diff options
author | Keir Fraser <keir@xensource.com> | 2007-09-23 12:45:07 +0100 |
---|---|---|
committer | Keir Fraser <keir@xensource.com> | 2007-09-23 12:45:07 +0100 |
commit | af8b404f2d111be9afa4ffb24ed32ca99dfeba43 (patch) | |
tree | 85f67729e28c71a442e92cd4f2582bb682ad7874 /tools | |
parent | d6f6960a00a6872da0e554aa1a71e634a36226be (diff) | |
download | xen-af8b404f2d111be9afa4ffb24ed32ca99dfeba43.tar.gz xen-af8b404f2d111be9afa4ffb24ed32ca99dfeba43.tar.bz2 xen-af8b404f2d111be9afa4ffb24ed32ca99dfeba43.zip |
XSM:FLASK support for domain management under Xen-API
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
Diffstat (limited to 'tools')
-rw-r--r-- | tools/python/xen/util/xsm/acm/acm.py | 25 | ||||
-rw-r--r-- | tools/python/xen/util/xsm/dummy/dummy.py | 3 | ||||
-rw-r--r-- | tools/python/xen/util/xsm/flask/flask.py | 4 | ||||
-rw-r--r-- | tools/python/xen/xend/XendDomainInfo.py | 21 | ||||
-rw-r--r-- | tools/python/xen/xm/xenapi_create.py | 9 |
5 files changed, 35 insertions, 27 deletions
diff --git a/tools/python/xen/util/xsm/acm/acm.py b/tools/python/xen/util/xsm/acm/acm.py index b2dff14edd..94d6d10c98 100644 --- a/tools/python/xen/util/xsm/acm/acm.py +++ b/tools/python/xen/util/xsm/acm/acm.py @@ -1308,12 +1308,33 @@ def parse_security_label(security_label): return security_label def set_security_label(policy, label): - policytype = xsconstants.ACM_POLICY_ID if label != "" and policy != "": - return "%s:%s:%s" % (policytype, policy, label) + return "%s:%s:%s" % (xsconstants.ACM_POLICY_ID, policy, label) else: return "" def ssidref2security_label(ssidref): from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance return XSPolicyAdminInstance().ssidref_to_vmlabel(ssidref) + +def get_security_label(self, xspol=None): + """ + Get the security label of a domain + @param xspol The policy to use when converting the ssid into + a label; only to be passed during the updating + of the policy + """ + domid = self.getDomid() + + if not xspol: + from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance + xspol = XSPolicyAdminInstance().get_loaded_policy() + + if domid == 0: + if xspol: + label = xspol.policy_get_domain_label_formatted(domid) + else: + label = "" + else: + label = self.info.get('security_label', '') + return label diff --git a/tools/python/xen/util/xsm/dummy/dummy.py b/tools/python/xen/util/xsm/dummy/dummy.py index 25e1ed989f..04966e4daf 100644 --- a/tools/python/xen/util/xsm/dummy/dummy.py +++ b/tools/python/xen/util/xsm/dummy/dummy.py @@ -51,3 +51,6 @@ def ssidref2security_label(ssidref): def has_authorization(ssidref): return True + +def get_security_label(self, xspol=None): + return "" diff --git a/tools/python/xen/util/xsm/flask/flask.py b/tools/python/xen/util/xsm/flask/flask.py index 1854cb46aa..a0f931b364 100644 --- a/tools/python/xen/util/xsm/flask/flask.py +++ b/tools/python/xen/util/xsm/flask/flask.py @@ -35,3 +35,7 @@ def set_security_label(policy, label): def ssidref2security_label(ssidref): return ssidref2label(ssidref) + +def get_security_label(self, xspol=None): + label = self.info.get('security_label', '') + return label diff --git a/tools/python/xen/xend/XendDomainInfo.py b/tools/python/xen/xend/XendDomainInfo.py index ccd4012a60..db85e4eead 100644 --- a/tools/python/xen/xend/XendDomainInfo.py +++ b/tools/python/xen/xend/XendDomainInfo.py @@ -2275,25 +2275,8 @@ class XendDomainInfo: def get_security_label(self, xspol=None): - """ - Get the security label of a domain - @param xspol The policy to use when converting the ssid into - a label; only to be passed during the updating - of the policy - """ - domid = self.getDomid() - - if not xspol: - from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance - xspol = XSPolicyAdminInstance().get_loaded_policy() - - if domid == 0: - if xspol: - label = xspol.policy_get_domain_label_formatted(domid) - else: - label = "" - else: - label = self.info.get('security_label', '') + import xen.util.xsm.xsm as security + label = security.get_security_label(self, xspol) return label def set_security_label(self, seclab, old_seclab, xspol=None, diff --git a/tools/python/xen/xm/xenapi_create.py b/tools/python/xen/xm/xenapi_create.py index 70c91140b7..ac4408f4fe 100644 --- a/tools/python/xen/xm/xenapi_create.py +++ b/tools/python/xen/xm/xenapi_create.py @@ -26,6 +26,7 @@ from xen.xend.XendAPIConstants import XEN_API_ON_NORMAL_EXIT, \ XEN_API_ON_CRASH_BEHAVIOUR from xen.xm.opts import OptionError from xen.util import xsconstants +import xen.util.xsm.xsm as security import sys import os @@ -569,7 +570,7 @@ class sxp2xml: if sec_data: try : vm.attributes['security_label'] = \ - "%s:%s:%s" % (xsconstants.ACM_POLICY_ID, sec_data[0][1][1],sec_data[0][2][1]) + security.set_security_label(sec_data[0][1][1],sec_data[0][2][1]) except Exception, e: raise "Invalid security data format: %s" % str(sec_data) @@ -753,11 +754,7 @@ class sxp2xml: policy = get_child_by_name(vif_sxp, "policy") label = get_child_by_name(vif_sxp, "label") - if label and policy: - vif.attributes["security_label"] \ - = "%s:%s:%s" % (xsconstants.ACM_POLICY_ID, policy, label) - else: - vif.attributes["security_label"] = "" + vif.attributes["security_label"] = security.set_security_label(policy, label) if get_child_by_name(vif_sxp, "bridge") is not None: vif.attributes["network"] \ |