diff options
author | Keir Fraser <keir@xen.org> | 2011-03-25 21:47:57 +0000 |
---|---|---|
committer | Keir Fraser <keir@xen.org> | 2011-03-25 21:47:57 +0000 |
commit | 6102cace934c5ef156e7e1e21966cf3950dc40e5 (patch) | |
tree | 612c892c08a8a6c371b3c02981b2699e7ebdc9ae /tools | |
parent | 662f524483de23084ae4dde930fa7570fb15e033 (diff) | |
download | xen-6102cace934c5ef156e7e1e21966cf3950dc40e5.tar.gz xen-6102cace934c5ef156e7e1e21966cf3950dc40e5.tar.bz2 xen-6102cace934c5ef156e7e1e21966cf3950dc40e5.zip |
Remove unmaintained Access Control Module (ACM) from hypervisor.
Signed-off-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'tools')
52 files changed, 6 insertions, 9330 deletions
diff --git a/tools/Makefile b/tools/Makefile index 3ac76e6b43..df6270c352 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -13,7 +13,6 @@ SUBDIRS-y += hotplug SUBDIRS-y += xentrace SUBDIRS-$(CONFIG_XCUTILS) += xcutils SUBDIRS-$(CONFIG_X86) += firmware -SUBDIRS-$(ACM_SECURITY) += security SUBDIRS-y += console SUBDIRS-y += xenmon SUBDIRS-$(VTPM_TOOLS) += vtpm_manager diff --git a/tools/check/Makefile b/tools/check/Makefile index f24816601b..b2ee0d6b38 100644 --- a/tools/check/Makefile +++ b/tools/check/Makefile @@ -7,12 +7,12 @@ all install: check-build # Check this machine is OK for building on. .PHONY: check-build check-build: - PYTHON=$(PYTHON) LIBXENAPI_BINDINGS=$(LIBXENAPI_BINDINGS) ACM_SECURITY=$(ACM_SECURITY) ./chk build + PYTHON=$(PYTHON) LIBXENAPI_BINDINGS=$(LIBXENAPI_BINDINGS) ./chk build # Check this machine is OK for installing on. .PHONY: check-install check-install: - PYTHON=$(PYTHON) LIBXENAPI_BINDINGS=$(LIBXENAPI_BINDINGS) ACM_SECURITY=$(ACM_SECURITY) ./chk install + PYTHON=$(PYTHON) LIBXENAPI_BINDINGS=$(LIBXENAPI_BINDINGS) ./chk install .PHONY: clean clean: diff --git a/tools/check/check_xml2 b/tools/check/check_xml2 index caa762c4e3..89fe5a4769 100755 --- a/tools/check/check_xml2 +++ b/tools/check/check_xml2 @@ -3,7 +3,7 @@ . ./funcs.sh -if [ ! "$LIBXENAPI_BINDINGS" = "y" -a ! "$ACM_SECURITY" = "y" ] +if [ ! "$LIBXENAPI_BINDINGS" = "y" ] then echo -n "unused, " exit 0 diff --git a/tools/libxc/Makefile b/tools/libxc/Makefile index 232d9a3760..6464818187 100644 --- a/tools/libxc/Makefile +++ b/tools/libxc/Makefile @@ -13,7 +13,6 @@ CTRL_SRCS-y += xc_domain.c CTRL_SRCS-y += xc_evtchn.c CTRL_SRCS-y += xc_gnttab.c CTRL_SRCS-y += xc_misc.c -CTRL_SRCS-y += xc_acm.c CTRL_SRCS-y += xc_flask.c CTRL_SRCS-y += xc_physdev.c CTRL_SRCS-y += xc_private.c diff --git a/tools/libxc/xc_acm.c b/tools/libxc/xc_acm.c deleted file mode 100644 index 9ab7a68b4d..0000000000 --- a/tools/libxc/xc_acm.c +++ /dev/null @@ -1,132 +0,0 @@ -/****************************************************************************** - * xc_acm.c - * - * Copyright (C) 2005, 2006 IBM Corporation, R Sailer - * - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - */ - -#include "xc_private.h" - -int xc_acm_op(xc_interface *xch, int cmd, void *arg, unsigned long arg_size) -{ - int ret; - DECLARE_HYPERCALL; - DECLARE_HYPERCALL_BUFFER(struct xen_acmctl, acmctl); - - acmctl = xc_hypercall_buffer_alloc(xch, acmctl, sizeof(*acmctl)); - if ( acmctl == NULL ) - { - PERROR("Could not allocate memory for ACM OP hypercall"); - return -EFAULT; - } - - switch (cmd) { - case ACMOP_setpolicy: { - struct acm_setpolicy *setpolicy = (struct acm_setpolicy *)arg; - memcpy(&acmctl->u.setpolicy, - setpolicy, - sizeof(struct acm_setpolicy)); - } - break; - - case ACMOP_getpolicy: { - struct acm_getpolicy *getpolicy = (struct acm_getpolicy *)arg; - memcpy(&acmctl->u.getpolicy, - getpolicy, - sizeof(struct acm_getpolicy)); - } - break; - - case ACMOP_dumpstats: { - struct acm_dumpstats *dumpstats = (struct acm_dumpstats *)arg; - memcpy(&acmctl->u.dumpstats, - dumpstats, - sizeof(struct acm_dumpstats)); - } - break; - - case ACMOP_getssid: { - struct acm_getssid *getssid = (struct acm_getssid *)arg; - memcpy(&acmctl->u.getssid, - getssid, - sizeof(struct acm_getssid)); - } - break; - - case ACMOP_getdecision: { - struct acm_getdecision *getdecision = (struct acm_getdecision *)arg; - memcpy(&acmctl->u.getdecision, - getdecision, - sizeof(struct acm_getdecision)); - } - break; - - case ACMOP_chgpolicy: { - struct acm_change_policy *change_policy = (struct acm_change_policy *)arg; - memcpy(&acmctl->u.change_policy, - change_policy, - sizeof(struct acm_change_policy)); - } - break; - - case ACMOP_relabeldoms: { - struct acm_relabel_doms *relabel_doms = (struct acm_relabel_doms *)arg; - memcpy(&acmctl->u.relabel_doms, - relabel_doms, - sizeof(struct acm_relabel_doms)); - } - break; - } - - acmctl->cmd = cmd; - acmctl->interface_version = ACM_INTERFACE_VERSION; - - hypercall.op = __HYPERVISOR_xsm_op; - hypercall.arg[0] = HYPERCALL_BUFFER_AS_ARG(acmctl); - if ( (ret = do_xen_hypercall(xch, &hypercall)) < 0) - { - if ( errno == EACCES ) - DPRINTF("acmctl operation failed -- need to" - " rebuild the user-space tool set?\n"); - } - - switch (cmd) { - case ACMOP_getdecision: { - struct acm_getdecision *getdecision = (struct acm_getdecision *)arg; - memcpy(getdecision, - &acmctl->u.getdecision, - sizeof(struct acm_getdecision)); - break; - } - } - - xc_hypercall_buffer_free(xch, acmctl); - - return ret; -} - -/* - * Local variables: - * mode: C - * c-set-style: "BSD" - * c-basic-offset: 4 - * tab-width: 4 - * indent-tabs-mode: nil - * End: - */ diff --git a/tools/libxc/xenctrl.h b/tools/libxc/xenctrl.h index 971daf02bc..9a4355f79c 100644 --- a/tools/libxc/xenctrl.h +++ b/tools/libxc/xenctrl.h @@ -44,8 +44,6 @@ #include <xen/memory.h> #include <xen/grant_table.h> #include <xen/hvm/params.h> -#include <xen/xsm/acm.h> -#include <xen/xsm/acm_ops.h> #include <xen/xsm/flask_op.h> #include <xen/tmem.h> @@ -1250,8 +1248,6 @@ int xc_sysctl(xc_interface *xch, struct xen_sysctl *sysctl); int xc_version(xc_interface *xch, int cmd, void *arg); -int xc_acm_op(xc_interface *xch, int cmd, void *arg, unsigned long arg_size); - int xc_flask_op(xc_interface *xch, flask_op_t *op); /* diff --git a/tools/libxen/include/xen/api/xen_acmpolicy.h b/tools/libxen/include/xen/api/xen_acmpolicy.h deleted file mode 100644 index 43aac5810d..0000000000 --- a/tools/libxen/include/xen/api/xen_acmpolicy.h +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright (c) 2007, IBM Corp. - * Copyright (c) 2007, XenSource Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#ifndef XEN_ACMPOLICY_H -#define XEN_ACMPOLICY_H - -#include "xen_common.h" -#include "xen_string_string_map.h" -#include "xen_xspolicy_decl.h" -#include "xen_vm_decl.h" - -/* - * Data structures. - */ - -typedef struct xen_acmpolicy_record -{ - xen_xspolicy handle; - char *uuid; - char *repr; - xs_instantiationflags flags; - xs_type type; -} xen_acmpolicy_record; - -/** - * Allocate a xen_acmpolicy_record. - */ -extern xen_acmpolicy_record * -xen_acmpolicy_record_alloc(void); - -/** - * Free the given xen_xspolicy_record, and all referenced values. The - * given record must have been allocated by this library. - */ -extern void -xen_acmpolicy_record_free(xen_acmpolicy_record *record); - - -/** - * Data structures for the policy's header - */ -typedef struct xen_acm_header -{ - char *policyname; - char *policyurl; - char *date; - char *reference; - char *namespaceurl; - char *version; -} xen_acm_header; - -extern xen_acm_header * -xen_acm_header_alloc(void); - -extern void -xen_acm_header_free(xen_acm_header *hdr); - -/** - * Get the referenced policy's record. - */ -extern bool -xen_acmpolicy_get_record(xen_session *session, xen_acmpolicy_record **result, - xen_xspolicy xspolicy); - -/** - * Get the header of a policy. - */ -extern bool -xen_acmpolicy_get_header(xen_session *session, xen_acm_header **hdr, - xen_xspolicy xspolicy); - - -/** - * Get the XML representation of the policy. - */ -extern bool -xen_acmpolicy_get_xml(xen_session *session, char **xml, - xen_xspolicy xspolicy); - -/** - * Get the mapping file of the policy. - */ -extern bool -xen_acmpolicy_get_map(xen_session *session, char **map, - xen_xspolicy xspolicy); - -/** - * Get the binary representation (base64-encoded) of the policy. - */ -extern bool -xen_acmpolicy_get_binary(xen_session *session, char **binary, - xen_xspolicy xspolicy); - -/** - * Get the binary representation (base64-encoded) of the currently - * enforced policy. - */ -extern bool -xen_acmpolicy_get_enforced_binary(xen_session *session, char **binary, - xen_xspolicy xspolicy); - -/** - * Get the ACM ssidref of the given VM. - */ -extern bool -xen_acmpolicy_get_VM_ssidref(xen_session *session, int64_t *result, - xen_vm vm); - -/** - * Get the UUID field of the given policy. - */ -extern bool -xen_acmpolicy_get_uuid(xen_session *session, char **result, - xen_xspolicy xspolicy); - -#endif diff --git a/tools/libxen/src/xen_acmpolicy.c b/tools/libxen/src/xen_acmpolicy.c deleted file mode 100644 index f8d69195a4..0000000000 --- a/tools/libxen/src/xen_acmpolicy.c +++ /dev/null @@ -1,269 +0,0 @@ -/* - * Copyright (c) 2007, IBM Corp. - * Copyright (c) 2007, XenSource Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - -#include <stddef.h> -#include <stdlib.h> - -#include "xen_internal.h" -#include "xen/api/xen_common.h" -#include "xen/api/xen_xspolicy.h" -#include "xen/api/xen_acmpolicy.h" - - -static const struct_member xen_acmpolicy_record_struct_members[] = - { - { .key = "uuid", - .type = &abstract_type_string, - .offset = offsetof(xen_acmpolicy_record, uuid) }, - { .key = "flags", - .type = &abstract_type_int, - .offset = offsetof(xen_acmpolicy_record, flags) }, - { .key = "repr", - .type = &abstract_type_string, - .offset = offsetof(xen_acmpolicy_record, repr) }, - { .key = "type", - .type = &abstract_type_int, - .offset = offsetof(xen_acmpolicy_record, type) }, - }; - -const abstract_type xen_acmpolicy_record_abstract_type_ = - { - .typename = STRUCT, - .struct_size = sizeof(xen_acmpolicy_record), - .member_count = - sizeof(xen_acmpolicy_record_struct_members) / sizeof(struct_member), - .members = xen_acmpolicy_record_struct_members - }; - - -static const struct_member xen_acm_header_struct_members[] = - { - { .key = "policyname", - .type = &abstract_type_string, - .offset = offsetof(xen_acm_header, policyname) }, - { .key = "policyurl", - .type = &abstract_type_string, - .offset = offsetof(xen_acm_header, policyurl) }, - { .key = "date", - .type = &abstract_type_string, - .offset = offsetof(xen_acm_header, date) }, - { .key = "reference", - .type = &abstract_type_string, - .offset = offsetof(xen_acm_header, reference) }, - { .key = "namespaceurl", - .type = &abstract_type_string, - .offset = offsetof(xen_acm_header, namespaceurl) }, - { .key = "version", - .type = &abstract_type_string, - .offset = offsetof(xen_acm_header, version) }, - }; - -const abstract_type xen_acm_header_abstract_type_ = - { - .typename = STRUCT, - .struct_size = sizeof(xen_acm_header), - .member_count = - sizeof(xen_acm_header_struct_members) / - sizeof(struct_member), - .members = xen_acm_header_struct_members, - }; - -void -xen_acm_header_free(xen_acm_header *shdr) -{ - if (shdr == NULL) - { - return; - } - free(shdr->policyname); - free(shdr->policyurl); - free(shdr->date); - free(shdr->reference); - free(shdr->namespaceurl); - free(shdr->version); - free(shdr); -} - - -void -xen_acmpolicy_record_free(xen_acmpolicy_record *record) -{ - if (record == NULL) - { - return; - } - free(record->handle); - free(record->uuid); - free(record->repr); - free(record); -} - - - -bool -xen_acmpolicy_get_record(xen_session *session, xen_acmpolicy_record **result, - xen_xspolicy xspolicy) -{ - abstract_value param_values[] = - { - { .type = &abstract_type_string, - .u.string_val = xspolicy } - }; - - abstract_type result_type = xen_acmpolicy_record_abstract_type_; - - *result = NULL; - XEN_CALL_("ACMPolicy.get_record"); - - if (session->ok) - { - (*result)->handle = xen_strdup_((*result)->uuid); - } - - return session->ok; -} - - -bool -xen_acmpolicy_get_header(xen_session *session, - xen_acm_header **result, - xen_xspolicy xspolicy) -{ - abstract_value param_values[] = - { - { .type = &abstract_type_string, - .u.string_val = xspolicy }, - }; - - abstract_type result_type = xen_acm_header_abstract_type_; - - *result = NULL; - XEN_CALL_("ACMPolicy.get_header"); - return session->ok; -} - - -bool -xen_acmpolicy_get_xml(xen_session *session, - char **result, - xen_xspolicy xspolicy) -{ - abstract_value param_values[] = - { - { .type = &abstract_type_string, - .u.string_val = xspolicy }, - }; - - abstract_type result_type = abstract_type_string; - - *result = NULL; - XEN_CALL_("ACMPolicy.get_xml"); - return session->ok; -} - - -bool -xen_acmpolicy_get_map(xen_session *session, - char **result, - xen_xspolicy xspolicy) -{ - abstract_value param_values[] = - { - { .type = &abstract_type_string, - .u.string_val = xspolicy }, - }; - - abstract_type result_type = abstract_type_string; - - *result = NULL; - XEN_CALL_("ACMPolicy.get_map"); - return session->ok; -} - - -bool -xen_acmpolicy_get_binary(xen_session *session, char **result, - xen_xspolicy xspolicy) -{ - abstract_value param_values[] = - { - { .type = &abstract_type_string, - .u.string_val = xspolicy }, - }; - - abstract_type result_type = abstract_type_string; - - *result = NULL; - XEN_CALL_("ACMPolicy.get_binary"); - return session->ok; -} - - -bool -xen_acmpolicy_get_enforced_binary(xen_session *session, char **result, - xen_xspolicy xspolicy) -{ - abstract_value param_values[] = - { - { .type = &abstract_type_string, - .u.string_val = xspolicy }, - }; - - abstract_type result_type = abstract_type_string; - - *result = NULL; - XEN_CALL_("ACMPolicy.get_enforced_binary"); - return session->ok; -} - - -bool -xen_acmpolicy_get_VM_ssidref(xen_session *session, - int64_t *result, xen_vm vm) -{ - abstract_value param_values[] = - { - { .type = &abstract_type_string, - .u.string_val = vm } - }; - - abstract_type result_type = abstract_type_int; - - XEN_CALL_("ACMPolicy.get_VM_ssidref"); - return session->ok; -} - - -bool -xen_acmpolicy_get_uuid(xen_session *session, char **result, - xen_xspolicy xspolicy) -{ - abstract_value param_values[] = - { - { .type = &abstract_type_string, - .u.string_val = xspolicy } - }; - - abstract_type result_type = abstract_type_string; - - *result = NULL; - XEN_CALL_("ACMPolicy.get_uuid"); - return session->ok; -} diff --git a/tools/python/setup.py b/tools/python/setup.py index f803632d3b..0f0c5f860d 100644 --- a/tools/python/setup.py +++ b/tools/python/setup.py @@ -43,14 +43,6 @@ process = Extension("process", depends = [ ], sources = [ "xen/lowlevel/process/process.c" ]) -acm = Extension("acm", - extra_compile_args = extra_compile_args, - include_dirs = [ PATH_XEN, PATH_LIBXC, "xen/lowlevel/acm" ], - library_dirs = [ PATH_LIBXC ], - libraries = [ "xenctrl" ], - depends = [ PATH_LIBXC + "/libxenctrl.so" ], - sources = [ "xen/lowlevel/acm/acm.c" ]) - flask = Extension("flask", extra_compile_args = extra_compile_args, include_dirs = [ PATH_XEN, PATH_LIBXC, "xen/lowlevel/flask", @@ -98,7 +90,7 @@ xl = Extension("xl", sources = [ "xen/lowlevel/xl/xl.c", "xen/lowlevel/xl/_pyxl_types.c" ]) plat = os.uname()[0] -modules = [ xc, xs, ptsname, acm, flask, xl ] +modules = [ xc, xs, ptsname, flask, xl ] if plat == 'SunOS': modules.extend([ scf, process ]) if plat == 'Linux': @@ -113,7 +105,6 @@ setup(name = 'xen', 'xen.util.xsm', 'xen.util.xsm.dummy', 'xen.util.xsm.flask', - 'xen.util.xsm.acm', 'xen.xend', 'xen.xend.server', 'xen.xend.xenstore', diff --git a/tools/python/xen/lowlevel/acm/acm.c b/tools/python/xen/lowlevel/acm/acm.c deleted file mode 100644 index 832458de74..0000000000 --- a/tools/python/xen/lowlevel/acm/acm.c +++ /dev/null @@ -1,403 +0,0 @@ -/**************************************************************** - * acm.c - * - * Copyright (C) 2006,2007 IBM Corporation - * - * Authors: - * Reiner Sailer <sailer@watson.ibm.com> - * Stefan Berger <stefanb@us.ibm.com> - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation, version 2 of the - * License. - * - * ACM low-level code that allows Python control code to leverage - * the ACM hypercall interface to retrieve real-time information - * from the Xen hypervisor security module. - * - * indent -i4 -kr -nut - */ - -#include <Python.h> - -#include <stdio.h> -#include <fcntl.h> -#include <sys/mman.h> -#include <sys/types.h> -#include <stdlib.h> -#include <arpa/inet.h> -#include <sys/ioctl.h> -#include <netinet/in.h> -#include <xenctrl.h> -#include <xen/xsm/acm.h> -#include <xen/xsm/acm_ops.h> - -#define PERROR(_m, _a...) \ -fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a , \ - errno, strerror(errno)) - -static PyObject *acm_error_obj; - -/* generic shared function */ -static void *__getssid(xc_interface *xc_handle, int domid, uint32_t *buflen, xc_hypercall_buffer_t *buffer) -{ - struct acm_getssid getssid; - #define SSID_BUFFER_SIZE 4096 - void *buf; - DECLARE_HYPERCALL_BUFFER_ARGUMENT(buffer); - - if ((buf = xc_hypercall_buffer_alloc(xc_handle, buffer, SSID_BUFFER_SIZE)) == NULL) { - PERROR("acm.policytype: Could not allocate ssid buffer!\n"); - return NULL; - } - - memset(buf, 0, SSID_BUFFER_SIZE); - set_xen_guest_handle(getssid.ssidbuf, buffer); - getssid.ssidbuf_size = SSID_BUFFER_SIZE; - getssid.get_ssid_by = ACM_GETBY_domainid; - getssid.id.domainid = domid; - - if (xc_acm_op(xc_handle, ACMOP_getssid, &getssid, sizeof(getssid)) < 0) { - if (errno == EACCES) - PERROR("ACM operation failed."); - buf = NULL; - } else { - *buflen = SSID_BUFFER_SIZE; - } - return buf; -} - - -/* retrieve the policytype indirectly by retrieving the - * ssidref for domain 0 (always exists) */ -static PyObject *policy(PyObject * self, PyObject * args) -{ - xc_interface *xc_handle; - char *policyreference; - PyObject *ret; - uint32_t buf_len; - DECLARE_HYPERCALL_BUFFER(void, ssid_buffer); - - if (!PyArg_ParseTuple(args, "", NULL)) { - return NULL; - } - if ((xc_handle = xc_interface_open(0,0,0)) == 0) - return PyErr_SetFromErrno(acm_error_obj); - - ssid_buffer = __getssid(xc_handle, 0, &buf_len, HYPERCALL_BUFFER(ssid_buffer)); - if (ssid_buffer == NULL || buf_len < sizeof(struct acm_ssid_buffer)) - ret = PyErr_SetFromErrno(acm_error_obj); - else { - struct acm_ssid_buffer *ssid = (struct acm_ssid_buffer *)ssid_buffer; - policyreference = (char *)(ssid_buffer + ssid->policy_reference_offset - + sizeof (struct acm_policy_reference_buffer)); - ret = Py_BuildValue("s", policyreference); - } - - xc_hypercall_buffer_free(xc_handle, ssid_buffer); - xc_interface_close(xc_handle); - return ret; -} - - -/* retrieve ssid info for a domain domid*/ -static PyObject *getssid(PyObject * self, PyObject * args) -{ - xc_interface *xc_handle; - - /* in */ - uint32_t domid; - /* out */ - char *policytype, *policyreference; - uint32_t ssidref; - PyObject *ret; - - DECLARE_HYPERCALL_BUFFER(void, ssid_buffer); - uint32_t buf_len; - - if (!PyArg_ParseTuple(args, "i", &domid)) { - return NULL; - } - if ((xc_handle = xc_interface_open(0,0,0)) == 0) - return PyErr_SetFromErrno(acm_error_obj); - - ssid_buffer = __getssid(xc_handle, domid, &buf_len, HYPERCALL_BUFFER(ssid_buffer)); - if (ssid_buffer == NULL) { - ret = NULL; - } else if (buf_len < sizeof(struct acm_ssid_buffer)) { - ret = NULL; - } else { - struct acm_ssid_buffer *ssid = (struct acm_ssid_buffer *) ssid_buffer; - policytype = ACM_POLICY_NAME(ssid->secondary_policy_code << 4 | - ssid->primary_policy_code); - ssidref = ssid->ssidref; - policyreference = (char *)(ssid_buffer + ssid->policy_reference_offset - + sizeof (struct acm_policy_reference_buffer)); - ret = Py_BuildValue("{s:s,s:s,s:i}", - "policyreference", policyreference, - "policytype", policytype, - "ssidref", ssidref); - } - xc_hypercall_buffer_free(xc_handle, ssid_buffer); - xc_interface_close(xc_handle); - return ret; -} - - -/* retrieve access decision based on domain ids or ssidrefs */ -static PyObject *getdecision(PyObject * self, PyObject * args) -{ - char *arg1_name, *arg1, *arg2_name, *arg2, *decision = NULL; - struct acm_getdecision getdecision; - xc_interface *xc_handle; - int rc; - uint32_t hooktype; - - if (!PyArg_ParseTuple(args, "ssssi", &arg1_name, - &arg1, &arg2_name, &arg2, &hooktype)) { - return NULL; - } - - if ((xc_handle = xc_interface_open(0,0,0)) == 0) { - perror("Could not open xen privcmd device!\n"); - return NULL; - } - - if ((strcmp(arg1_name, "domid") && strcmp(arg1_name, "ssidref")) || - (strcmp(arg2_name, "domid") && strcmp(arg2_name, "ssidref"))) - return NULL; - - getdecision.hook = hooktype; - if (!strcmp(arg1_name, "domid")) { - getdecision.get_decision_by1 = ACM_GETBY_domainid; - getdecision.id1.domainid = atoi(arg1); - } else { - getdecision.get_decision_by1 = ACM_GETBY_ssidref; - getdecision.id1.ssidref = atol(arg1); - } - if (!strcmp(arg2_name, "domid")) { - getdecision.get_decision_by2 = ACM_GETBY_domainid; - getdecision.id2.domainid = atoi(arg2); - } else { - getdecision.get_decision_by2 = ACM_GETBY_ssidref; - getdecision.id2.ssidref = atol(arg2); - } - - rc = xc_acm_op(xc_handle, ACMOP_getdecision, - &getdecision, sizeof(getdecision)); - - xc_interface_close(xc_handle); - - if (rc < 0) { - if (errno == EACCES) - PERROR("ACM operation failed."); - return NULL; - } - - if (getdecision.acm_decision == ACM_ACCESS_PERMITTED) - decision = "PERMITTED"; - else if (getdecision.acm_decision == ACM_ACCESS_DENIED) - decision = "DENIED"; - - return Py_BuildValue("s", decision); -} - -/* error messages for exceptions */ -const char bad_arg[] = "Bad function argument."; -const char ctrlif_op[] = "Could not open control interface."; -const char hv_op_err[] = "Error from hypervisor operation."; - -static PyObject *chgpolicy(PyObject *self, PyObject *args) -{ - struct acm_change_policy chgpolicy; - xc_interface *xc_handle; - int rc; - char *bin_pol = NULL, *del_arr = NULL, *chg_arr = NULL; - int bin_pol_len = 0, del_arr_len = 0, chg_arr_len = 0; - uint errarray_mbrs = 20 * 2; - PyObject *result = NULL; - uint len; - DECLARE_HYPERCALL_BUFFER(char, bin_pol_buf); - DECLARE_HYPERCALL_BUFFER(char, del_arr_buf); - DECLARE_HYPERCALL_BUFFER(char, chg_arr_buf); - DECLARE_HYPERCALL_BUFFER(uint32_t, error_array); - - memset(&chgpolicy, 0x0, sizeof(chgpolicy)); - - if (!PyArg_ParseTuple(args, "s#s#s#" ,&bin_pol, &bin_pol_len, - &del_arr, &del_arr_len, - &chg_arr, &chg_arr_len)) { - PyErr_SetString(PyExc_TypeError, bad_arg); - return NULL; - } - - if ((xc_handle = xc_interface_open(0,0,0)) == 0) { - PyErr_SetString(PyExc_IOError, ctrlif_op); - return NULL; - } - - if ( (bin_pol_buf = xc_hypercall_buffer_alloc(xc_handle, bin_pol_buf, bin_pol_len)) == NULL ) - goto out; - if ( (del_arr_buf = xc_hypercall_buffer_alloc(xc_handle, del_arr_buf, del_arr_len)) == NULL ) - goto out; - if ( (chg_arr_buf = xc_hypercall_buffer_alloc(xc_handle, chg_arr_buf, chg_arr_len)) == NULL ) - goto out; - if ( (error_array = xc_hypercall_buffer_alloc(xc_handle, error_array, sizeof(*error_array)*errarray_mbrs)) == NULL ) - goto out; - - memcpy(bin_pol_buf, bin_pol, bin_pol_len); - memcpy(del_arr_buf, del_arr, del_arr_len); - memcpy(chg_arr_buf, chg_arr, chg_arr_len); - - chgpolicy.policy_pushcache_size = bin_pol_len; - chgpolicy.delarray_size = del_arr_len; - chgpolicy.chgarray_size = chg_arr_len; - chgpolicy.errarray_size = sizeof(*error_array)*errarray_mbrs; - set_xen_guest_handle(chgpolicy.policy_pushcache, bin_pol_buf); - set_xen_guest_handle(chgpolicy.del_array, del_arr_buf); - set_xen_guest_handle(chgpolicy.chg_array, chg_arr_buf); - set_xen_guest_handle(chgpolicy.err_array, error_array); - - rc = xc_acm_op(xc_handle, ACMOP_chgpolicy, &chgpolicy, sizeof(chgpolicy)); - - /* only pass the filled error codes */ - for (len = 0; (len + 1) < errarray_mbrs; len += 2) { - if (error_array[len] == 0) { - len *= sizeof(error_array[0]); - break; - } - } - - result = Py_BuildValue("is#", rc, error_array, len); - -out: - xc_hypercall_buffer_free(xc_handle, bin_pol_buf); - xc_hypercall_buffer_free(xc_handle, del_arr_buf); - xc_hypercall_buffer_free(xc_handle, chg_arr_buf); - xc_hypercall_buffer_free(xc_handle, error_array); - xc_interface_close(xc_handle); - return result; -} - - -static PyObject *getpolicy(PyObject *self, PyObject *args) -{ - struct acm_getpolicy getpolicy; - xc_interface *xc_handle; - int rc; - PyObject *result = NULL; - uint32_t len = 8192; - DECLARE_HYPERCALL_BUFFER(uint8_t, pull_buffer); - - if ((xc_handle = xc_interface_open(0,0,0)) == 0) { - PyErr_SetString(PyExc_IOError, ctrlif_op); - return NULL; - } - - if ((pull_buffer = xc_hypercall_buffer_alloc(xc_handle, pull_buffer, len)) == NULL) - goto out; - - memset(&getpolicy, 0x0, sizeof(getpolicy)); - set_xen_guest_handle(getpolicy.pullcache, pull_buffer); - getpolicy.pullcache_size = sizeof(pull_buffer); - - rc = xc_acm_op(xc_handle, ACMOP_getpolicy, &getpolicy, sizeof(getpolicy)); - - if (rc == 0) { - struct acm_policy_buffer *header = - (struct acm_policy_buffer *)pull_buffer; - if (ntohl(header->len) < 8192) - len = ntohl(header->len); - } else { - len = 0; - } - - result = Py_BuildValue("is#", rc, pull_buffer, len); -out: - xc_hypercall_buffer_free(xc_handle, pull_buffer); - xc_interface_close(xc_handle); - return result; -} - - -static PyObject *relabel_domains(PyObject *self, PyObject *args) -{ - struct acm_relabel_doms reldoms; - xc_interface *xc_handle; - int rc; - char *relabel_rules = NULL; - int rel_rules_len = 0; - uint errarray_mbrs = 20 * 2; - DECLARE_HYPERCALL_BUFFER(uint32_t, error_array); - DECLARE_HYPERCALL_BUFFER(char, relabel_rules_buf); - PyObject *result = NULL; - uint len; - - memset(&reldoms, 0x0, sizeof(reldoms)); - - if (!PyArg_ParseTuple(args, "s#" ,&relabel_rules, &rel_rules_len)) { - PyErr_SetString(PyExc_TypeError, bad_arg); - return NULL; - } - - if ((xc_handle = xc_interface_open(0,0,0)) == 0) { - PyErr_SetString(PyExc_IOError, ctrlif_op); - return NULL; - } - - if ((relabel_rules_buf = xc_hypercall_buffer_alloc(xc_handle, relabel_rules_buf, rel_rules_len)) == NULL) - goto out; - if ((error_array = xc_hypercall_buffer_alloc(xc_handle, error_array, sizeof(*error_array)*errarray_mbrs)) == NULL) - goto out; - - memcpy(relabel_rules_buf, relabel_rules, rel_rules_len); - - reldoms.relabel_map_size = rel_rules_len; - reldoms.errarray_size = sizeof(error_array); - - set_xen_guest_handle(reldoms.relabel_map, relabel_rules_buf); - set_xen_guest_handle(reldoms.err_array, error_array); - - rc = xc_acm_op(xc_handle, ACMOP_relabeldoms, &reldoms, sizeof(reldoms)); - - /* only pass the filled error codes */ - for (len = 0; (len + 1) < errarray_mbrs; len += 2) { - if (error_array[len] == 0) { - len *= sizeof(error_array[0]); - break; - } - } - - result = Py_BuildValue("is#", rc, error_array, len); -out: - xc_hypercall_buffer_free(xc_handle, relabel_rules_buf); - xc_hypercall_buffer_free(xc_handle, error_array); - xc_interface_close(xc_handle); - - return result; -} - - -/*=================General Python Extension Declarations=================*/ - -/* methods */ -static PyMethodDef acmMethods[] = { - {"policy", policy, METH_VARARGS, "Retrieve Active ACM Policy Reference Name"}, - {"getssid", getssid, METH_VARARGS, "Retrieve label information and ssidref for a domain"}, - {"getdecision", getdecision, METH_VARARGS, "Retrieve ACM access control decision"}, - {"chgpolicy", chgpolicy, METH_VARARGS, "Change the policy in one step"}, - {"getpolicy", getpolicy, METH_NOARGS , "Get the binary policy from the hypervisor"}, - {"relabel_domains", relabel_domains, METH_VARARGS, "Relabel domains"}, - /* end of list (extend list above this line) */ - {NULL, NULL, 0, NULL} -}; - -/* inits */ -PyMODINIT_FUNC initacm(void) -{ - PyObject *m = Py_InitModule("acm", acmMethods); - acm_error_obj = PyErr_NewException("acm.Error", PyExc_RuntimeError, NULL); - Py_INCREF(acm_error_obj); - PyModule_AddObject(m, "Error", acm_error_obj); -} diff --git a/tools/python/xen/xm/messages/xen-xm.pot b/tools/python/xen/xm/messages/xen-xm.pot index a600a69f0d..25c7556c30 100644 --- a/tools/python/xen/xm/messages/xen-xm.pot +++ b/tools/python/xen/xm/messages/xen-xm.pot @@ -8,10 +8,11 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2008-03-31 17:40+0100\n" +"POT-Creation-Date: 2011-03-25 21:46+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" +"Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" diff --git a/tools/security/Makefile b/tools/security/Makefile deleted file mode 100644 index f550ce2e56..0000000000 --- a/tools/security/Makefile +++ /dev/null @@ -1,94 +0,0 @@ -XEN_ROOT = $(CURDIR)/../.. -include $(XEN_ROOT)/tools/Rules.mk - -CFLAGS += -Werror -CFLAGS += -fno-strict-aliasing -CFLAGS += $(CFLAGS_libxenctrl) - -CPPFLAGS += -MMD -MF .$*.d -PROG_DEPS = .*.d - -XML2VERSION = $(shell xml2-config --version ) -CFLAGS += $(shell xml2-config --cflags ) -CFLAGS += $(shell if [[ $(XML2VERSION) < 2.6.20 ]]; then echo ""; else echo "-DVALIDATE_SCHEMA"; fi ) -LDFLAGS += $(shell xml2-config --libs ) # if this does not work, try -L/usr/lib -lxml2 -lz -lpthread -lm - -SRCS_TOOL = secpol_tool.c -OBJS_TOOL := $(patsubst %.c,%.o,$(filter %.c,$(SRCS_TOOL))) - -ACM_INST_TOOLS = xensec_tool xensec_gen -ACM_EZPOLICY = xensec_ezpolicy -ACM_OBJS = $(OBJS_TOOL) $(OBJS_GETD) -ACM_SCRIPTS = python/xensec_tools/acm_getlabel - -ACM_CONFIG_DIR = $(XEN_CONFIG_DIR)/acm-security -ACM_POLICY_DIR = $(ACM_CONFIG_DIR)/policies -ACM_SCRIPT_DIR = $(ACM_CONFIG_DIR)/scripts - -ACM_INST_HTML = python/xensec_gen/index.html -ACM_INST_CGI = python/xensec_gen/cgi-bin/policy.cgi -ACM_SECGEN_HTMLDIR= /var/lib/xensec_gen -ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR)/cgi-bin - -ACM_SCHEMA = security_policy.xsd -ACM_EXAMPLES = client_v1 test -ACM_DEF_POLICIES = -ACM_POLICY_SUFFIX = security_policy.xml - -ifeq ($(ACM_SECURITY),y) -.PHONY: all -all: build - -.PHONY: install -install: all $(ACM_CONFIG_FILE) - $(INSTALL_DIR) $(DESTDIR)$(SBINDIR) - $(INSTALL_PROG) $(ACM_INST_TOOLS) $(DESTDIR)$(SBINDIR) - $(INSTALL_PROG) $(ACM_EZPOLICY) $(DESTDIR)$(SBINDIR) - $(INSTALL_DIR) $(DESTDIR)$(ACM_CONFIG_DIR) - $(INSTALL_DIR) $(DESTDIR)$(ACM_POLICY_DIR) - $(INSTALL_DATA) policies/$(ACM_SCHEMA) $(DESTDIR)$(ACM_POLICY_DIR) - $(INSTALL_DIR) $(DESTDIR)$(ACM_POLICY_DIR)/example - set -e; for i in $(ACM_EXAMPLES); do \ - $(INSTALL_DATA) policies/example/$$i-$(ACM_POLICY_SUFFIX) $(DESTDIR)$(ACM_POLICY_DIR)/example/; \ - done - set -e; for i in $(ACM_DEF_POLICIES); do \ - $(INSTALL_DATA) policies/$$i-$(ACM_POLICY_SUFFIX) $(DESTDIR)$(ACM_POLICY_DIR); \ - done - $(INSTALL_DIR) $(DESTDIR)$(ACM_SCRIPT_DIR) - $(INSTALL_PROG) $(ACM_SCRIPTS) $(DESTDIR)$(ACM_SCRIPT_DIR) - $(INSTALL_DIR) $(DESTDIR)$(ACM_SECGEN_HTMLDIR) - $(INSTALL_DATA) $(ACM_INST_HTML) $(DESTDIR)$(ACM_SECGEN_HTMLDIR) - $(INSTALL_DIR) $(DESTDIR)$(ACM_SECGEN_CGIDIR) - $(INSTALL_PROG) $(ACM_INST_CGI) $(DESTDIR)$(ACM_SECGEN_CGIDIR) - $(PYTHON) python/setup.py install $(PYTHON_PREFIX_ARG) \ - --root="$(DESTDIR)" --force -else -.PHONY: all -all: - -.PHONY: install -install: -endif - -.PHONY: build -build: $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS) - $(PYTHON) python/setup.py build - chmod 700 $(ACM_SCRIPTS) - -xensec_tool: $(OBJS_TOOL) - $(CC) -g $(CFLAGS) $(LDFLAGS) -O0 -o $@ $^ $(LDLIBS_libxenctrl) - -xensec_gen: xensec_gen.py - cp -f $^ $@ - -.PHONY: clean -clean: - $(RM) $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS) - $(RM) $(ACM_OBJS) - $(RM) $(PROG_DEPS) - $(RM) -r build - -.PHONY: mrproper -mrproper: clean - --include $(PROG_DEPS) diff --git a/tools/security/policies/example/client_v1-security_policy.xml b/tools/security/policies/example/client_v1-security_policy.xml deleted file mode 100644 index 2b3a6f098a..0000000000 --- a/tools/security/policies/example/client_v1-security_policy.xml +++ /dev/null @@ -1,195 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> -<!-- This file defines the security policies, which --> -<!-- can be enforced by the Xen Access Control Module. --> -<!-- Currently: Chinese Wall and Simple Type Enforcement--> -<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd "> - <PolicyHeader> - <PolicyName>example.client_v1</PolicyName> - <PolicyUrl>www.ibm.com/example/client_v1</PolicyUrl> - <Date>2006-03-31</Date> - <Version>1.0</Version> - </PolicyHeader> - <!-- --> - <!-- example of a simple type enforcement policy definition --> - <!-- --> - <SimpleTypeEnforcement> - <SimpleTypeEnforcementTypes> - <Type>ste_SystemManagement</Type><!-- machine/security management --> - <Type>ste_PersonalFinances</Type><!-- personal finances --> - <Type>ste_InternetInsecure</Type><!-- games, active X, etc. --> - <Type>ste_DonatedCycles</Type><!-- donation to BOINC/seti@home --> - <Type>ste_PersistentStorageA</Type><!-- domain managing the harddrive A--> - <Type>ste_NetworkAdapter0</Type><!-- type of the domain managing ethernet adapter 0--> - </SimpleTypeEnforcementTypes> - </SimpleTypeEnforcement> - <!-- --> - <!-- example of a chinese wall type definition --> - <!-- along with its conflict sets --> - <!-- (typse in a confict set are exclusive, i.e. --> - <!-- once a Domain with one type of a set is --> - <!-- running, no other Domain with another type --> - <!-- of the same conflict set can start.) --> - <ChineseWall priority="PrimaryPolicyComponent"> - <ChineseWallTypes> - <Type>cw_SystemManagement</Type> - <Type>cw_Sensitive</Type> - <Type>cw_Isolated</Type> - <Type>cw_Distrusted</Type> - </ChineseWallTypes> - - <ConflictSets> - <Conflict name="Protection1"> - <Type>cw_Sensitive</Type> - <Type>cw_Distrusted</Type> - </Conflict> - </ConflictSets> - </ChineseWall> - <SecurityLabelTemplate> - <SubjectLabels bootstrap="SystemManagement"> - <!-- single ste typed domains --> - <!-- ACM enforces that only domains with --> - <!-- the same type can share information --> - <!-- --> - <!-- Bootstrap label is assigned to Dom0 --> - <VirtualMachineLabel> - <Name>dom_HomeBanking</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_PersonalFinances</Type> - </SimpleTypeEnforcementTypes> - - <ChineseWallTypes> - <Type>cw_Sensitive</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <Name>dom_Fun</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_InternetInsecure</Type> - </SimpleTypeEnforcementTypes> - - <ChineseWallTypes> - <Type>cw_Distrusted</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <!-- donating some cycles to seti@home --> - <Name>dom_BoincClient</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_DonatedCycles</Type> - </SimpleTypeEnforcementTypes> - - <ChineseWallTypes> - <Type>cw_Isolated</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <!-- Domains with multiple ste types services; such domains --> - <!-- must keep the types inside their domain safely confined. --> - <VirtualMachineLabel> - <Name>SystemManagement</Name> - <SimpleTypeEnforcementTypes> - <!-- since dom0 needs access to every domain and --> - <!-- resource right now ... --> - <Type>ste_SystemManagement</Type> - <Type>ste_PersonalFinances</Type> - <Type>ste_InternetInsecure</Type> - <Type>ste_DonatedCycles</Type> - <Type>ste_PersistentStorageA</Type> - <Type>ste_NetworkAdapter0</Type> - </SimpleTypeEnforcementTypes> - - <ChineseWallTypes> - <Type>cw_SystemManagement</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <!-- serves persistent storage to other domains --> - <Name>dom_StorageDomain</Name> - <SimpleTypeEnforcementTypes> - <!-- access right to the resource (hard drive a) --> - <Type>ste_PersistentStorageA</Type> - <!-- can serve following types --> - <Type>ste_PersonalFinances</Type> - <Type>ste_InternetInsecure</Type> - </SimpleTypeEnforcementTypes> - - <ChineseWallTypes> - <Type>cw_SystemManagement</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <!-- serves network access to other domains --> - <Name>dom_NetworkDomain</Name> - <SimpleTypeEnforcementTypes> - <!-- access right to the resource (ethernet card) --> - <Type>ste_NetworkAdapter0</Type> - <!-- can serve following types --> - <Type>ste_PersonalFinances</Type> - <Type>ste_InternetInsecure</Type> - <Type>ste_DonatedCycles</Type> - </SimpleTypeEnforcementTypes> - - <ChineseWallTypes> - <Type>cw_SystemManagement</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - </SubjectLabels> - - <ObjectLabels> - <ResourceLabel> - <Name>res_ManagementResource</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_SystemManagement</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_HardDrive(hda)</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_PersistentStorageA</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_LogicalDiskPartition1(hda1)</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_PersonalFinances</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_LogicalDiskPartition2(hda2)</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_InternetInsecure</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_EthernetCard</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_NetworkAdapter0</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_SecurityToken</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_PersonalFinances</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_GraphicsAdapter</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_SystemManagement</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - </ObjectLabels> - </SecurityLabelTemplate> -</SecurityPolicyDefinition> - diff --git a/tools/security/policies/example/test-security_policy.xml b/tools/security/policies/example/test-security_policy.xml deleted file mode 100644 index 0f338a2c0b..0000000000 --- a/tools/security/policies/example/test-security_policy.xml +++ /dev/null @@ -1,97 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- Auto-generated by ezPolicy --> -<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd "> - <PolicyHeader> - <PolicyName>example.test</PolicyName> - <Date>Mon Apr 16 13:13:59 2007</Date> - <Version>1.0</Version> - </PolicyHeader> - - <SimpleTypeEnforcement> - <SimpleTypeEnforcementTypes> - <Type>SystemManagement</Type> - <Type>PepsiCo</Type> - <Type>CocaCola</Type> - </SimpleTypeEnforcementTypes> - </SimpleTypeEnforcement> - - <ChineseWall priority="PrimaryPolicyComponent"> - <ChineseWallTypes> - <Type>SystemManagement</Type> - <Type>PepsiCo</Type> - <Type>CocaCola</Type> - <Type>VIOServer</Type> - </ChineseWallTypes> - - </ChineseWall> - - <SecurityLabelTemplate> - <SubjectLabels bootstrap="SystemManagement"> - <VirtualMachineLabel> - <Name>SystemManagement</Name> - <SimpleTypeEnforcementTypes> - <Type>SystemManagement</Type> - <Type>PepsiCo</Type> - <Type>CocaCola</Type> - </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>SystemManagement</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <Name>PepsiCo</Name> - <SimpleTypeEnforcementTypes> - <Type>PepsiCo</Type> - </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>PepsiCo</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <Name>CocaCola</Name> - <SimpleTypeEnforcementTypes> - <Type>CocaCola</Type> - </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>CocaCola</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <Name>VIO</Name> - <SimpleTypeEnforcementTypes> - <Type>CocaCola</Type> - <Type>PepsiCo</Type> - </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>VIOServer</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - </SubjectLabels> - - <ObjectLabels> - <ResourceLabel> - <Name>SystemManagement</Name> - <SimpleTypeEnforcementTypes> - <Type>SystemManagement</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>PepsiCo</Name> - <SimpleTypeEnforcementTypes> - <Type>PepsiCo</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>CocaCola</Name> - <SimpleTypeEnforcementTypes> - <Type>CocaCola</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - </ObjectLabels> - </SecurityLabelTemplate> -</SecurityPolicyDefinition> diff --git a/tools/security/policies/security_policy.xsd b/tools/security/policies/security_policy.xsd deleted file mode 100644 index 4391a77253..0000000000 --- a/tools/security/policies/security_policy.xsd +++ /dev/null @@ -1,146 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- Author: Ray Valdez, Reiner Sailer {rvaldez,sailer}@us.ibm.com --> -<!-- This file defines the schema, which is used to define --> -<!-- the security policy and the security labels in Xen. --> - -<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.ibm.com" xmlns="http://www.ibm.com" elementFormDefault="qualified"> - <xsd:element name="SecurityPolicyDefinition"> - <xsd:complexType> - <xsd:sequence> - <xsd:element ref="PolicyHeader" minOccurs="1" maxOccurs="1"></xsd:element> - <xsd:element ref="SimpleTypeEnforcement" minOccurs="0" maxOccurs="1"></xsd:element> - <xsd:element ref="ChineseWall" minOccurs="0" maxOccurs="1"></xsd:element> - <xsd:element ref="SecurityLabelTemplate" minOccurs="1" maxOccurs="1"></xsd:element> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - <xsd:element name="PolicyHeader"> - <xsd:complexType> - <xsd:sequence> - <xsd:element name="PolicyName" minOccurs="1" maxOccurs="1" type="xsd:string"></xsd:element> - <xsd:element name="PolicyUrl" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element> - <xsd:element name="Reference" type="xsd:string" minOccurs="0" maxOccurs="1" /> - <xsd:element name="Date" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element> - <xsd:element name="NameSpaceUrl" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element> - <xsd:element name="Version" minOccurs="1" maxOccurs="1" type="VersionFormat"/> - <xsd:element ref="FromPolicy" minOccurs="0" maxOccurs="1"/> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - <xsd:element name="ChineseWall"> - <xsd:complexType> - <xsd:sequence> - <xsd:element ref="ChineseWallTypes" minOccurs="1" maxOccurs="1" /> - <xsd:element ref="ConflictSets" minOccurs="0" maxOccurs="1" /> - </xsd:sequence> - <xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute> - </xsd:complexType> - </xsd:element> - <xsd:element name="SimpleTypeEnforcement"> - <xsd:complexType> - <xsd:sequence> - <xsd:element ref="SimpleTypeEnforcementTypes" /> - </xsd:sequence> - <xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute> - </xsd:complexType> - </xsd:element> - <xsd:element name="SecurityLabelTemplate"> - <xsd:complexType> - <xsd:sequence> - <xsd:element name="SubjectLabels" minOccurs="0" maxOccurs="1"> - <xsd:complexType> - <xsd:sequence> - <xsd:element ref="VirtualMachineLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element> - </xsd:sequence> - <xsd:attribute name="bootstrap" type="xsd:string" use="required"></xsd:attribute> - </xsd:complexType> - </xsd:element> - <xsd:element name="ObjectLabels" minOccurs="0" maxOccurs="1"> - <xsd:complexType> - <xsd:sequence> - <xsd:element ref="ResourceLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - <xsd:element name="ChineseWallTypes"> - <xsd:complexType> - <xsd:sequence> - <xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" /> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - <xsd:element name="ConflictSets"> - <xsd:complexType> - <xsd:sequence> - <xsd:element maxOccurs="unbounded" minOccurs="1" ref="Conflict" /> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - <xsd:element name="SimpleTypeEnforcementTypes"> - <xsd:complexType> - <xsd:sequence> - <xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" /> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - <xsd:element name="Conflict"> - <xsd:complexType> - <xsd:sequence> - <xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" /> - </xsd:sequence> - <xsd:attribute name="name" type="xsd:string" use="required"></xsd:attribute> - </xsd:complexType> - </xsd:element> - <xsd:element name="VirtualMachineLabel"> - <xsd:complexType> - <xsd:sequence> - <xsd:element name="Name" type="NameWithFrom"></xsd:element> - <xsd:element ref="SimpleTypeEnforcementTypes" minOccurs="0" maxOccurs="unbounded" /> - <xsd:element ref="ChineseWallTypes" minOccurs="0" maxOccurs="unbounded" /> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - <xsd:element name="ResourceLabel"> - <xsd:complexType> - <xsd:sequence> - <xsd:element name="Name" type="NameWithFrom"></xsd:element> - <xsd:element name="SimpleTypeEnforcementTypes" type="SingleSimpleTypeEnforcementType" /> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - <xsd:element name="Name" type="xsd:string" /> - <xsd:element name="Type" type="xsd:string" /> - <xsd:simpleType name="PolicyOrder"> - <xsd:restriction base="xsd:string"> - <xsd:enumeration value="PrimaryPolicyComponent"></xsd:enumeration> - </xsd:restriction> - </xsd:simpleType> - <xsd:element name="FromPolicy"> - <xsd:complexType> - <xsd:sequence> - <xsd:element name="PolicyName" minOccurs="1" maxOccurs="1" type="xsd:string"/> - <xsd:element name="Version" minOccurs="1" maxOccurs="1" type="VersionFormat"/> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - <xsd:simpleType name="VersionFormat"> - <xsd:restriction base="xsd:string"> - <xsd:pattern value="[0-9]{1,8}.[0-9]{1,8}"></xsd:pattern> - </xsd:restriction> - </xsd:simpleType> - <xsd:complexType name="NameWithFrom"> - <xsd:simpleContent> - <xsd:extension base="xsd:string"> - <xsd:attribute name="from" type="xsd:string" use="optional"></xsd:attribute> - </xsd:extension> - </xsd:simpleContent> - </xsd:complexType> - <xsd:complexType name="SingleSimpleTypeEnforcementType"> - <xsd:sequence> - <xsd:element maxOccurs="1" minOccurs="1" ref="Type" /> - </xsd:sequence> - </xsd:complexType> -</xsd:schema> diff --git a/tools/security/policy.txt b/tools/security/policy.txt deleted file mode 100644 index 493d1f2e55..0000000000 --- a/tools/security/policy.txt +++ /dev/null @@ -1,296 +0,0 @@ -## -# policy.txt <description to the sHype/Xen access control architecture> -# -# Author: -# Reiner Sailer 08/30/2006 <sailer@watson.ibm.com> -# -# -# This file gives an overview of the example security policies. -## - -Example of a Chinese Wall Policy Instantiation ----------------------------------------------- - -The file client_v1-security_policy.xml defines the Chinese Wall types -as well as the conflict sets for our example policy (you find it in -the directory "policy_root"/example/chwall). - -It defines four Chinese Wall types (prefixed with cw_) with the -following meaning: - -* cw_SystemsManagement is a type identifying workloads for systems -management, e.g., domain management, device management, or hypervisor -management. - -* cw_Sensitive is identifying workloads that are critical to the user -for one reason or another. - -* cw_Distrusted is identifying workloads a user does not have much -confidence in. E.g. a domain used for surfing in the internet without -protection( i.e., active-X, java, java-script, executing web content) -or for (Internet) Games should be typed this way. - -* cw_Isolated is identifying workloads that are supposedly isolated by -use of the type enforcement policy (described below). For example, if -a user wants to donate cycles to seti@home, she can setup a separate -domain for a Boinc (http://boinc.ssl.berkeley.edu/) client, disable -this domain from accessing the hard drive and from communicating to -other local domains, and type it as cw_Isolated. We will look at a -specific example later. - -The example policy uses the defined types to define one conflict set: -Protection1 = {cw_Sensitive, cw_Distrusted}. This conflict set tells -the hypervisor that once a domain typed as cw_Sensitive is running, a -domain typed as cw_Distrusted cannot run concurrently (and the other -way round). With this policy, a domain typed as cw_Isolated is allowed -to run simultaneously with domains tagged as cw_Sensitive. - -Consequently, the access control module in the Xen hypervisor -distinguishes in this example policy 4 different workload types in -this example policy. It is the user's responsibility to type the -domains in a way that reflects the workloads of these domains and, in -the case of cw_Isolated, its properties, e.g. by configuring the -sharing capabilities of the domain accordingly by using the simple -type enforcement policy. - -Users can define their own or change the existing example policy -according to their working environment and security requirements. To -do so, replace the file chwall-security_policy.xml with the new -policy. - - -SIMPLE TYPE ENFORCEMENT -======================= - -The file client_v1-security_policy.xml defines the simple type -enforcement types for our example policy (you find it in the directory -"policy_root"/example/ste). The Simple Type Enforcement policy defines -which domains can share information with which other domains. To this -end, it controls - -i) inter-domain communication channels (e.g., network traffic, events, -and shared memory). - -ii) access of domains to physical resources (e.g., hard drive, network -cards, graphics adapter, keyboard). - -In order to enable the hypervisor to distinguish different domains and -the user to express access rules, the simple type enforcement defines -a set of types (ste_types). - -The policy defines that communication between domains is allowed if -the domains share a common STE type. As with the chwall types, STE -types should enable the differentiation of workloads. The simple type -enforcement access control implementation in the hypervisor enforces -that domains can only communicate (setup event channels, grant tables) -if they share a common type, i.e., both domains have assigned at least -on type in common. A domain can access a resource, if the domain and -the resource share a common type. Hence, assigning STE types to -domains and resources allows users to define constraints on sharing -between domains and to keep sensitive data confined from distrusted -domains. - -Domain <--> Domain Sharing -'''''''''''''''''''''''''' -(implemented but its effective use requires factorization of Dom0) - -a) Domains with a single STE type (general user domains): Sharing -between such domains is enforced entirely by the hypervisor access -control. It is independent of the domains and does not require their -co-operation. - -b) Domains with multiple STE types: One example is a domain that -virtualizes a physical resource (e.g., hard drive) and serves it as -multiple virtual resources (virtual block drives) to other domains of -different types. The idea is that only a specific device domain has -assigned the type required to access the physical hard-drive. Logical -drives are then assigned the types of domains that have access to this -logical drive. Since the Xen hypervisor cannot distinguish between the -logical drives, the access control (type enforcement) is delegated to -the device domain, which has access to the types of domains requesting -to mount a logical drive as well as the types assigned to the -different available logical drives. - -Currently in Xen, Dom0 controls all hardware, needs to communicate -with all domains during their setup, and intercepts all communication -between domains. Consequently, Dom0 needs to be assigned all types -used and must be completely trusted to maintain the separation of -information coming from domains with different STE types. Thus a -refactoring of Dom0 is recommended for stronger confinement -guarantees. - -Domain --> RESOURCES Access -''''''''''''''''''''''''''' - -We define for each resource that we want to distinguish a separate STE -type. Each STE type is assigned to the respective resource and to -those domains that are allowed to access this resource. Type -enforcement will guarantee that other domains cannot access this -resource since they don't share the resource's STE type. - -Since in the current implementation of Xen, Dom0 controls access to -all hardware (e.g., disk drives, network), Domain-->Resource access -control enforcement must be implemented in Dom0. This is possible -since Dom0 has access to both the domain configuration (including the -domain STE types) and the resource configuration (including the -resource STE types). - -For purposes of gaining higher assurance in the resulting system, it -may be desirable to reduce the size of dom0 by adding one or more -"device domains" (DDs). These DDs, e.g. providing storage or network -access, can support one or more physical devices, and manage -enforcement of MAC policy relevant for said devices. Security benefits -come from the smaller size of these DDs, as they can be more easily -audited than monolithic device driver domains. DDs can help to obtain -maximum security benefit from sHype. - - -Example of a Simple Type Enforcement Policy Instantiation ---------------------------------------------------------- -The example policies define the following types: - -* ste_SystemManagement identifies workloads (and domains that runs -them) that must share information to accomplish the management of the -system - -* ste_PersonalFinances identifies workloads that are related to -sensitive programs such as HomeBanking applications or safely -configured web browsers for InternetBanking - -* ste_InternetInsecure identifies workloads that are very -function-rich and unrestricted to offer for example an environment -where internet games can run efficiently - -* ste_DonatedCycles identifies workloads that run on behalf of others, -e.g. a Boinc client - -* ste_PersistentStorage identifies workloads that have direct access -to persistent storage (e.g., hard drive) - -* ste_NetworkAccess identifies workload that have direct access to -network cards and related networks - - - -SECURITY LABEL TEMPLATES -======================== - -We introduce security label templates because it is difficult for -users to ensure tagging of domains consistently and since there are ---as we have seen in the case of isolation-- useful dependencies -between the policies. Security Label Templates define type sets that -can be addressed by more user-friendly label names, -e.g. dom_Homebanking describes a typical typeset tagged to domains -used for sensitive Homebanking work-loads. Labels are defined in the -file - -Using Security Label Templates has multiple advantages: -a) easy reference of typical sets of type assignments -b) consistent interpretation of type combinations -c) meaningful application-level label names - -The definition of label templates depends on the combination of -policies that are used. We will describe some of the labels defined -for the Chinese Wall and Simple Type Enforcement combination. - -In the BoincClient example, the label_template file specifies that -this Label is assigned the Chinese Wall type cw_Isolated. We do this -assuming that this BoincClient is isolated against the rest of the -system infrastructure (no persistent memory, no sharing with local -domains). Since cw_Isolated is not included in any conflict set, it -can run at any time concurrently with any other domain. The -ste_DonatedCycles type assigned to the BoincClient reflect the -isolation assumption: it is only assigned to the dom_NetworkDomain -giving the BoincClient domain access to the network to communicate -with its BoincServer. - -The strategy for combining types into Labels is the following: First -we define a label for each type of general user domain -(workload-oriented). Then we define a new label for each physical -resource that shall be shared using a DD domain (e.g., disk) and for -each logical resource offered through this physical resource (logical -disk partition). We define then device domain labels (here: -dom_SystemManagement, dom_StorageDomain, dom_NetworkDomain) which -include the types of the physical resources (e.g. hda) their domains -need to connect to. Such physical resources can only be accessed -directly by device domains types with the respective device's STE -type. Additionally we assign to such a device domain Label the STE -types of those user domains that are allowed to access one of the -logical resources (e.g., hda1, hda2) built on top of this physical -resource through the device domain. - - -Label Construction Example: ---------------------------- - -We define here a storage domain label for a domain that owns a real -disk drive and creates the logical disk partitions hda1 and hda2 which -it serves to domains labeled dom_HomeBanking and dom_Fun -respectively. The labels we refer to are defined in the label template -file policies/chwall_ste/chwall_ste-security-label-template.xml. - -step1: To distinguish different shared disk drives, we create a -separate Label and STE type for each of them. Here: we create a type -ste_PersistentStorageA for disk drive hda. If you have another disk -drive, you may define another persistent storage type -ste_PersistentStorageB in the chwall_ste-security_policy.xml. - -step2: To distinguish different domains, we create multiple domain -labels including different types. Here: label dom_HomeBanking includes -STE type ste_PersonalFinances, label dom_Fun includes STE type -ste_InternetInsecure. - -step3: The storage domain in charge of the hard drive A needs access -to this hard drive. Therefore the storage domain label -dom_StorageDomain must include the type assigned to the hard drive -(ste_PersistentStorageA). - -step4: In order to serve dom hda1 to domains labeled dom_HomeBanking -and hda2 to domains labeled dom_Fun, the storage domain label must -include the types of those domains as well (ste_PersonalFinance, -ste_InternetInsecure). - -step5: In order to keep the data for different types safely apart, the -different logical disk partitions must be assigned unique labels and -types, which are used inside the storage domain to extend the ACM -access enforcement to logical resources served from inside the storage -domain. We define labels "res_LogicalDiskPartition1 (hda1)" and assign -it to hda1 and "res_LogicalDiskPartition2 (hda2)" and assign it to -hda2. These labels must include the STE types of those domains that -are allowed to use them (e.g., ste_PersonalFinances for hda1). - -The overall mandatory access control is then enforced in 3 different -Xen components and these components use a single consistent policy to -co-operatively enforce the policy. In the storage domain example, we -have three components that co-operate: - -1. The ACM module inside the hypervisor enforces: communication -between user domains and the storage domain (only domains including -types ste_PersonalFinances or ste_InternetInsecure can communicate -with the storage domain and request access to logical resource). This -confines the sharing to the types assigned to the storage domain. - -2. The domain management enforces: assignment of real resources (hda) -to domains (storage domain) that share a type with the resource. - -3. If the storage domain serves multiple STE types (as in our -example), it enforces: that domains can access (mount) logical -resources only if they share an STE type with the respective -resource. In our example, domains with the STE type -ste_PersonalFinances can request access (mount) to logical resource -hda1 from the storage domain. - -If you look at the virtual machine label dom_StorageDomain, you will -see the minimal set of types assigned to our domain manageing disk -drive hda for serving logical disk partitions exclusively to -dom_HomeBanking and dom_Fun. - -Similary, network domains can confine access to the network or network -communication between user domains. - -As a result, device domains (e.g., storage domain, network domain) -must be simple and small to ensure their correct co-operation in the -type enforcement model. If such trust is not possible, then hardware -should be assigned exclusively to a single type (or to a single -partition) in which case the hypervisor ACM enforcement enforces the -types independently. diff --git a/tools/security/policytools.txt b/tools/security/policytools.txt deleted file mode 100644 index fb863f4722..0000000000 --- a/tools/security/policytools.txt +++ /dev/null @@ -1,148 +0,0 @@ -## -# policytools.txt -# <description to the sHype/Xen policy management tools> -# -# Author: -# Reiner Sailer 08/31/2006 <sailer@watson.ibm.com> -# -# -## - -This file describes the Xen-tools to create and maintain security -policies for the sHype/Xen access control module. - -A security policy (e.g. "example.chwall_ste.test") is defined in -XML. Read in the user manual about the naming of policies. The policy -name is used by the Xen management tools to identify existing -policies. Creating the security policy means creating a policy -description in XML: -/etc/xen/acm-security/policies/example/chwall_ste/test-security_policy.xml. - -The policy XML description must follow the XML schema definition in -/etc/xen/acm-security/policies/security_policy.xsd. The policy tools -are written against this schema; they will create and refine policies -that conform to this scheme. - -Two tools are provided to help creating security policies: - - -1. xensec_ezpolicy: The starting point for writing security policies. -=================== - -This wxPython-based GUI tool is meant to create very quickly a -starting point for a workload protection security policy. Please start -the tool (xensec_ezpolicy) and press <CTRL-h> for usage explanations. -The Xen User guide explains its usage at an example in chapter -"sHype/Xen Access Control". - -The output of the tool is a security policy that is fully operable. It -is sufficient to create policies that demonstrate how sHype/ACM works. - -However, it defines only a basic set of security labels assuming that -Domain0 hosts and virtualizes all hardware (storage etc.). Use -xensec_gen to refine this policy and tailor it to your requirements. - - -2. xensec_gen: The tool to refine a basic security policy: -============== - -The xensec_gen utility starts a web-server that can be used to -generate the XML policy files needed to create or maintain a -policy. It can be pre-loaded with a policy file created by -xensec_ezpolicy. - -By default, xensec_gen runs as a daemon and listens on port 7777 for -HTTP requests. The xensec_gen command supports command line options -to change the listen port, run in the foreground, and a few others. -Type 'xensec_gen -h' to see the full list of options available. - -Once the xensec_gen utility is running, point a browser at the host -and port on which the utility is running (e.g. http://localhost:7777). -You will be presented with a web page that allows you to create or -modify the XML policy file: - - - The Security Policy types section allows you to create or modify -the policy types and conflict set definitions - - - The Security Policy Labeling section allows you to create or -modify label definitions - -The policy generation tool allows you to modify an existing policy -definition or create a new policy definition file. To modify an -existing policy definition, enter the full path to the existing file -(the "Browse" button can be used to aid in this) in the Policy File -entry field. To create a new policy definition file leave the Policy -File entry field blank. At this point click the "Create" button to -begin modifying or creating your policy definition. - - Security Policy Types Section - ----------------------------- - -You will then be presented with a web page. The upper part of it will -allow you to create either Simple Type Enforcement types or Chinese -Wall types or both, as well as Chinese Wall conflict sets. - -As an example, to add a Simple Type Enforcement type: - -- Enter the name of a new type under the Simple Type Enforcement Types -section in the entry field above the "New" button. - -- Click the "New" button and the type will be added to the list of -defined Simple Type Enforcement types. - -To remove a Simple Type Enforcement type: - -- Click on the type to be removed in the list of defined Simple Type -Enforcement types. - -- Click the "Delete" button to remove the type. - -Follow the same process to add Chinese Wall types. The Chinese Wall -Conflict Set allows you to add Chinese Wall types from the list of -defined Chinese Wall types. - - - Security Policy Labels: - ------------------------- - -The security policy label section of the web page allows you to create -labels for classes of virtual machines and resources. The input -policy type definitions on the upper part of the web page will provide -the available types (Simple Type Enforcement and/or Chinese Wall) that -can be assigned to a virtual machine class. Resource classes only -include simple type enforcement types; the Chinese Wall policy does -apply only to virtual machines. - -As an example, to add a Virtual Machine class (the name entered will -become the label that will be used to identify the class): - -- Enter the name of a new class under the Virtual Machine Classes -section in the entry field above the "New" button. - -- Click the "New" button and the class will be added to the table of -defined Virtual Machine classes. - -To remove a Virtual Machine class: - -- Click the "Delete" link associated with the class in the table of -Virtual Machine classes. - -Once you have defined one or more Virtual Machine classes, you will -be able to add any of the defined Simple Type Enforcement types or -Chinese Wall types to a particular Virtual Machine. - -If you create a new policy, you must also define which Virtual Machine -class is to be associated with the bootstrap domain (or Dom0 domain). -By default, the first Virtual Machine class created will be associated -as the bootstrap domain. - -To save your policy definition file, click on the "Generate XML" -button on the top of the page. This will present you with a dialog -box to save the generated XML file on your system. The default name -will be security_policy.xml which you should change to follow the -policy file naming conventions based on the policy name that you -choose to use. - -To get a feel for the tool, you could use one of the example policy -definitions files from /etc/xen/acm-security/policies/example as -input or a policy created by the xensec_ezpolicy tool. diff --git a/tools/security/python/setup.py b/tools/security/python/setup.py deleted file mode 100644 index 26c88b33c0..0000000000 --- a/tools/security/python/setup.py +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/python -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, -# or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -from distutils.core import setup -import os - -# This setup script is invoked from the parent directory, so base -# everything as if executing from there. -XEN_ROOT = "../.." - -setup(name = 'xensec_gen', - version = '3.0', - description = 'Xen XML Security Policy Generator', - package_dir = { 'xen' : 'python' }, - packages = ['xen.xensec_gen'], - ) diff --git a/tools/security/python/xensec_gen/__init__.py b/tools/security/python/xensec_gen/__init__.py deleted file mode 100644 index 8b13789179..0000000000 --- a/tools/security/python/xensec_gen/__init__.py +++ /dev/null @@ -1 +0,0 @@ - diff --git a/tools/security/python/xensec_gen/cgi-bin/policy.cgi b/tools/security/python/xensec_gen/cgi-bin/policy.cgi deleted file mode 100644 index d429c57cb1..0000000000 --- a/tools/security/python/xensec_gen/cgi-bin/policy.cgi +++ /dev/null @@ -1,2376 +0,0 @@ -#!/usr/bin/python -# -# The Initial Developer of the Original Code is International -# Business Machines Corporation. Portions created by IBM -# Corporation are Copyright (C) 2005, 2006 International Business -# Machines Corporation. All Rights Reserved. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, -# or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -import os -import cgi -import cgitb; cgitb.enable( ) -import time -import xml.dom.minidom -import xml.sax -import xml.sax.handler -from StringIO import StringIO -from sets import Set - -def getSavedData( ): - global formData, policyXml - global formVariables, formCSNames, formVmNames, formResNames - global allCSMTypes, allVmChWs, allVmStes, allResStes - - # Process the XML upload policy file - if formData.has_key( 'i_policy' ): - dataList = formData.getlist( 'i_policy' ) - if len( dataList ) > 0: - policyXml = dataList[0] - - # Process all the hidden input variables (if present) - for formVar in formVariables: - if formVar[2] == '': - continue - - if formData.has_key( formVar[2] ): - dataList = formData.getlist( formVar[2] ) - if len( dataList ) > 0: - if isinstance( formVar[1], list ): - exec 'formVar[1] = ' + dataList[0] - else: - formVar[1] = dataList[0] - - # The form can contain any number of "Conflict Sets" - # so update the list of form variables to include - # each conflict set (hidden input variable) - for csName in formCSNames[1]: - newCS( csName ) - if formData.has_key( allCSMTypes[csName][2] ): - dataList = formData.getlist( allCSMTypes[csName][2] ) - if len( dataList ) > 0: - exec 'allCSMTypes[csName][1] = ' + dataList[0] - - # The form can contain any number of "Virtual Machines" - # so update the list of form variables to include - # each virtual machine (hidden input variable) - for vmName in formVmNames[1]: - newVm( vmName ) - - vmFormVar = allVmChWs[vmName] - if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ): - dataList = formData.getlist( vmFormVar[2] ) - if len( dataList ) > 0: - if isinstance( vmFormVar[1], list ): - exec 'vmFormVar[1] = ' + dataList[0] - else: - vmFormVar[1] = dataList[0] - - vmFormVar = allVmStes[vmName] - if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ): - dataList = formData.getlist( vmFormVar[2] ) - if len( dataList ) > 0: - if isinstance( vmFormVar[1], list ): - exec 'vmFormVar[1] = ' + dataList[0] - else: - vmFormVar[1] = dataList[0] - - # The form can contain any number of "Resources" - # so update the list of form variables to include - # each resource (hidden input variable) - for resName in formResNames[1]: - newRes( resName ) - - resFormVar = allResStes[resName] - if (resFormVar[2] != '') and formData.has_key( resFormVar[2] ): - dataList = formData.getlist( resFormVar[2] ) - if len( dataList ) > 0: - if isinstance( resFormVar[1], list ): - exec 'resFormVar[1] = ' + dataList[0] - else: - resFormVar[1] = dataList[0] - - -def getCurrentTime( ): - return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) ) - -def getName( domNode ): - nameNodes = domNode.getElementsByTagName( 'Name' ) - if len( nameNodes ) == 0: - formatXmlError( '"<Name>" tag is missing' ) - return None - - name = '' - for childNode in nameNodes[0].childNodes: - if childNode.nodeType == xml.dom.Node.TEXT_NODE: - name = name + childNode.data - return name - -def getPolicyName( domNode ): - nameNodes = domNode.getElementsByTagName( 'PolicyName' ) - if len( nameNodes ) == 0: - formatXmlError( '"<PolicyName>" tag is missing' ) - return None - - name = '' - for childNode in nameNodes[0].childNodes: - if childNode.nodeType == xml.dom.Node.TEXT_NODE: - name = name + childNode.data - - return name - -def getUrl( domNode ): - urlNodes = domNode.getElementsByTagName( 'PolicyUrl' ) - if len( urlNodes ) == 0: - return '' - - url = '' - for childNode in urlNodes[0].childNodes: - if childNode.nodeType == xml.dom.Node.TEXT_NODE: - url = url + childNode.data - - return url - -def getRef( domNode ): - refNodes = domNode.getElementsByTagName( 'Reference' ) - if len( refNodes ) == 0: - return '' - - ref = '' - for childNode in refNodes[0].childNodes: - if childNode.nodeType == xml.dom.Node.TEXT_NODE: - ref = ref + childNode.data - - return ref - -def getDate( domNode ): - dateNodes = domNode.getElementsByTagName( 'Date' ) - if len( dateNodes ) == 0: - return '' - - date = '' - for childNode in dateNodes[0].childNodes: - if childNode.nodeType == xml.dom.Node.TEXT_NODE: - date = date + childNode.data - - return date - -def getNSUrl( domNode ): - urlNodes = domNode.getElementsByTagName( 'NameSpaceUrl' ) - if len( urlNodes ) == 0: - return '' - - url = '' - for childNode in urlNodes[0].childNodes: - if childNode.nodeType == xml.dom.Node.TEXT_NODE: - url = url + childNode.data - - return url - -def getSteTypes( domNode, missingIsError = 0 ): - steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' ) - if len( steNodes ) == 0: - if missingIsError == 1: - formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is missing' ) - return None - else: - return [] - - return getTypes( steNodes[0] ) - -def getChWTypes( domNode, missingIsError = 0 ): - chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' ) - if len( chwNodes ) == 0: - if missingIsError == 1: - formatXmlError( '"<ChineseWallTypes>" tag is missing' ) - return None - else: - return [] - - return getTypes( chwNodes[0] ) - -def getTypes( domNode ): - types = [] - - domNodes = domNode.getElementsByTagName( 'Type' ) - if len( domNodes ) == 0: - formatXmlError( '"<Type>" tag is missing' ) - return None - - for domNode in domNodes: - typeText = '' - for childNode in domNode.childNodes: - if childNode.nodeType == xml.dom.Node.TEXT_NODE: - typeText = typeText + childNode.data - - if typeText == '': - formatXmlError( 'No text associated with the "<Type>" tag' ) - return None - - types.append( typeText ) - - return types - -def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ): - global xmlMessages, xmlError - - xmlError = 1 - addMsg = cgi.escape( msg ) - - if lineNum != -1: - sio = StringIO( xml ) - for xmlLine in sio: - lineNum = lineNum - 1 - if lineNum == 0: - break; - - addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) ) - - if colNum != -1: - errLine = '' - for i in range( colNum ): - errLine = errLine + '-' - - addMsg += '\n' + errLine + '^' - - addMsg += '</PRE>' - - xmlMessages.append( addMsg ) - -def formatXmlGenError( msg ): - global xmlMessages, xmlIncomplete - - xmlIncomplete = 1 - xmlMessages.append( cgi.escape( msg ) ) - -def parseXml( xmlInput ): - xmlParser = xml.sax.make_parser( ) - try: - domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser ) - - except xml.sax.SAXParseException, xmlErr: - msg = '' - msg = msg + 'XML parsing error occurred at line ' - msg = msg + `xmlErr.getLineNumber( )` - msg = msg + ', column ' - msg = msg + `xmlErr.getColumnNumber( )` - msg = msg + ': reason = "' - msg = msg + xmlErr.getMessage( ) - msg = msg + '"' - formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), xmlErr.getColumnNumber( ) ) - return None - - except xml.sax.SAXException, xmlErr: - msg = '' - msg = msg + 'XML Parsing error: ' + `xmlErr` - formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), xmlErr.getColumnNumber( ) ) - return None - - return domDoc - -def parsePolicyXml( ): - global policyXml - global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, formPolicyNSUrl - global formPolicyOrder - global formSteTypes, formChWallTypes, formVmNames, formVmNameDom0 - global allCSMTypes, allVmStes, allVmChWs - - domDoc = parseXml( policyXml ) - if domDoc == None: - return - - # Process the PolicyHeader - domRoot = domDoc.documentElement - domHeaders = domRoot.getElementsByTagName( 'PolicyHeader' ) - if len( domHeaders ) == 0: - msg = '' - msg = msg + '"<PolicyHeader>" tag is missing.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - pName = getPolicyName( domHeaders[0] ) - if pName == None: - msg = '' - msg = msg + 'Error processing the Policy header information.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - formPolicyName[1] = pName - formPolicyUrl[1] = getUrl( domHeaders[0] ) - formPolicyRef[1] = getRef( domHeaders[0] ) - formPolicyDate[1] = getDate( domHeaders[0] ) - formPolicyNSUrl[1] = getNSUrl( domHeaders[0] ) - - # Process the STEs - pOrder = '' - domStes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' ) - if len( domStes ) > 0: - if domStes[0].hasAttribute( 'priority' ): - if domStes[0].getAttribute( 'priority' ) != 'PrimaryPolicyComponent': - msg = '' - msg = msg + 'Error processing the "<SimpleTypeEnforcement>" tag.\n' - msg = msg + 'The "priority" attribute value is not valid.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - pOrder = 'v_Ste' - - steTypes = getSteTypes( domStes[0], 1 ) - if steTypes == None: - msg = '' - msg = msg + 'Error processing the SimpleTypeEnforcement types.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - formSteTypes[1] = steTypes - - # Process the ChineseWalls and Conflict Sets - domChWalls = domRoot.getElementsByTagName( 'ChineseWall' ) - if len( domChWalls ) > 0: - if domChWalls[0].hasAttribute( 'priority' ): - if domChWalls[0].getAttribute( 'priority' ) != 'PrimaryPolicyComponent': - msg = '' - msg = msg + 'Error processing the "<ChineseWall>" tag.\n' - msg = msg + 'The "priority" attribute value is not valid.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - if pOrder != '': - msg = '' - msg = msg + 'Error processing the "<ChineseWall>" tag.\n' - msg = msg + 'The "priority" attribute has been previously specified.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - pOrder = 'v_ChWall' - - chwTypes = getChWTypes( domChWalls[0], 1 ) - if chwTypes == None: - msg = '' - msg = msg + 'Error processing the ChineseWall types.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - formChWallTypes[1] = chwTypes - - csNodes = domChWalls[0].getElementsByTagName( 'ConflictSets' ) - if csNodes and (len( csNodes ) > 0): - cNodes = csNodes[0].getElementsByTagName( 'Conflict' ) - if not cNodes or len( cNodes ) == 0: - msg = '' - msg = msg + 'Required "<Conflict>" tag missing.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - for cNode in cNodes: - csName = cNode.getAttribute( 'name' ) - newCS( csName, 1 ) - - csMemberList = getTypes( cNode ) - if csMemberList == None: - msg = '' - msg = msg + 'Error processing the Conflict Set members.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - # Verify the conflict set members are valid types - ctSet = Set( formChWallTypes[1] ) - csSet = Set( csMemberList ) - if not csSet.issubset( ctSet ): - msg = '' - msg = msg + 'Error processing Conflict Set "' + csName + '".\n' - msg = msg + 'Members of the conflict set are not valid ' - msg = msg + 'Chinese Wall types.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - - allCSMTypes[csName][1] = csMemberList - - if pOrder != '': - formPolicyOrder[1] = pOrder - else: - if (len( domStes ) > 0) or (len( domChWalls ) > 0): - msg = '' - msg = msg + 'The "priority" attribute has not been specified.\n' - msg = msg + 'It must be specified on one of the access control types.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - # Process the Labels - domLabels = domRoot.getElementsByTagName( 'SecurityLabelTemplate' ) - if not domLabels or (len( domLabels ) == 0): - msg = '' - msg = msg + '<SecurityLabelTemplate> tag is missing.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - - # Process the VMs - domSubjects = domLabels[0].getElementsByTagName( 'SubjectLabels' ) - if len( domSubjects ) > 0: - formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' ) - domNodes = domSubjects[0].getElementsByTagName( 'VirtualMachineLabel' ) - for domNode in domNodes: - vmName = getName( domNode ) - if vmName == None: - msg = '' - msg = msg + 'Error processing the VirtualMachineLabel name.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - continue - - steTypes = getSteTypes( domNode ) - if steTypes == None: - msg = '' - msg = msg + 'Error processing the SimpleTypeEnforcement types.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - chwTypes = getChWTypes( domNode ) - if chwTypes == None: - msg = '' - msg = msg + 'Error processing the ChineseWall types.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - newVm( vmName, 1 ) - allVmStes[vmName][1] = steTypes - allVmChWs[vmName][1] = chwTypes - - # Process the Resources - domObjects = domLabels[0].getElementsByTagName( 'ObjectLabels' ) - if len( domObjects ) > 0: - domNodes = domObjects[0].getElementsByTagName( 'ResourceLabel' ) - for domNode in domNodes: - resName = getName( domNode ) - if resName == None: - msg = '' - msg = msg + 'Error processing the ResourceLabel name.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - continue - - steTypes = getSteTypes( domNode ) - if steTypes == None: - msg = '' - msg = msg + 'Error processing the SimpleTypeEnforcement types.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - newRes( resName, 1 ) - allResStes[resName][1] = steTypes - -def modFormTemplate( formTemplate, suffix ): - formVar = [x for x in formTemplate] - - if formVar[2] != '': - formVar[2] = formVar[2] + suffix - if formVar[3] != '': - formVar[3] = formVar[3] + suffix - if (formVar[0] != 'button') and (formVar[4] != ''): - formVar[4] = formVar[4] + suffix - - return formVar; - -def removeDups( curList ): - newList = [] - curSet = Set( curList ) - for x in curSet: - newList.append( x ) - newList.sort( ) - - return newList - -def newCS( csName, addToList = 0 ): - global formCSNames - global templateCSDel, allCSDel - global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd - global allCSMTypes, allCSMDel, allCSMType, allCSMAdd - - csSuffix = '_' + csName - - # Make sure we have an actual name and check one of the 'all' - # variables to be sure it hasn't been previously defined - if (len( csName ) > 0) and (not allCSMTypes.has_key( csName )): - allCSDel[csName] = modFormTemplate( templateCSDel, csSuffix ) - allCSMTypes[csName] = modFormTemplate( templateCSMTypes, csSuffix ) - allCSMDel[csName] = modFormTemplate( templateCSMDel, csSuffix ) - allCSMType[csName] = modFormTemplate( templateCSMType, csSuffix ) - allCSMAdd[csName] = modFormTemplate( templateCSMAdd, csSuffix ) - if addToList == 1: - formCSNames[1].append( csName ) - formCSNames[1] = removeDups( formCSNames[1] ) - -def newVm( vmName, addToList = 0 ): - global formVmNames - global templateVmDel, allVmDel, templateVmDom0, allVmDom0 - global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd - global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd - global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd - global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd - - # Make sure we have an actual name and check one of the 'all' - # variables to be sure it hasn't been previously defined - if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )): - vmSuffix = '_' + vmName - allVmDom0[vmName] = modFormTemplate( templateVmDom0, vmSuffix ) - allVmDel[vmName] = modFormTemplate( templateVmDel, vmSuffix ) - allVmChWs[vmName] = modFormTemplate( templateVmChWs, vmSuffix ) - allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, vmSuffix ) - allVmChW[vmName] = modFormTemplate( templateVmChW, vmSuffix ) - allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, vmSuffix ) - allVmStes[vmName] = modFormTemplate( templateVmStes, vmSuffix ) - allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, vmSuffix ) - allVmSte[vmName] = modFormTemplate( templateVmSte, vmSuffix ) - allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, vmSuffix ) - if addToList == 1: - formVmNames[1].append( vmName ) - formVmNames[1] = removeDups( formVmNames[1] ) - -def newRes( resName, addToList = 0 ): - global formResNames - global templateResDel, allResDel - global templateResStes, templateResSteDel, templateResSte, templateResSteAdd - global allResStes, allResSteDel, allResSteType, allResSteAdd - - # Make sure we have an actual name and check one of the 'all' - # variables to be sure it hasn't been previously defined - if (len( resName ) > 0) and (not allResDel.has_key( resName )): - resSuffix = '_' + resName - allResDel[resName] = modFormTemplate( templateResDel, resSuffix ) - allResStes[resName] = modFormTemplate( templateResStes, resSuffix ) - allResSteDel[resName] = modFormTemplate( templateResSteDel, resSuffix ) - allResSte[resName] = modFormTemplate( templateResSte, resSuffix ) - allResSteAdd[resName] = modFormTemplate( templateResSteAdd, resSuffix ) - if addToList == 1: - formResNames[1].append( resName ) - formResNames[1] = removeDups( formResNames[1] ) - -def updateInfo( ): - global formData, formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, formPolicyNSUrl - global formPolicyOrder - - if formData.has_key( formPolicyName[3] ): - formPolicyName[1] = formData[formPolicyName[3]].value - elif formData.has_key( formPolicyUpdate[3] ): - formPolicyName[1] = '' - - if formData.has_key( formPolicyUrl[3] ): - formPolicyUrl[1] = formData[formPolicyUrl[3]].value - elif formData.has_key( formPolicyUpdate[3] ): - formPolicyUrl[1] = '' - - if formData.has_key( formPolicyRef[3] ): - formPolicyRef[1] = formData[formPolicyRef[3]].value - elif formData.has_key( formPolicyUpdate[3] ): - formPolicyRef[1] = '' - - if formData.has_key( formPolicyDate[3] ): - formPolicyDate[1] = formData[formPolicyDate[3]].value - elif formData.has_key( formPolicyUpdate[3] ): - formPolicyDate[1] = '' - - if formData.has_key( formPolicyNSUrl[3] ): - formPolicyNSUrl[1] = formData[formPolicyNSUrl[3]].value - elif formData.has_key( formPolicyUpdate[3] ): - formPolicyNSUrl[1] = '' - - if formData.has_key( formPolicyOrder[3] ): - formPolicyOrder[1] = formData[formPolicyOrder[3]].value - -def addSteType( ): - global formData, formSteType, formSteTypes - - if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formSteAdd[3] )): - if formData.has_key( formSteType[3] ): - type = formData[formSteType[3]].value - type = type.strip( ) - if len( type ) > 0: - formSteTypes[1].append( type ) - formSteTypes[1] = removeDups( formSteTypes[1] ) - - -def delSteType( ): - global formData, formSteTypes - - if formData.has_key( formSteTypes[3] ): - typeList = formData.getlist( formSteTypes[3] ) - for type in typeList: - type = type.strip( ) - formSteTypes[1].remove( type ) - -def addChWallType( ): - global formData, formChWallType, formChWallTypes - - if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formChWallAdd[3] )): - if formData.has_key( formChWallType[3] ): - type = formData[formChWallType[3]].value - type = type.strip( ) - if len( type ) > 0: - formChWallTypes[1].append( type ) - formChWallTypes[1] = removeDups( formChWallTypes[1] ) - -def delChWallType( ): - global formData, formChWallTypes - - if formData.has_key( formChWallTypes[3] ): - typeList = formData.getlist( formChWallTypes[3] ) - for type in typeList: - type = type.strip( ) - formChWallTypes[1].remove( type ) - -def addCS( ): - global formData, formCSNames - - if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formCSAdd[3] )): - if formData.has_key( formCSName[3] ): - csName = formData[formCSName[3]].value - csName = csName.strip( ) - newCS( csName, 1 ) - -def delCS( csName ): - global formData, formCSNames, allCSDel - global allCSMTypes, allCSMDel, allCSMType, allCSMAdd - - csName = csName.strip( ) - formCSNames[1].remove( csName ) - del allCSDel[csName] - del allCSMTypes[csName] - del allCSMDel[csName] - del allCSMType[csName] - del allCSMAdd[csName] - -def addCSMember( csName ): - global formData, allCSMType, allCSMTypes - - formVar = allCSMType[csName] - if formData.has_key( formVar[3] ): - csmList = formData.getlist( formVar[3] ) - formVar = allCSMTypes[csName] - for csm in csmList: - csm = csm.strip( ) - formVar[1].append( csm ) - formVar[1] = removeDups( formVar[1] ) - -def delCSMember( csName ): - global formData, allCSMTypes - - formVar = allCSMTypes[csName] - if formData.has_key( formVar[3] ): - csmList = formData.getlist( formVar[3] ) - for csm in csmList: - csm = csm.strip( ) - formVar[1].remove( csm ) - -def addVm( ): - global formData, fromVmName, formVmNames, formVmNameDom0 - - if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formVmAdd[3] )): - if formData.has_key( formVmName[3] ): - vmName = formData[formVmName[3]].value - vmName = vmName.strip( ) - newVm( vmName, 1 ) - if formVmNameDom0[1] == '': - formVmNameDom0[1] = vmName - -def delVm( vmName ): - global formVmNames, formVmNameDom0 - global allVmDel, allVmDom0 - global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd - global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd - - vmName = vmName.strip( ) - formVmNames[1].remove( vmName ) - del allVmDom0[vmName] - del allVmDel[vmName] - del allVmChWs[vmName] - del allVmChWDel[vmName] - del allVmChW[vmName] - del allVmChWAdd[vmName] - del allVmStes[vmName] - del allVmSteDel[vmName] - del allVmSte[vmName] - del allVmSteAdd[vmName] - - if formVmNameDom0[1] == vmName: - if len( formVmNames[1] ) > 0: - formVmNameDom0[1] = formVmNames[1][0] - else: - formVmNameDom0[1] = '' - -def makeVmDom0( vmName ): - global formVmNameDom0 - - vmName = vmName.strip( ) - formVmNameDom0[1] = vmName - -def addVmChW( vmName ): - global formData, allVmChW, allVmChWs - - formVar = allVmChW[vmName] - if formData.has_key( formVar[3] ): - chwList = formData.getlist( formVar[3] ) - formVar = allVmChWs[vmName] - for chw in chwList: - chw = chw.strip( ) - formVar[1].append( chw ) - formVar[1] = removeDups( formVar[1] ) - -def delVmChW( vmName ): - global formData, allVmChWs - - formVar = allVmChWs[vmName] - if formData.has_key( formVar[3] ): - chwList = formData.getlist( formVar[3] ) - for chw in chwList: - chw = chw.strip( ) - formVar[1].remove( chw ) - -def addVmSte( vmName ): - global formData, allVmSte, allVmStes - - formVar = allVmSte[vmName] - if formData.has_key( formVar[3] ): - steList = formData.getlist( formVar[3] ) - formVar = allVmStes[vmName] - for ste in steList: - ste = ste.strip( ) - formVar[1].append( ste ) - formVar[1] = removeDups( formVar[1] ) - -def delVmSte( vmName ): - global formData, allVmStes - - formVar = allVmStes[vmName] - if formData.has_key( formVar[3] ): - steList = formData.getlist( formVar[3] ) - for ste in steList: - ste = ste.strip( ) - formVar[1].remove( ste ) - -def addRes( ): - global formData, fromResName, formResNames - - if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formResAdd[3] )): - if formData.has_key( formResName[3] ): - resName = formData[formResName[3]].value - resName = resName.strip( ) - newRes( resName, 1 ) - -def delRes( resName ): - global formResNames - global allResDel - global allResStes, allResSteDel, allResSteType, allResSteAdd - - resName = resName.strip( ) - formResNames[1].remove( resName ) - del allResDel[resName] - del allResStes[resName] - del allResSteDel[resName] - del allResSte[resName] - del allResSteAdd[resName] - -def addResSte( vmName ): - global formData, allResSte, allResStes - - formVar = allResSte[vmName] - if formData.has_key( formVar[3] ): - steList = formData.getlist( formVar[3] ) - formVar = allResStes[vmName] - for ste in steList: - ste = ste.strip( ) - formVar[1].append( ste ) - formVar[1] = removeDups( formVar[1] ) - -def delResSte( vmName ): - global formData, allResStes - - formVar = allResStes[vmName] - if formData.has_key( formVar[3] ): - steList = formData.getlist( formVar[3] ) - for ste in steList: - ste = ste.strip( ) - formVar[1].remove( ste ) - -def processRequest( ): - global policyXml - global formData, formPolicyUpdate - global formSteAdd, formSteDel - global formChWallAdd, formChWallDel - global formCSAdd, allCSDel - global formCSNames, allCSMAdd, allCSMDel - global formVmAdd - global formVmNames, allVmDel, allVmDom0 - global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel - global formResAdd - global formResNames, allResDel - global allResSteAdd, allResSteDel - - if policyXml != '': - parsePolicyXml( ) - - # Allow the updating of the header information whenever - # an action is performed - updateInfo( ) - - # Allow the adding of types/sets/vms if the user has hit the - # enter key when attempting to add a type/set/vm - addSteType( ) - addChWallType( ) - addCS( ) - addVm( ) - addRes( ) - - if formData.has_key( formSteDel[3] ): - delSteType( ) - - elif formData.has_key( formChWallDel[3] ): - delChWallType( ) - - else: - for csName in formCSNames[1]: - if formData.has_key( allCSDel[csName][3] ): - delCS( csName ) - continue - - if formData.has_key( allCSMAdd[csName][3] ): - addCSMember( csName ) - - elif formData.has_key( allCSMDel[csName][3] ): - delCSMember( csName ) - - for vmName in formVmNames[1]: - if formData.has_key( allVmDel[vmName][3] ): - delVm( vmName ) - continue - - if formData.has_key( allVmDom0[vmName][3] ): - makeVmDom0( vmName ) - - if formData.has_key( allVmChWAdd[vmName][3] ): - addVmChW( vmName ) - - elif formData.has_key( allVmChWDel[vmName][3] ): - delVmChW( vmName ) - - elif formData.has_key( allVmSteAdd[vmName][3] ): - addVmSte( vmName ) - - elif formData.has_key( allVmSteDel[vmName][3] ): - delVmSte( vmName ) - - for resName in formResNames[1]: - if formData.has_key( allResDel[resName][3] ): - delRes( resName ) - continue - - if formData.has_key( allResSteAdd[resName][3] ): - addResSte( resName ) - - elif formData.has_key( allResSteDel[resName][3] ): - delResSte( resName ) - -def makeName( name, suffix='' ): - rName = name - if suffix != '': - rName = rName + '_' + suffix - - return rName - -def makeNameAttr( name, suffix='' ): - return 'name="' + makeName( name, suffix ) + '"' - -def makeValue( value, suffix='' ): - rValue = value - - if isinstance( value, list ): - rValue = '[' - for val in value: - rValue = rValue + '\'' + val - if suffix != '': - rValue = rValue + '_' + suffix - rValue = rValue + '\',' - rValue = rValue + ']' - - else: - if suffix != '': - rValue = rValue + '_' + suffix - - return rValue - -def makeValueAttr( value, suffix='' ): - return 'value="' + makeValue( value, suffix ) + '"' - -def sendHtmlFormVar( formVar, attrs='', rb_select=0 ): - nameAttr = '' - valueAttr = '' - htmlText = '' - - if formVar[0] == 'text': - if formVar[3] != '': - nameAttr = makeNameAttr( formVar[3] ) - valueAttr = makeValueAttr( formVar[1] ) - - print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>' - - elif formVar[0] == 'list': - if formVar[3] != '': - nameAttr = makeNameAttr( formVar[3] ) - - print '<SELECT', nameAttr, attrs, '>' - for option in formVar[1]: - print '<OPTION>' + option + '</OPTION>' - print '</SELECT>' - - elif formVar[0] == 'button': - if formVar[3] != '': - nameAttr = makeNameAttr( formVar[3] ) - if formVar[4] != '': - valueAttr = makeValueAttr( formVar[4] ) - - print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>' - - elif formVar[0] == 'radiobutton': - if formVar[3] != '': - nameAttr = makeNameAttr( formVar[3] ) - valueAttr = makeValueAttr( formVar[4][rb_select] ) - htmlText = formVar[5][rb_select] - if formVar[4][rb_select] == formVar[1]: - checked = 'checked' - else: - checked = '' - - print '<INPUT type="radio"', nameAttr, valueAttr, attrs, checked, '>', htmlText - - elif formVar[0] == 'radiobutton-all': - if formVar[3] != '': - nameAttr = makeNameAttr( formVar[3] ) - buttonVals = formVar[4] - buttonTexts = formVar[5] - for i, buttonVal in enumerate( buttonVals ): - htmlText = '' - addAttrs = '' - checked = '' - - valueAttr = makeValueAttr( buttonVal ) - if formVar[5] != '': - htmlText = formVar[5][i] - if attrs != '': - addAttrs = attrs[i] - if buttonVal == formVar[1]: - checked = 'checked' - - print '<INPUT type="radio"', nameAttr, valueAttr, addAttrs, checked, '>', htmlText, '<BR>' - - if ( formVar[2] != '' ) and ( rb_select == 0 ): - nameAttr = makeNameAttr( formVar[2] ) - valueAttr = makeValueAttr( formVar[1] ) - print '<INPUT type="hidden"', nameAttr, valueAttr, '>' - -def sendHtmlHeaders( ): - # HTML headers - print 'Content-Type: text/html' - print - -def sendPolicyHtml( ): - global xmlError, xmlIncomplete, xmlMessages - global formDefaultButton, formXmlGen - global formVmNameDom0 - - print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"' - print ' "http://www.w3.org/TR/html4/loose.dtd">' - - print '<HTML>' - - sendHtmlHead( ) - - print '<BODY>' - - # An input XML file was specified that had errors, output the - # error information - if xmlError == 1: - print '<P>' - print 'An error has been encountered while processing the input ' - print 'XML file:' - print '<UL>' - for msg in xmlMessages: - print '<LI>' - print msg - print '</UL>' - print '</BODY>' - print '</HTML>' - return - - # When attempting to generate the XML output, all required data was not - # present, output the error information - if xmlIncomplete == 1: - print '<P>' - print 'An error has been encountered while validating the data' - print 'required for the output XML file:' - print '<UL>' - for msg in xmlMessages: - print '<LI>' - print msg - print '</UL>' - print '</BODY>' - print '</HTML>' - return - - print '<CENTER>' - print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">' - print '<TABLE class="container">' - print ' <COLGROUP>' - print ' <COL width="100%">' - print ' </COLGROUP>' - - print ' <TR>' - print ' <TD>' - print ' <TABLE>' - print ' <TR>' - print ' <TD>' - sendHtmlFormVar( formDefaultButton, 'class="hidden"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - sendHtmlFormVar( formXmlGen ) - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - - # Policy header - print ' <TR>' - print ' <TD>' - sendPHeaderHtml( ) - print ' </TD>' - print ' </TR>' - - # Separator - print ' <TR><TD><HR></TD></TR>' - - # Policy (types) - print ' <TR>' - print ' <TD>' - print ' <TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="49%">' - print ' <COL width="2%">' - print ' <COL width="49%">' - print ' </COLGROUP>' - print ' <TR>' - print ' <TD>' - sendPSteHtml( ) - print ' </TD>' - print ' <TD> </TD>' - print ' <TD>' - sendPChWallHtml( ) - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - - # Separator - print ' <TR>' - print ' <TD>' - print ' <HR>' - print ' </TD>' - print ' </TR>' - - # Policy Labels (vms) - print ' <TR>' - print ' <TD>' - print ' <TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="100%">' - print ' </COLGROUP>' - print ' <TR>' - print ' <TD>' - sendPLSubHtml( ) - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - - # Separator - print ' <TR>' - print ' <TD>' - print ' <HR>' - print ' </TD>' - print ' </TR>' - - # Policy Labels (resources) - print ' <TR>' - print ' <TD>' - print ' <TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="100%">' - print ' </COLGROUP>' - print ' <TR>' - print ' <TD>' - sendPLObjHtml( ) - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - - print '</TABLE>' - - # Send some data that needs to be available across sessions - sendHtmlFormVar( formVmNameDom0 ) - - print '</FORM>' - print '</CENTER>' - - print '</BODY>' - - print '</HTML>' - -def sendHtmlHead( ): - global headTitle - - print '<HEAD>' - print '<STYLE type="text/css">' - print '<!--' - print 'BODY {background-color: #EEEEFF;}' - print 'TABLE.container {width: 90%; border: 1px solid black; border-collapse: seperate;}' - print 'TABLE.full {width: 100%; border: 0px solid black; border-collapse: collapse; border-spacing: 3px;}' - print 'TABLE.fullbox {width: 100%; border: 0px solid black; border-collapse: collapse; border-spacing: 3px;}' - print 'THEAD {font-weight: bold; font-size: larger;}' - print 'TD {border: 0px solid black; vertical-align: top;}' - print 'TD.heading {border: 0px solid black; vertical-align: top; font-weight: bold; font-size: larger;}' - print 'TD.subheading {border: 0px solid black; vertical-align: top; font-size: smaller;}' - print 'TD.fullbox {border: 1px solid black; vertical-align: top;}' - print 'SELECT.full {width: 100%;}' - print 'INPUT.full {width: 100%;}' - print 'INPUT.link {cursor: pointer; background-color: #EEEEFF; border: 0px; text-decoration: underline; color: blue;}' - print 'INPUT.hidden {visibility: hidden; width: 1px; height: 1px;}' - print ':link {color: blue;}' - print ':visited {color: red;}' - print '-->' - print '</STYLE>' - print '<TITLE>', headTitle, '</TITLE>' - print '</HEAD>' - -def sendPHeaderHtml( ): - global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, formPolicyNSUrl - global formPolicyOrder, formPolicyUpdate - - # Policy header definition - print '<TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="20%">' - print ' <COL width="80%">' - print ' </COLGROUP>' - print ' <TR>' - print ' <TD align="center" colspan="2" class="heading">Policy Information</TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="right">Name:</TD>' - print ' <TD align="left">' - sendHtmlFormVar( formPolicyName, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="right">Url:</TD>' - print ' <TD align="left">' - sendHtmlFormVar( formPolicyUrl, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="right">Reference:</TD>' - print ' <TD align="left">' - sendHtmlFormVar( formPolicyRef, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="right">Date:</TD>' - print ' <TD align="left">' - sendHtmlFormVar( formPolicyDate, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="right">NameSpace URL:</TD>' - print ' <TD align="left">' - sendHtmlFormVar( formPolicyNSUrl, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="right">Primary Policy:</TD>' - print ' <TD align="left">' - sendHtmlFormVar( formPolicyOrder ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="center" colspan="2">' - sendHtmlFormVar( formPolicyUpdate ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="center" colspan="2" class="subheading">' - print ' (The Policy Information is updated whenever an action is performed' - print ' or it can be updated separately using the "Update" button)' - print ' </TD>' - print ' </TR>' - print '</TABLE>' - -def sendPSteHtml( ): - global formSteTypes, formSteDel, formSteType, formSteAdd - - # Simple Type Enforcement... - print '<TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="20%">' - print ' <COL width="80%">' - print ' </COLGROUP>' - print ' <TR>' - print ' <TD align="center" colspan="2" class="heading">Simple Type Enforcement Types</TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - sendHtmlFormVar( formSteTypes, 'class="full" size="4" multiple' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - sendHtmlFormVar( formSteDel, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Delete the type(s) selected above' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - sendHtmlFormVar( formSteType, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - sendHtmlFormVar( formSteAdd, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Create a new type with the above name' - print ' </TD>' - print ' </TR>' - print '</TABLE>' - -def sendPChWallHtml( ): - global formChWallTypes, formChWallDel, formChWallType, formChWallAdd - global formCSNames, formCSName, formCSAdd, allCSDel - global allCSMTypes, allCSMDel, allCSMType, allCSMAdd - - # Chinese Wall... - print '<TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="20%">' - print ' <COL width="80%">' - print ' </COLGROUP>' - print ' <TR>' - print ' <TD align="center" colspan="2" class="heading">Chinese Wall Types</TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - sendHtmlFormVar( formChWallTypes, 'class="full" size="4" multiple' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - sendHtmlFormVar( formChWallDel, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Delete the type(s) selected above' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - sendHtmlFormVar( formChWallType, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - sendHtmlFormVar( formChWallAdd, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Create a new type with the above name' - print ' </TD>' - print ' </TR>' - - # Chinese Wall Conflict Sets... - print ' <TR>' - print ' <TD colspan="2">' - print ' <TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="20%">' - print ' <COL width="30%">' - print ' <COL width="50%">' - print ' </COLGROUP>' - print ' <THEAD>' - print ' <TR>' - print ' <TD align="center" colspan="3"><HR></TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="center" colspan="3">Chinese Wall Conflict Sets</TD>' - print ' </TR>' - print ' </THEAD>' - print ' <TR>' - print ' <TD colspan="3">' - sendHtmlFormVar( formCSName, 'class="full"' ) - sendHtmlFormVar( formCSNames ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - sendHtmlFormVar( formCSAdd, 'class="full"' ) - print ' </TD>' - print ' <TD colspan="2">' - print ' Create a new conflict set with the above name' - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - if len( formCSNames[1] ) > 0: - print ' <TR>' - print ' <TD colspan="2">' - print ' ' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - print ' <TABLE class="fullbox">' - print ' <COLGROUP>' - print ' <COL width="50%">' - print ' <COL width="50%">' - print ' </COLGROUP>' - print ' <THEAD>' - print ' <TR>' - print ' <TD class="fullbox">Name</TD>' - print ' <TD class="fullbox">Actions</TD>' - print ' </TR>' - print ' </THEAD>' - for i, csName in enumerate( formCSNames[1] ): - print ' <TR>' - print ' <TD class="fullbox">' + csName + '</TD>' - print ' <TD class="fullbox">' - print ' <A href="#' + csName + '">Edit</A>' - formVar = allCSDel[csName] - sendHtmlFormVar( formVar, 'class="link"' ) - print ' </TD>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - for csName in formCSNames[1]: - print ' <TR><TD colspan="2"><HR></TD></TR>' - print ' <TR>' - print ' <TD align="center" colspan="2" class="heading"><A name="' + csName + '">Conflict Set: ' + csName + '</A></TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - formVar = allCSMTypes[csName]; - sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - formVar = allCSMDel[csName] - sendHtmlFormVar( formVar, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Delete the type(s) selected above' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - ctSet = Set( formChWallTypes[1] ) - csSet = Set( allCSMTypes[csName][1] ) - formVar = allCSMType[csName] - formVar[1] = [] - for chwallType in ctSet.difference( csSet ): - formVar[1].append( chwallType ) - formVar[1].sort( ) - sendHtmlFormVar( formVar, 'class="full" size="2" multiple' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - formVar = allCSMAdd[csName] - sendHtmlFormVar( formVar, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Add the type(s) selected above' - print ' </TD>' - print ' </TR>' - - print '</TABLE>' - -def sendPLSubHtml( ): - global formVmNames, formVmDel, formVmName, formVmAdd - global allVmDel, allVmDom0 - global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd - global allVmStes, allVmSteDel, allVmSte, allVmSteAdd - global formSteTypes, formChWallTypes - - print '<TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="100%">' - print ' </COLGROUP>' - - # Virtual Machines... - print ' <TR>' - print ' <TD>' - print ' <TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="10%">' - print ' <COL width="40%">' - print ' <COL width="50%">' - print ' </COLGROUP>' - print ' <TR>' - print ' <TD class="heading" align="center" colspan="3">Virtual Machine Classes</TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - sendHtmlFormVar( formVmName, 'class="full"' ) - sendHtmlFormVar( formVmNames ) - print ' </TD>' - print ' <TD> </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - sendHtmlFormVar( formVmAdd, 'class="full"' ) - print ' </TD>' - print ' <TD colspan="2">' - print ' Create a new VM class with the above name' - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - if len( formVmNames[1] ) > 0: - print ' <TR>' - print ' <TD colspan="1">' - print ' ' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - print ' <TABLE class="fullbox">' - print ' <COLGROUP>' - print ' <COL width="10%">' - print ' <COL width="40%">' - print ' <COL width="50%">' - print ' </COLGROUP>' - print ' <THEAD>' - print ' <TR>' - print ' <TD class="fullbox">Dom 0?</TD>' - print ' <TD class="fullbox">Name</TD>' - print ' <TD class="fullbox">Actions</TD>' - print ' </TR>' - print ' </THEAD>' - for i, vmName in enumerate( formVmNames[1] ): - print ' <TR>' - print ' <TD class="fullbox">' - if formVmNameDom0[1] == vmName: - print 'Yes' - else: - print ' ' - print ' </TD>' - print ' <TD class="fullbox">' + vmName + '</TD>' - print ' <TD class="fullbox">' - print ' <A href="#' + vmName + '">Edit</A>' - formVar = allVmDel[vmName] - sendHtmlFormVar( formVar, 'class="link"' ) - formVar = allVmDom0[vmName] - sendHtmlFormVar( formVar, 'class="link"' ) - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - for vmName in formVmNames[1]: - print ' <TR>' - print ' <TD>' - print ' <HR>' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - print ' <TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="10%">' - print ' <COL width="39%">' - print ' <COL width="2%">' - print ' <COL width="10%">' - print ' <COL width="39%">' - print ' </COLGROUP>' - print ' <TR>' - print ' <TD colspan="5" align="center" class="heading">' - print ' <A name="' + vmName + '">Virtual Machine Class: ' + vmName + '</A>' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2" align="center">Simple Type Enforcement Types</TD>' - print ' <TD> </TD>' - print ' <TD colspan="2" align="center">Chinese Wall Types</TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - formVar = allVmStes[vmName]; - sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' ) - print ' </TD>' - print ' <TD> </TD>' - print ' <TD colspan="2">' - formVar = allVmChWs[vmName]; - sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - formVar = allVmSteDel[vmName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Delete the type(s) selected above' - print ' </TD>' - print ' <TD> </TD>' - print ' <TD>' - formVar = allVmChWDel[vmName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Delete the type(s) selected above' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - stSet = Set( formSteTypes[1] ) - vmSet = Set( allVmStes[vmName][1] ) - formVar = allVmSte[vmName] - formVar[1] = [] - for steType in stSet.difference( vmSet ): - formVar[1].append( steType ) - formVar[1].sort( ) - sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' ) - print ' </TD>' - print ' <TD> </TD>' - print ' <TD colspan="2">' - ctSet = Set( formChWallTypes[1] ) - vmSet = Set( allVmChWs[vmName][1] ) - formVar = allVmChW[vmName] - formVar[1] = [] - for chwallType in ctSet.difference( vmSet ): - formVar[1].append( chwallType ) - formVar[1].sort( ) - sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - formVar = allVmSteAdd[vmName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Add the type(s) selected above' - print ' </TD>' - print ' <TD> </TD>' - print ' <TD>' - formVar = allVmChWAdd[vmName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Add the type(s) selected above' - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - - print '</TABLE>' - -def sendPLObjHtml( ): - global formResNames, formResDel, formResName, formResAdd - global allResDel - global allResStes, allResSteDel, allResSte, allResSteAdd - global formSteTypes, formChWallTypes - - print '<TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="100%">' - print ' </COLGROUP>' - - # Resources... - print ' <TR>' - print ' <TD>' - print ' <TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="10%">' - print ' <COL width="40%">' - print ' <COL width="50%">' - print ' </COLGROUP>' - print ' <TR>' - print ' <TD class="heading" align="center" colspan="3">Resource Classes</TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - sendHtmlFormVar( formResName, 'class="full"' ) - sendHtmlFormVar( formResNames ) - print ' </TD>' - print ' <TD> </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - sendHtmlFormVar( formResAdd, 'class="full"' ) - print ' </TD>' - print ' <TD colspan="2">' - print ' Create a new Resource class with the above name' - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - if len( formResNames[1] ) > 0: - print ' <TR>' - print ' <TD colspan="1">' - print ' ' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - print ' <TABLE class="fullbox">' - print ' <COLGROUP>' - print ' <COL width="50%">' - print ' <COL width="50%">' - print ' </COLGROUP>' - print ' <THEAD>' - print ' <TR>' - print ' <TD class="fullbox">Name</TD>' - print ' <TD class="fullbox">Actions</TD>' - print ' </TR>' - print ' </THEAD>' - for i, resName in enumerate( formResNames[1] ): - print ' <TR>' - print ' <TD class="fullbox">' + resName + '</TD>' - print ' <TD class="fullbox">' - print ' <A href="#' + resName + '">Edit</A>' - formVar = allResDel[resName] - sendHtmlFormVar( formVar, 'class="link"' ) - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - for resName in formResNames[1]: - print ' <TR>' - print ' <TD>' - print ' <HR>' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - print ' <TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="10%">' - print ' <COL width="90%">' - print ' </COLGROUP>' - print ' <TR>' - print ' <TD colspan="2" align="center" class="heading">' - print ' <A name="' + resName + '">Resource Class: ' + resName + '</A>' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2" align="center">Simple Type Enforcement Types</TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - formVar = allResStes[resName]; - sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - formVar = allResSteDel[resName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Delete the type(s) selected above' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - stSet = Set( formSteTypes[1] ) - resSet = Set( allResStes[resName][1] ) - formVar = allResSte[resName] - formVar[1] = [] - for steType in stSet.difference( resSet ): - formVar[1].append( steType ) - formVar[1].sort( ) - sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - formVar = allResSteAdd[resName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Add the type(s) selected above' - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - - print '</TABLE>' - -def checkXmlData( ): - global xmlIncomplete - global formPolicyName, formPolicyOrder - global formChWallTypes, formSteTypes, formCSNames - - # Validate the Policy Header requirements - if ( len( formPolicyName[1] ) == 0 ): - msg = '' - msg = msg + 'The XML policy schema requires that the Policy ' - msg = msg + 'Information Name field have a value.' - formatXmlGenError( msg ) - - if formPolicyOrder[1] == 'v_ChWall': - if len( formChWallTypes[1] ) == 0: - msg = '' - msg = msg + 'You have specified the primary policy to be ' - msg = msg + 'Chinese Wall but have not created any Chinese ' - msg = msg + 'Wall types. Please create some Chinese Wall ' - msg = msg + 'types or change the primary policy.' - formatXmlGenError( msg ) - - if formPolicyOrder[1] == 'v_Ste': - if len( formSteTypes[1] ) == 0: - msg = '' - msg = msg + 'You have specified the primary policy to be ' - msg = msg + 'Simple Type Enforcement but have not created ' - msg = msg + 'any Simple Type Enforcement types. Please create ' - msg = msg + 'some Simple Type Enforcement types or change the ' - msg = msg + 'primary policy.' - formatXmlGenError( msg ) - -def sendXmlHeaders( ): - # HTML headers - print 'Content-Type: text/xml' - print 'Content-Disposition: attachment; filename=security_policy.xml' - print - -def sendPolicyXml( ): - print '<?xml version="1.0"?>' - - print '<SecurityPolicyDefinition xmlns="http://www.ibm.com"' - print ' xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"' - print ' xsi:schemaLocation="http://www.ibm.com security_policy.xsd">' - - # Policy header - sendPHeaderXml( ) - - # Policy (types) - sendPSteXml( ) - sendPChWallXml( ) - - # Policy Labels (subjects and objects) - print '<SecurityLabelTemplate>' - sendPLSubXml( ) - sendPLObjXml( ) - print '</SecurityLabelTemplate>' - print '</SecurityPolicyDefinition>' - -def sendPHeaderXml( ): - global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, formPolicyNSUrl - - # Policy header definition - print '<PolicyHeader>' - print ' <PolicyName>' + formPolicyName[1] + '</PolicyName>' - print ' <Version>1.0</Version>' - if len( formPolicyUrl[1] ) > 0: - print ' <PolicyUrl>' + formPolicyUrl[1] + '</PolicyUrl>' - if len( formPolicyRef[1] ) > 0: - print ' <Reference>' + formPolicyRef[1] + '</Reference>' - if len( formPolicyDate[1] ) > 0: - print ' <Date>' + formPolicyDate[1] + '</Date>' - if len( formPolicyNSUrl[1] ) > 0: - print ' <NameSpaceUrl>' + formPolicyNSUrl[1] + '</NameSpaceUrl>' - print '</PolicyHeader>' - -def sendPSteXml( ): - global formPolicyOrder, formSteTypes - - # Simple Type Enforcement... - if len( formSteTypes[1] ) == 0: - return - - if formPolicyOrder[1] == 'v_Ste': - print '<SimpleTypeEnforcement priority="PrimaryPolicyComponent">' - else: - print '<SimpleTypeEnforcement>' - - print ' <SimpleTypeEnforcementTypes>' - for steType in formSteTypes[1]: - print ' <Type>' + steType + '</Type>' - print ' </SimpleTypeEnforcementTypes>' - - print '</SimpleTypeEnforcement>' - -def sendPChWallXml( ): - global formPolicyOrder, formChWallTypes - global formCSNames, allCSMTypes - - # Chinese Wall... - if len( formChWallTypes[1] ) == 0: - return - - if formPolicyOrder[1] == 'v_ChWall': - print '<ChineseWall priority="PrimaryPolicyComponent">' - else: - print '<ChineseWall>' - - print ' <ChineseWallTypes>' - for chWallType in formChWallTypes[1]: - print ' <Type>' + chWallType + '</Type>' - print ' </ChineseWallTypes>' - - # Chinese Wall Conflict Sets (if any) ... - if len( formCSNames[1] ) > 0: - print ' <ConflictSets>' - for cs in formCSNames[1]: - formVar = allCSMTypes[cs] - if len( formVar[1] ) == 0: - continue - print ' <Conflict name="' + cs + '">' - for csm in formVar[1]: - print ' <Type>' + csm + '</Type>' - print ' </Conflict>' - print ' </ConflictSets>' - - print '</ChineseWall>' - -def sendPLSubXml( ): - global formVmNames, allVmChWs, allVmStes - - # Virtual machines... - if len( formVmNames[1] ) == 0: - return - - print ' <SubjectLabels bootstrap="' + formVmNameDom0[1] + '">' - for vmName in formVmNames[1]: - print ' <VirtualMachineLabel>' - print ' <Name>' + vmName + '</Name>' - formVar = allVmStes[vmName] - if len( formVar[1] ) > 0: - print ' <SimpleTypeEnforcementTypes>' - for ste in formVar[1]: - print ' <Type>' + ste + '</Type>' - print ' </SimpleTypeEnforcementTypes>' - - formVar = allVmChWs[vmName] - if len( formVar[1] ) > 0: - print ' <ChineseWallTypes>' - for chw in formVar[1]: - print ' <Type>' + chw + '</Type>' - print ' </ChineseWallTypes>' - - print ' </VirtualMachineLabel>' - - print ' </SubjectLabels>' - -def sendPLObjXml( ): - global formResNames, allResStes - - # Resources... - if len( formResNames[1] ) == 0: - return - - print ' <ObjectLabels>' - for resName in formResNames[1]: - print ' <ResourceLabel>' - print ' <Name>' + resName + '</Name>' - formVar = allResStes[resName] - if len( formVar[1] ) > 0: - print ' <SimpleTypeEnforcementTypes>' - for ste in formVar[1]: - print ' <Type>' + ste + '</Type>' - print ' </SimpleTypeEnforcementTypes>' - - print ' </ResourceLabel>' - - print ' </ObjectLabels>' - - -# Set up initial HTML variables -headTitle = 'Xen Policy Generation' - -# Form variables -# The format of these variables is as follows: -# [ p0, p1, p2, p3, p4, p5 ] -# p0 = input type -# p1 = the current value of the variable -# p2 = the hidden input name attribute -# p3 = the name attribute -# p4 = the value attribute -# p5 = text to associate with the tag -formPolicyName = [ 'text', - '', - 'h_policyName', - 'i_policyName', - '', - '', - ] -formPolicyUrl = [ 'text', - '', - 'h_policyUrl', - 'i_policyUrl', - '', - '', - ] -formPolicyRef = [ 'text', - '', - 'h_policyRef', - 'i_policyRef', - '', - '', - ] -formPolicyDate = [ 'text', - getCurrentTime( ), - 'h_policyDate', - 'i_policyDate', - '', - '', - ] -formPolicyNSUrl = [ 'text', - '', - 'h_policyNSUrl', - 'i_policyNSUrl', - '', - '', - ] -formPolicyOrder = [ 'radiobutton-all', - 'v_ChWall', - 'h_policyOrder', - 'i_policyOrder', - [ 'v_Ste', 'v_ChWall' ], - [ 'Simple Type Enforcement', 'Chinese Wall' ], - ] -formPolicyUpdate = [ 'button', - '', - '', - 'i_PolicyUpdate', - 'Update', - '', - ] - -formSteTypes = [ 'list', - [], - 'h_steTypes', - 'i_steTypes', - '', - '', - ] -formSteDel = [ 'button', - '', - '', - 'i_steDel', - 'Delete', - '', - ] -formSteType = [ 'text', - '', - '', - 'i_steType', - '', - '', - ] -formSteAdd = [ 'button', - '', - '', - 'i_steAdd', - 'New', - '', - ] - -formChWallTypes = [ 'list', - [], - 'h_chwallTypes', - 'i_chwallTypes', - '', - '', - ] -formChWallDel = [ 'button', - '', - '', - 'i_chwallDel', - 'Delete', - '', - ] -formChWallType = [ 'text', - '', - '', - 'i_chwallType', - '', - '', - ] -formChWallAdd = [ 'button', - '', - '', - 'i_chwallAdd', - 'New', - '', - ] - -formCSNames = [ '', - [], - 'h_csNames', - '', - '', - '', - ] -formCSName = [ 'text', - '', - '', - 'i_csName', - '', - '', - ] -formCSAdd = [ 'button', - '', - '', - 'i_csAdd', - 'New', - '', - ] - -formXmlGen = [ 'button', - '', - '', - 'i_xmlGen', - 'Generate XML', - '', - ] - -formDefaultButton = [ 'button', - '', - '', - 'i_defaultButton', - '.', - '', - ] - -# This is a set of templates used for each conflict set -# Each conflict set is initially assigned these templates, -# then each form attribute value is changed to append -# "_conflict-set-name" for uniqueness -templateCSDel = [ 'button', - '', - '', - 'i_csDel', - 'Delete', - '', - ] -allCSDel = {}; - -templateCSMTypes = [ 'list', - [], - 'h_csmTypes', - 'i_csmTypes', - '', - '', - ] -templateCSMDel = [ 'button', - '', - '', - 'i_csmDel', - 'Delete', - '', - ] -templateCSMType = [ 'list', - [], - '', - 'i_csmType', - '', - '', - ] -templateCSMAdd = [ 'button', - '', - '', - 'i_csmAdd', - 'Add', - '', - ] -allCSMTypes = {}; -allCSMDel = {}; -allCSMType = {}; -allCSMAdd = {}; - -formVmNames = [ '', - [], - 'h_vmNames', - '', - '', - '', - ] -formVmDel = [ 'button', - '', - '', - 'i_vmDel', - 'Delete', - '', - ] -formVmName = [ 'text', - '', - '', - 'i_vmName', - '', - '', - ] -formVmAdd = [ 'button', - '', - '', - 'i_vmAdd', - 'New', - '', - ] - -formVmNameDom0 = [ '', - '', - 'h_vmDom0', - '', - '', - '', - ] - -# This is a set of templates used for each virtual machine -# Each virtual machine is initially assigned these templates, -# then each form attribute value is changed to append -# "_virtual-machine-name" for uniqueness. -templateVmDel = [ 'button', - '', - '', - 'i_vmDel', - 'Delete', - '', - ] -templateVmDom0 = [ 'button', - '', - '', - 'i_vmDom0', - 'SetDom0', - '', - ] -allVmDel = {}; -allVmDom0 = {}; - -templateVmChWs = [ 'list', - [], - 'h_vmChWs', - 'i_vmChWs', - '', - '', - ] -templateVmChWDel = [ 'button', - '', - '', - 'i_vmChWDel', - 'Delete', - '', - ] -templateVmChW = [ 'list', - [], - '', - 'i_vmChW', - '', - '', - ] -templateVmChWAdd = [ 'button', - '', - '', - 'i_vmChWAdd', - 'Add', - '', - ] -allVmChWs = {}; -allVmChWDel = {}; -allVmChW = {}; -allVmChWAdd = {}; - -templateVmStes = [ 'list', - [], - 'h_vmStes', - 'i_vmStes', - '', - '', - ] -templateVmSteDel = [ 'button', - '', - '', - 'i_vmSteDel', - 'Delete', - '', - ] -templateVmSte = [ 'list', - [], - '', - 'i_vmSte', - '', - '', - ] -templateVmSteAdd = [ 'button', - '', - '', - 'i_vmSteAdd', - 'Add', - '', - ] -allVmStes = {}; -allVmSteDel = {}; -allVmSte = {}; -allVmSteAdd = {}; - -formResNames = [ '', - [], - 'h_resNames', - '', - '', - '', - ] -formResDel = [ 'button', - '', - '', - 'i_resDel', - 'Delete', - '', - ] -formResName = [ 'text', - '', - '', - 'i_resName', - '', - '', - ] -formResAdd = [ 'button', - '', - '', - 'i_resAdd', - 'New', - '', - ] - -# This is a set of templates used for each resource -# Each resource is initially assigned these templates, -# then each form attribute value is changed to append -# "_resource-name" for uniqueness. -templateResDel = [ 'button', - '', - '', - 'i_resDel', - 'Delete', - '', - ] -allResDel = {}; - -templateResStes = [ 'list', - [], - 'h_resStes', - 'i_resStes', - '', - '', - ] -templateResSteDel = [ 'button', - '', - '', - 'i_resSteDel', - 'Delete', - '', - ] -templateResSte = [ 'list', - [], - '', - 'i_resSte', - '', - '', - ] -templateResSteAdd = [ 'button', - '', - '', - 'i_resSteAdd', - 'Add', - '', - ] -allResStes = {}; -allResSteDel = {}; -allResSte = {}; -allResSteAdd = {}; - -# A list of all form variables used for saving info across requests -formVariables = [ formPolicyName, - formPolicyUrl, - formPolicyRef, - formPolicyDate, - formPolicyNSUrl, - formPolicyOrder, - formSteTypes, - formChWallTypes, - formCSNames, - formVmNames, - formVmNameDom0, - formResNames, - ] - -policyXml = '' -xmlError = 0 -xmlIncomplete = 0 -xmlMessages = [] - - -# Extract any form data -formData = cgi.FieldStorage( ) - -# Process the form -getSavedData( ) -processRequest( ) - -if formData.has_key( formXmlGen[3] ): - # Generate and send the XML file - checkXmlData( ) - - if xmlIncomplete == 0: - sendXmlHeaders( ) - sendPolicyXml( ) - -if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ): - # Send HTML to continue processing the form - sendHtmlHeaders( ) - sendPolicyHtml( ) diff --git a/tools/security/python/xensec_gen/index.html b/tools/security/python/xensec_gen/index.html deleted file mode 100644 index 8c541e1dd2..0000000000 --- a/tools/security/python/xensec_gen/index.html +++ /dev/null @@ -1,72 +0,0 @@ -<!-- - The Initial Developer of the Original Code is International - Business Machines Corporation. Portions created by IBM - Corporation are Copyright (C) 2005, 2006 International Business - Machines Corporation. All Rights Reserved. - --> - -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" - "http://www.w3.org/TR/html4/loose.dtd"> -<HTML> - <HEAD> - <META name="author" content="Tom Lendacky"> - <META name="copyright" content="Copyright (C) 2005, 2006 International Business Machines Corporation. All rights reserved"> - - <STYLE type="text/css"> - <!-- - BODY {background-color: #EEEEFF;} - TABLE.xen {width: 100%; border: 0px solid black;} - TD {border: 0px solid black;} - TD.heading {border: 0px solid black; font-weight: bold; font-size: larger;} - --> - </STYLE> - <TITLE>Xen Security Policy Tool</TITLE> - </HEAD> - - <BODY> - <H1>Xen Security Policy Generation Tool</H1> - - <CENTER> - <FORM action="/cgi-bin/policy.cgi" method="post" enctype="multipart/form-data"> - <TABLE class="xen"> - <COLGROUP> - <COL width="25%"> - <COL width="20%"> - <COL width="55%"> - </COLGROUP> - - <TR> - <TD valign="top" class="heading"> - Security Policy - </TD> - <TD valign="top" colspan="2"> - To generate a new Xen Security Policy leave the - <B>"Policy File"</B> entry field - empty and click the "Create" button.<BR> - To modify an existing Xen Security Policy enter the - file name containing the policy in the - <B>"Policy File"</B> entry field - and click the "Create" button.<HR> - </TD> - </TR> - <TR> - <TD></TD> - <TD> - Policy File: - </TD> - <TD> - <INPUT type="file" size="50" name="i_policy"> - </TD> - </TR> - <TR> - <TD></TD> - <TD valign="top"> - <INPUT type="submit" name="i_policyCreate" value="Create"> - </TD> - <TD></TD> - </TR> - </TABLE> - </FORM> - </CENTER> - </BODY> -</HTML> diff --git a/tools/security/python/xensec_gen/main.py b/tools/security/python/xensec_gen/main.py deleted file mode 100644 index a2c1229c84..0000000000 --- a/tools/security/python/xensec_gen/main.py +++ /dev/null @@ -1,185 +0,0 @@ -#!/usr/bin/python -# -# The Initial Developer of the Original Code is International -# Business Machines Corporation. Portions created by IBM -# Corporation are Copyright (C) 2005 International Business -# Machines Corporation. All Rights Reserved. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, -# or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -"""Xen security policy generation aid -""" - -import os -import pwd -import grp -import sys -import getopt -import BaseHTTPServer -import CGIHTTPServer - - -gHttpPort = 7777 -gHttpDir = '/var/lib/xensec_gen' -gLogFile = '/var/log/xen/xensec_gen.log' -gUser = 'nobody' -gGroup = 'nobody' - -def usage( ): - print >>sys.stderr, 'Usage: ' + sys.argv[0] + ' [OPTIONS]' - print >>sys.stderr, ' OPTIONS:' - print >>sys.stderr, ' -p, --httpport' - print >>sys.stderr, ' The port on which the http server is to listen' - print >>sys.stderr, ' (default: ' + str( gHttpPort ) + ')' - print >>sys.stderr, ' -d, --httpdir' - print >>sys.stderr, ' The directory where the http server is to serve pages from' - print >>sys.stderr, ' (default: ' + gHttpDir + ')' - print >>sys.stderr, ' -l, --logfile' - print >>sys.stderr, ' The file in which to log messages generated by this command' - print >>sys.stderr, ' (default: ' + gLogFile + ')' - print >>sys.stderr, ' -u, --user' - print >>sys.stderr, ' The user under which this command is to run. This parameter' - print >>sys.stderr, ' is only used when invoked under the "root" user' - print >>sys.stderr, ' (default: ' + gUser + ')' - print >>sys.stderr, ' -g, --group' - print >>sys.stderr, ' The group under which this command is to run. This parameter' - print >>sys.stderr, ' is only used when invoked under the "root" user' - print >>sys.stderr, ' (default: ' + gGroup + ')' - print >>sys.stderr, ' -f' - print >>sys.stderr, ' Run the command in the foreground. The logfile option will be' - print >>sys.stderr, ' ignored and all output will be directed to stdout and stderr.' - print >>sys.stderr, ' -h, --help' - print >>sys.stderr, ' Display the command usage information' - -def runServer( aServerPort, - aServerClass = BaseHTTPServer.HTTPServer, - aHandlerClass = CGIHTTPServer.CGIHTTPRequestHandler ): - serverAddress = ( '', aServerPort ) - httpd = aServerClass( serverAddress, aHandlerClass ) - httpd.serve_forever( ) - -def daemonize( aHttpDir, aLogFile, aUser, aGroup, aFork = 'true' ): - # Do some pre-daemon activities - os.umask( 027 ) - if os.getuid( ) == 0: - # If we are running as root, we will change that - uid = pwd.getpwnam( aUser )[2] - gid = grp.getgrnam( aGroup )[2] - - if aFork == 'true': - # Change the owner of the log file to the user/group - # under which the daemon is to run - flog = open( aLogFile, 'a' ) - flog.close( ) - os.chown( aLogFile, uid, gid ) - - # Change the uid/gid of the process - os.setgid( gid ) - os.setuid( uid ) - - # Change to the HTTP directory - os.chdir( aHttpDir ) - - if aFork == 'true': - # Do first fork - try: - pid = os.fork( ) - if pid: - # Parent process - return pid - - except OSError, e: - raise Exception, e - - # First child process, create a new session - os.setsid( ) - - # Do second fork - try: - pid = os.fork( ) - if pid: - # Parent process - os._exit( 0 ) - - except OSError, e: - raise Exception, e - - # Reset stdin/stdout/stderr - fin = open( '/dev/null', 'r' ) - flog = open( aLogFile, 'a' ) - os.dup2( fin.fileno( ), sys.stdin.fileno( ) ) - os.dup2( flog.fileno( ), sys.stdout.fileno( ) ) - os.dup2( flog.fileno( ), sys.stderr.fileno( ) ) - -def main( ): - httpPort = gHttpPort - httpDir = gHttpDir - logFile = gLogFile - user = gUser - group = gGroup - doFork = 'true' - - shortOpts = 'd:p:l:u:g:fh' - longOpts = [ 'httpdir=', 'httpport=', 'logfile=', 'user=', 'group=', 'help' ] - try: - opts, args = getopt.getopt( sys.argv[1:], shortOpts, longOpts ) - - except getopt.GetoptError, e: - print >>sys.stderr, e - usage( ) - sys.exit( ) - - if len( args ) != 0: - print >>sys.stderr, 'Error: command arguments are not supported' - usage( ) - sys.exit( ) - - for opt, opt_value in opts: - if opt in ( '-h', '--help' ): - usage( ) - sys.exit( ) - - if opt in ( '-d', '--httpdir' ): - httpDir = opt_value - - if opt in ( '-p', '--httpport' ): - try: - httpPort = int( opt_value ) - except: - print >>sys.stderr, 'Error: HTTP port is not valid' - usage( ) - sys.exit( ) - - if opt in ( '-l', '--logfile' ): - logFile = opt_value - - if opt in ( '-u', '--user' ): - user = opt_value - - if opt in ( '-g', '--group' ): - group = opt_value - - if opt in ( '-f' ): - doFork = 'false' - - pid = daemonize( httpDir, logFile, user, group, doFork ) - if pid > 0: - sys.exit( ) - - runServer( httpPort ) - -if __name__ == '__main__': - main( ) diff --git a/tools/security/python/xensec_tools/acm_getlabel b/tools/security/python/xensec_tools/acm_getlabel deleted file mode 100644 index 8d5fe22461..0000000000 --- a/tools/security/python/xensec_tools/acm_getlabel +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/env python -# -*- mode: python; -*- -import sys -import traceback -import getopt - -from xen.util.security import ACMError, err, get_ssid - -# getopt.gnu_getopt is better, but only exists in Python 2.3+. Use -# getopt.getopt if gnu_getopt is not available. This will mean that options -# may only be specified before positional arguments. -if not hasattr(getopt, 'gnu_getopt'): - getopt.gnu_getopt = getopt.getopt - -def usage(): - print "Usage: acm_getlabel -i domainid" - print " Test program illustrating the retrieval of" - print " label information (for domains) from Xen." - print " Argument is one paramter describing the domain" - print " for which the label is retrieved." - print "\t -i domain_id or --domid=domain_id" - print " Return value:" - print "\t none -- Error (e.g., unknown ssidref, label, or domain id)" - print "\t (labelname, policyname, ssidref)" - err("Usage") - -try: - domid = None - (options, params) = getopt.gnu_getopt(sys.argv[1:], ':i:', ['domid=']) - for (k, v) in options: - if k in ['-i', '--domid']: - if not domid: - domid = v - else: - usage() - if not domid: - usage() - - print get_ssid(domid) - -except ACMError: - pass -except: - traceback.print_exc(limit=1) diff --git a/tools/security/readme.txt b/tools/security/readme.txt deleted file mode 100644 index 991359a53a..0000000000 --- a/tools/security/readme.txt +++ /dev/null @@ -1,33 +0,0 @@ - -## -# readme.txt <description to the sHype/Xen access control architecture> -# -# Author: -# Reiner Sailer 08/30/2006 <sailer@watson.ibm.com> -# -# -# This file is a toc for information regarding -# the access control policy and tools in Xen. -## - -1. Xen User Guide - - describes how to configure, install, and deploy the sHype Access - Control Module in Xen. See chapter "sHype/Xen Access Control". - -2. 'xm' man page - - describes the commands related to Xen management, including the - commands to manage security policies and labels. Read the access - control subcommand section of the xm manual first. - -3. policy.txt - - describes examples for access control policies in Xen. First read - the policy description in the Xen User Guide. - - -4. policytools.txt - - describes the available tools for creating and managing security - policies in Xen. diff --git a/tools/security/secpol_tool.c b/tools/security/secpol_tool.c deleted file mode 100644 index 792739e22d..0000000000 --- a/tools/security/secpol_tool.c +++ /dev/null @@ -1,561 +0,0 @@ -/**************************************************************** - * secpol_tool.c - * - * Copyright (C) 2005 IBM Corporation - * - * Authors: - * Reiner Sailer <sailer@watson.ibm.com> - * Stefan Berger <stefanb@watson.ibm.com> - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation, version 2 of the - * License. - * - * sHype policy management tool. This code runs in a domain and - * manages the Xen security policy by interacting with the - * Xen access control module via the privcmd device, - * which is translated into a acm_op hypercall into Xen. - * - * indent -i4 -kr -nut - */ - - -#include <unistd.h> -#include <stdio.h> -#include <errno.h> -#include <fcntl.h> -#include <getopt.h> -#include <sys/mman.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <stdlib.h> -#include <sys/ioctl.h> -#include <string.h> -#include <netinet/in.h> -#include <stdint.h> -#include <xen/xsm/acm.h> -#include <xen/xsm/acm_ops.h> - -#include <xenctrl.h> - -#define PERROR(_m, _a...) \ -fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a , \ - errno, strerror(errno)) - -void usage(char *progname) -{ - printf("Usage: %s ACTION\n" - "ACTION is one of:\n" - "\t getpolicy\n" - "\t dumpstats\n" - "\t loadpolicy <binary policy file>\n" - "\t dumppolicy <binary policy file> [Dom-0 ssidref]\n", - progname); - exit(-1); -} - -/*************************** DUMPS *******************************/ - -void acm_dump_chinesewall_buffer(void *buf, int buflen, uint16_t chwall_ref) -{ - - struct acm_chwall_policy_buffer *cwbuf = - (struct acm_chwall_policy_buffer *) buf; - domaintype_t *ssids, *conflicts, *running_types, *conflict_aggregate; - int i, j; - - - if (htonl(cwbuf->policy_code) != ACM_CHINESE_WALL_POLICY) { - printf("CHINESE WALL POLICY CODE not found ERROR!!\n"); - return; - } - printf("\n\nChinese Wall policy:\n"); - printf("====================\n"); - printf("Policy version= %x.\n", ntohl(cwbuf->policy_version)); - printf("Max Types = %x.\n", ntohl(cwbuf->chwall_max_types)); - printf("Max Ssidrefs = %x.\n", ntohl(cwbuf->chwall_max_ssidrefs)); - printf("Max ConfSets = %x.\n", ntohl(cwbuf->chwall_max_conflictsets)); - printf("Ssidrefs Off = %x.\n", ntohl(cwbuf->chwall_ssid_offset)); - printf("Conflicts Off = %x.\n", - ntohl(cwbuf->chwall_conflict_sets_offset)); - printf("Runing T. Off = %x.\n", - ntohl(cwbuf->chwall_running_types_offset)); - printf("C. Agg. Off = %x.\n", - ntohl(cwbuf->chwall_conflict_aggregate_offset)); - printf("\nSSID To CHWALL-Type matrix:\n"); - - ssids = (domaintype_t *) (buf + ntohl(cwbuf->chwall_ssid_offset)); - for (i = 0; i < ntohl(cwbuf->chwall_max_ssidrefs); i++) { - printf("\n ssidref%2x: ", i); - for (j = 0; j < ntohl(cwbuf->chwall_max_types); j++) - printf("%02x ", - ntohs(ssids[i * ntohl(cwbuf->chwall_max_types) + j])); - if (i == chwall_ref) - printf(" <-- Domain-0"); - } - printf("\n\nConfict Sets:\n"); - conflicts = - (domaintype_t *) (buf + ntohl(cwbuf->chwall_conflict_sets_offset)); - for (i = 0; i < ntohl(cwbuf->chwall_max_conflictsets); i++) { - printf("\n c-set%2x: ", i); - for (j = 0; j < ntohl(cwbuf->chwall_max_types); j++) - printf("%02x ", - ntohs(conflicts - [i * ntohl(cwbuf->chwall_max_types) + j])); - } - printf("\n"); - - printf("\nRunning\nTypes: "); - if (ntohl(cwbuf->chwall_running_types_offset)) { - running_types = - (domaintype_t *) (buf + - ntohl(cwbuf->chwall_running_types_offset)); - for (i = 0; i < ntohl(cwbuf->chwall_max_types); i++) { - printf("%02x ", ntohs(running_types[i])); - } - printf("\n"); - } else { - printf("Not Reported!\n"); - } - printf("\nConflict\nAggregate Set: "); - if (ntohl(cwbuf->chwall_conflict_aggregate_offset)) { - conflict_aggregate = - (domaintype_t *) (buf + - ntohl(cwbuf-> - chwall_conflict_aggregate_offset)); - for (i = 0; i < ntohl(cwbuf->chwall_max_types); i++) { - printf("%02x ", ntohs(conflict_aggregate[i])); - } - printf("\n\n"); - } else { - printf("Not Reported!\n"); - } -} - -void acm_dump_ste_buffer(void *buf, int buflen, uint16_t ste_ref) -{ - - struct acm_ste_policy_buffer *stebuf = - (struct acm_ste_policy_buffer *) buf; - domaintype_t *ssids; - int i, j; - - - if (ntohl(stebuf->policy_code) != ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) { - printf("SIMPLE TYPE ENFORCEMENT POLICY CODE not found ERROR!!\n"); - return; - } - printf("\nSimple Type Enforcement policy:\n"); - printf("===============================\n"); - printf("Policy version= %x.\n", ntohl(stebuf->policy_version)); - printf("Max Types = %x.\n", ntohl(stebuf->ste_max_types)); - printf("Max Ssidrefs = %x.\n", ntohl(stebuf->ste_max_ssidrefs)); - printf("Ssidrefs Off = %x.\n", ntohl(stebuf->ste_ssid_offset)); - printf("\nSSID To STE-Type matrix:\n"); - - ssids = (domaintype_t *) (buf + ntohl(stebuf->ste_ssid_offset)); - for (i = 0; i < ntohl(stebuf->ste_max_ssidrefs); i++) { - printf("\n ssidref%2x: ", i); - for (j = 0; j < ntohl(stebuf->ste_max_types); j++) - printf("%02x ", - ntohs(ssids[i * ntohl(stebuf->ste_max_types) + j])); - if (i == ste_ref) - printf(" <-- Domain-0"); - } - printf("\n\n"); -} - -void acm_dump_policy_buffer(void *buf, int buflen, - uint16_t chwall_ref, uint16_t ste_ref) -{ - struct acm_policy_buffer *pol = (struct acm_policy_buffer *) buf; - char *policy_reference_name = - (buf + ntohl(pol->policy_reference_offset) + - sizeof(struct acm_policy_reference_buffer)); - printf("\nPolicy dump:\n"); - printf("============\n"); - printf("POLICY REFERENCE = %s.\n", policy_reference_name); - printf("PolicyVer = %x.\n", ntohl(pol->policy_version)); - printf("XML Vers. = %d.%d\n", - ntohl(pol->xml_pol_version.major), - ntohl(pol->xml_pol_version.minor)); - printf("Magic = %x.\n", ntohl(pol->magic)); - printf("Len = %x.\n", ntohl(pol->len)); - printf("Primary = %s (c=%x, off=%x).\n", - ACM_POLICY_NAME(ntohl(pol->primary_policy_code)), - ntohl(pol->primary_policy_code), - ntohl(pol->primary_buffer_offset)); - printf("Secondary = %s (c=%x, off=%x).\n", - ACM_POLICY_NAME(ntohl(pol->secondary_policy_code)), - ntohl(pol->secondary_policy_code), - ntohl(pol->secondary_buffer_offset)); - switch (ntohl(pol->primary_policy_code)) { - case ACM_CHINESE_WALL_POLICY: - acm_dump_chinesewall_buffer(buf + ntohl(pol->primary_buffer_offset), - ntohl(pol->len) - - ntohl(pol->primary_buffer_offset), - chwall_ref); - break; - - case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: - acm_dump_ste_buffer(buf + ntohl(pol->primary_buffer_offset), - ntohl(pol->len) - - ntohl(pol->primary_buffer_offset), - ste_ref); - break; - - case ACM_NULL_POLICY: - printf("Primary policy is NULL Policy (n/a).\n"); - break; - - default: - printf("UNKNOWN POLICY!\n"); - } - - switch (ntohl(pol->secondary_policy_code)) { - case ACM_CHINESE_WALL_POLICY: - acm_dump_chinesewall_buffer(buf + ntohl(pol->secondary_buffer_offset), - ntohl(pol->len) - - ntohl(pol->secondary_buffer_offset), - chwall_ref); - break; - - case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: - acm_dump_ste_buffer(buf + ntohl(pol->secondary_buffer_offset), - ntohl(pol->len) - - ntohl(pol->secondary_buffer_offset), - ste_ref); - break; - - case ACM_NULL_POLICY: - printf("Secondary policy is NULL Policy (n/a).\n"); - break; - - default: - printf("UNKNOWN POLICY!\n"); - } -} - -/************************** get dom0 ssidref *****************************/ -int acm_get_ssidref(xc_interface *xc_handle, int domid, uint16_t *chwall_ref, - uint16_t *ste_ref) -{ - int ret; - DECLARE_HYPERCALL_BUFFER(struct acm_ssid_buffer, ssid); - size_t ssid_buffer_size = 4096; - struct acm_getssid getssid; - ssid = xc_hypercall_buffer_alloc(xc_handle, ssid, ssid_buffer_size); - if ( ssid == NULL ) - return 1; - set_xen_guest_handle(getssid.ssidbuf, ssid); - getssid.ssidbuf_size = ssid_buffer_size; - getssid.get_ssid_by = ACM_GETBY_domainid; - getssid.id.domainid = domid; - ret = xc_acm_op(xc_handle, ACMOP_getssid, &getssid, sizeof(getssid)); - if (ret == 0) { - *chwall_ref = ssid->ssidref & 0xffff; - *ste_ref = ssid->ssidref >> 16; - } - xc_hypercall_buffer_free(xc_handle, ssid); - return ret; -} - -/******************************* get policy ******************************/ - -int acm_domain_getpolicy(xc_interface *xc_handle) -{ - DECLARE_HYPERCALL_BUFFER(uint8_t, pull_buffer); - size_t pull_cache_size = 8192; - struct acm_getpolicy getpolicy; - int ret; - uint16_t chwall_ref, ste_ref; - - pull_buffer = xc_hypercall_buffer_alloc(xc_handle, pull_buffer, pull_cache_size); - if ( pull_buffer == NULL ) - return -1; - - memset(pull_buffer, 0x00, pull_cache_size); - set_xen_guest_handle(getpolicy.pullcache, pull_buffer); - getpolicy.pullcache_size = pull_cache_size; - ret = xc_acm_op(xc_handle, ACMOP_getpolicy, &getpolicy, sizeof(getpolicy)); - if (ret >= 0) { - ret = acm_get_ssidref(xc_handle, 0, &chwall_ref, &ste_ref); - } - - if (ret < 0) { - printf("ACM operation failed: errno=%d\n", errno); - if (errno == EACCES) - fprintf(stderr, "ACM operation failed -- need to" - " rebuild the user-space tool set?\n"); - } - - /* dump policy */ - acm_dump_policy_buffer(pull_buffer, pull_cache_size, - chwall_ref, ste_ref); - - xc_hypercall_buffer_free(xc_handle, pull_buffer); - - return ret; -} - -/************************ dump binary policy ******************************/ - -static int load_file(const char *filename, - uint8_t **buffer, off_t *len, - xc_interface *xc_handle, - xc_hypercall_buffer_t *hcall) -{ - struct stat mystat; - int ret = 0; - int fd; - DECLARE_HYPERCALL_BUFFER_ARGUMENT(hcall); - - if ((ret = stat(filename, &mystat)) != 0) { - printf("File %s not found.\n", filename); - ret = errno; - goto out; - } - - *len = mystat.st_size; - - if ( hcall == NULL ) { - if ((*buffer = malloc(*len)) == NULL) { - ret = -ENOMEM; - goto out; - } - } else { - if ((*buffer = xc_hypercall_buffer_alloc(xc_handle, hcall, *len)) == NULL) { - ret = -ENOMEM; - goto out; - } - } - - if ((fd = open(filename, O_RDONLY)) <= 0) { - ret = -ENOENT; - printf("File %s not found.\n", filename); - goto free_out; - } - - if (*len == read(fd, *buffer, *len)) - return 0; - -free_out: - if ( hcall == NULL ) - free(*buffer); - else - xc_hypercall_buffer_free(xc_handle, hcall); - *buffer = NULL; - *len = 0; -out: - return ret; -} - -static int acm_domain_dumppolicy(const char *filename, uint32_t ssidref) -{ - uint8_t *buffer = NULL; - off_t len; - int ret = 0; - uint16_t chwall_ssidref, ste_ssidref; - - chwall_ssidref = (ssidref ) & 0xffff; - ste_ssidref = (ssidref >> 16) & 0xffff; - - if ((ret = load_file(filename, &buffer, &len, NULL, NULL)) == 0) { - acm_dump_policy_buffer(buffer, len, chwall_ssidref, ste_ssidref); - free(buffer); - } - - return ret; -} - -/************************ load binary policy ******************************/ - -int acm_domain_loadpolicy(xc_interface *xc_handle, const char *filename) -{ - int ret; - off_t len; - DECLARE_HYPERCALL_BUFFER(uint8_t, buffer); - uint16_t chwall_ssidref, ste_ssidref; - struct acm_setpolicy setpolicy; - - ret = load_file(filename, &buffer, &len, xc_handle, HYPERCALL_BUFFER(buffer)); - if (ret != 0) - goto out; - - ret = acm_get_ssidref(xc_handle, 0, &chwall_ssidref, &ste_ssidref); - if (ret < 0) - goto free_out; - - /* dump it and then push it down into xen/acm */ - acm_dump_policy_buffer(buffer, len, chwall_ssidref, ste_ssidref); - set_xen_guest_handle(setpolicy.pushcache, buffer); - setpolicy.pushcache_size = len; - ret = xc_acm_op(xc_handle, ACMOP_setpolicy, &setpolicy, sizeof(setpolicy)); - - if (ret) { - printf("ERROR setting policy.\n"); - } else { - printf("Successfully changed policy.\n"); - } - - free_out: - xc_hypercall_buffer_free(xc_handle, buffer); - out: - return ret; -} - -/************************ dump hook statistics ******************************/ -void dump_ste_stats(struct acm_ste_stats_buffer *ste_stats) -{ - printf("STE-Policy Security Hook Statistics:\n"); - printf("ste: event_channel eval_count = %d\n", - ntohl(ste_stats->ec_eval_count)); - printf("ste: event_channel denied_count = %d\n", - ntohl(ste_stats->ec_denied_count)); - printf("ste: event_channel cache_hit_count = %d\n", - ntohl(ste_stats->ec_cachehit_count)); - printf("ste:\n"); - printf("ste: grant_table eval_count = %d\n", - ntohl(ste_stats->gt_eval_count)); - printf("ste: grant_table denied_count = %d\n", - ntohl(ste_stats->gt_denied_count)); - printf("ste: grant_table cache_hit_count = %d\n", - ntohl(ste_stats->gt_cachehit_count)); -} - -int acm_domain_dumpstats(xc_interface *xc_handle) -{ - DECLARE_HYPERCALL_BUFFER(uint8_t, stats_buffer); - size_t pull_stats_size = 8192; - struct acm_dumpstats dumpstats; - int ret; - struct acm_stats_buffer *stats; - - stats_buffer = xc_hypercall_buffer_alloc(xc_handle, stats_buffer, pull_stats_size); - if ( stats_buffer == NULL ) - return -1; - - memset(stats_buffer, 0x00, pull_stats_size); - set_xen_guest_handle(dumpstats.pullcache, stats_buffer); - dumpstats.pullcache_size = pull_stats_size; - ret = xc_acm_op(xc_handle, ACMOP_dumpstats, &dumpstats, sizeof(dumpstats)); - - if (ret < 0) { - printf - ("ERROR dumping policy stats. Try 'xm dmesg' to see details.\n"); - xc_hypercall_buffer_free(xc_handle, stats_buffer); - return ret; - } - stats = (struct acm_stats_buffer *) stats_buffer; - - printf("\nPolicy dump:\n"); - printf("============\n"); - printf("Magic = %x.\n", ntohl(stats->magic)); - printf("Len = %x.\n", ntohl(stats->len)); - - switch (ntohl(stats->primary_policy_code)) { - case ACM_NULL_POLICY: - printf("NULL Policy: No statistics apply.\n"); - break; - - case ACM_CHINESE_WALL_POLICY: - printf("Chinese Wall Policy: No statistics apply.\n"); - break; - - case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: - dump_ste_stats((struct acm_ste_stats_buffer *) (stats_buffer + - ntohl(stats-> - primary_stats_offset))); - break; - - default: - printf("UNKNOWN PRIMARY POLICY ERROR!\n"); - } - - switch (ntohl(stats->secondary_policy_code)) { - case ACM_NULL_POLICY: - printf("NULL Policy: No statistics apply.\n"); - break; - - case ACM_CHINESE_WALL_POLICY: - printf("Chinese Wall Policy: No statistics apply.\n"); - break; - - case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: - dump_ste_stats((struct acm_ste_stats_buffer *) (stats_buffer + - ntohl(stats-> - secondary_stats_offset))); - break; - - default: - printf("UNKNOWN SECONDARY POLICY ERROR!\n"); - } - xc_hypercall_buffer_free(xc_handle, stats_buffer); - return ret; -} - -/***************************** main **************************************/ - -int main(int argc, char **argv) -{ - - xc_interface *xc_handle; - int ret = 0; - - if (argc < 2) - usage(argv[0]); - - - if (!strcmp(argv[1], "getpolicy")) { - if (argc != 2) - usage(argv[0]); - - if ((xc_handle = xc_interface_open(0, 0, 0)) == 0) { - printf("ERROR: Could not open xen privcmd device!\n"); - exit(-1); - } - - ret = acm_domain_getpolicy(xc_handle); - - xc_interface_close(xc_handle); - } else if (!strcmp(argv[1], "loadpolicy")) { - if (argc != 3) - usage(argv[0]); - - if ((xc_handle = xc_interface_open(0, 0, 0)) == 0) { - printf("ERROR: Could not open xen privcmd device!\n"); - exit(-1); - } - - ret = acm_domain_loadpolicy(xc_handle, argv[2]); - - xc_interface_close(xc_handle); - } else if (!strcmp(argv[1], "dumpstats")) { - if (argc != 2) - usage(argv[0]); - - if ((xc_handle = xc_interface_open(0, 0, 0)) == 0) { - printf("ERROR: Could not open xen privcmd device!\n"); - exit(-1); - } - - ret = acm_domain_dumpstats(xc_handle); - - xc_interface_close(xc_handle); - } else if (!strcmp(argv[1], "dumppolicy")) { - uint32_t ssidref = 0xffffffff; - if (argc < 3 || argc > 4) - usage(argv[0]); - if (argc == 4) { - if (!sscanf(argv[3], "%i", &ssidref)) { - printf("Error: Could not parse ssidref.\n"); - exit(-1); - } - } - ret = acm_domain_dumppolicy(argv[2], ssidref); - } else - usage(argv[0]); - - return ret; -} diff --git a/tools/security/xensec_ezpolicy b/tools/security/xensec_ezpolicy deleted file mode 100644 index 550196f774..0000000000 --- a/tools/security/xensec_ezpolicy +++ /dev/null @@ -1,1636 +0,0 @@ -#!/usr/bin/env python -#=========================================================================== -# This program is free software; you can redistribute it and/or -# modify it under the terms of version 2.1 of the GNU Lesser General Public -# License as published by the Free Software Foundation. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -#============================================================================ -# Copyright (C) 2006 International Business Machines Corp. -# Author: Reiner Sailer -#============================================================================ -# use 'yum install wxPython' to get wx or download from www.wxpython.org -import sys, time, string -import wx -import wx.lib.buttons as buttons -""" -This program creates a default policy based on names of organizations and departments. -The resulting policy can be refined using the policy generation tool (xensec_gen). -""" - -helpprovider = wx.SimpleHelpProvider() -wx.HelpProvider_Set(helpprovider) - -ID_CS_START=1000 - -realm_bmp = None -workload_bmp = None -conflict_bmp = None -realm_icon = None -workload_icon = None - -ACM_LABEL_UNLABELED = '__UNLABELED__' - -class orgTreeCtrl(wx.TreeCtrl): - - event = None - - def __init__(self, parent, id, pos, size, style, validator, name): - wx.TreeCtrl.__init__(self, parent, id, pos, size, style, - validator, name) - self.parent = parent - orgs_root = self.AddRoot(text="Organization / Department") - self.SetItemBackgroundColour(orgs_root, wx.LIGHT_GREY) - - - def LabelExists(self, label, item): - for i in iterchildren(self.GetItemParent(item)): - if (self.GetItemText(i) == label) and (i != item): - return True - return False - - - def _OrgEdt(self, event): - item = self.event.GetItem() - self.OrgEdt(item) - - - def OrgEdt(self, item): - oldlabel= self.GetItemText(item) - #get new name - dlg = wx.TextEntryDialog(self, "Please enter org/dept name:", - "Naming a Workload", - style=wx.CANCEL | wx.OK | wx.CENTRE | wx.TE_NOHIDESEL) - dlg.SetValue(oldlabel) - ret = dlg.ShowModal() - newlabel = dlg.GetValue() - dlg.Destroy() - if (ret == wx.ID_CANCEL) or (newlabel == ''): - return False - - #now check if the new name is permissible - if self.LabelExists(newlabel, item): - dlg = wx.MessageDialog(self, 'Item with name ' + newlabel + ' already exists!', - 'Rename', style=wx.OK) - dlg.ShowModal() - dlg.Destroy() - return False - - #all checkspassed, change item and adapt runtime exclusion rules - self.SetItemText(item, newlabel) - app.win.LabelReplaceInConflictsets(item, oldlabel, newlabel) - return True - - - def _OrgRAdd(self, event): - self.OrgRAdd() - - - def OrgRAdd(self): - new = self.AppendItem(self.GetRootItem(), text="") - self.SetItemBold(new, True) - self.SetItemImage(new, realm_icon, wx.TreeItemIcon_Normal) - self.EnsureVisible(new) - if not self.OrgEdt(new): - self.Delete(new) - - - def _OrgWAdd(self, event): - item = self.event.GetItem() - self.OrgWAdd(item) - - - def OrgWAdd(self, item): - new = self.AppendItem(item, text="") - self.Expand(item) - self.SetItemImage(new, workload_icon, wx.TreeItemIcon_Normal) - self.EnsureVisible(new) - if not self.OrgEdt(new): - self.Delete(new) - - -class OrgsPanel(wx.Panel): - ID_CONSADDBTN = 145 - ID_REALMADDBTN = 144 - - def __init__(self, parent, ID): - global realm_icon, workload_icon - - wx.Panel.__init__(self, parent, -1) - - #create image list - imagelist = wx.ImageList(16, 17, True) - #define generic function and use it for all input - realm_icon = imagelist.Add(realm_bmp) - workload_icon = imagelist.Add(workload_bmp) - - #left tree control for organizations / workload definitions - orgshdrbox = wx.StaticBox(self, -1, "") - orgshdrboxsizer = wx.StaticBoxSizer(orgshdrbox, wx.HORIZONTAL) - orgshdr = wx.StaticText(self, -1, "Organization / Department Definition", - style=wx.ALIGN_CENTER) - orgshdr.SetHelpText(RealmWorkloadPanelHelp) - points = orgshdr.GetFont().GetPointSize() # get the current size - hdrfont = wx.Font(points + 2, family=wx.DEFAULT, - style=wx.FONTSTYLE_NORMAL, weight=wx.BOLD) - orgshdr.SetFont(hdrfont) - orgshdr.SetForegroundColour('MEDIUMBLUE') - orgshdr.SetBackgroundColour('SNOW') - orgshdrboxsizer.Add(orgshdr, proportion=1, flag=wx.EXPAND | wx.ALL | wx.ALIGN_LEFT, border=5) - addorgsbutton = wx.Button(self, self.ID_REALMADDBTN, "New Org", style=wx.BU_EXACTFIT) - addorgsbutton.SetToolTipString("Add A New Organization") - addorgsbutton.SetHelpText(NewRealmButtonHelp) - addorgsbutton.SetForegroundColour('MEDIUMBLUE') - addfont = wx.Font(points, family=wx.DEFAULT, - style=wx.FONTSTYLE_NORMAL, weight=wx.BOLD) - addorgsbutton.SetFont(addfont) - orgshdrboxsizer.Add(addorgsbutton, proportion=0, flag=wx.EXPAND | wx.ALL | wx.ALIGN_RIGHT, border=0) - - self.orgs = orgTreeCtrl(self, -1, - pos=wx.DefaultPosition, - size=wx.DefaultSize, - style=wx.TR_HAS_BUTTONS | wx.TR_HIDE_ROOT | wx.TR_NO_LINES - | wx.TR_MULTIPLE, - validator=wx.DefaultValidator, - name="orgs") - self.orgs.AssignImageList(imagelist) - self.orgs.SetHelpText(RealmWorkloadPanelHelp) - - self.addconsbutton = wx.Button(self, self.ID_CONSADDBTN, - "Create run-time exclusion rule from selection -->", - style=wx.BU_EXACTFIT) - self.addconsbutton.SetToolTipString("Create New Exclusion rule From Above Workload Selection") - self.addconsbutton.SetHelpText(CreateRunTimeButtonHelp) - self.addconsbutton.SetForegroundColour('MEDIUMBLUE') - addfont = wx.Font(points, family=wx.DEFAULT, - style=wx.FONTSTYLE_NORMAL, weight=wx.BOLD) - self.addconsbutton.SetFont(addfont) - self.addconsbutton.Bind(wx.EVT_BUTTON, self._AddConflict, id=self.ID_CONSADDBTN) - - orgsvbox = wx.BoxSizer(wx.VERTICAL) - orgsvbox.Add(orgshdrboxsizer, proportion=0, flag=wx.EXPAND | wx.ALL, border=5) - orgsvbox.Add(self.orgs, proportion=1, flag=wx.EXPAND | wx.ALL, border=5) - orgsvbox.Add(self.addconsbutton, proportion=0, flag=wx.EXPAND | wx.ALL, border=5) - self.SetSizer(orgsvbox) - addorgsbutton.Bind(wx.EVT_BUTTON, self.orgs._OrgRAdd, id= self.ID_REALMADDBTN) - - - def _AddConflict(self, event): - app.win.conspanel._AddNewConflict(event) - - -class ConsPanel(wx.Panel): - ID_CONSSELECT = 151 - ID_CONSADD = 152 - ID_CONSRENAME = 153 - ID_CONSDEL = 154 - ID_CONSSELECTSUB= 155 - - conflictMAX = ID_CS_START - - def __init__(self, parent, ID): - self.conflictsets = [] - self.parent = parent - wx.Panel.__init__(self, parent, -1) - #header - conshdrbox = wx.StaticBox(self, -1, "") - conshdrboxsizer = wx.StaticBoxSizer(conshdrbox, wx.HORIZONTAL) - conshdr = wx.StaticText(self, -1, "Run-time Exclusion Rules", style=wx.ALIGN_CENTER) - conshdr.SetHelpText(RunTimeExclusionPanelHelp) - points = conshdr.GetFont().GetPointSize() # get the current size - hdrfont = wx.Font(points + 2, family=wx.DEFAULT, - style=wx.FONTSTYLE_NORMAL, weight=wx.BOLD) - conshdr.SetFont(hdrfont) - conshdr.SetForegroundColour('ORANGERED') - - #context help button - ctxHelp = wx.ContextHelpButton(self) - ctxHelp.SetHelpText("Context Help Button.") - ctxHelp.SetToolTipString("Context Help: Press this button, then press any other button or panel to get help.") - - - conshdrboxsizer.Add(conshdr, proportion=1, flag=wx.EXPAND | wx.ALL | wx.ALIGN_LEFT, border=5) - conshdrboxsizer.Add(ctxHelp, proportion=0, flag=wx.EXPAND | wx.ALL | wx.ALIGN_RIGHT, border=0) - #scrolledwindow for all the run-time exclusion rules - conflictspanel = wx.ScrolledWindow(self, -1, (0,0), - style = wx.FULL_REPAINT_ON_RESIZE | - wx.VSCROLL ) - conflictspanel.SetVirtualSize((1000, 1000)) - conflictspanel.SetScrollRate(5,5) - self.conflictsboxsizer = wx.BoxSizer(wx.VERTICAL) - - #self.conflictsboxsizer.Fit(self) - conflictspanel.SetSizer(self.conflictsboxsizer) - consvbox = wx.BoxSizer(wx.VERTICAL) - consvbox.Add(conshdrboxsizer, proportion=0, flag=wx.EXPAND | wx.ALL, border=5) - consvbox.Add(conflictspanel, proportion=1, flag=wx.EXPAND | wx.ALL, border=5) - self.SetSizer(consvbox) - self.consvbox = consvbox - self.conflictspanel=conflictspanel - - self.cmenu = wx.Menu() - self.cmenu.Append(self.ID_CONSRENAME, "Rename Run-time Exclusion Rule", "Rename Run-time Exclusion Rule") - self.cmenu.AppendSeparator() - self.cmenu.Append(self.ID_CONSDEL, "Delete Run-time Exclusion Rule", "Delete Run-time Exclusion Rule") - self.Bind(wx.EVT_MENU, self._CSRename, id=self.ID_CONSRENAME) - self.Bind(wx.EVT_MENU, self._CSDelete, id=self.ID_CONSDEL) - - - #Helper methods called from anywhere - def New(self): - #delete all run-time exclusion rules - for i in self.conflictsets: - i.Disable() - i.Destroy() - self.conflictsets = [] - self.conflictsboxsizer.Layout() - size=self.GetSize() - self.Fit() - self.SetSize(size) - - - def DelCSById(self, delid): - #delete CS representation - delpos, item = self.GetCSBox(delid) - if item: - self.DelCSByItem(item) - - - def DelCSByItem(self, item): - #delete CS representation - self.conflictsets.remove(item) - exists = self.conflictsboxsizer.Detach(item) - if exists: - item.Destroy() - self.RefreshMe() - - - def RefreshMe(self): - size=self.parent.GetSize() - self.parent.Fit() - self.parent.SetSize(size + (1,1)) - self.parent.SetSize(size) - - - def GetOrgSelection(self): - (tree, selection) = GetOrgsSelection() - if not len(selection): - dlg = wx.MessageDialog(self, 'You must select first at least one Organization/Department workload!', - 'Creating A New Run-time Rule', wx.OK | wx.ICON_ERROR) - dlg.ShowModal() - dlg.Destroy() - return None,None - # now rewrite selection (realm.workload extension, check consistency) - alist = [] - for i in selection: - if isRealm(i): - alist.append(tree.GetItemText(i)) - else: - alist.append(tree.GetItemText(tree.GetItemParent(i)) - + "." + tree.GetItemText(i)) - - if isRealm(i): - for j in selection: - if tree.GetItemParent(j) == i: - violation = ("[ " + tree.GetItemText(i) + ", " + - tree.GetItemText(i) + "." + tree.GetItemText(j) + " ]") - dlg = wx.MessageDialog(self, - 'Invalid Selection ' + violation + '.\n\n' + - 'You can only select EITHER an Organization OR specific Department!', - 'Creating A New Run-time Exclusion Rule', wx.OK | wx.ICON_ERROR) - dlg.ShowModal() - dlg.Destroy() - return None,None - return (alist, selection) - - - def AddConflict(self, name, types): - csbox = myCSPanel(self, self.conflictMAX, name, types) - self.conflictsboxsizer.Add(csbox, proportion=0, flag=wx.EXPAND | wx.ALL, border=5) - self.conflictsets.append(csbox) - self.conflictMAX = self.conflictMAX+3 - self.RefreshMe() - csbox.RefreshMe() - - - def GetCSBox(self, id): - pos = -1 - i = 0 - while self.conflictsboxsizer.GetItem(i): - item = self.conflictsboxsizer.GetItem(i).GetWindow() - if ((item.cbmp.GetId() == id) or - (item.add_selection.GetId() == id) or - (item.del_selection.GetId() == id)): - pos = i - box = item - break - i = i + 1 - if pos < 0: - print "Run-time Exclusion Rule Not Found ERROR!" - return (None, None) - else: - return (pos, box) - - - #bind methods - def _AddNewConflict(self, event): - # first get the conflicting workload types with current selection - types, items = self.GetOrgSelection() - if not types: - return - #get name for conflict set - dlg = wx.TextEntryDialog( - self, 'Please enter a name for the Run-time Exclusion Rule:', 'Creating A New Run-time Exclusion Rule') - dlg.SetValue("") - ret = dlg.ShowModal() - name = dlg.GetValue() - dlg.Destroy() - if ret != wx.ID_OK: - return - self.AddConflict(name, types) - - - def _OnClick(self, event): - self.event = event - app.win.SetStatusText("") - self.PopupMenu(self.cmenu) - - - def _CSRename(self, event): - delpos, item = self.GetCSBox(self.event.GetId()) - if not item: - return - #allow to name the conflict set - dlg = wx.TextEntryDialog( - self, 'Please enter a new name for the Conflict Set:', 'Renaming A Run-time Exclusion Rule') - dlg.SetValue(item.box.GetLabel()) - ret = dlg.ShowModal() - name = dlg.GetValue() - dlg.Destroy() - if ret != wx.ID_OK: - return - item.box.SetLabel(name) - item.box.SetFont(wx.Font(item.GetFont().GetPointSize(), family=wx.DEFAULT, - style=wx.FONTSTYLE_NORMAL, weight=wx.BOLD)) - - - def _CSDelete(self, event): - delid = self.event.GetId() - self.DelCSById(delid) - - - def _AddOrgSelection(self, event): - addid = event.GetId() - addpos, item = self.GetCSBox(addid) - alist, items = self.GetOrgSelection() - if not alist: - return - existing = [] - for i in range(0, item.clb.GetCount()): - existing.append(item.clb.GetString(i)) - - #now make sure that we don't get realm + workload into the same CS - for i in items: - if isRealm(i): - #ensure no workload of this realm is already in CS - realm = app.win.orgs.GetItemText(i) - for j in iterchildren(i): - workload = app.win.orgs.GetItemText(j) - try: - idx = existing.index (realm + "." + workload) - except: - #ok, does not exist - continue - #nok, exists already - violation = ("[ " + realm + ", " + - realm + "." + workload + " ]") - dlg = wx.MessageDialog(self, - 'Invalid Selection ' + violation + '.\n\n' + - 'You can only have EITHER an Organization OR a specific Department workload\n' + - 'in a single Run-time Exclusion Rule', - 'Adding Orgs/Depts workloads to a Run-time Exclusion Rule', - wx.OK | wx.ICON_ERROR) - dlg.ShowModal() - dlg.Destroy() - return - - else: - #ensure realm of this workload is not in CS - realm = app.win.orgs.GetItemText(app.win.orgs.GetItemParent(i)) - try: - idx = existing.index(realm) - except: - #ok, does not exist - continue - #nok, exists already - violation = ("[ " + realm + "." + app.win.orgs.GetItemText(i) + - ", " + realm + " ]") - dlg = wx.MessageDialog(self, - 'Invalid Selection ' + violation + '.\n\n' + - 'You can only have EITHER an Organization OR a specific Department workload\n' + - 'in a single Run-time Exclusion Rule', - 'Adding Orgs/Depts workloads to a Run-time Exclusion Rule', - wx.OK | wx.ICON_ERROR) - dlg.ShowModal() - dlg.Destroy() - return - #check if any of the selections are already in the conflict set - overlap=[] - for l in alist: - for e in existing: - if l == e: - overlap.append(str(l)) - if len(overlap): - if len(overlap) == 1: - message = "Selected item " + str(overlap) +\ - " is already in the Run-time Exclusion rule and will be ignored.\n\n Continue?" - else: - message = "Selected items " + str(overlap) +\ - " are already in the Run-time Exclusion rule and will be ignored.\n\n Continue?" - dlg = wx.MessageDialog(self, - message, 'Adding Orgs/Depts workloads to a Run-time Exclusion rule', - wx.YES | wx.NO | wx.ICON_EXCLAMATION) - ret = dlg.ShowModal() - dlg.Destroy() - if ret != wx.ID_YES: - return - - for s in alist: - try: - existing.index(s) - except Exception: - # s not yet in list box, add it - item.AddTypes([s]) - self.RefreshMe() - - - def _DelConSelection(self, event): - eventid = event.GetId() - pos, item = self.GetCSBox(eventid) - idtuple = item.clb.GetSelections() - idlist = [] - for i in idtuple: - idlist.append(i) - #delete reverse, otherwise item mubers get messed up while deleting - idlist.reverse() - for i in idlist: - item.clb.Delete(i) - item.RefreshMe() - if item.clb.GetCount() < 2: - dlg = wx.MessageDialog(self, - """Run-time exclusion set has less than two types.\n\n - Do you want to delete this rule?""", - 'Deleting Orgs/Depts workloads from a Run-time Exclusion rule', - wx.YES| wx.NO | wx.ICON_QUESTION) - ret = dlg.ShowModal() - dlg.Destroy() - if ret == wx.ID_YES: - self.DelCSById(eventid) - return - else: - for i in item.clb.GetSelections(): - item.clb.Deselect(i) - self.RefreshMe() - - -class myCSPanel(wx.Panel): - def __init__(self, parent, ID, title, list=[]): - wx.Panel.__init__(self, parent.conflictspanel, -1) - self.parent = parent - cspansizer = wx.BoxSizer(wx.VERTICAL) - self.box = wx.StaticBox(self, -1, title) - csboxsizer = wx.StaticBoxSizer(self.box, wx.HORIZONTAL) - #left: type add/del - typesizer = wx.BoxSizer(wx.VERTICAL) - self.add_selection = wx.Button(self, ID+1, "--> Add", style=wx.BU_EXACTFIT) - self.add_selection.SetToolTipString("Add Workload Selection To Run-time Exclusion rule") - self.add_selection.SetHelpText(AddToExclusionButtonHelp) - self.add_selection.SetForegroundColour('MEDIUMBLUE') - points = self.add_selection.GetFont().GetPointSize() - addfont = wx.Font(points, family=wx.DEFAULT, - style=wx.FONTSTYLE_NORMAL, weight=wx.BOLD) - self.add_selection.SetFont(addfont) - self.box.SetFont(addfont) - typesizer.Add(self.add_selection, proportion = 0, flag = wx.EXPAND | wx.ALL,border=0) - typesizer.Add((5,5)) - self.del_selection = wx.Button(self, ID+2, "<-- Del", style=wx.BU_EXACTFIT) - self.del_selection.SetToolTipString("Delete Workload Selection From Run-time Exclusion Rule") - self.del_selection.SetHelpText(DelFromExclusionButtonHelp) - self.del_selection.SetForegroundColour('ORANGERED') - self.del_selection.SetFont(addfont) - typesizer.Add(self.del_selection, proportion = 0, flag = wx.EXPAND | wx.ALL, border=0) - csboxsizer.Add(typesizer, proportion = 0, border=0) - csboxsizer.Add((5,5)) - #middle: types - self.clb = wx.ListBox(self, id=-1, choices=list, - style= wx.LB_MULTIPLE | wx.LB_SORT ) - self.clb.SetHelpText(ExclusionSetHelp) - csboxsizer.Add(self.clb, proportion=1, flag=wx.EXPAND | wx.ALL, border=0) - csboxsizer.Add((5,5)) - #right: Conflictset-global ops button - bmpsizer = wx.BoxSizer(wx.VERTICAL) - self.cbmp = buttons.GenBitmapButton(self, ID, conflict_bmp, style=wx.BU_EXACTFIT) - self.cbmp.SetHelpText(ManageExclusionButtonHelp) - self.cbmp.SetToolTipString("Rename/Delete\nAssociated Run-time Exclusion Rule") - bmpsizer.Add(self.cbmp, proportion = 0, flag = wx.EXPAND | wx.ALL, border=0) - csboxsizer.Add(bmpsizer, proportion=0, border=5) - cspansizer.Add(csboxsizer, proportion=0, flag=wx.EXPAND | wx.ALL, border=0) - self.csboxsizer=csboxsizer - self.cspansizer=cspansizer - self.SetSizer(cspansizer) - self.cbmp.Bind(wx.EVT_LEFT_DOWN, parent._OnClick, id=ID) - self.add_selection.Bind(wx.EVT_BUTTON, parent._AddOrgSelection, id=ID + 1) - self.del_selection.Bind(wx.EVT_BUTTON, parent._DelConSelection, id=ID + 2) - - # append and delete an item to get rid of - # the ugly vertical scroll bar on the Listbox on Linux - def RefreshMe(self): - x = self.clb.Append(" ") - app.win.conspanel.RefreshMe() - self.clb.Delete(x) - self.Layout() - app.win.conspanel.Layout() - - - def AddTypes(self, list): - for i in list: - self.clb.Append(i) - self.RefreshMe() - - - def GetTypes(self): - alist = [] - for i in range(0, self.clb.GetCount()): - alist.append(self.clb.GetString(i)) - return alist - - - def GetBoxName(self): - return self.box.GetLabel() - - - def Replace(self, oldlabel, newlabel): - index = self.clb.FindString(oldlabel) - if index != wx.NOT_FOUND: - self.clb.SetString(index, newlabel) - - - def Delete(self, label): - index = self.clb.FindString(label) - if index != wx.NOT_FOUND: - self.clb.Delete(index) - - -class myHelpPanel(wx.Panel): - def __init__(self, parent, ID): - wx.Panel.__init__(self, parent, -1) - - -class ezFrame(wx.Frame): - - ID_ABOUT = 101 - ID_NEW = 102 - ID_OPEN = 103 - ID_SAVE = 104 - ID_SAVEAS = 105 - ID_EXIT = 106 - ID_HELP = 107 - - ID_ITRENAME = 111 - ID_ITADD = 112 - ID_ITDEL = 113 - - ID_COLLAPSEALL = 121 - ID_EXPANDALL = 122 - ID_SORTALL = 123 - - ID_TRANSLATE = 131 - - ID_ORGEDT = 141 - ID_ORGADD = 142 - ID_ORGDEL = 143 - - def __init__(self, parent, ID, title): - global realm_bmp, workload_bmp, conflict_bmp - - wx.Frame.__init__(self, parent, ID, title, - wx.DefaultPosition, - wx.Size(700,450) - ) - - realm_bmp = GetIconBitmap('Organization') - workload_bmp = GetIconBitmap('Department') - conflict_bmp = GetIconBitmap('Conflict') - self.SetHelpText(GetHelp) - self.orgfilename = None - self.CreateStatusBar() - self.SetStatusText("") - self.bkg = wx.Panel(self) - - self.orgswin = wx.SashLayoutWindow( - self.bkg, -1, wx.DefaultPosition, (300, 150),wx.SW_3DSASH | wx.SW_BORDER) - - self.orgswin.SetDefaultSize((300,150)) - self.orgswin.SetOrientation(wx.LAYOUT_VERTICAL) - self.orgswin.SetAlignment(wx.LAYOUT_LEFT) - self.orgspanel = OrgsPanel(self.orgswin, -1) - self.orgs = self.orgspanel.orgs - - self.realm_menu = wx.Menu() - self.realm_menu.Append(self.ID_ORGADD, "Add Department\tctrl-a", "Add Department Workload") - self.realm_menu.AppendSeparator() - self.realm_menu.AppendSeparator() - self.realm_menu.Append(self.ID_ORGEDT, "Rename Organization\tctrl-r", "Rename Organization Workload") - self.realm_menu.Append(self.ID_ORGDEL, "Delete Organization\tctrl-d", "Delete Organization Workload") - self.realm_menu.Bind(wx.EVT_MENU, self.orgs._OrgEdt, id= self.ID_ORGEDT) - self.realm_menu.Bind(wx.EVT_MENU, self.orgs._OrgWAdd, id= self.ID_ORGADD) - self.realm_menu.Bind(wx.EVT_MENU, self._ItemDel, id=self.ID_ORGDEL) - - self.workload_menu = wx.Menu() - self.workload_menu.Append(self.ID_ORGEDT, "Rename Department\tctrl-r", "Rename Department Workload") - self.workload_menu.Append(self.ID_ORGDEL, "Delete Department\tctrl-d", "Delete Department Workload") - self.workload_menu.Bind(wx.EVT_MENU, self.orgs._OrgEdt, id= self.ID_ORGEDT) - self.workload_menu.Bind(wx.EVT_MENU, self._ItemDel, id=self.ID_ORGDEL) - - self.orgs.Bind(wx.EVT_TREE_ITEM_RIGHT_CLICK, self._OrgRightClick) - self.orgs.Bind(wx.EVT_TREE_SEL_CHANGED, self._OrgSelectionChanged) - - self.conswin = wx.SashLayoutWindow( - self.bkg, -1, wx.DefaultPosition, (300, 150), - #wx.NO_BORDER | wx.SW_3D - wx.SW_3DSASH | wx.SW_BORDER - ) - self.conswin.SetDefaultSize((300,150)) - self.conswin.SetOrientation(wx.LAYOUT_VERTICAL) - self.conswin.SetAlignment(wx.LAYOUT_RIGHT) - self.conswin.SetSashVisible(wx.SASH_LEFT, True) - self.conswin.SetSashVisible(wx.SASH_RIGHT, False) - - #right tree control for non-concurrent workload execution - self.conspanel = ConsPanel(self.conswin, -1) - self.conspanel.RefreshMe() - self.bkg.Bind(wx.EVT_SASH_DRAGGED_RANGE, self._OnSashDrag, id=self.conswin.GetId(), - id2=self.conswin.GetId()) - self.bkg.Bind(wx.EVT_SIZE, self._OnSize) - - # Main Menu - # -File - fmenu = wx.Menu() - fmenu.Append(self.ID_OPEN, "Open Workload Definition...\tctrl-o", "Open current workload definition") - fmenu.Append(self.ID_SAVE, "Save Workload Definition\tctrl-s", "Save workload defintion") - fmenu.Append(self.ID_SAVEAS, "Save Workload Defintion as...\talt-s", "Save into new file") - fmenu.AppendSeparator() - fmenu.Append(self.ID_TRANSLATE, "Save as Xen ACM Security Policy ...\talt-t", "Create Xen ACM security policy") - fmenu.AppendSeparator() - fmenu.Append(self.ID_NEW, "New\tctrl-n", "Create a new oganization definition") - fmenu.AppendSeparator() - fmenu.Append(self.ID_EXIT, "Exit\tctrl-x", "Terminate the program") - self.fmenu = fmenu - - # -Edit - emenu = wx.Menu() - emenu.Append(self.ID_ITRENAME, "Rename\tctrl-r", "Rename Selected Organization/Department") - emenu.Append(self.ID_ITADD, "Add\tctrl-a", "Add Child to Selected Organization/Department") - emenu.Append(self.ID_ITDEL, "Delete\tctrl-d", "Delete Selected Organization/Department") - self.emenu = emenu - # -Help - hmenu = wx.Menu() - hmenu.Append(self.ID_HELP, "Step-By-Step Help\tctrl-h", "More information about this program") - hmenu.Append(self.ID_ABOUT, "About", "More information about this program") - self.hmenu = hmenu - - # -View - vmenu = wx.Menu() - vmenu.Append(self.ID_SORTALL, "Sort All", "Sort Entries In All Trees") - vmenu.Append(self.ID_COLLAPSEALL, "Collapse All\tctrl-c", "Collapse All Trees") - vmenu.Append(self.ID_EXPANDALL, "Expand All\tctrl-e", "Expand All Trees") - self.vmenu = vmenu - - menuBar = wx.MenuBar() - menuBar.Append(fmenu, "&File"); - menuBar.Append(emenu, "&Edit"); - menuBar.Append(vmenu, "&View"); - menuBar.Append(hmenu, "&Help"); - - self.SetMenuBar(menuBar) - - self.Bind(wx.EVT_MENU, self._OpenSpec, id=self.ID_OPEN) - self.Bind(wx.EVT_MENU, self._SaveSpec, id=self.ID_SAVE) - self.Bind(wx.EVT_MENU, self._SaveAsSpec,id=self.ID_SAVEAS) - self.Bind(wx.EVT_MENU, self._NewSpec, id=self.ID_NEW) - self.Bind(wx.EVT_MENU, self._TimeToQuit,id=self.ID_EXIT) - self.Bind(wx.EVT_MENU, self._TranslateSpec, id=self.ID_TRANSLATE) - - self.Bind(wx.EVT_MENU, self._ItemRename, id=self.ID_ITRENAME) - self.Bind(wx.EVT_MENU, self._ItemAdd, id=self.ID_ITADD) - self.Bind(wx.EVT_MENU, self._ItemDel, id=self.ID_ITDEL) - - self.Bind(wx.EVT_MENU, self._SortAll, id=self.ID_SORTALL) - self.Bind(wx.EVT_MENU, self._CollapseAll,id=self.ID_COLLAPSEALL) - self.Bind(wx.EVT_MENU, self._ExpandAll, id=self.ID_EXPANDALL) - - self.Bind(wx.EVT_MENU, self._Help, id=self.ID_HELP) - self.Bind(wx.EVT_MENU, self._OnAbout, id=self.ID_ABOUT) - self.Bind(wx.EVT_CLOSE, self._TimeToQuit) - - - def RefreshMe(self): - size=self.GetSize() - self.Fit() - self.SetSize(size) - - #helper methods - def Load(self, file): - self.orgfilename = file - dictname = 'ezpolicy' - d = {} - # read in the config file - globs = {} - locs = {} - execfile(file, globs, locs) - for (k, v) in locs.items(): - if k == dictname: - d = v - break - dict2org(d) - self.orgspanel.orgs.UnselectAll() - self.SetTitle("ezPolicy: " + self.orgfilename) - self._ExpandAll(None) - - - def Save(self, file): - dictname = 'ezpolicy' - d = org2dict() - fd = open(file, "w") - fd.write(dictname + " = ") - fd.write(str(d)) - fd.close() - - - def New(self): - self.orgspanel.orgs.DeleteChildren(self.orgspanel.orgs.GetRootItem()) - self.conspanel.New() - - - def LabelReplaceInConflictsets(self, item, oldlabel, newlabel): - if isRealm(item): - replace = [[ oldlabel, newlabel]] - for i in iterchildren(item): - replace.append([(oldlabel + "." + self.orgs.GetItemText(i)), - (newlabel + "." + self.orgs.GetItemText(i))]) - else: - parent = self.orgs.GetItemParent(item) - replace = [ - [(self.orgs.GetItemText(parent) + "." + oldlabel), - (self.orgs.GetItemText(parent) + "." + newlabel)] - ] - for r in replace: - for i in self.conspanel.conflictsets: - if r[0] in i.GetTypes(): - i.Replace(r[0], r[1]) - - - def OrgDelItem(self, item): - label = self.orgs.GetItemText(item) - if isRealm(item): - delset = [label] - for i in iterchildren(item): - delset.append(label + "." + self.orgs.GetItemText(i)) - else: - parent = self.orgs.GetItemParent(item) - delset = [self.orgs.GetItemText(parent) + "." + label] - for i in self.conspanel.conflictsets: - for l in delset: - i.Delete(l) - #need to run in reverse order when deleting items - rev = [] - for i in self.conspanel.conflictsets: - rev.append(i) - rev.reverse() - for i in rev: - if len(i.GetTypes()) < 1: - self.conspanel.DelCSByItem(i) - self.orgs.Delete(item) - - - def _OnSashDrag(self, event): - if event.GetDragStatus() == wx.SASH_STATUS_OUT_OF_RANGE: - return - w = event.GetEventObject() - if w is self.conswin: - self.conswin.SetDefaultSize((event.GetDragRect().width, 1000)) - wx.LayoutAlgorithm().LayoutWindow(self.bkg, self.orgswin) - self.RefreshMe() - - - def _OnSize(self, event): - wx.LayoutAlgorithm().LayoutWindow(self.bkg, self.orgswin) - - - def _OrgSelectionChanged(self, event): - self.orgs.event = event - item = self.orgs.event.GetItem() - if not item.IsOk() or not self.orgs.IsSelected(item): - self.emenu.Enable(self.ID_ITRENAME, False) - self.emenu.Enable(self.ID_ITADD, False) - self.emenu.Enable(self.ID_ITDEL, False) - return - self.SetStatusText("") - #enable/disable edit menu functions - if isRealm(item): - self.emenu.Enable(self.ID_ITRENAME, True) - self.emenu.Enable(self.ID_ITADD, True) - self.emenu.Enable(self.ID_ITDEL, True) - elif isWorkload(item): - self.emenu.Enable(self.ID_ITRENAME, True) - self.emenu.Enable(self.ID_ITADD, False) - self.emenu.Enable(self.ID_ITDEL, True) - if len(self.orgs.GetSelections()) > 1: - self.emenu.Enable(self.ID_ITRENAME, False) - self.emenu.Enable(self.ID_ITADD, False) - - - def _OrgRightClick(self, event): - self.SetStatusText("") - self.orgs.event = event - item = self.orgs.event.GetItem() - #del not permitted on root items - if isWorkload(item): - self.workload_menu.Enable(self.ID_ORGDEL, True) - self.workload_menu.Enable(self.ID_ORGEDT, True) - if len(self.orgs.GetSelections()) > 1: - self.workload_menu.Enable(self.ID_ORGEDT, False) - self.PopupMenu(self.workload_menu) - else: - self.realm_menu.Enable(self.ID_ORGDEL, True) - self.realm_menu.Enable(self.ID_ORGEDT, True) - self.realm_menu.Enable(self.ID_ORGADD, True) - if len(self.orgs.GetSelections()) > 1 or \ - ACM_LABEL_UNLABELED == self.orgs.GetItemText(item): - self.realm_menu.Enable(self.ID_ORGEDT, False) - self.realm_menu.Enable(self.ID_ORGADD, False) - self.PopupMenu(self.realm_menu) - - - def _OpenSpec(self, event): - filediag = wx.FileDialog(self, defaultFile="myspec.wld", - wildcard="*.wld", style=wx.OPEN, - message="Select Workload Definition file name") - ret = filediag.ShowModal() - name = filediag.GetPath() - filediag.Destroy() - if ret not in [wx.ID_OK]: - return - self.orgfilename = name - self.Load(self.orgfilename) - self.SetTitle("ezPolicy: " + self.orgfilename) - - - def _SaveSpec(self, event): - if not self.orgfilename: - filediag = wx.FileDialog(self, defaultFile="myspec.wld", - wildcard="*.wld", style=wx.SAVE | wx.OVERWRITE_PROMPT, - message="Select Workload Definition file name") - ret = filediag.ShowModal() - name = filediag.GetPath() - filediag.Destroy() - if ret not in [wx.ID_OK]: - return - self.orgfilename = name - self.Save(self.orgfilename) - self.SetTitle("ezPolicy: " + self.orgfilename) - - - def _SaveAsSpec(self, event): - if not self.orgfilename: - self.orgfilename = "DEFAULT.wld" - filediag = wx.FileDialog(self, defaultFile=self.orgfilename, - wildcard="*.wld", style=wx.SAVE | wx.OVERWRITE_PROMPT, - message="Select Workload Definition file name") - ret = filediag.ShowModal() - name = filediag.GetPath() - filediag.Destroy() - if ret not in [wx.ID_OK]: - return - self.orgfilename = name - self.Save(self.orgfilename) - self.SetTitle("ezPolicy: " + self.orgfilename) - - - def _NewSpec(self, event): - self.orgfilename = None - #reset trees etc - self.New() - self.SetTitle("ezPolicy: *New File*") - - - def _TranslateSpec(self, event): - policyname = transInfo() - if not policyname: - return - path="/etc/xen/acm-security/policies/" - nameparts=string.split(policyname, ".") - if len(nameparts) > 1: - path = path + "/".join(nameparts[0:len(nameparts)-1]) - deffile = nameparts[len(nameparts) - 1] + "-security_policy.xml" - filediag = wx.FileDialog(self, defaultDir=path, defaultFile=deffile, - wildcard="*.xml", message="Select Policy File Name", - style=wx.SAVE | wx.OVERWRITE_PROMPT) - ret = filediag.ShowModal() - filename = filediag.GetPath() - filediag.Destroy() - if ret not in [wx.ID_OK]: - return - #translate data into default policy - timestamp = time.asctime() - d = org2dict() - types = [] - for i in d['orgs']: - types.append(str(i[0])) - for j in i[1]: - types.append(str(i[0]) + "." + str(j)) - f = open(filename, "w") - printPolicyHeader (f, policyname, timestamp) - printPolicy(f, types, d['cons']) - printLabels(f, d, types)#, d['cons']) - printTrailer(f) - f.close() - - - def _ItemRename(self, event): - #ensure only 1 item is selected - sels = self.orgs.GetSelections() - if len(sels) != 1: - return - self.orgs.OrgEdt(sels[0]) - - - def _ItemAdd(self, event): - #ensure only 1 item is selected + add figure - sels = self.orgs.GetSelections() - if len(sels) != 1: - return - self.orgs.OrgWAdd(sels[0]) - - - def _ItemDel(self, event): - sels = self.orgs.GetSelections() - for i in sels: - self.OrgDelItem(i) - - - def _CollapseAll(self, event): - for i in iterchildren(self.orgs.GetRootItem()): - self.orgs.Collapse(i) - - - def _ExpandAll(self, event): - for i in iterchildren(self.orgs.GetRootItem()): - self.orgs.Expand(i) - - - def _SortAll(self, event): - #would be nice to also sort the organizations - for i in iterchildren(self.orgs.GetRootItem()): - if self.orgs.GetChildrenCount(i) > 0: - self.orgs.SortChildren(i) - - - def _OnAbout(self, event): - dlg = wx.MessageDialog(self, - "This program helps you to define the structure\n" - "of organizations and their departments.\n\n" - "It translates this \'Workload Definition\' into\n" - "a simple workload protection policy for the\n" - "Xen Access Control Module.\n\n\n" - "Copyright (c) 2006: IBM Corporation\n" - "Author:\nReiner Sailer <sailer@us.ibm.com>", - "About Me", wx.OK | wx.ICON_INFORMATION) - dlg.ShowModal() - dlg.Destroy() - - - def _Help(self, event): - hpopup = wx.Frame(self,-1, "HELP: Creating a Xen Security Policy in 3 Steps" ) - HelpHtmlWindow(hpopup, -1) - hpopup.SetSize((650,650)) - hpopup.Show(True) - - - def _TimeToQuit(self, event): - self.Bind(wx.EVT_CLOSE, None) - self.orgs.Bind(wx.EVT_TREE_ITEM_RIGHT_CLICK, None) - self.orgs.Bind(wx.EVT_TREE_SEL_CHANGED, None) - self.Close(True) - - -class ezApp(wx.App): - - def OnInit(self): - self.win = ezFrame(None, -1, title="EZ Workload Protection Policy Tool") - self.win.Show(True) - self.SetTopWindow(self.win) - return True - - - def Load(self, file): - self.win.Load(file) - - - def New(self): - self.win.New() - - -def isRealm(it): - if not it: - return False - return (app.win.orgspanel.orgs.GetItemParent(it) == app.win.orgspanel.orgs.GetRootItem()) - - -def isWorkload(it): - if not it or not app.win.orgs.GetItemParent(it): - return False - return (app.win.orgspanel.orgs.GetItemParent(app.win.orgspanel.orgs.GetItemParent(it)) - == app.win.orgspanel.orgs.GetRootItem()) - - -def GetOrgsSelection(): - return (app.win.orgspanel.orgs, app.win.orgspanel.orgs.GetSelections()) - - -def transInfo(): - info = wx.TextEntryDialog(app.win, message="POLICYNAME", - caption="Translate: Creating The Xen/ACM Policy") - ret = info.ShowModal() - name = info.GetValue() - info.Destroy() - if ret in [wx.ID_OK]: - return name - return None - - -def iterchildren(node): - cid, citem = app.win.orgspanel.orgs.GetFirstChild(node) - while cid.IsOk(): - yield cid - cid, citem = app.win.orgspanel.orgs.GetNextChild(node, citem) - - -def dict2org(d): - # release old structure - app.New() - # fill them with dict content - for i in d['orgs']: - orgnode = app.win.orgspanel.orgs.AppendItem(app.win.orgspanel.orgs.GetRootItem(), text=i[0]) - app.win.orgspanel.orgs.SetItemBold(orgnode, True) - app.win.orgspanel.orgs.SetItemImage(orgnode, realm_icon, wx.TreeItemIcon_Normal) - for j in i[1]: - wlnode = app.win.orgspanel.orgs.AppendItem(orgnode, text=j) - app.win.orgspanel.orgs.SetItemImage(wlnode, workload_icon, wx.TreeItemIcon_Normal) - for i in d['cons']: - app.win.conspanel.AddConflict(i[0], i[1]) - - -def org2dict(): - global app - dic = {} - o= [] - for i in iterchildren(app.win.orgs.GetRootItem()): - d = [] - for j in iterchildren(i): - d.append( - str(app.win.orgspanel.orgs.GetItemText(j).encode("utf-8"))) - o.append([str(app.win.orgspanel.orgs.GetItemText(i).encode("utf-8")), - d]) - dic['orgs'] = o - c=[] - for i in app.win.conspanel.conflictsets: - c.append([i.GetBoxName() , i.GetTypes()]) - dic['cons'] = c - return dic - - -def dict_read(dictname, filename): - """Loads <filename> and returns the dictionary named <dictname> from - the file. - """ - dic = {} - - # read in the config file - globs = {} - locs = {} - execfile(filename, globs, locs) - - for (k, v) in locs.items(): - if k == dictname: - dic = v - break - return dic - -#==================== Policy Generation/Translation functions - -def printPolicyHeader (fd, policyname, timestamp, version="1.0"): - fd.write( """<?xml version=\"1.0\" encoding=\"UTF-8\"?> -<!-- Auto-generated by ezPolicy --> -<SecurityPolicyDefinition xmlns=\"http://www.ibm.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://www.ibm.com ../../security_policy.xsd \"> - <PolicyHeader> - <PolicyName>%s</PolicyName> - <Date>%s</Date> - <Version>%s</Version> - </PolicyHeader> -""" % (policyname, timestamp, version)) - - - -def printPolicy(fd, types, cons): - fd.write(""" - <SimpleTypeEnforcement> - <SimpleTypeEnforcementTypes> - <Type>SystemManagement</Type>\n""") - - # add dynamically created type definitions org.dept - for i in types: - fd.write(""" <Type>%s</Type>\n""" % i) - - fd.write(""" </SimpleTypeEnforcementTypes> - </SimpleTypeEnforcement> - - <ChineseWall priority="PrimaryPolicyComponent"> - <ChineseWallTypes> - <Type>SystemManagement</Type>\n""") - - #add dinamically created cw types - for i in types: - fd.write(""" <Type>%s</Type>\n""" % i) - - fd.write(""" </ChineseWallTypes>\n\n""") - - if len(cons): - fd.write(""" <ConflictSets>\n""") - for i in cons: - if len(i[1]) < 2: - print "Ignoring Run-time exclusion set %s (less than 2 types}" % i[0] - continue - #name is optional but must be set - if i[0]: - rer_name = i[0] - else: - rer_name = "RER" - fd.write(""" <Conflict name=\"""" + - rer_name.encode("utf-8") + """\">\n""") - for j in i[1]: - typ = j.encode("utf-8") - fd.write(""" <Type>%s</Type>\n""" % typ) - fd.write(""" </Conflict>\n""") - fd.write(""" </ConflictSets>\n""") - - fd.write(""" </ChineseWall>\n\n""") - - - -def printLabels(fd, d, types): #, cons): - fd.write( """ <SecurityLabelTemplate> - <SubjectLabels bootstrap=\"SystemManagement\">""") - - # create default boot label for dom0 - fd.write("""\n <VirtualMachineLabel> - <Name>SystemManagement</Name> - <SimpleTypeEnforcementTypes> - <Type>SystemManagement</Type>\n""") - # add dynamically created type definitions org.dept - for i in types: - fd.write(""" <Type>%s</Type>\n""" % i) - - fd.write(""" </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>SystemManagement</Type> - </ChineseWallTypes> - </VirtualMachineLabel>\n""") - - # create one Udom label for each type ste type - for i in d['orgs']: - organization = i[0] - fd.write("""\n <VirtualMachineLabel> - <Name>%s</Name> - <SimpleTypeEnforcementTypes> - <Type>%s</Type> - </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>%s</Type> - </ChineseWallTypes> - </VirtualMachineLabel>\n""" % (organization, organization, organization)) - for j in i[1]: - workload = organization + "." + j - fd.write("""\n <VirtualMachineLabel> - <Name>%s</Name> - <SimpleTypeEnforcementTypes> - <Type>%s</Type> - </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>%s</Type> - <Type>%s</Type> - </ChineseWallTypes> - </VirtualMachineLabel>\n""" % (workload, workload, organization , workload)) - - fd.write(""" </SubjectLabels>\n\n""") - - #create resource labels for each type - fd.write(""" <ObjectLabels>""") - for i in ['SystemManagement'] + types: - fd.write("""\n <ResourceLabel> - <Name>%s</Name> - <SimpleTypeEnforcementTypes> - <Type>%s</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel>\n""" % (i, i)) - fd.write(""" </ObjectLabels> - </SecurityLabelTemplate>\n""") - -def printTrailer(fd): - fd.write( """</SecurityPolicyDefinition>\n""") - -#============== the icons/bitmaps ====================================== -# to ensure the program runs anywhere, we include the buttons right here -# while this makes the file even bigger, it also makes it easier to use -import cStringIO - -def GetIconBitmap(name): - return wx.BitmapFromImage(GetIconImage(name)) - -def GetIconImage(name): - if name == 'Organization': - iostream = cStringIO.StringIO(GetOrganizationIconData()) - elif name == 'Department': - iostream = cStringIO.StringIO(GetDepartmentIconData()) - elif name == 'Conflict': - iostream = cStringIO.StringIO(GetConflictIconData()) - else: - sys.exit("UNKNOWN ICON NAME") - return wx.ImageFromStream(iostream) - -def GetOrganizationIconData(): - return \ -'\x89PNG\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52\ -\x00\x00\x00\x10\x00\x00\x00\x11\x08\x02\x00\x00\x00\x5b\xcd\xbb\ -\x93\x00\x00\x00\x03\x73\x42\x49\x54\x08\x08\x08\xdb\xe1\x4f\xe0\ -\x00\x00\x02\x7b\x49\x44\x41\x54\x28\x91\x5d\xd1\xcb\x4f\x13\x51\ -\x14\x06\xf0\x73\x1f\x74\x3a\x33\x9d\x96\x87\x0a\x14\x30\x3c\xd4\ -\x60\x34\xf1\xb1\x70\xa5\x26\x2e\xfc\x87\x4d\xdc\x18\x17\x26\x08\ -\x26\x44\x01\xc1\x07\x10\x52\x1e\x96\xb6\x94\x4a\x87\x0e\x33\x73\ -\xef\xdc\x7b\xcf\x71\x01\x31\x81\x6f\x73\x36\xe7\xb7\xf8\xf2\x31\ -\x22\x82\xab\x50\x51\x68\xa5\xd2\x6e\x77\xbf\xdd\xf8\x36\x52\x1b\ -\x5f\x78\xfc\xc6\x0f\x6b\x70\x3d\xf2\xea\x97\x28\x8e\xbb\xfd\x7e\ -\xd7\xb9\xb4\x3e\xe9\xe3\x99\x1d\x34\x3f\x34\xb9\xaa\x2f\xbe\x0d\ -\x2a\xa3\x8c\xb1\xff\x80\x5f\x1e\x63\x4c\x9a\x1e\x23\xaa\x24\xd1\ -\x8c\x91\xe0\xae\x04\xb1\xed\x7e\x6a\xff\x7e\x7f\x11\xb7\x01\xe8\ -\x26\x90\x52\x02\x98\x30\xac\xf8\x7e\x95\x88\x13\x5a\x0e\x4e\xe0\ -\xb9\xe9\x6f\xf5\xbb\x87\x5a\x17\x37\x01\xe7\x1c\x00\x38\x37\x9e\ -\x87\x9c\x91\xb3\xce\x21\x2f\xc8\x4b\xac\xec\xf5\xf6\x76\xd7\xdf\ -\xa9\x6c\x70\xad\x03\x00\x30\xc6\x6b\x35\x19\x86\x5c\x48\x42\x59\ -\x71\xd1\x3d\x88\x26\x82\x68\x8a\xf4\xa0\x68\x7f\x69\xed\xc0\x9d\ -\xb9\xd7\x41\xf5\xf6\x15\x50\x2a\x07\x60\xe5\xb2\x04\x00\x6b\x1d\ -\x56\x67\x71\x68\xbc\x67\x43\xe3\xa2\x49\x8c\xcb\x10\xe7\xad\xa5\ -\x53\x80\x5b\xb3\xaf\xa4\x52\x79\x9e\x0f\x8c\x4d\x01\xdc\x25\xb6\ -\x08\x27\x38\xaa\xb9\x3b\x4a\xb4\x13\x30\x02\x69\xc0\x1c\xc7\x9e\ -\xea\x2c\x1f\x1b\x23\x9b\xad\x46\xaa\xce\x53\x60\x7e\x09\xa7\x2e\ -\x81\xc3\xf6\x05\x58\xc7\x12\x2c\x45\x1e\x17\x45\xce\x19\x32\x42\ -\x61\xbb\x67\xad\x75\x79\xd0\x69\x9f\x23\x0e\xc0\x1f\x2e\xb3\x67\ -\x00\x00\x80\x04\x85\x25\x72\x56\x7a\xa1\xc7\x32\x61\x33\xb8\x1a\ -\x97\xca\xc1\xa8\x74\xa2\xd2\xd3\x8a\x0b\xc8\x0c\x68\xa5\x8c\xb1\ -\x8e\x0d\x21\x22\x3a\xc7\x3c\xe9\x51\x21\x51\x01\x21\x00\x38\xe4\ -\x95\xb1\xfb\x7c\xb8\x12\x0a\x00\xb2\x46\x19\x6c\xfd\x39\xdc\xda\ -\xda\x56\xca\x5c\x6e\x6f\xb4\x4e\xe2\x93\xbf\x49\xac\x8d\x23\x00\ -\xc7\x82\x70\x64\x5a\xd6\xc2\x00\x6d\x47\x08\x40\x12\x8d\x9d\x5f\ -\x5f\x77\xe2\xdb\x33\x73\x51\x89\x98\x60\x71\xaf\xf9\xf3\x70\xa5\ -\x99\x1c\x3c\x19\xe3\xf5\x9a\x57\x1d\x1e\xf5\x82\x31\x59\xe8\x84\ -\x9b\x6c\x38\x08\x98\xc7\xb2\x76\x7a\xd2\xcf\x38\xc0\xf3\x49\xe6\ -\x97\x82\xc1\xc9\xd2\x86\x5b\xdf\x3f\x75\x8d\x01\x3d\xb9\x55\x79\ -\x51\xf2\x26\x84\x2f\x3f\xaf\x7d\x0c\xfd\xe0\xe9\xdd\xa7\xbe\x70\ -\xdb\x1d\x1f\x31\x16\x9c\xcd\x4f\x8d\x29\xad\x3b\x71\x13\x88\x72\ -\x8d\x22\xa2\x8d\x63\xdd\xef\x37\xa2\xf9\x16\xdf\x6d\x6f\x4a\x91\ -\xf9\x43\xae\x1a\xf9\x82\x0b\x21\xf8\x45\x9a\x69\x5d\x74\xba\xa7\ -\x44\x90\xb7\x1c\x9d\x1b\x8c\x2d\xa5\xf4\xeb\xa8\xb9\x77\xb4\x2f\ -\x1f\xd5\x17\xbf\x6f\xad\x2d\xaf\xad\x3e\x9c\x78\x50\xaf\x08\xa5\ -\xcc\xee\xee\xfe\x4e\x63\x73\xe5\xc7\xea\x41\xe3\xf8\x0e\x8a\x97\ -\xf7\x66\x92\x3c\xa9\x4f\x4f\x64\xa5\xb9\x87\x0b\x8b\xff\x00\x63\ -\xce\x84\xe6\xf7\x5b\x7e\xce\x00\x00\x00\x00\x49\x45\x4e\x44\xae\ -\x42\x60\x82' - -def GetDepartmentIconData(): - return \ -'\x89PNG\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52\ -\x00\x00\x00\x10\x00\x00\x00\x11\x08\x06\x00\x00\x00\xd4\xaf\x2c\ -\xc4\x00\x00\x00\x04\x73\x42\x49\x54\x08\x08\x08\x08\x7c\x08\x64\ -\x88\x00\x00\x01\x52\x49\x44\x41\x54\x38\x8d\xd5\x92\x3d\x4b\x42\ -\x61\x18\x86\xaf\xf3\xfa\xfa\x81\xa9\x58\x48\x60\x08\x49\xd2\x26\ -\xb4\x37\x4a\x14\x6d\x6d\x42\x42\x7f\x20\x68\xae\x31\x28\xff\x85\ -\x83\xd0\x90\x05\x0d\x6d\x0d\xd2\x2a\x89\x24\x48\xb8\x85\x49\x1a\ -\x48\x87\xd4\xca\x93\xbe\xd4\x69\x38\x39\x1c\xa8\x34\x1a\xa2\x7b\ -\xbb\x79\xb8\xaf\x87\xe7\x43\x0b\x2f\x6c\xad\x05\x23\x4b\x39\x4d\ -\x38\x5d\xe6\xdb\x80\x9b\xab\xd3\x7a\xaf\x96\x99\x65\x4c\xc9\xfb\ -\x97\xd9\xdc\x43\xb3\xef\x82\x3e\xaf\xc6\x2d\x4a\x9b\x33\xc7\x0d\ -\x03\x48\x25\xa3\x4e\x25\x86\x0d\x0d\xbc\x8e\x8e\xff\x28\x95\x3a\ -\x70\x08\x21\x01\x0e\xcb\xe5\x5a\xb6\x52\xd9\xfe\x12\x60\x73\xa6\ -\x62\x7f\xae\x3a\x15\xf5\xf8\x52\x00\x8d\x6e\x97\xc5\x40\xe0\x32\ -\x0b\xdb\x00\x3e\x9f\xf0\xa4\xd3\x33\x9b\x5e\xaf\x70\x01\xe4\xf3\ -\x9d\xb6\x1d\xf0\xd6\x67\x3d\xe4\x60\xfa\xc3\xb6\x0d\x03\xb7\x10\ -\xc3\xaa\xd8\xd9\x99\x3c\x49\x24\x3c\xab\x00\xdd\xae\xc2\x30\x1e\ -\xaf\xed\x80\xef\xe5\x4e\x26\xf5\x95\x58\x4c\x07\xa0\x50\x80\x60\ -\x10\xc4\x88\xd0\x48\xfd\x1a\x30\x72\x84\x62\x24\x12\x9b\xdf\xdd\ -\x3d\x33\x95\x12\x26\x7b\xda\x8f\x00\xe7\x42\x70\x1c\x8f\x07\x34\ -\x29\x97\x91\x12\xd0\x00\xfb\x9b\x7c\x0b\xd0\xc3\x61\x5a\xa1\x90\ -\x65\x06\x03\xcc\x4f\x5e\xec\xef\x97\xf8\xcf\x01\x4f\x4f\xd4\x25\ -\xbd\xea\x05\x4a\xb7\xee\xdb\xab\x3e\x17\x5a\xad\x89\xa0\xdb\x0d\ -\x40\x43\x08\x0d\xbf\xdf\xda\xbd\x52\x14\x8b\x26\x77\x4d\x2b\x5c\ -\x2a\xa1\x67\x32\x6c\xbc\x03\x17\xdb\x6e\x97\x68\x69\xf7\x4f\x00\ -\x00\x00\x00\x49\x45\x4e\x44\xae\x42\x60\x82' - -def GetConflictIconData(): - return \ -'\x89PNG\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52\ -\x00\x00\x00\x10\x00\x00\x00\x10\x08\x02\x00\x00\x00\x90\x91\x68\ -\x36\x00\x00\x00\x03\x73\x42\x49\x54\x08\x08\x08\xdb\xe1\x4f\xe0\ -\x00\x00\x02\x45\x49\x44\x41\x54\x28\x91\x6d\x92\x4f\x48\x9a\x71\ -\x18\xc7\x7f\xbe\xef\xab\xcd\xed\x95\xcd\x8c\x25\x83\xc0\x24\xa9\ -\xc3\x4a\x17\xce\xea\x96\x3b\xe4\x0e\x5d\xba\xce\xa8\x88\xe8\x20\ -\x1a\x15\x1d\x3a\x78\x09\xf2\xed\xcf\xe8\x32\x68\x45\x56\x93\x66\ -\x94\x78\x99\x53\x68\x4e\x1b\xe1\x61\x30\xc2\x19\x5b\x16\xac\x9c\ -\x76\x19\x92\x2e\x35\xa6\x7b\xf7\xda\xfb\x3e\x3b\xd8\x9c\x9b\x7e\ -\x8e\xdf\xdf\xf3\x81\xdf\xf3\x87\x07\x00\xe8\x0f\x99\xb3\xb3\xd0\ -\xca\xca\x17\x97\x2b\x75\x7a\x8a\xf1\xf9\x77\xea\xeb\xe5\x3a\xdd\ -\x83\xe1\xe1\x6a\x85\xa2\x58\xc3\x2b\x08\x5c\x3e\x1f\x98\x9a\xfa\ -\xb0\xb0\x80\xf3\xf9\x72\x9d\xae\x56\xa5\xe2\x58\x36\x13\x8b\x9d\ -\xb8\xdd\x3f\x2f\x2e\x1e\x8e\x8c\x3c\x9a\x9d\xc5\xab\xaa\x10\x42\ -\x08\x00\x38\x96\x75\xf6\xf4\x58\x78\xbc\x37\x46\x23\x9d\x4e\x43\ -\x09\x57\x34\xfd\x7e\x6e\x6e\x4e\x28\xb4\x6b\xb5\x2c\xc3\x00\x00\ -\x02\x80\x77\x93\x93\xd3\x08\x51\x04\x71\xec\x74\x42\x25\xbe\xfa\ -\x7c\xf3\x24\xb9\x63\x30\x00\x00\x4a\x45\x22\x33\x02\x81\xd7\x64\ -\x5a\x69\x6e\x9e\xe1\xf3\x8f\x1c\x8e\x8a\xce\xc7\xe5\x65\x0b\x86\ -\x7d\xdb\xdf\x47\xfe\x89\x89\xa7\x22\xd1\xaf\xcb\xcb\x6c\x22\x61\ -\x55\x2a\x29\x82\x08\x6f\x6d\x95\x0b\x1c\xcb\x3e\x57\x28\x3c\x43\ -\x43\x68\x5d\xa3\x71\x74\x77\x17\xd2\x5c\x32\x69\x55\xa9\x28\x82\ -\x38\xdc\xdc\x2c\x77\xbc\x26\xd3\xb3\xba\x3a\xec\xfb\xf1\xb1\xb8\ -\xa1\xa1\x30\x32\xa1\x44\xa2\xdf\xdd\xbd\xdb\xd2\xf2\xba\xbf\xff\ -\xd0\x6e\x47\xff\x22\x69\x6a\xfa\x11\x8f\x63\x1c\xcb\xb2\x0c\x53\ -\x4c\x85\xd5\xd5\x7a\xbf\xbf\x56\xa9\x74\x0f\x0c\x7c\xde\xd8\x28\ -\x15\x80\xe3\x80\xe3\xb0\xdb\x32\x59\x26\x1a\x2d\x7d\xb8\x21\x16\ -\x3f\xf1\xf9\xa4\xad\xad\x9e\xc1\xc1\x4f\x36\x5b\x31\x4f\x47\xa3\ -\xa4\x54\x8a\x7c\xe3\xe3\xf3\x24\x99\x4b\x26\xff\xfb\x31\x9d\x4a\ -\xad\x6b\x34\x14\x8e\x1f\xac\xad\x15\x9a\x5e\x6a\x6c\x74\xf5\xf5\ -\xa1\x44\x38\x4c\xe1\xf8\xdb\xd1\xd1\xf2\x2e\xe9\x74\xfa\x45\x7b\ -\xbb\x05\xc3\x42\x56\x6b\x70\x69\xc9\xc2\xe3\x9d\x05\x02\x08\x00\ -\x76\x0c\x06\x8a\x20\xc2\xdb\xdb\x15\x9c\x4c\xc6\xd6\xd1\x61\xc1\ -\xb0\x79\x92\x7c\xa5\xd7\x5f\x6f\x9a\x65\x98\x97\x9d\x9d\x14\x8e\ -\xef\x99\xcd\x57\x34\x5d\x2a\xb0\x0c\xb3\x67\x36\x4f\x23\xb4\xae\ -\x56\xe7\x73\x39\x00\xb8\x3e\xbe\x7c\x2e\xe7\x1b\x1b\x3b\x58\x5d\ -\xbd\x59\x53\x23\xef\xea\x2a\x0c\x3a\x13\x8b\x45\xbc\xde\x6c\x3c\ -\x7e\xbf\xb7\xf7\xf1\xe2\xa2\x40\x24\xfa\x7b\xad\x05\xe2\xc1\x60\ -\xc8\x6a\x3d\xf1\x78\xb2\xe7\xe7\x88\xe3\x6e\x49\xa5\x32\xad\x56\ -\x6d\x34\xde\x6b\x6b\x2b\xd6\xfc\x06\xb3\xcb\xb3\xdb\x2f\x3f\x31\ -\xa9\x00\x00\x00\x00\x49\x45\x4e\x44\xae\x42\x60\x82' - -#=============== help texts - -NewRealmButtonHelp = \ - "Use this button to add a new top-level REALM type. \n\n\ -You can refine an existing realm by right-clicking it \ -and selecting \"Add workload\" from the pop-up menu.\n\n<Ctrl>-h for help" - -RealmWorkloadPanelHelp = \ - "\ -Use this panel to define names for types of workloads that \ -shall be confined against each other.\n\n<Ctrl>-h for help" - -RunTimeExclusionPanelHelp = \ - "\ -The run-time exclusion rules restrict which workload types \ -can run simultaneously on the same platform. At most one \ -type in an exclusion rule can run. If a domain starts, its \ -workload type is looked up and if it is in any exclusion rule \ -of which another type is already running, then it is denied \ -to start.\n\n<Ctrl>-h for help" - -CreateRunTimeButtonHelp = \ - "\ -This button creates a new run-time exclusion rule using the \ -selection from the left side workload definition panel.\n\n<Ctrl>-h for help" - -AddToExclusionButtonHelp = \ - "\ -This button adds the current selection in the left side \ -workload definition panel to the associated exclusion rule.\n\n<Ctrl>-h for help" - -DelFromExclusionButtonHelp = \ - "\ -This button deletes the current selection of the associated \ -exclusion rule from the associated exclusion rule.\n\n<Ctrl>-h for help" - -ManageExclusionButtonHelp = \ - "\ -This button allows to rename or delete the associated exclusion \ -rule. Left-click the button for the menu.\n\n<Ctrl>-h for help" - -ExclusionSetHelp = \ - "\ -Of the workload types specified in an exclusion rule, \ -only one can run at a time on the same platform.\n\n<Ctrl>-h for help" - -GetHelp = \ - "\ -Use <CTRL>-h to open the help window. Use the context help on buttons." - -#================ html help page ================= -# for ez use included in a single file, one could also -# optionally try to fetch the page from a public location -import wx.html as html - -class HelpHtmlWindow(html.HtmlWindow): - def __init__(self, parent, id): - html.HtmlWindow.__init__(self, parent, id, style=wx.NO_FULL_REPAINT_ON_RESIZE) - if "gtk2" in wx.PlatformInfo: - self.SetStandardFonts() - self.SetPage(helptext) - -helptext = """ -<HTML> -<HEAD> -<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> -<META name="GENERATOR" content="IBM WebSphere Studio Homepage Builder V6.0.2 for Windows"> -<META http-equiv="Content-Style-Type" content="text/css"> -<TITLE>Overview</TITLE> -</HEAD> -<BODY bgcolor="#dfdfdf" text="#000000"> -<H3><FONT color="#000000" face="Palatino Linotype">Creating A Xen Workload-Protection Security Policy</FONT></H3> -<FONT face="Palatino Linotype">The purpose of this tool is to create a Xen security policy that understands -the workload types that you want to confine against each other. For this -purpose you enter the names of workload types that you want to assign to -domains and resources. You can also define groups of workload types that -should not run on the same system simultaneously for any reason; such groups -are called Runtime Exclusion Sets. Please refer to the Xen User Guide for -more information.<BR> -<BR> -This tool will create a unique security label for each workload type. Every -domain and resource must be labeled so that the hypervisor system can correctly -identify the associated workload type and control the sharing among domains -in a way that keeps different workload types confined from each other. -This tool ensures two things:<BR> -<BR> -1. The created security policy includes a distinctive label for each workload -type defined in step 1 below. These labels must later be assigned to Domains -and Resources to enable Xen to enforce the confinement.<BR> -<BR> -2. The created security policy includes access control rules that are enforced -by the Xen Hypervisor (independently of the guest Domains) and guarantee -that:</FONT> -<BLOCKQUOTE><FONT face="Palatino Linotype">(i) Domains that are assigned the same workload type label can -share (communicate, -use common resources) without restriction through the hypervisor. Their -interoperation can still be constraint by the domains (domain-internal -means).</FONT></BLOCKQUOTE> -<BLOCKQUOTE><FONT face="Palatino Linotype">(ii) Domains that are assigned different workload type labels cannot share, -i.e., cannot communicate or use common resources. Independently enforced -by the hypervisor, the domains cannot overrule this decision.</FONT></BLOCKQUOTE> -<BLOCKQUOTE><FONT face="Palatino Linotype">(iii) Once a Domain labeled with a workload type of a Runtime Exclusion -Rule is running, no other domain labeled with another workload type of -the same Runtime Exclusion Rule can start. This holds for all Runtime Exclusion -Rules.</FONT></BLOCKQUOTE> -<FONT face="Palatino Linotype">While all workloads share common hardware resources, the core hypervisor -isolation and virtualization in combination with the Xen access control -policy ensure that, e.g., viruses in one workload type cannot infect other -workload types and that secrets used within one workload type cannot leak -into another workload type. Currently the Xen access control enforcement -covers domains, local storage resources, and the local virtual network -interfaces. Protecting sharing through the open network is subject of ongoing -work; such protection must currently be setup manually using IP filtering -rules in Domain0. -<BR> -</FONT> -<H2><FONT color="#000000" face="Palatino Linotype">Step 1</FONT></H2> -<FONT face="Palatino Linotype">The first step of creating a workload protection policy is to determine -names for the different workload types. The left panel offers the means -to define and and manage workload type definitions.<BR> -<BR> -A workload can be an organization name (coarse-grained type), e.g. a corporate -realm such as IBM or PepsiCo. An organization can be refined to describe -independent functional groupings within the organization, such as IBM.Financing -or Pepsi.Payroll. Use the<B><I> <New Org></I></B> button on the left panel -to create a new organization workload. To refine such a workload, right-click the -organization and chose <B><I><Add Department></I></B>. You can add multiple -departments to an organization but you do not have to add any.<BR> -<BR> -This tool will create a separate label name for each organization and for -each department workload. The policy will be computed so that there is -no sharing between organizations or departments by default. IBM, IBM.Financing, -Pepsi, and Pepsi.Payroll will by default not be able to share in this simple -policy example. You can introduce controlled sharing by refining the policy, -which is beyond the scope of this help.<BR> -<BR> -As an example, define the four organizations PepsiCo, CocaCola, Avis, Hertz. -Define department workloads Payroll, HumanResources and Financing for Avis -and CocaCola, and PepsiCo.<BR> -</FONT> -<H2><FONT color="#000000" face="Palatino Linotype">Step 2</FONT></H2> -<FONT face="Palatino Linotype">In this second step, we enter those workload types that should not run -simultaneously on the same hardware platform. There might be multiple reasons -for this, e.g., imperfect resource control.<BR> -<BR> -As an example, we will create a policy that guarantees that PepsiCo workloads -and CocaCola workloads never run simultaneously on the same platform: <BR> -<BR> -1. Select the PepsiCo organization on the left panel by left-clicking it..<BR> -<BR> -2. Press the <Ctrl>-Key and then select CocaCola organization by -left-clicking it while keeping the <Ctrl>-Key pressed..<BR> -<BR> -3. Click the <B><I><Create run-time exclusion rule from selection></I></B> -button and enter a name for this Run-time Exclusion rule (e.g., RER1). The name is -for your reference only. It has no impact on the policy. On the right panel, a run-time -exclusion rule with the chosen name appears. <BR> -<BR> -The interpretation of the rule is as follows: If a domain labeled PepsiCo -is running, then another domain labeled CocaCola cannot start on the same -system and the other way round. This also holds for departments of PepsiCo -and CocaCola (organizations dominate their departments). If PepsiCo or -PepsiCo.Payroll etc. are running, then a domain with label CocaCola or -CocaCola.Payroll etc. cannot start. If you want to restrict concurrency -between specific subtypes, then you must create a Run-time Exclusion rule -that specifies the department workload types. To exclude only CocaCola.Payroll -and PepsiCo.Payroll from running simultaneously the Run-time Exclusion -rule must be formed using Coca.Cola.Payroll and PepsiCo.Payroll, not their -organizations. Consequently it does not make sense to add both an organization -and any of its departments to the same Run-time Exclusion rule because -any department is already covered by its organization (this tool will not -allow it).<BR> -<BR> -You can create multiple Run-time Exclusion rules, all of which will be -enforced simultaneously by the hypervisor. You do not need to define any -Run-time Exclusion rule if you do not find it necessary. You can add or -delete workload types from Run-time Exclusion rules using the <B><I><Add></I></B> -and <I><B><Del></B></I> buttons associated with the rule. The <I><B><Add></B></I> -button adds the workload types selected in the left panel to the Run-time -Exclusion rule. The <I><B><Del></B></I> button deletes the workload types selected -in the associated Run-time Exclusion rule from the rule. <BR> -</FONT> -<H2><FONT color="#000000" face="Palatino Linotype">Step 3</FONT></H2> -<FONT face="Palatino Linotype">Now that we have defined the workloads and Run-time Exclusion rules, we -can save the workload definition for later reference or refinement. Select -the <I><B>File->Save Workload -Definition as..</B></I> menu entry and choose a file name.<BR> -<BR> -Please use the <B><I>File->Save as Xen ACM Security Policy..</I></B> menu entry and choose a policy -name to create a Xen Workload Protection -security policy from the current workload definition. To simplify the succeeding -steps, please use a name of the form "example.chwall_ste.NAME" -where you merely replace "NAME" with a policy name of your choice. -Save the policy under the name proposed by the tool in the proposed directory -if you are using this tool in your Xen environment. Otherwise, you need -to copy the resulting file into your Xen environment to the directory -"/etc/xen/acm-security/policies/example/chwall_ste/".<BR> -<BR> -This tool creates policies for the Xen Chinese Wall and Simple Type Enforcement -policy. The Xen access control policy in general is more expressive and -this tool only uses a small subset of the possible configurations. <B><BR> -<BR> -Where to go from here.</B> <BR> -<BR> -Before the new policy can be activated, we need to translate the policy into a representation that -Xen and the Xen-tools can work with. To this end, in your Xen environment, please issue the command -<B><I>xm makepolicy example.chwall_ste.NAME</I></B> where NAME must be replaced by the name you chose -for your policy in step 3 above. Then, we need to make the policy available to the Xen hypervisor. In -your Xen environment, please issue the command <B><I>xm cfgbootpolicy example.chwall_ste.NAME</I></B> -to install the policy for the next reboot. If the command cannot find the correct boot title, then you -can manually install it as described in the xm man page.<BR> -<BR> -Finally, reboot your security-enabled Xen environment. Please refer to the xm man page for how to enable -Xen security. After reboot, you can use <I><B>xm labels type=any</B></I> to list all the created workload l -abels. Use the <I><B>xm addlabel</B></I> command to assign workload type labels to the associated domains -and resources.<BR> -<BR> -From here, please check the Xen user guide.<BR> -</FONT></BODY> -</HTML> -""" - -#=============== main ===== - -def main(): - global app - app = ezApp(0) - if len(sys.argv) in [2]: - app.Load(sys.argv[1]) - else: - dict2org({'orgs' : [[ACM_LABEL_UNLABELED,[]]], 'cons': []}) - app.MainLoop() - print "Goodbye" - -if __name__ == '__main__': - main() - -#==== end of file diff --git a/tools/security/xensec_gen.py b/tools/security/xensec_gen.py deleted file mode 100644 index d531777660..0000000000 --- a/tools/security/xensec_gen.py +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/python -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, -# or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -import sys - -from xen.xensec_gen import main - -main.main( ) diff --git a/tools/xm-test/README b/tools/xm-test/README index 405532c7fb..88c00836ed 100644 --- a/tools/xm-test/README +++ b/tools/xm-test/README @@ -137,38 +137,6 @@ Xm-test will look for disk.img in the ramdisk directory when run by default. -BUILDING for ACM Security Testing -================================= - -A number of tests have been added to test the access control module (ACM) -in the Xen hypervisor and the tools for supporting ACM. Those tests are -located in the security-acm directory. If ACM support is compiled into Xen -(see the user guide for how to do this) those tests can be run with the -following command from the xm-test directory - -./runtest.sh [...] -g security <report> - -Some of these tests will work even without support of ACM by Xen. - -The xm test suite has been extended to support labeling of resources -as required by the existing tests. However, by default the test suite -is not allowed to automatically label resources since this may affect -existing labels. To enable this, the test suite must be configured with -the following parameter passed to the configure scripts (in addition to -any other desired parameters) - -./configure --enable-full-labeling - -To revoke the privilege at a later time run the configure scripts without -this parameter: - -./configure - -If a 'make' has previously been run for building the test suite, it is not -necessary to run 'make' again just for enabling or disabling the automatic -labeling of resources. - - Running ======= diff --git a/tools/xm-test/configure.ac b/tools/xm-test/configure.ac index 40d93c41d7..ad1eb78391 100644 --- a/tools/xm-test/configure.ac +++ b/tools/xm-test/configure.ac @@ -41,20 +41,6 @@ fi AM_CONDITIONAL(HVM, test x$ENABLE_HVM = xTrue) AC_SUBST(ENABLE_HVM) -AC_ARG_ENABLE(full-labeling, - [[ --enable-full-labeling allows the test suite to label all resources]], - [ - ENABLE_LABELING=True - ],[ - ENABLE_LABELING=False - ]) - -if test "x$ENABLE_LABELING" = "xTrue"; then - echo "ACM_LABEL_RESOURCES = True" > lib/XmTestLib/acm_config.py -else - rm -f lib/XmTestLib/acm_config.py* -fi - # Network needs to know ips to use: dhcp or a range of IPs in the form # of: 192.0.2.1-192.0.2.100 # If not dhcp, a netmask and network address must be supplied. Defaults to @@ -151,7 +137,6 @@ AC_CONFIG_FILES([ tests/restore/Makefile tests/save/Makefile tests/sched-credit/Makefile - tests/security-acm/Makefile tests/sedf/Makefile tests/shutdown/Makefile tests/sysrq/Makefile diff --git a/tools/xm-test/grouptest/default b/tools/xm-test/grouptest/default index 1db6a73398..f0516b2949 100644 --- a/tools/xm-test/grouptest/default +++ b/tools/xm-test/grouptest/default @@ -22,7 +22,6 @@ reboot restore save sched-credit -security-acm shutdown sysrq unpause diff --git a/tools/xm-test/grouptest/security b/tools/xm-test/grouptest/security deleted file mode 100644 index 4d5c8b941d..0000000000 --- a/tools/xm-test/grouptest/security +++ /dev/null @@ -1 +0,0 @@ -security-acm diff --git a/tools/xm-test/lib/XmTestLib/XenAPIDomain.py b/tools/xm-test/lib/XmTestLib/XenAPIDomain.py index 3c5310f061..1ca2307c27 100644 --- a/tools/xm-test/lib/XmTestLib/XenAPIDomain.py +++ b/tools/xm-test/lib/XmTestLib/XenAPIDomain.py @@ -23,7 +23,6 @@ import os import sys from XmTestLib import * from types import DictType -from acm import * class XenAPIConfig: @@ -40,9 +39,6 @@ class XenAPIConfig: 'ramdisk': 'PV_ramdisk', 'root' : 'PV_args', 'extra' : 'PV_args' } - if isACMEnabled(): - #A default so every VM can start with ACM enabled - self.opts["security_label"] = "ACM:xm-test:red" def setOpt(self, name, value): """Set an option in the config""" diff --git a/tools/xm-test/lib/XmTestLib/XenDomain.py b/tools/xm-test/lib/XmTestLib/XenDomain.py index f15b6a00a7..ae8c550c48 100644 --- a/tools/xm-test/lib/XmTestLib/XenDomain.py +++ b/tools/xm-test/lib/XmTestLib/XenDomain.py @@ -30,7 +30,6 @@ from config import * from Console import * from XenDevice import * from DomainTracking import * -from acm import * DOM0_UUID = "00000000-0000-0000-0000-000000000000" @@ -61,9 +60,6 @@ class XenConfig: self.defaultOpts["disk"] = [] self.defaultOpts["vif"] = [] self.defaultOpts["vtpm"] = [] - if isACMEnabled(): - #A default so every VM can start with ACM enabled - self.defaultOpts["access_control"] = ['policy=xm-test,label=red'] self.opts = self.defaultOpts @@ -91,7 +87,6 @@ class XenConfig: output = file(filename, "w") output.write(self.toString()) output.close() - ACMPrepareSystem(self.opts) def __str__(self): """When used as a string, we represent ourself by a config diff --git a/tools/xm-test/lib/XmTestLib/acm.py b/tools/xm-test/lib/XmTestLib/acm.py deleted file mode 100644 index f8a62f4991..0000000000 --- a/tools/xm-test/lib/XmTestLib/acm.py +++ /dev/null @@ -1,101 +0,0 @@ -#!/usr/bin/python -""" - Copyright (C) International Business Machines Corp., 2006 - Author: Stefan Berger <stefanb@us.ibm.com> - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; under version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -""" -from Test import * -import xen.util.xsm.xsm as security -from xen.xm.main import server -from xen.util import xsconstants -import re - -try: - from acm_config import * -except: - ACM_LABEL_RESOURCES = False - -labeled_resources = {} -acm_verbose = False -policy='xm-test' - - -def isACMEnabled(): - return security.on() - -def setCurrentPolicy(plcy): - global policy - policy = plcy - -def ACMSetPolicy(): - cmd='xm dumppolicy | grep -E "^POLICY REFERENCE = ' + policy + '.$"' - s, o = traceCommand(cmd) - if o != "": - return - s, o = traceCommand("xm setpolicy ACM %s" % (policy)) - if s != 0: - FAIL("Could not load the required policy '%s'.\n" - "Start the system without any policy.\n%s" % \ - (policy, o)) - -def ACMPrepareSystem(resources): - if isACMEnabled(): - ACMSetPolicy() - ACMLabelResources(resources) - -def ACMLabelResources(resources): - for k, v in resources.items(): - if k == "disk": - for vv in v: - res = vv.split(',')[0] - ACMLabelResource(res) - -# Applications may label resources explicitly by calling this function -def ACMLabelResource(resource, label='red'): - if not isACMEnabled(): - return - if acm_verbose: - print "labeling resource %s with label %s" % (resource, label) - if not ACM_LABEL_RESOURCES: - SKIP("Skipping test since not allowed to label resources in " - "test suite") - if not isACMResourceLabeled(resource): - ACMUnlabelResource(resource) - s, o = traceCommand("xm addlabel %s res %s" % (label, resource)) - if s != 0: - FAIL("Could not add label to resource") - else: - labeled_resources["%s" % resource] = 1 - - -# Application may remove a label from a resource. It has to call this -# function and must do so once a resource for re-labeling a resource -def ACMUnlabelResource(resource): - s, o = traceCommand("xm rmlabel res %s" % (resource)) - labeled_resources["%s" % resource] = 0 - - -def isACMResourceLabeled(resource): - """ Check whether a resource has been labeled using this API - and while running the application """ - try: - if labeled_resources["%s" % resource] == 1: - if acm_verbose: - print "resource %s already labeled!" % resource - return True - except: - return False - return False diff --git a/tools/xm-test/lib/XmTestLib/block_utils.py b/tools/xm-test/lib/XmTestLib/block_utils.py index 58124c832a..c302efeb15 100644 --- a/tools/xm-test/lib/XmTestLib/block_utils.py +++ b/tools/xm-test/lib/XmTestLib/block_utils.py @@ -6,7 +6,6 @@ import time from XmTestLib import * -from acm import * import xen.util.blkif @@ -27,7 +26,6 @@ def get_state(domain, devname): def block_attach(domain, phy, virt): - ACMLabelResource(phy) status, output = traceCommand("xm block-attach %s %s %s w" % (domain.getName(), phy, virt)) if status != 0: diff --git a/tools/xm-test/runtest.sh b/tools/xm-test/runtest.sh index aee67dfa06..73d1a5c69d 100755 --- a/tools/xm-test/runtest.sh +++ b/tools/xm-test/runtest.sh @@ -221,12 +221,6 @@ run=yes unsafe=no GROUPENTERED=default -#Prepare for usage with ACM -if [ -d /etc/xen/acm-security/policies ]; then - cp -f tests/security-acm/xm-test-security_policy.xml \ - /etc/xen/acm-security/policies -fi - unset XM_MANAGED_DOMAINS # Resolve options diff --git a/tools/xm-test/tests/Makefile.am b/tools/xm-test/tests/Makefile.am index d5b64ef6cb..8d673ed525 100644 --- a/tools/xm-test/tests/Makefile.am +++ b/tools/xm-test/tests/Makefile.am @@ -19,7 +19,6 @@ SUBDIRS = \ pause \ reboot \ sched-credit \ - security-acm \ sedf \ shutdown \ sysrq \ diff --git a/tools/xm-test/tests/security-acm/01_security-acm_basic.py b/tools/xm-test/tests/security-acm/01_security-acm_basic.py deleted file mode 100644 index 7876c51d1b..0000000000 --- a/tools/xm-test/tests/security-acm/01_security-acm_basic.py +++ /dev/null @@ -1,121 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> -# -# A couple of simple tests that test ACM security extensions -# for the xm tool. The following xm subcommands are tested: -# -# - labels -# - rmlabel -# - addlabel -# - getlabel -# - resources - -from XmTestLib import * -import xen.util.xsm.xsm as security -from xen.util import xsconstants -import commands -import os -import re - -testpolicy = "xm-test" -testlabel = "blue" -vmconfigfile = "/tmp/xm-test.conf" -testresource = "phy:ram0" - -if not isACMEnabled(): - SKIP("Not running this test since ACM not enabled.") - -status, output = traceCommand("xm labels %s" % (testpolicy)) -if status != 0: - FAIL("'xm labels' failed with status %d.\n" % status) - -#Need to get a vm config file - just have it written to a file -domain = XmTestDomain() -domain.config.write(vmconfigfile) - -#Whatever label it might have - remove it -status, output = traceCommand("xm rmlabel dom %s" % - (vmconfigfile)) - -status, output = traceCommand("xm addlabel %s dom %s %s" % - (testlabel, vmconfigfile, testpolicy)) -if status != 0: - FAIL("(1) 'xm addlabel' failed with status %d.\n" % status) - -status, output = traceCommand("xm getlabel dom %s" % - (vmconfigfile)) - -if status != 0: - FAIL("'xm getlabel' failed with status %d, output:\n%s" % - (status, output)) -if output != "policytype=%s,policy=%s,label=%s" % \ - (xsconstants.ACM_POLICY_ID, testpolicy, testlabel): - FAIL("(1) Received unexpected output from 'xm getlabel dom': \n%s" % - (output)) - - -status, output = traceCommand("xm rmlabel dom %s" % - (vmconfigfile)) - -if status != 0: - FAIL("'xm rmlabel' failed with status %d, output: \n%s" % - (status,output)) -if output != "": - FAIL("Received unexpected output from 'xm rmlabel': \n%s" % - (output)) - -status, output = traceCommand("xm getlabel dom %s" % - (vmconfigfile)) - -if output != "Error: 'Domain not labeled'": - FAIL("(2) Received unexpected output from 'xm getlabel dom': \n%s" % - (output)) - -#Whatever label the resource might have, remove it -status, output = traceCommand("xm rmlabel res %s" % - (testresource)) -if status != 0: - FAIL("'xm rmlabel' on resource failed with status %d.\n" % status) - -status, output = traceCommand("xm addlabel %s res %s %s" % - (testlabel, testresource, testpolicy)) -if status != 0: - FAIL("(2) 'xm addlabel' on resource failed with status %d.\n" % status) - -status, output = traceCommand("xm getlabel res %s" % (testresource)) - -if status != 0: - FAIL("'xm getlabel' on resource failed with status %d, output:\n%s" % - (status, output)) -if output != "%s:%s:%s" % (xsconstants.ACM_POLICY_ID,\ - testpolicy,testlabel): - FAIL("Received unexpected output from 'xm getlabel res': \n%s" % - (output)) - -status, output = traceCommand("xm resources") - -if status != 0: - print "status = %s" % str(status) - FAIL("'xm resources' did not run properly") -if not re.search(security.unify_resname(testresource), output): - FAIL("'xm resources' did not show the tested resource '%s'." % - testresource) - -status, output = traceCommand("xm rmlabel res %s" % - (testresource)) - -if status != 0: - FAIL("'xm rmlabel' on resource failed with status %d, output: \n%s" % - (status,output)) -if output != "": - FAIL("Received unexpected output from 'xm rmlabel': \n%s" % - (output)) - -status, output = traceCommand("xm getlabel res %s" % - (testresource)) - -if output != "Error: 'Resource not labeled'": - FAIL("Received unexpected output from 'xm getlabel res': \n%s" % - (output)) diff --git a/tools/xm-test/tests/security-acm/02_security-acm_dom_start.py b/tools/xm-test/tests/security-acm/02_security-acm_dom_start.py deleted file mode 100644 index 4aac09d2fc..0000000000 --- a/tools/xm-test/tests/security-acm/02_security-acm_dom_start.py +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> -# -# Simple test that starts two labeled domains; both domains should start -# -# The following xm subcommands are tested: -# - dumppolicy -# - labels - -from XmTestLib import * -from acm_utils import * -import commands -import os - -testlabel1 = "green" -testlabel2 = "red" - -status, output = traceCommand("xm labels") - -labels = ["SystemManagement", "blue", "red", "green"] -for l in labels: - if not re.search(l, output): - FAIL("Label '%s' not found in current policy!", l) - -status, output = traceCommand("xm dumppolicy") -if status != 0: - FAIL("'xm dumppolicy' returned an error code.") -lines = ["ssidref 0: 00 00 00 00", - "ssidref 1: 01 00 00 00", - "ssidref 2: 00 01 00 00", - "ssidref 3: 00 00 01 00", - "ssidref 4: 00 00 00 01"] -for l in lines: - if not re.search(l, output): - FAIL("Could not find '%s' in output of 'xm dumppolicy'" % l) - -config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel1)} -verbose = True -domain1 = XmTestDomain(name="domain-%s" % testlabel1, - extraConfig=config) - -try: - domain1.start(noConsole=True) -except DomainError, e: - if verbose: - print e.extra - FAIL("Unable to start 1st labeled test domain.") - -config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel2)} - -domain2 = XmTestDomain(name="domain-%s" % testlabel2, - extraConfig=config) - -try: - domain2.start(noConsole=True) -except DomainError, e: - if verbose: - print e.extra - FAIL("Unable to start 2nd labeled test domain.") - -domain2.destroy() -domain1.destroy() diff --git a/tools/xm-test/tests/security-acm/03_security-acm_dom_conflict.py b/tools/xm-test/tests/security-acm/03_security-acm_dom_conflict.py deleted file mode 100644 index 4aef380de5..0000000000 --- a/tools/xm-test/tests/security-acm/03_security-acm_dom_conflict.py +++ /dev/null @@ -1,60 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> -# -# A test that exercises the conflict set of the chinese wall policy. -# Start a first domain and then a second one. The second one is -# expected NOT to be starteable. - -from XmTestLib import * -from acm_utils import * -import commands -import os - -testlabel1 = "blue" -testlabel2 = "red" - -config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel1)} - -domain1 = XmTestDomain(name="domain-%s" % testlabel1, - extraConfig=config) - -try: - domain1.start(noConsole=True) -except DomainError, e: - if verbose: - print e.extra - FAIL("Unable to start 1st labeled test domain") - -# Verify with xm dry-run -status, output = traceCommand("xm dry-run /tmp/xm-test.conf | " - "grep -v \"Dry Run\"") -if status != 0: - FAIL("'xm dry-run' failed") -if not re.search("PERMITTED", output): - FAIL("'xm dry-run' did not succeed.") - -config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel2)} - -domain2 = XmTestDomain(name="domain-%s" % testlabel2, - extraConfig=config) - -try: - domain2.start(noConsole=True) - # Should never get here! - FAIL("Could start a domain in a conflict set - " - "this should not be possible") -except DomainError, e: - #This is exactly what we want in this case - status = 0 - -# Verify with xm dry-run -status, output = traceCommand("xm dry-run /tmp/xm-test.conf | " - "grep -v \"Dry Run\"") -if status != 0: - FAIL("'xm dry-run' failed.") -if not re.search("PERMITTED", output): - FAIL("'xm dry-run' did not show that operation was permitted.") - -domain1.destroy() diff --git a/tools/xm-test/tests/security-acm/04_security-acm_dom_res.py b/tools/xm-test/tests/security-acm/04_security-acm_dom_res.py deleted file mode 100644 index 367016339f..0000000000 --- a/tools/xm-test/tests/security-acm/04_security-acm_dom_res.py +++ /dev/null @@ -1,69 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> -# -# Simple test that starts two labeled domains using labeled resources each -# - -from XmTestLib import * -from acm_utils import * -import commands -import os - -testlabel1 = "green" -resource1 = "phy:ram0" -testlabel2 = "red" -resource2 = "phy:/dev/ram1" - -config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel1), - "disk" :"%s,hda1,w" % (resource1)} -domain1 = XmTestDomain(name="domain-%s" % testlabel1, - extraConfig=config) - -# Explicity label the resource -ACMLabelResource(resource1, testlabel1) - -try: - domain1.start(noConsole=True) -except DomainError, e: - if verbose: - print e.extra - FAIL("Unable to start 1st labeled test domain.") - -# Verify with xm dry-run -status, output = traceCommand("xm dry-run /tmp/xm-test.conf | " - "grep -v \"Dry Run\"") - -if status != 0: - FAIL("'xm dry-run' failed") -if not re.search("%s: PERMITTED" % resource1, output): - FAIL("'xm dry-run' did not succeed.") - -config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel2), - "disk" :"%s,hda1,w" % (resource2)} - -domain2 = XmTestDomain(name="domain-%s" % testlabel2, - extraConfig=config) - -# Explicity label the resource -ACMLabelResource(resource2, testlabel2) - -try: - domain2.start(noConsole=True) -except DomainError, e: - if verbose: - print e.extra - FAIL("Unable to start 2nd labeled test domain.") - -# Verify with xm dry-run -status, output = traceCommand("xm dry-run /tmp/xm-test.conf | " - "grep -v \"Dry Run\"") - -if status != 0: - FAIL("'xm dry-run' failed") -if not re.search("%s: PERMITTED" % resource2, output): - FAIL("'xm dry-run' did not succeed.") - -domain2.destroy() -domain1.destroy() diff --git a/tools/xm-test/tests/security-acm/05_security-acm_dom_res_conf.py b/tools/xm-test/tests/security-acm/05_security-acm_dom_res_conf.py deleted file mode 100644 index 89c6b5974c..0000000000 --- a/tools/xm-test/tests/security-acm/05_security-acm_dom_res_conf.py +++ /dev/null @@ -1,38 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> -# -# A test that tries to start a domain using a resource that it is -# not supposed to be able to use due to its labeling - -from XmTestLib import * -from acm_utils import * -import commands -import os - -testlabel1 = "blue" -resource1 = "phy:ram0" - -config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel1), - "disk" :"%s,hda1,w" % (resource1)} - -domain1 = XmTestDomain(name="domain-%s" % testlabel1, - extraConfig=config) - -ACMLabelResource(resource1,"red") - -try: - domain1.start(noConsole=True) - # Should never get here - FAIL("Could start domain with resource that it is not supposed to access.") -except DomainError, e: - #That's exactly what we want to have in this case - dummy = 0 - -# Verify via dry-run -status, output = traceCommand("xm dry-run /tmp/xm-test.conf | " - "grep -v \"Dry Run\"") -if not re.search("%s: DENIED" %resource1, output): - FAIL("'xm dry-run' did not show expected result that operation was NOT " - "permitted: \n%s" % output) diff --git a/tools/xm-test/tests/security-acm/06_security-acm_dom_block_attach.py b/tools/xm-test/tests/security-acm/06_security-acm_dom_block_attach.py deleted file mode 100644 index 92b09e9e01..0000000000 --- a/tools/xm-test/tests/security-acm/06_security-acm_dom_block_attach.py +++ /dev/null @@ -1,82 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2005 -# Author: Stefan Berger <stefanb@us.ibm.com> -# Based on block-create/01_block_attach_device_pos.py -# -# Create a domain and attach 2 resources to it. The first resource -# should be attacheable, the 2nd one should not be due to the label it has. - -import re -from XmTestLib import * -from XmTestLib import block_utils -from acm_utils import * - -testlabel1 = "blue" -resource1 = "phy:ram1" -resourcelabel1 = "blue" -resource2 = "phy:/dev/ram0" -resourcelabel2 = "red" - -if ENABLE_HVM_SUPPORT: - SKIP("Block-attach not supported for HVM domains") - -# Create a domain (default XmTestDomain, with our ramdisk) -config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel1)} - -domain = XmTestDomain(extraConfig=config) - -try: - console = domain.start() -except DomainError, e: - FAIL(str(e)) - -# Attach a console to it -try: - console.setHistorySaveCmds(value=True) - # Run 'ls' - run = console.runCmd("ls") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL(str(e)) - - -# Explicitly label the 1st resource -ACMLabelResource(resource1, resourcelabel1) -block_utils.block_attach(domain, resource1, "xvda1") - -try: - run1 = console.runCmd("cat /proc/partitions") -except ConsoleError, e: - FAIL(str(e)) - -#Explicitly label the 2nd resource -ACMLabelResource(resource2, resourcelabel2) -#Cannot call block_attach here since we legally may fail the command -status, output = traceCommand("xm block-attach %s %s %s w" % - (domain.getName(), resource2, "xvda2" )) - -for i in range(10): - if block_utils.get_state(domain, "xvda2") == 4: - break - time.sleep(1) - -try: - run2 = console.runCmd("cat /proc/partitions") -except ConsoleError, e: - FAIL(str(e)) - -# Close the console -domain.closeConsole() - -# Stop the domain (nice shutdown) -domain.stop() - -if not re.search("xvda1",run1["output"]): - FAIL("Labeled device 'xvda1' is not actually connected to the domU") - -if not re.search("xvda1",run2["output"]): - FAIL("Labeled device 'xbvda1' has disappeared?!") - -if re.search("xvda2",run2["output"]): - FAIL("Labeled device 'xvda2' is connected to the domU but should not be") diff --git a/tools/xm-test/tests/security-acm/07_security-acm_pol_update.py b/tools/xm-test/tests/security-acm/07_security-acm_pol_update.py deleted file mode 100644 index a9e19a2153..0000000000 --- a/tools/xm-test/tests/security-acm/07_security-acm_pol_update.py +++ /dev/null @@ -1,313 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> - -# Test to exercise the xspolicy class - -from XmTestLib import xapi -from XmTestLib.XenAPIDomain import XmTestAPIDomain -from XmTestLib import * -from xen.xend import XendAPIConstants -import xen.util.xsm.xsm as security -from xen.util import acmpolicy, xsconstants -from xen.util.acmpolicy import ACMPolicy -from xen.xend.XendDomain import DOM0_UUID -from XmTestLib.acm import * - -import commands -import os -import base64 - -if not isACMEnabled(): - SKIP("Not running this test since ACM not enabled.") - -try: - session = xapi.connect() -except: - SKIP("Skipping this test since xm is not using the Xen-API.") - -xm_test = {} -xm_test['policyname'] = "xm-test" -xm_test['date'] = "Fri Sep 29 14:44:38 2006" -xm_test['url'] = None - -vm_label_red = "%s:xm-test:red" % xsconstants.ACM_POLICY_ID -vm_label_green = "%s:xm-test:green" % xsconstants.ACM_POLICY_ID -vm_label_blue = "%s:xm-test:blue" % xsconstants.ACM_POLICY_ID -vm_label_sys = "%s:xm-test:SystemManagement" % xsconstants.ACM_POLICY_ID - -vm_label_black = "%s:xm-test:black" - -session = xapi.connect() - -oldlabel = session.xenapi.VM.get_security_label(DOM0_UUID) - -ssidref = session.xenapi.VM.set_security_label(DOM0_UUID, - vm_label_sys, - oldlabel) -if int(ssidref) <= 0 or int(ssidref) != 0x00010001: - FAIL("(0) Domain-0 label for '%s' has unexpected failure: %08x" % - (vm_label_sys, int(ssidref))) -print "ssidref for '%s' is 0x%08x" % (vm_label_sys, int(ssidref)) - - -xstype = session.xenapi.XSPolicy.get_xstype() -if int(xstype) & xsconstants.XS_POLICY_ACM == 0: - SKIP("ACM not enabled/compiled in Xen") - -policystate = session.xenapi.XSPolicy.get_xspolicy() -if not policystate.has_key('xs_ref'): - FAIL("get_xspolicy must return member 'xs_ref'") - -xs_ref = policystate['xs_ref'] -if xs_ref != "": - origpolicyxml = session.xenapi.ACMPolicy.get_xml(xs_ref) -else: - origpolicyxml = "" - -f = open("xm-test-security_policy.xml", 'r') -if f: - newpolicyxml = f.read() - f.close() -else: - FAIL("Could not read 'xm-test' policy") - -try: - os.unlink("/boot/xm-test.bin") -except: - pass - -policystate = session.xenapi.XSPolicy.get_xspolicy() - -if int(policystate['type']) == 0: - policystate = session.xenapi.XSPolicy.set_xspolicy( - xsconstants.XS_POLICY_ACM, - newpolicyxml, - xsconstants.XS_INST_LOAD | xsconstants.XS_INST_BOOT, - 1) - if int(policystate['flags']) == -1: - FAIL("Could not set the new policy.") - -print "state of policy = %s " % policystate - -rc = session.xenapi.XSPolicy.activate_xspolicy( - policystate['xs_ref'], - xsconstants.XS_INST_LOAD | xsconstants.XS_INST_BOOT) -if int(rc) != xsconstants.XS_INST_LOAD | xsconstants.XS_INST_BOOT: - FAIL("Could not activate the current policy: rc = %08x" % int(rc)) - -if not os.path.exists("/boot/xm-test.bin"): - FAIL("Binary policy was not installed. Check grub config file.") - -policystate = session.xenapi.XSPolicy.get_xspolicy() - -if int(policystate['flags']) != xsconstants.XS_INST_BOOT | \ - xsconstants.XS_INST_LOAD: - FAIL("Flags (%x) are not indicating the correct state of the policy.", - int(policystate['flags'])) - -policystate = session.xenapi.XSPolicy.get_xspolicy() -xs_ref = policystate['xs_ref'] - -newpolicyxml = None -f = open("xm-test-new-security_policy.xml", 'r') -if f: - newpolicyxml = f.read() - f.close() -else: - FAIL("Could not read 'xm-test-new' policy") - -cur_acmpol = ACMPolicy(xml = policystate['repr']) -new_acmpol = ACMPolicy(xml = newpolicyxml) - -new_acmpol.update_frompolicy(cur_acmpol) - -policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, - new_acmpol.toxml(), - xsconstants.XS_INST_LOAD | xsconstants.XS_INST_BOOT, - 1) - -f = open("xm-test-security_policy.xml", 'r') -if f: - newpolicyxml = f.read() - f.close() -else: - FAIL("Could not read 'xm-test-new' policy") - -cur_acmpol = new_acmpol -new_acmpol = ACMPolicy(xml = newpolicyxml) - -new_acmpol.update_frompolicy(cur_acmpol) - -policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, - new_acmpol.toxml(), - xsconstants.XS_INST_LOAD | xsconstants.XS_INST_BOOT, - 1) - -dom0_lab = session.xenapi.VM.get_security_label(DOM0_UUID) - -ssidref = session.xenapi.VM.set_security_label(DOM0_UUID, - vm_label_sys, dom0_lab) -if int(ssidref) <= 0 or int(ssidref) != 0x00010001: - FAIL("(1) Domain-0 label for '%s' has unexpected failure: %08x" % - (vm_label_sys, int(ssidref))) -print "ssidref for '%s' is 0x%08x" % (vm_label_sys, int(ssidref)) - -try: - ssidref = session.xenapi.VM.set_security_label(DOM0_UUID, - vm_label_black, - vm_label_sys) - FAIL("Could set label '%s', although it's not in the policy. " - "ssidref=%s" % (vm_label_black, ssidref)) -except: - pass - -ssidref = session.xenapi.VM.set_security_label(DOM0_UUID, - vm_label_red, - vm_label_sys) -if int(ssidref) <= 0: - FAIL("(2) Domain-0 label for '%s' has unexpected failure: %08x" % - (vm_label_red, int(ssidref))) -print "ssidref for '%s' is 0x%08x" % (vm_label_red, int(ssidref)) - -label = session.xenapi.VM.get_security_label(DOM0_UUID) - -if label != vm_label_red: - FAIL("Dom0 label '%s' not as expected '%s'" % (label, vm_label_red)) - - -ssidref = session.xenapi.VM.set_security_label(DOM0_UUID, - vm_label_sys, - vm_label_red) -if int(ssidref) <= 0 or int(ssidref) != 0x00010001: - FAIL("(3) Domain-0 label for '%s' has unexpected failure: %08x" % - (vm_label_sys, int(ssidref))) - -label = session.xenapi.VM.get_security_label(DOM0_UUID) - -if label != vm_label_sys: - FAIL("Dom0 label '%s' not as expected '%s'" % label, dom0_label) - -header = session.xenapi.ACMPolicy.get_header(xs_ref) - -if header['policyname'] != xm_test['policyname']: - FAIL("Name in header is '%s', expected is '%s'." % - (header['policyname'],xm_test['policyname'])) -if header['date'] != xm_test['date']: - FAIL("Date in header is '%s', expected is '%s'." % - (header['date'],xm_test['date'])) -if header.has_key("url") and header['url' ] != xm_test['url' ]: - FAIL("URL in header is '%s', expected is '%s'." % - (header['url' ],xm_test['url' ])) - -# Create another domain -try: - # XmTestAPIDomain tries to establish a connection to XenD - domain = XmTestAPIDomain(extraConfig={ 'security_label' : vm_label_blue }) -except Exception, e: - SKIP("Skipping test. Error: %s" % str(e)) - - -vm_uuid = domain.get_uuid() - -res = session.xenapi.VM.get_security_label(vm_uuid) -if res != vm_label_blue: - FAIL("VM has security label '%s', expected is '%s'" % - (res, vm_label_blue)) - -try: - domain.start(noConsole=True) -except: - FAIL("Could not create domain") - - -# Attempt to relabel the running domain -ssidref = session.xenapi.VM.set_security_label(vm_uuid, - vm_label_red, - vm_label_blue) -if int(ssidref) <= 0: - FAIL("Could not relabel running domain to '%s'." % vm_label_red) - -# user domain is 'red', dom0 is current 'SystemManagement'. -# Try to move domain-0 to 'red' first, then to 'blue'. - -# Moving domain-0 to 'red' should work -ssidref = session.xenapi.VM.set_security_label(DOM0_UUID, - vm_label_red, - vm_label_sys) -if int(ssidref) <= 0: - FAIL("Could not label domain-0 '%s'" % vm_label_red) - -# Moving the guest domain to 'blue' should not work due to conflict set -try: - ssidref = session.xenapi.VM.set_security_label(vm_uuid, - vm_label_blue, - vm_label_red) - FAIL("Could label guest domain with '%s', although this is in a conflict " - "set. ssidref=%x" % (vm_label_blue,int(ssidref))) -except: - pass - -label = session.xenapi.VM.get_security_label(vm_uuid) -if label != vm_label_red: - FAIL("User domain has wrong label '%s', expected '%s'." % - (label, vm_label_red)) - -label = session.xenapi.VM.get_security_label(DOM0_UUID) -if label != vm_label_red: - FAIL("Domain-0 has wrong label '%s'; expected '%s'." % - (label, vm_label_red)) - -ssidref = session.xenapi.VM.set_security_label(DOM0_UUID, - vm_label_sys, - vm_label_red) -if int(ssidref) < 0: - FAIL("Could not set the domain-0 security label to '%s'." % - (vm_label_sys)) - -# pause the domain and relabel it... -session.xenapi.VM.pause(vm_uuid) - -label = session.xenapi.VM.get_security_label(vm_uuid) -if label != vm_label_red: - FAIL("User domain has wrong label '%s', expected '%s'." % - (label, vm_label_red)) - -ssidref = session.xenapi.VM.set_security_label(vm_uuid, - vm_label_blue, - vm_label_red) -print "guest domain new label '%s'; ssidref is 0x%08x" % \ - (vm_label_blue, int(ssidref)) -if int(ssidref) <= 0: - FAIL("Could not label guest domain with '%s'" % (vm_label_blue)) - -label = session.xenapi.VM.get_security_label(vm_uuid) -if label != vm_label_blue: - FAIL("User domain has wrong label '%s', expected '%s'." % - (label, vm_label_blue)) - -session.xenapi.VM.unpause(vm_uuid) - -rc = session.xenapi.VM.suspend(vm_uuid) - -ssidref = session.xenapi.VM.set_security_label(vm_uuid, - vm_label_green, - vm_label_blue) -print "guest domain new label '%s'; ssidref is 0x%08x" % \ - (vm_label_green, int(ssidref)) -if int(ssidref) < 0: - FAIL("Could not label suspended guest domain with '%s'" % (vm_label_blue)) - -label = session.xenapi.VM.get_security_label(vm_uuid) -if label != vm_label_green: - FAIL("User domain has wrong label '%s', expected '%s'." % - (label, vm_label_green)) - - -rc = session.xenapi.VM.resume(vm_uuid, False) - -label = session.xenapi.VM.get_security_label(vm_uuid) -if label != vm_label_green: - FAIL("User domain has wrong label '%s', expected '%s'." % - (label, vm_label_green)) diff --git a/tools/xm-test/tests/security-acm/08_security-acm_xapi.py b/tools/xm-test/tests/security-acm/08_security-acm_xapi.py deleted file mode 100644 index 469bf35a91..0000000000 --- a/tools/xm-test/tests/security-acm/08_security-acm_xapi.py +++ /dev/null @@ -1,358 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2007 -# Author: Stefan Berger <stefanb@us.ibm.com> - -# VM creation test with labeled VM and labeled VDI - -from XmTestLib import xapi -from XmTestLib.XenAPIDomain import XmTestAPIDomain -from XmTestLib import * -from xen.xend import XendAPIConstants -import xen.util.xsm.xsm as security -from xen.util import acmpolicy, xsconstants -import commands -import os - -vm_label_red = xsconstants.ACM_POLICY_ID + ":xm-test:red" -vm_label_green = xsconstants.ACM_POLICY_ID + ":xm-test:green" -vdi_label_red = xsconstants.ACM_POLICY_ID + ":xm-test:red" -vdi_label_green = xsconstants.ACM_POLICY_ID + ":xm-test:green" - -vm_label_unlabeled = xsconstants.ACM_POLICY_ID + ":xm-test:" + \ - acmpolicy.ACM_LABEL_UNLABELED - -vdi_file = "/dev/ram0" -vdi_path = "phy:" + vdi_file - -#Note: -# If during the suspend/resume operations 'red' instead of 'green' is -# used, the Chinese Wall policy goes into effect and disallows the -# suspended VM from being resumed... - -try: - # XmTestAPIDomain tries to establish a connection to XenD - domain = XmTestAPIDomain(extraConfig={ 'security_label' : vm_label_red }) -except Exception, e: - SKIP("Skipping test. Error: %s" % str(e)) - -vm_uuid = domain.get_uuid() - -session = xapi.connect() -xstype = session.xenapi.XSPolicy.get_xstype() -if int(xstype) & xsconstants.XS_POLICY_ACM == 0: - SKIP("ACM not enabled/compiled in Xen") - -f = open("xm-test-security_policy.xml", 'r') -if f: - newpolicyxml = f.read() - f.close() -else: - FAIL("Could not read 'xm-test' policy") - -policystate = session.xenapi.XSPolicy.get_xspolicy() -if int(policystate['type']) == 0: - policystate = session.xenapi.XSPolicy.set_xspolicy( - xsconstants.XS_POLICY_ACM, - newpolicyxml, - xsconstants.XS_INST_BOOT | xsconstants.XS_INST_LOAD, - True) - if int(policystate['flags']) == -1: - FAIL("Could not set the new policy.") - -policystate = session.xenapi.XSPolicy.get_xspolicy() -print "policystate = %s" % policystate -acm_ref = policystate['xs_ref'] - - -# -# Some tests with labeling of resources -# -labels = session.xenapi.XSPolicy.get_labeled_resources() -print "labeled resources are:\n%s" % labels - -oldlabel = session.xenapi.XSPolicy.get_resource_label("phy:/dev/ram0") - -rc = session.xenapi.XSPolicy.set_resource_label("phy:/dev/ram0", "", - oldlabel) - -rc = session.xenapi.XSPolicy.set_resource_label("phy:/dev/ram0", - vdi_label_green, - "") - -res = session.xenapi.XSPolicy.get_resource_label("phy:/dev/ram0") -if res != vdi_label_green: - FAIL("(1) get_resource_label returned unexpected result %s, wanted %s" % - (res, vdi_label_green)) - - -# -# Some test with labeling of VMs -# - -res = session.xenapi.VM.get_security_label(vm_uuid) - -if res != vm_label_red: - FAIL("VM.get_security_label returned wrong security label '%s'." % res) - -res = session.xenapi.VM.set_security_label(vm_uuid, vm_label_green, - vm_label_red) - -res = session.xenapi.VM.get_security_label(vm_uuid) -if res != vm_label_green: - FAIL("VM does not show expected label '%s' but '%s'." % - (vm_label_green, res)) - -res = session.xenapi.VM.set_security_label(vm_uuid, "", vm_label_green) -if int(res) != 0: - FAIL("Should be able to unlabel the domain while it's halted.") - -res = session.xenapi.VM.get_security_label(vm_uuid) -if res != vm_label_unlabeled: - FAIL("Unexpected VM security label after removal: %s" % res) - -res = session.xenapi.VM.set_security_label(vm_uuid, vm_label_red, res) -if int(res) != 0: - FAIL("Could not label the VM to '%s'" % vm_label_red) - -res = session.xenapi.VM.get_security_label(vm_uuid) -if res != vm_label_red: - FAIL("VM has wrong label '%s', expected '%s'." % (res, vm_label_red)) - -sr_uuid = session.xenapi.SR.get_by_name_label("Local") -if len(sr_uuid) == 0: - FAIL("Could not get a handle on SR 'Local'") - - -vdi_rec = { 'name_label' : "My disk", - 'SR' : sr_uuid[0], - 'virtual_size': 0, - 'sector_size' : 512, - 'parent' : '', - 'SR_name' : 'Local', - 'type' : 'system', - 'shareable' : False, - 'read-only' : False, - 'other_config': {'location': vdi_path} -} - -vdi_ref = session.xenapi.VDI.create(vdi_rec) - -res = session.xenapi.VDI.get_name_label(vdi_ref) -if res != vdi_rec['name_label']: - print "Destroying VDI now" - session.xenapi.VDI.destroy(vdi_ref) - FAIL("VDI_get_name_label return wrong information") - -res = session.xenapi.VDI.get_record(vdi_ref) -print "vdi_record : %s" % res - -oldlabel = session.xenapi.XSPolicy.get_resource_label(vdi_path) - -#Remove label from VDI device -rc = session.xenapi.XSPolicy.set_resource_label(vdi_path, - "", - oldlabel) - - -# Attach a VBD to the VM - -vbd_rec = { 'VM' : vm_uuid, - 'VDI' : vdi_ref, - 'device' : "xvda1", - 'mode' : 1, - 'bootable': 0, -} - -vbd_ref = session.xenapi.VBD.create(vbd_rec) - -res = session.xenapi.VBD.get_record(vbd_ref) - -try: - domain.start(noConsole=True) - # Should not get here. - print "Destroying VDI now" - session.xenapi.VDI.destroy(vdi_ref) - FAIL("Could start VM with a VBD that it is not allowed to access.") -except: - pass - print "Could not create domain -- that's good" - - -# -# Label the VDI now -# - -rc = session.xenapi.VDI.set_security_label(vdi_ref, vdi_label_red, "") -if int(rc) != 0: - FAIL("Could not set the VDI label to '%s'" % vdi_label_red) - -label = session.xenapi.VDI.get_security_label(vdi_ref) -if label != vdi_label_red: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("Unexpected label '%s' on VDI, wanted '%s'" % - (label, vdi_label_red)) - -rc = session.xenapi.VDI.set_security_label(vdi_ref, "", label) -if int(rc) != 0: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("Should be able to unlabel VDI.") - -rc = session.xenapi.VDI.set_security_label(vdi_ref, vdi_label_red, "") -if int(rc) != 0: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("Should be able to label VDI with label '%s'" % vid_label_red) - -res = session.xenapi.XSPolicy.get_resource_label(vdi_path) -if res != vdi_label_red: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("(2) get_resource_label on %s returned unexpected result %s, wanted '%s'" % - (vdi_path, res, vdi_label_red)) - -res = session.xenapi.VDI.get_security_label(vdi_ref) -if res != vdi_label_red: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("get_security_label returned unexpected result %s, wanted '%s'" % - (res, vdi_label_red)) - -domain.start(noConsole=True) - -console = domain.getConsole() - -domName = domain.getName() - -try: - run = console.runCmd("cat /proc/interrupts") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("Could not access proc-filesystem") - -# Try to relabel while VM is running -try: - res = session.xenapi.VM.set_security_label(vm_uuid, vm_label_green, - vm_label_red) -except: - pass - -lab = session.xenapi.VM.get_security_label(vm_uuid) -if lab == vm_label_green: - FAIL("Should not be able to reset the security label while running." - "tried to set to %s, got %s, old: %s" %(vm_label_green, lab, - vm_label_red)) - - -# -# Suspend the domain and relabel it -# - -try: - status, output = traceCommand("xm suspend %s" % domName, - timeout=30) -except TimeoutError, e: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("Failure from suspending VM: %s." % str(e)) - -# Try to relabel while VM is suspended -- this should work - -rc = session.xenapi.VM.set_security_label(vm_uuid, vm_label_green, - vm_label_red) -if int(rc) != 0: - FAIL("VM security label could not be set to %s" % vm_label_green) - -res = session.xenapi.VM.get_security_label(vm_uuid) -if res != vm_label_green: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("VM (suspended) has label '%s', expected '%s'." % - (res, vm_label_green)) - -status, output = traceCommand("xm list") - -#Try to resume now -- should fail due to denied access to block device -try: - status, output = traceCommand("xm resume %s" % domName, - timeout=30) - if status == 0: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("Could resume re-labeled VM: %s" % output) -except Exception, e: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("1. Error resuming the VM: %s." % str(e)) - -# Relabel VM so it would resume -res = session.xenapi.VM.set_security_label(vm_uuid, vm_label_red, - vm_label_green) -if int(res) != 0: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("Could not relabel VM to have it resume.") - -res = session.xenapi.VM.get_security_label(vm_uuid) -if res != vm_label_red: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("VM (suspended) has label '%s', expected '%s'." % - (res, vm_label_red)) - - -# Relabel the resource so VM should not resume -try: - session.xenapi.XSPolicy.set_resource_label(vdi_path, - vdi_label_green, - "") -except Exception, e: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("Could not label the VDI to '%s': %x" % - (vdi_label_green, int(rc))) - -#Try to resume now -- should fail due to denied access to block device -try: - status, output = traceCommand("xm resume %s" % domName, - timeout=30) - if status == 0: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("Could resume re-labeled VM: %s" % output) -except Exception, e: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("2. Error resuming the VM: %s." % str(e)) - - -status, output = traceCommand("xm list") - -# Relabel the resource so VM can resume -try: - session.xenapi.XSPolicy.set_resource_label(vdi_path, - vdi_label_red, - vdi_label_green) -except Exception, e: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("Could not label the resource to '%s'" % vid_label_red) - -res = session.xenapi.XSPolicy.get_resource_label(vdi_path) -if res != vdi_label_red: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("'%s' has label '%s', expected '%s'." % - (vdi_path, res, vdi_label_red)) - -#Try to resume now -- should work -try: - status, output = traceCommand("xm resume %s" % domName, - timeout=30) - if status != 0: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("Could not resume re-labeled VM: %s" % output) -except Exception, e: - session.xenapi.VDI.destroy(vdi_ref) - FAIL("3. Error resuming the VM: %s." % str(e)) - - -status, output = traceCommand("xm list") - -console = domain.getConsole() - -try: - run = console.runCmd("cat /proc/interrupts") -except ConsoleError, e: - saveLog(console.getHistory()) - session.xenapi.VDI.destroy(vdi_ref) - FAIL("Could not access proc-filesystem") - -domain.stop() -domain.destroy() diff --git a/tools/xm-test/tests/security-acm/09_security-acm_pol_update.py b/tools/xm-test/tests/security-acm/09_security-acm_pol_update.py deleted file mode 100644 index cc53baf2b9..0000000000 --- a/tools/xm-test/tests/security-acm/09_security-acm_pol_update.py +++ /dev/null @@ -1,437 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2007 -# Author: Stefan Berger <stefanb@us.ibm.com> - -# Test to exercise the xspolicy and acmpolicy classes - -from XmTestLib import xapi -from XmTestLib.XenAPIDomain import XmTestAPIDomain -from XmTestLib.acm import * -from XmTestLib import * -from xen.xend import XendAPIConstants -import xen.util.xsm.xsm as security -from xen.util import xsconstants -from xen.util.acmpolicy import ACMPolicy -from xen.xend.XendDomain import DOM0_UUID -import base64 -import struct -import time - -if not isACMEnabled(): - SKIP("Not running this test since ACM not enabled.") - -try: - session = xapi.connect() -except: - SKIP("Skipping this test since xm is not using the Xen-API.") - -def typestoxml(types): - res = "" - for t in types: - res += "<Type>" + t + "</Type>\n" - return res - -def cfstoxml(cfss): - res = "" - for cfs in cfss: - res += "<Conflict name=\"" + cfs['name'] + "\">\n" + \ - typestoxml(cfs['chws']) + \ - "</Conflict>\n" - return res - -def vmlabelstoxml(vmlabels, vmfrommap): - res = "" - for vmlabel in vmlabels: - res += "<VirtualMachineLabel>\n" - if vmlabel['name'] in vmfrommap: - res += "<Name from=\""+ vmfrommap[vmlabel['name']] +"\">" - else: - res += "<Name>" - res += vmlabel['name'] + "</Name>\n" - res += "<SimpleTypeEnforcementTypes>\n" + \ - typestoxml(vmlabel['stes']) + \ - "</SimpleTypeEnforcementTypes>\n" - if vmlabel.has_key('chws'): - res += "<ChineseWallTypes>\n" + \ - typestoxml(vmlabel['chws']) + \ - "</ChineseWallTypes>\n" - res += "</VirtualMachineLabel>\n" - return res - - -def reslabelstoxml(reslabels, resfrommap): - res = "" - for reslabel in reslabels: - res += "<ResourceLabel>\n" - if resfrommap.has_key(reslabel['name']): - res += "<Name from=\""+ resfrommap[reslabel['name']] +"\">" - else: - res += "<Name>" - res += reslabel['name'] + "</Name>\n" - res += "<SimpleTypeEnforcementTypes>\n" + \ - typestoxml(reslabel['stes']) + \ - "</SimpleTypeEnforcementTypes>\n" - res += "</ResourceLabel>\n" - return res - -def create_xml_policy(hdr, stes, chws, - vmlabels, vmfrommap, bootstrap, - reslabels, resfrommap, - cfss): - hdr_xml ="<PolicyHeader>\n" + \ - " <PolicyName>" + hdr['name'] + "</PolicyName>\n" + \ - " <Version>" + hdr['version'] + "</Version>\n" + \ - " <FromPolicy>\n" + \ - " <PolicyName>" + hdr['oldname'] + "</PolicyName>\n" + \ - " <Version>" + hdr['oldversion'] + "</Version>\n" + \ - " </FromPolicy>\n" + \ - "</PolicyHeader>\n" - - stes_xml = "<SimpleTypeEnforcement>\n" + \ - " <SimpleTypeEnforcementTypes>\n" + \ - typestoxml(stes) + \ - " </SimpleTypeEnforcementTypes>\n" + \ - "</SimpleTypeEnforcement>\n" - - chws_xml = "<ChineseWall>\n" + \ - " <ChineseWallTypes>\n" + \ - typestoxml(chws) + \ - " </ChineseWallTypes>\n" + \ - " <ConflictSets>\n" + \ - cfstoxml(cfss) + \ - " </ConflictSets>\n" + \ - "</ChineseWall>\n" - - subjlabel_xml = "<SubjectLabels bootstrap=\""+ bootstrap +"\">\n" + \ - vmlabelstoxml(vmlabels, vmfrommap) + \ - "</SubjectLabels>\n" - objlabel_xml = "<ObjectLabels>\n" + \ - reslabelstoxml(reslabels, resfrommap) + \ - "</ObjectLabels>\n" - - policyxml = "<?xml version=\"1.0\" ?>\n" + \ - "<SecurityPolicyDefinition xmlns=\"http://www.ibm.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://www.ibm.com ../../security_policy.xsd \">\n" + \ - hdr_xml + \ - stes_xml + \ - chws_xml + \ - "<SecurityLabelTemplate>\n" + \ - subjlabel_xml + \ - objlabel_xml + \ - "</SecurityLabelTemplate>\n" + \ - "</SecurityPolicyDefinition>\n" - return policyxml - - -def update_hdr(hdr): - """ Update the version information in the header """ - hdr['oldversion'] = hdr['version'] - hdr['oldname'] = hdr['name'] - vers = hdr['version'] - tmp = vers.split('.') - if len(tmp) == 1: - rev = 1 - else: - rev = int(tmp[1]) + 1 - hdr['version'] = "%s.%s" % (tmp[0],rev) - return hdr - -session = xapi.connect() - -policystate = session.xenapi.XSPolicy.get_xspolicy() - -if policystate['repr'] != "": - print "%s" % policystate['repr'] - try: - acmpol = ACMPolicy(xml=policystate['repr']) - except Exception, e: - FAIL("Failure from creating ACMPolicy object: %s" % str(e)) - oldname = acmpol.policy_dom_get_hdr_item("PolicyName") - oldvers = acmpol.policy_dom_get_hdr_item("Version") - tmp = oldvers.split(".") - if len(tmp) == 1: - rev = 1 - else: - rev = int(tmp[1]) + 1 - newvers = "%s.%s" % (tmp[0], str(rev)) - print "old name/version = %s/%s" % (oldname, oldvers) -else: - oldname = None - oldvers = None - newvers = "1.0" - -# Initialize the header of the policy -hdr = {} -hdr['name'] = "xm-test" -hdr['version'] = newvers - -if oldname: - hdr['oldname'] = oldname - if oldvers and oldvers != "": - hdr['oldversion'] = oldvers - -stes = [ "SystemManagement", "red", "green", "blue" ] - -chws = [ "SystemManagement", "red", "green", "blue" ] - -bootstrap = "SystemManagement" - -vm_sysmgt = { 'name' : bootstrap, - 'stes' : stes, - 'chws' : [ "SystemManagement" ] } - -vm_red = { 'name' : "red" , - 'stes' : ["red"] , - 'chws' : ["red"] } - -vm_green = { 'name' : "green" , - 'stes' : ["green"] , - 'chws' : ["green"] } - -vm_blue = { 'name' : "blue" , - 'stes' : ["blue"] , - 'chws' : ["blue"] } - -res_red = { 'name' : "red" , - 'stes' : ["red"] } - -res_green = { 'name' : "green" , - 'stes' : ["green"] } - -res_blue = { 'name' : "blue" , - 'stes' : ["blue"] } - -cfs_1 = { 'name' : "CFS1", - 'chws' : [ "red" , "blue" ] } - -vmlabels = [ vm_sysmgt, vm_red, vm_green, vm_blue ] -vmfrommap = {} -reslabels = [ res_red, res_green, res_blue ] -resfrommap = {} -cfss = [ cfs_1 ] - -vm_label_red = xsconstants.ACM_POLICY_ID + ":xm-test:red" -vm_label_green = xsconstants.ACM_POLICY_ID + ":xm-test:green" -vm_label_blue = xsconstants.ACM_POLICY_ID + ":xm-test:blue" - -xml = create_xml_policy(hdr, stes, chws, - vmlabels, vmfrommap, bootstrap, - reslabels, resfrommap, - cfss) - -xml_good = xml - -policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, - xml, - xsconstants.XS_INST_LOAD, - True) - -print "\n\npolicystate = %s" % policystate - -policystate = session.xenapi.XSPolicy.get_xspolicy() - -# -# Create two non-conflicting domains and start them -# -try: - # XmTestAPIDomain tries to establish a connection to XenD - domain1 = XmTestAPIDomain(extraConfig={ 'security_label' : vm_label_red }) -except Exception, e: - SKIP("Skipping test. Error: %s" % str(e)) - - -vm1_uuid = domain1.get_uuid() - -try: - domain1.start(noConsole=True) -except: - FAIL("Could not start domain1") - -print "Domain 1 started" - -try: - # XmTestAPIDomain tries to establish a connection to XenD - domain2 = XmTestAPIDomain(extraConfig={'security_label': vm_label_green }) -except Exception, e: - SKIP("Skipping test. Error: %s" % str(e)) - -vm2_uuid = domain2.get_uuid() - -try: - domain2.start(noConsole=True) -except: - FAIL("Could not start domain1") - - -print "Domain 2 started" - -# Try a policy that would put the two domains into conflict -cfs_2 = { 'name' : "CFS1", - 'chws' : [ "red" , "green" ] } -cfss = [ cfs_2 ] - -hdr = update_hdr(hdr) -xml = create_xml_policy(hdr, stes, chws, - vmlabels, vmfrommap, bootstrap, - reslabels, resfrommap, - cfss) - -policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, - xml, - xsconstants.XS_INST_LOAD, - True) - -print "policystate %s" % policystate - -if int(policystate['xserr']) == 0: - FAIL("(1) Should not have been able to set this policy.") - -if len(policystate['errors']) == 0: - FAIL("Hypervisor should have reported errros.") - -errors = base64.b64decode(policystate['errors']) - -print "Length of errors: %d" % len(errors) -a,b = struct.unpack("!ii",errors) - -print "%08x , %08x" % (a,b) - -# -# Create a faulty policy with 'red' STE missing -# - -cfss = [ cfs_1 ] -stes = [ "SystemManagement", "green", "blue" ] - -xml = create_xml_policy(hdr, stes, chws, - vmlabels, vmfrommap, bootstrap, - reslabels, resfrommap, - cfss) -policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, - xml, - xsconstants.XS_INST_LOAD, - True) - -print "Result from setting faulty(!) policy with STE 'red' missing:" -print "policystate %s" % policystate - -if int(policystate['xserr']) == 0: - FAIL("(2) Should not have been able to set this policy.") - -# -# Create a policy with 'red' VMLabel missing -- should not work since it is -# in use. -# -stes = [ "SystemManagement", "red", "green", "blue" ] - -vmlabels = [ vm_sysmgt, vm_green, vm_blue ] - -xml = create_xml_policy(hdr, stes, chws, - vmlabels, vmfrommap, bootstrap, - reslabels, resfrommap, - cfss) -policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, - xml, - xsconstants.XS_INST_LOAD, - True) -print "Result from setting faulty(!) policy with VMlabel 'red' missing:" -print "policystate %s" % policystate - -if int(policystate['xserr']) == 0: - FAIL("(3) Should not have been able to set this policy.") - -# -# Create a policy with 'blue' VMLabel missing -- should work since it is NOT -# in use. -# -vmlabels = [ vm_sysmgt, vm_red, vm_green ] - -xml = create_xml_policy(hdr, stes, chws, - vmlabels, vmfrommap, bootstrap, - reslabels, resfrommap, - cfss) -policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, - xml, - xsconstants.XS_INST_LOAD, - True) - -print "Result from setting (good) policy with VMlabel 'blue' missing:" -print "policystate %s" % policystate - -if int(policystate['xserr']) != 0: - FAIL("(4) Should have been able to set this policy: %s" % xml) - -# -# Move the green VMLabel towards blue which should put the running -# domain with label blue into a conflict set -# -vmlabels = [ vm_sysmgt, vm_red, vm_blue ] - -vmfrommap = { "blue" : "green" } # new : old - -hdr = update_hdr(hdr) #Needed, since last update was successful -xml = create_xml_policy(hdr, stes, chws, - vmlabels, vmfrommap, bootstrap, - reslabels, resfrommap, - cfss) - -policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, - xml, - xsconstants.XS_INST_LOAD, - True) - -print "policystate %s" % policystate - -if int(policystate['xserr']) == 0: - FAIL("(5) Should not have been able to set this policy.") - -# -# Try to install a policy where a VM label has a faulty VM label name -# -vmfrommap = {} - -vm_blue_bad = { 'name' : "blue:x" , # ':' no allowed - 'stes' : ["blue"], - 'chws' : ["blue"] } - -vmlabels = [ vm_sysmgt, vm_red, vm_green, vm_blue_bad ] - -xml = create_xml_policy(hdr, stes, chws, - vmlabels, vmfrommap, bootstrap, - reslabels, resfrommap, - cfss) - -policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, - xml, - xsconstants.XS_INST_LOAD, - True) - -print "policystate %s" % policystate - -if int(policystate['xserr']) == 0: - FAIL("(6) Should not have been able to set this policy.") - -# -# End the test by installing the initial policy again -# - -cur_version = hdr['version'] -(maj, min) = cur_version.split(".") -cur_version = "%s.%s" % (maj, str(int(min)-1) ) - -orig_acmpol = ACMPolicy(xml=xml_good) -orig_acmpol.set_frompolicy_version(cur_version) -orig_acmpol.set_policy_version(hdr['version']) - -policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, - orig_acmpol.toxml(), - xsconstants.XS_INST_LOAD, - True) - -if int(policystate['xserr']) != 0: - FAIL("(END) Should have been able to set this policy.") - -domain1.stop() -domain2.stop() -domain1.destroy() -domain2.destroy() diff --git a/tools/xm-test/tests/security-acm/10_security-acm_pol_update.py b/tools/xm-test/tests/security-acm/10_security-acm_pol_update.py deleted file mode 100644 index b60a62eae2..0000000000 --- a/tools/xm-test/tests/security-acm/10_security-acm_pol_update.py +++ /dev/null @@ -1,354 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> -# - -import os -import re -import commands -from XmTestLib import * -import xen.util.xsm.xsm as security -from xen.util import xsconstants - -def checkLabel(labeldata, expected, domname): - if labeldata[0] != expected[0]: - FAIL("Policy type of %s is bad: %s" % (domname, labeldata[0])) - if labeldata[1] != expected[1]: - FAIL("Unexpected policy indicated in %s label '%s', expected '%s'." % - (domname, labeldata[1], expected[1])) - if labeldata[2] != expected[2]: - FAIL("%s does not have '%s' label but '%s'." % - (domname, expected[2], labeldata[2])) - -if not isACMEnabled(): - SKIP("Not running this test since ACM not enabled.") - -testpolicy = "xm-test" -testlabel1 = "blue" -testlabel2 = "red" -testlabel3 = "green" - -# reset the policy - must work -s, o = traceCommand('xm resetpolicy') -if s: - FAIL("Could not reset the policy.") - - -s, o = traceCommand('xm resources | grep -E "^[phy|file|vlan]" ') -resnames = [] -if o: - resnames = o.split('\n') - - for res in resnames: - s, o = traceCommand('xm rmlabel res %s' % res) - -#Unlabeled domain must not start under xm-test policy -domain_ul = XmTestDomain(name='domain-unlabeled', - extraConfig=None) -del domain_ul.config.opts['access_control'] -try: - domain_ul.start(noConsole=True) - FAIL("Could start unlabeled domain.") -except DomainError, e: - domain_ul.destroy() # delete if xend-managed domain - - -config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel1)} - -domain_blue = XmTestDomain(name='domain-%s' % testlabel1, - extraConfig=config) - -config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel3)} - -domain_green = XmTestDomain(name='domain-%s' % testlabel3, - extraConfig=config) - - -try: - domain_blue.start(noConsole=True) -except DomainError, e: - if verbose: - print e.extra - FAIL("Unable to start blue labeled test domain") - -s, o = traceCommand('xm list Domain-0 --label | grep -E "Domain-0"') -if s: - FAIL("Could not get the label of Domain-0") - -info = o.strip().split(' ') -labeldata = info[-1].split(':') -if len(labeldata) != 3: - FAIL("Label of Domain-0 is bad: '%s'" % info[-1]) -checkLabel(labeldata, - [xsconstants.ACM_POLICY_ID, "xm-test", "SystemManagement"], - "Domain-0") - -# Should be able to set the Domain-0 label to blue -s, o = traceCommand('xm addlabel blue mgt Domain-0') -if s: - FAIL("Could not set the label of Domain-0 to 'blue'.") -s,o = traceCommand('xm list Domain-0 --label | grep -E "Domain-0"') -if s: - FAIL("Could not get the label of Domain-0") - -info = o.strip().split() -labeldata = info[-1].split(':') -if len(labeldata) != 3: - FAIL("Label of Domain-0 is bad: '%s'" % info[-1]) -checkLabel(labeldata, - [xsconstants.ACM_POLICY_ID, "xm-test", "blue"], - "Domain-0") - -#Should not be able to set the label of Domain-0 to 'red' -s, o = traceCommand('xm addlabel red mgt Domain-0') -if not s: - FAIL("Could set the label of Domain-0 to 'red'.") -s,o = traceCommand('xm list Domain-0 --label | grep -E "Domain-0"') -if s: - FAIL("Could not get the label of Domain-0") - -info = o.strip().split() -labeldata = info[-1].split(':') -if len(labeldata) != 3: - FAIL("Label of Domain-0 is bad: '%s'" % info[-1]) -checkLabel(labeldata, - [xsconstants.ACM_POLICY_ID, "xm-test", "blue"], - "Domain-0") - -# Should be able to set the label of Domain-0 to 'SystemManagement' -s, o = traceCommand('xm addlabel SystemManagement mgt Domain-0') -if s: - FAIL("Could not set the label of Domain-0 to 'SystemManagement'.") -s,o = traceCommand('xm list Domain-0 --label | grep -E "Domain-0"') -if s: - FAIL("Could not get the label of Domain-0") - -info = o.strip().split() -labeldata = info[-1].split(':') -if len(labeldata) != 3: - FAIL("Label of Domain-0 is bad: '%s'" % info[-1]) -checkLabel(labeldata, - [xsconstants.ACM_POLICY_ID, "xm-test", "SystemManagement"], - "Domain-0") - -#Label some resource green -#Label some resource red -#Label some resource blue - -s, o = traceCommand('xm addlabel green res file:/tmp/green') -if s: - FAIL("Could not label resource 'green'.") -s, o = traceCommand('xm addlabel red res file:/tmp/red') -if s: - FAIL("Could not label resource 'red'.") -s, o = traceCommand('xm addlabel blue res file:/tmp/blue') -if s: - FAIL("Could not label resrouce 'blue'") - -# Start a green domain -try: - domain_green.start(noConsole=True) -except DomainError, e: - if verbose: - print e.extra - FAIL("Unable to start green labeled test domain") - -# Update the system's policy. Should not work, since blue Domain is running -s, o = traceCommand('xm setpolicy ACM xm-test-update') -if not s: - FAIL("Could set the new policy even though blue domain is running.") - -s, o = traceCommand('xm getpolicy | grep "Policy name"') -info = o.split(':') -poldata = [i.strip() for i in info] - -if poldata[1] != 'xm-test': - FAIL("Policy should be 'xm-test' but is now '%s'." % poldata[1]) - -# Check that no labels have changed -s, o = traceCommand('xm getlabel res file:/tmp/green') -if s: - FAIL("Could not get label for green resource.") -label=o.strip() -if label != 'ACM:xm-test:green': - FAIL("Label for green resource has changed to '%s', but should not have," - % label) - -s, o = traceCommand('xm getlabel res file:/tmp/red') -if s: - FAIL("Could not get label for red resource.") -label=o.strip() -if label != 'ACM:xm-test:red': - FAIL("Label for red resource has changed to '%s', but should not have," - % label) - -s, o = traceCommand('xm getlabel res file:/tmp/blue') -if s: - FAIL("Could not get label for blue resource.") -label=o.strip() -if label != 'ACM:xm-test:blue': - FAIL("Label for blue resource has changed to '%s', but should not have," - % label) - -# Terminate blue domain -domain_blue.destroy() - -# Update the system's policy. Should work and rename the green domain to GREEN -s, o = traceCommand('xm setpolicy ACM xm-test-update') -if s: - FAIL("Could not set the new policy.") - -acm.setCurrentPolicy('xm-test-update') - -s, o = traceCommand('xm getpolicy | grep "Policy name"') -info = o.split(':') -poldata = [i.strip() for i in info] - -if poldata[1] != 'xm-test-update': - FAIL("Policy should be 'xm-test-update' but is now '%s'." % poldata[1]) - -# check previously labeled resources -# - green should be GREEN now -# - blue should have been invalidated -# - red should be the same -s, o = traceCommand('xm getlabel res file:/tmp/green') -if s: - FAIL("Could not get label for GREEN resource.") -label=o.strip() -if label != 'ACM:xm-test-update:GREEN': - FAIL("Label for green resource has changed to '%s', but should not have," - % label) - -s, o = traceCommand('xm getlabel res file:/tmp/red') -if s: - FAIL("Could not get label for RED resource.") -label=o.strip() -if label != 'ACM:xm-test-update:RED': - FAIL("Label for RED resource has changed to '%s', expected is '%s'," - % (label,'ACM:xm-test-update:RED')) - -s, o = traceCommand('xm getlabel res file:/tmp/blue') -if s: - FAIL("Could not get label for blue resource.") -label=o.strip() -if label != 'INV_ACM:xm-test:blue': - FAIL("Label for blue resource has changed to '%s', expected is '%s'," - % (label,'INV_ACM:xm-test:blue')) - -config = {"access_control":"policy=%s,label=%s" % ('xm-test-update',testlabel2)} - -domain_red = XmTestDomain(name='domain-%s' % testlabel2, - extraConfig=config) - -# Start the red domain - should not work due to conflict set -try: - domain_red.start(noConsole=True) - FAIL("Could start 'red' domain.") -except DomainError, e: - domain_red.destroy() # delete if xend-managed domain - -# Terminate GREEN domain -domain_green.destroy() - -# Start the red domain - should work now -try: - domain_red.start() -except DomainError, e: - FAIL("Could not start 'red' domain.") - -# Stop the red domain. -domain_red.destroy() - -# Make Domain-0 GREEN -s, o = traceCommand('xm addlabel GREEN mgt Domain-0') -if s: - FAIL("Could not set Domain-0's label to 'GREEN'.") -s,o = traceCommand('xm list Domain-0 --label | grep -E "Domain-0"') -if s: - FAIL("Could not get the label of Domain-0") - -info = o.strip().split() -labeldata = info[-1].split(':') -if len(labeldata) != 3: - FAIL("Label of Domain-0 is bad: '%s'" % info[-1]) -checkLabel(labeldata, - [xsconstants.ACM_POLICY_ID, "xm-test-update", "GREEN"], - "Domain-0") - -# Start the red domain - should not work due to conflict set -try: - domain_red.start() - FAIL("Could start 'red' domain.") -except DomainError, e: - pass - -# Set Domain-0's domain to SystemManagement -s, o = traceCommand('xm addlabel SystemManagement mgt Domain-0') -if s: - FAIL("Could not set Domain-0's label to SystemManagement.") - -# Start unlabeled domain - should work -try: - domain_ul.start(noConsole=True) -except DomainError, e: - FAIL("Could not start unlabeled domain.") - -# Stop red domain -domain_red.destroy() - -# Stop unlabeled domain -domain_ul.destroy() - - -# Mark Domain-0 as red. This must not have any effect on the later reset -s, o = traceCommand('xm addlabel red mgt Domain-0') -if s: - FAIL("Could not set Domain-0's label to 'red'.") -s,o = traceCommand('xm list Domain-0 --label | grep -E "Domain-0"') -if s: - FAIL("Could not get the label of Domain-0") - -info = o.strip().split() -labeldata = info[-1].split(':') -if len(labeldata) != 3: - FAIL("Label of Domain-0 is bad: '%s'" % info[-1]) -checkLabel(labeldata, - [xsconstants.ACM_POLICY_ID, "xm-test-update", "red"], - "Domain-0") - -# reset the policy - should work -s, o = traceCommand('xm resetpolicy') -if s: - FAIL("Could not reset the policy.") - -# check previously labeled resources -# - GREEN should be invalid -# - red should be invalid -# - blue should be invalid -s, o = traceCommand('xm getlabel res file:/tmp/green') -if s: - FAIL("Could not get label for GREEN resource.") -label=o.strip() -exp='INV_ACM:xm-test-update:GREEN' -if label != exp: - FAIL("Label for green resource has changed to '%s', but should be '%s'," - % (label, exp)) - -s, o = traceCommand('xm getlabel res file:/tmp/red') -if s: - FAIL("Could not get label for RED resource.") -label=o.strip() -exp='INV_ACM:xm-test-update:RED' -if label != exp: - FAIL("Label for RED resource has changed to '%s', but should be '%s'.," - % (label, exp)) - -s, o = traceCommand('xm getlabel res file:/tmp/blue') -if s: - FAIL("Could not get label for blue resource.") -label=o.strip() -exp='INV_ACM:xm-test:blue' -if label != exp: - FAIL("Label for blue resource has changed to '%s', but should be '%s'," - % (label, exp)) diff --git a/tools/xm-test/tests/security-acm/Makefile.am b/tools/xm-test/tests/security-acm/Makefile.am deleted file mode 100644 index 9bbb856a1b..0000000000 --- a/tools/xm-test/tests/security-acm/Makefile.am +++ /dev/null @@ -1,33 +0,0 @@ -SUBDIRS = - -TESTS = 01_security-acm_basic.test \ - 02_security-acm_dom_start.test \ - 03_security-acm_dom_conflict.test \ - 04_security-acm_dom_res.test \ - 05_security-acm_dom_res_conf.test \ - 06_security-acm_dom_block_attach.test \ - 07_security-acm_pol_update.test \ - 08_security-acm_xapi.test \ - 09_security-acm_pol_update.test \ - 10_security-acm_pol_update.test - -XFAIL_TESTS = - -EXTRA_DIST = $(TESTS) $(XFAIL_TESTS) acm_utils.py -TESTS_ENVIRONMENT=@TENV@ - -%.test: %.py - cp $< $@ - chmod +x $@ - @if [ -d /etc/xen/acm-security/policies ]; then \ - cp -f xm-test-security_policy.xml \ - xm-test-update-security_policy.xml\ - /etc/xen/acm-security/policies; \ - fi; - -clean-local: am_config_clean-local - -am_config_clean-local: - rm -f *test - rm -f *log - rm -f *~ diff --git a/tools/xm-test/tests/security-acm/acm_utils.py b/tools/xm-test/tests/security-acm/acm_utils.py deleted file mode 100644 index 457aa840b3..0000000000 --- a/tools/xm-test/tests/security-acm/acm_utils.py +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> - -from XmTestLib import * -from XmTestLib.acm import * - -testpolicy = "xm-test" -vmconfigfile = "/tmp/xm-test.conf" - -if not isACMEnabled(): - SKIP("Not running this test since ACM not enabled.") - -setCurrentPolicy(testpolicy) -ACMSetPolicy() diff --git a/tools/xm-test/tests/security-acm/xm-test-new-security_policy.xml b/tools/xm-test/tests/security-acm/xm-test-new-security_policy.xml deleted file mode 100644 index abc49e1ef5..0000000000 --- a/tools/xm-test/tests/security-acm/xm-test-new-security_policy.xml +++ /dev/null @@ -1,97 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- Auto-generated by ezPolicy --> -<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd "> - <PolicyHeader> - <PolicyName>xm-test</PolicyName> - <Date>Fri Sep 29 14:44:38 2006</Date> - <Version>1.1</Version> - <FromPolicy> - <PolicyName>xm-test</PolicyName> - <Version>1.0</Version> - </FromPolicy> - </PolicyHeader> - - <SimpleTypeEnforcement> - <SimpleTypeEnforcementTypes> - <Type>SystemManagement</Type> - <Type>green</Type> - <Type>red</Type> - </SimpleTypeEnforcementTypes> - </SimpleTypeEnforcement> - - <ChineseWall priority="PrimaryPolicyComponent"> - <ChineseWallTypes> - <Type>SystemManagement</Type> - <Type>green</Type> - <Type>red</Type> - </ChineseWallTypes> - - <ConflictSets> - <Conflict name="RER"> - <Type>green</Type> - <Type>red</Type> - </Conflict> - </ConflictSets> - </ChineseWall> - - <SecurityLabelTemplate> - <SubjectLabels bootstrap="SystemManagement"> - <VirtualMachineLabel> - <Name>SystemManagement</Name> - <SimpleTypeEnforcementTypes> - <Type>SystemManagement</Type> - <Type>green</Type> - <Type>red</Type> - </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>SystemManagement</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <Name>green</Name> - <SimpleTypeEnforcementTypes> - <Type>green</Type> - </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>green</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <Name>red</Name> - <SimpleTypeEnforcementTypes> - <Type>red</Type> - </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>red</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - </SubjectLabels> - - <ObjectLabels> - <ResourceLabel> - <Name>SystemManagement</Name> - <SimpleTypeEnforcementTypes> - <Type>SystemManagement</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>green</Name> - <SimpleTypeEnforcementTypes> - <Type>green</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>red</Name> - <SimpleTypeEnforcementTypes> - <Type>red</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - </ObjectLabels> - </SecurityLabelTemplate> -</SecurityPolicyDefinition> diff --git a/tools/xm-test/tests/security-acm/xm-test-security_policy.xml b/tools/xm-test/tests/security-acm/xm-test-security_policy.xml deleted file mode 100644 index 9c84a83626..0000000000 --- a/tools/xm-test/tests/security-acm/xm-test-security_policy.xml +++ /dev/null @@ -1,111 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- Auto-generated by ezPolicy --> -<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd "> - <PolicyHeader> - <PolicyName>xm-test</PolicyName> - <Date>Fri Sep 29 14:44:38 2006</Date> - <Version>1.0</Version> - </PolicyHeader> - - <SimpleTypeEnforcement> - <SimpleTypeEnforcementTypes> - <Type>SystemManagement</Type> - <Type>green</Type> - <Type>red</Type> - <Type>blue</Type> - </SimpleTypeEnforcementTypes> - </SimpleTypeEnforcement> - - <ChineseWall priority="PrimaryPolicyComponent"> - <ChineseWallTypes> - <Type>SystemManagement</Type> - <Type>green</Type> - <Type>red</Type> - <Type>blue</Type> - </ChineseWallTypes> - - <ConflictSets> - <Conflict name="RER"> - <Type>blue</Type> - <Type>red</Type> - </Conflict> - </ConflictSets> - </ChineseWall> - - <SecurityLabelTemplate> - <SubjectLabels bootstrap="SystemManagement"> - <VirtualMachineLabel> - <Name>SystemManagement</Name> - <SimpleTypeEnforcementTypes> - <Type>SystemManagement</Type> - <Type>green</Type> - <Type>red</Type> - <Type>blue</Type> - </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>SystemManagement</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <Name>green</Name> - <SimpleTypeEnforcementTypes> - <Type>green</Type> - </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>green</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <Name>red</Name> - <SimpleTypeEnforcementTypes> - <Type>red</Type> - </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>red</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <Name>blue</Name> - <SimpleTypeEnforcementTypes> - <Type>blue</Type> - </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>blue</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - </SubjectLabels> - - <ObjectLabels> - <ResourceLabel> - <Name>SystemManagement</Name> - <SimpleTypeEnforcementTypes> - <Type>SystemManagement</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>green</Name> - <SimpleTypeEnforcementTypes> - <Type>green</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>red</Name> - <SimpleTypeEnforcementTypes> - <Type>red</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>blue</Name> - <SimpleTypeEnforcementTypes> - <Type>blue</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - </ObjectLabels> - </SecurityLabelTemplate> -</SecurityPolicyDefinition> diff --git a/tools/xm-test/tests/security-acm/xm-test-update-security_policy.xml b/tools/xm-test/tests/security-acm/xm-test-update-security_policy.xml deleted file mode 100644 index 8c026c9da2..0000000000 --- a/tools/xm-test/tests/security-acm/xm-test-update-security_policy.xml +++ /dev/null @@ -1,117 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- Auto-generated by ezPolicy --> -<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd "> - <PolicyHeader> - <PolicyName>xm-test-update</PolicyName> - <Date>Fri Sep 29 14:44:38 2006</Date> - <Version>1.1</Version> - <FromPolicy> - <PolicyName>xm-test</PolicyName> - <Version>1.0</Version> - </FromPolicy> - </PolicyHeader> - - <SimpleTypeEnforcement> - <SimpleTypeEnforcementTypes> - <Type>SystemManagement</Type> - <Type>GREEN</Type> - <Type>red</Type> - <Type>__UNLABELED__</Type> - </SimpleTypeEnforcementTypes> - </SimpleTypeEnforcement> - - <ChineseWall priority="PrimaryPolicyComponent"> - <ChineseWallTypes> - <Type>SystemManagement</Type> - <Type>GREEN</Type> - <Type>red</Type> - <Type>__UNLABELED__</Type> - </ChineseWallTypes> - - <ConflictSets> - <Conflict name="RER"> - <Type>GREEN</Type> - <Type>red</Type> - </Conflict> - </ConflictSets> - </ChineseWall> - - <SecurityLabelTemplate> - <SubjectLabels bootstrap="SystemManagement"> - <VirtualMachineLabel> - <Name>SystemManagement</Name> - <SimpleTypeEnforcementTypes> - <Type>SystemManagement</Type> - <Type>GREEN</Type> - <Type>red</Type> - <Type>__UNLABELED__</Type> - </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>SystemManagement</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <Name from="green">GREEN</Name> - <SimpleTypeEnforcementTypes> - <Type>GREEN</Type> - </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>GREEN</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <Name>red</Name> - <SimpleTypeEnforcementTypes> - <Type>red</Type> - </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>red</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <Name>__UNLABELED__</Name> - <SimpleTypeEnforcementTypes> - <Type>__UNLABELED__</Type> - </SimpleTypeEnforcementTypes> - <ChineseWallTypes> - <Type>__UNLABELED__</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - </SubjectLabels> - - <ObjectLabels> - <ResourceLabel> - <Name>SystemManagement</Name> - <SimpleTypeEnforcementTypes> - <Type>SystemManagement</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name from="green">GREEN</Name> - <SimpleTypeEnforcementTypes> - <Type>GREEN</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name from="red">RED</Name> - <SimpleTypeEnforcementTypes> - <Type>red</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>__UNLABELED__</Name> - <SimpleTypeEnforcementTypes> - <Type>__UNLABELED__</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - </ObjectLabels> - </SecurityLabelTemplate> -</SecurityPolicyDefinition> |