[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH RFC 5/5] xen/xsm: include default hook action in name



Include the default XSM hook action in the name of the hook in order to
allow quick understanding of how the call site is expected to be used
(dom0-only, arbitrary guest, or target-only).

Abbreviation explanation:
 xsm_dm_*      Usable only by device model (IS_PRIV_FOR)
 xsm_hook_*    No access check in dummy module. The calling code is
               either guest-accessible or covered by another check
 xsm_priv_*    Privileged command (IS_PRIV)
 xsm_target_*  Usable by guest or its device model targeted to the guest

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
 xen/arch/x86/cpu/mcheck/mce.c     |   2 +-
 xen/arch/x86/domctl.c             |  10 +-
 xen/arch/x86/hvm/hvm.c            |  26 +--
 xen/arch/x86/irq.c                |   2 +-
 xen/arch/x86/mm.c                 |  20 +-
 xen/arch/x86/mm/mem_event.c       |   4 +-
 xen/arch/x86/mm/mem_sharing.c     |   4 +-
 xen/arch/x86/mm/paging.c          |   2 +-
 xen/arch/x86/msi.c                |   2 +-
 xen/arch/x86/physdev.c            |  12 +-
 xen/arch/x86/platform_hypercall.c |  12 +-
 xen/arch/x86/sysctl.c             |   4 +-
 xen/arch/x86/traps.c              |   2 +-
 xen/common/domain.c               |   2 +-
 xen/common/domctl.c               |  10 +-
 xen/common/event_channel.c        |  14 +-
 xen/common/grant_table.c          |  16 +-
 xen/common/kexec.c                |   2 +-
 xen/common/memory.c               |   8 +-
 xen/common/schedule.c             |   2 +-
 xen/common/sysctl.c               |   6 +-
 xen/common/xenoprof.c             |   2 +-
 xen/drivers/char/console.c        |   2 +-
 xen/drivers/passthrough/iommu.c   |  10 +-
 xen/drivers/passthrough/pci.c     |   4 +-
 xen/include/xen/tmem_xen.h        |   4 +-
 xen/include/xsm/dummy.h           | 140 ++++++-------
 xen/include/xsm/xsm.h             | 428 +++++++++++++++++++-------------------
 xen/xsm/dummy.c                   | 150 ++++++-------
 xen/xsm/flask/hooks.c             | 296 +++++++++++++-------------
 30 files changed, 599 insertions(+), 599 deletions(-)

diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c
index 658774a..72f6f18 100644
--- a/xen/arch/x86/cpu/mcheck/mce.c
+++ b/xen/arch/x86/cpu/mcheck/mce.c
@@ -1293,7 +1293,7 @@ long do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc)
     struct xen_mc_msrinject *mc_msrinject;
     struct xen_mc_mceinject *mc_mceinject;
 
-    ret = xsm_do_mca();
+    ret = xsm_priv_do_mca();
     if ( ret )
         return x86_mcerr(NULL, ret);
 
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 2630bdb..9541ef8 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -76,7 +76,7 @@ long arch_do_domctl(
 
         if ( np == 0 )
             ret = 0;
-        else if ( xsm_ioport_permission(d, fp, fp + np - 1, allow) )
+        else if ( xsm_hook_ioport_permission(d, fp, fp + np - 1, allow) )
             ret = -EPERM;
         else if ( allow )
             ret = ioports_permit_access(d, fp, fp + np - 1);
@@ -566,7 +566,7 @@ long arch_do_domctl(
         if ( !is_hvm_domain(d) )
             break;
 
-        ret = xsm_bind_pt_irq(d, bind);
+        ret = xsm_hook_bind_pt_irq(d, bind);
         if ( ret )
             break;
 
@@ -599,7 +599,7 @@ long arch_do_domctl(
              !irq_access_permitted(current->domain, bind->machine_irq) )
             break;
 
-        ret = xsm_unbind_pt_irq(d, bind);
+        ret = xsm_hook_unbind_pt_irq(d, bind);
         if ( ret )
             break;
 
@@ -634,7 +634,7 @@ long arch_do_domctl(
              !iomem_access_permitted(current->domain, mfn, mfn + nr_mfns - 1) )
             break;
 
-        ret = xsm_iomem_mapping(d, mfn, mfn + nr_mfns - 1, add);
+        ret = xsm_hook_iomem_mapping(d, mfn, mfn + nr_mfns - 1, add);
         if ( ret )
             break;
 
@@ -712,7 +712,7 @@ long arch_do_domctl(
              !ioports_access_permitted(current->domain, fmp, fmp + np - 1) )
             break;
 
-        ret = xsm_ioport_mapping(d, fmp, fmp + np - 1, add);
+        ret = xsm_hook_ioport_mapping(d, fmp, fmp + np - 1, add);
         if ( ret )
             break;
 
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 5bdde8d..e75c139 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3400,7 +3400,7 @@ static int hvmop_set_pci_intx_level(
     if ( !is_hvm_domain(d) )
         goto out;
 
-    rc = xsm_hvm_set_pci_intx_level(d);
+    rc = xsm_dm_hvm_set_pci_intx_level(d);
     if ( rc )
         goto out;
 
@@ -3567,7 +3567,7 @@ static int hvmop_set_isa_irq_level(
     if ( !is_hvm_domain(d) )
         goto out;
 
-    rc = xsm_hvm_set_isa_irq_level(d);
+    rc = xsm_dm_hvm_set_isa_irq_level(d);
     if ( rc )
         goto out;
 
@@ -3611,7 +3611,7 @@ static int hvmop_set_pci_link_route(
     if ( !is_hvm_domain(d) )
         goto out;
 
-    rc = xsm_hvm_set_pci_link_route(d);
+    rc = xsm_dm_hvm_set_pci_link_route(d);
     if ( rc )
         goto out;
 
@@ -3641,7 +3641,7 @@ static int hvmop_inject_msi(
     if ( !is_hvm_domain(d) )
         goto out;
 
-    rc = xsm_hvm_inject_msi(d);
+    rc = xsm_dm_hvm_inject_msi(d);
     if ( rc )
         goto out;
 
@@ -3738,7 +3738,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( !is_hvm_domain(d) )
             goto param_fail;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_target_hvm_param(d, op);
         if ( rc )
             goto param_fail;
 
@@ -3984,7 +3984,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( !is_hvm_domain(d) )
             goto param_fail2;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_target_hvm_param(d, op);
         if ( rc )
             goto param_fail2;
 
@@ -4023,7 +4023,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( !is_hvm_domain(d) )
             goto param_fail3;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_target_hvm_param(d, op);
         if ( rc )
             goto param_fail3;
 
@@ -4069,7 +4069,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( d == NULL )
             return -ESRCH;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_target_hvm_param(d, op);
         if ( rc )
             goto param_fail_getmemtype;
 
@@ -4124,7 +4124,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( !is_hvm_domain(d) )
             goto param_fail4;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_target_hvm_param(d, op);
         if ( rc )
             goto param_fail4;
 
@@ -4203,7 +4203,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( !is_hvm_domain(d) )
             goto param_fail5;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_target_hvm_param(d, op);
         if ( rc )
             goto param_fail5;
 
@@ -4238,7 +4238,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( !is_hvm_domain(d) )
             goto param_fail6;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_target_hvm_param(d, op);
         if ( rc )
             goto param_fail6;
 
@@ -4274,7 +4274,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( !is_hvm_domain(d) || !paging_mode_shadow(d) )
             goto param_fail7;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_target_hvm_param(d, op);
         if ( rc )
             goto param_fail7;
 
@@ -4328,7 +4328,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( !is_hvm_domain(d) )
             goto param_fail8;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_target_hvm_param(d, op);
         if ( rc )
             goto param_fail8;
 
diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c
index 238600a..ba8a5ce 100644
--- a/xen/arch/x86/irq.c
+++ b/xen/arch/x86/irq.c
@@ -1874,7 +1874,7 @@ int map_domain_pirq(
         return 0;
     }
 
-    ret = xsm_map_domain_pirq(d, irq, data);
+    ret = xsm_hook_map_domain_pirq(d, irq, data);
     if ( ret )
     {
         dprintk(XENLOG_G_ERR, "dom%d: could not permit access to irq %d 
mapping to pirq %d\n",
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 39b2cc7..1dbe4ef 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -2715,7 +2715,7 @@ long do_mmuext_op(
         goto out;
     }
 
-    rc = xsm_mmuext_op(d, pg_owner);
+    rc = xsm_target_mmuext_op(d, pg_owner);
     if ( rc )
     {
         rcu_unlock_domain(pg_owner);
@@ -2787,7 +2787,7 @@ long do_mmuext_op(
                 break;
             }
 
-            if ( (rc = xsm_memory_pin_page(d, pg_owner, page)) != 0 )
+            if ( (rc = xsm_hook_memory_pin_page(d, pg_owner, page)) != 0 )
             {
                 put_page_and_type(page);
                 okay = 0;
@@ -3244,7 +3244,7 @@ long do_mmu_update(
             }
             if ( xsm_needed != xsm_checked )
             {
-                rc = xsm_mmu_update(d, pt_owner, pg_owner, xsm_needed);
+                rc = xsm_target_mmu_update(d, pt_owner, pg_owner, xsm_needed);
                 if ( rc )
                     break;
                 xsm_checked = xsm_needed;
@@ -3363,7 +3363,7 @@ long do_mmu_update(
             xsm_needed |= XSM_MMU_MACHPHYS_UPDATE;
             if ( xsm_needed != xsm_checked )
             {
-                rc = xsm_mmu_update(d, NULL, pg_owner, xsm_needed);
+                rc = xsm_target_mmu_update(d, NULL, pg_owner, xsm_needed);
                 if ( rc )
                     break;
                 xsm_checked = xsm_needed;
@@ -3931,7 +3931,7 @@ static int __do_update_va_mapping(
 
     perfc_incr(calls_to_update_va);
 
-    rc = xsm_update_va_mapping(d, pg_owner, val);
+    rc = xsm_target_update_va_mapping(d, pg_owner, val);
     if ( rc )
         return rc;
 
@@ -4402,7 +4402,7 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void) 
arg)
         if ( d == NULL )
             return -ESRCH;
 
-        if ( xsm_add_to_physmap(current->domain, d) )
+        if ( xsm_target_add_to_physmap(current->domain, d) )
         {
             rcu_unlock_domain(d);
             return -EPERM;
@@ -4441,7 +4441,7 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void) 
arg)
         if ( d == NULL )
             return -ESRCH;
 
-        rc = xsm_domain_memory_map(d);
+        rc = xsm_target_domain_memory_map(d);
         if ( rc )
         {
             rcu_unlock_domain(d);
@@ -4516,7 +4516,7 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void) 
arg)
         XEN_GUEST_HANDLE_PARAM(e820entry_t) buffer_param;
         unsigned int i;
 
-        rc = xsm_machine_memory_map();
+        rc = xsm_priv_machine_memory_map();
         if ( rc )
             return rc;
 
@@ -4600,9 +4600,9 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void) 
arg)
             return -ESRCH;
 
         if ( op == XENMEM_set_pod_target )
-            rc = xsm_set_pod_target(d);
+            rc = xsm_priv_set_pod_target(d);
         else
-            rc = xsm_get_pod_target(d);
+            rc = xsm_priv_get_pod_target(d);
 
         if ( rc != 0 )
             goto pod_target_out_unlock;
diff --git a/xen/arch/x86/mm/mem_event.c b/xen/arch/x86/mm/mem_event.c
index c2b3670..3a7605c 100644
--- a/xen/arch/x86/mm/mem_event.c
+++ b/xen/arch/x86/mm/mem_event.c
@@ -449,7 +449,7 @@ int do_mem_event_op(int op, uint32_t domain, void *arg)
     if ( ret )
         return ret;
 
-    ret = xsm_mem_event_op(d, op);
+    ret = xsm_dm_mem_event_op(d, op);
     if ( ret )
         goto out;
 
@@ -502,7 +502,7 @@ int mem_event_domctl(struct domain *d, 
xen_domctl_mem_event_op_t *mec,
 {
     int rc;
 
-    rc = xsm_mem_event_control(d, mec->mode, mec->op);
+    rc = xsm_dm_mem_event_control(d, mec->mode, mec->op);
     if ( rc )
         return rc;
 
diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c
index 9229b83..57f02af 100644
--- a/xen/arch/x86/mm/mem_sharing.c
+++ b/xen/arch/x86/mm/mem_sharing.c
@@ -1351,7 +1351,7 @@ int mem_sharing_memop(struct domain *d, 
xen_mem_sharing_op_t *mec)
             if ( rc )
                 return rc;
 
-            rc = xsm_mem_sharing_op(d, cd, mec->op);
+            rc = xsm_dm_mem_sharing_op(d, cd, mec->op);
             if ( rc )
             {
                 rcu_unlock_domain(cd);
@@ -1415,7 +1415,7 @@ int mem_sharing_memop(struct domain *d, 
xen_mem_sharing_op_t *mec)
             if ( rc )
                 return rc;
 
-            rc = xsm_mem_sharing_op(d, cd, mec->op);
+            rc = xsm_dm_mem_sharing_op(d, cd, mec->op);
             if ( rc )
             {
                 rcu_unlock_domain(cd);
diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c
index ea44e39..1815696 100644
--- a/xen/arch/x86/mm/paging.c
+++ b/xen/arch/x86/mm/paging.c
@@ -678,7 +678,7 @@ int paging_domctl(struct domain *d, xen_domctl_shadow_op_t 
*sc,
         return -EINVAL;
     }
 
-    rc = xsm_shadow_control(d, sc->op);
+    rc = xsm_hook_shadow_control(d, sc->op);
     if ( rc )
         return rc;
 
diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c
index e48ad2e..4bad230 100644
--- a/xen/arch/x86/msi.c
+++ b/xen/arch/x86/msi.c
@@ -1016,7 +1016,7 @@ int pci_restore_msi_state(struct pci_dev *pdev)
     if (!pdev)
         return -EINVAL;
 
-    ret = xsm_resource_setup_pci((pdev->seg << 16) | (pdev->bus << 8) | 
pdev->devfn);
+    ret = xsm_priv_resource_setup_pci((pdev->seg << 16) | (pdev->bus << 8) | 
pdev->devfn);
     if ( ret )
         return ret;
 
diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c
index 9c30245..a894c43 100644
--- a/xen/arch/x86/physdev.c
+++ b/xen/arch/x86/physdev.c
@@ -232,7 +232,7 @@ int physdev_unmap_pirq(domid_t domid, int pirq)
             goto free_domain;
     }
 
-    ret = xsm_unmap_domain_pirq(d, domain_pirq_to_irq(d, pirq));
+    ret = xsm_dm_unmap_domain_pirq(d, domain_pirq_to_irq(d, pirq));
     if ( ret )
         goto free_domain;
 
@@ -423,7 +423,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) 
arg)
         ret = -EFAULT;
         if ( copy_from_guest(&apic, arg, 1) != 0 )
             break;
-        ret = xsm_apic(v->domain, cmd);
+        ret = xsm_priv_apic(v->domain, cmd);
         if ( ret )
             break;
         ret = ioapic_guest_read(apic.apic_physbase, apic.reg, &apic.value);
@@ -437,7 +437,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) 
arg)
         ret = -EFAULT;
         if ( copy_from_guest(&apic, arg, 1) != 0 )
             break;
-        ret = xsm_apic(v->domain, cmd);
+        ret = xsm_priv_apic(v->domain, cmd);
         if ( ret )
             break;
         ret = ioapic_guest_write(apic.apic_physbase, apic.reg, apic.value);
@@ -453,7 +453,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) 
arg)
 
         /* Use the APIC check since this dummy hypercall should still only
          * be called by the domain with access to program the ioapic */
-        ret = xsm_apic(v->domain, cmd);
+        ret = xsm_priv_apic(v->domain, cmd);
         if ( ret )
             break;
 
@@ -578,7 +578,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) 
arg)
     case PHYSDEVOP_pci_mmcfg_reserved: {
         struct physdev_pci_mmcfg_reserved info;
 
-        ret = xsm_resource_setup_misc();
+        ret = xsm_priv_resource_setup_misc();
         if ( ret )
             break;
 
@@ -632,7 +632,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) 
arg)
         if ( setup_gsi.gsi < 0 || setup_gsi.gsi >= nr_irqs_gsi )
             break;
 
-        ret = xsm_resource_setup_gsi(setup_gsi.gsi);
+        ret = xsm_priv_resource_setup_gsi(setup_gsi.gsi);
         if ( ret )
             break;
 
diff --git a/xen/arch/x86/platform_hypercall.c 
b/xen/arch/x86/platform_hypercall.c
index f267b8b..c4b20ea 100644
--- a/xen/arch/x86/platform_hypercall.c
+++ b/xen/arch/x86/platform_hypercall.c
@@ -72,7 +72,7 @@ ret_t 
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
     if ( op->interface_version != XENPF_INTERFACE_VERSION )
         return -EACCES;
 
-    ret = xsm_platform_op(op->cmd);
+    ret = xsm_priv_platform_op(op->cmd);
     if ( ret )
         return ret;
 
@@ -496,7 +496,7 @@ ret_t 
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
     {
         int cpu = op->u.cpu_ol.cpuid;
 
-        ret = xsm_resource_plug_core();
+        ret = xsm_hook_resource_plug_core();
         if ( ret )
             break;
 
@@ -512,7 +512,7 @@ ret_t 
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
             break;
         }
 
-        ret = xsm_resource_plug_core();
+        ret = xsm_hook_resource_plug_core();
         if ( ret )
             break;
 
@@ -525,7 +525,7 @@ ret_t 
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
     {
         int cpu = op->u.cpu_ol.cpuid;
 
-        ret = xsm_resource_unplug_core();
+        ret = xsm_hook_resource_unplug_core();
         if ( ret )
             break;
 
@@ -554,7 +554,7 @@ ret_t 
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
     break;
 
     case XENPF_cpu_hotadd:
-        ret = xsm_resource_plug_core();
+        ret = xsm_hook_resource_plug_core();
         if ( ret )
             break;
 
@@ -564,7 +564,7 @@ ret_t 
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
     break;
 
     case XENPF_mem_hotadd:
-        ret = xsm_resource_plug_core();
+        ret = xsm_hook_resource_plug_core();
         if ( ret )
             break;
 
diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c
index 5b0c4b7..3a10a13 100644
--- a/xen/arch/x86/sysctl.c
+++ b/xen/arch/x86/sysctl.c
@@ -184,14 +184,14 @@ long arch_do_sysctl(
         switch ( sysctl->u.cpu_hotplug.op )
         {
         case XEN_SYSCTL_CPU_HOTPLUG_ONLINE:
-            ret = xsm_resource_plug_core();
+            ret = xsm_hook_resource_plug_core();
             if ( ret )
                 break;
             ret = continue_hypercall_on_cpu(
                 0, cpu_up_helper, (void *)(unsigned long)cpu);
             break;
         case XEN_SYSCTL_CPU_HOTPLUG_OFFLINE:
-            ret = xsm_resource_unplug_core();
+            ret = xsm_hook_resource_unplug_core();
             if ( ret )
                 break;
             ret = continue_hypercall_on_cpu(
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index 44a866e..695e991 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1643,7 +1643,7 @@ static int pci_cfg_ok(struct domain *d, int write, int 
size)
             start |= (d->arch.pci_cf8 >> 16) & 0xF00;
     }
     end = start + size - 1;
-    if (xsm_pci_config_permission(d, machine_bdf, start, end, write))
+    if (xsm_hook_pci_config_permission(d, machine_bdf, start, end, write))
         return 0;
     return 1;
 }
diff --git a/xen/common/domain.c b/xen/common/domain.c
index fcf24e2..296d735 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -252,7 +252,7 @@ struct domain *domain_create(
 
     if ( !is_idle_domain(d) )
     {
-        if ( (err = xsm_domain_create(d, ssidref)) != 0 )
+        if ( (err = xsm_hook_domain_create(d, ssidref)) != 0 )
             goto fail;
 
         d->is_paused_by_controller = 1;
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 6f792e9..1f88ad2 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -150,7 +150,7 @@ void getdomaininfo(struct domain *d, struct 
xen_domctl_getdomaininfo *info)
     if ( is_hvm_domain(d) )
         info->flags |= XEN_DOMINF_hvm_guest;
 
-    xsm_security_domaininfo(d, info);
+    xsm_populate_security_domaininfo(d, info);
 
     info->tot_pages         = d->tot_pages;
     info->max_pages         = d->max_pages;
@@ -580,7 +580,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
             break;
         }
 
-        ret = xsm_getdomaininfo(d);
+        ret = xsm_hook_getdomaininfo(d);
         if ( ret )
             goto getdomaininfo_out;
 
@@ -722,7 +722,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
 
         if ( pirq >= d->nr_pirqs )
             ret = -EINVAL;
-        else if ( xsm_irq_permission(d, pirq, allow) )
+        else if ( xsm_hook_irq_permission(d, pirq, allow) )
             ret = -EPERM;
         else if ( allow )
             ret = irq_permit_access(d, pirq);
@@ -741,7 +741,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
         if ( (mfn + nr_mfns - 1) < mfn ) /* wrap? */
             break;
 
-        if ( xsm_iomem_permission(d, mfn, mfn + nr_mfns - 1, allow) )
+        if ( xsm_hook_iomem_permission(d, mfn, mfn + nr_mfns - 1, allow) )
             ret = -EPERM;
         else if ( allow )
             ret = iomem_permit_access(d, mfn, mfn + nr_mfns - 1);
@@ -773,7 +773,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
             break;
         }
 
-        ret = xsm_set_target(d, e);
+        ret = xsm_hook_set_target(d, e);
         if ( ret ) {
             put_domain(e);
             break;
diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c
index 37947a9..ef0d89b 100644
--- a/xen/common/event_channel.c
+++ b/xen/common/event_channel.c
@@ -175,7 +175,7 @@ static long evtchn_alloc_unbound(evtchn_alloc_unbound_t 
*alloc)
         ERROR_EXIT_DOM(port, d);
     chn = evtchn_from_port(d, port);
 
-    rc = xsm_evtchn_unbound(d, chn, alloc->remote_dom);
+    rc = xsm_target_evtchn_unbound(d, chn, alloc->remote_dom);
     if ( rc )
         goto out;
 
@@ -231,7 +231,7 @@ static long 
evtchn_bind_interdomain(evtchn_bind_interdomain_t *bind)
          (rchn->u.unbound.remote_domid != ld->domain_id) )
         ERROR_EXIT_DOM(-EINVAL, rd);
 
-    rc = xsm_evtchn_interdomain(ld, lchn, rd, rchn);
+    rc = xsm_hook_evtchn_interdomain(ld, lchn, rd, rchn);
     if ( rc )
         goto out;
 
@@ -535,7 +535,7 @@ static long __evtchn_close(struct domain *d1, int port1)
     chn1->state          = ECS_FREE;
     chn1->notify_vcpu_id = 0;
 
-    xsm_evtchn_close_post(chn1);
+    xsm_hook_evtchn_close_post(chn1);
 
  out:
     if ( d2 != NULL )
@@ -580,7 +580,7 @@ int evtchn_send(struct domain *d, unsigned int lport)
         return -EINVAL;
     }
 
-    ret = xsm_evtchn_send(ld, lchn);
+    ret = xsm_hook_evtchn_send(ld, lchn);
     if ( ret )
         goto out;
 
@@ -812,7 +812,7 @@ static long evtchn_status(evtchn_status_t *status)
 
     chn = evtchn_from_port(d, port);
 
-    rc = xsm_evtchn_status(d, chn);
+    rc = xsm_target_evtchn_status(d, chn);
     if ( rc )
         goto out;
 
@@ -954,7 +954,7 @@ static long evtchn_reset(evtchn_reset_t *r)
     if ( d == NULL )
         return -ESRCH;
 
-    rc = xsm_evtchn_reset(current->domain, d);
+    rc = xsm_target_evtchn_reset(current->domain, d);
     if ( rc )
         goto out;
 
@@ -1101,7 +1101,7 @@ int alloc_unbound_xen_event_channel(
         goto out;
     chn = evtchn_from_port(d, port);
 
-    rc = xsm_evtchn_unbound(d, chn, remote_domid);
+    rc = xsm_target_evtchn_unbound(d, chn, remote_domid);
 
     chn->state = ECS_UNBOUND;
     chn->xen_consumer = get_xen_consumer(notification_fn);
diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index eae9518..e3690b6 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -552,7 +552,7 @@ __gnttab_map_grant_ref(
         return;
     }
 
-    rc = xsm_grant_mapref(ld, rd, op->flags);
+    rc = xsm_hook_grant_mapref(ld, rd, op->flags);
     if ( rc )
     {
         rcu_unlock_domain(rd);
@@ -872,7 +872,7 @@ __gnttab_unmap_common(
         return;
     }
 
-    rc = xsm_grant_unmapref(ld, rd);
+    rc = xsm_hook_grant_unmapref(ld, rd);
     if ( rc )
     {
         rcu_unlock_domain(rd);
@@ -1326,7 +1326,7 @@ gnttab_setup_table(
         goto out2;
     }
 
-    if ( xsm_grant_setup(current->domain, d) )
+    if ( xsm_target_grant_setup(current->domain, d) )
     {
         op.status = GNTST_permission_denied;
         goto out2;
@@ -1395,7 +1395,7 @@ gnttab_query_size(
         goto query_out;
     }
 
-    rc = xsm_grant_query_size(current->domain, d);
+    rc = xsm_target_grant_query_size(current->domain, d);
     if ( rc )
     {
         op.status = GNTST_permission_denied;
@@ -1571,7 +1571,7 @@ gnttab_transfer(
             goto copyback;
         }
 
-        if ( xsm_grant_transfer(d, e) )
+        if ( xsm_hook_grant_transfer(d, e) )
         {
             put_gfn(d, gop.mfn);
             gop.status = GNTST_permission_denied;
@@ -2010,7 +2010,7 @@ __gnttab_copy(
         PIN_FAIL(error_out, GNTST_bad_domain,
                  "couldn't find %d\n", op->dest.domid);
 
-    rc = xsm_grant_copy(sd, dd);
+    rc = xsm_hook_grant_copy(sd, dd);
     if ( rc )
     {
         rc = GNTST_permission_denied;
@@ -2267,7 +2267,7 @@ 
gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop,
         op.status = GNTST_bad_domain;
         goto out1;
     }
-    rc = xsm_grant_setup(current->domain, d);
+    rc = xsm_target_grant_setup(current->domain, d);
     if ( rc ) {
         op.status = GNTST_permission_denied;
         goto out1;
@@ -2318,7 +2318,7 @@ 
gnttab_get_version(XEN_GUEST_HANDLE_PARAM(gnttab_get_version_t uop))
     if ( d == NULL )
         return -ESRCH;
 
-    rc = xsm_grant_query_size(current->domain, d);
+    rc = xsm_target_grant_query_size(current->domain, d);
     if ( rc )
     {
         rcu_unlock_domain(d);
diff --git a/xen/common/kexec.c b/xen/common/kexec.c
index d4f6332..ff9d205 100644
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -852,7 +852,7 @@ static int do_kexec_op_internal(unsigned long op,
     unsigned long flags;
     int ret = -EINVAL;
 
-    ret = xsm_kexec();
+    ret = xsm_priv_kexec();
     if ( ret )
         return ret;
 
diff --git a/xen/common/memory.c b/xen/common/memory.c
index 7d3c326..0e216bb 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -336,7 +336,7 @@ static long 
memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg)
         goto fail_early;
     }
 
-    rc = xsm_memory_exchange(d);
+    rc = xsm_target_memory_exchange(d);
     if ( rc )
     {
         rcu_unlock_domain(d);
@@ -585,7 +585,7 @@ long do_memory_op(unsigned long cmd, 
XEN_GUEST_HANDLE_PARAM(void) arg)
             return start_extent;
         args.domain = d;
 
-        rc = xsm_memory_adjust_reservation(current->domain, d);
+        rc = xsm_target_memory_adjust_reservation(current->domain, d);
         if ( rc )
         {
             rcu_unlock_domain(d);
@@ -634,7 +634,7 @@ long do_memory_op(unsigned long cmd, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( d == NULL )
             return -ESRCH;
 
-        rc = xsm_memory_stat_reservation(current->domain, d);
+        rc = xsm_target_memory_stat_reservation(current->domain, d);
         if ( rc )
         {
             rcu_unlock_domain(d);
@@ -672,7 +672,7 @@ long do_memory_op(unsigned long cmd, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( d == NULL )
             return -ESRCH;
 
-        if ( xsm_remove_from_physmap(current->domain, d) )
+        if ( xsm_target_remove_from_physmap(current->domain, d) )
         {
             rcu_unlock_domain(d);
             return -EPERM;
diff --git a/xen/common/schedule.c b/xen/common/schedule.c
index cfd173d..2cad778 100644
--- a/xen/common/schedule.c
+++ b/xen/common/schedule.c
@@ -921,7 +921,7 @@ ret_t do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( d == NULL )
             break;
 
-        ret = xsm_schedop_shutdown(current->domain, d);
+        ret = xsm_dm_schedop_shutdown(current->domain, d);
         if ( ret )
         {
             rcu_unlock_domain(d);
diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c
index cbefb0e..d6e3f6c 100644
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -57,7 +57,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
     {
     case XEN_SYSCTL_readconsole:
     {
-        ret = xsm_readconsole(op->u.readconsole.clear);
+        ret = xsm_hook_readconsole(op->u.readconsole.clear);
         if ( ret )
             break;
 
@@ -100,7 +100,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) 
u_sysctl)
             if ( num_domains == op->u.getdomaininfolist.max_domains )
                 break;
 
-            ret = xsm_getdomaininfo(d);
+            ret = xsm_hook_getdomaininfo(d);
             if ( ret )
                 continue;
 
@@ -231,7 +231,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) 
u_sysctl)
         uint32_t *status, *ptr;
         unsigned long pfn;
 
-        ret = xsm_page_offline(op->u.page_offline.cmd);
+        ret = xsm_hook_page_offline(op->u.page_offline.cmd);
         if ( ret )
             break;
 
diff --git a/xen/common/xenoprof.c b/xen/common/xenoprof.c
index ae0435b..7a82e3a 100644
--- a/xen/common/xenoprof.c
+++ b/xen/common/xenoprof.c
@@ -680,7 +680,7 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) 
arg)
         return -EPERM;
     }
 
-    ret = xsm_profile(current->domain, op);
+    ret = xsm_hook_profile(current->domain, op);
     if ( ret )
         return ret;
 
diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c
index b2c3ee3..b6faa43 100644
--- a/xen/drivers/char/console.c
+++ b/xen/drivers/char/console.c
@@ -406,7 +406,7 @@ long do_console_io(int cmd, int count, 
XEN_GUEST_HANDLE_PARAM(char) buffer)
     long rc;
     unsigned int idx, len;
 
-    rc = xsm_console_io(current->domain, cmd);
+    rc = xsm_priv_console_io(current->domain, cmd);
     if ( rc )
         return rc;
 
diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c
index 9d13185..52eff81 100644
--- a/xen/drivers/passthrough/iommu.c
+++ b/xen/drivers/passthrough/iommu.c
@@ -452,7 +452,7 @@ static int iommu_get_device_group(
              ((pdev->bus == bus) && (pdev->devfn == devfn)) )
             continue;
 
-        if ( xsm_get_device_group((seg << 16) | (pdev->bus << 8) | 
pdev->devfn) )
+        if ( xsm_hook_get_device_group((seg << 16) | (pdev->bus << 8) | 
pdev->devfn) )
             continue;
 
         sdev_id = ops->get_device_group_id(seg, pdev->bus, pdev->devfn);
@@ -555,7 +555,7 @@ int iommu_do_domctl(
         u32 max_sdevs;
         XEN_GUEST_HANDLE_64(uint32) sdevs;
 
-        ret = xsm_get_device_group(domctl->u.get_device_group.machine_sbdf);
+        ret = 
xsm_hook_get_device_group(domctl->u.get_device_group.machine_sbdf);
         if ( ret )
             break;
 
@@ -583,7 +583,7 @@ int iommu_do_domctl(
     break;
 
     case XEN_DOMCTL_test_assign_device:
-        ret = xsm_test_assign_device(domctl->u.assign_device.machine_sbdf);
+        ret = 
xsm_hook_test_assign_device(domctl->u.assign_device.machine_sbdf);
         if ( ret )
             break;
 
@@ -607,7 +607,7 @@ int iommu_do_domctl(
             break;
         }
 
-        ret = xsm_assign_device(d, domctl->u.assign_device.machine_sbdf);
+        ret = xsm_hook_assign_device(d, domctl->u.assign_device.machine_sbdf);
         if ( ret )
             break;
 
@@ -626,7 +626,7 @@ int iommu_do_domctl(
         break;
 
     case XEN_DOMCTL_deassign_device:
-        ret = xsm_deassign_device(d, domctl->u.assign_device.machine_sbdf);
+        ret = xsm_hook_deassign_device(d, 
domctl->u.assign_device.machine_sbdf);
         if ( ret )
             break;
 
diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c
index d5ef4c1..43eceab 100644
--- a/xen/drivers/passthrough/pci.c
+++ b/xen/drivers/passthrough/pci.c
@@ -380,7 +380,7 @@ int pci_add_device(u16 seg, u8 bus, u8 devfn, const struct 
pci_dev_info *info)
         pdev_type = "device";
     }
 
-    ret = xsm_resource_plug_pci((seg << 16) | (bus << 8) | devfn);
+    ret = xsm_priv_resource_plug_pci((seg << 16) | (bus << 8) | devfn);
     if ( ret )
         return ret;
 
@@ -496,7 +496,7 @@ int pci_remove_device(u16 seg, u8 bus, u8 devfn)
     struct pci_dev *pdev;
     int ret;
 
-    ret = xsm_resource_unplug_pci((seg << 16) | (bus << 8) | devfn);
+    ret = xsm_priv_resource_unplug_pci((seg << 16) | (bus << 8) | devfn);
     if ( ret )
         return ret;
 
diff --git a/xen/include/xen/tmem_xen.h b/xen/include/xen/tmem_xen.h
index 8dec5aa..81d88f3 100644
--- a/xen/include/xen/tmem_xen.h
+++ b/xen/include/xen/tmem_xen.h
@@ -329,12 +329,12 @@ static inline bool_t tmh_set_client_from_id(
 
 static inline bool_t tmh_current_permitted(void)
 {
-    return !xsm_tmem_op();
+    return !xsm_hook_tmem_op();
 }
 
 static inline bool_t tmh_current_is_privileged(void)
 {
-    return !xsm_tmem_control();
+    return !xsm_priv_tmem_control();
 }
 
 static inline uint8_t tmh_get_first_byte(pfp_t *pfp)
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index aaac50d3..09ee3f2 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -11,23 +11,23 @@
 #include <xen/sched.h>
 #include <xsm/xsm.h>
 
-static XSM_INLINE void xsm_security_domaininfo(struct domain *d,
+static XSM_INLINE void xsm_populate_security_domaininfo(struct domain *d,
                                     struct xen_domctl_getdomaininfo *info)
 {
     return;
 }
 
-static XSM_INLINE int xsm_domain_create(struct domain *d, u32 ssidref)
+static XSM_INLINE int xsm_hook_domain_create(struct domain *d, u32 ssidref)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_getdomaininfo(struct domain *d)
+static XSM_INLINE int xsm_hook_getdomaininfo(struct domain *d)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_set_target(struct domain *d, struct domain *e)
+static XSM_INLINE int xsm_hook_set_target(struct domain *d, struct domain *e)
 {
     return 0;
 }
@@ -58,12 +58,12 @@ static XSM_INLINE int xsm_sysctl(int cmd)
     return 0;
 }
 
-static XSM_INLINE int xsm_readconsole(uint32_t clear)
+static XSM_INLINE int xsm_hook_readconsole(uint32_t clear)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_do_mca(void)
+static XSM_INLINE int xsm_priv_do_mca(void)
 {
     if ( !IS_PRIV(current->domain) )
         return -EPERM;
@@ -80,49 +80,49 @@ static XSM_INLINE void xsm_free_security_domain(struct 
domain *d)
     return;
 }
 
-static XSM_INLINE int xsm_grant_mapref(struct domain *d1, struct domain *d2,
+static XSM_INLINE int xsm_hook_grant_mapref(struct domain *d1, struct domain 
*d2,
                                                                 uint32_t flags)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_grant_unmapref(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_hook_grant_unmapref(struct domain *d1, struct domain 
*d2)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_grant_setup(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_target_grant_setup(struct domain *d1, struct domain 
*d2)
 {
     if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_grant_transfer(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_hook_grant_transfer(struct domain *d1, struct domain 
*d2)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_grant_copy(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_hook_grant_copy(struct domain *d1, struct domain *d2)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_grant_query_size(struct domain *d1, struct domain 
*d2)
+static XSM_INLINE int xsm_target_grant_query_size(struct domain *d1, struct 
domain *d2)
 {
     if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_memory_exchange(struct domain *d)
+static XSM_INLINE int xsm_target_memory_exchange(struct domain *d)
 {
     if ( d != current->domain && !IS_PRIV_FOR(current->domain, d) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_memory_adjust_reservation(struct domain *d1,
+static XSM_INLINE int xsm_target_memory_adjust_reservation(struct domain *d1,
                                                             struct domain *d2)
 {
     if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
@@ -130,14 +130,14 @@ static XSM_INLINE int 
xsm_memory_adjust_reservation(struct domain *d1,
     return 0;
 }
 
-static XSM_INLINE int xsm_memory_stat_reservation(struct domain *d1, struct 
domain *d2)
+static XSM_INLINE int xsm_target_memory_stat_reservation(struct domain *d1, 
struct domain *d2)
 {
     if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_console_io(struct domain *d, int cmd)
+static XSM_INLINE int xsm_priv_console_io(struct domain *d, int cmd)
 {
 #ifndef VERBOSE
     if ( !IS_PRIV(current->domain) )
@@ -146,32 +146,32 @@ static XSM_INLINE int xsm_console_io(struct domain *d, 
int cmd)
     return 0;
 }
 
-static XSM_INLINE int xsm_profile(struct domain *d, int op)
+static XSM_INLINE int xsm_hook_profile(struct domain *d, int op)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_kexec(void)
+static XSM_INLINE int xsm_priv_kexec(void)
 {
     if ( !IS_PRIV(current->domain) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_schedop_shutdown(struct domain *d1, struct domain 
*d2)
+static XSM_INLINE int xsm_dm_schedop_shutdown(struct domain *d1, struct domain 
*d2)
 {
     if ( !IS_PRIV_FOR(d1, d2) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_memory_pin_page(struct domain *d1, struct domain *d2,
+static XSM_INLINE int xsm_hook_memory_pin_page(struct domain *d1, struct 
domain *d2,
                                           struct page_info *page)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_evtchn_unbound(struct domain *d, struct evtchn *chn,
+static XSM_INLINE int xsm_target_evtchn_unbound(struct domain *d, struct 
evtchn *chn,
                                          domid_t id2)
 {
     if ( current->domain != d && !IS_PRIV_FOR(current->domain, d) )
@@ -179,30 +179,30 @@ static XSM_INLINE int xsm_evtchn_unbound(struct domain 
*d, struct evtchn *chn,
     return 0;
 }
 
-static XSM_INLINE int xsm_evtchn_interdomain(struct domain *d1, struct evtchn
+static XSM_INLINE int xsm_hook_evtchn_interdomain(struct domain *d1, struct 
evtchn
                                 *chan1, struct domain *d2, struct evtchn 
*chan2)
 {
     return 0;
 }
 
-static XSM_INLINE void xsm_evtchn_close_post(struct evtchn *chn)
+static XSM_INLINE void xsm_hook_evtchn_close_post(struct evtchn *chn)
 {
     return;
 }
 
-static XSM_INLINE int xsm_evtchn_send(struct domain *d, struct evtchn *chn)
+static XSM_INLINE int xsm_hook_evtchn_send(struct domain *d, struct evtchn 
*chn)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_evtchn_status(struct domain *d, struct evtchn *chn)
+static XSM_INLINE int xsm_target_evtchn_status(struct domain *d, struct evtchn 
*chn)
 {
     if ( current->domain != d && !IS_PRIV_FOR(current->domain, d) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_evtchn_reset(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_target_evtchn_reset(struct domain *d1, struct domain 
*d2)
 {
     if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
         return -EPERM;
@@ -224,96 +224,96 @@ static XSM_INLINE char * xsm_show_security_evtchn(struct 
domain *d, const struct
     return NULL;
 }
 
-static XSM_INLINE int xsm_get_pod_target(struct domain *d)
+static XSM_INLINE int xsm_priv_get_pod_target(struct domain *d)
 {
     if ( !IS_PRIV(current->domain) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_set_pod_target(struct domain *d)
+static XSM_INLINE int xsm_priv_set_pod_target(struct domain *d)
 {
     if ( !IS_PRIV(current->domain) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_get_device_group(uint32_t machine_bdf)
+static XSM_INLINE int xsm_hook_get_device_group(uint32_t machine_bdf)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_test_assign_device(uint32_t machine_bdf)
+static XSM_INLINE int xsm_hook_test_assign_device(uint32_t machine_bdf)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_assign_device(struct domain *d, uint32_t machine_bdf)
+static XSM_INLINE int xsm_hook_assign_device(struct domain *d, uint32_t 
machine_bdf)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_deassign_device(struct domain *d, uint32_t 
machine_bdf)
+static XSM_INLINE int xsm_hook_deassign_device(struct domain *d, uint32_t 
machine_bdf)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_resource_plug_core(void)
+static XSM_INLINE int xsm_hook_resource_plug_core(void)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_resource_unplug_core(void)
+static XSM_INLINE int xsm_hook_resource_unplug_core(void)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_resource_plug_pci(uint32_t machine_bdf)
+static XSM_INLINE int xsm_priv_resource_plug_pci(uint32_t machine_bdf)
 {
     if ( !IS_PRIV(current->domain) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_resource_unplug_pci(uint32_t machine_bdf)
+static XSM_INLINE int xsm_priv_resource_unplug_pci(uint32_t machine_bdf)
 {
     if ( !IS_PRIV(current->domain) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_resource_setup_pci(uint32_t machine_bdf)
+static XSM_INLINE int xsm_priv_resource_setup_pci(uint32_t machine_bdf)
 {
     if ( !IS_PRIV(current->domain) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_resource_setup_gsi(int gsi)
+static XSM_INLINE int xsm_priv_resource_setup_gsi(int gsi)
 {
     if ( !IS_PRIV(current->domain) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_resource_setup_misc(void)
+static XSM_INLINE int xsm_priv_resource_setup_misc(void)
 {
     if ( !IS_PRIV(current->domain) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_page_offline(uint32_t cmd)
+static XSM_INLINE int xsm_hook_page_offline(uint32_t cmd)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_tmem_op(void)
+static XSM_INLINE int xsm_hook_tmem_op(void)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_tmem_control(void)
+static XSM_INLINE int xsm_priv_tmem_control(void)
 {
     if ( !IS_PRIV(current->domain) )
         return -EPERM;
@@ -330,34 +330,34 @@ static XSM_INLINE char * xsm_show_irq_sid(int irq)
     return NULL;
 }
 
-static XSM_INLINE int xsm_map_domain_pirq(struct domain *d, int irq, void 
*data)
+static XSM_INLINE int xsm_hook_map_domain_pirq(struct domain *d, int irq, void 
*data)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_unmap_domain_pirq(struct domain *d, int irq)
+static XSM_INLINE int xsm_dm_unmap_domain_pirq(struct domain *d, int irq)
 {
     if ( !IS_PRIV_FOR(current->domain, d) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_irq_permission(struct domain *d, int pirq, uint8_t 
allow)
+static XSM_INLINE int xsm_hook_irq_permission(struct domain *d, int pirq, 
uint8_t allow)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_iomem_permission(struct domain *d, uint64_t s, 
uint64_t e, uint8_t allow)
+static XSM_INLINE int xsm_hook_iomem_permission(struct domain *d, uint64_t s, 
uint64_t e, uint8_t allow)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_iomem_mapping(struct domain *d, uint64_t s, uint64_t 
e, uint8_t allow)
+static XSM_INLINE int xsm_hook_iomem_mapping(struct domain *d, uint64_t s, 
uint64_t e, uint8_t allow)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_pci_config_permission(struct domain *d, uint32_t 
machine_bdf,
+static XSM_INLINE int xsm_hook_pci_config_permission(struct domain *d, 
uint32_t machine_bdf,
                                         uint16_t start, uint16_t end,
                                         uint8_t access)
 {
@@ -365,96 +365,96 @@ static XSM_INLINE int xsm_pci_config_permission(struct 
domain *d, uint32_t machi
 }
 
 #ifdef CONFIG_X86
-static XSM_INLINE int xsm_shadow_control(struct domain *d, uint32_t op)
+static XSM_INLINE int xsm_hook_shadow_control(struct domain *d, uint32_t op)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_hvm_param(struct domain *d, unsigned long op)
+static XSM_INLINE int xsm_target_hvm_param(struct domain *d, unsigned long op)
 {
     if ( current->domain != d && !IS_PRIV_FOR(current->domain, d) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_hvm_set_pci_intx_level(struct domain *d)
+static XSM_INLINE int xsm_dm_hvm_set_pci_intx_level(struct domain *d)
 {
     if ( !IS_PRIV_FOR(current->domain, d) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_hvm_set_isa_irq_level(struct domain *d)
+static XSM_INLINE int xsm_dm_hvm_set_isa_irq_level(struct domain *d)
 {
     if ( !IS_PRIV_FOR(current->domain, d) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_hvm_set_pci_link_route(struct domain *d)
+static XSM_INLINE int xsm_dm_hvm_set_pci_link_route(struct domain *d)
 {
     if ( !IS_PRIV_FOR(current->domain, d) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_hvm_inject_msi(struct domain *d)
+static XSM_INLINE int xsm_dm_hvm_inject_msi(struct domain *d)
 {
     if ( !IS_PRIV_FOR(current->domain, d) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_mem_event_control(struct domain *d, int mode, int op)
+static XSM_INLINE int xsm_dm_mem_event_control(struct domain *d, int mode, int 
op)
 {
     if ( !IS_PRIV(current->domain) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_mem_event_op(struct domain *d, int op)
+static XSM_INLINE int xsm_dm_mem_event_op(struct domain *d, int op)
 {
     if ( !IS_PRIV_FOR(current->domain, d) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_mem_sharing_op(struct domain *d, struct domain *cd, 
int op)
+static XSM_INLINE int xsm_dm_mem_sharing_op(struct domain *d, struct domain 
*cd, int op)
 {
     if ( !IS_PRIV_FOR(current->domain, cd) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_apic(struct domain *d, int cmd)
+static XSM_INLINE int xsm_priv_apic(struct domain *d, int cmd)
 {
     if ( !IS_PRIV(d) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_platform_op(uint32_t op)
+static XSM_INLINE int xsm_priv_platform_op(uint32_t op)
 {
     if ( !IS_PRIV(current->domain) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_machine_memory_map(void)
+static XSM_INLINE int xsm_priv_machine_memory_map(void)
 {
     if ( !IS_PRIV(current->domain) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_domain_memory_map(struct domain *d)
+static XSM_INLINE int xsm_target_domain_memory_map(struct domain *d)
 {
     if ( current->domain != d && !IS_PRIV_FOR(current->domain, d) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_mmu_update(struct domain *d, struct domain *t,
+static XSM_INLINE int xsm_target_mmu_update(struct domain *d, struct domain *t,
                                      struct domain *f, uint32_t flags)
 {
     if ( t && d != t && !IS_PRIV_FOR(d, t) )
@@ -464,14 +464,14 @@ static XSM_INLINE int xsm_mmu_update(struct domain *d, 
struct domain *t,
     return 0;
 }
 
-static XSM_INLINE int xsm_mmuext_op(struct domain *d, struct domain *f)
+static XSM_INLINE int xsm_target_mmuext_op(struct domain *d, struct domain *f)
 {
     if ( d != f && !IS_PRIV_FOR(d, f) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_update_va_mapping(struct domain *d, struct domain 
*f, 
+static XSM_INLINE int xsm_target_update_va_mapping(struct domain *d, struct 
domain *f, 
                                                             l1_pgentry_t pte)
 {
     if ( d != f && !IS_PRIV_FOR(d, f) )
@@ -479,36 +479,36 @@ static XSM_INLINE int xsm_update_va_mapping(struct domain 
*d, struct domain *f,
     return 0;
 }
 
-static XSM_INLINE int xsm_add_to_physmap(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_target_add_to_physmap(struct domain *d1, struct 
domain *d2)
 {
     if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_remove_from_physmap(struct domain *d1, struct domain 
*d2)
+static XSM_INLINE int xsm_target_remove_from_physmap(struct domain *d1, struct 
domain *d2)
 {
     if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
         return -EPERM;
     return 0;
 }
 
-static XSM_INLINE int xsm_bind_pt_irq(struct domain *d, struct 
xen_domctl_bind_pt_irq *bind)
+static XSM_INLINE int xsm_hook_bind_pt_irq(struct domain *d, struct 
xen_domctl_bind_pt_irq *bind)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_unbind_pt_irq(struct domain *d, struct 
xen_domctl_bind_pt_irq *bind)
+static XSM_INLINE int xsm_hook_unbind_pt_irq(struct domain *d, struct 
xen_domctl_bind_pt_irq *bind)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_ioport_permission(struct domain *d, uint32_t s, 
uint32_t e, uint8_t allow)
+static XSM_INLINE int xsm_hook_ioport_permission(struct domain *d, uint32_t s, 
uint32_t e, uint8_t allow)
 {
     return 0;
 }
 
-static XSM_INLINE int xsm_ioport_mapping(struct domain *d, uint32_t s, 
uint32_t e, uint8_t allow)
+static XSM_INLINE int xsm_hook_ioport_mapping(struct domain *d, uint32_t s, 
uint32_t e, uint8_t allow)
 {
     return 0;
 }
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 105201e..c3a29b6 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -39,30 +39,30 @@ extern xsm_initcall_t __xsm_initcall_start[], 
__xsm_initcall_end[];
     __used_section(".xsm_initcall.init") = fn
 
 struct xsm_operations {
-    void (*security_domaininfo) (struct domain *d,
+    void (*populate_security_domaininfo) (struct domain *d,
                                         struct xen_domctl_getdomaininfo *info);
-    int (*domain_create) (struct domain *d, u32 ssidref);
-    int (*getdomaininfo) (struct domain *d);
-    int (*set_target) (struct domain *d, struct domain *e);
+    int (*hook_domain_create) (struct domain *d, u32 ssidref);
+    int (*hook_getdomaininfo) (struct domain *d);
+    int (*hook_set_target) (struct domain *d, struct domain *e);
     int (*domctl) (struct domain *d, int cmd);
     int (*sysctl) (int cmd);
-    int (*readconsole) (uint32_t clear);
-    int (*do_mca) (void);
+    int (*hook_readconsole) (uint32_t clear);
+    int (*priv_do_mca) (void);
 
-    int (*evtchn_unbound) (struct domain *d, struct evtchn *chn, domid_t id2);
-    int (*evtchn_interdomain) (struct domain *d1, struct evtchn *chn1,
+    int (*target_evtchn_unbound) (struct domain *d, struct evtchn *chn, 
domid_t id2);
+    int (*hook_evtchn_interdomain) (struct domain *d1, struct evtchn *chn1,
                                         struct domain *d2, struct evtchn 
*chn2);
-    void (*evtchn_close_post) (struct evtchn *chn);
-    int (*evtchn_send) (struct domain *d, struct evtchn *chn);
-    int (*evtchn_status) (struct domain *d, struct evtchn *chn);
-    int (*evtchn_reset) (struct domain *d1, struct domain *d2);
-
-    int (*grant_mapref) (struct domain *d1, struct domain *d2, uint32_t flags);
-    int (*grant_unmapref) (struct domain *d1, struct domain *d2);
-    int (*grant_setup) (struct domain *d1, struct domain *d2);
-    int (*grant_transfer) (struct domain *d1, struct domain *d2);
-    int (*grant_copy) (struct domain *d1, struct domain *d2);
-    int (*grant_query_size) (struct domain *d1, struct domain *d2);
+    void (*hook_evtchn_close_post) (struct evtchn *chn);
+    int (*hook_evtchn_send) (struct domain *d, struct evtchn *chn);
+    int (*target_evtchn_status) (struct domain *d, struct evtchn *chn);
+    int (*target_evtchn_reset) (struct domain *d1, struct domain *d2);
+
+    int (*hook_grant_mapref) (struct domain *d1, struct domain *d2, uint32_t 
flags);
+    int (*hook_grant_unmapref) (struct domain *d1, struct domain *d2);
+    int (*target_grant_setup) (struct domain *d1, struct domain *d2);
+    int (*hook_grant_transfer) (struct domain *d1, struct domain *d2);
+    int (*hook_grant_copy) (struct domain *d1, struct domain *d2);
+    int (*target_grant_query_size) (struct domain *d1, struct domain *d2);
 
     int (*alloc_security_domain) (struct domain *d);
     void (*free_security_domain) (struct domain *d);
@@ -70,76 +70,76 @@ struct xsm_operations {
     void (*free_security_evtchn) (struct evtchn *chn);
     char *(*show_security_evtchn) (struct domain *d, const struct evtchn *chn);
 
-    int (*get_pod_target) (struct domain *d);
-    int (*set_pod_target) (struct domain *d);
-    int (*memory_exchange) (struct domain *d);
-    int (*memory_adjust_reservation) (struct domain *d1, struct domain *d2);
-    int (*memory_stat_reservation) (struct domain *d1, struct domain *d2);
-    int (*memory_pin_page) (struct domain *d1, struct domain *d2, struct 
page_info *page);
-    int (*remove_from_physmap) (struct domain *d1, struct domain *d2);
+    int (*priv_get_pod_target) (struct domain *d);
+    int (*priv_set_pod_target) (struct domain *d);
+    int (*target_memory_exchange) (struct domain *d);
+    int (*target_memory_adjust_reservation) (struct domain *d1, struct domain 
*d2);
+    int (*target_memory_stat_reservation) (struct domain *d1, struct domain 
*d2);
+    int (*hook_memory_pin_page) (struct domain *d1, struct domain *d2, struct 
page_info *page);
+    int (*target_remove_from_physmap) (struct domain *d1, struct domain *d2);
 
-    int (*console_io) (struct domain *d, int cmd);
+    int (*priv_console_io) (struct domain *d, int cmd);
 
-    int (*profile) (struct domain *d, int op);
+    int (*hook_profile) (struct domain *d, int op);
 
-    int (*kexec) (void);
-    int (*schedop_shutdown) (struct domain *d1, struct domain *d2);
+    int (*priv_kexec) (void);
+    int (*dm_schedop_shutdown) (struct domain *d1, struct domain *d2);
 
     char *(*show_irq_sid) (int irq);
-    int (*map_domain_pirq) (struct domain *d, int irq, void *data);
-    int (*unmap_domain_pirq) (struct domain *d, int irq);
-    int (*irq_permission) (struct domain *d, int pirq, uint8_t allow);
-    int (*iomem_permission) (struct domain *d, uint64_t s, uint64_t e, uint8_t 
allow);
-    int (*iomem_mapping) (struct domain *d, uint64_t s, uint64_t e, uint8_t 
allow);
-    int (*pci_config_permission) (struct domain *d, uint32_t machine_bdf, 
uint16_t start, uint16_t end, uint8_t access);
-
-    int (*get_device_group) (uint32_t machine_bdf);
-    int (*test_assign_device) (uint32_t machine_bdf);
-    int (*assign_device) (struct domain *d, uint32_t machine_bdf);
-    int (*deassign_device) (struct domain *d, uint32_t machine_bdf);
-
-    int (*resource_plug_core) (void);
-    int (*resource_unplug_core) (void);
-    int (*resource_plug_pci) (uint32_t machine_bdf);
-    int (*resource_unplug_pci) (uint32_t machine_bdf);
-    int (*resource_setup_pci) (uint32_t machine_bdf);
-    int (*resource_setup_gsi) (int gsi);
-    int (*resource_setup_misc) (void);
-
-    int (*page_offline)(uint32_t cmd);
-    int (*tmem_op)(void);
-    int (*tmem_control)(void);
+    int (*hook_map_domain_pirq) (struct domain *d, int irq, void *data);
+    int (*dm_unmap_domain_pirq) (struct domain *d, int irq);
+    int (*hook_irq_permission) (struct domain *d, int pirq, uint8_t allow);
+    int (*hook_iomem_permission) (struct domain *d, uint64_t s, uint64_t e, 
uint8_t allow);
+    int (*hook_iomem_mapping) (struct domain *d, uint64_t s, uint64_t e, 
uint8_t allow);
+    int (*hook_pci_config_permission) (struct domain *d, uint32_t machine_bdf, 
uint16_t start, uint16_t end, uint8_t access);
+
+    int (*hook_get_device_group) (uint32_t machine_bdf);
+    int (*hook_test_assign_device) (uint32_t machine_bdf);
+    int (*hook_assign_device) (struct domain *d, uint32_t machine_bdf);
+    int (*hook_deassign_device) (struct domain *d, uint32_t machine_bdf);
+
+    int (*hook_resource_plug_core) (void);
+    int (*hook_resource_unplug_core) (void);
+    int (*priv_resource_plug_pci) (uint32_t machine_bdf);
+    int (*priv_resource_unplug_pci) (uint32_t machine_bdf);
+    int (*priv_resource_setup_pci) (uint32_t machine_bdf);
+    int (*priv_resource_setup_gsi) (int gsi);
+    int (*priv_resource_setup_misc) (void);
+
+    int (*hook_page_offline)(uint32_t cmd);
+    int (*hook_tmem_op)(void);
+    int (*priv_tmem_control)(void);
 
     long (*do_xsm_op) (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op);
 
 #ifdef CONFIG_X86
-    int (*shadow_control) (struct domain *d, uint32_t op);
-    int (*hvm_param) (struct domain *d, unsigned long op);
-    int (*hvm_set_pci_intx_level) (struct domain *d);
-    int (*hvm_set_isa_irq_level) (struct domain *d);
-    int (*hvm_set_pci_link_route) (struct domain *d);
-    int (*hvm_inject_msi) (struct domain *d);
-    int (*mem_event_control) (struct domain *d, int mode, int op);
-    int (*mem_event_op) (struct domain *d, int op);
-    int (*mem_sharing_op) (struct domain *d, struct domain *cd, int op);
-    int (*apic) (struct domain *d, int cmd);
+    int (*hook_shadow_control) (struct domain *d, uint32_t op);
+    int (*target_hvm_param) (struct domain *d, unsigned long op);
+    int (*dm_hvm_set_pci_intx_level) (struct domain *d);
+    int (*dm_hvm_set_isa_irq_level) (struct domain *d);
+    int (*dm_hvm_set_pci_link_route) (struct domain *d);
+    int (*dm_hvm_inject_msi) (struct domain *d);
+    int (*dm_mem_event_control) (struct domain *d, int mode, int op);
+    int (*dm_mem_event_op) (struct domain *d, int op);
+    int (*dm_mem_sharing_op) (struct domain *d, struct domain *cd, int op);
+    int (*priv_apic) (struct domain *d, int cmd);
     int (*memtype) (uint32_t access);
-    int (*platform_op) (uint32_t cmd);
-    int (*machine_memory_map) (void);
-    int (*domain_memory_map) (struct domain *d);
+    int (*priv_platform_op) (uint32_t cmd);
+    int (*priv_machine_memory_map) (void);
+    int (*target_domain_memory_map) (struct domain *d);
 #define XSM_MMU_UPDATE_READ      1
 #define XSM_MMU_UPDATE_WRITE     2
 #define XSM_MMU_NORMAL_UPDATE    4
 #define XSM_MMU_MACHPHYS_UPDATE  8
-    int (*mmu_update) (struct domain *d, struct domain *t,
+    int (*target_mmu_update) (struct domain *d, struct domain *t,
                        struct domain *f, uint32_t flags);
-    int (*mmuext_op) (struct domain *d, struct domain *f);
-    int (*update_va_mapping) (struct domain *d, struct domain *f, l1_pgentry_t 
pte);
-    int (*add_to_physmap) (struct domain *d1, struct domain *d2);
-    int (*bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind);
-    int (*unbind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq 
*bind);
-    int (*ioport_permission) (struct domain *d, uint32_t s, uint32_t e, 
uint8_t allow);
-    int (*ioport_mapping) (struct domain *d, uint32_t s, uint32_t e, uint8_t 
allow);
+    int (*target_mmuext_op) (struct domain *d, struct domain *f);
+    int (*target_update_va_mapping) (struct domain *d, struct domain *f, 
l1_pgentry_t pte);
+    int (*target_add_to_physmap) (struct domain *d1, struct domain *d2);
+    int (*hook_bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq 
*bind);
+    int (*hook_unbind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq 
*bind);
+    int (*hook_ioport_permission) (struct domain *d, uint32_t s, uint32_t e, 
uint8_t allow);
+    int (*hook_ioport_mapping) (struct domain *d, uint32_t s, uint32_t e, 
uint8_t allow);
 #endif
 };
 
@@ -149,25 +149,25 @@ extern struct xsm_operations *xsm_ops;
 
 #ifndef XSM_NO_WRAPPERS
 
-static inline void xsm_security_domaininfo (struct domain *d,
+static inline void xsm_populate_security_domaininfo (struct domain *d,
                                         struct xen_domctl_getdomaininfo *info)
 {
-    xsm_ops->security_domaininfo(d, info);
+    xsm_ops->populate_security_domaininfo(d, info);
 }
 
-static inline int xsm_domain_create (struct domain *d, u32 ssidref)
+static inline int xsm_hook_domain_create (struct domain *d, u32 ssidref)
 {
-    return xsm_ops->domain_create(d, ssidref);
+    return xsm_ops->hook_domain_create(d, ssidref);
 }
 
-static inline int xsm_getdomaininfo (struct domain *d)
+static inline int xsm_hook_getdomaininfo (struct domain *d)
 {
-    return xsm_ops->getdomaininfo(d);
+    return xsm_ops->hook_getdomaininfo(d);
 }
 
-static inline int xsm_set_target (struct domain *d, struct domain *e)
+static inline int xsm_hook_set_target (struct domain *d, struct domain *e)
 {
-    return xsm_ops->set_target(d, e);
+    return xsm_ops->hook_set_target(d, e);
 }
 
 static inline int xsm_domctl (struct domain *d, int cmd)
@@ -180,77 +180,77 @@ static inline int xsm_sysctl (int cmd)
     return xsm_ops->sysctl(cmd);
 }
 
-static inline int xsm_readconsole (uint32_t clear)
+static inline int xsm_hook_readconsole (uint32_t clear)
 {
-    return xsm_ops->readconsole(clear);
+    return xsm_ops->hook_readconsole(clear);
 }
 
-static inline int xsm_do_mca(void)
+static inline int xsm_priv_do_mca(void)
 {
-    return xsm_ops->do_mca();
+    return xsm_ops->priv_do_mca();
 }
 
-static inline int xsm_evtchn_unbound (struct domain *d1, struct evtchn *chn,
+static inline int xsm_target_evtchn_unbound (struct domain *d1, struct evtchn 
*chn,
                                                                     domid_t 
id2)
 {
-    return xsm_ops->evtchn_unbound(d1, chn, id2);
+    return xsm_ops->target_evtchn_unbound(d1, chn, id2);
 }
 
-static inline int xsm_evtchn_interdomain (struct domain *d1, 
+static inline int xsm_hook_evtchn_interdomain (struct domain *d1, 
                 struct evtchn *chan1, struct domain *d2, struct evtchn *chan2)
 {
-    return xsm_ops->evtchn_interdomain(d1, chan1, d2, chan2);
+    return xsm_ops->hook_evtchn_interdomain(d1, chan1, d2, chan2);
 }
 
-static inline void xsm_evtchn_close_post (struct evtchn *chn)
+static inline void xsm_hook_evtchn_close_post (struct evtchn *chn)
 {
-    xsm_ops->evtchn_close_post(chn);
+    xsm_ops->hook_evtchn_close_post(chn);
 }
 
-static inline int xsm_evtchn_send (struct domain *d, struct evtchn *chn)
+static inline int xsm_hook_evtchn_send (struct domain *d, struct evtchn *chn)
 {
-    return xsm_ops->evtchn_send(d, chn);
+    return xsm_ops->hook_evtchn_send(d, chn);
 }
 
-static inline int xsm_evtchn_status (struct domain *d, struct evtchn *chn)
+static inline int xsm_target_evtchn_status (struct domain *d, struct evtchn 
*chn)
 {
-    return xsm_ops->evtchn_status(d, chn);
+    return xsm_ops->target_evtchn_status(d, chn);
 }
 
-static inline int xsm_evtchn_reset (struct domain *d1, struct domain *d2)
+static inline int xsm_target_evtchn_reset (struct domain *d1, struct domain 
*d2)
 {
-    return xsm_ops->evtchn_reset(d1, d2);
+    return xsm_ops->target_evtchn_reset(d1, d2);
 }
 
-static inline int xsm_grant_mapref (struct domain *d1, struct domain *d2,
+static inline int xsm_hook_grant_mapref (struct domain *d1, struct domain *d2,
                                                                 uint32_t flags)
 {
-    return xsm_ops->grant_mapref(d1, d2, flags);
+    return xsm_ops->hook_grant_mapref(d1, d2, flags);
 }
 
-static inline int xsm_grant_unmapref (struct domain *d1, struct domain *d2)
+static inline int xsm_hook_grant_unmapref (struct domain *d1, struct domain 
*d2)
 {
-    return xsm_ops->grant_unmapref(d1, d2);
+    return xsm_ops->hook_grant_unmapref(d1, d2);
 }
 
-static inline int xsm_grant_setup (struct domain *d1, struct domain *d2)
+static inline int xsm_target_grant_setup (struct domain *d1, struct domain *d2)
 {
-    return xsm_ops->grant_setup(d1, d2);
+    return xsm_ops->target_grant_setup(d1, d2);
 }
 
-static inline int xsm_grant_transfer (struct domain *d1, struct domain *d2)
+static inline int xsm_hook_grant_transfer (struct domain *d1, struct domain 
*d2)
 {
-    return xsm_ops->grant_transfer(d1, d2);
+    return xsm_ops->hook_grant_transfer(d1, d2);
 }
 
-static inline int xsm_grant_copy (struct domain *d1, struct domain *d2)
+static inline int xsm_hook_grant_copy (struct domain *d1, struct domain *d2)
 {
-    return xsm_ops->grant_copy(d1, d2);
+    return xsm_ops->hook_grant_copy(d1, d2);
 }
 
-static inline int xsm_grant_query_size (struct domain *d1, struct domain *d2)
+static inline int xsm_target_grant_query_size (struct domain *d1, struct 
domain *d2)
 {
-    return xsm_ops->grant_query_size(d1, d2);
+    return xsm_ops->target_grant_query_size(d1, d2);
 }
 
 static inline int xsm_alloc_security_domain (struct domain *d)
@@ -278,62 +278,62 @@ static inline char *xsm_show_security_evtchn (struct 
domain *d, const struct evt
     return xsm_ops->show_security_evtchn(d, chn);
 }
 
-static inline int xsm_get_pod_target (struct domain *d)
+static inline int xsm_priv_get_pod_target (struct domain *d)
 {
-    return xsm_ops->get_pod_target(d);
+    return xsm_ops->priv_get_pod_target(d);
 }
 
-static inline int xsm_set_pod_target (struct domain *d)
+static inline int xsm_priv_set_pod_target (struct domain *d)
 {
-    return xsm_ops->set_pod_target(d);
+    return xsm_ops->priv_set_pod_target(d);
 }
 
-static inline int xsm_memory_exchange (struct domain *d)
+static inline int xsm_target_memory_exchange (struct domain *d)
 {
-    return xsm_ops->memory_exchange(d);
+    return xsm_ops->target_memory_exchange(d);
 }
 
-static inline int xsm_memory_adjust_reservation (struct domain *d1, struct
+static inline int xsm_target_memory_adjust_reservation (struct domain *d1, 
struct
                                                                     domain *d2)
 {
-    return xsm_ops->memory_adjust_reservation(d1, d2);
+    return xsm_ops->target_memory_adjust_reservation(d1, d2);
 }
 
-static inline int xsm_memory_stat_reservation (struct domain *d1,
+static inline int xsm_target_memory_stat_reservation (struct domain *d1,
                                                             struct domain *d2)
 {
-    return xsm_ops->memory_stat_reservation(d1, d2);
+    return xsm_ops->target_memory_stat_reservation(d1, d2);
 }
 
-static inline int xsm_memory_pin_page(struct domain *d1, struct domain *d2,
+static inline int xsm_hook_memory_pin_page(struct domain *d1, struct domain 
*d2,
                                       struct page_info *page)
 {
-    return xsm_ops->memory_pin_page(d1, d2, page);
+    return xsm_ops->hook_memory_pin_page(d1, d2, page);
 }
 
-static inline int xsm_remove_from_physmap(struct domain *d1, struct domain *d2)
+static inline int xsm_target_remove_from_physmap(struct domain *d1, struct 
domain *d2)
 {
-    return xsm_ops->remove_from_physmap(d1, d2);
+    return xsm_ops->target_remove_from_physmap(d1, d2);
 }
 
-static inline int xsm_console_io (struct domain *d, int cmd)
+static inline int xsm_priv_console_io (struct domain *d, int cmd)
 {
-    return xsm_ops->console_io(d, cmd);
+    return xsm_ops->priv_console_io(d, cmd);
 }
 
-static inline int xsm_profile (struct domain *d, int op)
+static inline int xsm_hook_profile (struct domain *d, int op)
 {
-    return xsm_ops->profile(d, op);
+    return xsm_ops->hook_profile(d, op);
 }
 
-static inline int xsm_kexec (void)
+static inline int xsm_priv_kexec (void)
 {
-    return xsm_ops->kexec();
+    return xsm_ops->priv_kexec();
 }
 
-static inline int xsm_schedop_shutdown (struct domain *d1, struct domain *d2)
+static inline int xsm_dm_schedop_shutdown (struct domain *d1, struct domain 
*d2)
 {
-    return xsm_ops->schedop_shutdown(d1, d2);
+    return xsm_ops->dm_schedop_shutdown(d1, d2);
 }
 
 static inline char *xsm_show_irq_sid (int irq)
@@ -341,104 +341,104 @@ static inline char *xsm_show_irq_sid (int irq)
     return xsm_ops->show_irq_sid(irq);
 }
 
-static inline int xsm_map_domain_pirq (struct domain *d, int irq, void *data)
+static inline int xsm_hook_map_domain_pirq (struct domain *d, int irq, void 
*data)
 {
-    return xsm_ops->map_domain_pirq(d, irq, data);
+    return xsm_ops->hook_map_domain_pirq(d, irq, data);
 }
 
-static inline int xsm_unmap_domain_pirq (struct domain *d, int irq)
+static inline int xsm_dm_unmap_domain_pirq (struct domain *d, int irq)
 {
-    return xsm_ops->unmap_domain_pirq(d, irq);
+    return xsm_ops->dm_unmap_domain_pirq(d, irq);
 }
 
-static inline int xsm_irq_permission (struct domain *d, int pirq, uint8_t 
allow)
+static inline int xsm_hook_irq_permission (struct domain *d, int pirq, uint8_t 
allow)
 {
-    return xsm_ops->irq_permission(d, pirq, allow);
+    return xsm_ops->hook_irq_permission(d, pirq, allow);
 }
 
-static inline int xsm_iomem_permission (struct domain *d, uint64_t s, uint64_t 
e, uint8_t allow)
+static inline int xsm_hook_iomem_permission (struct domain *d, uint64_t s, 
uint64_t e, uint8_t allow)
 {
-    return xsm_ops->iomem_permission(d, s, e, allow);
+    return xsm_ops->hook_iomem_permission(d, s, e, allow);
 }
 
-static inline int xsm_iomem_mapping (struct domain *d, uint64_t s, uint64_t e, 
uint8_t allow)
+static inline int xsm_hook_iomem_mapping (struct domain *d, uint64_t s, 
uint64_t e, uint8_t allow)
 {
-    return xsm_ops->iomem_mapping(d, s, e, allow);
+    return xsm_ops->hook_iomem_mapping(d, s, e, allow);
 }
 
-static inline int xsm_pci_config_permission (struct domain *d, uint32_t 
machine_bdf, uint16_t start, uint16_t end, uint8_t access)
+static inline int xsm_hook_pci_config_permission (struct domain *d, uint32_t 
machine_bdf, uint16_t start, uint16_t end, uint8_t access)
 {
-    return xsm_ops->pci_config_permission(d, machine_bdf, start, end, access);
+    return xsm_ops->hook_pci_config_permission(d, machine_bdf, start, end, 
access);
 }
 
-static inline int xsm_get_device_group(uint32_t machine_bdf)
+static inline int xsm_hook_get_device_group(uint32_t machine_bdf)
 {
-    return xsm_ops->get_device_group(machine_bdf);
+    return xsm_ops->hook_get_device_group(machine_bdf);
 }
 
-static inline int xsm_test_assign_device(uint32_t machine_bdf)
+static inline int xsm_hook_test_assign_device(uint32_t machine_bdf)
 {
-    return xsm_ops->test_assign_device(machine_bdf);
+    return xsm_ops->hook_test_assign_device(machine_bdf);
 }
 
-static inline int xsm_assign_device(struct domain *d, uint32_t machine_bdf)
+static inline int xsm_hook_assign_device(struct domain *d, uint32_t 
machine_bdf)
 {
-    return xsm_ops->assign_device(d, machine_bdf);
+    return xsm_ops->hook_assign_device(d, machine_bdf);
 }
 
-static inline int xsm_deassign_device(struct domain *d, uint32_t machine_bdf)
+static inline int xsm_hook_deassign_device(struct domain *d, uint32_t 
machine_bdf)
 {
-    return xsm_ops->deassign_device(d, machine_bdf);
+    return xsm_ops->hook_deassign_device(d, machine_bdf);
 }
 
-static inline int xsm_resource_plug_pci (uint32_t machine_bdf)
+static inline int xsm_priv_resource_plug_pci (uint32_t machine_bdf)
 {
-    return xsm_ops->resource_plug_pci(machine_bdf);
+    return xsm_ops->priv_resource_plug_pci(machine_bdf);
 }
 
-static inline int xsm_resource_unplug_pci (uint32_t machine_bdf)
+static inline int xsm_priv_resource_unplug_pci (uint32_t machine_bdf)
 {
-    return xsm_ops->resource_unplug_pci(machine_bdf);
+    return xsm_ops->priv_resource_unplug_pci(machine_bdf);
 }
 
-static inline int xsm_resource_plug_core (void)
+static inline int xsm_hook_resource_plug_core (void)
 {
-    return xsm_ops->resource_plug_core();
+    return xsm_ops->hook_resource_plug_core();
 }
 
-static inline int xsm_resource_unplug_core (void)
+static inline int xsm_hook_resource_unplug_core (void)
 {
-    return xsm_ops->resource_unplug_core();
+    return xsm_ops->hook_resource_unplug_core();
 }
 
-static inline int xsm_resource_setup_pci (uint32_t machine_bdf)
+static inline int xsm_priv_resource_setup_pci (uint32_t machine_bdf)
 {
-    return xsm_ops->resource_setup_pci(machine_bdf);
+    return xsm_ops->priv_resource_setup_pci(machine_bdf);
 }
 
-static inline int xsm_resource_setup_gsi (int gsi)
+static inline int xsm_priv_resource_setup_gsi (int gsi)
 {
-    return xsm_ops->resource_setup_gsi(gsi);
+    return xsm_ops->priv_resource_setup_gsi(gsi);
 }
 
-static inline int xsm_resource_setup_misc (void)
+static inline int xsm_priv_resource_setup_misc (void)
 {
-    return xsm_ops->resource_setup_misc();
+    return xsm_ops->priv_resource_setup_misc();
 }
 
-static inline int xsm_page_offline(uint32_t cmd)
+static inline int xsm_hook_page_offline(uint32_t cmd)
 {
-    return xsm_ops->page_offline(cmd);
+    return xsm_ops->hook_page_offline(cmd);
 }
 
-static inline int xsm_tmem_op(void)
+static inline int xsm_hook_tmem_op(void)
 {
-    return xsm_ops->tmem_op();
+    return xsm_ops->hook_tmem_op();
 }
 
-static inline int xsm_tmem_control(void)
+static inline int xsm_priv_tmem_control(void)
 {
-    return xsm_ops->tmem_control();
+    return xsm_ops->priv_tmem_control();
 }
 
 static inline long xsm_do_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
@@ -447,54 +447,54 @@ static inline long xsm_do_xsm_op 
(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
 }
 
 #ifdef CONFIG_X86
-static inline int xsm_shadow_control (struct domain *d, uint32_t op)
+static inline int xsm_hook_shadow_control (struct domain *d, uint32_t op)
 {
-    return xsm_ops->shadow_control(d, op);
+    return xsm_ops->hook_shadow_control(d, op);
 }
 
-static inline int xsm_hvm_param (struct domain *d, unsigned long op)
+static inline int xsm_target_hvm_param (struct domain *d, unsigned long op)
 {
-    return xsm_ops->hvm_param(d, op);
+    return xsm_ops->target_hvm_param(d, op);
 }
 
-static inline int xsm_hvm_set_pci_intx_level (struct domain *d)
+static inline int xsm_dm_hvm_set_pci_intx_level (struct domain *d)
 {
-    return xsm_ops->hvm_set_pci_intx_level(d);
+    return xsm_ops->dm_hvm_set_pci_intx_level(d);
 }
 
-static inline int xsm_hvm_set_isa_irq_level (struct domain *d)
+static inline int xsm_dm_hvm_set_isa_irq_level (struct domain *d)
 {
-    return xsm_ops->hvm_set_isa_irq_level(d);
+    return xsm_ops->dm_hvm_set_isa_irq_level(d);
 }
 
-static inline int xsm_hvm_set_pci_link_route (struct domain *d)
+static inline int xsm_dm_hvm_set_pci_link_route (struct domain *d)
 {
-    return xsm_ops->hvm_set_pci_link_route(d);
+    return xsm_ops->dm_hvm_set_pci_link_route(d);
 }
 
-static inline int xsm_hvm_inject_msi (struct domain *d)
+static inline int xsm_dm_hvm_inject_msi (struct domain *d)
 {
-    return xsm_ops->hvm_inject_msi(d);
+    return xsm_ops->dm_hvm_inject_msi(d);
 }
 
-static inline int xsm_mem_event_control (struct domain *d, int mode, int op)
+static inline int xsm_dm_mem_event_control (struct domain *d, int mode, int op)
 {
-    return xsm_ops->mem_event_control(d, mode, op);
+    return xsm_ops->dm_mem_event_control(d, mode, op);
 }
 
-static inline int xsm_mem_event_op (struct domain *d, int op)
+static inline int xsm_dm_mem_event_op (struct domain *d, int op)
 {
-    return xsm_ops->mem_event_op(d, op);
+    return xsm_ops->dm_mem_event_op(d, op);
 }
 
-static inline int xsm_mem_sharing_op (struct domain *d, struct domain *cd, int 
op)
+static inline int xsm_dm_mem_sharing_op (struct domain *d, struct domain *cd, 
int op)
 {
-    return xsm_ops->mem_sharing_op(d, cd, op);
+    return xsm_ops->dm_mem_sharing_op(d, cd, op);
 }
 
-static inline int xsm_apic (struct domain *d, int cmd)
+static inline int xsm_priv_apic (struct domain *d, int cmd)
 {
-    return xsm_ops->apic(d, cmd);
+    return xsm_ops->priv_apic(d, cmd);
 }
 
 static inline int xsm_memtype (uint32_t access)
@@ -502,63 +502,63 @@ static inline int xsm_memtype (uint32_t access)
     return xsm_ops->memtype(access);
 }
 
-static inline int xsm_platform_op (uint32_t op)
+static inline int xsm_priv_platform_op (uint32_t op)
 {
-    return xsm_ops->platform_op(op);
+    return xsm_ops->priv_platform_op(op);
 }
 
-static inline int xsm_machine_memory_map(void)
+static inline int xsm_priv_machine_memory_map(void)
 {
-    return xsm_ops->machine_memory_map();
+    return xsm_ops->priv_machine_memory_map();
 }
 
-static inline int xsm_domain_memory_map(struct domain *d)
+static inline int xsm_target_domain_memory_map(struct domain *d)
 {
-    return xsm_ops->domain_memory_map(d);
+    return xsm_ops->target_domain_memory_map(d);
 }
 
-static inline int xsm_mmu_update (struct domain *d, struct domain *t,
+static inline int xsm_target_mmu_update (struct domain *d, struct domain *t,
                                   struct domain *f, uint32_t flags)
 {
-    return xsm_ops->mmu_update(d, t, f, flags);
+    return xsm_ops->target_mmu_update(d, t, f, flags);
 }
 
-static inline int xsm_mmuext_op (struct domain *d, struct domain *f)
+static inline int xsm_target_mmuext_op (struct domain *d, struct domain *f)
 {
-    return xsm_ops->mmuext_op(d, f);
+    return xsm_ops->target_mmuext_op(d, f);
 }
 
-static inline int xsm_update_va_mapping(struct domain *d, struct domain *f, 
+static inline int xsm_target_update_va_mapping(struct domain *d, struct domain 
*f, 
                                                             l1_pgentry_t pte)
 {
-    return xsm_ops->update_va_mapping(d, f, pte);
+    return xsm_ops->target_update_va_mapping(d, f, pte);
 }
 
-static inline int xsm_add_to_physmap(struct domain *d1, struct domain *d2)
+static inline int xsm_target_add_to_physmap(struct domain *d1, struct domain 
*d2)
 {
-    return xsm_ops->add_to_physmap(d1, d2);
+    return xsm_ops->target_add_to_physmap(d1, d2);
 }
 
-static inline int xsm_bind_pt_irq(struct domain *d, 
+static inline int xsm_hook_bind_pt_irq(struct domain *d, 
                                                 struct xen_domctl_bind_pt_irq 
*bind)
 {
-    return xsm_ops->bind_pt_irq(d, bind);
+    return xsm_ops->hook_bind_pt_irq(d, bind);
 }
 
-static inline int xsm_unbind_pt_irq(struct domain *d,
+static inline int xsm_hook_unbind_pt_irq(struct domain *d,
                                                 struct xen_domctl_bind_pt_irq 
*bind)
 {
-    return xsm_ops->unbind_pt_irq(d, bind);
+    return xsm_ops->hook_unbind_pt_irq(d, bind);
 }
 
-static inline int xsm_ioport_permission (struct domain *d, uint32_t s, 
uint32_t e, uint8_t allow)
+static inline int xsm_hook_ioport_permission (struct domain *d, uint32_t s, 
uint32_t e, uint8_t allow)
 {
-    return xsm_ops->ioport_permission(d, s, e, allow);
+    return xsm_ops->hook_ioport_permission(d, s, e, allow);
 }
 
-static inline int xsm_ioport_mapping (struct domain *d, uint32_t s, uint32_t 
e, uint8_t allow)
+static inline int xsm_hook_ioport_mapping (struct domain *d, uint32_t s, 
uint32_t e, uint8_t allow)
 {
-    return xsm_ops->ioport_mapping(d, s, e, allow);
+    return xsm_ops->hook_ioport_mapping(d, s, e, allow);
 }
 #endif /* CONFIG_X86 */
 #endif /* XSM_NO_WRAPPERS */
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 22c66e5..c29c5af 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -29,98 +29,98 @@ struct xsm_operations dummy_xsm_ops;
 
 void xsm_fixup_ops (struct xsm_operations *ops)
 {
-    set_to_dummy_if_null(ops, security_domaininfo);
-    set_to_dummy_if_null(ops, domain_create);
-    set_to_dummy_if_null(ops, getdomaininfo);
-    set_to_dummy_if_null(ops, set_target);
+    set_to_dummy_if_null(ops, populate_security_domaininfo);
+    set_to_dummy_if_null(ops, hook_domain_create);
+    set_to_dummy_if_null(ops, hook_getdomaininfo);
+    set_to_dummy_if_null(ops, hook_set_target);
     set_to_dummy_if_null(ops, domctl);
     set_to_dummy_if_null(ops, sysctl);
-    set_to_dummy_if_null(ops, readconsole);
-    set_to_dummy_if_null(ops, do_mca);
-
-    set_to_dummy_if_null(ops, evtchn_unbound);
-    set_to_dummy_if_null(ops, evtchn_interdomain);
-    set_to_dummy_if_null(ops, evtchn_close_post);
-    set_to_dummy_if_null(ops, evtchn_send);
-    set_to_dummy_if_null(ops, evtchn_status);
-    set_to_dummy_if_null(ops, evtchn_reset);
-
-    set_to_dummy_if_null(ops, grant_mapref);
-    set_to_dummy_if_null(ops, grant_unmapref);
-    set_to_dummy_if_null(ops, grant_setup);
-    set_to_dummy_if_null(ops, grant_transfer);
-    set_to_dummy_if_null(ops, grant_copy);
-    set_to_dummy_if_null(ops, grant_query_size);
+    set_to_dummy_if_null(ops, hook_readconsole);
+    set_to_dummy_if_null(ops, priv_do_mca);
+
+    set_to_dummy_if_null(ops, target_evtchn_unbound);
+    set_to_dummy_if_null(ops, hook_evtchn_interdomain);
+    set_to_dummy_if_null(ops, hook_evtchn_close_post);
+    set_to_dummy_if_null(ops, hook_evtchn_send);
+    set_to_dummy_if_null(ops, target_evtchn_status);
+    set_to_dummy_if_null(ops, target_evtchn_reset);
+
+    set_to_dummy_if_null(ops, hook_grant_mapref);
+    set_to_dummy_if_null(ops, hook_grant_unmapref);
+    set_to_dummy_if_null(ops, target_grant_setup);
+    set_to_dummy_if_null(ops, hook_grant_transfer);
+    set_to_dummy_if_null(ops, hook_grant_copy);
+    set_to_dummy_if_null(ops, target_grant_query_size);
 
     set_to_dummy_if_null(ops, alloc_security_domain);
     set_to_dummy_if_null(ops, free_security_domain);
     set_to_dummy_if_null(ops, alloc_security_evtchn);
     set_to_dummy_if_null(ops, free_security_evtchn);
     set_to_dummy_if_null(ops, show_security_evtchn);
-    set_to_dummy_if_null(ops, get_pod_target);
-    set_to_dummy_if_null(ops, set_pod_target);
+    set_to_dummy_if_null(ops, priv_get_pod_target);
+    set_to_dummy_if_null(ops, priv_set_pod_target);
 
-    set_to_dummy_if_null(ops, memory_exchange);
-    set_to_dummy_if_null(ops, memory_adjust_reservation);
-    set_to_dummy_if_null(ops, memory_stat_reservation);
-    set_to_dummy_if_null(ops, memory_pin_page);
+    set_to_dummy_if_null(ops, target_memory_exchange);
+    set_to_dummy_if_null(ops, target_memory_adjust_reservation);
+    set_to_dummy_if_null(ops, target_memory_stat_reservation);
+    set_to_dummy_if_null(ops, hook_memory_pin_page);
 
-    set_to_dummy_if_null(ops, console_io);
+    set_to_dummy_if_null(ops, priv_console_io);
 
-    set_to_dummy_if_null(ops, profile);
+    set_to_dummy_if_null(ops, hook_profile);
 
-    set_to_dummy_if_null(ops, kexec);
-    set_to_dummy_if_null(ops, schedop_shutdown);
+    set_to_dummy_if_null(ops, priv_kexec);
+    set_to_dummy_if_null(ops, dm_schedop_shutdown);
 
     set_to_dummy_if_null(ops, show_irq_sid);
-    set_to_dummy_if_null(ops, map_domain_pirq);
-    set_to_dummy_if_null(ops, unmap_domain_pirq);
-    set_to_dummy_if_null(ops, irq_permission);
-    set_to_dummy_if_null(ops, iomem_permission);
-    set_to_dummy_if_null(ops, iomem_mapping);
-    set_to_dummy_if_null(ops, pci_config_permission);
-
-    set_to_dummy_if_null(ops, get_device_group);
-    set_to_dummy_if_null(ops, test_assign_device);
-    set_to_dummy_if_null(ops, assign_device);
-    set_to_dummy_if_null(ops, deassign_device);
-
-    set_to_dummy_if_null(ops, resource_plug_core);
-    set_to_dummy_if_null(ops, resource_unplug_core);
-    set_to_dummy_if_null(ops, resource_plug_pci);
-    set_to_dummy_if_null(ops, resource_unplug_pci);
-    set_to_dummy_if_null(ops, resource_setup_pci);
-    set_to_dummy_if_null(ops, resource_setup_gsi);
-    set_to_dummy_if_null(ops, resource_setup_misc);
-
-    set_to_dummy_if_null(ops, page_offline);
-    set_to_dummy_if_null(ops, tmem_op);
-    set_to_dummy_if_null(ops, tmem_control);
+    set_to_dummy_if_null(ops, hook_map_domain_pirq);
+    set_to_dummy_if_null(ops, dm_unmap_domain_pirq);
+    set_to_dummy_if_null(ops, hook_irq_permission);
+    set_to_dummy_if_null(ops, hook_iomem_permission);
+    set_to_dummy_if_null(ops, hook_iomem_mapping);
+    set_to_dummy_if_null(ops, hook_pci_config_permission);
+
+    set_to_dummy_if_null(ops, hook_get_device_group);
+    set_to_dummy_if_null(ops, hook_test_assign_device);
+    set_to_dummy_if_null(ops, hook_assign_device);
+    set_to_dummy_if_null(ops, hook_deassign_device);
+
+    set_to_dummy_if_null(ops, hook_resource_plug_core);
+    set_to_dummy_if_null(ops, hook_resource_unplug_core);
+    set_to_dummy_if_null(ops, priv_resource_plug_pci);
+    set_to_dummy_if_null(ops, priv_resource_unplug_pci);
+    set_to_dummy_if_null(ops, priv_resource_setup_pci);
+    set_to_dummy_if_null(ops, priv_resource_setup_gsi);
+    set_to_dummy_if_null(ops, priv_resource_setup_misc);
+
+    set_to_dummy_if_null(ops, hook_page_offline);
+    set_to_dummy_if_null(ops, hook_tmem_op);
+    set_to_dummy_if_null(ops, priv_tmem_control);
 
     set_to_dummy_if_null(ops, do_xsm_op);
 
 #ifdef CONFIG_X86
-    set_to_dummy_if_null(ops, shadow_control);
-    set_to_dummy_if_null(ops, hvm_param);
-    set_to_dummy_if_null(ops, hvm_set_pci_intx_level);
-    set_to_dummy_if_null(ops, hvm_set_isa_irq_level);
-    set_to_dummy_if_null(ops, hvm_set_pci_link_route);
-    set_to_dummy_if_null(ops, hvm_inject_msi);
-    set_to_dummy_if_null(ops, mem_event_control);
-    set_to_dummy_if_null(ops, mem_event_op);
-    set_to_dummy_if_null(ops, mem_sharing_op);
-    set_to_dummy_if_null(ops, apic);
-    set_to_dummy_if_null(ops, platform_op);
-    set_to_dummy_if_null(ops, machine_memory_map);
-    set_to_dummy_if_null(ops, domain_memory_map);
-    set_to_dummy_if_null(ops, mmu_update);
-    set_to_dummy_if_null(ops, mmuext_op);
-    set_to_dummy_if_null(ops, update_va_mapping);
-    set_to_dummy_if_null(ops, add_to_physmap);
-    set_to_dummy_if_null(ops, remove_from_physmap);
-    set_to_dummy_if_null(ops, bind_pt_irq);
-    set_to_dummy_if_null(ops, unbind_pt_irq);
-    set_to_dummy_if_null(ops, ioport_permission);
-    set_to_dummy_if_null(ops, ioport_mapping);
+    set_to_dummy_if_null(ops, hook_shadow_control);
+    set_to_dummy_if_null(ops, target_hvm_param);
+    set_to_dummy_if_null(ops, dm_hvm_set_pci_intx_level);
+    set_to_dummy_if_null(ops, dm_hvm_set_isa_irq_level);
+    set_to_dummy_if_null(ops, dm_hvm_set_pci_link_route);
+    set_to_dummy_if_null(ops, dm_hvm_inject_msi);
+    set_to_dummy_if_null(ops, dm_mem_event_control);
+    set_to_dummy_if_null(ops, dm_mem_event_op);
+    set_to_dummy_if_null(ops, dm_mem_sharing_op);
+    set_to_dummy_if_null(ops, priv_apic);
+    set_to_dummy_if_null(ops, priv_platform_op);
+    set_to_dummy_if_null(ops, priv_machine_memory_map);
+    set_to_dummy_if_null(ops, target_domain_memory_map);
+    set_to_dummy_if_null(ops, target_mmu_update);
+    set_to_dummy_if_null(ops, target_mmuext_op);
+    set_to_dummy_if_null(ops, target_update_va_mapping);
+    set_to_dummy_if_null(ops, target_add_to_physmap);
+    set_to_dummy_if_null(ops, target_remove_from_physmap);
+    set_to_dummy_if_null(ops, hook_bind_pt_irq);
+    set_to_dummy_if_null(ops, hook_unbind_pt_irq);
+    set_to_dummy_if_null(ops, hook_ioport_permission);
+    set_to_dummy_if_null(ops, hook_ioport_mapping);
 #endif
 }
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 03ea675..2c46276 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -171,7 +171,7 @@ static void flask_domain_free_security(struct domain *d)
     xfree(dsec);
 }
 
-static int flask_evtchn_unbound(struct domain *d1, struct evtchn *chn, 
+static int flask_target_evtchn_unbound(struct domain *d1, struct evtchn *chn, 
                                 domid_t id2)
 {
     u32 sid1, sid2, newsid;
@@ -206,7 +206,7 @@ static int flask_evtchn_unbound(struct domain *d1, struct 
evtchn *chn,
     return rc;
 }
 
-static int flask_evtchn_interdomain(struct domain *d1, struct evtchn *chn1, 
+static int flask_hook_evtchn_interdomain(struct domain *d1, struct evtchn 
*chn1, 
                                     struct domain *d2, struct evtchn *chn2)
 {
     u32 sid1, sid2, newsid, reverse_sid;
@@ -252,7 +252,7 @@ static int flask_evtchn_interdomain(struct domain *d1, 
struct evtchn *chn1,
     return rc;
 }
 
-static void flask_evtchn_close_post(struct evtchn *chn)
+static void flask_hook_evtchn_close_post(struct evtchn *chn)
 {
     struct evtchn_security_struct *esec;
     esec = chn->ssid;
@@ -260,7 +260,7 @@ static void flask_evtchn_close_post(struct evtchn *chn)
     esec->sid = SECINITSID_UNLABELED;
 }
 
-static int flask_evtchn_send(struct domain *d, struct evtchn *chn)
+static int flask_hook_evtchn_send(struct domain *d, struct evtchn *chn)
 {
     int rc;
 
@@ -280,12 +280,12 @@ static int flask_evtchn_send(struct domain *d, struct 
evtchn *chn)
     return rc;
 }
 
-static int flask_evtchn_status(struct domain *d, struct evtchn *chn)
+static int flask_target_evtchn_status(struct domain *d, struct evtchn *chn)
 {
     return domain_has_evtchn(d, chn, EVENT__STATUS);
 }
 
-static int flask_evtchn_reset(struct domain *d1, struct domain *d2)
+static int flask_target_evtchn_reset(struct domain *d1, struct domain *d2)
 {
     return domain_has_perm(d1, d2, SECCLASS_EVENT, EVENT__RESET);
 }
@@ -350,7 +350,7 @@ static char *flask_show_security_evtchn(struct domain *d, 
const struct evtchn *c
     return ctx;
 }
 
-static int flask_grant_mapref(struct domain *d1, struct domain *d2, 
+static int flask_hook_grant_mapref(struct domain *d1, struct domain *d2, 
                               uint32_t flags)
 {
     u32 perms = GRANT__MAP_READ;
@@ -361,63 +361,63 @@ static int flask_grant_mapref(struct domain *d1, struct 
domain *d2,
     return domain_has_perm(d1, d2, SECCLASS_GRANT, perms);
 }
 
-static int flask_grant_unmapref(struct domain *d1, struct domain *d2)
+static int flask_hook_grant_unmapref(struct domain *d1, struct domain *d2)
 {
     return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__UNMAP);
 }
 
-static int flask_grant_setup(struct domain *d1, struct domain *d2)
+static int flask_target_grant_setup(struct domain *d1, struct domain *d2)
 {
     return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__SETUP);
 }
 
-static int flask_grant_transfer(struct domain *d1, struct domain *d2)
+static int flask_hook_grant_transfer(struct domain *d1, struct domain *d2)
 {
     return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__TRANSFER);
 }
 
-static int flask_grant_copy(struct domain *d1, struct domain *d2)
+static int flask_hook_grant_copy(struct domain *d1, struct domain *d2)
 {
     return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__COPY);
 }
 
-static int flask_grant_query_size(struct domain *d1, struct domain *d2)
+static int flask_target_grant_query_size(struct domain *d1, struct domain *d2)
 {
     return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__QUERY);
 }
 
-static int flask_get_pod_target(struct domain *d)
+static int flask_priv_get_pod_target(struct domain *d)
 {
     return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETPODTARGET);
 }
 
-static int flask_set_pod_target(struct domain *d)
+static int flask_priv_set_pod_target(struct domain *d)
 {
     return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETPODTARGET);
 }
 
-static int flask_memory_exchange(struct domain *d)
+static int flask_target_memory_exchange(struct domain *d)
 {
     return current_has_perm(d, SECCLASS_MMU, MMU__EXCHANGE);
 }
 
-static int flask_memory_adjust_reservation(struct domain *d1, struct domain 
*d2)
+static int flask_target_memory_adjust_reservation(struct domain *d1, struct 
domain *d2)
 {
     return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__ADJUST);
 }
 
-static int flask_memory_stat_reservation(struct domain *d1, struct domain *d2)
+static int flask_target_memory_stat_reservation(struct domain *d1, struct 
domain *d2)
 {
     return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__STAT);
 }
 
-static int flask_memory_pin_page(struct domain *d1, struct domain *d2,
+static int flask_hook_memory_pin_page(struct domain *d1, struct domain *d2,
                                  struct page_info *page)
 {
     return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PINPAGE);
 }
 
-static int flask_console_io(struct domain *d, int cmd)
+static int flask_priv_console_io(struct domain *d, int cmd)
 {
     u32 perm;
 
@@ -436,7 +436,7 @@ static int flask_console_io(struct domain *d, int cmd)
     return domain_has_xen(d, perm);
 }
 
-static int flask_profile(struct domain *d, int op)
+static int flask_hook_profile(struct domain *d, int op)
 {
     u32 perm;
 
@@ -468,23 +468,23 @@ static int flask_profile(struct domain *d, int op)
     return domain_has_xen(d, perm);
 }
 
-static int flask_kexec(void)
+static int flask_priv_kexec(void)
 {
     return domain_has_xen(current->domain, XEN__KEXEC);
 }
 
-static int flask_schedop_shutdown(struct domain *d1, struct domain *d2)
+static int flask_dm_schedop_shutdown(struct domain *d1, struct domain *d2)
 {
     return domain_has_perm(d1, d2, SECCLASS_DOMAIN, DOMAIN__SHUTDOWN);
 }
 
-static void flask_security_domaininfo(struct domain *d, 
+static void flask_populate_security_domaininfo(struct domain *d, 
                                       struct xen_domctl_getdomaininfo *info)
 {
     info->ssidref = domain_sid(d);
 }
 
-static int flask_domain_create(struct domain *d, u32 ssidref)
+static int flask_hook_domain_create(struct domain *d, u32 ssidref)
 {
     int rc;
     struct domain_security_struct *dsec = d->ssid;
@@ -512,12 +512,12 @@ static int flask_domain_create(struct domain *d, u32 
ssidref)
     return rc;
 }
 
-static int flask_getdomaininfo(struct domain *d)
+static int flask_hook_getdomaininfo(struct domain *d)
 {
     return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETDOMAININFO);
 }
 
-static int flask_set_target(struct domain *d, struct domain *t)
+static int flask_hook_set_target(struct domain *d, struct domain *t)
 {
     int rc;
     struct domain_security_struct *dsec, *tsec;
@@ -753,7 +753,7 @@ static int flask_sysctl(int cmd)
     }
 }
 
-static int flask_readconsole(uint32_t clear)
+static int flask_hook_readconsole(uint32_t clear)
 {
     u32 perms = XEN__READCONSOLE;
 
@@ -763,7 +763,7 @@ static int flask_readconsole(uint32_t clear)
     return domain_has_xen(current->domain, perms);
 }
 
-static int flask_do_mca(void)
+static int flask_priv_do_mca(void)
 {
     return domain_has_xen(current->domain, XEN__MCA_OP);
 }
@@ -790,7 +790,7 @@ static char *flask_show_irq_sid (int irq)
     return ctx;
 }
 
-static int flask_map_domain_pirq (struct domain *d, int irq, void *data)
+static int flask_hook_map_domain_pirq (struct domain *d, int irq, void *data)
 {
     u32 sid, dsid;
     int rc = -EPERM;
@@ -823,7 +823,7 @@ static int flask_map_domain_pirq (struct domain *d, int 
irq, void *data)
     return rc;
 }
 
-static int flask_unmap_domain_pirq (struct domain *d, int irq)
+static int flask_dm_unmap_domain_pirq (struct domain *d, int irq)
 {
     u32 sid;
     int rc = -EPERM;
@@ -846,7 +846,7 @@ static int flask_unmap_domain_pirq (struct domain *d, int 
irq)
     return rc;
 }
 
-static int flask_irq_permission (struct domain *d, int pirq, uint8_t access)
+static int flask_hook_irq_permission (struct domain *d, int pirq, uint8_t 
access)
 {
     /* the PIRQ number is not useful; real IRQ is checked during mapping */
     return current_has_perm(d, SECCLASS_RESOURCE, resource_to_perm(access));
@@ -876,7 +876,7 @@ static int _iomem_has_perm(void *v, u32 sid, unsigned long 
start, unsigned long
     return avc_has_perm(data->dsid, sid, SECCLASS_RESOURCE, RESOURCE__USE, 
&ad);
 }
 
-static int flask_iomem_permission(struct domain *d, uint64_t start, uint64_t 
end, uint8_t access)
+static int flask_hook_iomem_permission(struct domain *d, uint64_t start, 
uint64_t end, uint8_t access)
 {
     struct iomem_has_perm_data data;
     int rc;
@@ -897,12 +897,12 @@ static int flask_iomem_permission(struct domain *d, 
uint64_t start, uint64_t end
     return security_iterate_iomem_sids(start, end, _iomem_has_perm, &data);
 }
 
-static int flask_iomem_mapping(struct domain *d, uint64_t start, uint64_t end, 
uint8_t access)
+static int flask_hook_iomem_mapping(struct domain *d, uint64_t start, uint64_t 
end, uint8_t access)
 {
-    return flask_iomem_permission(d, start, end, access);
+    return flask_hook_iomem_permission(d, start, end, access);
 }
 
-static int flask_pci_config_permission(struct domain *d, uint32_t machine_bdf, 
uint16_t start, uint16_t end, uint8_t access)
+static int flask_hook_pci_config_permission(struct domain *d, uint32_t 
machine_bdf, uint16_t start, uint16_t end, uint8_t access)
 {
     u32 dsid, rsid;
     int rc = -EPERM;
@@ -924,12 +924,12 @@ static int flask_pci_config_permission(struct domain *d, 
uint32_t machine_bdf, u
 
 }
 
-static int flask_resource_plug_core(void)
+static int flask_hook_resource_plug_core(void)
 {
     return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE, 
RESOURCE__PLUG, NULL);
 }
 
-static int flask_resource_unplug_core(void)
+static int flask_hook_resource_unplug_core(void)
 {
     return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE, 
RESOURCE__UNPLUG, NULL);
 }
@@ -939,7 +939,7 @@ static int flask_resource_use_core(void)
     return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE, 
RESOURCE__USE, NULL);
 }
 
-static int flask_resource_plug_pci(uint32_t machine_bdf)
+static int flask_priv_resource_plug_pci(uint32_t machine_bdf)
 {
     u32 rsid;
     int rc = -EPERM;
@@ -954,7 +954,7 @@ static int flask_resource_plug_pci(uint32_t machine_bdf)
     return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__PLUG, &ad);
 }
 
-static int flask_resource_unplug_pci(uint32_t machine_bdf)
+static int flask_priv_resource_unplug_pci(uint32_t machine_bdf)
 {
     u32 rsid;
     int rc = -EPERM;
@@ -969,7 +969,7 @@ static int flask_resource_unplug_pci(uint32_t machine_bdf)
     return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__UNPLUG, 
&ad);
 }
 
-static int flask_resource_setup_pci(uint32_t machine_bdf)
+static int flask_priv_resource_setup_pci(uint32_t machine_bdf)
 {
     u32 rsid;
     int rc = -EPERM;
@@ -984,7 +984,7 @@ static int flask_resource_setup_pci(uint32_t machine_bdf)
     return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__SETUP, &ad);
 }
 
-static int flask_resource_setup_gsi(int gsi)
+static int flask_priv_resource_setup_gsi(int gsi)
 {
     u32 rsid;
     int rc = -EPERM;
@@ -997,18 +997,18 @@ static int flask_resource_setup_gsi(int gsi)
     return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__SETUP, &ad);
 }
 
-static int flask_resource_setup_misc(void)
+static int flask_priv_resource_setup_misc(void)
 {
     return avc_current_has_perm(SECINITSID_XEN, SECCLASS_RESOURCE, 
RESOURCE__SETUP, NULL);
 }
 
-static inline int flask_page_offline(uint32_t cmd)
+static inline int flask_hook_page_offline(uint32_t cmd)
 {
     switch (cmd) {
     case sysctl_page_offline:
-        return flask_resource_unplug_core();
+        return flask_hook_resource_unplug_core();
     case sysctl_page_online:
-        return flask_resource_plug_core();
+        return flask_hook_resource_plug_core();
     case sysctl_query_page_offline:
         return flask_resource_use_core();
     default:
@@ -1016,18 +1016,18 @@ static inline int flask_page_offline(uint32_t cmd)
     }
 }
 
-static inline int flask_tmem_op(void)
+static inline int flask_hook_tmem_op(void)
 {
     return domain_has_xen(current->domain, XEN__TMEM_OP);
 }
 
-static inline int flask_tmem_control(void)
+static inline int flask_priv_tmem_control(void)
 {
     return domain_has_xen(current->domain, XEN__TMEM_CONTROL);
 }
 
 #ifdef CONFIG_X86
-static int flask_shadow_control(struct domain *d, uint32_t op)
+static int flask_hook_shadow_control(struct domain *d, uint32_t op)
 {
     u32 perm;
 
@@ -1079,7 +1079,7 @@ static int _ioport_has_perm(void *v, u32 sid, unsigned 
long start, unsigned long
     return avc_has_perm(data->dsid, sid, SECCLASS_RESOURCE, RESOURCE__USE, 
&ad);
 }
 
-static int flask_ioport_permission(struct domain *d, uint32_t start, uint32_t 
end, uint8_t access)
+static int flask_hook_ioport_permission(struct domain *d, uint32_t start, 
uint32_t end, uint8_t access)
 {
     int rc;
     struct ioport_has_perm_data data;
@@ -1101,12 +1101,12 @@ static int flask_ioport_permission(struct domain *d, 
uint32_t start, uint32_t en
     return security_iterate_ioport_sids(start, end, _ioport_has_perm, &data);
 }
 
-static int flask_ioport_mapping(struct domain *d, uint32_t start, uint32_t 
end, uint8_t access)
+static int flask_hook_ioport_mapping(struct domain *d, uint32_t start, 
uint32_t end, uint8_t access)
 {
-    return flask_ioport_permission(d, start, end, access);
+    return flask_hook_ioport_permission(d, start, end, access);
 }
 
-static int flask_hvm_param(struct domain *d, unsigned long op)
+static int flask_target_hvm_param(struct domain *d, unsigned long op)
 {
     u32 perm;
 
@@ -1128,37 +1128,37 @@ static int flask_hvm_param(struct domain *d, unsigned 
long op)
     return current_has_perm(d, SECCLASS_HVM, perm);
 }
 
-static int flask_hvm_set_pci_intx_level(struct domain *d)
+static int flask_dm_hvm_set_pci_intx_level(struct domain *d)
 {
     return current_has_perm(d, SECCLASS_HVM, HVM__PCILEVEL);
 }
 
-static int flask_hvm_set_isa_irq_level(struct domain *d)
+static int flask_dm_hvm_set_isa_irq_level(struct domain *d)
 {
     return current_has_perm(d, SECCLASS_HVM, HVM__IRQLEVEL);
 }
 
-static int flask_hvm_set_pci_link_route(struct domain *d)
+static int flask_dm_hvm_set_pci_link_route(struct domain *d)
 {
     return current_has_perm(d, SECCLASS_HVM, HVM__PCIROUTE);
 }
 
-static int flask_hvm_inject_msi(struct domain *d)
+static int flask_dm_hvm_inject_msi(struct domain *d)
 {
     return current_has_perm(d, SECCLASS_HVM, HVM__SEND_IRQ);
 }
 
-static int flask_mem_event_control(struct domain *d, int mode, int op)
+static int flask_dm_mem_event_control(struct domain *d, int mode, int op)
 {
     return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
 }
 
-static int flask_mem_event_op(struct domain *d, int op)
+static int flask_dm_mem_event_op(struct domain *d, int op)
 {
     return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
 }
 
-static int flask_mem_sharing_op(struct domain *d, struct domain *cd, int op)
+static int flask_dm_mem_sharing_op(struct domain *d, struct domain *cd, int op)
 {
     int rc = current_has_perm(cd, SECCLASS_HVM, HVM__MEM_SHARING);
     if ( rc )
@@ -1166,7 +1166,7 @@ static int flask_mem_sharing_op(struct domain *d, struct 
domain *cd, int op)
     return domain_has_perm(d, cd, SECCLASS_HVM, HVM__SHARE_MEM);
 }
 
-static int flask_apic(struct domain *d, int cmd)
+static int flask_priv_apic(struct domain *d, int cmd)
 {
     u32 perm;
 
@@ -1186,7 +1186,7 @@ static int flask_apic(struct domain *d, int cmd)
     return domain_has_xen(d, perm);
 }
 
-static int flask_platform_op(uint32_t op)
+static int flask_priv_platform_op(uint32_t op)
 {
     switch ( op )
     {
@@ -1241,22 +1241,22 @@ static int flask_platform_op(uint32_t op)
         return domain_has_xen(current->domain, XEN__GETCPUINFO);
 
     default:
-        printk("flask_platform_op: Unknown op %d\n", op);
+        printk("flask_priv_platform_op: Unknown op %d\n", op);
         return -EPERM;
     }
 }
 
-static int flask_machine_memory_map(void)
+static int flask_priv_machine_memory_map(void)
 {
     return avc_current_has_perm(SECINITSID_XEN, SECCLASS_MMU, MMU__MEMORYMAP, 
NULL);
 }
 
-static int flask_domain_memory_map(struct domain *d)
+static int flask_target_domain_memory_map(struct domain *d)
 {
     return current_has_perm(d, SECCLASS_MMU, MMU__MEMORYMAP);
 }
 
-static int flask_mmu_update(struct domain *d, struct domain *t,
+static int flask_target_mmu_update(struct domain *d, struct domain *t,
                             struct domain *f, uint32_t flags)
 {
     int rc = 0;
@@ -1279,12 +1279,12 @@ static int flask_mmu_update(struct domain *d, struct 
domain *t,
     return rc;
 }
 
-static int flask_mmuext_op(struct domain *d, struct domain *f)
+static int flask_target_mmuext_op(struct domain *d, struct domain *f)
 {
     return domain_has_perm(d, f, SECCLASS_MMU, MMU__MMUEXT_OP);
 }
 
-static int flask_update_va_mapping(struct domain *d, struct domain *f,
+static int flask_target_update_va_mapping(struct domain *d, struct domain *f,
                                    l1_pgentry_t pte)
 {
     u32 map_perms = MMU__MAP_READ;
@@ -1296,17 +1296,17 @@ static int flask_update_va_mapping(struct domain *d, 
struct domain *f,
     return domain_has_perm(d, f, SECCLASS_MMU, map_perms);
 }
 
-static int flask_add_to_physmap(struct domain *d1, struct domain *d2)
+static int flask_target_add_to_physmap(struct domain *d1, struct domain *d2)
 {
     return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PHYSMAP);
 }
 
-static int flask_remove_from_physmap(struct domain *d1, struct domain *d2)
+static int flask_target_remove_from_physmap(struct domain *d1, struct domain 
*d2)
 {
     return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PHYSMAP);
 }
 
-static int flask_get_device_group(uint32_t machine_bdf)
+static int flask_hook_get_device_group(uint32_t machine_bdf)
 {
     u32 rsid;
     int rc = -EPERM;
@@ -1330,7 +1330,7 @@ static int flask_test_assign_device(uint32_t machine_bdf)
     return avc_current_has_perm(rsid, SECCLASS_RESOURCE, 
RESOURCE__STAT_DEVICE, NULL);
 }
 
-static int flask_assign_device(struct domain *d, uint32_t machine_bdf)
+static int flask_hook_assign_device(struct domain *d, uint32_t machine_bdf)
 {
     u32 dsid, rsid;
     int rc = -EPERM;
@@ -1354,7 +1354,7 @@ static int flask_assign_device(struct domain *d, uint32_t 
machine_bdf)
     return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, RESOURCE__USE, &ad);
 }
 
-static int flask_deassign_device(struct domain *d, uint32_t machine_bdf)
+static int flask_hook_deassign_device(struct domain *d, uint32_t machine_bdf)
 {
     u32 rsid;
     int rc = -EPERM;
@@ -1370,7 +1370,7 @@ static int flask_deassign_device(struct domain *d, 
uint32_t machine_bdf)
     return avc_current_has_perm(rsid, SECCLASS_RESOURCE, 
RESOURCE__REMOVE_DEVICE, NULL);
 }
 
-static int flask_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq 
*bind)
+static int flask_hook_bind_pt_irq (struct domain *d, struct 
xen_domctl_bind_pt_irq *bind)
 {
     u32 dsid, rsid;
     int rc = -EPERM;
@@ -1395,7 +1395,7 @@ static int flask_bind_pt_irq (struct domain *d, struct 
xen_domctl_bind_pt_irq *b
     return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, RESOURCE__USE, &ad);
 }
 
-static int flask_unbind_pt_irq (struct domain *d, struct 
xen_domctl_bind_pt_irq *bind)
+static int flask_hook_unbind_pt_irq (struct domain *d, struct 
xen_domctl_bind_pt_irq *bind)
 {
     return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
 }
@@ -1404,28 +1404,28 @@ static int flask_unbind_pt_irq (struct domain *d, 
struct xen_domctl_bind_pt_irq
 long do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op);
 
 static struct xsm_operations flask_ops = {
-    .security_domaininfo = flask_security_domaininfo,
-    .domain_create = flask_domain_create,
-    .getdomaininfo = flask_getdomaininfo,
-    .set_target = flask_set_target,
+    .populate_security_domaininfo = flask_populate_security_domaininfo,
+    .hook_domain_create = flask_hook_domain_create,
+    .hook_getdomaininfo = flask_hook_getdomaininfo,
+    .hook_set_target = flask_hook_set_target,
     .domctl = flask_domctl,
     .sysctl = flask_sysctl,
-    .readconsole = flask_readconsole,
-    .do_mca = flask_do_mca,
-
-    .evtchn_unbound = flask_evtchn_unbound,
-    .evtchn_interdomain = flask_evtchn_interdomain,
-    .evtchn_close_post = flask_evtchn_close_post,
-    .evtchn_send = flask_evtchn_send,
-    .evtchn_status = flask_evtchn_status,
-    .evtchn_reset = flask_evtchn_reset,
-
-    .grant_mapref = flask_grant_mapref,
-    .grant_unmapref = flask_grant_unmapref,
-    .grant_setup = flask_grant_setup,
-    .grant_transfer = flask_grant_transfer,
-    .grant_copy = flask_grant_copy,
-    .grant_query_size = flask_grant_query_size,
+    .hook_readconsole = flask_hook_readconsole,
+    .priv_do_mca = flask_priv_do_mca,
+
+    .target_evtchn_unbound = flask_target_evtchn_unbound,
+    .hook_evtchn_interdomain = flask_hook_evtchn_interdomain,
+    .hook_evtchn_close_post = flask_hook_evtchn_close_post,
+    .hook_evtchn_send = flask_hook_evtchn_send,
+    .target_evtchn_status = flask_target_evtchn_status,
+    .target_evtchn_reset = flask_target_evtchn_reset,
+
+    .hook_grant_mapref = flask_hook_grant_mapref,
+    .hook_grant_unmapref = flask_hook_grant_unmapref,
+    .target_grant_setup = flask_target_grant_setup,
+    .hook_grant_transfer = flask_hook_grant_transfer,
+    .hook_grant_copy = flask_hook_grant_copy,
+    .target_grant_query_size = flask_target_grant_query_size,
 
     .alloc_security_domain = flask_domain_alloc_security,
     .free_security_domain = flask_domain_free_security,
@@ -1433,70 +1433,70 @@ static struct xsm_operations flask_ops = {
     .free_security_evtchn = flask_free_security_evtchn,
     .show_security_evtchn = flask_show_security_evtchn,
 
-    .get_pod_target = flask_get_pod_target,
-    .set_pod_target = flask_set_pod_target,
-    .memory_exchange = flask_memory_exchange,
-    .memory_adjust_reservation = flask_memory_adjust_reservation,
-    .memory_stat_reservation = flask_memory_stat_reservation,
-    .memory_pin_page = flask_memory_pin_page,
+    .priv_get_pod_target = flask_priv_get_pod_target,
+    .priv_set_pod_target = flask_priv_set_pod_target,
+    .target_memory_exchange = flask_target_memory_exchange,
+    .target_memory_adjust_reservation = flask_target_memory_adjust_reservation,
+    .target_memory_stat_reservation = flask_target_memory_stat_reservation,
+    .hook_memory_pin_page = flask_hook_memory_pin_page,
 
-    .console_io = flask_console_io,
+    .priv_console_io = flask_priv_console_io,
 
-    .profile = flask_profile,
+    .hook_profile = flask_hook_profile,
 
-    .kexec = flask_kexec,
-    .schedop_shutdown = flask_schedop_shutdown,
+    .priv_kexec = flask_priv_kexec,
+    .dm_schedop_shutdown = flask_dm_schedop_shutdown,
 
     .show_irq_sid = flask_show_irq_sid,
 
-    .map_domain_pirq = flask_map_domain_pirq,
-    .unmap_domain_pirq = flask_unmap_domain_pirq,
-    .irq_permission = flask_irq_permission,
-    .iomem_permission = flask_iomem_permission,
-    .iomem_mapping = flask_iomem_mapping,
-    .pci_config_permission = flask_pci_config_permission,
-
-    .resource_plug_core = flask_resource_plug_core,
-    .resource_unplug_core = flask_resource_unplug_core,
-    .resource_plug_pci = flask_resource_plug_pci,
-    .resource_unplug_pci = flask_resource_unplug_pci,
-    .resource_setup_pci = flask_resource_setup_pci,
-    .resource_setup_gsi = flask_resource_setup_gsi,
-    .resource_setup_misc = flask_resource_setup_misc,
-
-    .page_offline = flask_page_offline,
-    .tmem_op = flask_tmem_op,
-    .tmem_control = flask_tmem_control,
+    .hook_map_domain_pirq = flask_hook_map_domain_pirq,
+    .dm_unmap_domain_pirq = flask_dm_unmap_domain_pirq,
+    .hook_irq_permission = flask_hook_irq_permission,
+    .hook_iomem_permission = flask_hook_iomem_permission,
+    .hook_iomem_mapping = flask_hook_iomem_mapping,
+    .hook_pci_config_permission = flask_hook_pci_config_permission,
+
+    .hook_resource_plug_core = flask_hook_resource_plug_core,
+    .hook_resource_unplug_core = flask_hook_resource_unplug_core,
+    .priv_resource_plug_pci = flask_priv_resource_plug_pci,
+    .priv_resource_unplug_pci = flask_priv_resource_unplug_pci,
+    .priv_resource_setup_pci = flask_priv_resource_setup_pci,
+    .priv_resource_setup_gsi = flask_priv_resource_setup_gsi,
+    .priv_resource_setup_misc = flask_priv_resource_setup_misc,
+
+    .hook_page_offline = flask_hook_page_offline,
+    .hook_tmem_op = flask_hook_tmem_op,
+    .priv_tmem_control = flask_priv_tmem_control,
 
     .do_xsm_op = do_flask_op,
 
 #ifdef CONFIG_X86
-    .shadow_control = flask_shadow_control,
-    .hvm_param = flask_hvm_param,
-    .hvm_set_pci_intx_level = flask_hvm_set_pci_intx_level,
-    .hvm_set_isa_irq_level = flask_hvm_set_isa_irq_level,
-    .hvm_set_pci_link_route = flask_hvm_set_pci_link_route,
-    .hvm_inject_msi = flask_hvm_inject_msi,
-    .mem_event_control = flask_mem_event_control,
-    .mem_event_op = flask_mem_event_op,
-    .mem_sharing_op = flask_mem_sharing_op,
-    .apic = flask_apic,
-    .platform_op = flask_platform_op,
-    .machine_memory_map = flask_machine_memory_map,
-    .domain_memory_map = flask_domain_memory_map,
-    .mmu_update = flask_mmu_update,
-    .mmuext_op = flask_mmuext_op,
-    .update_va_mapping = flask_update_va_mapping,
-    .add_to_physmap = flask_add_to_physmap,
-    .remove_from_physmap = flask_remove_from_physmap,
-    .get_device_group = flask_get_device_group,
-    .test_assign_device = flask_test_assign_device,
-    .assign_device = flask_assign_device,
-    .deassign_device = flask_deassign_device,
-    .bind_pt_irq = flask_bind_pt_irq,
-    .unbind_pt_irq = flask_unbind_pt_irq,
-    .ioport_permission = flask_ioport_permission,
-    .ioport_mapping = flask_ioport_mapping,
+    .hook_shadow_control = flask_hook_shadow_control,
+    .target_hvm_param = flask_target_hvm_param,
+    .dm_hvm_set_pci_intx_level = flask_dm_hvm_set_pci_intx_level,
+    .dm_hvm_set_isa_irq_level = flask_dm_hvm_set_isa_irq_level,
+    .dm_hvm_set_pci_link_route = flask_dm_hvm_set_pci_link_route,
+    .dm_hvm_inject_msi = flask_dm_hvm_inject_msi,
+    .dm_mem_event_control = flask_dm_mem_event_control,
+    .dm_mem_event_op = flask_dm_mem_event_op,
+    .dm_mem_sharing_op = flask_dm_mem_sharing_op,
+    .priv_apic = flask_priv_apic,
+    .priv_platform_op = flask_priv_platform_op,
+    .priv_machine_memory_map = flask_priv_machine_memory_map,
+    .target_domain_memory_map = flask_target_domain_memory_map,
+    .target_mmu_update = flask_target_mmu_update,
+    .target_mmuext_op = flask_target_mmuext_op,
+    .target_update_va_mapping = flask_target_update_va_mapping,
+    .target_add_to_physmap = flask_target_add_to_physmap,
+    .target_remove_from_physmap = flask_target_remove_from_physmap,
+    .hook_get_device_group = flask_hook_get_device_group,
+    .hook_test_assign_device = flask_test_assign_device,
+    .hook_assign_device = flask_hook_assign_device,
+    .hook_deassign_device = flask_hook_deassign_device,
+    .hook_bind_pt_irq = flask_hook_bind_pt_irq,
+    .hook_unbind_pt_irq = flask_hook_unbind_pt_irq,
+    .hook_ioport_permission = flask_hook_ioport_permission,
+    .hook_ioport_mapping = flask_hook_ioport_mapping,
 #endif
 };
 
-- 
1.7.11.7


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.