# HG changeset patch
# User kaf24@xxxxxxxxxxxxxxxxxxxx
# Node ID 96b1479305ce2c324e91aa16b9592be54d9c1f4b
# Parent c1163951ee2f9f63522b9cab8e83d2d318da9894
[ACM] Replace enumerations with macros with qualified names.
Old unqualified enumeration names polluted the global namespace.
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
---
tools/python/xen/lowlevel/acm/acm.c | 12 ++++++------
xen/acm/acm_core.c | 2 +-
xen/acm/acm_policy.c | 7 +++----
xen/acm/acm_simple_type_enforcement_hooks.c | 14 +++++++-------
xen/common/acm_ops.c | 12 ++++++------
xen/include/acm/acm_core.h | 13 +++++++------
xen/include/public/acm.h | 3 ++-
xen/include/public/acm_ops.h | 9 +++++----
8 files changed, 37 insertions(+), 35 deletions(-)
diff -r c1163951ee2f -r 96b1479305ce tools/python/xen/lowlevel/acm/acm.c
--- a/tools/python/xen/lowlevel/acm/acm.c Fri Jun 09 16:26:05 2006 +0100
+++ b/tools/python/xen/lowlevel/acm/acm.c Fri Jun 09 16:49:49 2006 +0100
@@ -54,7 +54,7 @@ void * __getssid(int domid, uint32_t *bu
getssid.interface_version = ACM_INTERFACE_VERSION;
set_xen_guest_handle(getssid.ssidbuf, buf);
getssid.ssidbuf_size = SSID_BUFFER_SIZE;
- getssid.get_ssid_by = DOMAINID;
+ getssid.get_ssid_by = ACM_GETBY_domainid;
getssid.id.domainid = domid;
if (xc_acm_op(xc_handle, ACMOP_getssid, &getssid, sizeof(getssid)) < 0) {
@@ -163,19 +163,19 @@ static PyObject *getdecision(PyObject *
return NULL;
getdecision.interface_version = ACM_INTERFACE_VERSION;
- getdecision.hook = SHARING;
+ getdecision.hook = ACMHOOK_sharing;
if (!strcmp(arg1_name, "domid")) {
- getdecision.get_decision_by1 = DOMAINID;
+ getdecision.get_decision_by1 = ACM_GETBY_domainid;
getdecision.id1.domainid = atoi(arg1);
} else {
- getdecision.get_decision_by1 = SSIDREF;
+ getdecision.get_decision_by1 = ACM_GETBY_ssidref;
getdecision.id1.ssidref = atol(arg1);
}
if (!strcmp(arg2_name, "domid")) {
- getdecision.get_decision_by2 = DOMAINID;
+ getdecision.get_decision_by2 = ACM_GETBY_domainid;
getdecision.id2.domainid = atoi(arg2);
} else {
- getdecision.get_decision_by2 = SSIDREF;
+ getdecision.get_decision_by2 = ACM_GETBY_ssidref;
getdecision.id2.ssidref = atol(arg2);
}
diff -r c1163951ee2f -r 96b1479305ce xen/acm/acm_core.c
--- a/xen/acm/acm_core.c Fri Jun 09 16:26:05 2006 +0100
+++ b/xen/acm/acm_core.c Fri Jun 09 16:49:49 2006 +0100
@@ -316,7 +316,7 @@ acm_init_domain_ssid(domid_t id, ssidref
return ACM_INIT_SSID_ERROR;
}
- ssid->datatype = DOMAIN;
+ ssid->datatype = ACM_DATATYPE_domain;
ssid->subject = subj;
ssid->domainid = subj->domain_id;
ssid->primary_ssid = NULL;
diff -r c1163951ee2f -r 96b1479305ce xen/acm/acm_policy.c
--- a/xen/acm/acm_policy.c Fri Jun 09 16:26:05 2006 +0100
+++ b/xen/acm/acm_policy.c Fri Jun 09 16:49:49 2006 +0100
@@ -287,14 +287,13 @@ acm_get_ssid(ssidref_t ssidref, XEN_GUES
}
int
-acm_get_decision(ssidref_t ssidref1, ssidref_t ssidref2,
- enum acm_hook_type hook)
+acm_get_decision(ssidref_t ssidref1, ssidref_t ssidref2, u32 hook)
{
int ret = ACM_ACCESS_DENIED;
switch (hook) {
- case SHARING:
- /* SHARING Hook restricts access in STE policy only */
+ case ACMHOOK_sharing:
+ /* Sharing hook restricts access in STE policy only */
ret = acm_sharing(ssidref1, ssidref2);
break;
diff -r c1163951ee2f -r 96b1479305ce xen/acm/acm_simple_type_enforcement_hooks.c
--- a/xen/acm/acm_simple_type_enforcement_hooks.c Fri Jun 09 16:26:05
2006 +0100
+++ b/xen/acm/acm_simple_type_enforcement_hooks.c Fri Jun 09 16:49:49
2006 +0100
@@ -117,7 +117,7 @@ ste_init_domain_ssid(void **ste_ssid, ss
}
/* clean ste cache */
for (i=0; i<ACM_TE_CACHE_SIZE; i++)
- ste_ssidp->ste_cache[i].valid = FREE;
+ ste_ssidp->ste_cache[i].valid = ACM_STE_free;
(*ste_ssid) = ste_ssidp;
printkd("%s: determined ste_ssidref to %x.\n",
@@ -329,7 +329,7 @@ ste_set_policy(u8 *buf, u32 buf_size)
ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,
(struct acm_ssid_domain *)(*pd)->ssid);
for (i=0; i<ACM_TE_CACHE_SIZE; i++)
- ste_ssid->ste_cache[i].valid = FREE;
+ ste_ssid->ste_cache[i].valid = ACM_STE_free;
}
read_unlock(&domlist_lock);
return ACM_OK;
@@ -397,7 +397,7 @@ check_cache(struct domain *dom, domid_t
(struct acm_ssid_domain *)(dom->ssid));
for(i=0; i< ACM_TE_CACHE_SIZE; i++) {
- if ((ste_ssid->ste_cache[i].valid == VALID) &&
+ if ((ste_ssid->ste_cache[i].valid == ACM_STE_valid) &&
(ste_ssid->ste_cache[i].id == rdom)) {
printkd("cache hit (entry %x, id= %x!\n", i,
ste_ssid->ste_cache[i].id);
return 1;
@@ -418,10 +418,10 @@ cache_result(struct domain *subj, struct
ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,
(struct acm_ssid_domain *)(subj)->ssid);
for(i=0; i< ACM_TE_CACHE_SIZE; i++)
- if (ste_ssid->ste_cache[i].valid == FREE)
+ if (ste_ssid->ste_cache[i].valid == ACM_STE_free)
break;
if (i< ACM_TE_CACHE_SIZE) {
- ste_ssid->ste_cache[i].valid = VALID;
+ ste_ssid->ste_cache[i].valid = ACM_STE_valid;
ste_ssid->ste_cache[i].id = obj->domain_id;
} else
printk ("Cache of dom %x is full!\n", subj->domain_id);
@@ -451,9 +451,9 @@ clean_id_from_cache(domid_t id)
goto out;
}
for (i=0; i<ACM_TE_CACHE_SIZE; i++)
- if ((ste_ssid->ste_cache[i].valid == VALID) &&
+ if ((ste_ssid->ste_cache[i].valid == ACM_STE_valid) &&
(ste_ssid->ste_cache[i].id == id))
- ste_ssid->ste_cache[i].valid = FREE;
+ ste_ssid->ste_cache[i].valid = ACM_STE_free;
}
out:
read_unlock(&domlist_lock);
diff -r c1163951ee2f -r 96b1479305ce xen/common/acm_ops.c
--- a/xen/common/acm_ops.c Fri Jun 09 16:26:05 2006 +0100
+++ b/xen/common/acm_ops.c Fri Jun 09 16:49:49 2006 +0100
@@ -106,9 +106,9 @@ long do_acm_op(int cmd, XEN_GUEST_HANDLE
if (getssid.interface_version != ACM_INTERFACE_VERSION)
return -EACCES;
- if (getssid.get_ssid_by == SSIDREF)
+ if (getssid.get_ssid_by == ACM_GETBY_ssidref)
ssidref = getssid.id.ssidref;
- else if (getssid.get_ssid_by == DOMAINID)
+ else if (getssid.get_ssid_by == ACM_GETBY_domainid)
{
struct domain *subj = find_domain_by_id(getssid.id.domainid);
if (!subj)
@@ -143,9 +143,9 @@ long do_acm_op(int cmd, XEN_GUEST_HANDLE
if (getdecision.interface_version != ACM_INTERFACE_VERSION)
return -EACCES;
- if (getdecision.get_decision_by1 == SSIDREF)
+ if (getdecision.get_decision_by1 == ACM_GETBY_ssidref)
ssidref1 = getdecision.id1.ssidref;
- else if (getdecision.get_decision_by1 == DOMAINID)
+ else if (getdecision.get_decision_by1 == ACM_GETBY_domainid)
{
struct domain *subj = find_domain_by_id(getdecision.id1.domainid);
if (!subj)
@@ -167,9 +167,9 @@ long do_acm_op(int cmd, XEN_GUEST_HANDLE
rc = -ESRCH;
break;
}
- if (getdecision.get_decision_by2 == SSIDREF)
+ if (getdecision.get_decision_by2 == ACM_GETBY_ssidref)
ssidref2 = getdecision.id2.ssidref;
- else if (getdecision.get_decision_by2 == DOMAINID)
+ else if (getdecision.get_decision_by2 == ACM_GETBY_domainid)
{
struct domain *subj = find_domain_by_id(getdecision.id2.domainid);
if (!subj)
diff -r c1163951ee2f -r 96b1479305ce xen/include/acm/acm_core.h
--- a/xen/include/acm/acm_core.h Fri Jun 09 16:26:05 2006 +0100
+++ b/xen/include/acm/acm_core.h Fri Jun 09 16:49:49 2006 +0100
@@ -59,26 +59,27 @@ extern rwlock_t acm_bin_pol_rwlock;
extern rwlock_t acm_bin_pol_rwlock;
/* subject and object type definitions */
-enum acm_datatype { DOMAIN };
+#define ACM_DATATYPE_domain 1
/* defines number of access decisions to other domains can be cached
* one entry per domain, TE does not distinguish evtchn or grant_table */
#define ACM_TE_CACHE_SIZE 8
-enum acm_ste_flag { VALID, FREE };
+#define ACM_STE_valid 0
+#define ACM_STE_free 1
/* cache line:
- * if cache_line.valid==VALID, then
+ * if cache_line.valid==ACM_STE_valid, then
* STE decision is cached as "permitted"
* on domain cache_line.id
*/
struct acm_ste_cache_line {
- enum acm_ste_flag valid;
+ int valid; /* ACM_STE_* */
domid_t id;
};
/* general definition of a subject security id */
struct acm_ssid_domain {
- enum acm_datatype datatype; /* type of subject (e.g., partition) */
+ int datatype; /* type of subject (e.g., partition): ACM_DATATYPE_* */
ssidref_t ssidref; /* combined security reference */
void *primary_ssid; /* primary policy ssid part (e.g. chinese wall) */
void *secondary_ssid; /* secondary policy ssid part (e.g. type
enforcement) */
@@ -124,7 +125,7 @@ int acm_get_policy(void *buf, u32 buf_si
int acm_get_policy(void *buf, u32 buf_size);
int acm_dump_statistics(void *buf, u16 buf_size);
int acm_get_ssid(ssidref_t ssidref, u8 *buf, u16 buf_size);
-int acm_get_decision(ssidref_t ssidref1, ssidref_t ssidref2, enum
acm_hook_type hook);
+int acm_get_decision(ssidref_t ssidref1, ssidref_t ssidref2, u32 hook);
int acm_set_policy_reference(u8 * buf, u32 buf_size);
int acm_dump_policy_reference(u8 *buf, u32 buf_size);
#endif
diff -r c1163951ee2f -r 96b1479305ce xen/include/public/acm.h
--- a/xen/include/public/acm.h Fri Jun 09 16:26:05 2006 +0100
+++ b/xen/include/public/acm.h Fri Jun 09 16:49:49 2006 +0100
@@ -69,7 +69,8 @@ typedef uint32_t ssidref_t;
typedef uint32_t ssidref_t;
/* hooks that are known to domains */
-enum acm_hook_type {NONE=0, SHARING};
+#define ACMHOOK_none 0
+#define ACMHOOK_sharing 1
/* -------security policy relevant type definitions-------- */
diff -r c1163951ee2f -r 96b1479305ce xen/include/public/acm_ops.h
--- a/xen/include/public/acm_ops.h Fri Jun 09 16:26:05 2006 +0100
+++ b/xen/include/public/acm_ops.h Fri Jun 09 16:49:49 2006 +0100
@@ -57,11 +57,12 @@ struct acm_dumpstats {
#define ACMOP_getssid 4
-enum get_type {UNSET=0, SSIDREF, DOMAINID};
+#define ACM_GETBY_ssidref 1
+#define ACM_GETBY_domainid 2
struct acm_getssid {
/* IN */
uint32_t interface_version;
- uint32_t get_ssid_by;
+ uint32_t get_ssid_by; /* ACM_GETBY_* */
union {
domaintype_t domainid;
ssidref_t ssidref;
@@ -74,8 +75,8 @@ struct acm_getdecision {
struct acm_getdecision {
/* IN */
uint32_t interface_version;
- uint32_t get_decision_by1;
- uint32_t get_decision_by2;
+ uint32_t get_decision_by1; /* ACM_GETBY_* */
+ uint32_t get_decision_by2; /* ACM_GETBY_* */
union {
domaintype_t domainid;
ssidref_t ssidref;
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home