[Xen-devel] [PATCH 1/2] flask: clean up initialization and #defines
This removes the FLASK_DEVELOP and FLASK_BOOTPARAM configuration
parameters which have never been settable by users. Disabling the
FLASK_DEVELOP configuration option has not produced a compiling
hypervisor for some time, and the FLASK_BOOTPARAM option will be
replaced with a more flexible boot parameter.
This also changes the return type of xsm_initcall_t to void to properly
reflect the fact that the caller ignores the return value.
Signed-off-by: Daniel De Graaf
---
xen/include/xen/config.h | 4
xen/include/xsm/xsm.h| 2 +-
xen/xsm/flask/avc.c | 2 --
xen/xsm/flask/flask_op.c | 4
xen/xsm/flask/hooks.c| 6 ++
xen/xsm/flask/include/avc.h | 4
xen/xsm/flask/include/security.h | 5 -
7 files changed, 3 insertions(+), 24 deletions(-)
diff --git a/xen/include/xen/config.h b/xen/include/xen/config.h
index 7bef8a6..d3d9911 100644
--- a/xen/include/xen/config.h
+++ b/xen/include/xen/config.h
@@ -100,10 +100,6 @@
#ifdef FLASK_ENABLE
#define XSM_MAGIC 0xf97cff8c
-/* Enable permissive mode (xl setenforce or flask_enforcing parameter) */
-#define FLASK_DEVELOP 1
-/* Allow runtime disabling of FLASK via the flask_enable parameter */
-#define FLASK_BOOTPARAM 1
/* Maintain statistics on the access vector cache */
#define FLASK_AVC_STATS 1
#endif
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 4ce089f..0437735 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -42,7 +42,7 @@ typedef enum xsm_default xsm_default_t;
extern char *policy_buffer;
extern u32 policy_size;
-typedef int (*xsm_initcall_t)(void);
+typedef void (*xsm_initcall_t)(void);
extern xsm_initcall_t __xsm_initcall_start[], __xsm_initcall_end[];
diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c
index fc6580e..b1a4f8a 100644
--- a/xen/xsm/flask/avc.c
+++ b/xen/xsm/flask/avc.c
@@ -251,8 +251,6 @@ void __init avc_init(void)
}
atomic_set(&avc_cache.active_nodes, 0);
atomic_set(&avc_cache.lru_hint, 0);
-
-printk("AVC INITIALIZED\n");
}
int avc_get_hash_stats(struct xen_flask_hash_stats *arg)
diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c
index 7743aac..0e89360 100644
--- a/xen/xsm/flask/flask_op.c
+++ b/xen/xsm/flask/flask_op.c
@@ -24,15 +24,11 @@
#define _copy_to_guest copy_to_guest
#define _copy_from_guest copy_from_guest
-#ifdef FLASK_DEVELOP
int flask_enforcing = 0;
integer_param("flask_enforcing", flask_enforcing);
-#endif
-#ifdef FLASK_BOOTPARAM
int flask_enabled = 1;
integer_param("flask_enabled", flask_enabled);
-#endif
#define MAX_POLICY_SIZE 0x400
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 65094bb..dad5deb 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1626,14 +1626,14 @@ static struct xsm_operations flask_ops = {
#endif
};
-static __init int flask_init(void)
+static __init void flask_init(void)
{
int ret = 0;
if ( !flask_enabled )
{
printk("Flask: Disabled at boot.\n");
-return 0;
+return;
}
printk("Flask: Initializing.\n");
@@ -1650,8 +1650,6 @@ static __init int flask_init(void)
printk("Flask: Starting in enforcing mode.\n");
else
printk("Flask: Starting in permissive mode.\n");
-
-return ret;
}
xsm_initcall(flask_init);
diff --git a/xen/xsm/flask/include/avc.h b/xen/xsm/flask/include/avc.h
index 42a5e4b..a00a6eb 100644
--- a/xen/xsm/flask/include/avc.h
+++ b/xen/xsm/flask/include/avc.h
@@ -17,11 +17,7 @@
#include "av_permissions.h"
#include "security.h"
-#ifdef FLASK_DEVELOP
extern int flask_enforcing;
-#else
-#define flask_enforcing 1
-#endif
/*
* An entry in the AVC.
diff --git a/xen/xsm/flask/include/security.h b/xen/xsm/flask/include/security.h
index 348f018..dea0143 100644
--- a/xen/xsm/flask/include/security.h
+++ b/xen/xsm/flask/include/security.h
@@ -35,12 +35,7 @@
#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
#define POLICYDB_VERSION_MAX POLICYDB_VERSION_BOUNDARY
-#ifdef FLASK_BOOTPARAM
extern int flask_enabled;
-#else
-#define flask_enabled 1
-#endif
-
extern int flask_mls_enabled;
int security_load_policy(void * data, size_t len);
--
2.1.0
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
[Xen-devel] [PATCH 1/2] flask: clean up initialization and #defines
This removes the FLASK_DEVELOP and FLASK_BOOTPARAM configuration
parameters which have never been settable by users. Disabling the
FLASK_DEVELOP configuration option has not produced a compiling
hypervisor for some time, and the FLASK_BOOTPARAM option will be
replaced with a more flexible boot parameter.
This also changes the return type of xsm_initcall_t to void to properly
reflect the fact that the caller ignores the return value.
Signed-off-by: Daniel De Graaf
Reviewed-by: Wei Liu
---
xen/include/xen/config.h | 4
xen/include/xsm/xsm.h| 2 +-
xen/xsm/flask/avc.c | 2 --
xen/xsm/flask/flask_op.c | 4
xen/xsm/flask/hooks.c| 6 ++
xen/xsm/flask/include/avc.h | 4
xen/xsm/flask/include/security.h | 5 -
7 files changed, 3 insertions(+), 24 deletions(-)
diff --git a/xen/include/xen/config.h b/xen/include/xen/config.h
index 7bef8a6..d3d9911 100644
--- a/xen/include/xen/config.h
+++ b/xen/include/xen/config.h
@@ -100,10 +100,6 @@
#ifdef FLASK_ENABLE
#define XSM_MAGIC 0xf97cff8c
-/* Enable permissive mode (xl setenforce or flask_enforcing parameter) */
-#define FLASK_DEVELOP 1
-/* Allow runtime disabling of FLASK via the flask_enable parameter */
-#define FLASK_BOOTPARAM 1
/* Maintain statistics on the access vector cache */
#define FLASK_AVC_STATS 1
#endif
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 4ce089f..0437735 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -42,7 +42,7 @@ typedef enum xsm_default xsm_default_t;
extern char *policy_buffer;
extern u32 policy_size;
-typedef int (*xsm_initcall_t)(void);
+typedef void (*xsm_initcall_t)(void);
extern xsm_initcall_t __xsm_initcall_start[], __xsm_initcall_end[];
diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c
index fc6580e..b1a4f8a 100644
--- a/xen/xsm/flask/avc.c
+++ b/xen/xsm/flask/avc.c
@@ -251,8 +251,6 @@ void __init avc_init(void)
}
atomic_set(&avc_cache.active_nodes, 0);
atomic_set(&avc_cache.lru_hint, 0);
-
-printk("AVC INITIALIZED\n");
}
int avc_get_hash_stats(struct xen_flask_hash_stats *arg)
diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c
index 7743aac..0e89360 100644
--- a/xen/xsm/flask/flask_op.c
+++ b/xen/xsm/flask/flask_op.c
@@ -24,15 +24,11 @@
#define _copy_to_guest copy_to_guest
#define _copy_from_guest copy_from_guest
-#ifdef FLASK_DEVELOP
int flask_enforcing = 0;
integer_param("flask_enforcing", flask_enforcing);
-#endif
-#ifdef FLASK_BOOTPARAM
int flask_enabled = 1;
integer_param("flask_enabled", flask_enabled);
-#endif
#define MAX_POLICY_SIZE 0x400
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 65094bb..dad5deb 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1626,14 +1626,14 @@ static struct xsm_operations flask_ops = {
#endif
};
-static __init int flask_init(void)
+static __init void flask_init(void)
{
int ret = 0;
if ( !flask_enabled )
{
printk("Flask: Disabled at boot.\n");
-return 0;
+return;
}
printk("Flask: Initializing.\n");
@@ -1650,8 +1650,6 @@ static __init int flask_init(void)
printk("Flask: Starting in enforcing mode.\n");
else
printk("Flask: Starting in permissive mode.\n");
-
-return ret;
}
xsm_initcall(flask_init);
diff --git a/xen/xsm/flask/include/avc.h b/xen/xsm/flask/include/avc.h
index 42a5e4b..a00a6eb 100644
--- a/xen/xsm/flask/include/avc.h
+++ b/xen/xsm/flask/include/avc.h
@@ -17,11 +17,7 @@
#include "av_permissions.h"
#include "security.h"
-#ifdef FLASK_DEVELOP
extern int flask_enforcing;
-#else
-#define flask_enforcing 1
-#endif
/*
* An entry in the AVC.
diff --git a/xen/xsm/flask/include/security.h b/xen/xsm/flask/include/security.h
index 348f018..dea0143 100644
--- a/xen/xsm/flask/include/security.h
+++ b/xen/xsm/flask/include/security.h
@@ -35,12 +35,7 @@
#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
#define POLICYDB_VERSION_MAX POLICYDB_VERSION_BOUNDARY
-#ifdef FLASK_BOOTPARAM
extern int flask_enabled;
-#else
-#define flask_enabled 1
-#endif
-
extern int flask_mls_enabled;
int security_load_policy(void * data, size_t len);
--
2.1.0
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH 1/2] flask: clean up initialization and #defines
On Tue, Mar 03, 2015 at 12:00:18PM -0500, Daniel De Graaf wrote: > This removes the FLASK_DEVELOP and FLASK_BOOTPARAM configuration > parameters which have never been settable by users. Disabling the > FLASK_DEVELOP configuration option has not produced a compiling > hypervisor for some time, and the FLASK_BOOTPARAM option will be > replaced with a more flexible boot parameter. > > This also changes the return type of xsm_initcall_t to void to properly > reflect the fact that the caller ignores the return value. > > Signed-off-by: Daniel De Graaf Reviewed-by: Wei Liu ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH 1/2] flask: clean up initialization and #defines
On 06/03/15 21:43, Daniel De Graaf wrote: > This removes the FLASK_DEVELOP and FLASK_BOOTPARAM configuration > parameters which have never been settable by users. Disabling the > FLASK_DEVELOP configuration option has not produced a compiling > hypervisor for some time, and the FLASK_BOOTPARAM option will be > replaced with a more flexible boot parameter. > > This also changes the return type of xsm_initcall_t to void to properly > reflect the fact that the caller ignores the return value. > > Signed-off-by: Daniel De Graaf > Reviewed-by: Wei Liu Reviewed-by: Andrew Cooper ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
