1/* 2 * acm.h: Xen access control module interface defintions 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a copy 5 * of this software and associated documentation files (the "Software"), to 6 * deal in the Software without restriction, including without limitation the 7 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 8 * sell copies of the Software, and to permit persons to whom the Software is 9 * furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice shall be included in 12 * all copies or substantial portions of the Software. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 * DEALINGS IN THE SOFTWARE. 21 * 22 * Reiner Sailer <sailer@watson.ibm.com> 23 * Copyright (c) 2005, International Business Machines Corporation. 24 */ 25 26#ifndef _XEN_PUBLIC_ACM_H 27#define _XEN_PUBLIC_ACM_H 28 29#include "../xen.h" 30 31/* default ssid reference value if not supplied */ 32#define ACM_DEFAULT_SSID 0x0 33#define ACM_DEFAULT_LOCAL_SSID 0x0 34 35/* Internal ACM ERROR types */ 36#define ACM_OK 0 37#define ACM_UNDEF -1 38#define ACM_INIT_SSID_ERROR -2 39#define ACM_INIT_SOID_ERROR -3 40#define ACM_ERROR -4 41 42/* External ACCESS DECISIONS */ 43#define ACM_ACCESS_PERMITTED 0 44#define ACM_ACCESS_DENIED -111 45#define ACM_NULL_POINTER_ERROR -200 46 47/* 48 Error codes reported in when trying to test for a new policy 49 These error codes are reported in an array of tuples where 50 each error code is followed by a parameter describing the error 51 more closely, such as a domain id. 52*/ 53#define ACM_EVTCHN_SHARING_VIOLATION 0x100 54#define ACM_GNTTAB_SHARING_VIOLATION 0x101 55#define ACM_DOMAIN_LOOKUP 0x102 56#define ACM_CHWALL_CONFLICT 0x103 57#define ACM_SSIDREF_IN_USE 0x104 58 59 60/* primary policy in lower 4 bits */ 61#define ACM_NULL_POLICY 0 62#define ACM_CHINESE_WALL_POLICY 1 63#define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2 64#define ACM_POLICY_UNDEFINED 15 65 66/* combinations have secondary policy component in higher 4bit */ 67#define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY \ 68 ((ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY << 4) | ACM_CHINESE_WALL_POLICY) 69 70/* policy: */ 71#define ACM_POLICY_NAME(X) \ 72 ((X) == (ACM_NULL_POLICY)) ? "NULL" : \ 73 ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL" : \ 74 ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT" : \ 75 ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT" : \ 76 "UNDEFINED" 77 78/* the following policy versions must be increased 79 * whenever the interpretation of the related 80 * policy's data structure changes 81 */ 82#define ACM_POLICY_VERSION 4 83#define ACM_CHWALL_VERSION 1 84#define ACM_STE_VERSION 1 85 86/* defines a ssid reference used by xen */ 87typedef uint32_t ssidref_t; 88 89/* hooks that are known to domains */ 90#define ACMHOOK_none 0 91#define ACMHOOK_sharing 1 92#define ACMHOOK_authorization 2 93#define ACMHOOK_conflictset 3 94 95/* -------security policy relevant type definitions-------- */ 96 97/* type identifier; compares to "equal" or "not equal" */ 98typedef uint16_t domaintype_t; 99 100/* CHINESE WALL POLICY DATA STRUCTURES 101 * 102 * current accumulated conflict type set: 103 * When a domain is started and has a type that is in 104 * a conflict set, the conflicting types are incremented in 105 * the aggregate set. When a domain is destroyed, the 106 * conflicting types to its type are decremented. 107 * If a domain has multiple types, this procedure works over 108 * all those types. 109 * 110 * conflict_aggregate_set[i] holds the number of 111 * running domains that have a conflict with type i. 112 * 113 * running_types[i] holds the number of running domains 114 * that include type i in their ssidref-referenced type set 115 * 116 * conflict_sets[i][j] is "0" if type j has no conflict 117 * with type i and is "1" otherwise. 118 */ 119/* high-16 = version, low-16 = check magic */ 120#define ACM_MAGIC 0x0001debc 121 122/* size of the SHA1 hash identifying the XML policy from which the 123 binary policy was created */ 124#define ACM_SHA1_HASH_SIZE 20 125 126/* each offset in bytes from start of the struct they 127 * are part of */ 128 129/* V3 of the policy buffer aded a version structure */ 130struct acm_policy_version 131{ 132 uint32_t major; 133 uint32_t minor; 134}; 135 136 137/* each buffer consists of all policy information for 138 * the respective policy given in the policy code 139 * 140 * acm_policy_buffer, acm_chwall_policy_buffer, 141 * and acm_ste_policy_buffer need to stay 32-bit aligned 142 * because we create binary policies also with external 143 * tools that assume packed representations (e.g. the java tool) 144 */ 145struct acm_policy_buffer { 146 uint32_t magic; 147 uint32_t policy_version; /* ACM_POLICY_VERSION */ 148 uint32_t len; 149 uint32_t policy_reference_offset; 150 uint32_t primary_policy_code; 151 uint32_t primary_buffer_offset; 152 uint32_t secondary_policy_code; 153 uint32_t secondary_buffer_offset; 154 struct acm_policy_version xml_pol_version; /* add in V3 */ 155 uint8_t xml_policy_hash[ACM_SHA1_HASH_SIZE]; /* added in V4 */ 156}; 157 158 159struct acm_policy_reference_buffer { 160 uint32_t len; 161}; 162 163struct acm_chwall_policy_buffer { 164 uint32_t policy_version; /* ACM_CHWALL_VERSION */ 165 uint32_t policy_code; 166 uint32_t chwall_max_types; 167 uint32_t chwall_max_ssidrefs; 168 uint32_t chwall_max_conflictsets; 169 uint32_t chwall_ssid_offset; 170 uint32_t chwall_conflict_sets_offset; 171 uint32_t chwall_running_types_offset; 172 uint32_t chwall_conflict_aggregate_offset; 173}; 174 175struct acm_ste_policy_buffer { 176 uint32_t policy_version; /* ACM_STE_VERSION */ 177 uint32_t policy_code; 178 uint32_t ste_max_types; 179 uint32_t ste_max_ssidrefs; 180 uint32_t ste_ssid_offset; 181}; 182 183struct acm_stats_buffer { 184 uint32_t magic; 185 uint32_t len; 186 uint32_t primary_policy_code; 187 uint32_t primary_stats_offset; 188 uint32_t secondary_policy_code; 189 uint32_t secondary_stats_offset; 190}; 191 192struct acm_ste_stats_buffer { 193 uint32_t ec_eval_count; 194 uint32_t gt_eval_count; 195 uint32_t ec_denied_count; 196 uint32_t gt_denied_count; 197 uint32_t ec_cachehit_count; 198 uint32_t gt_cachehit_count; 199}; 200 201struct acm_ssid_buffer { 202 uint32_t len; 203 ssidref_t ssidref; 204 uint32_t policy_reference_offset; 205 uint32_t primary_policy_code; 206 uint32_t primary_max_types; 207 uint32_t primary_types_offset; 208 uint32_t secondary_policy_code; 209 uint32_t secondary_max_types; 210 uint32_t secondary_types_offset; 211}; 212 213#endif 214 215/* 216 * Local variables: 217 * mode: C 218 * c-set-style: "BSD" 219 * c-basic-offset: 4 220 * tab-width: 4 221 * indent-tabs-mode: nil 222 * End: 223 */ 224