1/*
2 * acm.h: Xen access control module interface defintions
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a copy
5 * of this software and associated documentation files (the "Software"), to
6 * deal in the Software without restriction, including without limitation the
7 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
8 * sell copies of the Software, and to permit persons to whom the Software is
9 * furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
19 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
20 * DEALINGS IN THE SOFTWARE.
21 *
22 * Reiner Sailer <sailer@watson.ibm.com>
23 * Copyright (c) 2005, International Business Machines Corporation.
24 */
25
26#ifndef _XEN_PUBLIC_ACM_H
27#define _XEN_PUBLIC_ACM_H
28
29#include "xen.h"
30
31/* if ACM_DEBUG defined, all hooks should
32 * print a short trace message (comment it out
33 * when not in testing mode )
34 */
35/* #define ACM_DEBUG */
36
37#ifdef ACM_DEBUG
38#  define printkd(fmt, args...) printk(fmt,## args)
39#else
40#  define printkd(fmt, args...)
41#endif
42
43/* default ssid reference value if not supplied */
44#define ACM_DEFAULT_SSID  0x0
45#define ACM_DEFAULT_LOCAL_SSID  0x0
46
47/* Internal ACM ERROR types */
48#define ACM_OK     0
49#define ACM_UNDEF   -1
50#define ACM_INIT_SSID_ERROR  -2
51#define ACM_INIT_SOID_ERROR  -3
52#define ACM_ERROR          -4
53
54/* External ACCESS DECISIONS */
55#define ACM_ACCESS_PERMITTED        0
56#define ACM_ACCESS_DENIED           -111
57#define ACM_NULL_POINTER_ERROR      -200
58
59/*
60   Error codes reported in when trying to test for a new policy
61   These error codes are reported in an array of tuples where
62   each error code is followed by a parameter describing the error
63   more closely, such as a domain id.
64*/
65#define ACM_EVTCHN_SHARING_VIOLATION       0x100
66#define ACM_GNTTAB_SHARING_VIOLATION       0x101
67#define ACM_DOMAIN_LOOKUP                  0x102
68#define ACM_CHWALL_CONFLICT                0x103
69#define ACM_SSIDREF_IN_USE                 0x104
70
71
72/* primary policy in lower 4 bits */
73#define ACM_NULL_POLICY 0
74#define ACM_CHINESE_WALL_POLICY 1
75#define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2
76#define ACM_POLICY_UNDEFINED 15
77
78/* combinations have secondary policy component in higher 4bit */
79#define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY \
80    ((ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY << 4) | ACM_CHINESE_WALL_POLICY)
81
82/* policy: */
83#define ACM_POLICY_NAME(X) \
84 ((X) == (ACM_NULL_POLICY)) ? "NULL" :                        \
85    ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL" :        \
86    ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT" : \
87    ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT" : \
88     "UNDEFINED"
89
90/* the following policy versions must be increased
91 * whenever the interpretation of the related
92 * policy's data structure changes
93 */
94#define ACM_POLICY_VERSION 3
95#define ACM_CHWALL_VERSION 1
96#define ACM_STE_VERSION  1
97
98/* defines a ssid reference used by xen */
99typedef uint32_t ssidref_t;
100
101/* hooks that are known to domains */
102#define ACMHOOK_none    0
103#define ACMHOOK_sharing 1
104
105/* -------security policy relevant type definitions-------- */
106
107/* type identifier; compares to "equal" or "not equal" */
108typedef uint16_t domaintype_t;
109
110/* CHINESE WALL POLICY DATA STRUCTURES
111 *
112 * current accumulated conflict type set:
113 * When a domain is started and has a type that is in
114 * a conflict set, the conflicting types are incremented in
115 * the aggregate set. When a domain is destroyed, the
116 * conflicting types to its type are decremented.
117 * If a domain has multiple types, this procedure works over
118 * all those types.
119 *
120 * conflict_aggregate_set[i] holds the number of
121 *   running domains that have a conflict with type i.
122 *
123 * running_types[i] holds the number of running domains
124 *        that include type i in their ssidref-referenced type set
125 *
126 * conflict_sets[i][j] is "0" if type j has no conflict
127 *    with type i and is "1" otherwise.
128 */
129/* high-16 = version, low-16 = check magic */
130#define ACM_MAGIC  0x0001debc
131
132/* each offset in bytes from start of the struct they
133 * are part of */
134
135/* V3 of the policy buffer aded a version structure */
136struct acm_policy_version
137{
138    uint32_t major;
139    uint32_t minor;
140};
141
142
143/* each buffer consists of all policy information for
144 * the respective policy given in the policy code
145 *
146 * acm_policy_buffer, acm_chwall_policy_buffer,
147 * and acm_ste_policy_buffer need to stay 32-bit aligned
148 * because we create binary policies also with external
149 * tools that assume packed representations (e.g. the java tool)
150 */
151struct acm_policy_buffer {
152    uint32_t policy_version; /* ACM_POLICY_VERSION */
153    uint32_t magic;
154    uint32_t len;
155    uint32_t policy_reference_offset;
156    uint32_t primary_policy_code;
157    uint32_t primary_buffer_offset;
158    uint32_t secondary_policy_code;
159    uint32_t secondary_buffer_offset;
160    struct acm_policy_version xml_pol_version; /* add in V3 */
161};
162
163
164struct acm_policy_reference_buffer {
165    uint32_t len;
166};
167
168struct acm_chwall_policy_buffer {
169    uint32_t policy_version; /* ACM_CHWALL_VERSION */
170    uint32_t policy_code;
171    uint32_t chwall_max_types;
172    uint32_t chwall_max_ssidrefs;
173    uint32_t chwall_max_conflictsets;
174    uint32_t chwall_ssid_offset;
175    uint32_t chwall_conflict_sets_offset;
176    uint32_t chwall_running_types_offset;
177    uint32_t chwall_conflict_aggregate_offset;
178};
179
180struct acm_ste_policy_buffer {
181    uint32_t policy_version; /* ACM_STE_VERSION */
182    uint32_t policy_code;
183    uint32_t ste_max_types;
184    uint32_t ste_max_ssidrefs;
185    uint32_t ste_ssid_offset;
186};
187
188struct acm_stats_buffer {
189    uint32_t magic;
190    uint32_t len;
191    uint32_t primary_policy_code;
192    uint32_t primary_stats_offset;
193    uint32_t secondary_policy_code;
194    uint32_t secondary_stats_offset;
195};
196
197struct acm_ste_stats_buffer {
198    uint32_t ec_eval_count;
199    uint32_t gt_eval_count;
200    uint32_t ec_denied_count;
201    uint32_t gt_denied_count;
202    uint32_t ec_cachehit_count;
203    uint32_t gt_cachehit_count;
204};
205
206struct acm_ssid_buffer {
207    uint32_t len;
208    ssidref_t ssidref;
209    uint32_t policy_reference_offset;
210    uint32_t primary_policy_code;
211    uint32_t primary_max_types;
212    uint32_t primary_types_offset;
213    uint32_t secondary_policy_code;
214    uint32_t secondary_max_types;
215    uint32_t secondary_types_offset;
216};
217
218#endif
219
220/*
221 * Local variables:
222 * mode: C
223 * c-set-style: "BSD"
224 * c-basic-offset: 4
225 * tab-width: 4
226 * indent-tabs-mode: nil
227 * End:
228 */
229