1/*
2 * acm_ops.h: Xen access control module hypervisor commands
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a copy
5 * of this software and associated documentation files (the "Software"), to
6 * deal in the Software without restriction, including without limitation the
7 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
8 * sell copies of the Software, and to permit persons to whom the Software is
9 * furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
19 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
20 * DEALINGS IN THE SOFTWARE.
21 *
22 * Reiner Sailer <sailer@watson.ibm.com>
23 * Copyright (c) 2005,2006 International Business Machines Corporation.
24 */
25
26#ifndef __XEN_PUBLIC_ACM_OPS_H__
27#define __XEN_PUBLIC_ACM_OPS_H__
28
29#include "xen.h"
30#include "acm.h"
31
32/*
33 * Make sure you increment the interface version whenever you modify this file!
34 * This makes sure that old versions of acm tools will stop working in a
35 * well-defined way (rather than crashing the machine, for instance).
36 */
37#define ACM_INTERFACE_VERSION   0xAAAA000A
38
39/************************************************************************/
40
41/*
42 * Prototype for this hypercall is:
43 *  int acm_op(int cmd, void *args)
44 * @cmd  == ACMOP_??? (access control module operation).
45 * @args == Operation-specific extra arguments (NULL if none).
46 */
47
48
49#define ACMOP_setpolicy         1
50struct acm_setpolicy {
51    /* IN */
52    XEN_GUEST_HANDLE_64(void) pushcache;
53    uint32_t pushcache_size;
54};
55
56
57#define ACMOP_getpolicy         2
58struct acm_getpolicy {
59    /* IN */
60    XEN_GUEST_HANDLE_64(void) pullcache;
61    uint32_t pullcache_size;
62};
63
64
65#define ACMOP_dumpstats         3
66struct acm_dumpstats {
67    /* IN */
68    XEN_GUEST_HANDLE_64(void) pullcache;
69    uint32_t pullcache_size;
70};
71
72
73#define ACMOP_getssid           4
74#define ACM_GETBY_ssidref  1
75#define ACM_GETBY_domainid 2
76struct acm_getssid {
77    /* IN */
78    uint32_t get_ssid_by; /* ACM_GETBY_* */
79    union {
80        domaintype_t domainid;
81        ssidref_t    ssidref;
82    } id;
83    XEN_GUEST_HANDLE_64(void) ssidbuf;
84    uint32_t ssidbuf_size;
85};
86
87#define ACMOP_getdecision      5
88struct acm_getdecision {
89    /* IN */
90    uint32_t get_decision_by1; /* ACM_GETBY_* */
91    uint32_t get_decision_by2; /* ACM_GETBY_* */
92    union {
93        domaintype_t domainid;
94        ssidref_t    ssidref;
95    } id1;
96    union {
97        domaintype_t domainid;
98        ssidref_t    ssidref;
99    } id2;
100    uint32_t hook;
101    /* OUT */
102    uint32_t acm_decision;
103};
104
105
106#define ACMOP_chgpolicy        6
107struct acm_change_policy {
108    /* IN */
109    XEN_GUEST_HANDLE_64(void) policy_pushcache;
110    uint32_t policy_pushcache_size;
111    XEN_GUEST_HANDLE_64(void) del_array;
112    uint32_t delarray_size;
113    XEN_GUEST_HANDLE_64(void) chg_array;
114    uint32_t chgarray_size;
115    /* OUT */
116    /* array with error code */
117    XEN_GUEST_HANDLE_64(void) err_array;
118    uint32_t errarray_size;
119};
120
121#define ACMOP_relabeldoms       7
122struct acm_relabel_doms {
123    /* IN */
124    XEN_GUEST_HANDLE_64(void) relabel_map;
125    uint32_t relabel_map_size;
126    /* OUT */
127    XEN_GUEST_HANDLE_64(void) err_array;
128    uint32_t errarray_size;
129};
130
131/* future interface to Xen */
132struct xen_acmctl {
133    uint32_t cmd;
134    uint32_t interface_version;
135    union {
136        struct acm_setpolicy     setpolicy;
137        struct acm_getpolicy     getpolicy;
138        struct acm_dumpstats     dumpstats;
139        struct acm_getssid       getssid;
140        struct acm_getdecision   getdecision;
141        struct acm_change_policy change_policy;
142        struct acm_relabel_doms  relabel_doms;
143    } u;
144};
145
146typedef struct xen_acmctl xen_acmctl_t;
147DEFINE_XEN_GUEST_HANDLE(xen_acmctl_t);
148
149#endif /* __XEN_PUBLIC_ACM_OPS_H__ */
150
151/*
152 * Local variables:
153 * mode: C
154 * c-set-style: "BSD"
155 * c-basic-offset: 4
156 * tab-width: 4
157 * indent-tabs-mode: nil
158 * End:
159 */
160