On 07/07/2016 06:30 AM, Jan Beulich wrote:
On 05.07.16 at 19:44, <dgde...@tycho.nsa.gov> wrote:
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -762,6 +762,13 @@ static inline void flask_init(void)
}
#endif
+#ifdef CONFIG_XSM_POLICY
+extern const unsigned char xsm_init_policy[];
+extern const int xsm_init_policy_size;
unsigned int or size_t please.
--- a/xen/xsm/flask/Makefile
+++ b/xen/xsm/flask/Makefile
@@ -27,6 +27,17 @@ $(FLASK_H_FILES): $(FLASK_H_DEPEND)
$(AV_H_FILES): $(AV_H_DEPEND)
$(CONFIG_SHELL) policy/mkaccess_vector.sh $(AWK) $(AV_H_DEPEND)
+obj-$(CONFIG_XSM_POLICY) += policy.o
+
+POLICY_SRC := $(XEN_ROOT)/tools/flask/policy/xenpolicy-$(XEN_FULLVERSION)
+
+policy.bin: FORCE
+ $(MAKE) -C $(XEN_ROOT)/tools/flask/policy
+ cmp -s $(POLICY_SRC) $@ || cp $(POLICY_SRC) $@
+
+policy.c: policy.bin gen-policy.py
+ $(PYTHON) gen-policy.py < $< > $@
+
.PHONY: clean
clean::
rm -f $(ALL_H_FILES) *.o $(DEPS)
I suppose the clean target then also needs adjustment?
Yes, it does.
+static inline void xsm_policy_init(void)
+{
+#ifdef CONFIG_XSM_POLICY
+ if ( policy_size == 0 )
+ {
+ policy_buffer = (char*)xsm_init_policy;
Can't xsm_init_policy by of type const char[] then, avoiding the need
for a cast (you certainly shouldn't be casting away constness)? If not,
besides adding the const please also add a blank before the *.
The policy_buffer global cannot be a const char* because it is passed to
xfree() below (only in ARM); the cast would only be moved. The buffer is
never modified, if that's what you are asking.
The reason that xsm_init_policy is unsigned is to avoid compiler warnings
resulting from assigning values such as 0xF3 to a signed character.
--
Daniel De Graaf
National Security Agency
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
