[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 19/19] flask: move policy headers into hypervisor
Rather than keeping around headers that are autogenerated in order to avoid adding build dependencies from xen/ to files in tools/, move the relevant parts of the FLASK policy into the hypervisor tree and generate the headers as part of the hypervisor's build. Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> --- .gitignore | 5 + .hgignore | 5 + tools/flask/policy/Makefile | 2 +- tools/flask/policy/policy/flask/Makefile | 41 ------ xen/xsm/flask/Makefile | 25 ++++ xen/xsm/flask/include/av_perm_to_string.h | 147 ------------------- xen/xsm/flask/include/av_permissions.h | 157 --------------------- xen/xsm/flask/include/class_to_string.h | 15 -- xen/xsm/flask/include/flask.h | 35 ----- xen/xsm/flask/include/initial_sid_to_string.h | 16 --- .../flask => xen/xsm/flask/policy}/access_vectors | 0 .../flask => xen/xsm/flask/policy}/initial_sids | 0 .../xsm/flask/policy}/mkaccess_vector.sh | 4 +- .../flask => xen/xsm/flask/policy}/mkflask.sh | 6 +- .../xsm/flask/policy}/security_classes | 0 15 files changed, 41 insertions(+), 417 deletions(-) delete mode 100644 tools/flask/policy/policy/flask/Makefile delete mode 100644 xen/xsm/flask/include/av_perm_to_string.h delete mode 100644 xen/xsm/flask/include/av_permissions.h delete mode 100644 xen/xsm/flask/include/class_to_string.h delete mode 100644 xen/xsm/flask/include/flask.h delete mode 100644 xen/xsm/flask/include/initial_sid_to_string.h rename {tools/flask/policy/policy/flask => xen/xsm/flask/policy}/access_vectors (100%) rename {tools/flask/policy/policy/flask => xen/xsm/flask/policy}/initial_sids (100%) rename {tools/flask/policy/policy/flask => xen/xsm/flask/policy}/mkaccess_vector.sh (97%) rename {tools/flask/policy/policy/flask => xen/xsm/flask/policy}/mkflask.sh (95%) rename {tools/flask/policy/policy/flask => xen/xsm/flask/policy}/security_classes (100%) diff --git a/.gitignore b/.gitignore index f6edc43..aac7a14 100644 --- a/.gitignore +++ b/.gitignore @@ -309,6 +309,11 @@ xen/include/xen/banner.h xen/include/xen/compile.h xen/tools/figlet/figlet xen/tools/symbols +xen/xsm/flask/include/av_perm_to_string.h +xen/xsm/flask/include/av_permissions.h +xen/xsm/flask/include/class_to_string.h +xen/xsm/flask/include/flask.h +xen/xsm/flask/include/initial_sid_to_string.h xen/xen xen/xen-syms xen/xen.* diff --git a/.hgignore b/.hgignore index 344792a..5ed903f 100644 --- a/.hgignore +++ b/.hgignore @@ -339,6 +339,11 @@ ^xen/include/xen/compile\.h$ ^xen/tools/figlet/figlet$ ^xen/tools/symbols$ +^xen/xsm/flask/include/av_perm_to_string\.h$ +^xen/xsm/flask/include/av_permissions\.h$ +^xen/xsm/flask/include/class_to_string\.h$ +^xen/xsm/flask/include/flask\.h$ +^xen/xsm/flask/include/initial_sid_to_string\.h$ ^xen/xen$ ^xen/xen-syms$ ^xen/xen\..*$ diff --git a/tools/flask/policy/Makefile b/tools/flask/policy/Makefile index 5c25cbe..3f5aa38 100644 --- a/tools/flask/policy/Makefile +++ b/tools/flask/policy/Makefile @@ -61,7 +61,7 @@ LOADPOLICY := $(SBINDIR)/flask-loadpolicy # policy source layout POLDIR := policy MODDIR := $(POLDIR)/modules -FLASKDIR := $(POLDIR)/flask +FLASKDIR := ../../../xen/xsm/flask/policy SECCLASS := $(FLASKDIR)/security_classes ISIDS := $(FLASKDIR)/initial_sids AVS := $(FLASKDIR)/access_vectors diff --git a/tools/flask/policy/policy/flask/Makefile b/tools/flask/policy/policy/flask/Makefile deleted file mode 100644 index 5f57e88..0000000 --- a/tools/flask/policy/policy/flask/Makefile +++ /dev/null @@ -1,41 +0,0 @@ -# flask needs to know where to export the libselinux headers. -LIBSEL ?= ../../libselinux - -# flask needs to know where to export the kernel headers. -LINUXDIR ?= ../../../linux-2.6 - -AWK = awk - -CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ - else if [ -x /bin/bash ]; then echo /bin/bash; \ - else echo sh; fi ; fi) - -FLASK_H_DEPEND = security_classes initial_sids -AV_H_DEPEND = access_vectors - -FLASK_H_FILES = class_to_string.h flask.h initial_sid_to_string.h -AV_H_FILES = av_perm_to_string.h av_permissions.h -ALL_H_FILES = $(FLASK_H_FILES) $(AV_H_FILES) - -all: $(ALL_H_FILES) - -$(FLASK_H_FILES): $(FLASK_H_DEPEND) - $(CONFIG_SHELL) mkflask.sh $(AWK) $(FLASK_H_DEPEND) - -$(AV_H_FILES): $(AV_H_DEPEND) - $(CONFIG_SHELL) mkaccess_vector.sh $(AWK) $(AV_H_DEPEND) - -tolib: all - install -m 644 flask.h av_permissions.h $(LIBSEL)/include/selinux - install -m 644 class_to_string.h av_inherit.h common_perm_to_string.h av_perm_to_string.h $(LIBSEL)/src - -tokern: all - install -m 644 $(ALL_H_FILES) $(LINUXDIR)/security/selinux/include - -install: all - -relabel: - -clean: - rm -f $(FLASK_H_FILES) - rm -f $(AV_H_FILES) diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile index 92fb410..1256512 100644 --- a/xen/xsm/flask/Makefile +++ b/xen/xsm/flask/Makefile @@ -5,3 +5,28 @@ obj-y += flask_op.o subdir-y += ss CFLAGS += -I./include + +AWK = awk + +CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ + else if [ -x /bin/bash ]; then echo /bin/bash; \ + else echo sh; fi ; fi) + +FLASK_H_DEPEND = policy/security_classes policy/initial_sids +AV_H_DEPEND = policy/access_vectors + +FLASK_H_FILES = include/flask.h include/class_to_string.h include/initial_sid_to_string.h +AV_H_FILES = include/av_perm_to_string.h include/av_permissions.h +ALL_H_FILES = $(FLASK_H_FILES) $(AV_H_FILES) + +$(obj-y) ss/built_in.o: $(ALL_H_FILES) + +$(FLASK_H_FILES): $(FLASK_H_DEPEND) + $(CONFIG_SHELL) policy/mkflask.sh $(AWK) $(FLASK_H_DEPEND) + +$(AV_H_FILES): $(AV_H_DEPEND) + $(CONFIG_SHELL) policy/mkaccess_vector.sh $(AWK) $(AV_H_DEPEND) + +.PHONY: clean +clean:: + rm -f $(ALL_H_FILES) *.o $(DEPS) diff --git a/xen/xsm/flask/include/av_perm_to_string.h b/xen/xsm/flask/include/av_perm_to_string.h deleted file mode 100644 index c3f2370..0000000 --- a/xen/xsm/flask/include/av_perm_to_string.h +++ /dev/null @@ -1,147 +0,0 @@ -/* This file is automatically generated. Do not edit. */ - S_(SECCLASS_XEN, XEN__SCHEDULER, "scheduler") - S_(SECCLASS_XEN, XEN__SETTIME, "settime") - S_(SECCLASS_XEN, XEN__TBUFCONTROL, "tbufcontrol") - S_(SECCLASS_XEN, XEN__READCONSOLE, "readconsole") - S_(SECCLASS_XEN, XEN__CLEARCONSOLE, "clearconsole") - S_(SECCLASS_XEN, XEN__PERFCONTROL, "perfcontrol") - S_(SECCLASS_XEN, XEN__MTRR_ADD, "mtrr_add") - S_(SECCLASS_XEN, XEN__MTRR_DEL, "mtrr_del") - S_(SECCLASS_XEN, XEN__MTRR_READ, "mtrr_read") - S_(SECCLASS_XEN, XEN__MICROCODE, "microcode") - S_(SECCLASS_XEN, XEN__PHYSINFO, "physinfo") - S_(SECCLASS_XEN, XEN__QUIRK, "quirk") - S_(SECCLASS_XEN, XEN__WRITECONSOLE, "writeconsole") - S_(SECCLASS_XEN, XEN__READAPIC, "readapic") - S_(SECCLASS_XEN, XEN__WRITEAPIC, "writeapic") - S_(SECCLASS_XEN, XEN__PRIVPROFILE, "privprofile") - S_(SECCLASS_XEN, XEN__NONPRIVPROFILE, "nonprivprofile") - S_(SECCLASS_XEN, XEN__KEXEC, "kexec") - S_(SECCLASS_XEN, XEN__FIRMWARE, "firmware") - S_(SECCLASS_XEN, XEN__SLEEP, "sleep") - S_(SECCLASS_XEN, XEN__FREQUENCY, "frequency") - S_(SECCLASS_XEN, XEN__GETIDLE, "getidle") - S_(SECCLASS_XEN, XEN__DEBUG, "debug") - S_(SECCLASS_XEN, XEN__GETCPUINFO, "getcpuinfo") - S_(SECCLASS_XEN, XEN__HEAP, "heap") - S_(SECCLASS_XEN, XEN__PM_OP, "pm_op") - S_(SECCLASS_XEN, XEN__MCA_OP, "mca_op") - S_(SECCLASS_XEN, XEN__LOCKPROF, "lockprof") - S_(SECCLASS_XEN, XEN__CPUPOOL_OP, "cpupool_op") - S_(SECCLASS_XEN, XEN__SCHED_OP, "sched_op") - S_(SECCLASS_XEN, XEN__TMEM_OP, "tmem_op") - S_(SECCLASS_XEN, XEN__TMEM_CONTROL, "tmem_control") - S_(SECCLASS_DOMAIN, DOMAIN__SETVCPUCONTEXT, "setvcpucontext") - S_(SECCLASS_DOMAIN, DOMAIN__PAUSE, "pause") - S_(SECCLASS_DOMAIN, DOMAIN__UNPAUSE, "unpause") - S_(SECCLASS_DOMAIN, DOMAIN__RESUME, "resume") - S_(SECCLASS_DOMAIN, DOMAIN__CREATE, "create") - S_(SECCLASS_DOMAIN, DOMAIN__TRANSITION, "transition") - S_(SECCLASS_DOMAIN, DOMAIN__MAX_VCPUS, "max_vcpus") - S_(SECCLASS_DOMAIN, DOMAIN__DESTROY, "destroy") - S_(SECCLASS_DOMAIN, DOMAIN__SETVCPUAFFINITY, "setvcpuaffinity") - S_(SECCLASS_DOMAIN, DOMAIN__GETVCPUAFFINITY, "getvcpuaffinity") - S_(SECCLASS_DOMAIN, DOMAIN__SCHEDULER, "scheduler") - S_(SECCLASS_DOMAIN, DOMAIN__GETDOMAININFO, "getdomaininfo") - S_(SECCLASS_DOMAIN, DOMAIN__GETVCPUINFO, "getvcpuinfo") - S_(SECCLASS_DOMAIN, DOMAIN__GETVCPUCONTEXT, "getvcpucontext") - S_(SECCLASS_DOMAIN, DOMAIN__SETDOMAINMAXMEM, "setdomainmaxmem") - S_(SECCLASS_DOMAIN, DOMAIN__SETDOMAINHANDLE, "setdomainhandle") - S_(SECCLASS_DOMAIN, DOMAIN__SETDEBUGGING, "setdebugging") - S_(SECCLASS_DOMAIN, DOMAIN__HYPERCALL, "hypercall") - S_(SECCLASS_DOMAIN, DOMAIN__SETTIME, "settime") - S_(SECCLASS_DOMAIN, DOMAIN__SET_TARGET, "set_target") - S_(SECCLASS_DOMAIN, DOMAIN__SHUTDOWN, "shutdown") - S_(SECCLASS_DOMAIN, DOMAIN__SETADDRSIZE, "setaddrsize") - S_(SECCLASS_DOMAIN, DOMAIN__GETADDRSIZE, "getaddrsize") - S_(SECCLASS_DOMAIN, DOMAIN__TRIGGER, "trigger") - S_(SECCLASS_DOMAIN, DOMAIN__GETEXTVCPUCONTEXT, "getextvcpucontext") - S_(SECCLASS_DOMAIN, DOMAIN__SETEXTVCPUCONTEXT, "setextvcpucontext") - S_(SECCLASS_DOMAIN, DOMAIN__GETVCPUEXTSTATE, "getvcpuextstate") - S_(SECCLASS_DOMAIN, DOMAIN__SETVCPUEXTSTATE, "setvcpuextstate") - S_(SECCLASS_DOMAIN, DOMAIN__GETPODTARGET, "getpodtarget") - S_(SECCLASS_DOMAIN, DOMAIN__SETPODTARGET, "setpodtarget") - S_(SECCLASS_DOMAIN, DOMAIN__SET_MISC_INFO, "set_misc_info") - S_(SECCLASS_DOMAIN, DOMAIN__SET_VIRQ_HANDLER, "set_virq_handler") - S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELFROM, "relabelfrom") - S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELTO, "relabelto") - S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELSELF, "relabelself") - S_(SECCLASS_DOMAIN2, DOMAIN2__MAKE_PRIV_FOR, "make_priv_for") - S_(SECCLASS_DOMAIN2, DOMAIN2__SET_AS_TARGET, "set_as_target") - S_(SECCLASS_DOMAIN2, DOMAIN2__SET_CPUID, "set_cpuid") - S_(SECCLASS_DOMAIN2, DOMAIN2__GETTSC, "gettsc") - S_(SECCLASS_DOMAIN2, DOMAIN2__SETTSC, "settsc") - S_(SECCLASS_HVM, HVM__SETHVMC, "sethvmc") - S_(SECCLASS_HVM, HVM__GETHVMC, "gethvmc") - S_(SECCLASS_HVM, HVM__SETPARAM, "setparam") - S_(SECCLASS_HVM, HVM__GETPARAM, "getparam") - S_(SECCLASS_HVM, HVM__PCILEVEL, "pcilevel") - S_(SECCLASS_HVM, HVM__IRQLEVEL, "irqlevel") - S_(SECCLASS_HVM, HVM__PCIROUTE, "pciroute") - S_(SECCLASS_HVM, HVM__BIND_IRQ, "bind_irq") - S_(SECCLASS_HVM, HVM__CACHEATTR, "cacheattr") - S_(SECCLASS_HVM, HVM__TRACKDIRTYVRAM, "trackdirtyvram") - S_(SECCLASS_HVM, HVM__HVMCTL, "hvmctl") - S_(SECCLASS_HVM, HVM__MEM_EVENT, "mem_event") - S_(SECCLASS_HVM, HVM__MEM_SHARING, "mem_sharing") - S_(SECCLASS_HVM, HVM__AUDIT_P2M, "audit_p2m") - S_(SECCLASS_HVM, HVM__SEND_IRQ, "send_irq") - S_(SECCLASS_HVM, HVM__SHARE_MEM, "share_mem") - S_(SECCLASS_EVENT, EVENT__BIND, "bind") - S_(SECCLASS_EVENT, EVENT__SEND, "send") - S_(SECCLASS_EVENT, EVENT__STATUS, "status") - S_(SECCLASS_EVENT, EVENT__NOTIFY, "notify") - S_(SECCLASS_EVENT, EVENT__CREATE, "create") - S_(SECCLASS_EVENT, EVENT__RESET, "reset") - S_(SECCLASS_GRANT, GRANT__MAP_READ, "map_read") - S_(SECCLASS_GRANT, GRANT__MAP_WRITE, "map_write") - S_(SECCLASS_GRANT, GRANT__UNMAP, "unmap") - S_(SECCLASS_GRANT, GRANT__TRANSFER, "transfer") - S_(SECCLASS_GRANT, GRANT__SETUP, "setup") - S_(SECCLASS_GRANT, GRANT__COPY, "copy") - S_(SECCLASS_GRANT, GRANT__QUERY, "query") - S_(SECCLASS_MMU, MMU__MAP_READ, "map_read") - S_(SECCLASS_MMU, MMU__MAP_WRITE, "map_write") - S_(SECCLASS_MMU, MMU__PAGEINFO, "pageinfo") - S_(SECCLASS_MMU, MMU__PAGELIST, "pagelist") - S_(SECCLASS_MMU, MMU__ADJUST, "adjust") - S_(SECCLASS_MMU, MMU__STAT, "stat") - S_(SECCLASS_MMU, MMU__TRANSLATEGP, "translategp") - S_(SECCLASS_MMU, MMU__UPDATEMP, "updatemp") - S_(SECCLASS_MMU, MMU__PHYSMAP, "physmap") - S_(SECCLASS_MMU, MMU__PINPAGE, "pinpage") - S_(SECCLASS_MMU, MMU__MFNLIST, "mfnlist") - S_(SECCLASS_MMU, MMU__MEMORYMAP, "memorymap") - S_(SECCLASS_MMU, MMU__REMOTE_REMAP, "remote_remap") - S_(SECCLASS_MMU, MMU__MMUEXT_OP, "mmuext_op") - S_(SECCLASS_MMU, MMU__EXCHANGE, "exchange") - S_(SECCLASS_SHADOW, SHADOW__DISABLE, "disable") - S_(SECCLASS_SHADOW, SHADOW__ENABLE, "enable") - S_(SECCLASS_SHADOW, SHADOW__LOGDIRTY, "logdirty") - S_(SECCLASS_RESOURCE, RESOURCE__ADD, "add") - S_(SECCLASS_RESOURCE, RESOURCE__REMOVE, "remove") - S_(SECCLASS_RESOURCE, RESOURCE__USE, "use") - S_(SECCLASS_RESOURCE, RESOURCE__ADD_IRQ, "add_irq") - S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_IRQ, "remove_irq") - S_(SECCLASS_RESOURCE, RESOURCE__ADD_IOPORT, "add_ioport") - S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_IOPORT, "remove_ioport") - S_(SECCLASS_RESOURCE, RESOURCE__ADD_IOMEM, "add_iomem") - S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_IOMEM, "remove_iomem") - S_(SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE, "stat_device") - S_(SECCLASS_RESOURCE, RESOURCE__ADD_DEVICE, "add_device") - S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_DEVICE, "remove_device") - S_(SECCLASS_RESOURCE, RESOURCE__PLUG, "plug") - S_(SECCLASS_RESOURCE, RESOURCE__UNPLUG, "unplug") - S_(SECCLASS_RESOURCE, RESOURCE__SETUP, "setup") - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av") - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create") - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member") - S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context") - S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy") - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel") - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user") - S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce") - S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool") - S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam") - S_(SECCLASS_SECURITY, SECURITY__ADD_OCONTEXT, "add_ocontext") - S_(SECCLASS_SECURITY, SECURITY__DEL_OCONTEXT, "del_ocontext") diff --git a/xen/xsm/flask/include/av_permissions.h b/xen/xsm/flask/include/av_permissions.h deleted file mode 100644 index 65302e8..0000000 --- a/xen/xsm/flask/include/av_permissions.h +++ /dev/null @@ -1,157 +0,0 @@ -/* This file is automatically generated. Do not edit. */ -#define XEN__SCHEDULER 0x00000001UL -#define XEN__SETTIME 0x00000002UL -#define XEN__TBUFCONTROL 0x00000004UL -#define XEN__READCONSOLE 0x00000008UL -#define XEN__CLEARCONSOLE 0x00000010UL -#define XEN__PERFCONTROL 0x00000020UL -#define XEN__MTRR_ADD 0x00000040UL -#define XEN__MTRR_DEL 0x00000080UL -#define XEN__MTRR_READ 0x00000100UL -#define XEN__MICROCODE 0x00000200UL -#define XEN__PHYSINFO 0x00000400UL -#define XEN__QUIRK 0x00000800UL -#define XEN__WRITECONSOLE 0x00001000UL -#define XEN__READAPIC 0x00002000UL -#define XEN__WRITEAPIC 0x00004000UL -#define XEN__PRIVPROFILE 0x00008000UL -#define XEN__NONPRIVPROFILE 0x00010000UL -#define XEN__KEXEC 0x00020000UL -#define XEN__FIRMWARE 0x00040000UL -#define XEN__SLEEP 0x00080000UL -#define XEN__FREQUENCY 0x00100000UL -#define XEN__GETIDLE 0x00200000UL -#define XEN__DEBUG 0x00400000UL -#define XEN__GETCPUINFO 0x00800000UL -#define XEN__HEAP 0x01000000UL -#define XEN__PM_OP 0x02000000UL -#define XEN__MCA_OP 0x04000000UL -#define XEN__LOCKPROF 0x08000000UL -#define XEN__CPUPOOL_OP 0x10000000UL -#define XEN__SCHED_OP 0x20000000UL -#define XEN__TMEM_OP 0x40000000UL -#define XEN__TMEM_CONTROL 0x80000000UL - -#define DOMAIN__SETVCPUCONTEXT 0x00000001UL -#define DOMAIN__PAUSE 0x00000002UL -#define DOMAIN__UNPAUSE 0x00000004UL -#define DOMAIN__RESUME 0x00000008UL -#define DOMAIN__CREATE 0x00000010UL -#define DOMAIN__TRANSITION 0x00000020UL -#define DOMAIN__MAX_VCPUS 0x00000040UL -#define DOMAIN__DESTROY 0x00000080UL -#define DOMAIN__SETVCPUAFFINITY 0x00000100UL -#define DOMAIN__GETVCPUAFFINITY 0x00000200UL -#define DOMAIN__SCHEDULER 0x00000400UL -#define DOMAIN__GETDOMAININFO 0x00000800UL -#define DOMAIN__GETVCPUINFO 0x00001000UL -#define DOMAIN__GETVCPUCONTEXT 0x00002000UL -#define DOMAIN__SETDOMAINMAXMEM 0x00004000UL -#define DOMAIN__SETDOMAINHANDLE 0x00008000UL -#define DOMAIN__SETDEBUGGING 0x00010000UL -#define DOMAIN__HYPERCALL 0x00020000UL -#define DOMAIN__SETTIME 0x00040000UL -#define DOMAIN__SET_TARGET 0x00080000UL -#define DOMAIN__SHUTDOWN 0x00100000UL -#define DOMAIN__SETADDRSIZE 0x00200000UL -#define DOMAIN__GETADDRSIZE 0x00400000UL -#define DOMAIN__TRIGGER 0x00800000UL -#define DOMAIN__GETEXTVCPUCONTEXT 0x01000000UL -#define DOMAIN__SETEXTVCPUCONTEXT 0x02000000UL -#define DOMAIN__GETVCPUEXTSTATE 0x04000000UL -#define DOMAIN__SETVCPUEXTSTATE 0x08000000UL -#define DOMAIN__GETPODTARGET 0x10000000UL -#define DOMAIN__SETPODTARGET 0x20000000UL -#define DOMAIN__SET_MISC_INFO 0x40000000UL -#define DOMAIN__SET_VIRQ_HANDLER 0x80000000UL - -#define DOMAIN2__RELABELFROM 0x00000001UL -#define DOMAIN2__RELABELTO 0x00000002UL -#define DOMAIN2__RELABELSELF 0x00000004UL -#define DOMAIN2__MAKE_PRIV_FOR 0x00000008UL -#define DOMAIN2__SET_AS_TARGET 0x00000010UL -#define DOMAIN2__SET_CPUID 0x00000020UL -#define DOMAIN2__GETTSC 0x00000040UL -#define DOMAIN2__SETTSC 0x00000080UL - -#define HVM__SETHVMC 0x00000001UL -#define HVM__GETHVMC 0x00000002UL -#define HVM__SETPARAM 0x00000004UL -#define HVM__GETPARAM 0x00000008UL -#define HVM__PCILEVEL 0x00000010UL -#define HVM__IRQLEVEL 0x00000020UL -#define HVM__PCIROUTE 0x00000040UL -#define HVM__BIND_IRQ 0x00000080UL -#define HVM__CACHEATTR 0x00000100UL -#define HVM__TRACKDIRTYVRAM 0x00000200UL -#define HVM__HVMCTL 0x00000400UL -#define HVM__MEM_EVENT 0x00000800UL -#define HVM__MEM_SHARING 0x00001000UL -#define HVM__AUDIT_P2M 0x00002000UL -#define HVM__SEND_IRQ 0x00004000UL -#define HVM__SHARE_MEM 0x00008000UL - -#define EVENT__BIND 0x00000001UL -#define EVENT__SEND 0x00000002UL -#define EVENT__STATUS 0x00000004UL -#define EVENT__NOTIFY 0x00000008UL -#define EVENT__CREATE 0x00000010UL -#define EVENT__RESET 0x00000020UL - -#define GRANT__MAP_READ 0x00000001UL -#define GRANT__MAP_WRITE 0x00000002UL -#define GRANT__UNMAP 0x00000004UL -#define GRANT__TRANSFER 0x00000008UL -#define GRANT__SETUP 0x00000010UL -#define GRANT__COPY 0x00000020UL -#define GRANT__QUERY 0x00000040UL - -#define MMU__MAP_READ 0x00000001UL -#define MMU__MAP_WRITE 0x00000002UL -#define MMU__PAGEINFO 0x00000004UL -#define MMU__PAGELIST 0x00000008UL -#define MMU__ADJUST 0x00000010UL -#define MMU__STAT 0x00000020UL -#define MMU__TRANSLATEGP 0x00000040UL -#define MMU__UPDATEMP 0x00000080UL -#define MMU__PHYSMAP 0x00000100UL -#define MMU__PINPAGE 0x00000200UL -#define MMU__MFNLIST 0x00000400UL -#define MMU__MEMORYMAP 0x00000800UL -#define MMU__REMOTE_REMAP 0x00001000UL -#define MMU__MMUEXT_OP 0x00002000UL -#define MMU__EXCHANGE 0x00004000UL - -#define SHADOW__DISABLE 0x00000001UL -#define SHADOW__ENABLE 0x00000002UL -#define SHADOW__LOGDIRTY 0x00000004UL - -#define RESOURCE__ADD 0x00000001UL -#define RESOURCE__REMOVE 0x00000002UL -#define RESOURCE__USE 0x00000004UL -#define RESOURCE__ADD_IRQ 0x00000008UL -#define RESOURCE__REMOVE_IRQ 0x00000010UL -#define RESOURCE__ADD_IOPORT 0x00000020UL -#define RESOURCE__REMOVE_IOPORT 0x00000040UL -#define RESOURCE__ADD_IOMEM 0x00000080UL -#define RESOURCE__REMOVE_IOMEM 0x00000100UL -#define RESOURCE__STAT_DEVICE 0x00000200UL -#define RESOURCE__ADD_DEVICE 0x00000400UL -#define RESOURCE__REMOVE_DEVICE 0x00000800UL -#define RESOURCE__PLUG 0x00001000UL -#define RESOURCE__UNPLUG 0x00002000UL -#define RESOURCE__SETUP 0x00004000UL - -#define SECURITY__COMPUTE_AV 0x00000001UL -#define SECURITY__COMPUTE_CREATE 0x00000002UL -#define SECURITY__COMPUTE_MEMBER 0x00000004UL -#define SECURITY__CHECK_CONTEXT 0x00000008UL -#define SECURITY__LOAD_POLICY 0x00000010UL -#define SECURITY__COMPUTE_RELABEL 0x00000020UL -#define SECURITY__COMPUTE_USER 0x00000040UL -#define SECURITY__SETENFORCE 0x00000080UL -#define SECURITY__SETBOOL 0x00000100UL -#define SECURITY__SETSECPARAM 0x00000200UL -#define SECURITY__ADD_OCONTEXT 0x00000400UL -#define SECURITY__DEL_OCONTEXT 0x00000800UL - diff --git a/xen/xsm/flask/include/class_to_string.h b/xen/xsm/flask/include/class_to_string.h deleted file mode 100644 index 7716645..0000000 --- a/xen/xsm/flask/include/class_to_string.h +++ /dev/null @@ -1,15 +0,0 @@ -/* This file is automatically generated. Do not edit. */ -/* - * Security object class definitions - */ - S_("null") - S_("xen") - S_("domain") - S_("domain2") - S_("hvm") - S_("mmu") - S_("resource") - S_("shadow") - S_("event") - S_("grant") - S_("security") diff --git a/xen/xsm/flask/include/flask.h b/xen/xsm/flask/include/flask.h deleted file mode 100644 index 3bff998..0000000 --- a/xen/xsm/flask/include/flask.h +++ /dev/null @@ -1,35 +0,0 @@ -/* This file is automatically generated. Do not edit. */ -#ifndef _SELINUX_FLASK_H_ -#define _SELINUX_FLASK_H_ - -/* - * Security object class definitions - */ -#define SECCLASS_XEN 1 -#define SECCLASS_DOMAIN 2 -#define SECCLASS_DOMAIN2 3 -#define SECCLASS_HVM 4 -#define SECCLASS_MMU 5 -#define SECCLASS_RESOURCE 6 -#define SECCLASS_SHADOW 7 -#define SECCLASS_EVENT 8 -#define SECCLASS_GRANT 9 -#define SECCLASS_SECURITY 10 - -/* - * Security identifier indices for initial entities - */ -#define SECINITSID_XEN 1 -#define SECINITSID_DOM0 2 -#define SECINITSID_DOMIO 3 -#define SECINITSID_DOMXEN 4 -#define SECINITSID_UNLABELED 5 -#define SECINITSID_SECURITY 6 -#define SECINITSID_IOPORT 7 -#define SECINITSID_IOMEM 8 -#define SECINITSID_IRQ 9 -#define SECINITSID_DEVICE 10 - -#define SECINITSID_NUM 10 - -#endif diff --git a/xen/xsm/flask/include/initial_sid_to_string.h b/xen/xsm/flask/include/initial_sid_to_string.h deleted file mode 100644 index 814f4bf..0000000 --- a/xen/xsm/flask/include/initial_sid_to_string.h +++ /dev/null @@ -1,16 +0,0 @@ -/* This file is automatically generated. Do not edit. */ -static char *initial_sid_to_string[] = -{ - "null", - "xen", - "dom0", - "domio", - "domxen", - "unlabeled", - "security", - "ioport", - "iomem", - "irq", - "device", -}; - diff --git a/tools/flask/policy/policy/flask/access_vectors b/xen/xsm/flask/policy/access_vectors similarity index 100% rename from tools/flask/policy/policy/flask/access_vectors rename to xen/xsm/flask/policy/access_vectors diff --git a/tools/flask/policy/policy/flask/initial_sids b/xen/xsm/flask/policy/initial_sids similarity index 100% rename from tools/flask/policy/policy/flask/initial_sids rename to xen/xsm/flask/policy/initial_sids diff --git a/tools/flask/policy/policy/flask/mkaccess_vector.sh b/xen/xsm/flask/policy/mkaccess_vector.sh similarity index 97% rename from tools/flask/policy/policy/flask/mkaccess_vector.sh rename to xen/xsm/flask/policy/mkaccess_vector.sh index 43a60a7..8ec87f7 100644 --- a/tools/flask/policy/policy/flask/mkaccess_vector.sh +++ b/xen/xsm/flask/policy/mkaccess_vector.sh @@ -9,8 +9,8 @@ awk=$1 shift # output files -av_permissions="av_permissions.h" -av_perm_to_string="av_perm_to_string.h" +av_permissions="include/av_permissions.h" +av_perm_to_string="include/av_perm_to_string.h" cat $* | $awk " BEGIN { diff --git a/tools/flask/policy/policy/flask/mkflask.sh b/xen/xsm/flask/policy/mkflask.sh similarity index 95% rename from tools/flask/policy/policy/flask/mkflask.sh rename to xen/xsm/flask/policy/mkflask.sh index 9c84754..e8d8fb5 100644 --- a/tools/flask/policy/policy/flask/mkflask.sh +++ b/xen/xsm/flask/policy/mkflask.sh @@ -9,9 +9,9 @@ awk=$1 shift 1 # output file -output_file="flask.h" -debug_file="class_to_string.h" -debug_file2="initial_sid_to_string.h" +output_file="include/flask.h" +debug_file="include/class_to_string.h" +debug_file2="include/initial_sid_to_string.h" cat $* | $awk " BEGIN { diff --git a/tools/flask/policy/policy/flask/security_classes b/xen/xsm/flask/policy/security_classes similarity index 100% rename from tools/flask/policy/policy/flask/security_classes rename to xen/xsm/flask/policy/security_classes -- 1.7.11.7 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |