dgit.raspbian.org Git - xen.git/commit

This patch:

* adds a get_ssid ACM command that allows privileged domains to retrieve
types for either a given ssid reference or a given domain id (of a running
domain); this command can be used to extend access control into device
domains, e.g., to control network traffic currently moving through Domain
0 uncontrolled by the ACM policy

* adds a script getlabel.sh that allows users inside Dom0 to retrieve the
label for a given ssid reference or a given domain id (multiple labels
might map onto a single ssid reference)

* cleans up label-related code in tools/security by merging common
functions into labelfuncs.sh

* cleans up ACM code related to above changes (eventually approximating a
common coding style)

Signed-off-by Reiner Sailer <sailer@us.ibm.com>
Signed-off by Stefan Berger <stefanb@us.ibm.com>

author	kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
	Fri, 2 Sep 2005 07:59:12 +0000 (07:59 +0000)
committer	kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
	Fri, 2 Sep 2005 07:59:12 +0000 (07:59 +0000)
commit	7e9596058beeb1bed9384cc56b6a1caae6d8c4fa
tree	d4ef4cb2955bb50fe40cf40c9e81ba1997378889	tree \| snapshot
parent	c544d29d6f53d04bc7136c473a0d235182f95982	commit \| diff

tools/security/Makefile		diff \| blob \| history
tools/security/secpol_tool.c		diff \| blob \| history
tools/security/setlabel.sh		diff \| blob \| history
xen/acm/acm_chinesewall_hooks.c		diff \| blob \| history
xen/acm/acm_core.c		diff \| blob \| history
xen/acm/acm_null_hooks.c		diff \| blob \| history
xen/acm/acm_policy.c		diff \| blob \| history
xen/acm/acm_simple_type_enforcement_hooks.c		diff \| blob \| history
xen/common/acm_ops.c		diff \| blob \| history
xen/include/acm/acm_core.h		diff \| blob \| history
xen/include/acm/acm_hooks.h		diff \| blob \| history
xen/include/public/acm.h		diff \| blob \| history
xen/include/public/acm_ops.h		diff \| blob \| history