Allow setting of ACM security policy at build time.
Signed-off-by: Nguyen Anh Quynh <aquynh@gmail.com>
xen/include/hypervisor-ifs/arch
xen/include/public/public
xen/include/xen/*.new
+xen/include/xen/acm_policy.h
xen/include/xen/banner.h
xen/include/xen/compile.h
xen/tags
rm -f include/asm *.o $(TARGET)* *~ core
rm -f include/asm-*/asm-offsets.h
rm -f tools/figlet/*.o tools/figlet/figlet
+ rm -f include/xen/acm_policy.h
$(TARGET): delete-unfresh-files
$(MAKE) include/xen/compile.h
+ $(MAKE) include/xen/acm_policy.h
[ -e include/asm ] || ln -sf asm-$(TARGET_ARCH) include/asm
$(MAKE) -C arch/$(TARGET_ARCH) asm-offsets.s
$(MAKE) include/asm-$(TARGET_ARCH)/asm-offsets.h
$(MAKE) -C common
$(MAKE) -C drivers
-ifdef ACM_USE_SECURITY_POLICY
+ifneq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY)
$(MAKE) -C acm
endif
$(MAKE) -C arch/$(TARGET_ARCH)
-# drivers/char/console.o may contain static banner/compile info. Blow it away.
+# drivers/char/console.o contains static banner/compile info. Blow it away.
delete-unfresh-files:
rm -f include/xen/banner.h include/xen/compile.h drivers/char/console.o
$(MAKE) -C arch/$(TARGET_ARCH) delete-unfresh-files
+# acm_policy.h contains security policy for Xen
+include/xen/acm_policy.h:
+ @(set -e; \
+ echo "/*"; \
+ echo " * DO NOT MODIFY."; \
+ echo " *"; \
+ echo " * This file was auto-generated by xen/Makefile $<"; \
+ echo " *"; \
+ echo " */"; \
+ echo ""; \
+ echo "#ifndef ACM_USE_SECURITY_POLICY"; \
+ echo "#define ACM_USE_SECURITY_POLICY $(ACM_USE_SECURITY_POLICY)"; \
+ echo "#endif") >$@
+
# compile.h contains dynamic build info. Rebuilt on every 'make' invocation.
include/xen/compile.h: LANG=C
include/xen/compile.h: include/xen/compile.h.in include/xen/banner.h
-
+#
+# If you change any of these configuration options then you must
+# 'make clean' before rebuilding.
+#
verbose ?= n
debug ?= n
perfc ?= n
domu_debug ?= n
crash_debug ?= n
+# ACM_USE_SECURITY_POLICY is set to security policy of Xen
+# Supported models are:
+# ACM_NULL_POLICY (ACM will not be built with this policy)
+# ACM_CHINESE_WALL_POLICY
+# ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
+# ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
+ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
+
include $(BASEDIR)/../Config.mk
# Set ARCH/SUBARCH appropriately.
ALL_OBJS := $(BASEDIR)/common/common.o
ALL_OBJS += $(BASEDIR)/drivers/char/driver.o
ALL_OBJS += $(BASEDIR)/drivers/acpi/driver.o
-ifdef ACM_USE_SECURITY_POLICY
+ifneq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY)
ALL_OBJS += $(BASEDIR)/acm/acm.o
endif
ALL_OBJS += $(BASEDIR)/arch/$(TARGET_ARCH)/arch.o
* todo: move from static policy choice to compile option.
*/
-#ifndef _XEN_PUBLIC_SHYPE_H
-#define _XEN_PUBLIC_SHYPE_H
+#ifndef _XEN_PUBLIC_ACM_H
+#define _XEN_PUBLIC_ACM_H
#include "xen.h"
#include "sched_ctl.h"
(X == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \
"UNDEFINED policy"
-#ifndef ACM_USE_SECURITY_POLICY
-#define ACM_USE_SECURITY_POLICY ACM_NULL_POLICY
-#endif
-
/* defines a ssid reference used by xen */
typedef u32 ssidref_t;
projects / xen.git / commitdiff