xref: /illumos-gate/usr/src/uts/common/xen/public/xsm/acm_ops.h (revision aedf2b3bb56b025fcaf87b49ec6c8aeea07f16d7)
1 /*
2  * acm_ops.h: Xen access control module hypervisor commands
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining a copy
5  * of this software and associated documentation files (the "Software"), to
6  * deal in the Software without restriction, including without limitation the
7  * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
8  * sell copies of the Software, and to permit persons to whom the Software is
9  * furnished to do so, subject to the following conditions:
10  *
11  * The above copyright notice and this permission notice shall be included in
12  * all copies or substantial portions of the Software.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
19  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
20  * DEALINGS IN THE SOFTWARE.
21  *
22  * Reiner Sailer <sailer@watson.ibm.com>
23  * Copyright (c) 2005,2006 International Business Machines Corporation.
24  */
25 
26 #ifndef __XEN_PUBLIC_ACM_OPS_H__
27 #define __XEN_PUBLIC_ACM_OPS_H__
28 
29 #include "../xen.h"
30 #include "acm.h"
31 
32 /*
33  * Make sure you increment the interface version whenever you modify this file!
34  * This makes sure that old versions of acm tools will stop working in a
35  * well-defined way (rather than crashing the machine, for instance).
36  */
37 #define ACM_INTERFACE_VERSION   0xAAAA000A
38 
39 /************************************************************************/
40 
41 /*
42  * Prototype for this hypercall is:
43  *  int acm_op(int cmd, void *args)
44  * @cmd  == ACMOP_??? (access control module operation).
45  * @args == Operation-specific extra arguments (NULL if none).
46  */
47 
48 
49 #define ACMOP_setpolicy         1
50 struct acm_setpolicy {
51     /* IN */
52     XEN_GUEST_HANDLE_64(void) pushcache;
53     uint32_t pushcache_size;
54 };
55 
56 
57 #define ACMOP_getpolicy         2
58 struct acm_getpolicy {
59     /* IN */
60     XEN_GUEST_HANDLE_64(void) pullcache;
61     uint32_t pullcache_size;
62 };
63 
64 
65 #define ACMOP_dumpstats         3
66 struct acm_dumpstats {
67     /* IN */
68     XEN_GUEST_HANDLE_64(void) pullcache;
69     uint32_t pullcache_size;
70 };
71 
72 
73 #define ACMOP_getssid           4
74 #define ACM_GETBY_ssidref  1
75 #define ACM_GETBY_domainid 2
76 struct acm_getssid {
77     /* IN */
78     uint32_t get_ssid_by; /* ACM_GETBY_* */
79     union {
80         domaintype_t domainid;
81         ssidref_t    ssidref;
82     } id;
83     XEN_GUEST_HANDLE_64(void) ssidbuf;
84     uint32_t ssidbuf_size;
85 };
86 
87 #define ACMOP_getdecision      5
88 struct acm_getdecision {
89     /* IN */
90     uint32_t get_decision_by1; /* ACM_GETBY_* */
91     uint32_t get_decision_by2; /* ACM_GETBY_* */
92     union {
93         domaintype_t domainid;
94         ssidref_t    ssidref;
95     } id1;
96     union {
97         domaintype_t domainid;
98         ssidref_t    ssidref;
99     } id2;
100     uint32_t hook;
101     /* OUT */
102     uint32_t acm_decision;
103 };
104 
105 
106 #define ACMOP_chgpolicy        6
107 struct acm_change_policy {
108     /* IN */
109     XEN_GUEST_HANDLE_64(void) policy_pushcache;
110     uint32_t policy_pushcache_size;
111     XEN_GUEST_HANDLE_64(void) del_array;
112     uint32_t delarray_size;
113     XEN_GUEST_HANDLE_64(void) chg_array;
114     uint32_t chgarray_size;
115     /* OUT */
116     /* array with error code */
117     XEN_GUEST_HANDLE_64(void) err_array;
118     uint32_t errarray_size;
119 };
120 
121 #define ACMOP_relabeldoms       7
122 struct acm_relabel_doms {
123     /* IN */
124     XEN_GUEST_HANDLE_64(void) relabel_map;
125     uint32_t relabel_map_size;
126     /* OUT */
127     XEN_GUEST_HANDLE_64(void) err_array;
128     uint32_t errarray_size;
129 };
130 
131 /* future interface to Xen */
132 struct xen_acmctl {
133     uint32_t cmd;
134     uint32_t interface_version;
135     union {
136         struct acm_setpolicy     setpolicy;
137         struct acm_getpolicy     getpolicy;
138         struct acm_dumpstats     dumpstats;
139         struct acm_getssid       getssid;
140         struct acm_getdecision   getdecision;
141         struct acm_change_policy change_policy;
142         struct acm_relabel_doms  relabel_doms;
143     } u;
144 };
145 
146 typedef struct xen_acmctl xen_acmctl_t;
147 DEFINE_XEN_GUEST_HANDLE(xen_acmctl_t);
148 
149 #endif /* __XEN_PUBLIC_ACM_OPS_H__ */
150 
151 /*
152  * Local variables:
153  * mode: C
154  * c-set-style: "BSD"
155  * c-basic-offset: 4
156  * tab-width: 4
157  * indent-tabs-mode: nil
158  * End:
159  */
160