Xen project Mailing List

[Xen-devel] [PATCH 1/4] tools/flask: remove libflask

From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Date: Fri, 3 Feb 2012 10:12:58 -0500

Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, keir@xxxxxxx, Ian.Campbell@xxxxxxxxxx

Delivery-date: Fri, 03 Feb 2012 15:13:45 +0000

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

This library has been deprecated since July 2010; remove the in-tree users and library. Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> --- tools/flask/Makefile | 1 - tools/flask/libflask/Makefile | 58 ---- tools/flask/libflask/flask_op.c | 559 ------------------------------- tools/flask/libflask/include/libflask.h | 57 ---- tools/flask/utils/Makefile | 15 +- tools/flask/utils/get-bool.c | 9 +- tools/flask/utils/getenforce.c | 3 +- tools/flask/utils/label-pci.c | 17 +- tools/flask/utils/loadpolicy.c | 3 +- tools/flask/utils/set-bool.c | 5 +- tools/flask/utils/setenforce.c | 7 +- tools/libxc/xc_flask.c | 59 ++++ tools/libxc/xenctrl.h | 3 + tools/python/setup.py | 2 +- tools/python/xen/lowlevel/flask/flask.c | 13 +- 15 files changed, 94 insertions(+), 717 deletions(-) delete mode 100644 tools/flask/libflask/Makefile delete mode 100644 tools/flask/libflask/flask_op.c delete mode 100644 tools/flask/libflask/include/libflask.h diff --git a/tools/flask/Makefile b/tools/flask/Makefile index a27b265..add9035 100644 --- a/tools/flask/Makefile +++ b/tools/flask/Makefile @@ -2,7 +2,6 @@ XEN_ROOT = $(CURDIR)/../.. include $(XEN_ROOT)/tools/Rules.mk SUBDIRS := -SUBDIRS += libflask SUBDIRS += utils .PHONY: all clean install diff --git a/tools/flask/libflask/Makefile b/tools/flask/libflask/Makefile deleted file mode 100644 index 12c1c90..0000000 --- a/tools/flask/libflask/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -MAJOR = 1.0 -MINOR = 0 - -XEN_ROOT = $(CURDIR)/../../.. -include $(XEN_ROOT)/tools/Rules.mk - -SRCS := -SRCS += flask_op.c - -CFLAGS += -Werror -CFLAGS += -fno-strict-aliasing -CFLAGS += -I./include $(CFLAGS_libxenctrl) $(CFLAGS_xeninclude) - -LIB_OBJS := $(patsubst %.c,%.o,$(SRCS)) -PIC_OBJS := $(patsubst %.c,%.opic,$(SRCS)) - -LIB := libflask.a -LIB += libflask.so libflask.so.$(MAJOR) libflask.so.$(MAJOR).$(MINOR) - -.PHONY: all -all: build - -.PHONY: build -build: - $(MAKE) $(LIB) - -.PHONY: install -install: build - $(INSTALL_DIR) $(DESTDIR)$(LIBDIR) - $(INSTALL_DIR) $(DESTDIR)$(INCLUDEDIR) - $(INSTALL_PROG) libflask.so.$(MAJOR).$(MINOR) $(DESTDIR)$(LIBDIR) - $(INSTALL_DATA) libflask.a $(DESTDIR)$(LIBDIR) - ln -sf libflask.so.$(MAJOR).$(MINOR) $(DESTDIR)$(LIBDIR)/libflask.so.$(MAJOR) - ln -sf libflask.so.$(MAJOR) $(DESTDIR)$(LIBDIR)/libflask.so - $(INSTALL_DATA) include/libflask.h $(DESTDIR)$(INCLUDEDIR)/xen/xsm - -.PHONY: TAGS -TAGS: - etags -t *.c *.h - -.PHONY: clean -clean: - rm -rf *.a *.so* *.o *.opic *.rpm $(LIB) *~ $(DEPS) xen - -# libflask - -libflask.a: $(LIB_OBJS) - $(AR) rc $@ $^ - -libflask.so: libflask.so.$(MAJOR) - ln -sf $< $@ -libflask.so.$(MAJOR): libflask.so.$(MAJOR).$(MINOR) - ln -sf $< $@ - -libflask.so.$(MAJOR).$(MINOR): $(PIC_OBJS) - $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libflask.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $^ $(LDLIBS_libxenctrl) - --include $(DEPS) diff --git a/tools/flask/libflask/flask_op.c b/tools/flask/libflask/flask_op.c deleted file mode 100644 index 412a05d..0000000 --- a/tools/flask/libflask/flask_op.c +++ /dev/null @@ -1,559 +0,0 @@ -/* - * - * Authors: Michael LeMay, <mdlemay@xxxxxxxxxxxxxx> - * George Coker, <gscoker@xxxxxxxxxxxxxx> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2, - * as published by the Free Software Foundation. - */ - -#include <unistd.h> -#include <stdio.h> -#include <errno.h> -#include <fcntl.h> -#include <string.h> -#include <sys/mman.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <stdlib.h> -#include <stdint.h> -#include <sys/ioctl.h> -#include <libflask.h> - -int flask_load(xc_interface *xc_handle, char *buf, uint32_t size) -{ - int err; - flask_op_t op; - - op.cmd = FLASK_LOAD; - op.buf = buf; - op.size = size; - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - return err; - - return 0; -} - -int flask_context_to_sid(xc_interface *xc_handle, char *buf, uint32_t size, uint32_t *sid) -{ - int err; - flask_op_t op; - - op.cmd = FLASK_CONTEXT_TO_SID; - op.buf = buf; - op.size = size; - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - return err; - - sscanf(buf, "%u", sid); - - return 0; -} - -int flask_sid_to_context(xc_interface *xc_handle, int sid, char *buf, uint32_t size) -{ - int err; - flask_op_t op; - - op.cmd = FLASK_SID_TO_CONTEXT; - op.buf = buf; - op.size = size; - - snprintf(buf, size, "%u", sid); - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - return err; - - return 0; -} - -int flask_getenforce(xc_interface *xc_handle) -{ - int err; - flask_op_t op; - char buf[20]; - int size = 20; - int mode; - - op.cmd = FLASK_GETENFORCE; - op.buf = buf; - op.size = size; - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - return err; - - sscanf(buf, "%i", &mode); - - return mode; -} - -int flask_setenforce(xc_interface *xc_handle, int mode) -{ - int err; - flask_op_t op; - char buf[20]; - int size = 20; - - op.cmd = FLASK_SETENFORCE; - op.buf = buf; - op.size = size; - - snprintf(buf, size, "%i", mode); - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - return err; - - return 0; -} - -int flask_getbool_byid(xc_interface *xc_handle, int id, char *name, int *curr, int *pend) -{ - flask_op_t op; - char buf[255]; - int rv; - - op.cmd = FLASK_GETBOOL2; - op.buf = buf; - op.size = 255; - - snprintf(buf, sizeof buf, "%i", id); - - rv = xc_flask_op(xc_handle, &op); - - if ( rv ) - return rv; - - sscanf(buf, "%i %i %s", curr, pend, name); - - return rv; -} - -int flask_getbool_byname(xc_interface *xc_handle, char *name, int *curr, int *pend) -{ - flask_op_t op; - char buf[255]; - int rv; - - op.cmd = FLASK_GETBOOL_NAMED; - op.buf = buf; - op.size = 255; - - strncpy(buf, name, op.size); - - rv = xc_flask_op(xc_handle, &op); - - if ( rv ) - return rv; - - sscanf(buf, "%i %i", curr, pend); - - return rv; -} - -int flask_setbool(xc_interface *xc_handle, char *name, int value, int commit) -{ - flask_op_t op; - char buf[255]; - int size = 255; - - op.cmd = FLASK_SETBOOL_NAMED; - op.buf = buf; - op.size = size; - - snprintf(buf, size, "%s %i %i", name, value, commit); - - return xc_flask_op(xc_handle, &op); -} - -int flask_add_pirq(xc_interface *xc_handle, unsigned int pirq, char *scontext) -{ - int err; - flask_op_t op; - char *buf; - char *pirq_s = OCON_PIRQ_STR; - int size = INITCONTEXTLEN + strlen(pirq_s) + (sizeof(unsigned int)) + - (sizeof(char) * 3); - - if ( (buf = (char *) malloc(size)) == NULL ) - return -ENOMEM; - memset(buf, 0, size); - - op.cmd = FLASK_ADD_OCONTEXT; - snprintf(buf, size, "%s %255s %u", pirq_s, scontext, pirq); - op.buf = buf; - op.size = size; - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - { - free(buf); - return err; - } - - free(buf); - return 0; - -} - -int flask_add_ioport(xc_interface *xc_handle, unsigned long low, unsigned long high, - char *scontext) -{ - int err; - flask_op_t op; - char *buf; - char *ioport = OCON_IOPORT_STR; - int size = INITCONTEXTLEN + strlen(ioport) + - (sizeof(unsigned long) * 2) + (sizeof(char) * 4); - - if ( (buf = (char *) malloc(size)) == NULL ) - return -ENOMEM; - memset(buf, 0, size); - - op.cmd = FLASK_ADD_OCONTEXT; - snprintf(buf, size, "%s %255s %lu %lu", ioport, scontext, low, high); - op.buf = buf; - op.size = size; - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - { - free(buf); - return err; - } - - free(buf); - return 0; - -} - -int flask_add_iomem(xc_interface *xc_handle, unsigned long low, unsigned long high, - char *scontext) -{ - int err; - flask_op_t op; - char *buf; - char *iomem = OCON_IOMEM_STR; - int size = INITCONTEXTLEN + strlen(iomem) + - (sizeof(unsigned long) * 2) + (sizeof(char) * 4); - - if ( (buf = (char *) malloc(size)) == NULL ) - return -ENOMEM; - memset(buf, 0, size); - - op.cmd = FLASK_ADD_OCONTEXT; - snprintf(buf, size, "%s %255s %lu %lu", iomem, scontext, low, high); - op.buf = buf; - op.size = size; - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - { - free(buf); - return err; - } - - free(buf); - return 0; - -} - -int flask_add_device(xc_interface *xc_handle, unsigned long device, char *scontext) -{ - int err; - flask_op_t op; - char *buf; - char *dev = OCON_DEVICE_STR; - int size = INITCONTEXTLEN + strlen(dev) + (sizeof(unsigned long)) + - (sizeof(char) * 3); - - if ( (buf = (char *) malloc(size)) == NULL ) - return -ENOMEM; - memset(buf, 0, size); - - op.cmd = FLASK_ADD_OCONTEXT; - snprintf(buf, size, "%s %255s %lu", dev, scontext, device); - op.buf = buf; - op.size = size; - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - { - free(buf); - return err; - } - - free(buf); - return 0; - -} - -int flask_del_pirq(xc_interface *xc_handle, unsigned int pirq) -{ - int err; - flask_op_t op; - char *buf; - char *pirq_s = OCON_PIRQ_STR; - int size = strlen(pirq_s) + (sizeof(unsigned int)) + - (sizeof(char) * 2); - - if ( (buf = (char *) malloc(size)) == NULL ) - return -ENOMEM; - memset(buf, 0, size); - - op.cmd = FLASK_DEL_OCONTEXT; - snprintf(buf, size, "%s %u", pirq_s, pirq); - op.buf = buf; - op.size = size; - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - { - free(buf); - return err; - } - - free(buf); - return 0; - -} - -int flask_del_ioport(xc_interface *xc_handle, unsigned long low, unsigned long high) -{ - int err; - flask_op_t op; - char *buf; - char *ioport = OCON_IOPORT_STR; - int size = strlen(ioport) + (sizeof(unsigned long) * 2) + - (sizeof(char) * 3); - - if ( (buf = (char *) malloc(size)) == NULL ) - return -ENOMEM; - memset(buf, 0, size); - - op.cmd = FLASK_DEL_OCONTEXT; - snprintf(buf, size, "%s %lu %lu", ioport, low, high); - op.buf = buf; - op.size = size; - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - { - free(buf); - return err; - } - - free(buf); - return 0; - -} - -int flask_del_iomem(xc_interface *xc_handle, unsigned long low, unsigned long high) -{ - int err; - flask_op_t op; - char *buf; - char *iomem = OCON_IOMEM_STR; - int size = strlen(iomem) + (sizeof(unsigned long) * 2) + - (sizeof(char) * 3); - - if ( (buf = (char *) malloc(size)) == NULL ) - return -ENOMEM; - memset(buf, 0, size); - - op.cmd = FLASK_DEL_OCONTEXT; - snprintf(buf, size, "%s %lu %lu", iomem, low, high); - op.buf = buf; - op.size = size; - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - { - free(buf); - return err; - } - - free(buf); - return 0; - -} - -int flask_del_device(xc_interface *xc_handle, unsigned long device) -{ - int err; - flask_op_t op; - char *buf; - char *dev = OCON_DEVICE_STR; - int size = strlen(dev) + (sizeof(unsigned long)) + (sizeof(char) * 2); - - if ( (buf = (char *) malloc(size)) == NULL ) - return -ENOMEM; - memset(buf, 0, size); - - op.cmd = FLASK_DEL_OCONTEXT; - snprintf(buf, size, "%s %lu", dev, device); - op.buf = buf; - op.size = size; - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - { - free(buf); - return err; - } - - free(buf); - return 0; - -} - -int flask_access(xc_interface *xc_handle, const char *scon, const char *tcon, - u_int16_t tclass, u_int32_t req, - u_int32_t *allowed, u_int32_t *decided, - u_int32_t *auditallow, u_int32_t *auditdeny, - u_int32_t *seqno) -{ -/* maximum number of digits in a 16-bit decimal number: */ -#define MAX_SHORT_DEC_LEN 5 - - char *buf; - int bufLen; - int err; - flask_op_t op; - u_int32_t dummy_allowed; - u_int32_t dummy_decided; - u_int32_t dummy_auditallow; - u_int32_t dummy_auditdeny; - u_int32_t dummy_seqno; - - if (!allowed) - allowed = &dummy_allowed; - if (!decided) - decided = &dummy_decided; - if (!auditallow) - auditallow = &dummy_auditallow; - if (!auditdeny) - auditdeny = &dummy_auditdeny; - if (!seqno) - seqno = &dummy_seqno; - - if (!scon) - return -EINVAL; - if (!tcon) - return -EINVAL; - - bufLen = strlen(scon) + 1 + strlen(tcon) + 1 + - MAX_SHORT_DEC_LEN + 1 + - sizeof(req)*2 + 1; - buf = malloc(bufLen); - snprintf(buf, bufLen, "%s %s %hu %x", scon, tcon, tclass, req); - - op.cmd = FLASK_ACCESS; - op.buf = buf; - op.size = strlen(buf)+1; - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - { - free(buf); - return err; - } - - if (sscanf(op.buf, "%x %x %x %x %u", - allowed, decided, - auditallow, auditdeny, - seqno) != 5) { - err = -EILSEQ; - } - - err = ((*allowed & req) == req)? 0 : -EPERM; - - return err; - -} - -int flask_avc_hashstats(xc_interface *xc_handle, char *buf, int size) -{ - int err; - flask_op_t op; - - op.cmd = FLASK_AVC_HASHSTATS; - op.buf = buf; - op.size = size; - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - { - free(buf); - return err; - } - - return 0; -} - -int flask_avc_cachestats(xc_interface *xc_handle, char *buf, int size) -{ - int err; - flask_op_t op; - - op.cmd = FLASK_AVC_CACHESTATS; - op.buf = buf; - op.size = size; - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - { - free(buf); - return err; - } - - return 0; -} - -int flask_policyvers(xc_interface *xc_handle, char *buf, int size) -{ - int err; - flask_op_t op; - - op.cmd = FLASK_POLICYVERS; - op.buf = buf; - op.size = size; - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - { - free(buf); - return err; - } - - return 0; -} - -int flask_getavc_threshold(xc_interface *xc_handle) -{ - int err; - flask_op_t op; - char buf[20]; - int size = 20; - int threshold; - - op.cmd = FLASK_GETAVC_THRESHOLD; - op.buf = buf; - op.size = size; - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - return err; - - sscanf(buf, "%i", &threshold); - - return threshold; -} - -int flask_setavc_threshold(xc_interface *xc_handle, int threshold) -{ - int err; - flask_op_t op; - char buf[20]; - int size = 20; - - op.cmd = FLASK_SETAVC_THRESHOLD; - op.buf = buf; - op.size = size; - - snprintf(buf, size, "%i", threshold); - - if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) - return err; - - return 0; -} diff --git a/tools/flask/libflask/include/libflask.h b/tools/flask/libflask/include/libflask.h deleted file mode 100644 index b8a6ca9..0000000 --- a/tools/flask/libflask/include/libflask.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * - * Authors: Michael LeMay, <mdlemay@xxxxxxxxxxxxxx> - * George Coker, <gscoker@xxxxxxxxxxxxxx> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2, - * as published by the Free Software Foundation. - */ - -#ifndef __LIBFLASK_H__ -#define __LIBFLASK_H__ - -#include <stdint.h> -#include <xen/xen.h> -#include <xen/xsm/flask_op.h> -#include <xenctrl.h> - -int flask_load(xc_interface *xc_handle, char *buf, uint32_t size); -int flask_context_to_sid(xc_interface *xc_handle, char *buf, uint32_t size, uint32_t *sid); -int flask_sid_to_context(xc_interface *xc_handle, int sid, char *buf, uint32_t size); -int flask_getenforce(xc_interface *xc_handle); -int flask_setenforce(xc_interface *xc_handle, int mode); -int flask_getbool_byid(xc_interface *xc_handle, int id, char *name, int *curr, int *pend); -int flask_getbool_byname(xc_interface *xc_handle, char *name, int *curr, int *pend); -int flask_setbool(xc_interface *xc_handle, char *name, int value, int commit); -int flask_add_pirq(xc_interface *xc_handle, unsigned int pirq, char *scontext); -int flask_add_ioport(xc_interface *xc_handle, unsigned long low, unsigned long high, - char *scontext); -int flask_add_iomem(xc_interface *xc_handle, unsigned long low, unsigned long high, - char *scontext); -int flask_add_device(xc_interface *xc_handle, unsigned long device, char *scontext); -int flask_del_pirq(xc_interface *xc_handle, unsigned int pirq); -int flask_del_ioport(xc_interface *xc_handle, unsigned long low, unsigned long high); -int flask_del_iomem(xc_interface *xc_handle, unsigned long low, unsigned long high); -int flask_del_device(xc_interface *xc_handle, unsigned long device); -int flask_access(xc_interface *xc_handle, const char *scon, const char *tcon, - u_int16_t tclass, u_int32_t req, - u_int32_t *allowed, u_int32_t *decided, - u_int32_t *auditallow, u_int32_t *auditdeny, - u_int32_t *seqno); -int flask_avc_cachestats(xc_interface *xc_handle, char *buf, int size); -int flask_policyvers(xc_interface *xc_handle, char *buf, int size); -int flask_avc_hashstats(xc_interface *xc_handle, char *buf, int size); -int flask_getavc_threshold(xc_interface *xc_handle); -int flask_setavc_threshold(xc_interface *xc_handle, int threshold); -#define flask_add_single_ioport(x, l, s) flask_add_ioport(x, l, l, s) -#define flask_add_single_iomem(x, l, s) flask_add_iomem(x, l, l, s) -#define flask_del_single_ioport(x, l) flask_del_ioport(x, l, l) -#define flask_del_single_iomem(x, l) flask_del_iomem(x, l, l); - -#define OCON_PIRQ_STR "pirq" -#define OCON_IOPORT_STR "ioport" -#define OCON_IOMEM_STR "iomem" -#define OCON_DEVICE_STR "pcidevice" -#define INITCONTEXTLEN 256 -#endif /* __LIBFLASK_H__ */ diff --git a/tools/flask/utils/Makefile b/tools/flask/utils/Makefile index 3ac6ac2..458f9aa 100644 --- a/tools/flask/utils/Makefile +++ b/tools/flask/utils/Makefile @@ -1,11 +1,8 @@ XEN_ROOT=$(CURDIR)/../../.. include $(XEN_ROOT)/tools/Rules.mk -LIBFLASK_ROOT = $(XEN_ROOT)/tools/flask/libflask - CFLAGS += -Wall -g -Werror CFLAGS += $(CFLAGS_libxenctrl) -CFLAGS += -I$(LIBFLASK_ROOT)/include TESTDIR = testsuite/tmp TESTFLAGS= -DTESTING @@ -19,22 +16,22 @@ CLIENTS_OBJS := $(patsubst flask-%,%.o,$(CLIENTS)) all: $(CLIENTS) flask-loadpolicy: loadpolicy.o - $(CC) $(LDFLAGS) $< $(LDLIBS) -L$(LIBFLASK_ROOT) -lflask $(LDLIBS_libxenctrl) -o $@ + $(CC) $(LDFLAGS) $< $(LDLIBS) $(LDLIBS_libxenctrl) -o $@ flask-setenforce: setenforce.o - $(CC) $(LDFLAGS) $< $(LDLIBS) -L$(LIBFLASK_ROOT) -lflask $(LDLIBS_libxenctrl) -o $@ + $(CC) $(LDFLAGS) $< $(LDLIBS) $(LDLIBS_libxenctrl) -o $@ flask-getenforce: getenforce.o - $(CC) $(LDFLAGS) $< $(LDLIBS) -L$(LIBFLASK_ROOT) -lflask $(LDLIBS_libxenctrl) -o $@ + $(CC) $(LDFLAGS) $< $(LDLIBS) $(LDLIBS_libxenctrl) -o $@ flask-label-pci: label-pci.o - $(CC) $(LDFLAGS) $< $(LDLIBS) -L$(LIBFLASK_ROOT) -lflask $(LDLIBS_libxenctrl) -o $@ + $(CC) $(LDFLAGS) $< $(LDLIBS) $(LDLIBS_libxenctrl) -o $@ flask-get-bool: get-bool.o - $(CC) $(LDFLAGS) $< $(LDLIBS) -L$(LIBFLASK_ROOT) -lflask $(LDLIBS_libxenctrl) -o $@ + $(CC) $(LDFLAGS) $< $(LDLIBS) $(LDLIBS_libxenctrl) -o $@ flask-set-bool: set-bool.o - $(CC) $(LDFLAGS) $< $(LDLIBS) -L$(LIBFLASK_ROOT) -lflask $(LDLIBS_libxenctrl) -o $@ + $(CC) $(LDFLAGS) $< $(LDLIBS) $(LDLIBS_libxenctrl) -o $@ .PHONY: clean clean: diff --git a/tools/flask/utils/get-bool.c b/tools/flask/utils/get-bool.c index c0cd7c8..7833522 100644 --- a/tools/flask/utils/get-bool.c +++ b/tools/flask/utils/get-bool.c @@ -16,7 +16,6 @@ #include <string.h> #include <unistd.h> #include <inttypes.h> -#include <libflask.h> static void usage(char **argv) { @@ -29,11 +28,11 @@ static int all_bools(xc_interface *xch) int err = 0, i = 0, curr, pend; char name[256]; while (1) { - err = flask_getbool_byid(xch, i, name, &curr, &pend); + err = xc_flask_getbool_byid(xch, i, name, sizeof name, &curr, &pend); if (err < 0) { if (errno == ENOENT) return 0; - fprintf(stderr, "flask_getbool: Unable to get boolean #%d: %s (%d)", + fprintf(stderr, "xc_flask_getbool: Unable to get boolean #%d: %s (%d)", i, strerror(errno), err); return 2; } @@ -69,9 +68,9 @@ int main(int argc, char **argv) goto done; } - err = flask_getbool_byname(xch, argv[1], &curr, &pend); + err = xc_flask_getbool_byname(xch, argv[1], &curr, &pend); if (err) { - fprintf(stderr, "flask_getbool: Unable to get boolean %s: %s (%d)", + fprintf(stderr, "xc_flask_getbool: Unable to get boolean %s: %s (%d)", argv[1], strerror(errno), err); err = 2; goto done; diff --git a/tools/flask/utils/getenforce.c b/tools/flask/utils/getenforce.c index 281fc81..fedf336 100644 --- a/tools/flask/utils/getenforce.c +++ b/tools/flask/utils/getenforce.c @@ -16,7 +16,6 @@ #include <sys/stat.h> #include <string.h> #include <unistd.h> -#include <libflask.h> static void usage (int argCnt, const char *args[]) { @@ -41,7 +40,7 @@ int main (int argCnt, const char *args[]) goto done; } - ret = flask_getenforce(xch); + ret = xc_flask_getenforce(xch); if ( ret < 0 ) { errno = -ret; diff --git a/tools/flask/utils/label-pci.c b/tools/flask/utils/label-pci.c index da0cb61..9ddb713 100644 --- a/tools/flask/utils/label-pci.c +++ b/tools/flask/utils/label-pci.c @@ -16,7 +16,6 @@ #include <string.h> #include <unistd.h> #include <inttypes.h> -#include <libflask.h> /* Pulled from linux/include/linux/ioport.h */ #define IORESOURCE_TYPE_BITS 0x00001f00 /* Resource type */ @@ -69,9 +68,9 @@ int main (int argCnt, char *argv[]) goto done; } - ret = flask_add_device(xch, sbdf, argv[2]); + ret = xc_flask_add_device(xch, sbdf, argv[2]); if (ret) { - fprintf(stderr, "flask_add_device: Unable to set context of PCI device %s (0x%x) to %s: %d\n", + fprintf(stderr, "xc_flask_add_device: Unable to set context of PCI device %s (0x%x) to %s: %d\n", argv[1], sbdf, argv[2], ret); err = 2; goto done; @@ -80,9 +79,9 @@ int main (int argCnt, char *argv[]) while (fscanf(f, "0x%"SCNx64" 0x%"SCNx64" 0x%"SCNx64"\n", &start, &end, &flags) == 3) { if (flags & IORESOURCE_IO) { // printf("Port %"PRIx64"-%"PRIx64"\n", start, end); - ret = flask_add_ioport(xch, start, end, argv[2]); + ret = xc_flask_add_ioport(xch, start, end, argv[2]); if (ret) { - fprintf(stderr, "flask_add_ioport %"PRIx64"-%"PRIx64" failed: %d\n", + fprintf(stderr, "xc_flask_add_ioport %"PRIx64"-%"PRIx64" failed: %d\n", start, end, ret); err = 2; } @@ -90,9 +89,9 @@ int main (int argCnt, char *argv[]) start >>= 12; end >>= 12; // printf("IOMEM %"PRIx64"-%"PRIx64"\n", start, end); - ret = flask_add_iomem(xch, start, end, argv[2]); + ret = xc_flask_add_iomem(xch, start, end, argv[2]); if (ret) { - fprintf(stderr, "flask_add_iomem %"PRIx64"-%"PRIx64" failed: %d\n", + fprintf(stderr, "xc_flask_add_iomem %"PRIx64"-%"PRIx64" failed: %d\n", start, end, ret); err = 2; } @@ -108,9 +107,9 @@ int main (int argCnt, char *argv[]) if (fscanf(f, "%" SCNu64, &start) != 1) start = 0; if (start) { - ret = flask_add_pirq(xch, start, argv[2]); + ret = xc_flask_add_pirq(xch, start, argv[2]); if (ret) { - fprintf(stderr, "flask_add_pirq %"PRIu64" failed: %d\n", + fprintf(stderr, "xc_flask_add_pirq %"PRIu64" failed: %d\n", start, ret); err = 2; } diff --git a/tools/flask/utils/loadpolicy.c b/tools/flask/utils/loadpolicy.c index 4e99c71..f347b97 100644 --- a/tools/flask/utils/loadpolicy.c +++ b/tools/flask/utils/loadpolicy.c @@ -17,7 +17,6 @@ #include <sys/stat.h> #include <string.h> #include <unistd.h> -#include <libflask.h> #define USE_MMAP @@ -94,7 +93,7 @@ int main (int argCnt, const char *args[]) } #endif - ret = flask_load(xch, polMemCp, info.st_size); + ret = xc_flask_load(xch, polMemCp, info.st_size); if ( ret < 0 ) { errno = -ret; diff --git a/tools/flask/utils/set-bool.c b/tools/flask/utils/set-bool.c index cde25cd..4b847c5 100644 --- a/tools/flask/utils/set-bool.c +++ b/tools/flask/utils/set-bool.c @@ -16,7 +16,6 @@ #include <string.h> #include <unistd.h> #include <inttypes.h> -#include <libflask.h> static void usage(char **argv) { @@ -56,9 +55,9 @@ int main(int argc, char **argv) goto done; } - err = flask_setbool(xch, argv[1], value, 1); + err = xc_flask_setbool(xch, argv[1], value, 1); if (err) { - fprintf(stderr, "flask_setbool: Unable to set boolean %s=%s: %s (%d)", + fprintf(stderr, "xc_flask_setbool: Unable to set boolean %s=%s: %s (%d)", argv[1], argv[2], strerror(errno), err); err = 2; goto done; diff --git a/tools/flask/utils/setenforce.c b/tools/flask/utils/setenforce.c index 63928bd..0a92d53 100644 --- a/tools/flask/utils/setenforce.c +++ b/tools/flask/utils/setenforce.c @@ -16,7 +16,6 @@ #include <sys/stat.h> #include <string.h> #include <unistd.h> -#include <libflask.h> static void usage (int argCnt, const char *args[]) { @@ -45,12 +44,12 @@ int main (int argCnt, const char *args[]) if( strlen(args[1]) == 1 && (args[1][0] == '0' || args[1][0] == '1')){ mode = strtol(args[1], &end, 10); - ret = flask_setenforce(xch, mode); + ret = xc_flask_setenforce(xch, mode); } else { if( strcasecmp(args[1], "enforcing") == 0 ){ - ret = flask_setenforce(xch, 1); + ret = xc_flask_setenforce(xch, 1); } else if( strcasecmp(args[1], "permissive") == 0 ){ - ret = flask_setenforce(xch, 0); + ret = xc_flask_setenforce(xch, 0); } else { usage(argCnt, args); } diff --git a/tools/libxc/xc_flask.c b/tools/libxc/xc_flask.c index 27794a8..d268098 100644 --- a/tools/libxc/xc_flask.c +++ b/tools/libxc/xc_flask.c @@ -151,6 +151,65 @@ int xc_flask_setenforce(xc_interface *xc_handle, int mode) return 0; } +int xc_flask_getbool_byid(xc_interface *xc_handle, int id, char *name, uint32_t size, int *curr, int *pend) +{ + flask_op_t op; + char buf[255]; + int rv; + + op.cmd = FLASK_GETBOOL2; + op.buf = buf; + op.size = 255; + + snprintf(buf, sizeof buf, "%i", id); + + rv = xc_flask_op(xc_handle, &op); + + if ( rv ) + return rv; + + sscanf(buf, "%i %i %s", curr, pend, name); + + return rv; +} + +int xc_flask_getbool_byname(xc_interface *xc_handle, char *name, int *curr, int *pend) +{ + flask_op_t op; + char buf[255]; + int rv; + + op.cmd = FLASK_GETBOOL_NAMED; + op.buf = buf; + op.size = 255; + + strncpy(buf, name, op.size); + + rv = xc_flask_op(xc_handle, &op); + + if ( rv ) + return rv; + + sscanf(buf, "%i %i", curr, pend); + + return rv; +} + +int xc_flask_setbool(xc_interface *xc_handle, char *name, int value, int commit) +{ + flask_op_t op; + char buf[255]; + int size = 255; + + op.cmd = FLASK_SETBOOL_NAMED; + op.buf = buf; + op.size = size; + + snprintf(buf, size, "%s %i %i", name, value, commit); + + return xc_flask_op(xc_handle, &op); +} + static int xc_flask_add(xc_interface *xc_handle, char *cat, char *arg, char *scontext) { char buf[512]; diff --git a/tools/libxc/xenctrl.h b/tools/libxc/xenctrl.h index f0edde6..1e7c32b 100644 --- a/tools/libxc/xenctrl.h +++ b/tools/libxc/xenctrl.h @@ -1957,6 +1957,9 @@ int xc_flask_context_to_sid(xc_interface *xc_handle, char *buf, uint32_t size, u int xc_flask_sid_to_context(xc_interface *xc_handle, int sid, char *buf, uint32_t size); int xc_flask_getenforce(xc_interface *xc_handle); int xc_flask_setenforce(xc_interface *xc_handle, int mode); +int xc_flask_getbool_byid(xc_interface *xc_handle, int id, char *name, uint32_t size, int *curr, int *pend); +int xc_flask_getbool_byname(xc_interface *xc_handle, char *name, int *curr, int *pend); +int xc_flask_setbool(xc_interface *xc_handle, char *name, int value, int commit); int xc_flask_add_pirq(xc_interface *xc_handle, unsigned int pirq, char *scontext); int xc_flask_add_ioport(xc_interface *xc_handle, unsigned long low, unsigned long high, char *scontext); diff --git a/tools/python/setup.py b/tools/python/setup.py index 81540bc..e9061c8 100644 --- a/tools/python/setup.py +++ b/tools/python/setup.py @@ -48,7 +48,7 @@ flask = Extension("flask", include_dirs = [ PATH_XEN, PATH_LIBXC, "xen/lowlevel/flask", "../flask/libflask/include" ], library_dirs = [ PATH_LIBXC, "../flask/libflask" ], - libraries = [ "xenctrl", "flask" ], + libraries = [ "xenctrl" ], depends = [ PATH_LIBXC + "/libxenctrl.so", XEN_ROOT + "/tools/flask/libflask/libflask.so" ], sources = [ "xen/lowlevel/flask/flask.c" ]) diff --git a/tools/python/xen/lowlevel/flask/flask.c b/tools/python/xen/lowlevel/flask/flask.c index 64e8d63..c3fcf3b 100644 --- a/tools/python/xen/lowlevel/flask/flask.c +++ b/tools/python/xen/lowlevel/flask/flask.c @@ -12,7 +12,6 @@ #include <Python.h> #include <xenctrl.h> -#include <libflask.h> #define PKG "xen.lowlevel.flask" #define CLS "flask" @@ -58,7 +57,7 @@ static PyObject *pyflask_context_to_sid(PyObject *self, PyObject *args, return PyErr_SetFromErrno(xc_error_obj); } - ret = flask_context_to_sid(xc_handle, buf, len, &sid); + ret = xc_flask_context_to_sid(xc_handle, buf, len, &sid); xc_interface_close(xc_handle); @@ -92,7 +91,7 @@ static PyObject *pyflask_sid_to_context(PyObject *self, PyObject *args, return PyErr_SetFromErrno(xc_error_obj); } - ret = flask_sid_to_context(xc_handle, sid, ctx, ctx_len); + ret = xc_flask_sid_to_context(xc_handle, sid, ctx, ctx_len); xc_interface_close(xc_handle); @@ -121,7 +120,7 @@ static PyObject *pyflask_load(PyObject *self, PyObject *args, PyObject *kwds) return PyErr_SetFromErrno(xc_error_obj); } - ret = flask_load(xc_handle, policy, len); + ret = xc_flask_load(xc_handle, policy, len); xc_interface_close(xc_handle); @@ -143,7 +142,7 @@ static PyObject *pyflask_getenforce(PyObject *self) return PyErr_SetFromErrno(xc_error_obj); } - ret = flask_getenforce(xc_handle); + ret = xc_flask_getenforce(xc_handle); xc_interface_close(xc_handle); @@ -173,7 +172,7 @@ static PyObject *pyflask_setenforce(PyObject *self, PyObject *args, return PyErr_SetFromErrno(xc_error_obj); } - ret = flask_setenforce(xc_handle, mode); + ret = xc_flask_setenforce(xc_handle, mode); xc_interface_close(xc_handle); @@ -209,7 +208,7 @@ static PyObject *pyflask_access(PyObject *self, PyObject *args, return PyErr_SetFromErrno(xc_error_obj); } - ret = flask_access(xc_handle, scon, tcon, tclass, req, &allowed, &decided, + ret = xc_flask_access(xc_handle, scon, tcon, tclass, req, &allowed, &decided, &auditallow, &auditdeny, &seqno); xc_interface_close(xc_handle); -- 1.7.7.6 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.