2 * acm.h: Xen access control module interface defintions
4 * Reiner Sailer <sailer@watson.ibm.com>
5 * Copyright (c) 2005, International Business Machines Corporation.
8 #ifndef _XEN_PUBLIC_ACM_H
9 #define _XEN_PUBLIC_ACM_H
13 /* if ACM_DEBUG defined, all hooks should
14 * print a short trace message (comment it out
15 * when not in testing mode )
17 /* #define ACM_DEBUG */
20 # define printkd(fmt, args...) printk(fmt,## args)
22 # define printkd(fmt, args...)
25 /* default ssid reference value if not supplied */
26 #define ACM_DEFAULT_SSID 0x0
27 #define ACM_DEFAULT_LOCAL_SSID 0x0
29 /* Internal ACM ERROR types */
32 #define ACM_INIT_SSID_ERROR -2
33 #define ACM_INIT_SOID_ERROR -3
36 /* External ACCESS DECISIONS */
37 #define ACM_ACCESS_PERMITTED 0
38 #define ACM_ACCESS_DENIED -111
39 #define ACM_NULL_POINTER_ERROR -200
41 /* primary policy in lower 4 bits */
42 #define ACM_NULL_POLICY 0
43 #define ACM_CHINESE_WALL_POLICY 1
44 #define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2
45 #define ACM_POLICY_UNDEFINED 15
47 /* combinations have secondary policy component in higher 4bit */
48 #define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY \
49 ((ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY << 4) | ACM_CHINESE_WALL_POLICY)
52 #define ACM_POLICY_NAME(X) \
53 ((X) == (ACM_NULL_POLICY)) ? "NULL" : \
54 ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL" : \
55 ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT" : \
56 ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT" : \
59 /* the following policy versions must be increased
60 * whenever the interpretation of the related
61 * policy's data structure changes
63 #define ACM_POLICY_VERSION 2
64 #define ACM_CHWALL_VERSION 1
65 #define ACM_STE_VERSION 1
67 /* defines a ssid reference used by xen */
68 typedef uint32_t ssidref_t;
70 /* hooks that are known to domains */
71 #define ACMHOOK_none 0
72 #define ACMHOOK_sharing 1
74 /* -------security policy relevant type definitions-------- */
76 /* type identifier; compares to "equal" or "not equal" */
77 typedef uint16_t domaintype_t;
79 /* CHINESE WALL POLICY DATA STRUCTURES
81 * current accumulated conflict type set:
82 * When a domain is started and has a type that is in
83 * a conflict set, the conflicting types are incremented in
84 * the aggregate set. When a domain is destroyed, the
85 * conflicting types to its type are decremented.
86 * If a domain has multiple types, this procedure works over
89 * conflict_aggregate_set[i] holds the number of
90 * running domains that have a conflict with type i.
92 * running_types[i] holds the number of running domains
93 * that include type i in their ssidref-referenced type set
95 * conflict_sets[i][j] is "0" if type j has no conflict
96 * with type i and is "1" otherwise.
98 /* high-16 = version, low-16 = check magic */
99 #define ACM_MAGIC 0x0001debc
101 /* each offset in bytes from start of the struct they
104 /* each buffer consists of all policy information for
105 * the respective policy given in the policy code
107 * acm_policy_buffer, acm_chwall_policy_buffer,
108 * and acm_ste_policy_buffer need to stay 32-bit aligned
109 * because we create binary policies also with external
110 * tools that assume packed representations (e.g. the java tool)
112 struct acm_policy_buffer {
113 uint32_t policy_version; /* ACM_POLICY_VERSION */
116 uint32_t policy_reference_offset;
117 uint32_t primary_policy_code;
118 uint32_t primary_buffer_offset;
119 uint32_t secondary_policy_code;
120 uint32_t secondary_buffer_offset;
123 struct acm_policy_reference_buffer {
127 struct acm_chwall_policy_buffer {
128 uint32_t policy_version; /* ACM_CHWALL_VERSION */
129 uint32_t policy_code;
130 uint32_t chwall_max_types;
131 uint32_t chwall_max_ssidrefs;
132 uint32_t chwall_max_conflictsets;
133 uint32_t chwall_ssid_offset;
134 uint32_t chwall_conflict_sets_offset;
135 uint32_t chwall_running_types_offset;
136 uint32_t chwall_conflict_aggregate_offset;
139 struct acm_ste_policy_buffer {
140 uint32_t policy_version; /* ACM_STE_VERSION */
141 uint32_t policy_code;
142 uint32_t ste_max_types;
143 uint32_t ste_max_ssidrefs;
144 uint32_t ste_ssid_offset;
147 struct acm_stats_buffer {
150 uint32_t primary_policy_code;
151 uint32_t primary_stats_offset;
152 uint32_t secondary_policy_code;
153 uint32_t secondary_stats_offset;
156 struct acm_ste_stats_buffer {
157 uint32_t ec_eval_count;
158 uint32_t gt_eval_count;
159 uint32_t ec_denied_count;
160 uint32_t gt_denied_count;
161 uint32_t ec_cachehit_count;
162 uint32_t gt_cachehit_count;
165 struct acm_ssid_buffer {
168 uint32_t policy_reference_offset;
169 uint32_t primary_policy_code;
170 uint32_t primary_max_types;
171 uint32_t primary_types_offset;
172 uint32_t secondary_policy_code;
173 uint32_t secondary_max_types;
174 uint32_t secondary_types_offset;
185 * indent-tabs-mode: nil