diff options
Diffstat (limited to 'tools/xm-test/tests/security-acm/08_security-acm_xapi.py')
-rw-r--r-- | tools/xm-test/tests/security-acm/08_security-acm_xapi.py | 354 |
1 files changed, 354 insertions, 0 deletions
diff --git a/tools/xm-test/tests/security-acm/08_security-acm_xapi.py b/tools/xm-test/tests/security-acm/08_security-acm_xapi.py new file mode 100644 index 0000000000..7eafc3607b --- /dev/null +++ b/tools/xm-test/tests/security-acm/08_security-acm_xapi.py @@ -0,0 +1,354 @@ +#!/usr/bin/python + +# Copyright (C) International Business Machines Corp., 2007 +# Author: Stefan Berger <stefanb@us.ibm.com> + +# VM creation test with labeled VM and labeled VDI + +from XmTestLib import xapi +from XmTestLib.XenAPIDomain import XmTestAPIDomain +from XmTestLib import * +from xen.xend import XendAPIConstants +from xen.util import acmpolicy, security, xsconstants +import commands +import os + +vm_label_red = xsconstants.ACM_POLICY_ID + ":xm-test:red" +vm_label_green = xsconstants.ACM_POLICY_ID + ":xm-test:green" +vdi_label_red = xsconstants.ACM_POLICY_ID + ":xm-test:red" +vdi_label_green = xsconstants.ACM_POLICY_ID + ":xm-test:green" + +vdi_file = "/dev/ram0" +vdi_path = "phy:" + vdi_file + +#Note: +# If during the suspend/resume operations 'red' instead of 'green' is +# used, the Chinese Wall policy goes into effect and disallows the +# suspended VM from being resumed... + +try: + # XmTestAPIDomain tries to establish a connection to XenD + domain = XmTestAPIDomain(extraConfig={ 'security_label' : vm_label_red }) +except Exception, e: + SKIP("Skipping test. Error: %s" % str(e)) + +vm_uuid = domain.get_uuid() + +session = xapi.connect() +xstype = session.xenapi.XSPolicy.get_xstype() +if int(xstype) & xsconstants.XS_POLICY_ACM == 0: + SKIP("ACM not enabled/compiled in Xen") + +f = open("xm-test-security_policy.xml", 'r') +if f: + newpolicyxml = f.read() + f.close() +else: + FAIL("Could not read 'xm-test' policy") + +policystate = session.xenapi.XSPolicy.get_xspolicy() +if int(policystate['type']) == 0: + policystate = session.xenapi.XSPolicy.set_xspolicy( + xsconstants.XS_POLICY_ACM, + newpolicyxml, + xsconstants.XS_INST_BOOT | xsconstants.XS_INST_LOAD, + True) + if int(policystate['flags']) == -1: + FAIL("Could not set the new policy.") + +policystate = session.xenapi.XSPolicy.get_xspolicy() +print "policystate = %s" % policystate +acm_ref = policystate['xs_ref'] + + +# +# Some tests with labeling of resources +# +labels = session.xenapi.XSPolicy.get_labeled_resources() +print "labeled resources are:\n%s" % labels + +oldlabel = session.xenapi.XSPolicy.get_resource_label("phy:/dev/ram0") + +rc = session.xenapi.XSPolicy.set_resource_label("phy:/dev/ram0", "", + oldlabel) + +rc = session.xenapi.XSPolicy.set_resource_label("phy:/dev/ram0", + vdi_label_green, + "") + +res = session.xenapi.XSPolicy.get_resource_label("phy:/dev/ram0") +if res != vdi_label_green: + FAIL("(1) get_resource_label returned unexpected result %s, wanted %s" % + (res, vdi_label_green)) + + +# +# Some test with labeling of VMs +# + +res = session.xenapi.VM.get_security_label(vm_uuid) + +if res != vm_label_red: + FAIL("VM.get_security_label returned wrong security label '%s'." % res) + +res = session.xenapi.VM.set_security_label(vm_uuid, vm_label_green, + vm_label_red) + +res = session.xenapi.VM.get_security_label(vm_uuid) +if res != vm_label_green: + FAIL("VM does not show expected label '%s' but '%s'." % + (vm_label_green, res)) + +res = session.xenapi.VM.set_security_label(vm_uuid, "", vm_label_green) +if int(res) != 0: + FAIL("Should be able to unlabel the domain while it's halted.") + +res = session.xenapi.VM.get_security_label(vm_uuid) +if res != "": + FAIL("Unexpected VM security label after removal: %s" % res) + +res = session.xenapi.VM.set_security_label(vm_uuid, vm_label_red, res) +if int(res) != 0: + FAIL("Could not label the VM to '%s'" % vm_label_red) + +res = session.xenapi.VM.get_security_label(vm_uuid) +if res != vm_label_red: + FAIL("VM has wrong label '%s', expected '%s'." % (res, vm_label_red)) + +sr_uuid = session.xenapi.SR.get_by_name_label("Local") +if len(sr_uuid) == 0: + FAIL("Could not get a handle on SR 'Local'") + + +vdi_rec = { 'name_label' : "My disk", + 'SR' : sr_uuid[0], + 'virtual_size': 0, + 'sector_size' : 512, + 'parent' : '', + 'SR_name' : 'Local', + 'type' : 'system', + 'shareable' : False, + 'read-only' : False, + 'other_config': {'location': vdi_path} +} + +vdi_ref = session.xenapi.VDI.create(vdi_rec) + +res = session.xenapi.VDI.get_name_label(vdi_ref) +if res != vdi_rec['name_label']: + print "Destroying VDI now" + session.xenapi.VDI.destroy(vdi_ref) + FAIL("VDI_get_name_label return wrong information") + +res = session.xenapi.VDI.get_record(vdi_ref) +print "vdi_record : %s" % res + +oldlabel = session.xenapi.XSPolicy.get_resource_label(vdi_path) + +#Remove label from VDI device +rc = session.xenapi.XSPolicy.set_resource_label(vdi_path, + "", + oldlabel) + + +# Attach a VBD to the VM + +vbd_rec = { 'VM' : vm_uuid, + 'VDI' : vdi_ref, + 'device' : "xvda1", + 'mode' : 1, + 'bootable': 0, +} + +vbd_ref = session.xenapi.VBD.create(vbd_rec) + +res = session.xenapi.VBD.get_record(vbd_ref) + +try: + domain.start(noConsole=True) + # Should not get here. + print "Destroying VDI now" + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Could start VM with a VBD that it is not allowed to access.") +except: + pass + print "Could not create domain -- that's good" + + +# +# Label the VDI now +# + +rc = session.xenapi.VDI.set_security_label(vdi_ref, vdi_label_red, "") +if int(rc) != 0: + FAIL("Could not set the VDI label to '%s'" % vdi_label_red) + +label = session.xenapi.VDI.get_security_label(vdi_ref) +if label != vdi_label_red: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Unexpected label '%s' on VDI, wanted '%s'" % + (label, vdi_label_red)) + +rc = session.xenapi.VDI.set_security_label(vdi_ref, "", label) +if int(rc) != 0: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Should be able to unlabel VDI.") + +rc = session.xenapi.VDI.set_security_label(vdi_ref, vdi_label_red, "") +if int(rc) != 0: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Should be able to label VDI with label '%s'" % vid_label_red) + +res = session.xenapi.XSPolicy.get_resource_label(vdi_path) +if res != vdi_label_red: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("(2) get_resource_label on %s returned unexpected result %s, wanted '%s'" % + (vdi_path, res, vdi_label_red)) + +res = session.xenapi.VDI.get_security_label(vdi_ref) +if res != vdi_label_red: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("get_security_label returned unexpected result %s, wanted '%s'" % + (res, vdi_label_red)) + +domain.start(noConsole=True) + +console = domain.getConsole() + +domName = domain.getName() + +try: + run = console.runCmd("cat /proc/interrupts") +except ConsoleError, e: + saveLog(console.getHistory()) + FAIL("Could not access proc-filesystem") + +# Try to relabel while VM is running +try: + res = session.xenapi.VM.set_security_label(vm_uuid, vm_label_green, + vm_label_red) +except: + pass + +lab = session.xenapi.VM.get_security_label(vm_uuid) +if lab == vm_label_green: + FAIL("Should not be able to reset the security label while running." + "tried to set to %s, got %s, old: %s" %(vm_label_green, lab, + vm_label_red)) + + +# +# Suspend the domain and relabel it +# + +try: + status, output = traceCommand("xm suspend %s" % domName, + timeout=30) +except TimeoutError, e: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Failure from suspending VM: %s." % str(e)) + +# Try to relabel while VM is suspended -- this should work + +rc = session.xenapi.VM.set_security_label(vm_uuid, vm_label_green, + vm_label_red) +if int(rc) != 0: + FAIL("VM security label could not be set to %s" % vm_label_green) + +res = session.xenapi.VM.get_security_label(vm_uuid) +if res != vm_label_green: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("VM (suspended) has label '%s', expected '%s'." % + (res, vm_label_green)) + +status, output = traceCommand("xm list") + +#Try to resume now -- should fail due to denied access to block device +try: + status, output = traceCommand("xm resume %s" % domName, + timeout=30) + if status == 0: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Could resume re-labeled VM: %s" % output) +except Exception, e: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("1. Error resuming the VM: %s." % str(e)) + +# Relabel VM so it would resume +res = session.xenapi.VM.set_security_label(vm_uuid, vm_label_red, + vm_label_green) +if int(res) != 0: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Could not relabel VM to have it resume.") + +res = session.xenapi.VM.get_security_label(vm_uuid) +if res != vm_label_red: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("VM (suspended) has label '%s', expected '%s'." % + (res, vm_label_red)) + + +# Relabel the resource so VM should not resume +try: + session.xenapi.XSPolicy.set_resource_label(vdi_path, + vdi_label_green, + "") +except Exception, e: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Could not label the VDI to '%s': %x" % + (vdi_label_green, int(rc))) + +#Try to resume now -- should fail due to denied access to block device +try: + status, output = traceCommand("xm resume %s" % domName, + timeout=30) + if status == 0: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Could resume re-labeled VM: %s" % output) +except Exception, e: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("2. Error resuming the VM: %s." % str(e)) + + +status, output = traceCommand("xm list") + +# Relabel the resource so VM can resume +try: + session.xenapi.XSPolicy.set_resource_label(vdi_path, + vdi_label_red, + vdi_label_green) +except Exception, e: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Could not label the resource to '%s'" % vid_label_red) + +res = session.xenapi.XSPolicy.get_resource_label(vdi_path) +if res != vdi_label_red: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("'%s' has label '%s', expected '%s'." % + (vdi_path, res, vdi_label_red)) + +#Try to resume now -- should work +try: + status, output = traceCommand("xm resume %s" % domName, + timeout=30) + if status != 0: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Could not resume re-labeled VM: %s" % output) +except Exception, e: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("3. Error resuming the VM: %s." % str(e)) + + +status, output = traceCommand("xm list") + +console = domain.getConsole() + +try: + run = console.runCmd("cat /proc/interrupts") +except ConsoleError, e: + saveLog(console.getHistory()) + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Could not access proc-filesystem") + +domain.stop() +domain.destroy() |