# HG changeset patch
# User kaf24@xxxxxxxxxxxxxxxxxxxx
# Node ID ecb17ef5a587a806f7f4f017c243f963ad962868
# Parent d6af2ea42f94f691e9b55e0383af06910b6bdc8a
- allows to optionally boot the system with a policy already being
active at startup; this works by adding a module line into the grub
configuration file and placing the binary policy generated by the
policy tool into the boot directory; This assumes that a maximum of
one module line is used for the initrd in the grub configuration
file - Question: do users pass more than one module to the kernel?
- enables the policy hypervisor call on x86/64
- some function prototypes moved to include files
- moves the version number in the java tool up to the current
version (a better way of doing this will be submitted soon)
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
Signed-off-by: Reiner Sailer <sailer@xxxxxxxxxx>
diff -r d6af2ea42f94 -r ecb17ef5a587 xen/arch/x86/setup.c
--- a/xen/arch/x86/setup.c Mon Jul 25 21:03:40 2005
+++ b/xen/arch/x86/setup.c Mon Jul 25 21:19:14 2005
@@ -245,6 +245,8 @@
module_t *mod = (module_t *)__va(mbi->mods_addr);
unsigned long firsthole_start, nr_pages;
unsigned long initial_images_start, initial_images_end;
+ unsigned long _initrd_start = 0, _initrd_len = 0;
+ unsigned int initrdidx = 1;
struct e820entry e820_raw[E820MAX];
int i, e820_raw_nr = 0, bytes = 0;
struct ns16550_defaults ns16550 = {
@@ -411,7 +413,7 @@
shadow_mode_init();
/* initialize access control security module */
- acm_init();
+ acm_init(&initrdidx, mbi, initial_images_start);
/* Create initial domain 0. */
dom0 = do_createdomain(0, 0);
@@ -450,6 +452,13 @@
}
}
+ if ( (initrdidx > 0) && (initrdidx < mbi->mods_count) )
+ {
+ _initrd_start = initial_images_start +
+ (mod[initrdidx].mod_start - mod[0].mod_start);
+ _initrd_len = mod[initrdidx].mod_end - mod[initrdidx].mod_start;
+ }
+
/*
* We're going to setup domain0 using the module(s) that we stashed safely
* above our heap. The second module, if present, is an initrd ramdisk.
@@ -457,11 +466,8 @@
if ( construct_dom0(dom0,
initial_images_start,
mod[0].mod_end-mod[0].mod_start,
- (mbi->mods_count == 1) ? 0 :
- initial_images_start +
- (mod[1].mod_start-mod[0].mod_start),
- (mbi->mods_count == 1) ? 0 :
- mod[mbi->mods_count-1].mod_end - mod[1].mod_start,
+ _initrd_start,
+ _initrd_len,
cmdline) != 0)
panic("Could not set up DOM0 guest OS\n");
diff -r d6af2ea42f94 -r ecb17ef5a587 xen/acm/acm_core.c
--- a/xen/acm/acm_core.c Mon Jul 25 21:03:40 2005
+++ b/xen/acm/acm_core.c Mon Jul 25 21:19:14 2005
@@ -5,6 +5,9 @@
*
* Author:
* Reiner Sailer <sailer@xxxxxxxxxxxxxx>
+ *
+ * Contributors:
+ * Stefan Berger <stefanb@xxxxxxxxxxxxxx>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
@@ -25,6 +28,7 @@
#include <xen/lib.h>
#include <xen/delay.h>
#include <xen/sched.h>
+#include <xen/multiboot.h>
#include <acm/acm_hooks.h>
#include <acm/acm_endian.h>
@@ -81,9 +85,68 @@
acm_bin_pol.secondary_binary_policy = secondary;
}
+static int
+acm_setup(unsigned int *initrdidx,
+ const multiboot_info_t *mbi,
+ unsigned long initial_images_start)
+{
+ int i;
+ module_t *mod = (module_t *)__va(mbi->mods_addr);
+ int rc = ACM_OK;
+
+ if (mbi->mods_count > 1)
+ *initrdidx = 1;
+
+ /*
+ * Try all modules and see whichever could be the binary policy.
+ * Adjust the initrdidx if module[1] is the binary policy.
+ */
+ for (i = mbi->mods_count-1; i >= 1; i--) {
+ struct acm_policy_buffer *pol;
+ char *_policy_start;
+ unsigned long _policy_len;
+#if defined(__i386__)
+ _policy_start = (char *)(initial_images_start +
(mod[i].mod_start-mod[0].mod_start));
+#elif defined(__x86_64__)
+ _policy_start = __va(initial_images_start +
(mod[i].mod_start-mod[0].mod_start));
+#else
+#error Architecture unsupported by sHype
+#endif
+ _policy_len = mod[i].mod_end - mod[i].mod_start;
+ if (_policy_len < sizeof(struct acm_policy_buffer))
+ continue; /* not a policy */
+
+ pol = (struct acm_policy_buffer *)_policy_start;
+ if (ntohl(pol->magic) == ACM_MAGIC) {
+ rc = acm_set_policy((void *)_policy_start,
+ (u16)_policy_len,
+ ACM_USE_SECURITY_POLICY,
+ 0);
+ if (rc == ACM_OK) {
+ printf("Policy len 0x%lx, start at
%p.\n",_policy_len,_policy_start);
+ if (i == 1) {
+ if (mbi->mods_count > 2) {
+ *initrdidx = 2;
+ } else {
+ *initrdidx = 0;
+ }
+ } else {
+ *initrdidx = 1;
+ }
+ break;
+ } else {
+ printk("Invalid policy. %d.th module line.\n", i+1);
+ }
+ } /* end if a binary policy definition, i.e., (ntohl(pol->magic) ==
ACM_MAGIC ) */
+ }
+ return rc;
+}
+
int
-acm_init(void)
+acm_init(unsigned int *initrdidx,
+ const multiboot_info_t *mbi,
+ unsigned long initial_images_start)
{
int ret = -EINVAL;
@@ -127,10 +190,12 @@
if (ret != ACM_OK)
return -EINVAL;
+ acm_setup(initrdidx, mbi, initial_images_start);
printk("%s: Enforcing Primary %s, Secondary %s.\n", __func__,
ACM_POLICY_NAME(acm_bin_pol.primary_policy_code),
ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
- return ACM_OK;
-}
+ return ret;
+}
+
#endif
diff -r d6af2ea42f94 -r ecb17ef5a587 xen/arch/x86/x86_64/entry.S
--- a/xen/arch/x86/x86_64/entry.S Mon Jul 25 21:03:40 2005
+++ b/xen/arch/x86/x86_64/entry.S Mon Jul 25 21:19:14 2005
@@ -587,6 +587,7 @@
.quad do_boot_vcpu
.quad do_set_segment_base /* 25 */
.quad do_mmuext_op
+ .quad do_policy_op
.rept NR_hypercalls-((.-hypercall_table)/4)
.quad do_ni_hypercall
.endr
diff -r d6af2ea42f94 -r ecb17ef5a587 xen/acm/acm_policy.c
--- a/xen/acm/acm_policy.c Mon Jul 25 21:03:40 2005
+++ b/xen/acm/acm_policy.c Mon Jul 25 21:19:14 2005
@@ -33,7 +33,7 @@
#include <acm/acm_endian.h>
int
-acm_set_policy(void *buf, u16 buf_size, u16 policy)
+acm_set_policy(void *buf, u16 buf_size, u16 policy, int isuserbuffer)
{
u8 *policy_buffer = NULL;
struct acm_policy_buffer *pol;
@@ -53,16 +53,21 @@
/* 1. copy buffer from domain */
if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL)
goto error_free;
- if (copy_from_user(policy_buffer, buf, buf_size)) {
- printk("%s: Error copying!\n",__func__);
- goto error_free;
+ if (isuserbuffer) {
+ if (copy_from_user(policy_buffer, buf, buf_size)) {
+ printk("%s: Error copying!\n",__func__);
+ goto error_free;
+ }
+ } else {
+ memcpy(policy_buffer, buf, buf_size);
}
/* 2. some sanity checking */
pol = (struct acm_policy_buffer *)policy_buffer;
if ((ntohl(pol->magic) != ACM_MAGIC) ||
(ntohs(pol->primary_policy_code) !=
acm_bin_pol.primary_policy_code) ||
- (ntohs(pol->secondary_policy_code) !=
acm_bin_pol.secondary_policy_code)) {
+ (ntohs(pol->secondary_policy_code) !=
acm_bin_pol.secondary_policy_code) ||
+ (ntohl(pol->policyversion) != POLICY_INTERFACE_VERSION)) {
printkd("%s: Wrong policy magics!\n", __func__);
goto error_free;
}
diff -r d6af2ea42f94 -r ecb17ef5a587 xen/common/policy_ops.c
--- a/xen/common/policy_ops.c Mon Jul 25 21:03:40 2005
+++ b/xen/common/policy_ops.c Mon Jul 25 21:19:14 2005
@@ -36,11 +36,6 @@
}
#else
-
-/* function prototypes defined in acm/acm_policy.c */
-int acm_set_policy(void *buf, u16 buf_size, u16 policy);
-int acm_get_policy(void *buf, u16 buf_size);
-int acm_dump_statistics(void *buf, u16 buf_size);
typedef enum policyoperation {
POLICY, /* access to policy interface (early drop) */
@@ -89,7 +84,8 @@
ret = acm_set_policy(
op->u.setpolicy.pushcache,
op->u.setpolicy.pushcache_size,
- op->u.setpolicy.policy_type);
+ op->u.setpolicy.policy_type,
+ 1);
if (ret == ACM_OK)
ret = 0;
else
diff -r d6af2ea42f94 -r ecb17ef5a587
tools/misc/policyprocessor/XmlToBinInterface.java
--- a/tools/misc/policyprocessor/XmlToBinInterface.java Mon Jul 25 21:03:40 2005
+++ b/tools/misc/policyprocessor/XmlToBinInterface.java Mon Jul 25 21:19:14 2005
@@ -123,7 +123,7 @@
final short binaryBufferHeaderSz = (3 * u32Size + 4* u16Size);
/* copied directlty from policy_ops.h */
- final int POLICY_INTERFACE_VERSION = 0xAAAA0002;
+ final int POLICY_INTERFACE_VERSION = 0xAAAA0003;
/* copied directly from acm.h */
final int ACM_MAGIC = 0x0001debc;
diff -r d6af2ea42f94 -r ecb17ef5a587 docs/misc/shype4xen_readme.txt
--- a/docs/misc/shype4xen_readme.txt Mon Jul 25 21:03:40 2005
+++ b/docs/misc/shype4xen_readme.txt Mon Jul 25 21:19:14 2005
@@ -567,4 +567,22 @@
Our policy interface enables managers to create a single binary policy file in
a trusted
environment and distributed it to multiple systems for enforcement.
+5. Booting with a binary policy:
+********************************
+The grub configuration file can be adapted to boot the hypervisor with an
+already active policy. To do this, a binary policy file - this can be
+the same file as used by the policy_tool - should be placed into the boot
+partition. The following entry from the grub configuration file shows how
+a binary policy can be added to the system during boot time. Note that the
+binary policy must be of the same type that the hypervisor was compiled
+for. The policy module line should also only be added as the last module
+line if XEN was compiled with the access control module (ACM).
+
+title XEN0 3.0 Devel
+ kernel /xen.gz dom0_mem=400000
+ module /vmlinuz-2.6.12-xen0 root=/dev/hda2 ro console=tty0
+ module /initrd-2.6.12-xen0.img
+ module /xen_sample_policy.bin
+
+
====================end-of file=======================================
diff -r d6af2ea42f94 -r ecb17ef5a587 xen/include/acm/acm_core.h
--- a/xen/include/acm/acm_core.h Mon Jul 25 21:03:40 2005
+++ b/xen/include/acm/acm_core.h Mon Jul 25 21:19:14 2005
@@ -113,6 +113,9 @@
/* protos */
int acm_init_domain_ssid(domid_t id, ssidref_t ssidref);
int acm_free_domain_ssid(struct acm_ssid_domain *ssid);
+int acm_set_policy(void *buf, u16 buf_size, u16 policy, int isuserbuffer);
+int acm_get_policy(void *buf, u16 buf_size);
+int acm_dump_statistics(void *buf, u16 buf_size);
#endif
diff -r d6af2ea42f94 -r ecb17ef5a587 xen/include/acm/acm_hooks.h
--- a/xen/include/acm/acm_hooks.h Mon Jul 25 21:03:40 2005
+++ b/xen/include/acm/acm_hooks.h Mon Jul 25 21:19:14 2005
@@ -24,6 +24,7 @@
#include <xen/lib.h>
#include <xen/delay.h>
#include <xen/sched.h>
+#include <xen/multiboot.h>
#include <public/acm.h>
#include <acm/acm_core.h>
#include <public/dom0_ops.h>
@@ -136,7 +137,9 @@
{ return 0; }
static inline int acm_pre_grant_setup(domid_t id)
{ return 0; }
-static inline int acm_init(void)
+static inline int acm_init(unsigned int *initrdidx,
+ const multiboot_info_t *mbi,
+ unsigned long start)
{ return 0; }
static inline void acm_post_domain0_create(domid_t domid)
{ return; }
@@ -337,7 +340,9 @@
acm_post_domain_create(domid, ACM_DOM0_SSIDREF);
}
-extern int acm_init(void);
+extern int acm_init(unsigned int *initrdidx,
+ const multiboot_info_t *mbi,
+ unsigned long start);
#endif
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home