XSM:FLASK support for domain management under Xen-API

Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
author: Keir Fraser <keir@xensource.com> 2007-09-23 12:45:07 +0100
committer: Keir Fraser <keir@xensource.com> 2007-09-23 12:45:07 +0100
commit: af8b404f2d111be9afa4ffb24ed32ca99dfeba43 (patch)
tree: 85f67729e28c71a442e92cd4f2582bb682ad7874 /tools
parent: d6f6960a00a6872da0e554aa1a71e634a36226be (diff)
download: xen-af8b404f2d111be9afa4ffb24ed32ca99dfeba43.tar.gz
xen-af8b404f2d111be9afa4ffb24ed32ca99dfeba43.tar.bz2
xen-af8b404f2d111be9afa4ffb24ed32ca99dfeba43.zip
5 files changed, 35 insertions, 27 deletions
diff --git a/tools/python/xen/util/xsm/acm/acm.py b/tools/python/xen/util/xsm/acm/acm.py
index b2dff14edd..94d6d10c98 100644
--- a/tools/python/xen/util/xsm/acm/acm.py
+++ b/tools/python/xen/util/xsm/acm/acm.py
@@ -1308,12 +1308,33 @@ def parse_security_label(security_label):
         return security_label
 
 def set_security_label(policy, label):
-    policytype = xsconstants.ACM_POLICY_ID
     if label != "" and policy != "":
-        return "%s:%s:%s" % (policytype, policy, label)
+        return "%s:%s:%s" % (xsconstants.ACM_POLICY_ID, policy, label)
     else:
         return ""
 
 def ssidref2security_label(ssidref):
     from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance
     return XSPolicyAdminInstance().ssidref_to_vmlabel(ssidref)
+
+def get_security_label(self, xspol=None):
+    """
+       Get the security label of a domain
+       @param xspol   The policy to use when converting the ssid into
+                      a label; only to be passed during the updating
+                      of the policy
+    """
+    domid = self.getDomid()
+
+    if not xspol:
+        from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance
+        xspol = XSPolicyAdminInstance().get_loaded_policy()
+
+    if domid == 0:
+        if xspol:
+            label = xspol.policy_get_domain_label_formatted(domid)
+        else:
+            label = ""
+    else:
+        label = self.info.get('security_label', '')
+    return label
diff --git a/tools/python/xen/util/xsm/dummy/dummy.py b/tools/python/xen/util/xsm/dummy/dummy.py
index 25e1ed989f..04966e4daf 100644
--- a/tools/python/xen/util/xsm/dummy/dummy.py
+++ b/tools/python/xen/util/xsm/dummy/dummy.py
@@ -51,3 +51,6 @@ def ssidref2security_label(ssidref):
 
 def has_authorization(ssidref):
     return True
+
+def get_security_label(self, xspol=None):
+    return ""
diff --git a/tools/python/xen/util/xsm/flask/flask.py b/tools/python/xen/util/xsm/flask/flask.py
index 1854cb46aa..a0f931b364 100644
--- a/tools/python/xen/util/xsm/flask/flask.py
+++ b/tools/python/xen/util/xsm/flask/flask.py
@@ -35,3 +35,7 @@ def set_security_label(policy, label):
 
 def ssidref2security_label(ssidref):
     return ssidref2label(ssidref)
+
+def get_security_label(self, xspol=None):
+    label = self.info.get('security_label', '')
+    return label
diff --git a/tools/python/xen/xend/XendDomainInfo.py b/tools/python/xen/xend/XendDomainInfo.py
index ccd4012a60..db85e4eead 100644
--- a/tools/python/xen/xend/XendDomainInfo.py
+++ b/tools/python/xen/xend/XendDomainInfo.py
@@ -2275,25 +2275,8 @@ class XendDomainInfo:
 
 
     def get_security_label(self, xspol=None):
-        """
-           Get the security label of a domain
-           @param xspol   The policy to use when converting the ssid into
-                          a label; only to be passed during the updating
-                          of the policy
-        """
-        domid = self.getDomid()
-
-        if not xspol:
-            from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance
-            xspol = XSPolicyAdminInstance().get_loaded_policy()
-
-        if domid == 0:
-            if xspol:
-                label = xspol.policy_get_domain_label_formatted(domid)
-            else:
-                label = ""
-        else:
-            label = self.info.get('security_label', '')
+        import xen.util.xsm.xsm as security
+        label = security.get_security_label(self, xspol)
         return label
 
     def set_security_label(self, seclab, old_seclab, xspol=None,
diff --git a/tools/python/xen/xm/xenapi_create.py b/tools/python/xen/xm/xenapi_create.py
index 70c91140b7..ac4408f4fe 100644
--- a/tools/python/xen/xm/xenapi_create.py
+++ b/tools/python/xen/xm/xenapi_create.py
@@ -26,6 +26,7 @@ from xen.xend.XendAPIConstants import XEN_API_ON_NORMAL_EXIT, \
      XEN_API_ON_CRASH_BEHAVIOUR
 from xen.xm.opts import OptionError
 from xen.util import xsconstants
+import xen.util.xsm.xsm as security
 
 import sys
 import os
@@ -569,7 +570,7 @@ class sxp2xml:
         if sec_data:
             try :
                 vm.attributes['security_label'] = \
-                      "%s:%s:%s" % (xsconstants.ACM_POLICY_ID, sec_data[0][1][1],sec_data[0][2][1])
+                                    security.set_security_label(sec_data[0][1][1],sec_data[0][2][1])
             except Exception, e:
                 raise "Invalid security data format: %s" % str(sec_data)
 
@@ -753,11 +754,7 @@ class sxp2xml:
         policy = get_child_by_name(vif_sxp, "policy")
         label = get_child_by_name(vif_sxp, "label")
 
-        if label and policy:
-            vif.attributes["security_label"] \
-                 = "%s:%s:%s" % (xsconstants.ACM_POLICY_ID, policy, label)
-        else:
-            vif.attributes["security_label"] = ""
+        vif.attributes["security_label"] = security.set_security_label(policy, label)
 
         if get_child_by_name(vif_sxp, "bridge") is not None:
             vif.attributes["network"] \
author	Keir Fraser <keir@xensource.com>	2007-09-23 12:45:07 +0100
committer	Keir Fraser <keir@xensource.com>	2007-09-23 12:45:07 +0100
commit	af8b404f2d111be9afa4ffb24ed32ca99dfeba43 (patch)
tree	85f67729e28c71a442e92cd4f2582bb682ad7874 /tools
parent	d6f6960a00a6872da0e554aa1a71e634a36226be (diff)
download	xen-af8b404f2d111be9afa4ffb24ed32ca99dfeba43.tar.gz xen-af8b404f2d111be9afa4ffb24ed32ca99dfeba43.tar.bz2 xen-af8b404f2d111be9afa4ffb24ed32ca99dfeba43.zip