xref: /illumos-gate/usr/src/uts/common/xen/public/xsm/acm.h (revision 48edc7cf07b5dccc3ad84bf2dafe4150bd666d60)
1 /*
2  * acm.h: Xen access control module interface defintions
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining a copy
5  * of this software and associated documentation files (the "Software"), to
6  * deal in the Software without restriction, including without limitation the
7  * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
8  * sell copies of the Software, and to permit persons to whom the Software is
9  * furnished to do so, subject to the following conditions:
10  *
11  * The above copyright notice and this permission notice shall be included in
12  * all copies or substantial portions of the Software.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
19  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
20  * DEALINGS IN THE SOFTWARE.
21  *
22  * Reiner Sailer <sailer@watson.ibm.com>
23  * Copyright (c) 2005, International Business Machines Corporation.
24  */
25 
26 #ifndef _XEN_PUBLIC_ACM_H
27 #define _XEN_PUBLIC_ACM_H
28 
29 #include "../xen.h"
30 
31 /* default ssid reference value if not supplied */
32 #define ACM_DEFAULT_SSID  0x0
33 #define ACM_DEFAULT_LOCAL_SSID  0x0
34 
35 /* Internal ACM ERROR types */
36 #define ACM_OK     0
37 #define ACM_UNDEF   -1
38 #define ACM_INIT_SSID_ERROR  -2
39 #define ACM_INIT_SOID_ERROR  -3
40 #define ACM_ERROR          -4
41 
42 /* External ACCESS DECISIONS */
43 #define ACM_ACCESS_PERMITTED        0
44 #define ACM_ACCESS_DENIED           -111
45 #define ACM_NULL_POINTER_ERROR      -200
46 
47 /*
48    Error codes reported in when trying to test for a new policy
49    These error codes are reported in an array of tuples where
50    each error code is followed by a parameter describing the error
51    more closely, such as a domain id.
52 */
53 #define ACM_EVTCHN_SHARING_VIOLATION       0x100
54 #define ACM_GNTTAB_SHARING_VIOLATION       0x101
55 #define ACM_DOMAIN_LOOKUP                  0x102
56 #define ACM_CHWALL_CONFLICT                0x103
57 #define ACM_SSIDREF_IN_USE                 0x104
58 
59 
60 /* primary policy in lower 4 bits */
61 #define ACM_NULL_POLICY 0
62 #define ACM_CHINESE_WALL_POLICY 1
63 #define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2
64 #define ACM_POLICY_UNDEFINED 15
65 
66 /* combinations have secondary policy component in higher 4bit */
67 #define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY \
68     ((ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY << 4) | ACM_CHINESE_WALL_POLICY)
69 
70 /* policy: */
71 #define ACM_POLICY_NAME(X) \
72  ((X) == (ACM_NULL_POLICY)) ? "NULL" :                        \
73     ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL" :        \
74     ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT" : \
75     ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT" : \
76      "UNDEFINED"
77 
78 /* the following policy versions must be increased
79  * whenever the interpretation of the related
80  * policy's data structure changes
81  */
82 #define ACM_POLICY_VERSION 4
83 #define ACM_CHWALL_VERSION 1
84 #define ACM_STE_VERSION  1
85 
86 /* defines a ssid reference used by xen */
87 typedef uint32_t ssidref_t;
88 
89 /* hooks that are known to domains */
90 #define ACMHOOK_none          0
91 #define ACMHOOK_sharing       1
92 #define ACMHOOK_authorization 2
93 #define ACMHOOK_conflictset   3
94 
95 /* -------security policy relevant type definitions-------- */
96 
97 /* type identifier; compares to "equal" or "not equal" */
98 typedef uint16_t domaintype_t;
99 
100 /* CHINESE WALL POLICY DATA STRUCTURES
101  *
102  * current accumulated conflict type set:
103  * When a domain is started and has a type that is in
104  * a conflict set, the conflicting types are incremented in
105  * the aggregate set. When a domain is destroyed, the
106  * conflicting types to its type are decremented.
107  * If a domain has multiple types, this procedure works over
108  * all those types.
109  *
110  * conflict_aggregate_set[i] holds the number of
111  *   running domains that have a conflict with type i.
112  *
113  * running_types[i] holds the number of running domains
114  *        that include type i in their ssidref-referenced type set
115  *
116  * conflict_sets[i][j] is "0" if type j has no conflict
117  *    with type i and is "1" otherwise.
118  */
119 /* high-16 = version, low-16 = check magic */
120 #define ACM_MAGIC  0x0001debc
121 
122 /* size of the SHA1 hash identifying the XML policy from which the
123    binary policy was created */
124 #define ACM_SHA1_HASH_SIZE    20
125 
126 /* each offset in bytes from start of the struct they
127  * are part of */
128 
129 /* V3 of the policy buffer aded a version structure */
130 struct acm_policy_version
131 {
132     uint32_t major;
133     uint32_t minor;
134 };
135 
136 
137 /* each buffer consists of all policy information for
138  * the respective policy given in the policy code
139  *
140  * acm_policy_buffer, acm_chwall_policy_buffer,
141  * and acm_ste_policy_buffer need to stay 32-bit aligned
142  * because we create binary policies also with external
143  * tools that assume packed representations (e.g. the java tool)
144  */
145 struct acm_policy_buffer {
146     uint32_t magic;
147     uint32_t policy_version; /* ACM_POLICY_VERSION */
148     uint32_t len;
149     uint32_t policy_reference_offset;
150     uint32_t primary_policy_code;
151     uint32_t primary_buffer_offset;
152     uint32_t secondary_policy_code;
153     uint32_t secondary_buffer_offset;
154     struct acm_policy_version xml_pol_version; /* add in V3 */
155     uint8_t xml_policy_hash[ACM_SHA1_HASH_SIZE]; /* added in V4 */
156 };
157 
158 
159 struct acm_policy_reference_buffer {
160     uint32_t len;
161 };
162 
163 struct acm_chwall_policy_buffer {
164     uint32_t policy_version; /* ACM_CHWALL_VERSION */
165     uint32_t policy_code;
166     uint32_t chwall_max_types;
167     uint32_t chwall_max_ssidrefs;
168     uint32_t chwall_max_conflictsets;
169     uint32_t chwall_ssid_offset;
170     uint32_t chwall_conflict_sets_offset;
171     uint32_t chwall_running_types_offset;
172     uint32_t chwall_conflict_aggregate_offset;
173 };
174 
175 struct acm_ste_policy_buffer {
176     uint32_t policy_version; /* ACM_STE_VERSION */
177     uint32_t policy_code;
178     uint32_t ste_max_types;
179     uint32_t ste_max_ssidrefs;
180     uint32_t ste_ssid_offset;
181 };
182 
183 struct acm_stats_buffer {
184     uint32_t magic;
185     uint32_t len;
186     uint32_t primary_policy_code;
187     uint32_t primary_stats_offset;
188     uint32_t secondary_policy_code;
189     uint32_t secondary_stats_offset;
190 };
191 
192 struct acm_ste_stats_buffer {
193     uint32_t ec_eval_count;
194     uint32_t gt_eval_count;
195     uint32_t ec_denied_count;
196     uint32_t gt_denied_count;
197     uint32_t ec_cachehit_count;
198     uint32_t gt_cachehit_count;
199 };
200 
201 struct acm_ssid_buffer {
202     uint32_t len;
203     ssidref_t ssidref;
204     uint32_t policy_reference_offset;
205     uint32_t primary_policy_code;
206     uint32_t primary_max_types;
207     uint32_t primary_types_offset;
208     uint32_t secondary_policy_code;
209     uint32_t secondary_max_types;
210     uint32_t secondary_types_offset;
211 };
212 
213 #endif
214 
215 /*
216  * Local variables:
217  * mode: C
218  * c-set-style: "BSD"
219  * c-basic-offset: 4
220  * tab-width: 4
221  * indent-tabs-mode: nil
222  * End:
223  */
224