[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 2/2] xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY



The embedded policy is specific flask, so update the infrastructure to reflect
this.

Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
CC: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
CC: Stefano Stabellini <sstabellini@xxxxxxxxxx>
CC: Tim Deegan <tim@xxxxxxx>
CC: Wei Liu <wei.liu2@xxxxxxxxxx>
CC: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>
CC: Xin Li <xin.li@xxxxxxxxxx>
CC: Ming Lu <ming.lu@xxxxxxxxxx>
---
 xen/common/Kconfig          | 6 +++---
 xen/include/xsm/xsm.h       | 6 +++---
 xen/xsm/flask/Makefile      | 2 +-
 xen/xsm/flask/gen-policy.py | 4 ++--
 xen/xsm/xsm_core.c          | 6 +++---
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 0f15f72..068c320 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -127,10 +127,10 @@ config XSM_FLASK_AVC_STATS
 
          If unsure, say Y.
 
-config XSM_POLICY
-       bool "Compile Xen with a built-in security policy"
+config XSM_FLASK_POLICY
+       bool "Compile Xen with a built-in FLASK security policy"
        default y if HAS_CHECKPOLICY = "y"
-       depends on XSM
+       depends on XSM_FLASK
        ---help---
          This includes a default XSM policy in the hypervisor so that the
          bootloader does not need to load a policy to get sane behavior from an
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 1be3d63..70e7a68 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -728,9 +728,9 @@ static inline void flask_init(const void *policy_buffer, 
size_t policy_size)
 }
 #endif
 
-#ifdef CONFIG_XSM_POLICY
-extern const unsigned char xsm_init_policy[];
-extern const unsigned int xsm_init_policy_size;
+#ifdef CONFIG_XSM_FLASK_POLICY
+extern const unsigned char xsm_init_flask_policy[];
+extern const unsigned int xsm_init_flask_policy_size;
 #endif
 
 #else /* CONFIG_XSM */
diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile
index e22ed7c..f5ffab1 100644
--- a/xen/xsm/flask/Makefile
+++ b/xen/xsm/flask/Makefile
@@ -27,7 +27,7 @@ $(FLASK_H_FILES): $(FLASK_H_DEPEND)
 $(AV_H_FILES): $(AV_H_DEPEND)
        $(CONFIG_SHELL) policy/mkaccess_vector.sh $(AWK) $(AV_H_DEPEND)
 
-obj-$(CONFIG_XSM_POLICY) += policy.o
+obj-$(CONFIG_XSM_FLASK_POLICY) += policy.o
 
 FLASK_BUILD_DIR := $(CURDIR)
 POLICY_SRC := $(FLASK_BUILD_DIR)/xenpolicy-$(XEN_FULLVERSION)
diff --git a/xen/xsm/flask/gen-policy.py b/xen/xsm/flask/gen-policy.py
index 5168d6e..64a79d6 100644
--- a/xen/xsm/flask/gen-policy.py
+++ b/xen/xsm/flask/gen-policy.py
@@ -8,7 +8,7 @@ sys.stdout.write("""
 #include <xen/init.h>
 #include <xsm/xsm.h>
 
-const unsigned char xsm_init_policy[] __initconst = {
+const unsigned char xsm_init_flask_policy[] __initconst = {
 """)
 
 for char in sys.stdin.read():
@@ -19,5 +19,5 @@ for char in sys.stdin.read():
 
 sys.stdout.write("""
 };
-const unsigned int __initconst xsm_init_policy_size = %d;
+const unsigned int __initconst xsm_init_flask_policy_size = %d;
 """ % policy_size)
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index 949dfcf..cddcf7a 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -42,11 +42,11 @@ static inline int verify(struct xsm_operations *ops)
 
 static int __init xsm_core_init(const void *policy_buffer, size_t policy_size)
 {
-#ifdef CONFIG_XSM_POLICY
+#ifdef CONFIG_XSM_FLASK_POLICY
     if ( policy_size == 0 )
     {
-        policy_buffer = xsm_init_policy;
-        policy_size = xsm_init_policy_size;
+        policy_buffer = xsm_init_flask_policy;
+        policy_size = xsm_init_flask_policy_size;
     }
 #endif
 
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.