|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH RFC] flask: move policy header sources into hypervisor
On Tue, 2012-10-09 at 19:31 +0100, Daniel De Graaf wrote:
> Ian Campbell wrote:
> [...]
> >>> +++ b/xen/xsm/flask/include/av_perm_to_string.h
> > Also, in that case why is this file checked in?
>
> This patch fixes the autogenerated files, but doesn't fully wire them in
> to things like "make clean" or .{git,hg}ignore. I don't see an obvious
> way to clean generated header files in Xen's build system; perhaps
> someone who knows the build system better can point out the right way to
> wire this up.
xen/arch/x86/Makefile has a clean:: rule which removes autogenerated
stuff like the asm-offsets files. Probably the right model to follow.
Ian.
>
> --------------------------------------->8----------------------------
>
> Rather than keeping around headers that are autogenerated in order to
> avoid adding build dependencies from xen/ to files in tools/, move the
> relevant parts of the FLASK policy into the hypervisor tree and generate
> the headers as part of the hypervisor's build.
>
> Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> ---
> tools/flask/policy/Makefile | 2 +-
> tools/flask/policy/policy/flask/Makefile | 41 ------
> xen/xsm/flask/Makefile | 21 +++
> xen/xsm/flask/include/av_perm_to_string.h | 147 -------------------
> xen/xsm/flask/include/av_permissions.h | 157
> ---------------------
> xen/xsm/flask/include/class_to_string.h | 15 --
> xen/xsm/flask/include/flask.h | 35 -----
> xen/xsm/flask/include/initial_sid_to_string.h | 16 ---
> .../flask => xen/xsm/flask/policy}/access_vectors | 0
> .../flask => xen/xsm/flask/policy}/initial_sids | 0
> .../xsm/flask/policy}/mkaccess_vector.sh | 4 +-
> .../flask => xen/xsm/flask/policy}/mkflask.sh | 6 +-
> .../xsm/flask/policy}/security_classes | 0
> 13 files changed, 27 insertions(+), 417 deletions(-)
> delete mode 100644 tools/flask/policy/policy/flask/Makefile
> delete mode 100644 xen/xsm/flask/include/av_perm_to_string.h
> delete mode 100644 xen/xsm/flask/include/av_permissions.h
> delete mode 100644 xen/xsm/flask/include/class_to_string.h
> delete mode 100644 xen/xsm/flask/include/flask.h
> delete mode 100644 xen/xsm/flask/include/initial_sid_to_string.h
> rename {tools/flask/policy/policy/flask =>
> xen/xsm/flask/policy}/access_vectors (100%)
> rename {tools/flask/policy/policy/flask =>
> xen/xsm/flask/policy}/initial_sids (100%)
> rename {tools/flask/policy/policy/flask =>
> xen/xsm/flask/policy}/mkaccess_vector.sh (97%)
> rename {tools/flask/policy/policy/flask => xen/xsm/flask/policy}/mkflask.sh
> (95%)
> rename {tools/flask/policy/policy/flask =>
> xen/xsm/flask/policy}/security_classes (100%)
>
> diff --git a/tools/flask/policy/Makefile b/tools/flask/policy/Makefile
> index 5c25cbe..3f5aa38 100644
> --- a/tools/flask/policy/Makefile
> +++ b/tools/flask/policy/Makefile
> @@ -61,7 +61,7 @@ LOADPOLICY := $(SBINDIR)/flask-loadpolicy
> # policy source layout
> POLDIR := policy
> MODDIR := $(POLDIR)/modules
> -FLASKDIR := $(POLDIR)/flask
> +FLASKDIR := ../../../xen/xsm/flask/policy
> SECCLASS := $(FLASKDIR)/security_classes
> ISIDS := $(FLASKDIR)/initial_sids
> AVS := $(FLASKDIR)/access_vectors
> diff --git a/tools/flask/policy/policy/flask/Makefile
> b/tools/flask/policy/policy/flask/Makefile
> deleted file mode 100644
> index 5f57e88..0000000
> --- a/tools/flask/policy/policy/flask/Makefile
> +++ /dev/null
> @@ -1,41 +0,0 @@
> -# flask needs to know where to export the libselinux headers.
> -LIBSEL ?= ../../libselinux
> -
> -# flask needs to know where to export the kernel headers.
> -LINUXDIR ?= ../../../linux-2.6
> -
> -AWK = awk
> -
> -CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
> - else if [ -x /bin/bash ]; then echo /bin/bash; \
> - else echo sh; fi ; fi)
> -
> -FLASK_H_DEPEND = security_classes initial_sids
> -AV_H_DEPEND = access_vectors
> -
> -FLASK_H_FILES = class_to_string.h flask.h initial_sid_to_string.h
> -AV_H_FILES = av_perm_to_string.h av_permissions.h
> -ALL_H_FILES = $(FLASK_H_FILES) $(AV_H_FILES)
> -
> -all: $(ALL_H_FILES)
> -
> -$(FLASK_H_FILES): $(FLASK_H_DEPEND)
> - $(CONFIG_SHELL) mkflask.sh $(AWK) $(FLASK_H_DEPEND)
> -
> -$(AV_H_FILES): $(AV_H_DEPEND)
> - $(CONFIG_SHELL) mkaccess_vector.sh $(AWK) $(AV_H_DEPEND)
> -
> -tolib: all
> - install -m 644 flask.h av_permissions.h $(LIBSEL)/include/selinux
> - install -m 644 class_to_string.h av_inherit.h common_perm_to_string.h
> av_perm_to_string.h $(LIBSEL)/src
> -
> -tokern: all
> - install -m 644 $(ALL_H_FILES) $(LINUXDIR)/security/selinux/include
> -
> -install: all
> -
> -relabel:
> -
> -clean:
> - rm -f $(FLASK_H_FILES)
> - rm -f $(AV_H_FILES)
> diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile
> index 92fb410..238495a 100644
> --- a/xen/xsm/flask/Makefile
> +++ b/xen/xsm/flask/Makefile
> @@ -5,3 +5,24 @@ obj-y += flask_op.o
> subdir-y += ss
>
> CFLAGS += -I./include
> +
> +AWK = awk
> +
> +CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
> + else if [ -x /bin/bash ]; then echo /bin/bash; \
> + else echo sh; fi ; fi)
> +
> +FLASK_H_DEPEND = policy/security_classes policy/initial_sids
> +AV_H_DEPEND = policy/access_vectors
> +
> +FLASK_H_FILES = include/flask.h include/class_to_string.h
> include/initial_sid_to_string.h
> +AV_H_FILES = include/av_perm_to_string.h include/av_permissions.h
> +ALL_H_FILES = $(FLASK_H_FILES) $(AV_H_FILES)
> +
> +$(obj-y) ss/built_in.o: $(ALL_H_FILES)
> +
> +$(FLASK_H_FILES): $(FLASK_H_DEPEND)
> + $(CONFIG_SHELL) policy/mkflask.sh $(AWK) $(FLASK_H_DEPEND)
> +
> +$(AV_H_FILES): $(AV_H_DEPEND)
> + $(CONFIG_SHELL) policy/mkaccess_vector.sh $(AWK) $(AV_H_DEPEND)
> diff --git a/xen/xsm/flask/include/av_perm_to_string.h
> b/xen/xsm/flask/include/av_perm_to_string.h
> deleted file mode 100644
> index c3f2370..0000000
> --- a/xen/xsm/flask/include/av_perm_to_string.h
> +++ /dev/null
> @@ -1,147 +0,0 @@
> -/* This file is automatically generated. Do not edit. */
> - S_(SECCLASS_XEN, XEN__SCHEDULER, "scheduler")
> - S_(SECCLASS_XEN, XEN__SETTIME, "settime")
> - S_(SECCLASS_XEN, XEN__TBUFCONTROL, "tbufcontrol")
> - S_(SECCLASS_XEN, XEN__READCONSOLE, "readconsole")
> - S_(SECCLASS_XEN, XEN__CLEARCONSOLE, "clearconsole")
> - S_(SECCLASS_XEN, XEN__PERFCONTROL, "perfcontrol")
> - S_(SECCLASS_XEN, XEN__MTRR_ADD, "mtrr_add")
> - S_(SECCLASS_XEN, XEN__MTRR_DEL, "mtrr_del")
> - S_(SECCLASS_XEN, XEN__MTRR_READ, "mtrr_read")
> - S_(SECCLASS_XEN, XEN__MICROCODE, "microcode")
> - S_(SECCLASS_XEN, XEN__PHYSINFO, "physinfo")
> - S_(SECCLASS_XEN, XEN__QUIRK, "quirk")
> - S_(SECCLASS_XEN, XEN__WRITECONSOLE, "writeconsole")
> - S_(SECCLASS_XEN, XEN__READAPIC, "readapic")
> - S_(SECCLASS_XEN, XEN__WRITEAPIC, "writeapic")
> - S_(SECCLASS_XEN, XEN__PRIVPROFILE, "privprofile")
> - S_(SECCLASS_XEN, XEN__NONPRIVPROFILE, "nonprivprofile")
> - S_(SECCLASS_XEN, XEN__KEXEC, "kexec")
> - S_(SECCLASS_XEN, XEN__FIRMWARE, "firmware")
> - S_(SECCLASS_XEN, XEN__SLEEP, "sleep")
> - S_(SECCLASS_XEN, XEN__FREQUENCY, "frequency")
> - S_(SECCLASS_XEN, XEN__GETIDLE, "getidle")
> - S_(SECCLASS_XEN, XEN__DEBUG, "debug")
> - S_(SECCLASS_XEN, XEN__GETCPUINFO, "getcpuinfo")
> - S_(SECCLASS_XEN, XEN__HEAP, "heap")
> - S_(SECCLASS_XEN, XEN__PM_OP, "pm_op")
> - S_(SECCLASS_XEN, XEN__MCA_OP, "mca_op")
> - S_(SECCLASS_XEN, XEN__LOCKPROF, "lockprof")
> - S_(SECCLASS_XEN, XEN__CPUPOOL_OP, "cpupool_op")
> - S_(SECCLASS_XEN, XEN__SCHED_OP, "sched_op")
> - S_(SECCLASS_XEN, XEN__TMEM_OP, "tmem_op")
> - S_(SECCLASS_XEN, XEN__TMEM_CONTROL, "tmem_control")
> - S_(SECCLASS_DOMAIN, DOMAIN__SETVCPUCONTEXT, "setvcpucontext")
> - S_(SECCLASS_DOMAIN, DOMAIN__PAUSE, "pause")
> - S_(SECCLASS_DOMAIN, DOMAIN__UNPAUSE, "unpause")
> - S_(SECCLASS_DOMAIN, DOMAIN__RESUME, "resume")
> - S_(SECCLASS_DOMAIN, DOMAIN__CREATE, "create")
> - S_(SECCLASS_DOMAIN, DOMAIN__TRANSITION, "transition")
> - S_(SECCLASS_DOMAIN, DOMAIN__MAX_VCPUS, "max_vcpus")
> - S_(SECCLASS_DOMAIN, DOMAIN__DESTROY, "destroy")
> - S_(SECCLASS_DOMAIN, DOMAIN__SETVCPUAFFINITY, "setvcpuaffinity")
> - S_(SECCLASS_DOMAIN, DOMAIN__GETVCPUAFFINITY, "getvcpuaffinity")
> - S_(SECCLASS_DOMAIN, DOMAIN__SCHEDULER, "scheduler")
> - S_(SECCLASS_DOMAIN, DOMAIN__GETDOMAININFO, "getdomaininfo")
> - S_(SECCLASS_DOMAIN, DOMAIN__GETVCPUINFO, "getvcpuinfo")
> - S_(SECCLASS_DOMAIN, DOMAIN__GETVCPUCONTEXT, "getvcpucontext")
> - S_(SECCLASS_DOMAIN, DOMAIN__SETDOMAINMAXMEM, "setdomainmaxmem")
> - S_(SECCLASS_DOMAIN, DOMAIN__SETDOMAINHANDLE, "setdomainhandle")
> - S_(SECCLASS_DOMAIN, DOMAIN__SETDEBUGGING, "setdebugging")
> - S_(SECCLASS_DOMAIN, DOMAIN__HYPERCALL, "hypercall")
> - S_(SECCLASS_DOMAIN, DOMAIN__SETTIME, "settime")
> - S_(SECCLASS_DOMAIN, DOMAIN__SET_TARGET, "set_target")
> - S_(SECCLASS_DOMAIN, DOMAIN__SHUTDOWN, "shutdown")
> - S_(SECCLASS_DOMAIN, DOMAIN__SETADDRSIZE, "setaddrsize")
> - S_(SECCLASS_DOMAIN, DOMAIN__GETADDRSIZE, "getaddrsize")
> - S_(SECCLASS_DOMAIN, DOMAIN__TRIGGER, "trigger")
> - S_(SECCLASS_DOMAIN, DOMAIN__GETEXTVCPUCONTEXT, "getextvcpucontext")
> - S_(SECCLASS_DOMAIN, DOMAIN__SETEXTVCPUCONTEXT, "setextvcpucontext")
> - S_(SECCLASS_DOMAIN, DOMAIN__GETVCPUEXTSTATE, "getvcpuextstate")
> - S_(SECCLASS_DOMAIN, DOMAIN__SETVCPUEXTSTATE, "setvcpuextstate")
> - S_(SECCLASS_DOMAIN, DOMAIN__GETPODTARGET, "getpodtarget")
> - S_(SECCLASS_DOMAIN, DOMAIN__SETPODTARGET, "setpodtarget")
> - S_(SECCLASS_DOMAIN, DOMAIN__SET_MISC_INFO, "set_misc_info")
> - S_(SECCLASS_DOMAIN, DOMAIN__SET_VIRQ_HANDLER, "set_virq_handler")
> - S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELFROM, "relabelfrom")
> - S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELTO, "relabelto")
> - S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELSELF, "relabelself")
> - S_(SECCLASS_DOMAIN2, DOMAIN2__MAKE_PRIV_FOR, "make_priv_for")
> - S_(SECCLASS_DOMAIN2, DOMAIN2__SET_AS_TARGET, "set_as_target")
> - S_(SECCLASS_DOMAIN2, DOMAIN2__SET_CPUID, "set_cpuid")
> - S_(SECCLASS_DOMAIN2, DOMAIN2__GETTSC, "gettsc")
> - S_(SECCLASS_DOMAIN2, DOMAIN2__SETTSC, "settsc")
> - S_(SECCLASS_HVM, HVM__SETHVMC, "sethvmc")
> - S_(SECCLASS_HVM, HVM__GETHVMC, "gethvmc")
> - S_(SECCLASS_HVM, HVM__SETPARAM, "setparam")
> - S_(SECCLASS_HVM, HVM__GETPARAM, "getparam")
> - S_(SECCLASS_HVM, HVM__PCILEVEL, "pcilevel")
> - S_(SECCLASS_HVM, HVM__IRQLEVEL, "irqlevel")
> - S_(SECCLASS_HVM, HVM__PCIROUTE, "pciroute")
> - S_(SECCLASS_HVM, HVM__BIND_IRQ, "bind_irq")
> - S_(SECCLASS_HVM, HVM__CACHEATTR, "cacheattr")
> - S_(SECCLASS_HVM, HVM__TRACKDIRTYVRAM, "trackdirtyvram")
> - S_(SECCLASS_HVM, HVM__HVMCTL, "hvmctl")
> - S_(SECCLASS_HVM, HVM__MEM_EVENT, "mem_event")
> - S_(SECCLASS_HVM, HVM__MEM_SHARING, "mem_sharing")
> - S_(SECCLASS_HVM, HVM__AUDIT_P2M, "audit_p2m")
> - S_(SECCLASS_HVM, HVM__SEND_IRQ, "send_irq")
> - S_(SECCLASS_HVM, HVM__SHARE_MEM, "share_mem")
> - S_(SECCLASS_EVENT, EVENT__BIND, "bind")
> - S_(SECCLASS_EVENT, EVENT__SEND, "send")
> - S_(SECCLASS_EVENT, EVENT__STATUS, "status")
> - S_(SECCLASS_EVENT, EVENT__NOTIFY, "notify")
> - S_(SECCLASS_EVENT, EVENT__CREATE, "create")
> - S_(SECCLASS_EVENT, EVENT__RESET, "reset")
> - S_(SECCLASS_GRANT, GRANT__MAP_READ, "map_read")
> - S_(SECCLASS_GRANT, GRANT__MAP_WRITE, "map_write")
> - S_(SECCLASS_GRANT, GRANT__UNMAP, "unmap")
> - S_(SECCLASS_GRANT, GRANT__TRANSFER, "transfer")
> - S_(SECCLASS_GRANT, GRANT__SETUP, "setup")
> - S_(SECCLASS_GRANT, GRANT__COPY, "copy")
> - S_(SECCLASS_GRANT, GRANT__QUERY, "query")
> - S_(SECCLASS_MMU, MMU__MAP_READ, "map_read")
> - S_(SECCLASS_MMU, MMU__MAP_WRITE, "map_write")
> - S_(SECCLASS_MMU, MMU__PAGEINFO, "pageinfo")
> - S_(SECCLASS_MMU, MMU__PAGELIST, "pagelist")
> - S_(SECCLASS_MMU, MMU__ADJUST, "adjust")
> - S_(SECCLASS_MMU, MMU__STAT, "stat")
> - S_(SECCLASS_MMU, MMU__TRANSLATEGP, "translategp")
> - S_(SECCLASS_MMU, MMU__UPDATEMP, "updatemp")
> - S_(SECCLASS_MMU, MMU__PHYSMAP, "physmap")
> - S_(SECCLASS_MMU, MMU__PINPAGE, "pinpage")
> - S_(SECCLASS_MMU, MMU__MFNLIST, "mfnlist")
> - S_(SECCLASS_MMU, MMU__MEMORYMAP, "memorymap")
> - S_(SECCLASS_MMU, MMU__REMOTE_REMAP, "remote_remap")
> - S_(SECCLASS_MMU, MMU__MMUEXT_OP, "mmuext_op")
> - S_(SECCLASS_MMU, MMU__EXCHANGE, "exchange")
> - S_(SECCLASS_SHADOW, SHADOW__DISABLE, "disable")
> - S_(SECCLASS_SHADOW, SHADOW__ENABLE, "enable")
> - S_(SECCLASS_SHADOW, SHADOW__LOGDIRTY, "logdirty")
> - S_(SECCLASS_RESOURCE, RESOURCE__ADD, "add")
> - S_(SECCLASS_RESOURCE, RESOURCE__REMOVE, "remove")
> - S_(SECCLASS_RESOURCE, RESOURCE__USE, "use")
> - S_(SECCLASS_RESOURCE, RESOURCE__ADD_IRQ, "add_irq")
> - S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_IRQ, "remove_irq")
> - S_(SECCLASS_RESOURCE, RESOURCE__ADD_IOPORT, "add_ioport")
> - S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_IOPORT, "remove_ioport")
> - S_(SECCLASS_RESOURCE, RESOURCE__ADD_IOMEM, "add_iomem")
> - S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_IOMEM, "remove_iomem")
> - S_(SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE, "stat_device")
> - S_(SECCLASS_RESOURCE, RESOURCE__ADD_DEVICE, "add_device")
> - S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_DEVICE, "remove_device")
> - S_(SECCLASS_RESOURCE, RESOURCE__PLUG, "plug")
> - S_(SECCLASS_RESOURCE, RESOURCE__UNPLUG, "unplug")
> - S_(SECCLASS_RESOURCE, RESOURCE__SETUP, "setup")
> - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av")
> - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create")
> - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member")
> - S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context")
> - S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy")
> - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel")
> - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user")
> - S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce")
> - S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool")
> - S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam")
> - S_(SECCLASS_SECURITY, SECURITY__ADD_OCONTEXT, "add_ocontext")
> - S_(SECCLASS_SECURITY, SECURITY__DEL_OCONTEXT, "del_ocontext")
> diff --git a/xen/xsm/flask/include/av_permissions.h
> b/xen/xsm/flask/include/av_permissions.h
> deleted file mode 100644
> index 65302e8..0000000
> --- a/xen/xsm/flask/include/av_permissions.h
> +++ /dev/null
> @@ -1,157 +0,0 @@
> -/* This file is automatically generated. Do not edit. */
> -#define XEN__SCHEDULER 0x00000001UL
> -#define XEN__SETTIME 0x00000002UL
> -#define XEN__TBUFCONTROL 0x00000004UL
> -#define XEN__READCONSOLE 0x00000008UL
> -#define XEN__CLEARCONSOLE 0x00000010UL
> -#define XEN__PERFCONTROL 0x00000020UL
> -#define XEN__MTRR_ADD 0x00000040UL
> -#define XEN__MTRR_DEL 0x00000080UL
> -#define XEN__MTRR_READ 0x00000100UL
> -#define XEN__MICROCODE 0x00000200UL
> -#define XEN__PHYSINFO 0x00000400UL
> -#define XEN__QUIRK 0x00000800UL
> -#define XEN__WRITECONSOLE 0x00001000UL
> -#define XEN__READAPIC 0x00002000UL
> -#define XEN__WRITEAPIC 0x00004000UL
> -#define XEN__PRIVPROFILE 0x00008000UL
> -#define XEN__NONPRIVPROFILE 0x00010000UL
> -#define XEN__KEXEC 0x00020000UL
> -#define XEN__FIRMWARE 0x00040000UL
> -#define XEN__SLEEP 0x00080000UL
> -#define XEN__FREQUENCY 0x00100000UL
> -#define XEN__GETIDLE 0x00200000UL
> -#define XEN__DEBUG 0x00400000UL
> -#define XEN__GETCPUINFO 0x00800000UL
> -#define XEN__HEAP 0x01000000UL
> -#define XEN__PM_OP 0x02000000UL
> -#define XEN__MCA_OP 0x04000000UL
> -#define XEN__LOCKPROF 0x08000000UL
> -#define XEN__CPUPOOL_OP 0x10000000UL
> -#define XEN__SCHED_OP 0x20000000UL
> -#define XEN__TMEM_OP 0x40000000UL
> -#define XEN__TMEM_CONTROL 0x80000000UL
> -
> -#define DOMAIN__SETVCPUCONTEXT 0x00000001UL
> -#define DOMAIN__PAUSE 0x00000002UL
> -#define DOMAIN__UNPAUSE 0x00000004UL
> -#define DOMAIN__RESUME 0x00000008UL
> -#define DOMAIN__CREATE 0x00000010UL
> -#define DOMAIN__TRANSITION 0x00000020UL
> -#define DOMAIN__MAX_VCPUS 0x00000040UL
> -#define DOMAIN__DESTROY 0x00000080UL
> -#define DOMAIN__SETVCPUAFFINITY 0x00000100UL
> -#define DOMAIN__GETVCPUAFFINITY 0x00000200UL
> -#define DOMAIN__SCHEDULER 0x00000400UL
> -#define DOMAIN__GETDOMAININFO 0x00000800UL
> -#define DOMAIN__GETVCPUINFO 0x00001000UL
> -#define DOMAIN__GETVCPUCONTEXT 0x00002000UL
> -#define DOMAIN__SETDOMAINMAXMEM 0x00004000UL
> -#define DOMAIN__SETDOMAINHANDLE 0x00008000UL
> -#define DOMAIN__SETDEBUGGING 0x00010000UL
> -#define DOMAIN__HYPERCALL 0x00020000UL
> -#define DOMAIN__SETTIME 0x00040000UL
> -#define DOMAIN__SET_TARGET 0x00080000UL
> -#define DOMAIN__SHUTDOWN 0x00100000UL
> -#define DOMAIN__SETADDRSIZE 0x00200000UL
> -#define DOMAIN__GETADDRSIZE 0x00400000UL
> -#define DOMAIN__TRIGGER 0x00800000UL
> -#define DOMAIN__GETEXTVCPUCONTEXT 0x01000000UL
> -#define DOMAIN__SETEXTVCPUCONTEXT 0x02000000UL
> -#define DOMAIN__GETVCPUEXTSTATE 0x04000000UL
> -#define DOMAIN__SETVCPUEXTSTATE 0x08000000UL
> -#define DOMAIN__GETPODTARGET 0x10000000UL
> -#define DOMAIN__SETPODTARGET 0x20000000UL
> -#define DOMAIN__SET_MISC_INFO 0x40000000UL
> -#define DOMAIN__SET_VIRQ_HANDLER 0x80000000UL
> -
> -#define DOMAIN2__RELABELFROM 0x00000001UL
> -#define DOMAIN2__RELABELTO 0x00000002UL
> -#define DOMAIN2__RELABELSELF 0x00000004UL
> -#define DOMAIN2__MAKE_PRIV_FOR 0x00000008UL
> -#define DOMAIN2__SET_AS_TARGET 0x00000010UL
> -#define DOMAIN2__SET_CPUID 0x00000020UL
> -#define DOMAIN2__GETTSC 0x00000040UL
> -#define DOMAIN2__SETTSC 0x00000080UL
> -
> -#define HVM__SETHVMC 0x00000001UL
> -#define HVM__GETHVMC 0x00000002UL
> -#define HVM__SETPARAM 0x00000004UL
> -#define HVM__GETPARAM 0x00000008UL
> -#define HVM__PCILEVEL 0x00000010UL
> -#define HVM__IRQLEVEL 0x00000020UL
> -#define HVM__PCIROUTE 0x00000040UL
> -#define HVM__BIND_IRQ 0x00000080UL
> -#define HVM__CACHEATTR 0x00000100UL
> -#define HVM__TRACKDIRTYVRAM 0x00000200UL
> -#define HVM__HVMCTL 0x00000400UL
> -#define HVM__MEM_EVENT 0x00000800UL
> -#define HVM__MEM_SHARING 0x00001000UL
> -#define HVM__AUDIT_P2M 0x00002000UL
> -#define HVM__SEND_IRQ 0x00004000UL
> -#define HVM__SHARE_MEM 0x00008000UL
> -
> -#define EVENT__BIND 0x00000001UL
> -#define EVENT__SEND 0x00000002UL
> -#define EVENT__STATUS 0x00000004UL
> -#define EVENT__NOTIFY 0x00000008UL
> -#define EVENT__CREATE 0x00000010UL
> -#define EVENT__RESET 0x00000020UL
> -
> -#define GRANT__MAP_READ 0x00000001UL
> -#define GRANT__MAP_WRITE 0x00000002UL
> -#define GRANT__UNMAP 0x00000004UL
> -#define GRANT__TRANSFER 0x00000008UL
> -#define GRANT__SETUP 0x00000010UL
> -#define GRANT__COPY 0x00000020UL
> -#define GRANT__QUERY 0x00000040UL
> -
> -#define MMU__MAP_READ 0x00000001UL
> -#define MMU__MAP_WRITE 0x00000002UL
> -#define MMU__PAGEINFO 0x00000004UL
> -#define MMU__PAGELIST 0x00000008UL
> -#define MMU__ADJUST 0x00000010UL
> -#define MMU__STAT 0x00000020UL
> -#define MMU__TRANSLATEGP 0x00000040UL
> -#define MMU__UPDATEMP 0x00000080UL
> -#define MMU__PHYSMAP 0x00000100UL
> -#define MMU__PINPAGE 0x00000200UL
> -#define MMU__MFNLIST 0x00000400UL
> -#define MMU__MEMORYMAP 0x00000800UL
> -#define MMU__REMOTE_REMAP 0x00001000UL
> -#define MMU__MMUEXT_OP 0x00002000UL
> -#define MMU__EXCHANGE 0x00004000UL
> -
> -#define SHADOW__DISABLE 0x00000001UL
> -#define SHADOW__ENABLE 0x00000002UL
> -#define SHADOW__LOGDIRTY 0x00000004UL
> -
> -#define RESOURCE__ADD 0x00000001UL
> -#define RESOURCE__REMOVE 0x00000002UL
> -#define RESOURCE__USE 0x00000004UL
> -#define RESOURCE__ADD_IRQ 0x00000008UL
> -#define RESOURCE__REMOVE_IRQ 0x00000010UL
> -#define RESOURCE__ADD_IOPORT 0x00000020UL
> -#define RESOURCE__REMOVE_IOPORT 0x00000040UL
> -#define RESOURCE__ADD_IOMEM 0x00000080UL
> -#define RESOURCE__REMOVE_IOMEM 0x00000100UL
> -#define RESOURCE__STAT_DEVICE 0x00000200UL
> -#define RESOURCE__ADD_DEVICE 0x00000400UL
> -#define RESOURCE__REMOVE_DEVICE 0x00000800UL
> -#define RESOURCE__PLUG 0x00001000UL
> -#define RESOURCE__UNPLUG 0x00002000UL
> -#define RESOURCE__SETUP 0x00004000UL
> -
> -#define SECURITY__COMPUTE_AV 0x00000001UL
> -#define SECURITY__COMPUTE_CREATE 0x00000002UL
> -#define SECURITY__COMPUTE_MEMBER 0x00000004UL
> -#define SECURITY__CHECK_CONTEXT 0x00000008UL
> -#define SECURITY__LOAD_POLICY 0x00000010UL
> -#define SECURITY__COMPUTE_RELABEL 0x00000020UL
> -#define SECURITY__COMPUTE_USER 0x00000040UL
> -#define SECURITY__SETENFORCE 0x00000080UL
> -#define SECURITY__SETBOOL 0x00000100UL
> -#define SECURITY__SETSECPARAM 0x00000200UL
> -#define SECURITY__ADD_OCONTEXT 0x00000400UL
> -#define SECURITY__DEL_OCONTEXT 0x00000800UL
> -
> diff --git a/xen/xsm/flask/include/class_to_string.h
> b/xen/xsm/flask/include/class_to_string.h
> deleted file mode 100644
> index 7716645..0000000
> --- a/xen/xsm/flask/include/class_to_string.h
> +++ /dev/null
> @@ -1,15 +0,0 @@
> -/* This file is automatically generated. Do not edit. */
> -/*
> - * Security object class definitions
> - */
> - S_("null")
> - S_("xen")
> - S_("domain")
> - S_("domain2")
> - S_("hvm")
> - S_("mmu")
> - S_("resource")
> - S_("shadow")
> - S_("event")
> - S_("grant")
> - S_("security")
> diff --git a/xen/xsm/flask/include/flask.h b/xen/xsm/flask/include/flask.h
> deleted file mode 100644
> index 3bff998..0000000
> --- a/xen/xsm/flask/include/flask.h
> +++ /dev/null
> @@ -1,35 +0,0 @@
> -/* This file is automatically generated. Do not edit. */
> -#ifndef _SELINUX_FLASK_H_
> -#define _SELINUX_FLASK_H_
> -
> -/*
> - * Security object class definitions
> - */
> -#define SECCLASS_XEN 1
> -#define SECCLASS_DOMAIN 2
> -#define SECCLASS_DOMAIN2 3
> -#define SECCLASS_HVM 4
> -#define SECCLASS_MMU 5
> -#define SECCLASS_RESOURCE 6
> -#define SECCLASS_SHADOW 7
> -#define SECCLASS_EVENT 8
> -#define SECCLASS_GRANT 9
> -#define SECCLASS_SECURITY 10
> -
> -/*
> - * Security identifier indices for initial entities
> - */
> -#define SECINITSID_XEN 1
> -#define SECINITSID_DOM0 2
> -#define SECINITSID_DOMIO 3
> -#define SECINITSID_DOMXEN 4
> -#define SECINITSID_UNLABELED 5
> -#define SECINITSID_SECURITY 6
> -#define SECINITSID_IOPORT 7
> -#define SECINITSID_IOMEM 8
> -#define SECINITSID_IRQ 9
> -#define SECINITSID_DEVICE 10
> -
> -#define SECINITSID_NUM 10
> -
> -#endif
> diff --git a/xen/xsm/flask/include/initial_sid_to_string.h
> b/xen/xsm/flask/include/initial_sid_to_string.h
> deleted file mode 100644
> index 814f4bf..0000000
> --- a/xen/xsm/flask/include/initial_sid_to_string.h
> +++ /dev/null
> @@ -1,16 +0,0 @@
> -/* This file is automatically generated. Do not edit. */
> -static char *initial_sid_to_string[] =
> -{
> - "null",
> - "xen",
> - "dom0",
> - "domio",
> - "domxen",
> - "unlabeled",
> - "security",
> - "ioport",
> - "iomem",
> - "irq",
> - "device",
> -};
> -
> diff --git a/tools/flask/policy/policy/flask/access_vectors
> b/xen/xsm/flask/policy/access_vectors
> similarity index 100%
> rename from tools/flask/policy/policy/flask/access_vectors
> rename to xen/xsm/flask/policy/access_vectors
> diff --git a/tools/flask/policy/policy/flask/initial_sids
> b/xen/xsm/flask/policy/initial_sids
> similarity index 100%
> rename from tools/flask/policy/policy/flask/initial_sids
> rename to xen/xsm/flask/policy/initial_sids
> diff --git a/tools/flask/policy/policy/flask/mkaccess_vector.sh
> b/xen/xsm/flask/policy/mkaccess_vector.sh
> similarity index 97%
> rename from tools/flask/policy/policy/flask/mkaccess_vector.sh
> rename to xen/xsm/flask/policy/mkaccess_vector.sh
> index 43a60a7..8ec87f7 100644
> --- a/tools/flask/policy/policy/flask/mkaccess_vector.sh
> +++ b/xen/xsm/flask/policy/mkaccess_vector.sh
> @@ -9,8 +9,8 @@ awk=$1
> shift
>
> # output files
> -av_permissions="av_permissions.h"
> -av_perm_to_string="av_perm_to_string.h"
> +av_permissions="include/av_permissions.h"
> +av_perm_to_string="include/av_perm_to_string.h"
>
> cat $* | $awk "
> BEGIN {
> diff --git a/tools/flask/policy/policy/flask/mkflask.sh
> b/xen/xsm/flask/policy/mkflask.sh
> similarity index 95%
> rename from tools/flask/policy/policy/flask/mkflask.sh
> rename to xen/xsm/flask/policy/mkflask.sh
> index 9c84754..e8d8fb5 100644
> --- a/tools/flask/policy/policy/flask/mkflask.sh
> +++ b/xen/xsm/flask/policy/mkflask.sh
> @@ -9,9 +9,9 @@ awk=$1
> shift 1
>
> # output file
> -output_file="flask.h"
> -debug_file="class_to_string.h"
> -debug_file2="initial_sid_to_string.h"
> +output_file="include/flask.h"
> +debug_file="include/class_to_string.h"
> +debug_file2="include/initial_sid_to_string.h"
>
> cat $* | $awk "
> BEGIN {
> diff --git a/tools/flask/policy/policy/flask/security_classes
> b/xen/xsm/flask/policy/security_classes
> similarity index 100%
> rename from tools/flask/policy/policy/flask/security_classes
> rename to xen/xsm/flask/policy/security_classes
> --
> 1.7.11.4
>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |