[PATCH] choose security model for ACM at built-time

[PATCH] choose security model for ACM at built-time

[aq]

[-- Attachment #1: Type: text/plain, Size: 640 bytes --]

At the moment, there is a problem with ACM: it is impossible to set
ACM security model at built-time, so even with ACM is chosen to build,
the default policy is NULL, which is useless.

This patch propose a solution to this problem: build process will
generate a header file (include/public/acm_policy.h) based on the
value set in xen/Makefile or at command-line, and gets acm.h included
it.

Signed-off-by: Nguyen Anh Quynh <aquynh@gmail.com>


$ diffstat acm6.patch 
 xen/Makefile             |   27 +++++++++++++++++++++++++--
 xen/include/public/acm.h |    9 +++------
 2 files changed, 28 insertions(+), 8 deletions(-)

[-- Attachment #2: acm6.patch --]
[-- Type: application/octet-stream, Size: 2816 bytes --]

===== xen/Makefile 1.86 vs edited =====
--- 1.86/xen/Makefile	2005-06-22 23:18:11 +09:00
+++ edited/xen/Makefile	2005-06-24 23:39:45 +09:00
@@ -15,6 +15,14 @@
 
 export BASEDIR          := $(CURDIR)
 
+# ACM_USE_SECURITY_POLICY is set to security policy for Xen
+# Supported models are:
+#	ACM_NULL_POLICY (ACM will not be built with this policy)
+#	ACM_CHINESE_WALL_POLICY
+#	ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
+#	ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
+ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
+
 include Rules.mk
 
 default: build
@@ -54,20 +62,35 @@
 
 $(TARGET): delete-unfresh-files
 	$(MAKE) include/xen/compile.h
+	$(MAKE) include/public/acm_policy.h
 	[ -e include/asm ] || ln -sf asm-$(TARGET_ARCH) include/asm
 	$(MAKE) -C arch/$(TARGET_ARCH) asm-offsets.s
 	$(MAKE) include/asm-$(TARGET_ARCH)/asm-offsets.h
 	$(MAKE) -C common
 	$(MAKE) -C drivers
-ifdef ACM_USE_SECURITY_POLICY
+ifneq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY)
 	$(MAKE) -C acm
 endif
 	$(MAKE) -C arch/$(TARGET_ARCH)
 
 # drivers/char/console.o may contain static banner/compile info. Blow it away.
 delete-unfresh-files:
-	rm -f include/xen/banner.h include/xen/compile.h drivers/char/console.o
+	rm -f include/xen/banner.h include/xen/compile.h include/public/acm_policy.h drivers/char/console.o
 	$(MAKE) -C arch/$(TARGET_ARCH) delete-unfresh-files
+
+# acm_policy.h contains security policy for Xen
+include/public/acm_policy.h:
+	@(set -e; \
+	  echo "/*"; \
+	  echo " * DO NOT MODIFY."; \
+	  echo " *"; \
+	  echo " * This file was auto-generated by xen/Makefile $<"; \
+	  echo " *"; \
+	  echo " */"; \
+	  echo ""; \
+	  echo "#ifndef ACM_USE_SECURITY_POLICY"; \
+	  echo "#define ACM_USE_SECURITY_POLICY $(ACM_USE_SECURITY_POLICY)"; \
+	  echo "#endif") >$@
 
 # compile.h contains dynamic build info. Rebuilt on every 'make' invocation.
 include/xen/compile.h: LANG=C
===== xen/include/public/acm.h 1.1 vs edited =====
--- 1.1/xen/include/public/acm.h	2005-06-21 07:28:06 +09:00
+++ edited/xen/include/public/acm.h	2005-06-25 00:18:40 +09:00
@@ -22,11 +22,12 @@
  * todo: move from static policy choice to compile option.
  */
 
-#ifndef _XEN_PUBLIC_SHYPE_H
-#define _XEN_PUBLIC_SHYPE_H
+#ifndef _XEN_PUBLIC_ACM_H
+#define _XEN_PUBLIC_ACM_H
 
 #include "xen.h"
 #include "sched_ctl.h"
+#include "acm_policy.h"
 
 /* if ACM_DEBUG defined, all hooks should
  * print a short trace message (comment it out
@@ -70,10 +71,6 @@
 	(X == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "SIMPLE TYPE ENFORCEMENT policy" : \
 	(X == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \
 	"UNDEFINED policy"
-
-#ifndef ACM_USE_SECURITY_POLICY
-#define ACM_USE_SECURITY_POLICY ACM_NULL_POLICY
-#endif
 
 /* defines a ssid reference used by xen */
 typedef u32 ssidref_t;

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: [PATCH] choose security model for ACM at built-time

[Keir Fraser]

On 24 Jun 2005, at 16:33, aq wrote:

> At the moment, there is a problem with ACM: it is impossible to set
> ACM security model at built-time, so even with ACM is chosen to build,
> the default policy is NULL, which is useless.
>
> This patch propose a solution to this problem: build process will
> generate a header file (include/public/acm_policy.h) based on the
> value set in xen/Makefile or at command-line, and gets acm.h included
> it.

Looks fine, but:

Firstly, is the configured policy something that needs to be propagated 
to user tools (i.e., should the generated header reside within 
include/public or should it be in include/xen)?

Secondly, you missed conditional inclusion of acm/acm.o into the 
ALL_OBJS list in xen/Rules.mk. Also, the definition of 
ACM_USE_SECURITY_POLICY probably belongs more correctly in Rules.mk 
rather than the Makefile.

  -- Keir

Re: [PATCH] choose security model for ACM at built-time

[aq]

[-- Attachment #1: Type: text/plain, Size: 1362 bytes --]

On 6/25/05, Keir Fraser <Keir.Fraser@cl.cam.ac.uk> wrote:
> 
> On 24 Jun 2005, at 16:33, aq wrote:
> 
> > At the moment, there is a problem with ACM: it is impossible to set
> > ACM security model at built-time, so even with ACM is chosen to build,
> > the default policy is NULL, which is useless.
> >
> > This patch propose a solution to this problem: build process will
> > generate a header file (include/public/acm_policy.h) based on the
> > value set in xen/Makefile or at command-line, and gets acm.h included
> > it.
> 
> Looks fine, but:
> 
> Firstly, is the configured policy something that needs to be propagated
> to user tools (i.e., should the generated header reside within
> include/public or should it be in include/xen)?
> 

i guess not. so right, it is better to put it into include/xen

> Secondly, you missed conditional inclusion of acm/acm.o into the
> ALL_OBJS list in xen/Rules.mk. Also, the definition of
> ACM_USE_SECURITY_POLICY probably belongs more correctly in Rules.mk
> rather than the Makefile.
> 

ok, please take this revision.

Signed-off-by: Nguyen Anh Quynh <aquynh@gmail.com>


$ diffstat acm7.patch 
 Makefile             |   19 +++++++++++++++++--
 Rules.mk             |   13 ++++++++++---
 include/public/acm.h |    9 +++------
 3 files changed, 30 insertions(+), 11 deletions(-)

[-- Attachment #2: acm7.patch --]
[-- Type: application/octet-stream, Size: 3412 bytes --]

===== xen/Makefile 1.86 vs edited =====
--- 1.86/xen/Makefile	2005-06-22 23:18:11 +09:00
+++ edited/xen/Makefile	2005-06-25 08:13:17 +09:00
@@ -54,20 +54,35 @@
 
 $(TARGET): delete-unfresh-files
 	$(MAKE) include/xen/compile.h
+	$(MAKE) include/xen/acm_policy.h
 	[ -e include/asm ] || ln -sf asm-$(TARGET_ARCH) include/asm
 	$(MAKE) -C arch/$(TARGET_ARCH) asm-offsets.s
 	$(MAKE) include/asm-$(TARGET_ARCH)/asm-offsets.h
 	$(MAKE) -C common
 	$(MAKE) -C drivers
-ifdef ACM_USE_SECURITY_POLICY
+ifneq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY)
 	$(MAKE) -C acm
 endif
 	$(MAKE) -C arch/$(TARGET_ARCH)
 
 # drivers/char/console.o may contain static banner/compile info. Blow it away.
 delete-unfresh-files:
-	rm -f include/xen/banner.h include/xen/compile.h drivers/char/console.o
+	rm -f include/xen/banner.h include/xen/compile.h include/xen/acm_policy.h drivers/char/console.o
 	$(MAKE) -C arch/$(TARGET_ARCH) delete-unfresh-files
+
+# acm_policy.h contains security policy for Xen
+include/xen/acm_policy.h:
+	@(set -e; \
+	  echo "/*"; \
+	  echo " * DO NOT MODIFY."; \
+	  echo " *"; \
+	  echo " * This file was auto-generated by xen/Makefile $<"; \
+	  echo " *"; \
+	  echo " */"; \
+	  echo ""; \
+	  echo "#ifndef ACM_USE_SECURITY_POLICY"; \
+	  echo "#define ACM_USE_SECURITY_POLICY $(ACM_USE_SECURITY_POLICY)"; \
+	  echo "#endif") >$@
 
 # compile.h contains dynamic build info. Rebuilt on every 'make' invocation.
 include/xen/compile.h: LANG=C
===== xen/Rules.mk 1.45 vs edited =====
--- 1.45/xen/Rules.mk	2005-06-22 23:18:11 +09:00
+++ edited/xen/Rules.mk	2005-06-25 08:13:17 +09:00
@@ -1,4 +1,3 @@
-
 verbose     ?= n
 debug       ?= n
 perfc       ?= n
@@ -8,6 +7,14 @@
 domu_debug  ?= n
 crash_debug ?= n
 
+# ACM_USE_SECURITY_POLICY is set to security policy of Xen
+# Supported models are:
+#	ACM_NULL_POLICY (ACM will not be built with this policy)
+#	ACM_CHINESE_WALL_POLICY
+#	ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
+#	ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
+ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
+
 include $(BASEDIR)/../Config.mk
 
 # Set ARCH/SUBARCH appropriately.
@@ -35,8 +42,8 @@
 ALL_OBJS := $(BASEDIR)/common/common.o
 ALL_OBJS += $(BASEDIR)/drivers/char/driver.o
 ALL_OBJS += $(BASEDIR)/drivers/acpi/driver.o
-ifdef ACM_USE_SECURITY_POLICY
-ALL_OBJS += $(BASEDIR)/acm/acm.o
+ifneq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY)
+	ALL_OBJS += $(BASEDIR)/acm/acm.o
 endif
 ALL_OBJS += $(BASEDIR)/arch/$(TARGET_ARCH)/arch.o
 
===== xen/include/public/acm.h 1.1 vs edited =====
--- 1.1/xen/include/public/acm.h	2005-06-21 07:28:06 +09:00
+++ edited/xen/include/public/acm.h	2005-06-25 08:13:17 +09:00
@@ -22,11 +22,12 @@
  * todo: move from static policy choice to compile option.
  */
 
-#ifndef _XEN_PUBLIC_SHYPE_H
-#define _XEN_PUBLIC_SHYPE_H
+#ifndef _XEN_PUBLIC_ACM_H
+#define _XEN_PUBLIC_ACM_H
 
 #include "xen.h"
 #include "sched_ctl.h"
+#include "xen/acm_policy.h"
 
 /* if ACM_DEBUG defined, all hooks should
  * print a short trace message (comment it out
@@ -70,10 +71,6 @@
 	(X == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "SIMPLE TYPE ENFORCEMENT policy" : \
 	(X == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \
 	"UNDEFINED policy"
-
-#ifndef ACM_USE_SECURITY_POLICY
-#define ACM_USE_SECURITY_POLICY ACM_NULL_POLICY
-#endif
 
 /* defines a ssid reference used by xen */
 typedef u32 ssidref_t;

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel