Xen project Mailing List

[Xen-devel] [PATCH 12/29] xl: split out flask related code

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Date: Fri, 24 Feb 2017 16:12:57 +0000

Cc: Wei Liu <wei.liu2@xxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>

Delivery-date: Fri, 24 Feb 2017 16:16:41 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx> --- tools/xl/Makefile | 2 +- tools/xl/xl_cmdimpl.c | 119 --------------------------------------- tools/xl/xl_flask.c | 153 ++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 154 insertions(+), 120 deletions(-) create mode 100644 tools/xl/xl_flask.c diff --git a/tools/xl/Makefile b/tools/xl/Makefile index 0ff7ef9bfe..df0b5dd5cf 100644 --- a/tools/xl/Makefile +++ b/tools/xl/Makefile @@ -16,7 +16,7 @@ CFLAGS_XL += $(CFLAGS_libxenlight) CFLAGS_XL += -Wshadow XL_OBJS = xl.o xl_cmdimpl.o xl_cmdtable.o xl_sxp.o xl_utils.o -XL_OBJS += xl_tmem.o xl_parse.o xl_cpupool.o +XL_OBJS += xl_tmem.o xl_parse.o xl_cpupool.o xl_flask.o $(XL_OBJS): CFLAGS += $(CFLAGS_libxentoollog) $(XL_OBJS): CFLAGS += $(CFLAGS_XL) diff --git a/tools/xl/xl_cmdimpl.c b/tools/xl/xl_cmdimpl.c index 82b30bb094..eb87cb975a 100644 --- a/tools/xl/xl_cmdimpl.c +++ b/tools/xl/xl_cmdimpl.c @@ -5611,125 +5611,6 @@ int main_uptime(int argc, char **argv) return 0; } -int main_getenforce(int argc, char **argv) -{ - int ret; - - ret = libxl_flask_getenforce(ctx); - - if (ret < 0) { - if (errno == ENOSYS) - printf("Flask XSM Disabled\n"); - else - fprintf(stderr, "Failed to get enforcing mode\n"); - } - else if (ret == 1) - printf("Enforcing\n"); - else if (ret == 0) - printf("Permissive\n"); - - return ret; -} - -int main_setenforce(int argc, char **argv) -{ - int ret, mode; - const char *p = NULL; - - if (optind >= argc) { - help("setenforce"); - return 2; - } - - p = argv[optind]; - - if (!strcmp(p, "0")) - mode = 0; - else if (!strcmp(p, "1")) - mode = 1; - else if (!strcasecmp(p, "permissive")) - mode = 0; - else if (!strcasecmp(p, "enforcing")) - mode = 1; - else { - help("setenforce"); - return 2; - } - - ret = libxl_flask_setenforce(ctx, mode); - - if (ret) { - if (errno == ENOSYS) { - fprintf(stderr, "Flask XSM disabled\n"); - } - else - fprintf(stderr, "error occured while setting enforcing mode (%i)\n", ret); - } - - return ret; -} - -int main_loadpolicy(int argc, char **argv) -{ - const char *polFName; - int polFd = -1; - void *polMemCp = NULL; - struct stat info; - int ret; - - if (optind >= argc) { - help("loadpolicy"); - return 2; - } - - polFName = argv[optind]; - polFd = open(polFName, O_RDONLY); - if (polFd < 0) { - fprintf(stderr, "Error occurred opening policy file '%s': %s\n", - polFName, strerror(errno)); - ret = -1; - goto done; - } - - ret = stat(polFName, &info); - if (ret < 0) { - fprintf(stderr, "Error occurred retrieving information about" - "policy file '%s': %s\n", polFName, strerror(errno)); - goto done; - } - - polMemCp = malloc(info.st_size); - - ret = read(polFd, polMemCp, info.st_size); - if ( ret < 0 ) { - fprintf(stderr, "Unable to read new Flask policy file: %s\n", - strerror(errno)); - goto done; - } - - ret = libxl_flask_loadpolicy(ctx, polMemCp, info.st_size); - - if (ret < 0) { - if (errno == ENOSYS) { - fprintf(stderr, "Flask XSM disabled\n"); - } else { - errno = -ret; - fprintf(stderr, "Unable to load new Flask policy: %s\n", - strerror(errno)); - ret = -1; - } - } else { - printf("Successfully loaded policy.\n"); - } - -done: - free(polMemCp); - if (polFd >= 0) - close(polFd); - - return ret; -} - #ifndef LIBXL_HAVE_NO_SUSPEND_RESUME int main_remus(int argc, char **argv) { diff --git a/tools/xl/xl_flask.c b/tools/xl/xl_flask.c new file mode 100644 index 0000000000..804165c6a8 --- /dev/null +++ b/tools/xl/xl_flask.c @@ -0,0 +1,153 @@ +/* + * Copyright 2009-2017 Citrix Ltd and other contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published + * by the Free Software Foundation; version 2.1 only. with the special + * exception on linking described in file LICENSE. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + */ + +#include <fcntl.h> +#include <stdio.h> +#include <stdlib.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <unistd.h> + +#include <libxl.h> + +#include "xl.h" + +extern libxl_ctx *ctx; + +int main_getenforce(int argc, char **argv) +{ + int ret; + + ret = libxl_flask_getenforce(ctx); + + if (ret < 0) { + if (errno == ENOSYS) + printf("Flask XSM Disabled\n"); + else + fprintf(stderr, "Failed to get enforcing mode\n"); + } + else if (ret == 1) + printf("Enforcing\n"); + else if (ret == 0) + printf("Permissive\n"); + + return ret; +} + +int main_setenforce(int argc, char **argv) +{ + int ret, mode; + const char *p = NULL; + + if (optind >= argc) { + help("setenforce"); + return 2; + } + + p = argv[optind]; + + if (!strcmp(p, "0")) + mode = 0; + else if (!strcmp(p, "1")) + mode = 1; + else if (!strcasecmp(p, "permissive")) + mode = 0; + else if (!strcasecmp(p, "enforcing")) + mode = 1; + else { + help("setenforce"); + return 2; + } + + ret = libxl_flask_setenforce(ctx, mode); + + if (ret) { + if (errno == ENOSYS) { + fprintf(stderr, "Flask XSM disabled\n"); + } + else + fprintf(stderr, "error occured while setting enforcing mode (%i)\n", ret); + } + + return ret; +} + +int main_loadpolicy(int argc, char **argv) +{ + const char *polFName; + int polFd = -1; + void *polMemCp = NULL; + struct stat info; + int ret; + + if (optind >= argc) { + help("loadpolicy"); + return 2; + } + + polFName = argv[optind]; + polFd = open(polFName, O_RDONLY); + if (polFd < 0) { + fprintf(stderr, "Error occurred opening policy file '%s': %s\n", + polFName, strerror(errno)); + ret = -1; + goto done; + } + + ret = stat(polFName, &info); + if (ret < 0) { + fprintf(stderr, "Error occurred retrieving information about" + "policy file '%s': %s\n", polFName, strerror(errno)); + goto done; + } + + polMemCp = malloc(info.st_size); + + ret = read(polFd, polMemCp, info.st_size); + if ( ret < 0 ) { + fprintf(stderr, "Unable to read new Flask policy file: %s\n", + strerror(errno)); + goto done; + } + + ret = libxl_flask_loadpolicy(ctx, polMemCp, info.st_size); + + if (ret < 0) { + if (errno == ENOSYS) { + fprintf(stderr, "Flask XSM disabled\n"); + } else { + errno = -ret; + fprintf(stderr, "Unable to load new Flask policy: %s\n", + strerror(errno)); + ret = -1; + } + } else { + printf("Successfully loaded policy.\n"); + } + +done: + free(polMemCp); + if (polFd >= 0) + close(polFd); + + return ret; +} + +/* + * Local variables: + * mode: C + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- 2.11.0 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.