# n - Do not build the Xen ACM framework
ACM_SECURITY ?= n
-# If ACM_SECURITY = y and no boot policy file is installed,
-# then the ACM defaults to the security policy set by
-# ACM_DEFAULT_SECURITY_POLICY
-# Supported models are:
-# ACM_NULL_POLICY
-# ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
-ACM_DEFAULT_SECURITY_POLICY ?= ACM_NULL_POLICY
-
# Optional components
XENSTAT_XENTOP ?= y
VTPM_TOOLS ?= n
$(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) clean
rm -f include/asm *.o $(TARGET)* *~ core
rm -f include/asm-*/asm-offsets.h
- rm -f include/xen/acm_policy.h
.PHONY: _distclean
_distclean: clean
$(TARGET): delete-unfresh-files build-headers
$(MAKE) -C tools
$(MAKE) -f $(BASEDIR)/Rules.mk include/xen/compile.h
- $(MAKE) -f $(BASEDIR)/Rules.mk include/xen/acm_policy.h
[ -e include/asm ] || ln -sf asm-$(TARGET_ARCH) include/asm
$(MAKE) -f $(BASEDIR)/Rules.mk -C include
$(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) asm-offsets.s
rm -f include/xen/compile.h; \
fi
-# acm_policy.h contains security policy for Xen
-include/xen/acm_policy.h:
- @(set -e; \
- echo "/*"; \
- echo " * DO NOT MODIFY."; \
- echo " *"; \
- echo " * This file was auto-generated by xen/Makefile $<"; \
- echo " *"; \
- echo " */"; \
- echo ""; \
- echo "#ifndef ACM_DEFAULT_SECURITY_POLICY"; \
- echo "#define ACM_DEFAULT_SECURITY_POLICY $(ACM_DEFAULT_SECURITY_POLICY)"; \
- echo "#endif") >$@
-
# compile.h contains dynamic build info. Rebuilt on every 'make' invocation.
include/xen/compile.h: include/xen/compile.h.in
@sed -e 's/@@date@@/$(shell LC_ALL=C date)/g' \
#include <xen/spinlock.h>
#include <xen/list.h>
#include <public/acm.h>
-#include <xen/acm_policy.h>
#include <public/acm_ops.h>
#include <acm/acm_endian.h>
+#define ACM_DEFAULT_SECURITY_POLICY \
+ ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
+
/* Xen-internal representation of the binary policy */
struct acm_binary_policy {
char *policy_reference_name;
projects / xen.git / commitdiff