Old unqualified enumeration names polluted the global namespace.
Signed-off-by: Keir Fraser <keir@xensource.com>
getssid.interface_version = ACM_INTERFACE_VERSION;
set_xen_guest_handle(getssid.ssidbuf, buf);
getssid.ssidbuf_size = SSID_BUFFER_SIZE;
- getssid.get_ssid_by = DOMAINID;
+ getssid.get_ssid_by = ACM_GETBY_domainid;
getssid.id.domainid = domid;
if (xc_acm_op(xc_handle, ACMOP_getssid, &getssid, sizeof(getssid)) < 0) {
return NULL;
getdecision.interface_version = ACM_INTERFACE_VERSION;
- getdecision.hook = SHARING;
+ getdecision.hook = ACMHOOK_sharing;
if (!strcmp(arg1_name, "domid")) {
- getdecision.get_decision_by1 = DOMAINID;
+ getdecision.get_decision_by1 = ACM_GETBY_domainid;
getdecision.id1.domainid = atoi(arg1);
} else {
- getdecision.get_decision_by1 = SSIDREF;
+ getdecision.get_decision_by1 = ACM_GETBY_ssidref;
getdecision.id1.ssidref = atol(arg1);
}
if (!strcmp(arg2_name, "domid")) {
- getdecision.get_decision_by2 = DOMAINID;
+ getdecision.get_decision_by2 = ACM_GETBY_domainid;
getdecision.id2.domainid = atoi(arg2);
} else {
- getdecision.get_decision_by2 = SSIDREF;
+ getdecision.get_decision_by2 = ACM_GETBY_ssidref;
getdecision.id2.ssidref = atol(arg2);
}
return ACM_INIT_SSID_ERROR;
}
- ssid->datatype = DOMAIN;
+ ssid->datatype = ACM_DATATYPE_domain;
ssid->subject = subj;
ssid->domainid = subj->domain_id;
ssid->primary_ssid = NULL;
}
int
-acm_get_decision(ssidref_t ssidref1, ssidref_t ssidref2,
- enum acm_hook_type hook)
+acm_get_decision(ssidref_t ssidref1, ssidref_t ssidref2, u32 hook)
{
int ret = ACM_ACCESS_DENIED;
switch (hook) {
- case SHARING:
- /* SHARING Hook restricts access in STE policy only */
+ case ACMHOOK_sharing:
+ /* Sharing hook restricts access in STE policy only */
ret = acm_sharing(ssidref1, ssidref2);
break;
}
/* clean ste cache */
for (i=0; i<ACM_TE_CACHE_SIZE; i++)
- ste_ssidp->ste_cache[i].valid = FREE;
+ ste_ssidp->ste_cache[i].valid = ACM_STE_free;
(*ste_ssid) = ste_ssidp;
printkd("%s: determined ste_ssidref to %x.\n",
ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,
(struct acm_ssid_domain *)(*pd)->ssid);
for (i=0; i<ACM_TE_CACHE_SIZE; i++)
- ste_ssid->ste_cache[i].valid = FREE;
+ ste_ssid->ste_cache[i].valid = ACM_STE_free;
}
read_unlock(&domlist_lock);
return ACM_OK;
(struct acm_ssid_domain *)(dom->ssid));
for(i=0; i< ACM_TE_CACHE_SIZE; i++) {
- if ((ste_ssid->ste_cache[i].valid == VALID) &&
+ if ((ste_ssid->ste_cache[i].valid == ACM_STE_valid) &&
(ste_ssid->ste_cache[i].id == rdom)) {
printkd("cache hit (entry %x, id= %x!\n", i, ste_ssid->ste_cache[i].id);
return 1;
ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,
(struct acm_ssid_domain *)(subj)->ssid);
for(i=0; i< ACM_TE_CACHE_SIZE; i++)
- if (ste_ssid->ste_cache[i].valid == FREE)
+ if (ste_ssid->ste_cache[i].valid == ACM_STE_free)
break;
if (i< ACM_TE_CACHE_SIZE) {
- ste_ssid->ste_cache[i].valid = VALID;
+ ste_ssid->ste_cache[i].valid = ACM_STE_valid;
ste_ssid->ste_cache[i].id = obj->domain_id;
} else
printk ("Cache of dom %x is full!\n", subj->domain_id);
goto out;
}
for (i=0; i<ACM_TE_CACHE_SIZE; i++)
- if ((ste_ssid->ste_cache[i].valid == VALID) &&
+ if ((ste_ssid->ste_cache[i].valid == ACM_STE_valid) &&
(ste_ssid->ste_cache[i].id == id))
- ste_ssid->ste_cache[i].valid = FREE;
+ ste_ssid->ste_cache[i].valid = ACM_STE_free;
}
out:
read_unlock(&domlist_lock);
if (getssid.interface_version != ACM_INTERFACE_VERSION)
return -EACCES;
- if (getssid.get_ssid_by == SSIDREF)
+ if (getssid.get_ssid_by == ACM_GETBY_ssidref)
ssidref = getssid.id.ssidref;
- else if (getssid.get_ssid_by == DOMAINID)
+ else if (getssid.get_ssid_by == ACM_GETBY_domainid)
{
struct domain *subj = find_domain_by_id(getssid.id.domainid);
if (!subj)
if (getdecision.interface_version != ACM_INTERFACE_VERSION)
return -EACCES;
- if (getdecision.get_decision_by1 == SSIDREF)
+ if (getdecision.get_decision_by1 == ACM_GETBY_ssidref)
ssidref1 = getdecision.id1.ssidref;
- else if (getdecision.get_decision_by1 == DOMAINID)
+ else if (getdecision.get_decision_by1 == ACM_GETBY_domainid)
{
struct domain *subj = find_domain_by_id(getdecision.id1.domainid);
if (!subj)
rc = -ESRCH;
break;
}
- if (getdecision.get_decision_by2 == SSIDREF)
+ if (getdecision.get_decision_by2 == ACM_GETBY_ssidref)
ssidref2 = getdecision.id2.ssidref;
- else if (getdecision.get_decision_by2 == DOMAINID)
+ else if (getdecision.get_decision_by2 == ACM_GETBY_domainid)
{
struct domain *subj = find_domain_by_id(getdecision.id2.domainid);
if (!subj)
extern rwlock_t acm_bin_pol_rwlock;
/* subject and object type definitions */
-enum acm_datatype { DOMAIN };
+#define ACM_DATATYPE_domain 1
/* defines number of access decisions to other domains can be cached
* one entry per domain, TE does not distinguish evtchn or grant_table */
#define ACM_TE_CACHE_SIZE 8
-enum acm_ste_flag { VALID, FREE };
+#define ACM_STE_valid 0
+#define ACM_STE_free 1
/* cache line:
- * if cache_line.valid==VALID, then
+ * if cache_line.valid==ACM_STE_valid, then
* STE decision is cached as "permitted"
* on domain cache_line.id
*/
struct acm_ste_cache_line {
- enum acm_ste_flag valid;
+ int valid; /* ACM_STE_* */
domid_t id;
};
/* general definition of a subject security id */
struct acm_ssid_domain {
- enum acm_datatype datatype; /* type of subject (e.g., partition) */
+ int datatype; /* type of subject (e.g., partition): ACM_DATATYPE_* */
ssidref_t ssidref; /* combined security reference */
void *primary_ssid; /* primary policy ssid part (e.g. chinese wall) */
void *secondary_ssid; /* secondary policy ssid part (e.g. type enforcement) */
int acm_get_policy(void *buf, u32 buf_size);
int acm_dump_statistics(void *buf, u16 buf_size);
int acm_get_ssid(ssidref_t ssidref, u8 *buf, u16 buf_size);
-int acm_get_decision(ssidref_t ssidref1, ssidref_t ssidref2, enum acm_hook_type hook);
+int acm_get_decision(ssidref_t ssidref1, ssidref_t ssidref2, u32 hook);
int acm_set_policy_reference(u8 * buf, u32 buf_size);
int acm_dump_policy_reference(u8 *buf, u32 buf_size);
#endif
typedef uint32_t ssidref_t;
/* hooks that are known to domains */
-enum acm_hook_type {NONE=0, SHARING};
+#define ACMHOOK_none 0
+#define ACMHOOK_sharing 1
/* -------security policy relevant type definitions-------- */
#define ACMOP_getssid 4
-enum get_type {UNSET=0, SSIDREF, DOMAINID};
+#define ACM_GETBY_ssidref 1
+#define ACM_GETBY_domainid 2
struct acm_getssid {
/* IN */
uint32_t interface_version;
- uint32_t get_ssid_by;
+ uint32_t get_ssid_by; /* ACM_GETBY_* */
union {
domaintype_t domainid;
ssidref_t ssidref;
struct acm_getdecision {
/* IN */
uint32_t interface_version;
- uint32_t get_decision_by1;
- uint32_t get_decision_by2;
+ uint32_t get_decision_by1; /* ACM_GETBY_* */
+ uint32_t get_decision_by2; /* ACM_GETBY_* */
union {
domaintype_t domainid;
ssidref_t ssidref;
projects / xen.git / commitdiff