1181624Skmacy/* 2181624Skmacy * acm.h: Xen access control module interface defintions 3181624Skmacy * 4181624Skmacy * Permission is hereby granted, free of charge, to any person obtaining a copy 5181624Skmacy * of this software and associated documentation files (the "Software"), to 6181624Skmacy * deal in the Software without restriction, including without limitation the 7181624Skmacy * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 8181624Skmacy * sell copies of the Software, and to permit persons to whom the Software is 9181624Skmacy * furnished to do so, subject to the following conditions: 10181624Skmacy * 11181624Skmacy * The above copyright notice and this permission notice shall be included in 12181624Skmacy * all copies or substantial portions of the Software. 13181624Skmacy * 14181624Skmacy * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15181624Skmacy * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16181624Skmacy * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17181624Skmacy * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18181624Skmacy * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19181624Skmacy * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20181624Skmacy * DEALINGS IN THE SOFTWARE. 21181624Skmacy * 22181624Skmacy * Reiner Sailer <sailer@watson.ibm.com> 23181624Skmacy * Copyright (c) 2005, International Business Machines Corporation. 24181624Skmacy */ 25181624Skmacy 26181624Skmacy#ifndef _XEN_PUBLIC_ACM_H 27181624Skmacy#define _XEN_PUBLIC_ACM_H 28181624Skmacy 29181624Skmacy#include "xen.h" 30181624Skmacy 31181624Skmacy/* if ACM_DEBUG defined, all hooks should 32181624Skmacy * print a short trace message (comment it out 33181624Skmacy * when not in testing mode ) 34181624Skmacy */ 35181624Skmacy/* #define ACM_DEBUG */ 36181624Skmacy 37181624Skmacy#ifdef ACM_DEBUG 38181624Skmacy# define printkd(fmt, args...) printk(fmt,## args) 39181624Skmacy#else 40181624Skmacy# define printkd(fmt, args...) 41181624Skmacy#endif 42181624Skmacy 43181624Skmacy/* default ssid reference value if not supplied */ 44181624Skmacy#define ACM_DEFAULT_SSID 0x0 45181624Skmacy#define ACM_DEFAULT_LOCAL_SSID 0x0 46181624Skmacy 47181624Skmacy/* Internal ACM ERROR types */ 48181624Skmacy#define ACM_OK 0 49181624Skmacy#define ACM_UNDEF -1 50181624Skmacy#define ACM_INIT_SSID_ERROR -2 51181624Skmacy#define ACM_INIT_SOID_ERROR -3 52181624Skmacy#define ACM_ERROR -4 53181624Skmacy 54181624Skmacy/* External ACCESS DECISIONS */ 55181624Skmacy#define ACM_ACCESS_PERMITTED 0 56181624Skmacy#define ACM_ACCESS_DENIED -111 57181624Skmacy#define ACM_NULL_POINTER_ERROR -200 58181624Skmacy 59181624Skmacy/* 60181624Skmacy Error codes reported in when trying to test for a new policy 61181624Skmacy These error codes are reported in an array of tuples where 62181624Skmacy each error code is followed by a parameter describing the error 63181624Skmacy more closely, such as a domain id. 64181624Skmacy*/ 65181624Skmacy#define ACM_EVTCHN_SHARING_VIOLATION 0x100 66181624Skmacy#define ACM_GNTTAB_SHARING_VIOLATION 0x101 67181624Skmacy#define ACM_DOMAIN_LOOKUP 0x102 68181624Skmacy#define ACM_CHWALL_CONFLICT 0x103 69181624Skmacy#define ACM_SSIDREF_IN_USE 0x104 70181624Skmacy 71181624Skmacy 72181624Skmacy/* primary policy in lower 4 bits */ 73181624Skmacy#define ACM_NULL_POLICY 0 74181624Skmacy#define ACM_CHINESE_WALL_POLICY 1 75181624Skmacy#define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2 76181624Skmacy#define ACM_POLICY_UNDEFINED 15 77181624Skmacy 78181624Skmacy/* combinations have secondary policy component in higher 4bit */ 79181624Skmacy#define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY \ 80181624Skmacy ((ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY << 4) | ACM_CHINESE_WALL_POLICY) 81181624Skmacy 82181624Skmacy/* policy: */ 83181624Skmacy#define ACM_POLICY_NAME(X) \ 84181624Skmacy ((X) == (ACM_NULL_POLICY)) ? "NULL" : \ 85181624Skmacy ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL" : \ 86181624Skmacy ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT" : \ 87181624Skmacy ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT" : \ 88181624Skmacy "UNDEFINED" 89181624Skmacy 90181624Skmacy/* the following policy versions must be increased 91181624Skmacy * whenever the interpretation of the related 92181624Skmacy * policy's data structure changes 93181624Skmacy */ 94181624Skmacy#define ACM_POLICY_VERSION 3 95181624Skmacy#define ACM_CHWALL_VERSION 1 96181624Skmacy#define ACM_STE_VERSION 1 97181624Skmacy 98181624Skmacy/* defines a ssid reference used by xen */ 99181624Skmacytypedef uint32_t ssidref_t; 100181624Skmacy 101181624Skmacy/* hooks that are known to domains */ 102181624Skmacy#define ACMHOOK_none 0 103181624Skmacy#define ACMHOOK_sharing 1 104181624Skmacy 105181624Skmacy/* -------security policy relevant type definitions-------- */ 106181624Skmacy 107181624Skmacy/* type identifier; compares to "equal" or "not equal" */ 108181624Skmacytypedef uint16_t domaintype_t; 109181624Skmacy 110181624Skmacy/* CHINESE WALL POLICY DATA STRUCTURES 111181624Skmacy * 112181624Skmacy * current accumulated conflict type set: 113181624Skmacy * When a domain is started and has a type that is in 114181624Skmacy * a conflict set, the conflicting types are incremented in 115181624Skmacy * the aggregate set. When a domain is destroyed, the 116181624Skmacy * conflicting types to its type are decremented. 117181624Skmacy * If a domain has multiple types, this procedure works over 118181624Skmacy * all those types. 119181624Skmacy * 120181624Skmacy * conflict_aggregate_set[i] holds the number of 121181624Skmacy * running domains that have a conflict with type i. 122181624Skmacy * 123181624Skmacy * running_types[i] holds the number of running domains 124181624Skmacy * that include type i in their ssidref-referenced type set 125181624Skmacy * 126181624Skmacy * conflict_sets[i][j] is "0" if type j has no conflict 127181624Skmacy * with type i and is "1" otherwise. 128181624Skmacy */ 129181624Skmacy/* high-16 = version, low-16 = check magic */ 130181624Skmacy#define ACM_MAGIC 0x0001debc 131181624Skmacy 132181624Skmacy/* each offset in bytes from start of the struct they 133181624Skmacy * are part of */ 134181624Skmacy 135181624Skmacy/* V3 of the policy buffer aded a version structure */ 136181624Skmacystruct acm_policy_version 137181624Skmacy{ 138181624Skmacy uint32_t major; 139181624Skmacy uint32_t minor; 140181624Skmacy}; 141181624Skmacy 142181624Skmacy 143181624Skmacy/* each buffer consists of all policy information for 144181624Skmacy * the respective policy given in the policy code 145181624Skmacy * 146181624Skmacy * acm_policy_buffer, acm_chwall_policy_buffer, 147181624Skmacy * and acm_ste_policy_buffer need to stay 32-bit aligned 148181624Skmacy * because we create binary policies also with external 149181624Skmacy * tools that assume packed representations (e.g. the java tool) 150181624Skmacy */ 151181624Skmacystruct acm_policy_buffer { 152181624Skmacy uint32_t policy_version; /* ACM_POLICY_VERSION */ 153181624Skmacy uint32_t magic; 154181624Skmacy uint32_t len; 155181624Skmacy uint32_t policy_reference_offset; 156181624Skmacy uint32_t primary_policy_code; 157181624Skmacy uint32_t primary_buffer_offset; 158181624Skmacy uint32_t secondary_policy_code; 159181624Skmacy uint32_t secondary_buffer_offset; 160181624Skmacy struct acm_policy_version xml_pol_version; /* add in V3 */ 161181624Skmacy}; 162181624Skmacy 163181624Skmacy 164181624Skmacystruct acm_policy_reference_buffer { 165181624Skmacy uint32_t len; 166181624Skmacy}; 167181624Skmacy 168181624Skmacystruct acm_chwall_policy_buffer { 169181624Skmacy uint32_t policy_version; /* ACM_CHWALL_VERSION */ 170181624Skmacy uint32_t policy_code; 171181624Skmacy uint32_t chwall_max_types; 172181624Skmacy uint32_t chwall_max_ssidrefs; 173181624Skmacy uint32_t chwall_max_conflictsets; 174181624Skmacy uint32_t chwall_ssid_offset; 175181624Skmacy uint32_t chwall_conflict_sets_offset; 176181624Skmacy uint32_t chwall_running_types_offset; 177181624Skmacy uint32_t chwall_conflict_aggregate_offset; 178181624Skmacy}; 179181624Skmacy 180181624Skmacystruct acm_ste_policy_buffer { 181181624Skmacy uint32_t policy_version; /* ACM_STE_VERSION */ 182181624Skmacy uint32_t policy_code; 183181624Skmacy uint32_t ste_max_types; 184181624Skmacy uint32_t ste_max_ssidrefs; 185181624Skmacy uint32_t ste_ssid_offset; 186181624Skmacy}; 187181624Skmacy 188181624Skmacystruct acm_stats_buffer { 189181624Skmacy uint32_t magic; 190181624Skmacy uint32_t len; 191181624Skmacy uint32_t primary_policy_code; 192181624Skmacy uint32_t primary_stats_offset; 193181624Skmacy uint32_t secondary_policy_code; 194181624Skmacy uint32_t secondary_stats_offset; 195181624Skmacy}; 196181624Skmacy 197181624Skmacystruct acm_ste_stats_buffer { 198181624Skmacy uint32_t ec_eval_count; 199181624Skmacy uint32_t gt_eval_count; 200181624Skmacy uint32_t ec_denied_count; 201181624Skmacy uint32_t gt_denied_count; 202181624Skmacy uint32_t ec_cachehit_count; 203181624Skmacy uint32_t gt_cachehit_count; 204181624Skmacy}; 205181624Skmacy 206181624Skmacystruct acm_ssid_buffer { 207181624Skmacy uint32_t len; 208181624Skmacy ssidref_t ssidref; 209181624Skmacy uint32_t policy_reference_offset; 210181624Skmacy uint32_t primary_policy_code; 211181624Skmacy uint32_t primary_max_types; 212181624Skmacy uint32_t primary_types_offset; 213181624Skmacy uint32_t secondary_policy_code; 214181624Skmacy uint32_t secondary_max_types; 215181624Skmacy uint32_t secondary_types_offset; 216181624Skmacy}; 217181624Skmacy 218181624Skmacy#endif 219181624Skmacy 220181624Skmacy/* 221181624Skmacy * Local variables: 222181624Skmacy * mode: C 223181624Skmacy * c-set-style: "BSD" 224181624Skmacy * c-basic-offset: 4 225181624Skmacy * tab-width: 4 226181624Skmacy * indent-tabs-mode: nil 227181624Skmacy * End: 228181624Skmacy */ 229