR("Could not bounce memory for flask op hypercall");
+ return -1;
+ }
- snprintf(buf, sizeof buf, "%i", id);
+ op.cmd = FLASK_GETBOOL;
+ op.u.boolean.bool_id = id;
+ op.u.boolean.size = size;
+ set_xen_guest_handle(op.u.boolean.name, name);
- rv = xc_flask_op(xc_handle, &op);
+ rv = xc_flask_op(xch, &op);
+
+ xc_hypercall_bounce_post(xch, name);
if ( rv )
return rv;
- sscanf(buf, "%i %i %s", curr, pend, name);
+ if ( curr )
+ *curr = op.u.boolean.enforcing;
+ if ( pend )
+ *pend = op.u.boolean.pending;
return rv;
}
-int xc_flask_getbool_byname(xc_interface *xc_handle, char *name, int *curr,
int *pend)
+int xc_flask_getbool_byname(xc_interface *xch, char *name, int *curr, int
*pend)
{
- flask_op_t op;
- char buf[255];
int rv;
+ DECLARE_FLASK_OP;
+ DECLARE_HYPERCALL_BOUNCE(name, strlen(name),
XC_HYPERCALL_BUFFER_BOUNCE_IN);
- op.cmd = FLASK_GETBOOL_NAMED;
- op.buf = buf;
- op.size = 255;
+ op.cmd = FLASK_GETBOOL;
+ op.u.boolean.bool_id = -1;
+ op.u.boolean.size = strlen(name);
+ set_xen_guest_handle(op.u.boolean.name, name);
- strncpy(buf, name, op.size);
+ rv = xc_flask_op(xch, &op);
- rv = xc_flask_op(xc_handle, &op);
+ xc_hypercall_bounce_post(xch, name);
if ( rv )
return rv;
- sscanf(buf, "%i %i", curr, pend);
+ if ( curr )
+ *curr = op.u.boolean.enforcing;
+ if ( pend )
+ *pend = op.u.boolean.pending;
return rv;
}
-int xc_flask_setbool(xc_interface *xc_handle, char *name, int value, int
commit)
+int xc_flask_setbool(xc_interface *xch, char *name, int value, int commit)
{
- flask_op_t op;
- char buf[255];
- int size = 255;
+ int rv;
+ DECLARE_FLASK_OP;
+ DECLARE_HYPERCALL_BOUNCE(name, strlen(name),
XC_HYPERCALL_BUFFER_BOUNCE_IN);
- op.cmd = FLASK_SETBOOL_NAMED;
- op.buf = buf;
- op.size = size;
+ op.cmd = FLASK_SETBOOL;
+ op.u.boolean.bool_id = -1;
+ op.u.boolean.new_value = value;
+ op.u.boolean.commit = 1;
+ op.u.boolean.size = strlen(name);
+ set_xen_guest_handle(op.u.boolean.name, name);
- snprintf(buf, size, "%s %i %i", name, value, commit);
+ rv = xc_flask_op(xch, &op);
- return xc_flask_op(xc_handle, &op);
+ xc_hypercall_bounce_post(xch, name);
+
+ return rv;
}
-static int xc_flask_add(xc_interface *xc_handle, char *cat, char *arg, char
*scontext)
+
+static int xc_flask_add(xc_interface *xch, uint32_t ocon, uint64_t low,
uint64_t high, char *scontext)
{
- char buf[512];
- flask_op_t op;
+ uint32_t sid;
+ int err;
+ DECLARE_FLASK_OP;
- memset(buf, 0, 512);
- snprintf(buf, 512, "%s %255s %s", cat, scontext, arg);
+ err = xc_flask_context_to_sid(xch, scontext, strlen(scontext), &sid);
+ if ( err )
+ return err;
+
op.cmd = FLASK_ADD_OCONTEXT;
- op.buf = buf;
- op.size = 512;
+ op.u.ocontext.ocon = ocon;
+ op.u.ocontext.sid = sid;
+ op.u.ocontext.low = low;
+ op.u.ocontext.high = high;
- return xc_flask_op(xc_handle, &op);
+ return xc_flask_op(xch, &op);
}
-int xc_flask_add_pirq(xc_interface *xc_handle, unsigned int pirq, char
*scontext)
+int xc_flask_add_pirq(xc_interface *xch, unsigned int pirq, char *scontext)
{
- char arg[16];
-
- snprintf(arg, 16, "%u", pirq);
- return xc_flask_add(xc_handle, OCON_PIRQ_STR, arg, scontext);
+ return xc_flask_add(xch, OCON_PIRQ, pirq, pirq, scontext);
}
-int xc_flask_add_ioport(xc_interface *xc_handle, unsigned long low, unsigned
long high,
+int xc_flask_add_ioport(xc_interface *xch, unsigned long low, unsigned long
high,
char *scontext)
{
- char arg[64];
-
- snprintf(arg, 64, "%lu %lu", low, high);
- return xc_flask_add(xc_handle, OCON_IOPORT_STR, arg, scontext);
+ return xc_flask_add(xch, OCON_IOPORT, low, high, scontext);
}
-int xc_flask_add_iomem(xc_interface *xc_handle, unsigned long low, unsigned
long high,
+int xc_flask_add_iomem(xc_interface *xch, unsigned long low, unsigned long
high,
char *scontext)
{
- char arg[64];
-
- snprintf(arg, 64, "%lu %lu", low, high);
- return xc_flask_add(xc_handle, OCON_IOMEM_STR, arg, scontext);
+ return xc_flask_add(xch, OCON_IOMEM, low, high, scontext);
}
-int xc_flask_add_device(xc_interface *xc_handle, unsigned long device, char
*scontext)
+int xc_flask_add_device(xc_interface *xch, unsigned long device, char
*scontext)
{
- char arg[32];
-
- snprintf(arg, 32, "%lu", device);
- return xc_flask_add(xc_handle, OCON_DEVICE_STR, arg, scontext);
+ return xc_flask_add(xch, OCON_DEVICE, device, device, scontext);
}
-static int xc_flask_del(xc_interface *xc_handle, char *cat, char *arg)
+static int xc_flask_del(xc_interface *xch, uint32_t ocon, uint64_t low,
uint64_t high)
{
- char buf[256];
- flask_op_t op;
+ DECLARE_FLASK_OP;
- memset(buf, 0, 256);
- snprintf(buf, 256, "%s %s", cat, arg);
op.cmd = FLASK_DEL_OCONTEXT;
- op.buf = buf;
- op.size = 256;
+ op.u.ocontext.ocon = ocon;
+ op.u.ocontext.low = low;
+ op.u.ocontext.high = high;
- return xc_flask_op(xc_handle, &op);
+ return xc_flask_op(xch, &op);
}
-int xc_flask_del_pirq(xc_interface *xc_handle, unsigned int pirq)
+int xc_flask_del_pirq(xc_interface *xch, unsigned int pirq)
{
- char arg[16];
-
- snprintf(arg, 16, "%u", pirq);
- return xc_flask_del(xc_handle, OCON_PIRQ_STR, arg);
+ return xc_flask_del(xch, OCON_PIRQ, pirq, pirq);
}
-int xc_flask_del_ioport(xc_interface *xc_handle, unsigned long low, unsigned
long high)
+int xc_flask_del_ioport(xc_interface *xch, unsigned long low, unsigned long
high)
{
- char arg[64];
-
- snprintf(arg, 64, "%lu %lu", low, high);
- return xc_flask_del(xc_handle, OCON_IOPORT_STR, arg);
+ return xc_flask_del(xch, OCON_IOPORT, low, high);
}
-int xc_flask_del_iomem(xc_interface *xc_handle, unsigned long low, unsigned
long high)
+int xc_flask_del_iomem(xc_interface *xch, unsigned long low, unsigned long
high)
{
- char arg[64];
-
- snprintf(arg, 64, "%lu %lu", low, high);
- return xc_flask_del(xc_handle, OCON_IOMEM_STR, arg);
+ return xc_flask_del(xch, OCON_IOMEM, low, high);
}
-int xc_flask_del_device(xc_interface *xc_handle, unsigned long device)
+int xc_flask_del_device(xc_interface *xch, unsigned long device)
{
- char arg[32];
-
- snprintf(arg, 32, "%lu", device);
- return xc_flask_del(xc_handle, OCON_DEVICE_STR, arg);
+ return xc_flask_del(xch, OCON_DEVICE, device, device);
}
-int xc_flask_access(xc_interface *xc_handle, const char *scon, const char
*tcon,
+int xc_flask_access(xc_interface *xch, const char *scon, const char *tcon,
uint16_t tclass, uint32_t req,
uint32_t *allowed, uint32_t *decided,
uint32_t *auditallow, uint32_t *auditdeny,
uint32_t *seqno)
{
-/* maximum number of digits in a 16-bit decimal number: */
-#define MAX_SHORT_DEC_LEN 5
+ DECLARE_FLASK_OP;
+ int err;
- char *buf;
- int bufLen;
- int err;
- flask_op_t op;
- uint32_t dummy_allowed;
- uint32_t dummy_decided;
- uint32_t dummy_auditallow;
- uint32_t dummy_auditdeny;
- uint32_t dummy_seqno;
-
- if (!allowed)
- allowed = &dummy_allowed;
- if (!decided)
- decided = &dummy_decided;
- if (!auditallow)
- auditallow = &dummy_auditallow;
- if (!auditdeny)
- auditdeny = &dummy_auditdeny;
- if (!seqno)
- seqno = &dummy_seqno;
-
- if (!scon)
- return -EINVAL;
- if (!tcon)
- return -EINVAL;
-
- bufLen = strlen(scon) + 1 + strlen(tcon) + 1 +
- MAX_SHORT_DEC_LEN + 1 +
- sizeof(req)*2 + 1;
- buf = malloc(bufLen);
- snprintf(buf, bufLen, "%s %s %hu %x", scon, tcon, tclass, req);
+ err = xc_flask_context_to_sid(xch, (char*)scon, strlen(scon),
&op.u.access.ssid);
+ if ( err )
+ return err;
+ err = xc_flask_context_to_sid(xch, (char*)tcon, strlen(tcon),
&op.u.access.tsid);
+ if ( err )
+ return err;
op.cmd = FLASK_ACCESS;
- op.buf = buf;
- op.size = strlen(buf)+1;
+ op.u.access.tclass = tclass;
+ op.u.access.req = req;
- if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
- {
- free(buf);
+ err = xc_flask_op(xch, &op);
+
+ if ( err )
return err;
- }
-
- if (sscanf(op.buf, "%x %x %x %x %u",
- allowed, decided,
- auditallow, auditdeny,
- seqno) != 5) {
- err = -EILSEQ;
- }
- err = ((*allowed & req) == req)? 0 : -EPERM;
+ if ( allowed )
+ *allowed = op.u.access.allowed;
+ if ( decided )
+ *decided = 0xffffffff;
+ if ( auditallow )
+ *auditallow = op.u.access.audit_allow;
+ if ( auditdeny )
+ *auditdeny = op.u.access.audit_deny;
+ if ( seqno )
+ *seqno = op.u.access.seqno;
+
+ if ( (op.u.access.allowed & req) != req )
+ err = -EPERM;
return err;
-
}
-int xc_flask_avc_hashstats(xc_interface *xc_handle, char *buf, int size)
+int xc_flask_avc_hashstats(xc_interface *xch, char *buf, int size)
{
int err;
- flask_op_t op;
+ DECLARE_FLASK_OP;
op.cmd = FLASK_AVC_HASHSTATS;
- op.buf = buf;
- op.size = size;
- if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
+ err = xc_flask_op(xch, &op);
+
+ snprintf(buf, size,
+ "entries: %d\nbuckets used: %d/%d\nlongest chain: %d\n",
+ op.u.hash_stats.entries, op.u.hash_stats.buckets_used,
+ op.u.hash_stats.buckets_total, op.u.hash_stats.max_chain_len);
+
+ return err;
+}
+
+int xc_flask_avc_cachestats(xc_interface *xch, char *buf, int size)
+{
+ int err, n;
+ int i = 0;
+ DECLARE_FLASK_OP;
+
+ n = snprintf(buf, size, "lookups hits misses allocations reclaims
frees\n");
+ buf += n;
+ size -= n;
+
+ op.cmd = FLASK_AVC_CACHESTATS;
+ while ( size > 0 )
{
- free(buf);
- return err;
+ op.u.cache_stats.cpu = i;
+ err = xc_flask_op(xch, &op);
+ if ( err && errno == ENOENT )
+ return 0;
+ if ( err )
+ return err;
+ n = snprintf(buf, size, "%u %u %u %u %u %u\n",
+ op.u.cache_stats.lookups, op.u.cache_stats.hits,
+ op.u.cache_stats.misses, op.u.cache_stats.allocations,
+ op.u.cache_stats.reclaims, op.u.cache_stats.frees);
+ buf += n;
+ size -= n;
+ i++;
}
return 0;
}
-int xc_flask_avc_cachestats(xc_interface *xc_handle, char *buf, int size)
+int xc_flask_policyvers(xc_interface *xch)
{
- int err;
- flask_op_t op;
-
- op.cmd = FLASK_AVC_CACHESTATS;
- op.buf = buf;
- op.size = size;
-
- if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
- {
- free(buf);
- return err;
- }
+ DECLARE_FLASK_OP;
+ op.cmd = FLASK_POLICYVERS;
- return 0;
+ return xc_flask_op(xch, &op);
}
-int xc_flask_policyvers(xc_interface *xc_handle, char *buf, int size)
+int xc_flask_getavc_threshold(xc_interface *xch)
{
- int err;
- flask_op_t op;
-
- op.cmd = FLASK_POLICYVERS;
- op.buf = buf;
- op.size = size;
-
- if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
- {
- free(buf);
- return err;
- }
-
- return 0;
+ DECLARE_FLASK_OP;
+ op.cmd = FLASK_GETAVC_THRESHOLD;
+
+ return xc_flask_op(xch, &op);
}
-int xc_flask_getavc_threshold(xc_interface *xc_handle)
+int xc_flask_setavc_threshold(xc_interface *xch, int threshold)
{
- int err;
- flask_op_t op;
- char buf[20];
- int size = 20;
- int threshold;
-
- op.cmd = FLASK_GETAVC_THRESHOLD;
- op.buf = buf;
- op.size = size;
-
- if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
- return err;
+ DECLARE_FLASK_OP;
+ op.cmd = FLASK_SETAVC_THRESHOLD;
+ op.u.setavc_threshold.threshold = threshold;
- sscanf(buf, "%i", &threshold);
-
- return threshold;
-}
-
-int xc_flask_setavc_threshold(xc_interface *xc_handle, int threshold)
-{
- int err;
- flask_op_t op;
- char buf[20];
- int size = 20;
-
- op.cmd = FLASK_SETAVC_THRESHOLD;
- op.buf = buf;
- op.size = size;
-
- snprintf(buf, size, "%i", threshold);
-
- if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
- return err;
-
- return 0;
+ return xc_flask_op(xch, &op);
}
/*
diff -r 28b85ad1fe4e -r bf326829102b tools/libxc/xc_private.h
--- a/tools/libxc/xc_private.h Mon Feb 06 05:04:32 2012 -0800
+++ b/tools/libxc/xc_private.h Mon Feb 06 05:07:20 2012 -0800
@@ -42,11 +42,13 @@
#define DECLARE_DOMCTL struct xen_domctl domctl = { 0 }
#define DECLARE_SYSCTL struct xen_sysctl sysctl = { 0 }
#define DECLARE_PHYSDEV_OP struct physdev_op physdev_op = { 0 }
+#define DECLARE_FLASK_OP struct xen_flask_op op = { 0 }
#else
#define DECLARE_HYPERCALL privcmd_hypercall_t hypercall
#define DECLARE_DOMCTL struct xen_domctl domctl
#define DECLARE_SYSCTL struct xen_sysctl sysctl
#define DECLARE_PHYSDEV_OP struct physdev_op physdev_op
+#define DECLARE_FLASK_OP struct xen_flask_op op
#endif
#undef PAGE_SHIFT
diff -r 28b85ad1fe4e -r bf326829102b tools/libxc/xenctrl.h
--- a/tools/libxc/xenctrl.h Mon Feb 06 05:04:32 2012 -0800
+++ b/tools/libxc/xenctrl.h Mon Feb 06 05:07:20 2012 -0800
@@ -1326,7 +1326,7 @@
int xc_version(xc_interface *xch, int cmd, void *arg);
-int xc_flask_op(xc_interface *xch, flask_op_t *op);
+int xc_flask_op(xc_interface *xch, xen_flask_op_t *op);
/*
* Subscribe to state changes in a domain via evtchn.
@@ -1974,7 +1974,7 @@
uint32_t *auditallow, uint32_t *auditdeny,
uint32_t *seqno);
int xc_flask_avc_cachestats(xc_interface *xc_handle, char *buf, int size);
-int xc_flask_policyvers(xc_interface *xc_handle, char *buf, int size);
+int xc_flask_policyvers(xc_interface *xc_handle);
int xc_flask_avc_hashstats(xc_interface *xc_handle, char *buf, int size);
int xc_flask_getavc_threshold(xc_interface *xc_handle);
int xc_flask_setavc_threshold(xc_interface *xc_handle, int threshold);
diff -r 28b85ad1fe4e -r bf326829102b xen/include/public/xsm/flask_op.h
--- a/xen/include/public/xsm/flask_op.h Mon Feb 06 05:04:32 2012 -0800
+++ b/xen/include/public/xsm/flask_op.h Mon Feb 06 05:07:20 2012 -0800
@@ -25,6 +25,118 @@
#ifndef __FLASK_OP_H__
#define __FLASK_OP_H__
+#define XEN_FLASK_INTERFACE_VERSION 1
+
+struct xen_flask_load {
+ XEN_GUEST_HANDLE(char) buffer;
+ uint32_t size;
+};
+
+struct xen_flask_setenforce {
+ uint32_t enforcing;
+};
+
+struct xen_flask_sid_context {
+ /* IN/OUT: sid to convert to/from string */
+ uint32_t sid;
+ /* IN: size of the context buffer
+ * OUT: actual size of the output context string
+ */
+ uint32_t size;
+ XEN_GUEST_HANDLE(char) context;
+};
+
+struct xen_flask_access {
+ /* IN: access request */
+ uint32_t ssid;
+ uint32_t tsid;
+ uint32_t tclass;
+ uint32_t req;
+ /* OUT: AVC data */
+ uint32_t allowed;
+ uint32_t audit_allow;
+ uint32_t audit_deny;
+ uint32_t seqno;
+};
+
+struct xen_flask_transition {
+ /* IN: transition SIDs and class */
+ uint32_t ssid;
+ uint32_t tsid;
+ uint32_t tclass;
+ /* OUT: new SID */
+ uint32_t newsid;
+};
+
+struct xen_flask_userlist {
+ /* IN: starting SID for list */
+ uint32_t start_sid;
+ /* IN: size of user string and output buffer
+ * OUT: number of SIDs returned */
+ uint32_t size;
+ union {
+ /* IN: user to enumerate SIDs */
+ XEN_GUEST_HANDLE(char) user;
+ /* OUT: SID list */
+ XEN_GUEST_HANDLE(uint32) sids;
+ } u;
+};
+
+struct xen_flask_boolean {
+ /* IN/OUT: numeric identifier for boolean [GET/SET]
+ * If -1, name will be used and bool_id will be filled in. */
+ uint32_t bool_id;
+ /* OUT: current enforcing value of boolean [GET/SET] */
+ uint8_t enforcing;
+ /* OUT: pending value of boolean [GET/SET] */
+ uint8_t pending;
+ /* IN: new value of boolean [SET] */
+ uint8_t new_value;
+ /* IN: commit new value instead of only setting pending [SET] */
+ uint8_t commit;
+ /* IN: size of boolean name buffer [GET/SET]
+ * OUT: actual size of name [GET only] */
+ uint32_t size;
+ /* IN: if bool_id is -1, used to find boolean [GET/SET]
+ * OUT: textual name of boolean [GET only]
+ */
+ XEN_GUEST_HANDLE(char) name;
+};
+
+struct xen_flask_setavc_threshold {
+ /* IN */
+ uint32_t threshold;
+};
+
+struct xen_flask_hash_stats {
+ /* OUT */
+ uint32_t entries;
+ uint32_t buckets_used;
+ uint32_t buckets_total;
+ uint32_t max_chain_len;
+};
+
+struct xen_flask_cache_stats {
+ /* IN */
+ uint32_t cpu;
+ /* OUT */
+ uint32_t lookups;
+ uint32_t hits;
+ uint32_t misses;
+ uint32_t allocations;
+ uint32_t reclaims;
+ uint32_t frees;
+};
+
+struct xen_flask_ocontext {
+ /* IN */
+ uint32_t ocon;
+ uint32_t sid;
+ uint64_t low, high;
+};
+
+struct xen_flask_op {
+ uint32_t cmd;
#define FLASK_LOAD 1
#define FLASK_GETENFORCE 2
#define FLASK_SETENFORCE 3
@@ -47,18 +159,26 @@
#define FLASK_MEMBER 20
#define FLASK_ADD_OCONTEXT 21
#define FLASK_DEL_OCONTEXT 22
-#define FLASK_GETBOOL_NAMED 23
-#define FLASK_GETBOOL2 24
-#define FLASK_SETBOOL_NAMED 25
-
-#define FLASK_LAST FLASK_SETBOOL_NAMED
-
-typedef struct flask_op {
- uint32_t cmd;
- uint32_t size;
- char *buf;
-} flask_op_t;
-
-DEFINE_XEN_GUEST_HANDLE(flask_op_t);
+ uint32_t interface_version; /* XEN_FLASK_INTERFACE_VERSION */
+ union {
+ struct xen_flask_load load;
+ struct xen_flask_setenforce enforce;
+ /* FLASK_CONTEXT_TO_SID and FLASK_SID_TO_CONTEXT */
+ struct xen_flask_sid_context sid_context;
+ struct xen_flask_access access;
+ /* FLASK_CREATE, FLASK_RELABEL, FLASK_MEMBER */
+ struct xen_flask_transition transition;
+ struct xen_flask_userlist userlist;
+ /* FLASK_GETBOOL, FLASK_SETBOOL */
+ struct xen_flask_boolean boolean;
+ struct xen_flask_setavc_threshold setavc_threshold;
+ struct xen_flask_hash_stats hash_stats;
+ struct xen_flask_cache_stats cache_stats;
+ /* FLASK_ADD_OCONTEXT, FLASK_DEL_OCONTEXT */
+ struct xen_flask_ocontext ocontext;
+ } u;
+};
+typedef struct xen_flask_op xen_flask_op_t;
+DEFINE_XEN_GUEST_HANDLE(xen_flask_op_t);
#endif
diff -r 28b85ad1fe4e -r bf326829102b xen/xsm/flask/avc.c
--- a/xen/xsm/flask/avc.c Mon Feb 06 05:04:32 2012 -0800
+++ b/xen/xsm/flask/avc.c Mon Feb 06 05:07:20 2012 -0800
@@ -28,6 +28,7 @@
#include <xen/rcupdate.h>
#include <asm/atomic.h>
#include <asm/current.h>
+#include <public/xsm/flask_op.h>
#include "avc.h"
#include "avc_ss.h"
@@ -251,7 +252,7 @@
printk("AVC INITIALIZED\n");
}
-int avc_get_hash_stats(char *buf, uint32_t size)
+int avc_get_hash_stats(struct xen_flask_hash_stats *arg)
{
int i, chain_len, max_chain_len, slots_used;
struct avc_node *node;
@@ -279,10 +280,12 @@
rcu_read_unlock(&avc_rcu_lock);
- return snprintf(buf, size, "entries: %d\nbuckets used: %d/%d\n"
- "longest chain: %d\n",
- atomic_read(&avc_cache.active_nodes),
- slots_used, AVC_CACHE_SLOTS, max_chain_len);
+ arg->entries = atomic_read(&avc_cache.active_nodes);
+ arg->buckets_used = slots_used;
+ arg->buckets_total = AVC_CACHE_SLOTS;
+ arg->max_chain_len = max_chain_len;
+
+ return 0;
}
static void avc_node_free(struct rcu_head *rhead)
diff -r 28b85ad1fe4e -r bf326829102b xen/xsm/flask/flask_op.c
--- a/xen/xsm/flask/flask_op.c Mon Feb 06 05:04:32 2012 -0800
+++ b/xen/xsm/flask/flask_op.c Mon Feb 06 05:07:20 2012 -0800
@@ -30,10 +30,9 @@
#endif
#define MAX_POLICY_SIZE 0x4000000
-#define FLASK_COPY_IN \
+
+#define FLASK_COPY_OUT \
( \
- 1UL<<FLASK_LOAD | \
- 1UL<<FLASK_SETENFORCE | \
1UL<<FLASK_CONTEXT_TO_SID | \
1UL<<FLASK_SID_TO_CONTEXT | \
1UL<<FLASK_ACCESS | \
@@ -42,36 +41,10 @@
1UL<<FLASK_USER | \
1UL<<FLASK_GETBOOL | \
1UL<<FLASK_SETBOOL | \
- 1UL<<FLASK_COMMITBOOLS | \
- 1UL<<FLASK_DISABLE | \
- 1UL<<FLASK_SETAVC_THRESHOLD | \
- 1UL<<FLASK_MEMBER | \
- 1UL<<FLASK_ADD_OCONTEXT | \
- 1UL<<FLASK_DEL_OCONTEXT | \
- 1UL<<FLASK_GETBOOL_NAMED | \
- 1UL<<FLASK_GETBOOL2 | \
- 1UL<<FLASK_SETBOOL_NAMED \
- )
-
-#define FLASK_COPY_OUT \
- ( \
- 1UL<<FLASK_GETENFORCE | \
- 1UL<<FLASK_CONTEXT_TO_SID | \
- 1UL<<FLASK_SID_TO_CONTEXT | \
- 1UL<<FLASK_ACCESS | \
- 1UL<<FLASK_CREATE | \
- 1UL<<FLASK_RELABEL | \
- 1UL<<FLASK_USER | \
- 1UL<<FLASK_POLICYVERS | \
- 1UL<<FLASK_GETBOOL | \
- 1UL<<FLASK_MLS | \
- 1UL<<FLASK_GETAVC_THRESHOLD | \
1UL<<FLASK_AVC_HASHSTATS | \
1UL<<FLASK_AVC_CACHESTATS | \
1UL<<FLASK_MEMBER | \
- 1UL<<FLASK_GETBOOL_NAMED | \
- 1UL<<FLASK_GETBOOL2 \
- )
+ 0)
static DEFINE_SPINLOCK(sel_sem);
@@ -96,412 +69,186 @@
perms, NULL);
}
-static int flask_security_user(char *buf, uint32_t size)
+static int flask_copyin_string(XEN_GUEST_HANDLE(char) u_buf, char **buf,
uint32_t size)
{
- char *page = NULL;
- char *con, *user, *ptr;
- u32 sid, *sids;
- int length;
- char *newcon;
- int i, rc;
- u32 len, nsids;
-
- length = domain_has_security(current->domain, SECURITY__COMPUTE_USER);
- if ( length )
- return length;
-
- length = -ENOMEM;
- con = xmalloc_array(char, size+1);
- if ( !con )
- return length;
- memset(con, 0, size+1);
-
- user = xmalloc_array(char, size+1);
- if ( !user )
- goto out;
- memset(user, 0, size+1);
-
- length = -ENOMEM;
- page = xmalloc_bytes(PAGE_SIZE);
- if ( !page )
- goto out2;
- memset(page, 0, PAGE_SIZE);
+ char *tmp = xmalloc_bytes(size + 1);
+ if ( !tmp )
+ return -ENOMEM;
- length = -EINVAL;
- if ( sscanf(buf, "%s %s", con, user) != 2 )
- goto out2;
+ if ( copy_from_guest(tmp, u_buf, size) )
+ {
+ xfree(tmp);
+ return -EFAULT;
+ }
+ tmp[size] = 0;
- length = security_context_to_sid(con, strlen(con)+1, &sid);
- if ( length < 0 )
- goto out2;
-
- length = security_get_user_sids(sid, user, &sids, &nsids);
- if ( length < 0 )
- goto out2;
-
- length = snprintf(page, PAGE_SIZE, "%u", nsids) + 1;
- ptr = page + length;
- for ( i = 0; i < nsids; i++ )
- {
- rc = security_sid_to_context(sids[i], &newcon, &len);
- if ( rc )
- {
- length = rc;
- goto out3;
- }
- if ( (length + len) >= PAGE_SIZE )
- {
- xfree(newcon);
- length = -ERANGE;
- goto out3;
- }
- memcpy(ptr, newcon, len);
- xfree(newcon);
- ptr += len;
- length += len;
- }
-
- if ( length > size )
- {
- printk( "%s: context size (%u) exceeds payload "
- "max\n", __FUNCTION__, length);
- length = -ERANGE;
- goto out3;
- }
-
- memset(buf, 0, size);
- memcpy(buf, page, length);
-
- out3:
- xfree(sids);
- out2:
- if ( page )
- xfree(page);
- xfree(user);
- out:
- xfree(con);
- return length;
+ *buf = tmp;
+ return 0;
}
-static int flask_security_relabel(char *buf, uint32_t size)
+static int flask_security_user(struct xen_flask_userlist *arg)
{
- char *scon, *tcon;
- u32 ssid, tsid, newsid;
- u16 tclass;
- int length;
- char *newcon;
+ char *user;
+ u32 *sids;
+ u32 nsids;
+ int rv;
+
+ rv = domain_has_security(current->domain, SECURITY__COMPUTE_USER);
+ if ( rv )
+ return rv;
+
+ rv = flask_copyin_string(arg->u.user, &user, arg->size);
+ if ( rv )
+ return rv;
+
+ rv = security_get_user_sids(arg->start_sid, user, &sids, &nsids);
+ if ( rv < 0 )
+ goto out;
+
+ if ( nsids * sizeof(sids[0]) > arg->size )
+ nsids = arg->size / sizeof(sids[0]);
+
+ arg->size = nsids;
+
+ if ( copy_to_guest(arg->u.sids, sids, nsids) )
+ rv = -EFAULT;
+
+ xfree(sids);
+ out:
+ xfree(user);
+ return rv;
+}
+
+static int flask_security_relabel(struct xen_flask_transition *arg)
+{
+ int rv;
+
+ rv = domain_has_security(current->domain, SECURITY__COMPUTE_RELABEL);
+ if ( rv )
+ return rv;
+
+ rv = security_change_sid(arg->ssid, arg->tsid, arg->tclass, &arg->newsid);
+
+ return rv;
+}
+
+static int flask_security_create(struct xen_flask_transition *arg)
+{
+ int rv;
+
+ rv = domain_has_security(current->domain, SECURITY__COMPUTE_CREATE);
+ if ( rv )
+ return rv;
+
+ rv = security_transition_sid(arg->ssid, arg->tsid, arg->tclass,
&arg->newsid);
+
+ return rv;
+}
+
+static int flask_security_access(struct xen_flask_access *arg)
+{
+ struct av_decision avd;
+ int rv;
+
+ rv = domain_has_security(current->domain, SECURITY__COMPUTE_AV);
+ if ( rv )
+ return rv;
+
+ rv = security_compute_av(arg->ssid, arg->tsid, arg->tclass, arg->req,
&avd);
+ if ( rv < 0 )
+ return rv;
+
+ arg->allowed = avd.allowed;
+ arg->audit_allow = avd.auditallow;
+ arg->audit_deny = avd.auditdeny;
+ arg->seqno = avd.seqno;
+
+ return rv;
+}
+
+static int flask_security_member(struct xen_flask_transition *arg)
+{
+ int rv;
+
+ rv = domain_has_security(current->domain, SECURITY__COMPUTE_MEMBER);
+ if ( rv )
+ return rv;
+
+ rv = security_member_sid(arg->ssid, arg->tsid, arg->tclass, &arg->newsid);
+
+ return rv;
+}
+
+static int flask_security_setenforce(struct xen_flask_setenforce *arg)
+{
+ int enforce = !!(arg->enforcing);
+ int rv;
+
+ if ( enforce == flask_enforcing )
+ return 0;
+
+ rv = domain_has_security(current->domain, SECURITY__SETENFORCE);
+ if ( rv )
+ return rv;
+
+ flask_enforcing = enforce;
+
+ if ( flask_enforcing )
+ avc_ss_reset(0);
+
+ return 0;
+}
+
+static int flask_security_context(struct xen_flask_sid_context *arg)
+{
+ int rv;
+ char *buf;
+
+ rv = domain_has_security(current->domain, SECURITY__CHECK_CONTEXT);
+ if ( rv )
+ return rv;
+
+ rv = flask_copyin_string(arg->context, &buf, arg->size);
+ if ( rv )
+ return rv;
+
+ rv = security_context_to_sid(buf, arg->size, &arg->sid);
+ if ( rv < 0 )
+ goto out;
+
+ out:
+ xfree(buf);
+
+ return rv;
+}
+
+static int flask_security_sid(struct xen_flask_sid_context *arg)
+{
+ int rv;
+ char *context;
u32 len;
- length = domain_has_security(current->domain, SECURITY__COMPUTE_RELABEL);
- if ( length )
- return length;
-
- length = -ENOMEM;
- scon = xmalloc_array(char, size+1);
- if ( !scon )
- return length;
- memset(scon, 0, size+1);
-
- tcon = xmalloc_array(char, size+1);
- if ( !tcon )
- goto out;
- memset(tcon, 0, size+1);
-
- length = -EINVAL;
- if ( sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3 )
- goto out2;
-
- length = security_context_to_sid(scon, strlen(scon)+1, &ssid);
- if ( length < 0 )
- goto out2;
- length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid);
- if ( length < 0 )
- goto out2;
-
- length = security_change_sid(ssid, tsid, tclass, &newsid);
- if ( length < 0 )
- goto out2;
-
- length = security_sid_to_context(newsid, &newcon, &len);
- if ( length < 0 )
- goto out2;
-
- if ( len > size )
- {
- printk( "%s: context size (%u) exceeds payload "
- "max\n", __FUNCTION__, len);
- length = -ERANGE;
- goto out3;
- }
+ rv = domain_has_security(current->domain, SECURITY__CHECK_CONTEXT);
+ if ( rv )
+ return rv;
- memset(buf, 0, size);
- memcpy(buf, newcon, len);
- length = len;
+ rv = security_sid_to_context(arg->sid, &context, &len);
+ if ( rv < 0 )
+ return rv;
- out3:
- xfree(newcon);
- out2:
- xfree(tcon);
- out:
- xfree(scon);
- return length;
-}
+ rv = 0;
-static int flask_security_create(char *buf, uint32_t size)
-{
- char *scon, *tcon;
- u32 ssid, tsid, newsid;
- u16 tclass;
- int length;
- char *newcon;
- u32 len;
+ if ( len > arg->size )
+ rv = -ERANGE;
- length = domain_has_security(current->domain, SECURITY__COMPUTE_CREATE);
- if ( length )
- return length;
+ arg->size = len;
- length = -ENOMEM;
- scon = xmalloc_array(char, size+1);
- if ( !scon )
- return length;
- memset(scon, 0, size+1);
-
- tcon = xmalloc_array(char, size+1);
- if ( !tcon )
- goto out;
- memset(tcon, 0, size+1);
-
- length = -EINVAL;
- if ( sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3 )
- goto out2;
-
- length = security_context_to_sid(scon, strlen(scon)+1, &ssid);
- if ( length < 0 )
- goto out2;
-
- length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid);
- if ( length < 0 )
- goto out2;
-
- length = security_transition_sid(ssid, tsid, tclass, &newsid);
- if ( length < 0 )
- goto out2;
-
- length = security_sid_to_context(newsid, &newcon, &len);
- if ( length < 0 )
- goto out2;
-
- if ( len > size )
- {
- printk( "%s: context size (%u) exceeds payload "
- "max\n", __FUNCTION__, len);
- length = -ERANGE;
- goto out3;
- }
-
- memset(buf, 0, size);
- memcpy(buf, newcon, len);
- length = len;
-
- out3:
- xfree(newcon);
- out2:
- xfree(tcon);
- out:
- xfree(scon);
- return length;
-}
-
-static int flask_security_access(char *buf, uint32_t size)
-{
- char *scon, *tcon;
- u32 ssid, tsid;
- u16 tclass;
- u32 req;
- struct av_decision avd;
- int length;
-
- length = domain_has_security(current->domain, SECURITY__COMPUTE_AV);
- if ( length )
- return length;
-
- length = -ENOMEM;
- scon = xmalloc_array(char, size+1);
- if (!scon)
- return length;
- memset(scon, 0, size+1);
-
- tcon = xmalloc_array(char, size+1);
- if ( !tcon )
- goto out;
- memset( tcon, 0, size+1 );
-
- length = -EINVAL;
- if (sscanf(buf, "%s %s %hu %x", scon, tcon, &tclass, &req) != 4)
- goto out2;
-
- length = security_context_to_sid(scon, strlen(scon)+1, &ssid);
- if ( length < 0 )
- goto out2;
-
- length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid);
- if ( length < 0 )
- goto out2;
-
- length = security_compute_av(ssid, tsid, tclass, req, &avd);
- if ( length < 0 )
- goto out2;
-
- memset(buf, 0, size);
- length = snprintf(buf, size, "%x %x %x %x %u",
- avd.allowed, 0xffffffff,
- avd.auditallow, avd.auditdeny,
- avd.seqno);
-
- out2:
- xfree(tcon);
- out:
- xfree(scon);
- return length;
-}
-
-static int flask_security_member(char *buf, uint32_t size)
-{
- char *scon, *tcon;
- u32 ssid, tsid, newsid;
- u16 tclass;
- int length;
- char *newcon;
- u32 len;
-
- length = domain_has_security(current->domain, SECURITY__COMPUTE_MEMBER);
- if ( length )
- return length;
-
- length = -ENOMEM;
- scon = xmalloc_array(char, size+1);
- if ( !scon )
- return length;
- memset(scon, 0, size+1);
-
- tcon = xmalloc_array(char, size+1);
- if ( !tcon )
- goto out;
- memset(tcon, 0, size+1);
-
- length = -EINVAL;
- if ( sscanf(buf, "%s, %s, %hu", scon, tcon, &tclass) != 3 )
- goto out2;
-
- length = security_context_to_sid(scon, strlen(scon)+1, &ssid);
- if ( length < 0 )
- goto out2;
-
- length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid);
- if ( length < 0 )
- goto out2;
-
- length = security_member_sid(ssid, tsid, tclass, &newsid);
- if ( length < 0 )
- goto out2;
-
- length = security_sid_to_context(newsid, &newcon, &len);
- if ( length < 0 )
- goto out2;
-
- if ( len > size )
- {
- printk("%s: context size (%u) exceeds payload "
- "max\n", __FUNCTION__, len);
- length = -ERANGE;
- goto out3;
- }
-
- memset(buf, 0, size);
- memcpy(buf, newcon, len);
- length = len;
-
- out3:
- xfree(newcon);
- out2:
- xfree(tcon);
- out:
- xfree(scon);
- return length;
-}
-
-static int flask_security_setenforce(char *buf, uint32_t count)
-{
- int length;
- int new_value;
-
- if ( sscanf(buf, "%d", &new_value) != 1 )
- return -EINVAL;
-
- if ( new_value != flask_enforcing )
- {
- length = domain_has_security(current->domain, SECURITY__SETENFORCE);
- if ( length )
- goto out;
- flask_enforcing = new_value;
- if ( flask_enforcing )
- avc_ss_reset(0);
- }
- length = count;
-
- out:
- return length;
-}
-
-static int flask_security_context(char *buf, uint32_t count)
-{
- u32 sid;
- int length;
-
- length = domain_has_security(current->domain, SECURITY__CHECK_CONTEXT);
- if ( length )
- goto out;
-
- length = security_context_to_sid(buf, count, &sid);
- if ( length < 0 )
- goto out;
-
- memset(buf, 0, count);
- length = snprintf(buf, count, "%u", sid);
-
- out:
- return length;
-}
-
-static int flask_security_sid(char *buf, uint32_t count)
-{
- char *context;
- u32 sid;
- u32 len;
- int length;
-
- length = domain_has_security(current->domain, SECURITY__CHECK_CONTEXT);
- if ( length )
- goto out;
-
- if ( sscanf(buf, "%u", &sid) != 1 )
- goto out;
-
- length = security_sid_to_context(sid, &context, &len);
- if ( length < 0 )
- goto out;
-
- if ( len > count )
- return -ERANGE;
-
- memset(buf, 0, count);
- memcpy(buf, context, len);
- length = len;
+ if ( !rv && copy_to_guest(arg->context, context, len) )
+ rv = -EFAULT;
xfree(context);
- out:
- return length;
+ return rv;
}
int flask_disable(void)
@@ -530,229 +277,154 @@
return 0;
}
-static int flask_security_disable(char *buf, uint32_t count)
+static int flask_security_setavc_threshold(struct xen_flask_setavc_threshold
*arg)
{
- int length;
- int new_value;
+ int rv = 0;
- length = -EINVAL;
- if ( sscanf(buf, "%d", &new_value) != 1 )
- goto out;
-
- if ( new_value )
+ if ( arg->threshold != avc_cache_threshold )
{
- length = flask_disable();
- if ( length < 0 )
+ rv = domain_has_security(current->domain, SECURITY__SETSECPARAM);
+ if ( rv )
goto out;
+ avc_cache_threshold = arg->threshold;
}
- length = count;
-
out:
- return length;
+ return rv;
}
-static int flask_security_setavc_threshold(char *buf, uint32_t count)
+static int flask_security_resolve_bool(struct xen_flask_boolean *arg)
{
- int ret;
- int new_value;
+ char *name;
+ int rv;
- if ( sscanf(buf, "%u", &new_value) != 1 )
- {
- ret = -EINVAL;
- goto out;
- }
+ if ( arg->bool_id != -1 )
+ return 0;
- if ( new_value != avc_cache_threshold )
- {
- ret = domain_has_security(current->domain, SECURITY__SETSECPARAM);
- if ( ret )
- goto out;
- avc_cache_threshold = new_value;
- }
- ret = count;
+ rv = flask_copyin_string(arg->name, &name, arg->size);
+ if ( rv )
+ return rv;
- out:
- return ret;
+ arg->bool_id = security_find_bool(name);
+ arg->size = 0;
+
+ xfree(name);
+
+ return 0;
}
-static int flask_security_set_bool(char *buf, uint32_t count)
+static int flask_security_set_bool(struct xen_flask_boolean *arg)
{
- int length = -EFAULT;
- unsigned int i, new_value;
+ int rv;
+
+ rv = flask_security_resolve_bool(arg);
+ if ( rv )
+ return rv;
+
+ rv = domain_has_security(current->domain, SECURITY__SETBOOL);
+ if ( rv )
+ return rv;
spin_lock(&sel_sem);
- length = domain_has_security(current->domain, SECURITY__SETBOOL);
- if ( length )
- goto out;
+ if ( arg->commit )
+ {
+ int num;
+ int *values;
- length = -EINVAL;
- if ( sscanf(buf, "%d %d", &i, &new_value) != 2 )
- goto out;
+ rv = security_get_bools(&num, NULL, &values);
+ if ( rv != 0 )
+ goto out;
- if (!bool_pending_values)
- flask_security_make_bools();
+ if ( arg->bool_id >= num )
+ {
+ rv = -ENOENT;
+ goto out;
+ }
+ values[arg->bool_id] = !!(arg->new_value);
- if ( i >= bool_num )
- goto out;
+ arg->enforcing = arg->pending = !!(arg->new_value);
- if ( new_value )
- new_value = 1;
+ if ( bool_pending_values )
+ bool_pending_values[arg->bool_id] = !!(arg->new_value);
- bool_pending_values[i] = new_value;
- length = count;
+ rv = security_set_bools(num, values);
+ xfree(values);
+ }
+ else
+ {
+ if ( !bool_pending_values )
+ flask_security_make_bools();
+
+ if ( arg->bool_id >= bool_num )
+ goto out;
+
+ bool_pending_values[arg->bool_id] = !!(arg->new_value);
+ arg->pending = !!(arg->new_value);
+ arg->enforcing = security_get_bool_value(arg->bool_id);
+
+ rv = 0;
+ }
out:
spin_unlock(&sel_sem);
- return length;
+ return rv;
}
-static int flask_security_set_bool_name(char *buf, uint32_t count)
+static int flask_security_commit_bools(void)
{
- int rv, num;
- int i, new_value, commit;
- int *values = NULL;
- char *name;
-
- name = xmalloc_bytes(count);
- if ( name == NULL )
- return -ENOMEM;
+ int rv;
spin_lock(&sel_sem);
rv = domain_has_security(current->domain, SECURITY__SETBOOL);
if ( rv )
goto out;
+
+ if ( bool_pending_values )
+ rv = security_set_bools(bool_num, bool_pending_values);
- rv = -EINVAL;
- if ( sscanf(buf, "%s %d %d", name, &new_value, &commit) != 3 )
- goto out;
-
- i = security_find_bool(name);
- if ( i < 0 )
- goto out;
-
- if ( new_value )
- new_value = 1;
-
- if ( commit ) {
- rv = security_get_bools(&num, NULL, &values);
- if ( rv != 0 )
- goto out;
- values[i] = new_value;
- if (bool_pending_values)
- bool_pending_values[i] = new_value;
- rv = security_set_bools(num, values);
- xfree(values);
- } else {
- if (!bool_pending_values)
- flask_security_make_bools();
-
- bool_pending_values[i] = new_value;
- rv = count;
- }
-
out:
- xfree(name);
spin_unlock(&sel_sem);
return rv;
}
-static int flask_security_commit_bools(char *buf, uint32_t count)
+static int flask_security_get_bool(struct xen_flask_boolean *arg)
{
- int length = -EFAULT;
- int new_value;
+ int rv;
+
+ rv = flask_security_resolve_bool(arg);
+ if ( rv )
+ return rv;
spin_lock(&sel_sem);
- length = domain_has_security(current->domain, SECURITY__SETBOOL);
- if ( length )
+ rv = security_get_bool_value(arg->bool_id);
+ if ( rv < 0 )
goto out;
- length = -EINVAL;
- if ( sscanf(buf, "%d", &new_value) != 1 )
- goto out;
-
- if ( new_value && bool_pending_values )
- security_set_bools(bool_num, bool_pending_values);
-
- length = count;
-
- out:
- spin_unlock(&sel_sem);
- return length;
-}
-
-static int flask_security_get_bool(char *buf, uint32_t count, int named)
-{
- int length;
- int i, cur_enforcing, pend_enforcing;
- char* name = NULL;
-
- spin_lock(&sel_sem);
-
- length = -EINVAL;
- if ( sscanf(buf, "%d", &i) != 1 )
- goto out;
-
- cur_enforcing = security_get_bool_value(i);
- if ( cur_enforcing < 0 )
- {
- length = cur_enforcing;
- goto out;
- }
+ arg->enforcing = rv;
if ( bool_pending_values )
- pend_enforcing = bool_pending_values[i];
+ arg->pending = bool_pending_values[arg->bool_id];
else
- pend_enforcing = cur_enforcing;
+ arg->pending = rv;
- if ( named )
- name = security_get_bool_name(i);
- if ( named && !name )
- goto out;
+ rv = 0;
- memset(buf, 0, count);
- if ( named )
- length = snprintf(buf, count, "%d %d %s", cur_enforcing,
- pend_enforcing, name);
- else
- length = snprintf(buf, count, "%d %d", cur_enforcing,
- pend_enforcing);
-
- out:
- xfree(name);
- spin_unlock(&sel_sem);
- return length;
-}
-
-static int flask_security_get_bool_name(char *buf, uint32_t count)
-{
- int rv = -ENOENT;
- int i, cur_enforcing, pend_enforcing;
-
- spin_lock(&sel_sem);
-
- i = security_find_bool(buf);
- if ( i < 0 )
- goto out;
-
- cur_enforcing = security_get_bool_value(i);
- if ( cur_enforcing < 0 )
+ if ( arg->size )
{
- rv = cur_enforcing;
- goto out;
+ char *nameout = security_get_bool_name(arg->bool_id);
+ size_t nameout_len = strlen(nameout);
+ if ( nameout_len > arg->size )
+ rv = -ERANGE;
+ arg->size = nameout_len;
+
+ if ( !rv && copy_to_guest(arg->name, nameout, nameout_len) )
+ rv = -EFAULT;
+ xfree(nameout);
}
- if ( bool_pending_values )
- pend_enforcing = bool_pending_values[i];
- else
- pend_enforcing = cur_enforcing;
-
- memset(buf, 0, count);
- rv = snprintf(buf, count, "%d %d", cur_enforcing, pend_enforcing);
-
out:
spin_unlock(&sel_sem);
return rv;
@@ -779,380 +451,212 @@
#ifdef FLASK_AVC_STATS
-static int flask_security_avc_cachestats(char *buf, uint32_t count)
+static int flask_security_avc_cachestats(struct xen_flask_cache_stats *arg)
{
- char *page = NULL;
- int len = 0;
- int length = 0;
- int cpu;
struct avc_cache_stats *st;
- page = (char *)xmalloc_bytes(PAGE_SIZE);
- if ( !page )
- return -ENOMEM;
- memset(page, 0, PAGE_SIZE);
+ if ( arg->cpu > nr_cpu_ids )
+ return -ENOENT;
+ if ( !cpu_online(arg->cpu) )
+ return -ENOENT;
- len = snprintf(page, PAGE_SIZE, "lookups hits misses allocations reclaims "
- "frees\n");
- if ( len > count ) {
- length = -EINVAL;
- goto out;
- }
-
- memcpy(buf, page, len);
- buf += len;
- length += len;
- count -= len;
+ st = &per_cpu(avc_cache_stats, arg->cpu);
- for_each_online_cpu ( cpu )
- {
- st = &per_cpu(avc_cache_stats, cpu);
+ arg->lookups = st->lookups;
+ arg->hits = st->hits;
+ arg->misses = st->misses;
+ arg->allocations = st->allocations;
+ arg->reclaims = st->reclaims;
+ arg->frees = st->frees;
- len = snprintf(page, PAGE_SIZE, "%u %u %u %u %u %u\n", st->lookups,
- st->hits, st->misses, st->allocations,
- st->reclaims, st->frees);
- if ( len > count ) {
- length = -EINVAL;
- goto out;
- }
- memcpy(buf, page, len);
- buf += len;
- length += len;
- count -= len;
- }
-
- out:
- xfree(page);
- return length;
+ return 0;
}
#endif
-static int flask_security_load(char *buf, uint32_t count)
+static int flask_security_load(struct xen_flask_load *load)
{
int ret;
- int length;
+ void *buf = NULL;
+
+ ret = domain_has_security(current->domain, SECURITY__LOAD_POLICY);
+ if ( ret )
+ return ret;
+
+ if ( load->size > MAX_POLICY_SIZE )
+ return -EINVAL;
+
+ buf = xmalloc_bytes(load->size);
+ if ( !buf )
+ return -ENOMEM;
+
+ if ( copy_from_guest(buf, load->buffer, load->size) )
+ {
+ ret = -EFAULT;
+ goto out_free;
+ }
spin_lock(&sel_sem);
- length = domain_has_security(current->domain, SECURITY__LOAD_POLICY);
- if ( length )
+ ret = security_load_policy(buf, load->size);
+ if ( ret )
goto out;
- length = security_load_policy(buf, count);
- if ( length )
- goto out;
-
- ret = flask_security_make_bools();
- if ( ret )
- length = ret;
- else
- length = count;
+ xfree(bool_pending_values);
+ bool_pending_values = NULL;
+ ret = 0;
out:
spin_unlock(&sel_sem);
- return length;
+ out_free:
+ xfree(buf);
+ return ret;
}
-static int flask_ocontext_del(char *buf, uint32_t size)
+static int flask_ocontext_del(struct xen_flask_ocontext *arg)
{
- int len = 0;
- char *ocontext;
- unsigned long low = 0;
- unsigned long high = 0;
+ int rv;
- len = domain_has_security(current->domain, SECURITY__DEL_OCONTEXT);
- if ( len )
- return len;
+ if ( arg->low > arg->high )
+ return -EINVAL;
- if ( (ocontext = xmalloc_bytes(size) ) == NULL )
- return -ENOMEM;
+ rv = domain_has_security(current->domain, SECURITY__DEL_OCONTEXT);
+ if ( rv )
+ return rv;
- len = sscanf(buf, "%s %lu %lu", ocontext, &low, &high);
- if ( len < 2 )
- {
- len = -EINVAL;
- goto out;
- }
- else if ( len == 2 )
- high = low;
-
- if ( low > high )
- {
- len = -EINVAL;
- goto out;
- }
-
- len = security_ocontext_del(ocontext, low, high);
- out:
- xfree(ocontext);
- return len;
+ return security_ocontext_del(arg->ocon, arg->low, arg->high);
}
-static int flask_ocontext_add(char *buf, uint32_t size)
+static int flask_ocontext_add(struct xen_flask_ocontext *arg)
{
- int len = 0;
- u32 sid = 0;
- unsigned long low = 0;
- unsigned long high = 0;
- char *scontext;
- char *ocontext;
+ int rv;
- len = domain_has_security(current->domain, SECURITY__ADD_OCONTEXT);
- if ( len )
- return len;
+ if ( arg->low > arg->high )
+ return -EINVAL;
- if ( (scontext = xmalloc_bytes(size) ) == NULL )
- return -ENOMEM;
+ rv = domain_has_security(current->domain, SECURITY__ADD_OCONTEXT);
+ if ( rv )
+ return rv;
- if ( (ocontext = xmalloc_bytes(size) ) == NULL )
- {
- xfree(scontext);
- return -ENOMEM;
- }
-
- memset(scontext, 0, size);
- memset(ocontext, 0, size);
-
- len = sscanf(buf, "%s %s %lu %lu", ocontext, scontext, &low, &high);
- if ( len < 3 )
- {
- len = -EINVAL;
- goto out;
- }
- else if ( len == 3 )
- high = low;
-
- if ( low > high )
- {
- len = -EINVAL;
- goto out;
- }
- len = security_context_to_sid(scontext, strlen(scontext)+1, &sid);
- if ( len < 0 )
- {
- len = -EINVAL;
- goto out;
- }
- len = security_ocontext_add(ocontext, low, high, sid);
- out:
- xfree(ocontext);
- xfree(scontext);
- return len;
+ return security_ocontext_add(arg->ocon, arg->low, arg->high, arg->sid);
}
long do_flask_op(XEN_GUEST_HANDLE(xsm_op_t) u_flask_op)
{
- flask_op_t curop, *op = &curop;
- int rc = 0;
- int length = 0;
- char *arg = NULL;
+ xen_flask_op_t op;
+ int rv;
- if ( copy_from_guest(op, u_flask_op, 1) )
+ if ( copy_from_guest(&op, u_flask_op, 1) )
return -EFAULT;
- if ( op->cmd > FLASK_LAST)
- return -EINVAL;
+ if ( op.interface_version != XEN_FLASK_INTERFACE_VERSION )
+ return -ENOSYS;
- if ( op->size > MAX_POLICY_SIZE )
- return -EINVAL;
+ switch ( op.cmd )
+ {
+ case FLASK_LOAD:
+ rv = flask_security_load(&op.u.load);
+ break;
- if ( (op->buf == NULL && op->size != 0) ||
- (op->buf != NULL && op->size == 0) )
- return -EINVAL;
-
- arg = xmalloc_bytes(op->size + 1);
- if ( !arg )
- return -ENOMEM;
-
- memset(arg, 0, op->size + 1);
-
- if ( (FLASK_COPY_IN&(1UL<<op->cmd)) && op->buf != NULL &&
- copy_from_guest(arg, guest_handle_from_ptr(op->buf, char), op->size) )
- {
- rc = -EFAULT;
- goto out;
- }
-
- switch ( op->cmd )
- {
-
- case FLASK_LOAD:
- {
- length = flask_security_load(arg, op->size);
- }
- break;
-
case FLASK_GETENFORCE:
- {
- length = snprintf(arg, op->size, "%d", flask_enforcing);
- }
- break;
+ rv = flask_enforcing;
+ break;
case FLASK_SETENFORCE:
- {
- length = flask_security_setenforce(arg, op->size);
- }
- break;
+ rv = flask_security_setenforce(&op.u.enforce);
+ break;
case FLASK_CONTEXT_TO_SID:
- {
- length = flask_security_context(arg, op->size);
- }
- break;
+ rv = flask_security_context(&op.u.sid_context);
+ break;
case FLASK_SID_TO_CONTEXT:
- {
- length = flask_security_sid(arg, op->size);
- }
- break;
+ rv = flask_security_sid(&op.u.sid_context);
+ break;
case FLASK_ACCESS:
- {
- length = flask_security_access(arg, op->size);
- }
- break;
+ rv = flask_security_access(&op.u.access);
+ break;
case FLASK_CREATE:
- {
- length = flask_security_create(arg, op->size);
- }
- break;
+ rv = flask_security_create(&op.u.transition);
+ break;
case FLASK_RELABEL:
- {
- length = flask_security_relabel(arg, op->size);
- }
- break;
+ rv = flask_security_relabel(&op.u.transition);
+ break;
case FLASK_USER:
- {
- length = flask_security_user(arg, op->size);
- }
- break;
+ rv = flask_security_user(&op.u.userlist);
+ break;
case FLASK_POLICYVERS:
- {
- length = snprintf(arg, op->size, "%d", POLICYDB_VERSION_MAX);
- }
- break;
+ rv = POLICYDB_VERSION_MAX;
+ break;
case FLASK_GETBOOL:
- {
- length = flask_security_get_bool(arg, op->size, 0);
- }
- break;
+ rv = flask_security_get_bool(&op.u.boolean);
+ break;
case FLASK_SETBOOL:
- {
- length = flask_security_set_bool(arg, op->size);
- }
- break;
+ rv = flask_security_set_bool(&op.u.boolean);
+ break;
case FLASK_COMMITBOOLS:
- {
- length = flask_security_commit_bools(arg, op->size);
- }
- break;
+ rv = flask_security_commit_bools();
+ break;
case FLASK_MLS:
- {
- length = snprintf(arg, op->size, "%d", flask_mls_enabled);
- }
- break;
+ rv = flask_mls_enabled;
+ break;
case FLASK_DISABLE:
- {
- length = flask_security_disable(arg, op->size);
- }
- break;
+ rv = flask_disable();
+ break;
case FLASK_GETAVC_THRESHOLD:
- {
- length = snprintf(arg, op->size, "%d", avc_cache_threshold);
- }
- break;
+ rv = avc_cache_threshold;
+ break;
case FLASK_SETAVC_THRESHOLD:
- {
- length = flask_security_setavc_threshold(arg, op->size);
- }
- break;
+ rv = flask_security_setavc_threshold(&op.u.setavc_threshold);
+ break;
case FLASK_AVC_HASHSTATS:
- {
- length = avc_get_hash_stats(arg, op->size);
- }
- break;
+ rv = avc_get_hash_stats(&op.u.hash_stats);
+ break;
-#ifdef FLASK_AVC_STATS
+#ifdef FLASK_AVC_STATS
case FLASK_AVC_CACHESTATS:
- {
- length = flask_security_avc_cachestats(arg, op->size);
- }
- break;
+ rv = flask_security_avc_cachestats(&op.u.cache_stats);
+ break;
#endif
case FLASK_MEMBER:
- {
- length = flask_security_member(arg, op->size);
- }
- break;
+ rv = flask_security_member(&op.u.transition);
+ break;
case FLASK_ADD_OCONTEXT:
- {
- length = flask_ocontext_add(arg, op->size);
+ rv = flask_ocontext_add(&op.u.ocontext);
break;
+
+ case FLASK_DEL_OCONTEXT:
+ rv = flask_ocontext_del(&op.u.ocontext);
+ break;
+
+ default:
+ rv = -ENOSYS;
}
- case FLASK_DEL_OCONTEXT:
+ if ( rv < 0 )
+ goto out;
+
+ if ( (FLASK_COPY_OUT&(1UL<<op.cmd)) )
{
- length = flask_ocontext_del(arg, op->size);
- break;
+ if ( copy_to_guest(u_flask_op, &op, 1) )
+ rv = -EFAULT;
}
- case FLASK_GETBOOL_NAMED:
- {
- length = flask_security_get_bool_name(arg, op->size);
- }
- break;
-
- case FLASK_GETBOOL2:
- {
- length = flask_security_get_bool(arg, op->size, 1);
- }
- break;
-
- case FLASK_SETBOOL_NAMED:
- {
- length = flask_security_set_bool_name(arg, op->size);
- }
- break;
-
- default:
- length = -ENOSYS;
- break;
-
- }
-
- if ( length < 0 )
- {
- rc = length;
- goto out;
- }
-
- if ( (FLASK_COPY_OUT&(1UL<<op->cmd)) && op->buf != NULL &&
- copy_to_guest(guest_handle_from_ptr(op->buf, char), arg, op->size) )
- {
- rc = -EFAULT;
- goto out;
- }
-
- op->size = length;
- if ( copy_to_guest(u_flask_op, op, 1) )
- rc = -EFAULT;
-
out:
- xfree(arg);
- return rc;
+ return rv;
}
diff -r 28b85ad1fe4e -r bf326829102b xen/xsm/flask/include/avc.h
--- a/xen/xsm/flask/include/avc.h Mon Feb 06 05:04:32 2012 -0800
+++ b/xen/xsm/flask/include/avc.h Mon Feb 06 05:07:20 2012 -0800
@@ -104,7 +104,8 @@
u32 ssid, u32 tsid, u16 tclass, u32 perms);
/* Exported to selinuxfs */
-int avc_get_hash_stats(char *buf, uint32_t size);
+struct xen_flask_hash_stats;
+int avc_get_hash_stats(struct xen_flask_hash_stats *arg);
extern unsigned int avc_cache_threshold;
#ifdef FLASK_AVC_STATS
diff -r 28b85ad1fe4e -r bf326829102b xen/xsm/flask/include/security.h
--- a/xen/xsm/flask/include/security.h Mon Feb 06 05:04:32 2012 -0800
+++ b/xen/xsm/flask/include/security.h Mon Feb 06 05:07:20 2012 -0800
@@ -90,8 +90,8 @@
int security_iterate_ioport_sids(u32 start, u32 end,
security_iterate_fn fn, void *data);
-int security_ocontext_add(char *ocontext, unsigned long low,
+int security_ocontext_add(u32 ocontext, unsigned long low,
unsigned long high, u32 sid);
-int security_ocontext_del(char *ocontext, unsigned int low, unsigned int high);
+int security_ocontext_del(u32 ocontext, unsigned int low, unsigned int high);
#endif /* _FLASK_SECURITY_H_ */
diff -r 28b85ad1fe4e -r bf326829102b xen/xsm/flask/ss/services.c
--- a/xen/xsm/flask/ss/services.c Mon Feb 06 05:04:32 2012 -0800
+++ b/xen/xsm/flask/ss/services.c Mon Feb 06 05:07:20 2012 -0800
@@ -2097,17 +2097,14 @@
return -1;
}
-int security_ocontext_add( char *ocontext, unsigned long low, unsigned long
high
+int security_ocontext_add( u32 ocon, unsigned long low, unsigned long high
,u32 sid )
{
int ret = 0;
- int ocon = 0;
struct ocontext *c;
struct ocontext *prev;
struct ocontext *add;
- if ( (ocon = determine_ocontext(ocontext)) < 0 )
- return -EINVAL;
if ( (add = xmalloc(struct ocontext)) == NULL )
return -ENOMEM;
memset(add, 0, sizeof(struct ocontext));
@@ -2254,15 +2251,11 @@
return ret;
}
-int security_ocontext_del( char *ocontext, unsigned int low, unsigned int high
)
+int security_ocontext_del( u32 ocon, unsigned int low, unsigned int high )
{
int ret = 0;
- int ocon = 0;
struct ocontext *c, *before_c;
- if ( (ocon = determine_ocontext(ocontext)) < 0 )
- return -EINVAL;
-
POLICY_WRLOCK;
switch( ocon )
{
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |