1 /* 2 * acm.h: Xen access control module interface defintions 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a copy 5 * of this software and associated documentation files (the "Software"), to 6 * deal in the Software without restriction, including without limitation the 7 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 8 * sell copies of the Software, and to permit persons to whom the Software is 9 * furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice shall be included in 12 * all copies or substantial portions of the Software. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 * DEALINGS IN THE SOFTWARE. 21 * 22 * Reiner Sailer <sailer@watson.ibm.com> 23 * Copyright (c) 2005, International Business Machines Corporation. 24 */ 25 26 #ifndef _XEN_PUBLIC_ACM_H 27 #define _XEN_PUBLIC_ACM_H 28 29 #include "../xen.h" 30 31 /* if ACM_DEBUG defined, all hooks should 32 * print a short trace message (comment it out 33 * when not in testing mode ) 34 */ 35 /* #define ACM_DEBUG */ 36 37 #ifdef ACM_DEBUG 38 # define printkd(fmt, args...) printk(fmt,## args) 39 #else 40 # define printkd(fmt, args...) 41 #endif 42 43 /* default ssid reference value if not supplied */ 44 #define ACM_DEFAULT_SSID 0x0 45 #define ACM_DEFAULT_LOCAL_SSID 0x0 46 47 /* Internal ACM ERROR types */ 48 #define ACM_OK 0 49 #define ACM_UNDEF -1 50 #define ACM_INIT_SSID_ERROR -2 51 #define ACM_INIT_SOID_ERROR -3 52 #define ACM_ERROR -4 53 54 /* External ACCESS DECISIONS */ 55 #define ACM_ACCESS_PERMITTED 0 56 #define ACM_ACCESS_DENIED -111 57 #define ACM_NULL_POINTER_ERROR -200 58 59 /* 60 Error codes reported in when trying to test for a new policy 61 These error codes are reported in an array of tuples where 62 each error code is followed by a parameter describing the error 63 more closely, such as a domain id. 64 */ 65 #define ACM_EVTCHN_SHARING_VIOLATION 0x100 66 #define ACM_GNTTAB_SHARING_VIOLATION 0x101 67 #define ACM_DOMAIN_LOOKUP 0x102 68 #define ACM_CHWALL_CONFLICT 0x103 69 #define ACM_SSIDREF_IN_USE 0x104 70 71 72 /* primary policy in lower 4 bits */ 73 #define ACM_NULL_POLICY 0 74 #define ACM_CHINESE_WALL_POLICY 1 75 #define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2 76 #define ACM_POLICY_UNDEFINED 15 77 78 /* combinations have secondary policy component in higher 4bit */ 79 #define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY \ 80 ((ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY << 4) | ACM_CHINESE_WALL_POLICY) 81 82 /* policy: */ 83 #define ACM_POLICY_NAME(X) \ 84 ((X) == (ACM_NULL_POLICY)) ? "NULL" : \ 85 ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL" : \ 86 ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT" : \ 87 ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT" : \ 88 "UNDEFINED" 89 90 /* the following policy versions must be increased 91 * whenever the interpretation of the related 92 * policy's data structure changes 93 */ 94 #define ACM_POLICY_VERSION 4 95 #define ACM_CHWALL_VERSION 1 96 #define ACM_STE_VERSION 1 97 98 /* defines a ssid reference used by xen */ 99 typedef uint32_t ssidref_t; 100 101 /* hooks that are known to domains */ 102 #define ACMHOOK_none 0 103 #define ACMHOOK_sharing 1 104 #define ACMHOOK_authorization 2 105 #define ACMHOOK_conflictset 3 106 107 /* -------security policy relevant type definitions-------- */ 108 109 /* type identifier; compares to "equal" or "not equal" */ 110 typedef uint16_t domaintype_t; 111 112 /* CHINESE WALL POLICY DATA STRUCTURES 113 * 114 * current accumulated conflict type set: 115 * When a domain is started and has a type that is in 116 * a conflict set, the conflicting types are incremented in 117 * the aggregate set. When a domain is destroyed, the 118 * conflicting types to its type are decremented. 119 * If a domain has multiple types, this procedure works over 120 * all those types. 121 * 122 * conflict_aggregate_set[i] holds the number of 123 * running domains that have a conflict with type i. 124 * 125 * running_types[i] holds the number of running domains 126 * that include type i in their ssidref-referenced type set 127 * 128 * conflict_sets[i][j] is "0" if type j has no conflict 129 * with type i and is "1" otherwise. 130 */ 131 /* high-16 = version, low-16 = check magic */ 132 #define ACM_MAGIC 0x0001debc 133 134 /* size of the SHA1 hash identifying the XML policy from which the 135 binary policy was created */ 136 #define ACM_SHA1_HASH_SIZE 20 137 138 /* each offset in bytes from start of the struct they 139 * are part of */ 140 141 /* V3 of the policy buffer aded a version structure */ 142 struct acm_policy_version 143 { 144 uint32_t major; 145 uint32_t minor; 146 }; 147 148 149 /* each buffer consists of all policy information for 150 * the respective policy given in the policy code 151 * 152 * acm_policy_buffer, acm_chwall_policy_buffer, 153 * and acm_ste_policy_buffer need to stay 32-bit aligned 154 * because we create binary policies also with external 155 * tools that assume packed representations (e.g. the java tool) 156 */ 157 struct acm_policy_buffer { 158 uint32_t magic; 159 uint32_t policy_version; /* ACM_POLICY_VERSION */ 160 uint32_t len; 161 uint32_t policy_reference_offset; 162 uint32_t primary_policy_code; 163 uint32_t primary_buffer_offset; 164 uint32_t secondary_policy_code; 165 uint32_t secondary_buffer_offset; 166 struct acm_policy_version xml_pol_version; /* add in V3 */ 167 uint8_t xml_policy_hash[ACM_SHA1_HASH_SIZE]; /* added in V4 */ 168 }; 169 170 171 struct acm_policy_reference_buffer { 172 uint32_t len; 173 }; 174 175 struct acm_chwall_policy_buffer { 176 uint32_t policy_version; /* ACM_CHWALL_VERSION */ 177 uint32_t policy_code; 178 uint32_t chwall_max_types; 179 uint32_t chwall_max_ssidrefs; 180 uint32_t chwall_max_conflictsets; 181 uint32_t chwall_ssid_offset; 182 uint32_t chwall_conflict_sets_offset; 183 uint32_t chwall_running_types_offset; 184 uint32_t chwall_conflict_aggregate_offset; 185 }; 186 187 struct acm_ste_policy_buffer { 188 uint32_t policy_version; /* ACM_STE_VERSION */ 189 uint32_t policy_code; 190 uint32_t ste_max_types; 191 uint32_t ste_max_ssidrefs; 192 uint32_t ste_ssid_offset; 193 }; 194 195 struct acm_stats_buffer { 196 uint32_t magic; 197 uint32_t len; 198 uint32_t primary_policy_code; 199 uint32_t primary_stats_offset; 200 uint32_t secondary_policy_code; 201 uint32_t secondary_stats_offset; 202 }; 203 204 struct acm_ste_stats_buffer { 205 uint32_t ec_eval_count; 206 uint32_t gt_eval_count; 207 uint32_t ec_denied_count; 208 uint32_t gt_denied_count; 209 uint32_t ec_cachehit_count; 210 uint32_t gt_cachehit_count; 211 }; 212 213 struct acm_ssid_buffer { 214 uint32_t len; 215 ssidref_t ssidref; 216 uint32_t policy_reference_offset; 217 uint32_t primary_policy_code; 218 uint32_t primary_max_types; 219 uint32_t primary_types_offset; 220 uint32_t secondary_policy_code; 221 uint32_t secondary_max_types; 222 uint32_t secondary_types_offset; 223 }; 224 225 #endif 226 227 /* 228 * Local variables: 229 * mode: C 230 * c-set-style: "BSD" 231 * c-basic-offset: 4 232 * tab-width: 4 233 * indent-tabs-mode: nil 234 * End: 235 */ 236