If unsure, say Y.
-config XSM_POLICY
- bool "Compile Xen with a built-in security policy"
+config XSM_FLASK_POLICY
+ bool "Compile Xen with a built-in FLASK security policy"
default y if HAS_CHECKPOLICY = "y"
- depends on XSM
+ depends on XSM_FLASK
---help---
This includes a default XSM policy in the hypervisor so that the
bootloader does not need to load a policy to get sane behavior from an
}
#endif
-#ifdef CONFIG_XSM_POLICY
-extern const unsigned char xsm_init_policy[];
-extern const unsigned int xsm_init_policy_size;
+#ifdef CONFIG_XSM_FLASK_POLICY
+extern const unsigned char xsm_flask_init_policy[];
+extern const unsigned int xsm_flask_init_policy_size;
#endif
#else /* CONFIG_XSM */
$(AV_H_FILES): $(AV_H_DEPEND)
$(CONFIG_SHELL) policy/mkaccess_vector.sh $(AWK) $(AV_H_DEPEND)
-obj-$(CONFIG_XSM_POLICY) += policy.o
+obj-$(CONFIG_XSM_FLASK_POLICY) += policy.o
FLASK_BUILD_DIR := $(CURDIR)
POLICY_SRC := $(FLASK_BUILD_DIR)/xenpolicy-$(XEN_FULLVERSION)
#include <xen/init.h>
#include <xsm/xsm.h>
-const unsigned char xsm_init_policy[] __initconst = {
+const unsigned char xsm_flask_init_policy[] __initconst = {
""")
for char in sys.stdin.read():
sys.stdout.write("""
};
-const unsigned int __initconst xsm_init_policy_size = %d;
+const unsigned int __initconst xsm_flask_init_policy_size = %d;
""" % policy_size)
static int __init xsm_core_init(const void *policy_buffer, size_t policy_size)
{
-#ifdef CONFIG_XSM_POLICY
+#ifdef CONFIG_XSM_FLASK_POLICY
if ( policy_size == 0 )
{
- policy_buffer = xsm_init_policy;
- policy_size = xsm_init_policy_size;
+ policy_buffer = xsm_flask_init_policy;
+ policy_size = xsm_flask_init_policy_size;
}
#endif
projects / xen.git / commitdiff