direct-io.hg

changeset 6254:513acbeac420

This patch:

* adds a C-based security policy translation tool to Xen (secpol_xml2bin)
and removes the current Java
security policy translator (Java dependencies). The C-based tool
integrates into the Xen source tree build
and install (using gnome libxml2 for XML parsing). See install.txt.

* introduces security labels and related tools. Users can now use
semantic-rich label names to put security-tags
on domains. See example.txt, policy.txt.

* moves the security configuration (currently ACM_USE_SECURITY_POLICY)
from xen/Rules.mk
into a separate top-level Security.mk file (it is needed by the
tools/security and xen/acm).

Both xen/acm and tools/security are built during the Xen build process
only if ACM_USE_SECURITY_POLICY
is not ACM_NULL_POLICY (which is the default setting).

Signed-off-by Reiner Sailer <sailer@us.ibm.com>
Signed-off by Stefan Berger <stefanb@us.ibm.com>
Signed-off by Ray Valdez <rvaldez@us.ibm.com>
author kaf24@firebug.cl.cam.ac.uk
date Fri Aug 19 09:03:17 2005 +0000 (2005-08-19)
parents 1895942150a5
children 071412a64fb9
files Config.mk tools/security/Makefile tools/security/example.txt tools/security/install.txt tools/security/policies/chwall/chwall-security_label_template.xml tools/security/policies/chwall/chwall-security_policy.xml tools/security/policies/chwall_ste/chwall_ste-security_label_template.xml tools/security/policies/chwall_ste/chwall_ste-security_policy.xml tools/security/policies/null/null-security_label_template.xml tools/security/policies/null/null-security_policy.xml tools/security/policies/security_policy.xsd tools/security/policies/ste/ste-security_label_template.xml tools/security/policies/ste/ste-security_policy.xml tools/security/policy.txt tools/security/readme.txt tools/security/secpol_compat.h tools/security/secpol_tool.c tools/security/secpol_xml2bin.c tools/security/secpol_xml2bin.h tools/security/setlabel.sh tools/security/updategrub.sh xen/Rules.mk
line diff
     1.1 --- a/Config.mk	Fri Aug 19 08:55:03 2005 +0000
     1.2 +++ b/Config.mk	Fri Aug 19 09:03:17 2005 +0000
     1.3 @@ -35,3 +35,11 @@ CFLAGS += $(foreach i, $(EXTRA_INCLUDES)
     1.4  
     1.5  # Choose the best mirror to download linux kernel
     1.6  KERNEL_REPO = http://www.kernel.org
     1.7 +
     1.8 +# ACM_USE_SECURITY_POLICY is set to security policy of Xen
     1.9 +# Supported models are:
    1.10 +#	ACM_NULL_POLICY (ACM will not be built with this policy)
    1.11 +#	ACM_CHINESE_WALL_POLICY
    1.12 +#	ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
    1.13 +#	ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
    1.14 +ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
     2.1 --- a/docs/misc/shype4xen_readme.txt	Fri Aug 19 08:55:03 2005 +0000
     2.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.3 @@ -1,588 +0,0 @@
     2.4 -Copyright: IBM Corporation (C)
     2.5 -20 June 2005
     2.6 -Author: Reiner Sailer
     2.7 -
     2.8 -This document is a very short introduction into the sHype access control 
     2.9 -security architecture implementation and how it is perceived by users. It 
    2.10 -is a very preliminary draft  for the courageous ones to get "their feet wet" 
    2.11 -and to be able to give feedback (via the xen-devel/xense-devel mailing lists).
    2.12 -
    2.13 -Install:
    2.14 -
    2.15 -cd into xeno-unstable.bk 
    2.16 -(use --dry-run option if you want to test the patch only)
    2.17 -patch -p1 -g0 < *tools.diff
    2.18 -patch -p1 -g0 < *xen.diff
    2.19 -
    2.20 -(no rejects, probably some line offsets)
    2.21 -
    2.22 -make uninstall; make mrproper; make; ./install.sh should install the default 
    2.23 -sHype into Xen (rebuild your initrd images if necessary). Reboot.
    2.24 -
    2.25 -Debug output: there are two triggers for debug output:
    2.26 -a) General sHype debug:
    2.27 -    xeno-unstable.bk/xen/include/public/acm.h
    2.28 -    undefine ACM_DEBUG to switch this debug off
    2.29 -
    2.30 -b) sHype enforcement hook trace: This prints a small trace for each enforcement 
    2.31 -hook that is executed. The trigger is in
    2.32 -    xeno-unstable.bk/xen/include/acm/acm_hooks.h
    2.33 -    undefine ACM_TRACE_MODE to switch this debug off
    2.34 -
    2.35 -1. The default NULL policy
    2.36 -***************************
    2.37 -When you apply the patches and startup xen, you should at first not notice any 
    2.38 -difference because the default policy is the "NULL" policy, which as the name 
    2.39 -implies does not enforce anything.
    2.40 -
    2.41 -To display the currently enforced policy, use the policy tool under xeno-
    2.42 -unstable.bk/tools/policy: policy_tool getpolicy. You should see output like the 
    2.43 -one below.
    2.44 -
    2.45 -[root@laptop policy]#./policy_tool getpolicy
    2.46 -
    2.47 -Policy dump:
    2.48 -============
    2.49 -Magic     = 1debc.
    2.50 -PolVer    = aaaa0000.
    2.51 -Len       = 14.
    2.52 -Primary   = NULL policy (c=0, off=14).
    2.53 -Secondary = NULL policy (c=0, off=14).
    2.54 -No primary policy (NULL).
    2.55 -No secondary policy (NULL).
    2.56 -
    2.57 -Policy dump End.
    2.58 -
    2.59 -Since this is a dump of a binary policy, it's not pretty. The important parts 
    2.60 -are the "Primary" and "Secondary" policy fields set to "NULL policy". sHype 
    2.61 -currently allows to set two independent policies; thus the two SSID-REF parts 
    2.62 -shown in 'xm list'. Right here: primary policy only means this policy is 
    2.63 -checked first, the secondary policy is checked if the primary results in 
    2.64 -"permitted access". The result of the combined policy is "permitted" if both 
    2.65 -policies return permitted (NULL policy always returns permitted). The result is 
    2.66 -"denied" if at least one of the policies returns "denied". Look into xeno-
    2.67 -unstable.bk/xen/include/acm/acm_hooks.h for the general hook structure 
    2.68 -integrating the policy decisions (if you like, you won't need it for the rest 
    2.69 -of the Readme file).
    2.70 -
    2.71 -2. Setting Chinese Wall and Simple Type Enforcement policies:
    2.72 -*************************************************************
    2.73 -
    2.74 -We'll get fast to the point. However, in order to understand what we are doing, 
    2.75 -we must at least understand the purpose of the policies that we are going to 
    2.76 -enforce. The two policies presented here are just examples and the 
    2.77 -implementation encourages adding new policies easily.
    2.78 -
    2.79 -2.1. Chinese Wall policy: "decides whether a domain can be started based on 
    2.80 -this domain's ssidref and the ssidrefs of the currently running domains". 
    2.81 -Generally, the Chinese wall policy allows specifying certain types (or classes 
    2.82 -or categories, whatever the preferred word) that conflict; we usually assign a 
    2.83 -type to a workload and the set of types of those workloads running in a domain 
    2.84 -make up the type set for this domain.  Each domain is assigned a set of types 
    2.85 -through its SSID-REF (we register Chinese Wall as primary policy, so the 
    2.86 -ssidref used for determining the Chinese Wall types is the one annotated with 
    2.87 -"p:" in xm list) since each SSID-REF points at a set of types. We'll see how 
    2.88 -SSIDREFs are represented in Xen later when we will look at the policy. (A good 
    2.89 -read for Chinese Wall is: Brewer/Nash The Chinese Wall Security Policy 1989.)
    2.90 -
    2.91 -So let's assume the Chinese Wall policy we are running distinguishes 10 types: 
    2.92 -t0 ... t9. Let us assume further that each SSID-REF points to a set that 
    2.93 -includes exactly one type (attached to domains that run workloads of a single 
    2.94 -type). SSID-REF 0 points to {t0}, ssidref 1 points to {t1} ... 9 points to 
    2.95 -{t9}. [This is actually the example policy we are going to push into xen later]
    2.96 -
    2.97 -Now the Chinese Wall policy allows you to define "Conflict type sets" and it 
    2.98 -guarantees that of any conflict set at most one type is "running" at any time. 
    2.99 -As an example, we have defined 2 conflict set: {t2, t3} and {t0, t5, t6}. 
   2.100 -Specifying these conflict sets, sHype ensures that at most one type of each set 
   2.101 -is running (either t2 or t3 but not both; either t0 or t5 or t6 but not 
   2.102 -multiple of them).
   2.103 -
   2.104 -The effect is that administrators can define which workload types cannot run 
   2.105 -simultaneously on a single Xen system. This is useful to limit the covert 
   2.106 -timing channels between such payloads or to ensure that payloads don't 
   2.107 -interfere with each other through existing resource dependencies.
   2.108 -
   2.109 -2.2. Simple Type Enforcement (ste) policy: "decides whether two domains can 
   2.110 -share data, e.g., setup event channels or grant tables to each other, based on 
   2.111 -the two domains' ssidref. This, as the name says, is a simple policy. Think of 
   2.112 -each type as of a single color. Each domain has one or more colors, i.e., the 
   2.113 -domains ssid for the ste policy points to a set that has set one or multiple 
   2.114 -types. Let us assume in our example policy we differentiate 5 colors (types) 
   2.115 -and define 5 different ssids referenced by ssidref=0..4. Each ssid shall have 
   2.116 -exactly one type set, i.e., describes a uni-color. Only ssid(0) has all types 
   2.117 -set, i.e., has all defined colors.
   2.118 -
   2.119 -Sharing is enforced by the ste policy by requiring that two domains that want 
   2.120 -to establish an event channel or grant pages to each other must have a common 
   2.121 -color. Currently all domains communicate through DOM0 by default; i.e., Domain0 
   2.122 -will necessarily have all colors to be able to create domains (thus, we will 
   2.123 -assign ssidref(0) to Domain0 in our example below.
   2.124 -
   2.125 -More complex mandatory access control policies governing sharing will follow; 
   2.126 -such policies are more sophisticated than the "color" scheme above by allowing 
   2.127 -more flexible (and complex :_) access control decisions than "share a color" or 
   2.128 -"don't share a color" and will be able to express finer-grained policies.
   2.129 -
   2.130 -
   2.131 -2.3 Binary Policy:
   2.132 -In the future, we will have a policy tool that takes as input a more humane 
   2.133 -policy description, using types such as development, home-banking, donated-
   2.134 -Grid, CorpA-Payload ... and translates the respective policy into what we see 
   2.135 -today as the binary policy using 1s and 0s and sets of them. For now, we must 
   2.136 -live with the binary policy when working with sHype.
   2.137 -
   2.138 -    
   2.139 -2.4 Exemplary use of a real sHype policy on Xen. To activate a real policy, 
   2.140 -edit the file (yes, this will soon be a compile option):
   2.141 -  xeno-unstable.bk/xen/include/public/acm.h
   2.142 -  Change: #define ACM_USE_SECURITY_POLICY ACM_NULL_POLICY
   2.143 -   To : #define ACM_USE_SECURITY_POLICY ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
   2.144 -   cd xeno-unstable.bk
   2.145 -   make mrproper
   2.146 -   make uninstall (manually remove /etc/xen.old if necessary)
   2.147 -   make
   2.148 -   ./install.sh      (recreate your kernel initrd's if necessary)
   2.149 -   Reboot into new xen.gz
   2.150 -     
   2.151 -After booting, check out 'xm dmesg'; should show somewhere in the middle:
   2.152 -
   2.153 -(XEN) acm_init: Enforcing Primary CHINESE WALL policy, Secondary SIMPLE TYPE 
   2.154 -ENFORCEMENT policy.
   2.155 -
   2.156 -Even though you can activate those policies in any combination and also 
   2.157 -independently, the policy tool currently only supports setting the policy for 
   2.158 -the above combination.
   2.159 -
   2.160 -Now look at the minimal startup policy with:
   2.161 -                xeno-unstable.bk/tools/policytool getpolicy
   2.162 -
   2.163 -You should see something like:
   2.164 -
   2.165 -[root@laptop policy]# ./policy_tool getpolicy
   2.166 -
   2.167 -Policy dump:
   2.168 -============
   2.169 -Magic     = 1debc.
   2.170 -PolVer    = aaaa0000.
   2.171 -Len       = 36.
   2.172 -Primary   = CHINESE WALL policy (c=1, off=14).
   2.173 -Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=2c).
   2.174 -
   2.175 -
   2.176 -Chinese Wall policy:
   2.177 -====================
   2.178 -Max Types     = 1.
   2.179 -Max Ssidrefs  = 1.
   2.180 -Max ConfSets  = 1.
   2.181 -Ssidrefs Off  = 10.
   2.182 -Conflicts Off = 12.
   2.183 -Runing T. Off = 14.
   2.184 -C. Agg. Off   = 16.
   2.185 -
   2.186 -SSID To CHWALL-Type matrix:
   2.187 -
   2.188 -   ssidref 0:  00 
   2.189 -
   2.190 -Confict Sets:
   2.191 -
   2.192 -   c-set 0:    00 
   2.193 -
   2.194 -Running
   2.195 -Types:         00 
   2.196 -
   2.197 -Conflict
   2.198 -Aggregate Set: 00 
   2.199 -
   2.200 -
   2.201 -Simple Type Enforcement policy:
   2.202 -===============================
   2.203 -Max Types     = 1.
   2.204 -Max Ssidrefs  = 1.
   2.205 -Ssidrefs Off  = 8.
   2.206 -
   2.207 -SSID To STE-Type matrix:
   2.208 -
   2.209 -   ssidref 0: 01 
   2.210 -
   2.211 -
   2.212 -Policy dump End.
   2.213 -
   2.214 -This is a minimal policy (of little use), except it will disable starting any 
   2.215 -domain that does not have ssidref set to 0x0. The Chinese Wall policy has 
   2.216 -nothing to enforce and the ste policy only knows one type, which is set for the 
   2.217 -only defined ssidref.
   2.218 -
   2.219 -The item that defines the ssidref in a domain configuration is:
   2.220 -
   2.221 -ssidref = 0x12345678
   2.222 -
   2.223 -Where ssidref is interpreted as a 32bit number, where the lower 16bits become 
   2.224 -the ssidref for the primary policy and the higher 16bits become the ssidref for 
   2.225 -the secondary policy. sHype currently supports two policies but this is an 
   2.226 -implementation decision and can be extended if necessary.
   2.227 -
   2.228 -This reference defines the security information of a domain. The meaning of the 
   2.229 -SSID-REF depends on the policy, so we explain it when we explain the real 
   2.230 -policies.
   2.231 -
   2.232 -
   2.233 -Setting a new Security Policy:
   2.234 -******************************
   2.235 -The policy tool with all its current limitations has one usable example policy 
   2.236 -compiled-in. Please try at this time to use the setpolicy command:
   2.237 -       xeno-unstable.bk/tools/policy/policy_tool setpolicy
   2.238 -
   2.239 -You should see a dump of the policy you are setting. It should say at the very 
   2.240 -end: 
   2.241 -
   2.242 -Policy successfully set.
   2.243 -
   2.244 -Now try to dump the currently enforced policy, which is the policy we have just 
   2.245 -set and the dynamic security state information of this policy 
   2.246 -(<<< ... some additional explanations)
   2.247 -
   2.248 -[root@laptop policy]# ./policy_tool getpolicy
   2.249 -
   2.250 -Policy dump:
   2.251 -============
   2.252 -Magic     = 1debc.
   2.253 -PolVer    = aaaa0000.
   2.254 -Len       = 112.
   2.255 -Primary   = CHINESE WALL policy (c=1, off=14).
   2.256 -Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
   2.257 -
   2.258 -
   2.259 -Chinese Wall policy:
   2.260 -====================
   2.261 -Max Types     = a.
   2.262 -Max Ssidrefs  = 5.
   2.263 -Max ConfSets  = 2.
   2.264 -Ssidrefs Off  = 10.
   2.265 -Conflicts Off = 74.
   2.266 -Runing T. Off = 9c.
   2.267 -C. Agg. Off   = b0.
   2.268 -
   2.269 -SSID To CHWALL-Type matrix:
   2.270 -
   2.271 -   ssidref 0:  01 00 00 00 00 00 00 00 00 00  <<< type0 is set for ssidref0
   2.272 -   ssidref 1:  00 01 00 00 00 00 00 00 00 00 
   2.273 -   ssidref 2:  00 00 01 00 00 00 00 00 00 00 
   2.274 -   ssidref 3:  00 00 00 01 00 00 00 00 00 00 
   2.275 -   ssidref 4:  00 00 00 00 01 00 00 00 00 00  <<< type4 is set for ssidref4
   2.276 -                                              <<< types 5-9 are unused
   2.277 -Confict Sets:
   2.278 -
   2.279 -   c-set 0:    00 00 01 01 00 00 00 00 00 00  <<< type2 and type3 never run together
   2.280 -   c-set 1:    01 00 00 00 00 01 01 00 00 00  <<< only one of types 0, 5 or 6 
   2.281 -                                              <<<   can run simultaneously
   2.282 -Running
   2.283 -Types:         01 00 00 00 00 00 00 00 00 00  <<< ref-count for types of running domains
   2.284 -
   2.285 -Conflict
   2.286 -Aggregate Set: 00 00 00 00 00 01 01 00 00 00  <<< aggregated set of types that                  
   2.287 -                                              <<< cannot run because they 
   2.288 -                                              <<< are in conflict set 1 and
   2.289 -                                              <<< (domain 0 is running w t0)
   2.290 -                                             
   2.291 -
   2.292 -Simple Type Enforcement policy:
   2.293 -===============================
   2.294 -Max Types     = 5.
   2.295 -Max Ssidrefs  = 5.
   2.296 -Ssidrefs Off  = 8.
   2.297 -
   2.298 -SSID To STE-Type matrix:
   2.299 -
   2.300 -   ssidref 0: 01 01 01 01 01                  <<< ssidref0 points to a set that                  
   2.301 -                                              <<< has all types set (colors)
   2.302 -   ssidref 1: 00 01 00 00 00                  <<< ssidref1 has color1 set
   2.303 -   ssidref 2: 00 00 01 00 00                  <<< ...
   2.304 -   ssidref 3: 00 00 00 01 00 
   2.305 -   ssidref 4: 00 00 00 00 01 
   2.306 -
   2.307 -
   2.308 -Policy dump End.
   2.309 -
   2.310 -
   2.311 -This is a small example policy with which we will demonstrate the enforcement.
   2.312 -
   2.313 -Starting Domains with policy enforcement
   2.314 -========================================
   2.315 -Now let us play with this policy. 
   2.316 -
   2.317 -Define 3 or 4 domain configurations. I use the following config using a ramdisk 
   2.318 -only and about 8MBytes of memory for each DomU (test purposes):
   2.319 -
   2.320 -#-------configuration xmsec1-------------------------
   2.321 -kernel = "/boot/vmlinuz-2.6.11-xenU"
   2.322 -ramdisk="/boot/U1_ramdisk.img"
   2.323 -#security reference identifier
   2.324 -ssidref= 0x00010001
   2.325 -memory = 10
   2.326 -name = "xmsec1"
   2.327 -cpu = -1   # leave to Xen to pick
   2.328 -# Number of network interfaces. Default is 1.
   2.329 -nics=1
   2.330 -dhcp="dhcp"
   2.331 -#-----------------------------------------------------
   2.332 -
   2.333 -xmsec2 and xmsec3 look the same except for the name and the ssidref line. Use 
   2.334 -your domain config file and add "ssidref = 0x00010001" to the first (xmsec1),  
   2.335 -"ssidref= 0x00020002" to the second (call it xmsec2), and "ssidref=0x00030003"  
   2.336 -to the third (we will call this one xmsec3).
   2.337 -
   2.338 -First start xmsec1: xm create -c xmsec1 (succeeds)
   2.339 -
   2.340 -Then
   2.341 -[root@laptop policy]# xm list 
   2.342 -Name              Id  Mem(MB)  CPU  State  Time(s)  Console  
   2.343 -Domain-0           0      620   0  r----     42.3            s:00/p:00
   2.344 -xmnosec            1        9   0  -b---      0.3    9601    s:00/p:05
   2.345 -xmsec1             2        9   0  -b---      0.2    9602    s:01/p:01
   2.346 -
   2.347 -Shows a new domain xmsec1 running with primary (here: chinese wall) ssidref 1 
   2.348 -and secondary (here: simple type enforcement) ssidref 1. The ssidrefs are  
   2.349 -independent and can differ for a domain.
   2.350 -
   2.351 -[root@laptop policy]# ./policy_tool getpolicy
   2.352 -
   2.353 -Policy dump:
   2.354 -============
   2.355 -Magic     = 1debc.
   2.356 -PolVer    = aaaa0000.
   2.357 -Len       = 112.
   2.358 -Primary   = CHINESE WALL policy (c=1, off=14).
   2.359 -Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
   2.360 -
   2.361 -
   2.362 -Chinese Wall policy:
   2.363 -====================
   2.364 -Max Types     = a.
   2.365 -Max Ssidrefs  = 5.
   2.366 -Max ConfSets  = 2.
   2.367 -Ssidrefs Off  = 10.
   2.368 -Conflicts Off = 74.
   2.369 -Runing T. Off = 9c.
   2.370 -C. Agg. Off   = b0.
   2.371 -
   2.372 -SSID To CHWALL-Type matrix:
   2.373 -
   2.374 -   ssidref 0:  01 00 00 00 00 00 00 00 00 00
   2.375 -   ssidref 1:  00 01 00 00 00 00 00 00 00 00
   2.376 -   ssidref 2:  00 00 01 00 00 00 00 00 00 00
   2.377 -   ssidref 3:  00 00 00 01 00 00 00 00 00 00
   2.378 -   ssidref 4:  00 00 00 00 01 00 00 00 00 00
   2.379 -
   2.380 -Confict Sets:
   2.381 -
   2.382 -   c-set 0:    00 00 01 01 00 00 00 00 00 00
   2.383 -   c-set 1:    01 00 00 00 00 01 01 00 00 00   <<< t1 is not part of any c-set
   2.384 -
   2.385 -Running
   2.386 -Types:         01 01 00 00 00 00 00 00 00 00   <<< xmsec1 has ssidref 1->type1
   2.387 -                  ^^                           <<< ref-count at position 1 incr
   2.388 -Conflict
   2.389 -Aggregate Set: 00 00 00 00 00 01 01 00 00 00   <<< domain 1 was allowed to       
   2.390 -                                               <<< start since type 1 was not
   2.391 -                                               <<< in conflict with running 
   2.392 -                                               <<< types
   2.393 -                                            
   2.394 -Simple Type Enforcement policy:
   2.395 -===============================
   2.396 -Max Types     = 5.
   2.397 -Max Ssidrefs  = 5.
   2.398 -Ssidrefs Off  = 8.
   2.399 -
   2.400 -SSID To STE-Type matrix:
   2.401 -
   2.402 -   ssidref 0: 01 01 01 01 01           <<< the ste policy does not maintain; we
   2.403 -   ssidref 1: 00 01 00 00 00   <--     <<< see that domain xmsec1 has ste 
   2.404 -   ssidref 2: 00 00 01 00 00           <<< ssidref1->type1 and has this type in
   2.405 -   ssidref 3: 00 00 00 01 00           <<< common with dom0
   2.406 -   ssidref 4: 00 00 00 00 01
   2.407 -
   2.408 -
   2.409 -Policy dump End.
   2.410 -
   2.411 -Look at sHype output in xen dmesg:
   2.412 -
   2.413 -[root@laptop xen]# xm dmesg
   2.414 -.
   2.415 -.
   2.416 -[somewhere near the very end]
   2.417 -(XEN) chwall_init_domain_ssid: determined chwall_ssidref to 1.
   2.418 -(XEN) ste_init_domain_ssid.
   2.419 -(XEN) ste_init_domain_ssid: determined ste_ssidref to 1.
   2.420 -(XEN) acm_init_domain_ssid: Instantiated individual ssid for domain 0x01.
   2.421 -(XEN) chwall_post_domain_create.
   2.422 -(XEN) ste_pre_eventchannel_interdomain.
   2.423 -(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
   2.424 -(XEN) shype_authorize_domops.
   2.425 -(XEN) ste_pre_eventchannel_interdomain.
   2.426 -(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
   2.427 -(XEN) ste_pre_eventchannel_interdomain.
   2.428 -(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
   2.429 -
   2.430 -
   2.431 -You can see that the chinese wall policy does not complain and that the ste 
   2.432 -policy makes three access control decisions for three event-channels setup 
   2.433 -between domain 0 and the new domain 1. Each time, the two domains share the 
   2.434 -type1 and setting up the eventchannel is permitted.
   2.435 -
   2.436 -
   2.437 -Starting up a second domain xmsec2:
   2.438 -
   2.439 -[root@laptop xen]# xm create -c xmsec2
   2.440 -Using config file "xmsec2".
   2.441 -Started domain xmsec2, console on port 9602
   2.442 -************ REMOTE CONSOLE: CTRL-] TO QUIT ********
   2.443 -Linux version 2.6.11-xenU (root@laptop.home.org) (gcc version 3.4.2 20041017 
   2.444 -(Red Hat 3.4.2-6.fc3)) #1 Wed Mar 30 13:14:31 EST 2005
   2.445 -.
   2.446 -.
   2.447 -.
   2.448 -[root@laptop policy]# xm list
   2.449 -Name              Id  Mem(MB)  CPU  State  Time(s)  Console  
   2.450 -Domain-0           0      620   0  r----     71.7            s:00/p:00
   2.451 -xmsec1             1        9   0  -b---      0.3    9601    s:01/p:01
   2.452 -xmsec2             2        7   0  -b---      0.3    9602    s:02/p:02   << our domain runs both policies with ssidref 2
   2.453 -
   2.454 -
   2.455 -[root@laptop policy]# ./policy_tool getpolicy
   2.456 -
   2.457 -Policy dump:
   2.458 -============
   2.459 -Magic     = 1debc.
   2.460 -PolVer    = aaaa0000.
   2.461 -Len       = 112.
   2.462 -Primary   = CHINESE WALL policy (c=1, off=14).
   2.463 -Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
   2.464 -
   2.465 -
   2.466 -Chinese Wall policy:
   2.467 -====================
   2.468 -Max Types     = a.
   2.469 -Max Ssidrefs  = 5.
   2.470 -Max ConfSets  = 2.
   2.471 -Ssidrefs Off  = 10.
   2.472 -Conflicts Off = 74.
   2.473 -Runing T. Off = 9c.
   2.474 -C. Agg. Off   = b0.
   2.475 -
   2.476 -SSID To CHWALL-Type matrix:
   2.477 -
   2.478 -   ssidref 0:  01 00 00 00 00 00 00 00 00 00
   2.479 -   ssidref 1:  00 01 00 00 00 00 00 00 00 00
   2.480 -   ssidref 2:  00 00 01 00 00 00 00 00 00 00   <<< our domain has type 2 set
   2.481 -   ssidref 3:  00 00 00 01 00 00 00 00 00 00
   2.482 -   ssidref 4:  00 00 00 00 01 00 00 00 00 00
   2.483 -
   2.484 -Confict Sets:
   2.485 -
   2.486 -   c-set 0:    00 00 01 01 00 00 00 00 00 00   <<< t2 is in c-set0 with type 3
   2.487 -   c-set 1:    01 00 00 00 00 01 01 00 00 00
   2.488 -
   2.489 -Running
   2.490 -Types:         01 01 01 00 00 00 00 00 00 00   <<< t2 is running since the 
   2.491 -                     ^^                        <<< current aggregate conflict
   2.492 -                                               <<< set (see above) does not 
   2.493 -                                               <<< include type 2
   2.494 -Conflict
   2.495 -Aggregate Set: 00 00 00 01 00 01 01 00 00 00   <<< type 3 is added to the 
   2.496 -                                               <<< conflict aggregate
   2.497 -
   2.498 -
   2.499 -Simple Type Enforcement policy:
   2.500 -===============================
   2.501 -Max Types     = 5.
   2.502 -Max Ssidrefs  = 5.
   2.503 -Ssidrefs Off  = 8.
   2.504 -
   2.505 -SSID To STE-Type matrix:
   2.506 -
   2.507 -   ssidref 0: 01 01 01 01 01
   2.508 -   ssidref 1: 00 01 00 00 00
   2.509 -   ssidref 2: 00 00 01 00 00
   2.510 -   ssidref 3: 00 00 00 01 00
   2.511 -   ssidref 4: 00 00 00 00 01
   2.512 -
   2.513 -
   2.514 -Policy dump End.
   2.515 -
   2.516 -
   2.517 -The sHype xen dmesg output looks similar to the one above when starting the 
   2.518 -first domain.
   2.519 -
   2.520 -Now we start xmsec3 and it has ssidref3. Thus, it tries to run as type3 which 
   2.521 -conflicts with running type2 (from xmsec2). As expected, creating this domain 
   2.522 -fails for security policy enforcement reasons.
   2.523 -
   2.524 -[root@laptop xen]# xm create -c xmsec3
   2.525 -Using config file "xmsec3".
   2.526 -Error: Error creating domain: (22, 'Invalid argument')
   2.527 -[root@laptop xen]#
   2.528 -
   2.529 -[root@laptop xen]# xm dmesg
   2.530 -.
   2.531 -.
   2.532 -[somewhere near the very end]
   2.533 -(XEN) chwall_pre_domain_create.
   2.534 -(XEN) chwall_pre_domain_create: CHINESE WALL CONFLICT in type 03.
   2.535 -
   2.536 -xmsec3 ssidref3 points to type3, which is in the current conflict aggregate 
   2.537 -set. This domain cannot start until domain xmsec2 is destroyed, at which time 
   2.538 -the aggregate conflict set is reduced and type3 is excluded from it. Then, 
   2.539 -xmsec3 can start. Of course, afterwards, xmsec2 cannot be restarted. Try it.
   2.540 -
   2.541 -3. Policy tool
   2.542 -**************
   2.543 -toos/policy/policy_tool.c
   2.544 -
   2.545 -a) ./policy_tool getpolicy
   2.546 -      prints the currently enforced policy
   2.547 -      (see for example section 1.)
   2.548 -
   2.549 -b) ./policy_tool setpolicy
   2.550 -      sets a predefined and hardcoded security
   2.551 -      policy (the one described in section 2.)
   2.552 -
   2.553 -c) ./policy_tool dumpstats
   2.554 -      prints some status information about the caching
   2.555 -      of access control decisions (number of cache hits
   2.556 -      and number of policy evaluations for grant_table
   2.557 -      and event channels).
   2.558 -
   2.559 -d) ./policy_tool loadpolicy <binary_policy_file>
   2.560 -      sets the policy defined in the <binary_policy_file>
   2.561 -      please use the policy_processor that is posted to this
   2.562 -      mailing list to create such a binary policy from an XML
   2.563 -      policy description
   2.564 -
   2.565 -4. Policy interface:
   2.566 -********************
   2.567 -The Policy interface is working in "network-byte-order" (big endian). The reason for this
   2.568 -is that policy files/management should be portable and independent of the platforms.
   2.569 -
   2.570 -Our policy interface enables managers to create a single binary policy file in a trusted
   2.571 -environment and distributed it to multiple systems for enforcement.
   2.572 -
   2.573 -5. Booting with a binary policy:
   2.574 -********************************
   2.575 -The grub configuration file can be adapted to boot the hypervisor with an
   2.576 -already active policy. To do this, a binary policy file - this can be
   2.577 -the same file as used by the policy_tool - should be placed into the boot
   2.578 -partition. The following entry from the grub configuration file shows how
   2.579 -a binary policy can be added to the system during boot time. Note that the 
   2.580 -binary policy must be of the same type that the hypervisor was compiled 
   2.581 -for. The policy module line should also only be added as the last module
   2.582 -line if XEN was compiled with the access control module (ACM).
   2.583 -
   2.584 -title XEN0 3.0 Devel
   2.585 -	kernel /xen.gz dom0_mem=400000
   2.586 -	module /vmlinuz-2.6.12-xen0 root=/dev/hda2 ro console=tty0
   2.587 -	module /initrd-2.6.12-xen0.img
   2.588 -	module /xen_sample_policy.bin
   2.589 -
   2.590 -
   2.591 -====================end-of file=======================================
     3.1 --- a/tools/misc/policyprocessor/Makefile	Fri Aug 19 08:55:03 2005 +0000
     3.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.3 @@ -1,42 +0,0 @@
     3.4 -XEN_ROOT = ../../..
     3.5 -include $(XEN_ROOT)/tools/Rules.mk
     3.6 -
     3.7 -CFLAGS   += -static
     3.8 -CFLAGS   += -Wall
     3.9 -CFLAGS   += -Werror
    3.10 -CFLAGS   += -O3
    3.11 -CFLAGS   += -fno-strict-aliasing
    3.12 -CFLAGS   += -I.
    3.13 -
    3.14 -all: build
    3.15 -
    3.16 -build: mk-symlinks
    3.17 -	$(MAKE) xml_to_bin
    3.18 -
    3.19 -default: all
    3.20 -
    3.21 -install: all
    3.22 -
    3.23 -xml_to_bin : make_include XmlToBin.java XmlToBinInterface.java SsidsEntry.java SecurityLabel.java myHandler.java
    3.24 -	javac XmlToBin.java
    3.25 -
    3.26 -make_include : c2j_include
    3.27 -	./c2j_include
    3.28 -
    3.29 -c2j_include: c2j_include.c
    3.30 -	$(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $<
    3.31 -
    3.32 -clean:
    3.33 -	rm -rf *.class xen c2j_include policy_version.java *.bin
    3.34 -
    3.35 -
    3.36 -LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse
    3.37 -mk-symlinks:
    3.38 -	[ -e xen/linux ] || mkdir -p xen/linux
    3.39 -	[ -e xen/io ]    || mkdir -p xen/io
    3.40 -	( cd xen >/dev/null ; \
    3.41 -	  ln -sf ../$(XEN_ROOT)/xen/include/public/*.h . )
    3.42 -	( cd xen/io >/dev/null ; \
    3.43 -	  ln -sf ../../$(XEN_ROOT)/xen/include/public/io/*.h . )
    3.44 -	( cd xen/linux >/dev/null ; \
    3.45 -	  ln -sf ../../$(LINUX_ROOT)/include/asm-xen/linux-public/*.h . )
     4.1 --- a/tools/misc/policyprocessor/SecurityLabel.java	Fri Aug 19 08:55:03 2005 +0000
     4.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     4.3 @@ -1,34 +0,0 @@
     4.4 -/**
     4.5 - * (C) Copyright IBM Corp. 2005
     4.6 - *
     4.7 - * $Id: SecurityLabel.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $
     4.8 - *
     4.9 - * Author: Ray Valdez
    4.10 - *
    4.11 - * This program is free software; you can redistribute it and/or
    4.12 - * modify it under the terms of the GNU General Public License as
    4.13 - * published by the Free Software Foundation, version 2 of the
    4.14 - * License.
    4.15 - *
    4.16 - * SecurityLabel Class.  
    4.17 - *
    4.18 - * <p>
    4.19 - *
    4.20 - * Keeps track of types.
    4.21 - *
    4.22 - * <p>
    4.23 - *
    4.24 - *
    4.25 - */
    4.26 -import java.util.*;
    4.27 -public class SecurityLabel
    4.28 -{
    4.29 - Vector ids;
    4.30 - Vector vlans;
    4.31 - Vector slots;
    4.32 - Vector steTypes;
    4.33 - int steSsidPosition;
    4.34 - Vector chwIDs;
    4.35 - Vector chwTypes;
    4.36 - int chwSsidPosition;
    4.37 -}
     5.1 --- a/tools/misc/policyprocessor/SecurityPolicySpec.xsd	Fri Aug 19 08:55:03 2005 +0000
     5.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     5.3 @@ -1,115 +0,0 @@
     5.4 -<?xml version="1.0" encoding="UTF-8"?>
     5.5 -<!-- Author: Ray Valdez, rvaldez@us.ibm.com -->
     5.6 -<!-- xml schema definition for xen xml policies -->
     5.7 -<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
     5.8 -targetNamespace="http://www.ibm.com"
     5.9 -xmlns="http://www.ibm.com" 
    5.10 -elementFormDefault="qualified">
    5.11 -
    5.12 -<xsd:element name="TE" type="xsd:string" />
    5.13 -<xsd:element name="ChWall" type="xsd:string" />
    5.14 -
    5.15 -<xsd:element name="Definition">
    5.16 -  <xsd:complexType>
    5.17 - 	<xsd:sequence>
    5.18 -
    5.19 -	  <!-- simple type enforcement -->
    5.20 -	  <xsd:element name="Types" minOccurs ="0" maxOccurs="1">
    5.21 -		<xsd:complexType>
    5.22 -		  <xsd:sequence>
    5.23 -			<xsd:element ref="TE" minOccurs ="1" maxOccurs ="unbounded"/>
    5.24 -		  </xsd:sequence>
    5.25 -		</xsd:complexType>
    5.26 -	  </xsd:element>
    5.27 -
    5.28 -	  <!-- chinese wall -->
    5.29 -	  <!--   type definition -->
    5.30 -	  <xsd:element name="ChWallTypes" minOccurs ="0" maxOccurs="1">
    5.31 -		<xsd:complexType>
    5.32 -		  <xsd:sequence>
    5.33 -			<xsd:element ref="ChWall"  minOccurs ="1" maxOccurs ="unbounded"/>
    5.34 -
    5.35 -      	   	</xsd:sequence>
    5.36 -          </xsd:complexType>
    5.37 -	</xsd:element>
    5.38 -
    5.39 -  	<!--   conflict set -->
    5.40 -	  <xsd:element name="ConflictSet" minOccurs ="0" maxOccurs="unbounded">
    5.41 -		<xsd:complexType>
    5.42 -		  <xsd:sequence>
    5.43 -			<xsd:element ref="ChWall"  minOccurs ="2" maxOccurs ="unbounded"/>
    5.44 -		  </xsd:sequence>
    5.45 -		</xsd:complexType>
    5.46 -	</xsd:element>
    5.47 -
    5.48 -	</xsd:sequence>
    5.49 -  </xsd:complexType>
    5.50 -</xsd:element>
    5.51 -
    5.52 -<xsd:element name="Policy">
    5.53 -    <xsd:complexType>
    5.54 -      <xsd:sequence>
    5.55 -
    5.56 -	<xsd:element name="PolicyHeader">
    5.57 -    	<xsd:complexType>
    5.58 -      	   <xsd:all>
    5.59 -		<xsd:element name = "Name" type="xsd:string"/>
    5.60 -		<xsd:element name = "DateTime" type="xsd:dateTime"/>
    5.61 -		<xsd:element name = "Tag" minOccurs ="1" maxOccurs ="1" type="xsd:string"/>
    5.62 -		<xsd:element name = "TypeDefinition">
    5.63 -    		<xsd:complexType>
    5.64 -      	   	  <xsd:all>
    5.65 -			<xsd:element name = "url" type="xsd:string"/>
    5.66 -			<xsd:element name = "hash" minOccurs ="0" maxOccurs ="1" type="xsd:string"/>
    5.67 -      	   	  </xsd:all>
    5.68 -    		</xsd:complexType>
    5.69 -		</xsd:element>
    5.70 -
    5.71 -      	   </xsd:all>
    5.72 -    	</xsd:complexType>
    5.73 -	</xsd:element>
    5.74 -
    5.75 -	<xsd:element name="VM" minOccurs ="1" maxOccurs="unbounded">
    5.76 -    	  <xsd:complexType>
    5.77 -      	   <xsd:sequence>
    5.78 -		<xsd:element name="id" type="xsd:integer"/>
    5.79 -		<xsd:element ref="TE" minOccurs="0" maxOccurs="unbounded" />
    5.80 -		<xsd:element ref="ChWall" minOccurs ="0" maxOccurs="unbounded"/>
    5.81 -      	   </xsd:sequence>
    5.82 -    	  </xsd:complexType>
    5.83 -	</xsd:element>
    5.84 -
    5.85 -	<xsd:element name="Vlan" minOccurs ="0" maxOccurs="unbounded">
    5.86 -    	  <xsd:complexType>
    5.87 -      	   <xsd:sequence>
    5.88 -		<xsd:element name="vid" type="xsd:integer"/>
    5.89 -		<xsd:element ref="TE" minOccurs="1" maxOccurs="unbounded" />
    5.90 -      	   </xsd:sequence>
    5.91 -    	  </xsd:complexType>
    5.92 -	</xsd:element>
    5.93 -
    5.94 -	<xsd:element name="Slot" minOccurs ="0" maxOccurs="unbounded">
    5.95 -    	  <xsd:complexType>
    5.96 -      	   <xsd:sequence>
    5.97 -		<xsd:element name="bus" type="xsd:integer"/>
    5.98 -		<xsd:element name="slot" type="xsd:integer"/>
    5.99 -		<xsd:element ref="TE" minOccurs="1" maxOccurs="unbounded" />
   5.100 -      	   </xsd:sequence>
   5.101 -    	  </xsd:complexType>
   5.102 -	</xsd:element>
   5.103 -
   5.104 -
   5.105 -      </xsd:sequence>
   5.106 -    </xsd:complexType>
   5.107 -</xsd:element>
   5.108 -
   5.109 -<!-- root element -->
   5.110 -<xsd:element name="SecurityPolicySpec">
   5.111 -    <xsd:complexType>
   5.112 -      <xsd:choice>
   5.113 -		<xsd:element ref="Definition" minOccurs ="1" maxOccurs="unbounded"/>
   5.114 -		<xsd:element ref="Policy" minOccurs ="1" maxOccurs="unbounded"/>
   5.115 -      </xsd:choice>
   5.116 -    </xsd:complexType>
   5.117 -</xsd:element>
   5.118 -</xsd:schema>
     6.1 --- a/tools/misc/policyprocessor/SsidsEntry.java	Fri Aug 19 08:55:03 2005 +0000
     6.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     6.3 @@ -1,29 +0,0 @@
     6.4 -/**
     6.5 - * (C) Copyright IBM Corp. 2005
     6.6 - *
     6.7 - * $Id: SsidsEntry.java,v 1.2 2005/06/17 20:02:40 rvaldez Exp $
     6.8 - *
     6.9 - * Author: Ray Valdez
    6.10 - * 
    6.11 - * This program is free software; you can redistribute it and/or
    6.12 - * modify it under the terms of the GNU General Public License as
    6.13 - * published by the Free Software Foundation, version 2 of the
    6.14 - * License.
    6.15 - *
    6.16 - * SsidsEntry Class.  
    6.17 - * <p>
    6.18 - *
    6.19 - * Holds ssid information.
    6.20 - *
    6.21 - * <p>
    6.22 - *
    6.23 - *
    6.24 - */
    6.25 -public class SsidsEntry 
    6.26 - {
    6.27 -  int id;	/* used for partition and vlan */
    6.28 -  int bus;	/* used for slots */
    6.29 -  int slot;
    6.30 -  int ste = 0xffffffff;
    6.31 -  int chw = 0xffffffff;
    6.32 - }
     7.1 --- a/tools/misc/policyprocessor/XmlToBin.java	Fri Aug 19 08:55:03 2005 +0000
     7.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     7.3 @@ -1,1570 +0,0 @@
     7.4 -/**
     7.5 - * (C) Copyright IBM Corp. 2005
     7.6 - *
     7.7 - * $Id: XmlToBin.java,v 1.3 2005/06/20 21:07:37 rvaldez Exp $
     7.8 - *
     7.9 - * Author: Ray Valdez
    7.10 - *
    7.11 - * Contributors:
    7.12 - *         Reiner Sailer - adjust type-lengths
    7.13 - *
    7.14 - * This program is free software; you can redistribute it and/or
    7.15 - * modify it under the terms of the GNU General Public License as
    7.16 - * published by the Free Software Foundation, version 2 of the
    7.17 - * License.
    7.18 - *
    7.19 - * XmlToBin  Class.  
    7.20 - * <p>
    7.21 - *
    7.22 - * Translates a xml representation of a SHYPE policy into a binary  
    7.23 - * format.  The class processes an xml policy file based on elment tags 
    7.24 - * defined in a schema definition files: SecurityPolicySpec.xsd.
    7.25 - *
    7.26 - * XmlToBin Command line Options: 
    7.27 - *
    7.28 - *      -i              inputFile:      name of policyfile (.xml)
    7.29 - *      -o              outputFile:     name of binary policy file (Big Endian)
    7.30 - *      -xssid          SsidFile:       xen ssids to types text file
    7.31 - *      -xssidconf      SsidConf:   	xen conflict ssids to types text file
    7.32 - *      -debug                          turn on debug messages
    7.33 - *      -help                           help. This printout
    7.34 - *
    7.35 - * <p>
    7.36 - *
    7.37 - *
    7.38 - */
    7.39 -import java.util.*;
    7.40 -import java.io.*;
    7.41 -import java.io.IOException;
    7.42 -import java.io.FileNotFoundException;
    7.43 -import org.w3c.dom.Document;
    7.44 -import org.w3c.dom.Element;
    7.45 -import org.w3c.dom.Node;
    7.46 -import org.w3c.dom.Attr;
    7.47 -import org.w3c.dom.NodeList;
    7.48 -import org.w3c.dom.NamedNodeMap;
    7.49 -import org.xml.sax.*;
    7.50 -import javax.xml.parsers.*;
    7.51 -import org.xml.sax.helpers.*;
    7.52 -
    7.53 -public class XmlToBin 
    7.54 - implements XmlToBinInterface
    7.55 -{
    7.56 -  class SlotInfo {
    7.57 -	String bus;
    7.58 -	String slot;
    7.59 -  }
    7.60 -
    7.61 - boolean LittleEndian = false;
    7.62 - boolean debug = false;
    7.63 -
    7.64 - static final String JAXP_SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage";
    7.65 -
    7.66 - static final String W3C_XML_SCHEMA = "http://www.w3.org/2001/XMLSchema";
    7.67 -
    7.68 - public static void printUsage()
    7.69 - {
    7.70 -  System.out.println("XmlToBin Command line Options: ");
    7.71 -  System.out.println("\t-i\t\tinputFile:\tname of policyfile (.xml)");
    7.72 -  System.out.println("\t-o\t\toutputFile:\tname of binary policy file (Big Endian)");
    7.73 -  System.out.println("\t-xssid\t\tSsidFile:\tXen ssids to named types text file");
    7.74 -  System.out.println("\t-xssidconf\tSsidConfFile:\tXen conflict ssids to named types text file");
    7.75 -  System.out.println("\t-debug\t\t\t\tturn on debug messages");
    7.76 -  System.out.println("\t-help\t\t\t\thelp. This printout");
    7.77 -  return;
    7.78 - }
    7.79 -
    7.80 - public void printDebug(String message) 
    7.81 - {
    7.82 -  if (debug)
    7.83 -    System.out.println(message);
    7.84 - }
    7.85 -
    7.86 - public void writeBinPolicy(byte[] binPolicy, String outputFileName)
    7.87 -  throws Exception
    7.88 - {
    7.89 -    if (debug) 
    7.90 -    	printHex(binPolicy,binPolicy.length);
    7.91 -
    7.92 -    DataOutputStream writeObj = new DataOutputStream(
    7.93 -                                new FileOutputStream(outputFileName));
    7.94 -
    7.95 -    writeObj.write(binPolicy);
    7.96 -    writeObj.flush();
    7.97 -    writeObj.close();
    7.98 -    System.out.println(" wBP:: wrote outputfile: " + outputFileName);
    7.99 -
   7.100 -    return; 
   7.101 - }  
   7.102 -
   7.103 - public void writeXenTypeVectorFile(Vector list, String outputFileName)
   7.104 -  throws Exception
   7.105 - {
   7.106 -  PrintWriter out;
   7.107 -
   7.108 -  if (0 == list.size())
   7.109 -  {
   7.110 -   	printDebug(" wSTF : size of input is zero when writing :" + outputFileName); 
   7.111 -	return;
   7.112 -  }
   7.113 - out = new PrintWriter(
   7.114 -	 	new BufferedWriter(
   7.115 -                      new FileWriter(outputFileName)));
   7.116 -
   7.117 -
   7.118 -  for (int i = 0; i < list.size(); i++)
   7.119 -  {
   7.120 -	Vector	ee = (Vector) list.elementAt(i);
   7.121 -   	out.println(i + " " +ee.toString());
   7.122 -  } 
   7.123 -    out.close();
   7.124 -   
   7.125 -    return; 
   7.126 - }
   7.127 -
   7.128 - public void writeXenTypeFile(Vector list, String outputFileName, boolean slabel)
   7.129 -  throws Exception
   7.130 - {
   7.131 -  Vector entry; 
   7.132 -  String strTypes = "";
   7.133 -  SecurityLabel ee;
   7.134 -  PrintWriter out;
   7.135 -
   7.136 -  if (0 == list.size())
   7.137 -  {
   7.138 -   	printDebug(" wSTF : size of input is zero when writing :" + outputFileName); 
   7.139 -	return;
   7.140 -  }
   7.141 -  out = new PrintWriter(
   7.142 -	 	new BufferedWriter(
   7.143 -                      new FileWriter(outputFileName)));
   7.144 -
   7.145 -  for (int i = 0; i < list.size(); i++)
   7.146 -  {
   7.147 -	ee = (SecurityLabel) list.elementAt(i);
   7.148 -
   7.149 -	if (slabel)
   7.150 -	{
   7.151 -		entry = ee.steTypes; 
   7.152 -	} else {
   7.153 -
   7.154 -		entry = ee.chwTypes; 
   7.155 -	}
   7.156 -	if (null == entry) continue;
   7.157 -
   7.158 -	Enumeration e = entry.elements(); 
   7.159 -	while (e.hasMoreElements())
   7.160 -	{
   7.161 -  	  String typeName = (String) e.nextElement(); 
   7.162 -	  strTypes = strTypes + " " + typeName;
   7.163 -        }
   7.164 -    	  printDebug(" WXTF:: ssid : "+i +" :"+strTypes); 
   7.165 -   	  out.println(i +" "+strTypes);
   7.166 -	  strTypes = "";
   7.167 -  } 
   7.168 -  out.close();
   7.169 -   
   7.170 -  return; 
   7.171 - }
   7.172 -
   7.173 - public void setDebug(boolean value)
   7.174 - {
   7.175 -  debug=value;
   7.176 - }
   7.177 -
   7.178 - public void setEndian(boolean value)
   7.179 - {
   7.180 -  LittleEndian = value;
   7.181 - }
   7.182 -
   7.183 - public byte[] generateVlanSsids(Vector bagOfSsids)
   7.184 -  throws Exception
   7.185 - {
   7.186 -  /**
   7.187 -        typedef struct {
   7.188 -        u16 vlan;
   7.189 -        u16 ssid_ste;
   7.190 -        } acm_vlan_entry_t;
   7.191 -  **/
   7.192 -
   7.193 -  Hashtable  vlanSsid = new Hashtable();
   7.194 -  printDebug(" gVS::Size of bagOfSsids: "+ bagOfSsids.size());
   7.195 -
   7.196 -  /* Get the number of partitions */
   7.197 -  for (int i = 0; i < bagOfSsids.size(); i++)
   7.198 -  {
   7.199 -	SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
   7.200 -
   7.201 -	if (null == entry.vlans)
   7.202 -	  continue;
   7.203 -
   7.204 -	Enumeration e = entry.vlans.elements(); 
   7.205 -	while (e.hasMoreElements())
   7.206 -	{
   7.207 -  	  String id = (String) e.nextElement(); 
   7.208 -      	  printDebug(" gVS:: vlan: " + id + "has ste ssid: " + entry.steSsidPosition);
   7.209 -	  if (-1 == entry.steSsidPosition)
   7.210 -		continue;  
   7.211 -
   7.212 -	  /* Only use ste for vlan */
   7.213 -	  SsidsEntry  ssidsObj = new SsidsEntry();
   7.214 -
   7.215 -	  ssidsObj.id = Integer.parseInt(id); 
   7.216 -	  ssidsObj.ste = entry.steSsidPosition;
   7.217 -
   7.218 -	  if (vlanSsid.contains(id))
   7.219 -      	  	printDebug(" gVS:: Error already in the Hash part:" + ssidsObj.id);
   7.220 -	  else 
   7.221 - 		vlanSsid.put(id, ssidsObj);
   7.222 -      	  	printDebug(" gVS:: added part: " + id + "has ste ssid: " + entry.steSsidPosition);
   7.223 -	}
   7.224 -  }
   7.225 -
   7.226 -  /* allocate array */ 
   7.227 -  int numOfVlan = vlanSsid.size();
   7.228 -  int totalSize = (numOfVlan * vlanEntrySz);  
   7.229 -
   7.230 -  if (0 == numOfVlan) 
   7.231 -  {
   7.232 -  	printDebug(" gVS:: vlan: binary ==> zero");
   7.233 -        return new byte[0];
   7.234 -  }
   7.235 -
   7.236 -  byte[] vlanArray = new byte[totalSize];
   7.237 -
   7.238 -  int index = 0;
   7.239 -
   7.240 -  Enumeration e = vlanSsid.elements(); 
   7.241 -  while (e.hasMoreElements())
   7.242 -  {
   7.243 -  	SsidsEntry entry = (SsidsEntry) e.nextElement(); 
   7.244 -      	printDebug(" gVS:: part: " + entry.id + " ste ssid: " + entry.ste);
   7.245 -
   7.246 -	/* Write id */
   7.247 -   	writeShortToStream(vlanArray,(short)entry.id,index);
   7.248 -	index = index + u16Size;
   7.249 -
   7.250 -	/* write ste ssid */
   7.251 -   	writeShortToStream(vlanArray,(short) entry.ste,index);
   7.252 -	index = index + u16Size;
   7.253 -  }
   7.254 -
   7.255 -  printDebug(" gVS:: vlan: num of vlans  " + numOfVlan);
   7.256 -  printDebug(" gVS:: vlan: binary ==> Length "+ vlanArray.length);
   7.257 -
   7.258 -  if (debug) 
   7.259 -	printHex(vlanArray,vlanArray.length);
   7.260 -  printDebug("\n");
   7.261 -
   7.262 -  return vlanArray; 
   7.263 - }  
   7.264 -
   7.265 - public byte[] generateSlotSsids(Vector bagOfSsids)
   7.266 -  throws Exception
   7.267 - {
   7.268 -  /**
   7.269 -        typedef struct {
   7.270 -        u16 slot_max;
   7.271 -        u16 slot_offset;
   7.272 -        } acm_slot_buffer_t;
   7.273 -
   7.274 -        typedef struct {
   7.275 -        u16 bus;
   7.276 -        u16 slot;
   7.277 -        u16 ssid_ste;
   7.278 -        } acm_slot_entry_t;
   7.279 -  **/
   7.280 -  Hashtable  slotSsid = new Hashtable();
   7.281 -  printDebug(" gSS::Size of bagOfSsids: "+ bagOfSsids.size());
   7.282 -
   7.283 -  /* Find the number of VMs */ 
   7.284 -  for (int i = 0; i < bagOfSsids.size(); i++)
   7.285 -  {
   7.286 -	SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
   7.287 -
   7.288 -	if (null == entry.slots)
   7.289 -	  continue;
   7.290 -
   7.291 -	Enumeration e = entry.slots.elements(); 
   7.292 -	while (e.hasMoreElements())
   7.293 -	{
   7.294 -  	  SlotInfo item = (SlotInfo) e.nextElement(); 
   7.295 -      	  printDebug(" gSS:: bus slot: " + item.bus + " "+ item.slot + " " +  entry.steSsidPosition);
   7.296 -	  if (-1 == entry.steSsidPosition)
   7.297 -		continue;  
   7.298 -
   7.299 -	  SsidsEntry  ssidsObj = new SsidsEntry();
   7.300 -
   7.301 -	  String id = item.bus +" "+item.slot;
   7.302 -	  ssidsObj.bus = Integer.parseInt(item.bus); 
   7.303 -	  ssidsObj.slot = Integer.parseInt(item.slot); 
   7.304 -	  /* set ste ssid */
   7.305 -	  ssidsObj.ste = entry.steSsidPosition;
   7.306 -
   7.307 -	  if (slotSsid.contains(id))
   7.308 -      	  	printDebug(" gSS:: Error already in the Hash part:" + id);
   7.309 -	  else 
   7.310 -	  	slotSsid.put(id, ssidsObj);
   7.311 -
   7.312 -      	  	printDebug(" gSS:: added slot: " + id + "has ste ssid: " + entry.steSsidPosition);
   7.313 -	}
   7.314 -  }
   7.315 -
   7.316 -  /* allocate array */
   7.317 -  int numOfSlot = slotSsid.size();
   7.318 -
   7.319 -  if (0 == numOfSlot) 
   7.320 -  {
   7.321 -  	printDebug(" gVS:: slot: binary ==> zero");
   7.322 -        return new byte[0];
   7.323 -  }
   7.324 -
   7.325 -  int totalSize = (numOfSlot * slotEntrySz);  
   7.326 -
   7.327 -  byte[] slotArray = new byte[totalSize];
   7.328 -
   7.329 -  int index = 0;
   7.330 -
   7.331 -  Enumeration e = slotSsid.elements(); 
   7.332 -  while (e.hasMoreElements())
   7.333 -  {
   7.334 -  	SsidsEntry entry = (SsidsEntry) e.nextElement(); 
   7.335 -      	System.out.println(" gSS:: bus slot: " + entry.bus + " " + entry.slot + " ste ssid: " + entry.ste);
   7.336 -
   7.337 -	/* Write bus */
   7.338 -   	writeShortToStream(slotArray,(short)entry.bus,index);
   7.339 -	index = index + u16Size;
   7.340 -
   7.341 -	/* Write slot */ 
   7.342 -   	writeShortToStream(slotArray,(short)entry.slot,index);
   7.343 -	index = index + u16Size;
   7.344 -
   7.345 -	/* Write ste ssid */
   7.346 -   	writeShortToStream(slotArray,(short) entry.ste,index);
   7.347 -	index = index + u16Size;
   7.348 -
   7.349 -  }
   7.350 -   
   7.351 -  printDebug(" gSS:: slot: num of vlans  " + numOfSlot);
   7.352 -  printDebug(" gSS:: slot: binary ==> Length "+ slotArray.length);
   7.353 -
   7.354 -  if (debug) 
   7.355 - 	 printHex(slotArray,slotArray.length);
   7.356 -  printDebug("\n");
   7.357 -
   7.358 -  return slotArray; 
   7.359 -
   7.360 - }  
   7.361 -
   7.362 - public byte[] generatePartSsids(Vector bagOfSsids, Vector bagOfChwSsids)
   7.363 -  throws Exception
   7.364 - {
   7.365 -  /**
   7.366 -        typedef struct {
   7.367 -        u16 id;
   7.368 -        u16 ssid_ste;
   7.369 -        u16 ssid_chwall;
   7.370 -        } acm_partition_entry_t;
   7.371 -
   7.372 -  **/
   7.373 -  Hashtable  partSsid = new Hashtable();
   7.374 -  printDebug(" gPS::Size of bagOfSsids: "+ bagOfSsids.size());
   7.375 -
   7.376 -  /* Find the number of VMs */ 
   7.377 -  for (int i = 0; i < bagOfSsids.size(); i++)
   7.378 -  {
   7.379 -	SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
   7.380 -
   7.381 -	if (null == entry.ids)
   7.382 -	  continue;
   7.383 -
   7.384 -	Enumeration e = entry.ids.elements(); 
   7.385 -	while (e.hasMoreElements())
   7.386 -	{
   7.387 -  	  String id = (String) e.nextElement(); 
   7.388 -      	  printDebug(" gPS:: part: " + id + "has ste ssid: " + entry.steSsidPosition);
   7.389 -	  if (-1 == entry.steSsidPosition)
   7.390 -		continue;  
   7.391 -
   7.392 -	  SsidsEntry  ssidsObj = new SsidsEntry();
   7.393 -
   7.394 -	  ssidsObj.id = Integer.parseInt(id); 
   7.395 -	  ssidsObj.ste = entry.steSsidPosition;
   7.396 -
   7.397 -	  if (partSsid.contains(id))
   7.398 -      	  	printDebug(" gPS:: Error already in the Hash part:" + ssidsObj.id);
   7.399 -	  else 
   7.400 - 		partSsid.put(id, ssidsObj);
   7.401 -      	  	printDebug(" gPS:: added part: " + id + "has ste ssid: " + entry.steSsidPosition);
   7.402 -	}
   7.403 -
   7.404 -  }
   7.405 -
   7.406 -  for (int i = 0; i < bagOfChwSsids.size(); i++)
   7.407 -  {
   7.408 -	SecurityLabel entry = (SecurityLabel) bagOfChwSsids.elementAt(i);
   7.409 -
   7.410 -	Enumeration e = entry.chwIDs.elements(); 
   7.411 -	while (e.hasMoreElements())
   7.412 -	{
   7.413 -  	  String id = (String) e.nextElement(); 
   7.414 -      	  printDebug(" gPS:: part: " + id + "has chw ssid: " + entry.chwSsidPosition);
   7.415 -	  if (partSsid.containsKey(id))
   7.416 -	  {
   7.417 -		SsidsEntry item = (SsidsEntry) partSsid.get(id);
   7.418 -		item.chw = entry.chwSsidPosition;
   7.419 -      	  	printDebug(" gPS:: added :" + item.id +" chw: " + item.chw);
   7.420 -	  }
   7.421 -	  else 
   7.422 -	  {
   7.423 -      	  	printDebug(" gPS:: creating :" + id +" chw: " + entry.chwSsidPosition);
   7.424 -	  	SsidsEntry  ssidsObj = new SsidsEntry();
   7.425 -	  	ssidsObj.id = Integer.parseInt(id); 
   7.426 -	  	ssidsObj.chw = entry.chwSsidPosition;
   7.427 - 		partSsid.put(id, ssidsObj);
   7.428 -
   7.429 -	  }
   7.430 -	}
   7.431 -  }	  
   7.432 -
   7.433 -  /* Allocate array */
   7.434 -  int numOfPar = partSsid.size();
   7.435 -  int totalSize =  (numOfPar * partitionEntrySz);  
   7.436 -
   7.437 -  if (0 == numOfPar) 
   7.438 -  {
   7.439 -  	printDebug(" gPS:: part: binary ==> zero");
   7.440 -        return new byte[0];
   7.441 -  }
   7.442 -
   7.443 -  byte[] partArray = new byte[totalSize];
   7.444 -
   7.445 -  int index = 0;
   7.446 -
   7.447 -  Enumeration e = partSsid.elements(); 
   7.448 -  while (e.hasMoreElements())
   7.449 -  {
   7.450 -  	SsidsEntry entry = (SsidsEntry) e.nextElement(); 
   7.451 -      	printDebug(" gPS:: part: " + entry.id + " ste ssid: " + entry.ste + " chw ssid: "+ entry.chw);
   7.452 -
   7.453 -	/* Write id */
   7.454 -   	writeShortToStream(partArray,(short)entry.id,index);
   7.455 -	index = index + u16Size;
   7.456 -
   7.457 -	/* Write ste ssid */
   7.458 -   	writeShortToStream(partArray,(short) entry.ste,index);
   7.459 -	index = index + u16Size;
   7.460 -
   7.461 -	/* Write chw ssid */
   7.462 -   	writeShortToStream(partArray,(short) entry.chw,index);
   7.463 -	index = index + u16Size;
   7.464 -  }
   7.465 -
   7.466 -  printDebug(" gPS:: part: num of partitions  " + numOfPar);
   7.467 -  printDebug(" gPS:: part: binary ==> Length " + partArray.length);
   7.468 -
   7.469 -  if (debug) 
   7.470 -	printHex(partArray,partArray.length);
   7.471 -  printDebug("\n");
   7.472 -   
   7.473 -   return partArray; 
   7.474 - }
   7.475 -
   7.476 - public  byte[] GenBinaryPolicyBuffer(byte[] chwPolicy, byte[] stePolicy, byte [] partMap, byte[] vlanMap, byte[] slotMap)
   7.477 - {
   7.478 -  byte[] binBuffer;
   7.479 -  short chwSize =0;
   7.480 -  short steSize =0;
   7.481 -  int	index = 0;
   7.482 -
   7.483 -  /* Builds data structure acm_policy_buffer_t */
   7.484 -  /* Get number of colorTypes */
   7.485 -  if (null != chwPolicy)
   7.486 -	chwSize = (short) chwPolicy.length;
   7.487 -
   7.488 -  if (null != stePolicy)
   7.489 -    	steSize = (short) stePolicy.length;
   7.490 -
   7.491 -  int totalDataSize = chwSize + steSize + resourceOffsetSz +  3 *(2 * u16Size);
   7.492 -
   7.493 -  /*  Add vlan and slot */ 
   7.494 -  totalDataSize = totalDataSize +partMap.length + vlanMap.length + slotMap.length; 
   7.495 -  binBuffer = new byte[binaryBufferHeaderSz +totalDataSize];
   7.496 -	
   7.497 -
   7.498 -  try {
   7.499 -	  index = 0;
   7.500 -	  /* fill in General Policy Version */
   7.501 -	  writeIntToStream(binBuffer, ACM_POLICY_VERSION, index);
   7.502 -	  index += u32Size;
   7.503 -
   7.504 -	  /* Write magic */
   7.505 -	  writeIntToStream(binBuffer, ACM_MAGIC, index);
   7.506 -	  index += u32Size;
   7.507 -
   7.508 -	  /* write len */
   7.509 -	  writeIntToStream(binBuffer, binBuffer.length, index);
   7.510 -	  index += u32Size;
   7.511 -
   7.512 -  } catch (IOException ee) {
   7.513 -	  System.out.println(" GBPB:: got exception : " + ee);
   7.514 -	  return null;
   7.515 -  }
   7.516 -
   7.517 -  int offset, address;
   7.518 -  address = index;
   7.519 -
   7.520 -  if (null != partMap) 
   7.521 -	  offset = binaryBufferHeaderSz + resourceOffsetSz;
   7.522 -  else
   7.523 -	  offset = binaryBufferHeaderSz;
   7.524 -
   7.525 -  try {
   7.526 -	  int skip = 0;
   7.527 -
   7.528 -	  /* init with NULL policy setting */
   7.529 -	  writeIntToStream(binBuffer, ACM_NULL_POLICY, index);
   7.530 -	  writeIntToStream(binBuffer, 0, index + u32Size);
   7.531 -	  writeIntToStream(binBuffer, ACM_NULL_POLICY, index + 2*u32Size);
   7.532 -	  writeIntToStream(binBuffer, 0, index + 3*u32Size);
   7.533 -	  
   7.534 -	  index = address;
   7.535 -	  if (null != chwPolicy) {
   7.536 -	  
   7.537 -		  /* Write policy name */
   7.538 -		  writeIntToStream(binBuffer, ACM_CHINESE_WALL_POLICY, index);
   7.539 -		  index += u32Size;
   7.540 -
   7.541 -		  /* Write offset */
   7.542 -		  writeIntToStream(binBuffer, offset, index);
   7.543 -		  index += u32Size;
   7.544 -
   7.545 -		  /* Write payload. No need increment index */
   7.546 -		  address = offset;
   7.547 -		  System.arraycopy(chwPolicy, 0, binBuffer,address, chwPolicy.length);
   7.548 -		  address = address + chwPolicy.length;
   7.549 -	  } else
   7.550 -		  skip += 2*u32Size;
   7.551 -
   7.552 -	  if (null != stePolicy) 
   7.553 -	  {	
   7.554 -	  	/* Write policy name */
   7.555 -	  	writeIntToStream(binBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, index);
   7.556 -  	  	index += u32Size;
   7.557 -
   7.558 -	  	/* Write offset */
   7.559 -	  	writeIntToStream(binBuffer, address, index);
   7.560 -  	  	index += u32Size;
   7.561 -
   7.562 -		/* Copy array */
   7.563 -	  	System.arraycopy(stePolicy, 0, binBuffer,address, stePolicy.length);
   7.564 -		/* Update address */
   7.565 -		address = address + stePolicy.length;
   7.566 -	  } else
   7.567 -		 skip += 2*u32Size;
   7.568 -
   7.569 -	  /* Skip writing policy name and offset for each null policy*/
   7.570 -	  index +=  skip;
   7.571 -
   7.572 -	  int size;
   7.573 -	  /* Assumes that you will always have a partition defined in policy */
   7.574 -	  if ( 0 < partMap.length) {
   7.575 -		  writeIntToStream(binBuffer, address, index);
   7.576 -		  index = address;
   7.577 -
   7.578 -		  /* Compute num of VMs */
   7.579 -		  size = partMap.length / (3 * u16Size);
   7.580 -
   7.581 -		  writeShortToStream(binBuffer, (short)size,index);
   7.582 -		  index = index + u16Size;
   7.583 -
   7.584 -		  /* part, vlan and slot: each one consists of two entries */
   7.585 -		  offset = 3 * (2 * u16Size);
   7.586 -		  writeShortToStream(binBuffer, (short) offset,index);
   7.587 -
   7.588 -		  /* Write partition array at offset */
   7.589 -		  System.arraycopy(partMap, 0, binBuffer,(offset + address), partMap.length);
   7.590 -		  index = index + u16Size;
   7.591 -		  offset = offset + partMap.length;
   7.592 -	  }
   7.593 -
   7.594 -	  if ( 0 < vlanMap.length) {
   7.595 -		  size = vlanMap.length / (2 * u16Size);
   7.596 -		  writeShortToStream(binBuffer, (short) size,index);
   7.597 -		  index = index + u16Size;
   7.598 -
   7.599 -		  writeShortToStream(binBuffer, (short) offset,index);
   7.600 -		  index = index + u16Size;
   7.601 -		  System.arraycopy(vlanMap, 0, binBuffer,(offset + address), vlanMap.length);
   7.602 -	  } else {
   7.603 -		  /* Write vlan max */
   7.604 -		  writeShortToStream(binBuffer, (short) 0,index);
   7.605 -		  index = index + u16Size;
   7.606 - 
   7.607 -		  /* Write vlan offset */
   7.608 -		  writeShortToStream(binBuffer, (short) 0,index);
   7.609 -		  index = index + u16Size;
   7.610 -	  }
   7.611 -
   7.612 -	  offset = offset + vlanMap.length;
   7.613 -	  if ( 0 < slotMap.length) {
   7.614 -		  size = slotMap.length / (3 * u16Size);
   7.615 -		  writeShortToStream(binBuffer, (short) size,index);
   7.616 -		  index = index + u16Size;
   7.617 -
   7.618 -		  writeShortToStream(binBuffer, (short) offset,index);
   7.619 -		  index = index + u16Size;
   7.620 -		  System.arraycopy(slotMap, 0, binBuffer,(offset + address), slotMap.length);
   7.621 -	  }
   7.622 -  } catch (IOException ee) {
   7.623 -	  System.out.println(" GBPB:: got exception : " + ee);
   7.624 -	  return null;
   7.625 -  }
   7.626 -
   7.627 -  printDebug(" GBP:: Binary Policy ==> length " + binBuffer.length);
   7.628 -  if (debug)
   7.629 -	  printHex(binBuffer,binBuffer.length);
   7.630 -
   7.631 -  return  binBuffer;
   7.632 - } 
   7.633 -
   7.634 - public  byte[] generateChwBuffer(Vector Ssids, Vector ConflictSsids, Vector ColorTypes)
   7.635 - {
   7.636 -  byte[] chwBuffer;
   7.637 -  int index = 0;
   7.638 -  int position = 0;
   7.639 -
   7.640 -  /* Get number of rTypes */
   7.641 -  int maxTypes = ColorTypes.size();
   7.642 -
   7.643 -  /* Get number of SSids entry */
   7.644 -  int maxSsids = Ssids.size();
   7.645 -
   7.646 -  /* Get number of conflict sets */
   7.647 -  int maxConflict = ConflictSsids.size();
   7.648 -
   7.649 -   
   7.650 -  if (maxTypes * maxSsids == 0)
   7.651 -	return null; 
   7.652 -  /*
   7.653 -     data structure acm_chwall_policy_buffer
   7.654 -     se XmlToBinInterface.java
   7.655 -  */
   7.656 -  int totalBytes = chwHeaderSize  + u16Size *(maxTypes * (maxSsids + maxConflict)); 
   7.657 -
   7.658 -  chwBuffer = new byte[ totalBytes ];
   7.659 -  int address = chwHeaderSize + (u16Size * maxTypes * maxSsids );
   7.660 -
   7.661 -  printDebug(" gCB:: chwall totalbytes : "+totalBytes); 
   7.662 -
   7.663 -  try {
   7.664 -	  index = 0;
   7.665 -	  /* fill in General Policy Version */
   7.666 -	  writeIntToStream(chwBuffer, ACM_CHWALL_VERSION, index);
   7.667 -	  index += u32Size;
   7.668 -
   7.669 -	  writeIntToStream(chwBuffer, ACM_CHINESE_WALL_POLICY, index);
   7.670 -	  index += u32Size;
   7.671 -
   7.672 -	  writeIntToStream(chwBuffer, maxTypes, index);
   7.673 -	  index += u32Size;
   7.674 -
   7.675 -	  writeIntToStream(chwBuffer, maxSsids, index);
   7.676 -	  index += u32Size;
   7.677 -
   7.678 -	  writeIntToStream(chwBuffer, maxConflict, index);
   7.679 -	  index += u32Size;
   7.680 -
   7.681 -	  /*  Write chwall_ssid_offset */
   7.682 -	  writeIntToStream(chwBuffer, chwHeaderSize, index);
   7.683 -	  index += u32Size;
   7.684 -
   7.685 -	  /* Write chwall_conflict_sets_offset */
   7.686 -	  writeIntToStream(chwBuffer, address, index);
   7.687 -	  index += u32Size;
   7.688 -
   7.689 -	  /*  Write chwall_running_types_offset */
   7.690 -	  writeIntToStream(chwBuffer, 0, index);
   7.691 -	  index += u32Size;
   7.692 -
   7.693 -	  /*  Write chwall_conflict_aggregate_offset */
   7.694 -	  writeIntToStream(chwBuffer, 0, index);
   7.695 -	  index += u32Size;
   7.696 -
   7.697 -  } catch (IOException ee) {
   7.698 -    	System.out.println(" gCB:: got exception : " + ee); 
   7.699 -	return null;
   7.700 -  }
   7.701 -  int markPos = 0;
   7.702 -
   7.703 -  /* Create the SSids entry */
   7.704 -  for (int i = 0; i < maxSsids; i++)
   7.705 -  {
   7.706 -	SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i);
   7.707 -   	/* Get chwall types */
   7.708 -	ssidEntry.chwSsidPosition = i;
   7.709 -	Enumeration e = ssidEntry.chwTypes.elements(); 
   7.710 -	while (e.hasMoreElements())
   7.711 -	{
   7.712 -  	  String typeName = (String) e.nextElement(); 
   7.713 -      	  printDebug(" gCB:: Ssid "+ i+ ": has type : " + typeName);
   7.714 -	  position = ColorTypes.indexOf(typeName);
   7.715 -
   7.716 -	  if (position < 0) 
   7.717 -	  {
   7.718 -      	  	System.out.println (" gCB:: Error type : " + typeName + " not found in ColorTypes"); 
   7.719 -		return null; 
   7.720 -	  }
   7.721 -   	  printDebug(" GCB:: type : " + typeName + "  found in ColorTypes at position: " + position); 
   7.722 -	  markPos = ((i * maxTypes + position) * u16Size) + index;	
   7.723 -
   7.724 -	  try {
   7.725 -	  	writeShortToStream(chwBuffer,markSymbol,markPos);
   7.726 -  	  } catch (IOException ee) {
   7.727 -   	  	System.out.println(" gCB:: got exception : "); 
   7.728 -		return null; 
   7.729 -  	  }
   7.730 -	}
   7.731 -  }
   7.732 -
   7.733 -  if (debug) 
   7.734 -      printHex(chwBuffer,chwBuffer.length);
   7.735 -
   7.736 -  /* Add conflict set */
   7.737 -  index = address;
   7.738 -  for (int i = 0; i < maxConflict; i++)
   7.739 -  {
   7.740 -   	/* Get ste types */
   7.741 -	Vector entry = (Vector) ConflictSsids.elementAt(i);
   7.742 -	Enumeration e = entry.elements(); 
   7.743 -	while (e.hasMoreElements())
   7.744 -	{
   7.745 -  	  String typeName = (String) e.nextElement(); 
   7.746 -      	  printDebug (" GCB:: conflict Ssid "+ i+ ": has type : " + typeName);
   7.747 -	  position = ColorTypes.indexOf(typeName);
   7.748 -
   7.749 -	  if (position < 0) 
   7.750 -	  {
   7.751 -      	  	System.out.println (" GCB:: Error type : " + typeName + " not found in ColorTypes"); 
   7.752 -		return null; 
   7.753 -	  }
   7.754 -   	  printDebug(" GCB:: type : " + typeName + "  found in ColorTypes at position: " + position); 
   7.755 -	  markPos = ((i * maxTypes + position) * u16Size) + index;	
   7.756 -
   7.757 -	  try {
   7.758 -	  	writeShortToStream(chwBuffer,markSymbol,markPos);
   7.759 -  	  } catch (IOException ee) {
   7.760 -   	  	System.out.println(" GCB:: got exception : "); 
   7.761 -		return null; 
   7.762 -  	  }
   7.763 -	}
   7.764 -		
   7.765 -  } 
   7.766 -  printDebug(" gSB:: chw binary  ==> Length " + chwBuffer.length); 
   7.767 -  if (debug) 
   7.768 -   	printHex(chwBuffer,chwBuffer.length);
   7.769 -  printDebug("\n");
   7.770 -
   7.771 -  return chwBuffer;
   7.772 - }
   7.773 -
   7.774 -/**********************************************************************
   7.775 - Generate byte representation of policy using type information
   7.776 - <p>
   7.777 - @param Ssids    	      	Vector
   7.778 - @param ColorTypes         	Vector
   7.779 - <p>
   7.780 - @return bytes represenation of simple type enforcement policy 
   7.781 -**********************************************************************/
   7.782 - public  byte[] generateSteBuffer(Vector Ssids, Vector ColorTypes)
   7.783 - {
   7.784 -  byte[] steBuffer;
   7.785 -  int index = 0;
   7.786 -  int position = 0;
   7.787 -
   7.788 -  /* Get number of colorTypes */
   7.789 -  int numColorTypes = ColorTypes.size();
   7.790 -
   7.791 -  /* Get number of SSids entry */
   7.792 -  int numSsids = Ssids.size();
   7.793 -   
   7.794 -  if (numColorTypes * numSsids == 0)
   7.795 -	return null; 
   7.796 -
   7.797 -  /* data structure: acm_ste_policy_buffer
   7.798 -   * see XmlToBinInterface.java
   7.799 -   * total bytes: steHeaderSize * 2B + colorTypes(size) * Ssids(size)
   7.800 -   * 
   7.801 -  */
   7.802 -  steBuffer = new byte[ steHeaderSize + (numColorTypes * numSsids) * 2];
   7.803 -
   7.804 -  try {
   7.805 -	
   7.806 -	  index = 0;
   7.807 -	  writeIntToStream(steBuffer, ACM_STE_VERSION, index);
   7.808 -	  index += u32Size;
   7.809 -
   7.810 -	  writeIntToStream(steBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, index);
   7.811 -	  index += u32Size;
   7.812 -
   7.813 -	  writeIntToStream(steBuffer, numColorTypes, index);
   7.814 -	  index += u32Size;
   7.815 -
   7.816 -	  writeIntToStream(steBuffer, numSsids, index);
   7.817 -	  index += u32Size;
   7.818 -
   7.819 -	  writeIntToStream(steBuffer, steHeaderSize, index);
   7.820 -	  index += u32Size;
   7.821 -
   7.822 -
   7.823 -  } catch (IOException ee) {
   7.824 -	System.out.println(" gSB:: got exception : " + ee); 
   7.825 -	return null; 
   7.826 -  }
   7.827 -  int markPos = 0;
   7.828 -  for (int i = 0; i < numSsids; i++)
   7.829 -  {
   7.830 -	
   7.831 -	SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i);
   7.832 -	ssidEntry.steSsidPosition = i;
   7.833 -   	/* Get ste types */
   7.834 -	Enumeration e = ssidEntry.steTypes.elements(); 
   7.835 -	while (e.hasMoreElements())
   7.836 -	{
   7.837 -  	  String typeName = (String) e.nextElement(); 
   7.838 -      	  printDebug (" gSB:: Ssid "+ i+ ": has type : " + typeName);
   7.839 -	  position = ColorTypes.indexOf(typeName);
   7.840 -
   7.841 -	  if (position < 0) 
   7.842 -	  {
   7.843 -      	  	printDebug(" gSB:: Error type : " + typeName + " not found in ColorTypes"); 
   7.844 -		return null; 
   7.845 -	  }
   7.846 -   	  printDebug(" gSB:: type : " + typeName + "  found in ColorTypes at position: " + position); 
   7.847 -	  markPos = ((i * numColorTypes + position) * u16Size) + index;	
   7.848 -
   7.849 -	  try {
   7.850 -	  	writeShortToStream(steBuffer,markSymbol,markPos);
   7.851 -  	  } catch (IOException ee)
   7.852 -  	  {
   7.853 -   	  	System.out.println(" gSB:: got exception : "); 
   7.854 -		return null; 
   7.855 -  	  }
   7.856 -	}
   7.857 -		
   7.858 -  } 
   7.859 -
   7.860 -  printDebug(" gSB:: ste binary  ==> Length " + steBuffer.length); 
   7.861 -  if (debug) 
   7.862 - 	printHex(steBuffer,steBuffer.length);
   7.863 -  printDebug("\n");
   7.864 -
   7.865 -  return steBuffer;
   7.866 - }
   7.867 -
   7.868 - public static  void printHex(byte [] dataArray, int length)
   7.869 - {
   7.870 -  char[] hexChars = {'0', '1', '2', '3', '4', '5', '6', '7',
   7.871 -                '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
   7.872 -  int hexIndex;
   7.873 -  int value;
   7.874 -  int arraylength;
   7.875 -
   7.876 -  arraylength = length;
   7.877 -
   7.878 -  if (dataArray == null)
   7.879 -  {
   7.880 -        System.err.print("printHex: input byte array is null");
   7.881 -  }
   7.882 -
   7.883 -  if (length > dataArray.length || length < 0)
   7.884 -        arraylength = dataArray.length;
   7.885 -
   7.886 -  System.out.print("\n\t");
   7.887 -
   7.888 -  int i;
   7.889 -  for(i = 0; i < arraylength; )
   7.890 -  {
   7.891 -        value = dataArray[i] & 0xFF;
   7.892 -        hexIndex = (value >>> 4);
   7.893 -        System.out.print(hexChars[hexIndex]);
   7.894 -        hexIndex = (value & 0x0F);
   7.895 -        System.out.print(hexChars[hexIndex]);
   7.896 -
   7.897 -        i++;
   7.898 -        /* if done, print a final newline */
   7.899 -        if (i == arraylength) {
   7.900 -            if (arraylength < dataArray.length) {
   7.901 -                System.out.print("...");
   7.902 -            }
   7.903 -            System.out.println();
   7.904 -        }
   7.905 -        else if ((i % 24) == 0) {
   7.906 -            System.out.print("\n\t");
   7.907 -        }
   7.908 -        else if ((i % 4) == 0) {
   7.909 -                System.out.print(" ");
   7.910 -        }
   7.911 -  }
   7.912 -
   7.913 -  return;
   7.914 - }
   7.915 -
   7.916 -  
   7.917 - private void writeShortToStream(byte[] stream, short value, int index)
   7.918 -  throws IOException
   7.919 - {
   7.920 -  int littleEndian = 0;
   7.921 -  int byteVal;
   7.922 -
   7.923 -  if (index + 2 > stream.length)
   7.924 -  {
   7.925 -      throw new IOException("Writing beyond stream length: " +
   7.926 -                            stream.length + " writing at locations from: " + index + " to " + (index + 4));
   7.927 -  }
   7.928 -
   7.929 -  if (!LittleEndian)
   7.930 -  {
   7.931 -
   7.932 -	byteVal = value >> 8;
   7.933 -	stream[index ] = (byte) byteVal;
   7.934 -
   7.935 -	byteVal = value;
   7.936 -	stream[index + 1] = (byte) byteVal;
   7.937 -  } else {
   7.938 -	stream[index]  = (byte) ((value & 0x00ff) );
   7.939 -	stream[index + 1]  = (byte) ((value & 0xff00) >> 8);
   7.940 - }
   7.941 -  return;
   7.942 - }
   7.943 -
   7.944 - private void writeIntToStream(byte[] stream, int value, int index)
   7.945 -  throws IOException
   7.946 - {
   7.947 -  int littleEndian = 0;
   7.948 -  int byteVal;
   7.949 -
   7.950 -  if (4 > stream.length)
   7.951 -  {
   7.952 -      throw new IOException("writeIntToStream: stream length less than 4 bytes " +
   7.953 -                            stream.length);
   7.954 -  }
   7.955 -
   7.956 -  /* Do not Write beyond range */
   7.957 -  if (index + 4 > stream.length)
   7.958 -  {
   7.959 -      throw new IOException("writeIntToStream: writing beyond stream length: " +
   7.960 -                            stream.length + " writing at locations from: " + index + " to " + (index + 4));
   7.961 -  }
   7.962 -  if (!LittleEndian)
   7.963 -  {
   7.964 -	byteVal = value >>> 24;
   7.965 -	stream[index] = (byte) byteVal;
   7.966 -
   7.967 -	byteVal = value >> 16;
   7.968 -	stream[index + 1] = (byte) byteVal;
   7.969 -
   7.970 -	byteVal = value >> 8;
   7.971 -	stream[index + 2] = (byte) byteVal;
   7.972 -
   7.973 -	byteVal = value;
   7.974 -	stream[index + 3] = (byte) byteVal;
   7.975 -  } else {
   7.976 -	stream[index] = (byte) value;
   7.977 -	stream[index + 1]  = (byte) ((value & 0x0000ff00) >> 8);
   7.978 -	stream[index + 2]  = (byte) ((value & 0x00ff0000) >> 16);
   7.979 -	stream[index + 3] = (byte) ( value >>> 24);
   7.980 -  }
   7.981 -  return;
   7.982 - }
   7.983 -
   7.984 - public Document getDomTree(String xmlFileName)
   7.985 -  throws Exception, SAXException, ParserConfigurationException
   7.986 - {
   7.987 -  javax.xml.parsers.DocumentBuilderFactory dbf = 
   7.988 -	javax.xml.parsers.DocumentBuilderFactory.newInstance();
   7.989 -
   7.990 -  /* Turn on namespace aware and validation */
   7.991 -  dbf.setNamespaceAware(true);	
   7.992 -  dbf.setValidating(true);	
   7.993 -  dbf.setAttribute(JAXP_SCHEMA_LANGUAGE,W3C_XML_SCHEMA);
   7.994 -
   7.995 -  /* Checks that the document is well-formed */
   7.996 -  javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
   7.997 -
   7.998 -  myHandler errHandler= new myHandler();
   7.999 -  db.setErrorHandler(errHandler);
  7.1000 -  Document doc = db.parse(xmlFileName);
  7.1001 -
  7.1002 -  /* Checks for validation errors */
  7.1003 -  if (errHandler.isValid)
  7.1004 -       printDebug(" gDT:: Xml file: " + xmlFileName + " is valid");
  7.1005 -   else
  7.1006 -      throw new Exception("Xml file: " + xmlFileName + " is NOT valid");
  7.1007 -
  7.1008 -  return doc;
  7.1009 - }  
  7.1010 -
  7.1011 - public void processDomTree(
  7.1012 -	Document doc,
  7.1013 -	Vector bagOfSsids, 	
  7.1014 -	Vector bagOfTypes, 
  7.1015 -	Vector bagOfChwSsids, 
  7.1016 -	Vector bagOfChwTypes, 
  7.1017 -	Vector bagOfConflictSsids)
  7.1018 -  throws Exception, SAXException, ParserConfigurationException
  7.1019 - {
  7.1020 -  boolean found;
  7.1021 -
  7.1022 -  /* print the root Element */
  7.1023 -  Element root = doc.getDocumentElement();
  7.1024 -  printDebug ("\n pDT:: Document Element: Name = " + root.getNodeName() + ",Value = " + root.getNodeValue());
  7.1025 -
  7.1026 -  /* Go through the list of the root Element's Attributes */
  7.1027 -  NamedNodeMap nnm = root.getAttributes();
  7.1028 -  printDebug (" pDT:: # of Attributes: " + nnm.getLength());
  7.1029 -  for (int i = 0; i < nnm.getLength(); i++)
  7.1030 -  {
  7.1031 -         Node n = nnm.item (i);
  7.1032 -        printDebug (" pDT:: Attribute: Name = " + n.getNodeName() + ", Value = " 
  7.1033 -             + n.getNodeValue());
  7.1034 -  }
  7.1035 -
  7.1036 -  /* Retrieve the policy definition */ 
  7.1037 -  NodeList elementList = root.getElementsByTagName ("url");
  7.1038 -  String definitionFileName = elementList.item(0).getFirstChild().getNodeValue();  
  7.1039 -
  7.1040 -  String definitionHash = null;
  7.1041 -
  7.1042 -  /* Note that SecurityPolicySpec.xsd allows for 0 hash value! */
  7.1043 -  elementList = root.getElementsByTagName ("hash");
  7.1044 -  if (0 != elementList.getLength())
  7.1045 -      	definitionHash = elementList.item(0).getFirstChild().getNodeValue();  
  7.1046 -
  7.1047 -  Document definitionDoc = pGetDomDefinition(definitionFileName,definitionHash);
  7.1048 -  pGetTypes(definitionDoc,bagOfTypes, bagOfChwTypes, bagOfConflictSsids);
  7.1049 -
  7.1050 -
  7.1051 -  /* Get VM security information */
  7.1052 -  elementList = root.getElementsByTagName ("VM");
  7.1053 -  printDebug ("\n pDT:: partition length of NodeList:" + elementList.getLength());
  7.1054 -  /* Add default Ssid to Ste and Chw bags */			
  7.1055 -  SecurityLabel defEntry = new SecurityLabel();
  7.1056 -
  7.1057 -  defEntry.chwTypes = new Vector();
  7.1058 -  defEntry.steTypes = new Vector();
  7.1059 -  defEntry.chwIDs = new Vector();
  7.1060 -  defEntry.ids = new Vector();
  7.1061 -
  7.1062 -  defEntry.steSsidPosition =0;
  7.1063 -  defEntry.chwSsidPosition =0;
  7.1064 -  bagOfChwSsids.add(defEntry);
  7.1065 -  bagOfSsids.add(defEntry);
  7.1066 -
  7.1067 -  for (int x = 0; x < elementList.getLength(); x++)
  7.1068 -  {
  7.1069 -	found = false;
  7.1070 -
  7.1071 -        Node node = elementList.item (x);          
  7.1072 -
  7.1073 -	if (node.getNodeType() == Node.ELEMENT_NODE)
  7.1074 -	{
  7.1075 -	  printDebug (" pDT:: child: " + x + " is an element node" );
  7.1076 -	  Element e1 = (Element) node;
  7.1077 -
  7.1078 -  	  /* Get id */
  7.1079 -      	  NodeList elist = e1.getElementsByTagName ("id");
  7.1080 -      	  String idStr = elist.item(0).getFirstChild().getNodeValue();  
  7.1081 -      	  printDebug (" pDT:: id:" + idStr);
  7.1082 -
  7.1083 -	  /* Get TE */
  7.1084 -	  Vector colorTypes = new Vector();
  7.1085 -	  pConflictEntries(e1, "TE", bagOfTypes, colorTypes);
  7.1086 -
  7.1087 -	  Enumeration e = bagOfSsids.elements();
  7.1088 -	  while (e.hasMoreElements())
  7.1089 -	  {
  7.1090 -		SecurityLabel elem = (SecurityLabel) e.nextElement(); 
  7.1091 -		if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes))
  7.1092 -		{
  7.1093 -		  found = true;
  7.1094 -		  elem.ids.add(idStr);
  7.1095 -		}
  7.1096 -		
  7.1097 -	  }
  7.1098 -		if (!found && (0 < colorTypes.size()))
  7.1099 -		{
  7.1100 -		 SecurityLabel entry = new SecurityLabel();
  7.1101 -		 entry.steTypes = colorTypes;
  7.1102 -		 entry.ids = new Vector();
  7.1103 -		 entry.ids.add(idStr);
  7.1104 -		 bagOfSsids.add(entry);
  7.1105 -		}
  7.1106 -
  7.1107 -		/* Get Chinese wall type */
  7.1108 -	 	Vector chwTypes = new Vector();
  7.1109 -		pConflictEntries(e1, "ChWall", bagOfChwTypes, chwTypes);
  7.1110 -
  7.1111 -	        found = false;
  7.1112 -		e = bagOfChwSsids.elements();
  7.1113 -
  7.1114 -		while (e.hasMoreElements())
  7.1115 -		{
  7.1116 -  		  SecurityLabel elem = (SecurityLabel) e.nextElement(); 
  7.1117 -		  if ( elem.chwTypes.size() == chwTypes.size() && elem.chwTypes.containsAll(chwTypes))
  7.1118 -		  {
  7.1119 -		    found = true;
  7.1120 -		    elem.chwIDs.add(idStr);
  7.1121 -		  }
  7.1122 -		
  7.1123 -		}
  7.1124 -
  7.1125 -		if (!found && (0 < chwTypes.size()))
  7.1126 -		{
  7.1127 -		 SecurityLabel entry = new SecurityLabel();
  7.1128 -		 entry.chwTypes = chwTypes;
  7.1129 -		 entry.chwIDs = new Vector();
  7.1130 -		 entry.chwIDs.add(idStr);
  7.1131 -		 bagOfChwSsids.add(entry);
  7.1132 -		}
  7.1133 -      }
  7.1134 -  } 
  7.1135 -  return;
  7.1136 - }
  7.1137 -
  7.1138 - public Document pGetDomDefinition(
  7.1139 -	String definitionFileName, 
  7.1140 -	String definitionHash) 
  7.1141 -  throws Exception, SAXException, ParserConfigurationException
  7.1142 - {
  7.1143 -  printDebug("\n pGDD:: definition file name: " + definitionFileName);
  7.1144 -  printDebug("\n pGDD:: definition file hash: " + definitionHash);
  7.1145 -  
  7.1146 -  Document doc =  getDomTree(definitionFileName);
  7.1147 -  return doc; 
  7.1148 - }
  7.1149 -
  7.1150 - public void pGetTypes(
  7.1151 -	Document defDoc,
  7.1152 -	Vector bagOfTypes, 
  7.1153 -	Vector bagOfChwTypes, 
  7.1154 -	Vector bagOfConflictSsids)
  7.1155 -  throws Exception
  7.1156 - {
  7.1157 -
  7.1158 -
  7.1159 -  if (null == defDoc)
  7.1160 -      throw new Exception(" pGT:: definition file DOM is null ");
  7.1161 -
  7.1162 -  Element root = defDoc.getDocumentElement();
  7.1163 -
  7.1164 -  /* Get list of TE types */
  7.1165 -  NodeList elementList = root.getElementsByTagName ("Types");
  7.1166 -  printDebug ("\n pGT:: Types length of NodeList:" + elementList.getLength());
  7.1167 -  Element e1 = (Element) elementList.item (0);          
  7.1168 -  pGetEntries(e1,"TE",bagOfTypes);
  7.1169 -
  7.1170 -  /* Get list of Chinese types */
  7.1171 -  elementList = root.getElementsByTagName ("ChWallTypes");
  7.1172 -  printDebug ("\n pGT:: ChwTypes length of NodeList:" + elementList.getLength());
  7.1173 -  if (0 ==  elementList.getLength())
  7.1174 -  {
  7.1175 -  	printDebug ("\n pGT:: ChWallTypes has zero length: :" + elementList.getLength());
  7.1176 -  } else {
  7.1177 -	e1 = (Element) elementList.item (0);          
  7.1178 -	pGetEntries(e1,"ChWall",bagOfChwTypes);
  7.1179 -  }
  7.1180 -  printDebug (" pGT:: Total number of unique chw types: " + bagOfChwTypes.size());
  7.1181 -
  7.1182 -  /* Get Chinese type conflict sets */
  7.1183 -  elementList = root.getElementsByTagName ("ConflictSet");
  7.1184 -  printDebug ("\n pGT:: Conflict sets length of NodeList:" + elementList.getLength());
  7.1185 -  for (int x = 0; x < elementList.getLength(); x++)
  7.1186 -  {
  7.1187 - 	Vector conflictEntry  = new Vector();
  7.1188 -  	e1 = (Element) elementList.item (x);          
  7.1189 -  	printDebug ("\n pGT:: Conflict sets : " + x);
  7.1190 -
  7.1191 -	pConflictEntries(e1, "ChWall", bagOfChwTypes, conflictEntry);
  7.1192 -
  7.1193 -	if (conflictEntry.size() > 0)
  7.1194 -	{
  7.1195 -	  boolean found = false;
  7.1196 -	  Enumeration e = bagOfConflictSsids.elements();
  7.1197 -	
  7.1198 -	  while (e.hasMoreElements())
  7.1199 -	  {
  7.1200 -		Vector elem = (Vector) e.nextElement(); 
  7.1201 -		if (elem.size() == conflictEntry.size() && elem.containsAll(conflictEntry))
  7.1202 -	  	{
  7.1203 -	    	  found = true;
  7.1204 -	  	}
  7.1205 -		
  7.1206 -	  }
  7.1207 -	  if (!found)
  7.1208 -	  {
  7.1209 -		bagOfConflictSsids.add(conflictEntry);
  7.1210 -	  }
  7.1211 -  	}
  7.1212 -  }
  7.1213 -
  7.1214 - }
  7.1215 -
  7.1216 - public void  pGetEntries(Element doc, String tag, Vector typeBag)
  7.1217 -  throws Exception
  7.1218 - {
  7.1219 -
  7.1220 -  if (null == doc)
  7.1221 -      throw new Exception(" pGE:: Element doc is null");
  7.1222 -
  7.1223 -  if (null == typeBag)
  7.1224 -      throw new Exception(" pGE:: typeBag  is null");
  7.1225 -
  7.1226 -  NodeList elist = doc.getElementsByTagName (tag);
  7.1227 -  for (int j = 0; j < elist.getLength(); j++)
  7.1228 -  {
  7.1229 -  	Node knode = elist.item (j);          
  7.1230 -       	Node childNode = knode.getFirstChild();     
  7.1231 -       	String value = childNode.getNodeValue();
  7.1232 -
  7.1233 -	printDebug (" pGT:: "+ tag +" type: " + value);
  7.1234 -
  7.1235 -        /* Check if value is known */
  7.1236 -	if (!typeBag.contains(value))
  7.1237 -		typeBag.addElement(value);
  7.1238 -  }
  7.1239 - }
  7.1240 -
  7.1241 - public void  pConflictEntries(Element doc, String tag, Vector typeBag, Vector conflictEntry)
  7.1242 -  throws Exception
  7.1243 - {
  7.1244 -
  7.1245 -  if (null == doc)
  7.1246 -      throw new Exception(" pGE:: Element doc is null");
  7.1247 -
  7.1248 -  if (null == typeBag)
  7.1249 -      throw new Exception(" pGE:: typeBag  is null");
  7.1250 -
  7.1251 -  if (null == conflictEntry)
  7.1252 -      throw new Exception(" pGE:: typeBag  is null");
  7.1253 -
  7.1254 -
  7.1255 -  NodeList elist = doc.getElementsByTagName (tag);
  7.1256 -
  7.1257 -  for (int j = 0; j < elist.getLength(); j++)
  7.1258 -  {
  7.1259 -  	Node knode = elist.item (j);          
  7.1260 -       	Node childNode = knode.getFirstChild();     
  7.1261 -       	String value = childNode.getNodeValue();
  7.1262 -
  7.1263 -	printDebug (" pGE:: "+ tag +" type: " + value);
  7.1264 -
  7.1265 -        /* Check if value is known */
  7.1266 -	if (!typeBag.contains(value))
  7.1267 -      		throw new Exception(" pCE:: found undefined type set " + value);
  7.1268 -
  7.1269 -	if (!conflictEntry.contains(value))
  7.1270 -		conflictEntry.addElement(value);
  7.1271 -
  7.1272 -  }
  7.1273 - }
  7.1274 -
  7.1275 -  public void processDomTreeVlanSlot(
  7.1276 -	Document doc,
  7.1277 -	Vector bagOfSsids, 	
  7.1278 -	Vector bagOfTypes) 	
  7.1279 -  throws Exception
  7.1280 - {
  7.1281 -      boolean found;
  7.1282 -
  7.1283 -  printDebug(" pDTVS::Size of bagOfSsids: "+ bagOfSsids.size());
  7.1284 -  Element root = doc.getDocumentElement();
  7.1285 -
  7.1286 -  NodeList elementList = root.getElementsByTagName ("Vlan");
  7.1287 -  printDebug("\n pDTVS:: Vlan length of NodeList:" + elementList.getLength());
  7.1288 -
  7.1289 -  for (int x = 0; x < elementList.getLength(); x++)
  7.1290 -  {
  7.1291 -	found = false;
  7.1292 -
  7.1293 -        Node node = elementList.item (x);          
  7.1294 -
  7.1295 -	if (node.getNodeType() == Node.ELEMENT_NODE)
  7.1296 -	{
  7.1297 -	  printDebug(" pDTVS:: child: " + x + " is an element node" );
  7.1298 -	  Element e1 = (Element) node;
  7.1299 -
  7.1300 -	  /* Get vid */
  7.1301 -      	  NodeList elist = e1.getElementsByTagName ("vid");
  7.1302 -      	  String idStr = elist.item(0).getFirstChild().getNodeValue();  
  7.1303 -      	  printDebug (" pDTVS:: vid:" + idStr);
  7.1304 -
  7.1305 -	  /* Get TE */
  7.1306 -      	  elist = e1.getElementsByTagName ("TE");
  7.1307 -          printDebug (" pDTVS:: Total ste types: " + elist.getLength());
  7.1308 -
  7.1309 -	  Vector colorTypes = new Vector();
  7.1310 -	  for (int j = 0; j < elist.getLength(); j++)
  7.1311 -	  {
  7.1312 -		Node knode = elist.item (j);          
  7.1313 -        	Node childNode = knode.getFirstChild();     
  7.1314 -        	String value = childNode.getNodeValue();
  7.1315 -
  7.1316 -		printDebug (" pDT:: My color is: " + value);
  7.1317 -		if (!bagOfTypes.contains(value))
  7.1318 -		{
  7.1319 -      		  throw new IOException("pDT:: Vlan: " + idStr+ " has unknown type : "+ value);
  7.1320 -		}
  7.1321 -
  7.1322 -		if (!colorTypes.contains(value))
  7.1323 -		  colorTypes.addElement(value);
  7.1324 -	  }
  7.1325 -	  Enumeration e = bagOfSsids.elements();
  7.1326 -	  while (e.hasMoreElements())
  7.1327 -	  {
  7.1328 -		SecurityLabel elem = (SecurityLabel) e.nextElement(); 
  7.1329 -		if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes))
  7.1330 -		{
  7.1331 -		  found = true;
  7.1332 -		  if (null == elem.vlans)
  7.1333 -			elem.vlans = new Vector();
  7.1334 -		   elem.vlans.add(idStr);
  7.1335 -		}
  7.1336 -		
  7.1337 -	  }
  7.1338 -	  if (!found && (0 < colorTypes.size()))
  7.1339 -	  {
  7.1340 -		 SecurityLabel entry = new SecurityLabel();
  7.1341 -		 entry.steTypes = colorTypes;
  7.1342 -		 entry.vlans = new Vector();
  7.1343 -		 entry.vlans.add(idStr);
  7.1344 -		 bagOfSsids.add(entry);
  7.1345 -	  }
  7.1346 -
  7.1347 -	}
  7.1348 -  } 
  7.1349 -  printDebug(" pDTVS::After slot Size of bagOfSsids: "+ bagOfSsids.size());
  7.1350 -
  7.1351 -  elementList = root.getElementsByTagName ("Slot");
  7.1352 -  printDebug ("\n pDTVS:: Slot length of NodeList:" + elementList.getLength());
  7.1353 -
  7.1354 -  for (int x = 0; x < elementList.getLength(); x++)
  7.1355 -  {
  7.1356 -	found = false;
  7.1357 -
  7.1358 -        Node node = elementList.item (x);          
  7.1359 -
  7.1360 -	if (node.getNodeType() == Node.ELEMENT_NODE)
  7.1361 -	{
  7.1362 -	  printDebug(" pDT:: child: " + x + " is an element node" );
  7.1363 -	  Element e1 = (Element) node;
  7.1364 -
  7.1365 -
  7.1366 -	  /* Get slot and bus */
  7.1367 -	  SlotInfo item = new SlotInfo();
  7.1368 -
  7.1369 -	  NodeList elist = e1.getElementsByTagName ("bus");
  7.1370 -	  item.bus = elist.item(0).getFirstChild().getNodeValue();  
  7.1371 -      	  elist = e1.getElementsByTagName ("slot");
  7.1372 -      	  item.slot = elist.item(0).getFirstChild().getNodeValue();  
  7.1373 -      	  printDebug (" pDT:: bus and slot:" + item.bus + " "+ item.slot);
  7.1374 -
  7.1375 -	  /* Get TE */
  7.1376 -      	  elist = e1.getElementsByTagName ("TE");
  7.1377 -          printDebug (" pDT:: Total ste types: " + elist.getLength());
  7.1378 -
  7.1379 -	  Vector colorTypes = new Vector();
  7.1380 -	  for (int j = 0; j < elist.getLength(); j++)
  7.1381 -	  {
  7.1382 -        	Node knode = elist.item (j);          
  7.1383 -        	Node childNode = knode.getFirstChild();     
  7.1384 -        	String value = childNode.getNodeValue();
  7.1385 -
  7.1386 -		printDebug (" pDT:: My color is: " + value);
  7.1387 -		if (!bagOfTypes.contains(value))
  7.1388 -		{
  7.1389 -		  throw new IOException("pDT:: bus: " + item.bus + " slot: "+ item.slot + " has unknown type : "+ value);
  7.1390 -		}
  7.1391 -
  7.1392 -		if (!colorTypes.contains(value))
  7.1393 -		  colorTypes.addElement(value);
  7.1394 -		}
  7.1395 -
  7.1396 -		Enumeration e = bagOfSsids.elements();
  7.1397 -		while (e.hasMoreElements())
  7.1398 -		{
  7.1399 -  		  SecurityLabel elem = (SecurityLabel) e.nextElement(); 
  7.1400 -		  if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes))
  7.1401 -		  {
  7.1402 -			found = true;
  7.1403 -			if (null == elem.slots)
  7.1404 -			  elem.slots = new Vector();
  7.1405 -			elem.slots.add(item);
  7.1406 -
  7.1407 -		  }
  7.1408 -		
  7.1409 -		}
  7.1410 -
  7.1411 -		if (!found && (0 < colorTypes.size()))
  7.1412 -		{
  7.1413 -		  SecurityLabel entry = new SecurityLabel();
  7.1414 -		  entry.steTypes = colorTypes;
  7.1415 -		  entry.slots = new Vector();
  7.1416 -		  entry.slots.add(item);
  7.1417 -		  bagOfSsids.add(entry);
  7.1418 -		}
  7.1419 -
  7.1420 -	}
  7.1421 -  }
  7.1422 -  return;
  7.1423 - }
  7.1424 -
  7.1425 - public static void main (String[] args) 
  7.1426 - {
  7.1427 -  String xmlFileName = null;        	/* policy file */ 
  7.1428 -  String outputFileName = null;     	/* binary policy file */
  7.1429 -  String xenSsidOutputFileName = null; 	/* outputfile ssid to named types */	
  7.1430 -					/* outputfile conflicts ssid to named types */	
  7.1431 -  String xenSsidConfOutputFileName = null; 	
  7.1432 -
  7.1433 -  XmlToBin genObj = new XmlToBin(); 
  7.1434 -
  7.1435 -  policy_version active_policy = new policy_version();
  7.1436 -
  7.1437 -  if ((active_policy.ACM_POLICY_VERSION != ACM_POLICY_VERSION) ||
  7.1438 -      (active_policy.ACM_CHWALL_VERSION != ACM_CHWALL_VERSION) ||
  7.1439 -      (active_policy.ACM_STE_VERSION != ACM_STE_VERSION)) {
  7.1440 -	  System.out.println("ACM policy versions differ.");
  7.1441 -	  System.out.println("Please verify that data structures are correct");
  7.1442 -	  System.out.println("and then adjust the version numbers in XmlToBinInterface.java.");
  7.1443 -	  return;
  7.1444 -  }
  7.1445 -
  7.1446 -
  7.1447 -  for (int i = 0 ; i < args.length ; i++) {
  7.1448 -
  7.1449 -	if ( args[i].equals("-help"))  {
  7.1450 -          printUsage();
  7.1451 -          System.exit(1);
  7.1452 -
  7.1453 -        } else if ( args[i].equals("-i"))  {
  7.1454 -          i++;
  7.1455 -          if (i < args.length) {
  7.1456 -               xmlFileName = args[i];   
  7.1457 -          } else  {
  7.1458 -                System.out.println("-i argument needs parameter");
  7.1459 -                System.exit(1);
  7.1460 -          }
  7.1461 -
  7.1462 -	} else if ( args[i].equals("-o"))  {
  7.1463 -          i++;
  7.1464 -          if (i < args.length) {
  7.1465 -                outputFileName = args[i];   
  7.1466 -          } else {
  7.1467 -                System.out.println("-o argument needs parameter");
  7.1468 -                System.exit(1);
  7.1469 -          }
  7.1470 -
  7.1471 -	} else if ( args[i].equals("-xssid"))  {
  7.1472 -          i++;
  7.1473 -          if (i < args.length) {
  7.1474 -                 xenSsidOutputFileName = args[i];   
  7.1475 -          } else {
  7.1476 -                System.out.println("-xssid argument needs parameter");
  7.1477 -                System.exit(1);
  7.1478 -          }
  7.1479 -
  7.1480 -	} else if ( args[i].equals("-xssidconf"))  {
  7.1481 -          i++;
  7.1482 -          if (i < args.length) {
  7.1483 -                xenSsidConfOutputFileName = args[i]; 
  7.1484 -          } else {
  7.1485 -                System.out.println("-xssidconf argument needs parameter");
  7.1486 -                System.exit(1);
  7.1487 -          }
  7.1488 -	} else if ( args[i].equals("-debug"))  { /* turn on debug msg */
  7.1489 -	 	genObj.setDebug(true);
  7.1490 -        } else {
  7.1491 -          System.out.println("bad command line argument: " + args[i]);
  7.1492 -          printUsage();
  7.1493 -          System.exit(1);
  7.1494 -        }
  7.1495 -
  7.1496 -  }
  7.1497 -
  7.1498 -  if (xmlFileName == null)
  7.1499 -  { 
  7.1500 -	System.out.println("Need to specify input file -i option");
  7.1501 -        printUsage();
  7.1502 -        System.exit(1);
  7.1503 -  }
  7.1504 -
  7.1505 -
  7.1506 -  try 
  7.1507 -  {
  7.1508 -	/* Parse and validate */
  7.1509 - 	Document doc =  genObj.getDomTree(xmlFileName);
  7.1510 -
  7.1511 -	/* Vectors to hold sets of types */
  7.1512 -	Vector bagOfSsids = new Vector();
  7.1513 -	Vector bagOfTypes = new Vector();
  7.1514 -	Vector bagOfChwSsids = new Vector();
  7.1515 -	Vector bagOfChwTypes = new Vector();
  7.1516 -	Vector bagOfConflictSsids = new Vector();
  7.1517 -
  7.1518 -	Vector vlanMapSsids = new Vector();
  7.1519 -	Vector slotMapSsids = new Vector();
  7.1520 -
  7.1521 -	genObj.processDomTree(doc, bagOfSsids, bagOfTypes, bagOfChwSsids, bagOfChwTypes, bagOfConflictSsids);
  7.1522 -
  7.1523 -	genObj.processDomTreeVlanSlot(doc, bagOfSsids, bagOfTypes);
  7.1524 -
  7.1525 -	/* Get binary representation of policies */
  7.1526 -  	byte[] stePolicy = genObj.generateSteBuffer(bagOfSsids, bagOfTypes);
  7.1527 -  	byte[] chwPolicy = genObj.generateChwBuffer(bagOfChwSsids, bagOfConflictSsids,bagOfChwTypes);
  7.1528 -
  7.1529 -  	byte[] binPolicy = null;
  7.1530 - 	byte[] binaryPartionSsid = null;
  7.1531 -  	byte[] binaryVlanSsid = null;
  7.1532 -  	byte[] binarySlotSsid = null;
  7.1533 -
  7.1534 -	/* Get binary representation of partition to ssid mapping */
  7.1535 -  	binaryPartionSsid = genObj.generatePartSsids(bagOfSsids,bagOfChwSsids);
  7.1536 -
  7.1537 -	/* Get binary representation of vlan to ssid mapping */
  7.1538 -  	binaryVlanSsid = genObj.generateVlanSsids(bagOfSsids);
  7.1539 -
  7.1540 -	/* Get binary representation of slot to ssid mapping */
  7.1541 -  	binarySlotSsid = genObj.generateSlotSsids(bagOfSsids);
  7.1542 -
  7.1543 -	/* Generate binary representation: policy, partition, slot and vlan */
  7.1544 -  	binPolicy = genObj.GenBinaryPolicyBuffer(chwPolicy,stePolicy, binaryPartionSsid, binaryVlanSsid, binarySlotSsid);
  7.1545 -
  7.1546 -
  7.1547 -	/* Write binary policy into file */
  7.1548 -	if (null != outputFileName)
  7.1549 -	{
  7.1550 -  		genObj.writeBinPolicy(binPolicy, outputFileName);
  7.1551 -	} else {
  7.1552 -		System.out.println (" No binary policy generated, outputFileName:  " + outputFileName);
  7.1553 -	}
  7.1554 -
  7.1555 -	/* Print total number of types */
  7.1556 -	System.out.println (" Total number of unique ste types: " + bagOfTypes.size());
  7.1557 -	System.out.println (" Total number of Ssids : " + bagOfSsids.size());
  7.1558 -	System.out.println (" Total number of unique chw types: " + bagOfChwTypes.size());
  7.1559 -	System.out.println (" Total number of conflict ssids : " + bagOfConflictSsids.size());
  7.1560 -	System.out.println (" Total number of chw Ssids : " + bagOfChwSsids.size());
  7.1561 -
  7.1562 -   	if (null != xenSsidOutputFileName)
  7.1563 -  		genObj.writeXenTypeFile(bagOfSsids, xenSsidOutputFileName, true);
  7.1564 -
  7.1565 -   	if (null != xenSsidConfOutputFileName)
  7.1566 -  		genObj.writeXenTypeFile(bagOfChwSsids, xenSsidConfOutputFileName, false);
  7.1567 -    } 
  7.1568 -    catch (Exception e) 
  7.1569 -    {
  7.1570 -      e.printStackTrace();
  7.1571 -    }
  7.1572 -  }
  7.1573 -}
     8.1 --- a/tools/misc/policyprocessor/XmlToBinInterface.java	Fri Aug 19 08:55:03 2005 +0000
     8.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     8.3 @@ -1,138 +0,0 @@
     8.4 -/**
     8.5 - * (C) Copyright IBM Corp. 2005
     8.6 - *
     8.7 - * $Id: XmlToBinInterface.java,v 1.3 2005/06/20 21:07:37 rvaldez Exp $
     8.8 - *
     8.9 - * Author: Ray Valdez
    8.10 - *
    8.11 - * This program is free software; you can redistribute it and/or
    8.12 - * modify it under the terms of the GNU General Public License as
    8.13 - * published by the Free Software Foundation, version 2 of the
    8.14 - * License.
    8.15 - *
    8.16 - * XmlToBinInterface Class.  
    8.17 - * <p>
    8.18 - *
    8.19 - * Defines constants used by XmToBin.
    8.20 - *
    8.21 - * <p>
    8.22 - *
    8.23 - *	policy binary structures
    8.24 - *
    8.25 - * struct acm_policy_buffer {
    8.26 - *	u32 policy_version; * ACM_POLICY_VERSION *
    8.27 - *      u32 magic;
    8.28 - *	u32 len;
    8.29 - *	u32 primary_policy_code;
    8.30 - *	u32 primary_buffer_offset;
    8.31 - *	u32 secondary_policy_code;
    8.32 - *	u32 secondary_buffer_offset;
    8.33 - *      +u32 resource offset (not used yet in Xen)
    8.34 - * };
    8.35 - *
    8.36 - *
    8.37 - * struct acm_ste_policy_buffer {
    8.38 - *	u32 policy_version; * ACM_STE_VERSION *
    8.39 - *	u32 policy_code;
    8.40 - *	u32 ste_max_types;
    8.41 - *	u32 ste_max_ssidrefs;
    8.42 - *	u32 ste_ssid_offset;
    8.43 - * };
    8.44 - *
    8.45 - * struct acm_chwall_policy_buffer {
    8.46 - *	u32 policy_version; * ACM_CHWALL_VERSION *
    8.47 - *	u32 policy_code;
    8.48 - *	u32 chwall_max_types;
    8.49 - *	u32 chwall_max_ssidrefs;
    8.50 - *	u32 chwall_max_conflictsets;
    8.51 - *	u32 chwall_ssid_offset;
    8.52 - *	u32 chwall_conflict_sets_offset;
    8.53 - *	u32 chwall_running_types_offset;
    8.54 - *	u32 chwall_conflict_aggregate_offset;
    8.55 - * };
    8.56 - *
    8.57 - *	typedef struct {
    8.58 - *	u16 partition_max;
    8.59 - *	u16 partition_offset;
    8.60 - *	u16 vlan_max;
    8.61 - *	u16 vlan_offset;
    8.62 - *	u16 slot_max;
    8.63 - *	u16 slot_offset;
    8.64 - *	} acm_resource_buffer_t;
    8.65 - *
    8.66 - *	typedef struct {
    8.67 - *	u16 id;
    8.68 - *	u16 ssid_ste;
    8.69 - *	u16 ssid_chwall;
    8.70 - *	} acm_partition_entry_t;
    8.71 - *
    8.72 - *	typedef struct {
    8.73 - *	u16 vlan;
    8.74 - *	u16 ssid_ste;
    8.75 - *	} acm_vlan_entry_t;
    8.76 - *
    8.77 - *	typedef struct {
    8.78 - *	u16 bus;
    8.79 - *	u16 slot;
    8.80 - *	u16 ssid_ste;
    8.81 - *	} acm_slot_entry_t;
    8.82 - *
    8.83 - *       
    8.84 - *
    8.85 - */
    8.86 -public interface XmlToBinInterface
    8.87 -{
    8.88 -  /* policy code  (uint16) */
    8.89 -  final int policyCodeSize = 2;
    8.90 -
    8.91 -  /* max_types    (uint16) */
    8.92 -  final int maxTypesSize = 2;
    8.93 -
    8.94 -  /* max_ssidrefs (uint16) */
    8.95 -  final int maxSsidrefSize = 2;
    8.96 -
    8.97 -  /* ssid_offset  (uint32) */
    8.98 -  final int ssidOffsetSize = 2;
    8.99 -
   8.100 -  final short markSymbol = 0x0001;
   8.101 -
   8.102 -  final int u32Size = 4;
   8.103 -  final int u16Size = 2;
   8.104 -
   8.105 -  /* num of bytes for acm_ste_policy_buffer_t */
   8.106 -  final int steHeaderSize = (5 * u32Size);
   8.107 -
   8.108 -  /* byte for acm_chinese_wall_policy_buffer_t */
   8.109 -  final int chwHeaderSize = (9 * u32Size);
   8.110 -
   8.111 -  final int primaryPolicyCodeSize = u32Size;
   8.112 -  final int primaryBufferOffsetSize = u32Size ;
   8.113 -
   8.114 -  final int secondaryPolicyCodeSz = u32Size;
   8.115 -  final int secondaryBufferOffsetSz = u32Size;
   8.116 -  final int resourceOffsetSz = u32Size;
   8.117 -
   8.118 -  final short partitionBufferSz = (2 * u16Size);
   8.119 -  final short partitionEntrySz = (3 * u16Size);
   8.120 -
   8.121 -  final short slotBufferSz = (2 * u16Size);
   8.122 -  final short slotEntrySz = (3 * u16Size);
   8.123 -
   8.124 -  final short vlanBufferSz = (2 * u16Size);
   8.125 -  final short vlanEntrySz = (2 * u16Size);
   8.126 -
   8.127 -  final int binaryBufferHeaderSz = (8 * u32Size); /* 8th not used in Xen */
   8.128 -
   8.129 -  /* copied directly from acm.h */
   8.130 -  final int ACM_MAGIC  =  0x0001debc;
   8.131 -  final int ACM_NULL_POLICY = 0;
   8.132 -  final int ACM_CHINESE_WALL_POLICY = 1;
   8.133 -  final int ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY = 2;
   8.134 -  final int ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY = 3;
   8.135 -  final int ACM_EMPTY_POLICY = 4;
   8.136 -
   8.137 -  /* version for compatibility check */
   8.138 -  final int ACM_POLICY_VERSION = 1;
   8.139 -  final int ACM_STE_VERSION    = 1;
   8.140 -  final int ACM_CHWALL_VERSION = 1;
   8.141 -}
     9.1 --- a/tools/misc/policyprocessor/c2j_include.c	Fri Aug 19 08:55:03 2005 +0000
     9.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     9.3 @@ -1,57 +0,0 @@
     9.4 -/****************************************************************
     9.5 - * c2j_include.c
     9.6 - *
     9.7 - * Copyright (C) 2005 IBM Corporation
     9.8 - *
     9.9 - * Authors:
    9.10 - * Reiner Sailer <sailer@watson.ibm.com>
    9.11 - *
    9.12 - * This program is free software; you can redistribute it and/or
    9.13 - * modify it under the terms of the GNU General Public License as
    9.14 - * published by the Free Software Foundation, version 2 of the
    9.15 - * License.
    9.16 - *
    9.17 - * This tool makes some constants from acm.h available to the
    9.18 - * java policyprocessor for version checking.
    9.19 - */
    9.20 -#include <stdio.h>
    9.21 -#include <errno.h>
    9.22 -#include <stdlib.h>
    9.23 -#include <stdint.h>
    9.24 -
    9.25 -typedef uint8_t  u8;
    9.26 -typedef uint16_t u16;
    9.27 -typedef uint32_t u32;
    9.28 -typedef uint64_t u64;
    9.29 -typedef int8_t   s8;
    9.30 -typedef int16_t  s16;
    9.31 -typedef int32_t  s32;
    9.32 -typedef int64_t  s64;
    9.33 -
    9.34 -#include <xen/acm.h>
    9.35 -
    9.36 -char *filename = "policy_version.java";
    9.37 -
    9.38 -int main(int argc, char **argv)
    9.39 -{
    9.40 -
    9.41 -    FILE *fd;
    9.42 -    if ((fd = fopen(filename, "w")) <= 0)
    9.43 -    {
    9.44 -        printf("File %s not found.\n", filename);
    9.45 -        exit(-ENOENT);
    9.46 -    }
    9.47 -
    9.48 -    fprintf(fd, "/*\n * This file was automatically generated\n");
    9.49 -    fprintf(fd, " * Do not change it manually!\n */\n");
    9.50 -    fprintf(fd, "public class policy_version {\n");
    9.51 -    fprintf(fd, "	final int ACM_POLICY_VERSION = %x;\n",
    9.52 -            ACM_POLICY_VERSION);
    9.53 -    fprintf(fd, "	final int ACM_CHWALL_VERSION = %x;\n",
    9.54 -            ACM_CHWALL_VERSION);
    9.55 -    fprintf(fd, "	final int ACM_STE_VERSION = %x;\n",
    9.56 -            ACM_STE_VERSION);
    9.57 -    fprintf(fd, "}\n");
    9.58 -    fclose(fd);
    9.59 -    return 0;
    9.60 -}
    10.1 --- a/tools/misc/policyprocessor/myHandler.java	Fri Aug 19 08:55:03 2005 +0000
    10.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    10.3 @@ -1,47 +0,0 @@
    10.4 -/**
    10.5 - * (C) Copyright IBM Corp. 2005
    10.6 - *
    10.7 - * $Id: myHandler.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $
    10.8 - *
    10.9 - * Author: Ray Valdez
   10.10 - *
   10.11 - * This program is free software; you can redistribute it and/or
   10.12 - * modify it under the terms of the GNU General Public License as
   10.13 - * published by the Free Software Foundation, version 2 of the
   10.14 - * License.
   10.15 - *
   10.16 - * myHandler Class.  
   10.17 - *
   10.18 - * <p>
   10.19 - *
   10.20 - * A dummy class used for detecting XML validating/parsing errors.
   10.21 - *
   10.22 - * <p>
   10.23 - *
   10.24 - *
   10.25 - */
   10.26 -import org.xml.sax.helpers.*;
   10.27 -import org.xml.sax.SAXParseException;
   10.28 -
   10.29 -class myHandler extends DefaultHandler 
   10.30 -{ 
   10.31 - public boolean isValid = true;
   10.32 -
   10.33 - /* Notification of a recoverable error. */
   10.34 - public void error(SAXParseException se) 
   10.35 - { 
   10.36 -  isValid = false;
   10.37 - } 
   10.38 -
   10.39 - /* Notification of a non-recoverable error. */
   10.40 - public void fatalError(SAXParseException se) 
   10.41 - { 
   10.42 -  isValid = false;
   10.43 - } 
   10.44 -
   10.45 - /* Notification of a warning. */
   10.46 - public void warning(SAXParseException se) 
   10.47 - {
   10.48 -  isValid = false;
   10.49 - }
   10.50 -}
    11.1 --- a/tools/misc/policyprocessor/readme.install	Fri Aug 19 08:55:03 2005 +0000
    11.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    11.3 @@ -1,33 +0,0 @@
    11.4 -# Author: Ray Valdez, rvaldez@us.ibm.com 
    11.5 -# Version: 1.0
    11.6 -#
    11.7 -# install readme
    11.8 -#
    11.9 -PREREQUISITES:
   11.10 -
   11.11 -Prior to installation of the policy processor tool (XmlToBin) you must have...
   11.12 -
   11.13 - 1. Java version 1.4.2
   11.14 - 2. xmlParserAPIs.jar and xercesImpl.jar
   11.15 -
   11.16 -The above can be obtained from the Sun Developer Network web site at
   11.17 -http://java.sun.com/j2se/1.4.2/download.html.
   11.18 -
   11.19 -XmlParserAPIs and xercesImpl jars can be obtained from
   11.20 -http://www.apache.org/dist/xml/xerces-j (Xerces-J-bin.2.6.2.tar.gz,
   11.21 -for example).
   11.22 -
   11.23 -The tool has been tested with J2SE v1.4.2_08 JRE on Linux (32-bit
   11.24 -INTEL).
   11.25 -
   11.26 -INSTALLATION
   11.27 -
   11.28 -1. Set PATH to include $HOME_JAVA/bin and $HOME_JAVA/jre/bin
   11.29 -   where $HOME_JAVA is your java installation directory
   11.30 -
   11.31 -2. Compile XmlToBin:
   11.32 -   javac XmlToBin.java
   11.33 -	
   11.34 -USAGE
   11.35 -
   11.36 - See readme.xen
    12.1 --- a/tools/misc/policyprocessor/readme.xen	Fri Aug 19 08:55:03 2005 +0000
    12.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    12.3 @@ -1,65 +0,0 @@
    12.4 -# Author: Ray Valdez, rvaldez@us.ibm.com 
    12.5 -# Version: 1.0
    12.6 -#
    12.7 -# This readme describes the policy processor tool for sHype.
    12.8 -#
    12.9 -
   12.10 -Java program:
   12.11 -
   12.12 - java XmlToBin -i [file.xml] -o <file.bin> -xssid <SsidFile> -xssidconf <SsidConf>
   12.13 -
   12.14 - Command line options:
   12.15 -
   12.16 -        -i              inputFile:      name of policyfile (.xml)
   12.17 -        -o              outputFile:     name of binary policy file (Big Endian)
   12.18 -        -xssid          SsidFile:       xen ssids to named types text file
   12.19 -        -xssidconf      SsidConf:   	xen conflict ssids to types text file
   12.20 -        -debug                          turn on debug messages
   12.21 -        -help                           help. This printout
   12.22 -
   12.23 -Where:
   12.24 -
   12.25 -file.xml is the (input) xml policy file to be parsed and validated.
   12.26 -The syntax for file.xml is defined in the SecurityPolicySpec.xsd file.
   12.27 -file.bin is the (output) binary policy file generated by XmlToBin.
   12.28 -This binary policy can be activated in sHype. The binary policy file
   12.29 -is laid out in network byte order (i.e., big endian).  The SsidFile
   12.30 -file contains the mapping of type enforcement (TE) ssids to the "named
   12.31 -types".  Similarly, the SsidConf file contains the mapping of Chinese
   12.32 -Wall (ChWall) ssids to conflict named types. The ssidFile and SsidConf
   12.33 -files are used by Xen.
   12.34 -
   12.35 -Xml Schema and policy:
   12.36 -
   12.37 -The SecurityPolicySpec.xsd defines the syntax of a policy file. It
   12.38 -declares the tags that are used by XmlToBin to generate the binary
   12.39 -policy file. The tags that XmlToBin keys on are TE, ChWall, id, vid,
   12.40 -etc.  The xml files that describe a policy are simple.  Semantic
   12.41 -checking of a policy is performed mostly by XmlToBin.  A type, for
   12.42 -example, is a string. No fixed values are defined for types in Xml.
   12.43 -  
   12.44 -A policy consists of two Xml files: definition and policy. The
   12.45 -definition Xml declares the types that are permitted in the policy
   12.46 -Xml.  The policy Xml contains the assignment of labels to
   12.47 -subject/object (e.g., vm). This Xml file contains an explicit
   12.48 -reference to the definition Xml (e.g., <url>xen_sample_def.xml</url>).
   12.49 -The policy Xml is the one provided as a command line argument.
   12.50 -
   12.51 -
   12.52 -Files:
   12.53 -
   12.54 -*.java		      	- policy processor source 
   12.55 -xen_sample_policy.xml	- sample xml policy file
   12.56 -xen_sample_def.xml	- sample user defined types
   12.57 -SecurityPolicySpec.xsd 	- schema definition file
   12.58 -
   12.59 -
   12.60 -To generate the sample binary policy: 
   12.61 -
   12.62 -export CLASSPATH=$XERCES_HOME/xercesImpl.jar:$XERCES_HOME/xmlParserAPIs.jar:.
   12.63 -
   12.64 -java XmlToBin -i xen_sample_policy.xml -o xen_sample_policy.bin
   12.65 -
   12.66 -where $XERCES_HOME is the installation directory of the Apache Xerces-J
   12.67 -
   12.68 -
    13.1 --- a/tools/misc/policyprocessor/xen_sample_def.xml	Fri Aug 19 08:55:03 2005 +0000
    13.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    13.3 @@ -1,46 +0,0 @@
    13.4 -<?xml version="1.0"?>
    13.5 -<!-- Author: Ray Valdez, rvaldez@us.ibm.com -->
    13.6 -<!-- example policy type definition -->
    13.7 -<SecurityPolicySpec
    13.8 -xmlns="http://www.ibm.com"
    13.9 -xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   13.10 -xsi:schemaLocation="http://www.ibm.com SecurityPolicySpec.xsd">
   13.11 -
   13.12 -<Definition>
   13.13 -<!-- an example of a simple type enforcement type definition -->
   13.14 -  <Types>
   13.15 -        <TE>LOCAL-management</TE>
   13.16 -        <TE>R-Company-development</TE>
   13.17 -        <TE>S-Company-order</TE>
   13.18 -        <TE>T-Company-advertising</TE>
   13.19 -        <TE>U-Company-computing</TE>
   13.20 -		 <!-- TE nondevelopment  -->
   13.21 -  </Types>
   13.22 -
   13.23 -<!-- an example of a chinese wall type definition along with conflict sets-->
   13.24 -  <ChWallTypes>
   13.25 -		 <ChWall>Q-Company</ChWall>
   13.26 -		 <ChWall>R-Company</ChWall>
   13.27 -		 <ChWall>S-Company</ChWall>
   13.28 -		 <ChWall>T-Company</ChWall>
   13.29 -		 <ChWall>U-Company</ChWall>
   13.30 -		 <ChWall>V-Company</ChWall>
   13.31 -		 <ChWall>W-Company</ChWall>
   13.32 -		 <ChWall>X-Company</ChWall>
   13.33 -		 <ChWall>Y-Company</ChWall>
   13.34 -		 <ChWall>Z-Company</ChWall>
   13.35 -  </ChWallTypes>
   13.36 -
   13.37 -  <ConflictSet>
   13.38 -		 <ChWall>T-Company</ChWall>
   13.39 -		 <ChWall>S-Company</ChWall>
   13.40 -   </ConflictSet>
   13.41 -
   13.42 -   <ConflictSet>
   13.43 -		 <ChWall>R-Company</ChWall>
   13.44 -		 <ChWall>V-Company</ChWall>
   13.45 -		 <ChWall>W-Company</ChWall>
   13.46 -   </ConflictSet>
   13.47 -
   13.48 -</Definition>
   13.49 -</SecurityPolicySpec>
    14.1 --- a/tools/misc/policyprocessor/xen_sample_policy.xml	Fri Aug 19 08:55:03 2005 +0000
    14.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    14.3 @@ -1,58 +0,0 @@
    14.4 -<?xml version="1.0"?>
    14.5 -<!-- Author: Ray Valdez, rvaldez@us.ibm.com -->
    14.6 -<!-- example xen policy file -->
    14.7 -
    14.8 -<SecurityPolicySpec
    14.9 -xmlns="http://www.ibm.com"
   14.10 -xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   14.11 -xsi:schemaLocation="http://www.ibm.com SecurityPolicySpec.xsd">
   14.12 -<Policy>
   14.13 - <PolicyHeader>
   14.14 -        <Name>xen sample policy</Name>
   14.15 -        <DateTime>2005-05-20T16:56:00</DateTime>
   14.16 -        <Tag>foobar</Tag>
   14.17 -        <TypeDefinition>
   14.18 -          <url>xen_sample_def.xml</url>
   14.19 -          <hash>abcdef123456abcdef</hash>
   14.20 -        </TypeDefinition>
   14.21 - </PolicyHeader>
   14.22 -
   14.23 - <VM>
   14.24 -        <id> 0 </id>
   14.25 -        <TE>LOCAL-management</TE>
   14.26 -        <TE>R-Company-development</TE>
   14.27 -        <TE>S-Company-order</TE>
   14.28 -        <TE>T-Company-advertising</TE>
   14.29 -        <TE>U-Company-computing</TE>
   14.30 -		 <ChWall>Q-Company</ChWall>
   14.31 - </VM>
   14.32 -
   14.33 - <VM>
   14.34 -        <id> 1 </id>
   14.35 -        <TE>R-Company-development</TE>
   14.36 -		 <ChWall>R-Company</ChWall>
   14.37 - </VM>
   14.38 -
   14.39 - <VM>
   14.40 -        <id> 2 </id>
   14.41 -        <TE>S-Company-order</TE>
   14.42 -		 <ChWall>S-Company</ChWall>
   14.43 -
   14.44 - </VM>
   14.45 -
   14.46 - <VM>
   14.47 -        <id> 3 </id>
   14.48 -        <TE>T-Company-advertising</TE>
   14.49 -		 <ChWall>T-Company</ChWall>
   14.50 - </VM>
   14.51 -
   14.52 -
   14.53 - <VM>
   14.54 -        <id> 4 </id>
   14.55 -        <TE>U-Company-computing</TE>
   14.56 -		 <ChWall>U-Company</ChWall>
   14.57 - </VM>
   14.58 -
   14.59 -
   14.60 -</Policy>
   14.61 -</SecurityPolicySpec>
    15.1 --- a/tools/security/Makefile	Fri Aug 19 08:55:03 2005 +0000
    15.2 +++ b/tools/security/Makefile	Fri Aug 19 09:03:17 2005 +0000
    15.3 @@ -2,28 +2,72 @@ XEN_ROOT = ../..
    15.4  include $(XEN_ROOT)/tools/Rules.mk
    15.5  
    15.6  SRCS     = secpol_tool.c
    15.7 -CFLAGS   += -static
    15.8  CFLAGS   += -Wall
    15.9  CFLAGS   += -Werror
   15.10  CFLAGS   += -O3
   15.11  CFLAGS   += -fno-strict-aliasing
   15.12 -CFLAGS   += -I.
   15.13 +CFLAGS   += -I. -I/usr/include/libxml2
   15.14 +CFLAGS_XML2BIN += $(shell xml2-config --cflags --libs )
   15.15 +#if above does not work, try  -L/usr/lib -lxml2 -lz -lpthread -lm
   15.16 +XML2VERSION = $(shell xml2-config --version )
   15.17 +VALIDATE_SCHEMA=$(shell if [[ $(XML2VERSION) < 2.6.20 ]]; then echo ""; else echo "-DVALIDATE_SCHEMA"; fi; )
   15.18  
   15.19 +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY)
   15.20 +POLICY=null
   15.21 +endif
   15.22 +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_POLICY)
   15.23 +POLICY=chwall
   15.24 +endif
   15.25 +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
   15.26 +POLICY=ste
   15.27 +endif
   15.28 +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)
   15.29 +POLICY=chwall_ste
   15.30 +endif
   15.31 +POLICYFILE=./policies/$(POLICY)/$(POLICY).bin
   15.32 +
   15.33 +ifneq ($(ACM_USE_SECURITY_POLICY), ACM_NULL_POLICY)
   15.34  all: build
   15.35 +
   15.36 +install:all
   15.37 +
   15.38 +default:all
   15.39 +else
   15.40 +all:
   15.41 +
   15.42 +install:
   15.43 +
   15.44 +default:
   15.45 +endif
   15.46 +
   15.47  build: mk-symlinks
   15.48  	$(MAKE) secpol_tool
   15.49 -
   15.50 -default: all
   15.51 +	$(MAKE) secpol_xml2bin
   15.52 +	chmod 700 ./setlabel.sh
   15.53 +	chmod 700 ./updategrub.sh
   15.54  
   15.55 -install: all
   15.56 -
   15.57 -secpol_tool : secpol_tool.c
   15.58 +secpol_tool : secpol_tool.c secpol_compat.h
   15.59  	$(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $<
   15.60  
   15.61 +secpol_xml2bin : secpol_xml2bin.c secpol_xml2bin.h secpol_compat.h
   15.62 +	$(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_XML2BIN) $(VALIDATE_SCHEMA) -o $@ $<
   15.63 +
   15.64  clean:
   15.65 -	rm -rf secpol_tool xen
   15.66 +	rm -rf secpol_tool secpol_xml2bin xen
   15.67 +
   15.68 +policy_clean:
   15.69 +	rm -rf policies/*/*.bin policies/*/*.map
   15.70 +
   15.71 +mrproper: clean policy_clean
   15.72  
   15.73  
   15.74 +$(POLICYFILE) : build
   15.75 +	@./secpol_xml2bin $(POLICY) > /dev/null
   15.76 +
   15.77 +boot_install: $(POLICYFILE)
   15.78 +	@cp $(POLICYFILE) /boot
   15.79 +	@./updategrub.sh $(POLICY) $(PWD)/$(XEN_ROOT)
   15.80 +
   15.81  LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse
   15.82  mk-symlinks:
   15.83  	[ -e xen/linux ] || mkdir -p xen/linux
    16.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    16.2 +++ b/tools/security/example.txt	Fri Aug 19 09:03:17 2005 +0000
    16.3 @@ -0,0 +1,269 @@
    16.4 +##
    16.5 +# example.txt <description to the xen access control architecture>
    16.6 +#
    16.7 +# Author:
    16.8 +# Reiner Sailer 08/15/2005 <sailer@watson.ibm.com>
    16.9 +#
   16.10 +#
   16.11 +# This file introduces into the tools to manage policies
   16.12 +# and to label domains and resources.
   16.13 +##
   16.14 +
   16.15 +We will show how to install and use the chwall_ste policy.
   16.16 +Other policies work similarly. Feedback welcome!
   16.17 +
   16.18 +
   16.19 +
   16.20 +1. Using secpol_xml2bin to translate the chwall_ste policy:
   16.21 +===========================================================
   16.22 +
   16.23 +#tools/security/secpol_xml2bin chwall_ste
   16.24 +
   16.25 +Successful execution should print:
   16.26 +
   16.27 +    [root@laptopxn security]# ./secpol_xml2bin chwall_ste
   16.28 +    Validating label file policies/chwall_ste/chwall_ste-security_label_template.xml...
   16.29 +    XML Schema policies/security_policy.xsd valid.
   16.30 +    Validating policy file policies/chwall_ste/chwall_ste-security_policy.xml...
   16.31 +    XML Schema policies/security_policy.xsd valid.
   16.32 +    Creating ssid mappings ...
   16.33 +    Creating label mappings ...
   16.34 +    Max chwall labels:  7
   16.35 +    Max chwall-types:   4
   16.36 +    Max chwall-ssids:   5
   16.37 +    Max ste labels:     14
   16.38 +    Max ste-types:      6
   16.39 +    Max ste-ssids:      10
   16.40 +
   16.41 +The tool looks in directory policies/chwall_ste for
   16.42 +the label and policy files.
   16.43 +
   16.44 +The default policy directory structure under tools/security looks like:
   16.45 +
   16.46 +policies
   16.47 +|-- security_policy.xsd
   16.48 +|-- chwall
   16.49 +|   |-- chwall-security_label_template.xml
   16.50 +|   `-- chwall-security_policy.xml
   16.51 +|-- chwall_ste
   16.52 +|   |-- chwall_ste-security_label_template.xml
   16.53 +|   `-- chwall_ste-security_policy.xml
   16.54 +|-- null
   16.55 +|   |-- null-security_label_template.xml
   16.56 +|   `-- null-security_policy.xml
   16.57 +`-- ste
   16.58 +    |-- ste-security_label_template.xml
   16.59 +    `-- ste-security_policy.xml
   16.60 +
   16.61 +policies/security_policy.xsd contains the schema against which both the
   16.62 +label-template and the policy files must validate during translation.
   16.63 +
   16.64 +policies/chwall_ste/chwall_ste-security_policy.xml defines the
   16.65 +policies and the types known to the policies.
   16.66 +
   16.67 +policies/chwall_ste/chwall_ste-security_label_template.xml contains
   16.68 +label definitions that group chwall and ste types together and make
   16.69 +them easier to use for users
   16.70 +
   16.71 +After executing the above secpol_xml2bin command, you will find 2 new
   16.72 +files in the policies/chwall_ste sub-directory:
   16.73 +
   16.74 +policies/chwall_ste/chwall_ste.map ... this file includes the mapping
   16.75 +of names from the xml files into their binary code representation.
   16.76 +
   16.77 +policies/chwall_ste/chwall_ste.bin ... this is the binary policy file,
   16.78 +the result of parsing the xml files and using the mapping to extract a
   16.79 +binary version that can be loaded into the hypervisor.
   16.80 +
   16.81 +
   16.82 +
   16.83 +2. Loading and activating the policy:
   16.84 +=====================================
   16.85 +
   16.86 +We assume that xen is already configured to use the chwall_ste policy;
   16.87 +please refer to install.txt for instructions.
   16.88 +
   16.89 +To activate the policy from the command line (assuming that the
   16.90 +currently established policy is the minimal boot-policy that is
   16.91 +hard-coded into the hypervisor:
   16.92 +
   16.93 +# ./secpol_tool loadpolicy policies/chwall_ste/chwall_ste.bin
   16.94 +
   16.95 +To activate the policy at next reboot:
   16.96 +
   16.97 +# cp policies/chwall_ste/chwall_ste.bin /boot
   16.98 +
   16.99 +Add a module line to your /boot/grub/grub.conf Xen entry.
  16.100 +My boot entry with chwall_ste enabled looks like this:
  16.101 +
  16.102 +    title Xen (2.6.12)
  16.103 +        root (hd0,5)
  16.104 +        kernel /boot/xen.gz dom0_mem=1200000 console=vga
  16.105 +        module /boot/vmlinuz-2.6.12-xen0 ro root=/dev/hda6 rhgb
  16.106 +        module /boot/initrd-2.6.12-xen0.img
  16.107 +        module /boot/chwall_ste.bin
  16.108 +
  16.109 +This tells the grub boot-loader to load the binary policy, which
  16.110 +the hypervisor will recognize. The hypervisor will then establish
  16.111 +this binary policy during boot instead of the minimal policy that
  16.112 +is hardcoded as default.
  16.113 +
  16.114 +If you have any trouble here, maks sure you have the access control
  16.115 +framework enabled (see: install.txt).
  16.116 +
  16.117 +
  16.118 +
  16.119 +3. Labeling domains:
  16.120 +====================
  16.121 +
  16.122 +a) Labeling Domain0:
  16.123 +
  16.124 +The chwall_ste-security_label_template.xml file includes an attribute
  16.125 +"bootstrap", which is set to the label name that will be assigned to
  16.126 +Dom0 (this label will be mapped to ssidref 1/1, the default for Dom0).
  16.127 +
  16.128 +b) Labeling User Domains:
  16.129 +
  16.130 +Use the script tools/security/setlabel.sh to choose a label and to
  16.131 +assign labels to user domains.
  16.132 +
  16.133 +To show available labels for the chwall_ste policy:
  16.134 +
  16.135 +#tools/security/setlabel.sh -l
  16.136 +
  16.137 +lists all available labels. For the default chwall_ste it should print
  16.138 +the following:
  16.139 +
  16.140 +    [root@laptopxn security]# ./setlabel.sh -l chwall_ste
  16.141 +    The following labels are available:
  16.142 +    dom_SystemManagement
  16.143 +    dom_HomeBanking
  16.144 +    dom_Fun
  16.145 +    dom_BoincClient
  16.146 +    dom_StorageDomain
  16.147 +    dom_NetworkDomain
  16.148 +
  16.149 +You need to have compiled the policy beforehand so that a .map file
  16.150 +exists. Setlabel.sh uses the mapping file created throughout the
  16.151 +policy translation to translate a user-friendly label string into a
  16.152 +ssidref-number that is eventually used by the Xen hypervisor.
  16.153 +
  16.154 +We distinguish two kinds of labels: a) VM labels (for domains) and RES
  16.155 +Labels (for resources). We are currently working on support for
  16.156 +resource labeling but will focus here on VM labels.
  16.157 +
  16.158 +Setlabel.sh only prints VM labels (which we have prefixed with "dom_")
  16.159 +since only those are used at this time.
  16.160 +
  16.161 +If you would like to assign the dom_HomeBanking label to one of your
  16.162 +user domains (which you hopefully keep clean), look at an example
  16.163 +domain configuration homebanking.xm:
  16.164 +
  16.165 +    #------HOMEBANKING---------
  16.166 +    kernel = "/boot/vmlinuz-2.6.12-xenU"
  16.167 +    ramdisk="/boot/U1_ramdisk.img"
  16.168 +    memory = 65
  16.169 +    name = "test34"
  16.170 +    cpu = -1   # leave to Xen to pick
  16.171 +    # Number of network interfaces. Default is 1.
  16.172 +    nics=1
  16.173 +    dhcp="dhcp"
  16.174 +    #-------------------------
  16.175 +
  16.176 +Now we label this domain
  16.177 +
  16.178 +[root@laptopxn security]# ./setlabel.sh homebanking.xm dom_HomeBanking chwall_ste
  16.179 +Mapped label 'dom_HomeBanking' to ssidref '0x00020002'.
  16.180 +
  16.181 +The domain configuration my look now like:
  16.182 +
  16.183 +    [root@laptopxn security]# cat homebanking.xm
  16.184 +    #------HOMEBANKING---------
  16.185 +    kernel = "/boot/vmlinuz-2.6.12-xenU"
  16.186 +    ramdisk="/boot/U1_ramdisk.img"
  16.187 +    memory = 65
  16.188 +    name = "test34"
  16.189 +    cpu = -1   # leave to Xen to pick
  16.190 +    # Number of network interfaces. Default is 1.
  16.191 +    nics=1
  16.192 +    dhcp="dhcp"
  16.193 +    #-------------------------
  16.194 +    #ACM_POLICY=chwall_ste-security_policy.xml
  16.195 +    #ACM_LABEL=dom_HomeBanking
  16.196 +    ssidref = 0x00020002
  16.197 +
  16.198 +You can see 3 new entries, two of which are comments.  The only value
  16.199 +that the hypervisor cares about is the ssidref that will reference
  16.200 +those types assigned to this label. You can look them up in the
  16.201 +xml label-template file for the chwall_ste policy.
  16.202 +
  16.203 +This script will eventually move into the domain management and will
  16.204 +be called when the domain is instantiated. For now, the setlabel
  16.205 +script must be run on domains whenever the policy files change since
  16.206 +the mapping between label names and ssidrefs can change in this case.
  16.207 +
  16.208 +
  16.209 +4. Starting a labeled domain
  16.210 +============================
  16.211 +
  16.212 +Now, start the domain:
  16.213 +    #xm create -c homebanking.xm
  16.214 +
  16.215 +
  16.216 +If you label another domain configuration as dom_Fun and try to start
  16.217 +it afterwards, its start will fail. Why?
  16.218 +
  16.219 +Because the running homebanking domain has the chinese wall type
  16.220 +"cw_Sensitive". The new domain dom_Fun has the chinese wall label
  16.221 +"cw_Distrusted". This domain is not allowed to run simultaneously
  16.222 +because of the defined conflict set
  16.223 +
  16.224 +			<conflictset name="Protection1">
  16.225 +				<type>cw_Sensitive</type>
  16.226 +				<type>cw_Distrusted</type>
  16.227 +			</conflictset>
  16.228 +
  16.229 +(in policies/chwall_ste/chwall_ste-security_policy.xml), which says
  16.230 +that only one of the types cw_sensitive and cw_Distrusted can run at a
  16.231 +time.
  16.232 +
  16.233 +If you save or shutdown the HomeBanking domain, you will be able to
  16.234 +start the "Fun" domain. You can look into the Xen log to see if a
  16.235 +domain was denied to start because of the access control framework
  16.236 +with the command 'xm dmesg'.
  16.237 +
  16.238 +It is important (and usually non-trivial) to define the labels in a
  16.239 +way that the semantics of the labels are enforced and supported by the
  16.240 +types and the conflict sets.
  16.241 +
  16.242 +Note: While the chinese wall policy enforcement is complete, the type
  16.243 +enforcement is currently enforced in the Xen hypervisor
  16.244 +only. Therefore, only point-to-point sharing with regard to the type
  16.245 +enforcement is currently controlled. We are working on enhancements to
  16.246 +Dom0 that enforce types also for network traffic that is routed
  16.247 +through Dom0 and on the enforcement of resource labeling when binding
  16.248 +resources to domains (e.g., enforcing types between domains and
  16.249 +hardware resources, such as disk partitions).
  16.250 +
  16.251 +
  16.252 +4. Adding your own policies
  16.253 +===========================
  16.254 +
  16.255 +Writing your own policy (e.g. "mypolicy") requires the following:
  16.256 +
  16.257 +a) the policy definition (types etc.) file
  16.258 +b) the label template definition (labels etc.) file
  16.259 +
  16.260 +If your policy name is "mypolicy", you need to create a
  16.261 +subdirectory mypolicy in tools/security/policies.
  16.262 +
  16.263 +Then you create
  16.264 +tools/security/policies/mypolicy/mypolicy-security_policy.xml and
  16.265 +tools/security/policies/mypolicy/mypolicy-security_label_template.xml.
  16.266 +
  16.267 +You need to keep to the schema as defined in
  16.268 +tools/security/security_policy.xsd since the translation tool
  16.269 +secpol_xml2bin is written against this schema.
  16.270 +
  16.271 +If you keep to the security policy schema, then you can use all the
  16.272 +tools described above. Refer to install.txt to install it.
    17.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    17.2 +++ b/tools/security/install.txt	Fri Aug 19 09:03:17 2005 +0000
    17.3 @@ -0,0 +1,67 @@
    17.4 +##
    17.5 +# install.txt <description to the xen access control architecture>
    17.6 +#
    17.7 +# Author:
    17.8 +# Reiner Sailer 08/15/2005 <sailer@watson.ibm.com>
    17.9 +#
   17.10 +#
   17.11 +# This file shows how to activate and install the access control
   17.12 +# framework.
   17.13 +##
   17.14 +
   17.15 +
   17.16 +INSTALLING A SECURITY POLICY IN XEN
   17.17 +===================================
   17.18 +
   17.19 +By default, the access control architecture is disabled in Xen. To
   17.20 +enable the access control architecture in Xen follow the steps below.
   17.21 +This description assumes that you want to install the Chinese Wall and
   17.22 +Simple Type Enforcement policy. Some file names need to be replaced
   17.23 +below to activate the Chinese Wall OR the Type Enforcement policy
   17.24 +exclusively (chwall_ste --> {chwall, ste}).
   17.25 +
   17.26 +1. enable access control in Xen
   17.27 +       # cd "xen_root"
   17.28 +       # edit/xemacs/vi Config.mk
   17.29 +
   17.30 +       change the line:
   17.31 +       ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
   17.32 +
   17.33 +       to:
   17.34 +       ACM_USE_SECURITY_POLICY ?= ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
   17.35 +
   17.36 +       # make all
   17.37 +       # ./install.sh
   17.38 +
   17.39 +2. compile the policy from xml to a binary format that can be loaded
   17.40 +   into the hypervisor for enforcement
   17.41 +       # cd tools/security
   17.42 +       # make
   17.43 +
   17.44 +       manual steps (alternative to make boot_install):
   17.45 +       #./secpol_xml2bin chwall_ste
   17.46 +       #cp policies/chwall_ste/chwall_ste.bin /boot
   17.47 +       #edit /boot/grub/grub.conf
   17.48 +        add the follwoing line to your xen boot entry:
   17.49 +       "module chwall_ste.bin"
   17.50 +
   17.51 +       alternatively, you can try our automatic translation and
   17.52 +       installation of the policy:
   17.53 +       # make boot_install
   17.54 +
   17.55 +       [we try hard to do the right thing to the right boot entry but
   17.56 +        please verify boot entry in /boot/grub/grub.conf afterwards;
   17.57 +        your xen boot entry should have an additional module line
   17.58 +        specifying a chwall_ste.bin file with the correct directory
   17.59 +        (e.g. "/" or "/boot").]
   17.60 +
   17.61 +
   17.62 +3. reboot into the newly compiled hypervisor
   17.63 +
   17.64 +        after boot
   17.65 +	#xm dmesg should show an entry about the policy being loaded
   17.66 +            during the boot process
   17.67 +
   17.68 +        #tools/security/secpol_tool getpolicy
   17.69 +            should print the new chwall_ste binary policy representation
   17.70 +
    18.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    18.2 +++ b/tools/security/policies/chwall/chwall-security_label_template.xml	Fri Aug 19 09:03:17 2005 +0000
    18.3 @@ -0,0 +1,76 @@
    18.4 +<?xml version="1.0"?>
    18.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    18.6 +<!--              This file defines the security labels, which can  -->
    18.7 +<!--              be attached to Domains and resources. Based on    -->
    18.8 +<!--              these labels, the access control module decides   -->
    18.9 +<!--              about sharing between Domains and about access    -->
   18.10 +<!--              of Domains to real resources.                     -->
   18.11 +
   18.12 +<SecurityLabelTemplate
   18.13 + xmlns="http://www.ibm.com"
   18.14 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   18.15 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   18.16 +   <LabelHeader>
   18.17 +      <Name>chwall-security_label_template</Name>
   18.18 +      <Date>2005-08-10</Date>
   18.19 +      <PolicyName>
   18.20 +         <Url>chwall-security_policy.xml</Url>
   18.21 +         <Reference>abcdef123456abcdef</Reference>
   18.22 +      </PolicyName>
   18.23 +   </LabelHeader>
   18.24 +
   18.25 +   <SubjectLabels bootstrap="dom_SystemManagement">
   18.26 +      <!-- single ste typed domains            -->
   18.27 +      <!-- ACM enforces that only domains with -->
   18.28 +      <!-- the same type can share information -->
   18.29 +      <!--                                     -->
   18.30 +      <!-- Bootstrap label is assigned to Dom0 -->
   18.31 +      <VirtualMachineLabel>
   18.32 +      	<Name>dom_HomeBanking</Name>
   18.33 +         <ChineseWallTypes>
   18.34 +            <Type>cw_Sensitive</Type>
   18.35 +         </ChineseWallTypes>
   18.36 +      </VirtualMachineLabel>
   18.37 +
   18.38 +      <VirtualMachineLabel>
   18.39 +      	<Name>dom_Fun</Name>
   18.40 +         <ChineseWallTypes>
   18.41 +            <Type>cw_Distrusted</Type>
   18.42 +         </ChineseWallTypes>
   18.43 +      </VirtualMachineLabel>
   18.44 +
   18.45 +      <VirtualMachineLabel>
   18.46 +        <!-- donating some cycles to seti@home -->
   18.47 +      	<Name>dom_BoincClient</Name>
   18.48 +         <ChineseWallTypes>
   18.49 +            <Type>cw_Isolated</Type>
   18.50 +         </ChineseWallTypes>
   18.51 +      </VirtualMachineLabel>
   18.52 +
   18.53 +      <!-- Domains with multiple ste types services; such domains   -->
   18.54 +      <!-- must keep the types inside their domain safely confined. -->
   18.55 +      <VirtualMachineLabel>
   18.56 +      	<Name>dom_SystemManagement</Name>
   18.57 +         <ChineseWallTypes>
   18.58 +            <Type>cw_SystemManagement</Type>
   18.59 +         </ChineseWallTypes>
   18.60 +      </VirtualMachineLabel>
   18.61 +
   18.62 +      <VirtualMachineLabel>
   18.63 +        <!-- serves persistent storage to other domains -->
   18.64 +      	<Name>dom_StorageDomain</Name>
   18.65 +         <ChineseWallTypes>
   18.66 +            <Type>cw_SystemManagement</Type>
   18.67 +         </ChineseWallTypes>
   18.68 +      </VirtualMachineLabel>
   18.69 +
   18.70 +      <VirtualMachineLabel>
   18.71 +        <!-- serves network access to other domains -->
   18.72 +      	<Name>dom_NetworkDomain</Name>
   18.73 +         <ChineseWallTypes>
   18.74 +            <Type>cw_SystemManagement</Type>
   18.75 +         </ChineseWallTypes>
   18.76 +      </VirtualMachineLabel>
   18.77 +   </SubjectLabels>
   18.78 +</SecurityLabelTemplate>
   18.79 +
    19.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    19.2 +++ b/tools/security/policies/chwall/chwall-security_policy.xml	Fri Aug 19 09:03:17 2005 +0000
    19.3 @@ -0,0 +1,36 @@
    19.4 +<?xml version="1.0" encoding="UTF-8"?>
    19.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    19.6 +<!--             This file defines the security policies, which     -->
    19.7 +<!--             can be enforced by the Xen Access Control Module.  -->
    19.8 +<!--             Currently: Chinese Wall and Simple Type Enforcement-->
    19.9 +<SecurityPolicyDefinition xmlns="http://www.ibm.com"
   19.10 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   19.11 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   19.12 +<PolicyHeader>
   19.13 +		<Name>chwall-security_policy</Name>
   19.14 +		<Date>2005-08-10</Date>
   19.15 +</PolicyHeader>
   19.16 +<!--                                             -->
   19.17 +<!-- example of a chinese wall type definition   -->
   19.18 +<!-- along with its conflict sets                -->
   19.19 +<!-- (typse in a confict set are exclusive, i.e. -->
   19.20 +<!--  once a Domain with one type of a set is    -->
   19.21 +<!--  running, no other Domain with another type -->
   19.22 +<!--  of the same conflict set can start.)       -->
   19.23 +	<ChineseWall priority="PrimaryPolicyComponent">
   19.24 +        <ChineseWallTypes>
   19.25 +            <Type>cw_SystemManagement</Type>
   19.26 +            <Type>cw_Sensitive</Type>
   19.27 +            <Type>cw_Isolated</Type>
   19.28 +            <Type>cw_Distrusted</Type>
   19.29 +        </ChineseWallTypes>
   19.30 +
   19.31 +        <ConflictSets>
   19.32 +        <Conflict name="Protection1">
   19.33 +            <Type>cw_Sensitive</Type>
   19.34 +            <Type>cw_Distrusted</Type>
   19.35 +        </Conflict>
   19.36 +        </ConflictSets>
   19.37 +	</ChineseWall>
   19.38 +</SecurityPolicyDefinition>
   19.39 +
    20.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    20.2 +++ b/tools/security/policies/chwall_ste/chwall_ste-security_label_template.xml	Fri Aug 19 09:03:17 2005 +0000
    20.3 @@ -0,0 +1,167 @@
    20.4 +<?xml version="1.0"?>
    20.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    20.6 +<!--              This file defines the security labels, which can  -->
    20.7 +<!--              be attached to Domains and resources. Based on    -->
    20.8 +<!--              these labels, the access control module decides   -->
    20.9 +<!--              about sharing between Domains and about access    -->
   20.10 +<!--              of Domains to real resources.                     -->
   20.11 +
   20.12 +<SecurityLabelTemplate
   20.13 + xmlns="http://www.ibm.com"
   20.14 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   20.15 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   20.16 +   <LabelHeader>
   20.17 +      <Name>chwall_ste-security_label_template</Name>
   20.18 +      <Date>2005-08-10</Date>
   20.19 +      <PolicyName>
   20.20 +         <Url>chwall_ste-security_policy.xml</Url>
   20.21 +         <Reference>abcdef123456abcdef</Reference>
   20.22 +      </PolicyName>
   20.23 +   </LabelHeader>
   20.24 +
   20.25 +   <SubjectLabels bootstrap="dom_SystemManagement">
   20.26 +      <!-- single ste typed domains            -->
   20.27 +      <!-- ACM enforces that only domains with -->
   20.28 +      <!-- the same type can share information -->
   20.29 +      <!--                                     -->
   20.30 +      <!-- Bootstrap label is assigned to Dom0 -->
   20.31 +      <VirtualMachineLabel>
   20.32 +      	<Name>dom_HomeBanking</Name>
   20.33 +         <SimpleTypeEnforcementTypes>
   20.34 +            <Type>ste_PersonalFinances</Type>
   20.35 +         </SimpleTypeEnforcementTypes>
   20.36 +
   20.37 +         <ChineseWallTypes>
   20.38 +            <Type>cw_Sensitive</Type>
   20.39 +         </ChineseWallTypes>
   20.40 +      </VirtualMachineLabel>
   20.41 +
   20.42 +      <VirtualMachineLabel>
   20.43 +      	<Name>dom_Fun</Name>
   20.44 +         <SimpleTypeEnforcementTypes>
   20.45 +            <Type>ste_InternetInsecure</Type>
   20.46 +         </SimpleTypeEnforcementTypes>
   20.47 +
   20.48 +         <ChineseWallTypes>
   20.49 +            <Type>cw_Distrusted</Type>
   20.50 +         </ChineseWallTypes>
   20.51 +      </VirtualMachineLabel>
   20.52 +
   20.53 +      <VirtualMachineLabel>
   20.54 +        <!-- donating some cycles to seti@home -->
   20.55 +      	<Name>dom_BoincClient</Name>
   20.56 +         <SimpleTypeEnforcementTypes>
   20.57 +            <Type>ste_DonatedCycles</Type>
   20.58 +         </SimpleTypeEnforcementTypes>
   20.59 +
   20.60 +         <ChineseWallTypes>
   20.61 +            <Type>cw_Isolated</Type>
   20.62 +         </ChineseWallTypes>
   20.63 +      </VirtualMachineLabel>
   20.64 +
   20.65 +      <!-- Domains with multiple ste types services; such domains   -->
   20.66 +      <!-- must keep the types inside their domain safely confined. -->
   20.67 +      <VirtualMachineLabel>
   20.68 +      	<Name>dom_SystemManagement</Name>
   20.69 +         <SimpleTypeEnforcementTypes>
   20.70 +            <!-- since dom0 needs access to every domain and -->
   20.71 +            <!-- resource right now ... -->
   20.72 +            <Type>ste_SystemManagement</Type>
   20.73 +            <Type>ste_PersonalFinances</Type>
   20.74 +            <Type>ste_InternetInsecure</Type>
   20.75 +            <Type>ste_DonatedCycles</Type>
   20.76 +            <Type>ste_PersistentStorageA</Type>
   20.77 +            <Type>ste_NetworkAdapter0</Type>
   20.78 +         </SimpleTypeEnforcementTypes>
   20.79 +
   20.80 +         <ChineseWallTypes>
   20.81 +            <Type>cw_SystemManagement</Type>
   20.82 +         </ChineseWallTypes>
   20.83 +      </VirtualMachineLabel>
   20.84 +
   20.85 +      <VirtualMachineLabel>
   20.86 +        <!-- serves persistent storage to other domains -->
   20.87 +      	<Name>dom_StorageDomain</Name>
   20.88 +         <SimpleTypeEnforcementTypes>
   20.89 +            <!-- access right to the resource (hard drive a) -->
   20.90 +            <Type>ste_PersistentStorageA</Type>
   20.91 +            <!-- can serve following types -->
   20.92 +            <Type>ste_PersonalFinances</Type>
   20.93 +            <Type>ste_InternetInsecure</Type>
   20.94 +         </SimpleTypeEnforcementTypes>
   20.95 +
   20.96 +         <ChineseWallTypes>
   20.97 +            <Type>cw_SystemManagement</Type>
   20.98 +         </ChineseWallTypes>
   20.99 +      </VirtualMachineLabel>
  20.100 +
  20.101 +      <VirtualMachineLabel>
  20.102 +        <!-- serves network access to other domains -->
  20.103 +      	<Name>dom_NetworkDomain</Name>
  20.104 +         <SimpleTypeEnforcementTypes>
  20.105 +            <!-- access right to the resource (ethernet card) -->
  20.106 +            <Type>ste_NetworkAdapter0</Type>
  20.107 +            <!-- can serve following types -->
  20.108 +            <Type>ste_PersonalFinances</Type>
  20.109 +            <Type>ste_InternetInsecure</Type>
  20.110 +            <Type>ste_DonatedCycles</Type>
  20.111 +         </SimpleTypeEnforcementTypes>
  20.112 +
  20.113 +         <ChineseWallTypes>
  20.114 +            <Type>cw_SystemManagement</Type>
  20.115 +         </ChineseWallTypes>
  20.116 +      </VirtualMachineLabel>
  20.117 +   </SubjectLabels>
  20.118 +
  20.119 +   <ObjectLabels>
  20.120 +      <ResourceLabel>
  20.121 +      	<Name>res_ManagementResource</Name>
  20.122 +         <SimpleTypeEnforcementTypes>
  20.123 +            <Type>ste_SystemManagement</Type>
  20.124 +         </SimpleTypeEnforcementTypes>
  20.125 +      </ResourceLabel>
  20.126 +
  20.127 +      <ResourceLabel>
  20.128 +      	<Name>res_HardDrive (hda)</Name>
  20.129 +         <SimpleTypeEnforcementTypes>
  20.130 +            <Type>ste_PersistentStorageA</Type>
  20.131 +         </SimpleTypeEnforcementTypes>
  20.132 +      </ResourceLabel>
  20.133 +
  20.134 +      <ResourceLabel>
  20.135 +      	<Name>res_LogicalDiskPartition1 (hda1)</Name>
  20.136 +         <SimpleTypeEnforcementTypes>
  20.137 +            <Type>ste_PersonalFinances</Type>
  20.138 +         </SimpleTypeEnforcementTypes>
  20.139 +      </ResourceLabel>
  20.140 +
  20.141 +      <ResourceLabel>
  20.142 +      	<Name>res_LogicalDiskPartition2 (hda2)</Name>
  20.143 +         <SimpleTypeEnforcementTypes>
  20.144 +            <Type>ste_InternetInsecure</Type>
  20.145 +         </SimpleTypeEnforcementTypes>
  20.146 +      </ResourceLabel>
  20.147 +
  20.148 +      <ResourceLabel>
  20.149 +      	<Name>res_EthernetCard</Name>
  20.150 +         <SimpleTypeEnforcementTypes>
  20.151 +            <Type>ste_NetworkAdapter0</Type>
  20.152 +         </SimpleTypeEnforcementTypes>
  20.153 +      </ResourceLabel>
  20.154 +
  20.155 +      <ResourceLabel>
  20.156 +      	<Name>res_SecurityToken</Name>
  20.157 +         <SimpleTypeEnforcementTypes>
  20.158 +            <Type>ste_PersonalFinances</Type>
  20.159 +         </SimpleTypeEnforcementTypes>
  20.160 +      </ResourceLabel>
  20.161 +
  20.162 +      <ResourceLabel>
  20.163 +      	<Name>res_GraphicsAdapter</Name>
  20.164 +         <SimpleTypeEnforcementTypes>
  20.165 +            <Type>ste_SystemManagement</Type>
  20.166 +         </SimpleTypeEnforcementTypes>
  20.167 +      </ResourceLabel>
  20.168 +   </ObjectLabels>
  20.169 +</SecurityLabelTemplate>
  20.170 +
    21.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    21.2 +++ b/tools/security/policies/chwall_ste/chwall_ste-security_policy.xml	Fri Aug 19 09:03:17 2005 +0000
    21.3 @@ -0,0 +1,49 @@
    21.4 +<?xml version="1.0" encoding="UTF-8"?>
    21.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    21.6 +<!--             This file defines the security policies, which     -->
    21.7 +<!--             can be enforced by the Xen Access Control Module.  -->
    21.8 +<!--             Currently: Chinese Wall and Simple Type Enforcement-->
    21.9 +<SecurityPolicyDefinition xmlns="http://www.ibm.com"
   21.10 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   21.11 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   21.12 +<PolicyHeader>
   21.13 +		<Name>chwall_ste-security_policy</Name>
   21.14 +		<Date>2005-08-10</Date>
   21.15 +</PolicyHeader>
   21.16 +<!--                                                        -->
   21.17 +<!-- example of a simple type enforcement policy definition -->
   21.18 +<!--                                                        -->
   21.19 +	<SimpleTypeEnforcement>
   21.20 +        <SimpleTypeEnforcementTypes>
   21.21 +            <Type>ste_SystemManagement</Type>   <!-- machine/security management -->
   21.22 +            <Type>ste_PersonalFinances</Type>   <!-- personal finances -->
   21.23 +            <Type>ste_InternetInsecure</Type>   <!-- games, active X, etc. -->
   21.24 +            <Type>ste_DonatedCycles</Type>      <!-- donation to BOINC/seti@home -->
   21.25 +            <Type>ste_PersistentStorageA</Type> <!-- domain managing the harddrive A-->
   21.26 +            <Type>ste_NetworkAdapter0</Type>    <!-- type of the domain managing ethernet adapter 0-->
   21.27 +        </SimpleTypeEnforcementTypes>
   21.28 +	</SimpleTypeEnforcement>
   21.29 +<!--                                             -->
   21.30 +<!-- example of a chinese wall type definition   -->
   21.31 +<!-- along with its conflict sets                -->
   21.32 +<!-- (typse in a confict set are exclusive, i.e. -->
   21.33 +<!--  once a Domain with one type of a set is    -->
   21.34 +<!--  running, no other Domain with another type -->
   21.35 +<!--  of the same conflict set can start.)       -->
   21.36 +	<ChineseWall priority="PrimaryPolicyComponent">
   21.37 +        <ChineseWallTypes>
   21.38 +            <Type>cw_SystemManagement</Type>
   21.39 +            <Type>cw_Sensitive</Type>
   21.40 +            <Type>cw_Isolated</Type>
   21.41 +            <Type>cw_Distrusted</Type>
   21.42 +        </ChineseWallTypes>
   21.43 +
   21.44 +        <ConflictSets>
   21.45 +        <Conflict name="Protection1">
   21.46 +            <Type>cw_Sensitive</Type>
   21.47 +            <Type>cw_Distrusted</Type>
   21.48 +        </Conflict>
   21.49 +        </ConflictSets>
   21.50 +	</ChineseWall>
   21.51 +</SecurityPolicyDefinition>
   21.52 +
    22.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    22.2 +++ b/tools/security/policies/null/null-security_label_template.xml	Fri Aug 19 09:03:17 2005 +0000
    22.3 @@ -0,0 +1,24 @@
    22.4 +<?xml version="1.0"?>
    22.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    22.6 +<!--              This file defines the security labels, which can  -->
    22.7 +<!--              be attached to Domains and resources. Based on    -->
    22.8 +<!--              these labels, the access control module decides   -->
    22.9 +<!--              about sharing between Domains and about access    -->
   22.10 +<!--              of Domains to real resources.                     -->
   22.11 +
   22.12 +<SecurityLabelTemplate
   22.13 + xmlns="http://www.ibm.com"
   22.14 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   22.15 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   22.16 +   <LabelHeader>
   22.17 +      <Name>null-security_label_template</Name>
   22.18 +
   22.19 +      <Date>2005-08-10</Date>
   22.20 +      <PolicyName>
   22.21 +         <Url>null-security_policy.xml</Url>
   22.22 +
   22.23 +         <Reference>abcdef123456abcdef</Reference>
   22.24 +      </PolicyName>
   22.25 +   </LabelHeader>
   22.26 +</SecurityLabelTemplate>
   22.27 +
    23.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    23.2 +++ b/tools/security/policies/null/null-security_policy.xml	Fri Aug 19 09:03:17 2005 +0000
    23.3 @@ -0,0 +1,14 @@
    23.4 +<?xml version="1.0" encoding="UTF-8"?>
    23.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    23.6 +<!--             This file defines the security policies, which     -->
    23.7 +<!--             can be enforced by the Xen Access Control Module.  -->
    23.8 +<!--             Currently: Chinese Wall and Simple Type Enforcement-->
    23.9 +<SecurityPolicyDefinition xmlns="http://www.ibm.com"
   23.10 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   23.11 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   23.12 +<PolicyHeader>
   23.13 +		<Name>null-security_policy</Name>
   23.14 +		<Date>2005-08-10</Date>
   23.15 +</PolicyHeader>
   23.16 +</SecurityPolicyDefinition>
   23.17 +
    24.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    24.2 +++ b/tools/security/policies/security_policy.xsd	Fri Aug 19 09:03:17 2005 +0000
    24.3 @@ -0,0 +1,138 @@
    24.4 +<?xml version="1.0" encoding="UTF-8"?>
    24.5 +<!-- Author: Ray Valdez, Reiner Sailer {rvaldez,sailer}@us.ibm.com -->
    24.6 +<!--         This file defines the schema, which is used to define -->
    24.7 +<!--         the security policy and the security labels in Xe.    -->
    24.8 +
    24.9 +<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.ibm.com" xmlns="http://www.ibm.com" elementFormDefault="qualified">
   24.10 +	<xsd:element name="SecurityPolicyDefinition">
   24.11 +		<xsd:complexType>
   24.12 +			<xsd:sequence>
   24.13 +				<xsd:element ref="PolicyHeader" minOccurs="0" maxOccurs="1"></xsd:element>
   24.14 +				<xsd:element ref="SimpleTypeEnforcement" minOccurs="0" maxOccurs="1"></xsd:element>
   24.15 +				<xsd:element ref="ChineseWall" minOccurs="0" maxOccurs="1"></xsd:element>
   24.16 +			</xsd:sequence>
   24.17 +		</xsd:complexType>
   24.18 +	</xsd:element>
   24.19 +	<xsd:element name="SecurityLabelTemplate">
   24.20 +		<xsd:complexType>
   24.21 +			<xsd:sequence>
   24.22 +				<xsd:element ref="LabelHeader" minOccurs="1" maxOccurs="1"></xsd:element>
   24.23 +				<xsd:element name="SubjectLabels" minOccurs="0" maxOccurs="1">
   24.24 +					<xsd:complexType>
   24.25 +						<xsd:sequence>
   24.26 +							<xsd:element ref="VirtualMachineLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
   24.27 +						</xsd:sequence>
   24.28 +						<xsd:attribute name="bootstrap" type="xsd:string" use="required"></xsd:attribute>
   24.29 +					</xsd:complexType>
   24.30 +				</xsd:element>
   24.31 +				<xsd:element name="ObjectLabels" minOccurs="0" maxOccurs="1">
   24.32 +					<xsd:complexType>
   24.33 +						<xsd:sequence>
   24.34 +							<xsd:element ref="ResourceLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
   24.35 +						</xsd:sequence>
   24.36 +					</xsd:complexType>
   24.37 +				</xsd:element>
   24.38 +			</xsd:sequence>
   24.39 +		</xsd:complexType>
   24.40 +	</xsd:element>
   24.41 +	<xsd:element name="PolicyHeader">
   24.42 +		<xsd:complexType>
   24.43 +			<xsd:sequence>
   24.44 +				<xsd:element ref="Name" minOccurs="1" maxOccurs="1" />
   24.45 +				<xsd:element ref="Date" minOccurs="1" maxOccurs="1" />
   24.46 +			</xsd:sequence>
   24.47 +		</xsd:complexType>
   24.48 +	</xsd:element>
   24.49 +	<xsd:element name="LabelHeader">
   24.50 +		<xsd:complexType>
   24.51 +			<xsd:sequence>
   24.52 +				<xsd:element ref="Name"></xsd:element>
   24.53 +				<xsd:element ref="Date" minOccurs="1" maxOccurs="1"></xsd:element>
   24.54 +				<xsd:element ref="PolicyName" minOccurs="1" maxOccurs="1"></xsd:element>
   24.55 +			</xsd:sequence>
   24.56 +		</xsd:complexType>
   24.57 +	</xsd:element>
   24.58 +	<xsd:element name="SimpleTypeEnforcement">
   24.59 +		<xsd:complexType>
   24.60 +			<xsd:sequence>
   24.61 +				<xsd:element ref="SimpleTypeEnforcementTypes" />
   24.62 +			</xsd:sequence>
   24.63 +			<xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
   24.64 +		</xsd:complexType>
   24.65 +	</xsd:element>
   24.66 +	<xsd:element name="ChineseWall">
   24.67 +		<xsd:complexType>
   24.68 +			<xsd:sequence>
   24.69 +				<xsd:element ref="ChineseWallTypes" />
   24.70 +				<xsd:element ref="ConflictSets" />
   24.71 +			</xsd:sequence>
   24.72 +			<xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
   24.73 +		</xsd:complexType>
   24.74 +	</xsd:element>
   24.75 +	<xsd:element name="ChineseWallTypes">
   24.76 +		<xsd:complexType>
   24.77 +			<xsd:sequence>
   24.78 +				<xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" />
   24.79 +			</xsd:sequence>
   24.80 +		</xsd:complexType>
   24.81 +	</xsd:element>
   24.82 +	<xsd:element name="ConflictSets">
   24.83 +		<xsd:complexType>
   24.84 +			<xsd:sequence>
   24.85 +				<xsd:element maxOccurs="unbounded" minOccurs="1" ref="Conflict" />
   24.86 +			</xsd:sequence>
   24.87 +		</xsd:complexType>
   24.88 +	</xsd:element>
   24.89 +	<xsd:element name="SimpleTypeEnforcementTypes">
   24.90 +		<xsd:complexType>
   24.91 +			<xsd:sequence>
   24.92 +				<xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" />
   24.93 +			</xsd:sequence>
   24.94 +		</xsd:complexType>
   24.95 +	</xsd:element>
   24.96 +	<xsd:element name="Conflict">
   24.97 +		<xsd:complexType>
   24.98 +			<xsd:sequence>
   24.99 +				<xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" />
  24.100 +			</xsd:sequence>
  24.101 +			<xsd:attribute name="name" type="xsd:string" use="optional"></xsd:attribute>
  24.102 +		</xsd:complexType>
  24.103 +	</xsd:element>
  24.104 +	<xsd:element name="VirtualMachineLabel">
  24.105 +		<xsd:complexType>
  24.106 +			<xsd:sequence>
  24.107 +				<xsd:element ref="Name"></xsd:element>
  24.108 +				<xsd:element ref="SimpleTypeEnforcementTypes" minOccurs="0" maxOccurs="unbounded" />
  24.109 +				<xsd:element ref="ChineseWallTypes" minOccurs="0" maxOccurs="unbounded" />
  24.110 +			</xsd:sequence>
  24.111 +		</xsd:complexType>
  24.112 +	</xsd:element>
  24.113 +	<xsd:element name="ResourceLabel">
  24.114 +		<xsd:complexType>
  24.115 +			<xsd:sequence>
  24.116 +				<xsd:element ref="Name"></xsd:element>
  24.117 +				<xsd:element ref="SimpleTypeEnforcementTypes" minOccurs="0" maxOccurs="unbounded" />
  24.118 +			</xsd:sequence>
  24.119 +		</xsd:complexType>
  24.120 +	</xsd:element>
  24.121 +	<xsd:element name="PolicyName">
  24.122 +		<xsd:complexType>
  24.123 +			<xsd:sequence>
  24.124 +				<xsd:element ref="Url" />
  24.125 +				<xsd:element ref="Reference" />
  24.126 +			</xsd:sequence>
  24.127 +		</xsd:complexType>
  24.128 +	</xsd:element>
  24.129 +	<xsd:element name="Date" type="xsd:string" />
  24.130 +	<xsd:element name="Name" type="xsd:string" />
  24.131 +	<xsd:element name="Type" type="xsd:string" />
  24.132 +	<xsd:element name="Reference" type="xsd:string" />
  24.133 +	<xsd:element name="Url"></xsd:element>
  24.134 +
  24.135 +	<xsd:simpleType name="PolicyOrder">
  24.136 +		<xsd:restriction base="xsd:string">
  24.137 +			<xsd:enumeration value="PrimaryPolicyComponent"></xsd:enumeration>
  24.138 +		</xsd:restriction>
  24.139 +	</xsd:simpleType>
  24.140 +
  24.141 +</xsd:schema>
    25.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    25.2 +++ b/tools/security/policies/ste/ste-security_label_template.xml	Fri Aug 19 09:03:17 2005 +0000
    25.3 @@ -0,0 +1,143 @@
    25.4 +<?xml version="1.0"?>
    25.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    25.6 +<!--              This file defines the security labels, which can  -->
    25.7 +<!--              be attached to Domains and resources. Based on    -->
    25.8 +<!--              these labels, the access control module decides   -->
    25.9 +<!--              about sharing between Domains and about access    -->
   25.10 +<!--              of Domains to real resources.                     -->
   25.11 +
   25.12 +<SecurityLabelTemplate
   25.13 + xmlns="http://www.ibm.com"
   25.14 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   25.15 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   25.16 +   <LabelHeader>
   25.17 +      <Name>ste-security_label_template</Name>
   25.18 +      <Date>2005-08-10</Date>
   25.19 +      <PolicyName>
   25.20 +         <Url>ste-security_policy.xml</Url>
   25.21 +         <Reference>abcdef123456abcdef</Reference>
   25.22 +      </PolicyName>
   25.23 +   </LabelHeader>
   25.24 +
   25.25 +   <SubjectLabels bootstrap="dom_SystemManagement">
   25.26 +      <!-- single ste typed domains            -->
   25.27 +      <!-- ACM enforces that only domains with -->
   25.28 +      <!-- the same type can share information -->
   25.29 +      <!--                                     -->
   25.30 +      <!-- Bootstrap label is assigned to Dom0 -->
   25.31 +      <VirtualMachineLabel>
   25.32 +      	<Name>dom_HomeBanking</Name>
   25.33 +         <SimpleTypeEnforcementTypes>
   25.34 +            <Type>ste_PersonalFinances</Type>
   25.35 +         </SimpleTypeEnforcementTypes>
   25.36 +      </VirtualMachineLabel>
   25.37 +
   25.38 +      <VirtualMachineLabel>
   25.39 +      	<Name>dom_Fun</Name>
   25.40 +         <SimpleTypeEnforcementTypes>
   25.41 +            <Type>ste_InternetInsecure</Type>
   25.42 +         </SimpleTypeEnforcementTypes>
   25.43 +      </VirtualMachineLabel>
   25.44 +
   25.45 +      <VirtualMachineLabel>
   25.46 +        <!-- donating some cycles to seti@home -->
   25.47 +      	<Name>dom_BoincClient</Name>
   25.48 +         <SimpleTypeEnforcementTypes>
   25.49 +            <Type>ste_DonatedCycles</Type>
   25.50 +         </SimpleTypeEnforcementTypes>
   25.51 +      </VirtualMachineLabel>
   25.52 +
   25.53 +      <!-- Domains with multiple ste types services; such domains   -->
   25.54 +      <!-- must keep the types inside their domain safely confined. -->
   25.55 +      <VirtualMachineLabel>
   25.56 +      	<Name>dom_SystemManagement</Name>
   25.57 +         <SimpleTypeEnforcementTypes>
   25.58 +            <!-- since dom0 needs access to every domain and -->
   25.59 +            <!-- resource right now ... -->
   25.60 +            <Type>ste_SystemManagement</Type>
   25.61 +            <Type>ste_PersonalFinances</Type>
   25.62 +            <Type>ste_InternetInsecure</Type>
   25.63 +            <Type>ste_DonatedCycles</Type>
   25.64 +            <Type>ste_PersistentStorageA</Type>
   25.65 +            <Type>ste_NetworkAdapter0</Type>
   25.66 +         </SimpleTypeEnforcementTypes>
   25.67 +      </VirtualMachineLabel>
   25.68 +
   25.69 +      <VirtualMachineLabel>
   25.70 +        <!-- serves persistent storage to other domains -->
   25.71 +      	<Name>dom_StorageDomain</Name>
   25.72 +         <SimpleTypeEnforcementTypes>
   25.73 +            <!-- access right to the resource (hard drive a) -->
   25.74 +            <Type>ste_PersistentStorageA</Type>
   25.75 +            <!-- can serve following types -->
   25.76 +            <Type>ste_PersonalFinances</Type>
   25.77 +            <Type>ste_InternetInsecure</Type>
   25.78 +         </SimpleTypeEnforcementTypes>
   25.79 +      </VirtualMachineLabel>
   25.80 +
   25.81 +      <VirtualMachineLabel>
   25.82 +        <!-- serves network access to other domains -->
   25.83 +      	<Name>dom_NetworkDomain</Name>
   25.84 +         <SimpleTypeEnforcementTypes>
   25.85 +            <!-- access right to the resource (ethernet card) -->
   25.86 +            <Type>ste_NetworkAdapter0</Type>
   25.87 +            <!-- can serve following types -->
   25.88 +            <Type>ste_PersonalFinances</Type>
   25.89 +            <Type>ste_InternetInsecure</Type>
   25.90 +            <Type>ste_DonatedCycles</Type>
   25.91 +         </SimpleTypeEnforcementTypes>
   25.92 +      </VirtualMachineLabel>
   25.93 +   </SubjectLabels>
   25.94 +
   25.95 +   <ObjectLabels>
   25.96 +      <ResourceLabel>
   25.97 +      	<Name>res_ManagementResource</Name>
   25.98 +         <SimpleTypeEnforcementTypes>
   25.99 +            <Type>ste_SystemManagement</Type>
  25.100 +         </SimpleTypeEnforcementTypes>
  25.101 +      </ResourceLabel>
  25.102 +
  25.103 +      <ResourceLabel>
  25.104 +      	<Name>res_HardDrive (hda)</Name>
  25.105 +         <SimpleTypeEnforcementTypes>
  25.106 +            <Type>ste_PersistentStorageA</Type>
  25.107 +         </SimpleTypeEnforcementTypes>
  25.108 +      </ResourceLabel>
  25.109 +
  25.110 +      <ResourceLabel>
  25.111 +      	<Name>res_LogicalDiskPartition1 (hda1)</Name>
  25.112 +         <SimpleTypeEnforcementTypes>
  25.113 +            <Type>ste_PersonalFinances</Type>
  25.114 +         </SimpleTypeEnforcementTypes>
  25.115 +      </ResourceLabel>
  25.116 +
  25.117 +      <ResourceLabel>
  25.118 +      	<Name>res_LogicalDiskPartition2 (hda2)</Name>
  25.119 +         <SimpleTypeEnforcementTypes>
  25.120 +            <Type>ste_InternetInsecure</Type>
  25.121 +         </SimpleTypeEnforcementTypes>
  25.122 +      </ResourceLabel>
  25.123 +
  25.124 +      <ResourceLabel>
  25.125 +      	<Name>res_EthernetCard</Name>
  25.126 +         <SimpleTypeEnforcementTypes>
  25.127 +            <Type>ste_NetworkAdapter0</Type>
  25.128 +         </SimpleTypeEnforcementTypes>
  25.129 +      </ResourceLabel>
  25.130 +
  25.131 +      <ResourceLabel>
  25.132 +      	<Name>res_SecurityToken</Name>
  25.133 +         <SimpleTypeEnforcementTypes>
  25.134 +            <Type>ste_PersonalFinances</Type>
  25.135 +         </SimpleTypeEnforcementTypes>
  25.136 +      </ResourceLabel>
  25.137 +
  25.138 +      <ResourceLabel>
  25.139 +      	<Name>res_GraphicsAdapter</Name>
  25.140 +         <SimpleTypeEnforcementTypes>
  25.141 +            <Type>ste_SystemManagement</Type>
  25.142 +         </SimpleTypeEnforcementTypes>
  25.143 +      </ResourceLabel>
  25.144 +   </ObjectLabels>
  25.145 +</SecurityLabelTemplate>
  25.146 +
    26.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    26.2 +++ b/tools/security/policies/ste/ste-security_policy.xml	Fri Aug 19 09:03:17 2005 +0000
    26.3 @@ -0,0 +1,27 @@
    26.4 +<?xml version="1.0" encoding="UTF-8"?>
    26.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
    26.6 +<!--             This file defines the security policies, which     -->
    26.7 +<!--             can be enforced by the Xen Access Control Module.  -->
    26.8 +<!--             Currently: Chinese Wall and Simple Type Enforcement-->
    26.9 +<SecurityPolicyDefinition xmlns="http://www.ibm.com"
   26.10 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   26.11 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
   26.12 +<PolicyHeader>
   26.13 +		<Name>ste-security_policy</Name>
   26.14 +		<Date>2005-08-10</Date>
   26.15 +</PolicyHeader>
   26.16 +<!--                                                        -->
   26.17 +<!-- example of a simple type enforcement policy definition -->
   26.18 +<!--                                                        -->
   26.19 +	<SimpleTypeEnforcement>
   26.20 +        <SimpleTypeEnforcementTypes>
   26.21 +            <Type>ste_SystemManagement</Type>   <!-- machine/security management -->
   26.22 +            <Type>ste_PersonalFinances</Type>   <!-- personal finances -->
   26.23 +            <Type>ste_InternetInsecure</Type>   <!-- games, active X, etc. -->
   26.24 +            <Type>ste_DonatedCycles</Type>      <!-- donation to BOINC/seti@home -->
   26.25 +            <Type>ste_PersistentStorageA</Type> <!-- domain managing the harddrive A-->
   26.26 +            <Type>ste_NetworkAdapter0</Type>    <!-- type of the domain managing ethernet adapter 0-->
   26.27 +        </SimpleTypeEnforcementTypes>
   26.28 +	</SimpleTypeEnforcement>
   26.29 +</SecurityPolicyDefinition>
   26.30 +
    27.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    27.2 +++ b/tools/security/policy.txt	Fri Aug 19 09:03:17 2005 +0000
    27.3 @@ -0,0 +1,405 @@
    27.4 +##
    27.5 +# policy.txt <description to the Xen access control architecture>
    27.6 +#
    27.7 +# Author:
    27.8 +# Reiner Sailer 08/15/2005 <sailer@watson.ibm.com>
    27.9 +#
   27.10 +#
   27.11 +# This file gives an overview of the security policies currently
   27.12 +# provided and also gives some reasoning about how to assign
   27.13 +# labels to domains.
   27.14 +##
   27.15 +
   27.16 +Xen access control policies
   27.17 +
   27.18 +
   27.19 +General explanation of supported security policies:
   27.20 +=====================================================
   27.21 +
   27.22 +We have implemented the mandatory access control architecture of our
   27.23 +hypervisor security architecture (sHype) for the Xen hypervisor. It
   27.24 +controls communication (in Xen: event channels, grant tables) between
   27.25 +Virtual Machines (from here on called domains) and through this the
   27.26 +virtual block devices, networking, and shared memory are implemented
   27.27 +on top of these communication means. While we have implemented the
   27.28 +described policies and access control architecture for other
   27.29 +hypervisor systems, we will describe below specifically its
   27.30 +implementation and use in the Xen hypervisor. The policy enforcement
   27.31 +is called mandatory regarding user domains since the policy it is
   27.32 +given by the security administration and enforced independently of the
   27.33 +user domains by the Xen hypervisor in cooperation with the domain
   27.34 +management.
   27.35 +
   27.36 +The access control architecture consists of three parts:
   27.37 +
   27.38 +i) The access control policy determines the "command set" of the ACM
   27.39 +and the hooks with which they can be configured to constrain the
   27.40 +sharing of virtual resources. The current access control architecture
   27.41 +implemented for Xen supports two policies: Chinese Wall and Simple
   27.42 +Type Enforcement, which we describe in turn below.
   27.43 +
   27.44 +
   27.45 +ii) The actually enforced policy instantiation uses the policy
   27.46 +language (i) to configure the Xen access control in a way that suits
   27.47 +the specific application (home desktop environment, company desktop,
   27.48 +Web server system, etc.). We have defined an exemplary policy
   27.49 +instantiation for Chinese Wall (chwall policy) and Simple Type
   27.50 +Enforcement (ste policy) for a desktop system. We offer these policies
   27.51 +in combination since they are controlling orthogonal events.
   27.52 +
   27.53 +
   27.54 +iii) The access control module (ACM) and related hooks are part of the
   27.55 +core hypervisor and their controls cannot be bypassed by domains. The
   27.56 +ACM and hooks are the active security components. We refer to
   27.57 +publications that describe how access control is enforced in the Xen
   27.58 +hypervisor using the ACM (access decision) and the hooks (decision
   27.59 +enforcement) inserted into the setup of event channels and grant
   27.60 +tables, and into domain operations (create, destroy, save, restore,
   27.61 +migrate). These controls decide based on the active policy
   27.62 +configuration (see i. and ii.) if the operation proceeds of if the
   27.63 +operation is aborted (denied).
   27.64 +
   27.65 +
   27.66 +In general, security policy instantiations in the Xen access control
   27.67 +framework are defined by two files:
   27.68 +
   27.69 +a) a single "policy-name"-security_policy.xml file that defines the
   27.70 +types known to the ACM and policy rules based on these types
   27.71 +
   27.72 +b) a single "policy-name"-security_label_template.xml file that
   27.73 +defines labels based on known types
   27.74 +
   27.75 +Every security policy has its own sub-directory under
   27.76 +"Xen-root"/tools/security/policies in order to simplify their
   27.77 +management and the security policy tools. We will describe those files
   27.78 +for our example policy (Chinese Wall and Simple Type Enforcement) in
   27.79 +more detail as we go along. Eventually, we will move towards a system
   27.80 +installation where the policies will reside under /etc.
   27.81 +
   27.82 +
   27.83 +CHINESE WALL
   27.84 +============
   27.85 +
   27.86 +The Chinese Wall policy enables the user to define "which workloads
   27.87 +(domain payloads) cannot run on a single physical system at the same
   27.88 +time". Why would we want to prevent workloads from running at the same
   27.89 +time on the same system? This supports requirements that can (but
   27.90 +don't have to) be rooted in the measure of trust into the isolation of
   27.91 +different domains that share the same hardware. Since the access
   27.92 +control architecture aims at high performance and non-intrusive
   27.93 +implementation, it currently does not address covert (timing) channels
   27.94 +and aims at medium assurance. Users can apply the Chinese Wall policy
   27.95 +to guarantee an air-gap between very sensitive payloads both regarding
   27.96 +covert information channels and regarding resource starvation.
   27.97 +
   27.98 +To enable the CW control, each domain is labeled with a set of Chinese
   27.99 +Wall types and CW Conflict Sets are defined which include those CW
  27.100 +types that cannot run simultaneously on the same hardware. This
  27.101 +interpretation of conflict sets is the only policy rule for the Chines
  27.102 +Wall policy.
  27.103 +
  27.104 +This is enforced by controlling the start of domains according to
  27.105 +their assigned CW worload types. Domains with Chinese Wall types that
  27.106 +appear in a common conflict set are running mutually exclusive on a
  27.107 +platform, i.e., once a domain with one of the cw-types of a conflict
  27.108 +set is running, no domain with another cw-type of the same conflict
  27.109 +set can start until the first domain is destroyed, paused, or migrated
  27.110 +away from the physical system (this assumes that such a partition can
  27.111 +no longer be observed). The idea is to assign cw-types according to
  27.112 +the type of payload that a domain runs and to use the Chinese Wall
  27.113 +policy to ensure that payload types can be differentiated by the
  27.114 +hypervisor and can be prevented from being executed on the same system
  27.115 +at the same time. Using the flexible CW policy maintains system
  27.116 +consolidation and workload-balancing while introducing guaranteed
  27.117 +constraints where necessary.
  27.118 +
  27.119 +
  27.120 +Example of a Chinese Wall Policy Instantiation
  27.121 +----------------------------------------------
  27.122 +
  27.123 +The file chwall-security_policy.xml defines the Chinese Wall types as
  27.124 +well as the conflict sets for our example policy (you find it in the
  27.125 +directory "xen_root"/tools/security/policies/chwall).
  27.126 +
  27.127 +It defines four Chinese Wall types (prefixed with cw_) with the
  27.128 +following meaning:
  27.129 +
  27.130 +* cw_SystemsManagement is a type identifying workloads for systems
  27.131 +management, e.g., domain management, device management, or hypervisor
  27.132 +management.
  27.133 +
  27.134 +* cw_Sensitive is identifying workloads that are critical to the user
  27.135 +for one reason or another.
  27.136 +
  27.137 +* cw_Distrusted is identifying workloads a user does not have much
  27.138 +confidence in. E.g. a domain used for surfing in the internet without
  27.139 +protection( i.e., active-X, java, java-script, executing web content)
  27.140 +or for (Internet) Games should be typed this way.
  27.141 +
  27.142 +* cw_Isolated is identifying workloads that are supposedly isolated by
  27.143 +use of the type enforcement policy (described below). For example, if
  27.144 +a user wants to donate cycles to seti@home, she can setup a separate
  27.145 +domain for a Boinc (http://boinc.ssl.berkeley.edu/) client, disable
  27.146 +this domain from accessing the hard drive and from communicating to
  27.147 +other local domains, and type it as cw_Isolated. We will look at a
  27.148 +specific example later.
  27.149 +
  27.150 +The example policy uses the defined types to define one conflict set:
  27.151 +Protection1 = {cw_Sensitive, cw_Distrusted}. This conflict set tells
  27.152 +the hypervisor that once a domain typed as cw_Sensitive is running, a
  27.153 +domain typed as cw_Distrusted cannot run concurrently (and the other
  27.154 +way round). With this policy, a domain typed as cw_Isolated is allowed
  27.155 +to run simultaneously with domains tagged as cw_Sensitive.
  27.156 +
  27.157 +Consequently, the access control module in the Xen hypervisor
  27.158 +distinguishes in this example policy 4 different workload types in
  27.159 +this example policy. It is the user's responsibility to type the
  27.160 +domains in a way that reflects the workloads of these domains and, in
  27.161 +the case of cw_Isolated, its properties, e.g. by configuring the
  27.162 +sharing capabilities of the domain accordingly by using the simple
  27.163 +type enforcement policy.
  27.164 +
  27.165 +Users can define their own or change the existing example policy
  27.166 +according to their working environment and security requirements. To
  27.167 +do so, replace the file chwall-security_policy.xml with the new
  27.168 +policy.
  27.169 +
  27.170 +
  27.171 +SIMPLE TYPE ENFORCEMENT
  27.172 +=======================
  27.173 +
  27.174 +The file ste-security_policy.xml defines the simple type enforcement
  27.175 +types for our example policy (you find it in the directory
  27.176 +"xen_root"/tools/security/policies/ste). The Simple Type Enforcement
  27.177 +policy defines which domains can share information with which other
  27.178 +domains. To this end, it controls
  27.179 +
  27.180 +i) inter-domain communication channels (e.g., network traffic, events,
  27.181 +and shared memory).
  27.182 +
  27.183 +ii) access of domains to physical resources (e.g., hard drive, network
  27.184 +cards, graphics adapter, keyboard).
  27.185 +
  27.186 +In order to enable the hypervisor to distinguish different domains and
  27.187 +the user to express access rules, the simple type enforcement defines
  27.188 +a set of types (ste_types).
  27.189 +
  27.190 +The policy defines that communication between domains is allowed if
  27.191 +the domains share a common STE type. As with the chwall types, STE
  27.192 +types should enable the differentiation of workloads. The simple type
  27.193 +enforcement access control implementation in the hypervisor enforces
  27.194 +that domains can only communicate (setup event channels, grant tables)
  27.195 +if they share a common type, i.e., both domains have assigned at least
  27.196 +on type in common. A domain can access a resource, if the domain and
  27.197 +the resource share a common type. Hence, assigning STE types to
  27.198 +domains and resources allows users to define constraints on sharing
  27.199 +between domains and to keep sensitive data confined from distrusted
  27.200 +domains.
  27.201 +
  27.202 +Domain <--> Domain Sharing
  27.203 +''''''''''''''''''''''''''
  27.204 +(implemented but its effective use requires factorization of Dom0)
  27.205 +
  27.206 +a) Domains with a single STE type (general user domains): Sharing
  27.207 +between such domains is enforced entirely by the hypervisor access
  27.208 +control. It is independent of the domains and does not require their
  27.209 +co-operation.
  27.210 +
  27.211 +b) Domains with multiple STE types: One example is a domain that
  27.212 +virtualizes a physical resource (e.g., hard drive) and serves it as
  27.213 +multiple virtual resources (virtual block drives) to other domains of
  27.214 +different types. The idea is that only a specific device domain has
  27.215 +assigned the type required to access the physical hard-drive. Logical
  27.216 +drives are then assigned the types of domains that have access to this
  27.217 +logical drive. Since the Xen hypervisor cannot distinguish between the
  27.218 +logical drives, the access control (type enforcement) is delegated to
  27.219 +the device domain, which has access to the types of domains requesting
  27.220 +to mount a logical drive as well as the types assigned to the
  27.221 +different available logical drives.
  27.222 +
  27.223 +Currently in Xen, Dom0 controls all hardware, needs to communicate
  27.224 +with all domains during their setup, and intercepts all communication
  27.225 +between domains. Consequently, Dom0 needs to be assigned all types
  27.226 +used and must be completely trusted to maintain the separation of
  27.227 +informatio ncoming from domains with different STE types. Thus a
  27.228 +refactoring of Dom0 is recommended for stronger confinement
  27.229 +guarantees.
  27.230 +
  27.231 +Domain --> RESOURCES Access
  27.232 +'''''''''''''''''''''''''''
  27.233 +(current work)
  27.234 +
  27.235 +We define for each resource that we want to distinguish a separate STE
  27.236 +type. Each STE type is assigned to the respective resource and to
  27.237 +those domains that are allowed to access this resource. Type
  27.238 +enforcement will guarantee that other domains cannot access this
  27.239 +resource since they don't share the resource's STE type.
  27.240 +
  27.241 +Since in the current implementation of Xen, Dom0 controls access to
  27.242 +all hardware (e.g., disk drives, network), Domain-->Resource access
  27.243 +control enforcement must be implemented in Dom0. This is possible
  27.244 +since Dom0 has access to both the domain configuration (including the
  27.245 +domain STE types) and the resource configuration (including the
  27.246 +resource STE types).
  27.247 +
  27.248 +For purposes of gaining higher assurance in the resulting system, it
  27.249 +may be desirable to reduce the size of dom0 by adding one or more
  27.250 +"device domains" (DDs). These DDs, e.g. providing storage or network
  27.251 +access, can support one or more physical devices, and manage
  27.252 +enforcement of MAC policy relevant for said devices. Security benefits
  27.253 +come from the smaller size of these DDs, as they can be more easily
  27.254 +audited than monolithic device driver domains. DDs can help to obtain
  27.255 +maximum security benefit from sHype.
  27.256 +
  27.257 +
  27.258 +Example of a Simple Type Enforcement Policy Instantiation
  27.259 +---------------------------------------------------------
  27.260 +
  27.261 +We define the following types:
  27.262 +
  27.263 +* ste_SystemManagement identifies workloads (and domains that runs
  27.264 +them) that must share information to accomplish the management of the
  27.265 +system
  27.266 +
  27.267 +* ste_PersonalFinances identifies workloads that are related to
  27.268 +sensitive programs such as HomeBanking applications or safely
  27.269 +configured web browsers for InternetBanking
  27.270 +
  27.271 +* ste_InternetInsecure identifies workloads that are very
  27.272 +function-rich and unrestricted to offer for example an environment
  27.273 +where internet games can run efficiently
  27.274 +
  27.275 +* ste_DonatedCycles identifies workloads that run on behalf of others,
  27.276 +e.g. a Boinc client
  27.277 +
  27.278 +* ste_PersistentStorage identifies workloads that have direct access
  27.279 +to persistent storage (e.g., hard drive)
  27.280 +
  27.281 +* ste_NetworkAccess identifies workload that have direct access to
  27.282 +network cards and related networks
  27.283 +
  27.284 +
  27.285 +
  27.286 +SECURITY LABEL TEMPLATES
  27.287 +========================
  27.288 +
  27.289 +We introduce security label templates because it is difficult for
  27.290 +users to ensure tagging of domains consistently and since there are
  27.291 +--as we have seen in the case of isolation-- useful dependencies
  27.292 +between the policies. Security Label Templates define type sets that
  27.293 +can be addressed by more user-friendly label names,
  27.294 +e.g. dom_Homebanking describes a typical typeset tagged to domains
  27.295 +used for sensitive Homebanking work-loads. Labels are defined in the
  27.296 +file
  27.297 +
  27.298 +Using Security Label Templates has multiple advantages:
  27.299 +a) easy reference of typical sets of type assignments
  27.300 +b) consistent interpretation of type combinations
  27.301 +c) meaningful application-level label names
  27.302 +
  27.303 +The definition of label templates depends on the combination of
  27.304 +policies that are used. We will describe some of the labels defined
  27.305 +for the Chinese Wall and Simple Type Enforcement combination.
  27.306 +
  27.307 +In the BoincClient example, the label_template file specifies that
  27.308 +this Label is assigned the Chinese Wall type cw_Isolated. We do this
  27.309 +assuming that this BoincClient is isolated against the rest of the
  27.310 +system infrastructure (no persistent memory, no sharing with local
  27.311 +domains). Since cw_Isolated is not included in any conflict set, it
  27.312 +can run at any time concurrently with any other domain. The
  27.313 +ste_DonatedCycles type assigned to the BoincClient reflect the
  27.314 +isolation assumption: it is only assigned to the dom_NetworkDomain
  27.315 +giving the BoincClient domain access to the network to communicate
  27.316 +with its BoincServer.
  27.317 +
  27.318 +The strategy for combining types into Labels is the following: First
  27.319 +we define a label for each type of general user domain
  27.320 +(workload-oriented). Then we define a new label for each physical
  27.321 +resource that shall be shared using a DD domain (e.g., disk) and for
  27.322 +each logical resource offered through this physical resource (logical
  27.323 +disk partition). We define then device domain labels (here:
  27.324 +dom_SystemManagement, dom_StorageDomain, dom_NetworkDomain) which
  27.325 +include the types of the physical resources (e.g. hda) their domains
  27.326 +need to connect to. Such physical resources can only be accessed
  27.327 +directly by device domains types with the respective device's STE
  27.328 +type. Additionally we assign to such a device domain Label the STE
  27.329 +types of those user domains that are allowed to access one of the
  27.330 +logical resources (e.g., hda1, hda2) built on top of this physical
  27.331 +resource through the device domain.
  27.332 +
  27.333 +
  27.334 +Label Construction Example:
  27.335 +---------------------------
  27.336 +
  27.337 +We define here a storage domain label for a domain that owns a real
  27.338 +disk drive and creates the logical disk partitions hda1 and hda2 which
  27.339 +it serves to domains labeled dom_HomeBanking and dom_Fun
  27.340 +respectively. The labels we refer to are defined in the label template
  27.341 +file policies/chwall_ste/chwall_ste-security-label-template.xml.
  27.342 +
  27.343 +step1: To distinguish different shared disk drives, we create a
  27.344 +separate Label and STE type for each of them. Here: we create a type
  27.345 +ste_PersistentStorageA for disk drive hda. If you have another disk
  27.346 +drive, you may define another persistent storage type
  27.347 +ste_PersistentStorageB in the chwall_ste-security_policy.xml.
  27.348 +
  27.349 +step2: To distinguish different domains, we create multiple domain
  27.350 +labels including different types. Here: label dom_HomeBanking includes
  27.351 +STE type ste_PersonalFinances, label dom_Fun includes STE type
  27.352 +ste_InternetInsecure.
  27.353 +
  27.354 +step3: The storage domain in charge of the hard drive A needs access
  27.355 +to this hard drive. Therefore the storage domain label
  27.356 +dom_StorageDomain must include the type assigned to the hard drive
  27.357 +(ste_PersistentStorageA).
  27.358 +
  27.359 +step4: In order to serve dom hda1 to domains labeled dom_HomeBanking
  27.360 +and hda2 to domains labeled dom_Fun, the storage domain label must
  27.361 +include the types of those domains as well (ste_PersonalFinance,
  27.362 +ste_InternetInsecure).
  27.363 +
  27.364 +step5: In order to keep the data for different types safely apart, the
  27.365 +different logical disk partitions must be assigned unique labels and
  27.366 +types, which are used inside the storage domain to extend the ACM
  27.367 +access enforcement to logical resources served from inside the storage
  27.368 +domain. We define labels "res_LogicalDiskPartition1 (hda1)" and assign
  27.369 +it to hda1 and "res_LogicalDiskPartition2 (hda2)" and assign it to
  27.370 +hda2. These labels must include the STE types of those domains that
  27.371 +are allowed to use them (e.g., ste_PersonalFinances for hda1).
  27.372 +
  27.373 +The overall mandatory access control is then enforced in 3 different
  27.374 +Xen components and these components use a single consistent policy to
  27.375 +co-operatively enforce the policy. In the storage domain example, we
  27.376 +have three components that co-operate:
  27.377 +
  27.378 +1. The ACM module inside the hypervisor enforces: communication between
  27.379 +user domains and the storage domain (only domains including types
  27.380 +ste_PersonalFinances or ste_InternetInsecure can communicate with the
  27.381 +storage domain and request access to logical resource). This confines
  27.382 +the sharing to the types assigned to the storage domain.
  27.383 +
  27.384 +2. The domain management will enforce (work in progress): assignment of
  27.385 +real resources (hda) to domains (storage domain) that share a
  27.386 +type with the resource.
  27.387 +
  27.388 +3. If the storage domain serves multiple STE types (as in our example),
  27.389 +it enforces (work in progress): that domains can access (mount)
  27.390 +logical resources only if they share an STE type with the respective
  27.391 +resource. In our example, domains with the STE type
  27.392 +ste_PersonalFinances can request access (mount) to logical resource
  27.393 +hda1 from the storage domain.
  27.394 +
  27.395 +If you look at the virtual machine label dom_StorageDomain, you will
  27.396 +see the minimal set of types assigned to our domain manageing disk
  27.397 +drive hda for serving logical disk partitions exclusively to
  27.398 +dom_HomeBanking and dom_Fun.
  27.399 +
  27.400 +Similary, network domains can confine access to the network or
  27.401 +network communication between user domains.
  27.402 +
  27.403 +As a result, device domains (e.g., storage domain, network domain)
  27.404 +must be simple and small to ensure their correct co-operation in the
  27.405 +type enforcement model. If such trust is not possible, then hardware
  27.406 +should be assigned exclusively to a single type (or to a single
  27.407 +partition) in which case the hypervisor ACM enforcement enforces the
  27.408 +types independently.
    28.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    28.2 +++ b/tools/security/readme.txt	Fri Aug 19 09:03:17 2005 +0000
    28.3 @@ -0,0 +1,29 @@
    28.4 +
    28.5 +##
    28.6 +# readme.txt <description to the xen access control architecture>
    28.7 +#
    28.8 +# Author:
    28.9 +# Reiner Sailer 08/15/2005 <sailer@watson.ibm.com>
   28.10 +#
   28.11 +#
   28.12 +# This file is a toc for information regarding
   28.13 +# the access control policy and tools in Xen.
   28.14 +##
   28.15 +
   28.16 +1. policy.txt:
   28.17 +
   28.18 +   describes the general reasoning and examples for access
   28.19 +   control policies in Xen
   28.20 +
   28.21 +
   28.22 +2. install.txt
   28.23 +
   28.24 +   describes the activation of the access control framework
   28.25 +   in Xen
   28.26 +
   28.27 +3. example.txt
   28.28 +
   28.29 +   describes the available tools for managing security policies
   28.30 +   in Xen and the tools to label domains
   28.31 +
   28.32 +
    29.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    29.2 +++ b/tools/security/secpol_compat.h	Fri Aug 19 09:03:17 2005 +0000
    29.3 @@ -0,0 +1,14 @@
    29.4 +/* secpol_compat.h
    29.5 + *     'translates' data types necessary to
    29.6 + *     include <xen/acm.h>
    29.7 + */
    29.8 +#include <stdint.h>
    29.9 +
   29.10 +typedef uint8_t  u8;
   29.11 +typedef uint16_t u16;
   29.12 +typedef uint32_t u32;
   29.13 +typedef uint64_t u64;
   29.14 +typedef int8_t   s8;
   29.15 +typedef int16_t  s16;
   29.16 +typedef int32_t  s32;
   29.17 +typedef int64_t  s64;
    30.1 --- a/tools/security/secpol_tool.c	Fri Aug 19 08:55:03 2005 +0000
    30.2 +++ b/tools/security/secpol_tool.c	Fri Aug 19 09:03:17 2005 +0000
    30.3 @@ -31,18 +31,8 @@
    30.4  #include <stdlib.h>
    30.5  #include <sys/ioctl.h>
    30.6  #include <string.h>
    30.7 -#include <stdint.h>
    30.8  #include <netinet/in.h>
    30.9 -
   30.10 -typedef uint8_t u8;
   30.11 -typedef uint16_t u16;
   30.12 -typedef uint32_t u32;
   30.13 -typedef uint64_t u64;
   30.14 -typedef int8_t s8;
   30.15 -typedef int16_t s16;
   30.16 -typedef int32_t s32;
   30.17 -typedef int64_t s64;
   30.18 -
   30.19 +#include "secpol_compat.h"
   30.20  #include <xen/acm.h>
   30.21  #include <xen/acm_ops.h>
   30.22  #include <xen/linux/privcmd.h>
   30.23 @@ -270,171 +260,6 @@ void acm_dump_policy_buffer(void *buf, i
   30.24      }
   30.25  }
   30.26  
   30.27 -/*************************** set policy ****************************/
   30.28 -
   30.29 -int acm_domain_set_chwallpolicy(void *bufstart, int buflen)
   30.30 -{
   30.31 -#define CWALL_MAX_SSIDREFS      	6
   30.32 -#define CWALL_MAX_TYPES             10
   30.33 -#define CWALL_MAX_CONFLICTSETS		2
   30.34 -
   30.35 -    struct acm_chwall_policy_buffer *chwall_bin_pol =
   30.36 -        (struct acm_chwall_policy_buffer *) bufstart;
   30.37 -    domaintype_t *ssidrefs, *conflicts;
   30.38 -    int ret = 0;
   30.39 -    int j;
   30.40 -
   30.41 -    chwall_bin_pol->chwall_max_types = htonl(CWALL_MAX_TYPES);
   30.42 -    chwall_bin_pol->chwall_max_ssidrefs = htonl(CWALL_MAX_SSIDREFS);
   30.43 -    chwall_bin_pol->policy_code = htonl(ACM_CHINESE_WALL_POLICY);
   30.44 -    chwall_bin_pol->policy_version = htonl(ACM_CHWALL_VERSION);
   30.45 -    chwall_bin_pol->chwall_ssid_offset =
   30.46 -        htonl(sizeof(struct acm_chwall_policy_buffer));
   30.47 -    chwall_bin_pol->chwall_max_conflictsets =
   30.48 -        htonl(CWALL_MAX_CONFLICTSETS);
   30.49 -    chwall_bin_pol->chwall_conflict_sets_offset =
   30.50 -        htonl(ntohl(chwall_bin_pol->chwall_ssid_offset) +
   30.51 -              sizeof(domaintype_t) * CWALL_MAX_SSIDREFS * CWALL_MAX_TYPES);
   30.52 -    chwall_bin_pol->chwall_running_types_offset = 0;    /* not set */
   30.53 -    chwall_bin_pol->chwall_conflict_aggregate_offset = 0;       /* not set */
   30.54 -    ret += sizeof(struct acm_chwall_policy_buffer);
   30.55 -    /* now push example ssids into the buffer (max_ssidrefs x max_types entries) */
   30.56 -    /* check buffer size */
   30.57 -    if ((buflen - ret) <
   30.58 -        (CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t)))
   30.59 -        return -1;              /* not enough space */
   30.60 -
   30.61 -    ssidrefs = (domaintype_t *) (bufstart +
   30.62 -                          ntohl(chwall_bin_pol->chwall_ssid_offset));
   30.63 -    memset(ssidrefs, 0,
   30.64 -           CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t));
   30.65 -
   30.66 -    /* now set type j-1 for ssidref i+1 */
   30.67 -    for (j = 0; j <= CWALL_MAX_SSIDREFS; j++)
   30.68 -        if ((0 < j) && (j <= CWALL_MAX_TYPES))
   30.69 -            ssidrefs[j * CWALL_MAX_TYPES + j - 1] = htons(1);
   30.70 -
   30.71 -    ret += CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t);
   30.72 -    if ((buflen - ret) <
   30.73 -        (CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES * sizeof(domaintype_t)))
   30.74 -        return -1;              /* not enough space */
   30.75 -
   30.76 -    /* now the chinese wall policy conflict sets */
   30.77 -    conflicts = (domaintype_t *) (bufstart +
   30.78 -                                  ntohl(chwall_bin_pol->
   30.79 -                                        chwall_conflict_sets_offset));
   30.80 -    memset((void *) conflicts, 0,
   30.81 -           CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES *
   30.82 -           sizeof(domaintype_t));
   30.83 -    /* just 1 conflict set [0]={2,3}, [1]={1,5,6} */
   30.84 -    if (CWALL_MAX_TYPES > 3)
   30.85 -    {
   30.86 -        conflicts[2] = htons(1);
   30.87 -        conflicts[3] = htons(1);        /* {2,3} */
   30.88 -        conflicts[CWALL_MAX_TYPES + 1] = htons(1);
   30.89 -        conflicts[CWALL_MAX_TYPES + 5] = htons(1);
   30.90 -        conflicts[CWALL_MAX_TYPES + 6] = htons(1);      /* {0,5,6} */
   30.91 -    }
   30.92 -    ret += sizeof(domaintype_t) * CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES;
   30.93 -    return ret;
   30.94 -}
   30.95 -
   30.96 -int acm_domain_set_stepolicy(void *bufstart, int buflen)
   30.97 -{
   30.98 -#define STE_MAX_SSIDREFS        6
   30.99 -#define STE_MAX_TYPES  	        5
  30.100 -
  30.101 -    struct acm_ste_policy_buffer *ste_bin_pol =
  30.102 -        (struct acm_ste_policy_buffer *) bufstart;
  30.103 -    domaintype_t *ssidrefs;
  30.104 -    int j, ret = 0;
  30.105 -
  30.106 -    ste_bin_pol->ste_max_types = htonl(STE_MAX_TYPES);
  30.107 -    ste_bin_pol->ste_max_ssidrefs = htonl(STE_MAX_SSIDREFS);
  30.108 -    ste_bin_pol->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
  30.109 -    ste_bin_pol->policy_version = htonl(ACM_STE_VERSION);
  30.110 -    ste_bin_pol->ste_ssid_offset =
  30.111 -        htonl(sizeof(struct acm_ste_policy_buffer));
  30.112 -    ret += sizeof(struct acm_ste_policy_buffer);
  30.113 -    /* check buffer size */
  30.114 -    if ((buflen - ret) <
  30.115 -        (STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t)))
  30.116 -        return -1;              /* not enough space */
  30.117 -
  30.118 -    ssidrefs =
  30.119 -        (domaintype_t *) (bufstart + ntohl(ste_bin_pol->ste_ssid_offset));
  30.120 -    memset(ssidrefs, 0,
  30.121 -           STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t));
  30.122 -    /* all types 1 for ssidref 1 */
  30.123 -    for (j = 0; j < STE_MAX_TYPES; j++)
  30.124 -        ssidrefs[1 * STE_MAX_TYPES + j] = htons(1);
  30.125 -    /* now set type j-1 for ssidref j */
  30.126 -    for (j = 0; j < STE_MAX_SSIDREFS; j++)
  30.127 -        if ((0 < j) && (j <= STE_MAX_TYPES))
  30.128 -            ssidrefs[j * STE_MAX_TYPES + j - 1] = htons(1);
  30.129 -    ret += STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t);
  30.130 -    return ret;
  30.131 -}
  30.132 -
  30.133 -#define MAX_PUSH_BUFFER 	16384
  30.134 -u8 push_buffer[MAX_PUSH_BUFFER];
  30.135 -
  30.136 -int acm_domain_setpolicy(int xc_handle)
  30.137 -{
  30.138 -    int ret;
  30.139 -    struct acm_policy_buffer *bin_pol;
  30.140 -    acm_op_t op;
  30.141 -
  30.142 -    /* future: read policy from file and set it */
  30.143 -    bin_pol = (struct acm_policy_buffer *) push_buffer;
  30.144 -    bin_pol->policy_version = htonl(ACM_POLICY_VERSION);
  30.145 -    bin_pol->magic = htonl(ACM_MAGIC);
  30.146 -    bin_pol->primary_policy_code = htonl(ACM_CHINESE_WALL_POLICY);
  30.147 -    bin_pol->secondary_policy_code =
  30.148 -        htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
  30.149 -
  30.150 -    bin_pol->len = htonl(sizeof(struct acm_policy_buffer));
  30.151 -    bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len));
  30.152 -    ret =
  30.153 -        acm_domain_set_chwallpolicy(push_buffer +
  30.154 -                                    ntohl(bin_pol->primary_buffer_offset),
  30.155 -                                    MAX_PUSH_BUFFER -
  30.156 -                                    ntohl(bin_pol->primary_buffer_offset));
  30.157 -    if (ret < 0)
  30.158 -    {
  30.159 -        printf("ERROR creating chwallpolicy buffer.\n");
  30.160 -        return -1;
  30.161 -    }
  30.162 -    bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
  30.163 -    bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len));
  30.164 -    ret = acm_domain_set_stepolicy(push_buffer +
  30.165 -                                 ntohl(bin_pol->secondary_buffer_offset),
  30.166 -                                 MAX_PUSH_BUFFER -
  30.167 -                                 ntohl(bin_pol->secondary_buffer_offset));
  30.168 -    if (ret < 0)
  30.169 -    {
  30.170 -        printf("ERROR creating chwallpolicy buffer.\n");
  30.171 -        return -1;
  30.172 -    }
  30.173 -    bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
  30.174 -
  30.175 -    /* dump it and then push it down into xen/acm */
  30.176 -    acm_dump_policy_buffer(push_buffer, ntohl(bin_pol->len));
  30.177 -
  30.178 -    op.cmd = ACM_SETPOLICY;
  30.179 -    op.interface_version = ACM_INTERFACE_VERSION;
  30.180 -    op.u.setpolicy.pushcache = (void *) push_buffer;
  30.181 -    op.u.setpolicy.pushcache_size = ntohl(bin_pol->len);
  30.182 -    ret = do_acm_op(xc_handle, &op);
  30.183 -
  30.184 -    if (ret)
  30.185 -        printf("ERROR setting policy. Use 'xm dmesg' to see details.\n");
  30.186 -    else
  30.187 -        printf("Successfully changed policy.\n");
  30.188 -
  30.189 -    return ret;
  30.190 -}
  30.191 -
  30.192  /******************************* get policy ******************************/
  30.193  
  30.194  #define PULL_CACHE_SIZE		8192
  30.195 @@ -602,7 +427,6 @@ int acm_domain_dumpstats(int xc_handle)
  30.196  void usage(char *progname)
  30.197  {
  30.198      printf("Use: %s \n"
  30.199 -           "\t setpolicy\n"
  30.200             "\t getpolicy\n"
  30.201             "\t dumpstats\n"
  30.202             "\t loadpolicy <binary policy file>\n", progname);
  30.203 @@ -623,12 +447,7 @@ int main(int argc, char **argv)
  30.204          exit(-1);
  30.205      }
  30.206  
  30.207 -    if (!strcmp(argv[1], "setpolicy"))
  30.208 -    {
  30.209 -        if (argc != 2)
  30.210 -            usage(argv[0]);
  30.211 -        ret = acm_domain_setpolicy(acm_cmd_fd);
  30.212 -    } else if (!strcmp(argv[1], "getpolicy")) {
  30.213 +    if (!strcmp(argv[1], "getpolicy")) {
  30.214          if (argc != 2)
  30.215              usage(argv[0]);
  30.216          ret = acm_domain_getpolicy(acm_cmd_fd);
    31.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    31.2 +++ b/tools/security/secpol_xml2bin.c	Fri Aug 19 09:03:17 2005 +0000
    31.3 @@ -0,0 +1,1396 @@
    31.4 +/****************************************************************
    31.5 + * secpol_xml2bin.c
    31.6 + *
    31.7 + * Copyright (C) 2005 IBM Corporation
    31.8 + *
    31.9 + * Author: Reiner Sailer <sailer@us.ibm.com>
   31.10 + *
   31.11 + * Maintained:
   31.12 + * Reiner Sailer <sailer@us.ibm.com>
   31.13 + * Ray Valdez <rvaldez@us.ibm.com>
   31.14 + *
   31.15 + * This program is free software; you can redistribute it and/or
   31.16 + * modify it under the terms of the GNU General Public License as
   31.17 + * published by the Free Software Foundation, version 2 of the
   31.18 + * License.
   31.19 + *
   31.20 + * sHype policy translation tool. This tool takes an XML
   31.21 + * policy specification as input and produces a binary
   31.22 + * policy file that can be loaded into Xen through the
   31.23 + * ACM operations (secpol_tool loadpolicy) interface or at
   31.24 + * boot time (grub module parameter)
   31.25 + *
   31.26 + * indent -i4 -kr -nut
   31.27 + */
   31.28 +#include <stdio.h>
   31.29 +#include <stdlib.h>
   31.30 +#include <string.h>
   31.31 +#include <errno.h>
   31.32 +#include <libgen.h>
   31.33 +#include <fcntl.h>
   31.34 +#include <unistd.h>
   31.35 +#include <sys/types.h>
   31.36 +#include <sys/stat.h>
   31.37 +#include <sys/queue.h>
   31.38 +#include <netinet/in.h>
   31.39 +#include <libxml/xmlschemas.h>
   31.40 +#include <libxml/parser.h>
   31.41 +#include <libxml/tree.h>
   31.42 +#include <libxml/xmlreader.h>
   31.43 +#include "secpol_compat.h"
   31.44 +#include <xen/acm.h>
   31.45 +
   31.46 +#include "secpol_xml2bin.h"
   31.47 +
   31.48 +#define DEBUG    0
   31.49 +
   31.50 +/* primary / secondary policy component setting */
   31.51 +enum policycomponent { CHWALL, STE, NULLPOLICY }
   31.52 +    primary = NULLPOLICY, secondary = NULLPOLICY;
   31.53 +
   31.54 +/* general list element for ste and chwall type queues */
   31.55 +struct type_entry {
   31.56 +    TAILQ_ENTRY(type_entry) entries;
   31.57 +    char *name;                 /* name of type from xml file */
   31.58 +    type_t mapping;             /* type mapping into 16bit */
   31.59 +};
   31.60 +
   31.61 +TAILQ_HEAD(tailhead, type_entry) ste_head, chwall_head;
   31.62 +
   31.63 +/* general list element for all label queues */
   31.64 +enum label_type { VM, RES, ANY };
   31.65 +struct ssid_entry {
   31.66 +    TAILQ_ENTRY(ssid_entry) entries;
   31.67 +    char *name;                 /* label name */
   31.68 +    enum label_type type;       /* type: VM / RESOURCE LABEL */
   31.69 +    u_int32_t num;              /* ssid or referenced ssid */
   31.70 +    int is_ref;                 /* if this entry references earlier ssid number */
   31.71 +    unsigned char *row;         /* index of types (if not a reference) */
   31.72 +};
   31.73 +
   31.74 +TAILQ_HEAD(tailhead_ssid, ssid_entry) ste_ssid_head, chwall_ssid_head,
   31.75 +    conflictsets_head;
   31.76 +struct ssid_entry *current_chwall_ssid_p = NULL;
   31.77 +struct ssid_entry *current_ste_ssid_p = NULL;
   31.78 +struct ssid_entry *current_conflictset_p = NULL;
   31.79 +
   31.80 +/* which label to assign to dom0 during boot */
   31.81 +char *bootstrap_label;
   31.82 +
   31.83 +u_int32_t max_ste_ssids = 0;
   31.84 +u_int32_t max_chwall_ssids = 0;
   31.85 +u_int32_t max_chwall_labels = 0;
   31.86 +u_int32_t max_ste_labels = 0;
   31.87 +u_int32_t max_conflictsets = 0;
   31.88 +
   31.89 +char *current_ssid_name;        /* store name until structure is allocated */
   31.90 +char *current_conflictset_name; /* store name until structure is allocated */
   31.91 +
   31.92 +/* dynamic list of type mappings for STE */
   31.93 +u_int32_t max_ste_types = 0;
   31.94 +
   31.95 +/* dynamic list of type mappings for CHWALL */
   31.96 +u_int32_t max_chwall_types = 0;
   31.97 +
   31.98 +/* dynamic list of conflict sets */
   31.99 +int max_conflict_set = 0;
  31.100 +
  31.101 +/* which policies are defined */
  31.102 +int have_ste = 0;
  31.103 +int have_chwall = 0;
  31.104 +
  31.105 +/* input/output file names */
  31.106 +char *policy_filename = NULL,
  31.107 +    *label_filename = NULL,
  31.108 +    *binary_filename = NULL, *mapping_filename = NULL;
  31.109 +
  31.110 +void usage(char *prg)
  31.111 +{
  31.112 +    printf("usage:\n%s policyname[-policy.xml/-security_label_template.xml]\n",
  31.113 +         prg);
  31.114 +    exit(EXIT_FAILURE);
  31.115 +}
  31.116 +
  31.117 +
  31.118 +/***************** policy-related parsing *********************/
  31.119 +
  31.120 +char *type_by_mapping(struct tailhead *head, u_int32_t mapping)
  31.121 +{
  31.122 +    struct type_entry *np;
  31.123 +    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
  31.124 +        if (np->mapping == mapping)
  31.125 +            return np->name;
  31.126 +    return NULL;
  31.127 +}
  31.128 +
  31.129 +
  31.130 +struct type_entry *lookup(struct tailhead *head, char *name)
  31.131 +{
  31.132 +    struct type_entry *np;
  31.133 +    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
  31.134 +        if (!(strcmp(np->name, name)))
  31.135 +            return np;
  31.136 +    return NULL;
  31.137 +}
  31.138 +
  31.139 +/* enforces single-entry lists */
  31.140 +int add_entry(struct tailhead *head, char *name, type_t mapping)
  31.141 +{
  31.142 +    struct type_entry *e;
  31.143 +    if (lookup(head, name))
  31.144 +    {
  31.145 +        printf("Error: Type >%s< defined more than once.\n", name);
  31.146 +        return -EFAULT;         /* already in the list */
  31.147 +    }
  31.148 +    if (!(e = malloc(sizeof(struct type_entry))))
  31.149 +        return -ENOMEM;
  31.150 +
  31.151 +    e->name = name;
  31.152 +    e->mapping = mapping;
  31.153 +    TAILQ_INSERT_TAIL(head, e, entries);
  31.154 +    return 0;
  31.155 +}
  31.156 +
  31.157 +int totoken(char *tok)
  31.158 +{
  31.159 +    int i;
  31.160 +    for (i = 0; token[i] != NULL; i++)
  31.161 +        if (!strcmp(token[i], tok))
  31.162 +            return i;
  31.163 +    return -EFAULT;
  31.164 +}
  31.165 +
  31.166 +/* conflictsets use the same data structure as ssids; since
  31.167 + * they are similar in structure (set of types)
  31.168 + */
  31.169 +int init_next_conflictset(void)
  31.170 +{
  31.171 +    struct ssid_entry *conflictset = malloc(sizeof(struct ssid_entry));
  31.172 +
  31.173 +    if (!conflictset)
  31.174 +        return -ENOMEM;
  31.175 +
  31.176 +    conflictset->name = current_conflictset_name;
  31.177 +    conflictset->num = max_conflictsets++;
  31.178 +    conflictset->is_ref = 0;    /* n/a for conflictsets */
  31.179 +        /**
  31.180 +         *  row: allocate one byte per type;
  31.181 +         *  [i] != 0 --> mapped type >i< is part of the conflictset
  31.182 +         */
  31.183 +    conflictset->row = malloc(max_chwall_types);
  31.184 +    if (!conflictset->row)
  31.185 +        return -ENOMEM;
  31.186 +
  31.187 +    memset(conflictset->row, 0, max_chwall_types);
  31.188 +    TAILQ_INSERT_TAIL(&conflictsets_head, conflictset, entries);
  31.189 +    current_conflictset_p = conflictset;
  31.190 +    return 0;
  31.191 +}
  31.192 +
  31.193 +int register_type(xmlNode * cur_node, xmlDocPtr doc, unsigned long state)
  31.194 +{
  31.195 +    xmlChar *text;
  31.196 +    struct type_entry *e;
  31.197 +
  31.198 +
  31.199 +    text = xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1);
  31.200 +    if (!text)
  31.201 +    {
  31.202 +        printf("Error reading type name!\n");
  31.203 +        return -EFAULT;
  31.204 +    }
  31.205 +
  31.206 +    switch (state) {
  31.207 +    case XML2BIN_stetype_S:
  31.208 +        if (add_entry(&ste_head, (char *) text, max_ste_types))
  31.209 +        {
  31.210 +            xmlFree(text);
  31.211 +            return -EFAULT;
  31.212 +        }
  31.213 +        max_ste_types++;
  31.214 +        break;
  31.215 +
  31.216 +    case XML2BIN_chwalltype_S:
  31.217 +        if (add_entry(&chwall_head, (char *) text, max_chwall_types))
  31.218 +        {
  31.219 +            xmlFree(text);
  31.220 +            return -EFAULT;
  31.221 +        }
  31.222 +        max_chwall_types++;
  31.223 +        break;
  31.224 +
  31.225 +    case XML2BIN_conflictsettype_S:
  31.226 +        /* a) search the type in the chwall_type list */
  31.227 +        e = lookup(&chwall_head, (char *) text);
  31.228 +        if (e == NULL)
  31.229 +        {
  31.230 +            printf("CS type >%s< not a CHWALL type.\n", text);
  31.231 +            xmlFree(text);
  31.232 +            return -EFAULT;
  31.233 +        }
  31.234 +        /* b) add type entry to the current cs set */
  31.235 +        if (current_conflictset_p->row[e->mapping])
  31.236 +        {
  31.237 +            printf("ERROR: Double entry of type >%s< in conflict set %d.\n",
  31.238 +                 text, current_conflictset_p->num);
  31.239 +            xmlFree(text);
  31.240 +            return -EFAULT;
  31.241 +        }
  31.242 +        current_conflictset_p->row[e->mapping] = 1;
  31.243 +        break;
  31.244 +
  31.245 +    default:
  31.246 +        printf("Incorrect type environment (state = %lx, text = %s).\n",
  31.247 +               state, text);
  31.248 +        xmlFree(text);
  31.249 +        return -EFAULT;
  31.250 +    }
  31.251 +    return 0;
  31.252 +}
  31.253 +
  31.254 +void set_component_type(xmlNode * cur_node, enum policycomponent pc)
  31.255 +{
  31.256 +    xmlChar *order;
  31.257 +
  31.258 +    if ((order = xmlGetProp(cur_node, (xmlChar *) PRIMARY_COMPONENT_ATTR_NAME))) {
  31.259 +        if (strcmp((char *) order, PRIMARY_COMPONENT))
  31.260 +        {
  31.261 +            printf("ERROR: Illegal attribut value >order=%s<.\n",
  31.262 +                   (char *) order);
  31.263 +            xmlFree(order);
  31.264 +            exit(EXIT_FAILURE);
  31.265 +        }
  31.266 +        if (primary != NULLPOLICY)
  31.267 +        {
  31.268 +            printf("ERROR: Primary Policy Component set twice!\n");
  31.269 +            exit(EXIT_FAILURE);
  31.270 +        }
  31.271 +        primary = pc;
  31.272 +        xmlFree(order);
  31.273 +    }
  31.274 +}
  31.275 +
  31.276 +void walk_policy(xmlNode * start, xmlDocPtr doc, unsigned long state)
  31.277 +{
  31.278 +    xmlNode *cur_node = NULL;
  31.279 +    int code;
  31.280 +
  31.281 +    for (cur_node = start; cur_node; cur_node = cur_node->next)
  31.282 +    {
  31.283 +        if ((code = totoken((char *) cur_node->name)) < 0)
  31.284 +        {
  31.285 +            printf("Unknown token: >%s<. Aborting.\n", cur_node->name);
  31.286 +            exit(EXIT_FAILURE);
  31.287 +        }
  31.288 +        switch (code) {         /* adjust state to new state */
  31.289 +        case XML2BIN_SECPOL:
  31.290 +        case XML2BIN_STETYPES:
  31.291 +        case XML2BIN_CHWALLTYPES:
  31.292 +        case XML2BIN_CONFLICTSETS:
  31.293 +            walk_policy(cur_node->children, doc, state | (1 << code));
  31.294 +            break;
  31.295 +
  31.296 +        case XML2BIN_STE:
  31.297 +            if (WRITTEN_AGAINST_ACM_STE_VERSION != ACM_STE_VERSION)
  31.298 +            {
  31.299 +                printf("ERROR: This program was written against another STE version.\n");
  31.300 +                exit(EXIT_FAILURE);
  31.301 +            }
  31.302 +            have_ste = 1;
  31.303 +            set_component_type(cur_node, STE);
  31.304 +            walk_policy(cur_node->children, doc, state | (1 << code));
  31.305 +            break;
  31.306 +
  31.307 +        case XML2BIN_CHWALL:
  31.308 +            if (WRITTEN_AGAINST_ACM_CHWALL_VERSION != ACM_CHWALL_VERSION)
  31.309 +            {
  31.310 +                printf("ERROR: This program was written against another CHWALL version.\n");
  31.311 +                exit(EXIT_FAILURE);
  31.312 +            }
  31.313 +            have_chwall = 1;
  31.314 +            set_component_type(cur_node, CHWALL);
  31.315 +            walk_policy(cur_node->children, doc, state | (1 << code));
  31.316 +            break;
  31.317 +
  31.318 +        case XML2BIN_CSTYPE:
  31.319 +            current_conflictset_name =
  31.320 +                (char *) xmlGetProp(cur_node, (xmlChar *) "name");
  31.321 +            if (!current_conflictset_name)
  31.322 +                current_conflictset_name = "";
  31.323 +
  31.324 +            if (init_next_conflictset())
  31.325 +            {
  31.326 +                printf
  31.327 +                    ("ERROR: creating new conflictset structure failed.\n");
  31.328 +                exit(EXIT_FAILURE);
  31.329 +            }
  31.330 +            walk_policy(cur_node->children, doc, state | (1 << code));
  31.331 +            break;
  31.332 +
  31.333 +        case XML2BIN_TYPE:
  31.334 +            if (register_type(cur_node, doc, state))
  31.335 +                exit(EXIT_FAILURE);
  31.336 +            /* type leaf */
  31.337 +            break;
  31.338 +
  31.339 +        case XML2BIN_TEXT:
  31.340 +        case XML2BIN_COMMENT:
  31.341 +        case XML2BIN_POLICYHEADER:
  31.342 +            /* leaf - nothing to do */
  31.343 +            break;
  31.344 +
  31.345 +        default:
  31.346 +            printf("Unkonwn token Error (%d)\n", code);
  31.347 +            exit(EXIT_FAILURE);
  31.348 +        }
  31.349 +
  31.350 +    }
  31.351 +    return;
  31.352 +}
  31.353 +
  31.354 +int create_type_mapping(xmlDocPtr doc)
  31.355 +{
  31.356 +    xmlNode *root_element = xmlDocGetRootElement(doc);
  31.357 +    struct type_entry *te;
  31.358 +    struct ssid_entry *se;
  31.359 +    int i;
  31.360 +
  31.361 +    printf("Creating ssid mappings ...\n");
  31.362 +
  31.363 +    /* initialize the ste and chwall type lists */
  31.364 +    TAILQ_INIT(&ste_head);
  31.365 +    TAILQ_INIT(&chwall_head);
  31.366 +    TAILQ_INIT(&conflictsets_head);
  31.367 +
  31.368 +    walk_policy(root_element, doc, XML2BIN_NULL);
  31.369 +
  31.370 +    /* determine primary/secondary policy component orders */
  31.371 +    if ((primary == NULLPOLICY) && have_chwall)
  31.372 +        primary = CHWALL;       /* default if not set */
  31.373 +    else if ((primary == NULLPOLICY) && have_ste)
  31.374 +        primary = STE;
  31.375 +
  31.376 +    switch (primary) {
  31.377 +
  31.378 +    case CHWALL:
  31.379 +        if (have_ste)
  31.380 +            secondary = STE;
  31.381 +        /* else default = NULLPOLICY */
  31.382 +        break;
  31.383 +
  31.384 +    case STE:
  31.385 +        if (have_chwall)
  31.386 +            secondary = CHWALL;
  31.387 +        /* else default = NULLPOLICY */
  31.388 +        break;
  31.389 +
  31.390 +    default:
  31.391 +        /* NULL/NULL policy */
  31.392 +        break;
  31.393 +    }
  31.394 +
  31.395 +    if (!DEBUG)
  31.396 +        return 0;
  31.397 +
  31.398 +    /* print queues */
  31.399 +    if (have_ste)
  31.400 +    {
  31.401 +        printf("STE-Type queue (%s):\n",
  31.402 +               (primary == STE) ? "PRIMARY" : "SECONDARY");
  31.403 +        for (te = ste_head.tqh_first; te != NULL;
  31.404 +             te = te->entries.tqe_next)
  31.405 +            printf("name=%22s, map=%x\n", te->name, te->mapping);
  31.406 +    }
  31.407 +    if (have_chwall)
  31.408 +    {
  31.409 +        printf("CHWALL-Type queue (%s):\n",
  31.410 +               (primary == CHWALL) ? "PRIMARY" : "SECONDARY");
  31.411 +        for (te = chwall_head.tqh_first; te != NULL;
  31.412 +             te = te->entries.tqe_next)
  31.413 +            printf("name=%s, map=%x\n", te->name, te->mapping);
  31.414 +
  31.415 +        printf("Conflictset queue (max=%d):\n", max_conflictsets);
  31.416 +        for (se = conflictsets_head.tqh_first; se != NULL;
  31.417 +             se = se->entries.tqe_next)
  31.418 +        {
  31.419 +            printf("conflictset name >%s<\n",
  31.420 +                   se->name ? se->name : "NONAME");
  31.421 +            for (i = 0; i < max_chwall_types; i++)
  31.422 +                if (se->row[i])
  31.423 +                    printf("#%x ", i);
  31.424 +            printf("\n");
  31.425 +        }
  31.426 +    }
  31.427 +    return 0;
  31.428 +}
  31.429 +
  31.430 +
  31.431 +/***************** template-related parsing *********************/
  31.432 +
  31.433 +/* add default ssid at head of ssid queues */
  31.434 +int init_ssid_queues(void)
  31.435 +{
  31.436 +    struct ssid_entry *default_ssid_chwall, *default_ssid_ste;
  31.437 +
  31.438 +    default_ssid_chwall = malloc(sizeof(struct ssid_entry));
  31.439 +    default_ssid_ste = malloc(sizeof(struct ssid_entry));
  31.440 +
  31.441 +    if ((!default_ssid_chwall) || (!default_ssid_ste))
  31.442 +        return -ENOMEM;
  31.443 +
  31.444 +    /* default chwall ssid */
  31.445 +    default_ssid_chwall->name = "DEFAULT";
  31.446 +    default_ssid_chwall->num = max_chwall_ssids++;
  31.447 +    default_ssid_chwall->is_ref = 0;
  31.448 +    default_ssid_chwall->type = ANY;
  31.449 +
  31.450 +    default_ssid_chwall->row = malloc(max_chwall_types);
  31.451 +
  31.452 +    if (!default_ssid_chwall->row)
  31.453 +        return -ENOMEM;
  31.454 +
  31.455 +    memset(default_ssid_chwall->row, 0, max_chwall_types);
  31.456 +
  31.457 +    TAILQ_INSERT_TAIL(&chwall_ssid_head, default_ssid_chwall, entries);
  31.458 +    current_chwall_ssid_p = default_ssid_chwall;
  31.459 +    max_chwall_labels++;
  31.460 +
  31.461 +    /* default ste ssid */
  31.462 +    default_ssid_ste->name = "DEFAULT";
  31.463 +    default_ssid_ste->num = max_ste_ssids++;
  31.464 +    default_ssid_ste->is_ref = 0;
  31.465 +    default_ssid_ste->type = ANY;
  31.466 +
  31.467 +    default_ssid_ste->row = malloc(max_ste_types);
  31.468 +
  31.469 +    if (!default_ssid_ste->row)
  31.470 +        return -ENOMEM;
  31.471 +
  31.472 +    memset(default_ssid_ste->row, 0, max_ste_types);
  31.473 +
  31.474 +    TAILQ_INSERT_TAIL(&ste_ssid_head, default_ssid_ste, entries);
  31.475 +    current_ste_ssid_p = default_ssid_ste;
  31.476 +    max_ste_labels++;
  31.477 +    return 0;
  31.478 +}
  31.479 +
  31.480 +int init_next_chwall_ssid(unsigned long state)
  31.481 +{
  31.482 +    struct ssid_entry *ssid = malloc(sizeof(struct ssid_entry));
  31.483 +
  31.484 +    if (!ssid)
  31.485 +        return -ENOMEM;
  31.486 +
  31.487 +    ssid->name = current_ssid_name;
  31.488 +    ssid->num = max_chwall_ssids++;
  31.489 +    ssid->is_ref = 0;
  31.490 +
  31.491 +    if (state & (1 << XML2BIN_VM))
  31.492 +        ssid->type = VM;
  31.493 +    else
  31.494 +        ssid->type = RES;
  31.495 +        /**
  31.496 +         *  row: allocate one byte per type;
  31.497 +         *  [i] != 0 --> mapped type >i< is part of the ssid
  31.498 +         */
  31.499 +    ssid->row = malloc(max_chwall_types);
  31.500 +    if (!ssid->row)
  31.501 +        return -ENOMEM;
  31.502 +
  31.503 +    memset(ssid->row, 0, max_chwall_types);
  31.504 +    TAILQ_INSERT_TAIL(&chwall_ssid_head, ssid, entries);
  31.505 +    current_chwall_ssid_p = ssid;
  31.506 +    max_chwall_labels++;
  31.507 +    return 0;
  31.508 +}
  31.509 +
  31.510 +int init_next_ste_ssid(unsigned long state)
  31.511 +{
  31.512 +    struct ssid_entry *ssid = malloc(sizeof(struct ssid_entry));
  31.513 +
  31.514 +    if (!ssid)
  31.515 +        return -ENOMEM;
  31.516 +
  31.517 +    ssid->name = current_ssid_name;
  31.518 +    ssid->num = max_ste_ssids++;
  31.519 +    ssid->is_ref = 0;
  31.520 +
  31.521 +    if (state & (1 << XML2BIN_VM))
  31.522 +        ssid->type = VM;
  31.523 +    else
  31.524 +        ssid->type = RES;
  31.525 +
  31.526 +        /**
  31.527 +         *  row: allocate one byte per type;
  31.528 +         *  [i] != 0 --> mapped type >i< is part of the ssid
  31.529 +         */
  31.530 +    ssid->row = malloc(max_ste_types);
  31.531 +    if (!ssid->row)
  31.532 +        return -ENOMEM;
  31.533 +
  31.534 +    memset(ssid->row, 0, max_ste_types);
  31.535 +    TAILQ_INSERT_TAIL(&ste_ssid_head, ssid, entries);
  31.536 +    current_ste_ssid_p = ssid;
  31.537 +    max_ste_labels++;
  31.538 +
  31.539 +    return 0;
  31.540 +}
  31.541 +
  31.542 +
  31.543 +/* adds a type to the current ssid */
  31.544 +int add_type(xmlNode * cur_node, xmlDocPtr doc, unsigned long state)
  31.545 +{
  31.546 +    xmlChar *text;
  31.547 +    struct type_entry *e;
  31.548 +
  31.549 +    text = xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1);
  31.550 +    if (!text)
  31.551 +    {
  31.552 +        printf("Error reading type name!\n");
  31.553 +        return -EFAULT;
  31.554 +    }
  31.555 +    /* same for all: 1. lookup type mapping, 2. mark type in ssid */
  31.556 +    switch (state) {
  31.557 +    case XML2BIN_VM_STE_S:
  31.558 +    case XML2BIN_RES_STE_S:
  31.559 +        /* lookup the type mapping and include the type mapping into the array */
  31.560 +        if (!(e = lookup(&ste_head, (char *) text)))
  31.561 +        {
  31.562 +            printf("ERROR: unknown VM STE type >%s<.\n", text);
  31.563 +            exit(EXIT_FAILURE);
  31.564 +        }
  31.565 +        if (current_ste_ssid_p->row[e->mapping])
  31.566 +            printf("Warning: double entry of VM STE type >%s<.\n", text);
  31.567 +
  31.568 +        current_ste_ssid_p->row[e->mapping] = 1;
  31.569 +        break;
  31.570 +
  31.571 +    case XML2BIN_VM_CHWALL_S:
  31.572 +        /* lookup the type mapping and include the type mapping into the array */
  31.573 +        if (!(e = lookup(&chwall_head, (char *) text)))
  31.574 +        {
  31.575 +            printf("ERROR: unknown VM CHWALL type >%s<.\n", text);
  31.576 +            exit(EXIT_FAILURE);
  31.577 +        }
  31.578 +        if (current_chwall_ssid_p->row[e->mapping])
  31.579 +            printf("Warning: double entry of VM CHWALL type >%s<.\n",
  31.580 +                   text);
  31.581 +
  31.582 +        current_chwall_ssid_p->row[e->mapping] = 1;
  31.583 +        break;
  31.584 +
  31.585 +    default:
  31.586 +        printf("Incorrect type environment (state = %lx, text = %s).\n",
  31.587 +               state, text);
  31.588 +        xmlFree(text);
  31.589 +        return -EFAULT;
  31.590 +    }
  31.591 +    return 0;
  31.592 +}
  31.593 +
  31.594 +void set_bootstrap_label(xmlNode * cur_node)
  31.595 +{
  31.596 +    xmlChar *order;
  31.597 +
  31.598 +    if ((order = xmlGetProp(cur_node, (xmlChar *) BOOTSTRAP_LABEL_ATTR_NAME)))
  31.599 +        bootstrap_label = (char *)order;
  31.600 +    else {
  31.601 +        printf("ERROR: No bootstrap label defined!\n");
  31.602 +        exit(EXIT_FAILURE);
  31.603 +    }
  31.604 +}
  31.605 +
  31.606 +void walk_labels(xmlNode * start, xmlDocPtr doc, unsigned long state)
  31.607 +{
  31.608 +    xmlNode *cur_node = NULL;
  31.609 +    int code;
  31.610 +
  31.611 +    for (cur_node = start; cur_node; cur_node = cur_node->next)
  31.612 +    {
  31.613 +        if ((code = totoken((char *) cur_node->name)) < 0)
  31.614 +        {
  31.615 +            printf("Unkonwn token: >%s<. Aborting.\n", cur_node->name);
  31.616 +            exit(EXIT_FAILURE);
  31.617 +        }
  31.618 +        switch (code) {         /* adjust state to new state */
  31.619 +
  31.620 +        case XML2BIN_SUBJECTS:
  31.621 +            set_bootstrap_label(cur_node);
  31.622 +            /* fall through */
  31.623 +        case XML2BIN_VM:
  31.624 +        case XML2BIN_RES:
  31.625 +        case XML2BIN_SECTEMPLATE:
  31.626 +        case XML2BIN_OBJECTS:
  31.627 +            walk_labels(cur_node->children, doc, state | (1 << code));
  31.628 +            break;
  31.629 +
  31.630 +        case XML2BIN_STETYPES:
  31.631 +            /* create new ssid entry to use and point current to it */
  31.632 +            if (init_next_ste_ssid(state))
  31.633 +            {
  31.634 +                printf("ERROR: creating new ste ssid structure failed.\n");
  31.635 +                exit(EXIT_FAILURE);
  31.636 +            }
  31.637 +            walk_labels(cur_node->children, doc, state | (1 << code));
  31.638 +
  31.639 +            break;
  31.640 +
  31.641 +        case XML2BIN_CHWALLTYPES:
  31.642 +            /* create new ssid entry to use and point current to it */
  31.643 +            if (init_next_chwall_ssid(state))
  31.644 +            {
  31.645 +                printf("ERROR: creating new chwall ssid structure failed.\n");
  31.646 +                exit(EXIT_FAILURE);
  31.647 +            }
  31.648 +            walk_labels(cur_node->children, doc, state | (1 << code));
  31.649 +
  31.650 +            break;
  31.651 +
  31.652 +        case XML2BIN_TYPE:
  31.653 +            /* add type to current ssid */
  31.654 +            if (add_type(cur_node, doc, state))
  31.655 +                exit(EXIT_FAILURE);
  31.656 +            break;
  31.657 +
  31.658 +        case XML2BIN_NAME:
  31.659 +            if ((state != XML2BIN_VM_S) && (state != XML2BIN_RES_S))
  31.660 +            {
  31.661 +                printf("ERROR: >name< out of VM/RES context.\n");
  31.662 +                exit(EXIT_FAILURE);
  31.663 +            }
  31.664 +            current_ssid_name = (char *)
  31.665 +                xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1);
  31.666 +
  31.667 +            if (!current_ssid_name)
  31.668 +            {
  31.669 +                printf("ERROR: empty >name<!\n");
  31.670 +                exit(EXIT_FAILURE);
  31.671 +            }
  31.672 +            break;
  31.673 +
  31.674 +        case XML2BIN_TEXT:
  31.675 +        case XML2BIN_COMMENT:
  31.676 +        case XML2BIN_LABELHEADER:
  31.677 +            break;
  31.678 +
  31.679 +        default:
  31.680 +            printf("Unkonwn token Error (%d)\n", code);
  31.681 +            exit(EXIT_FAILURE);
  31.682 +        }
  31.683 +
  31.684 +    }
  31.685 +    return;
  31.686 +}
  31.687 +
  31.688 +/* this function walks through a ssid queue
  31.689 + * and transforms double entries into references
  31.690 + * of the first definition (we need to keep the
  31.691 + * entry to map labels but we don't want double
  31.692 + * ssids in the binary policy
  31.693 + */
  31.694 +void
  31.695 +remove_doubles(struct tailhead_ssid *head,
  31.696 +                        u_int32_t max_types, u_int32_t * max_ssids)
  31.697 +{
  31.698 +    struct ssid_entry *np, *ni;
  31.699 +
  31.700 +    /* walk once through the list */
  31.701 +    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
  31.702 +    {
  31.703 +        /* now search from the start until np for the same entry */
  31.704 +        for (ni = head->tqh_first; ni != np; ni = ni->entries.tqe_next)
  31.705 +        {
  31.706 +            if (ni->is_ref)
  31.707 +                continue;
  31.708 +            if (memcmp(np->row, ni->row, max_types))
  31.709 +                continue;
  31.710 +            /* found one, set np reference to ni */
  31.711 +            np->is_ref = 1;
  31.712 +            np->num = ni->num;
  31.713 +            (*max_ssids)--;
  31.714 +        }
  31.715 +    }
  31.716 +
  31.717 +    /* now minimize the ssid numbers used (doubles introduce holes) */
  31.718 +    (*max_ssids) = 0; /* reset */
  31.719 +
  31.720 +    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
  31.721 +    {
  31.722 +        if (np->is_ref)
  31.723 +            continue;
  31.724 +
  31.725 +        if (np->num != (*max_ssids)) {
  31.726 +                /* first reset all later references to the new max_ssid */
  31.727 +                for (ni = np->entries.tqe_next; ni != NULL; ni = ni->entries.tqe_next)
  31.728 +                {
  31.729 +                    if (ni->num == np->num)
  31.730 +                        ni->num = (*max_ssids);
  31.731 +                }
  31.732 +                /* now reset num */
  31.733 +                np->num = (*max_ssids)++;
  31.734 +        }
  31.735 +        else
  31.736 +            (*max_ssids)++;
  31.737 +    }
  31.738 +}
  31.739 +
  31.740 +/*
  31.741 + * will go away as soon as we have non-static bootstrap ssidref for dom0
  31.742 + */
  31.743 +void fixup_bootstrap_label(struct tailhead_ssid *head,
  31.744 +                         u_int32_t max_types, u_int32_t * max_ssids)
  31.745 +{
  31.746 +    struct ssid_entry *np;
  31.747 +    int i;
  31.748 +
  31.749 +    /* should not happen if xml / xsd checks work */
  31.750 +    if (!bootstrap_label)
  31.751 +    {
  31.752 +        printf("ERROR: No bootstrap label defined.\n");
  31.753 +        exit(EXIT_FAILURE);
  31.754 +    }
  31.755 +
  31.756 +    /* search bootstrap_label */
  31.757 +    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
  31.758 +    {
  31.759 +        if (!strcmp(np->name, bootstrap_label))
  31.760 +        {
  31.761 +            break;
  31.762 +        }
  31.763 +    }
  31.764 +
  31.765 +    if (!np) {
  31.766 +        /* bootstrap label not found */
  31.767 +        printf("ERROR: Bootstrap label >%s< not found.\n", bootstrap_label);
  31.768 +        exit(EXIT_FAILURE);
  31.769 +    }
  31.770 +
  31.771 +    /* move this entry ahead in the list right after the default entry so it
  31.772 +     * receives ssidref 1/1 */
  31.773 +    TAILQ_REMOVE(head, np, entries);
  31.774 +    TAILQ_INSERT_AFTER(head, head->tqh_first, np, entries);
  31.775 +
  31.776 +    /* renumber the ssids (we could also just switch places with 1st element) */
  31.777 +    for (np = head->tqh_first, i=0; np != NULL; np = np->entries.tqe_next, i++)
  31.778 +        np->num   = i;
  31.779 +
  31.780 +}
  31.781 +
  31.782 +int create_ssid_mapping(xmlDocPtr doc)
  31.783 +{
  31.784 +    xmlNode *root_element = xmlDocGetRootElement(doc);
  31.785 +    struct ssid_entry *np;
  31.786 +    int i;
  31.787 +
  31.788 +    printf("Creating label mappings ...\n");
  31.789 +    /* initialize the ste and chwall type lists */
  31.790 +    TAILQ_INIT(&chwall_ssid_head);
  31.791 +    TAILQ_INIT(&ste_ssid_head);
  31.792 +
  31.793 +    /* init with default ssids */
  31.794 +    if (init_ssid_queues())
  31.795 +    {
  31.796 +        printf("ERROR adding default ssids.\n");
  31.797 +        exit(EXIT_FAILURE);
  31.798 +    }
  31.799 +
  31.800 +    /* now walk the template DOM tree and fill in ssids */
  31.801 +    walk_labels(root_element, doc, XML2BIN_NULL);
  31.802 +
  31.803 +    /*
  31.804 +     * now sort bootstrap label to the head of the list
  31.805 +     * (for now), dom0 assumes its label in the first
  31.806 +     * defined ssidref (1/1). 0/0 is the default non-Label
  31.807 +     */
  31.808 +    if (have_chwall)
  31.809 +        fixup_bootstrap_label(&chwall_ssid_head, max_chwall_types,
  31.810 +                                &max_chwall_ssids);
  31.811 +    if (have_ste)
  31.812 +        fixup_bootstrap_label(&ste_ssid_head, max_ste_types,
  31.813 +                                &max_ste_ssids);
  31.814 +
  31.815 +    /* remove any double entries (insert reference instead) */
  31.816 +    if (have_chwall)
  31.817 +        remove_doubles(&chwall_ssid_head, max_chwall_types,
  31.818 +                       &max_chwall_ssids);
  31.819 +    if (have_ste)
  31.820 +        remove_doubles(&ste_ssid_head, max_ste_types,
  31.821 +                       &max_ste_ssids);
  31.822 +
  31.823 +    if (!DEBUG)
  31.824 +        return 0;
  31.825 +
  31.826 +    /* print queues */
  31.827 +    if (have_chwall)
  31.828 +    {
  31.829 +        printf("CHWALL SSID queue (max ssidrefs=%d):\n", max_chwall_ssids);
  31.830 +        np = NULL;
  31.831 +        for (np = chwall_ssid_head.tqh_first; np != NULL;
  31.832 +             np = np->entries.tqe_next)
  31.833 +        {
  31.834 +            printf("SSID #%02u (Label=%s)\n", np->num, np->name);
  31.835 +            if (np->is_ref)
  31.836 +                printf("REFERENCE");
  31.837 +            else
  31.838 +                for (i = 0; i < max_chwall_types; i++)
  31.839 +                    if (np->row[i])
  31.840 +                        printf("#%02d ", i);
  31.841 +            printf("\n\n");
  31.842 +        }
  31.843 +    }
  31.844 +    if (have_ste)
  31.845 +    {
  31.846 +        printf("STE SSID queue (max ssidrefs=%d):\n", max_ste_ssids);
  31.847 +        np = NULL;
  31.848 +        for (np = ste_ssid_head.tqh_first; np != NULL;
  31.849 +             np = np->entries.tqe_next)
  31.850 +        {
  31.851 +            printf("SSID #%02u (Label=%s)\n", np->num, np->name);
  31.852 +            if (np->is_ref)
  31.853 +                printf("REFERENCE");
  31.854 +            else
  31.855 +                for (i = 0; i < max_ste_types; i++)
  31.856 +                    if (np->row[i])
  31.857 +                        printf("#%02d ", i);
  31.858 +            printf("\n\n");
  31.859 +        }
  31.860 +    }
  31.861 +    return 0;
  31.862 +}
  31.863 +
  31.864 +/***************** writing the binary policy *********************/
  31.865 +
  31.866 +/*
  31.867 + * the mapping file is ascii-based since it will likely be used from
  31.868 + * within scripts (using awk, grep, etc.);
  31.869 + *
  31.870 + * We print from high-level to low-level information so that with one
  31.871 + * pass, any symbol can be resolved (e.g. Label -> types)
  31.872 + */
  31.873 +int write_mapping(char *filename)
  31.874 +{
  31.875 +
  31.876 +    struct ssid_entry *e;
  31.877 +    struct type_entry *t;
  31.878 +    int i;
  31.879 +    FILE *file;
  31.880 +
  31.881 +    if ((file = fopen(filename, "w")) == NULL)
  31.882 +        return -EIO;
  31.883 +
  31.884 +    fprintf(file, "MAGIC                  %08x\n", ACM_MAGIC);
  31.885 +    fprintf(file, "POLICY                 %s\n",
  31.886 +            basename(policy_filename));
  31.887 +    fprintf(file, "BINARY                 %s\n",
  31.888 +            basename(binary_filename));
  31.889 +    if (have_chwall)
  31.890 +    {
  31.891 +        fprintf(file, "MAX-CHWALL-TYPES       %08x\n", max_chwall_types);
  31.892 +        fprintf(file, "MAX-CHWALL-SSIDS       %08x\n", max_chwall_ssids);
  31.893 +        fprintf(file, "MAX-CHWALL-LABELS      %08x\n", max_chwall_labels);
  31.894 +    }
  31.895 +    if (have_ste)
  31.896 +    {
  31.897 +        fprintf(file, "MAX-STE-TYPES          %08x\n", max_ste_types);
  31.898 +        fprintf(file, "MAX-STE-SSIDS          %08x\n", max_ste_ssids);
  31.899 +        fprintf(file, "MAX-STE-LABELS         %08x\n", max_ste_labels);
  31.900 +    }
  31.901 +    fprintf(file, "\n");
  31.902 +
  31.903 +    /* primary / secondary order for combined ssid synthesis/analysis
  31.904 +     * if no primary is named, then chwall is primary */
  31.905 +    switch (primary) {
  31.906 +    case CHWALL:
  31.907 +        fprintf(file, "PRIMARY                CHWALL\n");
  31.908 +        break;
  31.909 +
  31.910 +    case STE:
  31.911 +        fprintf(file, "PRIMARY                STE\n");
  31.912 +        break;
  31.913 +
  31.914 +    default:
  31.915 +        fprintf(file, "PRIMARY                NULL\n");
  31.916 +        break;
  31.917 +    }
  31.918 +
  31.919 +    switch (secondary) {
  31.920 +    case CHWALL:
  31.921 +        fprintf(file, "SECONDARY              CHWALL\n");
  31.922 +        break;
  31.923 +
  31.924 +    case STE:
  31.925 +        fprintf(file, "SECONDARY              STE\n");
  31.926 +        break;
  31.927 +
  31.928 +    default:
  31.929 +        fprintf(file, "SECONDARY              NULL\n");
  31.930 +        break;
  31.931 +    }
  31.932 +    fprintf(file, "\n");
  31.933 +
  31.934 +    /* first labels to ssid mappings */
  31.935 +    if (have_chwall)
  31.936 +    {
  31.937 +        for (e = chwall_ssid_head.tqh_first; e != NULL;
  31.938 +             e = e->entries.tqe_next)
  31.939 +        {
  31.940 +            fprintf(file, "LABEL->SSID %s CHWALL %-25s %8x\n",
  31.941 +                    (e->type ==
  31.942 +                     VM) ? "VM " : ((e->type == RES) ? "RES" : "ANY"),
  31.943 +                    e->name, e->num);
  31.944 +        }
  31.945 +        fprintf(file, "\n");
  31.946 +    }
  31.947 +    if (have_ste)
  31.948 +    {
  31.949 +        for (e = ste_ssid_head.tqh_first; e != NULL;
  31.950 +             e = e->entries.tqe_next)
  31.951 +        {
  31.952 +            fprintf(file, "LABEL->SSID %s STE    %-25s %8x\n",
  31.953 +                    (e->type ==
  31.954 +                     VM) ? "VM " : ((e->type == RES) ? "RES" : "ANY"),
  31.955 +                    e->name, e->num);
  31.956 +        }
  31.957 +        fprintf(file, "\n");
  31.958 +    }
  31.959 +
  31.960 +    /* second ssid to type mappings */
  31.961 +    if (have_chwall)
  31.962 +    {
  31.963 +        for (e = chwall_ssid_head.tqh_first; e != NULL;
  31.964 +             e = e->entries.tqe_next)
  31.965 +        {
  31.966 +            if (e->is_ref)
  31.967 +                continue;
  31.968 +
  31.969 +            fprintf(file, "SSID->TYPE CHWALL      %08x", e->num);
  31.970 +
  31.971 +            for (i = 0; i < max_chwall_types; i++)
  31.972 +                if (e->row[i])
  31.973 +                    fprintf(file, " %s", type_by_mapping(&chwall_head, i));
  31.974 +
  31.975 +            fprintf(file, "\n");
  31.976 +        }
  31.977 +        fprintf(file, "\n");
  31.978 +    }
  31.979 +    if (have_ste) {
  31.980 +        for (e = ste_ssid_head.tqh_first; e != NULL;
  31.981 +             e = e->entries.tqe_next)
  31.982 +        {
  31.983 +            if (e->is_ref)
  31.984 +                continue;
  31.985 +
  31.986 +            fprintf(file, "SSID->TYPE STE         %08x", e->num);
  31.987 +
  31.988 +            for (i = 0; i < max_ste_types; i++)
  31.989 +                if (e->row[i])
  31.990 +                    fprintf(file, " %s", type_by_mapping(&ste_head, i));
  31.991 +
  31.992 +            fprintf(file, "\n");
  31.993 +        }
  31.994 +        fprintf(file, "\n");
  31.995 +    }
  31.996 +    /* third type mappings */
  31.997 +    if (have_chwall)
  31.998 +    {
  31.999 +        for (t = chwall_head.tqh_first; t != NULL; t = t->entries.tqe_next)
 31.1000 +        {
 31.1001 +            fprintf(file, "TYPE CHWALL            %-25s %8x\n",
 31.1002 +                    t->name, t->mapping);
 31.1003 +        }
 31.1004 +        fprintf(file, "\n");
 31.1005 +    }
 31.1006 +    if (have_ste) {
 31.1007 +        for (t = ste_head.tqh_first; t != NULL; t = t->entries.tqe_next)
 31.1008 +        {
 31.1009 +            fprintf(file, "TYPE STE               %-25s %8x\n",
 31.1010 +                    t->name, t->mapping);
 31.1011 +        }
 31.1012 +        fprintf(file, "\n");
 31.1013 +    }
 31.1014 +    fclose(file);
 31.1015 +    return 0;
 31.1016 +}
 31.1017 +
 31.1018 +unsigned char *write_chwall_binary(u_int32_t * len_chwall)
 31.1019 +{
 31.1020 +    unsigned char *buf, *ptr;
 31.1021 +    struct acm_chwall_policy_buffer *chwall_header;
 31.1022 +    u_int32_t len;
 31.1023 +    struct ssid_entry *e;
 31.1024 +    int i;
 31.1025 +
 31.1026 +    if (!have_chwall)
 31.1027 +        return NULL;
 31.1028 +
 31.1029 +    len = sizeof(struct acm_chwall_policy_buffer) +
 31.1030 +        sizeof(type_t) * max_chwall_types * max_chwall_ssids +
 31.1031 +        sizeof(type_t) * max_chwall_types * max_conflictsets;
 31.1032 +
 31.1033 +    buf = malloc(len);
 31.1034 +    ptr = buf;
 31.1035 +
 31.1036 +    if (!buf)
 31.1037 +    {
 31.1038 +        printf("ERROR: out of memory allocating chwall buffer.\n");
 31.1039 +        exit(EXIT_FAILURE);
 31.1040 +    }
 31.1041 +    /* chwall has 3 parts : header, types, conflictsets */
 31.1042 +
 31.1043 +    chwall_header = (struct acm_chwall_policy_buffer *) buf;
 31.1044 +    chwall_header->chwall_max_types = htonl(max_chwall_types);
 31.1045 +    chwall_header->chwall_max_ssidrefs = htonl(max_chwall_ssids);
 31.1046 +    chwall_header->policy_code = htonl(ACM_CHINESE_WALL_POLICY);
 31.1047 +    chwall_header->policy_version = htonl(ACM_CHWALL_VERSION);
 31.1048 +    chwall_header->chwall_ssid_offset =
 31.1049 +        htonl(sizeof(struct acm_chwall_policy_buffer));
 31.1050 +    chwall_header->chwall_max_conflictsets = htonl(max_conflictsets);
 31.1051 +    chwall_header->chwall_conflict_sets_offset =
 31.1052 +        htonl(ntohl(chwall_header->chwall_ssid_offset) +
 31.1053 +              sizeof(domaintype_t) * max_chwall_ssids * max_chwall_types);
 31.1054 +    chwall_header->chwall_running_types_offset = 0;     /* not set, only retrieved */
 31.1055 +    chwall_header->chwall_conflict_aggregate_offset = 0;        /* not set, only retrieved */
 31.1056 +    ptr += sizeof(struct acm_chwall_policy_buffer);
 31.1057 +
 31.1058 +    /* types */
 31.1059 +    for (e = chwall_ssid_head.tqh_first; e != NULL;
 31.1060 +         e = e->entries.tqe_next)
 31.1061 +    {
 31.1062 +        if (e->is_ref)
 31.1063 +            continue;
 31.1064 +
 31.1065 +        for (i = 0; i < max_chwall_types; i++)
 31.1066 +            ((type_t *) ptr)[i] = htons((type_t) e->row[i]);
 31.1067 +
 31.1068 +        ptr += sizeof(type_t) * max_chwall_types;
 31.1069 +    }
 31.1070 +
 31.1071 +    /* conflictsets */
 31.1072 +    for (e = conflictsets_head.tqh_first; e != NULL;
 31.1073 +         e = e->entries.tqe_next)
 31.1074 +    {
 31.1075 +        for (i = 0; i < max_chwall_types; i++)
 31.1076 +            ((type_t *) ptr)[i] = htons((type_t) e->row[i]);
 31.1077 +
 31.1078 +        ptr += sizeof(type_t) * max_chwall_types;
 31.1079 +    }
 31.1080 +
 31.1081 +    if ((ptr - buf) != len)
 31.1082 +    {
 31.1083 +        printf("ERROR: wrong lengths in %s.\n", __func__);
 31.1084 +        exit(EXIT_FAILURE);
 31.1085 +    }
 31.1086 +
 31.1087 +    (*len_chwall) = len;
 31.1088 +    return buf;
 31.1089 +}
 31.1090 +
 31.1091 +unsigned char *write_ste_binary(u_int32_t * len_ste)
 31.1092 +{
 31.1093 +    unsigned char *buf, *ptr;
 31.1094 +    struct acm_ste_policy_buffer *ste_header;
 31.1095 +    struct ssid_entry *e;
 31.1096 +    u_int32_t len;
 31.1097 +    int i;
 31.1098 +
 31.1099 +    if (!have_ste)
 31.1100 +        return NULL;
 31.1101 +
 31.1102 +    len = sizeof(struct acm_ste_policy_buffer) +
 31.1103 +        sizeof(type_t) * max_ste_types * max_ste_ssids;
 31.1104 +
 31.1105 +    buf = malloc(len);
 31.1106 +    ptr = buf;
 31.1107 +
 31.1108 +    if (!buf)
 31.1109 +    {
 31.1110 +        printf("ERROR: out of memory allocating chwall buffer.\n");
 31.1111 +        exit(EXIT_FAILURE);
 31.1112 +    }
 31.1113 +
 31.1114 +    /* fill buffer */
 31.1115 +    ste_header = (struct acm_ste_policy_buffer *) buf;
 31.1116 +    ste_header->policy_version = htonl(ACM_STE_VERSION);
 31.1117 +    ste_header->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
 31.1118 +    ste_header->ste_max_types = htonl(max_ste_types);
 31.1119 +    ste_header->ste_max_ssidrefs = htonl(max_ste_ssids);
 31.1120 +    ste_header->ste_ssid_offset =
 31.1121 +        htonl(sizeof(struct acm_ste_policy_buffer));
 31.1122 +
 31.1123 +    ptr += sizeof(struct acm_ste_policy_buffer);
 31.1124 +
 31.1125 +    /* types */
 31.1126 +    for (e = ste_ssid_head.tqh_first; e != NULL; e = e->entries.tqe_next)
 31.1127 +    {
 31.1128 +        if (e->is_ref)
 31.1129 +            continue;
 31.1130 +
 31.1131 +        for (i = 0; i < max_ste_types; i++)
 31.1132 +            ((type_t *) ptr)[i] = htons((type_t) e->row[i]);
 31.1133 +
 31.1134 +        ptr += sizeof(type_t) * max_ste_types;
 31.1135 +    }
 31.1136 +
 31.1137 +    if ((ptr - buf) != len)
 31.1138 +    {
 31.1139 +        printf("ERROR: wrong lengths in %s.\n", __func__);
 31.1140 +        exit(EXIT_FAILURE);
 31.1141 +    }
 31.1142 +    (*len_ste) = len;
 31.1143 +    return buf;                 /* for now */
 31.1144 +}
 31.1145 +
 31.1146 +int write_binary(char *filename)
 31.1147 +{
 31.1148 +    struct acm_policy_buffer header;
 31.1149 +    unsigned char *ste_buffer = NULL, *chwall_buffer = NULL;
 31.1150 +    u_int32_t len;
 31.1151 +    int fd;
 31.1152 +
 31.1153 +    u_int32_t len_ste = 0, len_chwall = 0;      /* length of policy components */
 31.1154 +
 31.1155 +    /* open binary file */
 31.1156 +    if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR)) <= 0)
 31.1157 +        return -EIO;
 31.1158 +
 31.1159 +    ste_buffer = write_ste_binary(&len_ste);
 31.1160 +    chwall_buffer = write_chwall_binary(&len_chwall);
 31.1161 +
 31.1162 +    /* determine primary component (default chwall) */
 31.1163 +    header.policy_version = htonl(ACM_POLICY_VERSION);
 31.1164 +    header.magic = htonl(ACM_MAGIC);
 31.1165 +
 31.1166 +    len = sizeof(struct acm_policy_buffer);
 31.1167 +    if (have_chwall)
 31.1168 +        len += len_chwall;
 31.1169 +    if (have_ste)
 31.1170 +        len += len_ste;
 31.1171 +    header.len = htonl(len);
 31.1172 +
 31.1173 +    header.primary_buffer_offset = htonl(sizeof(struct acm_policy_buffer));
 31.1174 +    if (primary == CHWALL)
 31.1175 +    {
 31.1176 +        header.primary_policy_code = htonl(ACM_CHINESE_WALL_POLICY);
 31.1177 +        header.secondary_buffer_offset =
 31.1178 +            htonl((sizeof(struct acm_policy_buffer)) + len_chwall);
 31.1179 +    }
 31.1180 +    else if (primary == STE)
 31.1181 +    {
 31.1182 +        header.primary_policy_code =
 31.1183 +            htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
 31.1184 +        header.secondary_buffer_offset =
 31.1185 +            htonl((sizeof(struct acm_policy_buffer)) + len_ste);
 31.1186 +    }
 31.1187 +    else
 31.1188 +    {
 31.1189 +        /* null policy */
 31.1190 +        header.primary_policy_code = htonl(ACM_NULL_POLICY);
 31.1191 +        header.secondary_buffer_offset =
 31.1192 +            htonl(header.primary_buffer_offset);
 31.1193 +    }
 31.1194 +
 31.1195 +    if (secondary == CHWALL)
 31.1196 +        header.secondary_policy_code = htonl(ACM_CHINESE_WALL_POLICY);
 31.1197 +    else if (secondary == STE)
 31.1198 +        header.secondary_policy_code =
 31.1199 +            htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
 31.1200 +    else
 31.1201 +        header.secondary_policy_code = htonl(ACM_NULL_POLICY);
 31.1202 +
 31.1203 +    if (write(fd, (void *) &header, sizeof(struct acm_policy_buffer))
 31.1204 +        != sizeof(struct acm_policy_buffer))
 31.1205 +        return -EIO;
 31.1206 +
 31.1207 +    /* write primary policy component */
 31.1208 +    if (primary == CHWALL)
 31.1209 +    {
 31.1210 +        if (write(fd, chwall_buffer, len_chwall) != len_chwall)
 31.1211 +            return -EIO;
 31.1212 +    }
 31.1213 +    else if (primary == STE)
 31.1214 +    {
 31.1215 +        if (write(fd, ste_buffer, len_ste) != len_ste)
 31.1216 +            return -EIO;
 31.1217 +    } else
 31.1218 +        ;                     /* NULL POLICY has no policy data */
 31.1219 +
 31.1220 +    /* write secondary policy component */
 31.1221 +    if (secondary == CHWALL)
 31.1222 +    {
 31.1223 +        if (write(fd, chwall_buffer, len_chwall) != len_chwall)
 31.1224 +            return -EIO;
 31.1225 +    }
 31.1226 +    else if (secondary == STE)
 31.1227 +    {
 31.1228 +        if (write(fd, ste_buffer, len_ste) != len_ste)
 31.1229 +            return -EIO;
 31.1230 +    } else;                     /* NULL POLICY has no policy data */
 31.1231 +
 31.1232 +    close(fd);
 31.1233 +    return 0;
 31.1234 +}
 31.1235 +
 31.1236 +int is_valid(xmlDocPtr doc)
 31.1237 +{
 31.1238 +    int err = 0;
 31.1239 +    xmlSchemaPtr schema_ctxt = NULL;
 31.1240 +    xmlSchemaParserCtxtPtr schemaparser_ctxt = NULL;
 31.1241 +    xmlSchemaValidCtxtPtr schemavalid_ctxt = NULL;
 31.1242 +
 31.1243 +    schemaparser_ctxt = xmlSchemaNewParserCtxt(SCHEMA_FILENAME);
 31.1244 +    schema_ctxt = xmlSchemaParse(schemaparser_ctxt);
 31.1245 +    schemavalid_ctxt = xmlSchemaNewValidCtxt(schema_ctxt);
 31.1246 +
 31.1247 +#ifdef VALIDATE_SCHEMA
 31.1248 +    /* only tested to be available from libxml2-2.6.20 upwards */
 31.1249 +    if ((err = xmlSchemaIsValid(schemavalid_ctxt)) != 1)
 31.1250 +    {
 31.1251 +        printf("ERROR: Invalid schema file %s (err=%d)\n",
 31.1252 +               SCHEMA_FILENAME, err);
 31.1253 +        err = -EIO;
 31.1254 +        goto out;
 31.1255 +    }
 31.1256 +    else
 31.1257 +        printf("XML Schema %s valid.\n", SCHEMA_FILENAME);
 31.1258 +#endif
 31.1259 +    if ((err = xmlSchemaValidateDoc(schemavalid_ctxt, doc)))
 31.1260 +    {
 31.1261 +        err = -EIO;
 31.1262 +        goto out;
 31.1263 +    }
 31.1264 +  out:
 31.1265 +    xmlSchemaFreeValidCtxt(schemavalid_ctxt);
 31.1266 +    xmlSchemaFreeParserCtxt(schemaparser_ctxt);
 31.1267 +    xmlSchemaFree(schema_ctxt);
 31.1268 +    return (err != 0) ? 0 : 1;
 31.1269 +}
 31.1270 +
 31.1271 +int main(int argc, char **argv)
 31.1272 +{
 31.1273 +    xmlDocPtr labeldoc = NULL;
 31.1274 +    xmlDocPtr policydoc = NULL;
 31.1275 +
 31.1276 +    int err = EXIT_SUCCESS;
 31.1277 +
 31.1278 +    char *file_prefix;
 31.1279 +    int prefix_len;
 31.1280 +
 31.1281 +    if (ACM_POLICY_VERSION != WRITTEN_AGAINST_ACM_POLICY_VERSION)
 31.1282 +    {
 31.1283 +        printf("ERROR: This program was written against an older ACM version.\n");
 31.1284 +        exit(EXIT_FAILURE);
 31.1285 +    }
 31.1286 +
 31.1287 +    if (argc != 2)
 31.1288 +        usage(basename(argv[0]));
 31.1289 +
 31.1290 +    prefix_len = strlen(POLICY_SUBDIR) +
 31.1291 +        strlen(argv[1]) + 1 /* "/" */  +
 31.1292 +        strlen(argv[1]) + 1 /* "/" */ ;
 31.1293 +
 31.1294 +    file_prefix = malloc(prefix_len);
 31.1295 +    policy_filename = malloc(prefix_len + strlen(POLICY_EXTENSION));
 31.1296 +    label_filename = malloc(prefix_len + strlen(LABEL_EXTENSION));
 31.1297 +    binary_filename = malloc(prefix_len + strlen(BINARY_EXTENSION));
 31.1298 +    mapping_filename = malloc(prefix_len + strlen(MAPPING_EXTENSION));
 31.1299 +
 31.1300 +    if (!file_prefix || !policy_filename || !label_filename ||
 31.1301 +        !binary_filename || !mapping_filename)
 31.1302 +    {
 31.1303 +        printf("ERROR allocating file name memory.\n");
 31.1304 +        goto out2;
 31.1305 +    }
 31.1306 +
 31.1307 +    /* create input/output filenames out of prefix */
 31.1308 +    strcat(file_prefix, POLICY_SUBDIR);
 31.1309 +    strcat(file_prefix, argv[1]);
 31.1310 +    strcat(file_prefix, "/");
 31.1311 +    strcat(file_prefix, argv[1]);
 31.1312 +
 31.1313 +    strcpy(policy_filename, file_prefix);
 31.1314 +    strcpy(label_filename, file_prefix);
 31.1315 +    strcpy(binary_filename, file_prefix);
 31.1316 +    strcpy(mapping_filename, file_prefix);
 31.1317 +
 31.1318 +    strcat(policy_filename, POLICY_EXTENSION);
 31.1319 +    strcat(label_filename, LABEL_EXTENSION);
 31.1320 +    strcat(binary_filename, BINARY_EXTENSION);
 31.1321 +    strcat(mapping_filename, MAPPING_EXTENSION);
 31.1322 +
 31.1323 +    labeldoc = xmlParseFile(label_filename);
 31.1324 +
 31.1325 +    if (labeldoc == NULL)
 31.1326 +    {
 31.1327 +        printf("Error: could not parse file %s.\n", argv[1]);
 31.1328 +        goto out2;
 31.1329 +    }
 31.1330 +
 31.1331 +    printf("Validating label file %s...\n", label_filename);
 31.1332 +    if (!is_valid(labeldoc))
 31.1333 +    {
 31.1334 +        printf("ERROR: Failed schema-validation for file %s (err=%d)\n",
 31.1335 +               label_filename, err);
 31.1336 +        goto out1;
 31.1337 +    }
 31.1338 +
 31.1339 +    policydoc = xmlParseFile(policy_filename);
 31.1340 +
 31.1341 +    if (policydoc == NULL)
 31.1342 +    {
 31.1343 +        printf("Error: could not parse file %s.\n", argv[1]);
 31.1344 +        goto out1;
 31.1345 +    }
 31.1346 +
 31.1347 +    printf("Validating policy file %s...\n", policy_filename);
 31.1348 +
 31.1349 +    if (!is_valid(policydoc))
 31.1350 +    {
 31.1351 +        printf("ERROR: Failed schema-validation for file %s (err=%d)\n",
 31.1352 +               policy_filename, err);
 31.1353 +        goto out;
 31.1354 +    }
 31.1355 +
 31.1356 +    /* Init queues and parse policy */
 31.1357 +    create_type_mapping(policydoc);
 31.1358 +
 31.1359 +    /* create ssids */
 31.1360 +    create_ssid_mapping(labeldoc);
 31.1361 +
 31.1362 +    /* write label mapping file */
 31.1363 +    if (write_mapping(mapping_filename))
 31.1364 +    {
 31.1365 +        printf("ERROR: writing mapping file %s.\n", mapping_filename);
 31.1366 +        goto out;
 31.1367 +    }
 31.1368 +
 31.1369 +    /* write binary file */
 31.1370 +    if (write_binary(binary_filename))
 31.1371 +    {
 31.1372 +        printf("ERROR: writing binary file %s.\n", binary_filename);
 31.1373 +        goto out;
 31.1374 +    }
 31.1375 +
 31.1376 +    /* write stats */
 31.1377 +    if (have_chwall)
 31.1378 +    {
 31.1379 +        printf("Max chwall labels:  %u\n", max_chwall_labels);
 31.1380 +        printf("Max chwall-types:   %u\n", max_chwall_types);
 31.1381 +        printf("Max chwall-ssids:   %u\n", max_chwall_ssids);
 31.1382 +    }
 31.1383 +
 31.1384 +    if (have_ste)
 31.1385 +    {
 31.1386 +        printf("Max ste labels:     %u\n", max_ste_labels);
 31.1387 +        printf("Max ste-types:      %u\n", max_ste_types);
 31.1388 +        printf("Max ste-ssids:      %u\n", max_ste_ssids);
 31.1389 +    }
 31.1390 +    /* cleanup */
 31.1391 +  out:
 31.1392 +    xmlFreeDoc(policydoc);
 31.1393 +  out1:
 31.1394 +    xmlFreeDoc(labeldoc);
 31.1395 +  out2:
 31.1396 +    xmlCleanupParser();
 31.1397 +    return err;
 31.1398 +}
 31.1399 +
    32.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    32.2 +++ b/tools/security/secpol_xml2bin.h	Fri Aug 19 09:03:17 2005 +0000
    32.3 @@ -0,0 +1,139 @@
    32.4 +/****************************************************************
    32.5 + * secpol_xml2bin.h
    32.6 + *
    32.7 + * Copyright (C) 2005 IBM Corporation
    32.8 + *
    32.9 + * Authors:
   32.10 + * Reiner Sailer <sailer@watson.ibm.com>
   32.11 + *
   32.12 + * This program is free software; you can redistribute it and/or
   32.13 + * modify it under the terms of the GNU General Public License as
   32.14 + * published by the Free Software Foundation, version 2 of the
   32.15 + * License.
   32.16 + *
   32.17 + */
   32.18 +#define POLICY_SUBDIR       "policies/"
   32.19 +#define POLICY_EXTENSION    "-security_policy.xml"
   32.20 +#define LABEL_EXTENSION     "-security_label_template.xml"
   32.21 +#define BINARY_EXTENSION    ".bin"
   32.22 +#define MAPPING_EXTENSION   ".map"
   32.23 +#define PRIMARY_COMPONENT_ATTR_NAME "order"
   32.24 +#define BOOTSTRAP_LABEL_ATTR_NAME   "bootstrap"
   32.25 +#define PRIMARY_COMPONENT   "PrimaryPolicyComponent"
   32.26 +#define SCHEMA_FILENAME     "policies/security_policy.xsd"
   32.27 +
   32.28 +/* basic states (used as 1 << X) */
   32.29 +#define XML2BIN_SECPOL		    0   /* policy tokens */
   32.30 +#define XML2BIN_STE		        1
   32.31 +#define XML2BIN_CHWALL          2
   32.32 +#define XML2BIN_CONFLICTSETS   	3
   32.33 +#define XML2BIN_CSTYPE	    	4
   32.34 +
   32.35 +#define XML2BIN_SECTEMPLATE	    5   /* label tokens */
   32.36 +#define XML2BIN_POLICYHEADER   	6
   32.37 +#define XML2BIN_LABELHEADER     7
   32.38 +#define XML2BIN_SUBJECTS        8
   32.39 +#define XML2BIN_OBJECTS  	    9
   32.40 +#define XML2BIN_VM      	    10
   32.41 +#define XML2BIN_RES          	11
   32.42 +
   32.43 +#define XML2BIN_STETYPES	    12  /* shared tokens */
   32.44 +#define XML2BIN_CHWALLTYPES	    13
   32.45 +#define XML2BIN_TYPE		    14
   32.46 +#define XML2BIN_NAME            15
   32.47 +#define XML2BIN_TEXT		    16
   32.48 +#define XML2BIN_COMMENT	    	17
   32.49 +
   32.50 +/* type "data type" (currently 16bit) */
   32.51 +typedef u_int16_t type_t;
   32.52 +
   32.53 +/* list of known elements and token equivalent  *
   32.54 + * state constants and token positions must be  *
   32.55 + * in sync for correct state recognition        */
   32.56 +
   32.57 +char *token[20] =                       /* parser triggers */
   32.58 +{
   32.59 +    [0] = "SecurityPolicyDefinition",   /* policy xml */
   32.60 +    [1] = "SimpleTypeEnforcement",
   32.61 +    [2] = "ChineseWall",
   32.62 +    [3] = "ConflictSets",
   32.63 +    [4] = "Conflict",                   /* label-template xml */
   32.64 +    [5] = "SecurityLabelTemplate",
   32.65 +    [6] = "PolicyHeader",
   32.66 +    [7] = "LabelHeader",
   32.67 +    [8] = "SubjectLabels",
   32.68 +    [9] = "ObjectLabels",
   32.69 +    [10] = "VirtualMachineLabel",
   32.70 +    [11] = "ResourceLabel",
   32.71 +    [12] = "SimpleTypeEnforcementTypes",                  /* common tags */
   32.72 +    [13] = "ChineseWallTypes",
   32.73 +    [14] = "Type",
   32.74 +    [15] = "Name",
   32.75 +    [16] = "text",
   32.76 +    [17] = "comment",
   32.77 +    [18] = NULL,
   32.78 +};
   32.79 +
   32.80 +/* important combined states */
   32.81 +#define XML2BIN_NULL 		0
   32.82 +
   32.83 +/* policy xml parsing states _S */
   32.84 +
   32.85 +/* e.g., here we are in a <secpol,ste,stetypes> environment,  *
   32.86 + * so when finding a type element, we know where to put it    */
   32.87 +#define XML2BIN_stetype_S ((1 << XML2BIN_SECPOL) | \
   32.88 +				 (1 << XML2BIN_STE) | 	 \
   32.89 +				 (1 << XML2BIN_STETYPES))
   32.90 +
   32.91 +#define XML2BIN_chwalltype_S ((1 << XML2BIN_SECPOL) | \
   32.92 +				 (1 << XML2BIN_CHWALL) | \
   32.93 +				 (1 << XML2BIN_CHWALLTYPES))
   32.94 +
   32.95 +#define XML2BIN_conflictset_S ((1 << XML2BIN_SECPOL) | \
   32.96 +				 (1 << XML2BIN_CHWALL) | \
   32.97 +				 (1 << XML2BIN_CONFLICTSETS))
   32.98 +
   32.99 +#define XML2BIN_conflictsettype_S ((1 << XML2BIN_SECPOL) | \
  32.100 +				 (1 << XML2BIN_CHWALL) | \
  32.101 +				 (1 << XML2BIN_CONFLICTSETS) | \
  32.102 +				 (1 << XML2BIN_CSTYPE))
  32.103 +
  32.104 +
  32.105 +/* label xml states */
  32.106 +#define XML2BIN_VM_S ((1 << XML2BIN_SECTEMPLATE) | \
  32.107 +                      (1 << XML2BIN_SUBJECTS) |    \
  32.108 +                      (1 << XML2BIN_VM))
  32.109 +
  32.110 +#define XML2BIN_RES_S ((1 << XML2BIN_SECTEMPLATE) | \
  32.111 +                       (1 << XML2BIN_OBJECTS) |     \
  32.112 +                       (1 << XML2BIN_RES))
  32.113 +
  32.114 +#define XML2BIN_VM_STE_S ((1 << XML2BIN_SECTEMPLATE) | \
  32.115 +                        (1 << XML2BIN_SUBJECTS) | \
  32.116 +                        (1 << XML2BIN_VM) | \
  32.117 +                        (1 << XML2BIN_STETYPES))
  32.118 +
  32.119 +#define XML2BIN_VM_CHWALL_S ((1 << XML2BIN_SECTEMPLATE) | \
  32.120 +                           (1 << XML2BIN_SUBJECTS) | \
  32.121 +                           (1 << XML2BIN_VM) | \
  32.122 +                           (1 << XML2BIN_CHWALLTYPES))
  32.123 +
  32.124 +#define XML2BIN_RES_STE_S ((1 << XML2BIN_SECTEMPLATE) | \
  32.125 +                         (1 << XML2BIN_OBJECTS) | \
  32.126 +                         (1 << XML2BIN_RES) | \
  32.127 +                         (1 << XML2BIN_STETYPES))
  32.128 +
  32.129 +
  32.130 +
  32.131 +/* check versions of headers against which the
  32.132 + * xml2bin translation tool was written
  32.133 + */
  32.134 +
  32.135 +/* protects from unnoticed changes in struct acm_policy_buffer */
  32.136 +#define WRITTEN_AGAINST_ACM_POLICY_VERSION  1
  32.137 +
  32.138 +/* protects from unnoticed changes in struct acm_chwall_policy_buffer */
  32.139 +#define WRITTEN_AGAINST_ACM_CHWALL_VERSION  1
  32.140 +
  32.141 +/* protects from unnoticed changes in struct acm_ste_policy_buffer */
  32.142 +#define WRITTEN_AGAINST_ACM_STE_VERSION     1
    33.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    33.2 +++ b/tools/security/setlabel.sh	Fri Aug 19 09:03:17 2005 +0000
    33.3 @@ -0,0 +1,345 @@
    33.4 +#!/bin/sh
    33.5 +# *
    33.6 +# * setlabel
    33.7 +# *
    33.8 +# * Copyright (C) 2005 IBM Corporation
    33.9 +# *
   33.10 +# * Authors:
   33.11 +# * Stefan Berger <stefanb@us.ibm.com>
   33.12 +# *
   33.13 +# * This program is free software; you can redistribute it and/or
   33.14 +# * modify it under the terms of the GNU General Public License as
   33.15 +# * published by the Free Software Foundation, version 2 of the
   33.16 +# * License.
   33.17 +# *
   33.18 +# * 'setlabel' labels virtual machine (domain) configuration files with
   33.19 +# * security identifiers that can be enforced in Xen.
   33.20 +# *
   33.21 +# * 'setlabel -?' shows the usage of the program
   33.22 +# *
   33.23 +# * 'setlabel -l vmconfig-file' lists all available labels (only VM
   33.24 +# *            labels are used right now)
   33.25 +# *
   33.26 +# * 'setlabel vmconfig-file security-label map-file' inserts the 'ssidref'
   33.27 +# *                       that corresponds to the security-label under the
   33.28 +# *                       current policy (if policy changes, 'label'
   33.29 +# *                       must be re-run over the configuration files;
   33.30 +# *                       map-file is created during policy translation and
   33.31 +# *                       is found in the policy's directory
   33.32 +#
   33.33 +
   33.34 +if [ -z "$runbash" ]; then
   33.35 +	runbash="1"
   33.36 +	export runbash
   33.37 +	exec sh -c "bash $0 $*"
   33.38 +fi
   33.39 +
   33.40 +
   33.41 +usage ()
   33.42 +{
   33.43 +	echo "Usage: $0 [Option] <vmfile> <label> <policy name> "
   33.44 +	echo "    or $0 -l <policy name>"
   33.45 +	echo ""
   33.46 +	echo "Valid Options are:"
   33.47 +	echo "-r          : to relabel a file without being prompted"
   33.48 +	echo ""
   33.49 +	echo "vmfile      : XEN vm configuration file"
   33.50 +	echo "label       : the label to map"
   33.51 +	echo "policy name : the name of the policy, i.e. 'chwall'"
   33.52 +	echo ""
   33.53 +	echo "-l <policy name> is used to show valid labels in the map file"
   33.54 +	echo ""
   33.55 +}
   33.56 +
   33.57 +
   33.58 +findMapFile ()
   33.59 +{
   33.60 +	mapfile="./$1.map"
   33.61 +	if [ -r "$mapfile" ]; then
   33.62 +		return 1
   33.63 +	fi
   33.64 +
   33.65 +	mapfile="./policies/$1/$1.map"
   33.66 +	if [ -r "$mapfile" ]; then
   33.67 +		return 1
   33.68 +	fi
   33.69 +
   33.70 +	return 0
   33.71 +}
   33.72 +
   33.73 +showLabels ()
   33.74 +{
   33.75 +	mapfile=$1
   33.76 +	if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then
   33.77 +		echo "Cannot read from vm configuration file $vmfile."
   33.78 +		return -1
   33.79 +	fi
   33.80 +
   33.81 +	getPrimaryPolicy $mapfile
   33.82 +	getSecondaryPolicy $mapfile
   33.83 +
   33.84 +	echo "The following labels are available:"
   33.85 +	let line=1
   33.86 +	while [ 1 ]; do
   33.87 +		ITEM=`cat $mapfile |         \
   33.88 +		      awk -vline=$line       \
   33.89 +		          -vprimary=$primary \
   33.90 +		      '{                     \
   33.91 +		         if ($1 == "LABEL->SSID" &&  \
   33.92 +		             $2 == "VM" &&           \
   33.93 +		             $3 == primary ) {       \
   33.94 +		           ctr++;                    \
   33.95 +		           if (ctr == line) {        \
   33.96 +		             print $4;               \
   33.97 +		           }                         \
   33.98 +		         }                           \
   33.99 +		       } END {                       \
  33.100 +		       }'`
  33.101 +
  33.102 +		if [ "$ITEM" == "" ]; then
  33.103 +			break
  33.104 +		fi
  33.105 +		if [ "$secondary" != "NULL" ]; then
  33.106 +			LABEL=`cat $mapfile |     \
  33.107 +			       awk -vitem=$ITEM   \
  33.108 +			       '{
  33.109 +			          if ($1 == "LABEL->SSID" && \
  33.110 +			              $2 == "VM" &&          \
  33.111 +			              $3 == "CHWALL" &&      \
  33.112 +			              $4 == item ) {         \
  33.113 +			            result = item;           \
  33.114 +			          }                          \
  33.115 +			        } END {                      \
  33.116 +			            print result             \
  33.117 +			        }'`
  33.118 +		else
  33.119 +			LABEL=$ITEM
  33.120 +		fi
  33.121 +
  33.122 +		if [ "$LABEL" != "" ]; then
  33.123 +			echo "$LABEL"
  33.124 +			found=1
  33.125 +		fi
  33.126 +		let line=line+1
  33.127 +	done
  33.128 +	if [ "$found" != "1" ]; then
  33.129 +		echo "No labels found."
  33.130 +	fi
  33.131 +}
  33.132 +
  33.133 +getPrimaryPolicy ()
  33.134 +{
  33.135 +	mapfile=$1
  33.136 +	primary=`cat $mapfile  |   \
  33.137 +	         awk '             \
  33.138 +	          {                \
  33.139 +	            if ( $1 == "PRIMARY" ) { \
  33.140 +	              res=$2;                \
  33.141 +	            }                        \
  33.142 +	          } END {                    \
  33.143 +	            print res;               \
  33.144 +	          } '`
  33.145 +}
  33.146 +
  33.147 +getSecondaryPolicy ()
  33.148 +{
  33.149 +	mapfile=$1
  33.150 +	secondary=`cat $mapfile  |   \
  33.151 +	         awk '             \
  33.152 +	          {                \
  33.153 +	            if ( $1 == "SECONDARY" ) { \
  33.154 +	              res=$2;                \
  33.155 +	            }                        \
  33.156 +	          } END {                    \
  33.157 +	            print res;               \
  33.158 +	          } '`
  33.159 +}
  33.160 +
  33.161 +
  33.162 +getDefaultSsid ()
  33.163 +{
  33.164 +	mapfile=$1
  33.165 +	pol=$2
  33.166 +	RES=`cat $mapfile    \
  33.167 +	     awk -vpol=$pol  \
  33.168 +	      {              \
  33.169 +	        if ($1 == "LABEL->SSID" && \
  33.170 +	            $2 == "ANY"         && \
  33.171 +	            $3 == pol           && \
  33.172 +	            $4 == "DEFAULT"       ) {\
  33.173 +	              res=$5;                \
  33.174 +	        }                            \
  33.175 +	      } END {                        \
  33.176 +	        printf "%04x", strtonum(res) \
  33.177 +	     }'`
  33.178 +	echo "default NULL mapping is $RES"
  33.179 +	defaultssid=$RES
  33.180 +}
  33.181 +
  33.182 +relabel ()
  33.183 +{
  33.184 +	vmfile=$1
  33.185 +	label=$2
  33.186 +	mapfile=$3
  33.187 +	mode=$4
  33.188 +
  33.189 +	if [ ! -r "$vmfile" ]; then
  33.190 +		echo "Cannot read from vm configuration file $vmfile."
  33.191 +		return -1
  33.192 +	fi
  33.193 +
  33.194 +	if [ ! -w "$vmfile" ]; then
  33.195 +		echo "Cannot write to vm configuration file $vmfile."
  33.196 +		return -1
  33.197 +	fi
  33.198 +
  33.199 +	if [ ! -r "$mapfile" ] ; then
  33.200 +		echo "Cannot read mapping file $mapfile."
  33.201 +		return -1
  33.202 +	fi
  33.203 +
  33.204 +	# Determine which policy is primary, which sec.
  33.205 +	getPrimaryPolicy $mapfile
  33.206 +	getSecondaryPolicy $mapfile
  33.207 +
  33.208 +	# Calculate the primary policy's SSIDREF
  33.209 +	if [ "$primary" == "NULL" ]; then
  33.210 +		SSIDLO="0000"
  33.211 +	else
  33.212 +		SSIDLO=`cat $mapfile |                    \
  33.213 +		        awk -vlabel=$label                \
  33.214 +		            -vprimary=$primary            \
  33.215 +		           '{                             \
  33.216 +		              if ( $1 == "LABEL->SSID" && \
  33.217 +		                   $2 == "VM" &&          \
  33.218 +		                   $3 == primary  &&      \
  33.219 +		                   $4 == label ) {        \
  33.220 +		                result=$5                 \
  33.221 +		              }                           \
  33.222 +		           } END {                        \
  33.223 +		             if (result != "" )           \
  33.224 +		               {printf "%04x", strtonum(result)}\
  33.225 +		           }'`
  33.226 +	fi
  33.227 +
  33.228 +	# Calculate the secondary policy's SSIDREF
  33.229 +	if [ "$secondary" == "NULL" ]; then
  33.230 +		SSIDHI="0000"
  33.231 +	else
  33.232 +		SSIDHI=`cat $mapfile |                    \
  33.233 +		        awk -vlabel=$label                \
  33.234 +		            -vsecondary=$secondary        \
  33.235 +		           '{                             \
  33.236 +		              if ( $1 == "LABEL->SSID" && \
  33.237 +		                   $2 == "VM"          && \
  33.238 +		                   $3 == secondary     && \
  33.239 +		                   $4 == label ) {        \
  33.240 +		                result=$5                 \
  33.241 +		              }                           \
  33.242 +		            }  END {                      \
  33.243 +		              if (result != "" )          \
  33.244 +		                {printf "%04x", strtonum(result)}\
  33.245 +		            }'`
  33.246 +	fi
  33.247 +
  33.248 +	if [ "$SSIDLO" == "" -o \
  33.249 +	     "$SSIDHI" == "" ]; then
  33.250 +		echo "Could not map the given label '$label'."
  33.251 +		return -1
  33.252 +	fi
  33.253 +
  33.254 +	ACM_POLICY=`cat $mapfile |             \
  33.255 +	    awk ' { if ( $1 == "POLICY" ) {    \
  33.256 +	              result=$2                \
  33.257 +	            }                          \
  33.258 +	          }                            \
  33.259 +	          END {                        \
  33.260 +	            if (result != "") {        \
  33.261 +	              printf result            \
  33.262 +	            }                          \
  33.263 +	          }'`
  33.264 +
  33.265 +	if [ "$ACM_POLICY" == "" ]; then
  33.266 +		echo "Could not find 'POLICY' entry in map file."
  33.267 +		return -1
  33.268 +	fi
  33.269 +
  33.270 +	SSIDREF="0x$SSIDHI$SSIDLO"
  33.271 +
  33.272 +	if [ "$mode" != "relabel" ]; then
  33.273 +		RES=`cat $vmfile |  \
  33.274 +		     awk '{         \
  33.275 +		       if ( substr($1,0,7) == "ssidref" ) {\
  33.276 +		         print $0;             \
  33.277 +		       }                       \
  33.278 +		     }'`
  33.279 +		if [ "$RES" != "" ]; then
  33.280 +			echo "Do you want to overwrite the existing mapping ($RES)? (y/N)"
  33.281 +			read user
  33.282 +			if [ "$user" != "y" -a "$user" != "Y" ]; then
  33.283 +				echo "Aborted."
  33.284 +				return 0
  33.285 +			fi
  33.286 +		fi
  33.287 +	fi
  33.288 +
  33.289 +	#Write the output
  33.290 +	vmtmp1="/tmp/__setlabel.tmp1"
  33.291 +	vmtmp2="/tmp/__setlabel.tmp2"
  33.292 +	touch $vmtmp1
  33.293 +	touch $vmtmp2
  33.294 +	if [ ! -w "$vmtmp1" -o ! -w "$vmtmp2" ]; then
  33.295 +		echo "Cannot create temporary files. Aborting."
  33.296 +		return -1
  33.297 +	fi
  33.298 +	RES=`sed -e '/^#ACM_POLICY/d' $vmfile > $vmtmp1`
  33.299 +	RES=`sed -e '/^#ACM_LABEL/d' $vmtmp1 > $vmtmp2`
  33.300 +	RES=`sed -e '/^ssidref/d' $vmtmp2 > $vmtmp1`
  33.301 +	echo "#ACM_POLICY=$ACM_POLICY" >> $vmtmp1
  33.302 +	echo "#ACM_LABEL=$label" >> $vmtmp1
  33.303 +	echo "ssidref = $SSIDREF" >> $vmtmp1
  33.304 +	mv -f $vmtmp1 $vmfile
  33.305 +	rm -rf $vmtmp1 $vmtmp2
  33.306 +	echo "Mapped label '$label' to ssidref '$SSIDREF'."
  33.307 +}
  33.308 +
  33.309 +
  33.310 +
  33.311 +if [ "$1" == "-r" ]; then
  33.312 +	mode="relabel"
  33.313 +	shift
  33.314 +elif [ "$1" == "-l" ]; then
  33.315 +	mode="show"
  33.316 +	shift
  33.317 +elif [ "$1" == "-?" ]; then
  33.318 +	mode="usage"
  33.319 +fi
  33.320 +
  33.321 +if [ "$mode" == "show" ]; then
  33.322 +	if [ "$1" == "" ]; then
  33.323 +		usage
  33.324 +		exit -1;
  33.325 +	fi
  33.326 +	findMapFile $1
  33.327 +	res=$?
  33.328 +	if [ "$res" != "0" ]; then
  33.329 +		showLabels $mapfile
  33.330 +	else
  33.331 +		echo "Could not find map file for policy '$1'."
  33.332 +	fi
  33.333 +elif [ "$mode" == "usage" ]; then
  33.334 +	usage
  33.335 +else
  33.336 +	if [ "$3" == "" ]; then
  33.337 +		usage
  33.338 +		exit -1;
  33.339 +	fi
  33.340 +	findMapFile $3
  33.341 +	res=$?
  33.342 +	if [ "$res" != "0" ]; then
  33.343 +		relabel $1 $2 $mapfile $mode
  33.344 +	else
  33.345 +		echo "Could not find map file for policy '$3'."
  33.346 +	fi
  33.347 +
  33.348 +fi
    34.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    34.2 +++ b/tools/security/updategrub.sh	Fri Aug 19 09:03:17 2005 +0000
    34.3 @@ -0,0 +1,171 @@
    34.4 +#!/bin/sh
    34.5 +# *
    34.6 +# * updategrub
    34.7 +# *
    34.8 +# * Copyright (C) 2005 IBM Corporation
    34.9 +# *
   34.10 +# * Authors:
   34.11 +# * Stefan Berger <stefanb@us.ibm.com>
   34.12 +# *
   34.13 +# * This program is free software; you can redistribute it and/or
   34.14 +# * modify it under the terms of the GNU General Public License as
   34.15 +# * published by the Free Software Foundation, version 2 of the
   34.16 +# * License.
   34.17 +# *
   34.18 +# *
   34.19 +#
   34.20 +
   34.21 +if [ -z "$runbash" ]; then
   34.22 +	runbash="1"
   34.23 +	export runbash
   34.24 +	exec sh -c "bash $0 $*"
   34.25 +	exit
   34.26 +fi
   34.27 +
   34.28 +
   34.29 +# Show usage of this program
   34.30 +usage ()
   34.31 +{
   34.32 +	echo "Usage: $0 <policy name> <root of xen repository>"
   34.33 +	echo ""
   34.34 +	echo "<policy name>             : The name of the policy, i.e. xen_null"
   34.35 +	echo "<root of xen repository>  : The root of the XEN repositrory."
   34.36 +	echo ""
   34.37 +}
   34.38 +
   34.39 +# This function sets the global variable 'linux'
   34.40 +# to the name of the linux kernel that was compiled
   34.41 +# For now a pattern should do the trick
   34.42 +getLinuxVersion ()
   34.43 +{
   34.44 +	path=$1
   34.45 +	linux=""
   34.46 +	for f in $path/linux-*-xen0 ; do
   34.47 +		versionfile=$f/include/linux/version.h
   34.48 +		if [ -r $versionfile ]; then
   34.49 +			lnx=`cat $versionfile | \
   34.50 +			     grep UTS_RELEASE | \
   34.51 +			     awk '{             \
   34.52 +			       len=length($3);  \
   34.53 +			       print substr($3,2,len-2) }'`
   34.54 +		fi
   34.55 +		if [ "$lnx" != "" ]; then
   34.56 +			linux="[./0-9a-zA-z]*$lnx"
   34.57 +			return;
   34.58 +		fi
   34.59 +	done
   34.60 +
   34.61 +	#Last resort.
   34.62 +	linux="vmlinuz-2.[45678].[0-9]*[.0-9]*-xen0$"
   34.63 +}
   34.64 +
   34.65 +#Return where the grub.conf file is.
   34.66 +#I only know of one place it can be.
   34.67 +findGrubConf()
   34.68 +{
   34.69 +	grubconf="/boot/grub/grub.conf"
   34.70 +	if [ -w $grubconf ]; then
   34.71 +		return 1
   34.72 +	fi
   34.73 +	return 0
   34.74 +}
   34.75 +
   34.76 +
   34.77 +#Update the grub configuration file.
   34.78 +#Search for existing entries and replace the current
   34.79 +#policy entry with the policy passed to this script
   34.80 +#
   34.81 +#Arguments passed to this function
   34.82 +# 1st : the grub configuration file
   34.83 +# 2nd : the binary policy file name
   34.84 +# 3rd : the name or pattern of the linux kernel name to match
   34.85 +#
   34.86 +# The algorithm here is based on pattern matching
   34.87 +# and is working correctly if
   34.88 +# - under a title a line beginning with 'kernel' is found
   34.89 +#   whose following item ends with "xen.gz"
   34.90 +#   Example:  kernel /xen.gz dom0_mem=....
   34.91 +# - a module line matching the 3rd parameter is found
   34.92 +#
   34.93 +updateGrub ()
   34.94 +{
   34.95 +	grubconf=$1
   34.96 +	policyfile=$2
   34.97 +	linux=$3
   34.98 +
   34.99 +	tmpfile="/tmp/new_grub.conf"
  34.100 +
  34.101 +	cat $grubconf |                                \
  34.102 +	         awk -vpolicy=$policyfile              \
  34.103 +	             -vlinux=$linux '{                 \
  34.104 +	           if ( $1 == "title" ) {              \
  34.105 +	             kernelfound = 0;                  \
  34.106 +	             if ( policymaycome == 1 ){        \
  34.107 +	               printf ("\tmodule %s%s\n", path, policy);      \
  34.108 +	             }                                 \
  34.109 +	             policymaycome = 0;                \
  34.110 +	           }                                   \
  34.111 +	           else if ( $1 == "kernel" ) {        \
  34.112 +	             if ( match($2,"xen.gz$") ) {      \
  34.113 +	               path=substr($2,1,RSTART-1);     \
  34.114 +	               kernelfound = 1;                \
  34.115 +	             }                                 \
  34.116 +	           }                                   \
  34.117 +	           else if ( $1 == "module" &&         \
  34.118 +	                     kernelfound == 1 &&       \
  34.119 +	                     match($2,linux) ) {       \
  34.120 +	              policymaycome = 1;               \
  34.121 +	           }                                   \
  34.122 +	           else if ( $1 == "module" &&         \
  34.123 +	                     kernelfound == 1 &&       \
  34.124 +	                     policymaycome == 1 &&     \
  34.125 +	                     match($2,"[0-9a-zA-Z]*.bin$") ) { \
  34.126 +	              printf ("\tmodule %s%s\n", path, policy); \
  34.127 +	              policymaycome = 0;               \
  34.128 +	              kernelfound = 0;                 \
  34.129 +	              dontprint = 1;                   \
  34.130 +	           }                                   \
  34.131 +	           else if ( $1 == "" &&               \
  34.132 +	                     kernelfound == 1 &&       \
  34.133 +	                     policymaycome == 1) {     \
  34.134 +	              dontprint = 1;                   \
  34.135 +	           }                                   \
  34.136 +	           if (dontprint == 0) {               \
  34.137 +	             printf ("%s\n", $0);              \
  34.138 +	           }                                   \
  34.139 +	           dontprint = 0;                      \
  34.140 +	         } END {                               \
  34.141 +	           if ( policymaycome == 1 ) {         \
  34.142 +	             printf ("\tmodule %s%s\n", path, policy);  \
  34.143 +	           }                                   \
  34.144 +	         }' > $tmpfile
  34.145 +	if [ ! -r $tmpfile ]; then
  34.146 +		echo "Could not create temporary file! Aborting."
  34.147 +		exit -1
  34.148 +	fi
  34.149 +	mv -f $tmpfile $grubconf
  34.150 +}
  34.151 +
  34.152 +if [ "$1" == "" -o "$2" == "" ]; then
  34.153 +	usage
  34.154 +	exit -1
  34.155 +fi
  34.156 +
  34.157 +if [ "$1" == "-?" ]; then
  34.158 +	usage
  34.159 +	exit 0
  34.160 +fi
  34.161 +
  34.162 +policy=$1
  34.163 +policyfile=$policy.bin
  34.164 +
  34.165 +getLinuxVersion $2
  34.166 +
  34.167 +findGrubConf
  34.168 +ERR=$?
  34.169 +if [ $ERR -eq 0 ]; then
  34.170 +	echo "Could not find grub.conf. Aborting."
  34.171 +	exit -1
  34.172 +fi
  34.173 +
  34.174 +updateGrub $grubconf $policyfile $linux
    35.1 --- a/xen/Rules.mk	Fri Aug 19 08:55:03 2005 +0000
    35.2 +++ b/xen/Rules.mk	Fri Aug 19 09:03:17 2005 +0000
    35.3 @@ -11,14 +11,6 @@ optimize    ?= y
    35.4  domu_debug  ?= n
    35.5  crash_debug ?= n
    35.6  
    35.7 -# ACM_USE_SECURITY_POLICY is set to security policy of Xen
    35.8 -# Supported models are:
    35.9 -#	ACM_NULL_POLICY (ACM will not be built with this policy)
   35.10 -#	ACM_CHINESE_WALL_POLICY
   35.11 -#	ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
   35.12 -#	ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
   35.13 -ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
   35.14 -
   35.15  include $(BASEDIR)/../Config.mk
   35.16  
   35.17  # Set ARCH/SUBARCH appropriately.