aboutsummaryrefslogtreecommitdiffstats
path: root/tools/misc/policyprocessor/readme.xen
diff options
context:
space:
mode:
Diffstat (limited to 'tools/misc/policyprocessor/readme.xen')
-rw-r--r--tools/misc/policyprocessor/readme.xen65
1 files changed, 65 insertions, 0 deletions
diff --git a/tools/misc/policyprocessor/readme.xen b/tools/misc/policyprocessor/readme.xen
new file mode 100644
index 0000000000..e7f9fa4c9a
--- /dev/null
+++ b/tools/misc/policyprocessor/readme.xen
@@ -0,0 +1,65 @@
+# Author: Ray Valdez, rvaldez@us.ibm.com
+# Version: 1.0
+#
+# This readme describes the policy processor tool for sHype.
+#
+
+Java program:
+
+ java XmlToBin -i [file.xml] -o <file.bin> -xssid <SsidFile> -xssidconf <SsidConf>
+
+ Command line options:
+
+ -i inputFile: name of policyfile (.xml)
+ -o outputFile: name of binary policy file (Big Endian)
+ -xssid SsidFile: xen ssids to named types text file
+ -xssidconf SsidConf: xen conflict ssids to types text file
+ -debug turn on debug messages
+ -help help. This printout
+
+Where:
+
+file.xml is the (input) xml policy file to be parsed and validated.
+The syntax for file.xml is defined in the SecurityPolicySpec.xsd file.
+file.bin is the (output) binary policy file generated by XmlToBin.
+This binary policy can be activated in sHype. The binary policy file
+is laid out in network byte order (i.e., big endian). The SsidFile
+file contains the mapping of type enforcement (TE) ssids to the "named
+types". Similarly, the SsidConf file contains the mapping of Chinese
+Wall (ChWall) ssids to conflict named types. The ssidFile and SsidConf
+files are used by Xen.
+
+Xml Schema and policy:
+
+The SecurityPolicySpec.xsd defines the syntax of a policy file. It
+declares the tags that are used by XmlToBin to generate the binary
+policy file. The tags that XmlToBin keys on are TE, ChWall, id, vid,
+etc. The xml files that describe a policy are simple. Semantic
+checking of a policy is performed mostly by XmlToBin. A type, for
+example, is a string. No fixed values are defined for types in Xml.
+
+A policy consists of two Xml files: definition and policy. The
+definition Xml declares the types that are permitted in the policy
+Xml. The policy Xml contains the assignment of labels to
+subject/object (e.g., vm). This Xml file contains an explicit
+reference to the definition Xml (e.g., <url>xen_sample_def.xml</url>).
+The policy Xml is the one provided as a command line argument.
+
+
+Files:
+
+*.java - policy processor source
+xen_sample_policy.xml - sample xml policy file
+xen_sample_def.xml - sample user defined types
+SecurityPolicySpec.xsd - schema definition file
+
+
+To generate the sample binary policy:
+
+export CLASSPATH=$XERCES_HOME/xercesImpl.jar:$XERCES_HOME/xmlParserAPIs.jar:.
+
+java XmlToBin -i xen_sample_policy.xml -o xen_sample_policy.bin
+
+where $XERCES_HOME is the installation directory of the Apache Xerces-J
+
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 05:36:15 +0000