direct-io.hg

changeset 15512:aa640601575f

[Xen-API] Extension of the Xen-API for managing Xen Security Policies

This patch implements extensions for managing security policies in
xend. The XSPolicy and ACMPolicy classes provide the interface for the
Xen-API and implement functionality for setting, updating and
activating of a Xen security policy as well as labeling of virtual
machines and resources such as block devices. Labeling of network
devices will follow.

The acmpolicy class implements a compiler for translating an XML
policy into their binary format and provides functionality for
comparing a current policy against a new one when changing/updating a
policy.

The xspolicyadmin class administers the policy of the system.

Some of the xend-internal code deals with transforming the labeling
information from the S-Expression format into the new Xen-API
format. This is similar to much of the other code that is already
there.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author kfraser@localhost.localdomain
date Mon Jul 09 14:51:44 2007 +0100 (2007-07-09)
parents 83fd4ad219cd
children 1d1ccf6b8614
files tools/python/xen/util/acmpolicy.py tools/python/xen/util/bootloader.py tools/python/xen/util/security.py tools/python/xen/util/xsconstants.py tools/python/xen/util/xspolicy.py tools/python/xen/xend/XendAPI.py tools/python/xen/xend/XendConfig.py tools/python/xen/xend/XendDomain.py tools/python/xen/xend/XendDomainInfo.py tools/python/xen/xend/XendError.py tools/python/xen/xend/XendVDI.py tools/python/xen/xend/XendXSPolicy.py tools/python/xen/xend/XendXSPolicyAdmin.py tools/python/xen/xend/server/blkif.py tools/security/policies/security_policy.xsd
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/tools/python/xen/util/acmpolicy.py	Mon Jul 09 14:51:44 2007 +0100
     1.3 @@ -0,0 +1,1199 @@
     1.4 +#============================================================================
     1.5 +# This library is free software; you can redistribute it and/or
     1.6 +# modify it under the terms of version 2.1 of the GNU Lesser General Public
     1.7 +# License as published by the Free Software Foundation.
     1.8 +#
     1.9 +# This library is distributed in the hope that it will be useful,
    1.10 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
    1.11 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    1.12 +# Lesser General Public License for more details.
    1.13 +#
    1.14 +# You should have received a copy of the GNU Lesser General Public
    1.15 +# License along with this library; if not, write to the Free Software
    1.16 +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
    1.17 +#============================================================================
    1.18 +# Copyright (C) 2006,2007 International Business Machines Corp.
    1.19 +# Author: Stefan Berger <stefanb@us.ibm.com>
    1.20 +#============================================================================
    1.21 +
    1.22 +import os
    1.23 +import commands
    1.24 +import struct
    1.25 +import stat
    1.26 +import array
    1.27 +from xml.dom import minidom, Node
    1.28 +from xen.xend.XendLogging import log
    1.29 +from xen.util import security, xsconstants, bootloader, mkdir
    1.30 +from xen.util.xspolicy import XSPolicy
    1.31 +from xen.util.security import ACMError
    1.32 +from xen.xend.XendError import SecurityError
    1.33 +
    1.34 +ACM_POLICIES_DIR = security.policy_dir_prefix + "/"
    1.35 +
    1.36 +# Constants needed for generating a binary policy from its XML
    1.37 +# representation
    1.38 +ACM_POLICY_VERSION = 3  # Latest one
    1.39 +ACM_CHWALL_VERSION = 1
    1.40 +
    1.41 +ACM_STE_VERSION = 1
    1.42 +
    1.43 +ACM_MAGIC = 0x001debc;
    1.44 +
    1.45 +ACM_NULL_POLICY = 0
    1.46 +ACM_CHINESE_WALL_POLICY = 1
    1.47 +ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY = 2
    1.48 +ACM_POLICY_UNDEFINED = 15
    1.49 +
    1.50 +
    1.51 +ACM_SCHEMA_FILE = "/etc/xen/acm-security/policies/security_policy.xsd"
    1.52 +
    1.53 +class ACMPolicy(XSPolicy):
    1.54 +    """
    1.55 +     ACMPolicy class. Implements methods for getting information from
    1.56 +     the XML representation of the policy as well as compilation and
    1.57 +     loading of a policy into the HV.
    1.58 +    """
    1.59 +
    1.60 +    def __init__(self, name=None, dom=None, ref=None, xml=None):
    1.61 +        if name:
    1.62 +            self.name = name
    1.63 +            self.dom = minidom.parse(self.path_from_policy_name(name))
    1.64 +        elif dom:
    1.65 +            self.dom = dom
    1.66 +            self.name = self.get_name()
    1.67 +        elif xml:
    1.68 +            self.dom = minidom.parseString(xml)
    1.69 +            self.name = self.get_name()
    1.70 +        rc = self.validate()
    1.71 +        if rc != xsconstants.XSERR_SUCCESS:
    1.72 +            raise SecurityError(rc)
    1.73 +        mkdir.parents(ACM_POLICIES_DIR, stat.S_IRWXU)
    1.74 +        if ref:
    1.75 +            from xen.xend.XendXSPolicy import XendACMPolicy
    1.76 +            self.xendacmpolicy = XendACMPolicy(self, {}, ref)
    1.77 +        else:
    1.78 +            self.xendacmpolicy = None
    1.79 +        XSPolicy.__init__(self, name=self.name, ref=ref)
    1.80 +
    1.81 +    def get_dom(self):
    1.82 +        return self.dom
    1.83 +
    1.84 +    def get_name(self):
    1.85 +        return self.policy_dom_get_hdr_item("PolicyName")
    1.86 +
    1.87 +    def get_type(self):
    1.88 +        return xsconstants.XS_POLICY_ACM
    1.89 +
    1.90 +    def get_type_name(self):
    1.91 +        return xsconstants.ACM_POLICY_ID
    1.92 +
    1.93 +    def __str__(self):
    1.94 +        return self.get_name()
    1.95 +
    1.96 +
    1.97 +    def validate(self):
    1.98 +        """
    1.99 +            validate against the policy's schema Does not fail if the
   1.100 +            libxml2 python lib is not installed
   1.101 +        """
   1.102 +        rc = xsconstants.XSERR_SUCCESS
   1.103 +        try:
   1.104 +            import libxml2
   1.105 +        except Exception, e:
   1.106 +            log.warn("Libxml2 python-wrapper is not installed on the system.")
   1.107 +            return xsconstants.XSERR_SUCCESS
   1.108 +        try:
   1.109 +            parserctxt = libxml2.schemaNewParserCtxt(ACM_SCHEMA_FILE)
   1.110 +            schemaparser = parserctxt.schemaParse()
   1.111 +            valid = schemaparser.schemaNewValidCtxt()
   1.112 +            doc = libxml2.parseDoc(self.toxml())
   1.113 +            if doc.schemaValidateDoc(valid) != 0:
   1.114 +                rc = -xsconstants.XSERR_BAD_XML
   1.115 +        except Exception, e:
   1.116 +            log.warn("Problem with the schema: %s" % str(e))
   1.117 +            rc = -xsconstants.XSERR_GENERAL_FAILURE
   1.118 +        if rc != xsconstants.XSERR_SUCCESS:
   1.119 +            log.warn("XML did not validate against schema")
   1.120 +        rc = self.__validate_name_and_labels()
   1.121 +        return rc
   1.122 +
   1.123 +    def __validate_name_and_labels(self):
   1.124 +        """ no ':' allowed in the policy name and the labels """
   1.125 +        if ':' in self.get_name():
   1.126 +            return -xsconstants.XSERR_BAD_POLICY_NAME
   1.127 +        for s in self.policy_get_resourcelabel_names():
   1.128 +            if ':' in s:
   1.129 +                return -xsconstants.XSERR_BAD_LABEL
   1.130 +        for s in self.policy_get_virtualmachinelabel_names():
   1.131 +            if ':' in s:
   1.132 +                return -xsconstants.XSERR_BAD_LABEL
   1.133 +        return xsconstants.XSERR_SUCCESS
   1.134 +
   1.135 +
   1.136 +    def update(self, xml_new):
   1.137 +        """
   1.138 +            Update the policy with the new XML. The hypervisor decides
   1.139 +            whether the new policy can be applied.
   1.140 +        """
   1.141 +        rc = -xsconstants.XSERR_XML_PROCESSING
   1.142 +        errors = ""
   1.143 +        acmpol_old = self
   1.144 +        try:
   1.145 +            acmpol_new = ACMPolicy(xml=xml_new)
   1.146 +        except Exception:
   1.147 +            return -xsconstants.XSERR_XML_PROCESSING, errors
   1.148 +
   1.149 +        vmlabel_map = acmpol_new.policy_get_vmlabel_translation_map()
   1.150 +        # An update requires version information in the current
   1.151 +        # and new policy. The version number of the current policy
   1.152 +        # must be the same as what is in the FromPolicy/Version node
   1.153 +        # in the new one and the current policy's name must be the
   1.154 +        # same as in FromPolicy/PolicyName
   1.155 +
   1.156 +        now_vers    = acmpol_old.policy_dom_get_hdr_item("Version")
   1.157 +        now_name    = acmpol_old.policy_dom_get_hdr_item("PolicyName")
   1.158 +        req_oldvers = acmpol_new.policy_dom_get_frompol_item("Version")
   1.159 +        req_oldname = acmpol_new.policy_dom_get_frompol_item("PolicyName")
   1.160 +
   1.161 +        if now_vers == "" or \
   1.162 +           now_vers != req_oldvers or \
   1.163 +           now_name != req_oldname:
   1.164 +            log.info("Policy rejected: %s != %s or %s != %s" % \
   1.165 +                     (now_vers,req_oldvers,now_name,req_oldname))
   1.166 +            return -xsconstants.XSERR_VERSION_PREVENTS_UPDATE, errors
   1.167 +
   1.168 +        if not self.isVersionUpdate(acmpol_new):
   1.169 +            log.info("Policy rejected since new version is not an update.")
   1.170 +            return -xsconstants.XSERR_VERSION_PREVENTS_UPDATE, errors
   1.171 +
   1.172 +        if self.isloaded():
   1.173 +            newvmnames = \
   1.174 +                 acmpol_new.policy_get_virtualmachinelabel_names_sorted()
   1.175 +            oldvmnames = \
   1.176 +                 acmpol_old.policy_get_virtualmachinelabel_names_sorted()
   1.177 +            del_array = ""
   1.178 +            chg_array = ""
   1.179 +            for o in oldvmnames:
   1.180 +                if o not in newvmnames:
   1.181 +                    old_idx = oldvmnames.index(o) + 1 # for _NULL_LABEL_
   1.182 +                    if vmlabel_map.has_key(o):
   1.183 +                        #not a deletion, but a renaming
   1.184 +                        new = vmlabel_map[o]
   1.185 +                        new_idx = newvmnames.index(new) + 1 # for _NULL_LABEL_
   1.186 +                        chg_array += struct.pack("ii", old_idx, new_idx)
   1.187 +                    else:
   1.188 +                        del_array += struct.pack("i", old_idx)
   1.189 +            for v in newvmnames:
   1.190 +                if v in oldvmnames:
   1.191 +                    old_idx = oldvmnames.index(v) + 1 # for _NULL_LABEL_
   1.192 +                    new_idx = newvmnames.index(v) + 1 # for _NULL_LABEL_
   1.193 +                    if old_idx != new_idx:
   1.194 +                        chg_array += struct.pack("ii", old_idx, new_idx)
   1.195 +
   1.196 +            # VM labels indicated in the 'from' attribute of a VM or
   1.197 +            # resource node but that did not exist in the old policy
   1.198 +            # are considered bad labels.
   1.199 +            bad_renamings = set(vmlabel_map.keys()) - set(oldvmnames)
   1.200 +            if len(bad_renamings) > 0:
   1.201 +                log.error("Bad VM label renamings: %s" %
   1.202 +                          list(bad_renamings))
   1.203 +                return -xsconstants.XSERR_BAD_LABEL, errors
   1.204 +
   1.205 +            reslabel_map = acmpol_new.policy_get_reslabel_translation_map()
   1.206 +            oldresnames  = acmpol_old.policy_get_resourcelabel_names()
   1.207 +            bad_renamings = set(reslabel_map.keys()) - set(oldresnames)
   1.208 +            if len(bad_renamings) > 0:
   1.209 +                log.error("Bad resource label renamings: %s" %
   1.210 +                          list(bad_renamings))
   1.211 +                return -xsconstants.XSERR_BAD_LABEL, errors
   1.212 +
   1.213 +            #Get binary and map from the new policy
   1.214 +            rc, map, bin_pol = acmpol_new.policy_create_map_and_bin()
   1.215 +            if rc != xsconstants.XSERR_SUCCESS:
   1.216 +                log.error("Could not build the map and binary policy.")
   1.217 +                return rc, errors
   1.218 +
   1.219 +            #Need to do / check the following:
   1.220 +            # - relabel all resources where there is a 'from' field in
   1.221 +            #   the policy and mark those as unlabeled where the label
   1.222 +            #   does not appear in the new policy anymore
   1.223 +            # - relabel all VMs where there is a 'from' field in the
   1.224 +            #   policy and mark those as unlabeled where the label
   1.225 +            #   does not appear in the new policy anymore; no running
   1.226 +            #   or paused VM may be unlabeled through this
   1.227 +            # - check that under the new labeling conditions the VMs
   1.228 +            #   still have access to their resources as before. Unlabeled
   1.229 +            #   resources are inaccessible. If this check fails, the
   1.230 +            #   update failed.
   1.231 +            # - Attempt changes in the hypervisor; if this step fails,
   1.232 +            #   roll back the relabeling of resources and VMs
   1.233 +            # - Commit the relabeling of resources
   1.234 +
   1.235 +
   1.236 +            rc, errors = security.change_acm_policy(bin_pol,
   1.237 +                                        del_array, chg_array,
   1.238 +                                        vmlabel_map, reslabel_map,
   1.239 +                                        self, acmpol_new)
   1.240 +
   1.241 +            if rc == 0:
   1.242 +                # Replace the old DOM with the new one and save it
   1.243 +                self.dom = acmpol_new.dom
   1.244 +                self.compile()
   1.245 +                log.info("ACM policy update was successful")
   1.246 +        else:
   1.247 +            #Not loaded in HV
   1.248 +            self.dom = acmpol_new.dom
   1.249 +            self.compile()
   1.250 +        return rc, errors
   1.251 +
   1.252 +    def compareVersions(self, v1, v2):
   1.253 +        """
   1.254 +            Compare two policy versions given their tuples of major and
   1.255 +            minor.
   1.256 +            Return '0' if versions are equal, '>0' if v1 > v2 and
   1.257 +            '<' if v1 < v2
   1.258 +        """
   1.259 +        rc = v1[0] - v2[0]
   1.260 +        if rc == 0:
   1.261 +            rc = v1[1] - v2[1]
   1.262 +        return rc
   1.263 +
   1.264 +    def getVersionTuple(self, item="Version"):
   1.265 +        v_str = self.policy_dom_get_hdr_item(item)
   1.266 +        return self.__convVersionToTuple(v_str)
   1.267 +
   1.268 +    def get_version(self):
   1.269 +        return self.policy_dom_get_hdr_item("Version")
   1.270 +
   1.271 +    def isVersionUpdate(self, polnew):
   1.272 +        if self.compareVersions(polnew.getVersionTuple(),
   1.273 +                                self.getVersionTuple()) > 0:
   1.274 +            return True
   1.275 +        return False
   1.276 +
   1.277 +    def __convVersionToTuple(self, v_str):
   1.278 +        """ Convert a version string, formatted according to the scheme
   1.279 +            "%d.%d" into a tuple of (major, minor). Return (0,0) if the
   1.280 +            string is empty.
   1.281 +        """
   1.282 +        major = 0
   1.283 +        minor = 0
   1.284 +        if v_str != "":
   1.285 +            tmp = v_str.split(".")
   1.286 +            major = int(tmp[0])
   1.287 +            if len(tmp) > 1:
   1.288 +                minor = int(tmp[1])
   1.289 +        return (major, minor)
   1.290 +
   1.291 +
   1.292 +    def policy_path(self, name, prefix = ACM_POLICIES_DIR ):
   1.293 +        path = prefix + name.replace('.','/')
   1.294 +        _path = path.split("/")
   1.295 +        del _path[-1]
   1.296 +        mkdir.parents("/".join(_path), stat.S_IRWXU)
   1.297 +        return path
   1.298 +
   1.299 +    def path_from_policy_name(self, name):
   1.300 +        return self.policy_path(name) + "-security_policy.xml"
   1.301 +
   1.302 +    #
   1.303 +    # Functions interacting with the bootloader
   1.304 +    #
   1.305 +    def vmlabel_to_ssidref(self, vm_label):
   1.306 +        """ Convert a VMlabel into an ssidref given the current
   1.307 +            policy
   1.308 +            Return xsconstants.INVALID_SSIDREF if conversion failed.
   1.309 +        """
   1.310 +        ssidref = xsconstants.INVALID_SSIDREF
   1.311 +        names = self.policy_get_virtualmachinelabel_names_sorted()
   1.312 +        try:
   1.313 +            vmidx = names.index(vm_label) + 1 # for _NULL_LABEL_
   1.314 +            ssidref = (vmidx << 16) | vmidx
   1.315 +        except:
   1.316 +            pass
   1.317 +        return ssidref
   1.318 +
   1.319 +    def set_vm_bootlabel(self, vm_label):
   1.320 +        parms="<>"
   1.321 +        if vm_label != "":
   1.322 +            ssidref = self.vmlabel_to_ssidref(vm_label)
   1.323 +            if ssidref == xsconstants.INVALID_SSIDREF:
   1.324 +                return -xsconstants.XSERR_BAD_LABEL
   1.325 +            parms = "0x%08x:%s:%s:%s" % \
   1.326 +                        (ssidref, xsconstants.ACM_POLICY_ID, \
   1.327 +                         self.get_name(),vm_label)
   1.328 +        else:
   1.329 +            ssidref = 0 #Identifier for removal
   1.330 +        try:
   1.331 +            def_title = bootloader.get_default_title()
   1.332 +            bootloader.set_kernel_attval(def_title, "ssidref", parms)
   1.333 +        except:
   1.334 +            return -xsconstants.XSERR_GENERAL_FAILURE
   1.335 +        return ssidref
   1.336 +
   1.337 +    #
   1.338 +    # Utility functions related to the policy's files
   1.339 +    #
   1.340 +    def get_filename(self, postfix, prefix = ACM_POLICIES_DIR, dotted=False):
   1.341 +        """
   1.342 +           Create the filename for the policy. The prefix is prepended
   1.343 +           to the path. If dotted is True, then a policy name like
   1.344 +           'a.b.c' will remain as is, otherwise it will become 'a/b/c'
   1.345 +        """
   1.346 +        name = self.get_name()
   1.347 +        if name:
   1.348 +            p = name.split(".")
   1.349 +            path = ""
   1.350 +            if dotted == True:
   1.351 +                sep = "."
   1.352 +            else:
   1.353 +                sep = "/"
   1.354 +            if len(p) > 1:
   1.355 +                path = sep.join(p[0:len(p)-1])
   1.356 +            if prefix != "" or path != "":
   1.357 +                allpath = prefix + path + sep + p[-1] + postfix
   1.358 +            else:
   1.359 +                allpath = p[-1] + postfix
   1.360 +            return allpath
   1.361 +        return None
   1.362 +
   1.363 +    def __readfile(self, name):
   1.364 +        cont = ""
   1.365 +        filename = self.get_filename(name)
   1.366 +        f = open(filename, "r")
   1.367 +        if f:
   1.368 +            cont = f.read()
   1.369 +            f.close()
   1.370 +        return cont
   1.371 +
   1.372 +    def get_map(self):
   1.373 +        return self.__readfile(".map")
   1.374 +
   1.375 +    def get_bin(self):
   1.376 +        return self.__readfile(".bin")
   1.377 +
   1.378 +    #
   1.379 +    # DOM-related functions
   1.380 +    #
   1.381 +
   1.382 +    def policy_dom_get(self, parent, key, createit=False):
   1.383 +        for node in parent.childNodes:
   1.384 +            if node.nodeType == Node.ELEMENT_NODE:
   1.385 +                if node.nodeName == key:
   1.386 +                    return node
   1.387 +        if createit:
   1.388 +            self.dom_create_node(parent, key)
   1.389 +            return self.policy_dom_get(parent, key)
   1.390 +
   1.391 +    def dom_create_node(self, parent, newname, value=" "):
   1.392 +        xml = "<a><"+newname+">"+ value +"</"+newname+"></a>"
   1.393 +        frag = minidom.parseString(xml)
   1.394 +        frag.childNodes[0].nodeType = Node.DOCUMENT_FRAGMENT_NODE
   1.395 +        parent.appendChild(frag.childNodes[0])
   1.396 +        return frag.childNodes[0]
   1.397 +
   1.398 +    def dom_get_node(self, path, createit=False):
   1.399 +        node = None
   1.400 +        parts = path.split("/")
   1.401 +        doc = self.get_dom()
   1.402 +        if len(parts) > 0:
   1.403 +            node = self.policy_dom_get(doc.documentElement, parts[0])
   1.404 +            if node:
   1.405 +                i = 1
   1.406 +                while i < len(parts):
   1.407 +                    _node = self.policy_dom_get(node, parts[i], createit)
   1.408 +                    if not _node:
   1.409 +                        if not createit:
   1.410 +                            break
   1.411 +                        else:
   1.412 +                            self.dom_create_node(node, parts[i])
   1.413 +                            _node = self.policy_dom_get(node, parts[i])
   1.414 +                    node = _node
   1.415 +                    i += 1
   1.416 +        return node
   1.417 +
   1.418 +    #
   1.419 +    # Header-related functions
   1.420 +    #
   1.421 +    def policy_dom_get_header_subnode(self, nodename):
   1.422 +        node = self.dom_get_node("PolicyHeader/%s" % nodename)
   1.423 +        return node
   1.424 +
   1.425 +    def policy_dom_get_hdr_item(self, name, default=""):
   1.426 +        node = self.policy_dom_get_header_subnode(name)
   1.427 +        if node and len(node.childNodes) > 0:
   1.428 +            return node.childNodes[0].nodeValue
   1.429 +        return default
   1.430 +
   1.431 +    def policy_dom_get_frompol_item(self, name, default="", createit=False):
   1.432 +        node = self.dom_get_node("PolicyHeader/FromPolicy",createit)
   1.433 +        if node:
   1.434 +            node = self.policy_dom_get(node, name, createit)
   1.435 +            if node and len(node.childNodes) > 0:
   1.436 +                return node.childNodes[0].nodeValue
   1.437 +        return default
   1.438 +
   1.439 +    def get_header_fields_map(self):
   1.440 +        header = {
   1.441 +          'policyname'   : self.policy_dom_get_hdr_item("PolicyName"),
   1.442 +          'policyurl'    : self.policy_dom_get_hdr_item("PolicyUrl"),
   1.443 +          'reference'    : self.policy_dom_get_hdr_item("Reference"),
   1.444 +          'date'         : self.policy_dom_get_hdr_item("Date"),
   1.445 +          'namespaceurl' : self.policy_dom_get_hdr_item("NameSpaceUrl"),
   1.446 +          'version'      : self.policy_dom_get_hdr_item("Version")
   1.447 +        }
   1.448 +        return header
   1.449 +
   1.450 +    def set_frompolicy_name(self, name):
   1.451 +        """ For tools to adapt the header of the policy """
   1.452 +        node = self.dom_get_node("PolicyHeader/FromPolicy/PolicyName",
   1.453 +                                 createit=True)
   1.454 +        node.childNodes[0].nodeValue = name
   1.455 +
   1.456 +    def set_frompolicy_version(self, version):
   1.457 +        """ For tools to adapt the header of the policy """
   1.458 +        node = self.dom_get_node("PolicyHeader/FromPolicy/Version",
   1.459 +                                 createit=True)
   1.460 +        node.childNodes[0].nodeValue = version
   1.461 +
   1.462 +    def set_policy_name(self, name):
   1.463 +        """ For tools to adapt the header of the policy """
   1.464 +        node = self.dom_get_node("PolicyHeader/PolicyName")
   1.465 +        node.childNodes[0].nodeValue = name
   1.466 +
   1.467 +    def set_policy_version(self, version):
   1.468 +        """ For tools to adapt the header of the policy """
   1.469 +        node = self.dom_get_node("PolicyHeader/Version")
   1.470 +        node.childNodes[0].nodeValue = version
   1.471 +
   1.472 +    def update_frompolicy(self, curpol):
   1.473 +        self.set_frompolicy_name(curpol.policy_dom_get_hdr_item("PolicyName"))
   1.474 +        version = curpol.policy_dom_get_hdr_item("Version")
   1.475 +        self.set_frompolicy_version(version)
   1.476 +        (maj, min) = self.__convVersionToTuple(version)
   1.477 +        self.set_policy_version("%s.%s" % (maj, min+1))
   1.478 +
   1.479 +    #
   1.480 +    # Get all types that are part of a node
   1.481 +    #
   1.482 +
   1.483 +    def policy_get_types(self, node):
   1.484 +        strings = []
   1.485 +        i = 0
   1.486 +        while i < len(node.childNodes):
   1.487 +            if node.childNodes[i].nodeName == "Type":
   1.488 +                strings.append(node.childNodes[i].childNodes[0].nodeValue)
   1.489 +            i += 1
   1.490 +        return strings
   1.491 +
   1.492 +    #
   1.493 +    # Simple Type Enforcement-related functions
   1.494 +    #
   1.495 +
   1.496 +    def policy_get_stetypes_node(self):
   1.497 +        node = self.dom_get_node("SimpleTypeEnforcement/SimpleTypeEnforcementTypes")
   1.498 +        return node
   1.499 +
   1.500 +    def policy_get_stetypes_types(self):
   1.501 +        strings = []
   1.502 +        node = self.policy_get_stetypes_node()
   1.503 +        if node:
   1.504 +            strings = self.policy_get_types(node)
   1.505 +        return strings
   1.506 +
   1.507 +    #
   1.508 +    # Chinese Wall Type-related functions
   1.509 +    #
   1.510 +
   1.511 +    def policy_get_chwall_types(self):
   1.512 +        strings = []
   1.513 +        node = self.dom_get_node("ChineseWall/ChineseWallTypes")
   1.514 +        if node:
   1.515 +            strings = self.policy_get_types(node)
   1.516 +        return strings
   1.517 +
   1.518 +    def policy_get_chwall_cfses(self):
   1.519 +        cfs = []
   1.520 +        node = self.dom_get_node("ChineseWall/ConflictSets")
   1.521 +        if node:
   1.522 +            i = 0
   1.523 +            while i < len(node.childNodes):
   1.524 +                _cfs = {}
   1.525 +                if node.childNodes[i].nodeName == "Conflict":
   1.526 +                    _cfs['name']  = node.childNodes[i].getAttribute('name')
   1.527 +                    _cfs['chws'] = self.policy_get_types(node.childNodes[i])
   1.528 +                    cfs.append(_cfs)
   1.529 +                i += 1
   1.530 +        return cfs
   1.531 +
   1.532 +    def policy_get_chwall_cfses_names_sorted(self):
   1.533 +        """
   1.534 +           Return the list of all conflict set names in alphabetical
   1.535 +           order.
   1.536 +        """
   1.537 +        cfs_names = []
   1.538 +        node = self.dom_get_node("ChineseWall/ConflictSets")
   1.539 +        if node:
   1.540 +            i = 0
   1.541 +            while i < len(node.childNodes):
   1.542 +                if node.childNodes[i].nodeName == "Conflict":
   1.543 +                    n  = node.childNodes[i].getAttribute('name')
   1.544 +                    #it better have a name!
   1.545 +                    if n:
   1.546 +                        cfs_names.append(n)
   1.547 +                i += 1
   1.548 +        cfs_names.sort()
   1.549 +        return cfs_names
   1.550 +
   1.551 +    #
   1.552 +    # Subject Label-related functions
   1.553 +    #
   1.554 +
   1.555 +    def policy_get_bootstrap_vmlabel(self):
   1.556 +        node = self.dom_get_node("SecurityLabelTemplate/SubjectLabels")
   1.557 +        if node:
   1.558 +            vmlabel = node.getAttribute("bootstrap")
   1.559 +        return vmlabel
   1.560 +
   1.561 +    # Get the names of all virtual machine labels; returns an array
   1.562 +    def policy_get_virtualmachinelabel_names(self):
   1.563 +        strings = []
   1.564 +        node = self.dom_get_node("SecurityLabelTemplate/SubjectLabels")
   1.565 +        if node:
   1.566 +            i = 0
   1.567 +            while i < len(node.childNodes):
   1.568 +                if node.childNodes[i].nodeName == "VirtualMachineLabel":
   1.569 +                    name = self.policy_dom_get(node.childNodes[i], "Name")
   1.570 +                    strings.append(name.childNodes[0].nodeValue)
   1.571 +                i += 1
   1.572 +        return strings
   1.573 +
   1.574 +    def policy_sort_virtualmachinelabel_names(self, vmnames):
   1.575 +        bootstrap = self.policy_get_bootstrap_vmlabel()
   1.576 +        if bootstrap not in vmnames:
   1.577 +            raise SecurityError(-xsconstants.XSERR_POLICY_INCONSISTENT)
   1.578 +        vmnames.remove(bootstrap)
   1.579 +        vmnames.sort()
   1.580 +        vmnames.insert(0, bootstrap)
   1.581 +        return vmnames
   1.582 +
   1.583 +    def policy_get_virtualmachinelabel_names_sorted(self):
   1.584 +        """ Get a sorted list of VMlabel names. The bootstrap VM's
   1.585 +            label will be the first one in that list, followed
   1.586 +            by an alphabetically sorted list of VM label names """
   1.587 +        vmnames = self.policy_get_virtualmachinelabel_names()
   1.588 +        return self.policy_sort_virtualmachinelabel_names(vmnames)
   1.589 +
   1.590 +    def policy_get_virtualmachinelabels(self):
   1.591 +        """ Get a list of all virtual machine labels in this policy """
   1.592 +        res = []
   1.593 +        node = self.dom_get_node("SecurityLabelTemplate/SubjectLabels")
   1.594 +        if node:
   1.595 +            i = 0
   1.596 +            while i < len(node.childNodes):
   1.597 +                if node.childNodes[i].nodeName == "VirtualMachineLabel":
   1.598 +                    _res = {}
   1.599 +                    _res['type'] = xsconstants.ACM_LABEL_VM
   1.600 +                    name = self.policy_dom_get(node.childNodes[i], "Name")
   1.601 +                    _res['name'] = name.childNodes[0].nodeValue
   1.602 +                    stes = self.policy_dom_get(node.childNodes[i],
   1.603 +                                               "SimpleTypeEnforcementTypes")
   1.604 +                    if stes:
   1.605 +                        _res['stes'] = self.policy_get_types(stes)
   1.606 +                    else:
   1.607 +                        _res['stes'] = []
   1.608 +                    chws = self.policy_dom_get(node.childNodes[i],
   1.609 +                                               "ChineseWallTypes")
   1.610 +                    if chws:
   1.611 +                        _res['chws'] = self.policy_get_types(chws)
   1.612 +                    else:
   1.613 +                        _res['chws'] = []
   1.614 +                    res.append(_res)
   1.615 +                i += 1
   1.616 +        return res
   1.617 +
   1.618 +    def policy_get_stes_of_vmlabel(self, vmlabel):
   1.619 +        """ Get a list of all STEs of a given VMlabel """
   1.620 +        return self.__policy_get_stes_of_labeltype(vmlabel,
   1.621 +                                                   "VirtualMachineLabel")
   1.622 +
   1.623 +    def policy_get_stes_of_resource(self, reslabel):
   1.624 +        """ Get a list of all resources of a given VMlabel """
   1.625 +        return self.__policy_get_stes_of_labeltype(reslabel, "ResourceLabel")
   1.626 +
   1.627 +    def __policy_get_stes_of_labeltype(self, label, labeltype):
   1.628 +        node = self.dom_get_node("SecurityLabelTemplate/SubjectLabels")
   1.629 +        if node:
   1.630 +            i = 0
   1.631 +            while i < len(node.childNodes):
   1.632 +                if node.childNodes[i].nodeName == labeltype:
   1.633 +                    name = self.policy_dom_get(node.childNodes[i], "Name")
   1.634 +                    if name.childNodes[0].nodeValue == label:
   1.635 +                        stes = self.policy_dom_get(node.childNodes[i],
   1.636 +                                            "SimpleTypeEnforcementTypes")
   1.637 +                        if not stes:
   1.638 +                            return []
   1.639 +                        return self.policy_get_types(stes)
   1.640 +                i += 1
   1.641 +        return []
   1.642 +
   1.643 +    def policy_check_vmlabel_against_reslabels(self, vmlabel, resources):
   1.644 +        """
   1.645 +           Check whether the given vmlabel is compatible with the given
   1.646 +           resource labels. Do this by getting all the STEs of the
   1.647 +           vmlabel and the STEs of the resources. Any STE type of the
   1.648 +           VM label must match an STE type of the resource.
   1.649 +        """
   1.650 +        vm_stes = self.policy_get_stes_of_vmlabel(vmlabel)
   1.651 +        if len(vm_stes) == 0:
   1.652 +            return False
   1.653 +        for res in resources:
   1.654 +            res_stes = self.policy_get_stes_of_resource(res)
   1.655 +            if len( set(res_stes).union( set(vm_stes) ) ) == 0:
   1.656 +                return False
   1.657 +        return True
   1.658 +
   1.659 +    def __policy_get_label_translation_map(self, path, labeltype):
   1.660 +        res = {}
   1.661 +        node = self.dom_get_node("SecurityLabelTemplate/" + path)
   1.662 +        if node:
   1.663 +            i = 0
   1.664 +            while i < len(node.childNodes):
   1.665 +                if node.childNodes[i].nodeName == labeltype:
   1.666 +                    name = self.policy_dom_get(node.childNodes[i], "Name")
   1.667 +                    from_name = name.getAttribute("from")
   1.668 +                    if from_name:
   1.669 +                        res.update({from_name : name.childNodes[0].nodeValue})
   1.670 +                i += 1
   1.671 +        return res
   1.672 +
   1.673 +    def policy_get_vmlabel_translation_map(self):
   1.674 +        """
   1.675 +            Get a dictionary of virtual machine mappings from their
   1.676 +            old VMlabel name to the new VMlabel name.
   1.677 +        """
   1.678 +        return self.__policy_get_label_translation_map("SubjectLabels",
   1.679 +                                                       "VirtualMachineLabel")
   1.680 +
   1.681 +    def policy_get_reslabel_translation_map(self):
   1.682 +        """
   1.683 +            Get a dictionary of resource mappings from their
   1.684 +            old resource label name to the new resource label name.
   1.685 +        """
   1.686 +        return self.__policy_get_label_translation_map("ObjectLabels",
   1.687 +                                                       "ResourceLabel")
   1.688 +
   1.689 +    #
   1.690 +    # Object Label-related functions
   1.691 +    #
   1.692 +    def policy_get_resourcelabel_names(self):
   1.693 +        """
   1.694 +            Get the names of all resource labels in an array but
   1.695 +            only those that actually have types
   1.696 +        """
   1.697 +        strings = []
   1.698 +        node = self.dom_get_node("SecurityLabelTemplate/ObjectLabels")
   1.699 +        if node:
   1.700 +            i = 0
   1.701 +            while i < len(node.childNodes):
   1.702 +                if node.childNodes[i].nodeName == "ResourceLabel":
   1.703 +                    name = self.policy_dom_get(node.childNodes[i], "Name")
   1.704 +                    stes = self.policy_dom_get(node.childNodes[i],
   1.705 +                                          "SimpleTypeEnforcementTypes")
   1.706 +                    if stes:
   1.707 +                        strings.append(name.childNodes[0].nodeValue)
   1.708 +                i += 1
   1.709 +        return strings
   1.710 +
   1.711 +    def policy_get_resourcelabels(self):
   1.712 +        """
   1.713 +           Get all information about all resource labels of this policy.
   1.714 +        """
   1.715 +        res = []
   1.716 +        node = self.dom_get_node("SecurityLabelTemplate/ObjectLabels")
   1.717 +        if node:
   1.718 +            i = 0
   1.719 +            while i < len(node.childNodes):
   1.720 +                if node.childNodes[i].nodeName == "ResourceLabel":
   1.721 +                    _res = {}
   1.722 +                    _res['type'] = xsconstants.ACM_LABEL_RES
   1.723 +                    name = self.policy_dom_get(node.childNodes[i], "Name")
   1.724 +                    _res['name'] = name.childNodes[0].nodeValue
   1.725 +                    stes = self.policy_dom_get(node.childNodes[i],
   1.726 +                                               "SimpleTypeEnforcementTypes")
   1.727 +                    if stes:
   1.728 +                        _res['stes'] = self.policy_get_types(stes)
   1.729 +                    else:
   1.730 +                        _res['stes'] = []
   1.731 +                    _res['chws'] = []
   1.732 +                    res.append(_res)
   1.733 +                i += 1
   1.734 +        return res
   1.735 +
   1.736 +
   1.737 +    def policy_find_reslabels_with_stetype(self, stetype):
   1.738 +        """
   1.739 +           Find those resource labels that hold a given STE type.
   1.740 +        """
   1.741 +        res = []
   1.742 +        reslabels = self.policy_get_resourcelabels()
   1.743 +        for resl in reslabels:
   1.744 +            if stetype in resl['stes']:
   1.745 +                res.append(resl['name'])
   1.746 +        return res
   1.747 +
   1.748 +
   1.749 +    def toxml(self):
   1.750 +        dom = self.get_dom()
   1.751 +        if dom:
   1.752 +            return dom.toxml()
   1.753 +        return None
   1.754 +
   1.755 +    def save(self):
   1.756 +        ### Save the XML policy into a file ###
   1.757 +        rc = -xsconstants.XSERR_FILE_ERROR
   1.758 +        name = self.get_name()
   1.759 +        if name:
   1.760 +            path = self.path_from_policy_name(name)
   1.761 +            if path:
   1.762 +                f = open(path, 'w')
   1.763 +                if f:
   1.764 +                    f.write(self.toxml())
   1.765 +                    f.close()
   1.766 +                    rc = 0
   1.767 +        return rc
   1.768 +
   1.769 +    def __write_to_file(self, suffix, data):
   1.770 +        #write the data into a file with the given suffix
   1.771 +        f = open(self.get_filename(suffix),"w")
   1.772 +        if f:
   1.773 +            try:
   1.774 +                try:
   1.775 +                    f.write(data)
   1.776 +                except Exception, e:
   1.777 +                    log.error("Error writing file: %s" % str(e))
   1.778 +                    return -xsconstants.XSERR_FILE_ERROR
   1.779 +            finally:
   1.780 +                f.close()
   1.781 +        else:
   1.782 +            return -xsconstants.XSERR_FILE_ERROR
   1.783 +        return xsconstants.XSERR_SUCCESS
   1.784 +
   1.785 +
   1.786 +    def compile(self):
   1.787 +        rc = self.save()
   1.788 +        if rc == 0:
   1.789 +            rc, mapfile, bin_pol = self.policy_create_map_and_bin()
   1.790 +
   1.791 +            if rc == 0:
   1.792 +                rc = self.__write_to_file(".map", mapfile)
   1.793 +                if rc != 0:
   1.794 +                    log.error("Error writing map file")
   1.795 +
   1.796 +            if rc == 0:
   1.797 +                rc = self.__write_to_file(".bin", bin_pol)
   1.798 +                if rc != 0:
   1.799 +                    log.error("Error writing binary policy file")
   1.800 +        return rc
   1.801 +
   1.802 +    def loadintohv(self):
   1.803 +        """
   1.804 +            load this policy into the hypervisor
   1.805 +            if successful,the policy's flags will indicate that the
   1.806 +            policy is the one loaded into the hypervisor
   1.807 +        """
   1.808 +        (ret, output) = commands.getstatusoutput(
   1.809 +                                   security.xensec_tool +
   1.810 +                                   " loadpolicy " +
   1.811 +                                   self.get_filename(".bin"))
   1.812 +        if ret != 0:
   1.813 +            return -xsconstants.XSERR_POLICY_LOAD_FAILED
   1.814 +        return xsconstants.XSERR_SUCCESS
   1.815 +
   1.816 +    def isloaded(self):
   1.817 +        """
   1.818 +            Determine whether this policy is the active one.
   1.819 +        """
   1.820 +        security.refresh_security_policy()
   1.821 +        if self.get_name() == security.active_policy:
   1.822 +            return True
   1.823 +        return False
   1.824 +
   1.825 +    def destroy(self):
   1.826 +        """
   1.827 +            Destroy the policy including its binary, mapping and
   1.828 +            XML files.
   1.829 +            This only works if the policy is not the one that's loaded
   1.830 +        """
   1.831 +        if self.isloaded():
   1.832 +            return -xsconstants.XSERR_POLICY_LOADED
   1.833 +        files = [ self.get_filename(".map",""),
   1.834 +                  self.get_filename(".bin",""),
   1.835 +                  self.path_from_policy_name(self.get_name())]
   1.836 +        for f in files:
   1.837 +            try:
   1.838 +                os.unlink(f)
   1.839 +            except:
   1.840 +                pass
   1.841 +        if self.xendacmpolicy:
   1.842 +            self.xendacmpolicy.destroy()
   1.843 +        XSPolicy.destroy(self)
   1.844 +        return xsconstants.XSERR_SUCCESS
   1.845 +
   1.846 +    def policy_get_domain_label(self, domid):
   1.847 +        """
   1.848 +           Given a domain's ID, retrieve the label it has using
   1.849 +           its ssidref for reverse calculation.
   1.850 +        """
   1.851 +        try:
   1.852 +            mgmt_dom = security.get_ssid(domid)
   1.853 +        except:
   1.854 +            return ""
   1.855 +        return self.policy_get_domain_label_by_ssidref(int(mgmt_dom[3]))
   1.856 +
   1.857 +    def policy_get_domain_label_by_ssidref(self, ssidref):
   1.858 +        """ Given an ssidref, find the corresponding VM label """
   1.859 +        chwall_ref = ssidref & 0xffff
   1.860 +        try:
   1.861 +            allvmtypes = self.policy_get_virtualmachinelabel_names_sorted()
   1.862 +        except:
   1.863 +            return None
   1.864 +        return allvmtypes[chwall_ref-1] # skip _NULL_LABEL_
   1.865 +
   1.866 +    def policy_get_domain_label_formatted(self, domid):
   1.867 +        label = self.policy_get_domain_label(domid)
   1.868 +        if label == "":
   1.869 +            return ""
   1.870 +        return "%s:%s:%s" % (xsconstants.ACM_POLICY_ID, self.get_name(), label)
   1.871 +
   1.872 +    def policy_get_domain_label_by_ssidref_formatted(self, ssidref):
   1.873 +        label = self.policy_get_domain_label_by_ssidref(ssidref)
   1.874 +        if label == "":
   1.875 +            return ""
   1.876 +        return "%s:%s:%s" % (xsconstants.ACM_POLICY_ID, self.get_name(), label)
   1.877 +
   1.878 +    def policy_create_map_and_bin(self):
   1.879 +        """
   1.880 +            Create the policy's map and binary files -- compile the policy.
   1.881 +        """
   1.882 +        def roundup8(len):
   1.883 +            return ((len + 7) & ~7)
   1.884 +
   1.885 +        rc = xsconstants.XSERR_SUCCESS
   1.886 +        mapfile = ""
   1.887 +        primpolcode = ACM_POLICY_UNDEFINED
   1.888 +        secpolcode  = ACM_POLICY_UNDEFINED
   1.889 +        unknown_ste = set()
   1.890 +        unknown_chw = set()
   1.891 +
   1.892 +        rc = self.validate()
   1.893 +        if rc:
   1.894 +            return rc, "", ""
   1.895 +
   1.896 +        stes = self.policy_get_stetypes_types()
   1.897 +        if stes:
   1.898 +            stes.sort()
   1.899 +
   1.900 +        chws = self.policy_get_chwall_types()
   1.901 +        if chws:
   1.902 +            chws.sort()
   1.903 +
   1.904 +        vms = self.policy_get_virtualmachinelabels()
   1.905 +        bootstrap = self.policy_get_bootstrap_vmlabel()
   1.906 +
   1.907 +        vmlabels = self.policy_get_virtualmachinelabel_names_sorted()
   1.908 +        if bootstrap not in vmlabels:
   1.909 +            log.error("Bootstrap label '%s' not found among VM labels '%s'." \
   1.910 +                      % (bootstrap, vmlabels))
   1.911 +            return -xsconstants.XSERR_POLICY_INCONSISTENT, "", ""
   1.912 +
   1.913 +        vms_with_chws = []
   1.914 +        chws_by_vm = {}
   1.915 +        for v in vms:
   1.916 +            if v.has_key("chws"):
   1.917 +                vms_with_chws.append(v["name"])
   1.918 +                chws_by_vm[v["name"]] = v["chws"]
   1.919 +        if bootstrap in vms_with_chws:
   1.920 +            vms_with_chws.remove(bootstrap)
   1.921 +            vms_with_chws.sort()
   1.922 +            vms_with_chws.insert(0, bootstrap)
   1.923 +        else:
   1.924 +            vms_with_chws.sort()
   1.925 +
   1.926 +        vms_with_stes = []
   1.927 +        stes_by_vm = {}
   1.928 +        for v in vms:
   1.929 +            if v.has_key("stes"):
   1.930 +                vms_with_stes.append(v["name"])
   1.931 +                stes_by_vm[v["name"]] = v["stes"]
   1.932 +        if bootstrap in vms_with_stes:
   1.933 +            vms_with_stes.remove(bootstrap)
   1.934 +            vms_with_stes.sort()
   1.935 +            vms_with_stes.insert(0, bootstrap)
   1.936 +        else:
   1.937 +            vms_with_stes.sort()
   1.938 +
   1.939 +        resnames = self.policy_get_resourcelabel_names()
   1.940 +        resnames.sort()
   1.941 +        stes_by_res = {}
   1.942 +        res = self.policy_get_resourcelabels()
   1.943 +        for r in res:
   1.944 +            if r.has_key("stes"):
   1.945 +                stes_by_res[r["name"]] = r["stes"]
   1.946 +
   1.947 +        max_chw_ssids = 1 + len(vms_with_chws)
   1.948 +        max_chw_types = 1 + len(vms_with_chws)
   1.949 +        max_ste_ssids = 1 + len(vms_with_stes) + len(resnames)
   1.950 +        max_ste_types = 1 + len(vms_with_stes) + len(resnames)
   1.951 +
   1.952 +        mapfile  = "POLICYREFERENCENAME    %s\n" % self.get_name()
   1.953 +        mapfile += "MAGIC                  %08x\n" % ACM_MAGIC
   1.954 +        mapfile += "POLICFILE              %s\n" % \
   1.955 +            self.path_from_policy_name(self.get_name())
   1.956 +        mapfile += "BINARYFILE             %s\n" % self.get_filename(".bin")
   1.957 +        mapfile += "MAX-CHWALL-TYPES       %08x\n" % len(chws)
   1.958 +        mapfile += "MAX-CHWALL-SSIDS       %08x\n" % max_chw_ssids
   1.959 +        mapfile += "MAX-CHWALL-LABELS      %08x\n" % max_chw_ssids
   1.960 +        mapfile += "MAX-STE-TYPES          %08x\n" % len(stes)
   1.961 +        mapfile += "MAX-STE-SSIDS          %08x\n" % max_ste_ssids
   1.962 +        mapfile += "MAX-STE-LABELS         %08x\n" % max_ste_ssids
   1.963 +        mapfile += "\n"
   1.964 +
   1.965 +        if chws:
   1.966 +            mapfile += \
   1.967 +                 "PRIMARY                CHWALL\n"
   1.968 +            primpolcode = ACM_CHINESE_WALL_POLICY
   1.969 +            if stes:
   1.970 +                mapfile += \
   1.971 +                     "SECONDARY              STE\n"
   1.972 +            else:
   1.973 +                mapfile += \
   1.974 +                     "SECONDARY             NULL\n"
   1.975 +            secpolcode = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
   1.976 +        else:
   1.977 +            if stes:
   1.978 +                mapfile += \
   1.979 +                     "PRIMARY                STE\n"
   1.980 +                primpolcode = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
   1.981 +            mapfile += \
   1.982 +                     "SECONDARY             NULL\n"
   1.983 +
   1.984 +        mapfile += "\n"
   1.985 +
   1.986 +        if len(vms_with_chws) > 0:
   1.987 +            mapfile += \
   1.988 +                 "LABEL->SSID ANY CHWALL __NULL_LABEL__       %x\n" % 0
   1.989 +            i = 0
   1.990 +            for v in vms_with_chws:
   1.991 +                mapfile += \
   1.992 +                 "LABEL->SSID VM  CHWALL %-20s %x\n" % \
   1.993 +                  (v, i+1)
   1.994 +                i += 1
   1.995 +            mapfile += "\n"
   1.996 +
   1.997 +        if len(vms_with_stes) > 0 or len(resnames) > 0:
   1.998 +            mapfile += \
   1.999 +                 "LABEL->SSID ANY STE    __NULL_LABEL__       %08x\n" % 0
  1.1000 +            i = 0
  1.1001 +            for v in vms_with_stes:
  1.1002 +                mapfile += \
  1.1003 +                 "LABEL->SSID VM  STE    %-20s %x\n" % (v, i+1)
  1.1004 +                i += 1
  1.1005 +            j = 0
  1.1006 +            for r in resnames:
  1.1007 +                mapfile += \
  1.1008 +                 "LABEL->SSID RES STE    %-20s %x\n" % (r, j+i+1)
  1.1009 +                j += 1
  1.1010 +            mapfile += "\n"
  1.1011 +
  1.1012 +        if vms_with_chws:
  1.1013 +            mapfile += \
  1.1014 +                 "SSID->TYPE CHWALL      %08x\n" % 0
  1.1015 +            i = 1
  1.1016 +            for v in vms_with_chws:
  1.1017 +                mapfile += \
  1.1018 +                 "SSID->TYPE CHWALL      %08x" % i
  1.1019 +                for c in chws_by_vm[v]:
  1.1020 +                    mapfile += " %s" % c
  1.1021 +                mapfile += "\n"
  1.1022 +                i += 1
  1.1023 +            mapfile += "\n"
  1.1024 +
  1.1025 +        if len(vms_with_stes) > 0 or len(resnames) > 0:
  1.1026 +            mapfile += \
  1.1027 +                 "SSID->TYPE STE         %08x\n" % 0
  1.1028 +            i = 1
  1.1029 +            for v in vms_with_stes:
  1.1030 +                mapfile += \
  1.1031 +                 "SSID->TYPE STE         %08x" % i
  1.1032 +                for s in stes_by_vm[v]:
  1.1033 +                    mapfile += " %s" % s
  1.1034 +                mapfile += "\n"
  1.1035 +                i += 1
  1.1036 +
  1.1037 +            for r in resnames:
  1.1038 +                mapfile += \
  1.1039 +                 "SSID->TYPE STE         %08x" % i
  1.1040 +                for s in stes_by_res[r]:
  1.1041 +                    mapfile += " %s" % s
  1.1042 +                mapfile += "\n"
  1.1043 +                i += 1
  1.1044 +            mapfile += "\n"
  1.1045 +
  1.1046 +        if chws:
  1.1047 +            i = 0
  1.1048 +            while i < len(chws):
  1.1049 +                mapfile += \
  1.1050 +                 "TYPE CHWALL            %-20s %d\n" % (chws[i], i)
  1.1051 +                i += 1
  1.1052 +            mapfile += "\n"
  1.1053 +        if stes:
  1.1054 +            i = 0
  1.1055 +            while i < len(stes):
  1.1056 +                mapfile += \
  1.1057 +                 "TYPE STE               %-20s %d\n" % (stes[i], i)
  1.1058 +                i += 1
  1.1059 +            mapfile += "\n"
  1.1060 +
  1.1061 +        mapfile += "\n"
  1.1062 +
  1.1063 +        # Build header with policy name
  1.1064 +        length = roundup8(4 + len(self.get_name()) + 1)
  1.1065 +        polname = self.get_name();
  1.1066 +        pr_bin = struct.pack("!i", len(polname)+1)
  1.1067 +        pr_bin += polname;
  1.1068 +        while len(pr_bin) < length:
  1.1069 +             pr_bin += "\x00"
  1.1070 +
  1.1071 +        # Build chinese wall part
  1.1072 +        cfses_names = self.policy_get_chwall_cfses_names_sorted()
  1.1073 +        cfses = self.policy_get_chwall_cfses()
  1.1074 +
  1.1075 +        chwformat = "!iiiiiiiii"
  1.1076 +        max_chw_cfs = len(cfses)
  1.1077 +        chw_ssid_offset = struct.calcsize(chwformat)
  1.1078 +        chw_confset_offset = chw_ssid_offset + \
  1.1079 +                             2 * len(chws) * max_chw_types
  1.1080 +        chw_running_types_offset = 0
  1.1081 +        chw_conf_agg_offset = 0
  1.1082 +
  1.1083 +        chw_bin = struct.pack(chwformat,
  1.1084 +                              ACM_CHWALL_VERSION,
  1.1085 +                              ACM_CHINESE_WALL_POLICY,
  1.1086 +                              len(chws),
  1.1087 +                              max_chw_ssids,
  1.1088 +                              max_chw_cfs,
  1.1089 +                              chw_ssid_offset,
  1.1090 +                              chw_confset_offset,
  1.1091 +                              chw_running_types_offset,
  1.1092 +                              chw_conf_agg_offset)
  1.1093 +        chw_bin_body = ""
  1.1094 +        # simulate __NULL_LABEL__
  1.1095 +        for c in chws:
  1.1096 +            chw_bin_body += struct.pack("!h",0)
  1.1097 +        # VMs that are listed and their chinese walls
  1.1098 +        for v in vms_with_chws:
  1.1099 +            for c in chws:
  1.1100 +                unknown_chw |= (set(chws_by_vm[v]) - set(chws))
  1.1101 +                if c in chws_by_vm[v]:
  1.1102 +                    chw_bin_body += struct.pack("!h",1)
  1.1103 +                else:
  1.1104 +                    chw_bin_body += struct.pack("!h",0)
  1.1105 +
  1.1106 +        # Conflict sets -- they need to be processed in alphabetical order
  1.1107 +        for cn in cfses_names:
  1.1108 +            if cn == "" or cn is None:
  1.1109 +                return -xsconstants.XSERR_BAD_CONFLICTSET, "", ""
  1.1110 +            i = 0
  1.1111 +            while i < len(cfses):
  1.1112 +                if cfses[i]['name'] == cn:
  1.1113 +                    conf = cfses[i]['chws']
  1.1114 +                    break
  1.1115 +                i += 1
  1.1116 +            for c in chws:
  1.1117 +                if c in conf:
  1.1118 +                    chw_bin_body += struct.pack("!h",1)
  1.1119 +                else:
  1.1120 +                    chw_bin_body += struct.pack("!h",0)
  1.1121 +            del cfses[i]
  1.1122 +
  1.1123 +        if len(cfses) != 0:
  1.1124 +            return -xsconstants.XSERR_BAD_CONFLICTSET, "", ""
  1.1125 +
  1.1126 +        chw_bin += chw_bin_body
  1.1127 +
  1.1128 +        while len(chw_bin) < roundup8(len(chw_bin)):
  1.1129 +            chw_bin += "\x00"
  1.1130 +
  1.1131 +        # Build STE part
  1.1132 +        steformat="!iiiii"
  1.1133 +        ste_bin = struct.pack(steformat,
  1.1134 +                              ACM_STE_VERSION,
  1.1135 +                              ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,
  1.1136 +                              len(stes),
  1.1137 +                              max_ste_types,
  1.1138 +                              struct.calcsize(steformat))
  1.1139 +        ste_bin_body = ""
  1.1140 +        if stes:
  1.1141 +            # Simulate __NULL_LABEL__
  1.1142 +            for s in stes:
  1.1143 +                ste_bin_body += struct.pack("!h",0)
  1.1144 +            # VMs that are listed and their chinese walls
  1.1145 +            for v in vms_with_stes:
  1.1146 +                unknown_ste |= (set(stes_by_vm[v]) - set(stes))
  1.1147 +                for s in stes:
  1.1148 +                    if s in stes_by_vm[v]:
  1.1149 +                        ste_bin_body += struct.pack("!h",1)
  1.1150 +                    else:
  1.1151 +                        ste_bin_body += struct.pack("!h",0)
  1.1152 +            for r in resnames:
  1.1153 +                unknown_ste |= (set(stes_by_res[r]) - set(stes))
  1.1154 +                for s in stes:
  1.1155 +                    if s in stes_by_res[r]:
  1.1156 +                        ste_bin_body += struct.pack("!h",1)
  1.1157 +                    else:
  1.1158 +                        ste_bin_body += struct.pack("!h",0)
  1.1159 +
  1.1160 +        ste_bin += ste_bin_body;
  1.1161 +
  1.1162 +        while len(ste_bin) < roundup8(len(ste_bin)):
  1.1163 +            ste_bin += "\x00"
  1.1164 +
  1.1165 +        #Write binary header:
  1.1166 +        headerformat="!iiiiiiiiii"
  1.1167 +        totallen_bin = struct.calcsize(headerformat) + \
  1.1168 +                       len(pr_bin) + len(chw_bin) + len(ste_bin)
  1.1169 +        polref_offset = struct.calcsize(headerformat)
  1.1170 +        primpoloffset = polref_offset + len(pr_bin)
  1.1171 +        if primpolcode == ACM_CHINESE_WALL_POLICY:
  1.1172 +            secpoloffset = primpoloffset + len(chw_bin)
  1.1173 +        elif primpolcode == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
  1.1174 +            secpoloffset = primpoloffset + len(ste_bin)
  1.1175 +        else:
  1.1176 +            secpoloffset = primpoloffset
  1.1177 +
  1.1178 +        (major, minor) = self.getVersionTuple()
  1.1179 +        hdr_bin = struct.pack(headerformat,
  1.1180 +                              ACM_POLICY_VERSION,
  1.1181 +                              ACM_MAGIC,
  1.1182 +                              totallen_bin,
  1.1183 +                              polref_offset,
  1.1184 +                              primpolcode,
  1.1185 +                              primpoloffset,
  1.1186 +                              secpolcode,
  1.1187 +                              secpoloffset,
  1.1188 +                              major, minor)
  1.1189 +
  1.1190 +        all_bin = array.array('B')
  1.1191 +        for s in [ hdr_bin, pr_bin, chw_bin, ste_bin ]:
  1.1192 +            for c in s:
  1.1193 +                all_bin.append(ord(c))
  1.1194 +
  1.1195 +        log.info("Compiled policy: rc = %s" % hex(rc))
  1.1196 +        if len(unknown_ste) > 0:
  1.1197 +            log.info("The following STEs in VM/res labels were unknown:" \
  1.1198 +                     " %s" % list(unknown_ste))
  1.1199 +        if len(unknown_chw) > 0:
  1.1200 +            log.info("The following Ch. Wall types in labels were unknown:" \
  1.1201 +                     " %s" % list(unknown_chw))
  1.1202 +        return rc, mapfile, all_bin.tostring()
     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/tools/python/xen/util/bootloader.py	Mon Jul 09 14:51:44 2007 +0100
     2.3 @@ -0,0 +1,521 @@
     2.4 +#============================================================================
     2.5 +# This library is free software; you can redistribute it and/or
     2.6 +# modify it under the terms of version 2.1 of the GNU Lesser General Public
     2.7 +# License as published by the Free Software Foundation.
     2.8 +#
     2.9 +# This library is distributed in the hope that it will be useful,
    2.10 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
    2.11 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    2.12 +# Lesser General Public License for more details.
    2.13 +#
    2.14 +# You should have received a copy of the GNU Lesser General Public
    2.15 +# License along with this library; if not, write to the Free Software
    2.16 +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
    2.17 +#============================================================================
    2.18 +# Copyright (C) 2006,2007 International Business Machines Corp.
    2.19 +# Author: Stefan Berger <stefanb@us.ibm.com>
    2.20 +#============================================================================
    2.21 +
    2.22 +import re
    2.23 +import os, stat
    2.24 +import tempfile
    2.25 +import shutil
    2.26 +import threading
    2.27 +from xen.xend.XendLogging import log
    2.28 +
    2.29 +__bootloader = None
    2.30 +
    2.31 +#
    2.32 +# Functions for modifying entries in the bootloader, i.e. adding
    2.33 +# a module to boot the system with a policy.
    2.34 +#
    2.35 +
    2.36 +def get_default_title():
    2.37 +    """ See description in Bootloader class below """
    2.38 +    return __bootloader.get_default_title()
    2.39 +
    2.40 +
    2.41 +def get_boot_policies():
    2.42 +    """ See description in Bootloader class below """
    2.43 +    return __bootloader.get_boot_policies()
    2.44 +
    2.45 +
    2.46 +def add_boot_policy(index, binpolname):
    2.47 +    """ See description in Bootloader class below """
    2.48 +    return __bootloader.add_boot_policy(index, binpolname)
    2.49 +
    2.50 +
    2.51 +def rm_policy_from_boottitle(index, unamelist):
    2.52 +    """ See description in Bootloader class below """
    2.53 +    return __bootloader.rm_policy_from_boottitle(index, unamelist)
    2.54 +
    2.55 +
    2.56 +def set_kernel_attval(index, att, val):
    2.57 +    """ See description in Bootloader class below """
    2.58 +    return __bootloader.set_kernel_attval(index, att, val)
    2.59 +
    2.60 +
    2.61 +def get_kernel_val(index, att):
    2.62 +    """ See description in Bootloader class below """
    2.63 +    return __bootloader.get_kernel_val(index, att)
    2.64 +
    2.65 +
    2.66 +def set_boot_policy(title_idx, filename):
    2.67 +    boottitles = get_boot_policies()
    2.68 +    if boottitles.has_key(title_idx):
    2.69 +        rm_policy_from_boottitle(title_idx, [ boottitles[title_idx] ])
    2.70 +    rc = add_boot_policy(title_idx, filename)
    2.71 +    return rc
    2.72 +
    2.73 +
    2.74 +def loads_default_policy(filename):
    2.75 +    """ Determine whether the given policy is loaded by the default boot title """
    2.76 +    polfile = get_default_policy()
    2.77 +    if polfile != None:
    2.78 +        if     polfile == filename or \
    2.79 +           "/"+polfile == filename:
    2.80 +            return True
    2.81 +    return False
    2.82 +
    2.83 +
    2.84 +def get_default_policy():
    2.85 +    """ Get the name of the policy loaded by the default boot title """
    2.86 +    title = get_default_title()
    2.87 +    policies = get_boot_policies()
    2.88 +    return policies.get(title)
    2.89 +
    2.90 +
    2.91 +def set_default_boot_policy(filename):
    2.92 +    """ Set the boot policy in the default title to the given name. """
    2.93 +    title = get_default_title()
    2.94 +    return set_boot_policy(title, filename)
    2.95 +
    2.96 +
    2.97 +def __is_bootdir_mounted():
    2.98 +    """
    2.99 +       Determine whether the boot partition /boot is mounted or not
   2.100 +    """
   2.101 +    rc = False
   2.102 +    file = open("/proc/mounts")
   2.103 +    for line in file:
   2.104 +        tmp = line.split(" ")
   2.105 +        if tmp[1] == "/boot":
   2.106 +            rc = True
   2.107 +            break
   2.108 +    return rc
   2.109 +
   2.110 +def get_prefix():
   2.111 +    if __is_bootdir_mounted():
   2.112 +        return "/"
   2.113 +    else:
   2.114 +        return "/boot/"
   2.115 +
   2.116 +
   2.117 +
   2.118 +class Bootloader:
   2.119 +    """ Bootloader class that real bootloader implementations must overwrite """
   2.120 +    def __init__(self):
   2.121 +        pass
   2.122 +
   2.123 +    def probe(self):
   2.124 +        """ Test whether this implementation of a bootloader is supported on the
   2.125 +            local system """
   2.126 +        return True
   2.127 +
   2.128 +    def get_default_title(self):
   2.129 +        """ Get the index (starting with 0) of the default boot title
   2.130 +            This number is read from the grub configuration file.
   2.131 +            In case of an error '-1' is returned
   2.132 +            @rtype: int
   2.133 +            @return: the index of the default boot title
   2.134 +        """
   2.135 +        return None
   2.136 +
   2.137 +    def get_boot_policies(self):
   2.138 +        """ Get a dictionary of policies that the system is booting with.
   2.139 +            @rtype: dict
   2.140 +            @return: dictionary of boot titles where the keys are the
   2.141 +                     indices of the boot titles
   2.142 +        """
   2.143 +        return {}
   2.144 +
   2.145 +    def add_boot_policy(self, index, binpolname):
   2.146 +        """ Add the binary policy for automatic loading when
   2.147 +            booting the system. Add it to the boot title at index
   2.148 +            'index'.
   2.149 +        """
   2.150 +        return False
   2.151 +
   2.152 +    def rm_policy_from_boottitle(self, index, unamelist):
   2.153 +        """ Remove a policy from the given title. A list of possible policies
   2.154 +            must be given to detect what module to remove
   2.155 +        """
   2.156 +        return False
   2.157 +
   2.158 +    def set_kernel_attval(self, index, att, val):
   2.159 +        """
   2.160 +            Append an attribut/value pair to the kernel line.
   2.161 +            @param index : The index of the title to modify
   2.162 +            @param att   : The attribute to add
   2.163 +            @param val   : The value to add. If no value or the special value
   2.164 +                           '<>' is given, then the attribute will be removed.
   2.165 +                           If an empty value is given, then only the attribute
   2.166 +                           is added in the format "att", otherwise "att=val"
   2.167 +                           is added.
   2.168 +        """
   2.169 +        return False
   2.170 +
   2.171 +    def get_kernel_val(self, index, att):
   2.172 +        """
   2.173 +            Get an attribute's value from the kernel line.
   2.174 +            @param index : The index of the title to get the attribute/value from
   2.175 +            @param att   : The attribute to read the value of
   2.176 +        """
   2.177 +        return None
   2.178 +
   2.179 +
   2.180 +class Grub(Bootloader):
   2.181 +    """ Implementation for manipulating bootloader entries in grub according
   2.182 +        to the 'Bootloader' class interface """
   2.183 +
   2.184 +    def __init__(self):
   2.185 +        self.__bootfile_lock = threading.RLock()
   2.186 +        self.title_re = re.compile("\s*title\s", re.IGNORECASE)
   2.187 +        self.module_re = re.compile("\s+module\s", re.IGNORECASE)
   2.188 +        self.policy_re = re.compile(".*\.bin", re.IGNORECASE)
   2.189 +        self.kernel_re = re.compile("\s*kernel\s", re.IGNORECASE)
   2.190 +        Bootloader.__init__(self)
   2.191 +
   2.192 +    def probe(self):
   2.193 +        try:
   2.194 +            boot_file = self.__get_bootfile()
   2.195 +        except:
   2.196 +            return False
   2.197 +        return True
   2.198 +
   2.199 +
   2.200 +    def __get_bootfile(self):
   2.201 +        """ Get the name of the bootfile """
   2.202 +        boot_file = "/boot/grub/grub.conf"
   2.203 +        alt_boot_file = "/boot/grub/menu.lst"
   2.204 +
   2.205 +        if not os.path.isfile(boot_file):
   2.206 +            #take alternate boot file instead
   2.207 +            boot_file = alt_boot_file
   2.208 +
   2.209 +        #follow symlink since menue.lst might be linked to grub.conf
   2.210 +        if not os.path.exists(boot_file):
   2.211 +            raise IOError("Boot file \'%s\' not found." % boot_file)
   2.212 +
   2.213 +        if stat.S_ISLNK(os.lstat(boot_file)[stat.ST_MODE]):
   2.214 +            new_name = os.readlink(boot_file)
   2.215 +            if new_name[0] == "/":
   2.216 +                boot_file = new_name
   2.217 +            else:
   2.218 +                path = boot_file.split('/')
   2.219 +                path[len(path)-1] = new_name
   2.220 +                boot_file = '/'.join(path)
   2.221 +        if not os.path.exists(boot_file):
   2.222 +            raise IOError("Boot file \'%s\' not found." % boot_file)
   2.223 +        return boot_file
   2.224 +
   2.225 +
   2.226 +    def __get_titles(self):
   2.227 +        """ Get the names of all boot titles in the grub config file
   2.228 +          @rtype: list
   2.229 +          @return: list of names of available boot titles
   2.230 +        """
   2.231 +        titles = []
   2.232 +        try:
   2.233 +            boot_file = self.__get_bootfile()
   2.234 +        except:
   2.235 +            return []
   2.236 +        try:
   2.237 +            self.__bootfile_lock.acquire()
   2.238 +            grub_fd = open(boot_file)
   2.239 +            for line in grub_fd:
   2.240 +                if self.title_re.match(line):
   2.241 +                    line = line.rstrip().lstrip()
   2.242 +                    titles.append(line.lstrip('title').lstrip())
   2.243 +        finally:
   2.244 +            self.__bootfile_lock.release()
   2.245 +        return titles
   2.246 +
   2.247 +
   2.248 +    def get_default_title(self):
   2.249 +        """ Get the index (starting with 0) of the default boot title
   2.250 +            This number is read from the grub configuration file.
   2.251 +            In case of an error '-1' is returned
   2.252 +            @rtype: int
   2.253 +            @return: the index of the default boot title
   2.254 +        """
   2.255 +        def_re = re.compile("default", re.IGNORECASE)
   2.256 +        default = None
   2.257 +        try:
   2.258 +            boot_file = self.__get_bootfile()
   2.259 +        except:
   2.260 +            return default
   2.261 +        try:
   2.262 +            self.__bootfile_lock.acquire()
   2.263 +            grub_fd = open(boot_file)
   2.264 +            for line in grub_fd:
   2.265 +                line = line.rstrip()
   2.266 +                if def_re.match(line):
   2.267 +                    line = line.rstrip()
   2.268 +                    line = line.lstrip("default=")
   2.269 +                    default = int(line)
   2.270 +                    break
   2.271 +        finally:
   2.272 +            self.__bootfile_lock.release()
   2.273 +        return default
   2.274 +
   2.275 +
   2.276 +    def get_boot_policies(self):
   2.277 +        """ Get a dictionary of policies that the system is booting with.
   2.278 +            @rtype: dict
   2.279 +            @return: dictionary of boot titles where the keys are the
   2.280 +                     indices of the boot titles
   2.281 +        """
   2.282 +        policies = {}
   2.283 +        within_title = 0
   2.284 +        idx = -1
   2.285 +        try:
   2.286 +            boot_file = self.__get_bootfile()
   2.287 +        except:
   2.288 +            return policies
   2.289 +        try:
   2.290 +            self.__bootfile_lock.acquire()
   2.291 +
   2.292 +            grub_fd = open(boot_file)
   2.293 +            for line in grub_fd:
   2.294 +                if self.title_re.match(line):
   2.295 +                    within_title = 1
   2.296 +                    idx = idx + 1
   2.297 +                if within_title and self.module_re.match(line):
   2.298 +                    if self.policy_re.match(line):
   2.299 +                        start = line.find("module")
   2.300 +                        pol = line[start+6:]
   2.301 +                        pol = pol.lstrip().rstrip()
   2.302 +                        if pol[0] == '/':
   2.303 +                            pol = pol[1:]
   2.304 +                        if pol[0:5] == "boot/":
   2.305 +                            pol = pol[5:]
   2.306 +                        policies[idx] = pol
   2.307 +        finally:
   2.308 +            self.__bootfile_lock.release()
   2.309 +        return policies
   2.310 +
   2.311 +
   2.312 +    def add_boot_policy(self, index, binpolname):
   2.313 +        """ Add the binary policy for automatic loading when
   2.314 +            booting the system. Add it to the boot title at index
   2.315 +            'index'.
   2.316 +        """
   2.317 +        ctr = 0
   2.318 +        module_line = ""
   2.319 +        within_title = 0
   2.320 +        found = False
   2.321 +        try:
   2.322 +            boot_file = self.__get_bootfile()
   2.323 +        except:
   2.324 +            return False
   2.325 +        try:
   2.326 +            self.__bootfile_lock.acquire()
   2.327 +            grub_fd = open(boot_file)
   2.328 +            (tmp_fd, tmp_grub) = tempfile.mkstemp()
   2.329 +            for line in grub_fd:
   2.330 +                if self.title_re.match(line):
   2.331 +                    if module_line != "" and not found:
   2.332 +                        os.write(tmp_fd, module_line)
   2.333 +                        found = True
   2.334 +
   2.335 +                    if ctr == index:
   2.336 +                        within_title = 1
   2.337 +                    else:
   2.338 +                        within_title = 0
   2.339 +                    ctr = ctr + 1
   2.340 +                elif within_title and self.module_re.match(line):
   2.341 +                    start = line.find("module")
   2.342 +                    l = line[start+6:len(line)]
   2.343 +                    l = l.lstrip()
   2.344 +                    if l[0] == '/':
   2.345 +                        prefix = "/"
   2.346 +                    else:
   2.347 +                        prefix = ""
   2.348 +                    prefix = get_prefix()
   2.349 +                    module_line = "\tmodule %s%s\n" % (prefix,binpolname)
   2.350 +                else:
   2.351 +                    if module_line != "" and not found:
   2.352 +                        os.write(tmp_fd, module_line)
   2.353 +                        found = True
   2.354 +
   2.355 +                os.write(tmp_fd, line)
   2.356 +
   2.357 +            if module_line != "" and not found:
   2.358 +                os.write(tmp_fd, module_line)
   2.359 +                found = True
   2.360 +
   2.361 +            shutil.move(boot_file, boot_file+"_save")
   2.362 +            shutil.copyfile(tmp_grub, boot_file)
   2.363 +            os.close(tmp_fd)
   2.364 +            try:
   2.365 +                os.remove(tmp_grub)
   2.366 +            except:
   2.367 +                pass
   2.368 +        finally:
   2.369 +            self.__bootfile_lock.release()
   2.370 +        return found
   2.371 +
   2.372 +
   2.373 +    def rm_policy_from_boottitle(self, index, unamelist):
   2.374 +        """ Remove a policy from the given title. A list of possible policies
   2.375 +            must be given to detect what module to remove
   2.376 +        """
   2.377 +        found = False
   2.378 +        ctr = 0
   2.379 +        within_title = 0
   2.380 +
   2.381 +        prefix = get_prefix()
   2.382 +        namelist = [prefix+name for name in unamelist]
   2.383 +
   2.384 +        try:
   2.385 +            boot_file = self.__get_bootfile()
   2.386 +        except:
   2.387 +            return False
   2.388 +        try:
   2.389 +            self.__bootfile_lock.acquire()
   2.390 +
   2.391 +            grub_fd = open(boot_file)
   2.392 +            (tmp_fd, tmp_grub) = tempfile.mkstemp()
   2.393 +            for line in grub_fd:
   2.394 +                omit_line = False
   2.395 +                if self.title_re.match(line):
   2.396 +                    if ctr == index:
   2.397 +                        within_title = 1
   2.398 +                    else:
   2.399 +                        within_title = 0
   2.400 +                    ctr = ctr + 1
   2.401 +                if within_title and self.module_re.match(line):
   2.402 +                    if self.policy_re.match(line):
   2.403 +                        start = line.find("module")
   2.404 +                        pol = line[start+6:len(line)]
   2.405 +                        pol = pol.lstrip().rstrip()
   2.406 +                        if pol in namelist:
   2.407 +                            omit_line = True
   2.408 +                            found = True
   2.409 +                if not omit_line:
   2.410 +                    os.write(tmp_fd, line)
   2.411 +            if found:
   2.412 +                shutil.move(boot_file, boot_file+"_save")
   2.413 +                shutil.copyfile(tmp_grub, boot_file)
   2.414 +            os.close(tmp_fd)
   2.415 +            try:
   2.416 +                os.remove(tmp_grub)
   2.417 +            except:
   2.418 +                pass
   2.419 +        finally:
   2.420 +            self.__bootfile_lock.release()
   2.421 +        return found
   2.422 +
   2.423 +
   2.424 +    def set_kernel_attval(self, index, att, val):
   2.425 +        """
   2.426 +            Append an attribut/value pair to the kernel line.
   2.427 +            @param index : The index of the title to modify
   2.428 +            @param att   : The attribute to add
   2.429 +            @param val   : The value to add. If no value or the special value
   2.430 +                           '<>' is given, then the attribute will be removed.
   2.431 +                           If an empty value is given, then only the attribute
   2.432 +                           is added in the format "att", otherwise "att=val"
   2.433 +                           is added.
   2.434 +        """
   2.435 +        found = False
   2.436 +        ctr = 0
   2.437 +        within_title = 0
   2.438 +        try:
   2.439 +            boot_file = self.__get_bootfile()
   2.440 +        except:
   2.441 +            False
   2.442 +        try:
   2.443 +            self.__bootfile_lock.acquire()
   2.444 +
   2.445 +            grub_fd = open(boot_file)
   2.446 +            (tmp_fd, tmp_grub) = tempfile.mkstemp()
   2.447 +            for line in grub_fd:
   2.448 +                if self.title_re.match(line):
   2.449 +                    if ctr == index:
   2.450 +                        within_title = 1
   2.451 +                    else:
   2.452 +                        within_title = 0
   2.453 +                    ctr = ctr + 1
   2.454 +                if within_title and self.kernel_re.match(line):
   2.455 +                    nitems = []
   2.456 +                    items = line.split(" ")
   2.457 +                    i = 0
   2.458 +                    while i < len(items):
   2.459 +                        el = items[i].split("=",1)
   2.460 +                        if el[0] != att:
   2.461 +                            nitems.append(items[i].rstrip("\n"))
   2.462 +                        i += 1
   2.463 +                    if val == "":
   2.464 +                        nitems.append("%s" % (att))
   2.465 +                    elif val != None and val != "<>":
   2.466 +                        nitems.append("%s=%s" % (att,val))
   2.467 +                    line = " ".join(nitems) + "\n"
   2.468 +                os.write(tmp_fd, line)
   2.469 +            shutil.move(boot_file, boot_file+"_save")
   2.470 +            shutil.copyfile(tmp_grub, boot_file)
   2.471 +            os.close(tmp_fd)
   2.472 +            try:
   2.473 +                os.remove(tmp_grub)
   2.474 +            except:
   2.475 +                pass
   2.476 +        finally:
   2.477 +            self.__bootfile_lock.release()
   2.478 +        return found
   2.479 +
   2.480 +
   2.481 +    def get_kernel_val(self, index, att):
   2.482 +        """
   2.483 +            Get an attribute's value from the kernel line.
   2.484 +            @param index : The index of the title to get the attribute/value from
   2.485 +            @param att   : The attribute to read the value of
   2.486 +        """
   2.487 +        ctr = 0
   2.488 +        within_title = 0
   2.489 +        try:
   2.490 +            boot_file = self.__get_bootfile()
   2.491 +        except:
   2.492 +            return None
   2.493 +        try:
   2.494 +            self.__bootfile_lock.acquire()
   2.495 +
   2.496 +            grub_fd = open(boot_file)
   2.497 +            for line in grub_fd:
   2.498 +                if self.title_re.match(line):
   2.499 +                    if ctr == index:
   2.500 +                        within_title = 1
   2.501 +                    else:
   2.502 +                        within_title = 0
   2.503 +                    ctr = ctr + 1
   2.504 +                if within_title and self.kernel_re.match(line):
   2.505 +                    line = line.rstrip().lstrip()
   2.506 +                    items = line.split(" ")
   2.507 +                    i = 0
   2.508 +                    while i < len(items):
   2.509 +                        el = items[i].split("=",1)
   2.510 +                        if el[0] == att:
   2.511 +                            if len(el) == 1:
   2.512 +                                return "<>"
   2.513 +                            return el[1]
   2.514 +                        i += 1
   2.515 +        finally:
   2.516 +            self.__bootfile_lock.release()
   2.517 +        return None # Not found
   2.518 +
   2.519 +
   2.520 +__bootloader = Bootloader()
   2.521 +
   2.522 +grub = Grub()
   2.523 +if grub.probe() == True:
   2.524 +    __bootloader = grub
     3.1 --- a/tools/python/xen/util/security.py	Mon Jul 09 14:30:46 2007 +0100
     3.2 +++ b/tools/python/xen/util/security.py	Mon Jul 09 14:51:44 2007 +0100
     3.3 @@ -15,17 +15,22 @@
     3.4  # Copyright (C) 2006 International Business Machines Corp.
     3.5  # Author: Reiner Sailer
     3.6  # Author: Bryan D. Payne <bdpayne@us.ibm.com>
     3.7 +# Author: Stefan Berger <stefanb@us.ibm.com>
     3.8  #============================================================================
     3.9  
    3.10  import commands
    3.11  import logging
    3.12 -import sys, os, string, re
    3.13 -import traceback
    3.14 -import shutil
    3.15 +import os, string, re
    3.16 +import threading
    3.17 +import struct
    3.18 +import stat
    3.19  from xen.lowlevel import acm
    3.20  from xen.xend import sxp
    3.21 +from xen.xend import XendConstants
    3.22  from xen.xend.XendLogging import log
    3.23 -from xen.util import dictio
    3.24 +from xen.xend.XendError import VmError
    3.25 +from xen.util import dictio, xsconstants
    3.26 +from xen.xend.XendConstants import *
    3.27  
    3.28  #global directories and tools for security management
    3.29  policy_dir_prefix = "/etc/xen/acm-security/policies"
    3.30 @@ -60,6 +65,10 @@ policy_name_re = re.compile(".*[chwall|s
    3.31  #other global variables
    3.32  NULL_SSIDREF = 0
    3.33  
    3.34 +#general Rlock for map files; only one lock for all mapfiles
    3.35 +__mapfile_lock = threading.RLock()
    3.36 +__resfile_lock = threading.RLock()
    3.37 +
    3.38  log = logging.getLogger("xend.util.security")
    3.39  
    3.40  # Our own exception definition. It is masked (pass) if raised and
    3.41 @@ -75,7 +84,6 @@ class ACMError(Exception):
    3.42  def err(msg):
    3.43      """Raise ACM exception.
    3.44      """
    3.45 -    sys.stderr.write("ACMError: " + msg + "\n")
    3.46      raise ACMError(msg)
    3.47  
    3.48  
    3.49 @@ -83,6 +91,13 @@ def err(msg):
    3.50  active_policy = None
    3.51  
    3.52  
    3.53 +def mapfile_lock():
    3.54 +    __mapfile_lock.acquire()
    3.55 +
    3.56 +def mapfile_unlock():
    3.57 +    __mapfile_lock.release()
    3.58 +
    3.59 +
    3.60  def refresh_security_policy():
    3.61      """
    3.62      retrieves security policy
    3.63 @@ -106,6 +121,39 @@ def on():
    3.64      return (active_policy not in ['INACTIVE', 'NULL'])
    3.65  
    3.66  
    3.67 +def calc_dom_ssidref_from_info(info):
    3.68 +    """
    3.69 +       Calculate a domain's ssidref from the security_label in its
    3.70 +       info.
    3.71 +       This function is called before the domain is started and
    3.72 +       makes sure that:
    3.73 +        - the type of the policy is the same as indicated in the label
    3.74 +        - the name of the policy is the same as indicated in the label
    3.75 +        - calculates an up-to-date ssidref for the domain
    3.76 +       The latter is necessary since the domain's ssidref could have
    3.77 +       changed due to changes to the policy.
    3.78 +    """
    3.79 +    import xen.xend.XendConfig
    3.80 +    if isinstance(info, xen.xend.XendConfig.XendConfig):
    3.81 +        if info.has_key('security_label'):
    3.82 +            seclab = info['security_label']
    3.83 +            tmp = seclab.split(":")
    3.84 +            if len(tmp) != 3:
    3.85 +                raise VmError("VM label '%s' in wrong format." % seclab)
    3.86 +            typ, policyname, vmlabel = seclab.split(":")
    3.87 +            if typ != xsconstants.ACM_POLICY_ID:
    3.88 +                raise VmError("Policy type '%s' not supported." % typ)
    3.89 +            refresh_security_policy()
    3.90 +            if active_policy != policyname:
    3.91 +                raise VmError("Active policy '%s' different than "
    3.92 +                              "what in VM's label ('%s')." %
    3.93 +                              (active_policy, policyname))
    3.94 +            ssidref = label2ssidref(vmlabel, policyname, "dom")
    3.95 +            return ssidref
    3.96 +        else:
    3.97 +            return 0
    3.98 +    raise VmError("security.calc_dom_ssidref_from_info: info of type '%s'"
    3.99 +                  "not supported." % type(info))
   3.100  
   3.101  # Assumes a 'security' info  [security access_control ...] [ssidref ...]
   3.102  def get_security_info(info, field):
   3.103 @@ -146,7 +194,6 @@ def get_security_info(info, field):
   3.104          return None
   3.105  
   3.106  
   3.107 -
   3.108  def get_security_printlabel(info):
   3.109      """retrieves printable security label from self.info['security']),
   3.110      preferably the label name and otherwise (if label is not specified
   3.111 @@ -250,32 +297,37 @@ def ssidref2label(ssidref_var):
   3.112      else:
   3.113          err("Instance type of ssidref not supported (must be of type 'str' or 'int')")
   3.114  
   3.115 -    (primary, secondary, f, pol_exists) = getmapfile(None)
   3.116 -    if not f:
   3.117 -        if (pol_exists):
   3.118 -            err("Mapping file for policy \'" + policyname + "\' not found.\n" +
   3.119 -                "Please use makepolicy command to create mapping file!")
   3.120 -        else:
   3.121 -            err("Policy file for \'" + active_policy + "\' not found.")
   3.122 +    try:
   3.123 +        mapfile_lock()
   3.124  
   3.125 -    #2. get labelnames for both ssidref parts
   3.126 -    pri_ssid = ssidref & 0xffff
   3.127 -    sec_ssid = ssidref >> 16
   3.128 -    pri_null_ssid = NULL_SSIDREF & 0xffff
   3.129 -    sec_null_ssid = NULL_SSIDREF >> 16
   3.130 -    pri_labels = []
   3.131 -    sec_labels = []
   3.132 -    labels = []
   3.133 +        (primary, secondary, f, pol_exists) = getmapfile(None)
   3.134 +        if not f:
   3.135 +            if (pol_exists):
   3.136 +                err("Mapping file for policy not found.\n" +
   3.137 +                    "Please use makepolicy command to create mapping file!")
   3.138 +            else:
   3.139 +                err("Policy file for \'" + active_policy + "\' not found.")
   3.140  
   3.141 -    for line in f:
   3.142 -        l = line.split()
   3.143 -        if (len(l) < 5) or (l[0] != "LABEL->SSID"):
   3.144 -            continue
   3.145 -        if primary and (l[2] == primary) and (int(l[4], 16) == pri_ssid):
   3.146 -            pri_labels.append(l[3])
   3.147 -        if secondary and (l[2] == secondary) and (int(l[4], 16) == sec_ssid):
   3.148 -            sec_labels.append(l[3])
   3.149 -    f.close()
   3.150 +        #2. get labelnames for both ssidref parts
   3.151 +        pri_ssid = ssidref & 0xffff
   3.152 +        sec_ssid = ssidref >> 16
   3.153 +        pri_null_ssid = NULL_SSIDREF & 0xffff
   3.154 +        sec_null_ssid = NULL_SSIDREF >> 16
   3.155 +        pri_labels = []
   3.156 +        sec_labels = []
   3.157 +        labels = []
   3.158 +
   3.159 +        for line in f:
   3.160 +            l = line.split()
   3.161 +            if (len(l) < 5) or (l[0] != "LABEL->SSID"):
   3.162 +                continue
   3.163 +            if primary and (l[2] == primary) and (int(l[4], 16) == pri_ssid):
   3.164 +                pri_labels.append(l[3])
   3.165 +            if secondary and (l[2] == secondary) and (int(l[4], 16) == sec_ssid):
   3.166 +                sec_labels.append(l[3])
   3.167 +        f.close()
   3.168 +    finally:
   3.169 +        mapfile_unlock()
   3.170  
   3.171      #3. get the label that is in both lists (combination must be a single label)
   3.172      if (primary == "CHWALL") and (pri_ssid == pri_null_ssid) and (sec_ssid != sec_null_ssid):
   3.173 @@ -297,7 +349,7 @@ def ssidref2label(ssidref_var):
   3.174  
   3.175  
   3.176  
   3.177 -def label2ssidref(labelname, policyname, type):
   3.178 +def label2ssidref(labelname, policyname, typ):
   3.179      """
   3.180      returns ssidref corresponding to labelname;
   3.181      maps current policy to default directory
   3.182 @@ -307,42 +359,51 @@ def label2ssidref(labelname, policyname,
   3.183          err("Cannot translate labels for \'" + policyname + "\' policy.")
   3.184  
   3.185      allowed_types = ['ANY']
   3.186 -    if type == 'dom':
   3.187 +    if typ == 'dom':
   3.188          allowed_types.append('VM')
   3.189 -    elif type == 'res':
   3.190 +    elif typ == 'res':
   3.191          allowed_types.append('RES')
   3.192      else:
   3.193          err("Invalid type.  Must specify 'dom' or 'res'.")
   3.194  
   3.195 -    (primary, secondary, f, pol_exists) = getmapfile(policyname)
   3.196 +    try:
   3.197 +        mapfile_lock()
   3.198 +        (primary, secondary, f, pol_exists) = getmapfile(policyname)
   3.199  
   3.200 -    #2. get labelnames for ssidref parts and find a common label
   3.201 -    pri_ssid = []
   3.202 -    sec_ssid = []
   3.203 -    for line in f:
   3.204 -        l = line.split()
   3.205 -        if (len(l) < 5) or (l[0] != "LABEL->SSID"):
   3.206 -            continue
   3.207 -        if primary and (l[1] in allowed_types) and (l[2] == primary) and (l[3] == labelname):
   3.208 -            pri_ssid.append(int(l[4], 16))
   3.209 -        if secondary and (l[1] in allowed_types) and (l[2] == secondary) and (l[3] == labelname):
   3.210 -            sec_ssid.append(int(l[4], 16))
   3.211 -    f.close()
   3.212 -    if (type == 'res') and (primary == "CHWALL") and (len(pri_ssid) == 0):
   3.213 -        pri_ssid.append(NULL_SSIDREF)
   3.214 -    elif (type == 'res') and (secondary == "CHWALL") and (len(sec_ssid) == 0):
   3.215 -        sec_ssid.append(NULL_SSIDREF)
   3.216 +        #2. get labelnames for ssidref parts and find a common label
   3.217 +        pri_ssid = []
   3.218 +        sec_ssid = []
   3.219 +        for line in f:
   3.220 +            l = line.split()
   3.221 +            if (len(l) < 5) or (l[0] != "LABEL->SSID"):
   3.222 +                continue
   3.223 +            if primary and (l[1] in allowed_types) and \
   3.224 +                           (l[2] == primary) and \
   3.225 +                           (l[3] == labelname):
   3.226 +                pri_ssid.append(int(l[4], 16))
   3.227 +            if secondary and (l[1] in allowed_types) and \
   3.228 +                             (l[2] == secondary) and \
   3.229 +                             (l[3] == labelname):
   3.230 +                sec_ssid.append(int(l[4], 16))
   3.231 +        f.close()
   3.232 +        if (typ == 'res') and (primary == "CHWALL") and (len(pri_ssid) == 0):
   3.233 +            pri_ssid.append(NULL_SSIDREF)
   3.234 +        elif (typ == 'res') and (secondary == "CHWALL") and \
   3.235 +             (len(sec_ssid) == 0):
   3.236 +            sec_ssid.append(NULL_SSIDREF)
   3.237  
   3.238 -    #3. sanity check and composition of ssidref
   3.239 -    if (len(pri_ssid) == 0) or ((len(sec_ssid) == 0) and (secondary != "NULL")):
   3.240 -        err("Label \'" + labelname + "\' not found.")
   3.241 -    elif (len(pri_ssid) > 1) or (len(sec_ssid) > 1):
   3.242 -        err("Label \'" + labelname + "\' not unique in policy (policy error)")
   3.243 -    if secondary == "NULL":
   3.244 -        return pri_ssid[0]
   3.245 -    else:
   3.246 -        return (sec_ssid[0] << 16) | pri_ssid[0]
   3.247 -
   3.248 +        #3. sanity check and composition of ssidref
   3.249 +        if (len(pri_ssid) == 0) or ((len(sec_ssid) == 0) and \
   3.250 +            (secondary != "NULL")):
   3.251 +            err("Label \'" + labelname + "\' not found.")
   3.252 +        elif (len(pri_ssid) > 1) or (len(sec_ssid) > 1):
   3.253 +            err("Label \'" + labelname + "\' not unique in policy (policy error)")
   3.254 +        if secondary == "NULL":
   3.255 +            return pri_ssid[0]
   3.256 +        else:
   3.257 +            return (sec_ssid[0] << 16) | pri_ssid[0]
   3.258 +    finally:
   3.259 +       mapfile_unlock()
   3.260  
   3.261  
   3.262  def refresh_ssidref(config):
   3.263 @@ -381,8 +442,9 @@ def refresh_ssidref(config):
   3.264                      err("Illegal field in access_control")
   3.265      #verify policy is correct
   3.266      if active_policy != policyname:
   3.267 -        err("Policy \'" + policyname + "\' in label does not match active policy \'"
   3.268 -            + active_policy +"\'!")
   3.269 +        err("Policy \'" + str(policyname) +
   3.270 +            "\' in label does not match active policy \'"
   3.271 +            + str(active_policy) +"\'!")
   3.272  
   3.273      new_ssidref = label2ssidref(labelname, policyname, 'dom')
   3.274      if not new_ssidref:
   3.275 @@ -470,6 +532,25 @@ def get_decision(arg1, arg2):
   3.276          err("Cannot determine decision (Invalid parameter).")
   3.277  
   3.278  
   3.279 +def hv_chg_policy(bin_pol, del_array, chg_array):
   3.280 +    """
   3.281 +        Change the binary policy in the hypervisor
   3.282 +        The 'del_array' and 'chg_array' give hints about deleted ssidrefs
   3.283 +        and changed ssidrefs which can be due to deleted VM labels
   3.284 +        or reordered VM labels
   3.285 +    """
   3.286 +    rc = -xsconstants.XSERR_GENERAL_FAILURE
   3.287 +    errors = ""
   3.288 +    if not on():
   3.289 +        err("No policy active.")
   3.290 +    try:
   3.291 +        rc, errors = acm.chgpolicy(bin_pol, del_array, chg_array)
   3.292 +    except Exception, e:
   3.293 +        pass
   3.294 +    if (len(errors) > 0):
   3.295 +        rc = -xsconstants.XSERR_HV_OP_FAILED
   3.296 +    return rc, errors
   3.297 +
   3.298  
   3.299  def make_policy(policy_name):
   3.300      policy_file = string.join(string.split(policy_name, "."), "/")
   3.301 @@ -480,8 +561,6 @@ def make_policy(policy_name):
   3.302      if ret:
   3.303          err("Creating policy failed:\n" + output)
   3.304  
   3.305 -
   3.306 -
   3.307  def load_policy(policy_name):
   3.308      global active_policy
   3.309      policy_file = policy_dir_prefix + "/" + string.join(string.split(policy_name, "."), "/")
   3.310 @@ -538,8 +617,8 @@ def list_labels(policy_name, condition):
   3.311  
   3.312  
   3.313  def get_res_label(resource):
   3.314 -    """Returns resource label information (label, policy) if it exists.
   3.315 -       Otherwise returns null label and policy.
   3.316 +    """Returns resource label information (policytype, label, policy) if
   3.317 +       it exists. Otherwise returns null label and policy.
   3.318      """
   3.319      def default_res_label():
   3.320          ssidref = NULL_SSIDREF
   3.321 @@ -547,23 +626,19 @@ def get_res_label(resource):
   3.322              label = ssidref2label(ssidref)
   3.323          else:
   3.324              label = None
   3.325 -        return (label, 'NULL')
   3.326 -
   3.327 -    (label, policy) = default_res_label()
   3.328 +        return (xsconstants.ACM_POLICY_ID, 'NULL', label)
   3.329  
   3.330 -    # load the resource label file
   3.331 -    res_label_cache = {}
   3.332 -    try:
   3.333 -        res_label_cache = dictio.dict_read("resources", res_label_filename)
   3.334 -    except:
   3.335 -        log.info("Resource label file not found.")
   3.336 -        return default_res_label()
   3.337  
   3.338 -    # find the resource information
   3.339 -    if res_label_cache.has_key(resource):
   3.340 -        (policy, label) = res_label_cache[resource]
   3.341 +    tmp = get_resource_label(resource)
   3.342 +    if len(tmp) == 2:
   3.343 +        policytype = xsconstants.ACM_POLICY_ID
   3.344 +        policy, label = tmp
   3.345 +    elif len(tmp) == 3:
   3.346 +        policytype, policy, label = tmp
   3.347 +    else:
   3.348 +        policytype, policy, label = default_res_label()
   3.349  
   3.350 -    return (label, policy)
   3.351 +    return (policytype, label, policy)
   3.352  
   3.353  
   3.354  def get_res_security_details(resource):
   3.355 @@ -582,7 +657,7 @@ def get_res_security_details(resource):
   3.356      (label, ssidref, policy) = default_security_details()
   3.357  
   3.358      # find the entry associated with this resource
   3.359 -    (label, policy) = get_res_label(resource)
   3.360 +    (policytype, label, policy) = get_res_label(resource)
   3.361      if policy == 'NULL':
   3.362          log.info("Resource label for "+resource+" not in file, using DEFAULT.")
   3.363          return default_security_details()
   3.364 @@ -596,8 +671,29 @@ def get_res_security_details(resource):
   3.365  
   3.366      return (label, ssidref, policy)
   3.367  
   3.368 +def security_label_to_details(seclab):
   3.369 +    """ Convert a Xen-API type of security label into details """
   3.370 +    def default_security_details():
   3.371 +        ssidref = NULL_SSIDREF
   3.372 +        if on():
   3.373 +            label = ssidref2label(ssidref)
   3.374 +        else:
   3.375 +            label = None
   3.376 +        policy = active_policy
   3.377 +        return (label, ssidref, policy)
   3.378  
   3.379 -def unify_resname(resource):
   3.380 +    (policytype, policy, label) = seclab.split(":")
   3.381 +
   3.382 +    # is this resource label for the running policy?
   3.383 +    if policy == active_policy:
   3.384 +        ssidref = label2ssidref(label, policy, 'res')
   3.385 +    else:
   3.386 +        log.info("Resource label not for active policy, using DEFAULT.")
   3.387 +        return default_security_details()
   3.388 +
   3.389 +    return (label, ssidref, policy)
   3.390 +
   3.391 +def unify_resname(resource, mustexist=True):
   3.392      """Makes all resource locations absolute. In case of physical
   3.393      resources, '/dev/' is added to local file names"""
   3.394  
   3.395 @@ -606,28 +702,53 @@ def unify_resname(resource):
   3.396  
   3.397      # sanity check on resource name
   3.398      try:
   3.399 -        (type, resfile) = resource.split(":", 1)
   3.400 +        (typ, resfile) = resource.split(":", 1)
   3.401      except:
   3.402          err("Resource spec '%s' contains no ':' delimiter" % resource)
   3.403  
   3.404 -    if type == "tap":
   3.405 +    if typ == "tap":
   3.406          try:
   3.407              (subtype, resfile) = resfile.split(":")
   3.408          except:
   3.409              err("Resource spec '%s' contains no tap subtype" % resource)
   3.410  
   3.411 -    if type in ["phy", "tap"]:
   3.412 +    import os
   3.413 +    if typ in ["phy", "tap"]:
   3.414          if not resfile.startswith("/"):
   3.415              resfile = "/dev/" + resfile
   3.416 +        if mustexist:
   3.417 +            stats = os.lstat(resfile)
   3.418 +            if stat.S_ISLNK(stats[stat.ST_MODE]):
   3.419 +                resolved = os.readlink(resfile)
   3.420 +                if resolved[0] != "/":
   3.421 +                    resfile = os.path.join(os.path.dirname(resfile), resolved)
   3.422 +                    resfile = os.path.abspath(resfile)
   3.423 +                else:
   3.424 +                    resfile = resolved
   3.425 +                stats = os.lstat(resfile)
   3.426 +            if not (stat.S_ISBLK(stats[stat.ST_MODE])):
   3.427 +                err("Invalid resource")
   3.428 +
   3.429 +    if typ in [ "file", "tap" ]:
   3.430 +        if mustexist:
   3.431 +            stats = os.lstat(resfile)
   3.432 +            if stat.S_ISLNK(stats[stat.ST_MODE]):
   3.433 +                resfile = os.readlink(resfile)
   3.434 +                stats = os.lstat(resfile)
   3.435 +            if not stat.S_ISREG(stats[stat.ST_MODE]):
   3.436 +                err("Invalid resource")
   3.437  
   3.438      #file: resources must specified with absolute path
   3.439 -    if (not resfile.startswith("/")) or (not os.path.exists(resfile)):
   3.440 -        err("Invalid resource.")
   3.441 +    #vlan resources don't start with '/'
   3.442 +    if typ != "vlan":
   3.443 +        if (not resfile.startswith("/")) or \
   3.444 +           (mustexist and not os.path.exists(resfile)):
   3.445 +            err("Invalid resource.")
   3.446  
   3.447      # from here on absolute file names with resources
   3.448 -    if type == "tap":
   3.449 -        type = type + ":" + subtype
   3.450 -    resource = type + ":" + resfile
   3.451 +    if typ == "tap":
   3.452 +        typ = typ + ":" + subtype
   3.453 +    resource = typ + ":" + resfile
   3.454      return resource
   3.455  
   3.456  
   3.457 @@ -662,9 +783,481 @@ def res_security_check(resource, domain_
   3.458      else:
   3.459          # Note, we can't canonicalise the resource here, because people using
   3.460          # xm without ACM are free to use relative paths.
   3.461 -        (label, policy) = get_res_label(resource)
   3.462 +        (policytype, label, policy) = get_res_label(resource)
   3.463          if policy != 'NULL':
   3.464              raise ACMError("Security is off, but '"+resource+"' is labeled")
   3.465              rtnval = 0
   3.466  
   3.467      return rtnval
   3.468 +
   3.469 +def res_security_check_xapi(rlabel, rssidref, rpolicy, xapi_dom_label):
   3.470 +    """Checks if the given resource can be used by the given domain
   3.471 +       label.  Returns 1 if the resource can be used, otherwise 0.
   3.472 +    """
   3.473 +    rtnval = 1
   3.474 +    # if security is on, ask the hypervisor for a decision
   3.475 +    if on():
   3.476 +        typ, dpolicy, domain_label = xapi_dom_label.split(":")
   3.477 +        if not dpolicy or not domain_label:
   3.478 +            raise VmError("VM security label in wrong format.")
   3.479 +        if active_policy != rpolicy:
   3.480 +            raise VmError("Resource's policy '%s' != active policy '%s'" %
   3.481 +                          (rpolicy, active_policy))
   3.482 +        domac = ['access_control']
   3.483 +        domac.append(['policy', active_policy])
   3.484 +        domac.append(['label', domain_label])
   3.485 +        domac.append(['type', 'dom'])
   3.486 +        decision = get_decision(domac, ['ssidref', str(rssidref)])
   3.487 +
   3.488 +        log.info("Access Control Decision : %s" % decision)
   3.489 +        # provide descriptive error messages
   3.490 +        if decision == 'DENIED':
   3.491 +            if rlabel == ssidref2label(NULL_SSIDREF):
   3.492 +                #raise ACMError("Resource is not labeled")
   3.493 +                rtnval = 0
   3.494 +            else:
   3.495 +                #raise ACMError("Permission denied for resource because label '"+rlabel+"' is not allowed")
   3.496 +                rtnval = 0
   3.497 +
   3.498 +    # security is off, make sure resource isn't labeled
   3.499 +    else:
   3.500 +        # Note, we can't canonicalise the resource here, because people using
   3.501 +        # xm without ACM are free to use relative paths.
   3.502 +        if rpolicy != 'NULL':
   3.503 +            #raise ACMError("Security is off, but resource is labeled")
   3.504 +            rtnval = 0
   3.505 +
   3.506 +    return rtnval
   3.507 +
   3.508 +
   3.509 +def set_resource_label_xapi(resource, reslabel_xapi, oldlabel_xapi):
   3.510 +    """Assign a resource label to a resource
   3.511 +    @param resource: The name of a resource, i.e., "phy:/dev/hda", or
   3.512 +              "tap:qcow:/path/to/file.qcow"
   3.513 +
   3.514 +    @param reslabel_xapi: A resource label foramtted as in all other parts of
   3.515 +                          the Xen-API, i.e., ACM:xm-test:blue"
   3.516 +    @rtype: int
   3.517 +    @return Success (0) or failure value (< 0)
   3.518 +    """
   3.519 +    olabel = ""
   3.520 +    if reslabel_xapi == "":
   3.521 +        return rm_resource_label(resource, oldlabel_xapi)
   3.522 +    typ, policyref, label = reslabel_xapi.split(":")
   3.523 +    if typ != xsconstants.ACM_POLICY_ID:
   3.524 +        return -xsconstants.XSERR_WRONG_POLICY_TYPE
   3.525 +    if not policyref or not label:
   3.526 +        return -xsconstants.XSERR_BAD_LABEL_FORMAT
   3.527 +    if oldlabel_xapi not in [ "" ]:
   3.528 +        tmp = oldlabel_xapi.split(":")
   3.529 +        if len(tmp) != 3:
   3.530 +            return -xsconstants.XSERR_BAD_LABEL_FORMAT
   3.531 +        otyp, opolicyref, olabel = tmp
   3.532 +        # Only ACM is supported
   3.533 +        if otyp != xsconstants.ACM_POLICY_ID:
   3.534 +            return -xsconstants.XSERR_WRONG_POLICY_TYPE
   3.535 +    return set_resource_label(resource, typ, policyref, label, olabel)
   3.536 +
   3.537 +def is_resource_in_use(resource):
   3.538 +    """ Investigate all running domains whether they use this device """
   3.539 +    from xen.xend import XendDomain
   3.540 +    dominfos = XendDomain.instance().list('all')
   3.541 +    lst = []
   3.542 +    for dominfo in dominfos:
   3.543 +        if is_resource_in_use_by_dom(dominfo, resource):
   3.544 +            lst.append(dominfo)
   3.545 +    return lst
   3.546 +
   3.547 +def devices_equal(res1, res2):
   3.548 +    """ Determine whether two devices are equal """
   3.549 +    return (unify_resname(res1) == unify_resname(res2))
   3.550 +
   3.551 +def is_resource_in_use_by_dom(dominfo, resource):
   3.552 +    """ Determine whether a resources is in use by a given domain
   3.553 +        @return True or False
   3.554 +    """
   3.555 +    if not dominfo.domid:
   3.556 +        return False
   3.557 +    if dominfo._stateGet() not in [ DOM_STATE_RUNNING ]:
   3.558 +        return False
   3.559 +    devs = dominfo.info['devices']
   3.560 +    uuids = devs.keys()
   3.561 +    for uuid in uuids:
   3.562 +        dev = devs[uuid]
   3.563 +        if len(dev) >= 2 and dev[1].has_key('uname'):
   3.564 +            # dev[0] is type, i.e. 'vbd'
   3.565 +            if devices_equal(dev[1]['uname'], resource):
   3.566 +                log.info("RESOURCE IN USE: Domain %d uses %s." %
   3.567 +                         (dominfo.domid, resource))
   3.568 +                return True
   3.569 +    return False
   3.570 +
   3.571 +
   3.572 +def get_domain_resources(dominfo):
   3.573 +    """ Collect all resources of a domain in a map where each entry of
   3.574 +        the map is a list.
   3.575 +        Entries are strored in the following formats:
   3.576 +          tap:qcow:/path/xyz.qcow
   3.577 +    """
   3.578 +    resources = { 'vbd' : [], 'tap' : []}
   3.579 +    devs = dominfo.info['devices']
   3.580 +    uuids = devs.keys()
   3.581 +    for uuid in uuids:
   3.582 +        dev = devs[uuid]
   3.583 +        typ = dev[0]
   3.584 +        if typ in [ 'vbd', 'tap' ]:
   3.585 +            resources[typ].append(dev[1]['uname'])
   3.586 +
   3.587 +    return resources
   3.588 +
   3.589 +
   3.590 +def resources_compatible_with_vmlabel(xspol, dominfo, vmlabel):
   3.591 +    """
   3.592 +       Check whether the resources' labels are compatible with the
   3.593 +       given VM label. This is a function to be used when for example
   3.594 +       a running domain is to get the new label 'vmlabel'
   3.595 +    """
   3.596 +    if not xspol:
   3.597 +        return False
   3.598 +
   3.599 +    try:
   3.600 +        __resfile_lock.acquire()
   3.601 +        try:
   3.602 +            access_control = dictio.dict_read("resources",
   3.603 +                                              res_label_filename)
   3.604 +        except:
   3.605 +            return False
   3.606 +        return __resources_compatible_with_vmlabel(xspol, dominfo, vmlabel,
   3.607 +                                                   access_control)
   3.608 +    finally:
   3.609 +        __resfile_lock.release()
   3.610 +    return False
   3.611 +
   3.612 +
   3.613 +def __resources_compatible_with_vmlabel(xspol, dominfo, vmlabel,
   3.614 +                                        access_control):
   3.615 +    """
   3.616 +        Check whether the resources' labels are compatible with the
   3.617 +        given VM label. The access_control parameter provides a
   3.618 +        dictionary of the resource name to resource label mappings
   3.619 +        under which the evaluation should be done.
   3.620 +    """
   3.621 +    resources = get_domain_resources(dominfo)
   3.622 +    reslabels = []  # all resource labels
   3.623 +    polname = xspol.get_name()
   3.624 +    for key in resources.keys():
   3.625 +        for res in resources[key]:
   3.626 +            try:
   3.627 +                tmp = access_control[res]
   3.628 +                if len(tmp) != 3:
   3.629 +                    return False
   3.630 +
   3.631 +                if polname != tmp[1]:
   3.632 +                    return False
   3.633 +                label = tmp[2]
   3.634 +                if not label in reslabels:
   3.635 +                    reslabels.append(label)
   3.636 +            except:
   3.637 +                return False
   3.638 +    # Check that all resource labes have a common STE type with the
   3.639 +    # vmlabel
   3.640 +    rc = xspol.policy_check_vmlabel_against_reslabels(vmlabel, reslabels)
   3.641 +    return rc;
   3.642 +
   3.643 +def set_resource_label(resource, policytype, policyref, reslabel, \
   3.644 +                       oreslabel = None):
   3.645 +    """Assign a label to a resource
   3.646 +       If the old label (oreslabel) is given, then the resource must have
   3.647 +       that old label.
   3.648 +       A resource label may be changed if
   3.649 +       - the resource is not in use
   3.650 +    @param resource  : The name of a resource, i.e., "phy:/dev/hda"
   3.651 +    @param policyref : The name of the policy
   3.652 +    @param reslabel     : the resource label within the policy
   3.653 +    @param oreslabel    : optional current resource label
   3.654 +
   3.655 +    @rtype: int
   3.656 +    @return Success (0) or failure value (< 0)
   3.657 +    """
   3.658 +    try:
   3.659 +        resource = unify_resname(resource, mustexist=False)
   3.660 +    except Exception:
   3.661 +        return -xsconstants.XSERR_BAD_RESOURCE_FORMAT
   3.662 +
   3.663 +    domains = is_resource_in_use(resource)
   3.664 +    if len(domains) > 0:
   3.665 +        return -xsconstants.XSERR_RESOURCE_IN_USE
   3.666 +
   3.667 +    try:
   3.668 +        __resfile_lock.acquire()
   3.669 +        access_control = {}
   3.670 +        try:
   3.671 +             access_control = dictio.dict_read("resources", res_label_filename)
   3.672 +        except:
   3.673 +            pass
   3.674 +        if oreslabel:
   3.675 +            if not access_control.has_key(resource):
   3.676 +                return -xsconstants.XSERR_BAD_LABEL
   3.677 +            tmp = access_control[resource]
   3.678 +            if len(tmp) != 3:
   3.679 +                return -xsconstants.XSERR_BAD_LABEL
   3.680 +            if tmp[2] != oreslabel:
   3.681 +                return -xsconstants.XSERR_BAD_LABEL
   3.682 +        if reslabel != "":
   3.683 +            new_entry = { resource : tuple([policytype, policyref, reslabel])}
   3.684 +            access_control.update(new_entry)
   3.685 +        else:
   3.686 +            if access_control.has_key(resource):
   3.687 +                del access_control[resource]
   3.688 +        dictio.dict_write(access_control, "resources", res_label_filename)
   3.689 +    finally:
   3.690 +        __resfile_lock.release()
   3.691 +    return xsconstants.XSERR_SUCCESS
   3.692 +
   3.693 +def rm_resource_label(resource, oldlabel_xapi):
   3.694 +    """Remove a resource label from a physical resource
   3.695 +    @param resource: The name of a resource, i.e., "phy:/dev/hda"
   3.696 +
   3.697 +    @rtype: int
   3.698 +    @return Success (0) or failure value (< 0)
   3.699 +    """
   3.700 +    tmp = oldlabel_xapi.split(":")
   3.701 +    if len(tmp) != 3:
   3.702 +        return -xsconstants.XSERR_BAD_LABEL_FORMAT
   3.703 +    otyp, opolicyref, olabel = tmp
   3.704 +    # Only ACM is supported
   3.705 +    if otyp != xsconstants.ACM_POLICY_ID and \
   3.706 +       otyp != xsconstants.INVALID_POLICY_PREFIX + xsconstants.ACM_POLICY_ID:
   3.707 +        return -xsconstants.XSERR_WRONG_POLICY_TYPE
   3.708 +    return set_resource_label(resource, "", "", "", olabel)
   3.709 +
   3.710 +def get_resource_label_xapi(resource):
   3.711 +    """Get the assigned resource label of a physical resource
   3.712 +      in the format used by then Xen-API, i.e., "ACM:xm-test:blue"
   3.713 +
   3.714 +      @rtype: string
   3.715 +      @return the string representing policy type, policy name and label of
   3.716 +              the resource
   3.717 +    """
   3.718 +    res = get_resource_label(resource)
   3.719 +    return format_resource_label(res)
   3.720 +
   3.721 +def format_resource_label(res):
   3.722 +    if res:
   3.723 +        if len(res) == 2:
   3.724 +            return xsconstants.ACM_POLICY_ID + ":" + res[0] + ":" + res[1]
   3.725 +        if len(res) == 3:
   3.726 +            return ":".join(res)
   3.727 +    return ""
   3.728 +
   3.729 +def get_resource_label(resource):
   3.730 +    """Get the assigned resource label of a given resource
   3.731 +    @param resource: The name of a resource, i.e., "phy:/dev/hda"
   3.732 +
   3.733 +    @rtype: list
   3.734 +    @return tuple of (policy name, resource label), i.e., (xm-test, blue)
   3.735 +    """
   3.736 +    try:
   3.737 +        resource = unify_resname(resource, mustexist=False)
   3.738 +    except Exception:
   3.739 +        return []
   3.740 +
   3.741 +    reslabel_map = get_labeled_resources()
   3.742 +
   3.743 +    if reslabel_map.has_key(resource):
   3.744 +        return list(reslabel_map[resource])
   3.745 +    else:
   3.746 +        #Try to resolve each label entry
   3.747 +        for key, value in reslabel_map.items():
   3.748 +            try:
   3.749 +                if resource == unify_resname(key):
   3.750 +                    return list(value)
   3.751 +            except:
   3.752 +                pass
   3.753 +
   3.754 +    return []
   3.755 +
   3.756 +
   3.757 +def get_labeled_resources_xapi():
   3.758 +    """ Get a map of all labeled resource with the labels formatted in the
   3.759 +        xen-api resource label format.
   3.760 +    """
   3.761 +    reslabel_map = get_labeled_resources()
   3.762 +    for key, labeldata in reslabel_map.items():
   3.763 +        reslabel_map[key] = format_resource_label(labeldata)
   3.764 +    return reslabel_map
   3.765 +
   3.766 +
   3.767 +def get_labeled_resources():
   3.768 +    """Get a map of all labeled resources
   3.769 +    @rtype: list
   3.770 +    @return list of labeled resources
   3.771 +    """
   3.772 +    try:
   3.773 +        __resfile_lock.acquire()
   3.774 +        try:
   3.775 +            access_control = dictio.dict_read("resources", res_label_filename)
   3.776 +        except:
   3.777 +            return {}
   3.778 +    finally:
   3.779 +        __resfile_lock.release()
   3.780 +    return access_control
   3.781 +
   3.782 +
   3.783 +def relabel_domains(relabel_list):
   3.784 +    """
   3.785 +      Relabel the given domains to have a new ssidref.
   3.786 +      @param relabel_list: a list containing tuples of domid, ssidref
   3.787 +                           example: [ [0, 0x00020002] ]
   3.788 +    """
   3.789 +    rel_rules = ""
   3.790 +    for r in relabel_list:
   3.791 +        log.info("Relabeling domain with domid %d to new ssidref 0x%08x",
   3.792 +                r[0], r[1])
   3.793 +        rel_rules += struct.pack("ii", r[0], r[1])
   3.794 +    try:
   3.795 +        rc, errors = acm.relabel_domains(rel_rules)
   3.796 +    except Exception, e:
   3.797 +        log.info("Error after relabel_domains: %s" % str(e))
   3.798 +        rc = -xsconstants.XSERR_GENERAL_FAILURE
   3.799 +        errors = ""
   3.800 +    if (len(errors) > 0):
   3.801 +        rc = -xsconstants.XSERR_HV_OP_FAILED
   3.802 +    return rc, errors
   3.803 +
   3.804 +
   3.805 +def change_acm_policy(bin_pol, del_array, chg_array,
   3.806 +                      vmlabel_map, reslabel_map, cur_acmpol, new_acmpol):
   3.807 +    """
   3.808 +       Change the ACM policy of the system by relabeling
   3.809 +       domains and resources first and doing some access checks.
   3.810 +       Then update the policy in the hypervisor. If this is all successful,
   3.811 +       relabel the domains permanently and commit the relabed resources.
   3.812 +
   3.813 +       Need to do / check the following:
   3.814 +        - relabel all resources where there is a 'from' field in
   3.815 +          the policy. [ NOT DOING THIS: and mark those as unlabeled where the label
   3.816 +          does not appear in the new policy anymore (deletion) ]
   3.817 +        - relabel all VMs where there is a 'from' field in the
   3.818 +          policy and mark those as unlabeled where the label
   3.819 +          does not appear in the new policy anymore; no running
   3.820 +          or paused VM may be unlabeled through this
   3.821 +        - check that under the new labeling conditions the VMs
   3.822 +          still have access to their resources as before. Unlabeled
   3.823 +          resources are inaccessible. If this check fails, the
   3.824 +          update failed.
   3.825 +        - Attempt changes in the hypervisor; if this step fails,
   3.826 +          roll back the relabeling of resources and VMs
   3.827 +        - Make the relabeling of resources and VMs permanent
   3.828 +    """
   3.829 +    rc = xsconstants.XSERR_SUCCESS
   3.830 +
   3.831 +    domain_label_map = {}
   3.832 +    new_policyname = new_acmpol.get_name()
   3.833 +    new_policytype = new_acmpol.get_type_name()
   3.834 +    cur_policyname = cur_acmpol.get_name()
   3.835 +    cur_policytype = cur_acmpol.get_type_name()
   3.836 +    polnew_reslabels = new_acmpol.policy_get_resourcelabel_names()
   3.837 +    errors=""
   3.838 +
   3.839 +    try:
   3.840 +        __resfile_lock.acquire()
   3.841 +        mapfile_lock()
   3.842 +
   3.843 +        # Get all domains' dominfo.
   3.844 +        from xen.xend import XendDomain
   3.845 +        dominfos = XendDomain.instance().list('all')
   3.846 +
   3.847 +        log.info("----------------------------------------------")
   3.848 +        # relabel resources
   3.849 +
   3.850 +        access_control = {}
   3.851 +        try:
   3.852 +            access_control = dictio.dict_read("resources", res_label_filename)
   3.853 +        finally:
   3.854 +            pass
   3.855 +        for key, labeldata in access_control.items():
   3.856 +            if len(labeldata) == 2:
   3.857 +                policy, label = labeldata
   3.858 +                policytype = xsconstants.ACM_POLICY_ID
   3.859 +            elif len(labeldata) == 3:
   3.860 +                policytype, policy, label = labeldata
   3.861 +            else:
   3.862 +                return -xsconstants.XSERR_BAD_LABEL_FORMAT, ""
   3.863 +
   3.864 +            if policytype != cur_policytype or \
   3.865 +               policy     != cur_policyname:
   3.866 +                continue
   3.867 +
   3.868 +            # label been renamed or deleted?
   3.869 +            if reslabel_map.has_key(label) and cur_policyname == policy:
   3.870 +                label = reslabel_map[label]
   3.871 +            elif label not in polnew_reslabels:
   3.872 +                policytype = xsconstants.INVALID_POLICY_PREFIX + policytype
   3.873 +            # Update entry
   3.874 +            access_control[key] = \
   3.875 +                   tuple([ policytype, new_policyname, label ])
   3.876 +
   3.877 +        # All resources have new labels in the access_control map
   3.878 +        # There may still be labels in there that are invalid now.
   3.879 +
   3.880 +        # Do this in memory without writing to disk:
   3.881 +        #  - Relabel all domains independent of whether they are running
   3.882 +        #    or not
   3.883 +        #  - later write back to config files
   3.884 +        polnew_vmlabels = new_acmpol.policy_get_virtualmachinelabel_names()
   3.885 +
   3.886 +        for dominfo in dominfos:
   3.887 +            sec_lab = dominfo.get_security_label()
   3.888 +            if not sec_lab:
   3.889 +                continue
   3.890 +            policytype, policy, vmlabel = sec_lab.split(":")
   3.891 +            name  = dominfo.getName()
   3.892 +
   3.893 +            if policytype != cur_policytype or \
   3.894 +               policy     != cur_policyname:
   3.895 +                continue
   3.896 +
   3.897 +            new_vmlabel = vmlabel
   3.898 +            if vmlabel_map.has_key(vmlabel):
   3.899 +                new_vmlabel = vmlabel_map[vmlabel]
   3.900 +            if new_vmlabel not in polnew_vmlabels:
   3.901 +                policytype = xsconstants.INVALID_POLICY_PREFIX + policytype
   3.902 +            new_seclab = "%s:%s:%s" % \
   3.903 +                    (policytype, new_policyname, new_vmlabel)
   3.904 +
   3.905 +            domain_label_map[dominfo] = [ sec_lab, new_seclab ]
   3.906 +
   3.907 +            if dominfo._stateGet() in (DOM_STATE_PAUSED, DOM_STATE_RUNNING):
   3.908 +                compatible = __resources_compatible_with_vmlabel(new_acmpol,
   3.909 +                                                      dominfo,
   3.910 +                                                      new_vmlabel,
   3.911 +                                                      access_control)
   3.912 +                log.info("Domain %s with new label '%s' can access its "
   3.913 +                         "resources? : %s" %
   3.914 +                         (name, new_vmlabel, str(compatible)))
   3.915 +                log.info("VM labels in new domain: %s" %
   3.916 +                         new_acmpol.policy_get_virtualmachinelabel_names())
   3.917 +                if not compatible:
   3.918 +                    return (-xsconstants.XSERR_RESOURCE_ACCESS, "")
   3.919 +
   3.920 +        rc, errors = hv_chg_policy(bin_pol, del_array, chg_array)
   3.921 +        if rc == 0:
   3.922 +            # Write the relabeled resources back into the file
   3.923 +            dictio.dict_write(access_control, "resources", res_label_filename)
   3.924 +            # Properly update all VMs to their new labels
   3.925 +            for dominfo, labels in domain_label_map.items():
   3.926 +                sec_lab, new_seclab = labels
   3.927 +                if sec_lab != new_seclab:
   3.928 +                    log.info("Updating domain %s to new label '%s'." % \
   3.929 +                             (new_seclab, sec_lab))
   3.930 +                    # This better be working!
   3.931 +                    dominfo.set_security_label(new_seclab,
   3.932 +                                               sec_lab,
   3.933 +                                               new_acmpol)
   3.934 +    finally:
   3.935 +        log.info("----------------------------------------------")
   3.936 +        mapfile_unlock()
   3.937 +        __resfile_lock.release()
   3.938 +
   3.939 +    return rc, errors
     4.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     4.2 +++ b/tools/python/xen/util/xsconstants.py	Mon Jul 09 14:51:44 2007 +0100
     4.3 @@ -0,0 +1,104 @@
     4.4 +#============================================================================
     4.5 +# This library is free software; you can redistribute it and/or
     4.6 +# modify it under the terms of version 2.1 of the GNU Lesser General Public
     4.7 +# License as published by the Free Software Foundation.
     4.8 +#
     4.9 +# This library is distributed in the hope that it will be useful,
    4.10 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
    4.11 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    4.12 +# Lesser General Public License for more details.
    4.13 +#
    4.14 +# You should have received a copy of the GNU Lesser General Public
    4.15 +# License along with this library; if not, write to the Free Software
    4.16 +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
    4.17 +#============================================================================
    4.18 +# Copyright (C) 2007 International Business Machines Corp.
    4.19 +# Author: Stefan Berger <stefanb@us.ibm.com>
    4.20 +#============================================================================
    4.21 +
    4.22 +XS_INST_NONE = 0
    4.23 +XS_INST_BOOT = (1 << 0)
    4.24 +XS_INST_LOAD = (1 << 1)
    4.25 +
    4.26 +XS_POLICY_NONE  = 0
    4.27 +XS_POLICY_ACM = (1 << 0)
    4.28 +
    4.29 +# Some internal variables used by the Xen-API
    4.30 +ACM_LABEL_VM  = (1 << 0)
    4.31 +ACM_LABEL_RES = (1 << 1)
    4.32 +
    4.33 +# Base for XS error codes for collision avoidance with other error codes
    4.34 +XSERR_BASE = 0x1000
    4.35 +
    4.36 +# XS error codes as used by the Xen-API
    4.37 +XSERR_SUCCESS                  =  0
    4.38 +XSERR_GENERAL_FAILURE          =  1 + XSERR_BASE
    4.39 +XSERR_BAD_XML                  =  2 + XSERR_BASE  # XML is wrong (not according to schema)
    4.40 +XSERR_XML_PROCESSING           =  3 + XSERR_BASE
    4.41 +XSERR_POLICY_INCONSISTENT      =  4 + XSERR_BASE  # i.e., bootstrap name not a VM label
    4.42 +XSERR_FILE_ERROR               =  5 + XSERR_BASE
    4.43 +XSERR_BAD_RESOURCE_FORMAT      =  6 + XSERR_BASE  # badly formatted resource
    4.44 +XSERR_BAD_LABEL_FORMAT         =  7 + XSERR_BASE
    4.45 +XSERR_RESOURCE_NOT_LABELED     =  8 + XSERR_BASE
    4.46 +XSERR_RESOURCE_ALREADY_LABELED =  9 + XSERR_BASE
    4.47 +XSERR_WRONG_POLICY_TYPE        = 10 + XSERR_BASE
    4.48 +XSERR_BOOTPOLICY_INSTALLED     = 11 + XSERR_BASE
    4.49 +XSERR_NO_DEFAULT_BOOT_TITLE    = 12 + XSERR_BASE
    4.50 +XSERR_POLICY_LOAD_FAILED       = 13 + XSERR_BASE
    4.51 +XSERR_POLICY_LOADED            = 14 + XSERR_BASE
    4.52 +XSERR_POLICY_TYPE_UNSUPPORTED  = 15 + XSERR_BASE
    4.53 +XSERR_BAD_CONFLICTSET          = 16 + XSERR_BASE
    4.54 +XSERR_RESOURCE_IN_USE          = 17 + XSERR_BASE
    4.55 +XSERR_BAD_POLICY_NAME          = 18 + XSERR_BASE
    4.56 +XSERR_VERSION_PREVENTS_UPDATE  = 19 + XSERR_BASE
    4.57 +XSERR_BAD_LABEL                = 20 + XSERR_BASE
    4.58 +XSERR_VM_WRONG_STATE           = 21 + XSERR_BASE
    4.59 +XSERR_POLICY_NOT_LOADED        = 22 + XSERR_BASE
    4.60 +XSERR_RESOURCE_ACCESS          = 23 + XSERR_BASE
    4.61 +XSERR_HV_OP_FAILED             = 24 + XSERR_BASE
    4.62 +XSERR_BOOTPOLICY_INSTALL_ERROR = 25 + XSERR_BASE
    4.63 +XSERR_LAST                     = 25 + XSERR_BASE ## KEEP LAST
    4.64 +
    4.65 +XSERR_MESSAGES = [
    4.66 +    '',
    4.67 +    'General Failure',
    4.68 +    'XML is malformed',
    4.69 +    'Error while processing XML',
    4.70 +    'Policy has inconsistencies',
    4.71 +    'A file access error occurred',
    4.72 +    'The resource format is not valid',
    4.73 +    'The label format is not valid',
    4.74 +    'The resource is not labeld',
    4.75 +    'The resource is already labeld',
    4.76 +    'The policy type is wrong',
    4.77 +    'The system boot policy is installed',
    4.78 +    'Could not find the default boot title',
    4.79 +    'Loading of the policy failed',
    4.80 +    'The policy is loaded',
    4.81 +    'The policy type is unsupported',
    4.82 +    'There is a bad conflict set',
    4.83 +    'The resource is in use',
    4.84 +    'The policy has an invalid name',
    4.85 +    'The version of the policy prevents an update',
    4.86 +    'The label is bad',
    4.87 +    'Operation not premittend - the VM is in the wrong state',
    4.88 +    'The policy is not loaded',
    4.89 +    'Error accessing resource',
    4.90 +    'Operation failed in hypervisor',
    4.91 +    'Boot policy installation error'
    4.92 +]
    4.93 +
    4.94 +def xserr2string(err):
    4.95 +    if err == XSERR_SUCCESS:
    4.96 +        return "Success"
    4.97 +    if err >= XSERR_GENERAL_FAILURE and \
    4.98 +       err <= XSERR_LAST:
    4.99 +        return XSERR_MESSAGES[err - XSERR_BASE]
   4.100 +    return "Unknown XSERR code '%s'." % (hex(err))
   4.101 +
   4.102 +# Policy identifiers used in labels
   4.103 +ACM_POLICY_ID = "ACM"
   4.104 +
   4.105 +INVALID_POLICY_PREFIX = "INV_"
   4.106 +
   4.107 +INVALID_SSIDREF = 0xFFFFFFFF
     5.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     5.2 +++ b/tools/python/xen/util/xspolicy.py	Mon Jul 09 14:51:44 2007 +0100
     5.3 @@ -0,0 +1,66 @@
     5.4 +#============================================================================
     5.5 +# This library is free software; you can redistribute it and/or
     5.6 +# modify it under the terms of version 2.1 of the GNU Lesser General Public
     5.7 +# License as published by the Free Software Foundation.
     5.8 +#
     5.9 +# This library is distributed in the hope that it will be useful,
    5.10 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
    5.11 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    5.12 +# Lesser General Public License for more details.
    5.13 +#
    5.14 +# You should have received a copy of the GNU Lesser General Public
    5.15 +# License along with this library; if not, write to the Free Software
    5.16 +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
    5.17 +#============================================================================
    5.18 +# Copyright (C) 2006,2007 International Business Machines Corp.
    5.19 +# Author: Stefan Berger <stefanb@us.ibm.com>
    5.20 +#============================================================================
    5.21 +
    5.22 +import threading
    5.23 +import xsconstants
    5.24 +
    5.25 +class XSPolicy:
    5.26 +    """
    5.27 +       The base policy class for all policies administered through
    5.28 +       XSPolicyAdmin.
    5.29 +    """
    5.30 +
    5.31 +    def __init__(self, name=None, ref=None):
    5.32 +        self.lock = threading.Lock()
    5.33 +        self.ref = ref
    5.34 +        self.name = name
    5.35 +        if ref:
    5.36 +            from xen.xend.XendXSPolicy import XendXSPolicy
    5.37 +            self.xendxspolicy = XendXSPolicy(self, {}, ref)
    5.38 +        else:
    5.39 +            self.xendxspolicy = None
    5.40 +
    5.41 +    def grab_lock(self):
    5.42 +        self.lock.acquire()
    5.43 +
    5.44 +    def unlock(self):
    5.45 +        self.lock.release()
    5.46 +
    5.47 +    def get_ref(self):
    5.48 +        return self.ref
    5.49 +
    5.50 +    def destroy(self):
    5.51 +        if self.xendxspolicy:
    5.52 +            self.xendxspolicy.destroy()
    5.53 +
    5.54 +    # All methods below should be overwritten by the inheriting class
    5.55 +
    5.56 +    def isloaded(self):
    5.57 +        return False
    5.58 +
    5.59 +    def loadintohv(self):
    5.60 +        return xsconstants.XSERR_POLICY_LOAD_FAILED
    5.61 +
    5.62 +    def get_type(self):
    5.63 +        return xsconstants.XS_POLICY_NONE
    5.64 +
    5.65 +    def get_type_name(self):
    5.66 +        return ""
    5.67 +
    5.68 +    def update(self, repr_new):
    5.69 +        return -xsconstants.XSERR_GENERAL_FAILURE, ""
     6.1 --- a/tools/python/xen/xend/XendAPI.py	Mon Jul 09 14:30:46 2007 +0100
     6.2 +++ b/tools/python/xen/xend/XendAPI.py	Mon Jul 09 14:51:44 2007 +0100
     6.3 @@ -40,11 +40,13 @@ from XendPIFMetrics import XendPIFMetric
     6.4  from XendVMMetrics import XendVMMetrics
     6.5  from XendPIF import XendPIF
     6.6  from XendPBD import XendPBD
     6.7 +from XendXSPolicy import XendXSPolicy, XendACMPolicy
     6.8  
     6.9  from XendAPIConstants import *
    6.10  from xen.util.xmlrpclib2 import stringify
    6.11  
    6.12  from xen.util.blkif import blkdev_name_to_number
    6.13 +from xen.util import xsconstants
    6.14  
    6.15  
    6.16  AUTH_NONE = 'none'
    6.17 @@ -467,6 +469,8 @@ classes = {
    6.18      'console'      : valid_console,
    6.19      'SR'           : valid_sr,
    6.20      'task'         : valid_task,
    6.21 +    'XSPolicy'     : valid_object("XSPolicy"),
    6.22 +    'ACMPolicy'    : valid_object("ACMPolicy"),
    6.23      'debug'        : valid_debug,
    6.24      'network'      : valid_object("network"),
    6.25      'PIF'          : valid_object("PIF"),
    6.26 @@ -481,6 +485,8 @@ autoplug_classes = {
    6.27      'VM_metrics'  : XendVMMetrics,
    6.28      'PBD'         : XendPBD,
    6.29      'PIF_metrics' : XendPIFMetrics,
    6.30 +    'XSPolicy'    : XendXSPolicy,
    6.31 +    'ACMPolicy'   : XendACMPolicy,
    6.32  }
    6.33  
    6.34  class XendAPI(object):
    6.35 @@ -1170,7 +1176,8 @@ class XendAPI(object):
    6.36                    'HVM_boot_params',
    6.37                    'platform',
    6.38                    'PCI_bus',
    6.39 -                  'other_config']
    6.40 +                  'other_config',
    6.41 +                  'security_label']
    6.42  
    6.43      VM_methods = [('clone', 'VM'),
    6.44                    ('start', None),
    6.45 @@ -1230,7 +1237,8 @@ class XendAPI(object):
    6.46          'HVM_boot_params',
    6.47          'platform',
    6.48          'PCI_bus',
    6.49 -        'other_config']
    6.50 +        'other_config',
    6.51 +        'security_label']
    6.52          
    6.53      def VM_get(self, name, session, vm_ref):
    6.54          return xen_api_success(
    6.55 @@ -1601,7 +1609,22 @@ class XendAPI(object):
    6.56          if dom:
    6.57              return xen_api_success([dom.get_uuid()])
    6.58          return xen_api_success([])
    6.59 -    
    6.60 +
    6.61 +    def VM_get_security_label(self, session, vm_ref):
    6.62 +        dom = XendDomain.instance().get_vm_by_uuid(vm_ref)
    6.63 +        label = dom.get_security_label()
    6.64 +        return xen_api_success(label)
    6.65 +
    6.66 +    def VM_set_security_label(self, session, vm_ref, sec_label, old_label):
    6.67 +        dom = XendDomain.instance().get_vm_by_uuid(vm_ref)
    6.68 +        (rc, errors, oldlabel, new_ssidref) = \
    6.69 +                                 dom.set_security_label(sec_label, old_label)
    6.70 +        if rc != xsconstants.XSERR_SUCCESS:
    6.71 +            return xen_api_error(['SECURITY_ERROR', rc])
    6.72 +        if rc == 0:
    6.73 +            rc = new_ssidref
    6.74 +        return xen_api_success(rc)
    6.75 +
    6.76      def VM_create(self, session, vm_struct):
    6.77          xendom = XendDomain.instance()
    6.78          domuuid = XendTask.log_progress(0, 100,
    6.79 @@ -1655,6 +1678,7 @@ class XendAPI(object):
    6.80              'domid': domid is None and -1 or domid,
    6.81              'is_control_domain': xeninfo.info['is_control_domain'],
    6.82              'metrics': xeninfo.get_metrics(),
    6.83 +            'security_label': xeninfo.get_security_label(),
    6.84              'crash_dumps': []
    6.85          }
    6.86          return xen_api_success(record)
    6.87 @@ -1952,7 +1976,8 @@ class XendAPI(object):
    6.88                     'runtime_properties']
    6.89      VIF_attr_rw = ['device',
    6.90                     'MAC',
    6.91 -                   'MTU']
    6.92 +                   'MTU',
    6.93 +                   'security_label']
    6.94  
    6.95      VIF_attr_inst = VIF_attr_rw
    6.96  
    6.97 @@ -2054,7 +2079,10 @@ class XendAPI(object):
    6.98          except Exception, exn:
    6.99              log.exception(exn)
   6.100              return xen_api_success({})
   6.101 -    
   6.102 +
   6.103 +    def VIF_get_security_label(self, session, vif_ref):
   6.104 +        return self._VIF_get(vif_ref, 'security_label')
   6.105 +
   6.106      # Xen API: Class VIF_metrics
   6.107      # ----------------------------------------------------------------
   6.108  
   6.109 @@ -2098,7 +2126,8 @@ class XendAPI(object):
   6.110                     'virtual_size',
   6.111                     'sharable',
   6.112                     'read_only',
   6.113 -                   'other_config']
   6.114 +                   'other_config',
   6.115 +                   'security_label']
   6.116      VDI_attr_inst = VDI_attr_ro + VDI_attr_rw
   6.117  
   6.118      VDI_methods = [('destroy', None)]
   6.119 @@ -2206,13 +2235,24 @@ class XendAPI(object):
   6.120          xennode = XendNode.instance()
   6.121          return xen_api_success(xennode.get_vdi_by_name_label(name))
   6.122  
   6.123 +    def VDI_set_security_label(self, session, vdi_ref, sec_lab, old_lab):
   6.124 +        vdi = XendNode.instance().get_vdi_by_uuid(vdi_ref)
   6.125 +        rc = vdi.set_security_label(sec_lab, old_lab)
   6.126 +        if rc < 0:
   6.127 +            return xen_api_error(['SECURITY_ERROR', rc])
   6.128 +        return xen_api_success(rc)
   6.129 +
   6.130 +    def VDI_get_security_label(self, session, vdi_ref):
   6.131 +        vdi = XendNode.instance().get_vdi_by_uuid(vdi_ref)
   6.132 +        return xen_api_success(vdi.get_security_label())
   6.133  
   6.134      # Xen API: Class VTPM
   6.135      # ----------------------------------------------------------------
   6.136  
   6.137      VTPM_attr_rw = [ ]
   6.138      VTPM_attr_ro = ['VM',
   6.139 -                    'backend']
   6.140 +                    'backend',
   6.141 +                    'runtime_properties' ]
   6.142  
   6.143      VTPM_attr_inst = VTPM_attr_rw
   6.144  
   6.145 @@ -2290,6 +2330,18 @@ class XendAPI(object):
   6.146          vtpms = reduce(lambda x, y: x + y, vtpms)
   6.147          return xen_api_success(vtpms)
   6.148  
   6.149 +    def VTPM_get_runtime_properties(self, _, vtpm_ref):
   6.150 +        xendom = XendDomain.instance()
   6.151 +        dominfo = xendom.get_vm_with_dev_uuid('vtpm', vtpm_ref)
   6.152 +        device = dominfo.get_dev_config_by_uuid('vtpm', vtpm_ref)
   6.153 +
   6.154 +        try:
   6.155 +            device_sxps = dominfo.getDeviceSxprs('vtpm')
   6.156 +            device_dict = dict(device_sxps[0][1])
   6.157 +            return xen_api_success(device_dict)
   6.158 +        except:
   6.159 +            return xen_api_success({})
   6.160 +
   6.161      # Xen API: Class console
   6.162      # ----------------------------------------------------------------
   6.163  
     7.1 --- a/tools/python/xen/xend/XendConfig.py	Mon Jul 09 14:30:46 2007 +0100
     7.2 +++ b/tools/python/xen/xend/XendConfig.py	Mon Jul 09 14:51:44 2007 +0100
     7.3 @@ -30,6 +30,8 @@ from xen.xend.PrettyPrint import prettyp
     7.4  from xen.xend.XendConstants import DOM_STATE_HALTED
     7.5  from xen.xend.server.netif import randomMAC
     7.6  from xen.util.blkif import blkdev_name_to_number
     7.7 +from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance
     7.8 +from xen.util import xsconstants
     7.9  
    7.10  log = logging.getLogger("xend.XendConfig")
    7.11  log.setLevel(logging.WARN)
    7.12 @@ -160,6 +162,7 @@ XENAPI_CFG_TYPES = {
    7.13      'platform': dict,
    7.14      'tools_version': dict,
    7.15      'other_config': dict,
    7.16 +    'security_label': str,
    7.17  }
    7.18  
    7.19  # List of legacy configuration keys that have no equivalent in the
    7.20 @@ -168,7 +171,6 @@ XENAPI_CFG_TYPES = {
    7.21  LEGACY_UNSUPPORTED_BY_XENAPI_CFG = [
    7.22      # roundtripped (dynamic, unmodified)
    7.23      'shadow_memory',
    7.24 -    'security',
    7.25      'vcpu_avail',
    7.26      'cpu_weight',
    7.27      'cpu_cap',
    7.28 @@ -319,7 +321,6 @@ class XendConfig(dict):
    7.29              'memory_static_max': 0,
    7.30              'memory_dynamic_max': 0,
    7.31              'devices': {},
    7.32 -            'security': None,
    7.33              'on_xend_start': 'ignore',
    7.34              'on_xend_stop': 'ignore',
    7.35              'cpus': [],
    7.36 @@ -425,9 +426,10 @@ class XendConfig(dict):
    7.37              self._memory_sanity_check()
    7.38  
    7.39          self['cpu_time'] = dominfo['cpu_time']/1e9
    7.40 -        # TODO: i don't know what the security stuff expects here
    7.41          if dominfo.get('ssidref'):
    7.42 -            self['security'] = [['ssidref', dominfo['ssidref']]]
    7.43 +            ssidref = int(dominfo.get('ssidref'))
    7.44 +            self['security_label'] = XSPolicyAdminInstance().ssidref_to_vmlabel(ssidref)
    7.45 +
    7.46          self['shutdown_reason'] = dominfo['shutdown_reason']
    7.47  
    7.48          # parse state into Xen API states
    7.49 @@ -634,8 +636,26 @@ class XendConfig(dict):
    7.50                  except ValueError, e:
    7.51                      raise XendConfigError('cpus = %s: %s' % (cfg['cpus'], e))
    7.52  
    7.53 -        if 'security' in cfg and isinstance(cfg['security'], str):
    7.54 -            cfg['security'] = sxp.from_string(cfg['security'])
    7.55 +        if 'security' in cfg and not cfg.get('security_label'):
    7.56 +            secinfo = cfg['security']
    7.57 +            if isinstance(secinfo, list):
    7.58 +                # The xm command sends a list formatted like this:
    7.59 +                # [['access_control', ['policy', 'xm-test'],['label', 'red']],
    7.60 +                #                     ['ssidref', 196611]]
    7.61 +                policy = ""
    7.62 +                label = ""
    7.63 +                policytype = xsconstants.ACM_POLICY_ID
    7.64 +                for idx in range(0, len(secinfo)):
    7.65 +                    if secinfo[idx][0] == "access_control":
    7.66 +                        for aidx in range(1, len(secinfo[idx])):
    7.67 +                            if secinfo[idx][aidx][0] == "policy":
    7.68 +                                policy = secinfo[idx][aidx][1]
    7.69 +                            if secinfo[idx][aidx][0] == "label":
    7.70 +                                label  = secinfo[idx][aidx][1]
    7.71 +                if label != "" and policy != "":
    7.72 +                    cfg['security_label'] = "%s:%s:%s" % \
    7.73 +                            (policytype, policy, label)
    7.74 +                    del cfg['security']
    7.75  
    7.76          old_state = sxp.child_value(sxp_cfg, 'state')
    7.77          if old_state:
    7.78 @@ -778,7 +798,6 @@ class XendConfig(dict):
    7.79                      self[sxp_arg] = val
    7.80  
    7.81          _set_cfg_if_exists('shadow_memory')
    7.82 -        _set_cfg_if_exists('security')
    7.83          _set_cfg_if_exists('features')
    7.84          _set_cfg_if_exists('on_xend_stop')
    7.85          _set_cfg_if_exists('on_xend_start')
    7.86 @@ -891,6 +910,9 @@ class XendConfig(dict):
    7.87              if self.has_key(legacy) and self[legacy] not in (None, []):
    7.88                  sxpr.append([legacy, self[legacy]])
    7.89  
    7.90 +        if self.has_key('security_label'):
    7.91 +            sxpr.append(['security_label', self['security_label']])
    7.92 +
    7.93          sxpr.append(['image', self.image_sxpr()])
    7.94          sxpr.append(['status', domain._stateGet()])
    7.95  
     8.1 --- a/tools/python/xen/xend/XendDomain.py	Mon Jul 09 14:30:46 2007 +0100
     8.2 +++ b/tools/python/xen/xend/XendDomain.py	Mon Jul 09 14:51:44 2007 +0100
     8.3 @@ -49,7 +49,7 @@ from xen.xend.XendAPIConstants import *
     8.4  
     8.5  from xen.xend.xenstore.xstransact import xstransact
     8.6  from xen.xend.xenstore.xswatch import xswatch
     8.7 -from xen.util import mkdir, security
     8.8 +from xen.util import mkdir
     8.9  from xen.xend import uuid
    8.10  
    8.11  xc = xen.lowlevel.xc.xc()
    8.12 @@ -486,7 +486,6 @@ class XendDomain:
    8.13          """
    8.14          self.domains_lock.acquire()
    8.15          try:
    8.16 -            security.refresh_ssidref(config)
    8.17              dominfo = XendDomainInfo.restore(config)
    8.18              return dominfo
    8.19          finally:
     9.1 --- a/tools/python/xen/xend/XendDomainInfo.py	Mon Jul 09 14:30:46 2007 +0100
     9.2 +++ b/tools/python/xen/xend/XendDomainInfo.py	Mon Jul 09 14:51:44 2007 +0100
     9.3 @@ -830,6 +830,9 @@ class XendDomainInfo:
     9.4              else:
     9.5                  f('image/%s' % n, v)
     9.6  
     9.7 +        if self.info.has_key('security_label'):
     9.8 +            f('security_label', self.info['security_label'])
     9.9 +
    9.10          to_store.update(self._vcpuDomDetails())
    9.11  
    9.12          log.debug("Storing domain details: %s", scrub_password(to_store))
    9.13 @@ -1000,9 +1003,6 @@ class XendDomainInfo:
    9.14          log.info("Set VCPU count on domain %s to %d", self.info['name_label'],
    9.15                   vcpus)
    9.16  
    9.17 -    def getLabel(self):
    9.18 -        return security.get_security_info(self.info, 'label')
    9.19 -
    9.20      def getMemoryTarget(self):
    9.21          """Get this domain's target memory size, in KB."""
    9.22          return self.info['memory_dynamic_max'] / 1024
    9.23 @@ -1446,11 +1446,20 @@ class XendDomainInfo:
    9.24          # allocation of 1MB. We free up 2MB here to be on the safe side.
    9.25          balloon.free(2*1024) # 2MB should be plenty
    9.26  
    9.27 -        self.domid = xc.domain_create(
    9.28 -            domid = 0,
    9.29 -            ssidref = security.get_security_info(self.info, 'ssidref'),
    9.30 -            handle = uuid.fromString(self.info['uuid']),
    9.31 -            hvm = int(hvm))
    9.32 +        ssidref = security.calc_dom_ssidref_from_info(self.info)
    9.33 +        if ssidref == 0 and security.on():
    9.34 +            raise VmError('VM is not properly labeled.')
    9.35 +
    9.36 +        try:
    9.37 +            self.domid = xc.domain_create(
    9.38 +                domid = 0,
    9.39 +                ssidref = ssidref,
    9.40 +                handle = uuid.fromString(self.info['uuid']),
    9.41 +                hvm = int(hvm))
    9.42 +        except Exception, e:
    9.43 +            # may get here if due to ACM the operation is not permitted
    9.44 +            if security.on():
    9.45 +                raise VmError('Domain in conflict set with running domain?')
    9.46  
    9.47          if self.domid < 0:
    9.48              raise VmError('Creating domain failed: name=%s' %
    9.49 @@ -1966,24 +1975,6 @@ class XendDomainInfo:
    9.50          if image_sxpr:
    9.51              to_store['image'] = sxp.to_string(image_sxpr)
    9.52  
    9.53 -        if self._infoIsSet('security'):
    9.54 -            secinfo = self.info['security']
    9.55 -            to_store['security'] = sxp.to_string(secinfo)
    9.56 -            for idx in range(0, len(secinfo)):
    9.57 -                if secinfo[idx][0] == 'access_control':
    9.58 -                    to_store['security/access_control'] = sxp.to_string(
    9.59 -                        [secinfo[idx][1], secinfo[idx][2]])
    9.60 -                    for aidx in range(1, len(secinfo[idx])):
    9.61 -                        if secinfo[idx][aidx][0] == 'label':
    9.62 -                            to_store['security/access_control/label'] = \
    9.63 -                                secinfo[idx][aidx][1]
    9.64 -                        if secinfo[idx][aidx][0] == 'policy':
    9.65 -                            to_store['security/access_control/policy'] = \
    9.66 -                                secinfo[idx][aidx][1]
    9.67 -                if secinfo[idx][0] == 'ssidref':
    9.68 -                    to_store['security/ssidref'] = str(secinfo[idx][1])
    9.69 -
    9.70 -
    9.71          if not self._readVm('xend/restart_count'):
    9.72              to_store['xend/restart_count'] = str(0)
    9.73  
    9.74 @@ -2101,15 +2092,6 @@ class XendDomainInfo:
    9.75              info["maxmem_kb"] = XendNode.instance() \
    9.76                                  .physinfo_dict()['total_memory'] * 1024
    9.77  
    9.78 -        #manually update ssidref / security fields
    9.79 -        if security.on() and info.has_key('ssidref'):
    9.80 -            if (info['ssidref'] != 0) and self.info.has_key('security'):
    9.81 -                security_field = self.info['security']
    9.82 -                if not security_field:
    9.83 -                    #create new security element
    9.84 -                    self.info.update({'security':
    9.85 -                                      [['ssidref', str(info['ssidref'])]]})
    9.86 -                    
    9.87          #ssidref field not used any longer
    9.88          if 'ssidref' in info:
    9.89              info.pop('ssidref')
    9.90 @@ -2193,7 +2175,133 @@ class XendDomainInfo:
    9.91          return self.info.get('tools_version', {})
    9.92      def get_metrics(self):
    9.93          return self.metrics.get_uuid();
    9.94 -    
    9.95 +
    9.96 +
    9.97 +    def get_security_label(self):
    9.98 +        domid = self.getDomid()
    9.99 +
   9.100 +        from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance
   9.101 +        xspol = XSPolicyAdminInstance().get_loaded_policy()
   9.102 +
   9.103 +        if domid == 0:
   9.104 +            if xspol:
   9.105 +                label = xspol.policy_get_domain_label_formatted(domid)
   9.106 +            else:
   9.107 +                label = ""
   9.108 +        else:
   9.109 +            label = self.info.get('security_label', '')
   9.110 +        return label
   9.111 +
   9.112 +    def set_security_label(self, seclab, old_seclab, xspol=None):
   9.113 +        """
   9.114 +           Set the security label of a domain from its old to
   9.115 +           a new value.
   9.116 +           @param seclab  New security label formatted in the form
   9.117 +                          <policy type>:<policy name>:<vm label>
   9.118 +           @param old_seclab  The current security label that the
   9.119 +                          VM must have.
   9.120 +           @param xspol   An optional policy under which this
   9.121 +                          update should be done. If not given,
   9.122 +                          then the current active policy is used.
   9.123 +           @return Returns return code, a string with errors from
   9.124 +                   the hypervisor's operation, old label of the
   9.125 +                   domain
   9.126 +        """
   9.127 +        rc = 0
   9.128 +        errors = ""
   9.129 +        old_label = ""
   9.130 +        new_ssidref = 0
   9.131 +        domid = self.getDomid()
   9.132 +        res_labels = None
   9.133 +
   9.134 +        from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance
   9.135 +        from xen.util import xsconstants
   9.136 +
   9.137 +        state = self._stateGet()
   9.138 +        # Relabel only HALTED or RUNNING or PAUSED domains
   9.139 +        if domid != 0 and \
   9.140 +           state not in \
   9.141 +              [ DOM_STATE_HALTED, DOM_STATE_RUNNING, DOM_STATE_PAUSED, \
   9.142 +                DOM_STATE_SUSPENDED ]:
   9.143 +            log.warn("Relabeling domain not possible in state '%s'" %
   9.144 +                     DOM_STATES[state])
   9.145 +            return (-xsconstants.XSERR_VM_WRONG_STATE, "", "", 0)
   9.146 +
   9.147 +        # Remove security label. Works only for halted domains
   9.148 +        if not seclab or seclab == "":
   9.149 +            if state not in [ DOM_STATE_HALTED ]:
   9.150 +                return (-xsconstants.XSERR_VM_WRONG_STATE, "", "", 0)
   9.151 +
   9.152 +            if self.info.has_key('security_label'):
   9.153 +                old_label = self.info['security_label']
   9.154 +                # Check label against expected one.
   9.155 +                if old_label != old_seclab:
   9.156 +                    return (-xsconstants.XSERR_BAD_LABEL, "", "", 0)
   9.157 +                del self.info['security_label']
   9.158 +                xen.xend.XendDomain.instance().managed_config_save(self)
   9.159 +                return (xsconstants.XSERR_SUCCESS, "", "", 0)
   9.160 +
   9.161 +        tmp = seclab.split(":")
   9.162 +        if len(tmp) != 3:
   9.163 +            return (-xsconstants.XSERR_BAD_LABEL_FORMAT, "", "", 0)
   9.164 +        typ, policy, label = tmp
   9.165 +
   9.166 +        poladmin = XSPolicyAdminInstance()
   9.167 +        if not xspol:
   9.168 +            xspol = poladmin.get_policy_by_name(policy)
   9.169 +
   9.170 +        if state in [ DOM_STATE_RUNNING, DOM_STATE_PAUSED ]:
   9.171 +            #if domain is running or paused try to relabel in hypervisor
   9.172 +            if not xspol:
   9.173 +                return (-xsconstants.XSERR_POLICY_NOT_LOADED, "", "", 0)
   9.174 +
   9.175 +            if typ != xspol.get_type_name() or \
   9.176 +               policy != xspol.get_name():
   9.177 +                return (-xsconstants.XSERR_BAD_LABEL, "", "", 0)
   9.178 +
   9.179 +            if typ == xsconstants.ACM_POLICY_ID:
   9.180 +                new_ssidref = xspol.vmlabel_to_ssidref(label)
   9.181 +                if new_ssidref == xsconstants.INVALID_SSIDREF:
   9.182 +                    return (-xsconstants.XSERR_BAD_LABEL, "", "", 0)
   9.183 +
   9.184 +                # Check that all used resources are accessible under the
   9.185 +                # new label
   9.186 +                if not security.resources_compatible_with_vmlabel(xspol,
   9.187 +                          self, label):
   9.188 +                    return (-xsconstants.XSERR_BAD_LABEL, "", "", 0)
   9.189 +
   9.190 +                #Check label against expected one.
   9.191 +                old_label = self.get_security_label()
   9.192 +                if old_label != old_seclab:
   9.193 +                    return (-xsconstants.XSERR_BAD_LABEL, "", "", 0)
   9.194 +
   9.195 +                # relabel domain in the hypervisor
   9.196 +                rc, errors = security.relabel_domains([[domid, new_ssidref]])
   9.197 +                log.info("rc from relabeling in HV: %d" % rc)
   9.198 +            else:
   9.199 +                return (-xsconstants.XSERR_POLICY_TYPE_UNSUPPORTED, "", "", 0)
   9.200 +
   9.201 +        if rc == 0:
   9.202 +            # HALTED, RUNNING or PAUSED
   9.203 +            if domid == 0:
   9.204 +                if xspol:
   9.205 +                    ssidref = poladmin.set_domain0_bootlabel(xspol, label)
   9.206 +                else:
   9.207 +                    return (-xsconstants.XSERR_POLICY_NOT_LOADED, "", "", 0)
   9.208 +            else:
   9.209 +                if self.info.has_key('security_label'):
   9.210 +                    old_label = self.info['security_label']
   9.211 +                    # Check label against expected one, unless wildcard
   9.212 +                    if old_label != old_seclab:
   9.213 +                        return (-xsconstants.XSERR_BAD_LABEL, "", "", 0)
   9.214 +
   9.215 +                self.info['security_label'] = seclab
   9.216 +                try:
   9.217 +                    xen.xend.XendDomain.instance().managed_config_save(self)
   9.218 +                except:
   9.219 +                    pass
   9.220 +        return (rc, errors, old_label, new_ssidref)
   9.221 +
   9.222      def get_on_shutdown(self):
   9.223          after_shutdown = self.info.get('actions_after_shutdown')
   9.224          if not after_shutdown or after_shutdown not in XEN_API_ON_NORMAL_EXIT:
    10.1 --- a/tools/python/xen/xend/XendError.py	Mon Jul 09 14:30:46 2007 +0100
    10.2 +++ b/tools/python/xen/xend/XendError.py	Mon Jul 09 14:51:44 2007 +0100
    10.3 @@ -174,6 +174,23 @@ class NetworkError(XendAPIError):
    10.4  
    10.5      def __str__(self):
    10.6          return 'NETWORK_ERROR: %s %s' % (self.error, self.network)
    10.7 +
    10.8 +from xen.util.xsconstants import xserr2string
    10.9 +
   10.10 +class SecurityError(XendAPIError):
   10.11 +    def __init__(self, error, message=None):
   10.12 +        XendAPIError.__init__(self)
   10.13 +        self.error = error
   10.14 +        if not message:
   10.15 +            self.message = xserr2string(-error)
   10.16 +        else:
   10.17 +            self.message = message
   10.18 +
   10.19 +    def get_api_error(self):
   10.20 +        return ['SECURITY_ERROR', self.error, self.message]
   10.21 +
   10.22 +    def __str__(self):
   10.23 +        return 'SECURITY_ERROR: %s:%s' % (self.error, self.message)
   10.24      
   10.25  XEND_ERROR_AUTHENTICATION_FAILED = ('ELUSER', 'Authentication Failed')
   10.26  XEND_ERROR_SESSION_INVALID       = ('EPERMDENIED', 'Session Invalid')
   10.27 @@ -188,4 +205,5 @@ XEND_ERROR_VIF_INVALID           = ('EVI
   10.28  XEND_ERROR_VTPM_INVALID          = ('EVTPMINVALID', 'VTPM Invalid')
   10.29  XEND_ERROR_VDI_INVALID           = ('EVDIINVALID', 'VDI Invalid')
   10.30  XEND_ERROR_SR_INVALID           = ('ESRINVALID', 'SR Invalid')
   10.31 +XEND_ERROR_XSPOLICY_INVALID      = ('EXSPOLICYINVALID', 'XS Invalid')
   10.32  XEND_ERROR_TODO                  = ('ETODO', 'Lazy Programmer Error')
    11.1 --- a/tools/python/xen/xend/XendVDI.py	Mon Jul 09 14:30:46 2007 +0100
    11.2 +++ b/tools/python/xen/xend/XendVDI.py	Mon Jul 09 14:51:44 2007 +0100
    11.3 @@ -23,6 +23,7 @@ import os
    11.4  
    11.5  from xen.util.xmlrpclib2 import stringify
    11.6  from xmlrpclib import dumps, loads
    11.7 +from xen.util import security, xsconstants
    11.8  
    11.9  KB = 1024
   11.10  MB = 1024 * 1024
   11.11 @@ -160,6 +161,17 @@ class XendVDI(AutoSaveObject):
   11.12  
   11.13      def get_location(self):
   11.14          raise NotImplementedError()
   11.15 +
   11.16 +    def set_security_label(self, sec_lab, old_lab):
   11.17 +        image = self.get_location()
   11.18 +        rc = security.set_resource_label_xapi(image, sec_lab, old_lab)
   11.19 +        if rc != xsconstants.XSERR_SUCCESS:
   11.20 +            raise SecurityError(rc)
   11.21 +        return rc
   11.22 +
   11.23 +    def get_security_label(self):
   11.24 +        image = self.get_location()
   11.25 +        return security.get_resource_label_xapi(image)
   11.26                  
   11.27  
   11.28  class XendQCoWVDI(XendVDI):
    12.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    12.2 +++ b/tools/python/xen/xend/XendXSPolicy.py	Mon Jul 09 14:51:44 2007 +0100
    12.3 @@ -0,0 +1,222 @@
    12.4 +#============================================================================
    12.5 +# This library is free software; you can redistribute it and/or
    12.6 +# modify it under the terms of version 2.1 of the GNU Lesser General Public
    12.7 +# License as published by the Free Software Foundation.
    12.8 +#
    12.9 +# This library is distributed in the hope that it will be useful,
   12.10 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
   12.11 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   12.12 +# Lesser General Public License for more details.
   12.13 +#
   12.14 +# You should have received a copy of the GNU Lesser General Public
   12.15 +# License along with this library; if not, write to the Free Software
   12.16 +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   12.17 +#============================================================================
   12.18 +# Copyright (c) 2007 IBM Corporation
   12.19 +# Copyright (c) 2006 Xensource
   12.20 +#============================================================================
   12.21 +
   12.22 +import logging
   12.23 +from xen.xend.XendBase import XendBase
   12.24 +from xen.xend.XendError import *
   12.25 +from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance
   12.26 +from xen.util import xsconstants, security
   12.27 +import base64
   12.28 +
   12.29 +log = logging.getLogger("xend.XendXSPolicy")
   12.30 +log.setLevel(logging.TRACE)
   12.31 +
   12.32 +
   12.33 +class XendXSPolicy(XendBase):
   12.34 +    """ Administration class for an XSPolicy. """
   12.35 +
   12.36 +    def getClass(self):
   12.37 +        return "XSPolicy"
   12.38 +
   12.39 +    def getMethods(self):
   12.40 +        methods = ['activate_xspolicy']
   12.41 +        return XendBase.getMethods() + methods
   12.42 +
   12.43 +    def getFuncs(self):
   12.44 +        funcs = [ 'get_xstype',
   12.45 +                  'set_xspolicy',
   12.46 +                  'get_xspolicy',
   12.47 +                  'rm_xsbootpolicy',
   12.48 +                  'get_resource_label',
   12.49 +                  'set_resource_label',
   12.50 +                  'get_labeled_resources' ]
   12.51 +        return XendBase.getFuncs() + funcs
   12.52 +
   12.53 +    getClass    = classmethod(getClass)
   12.54 +    getMethods  = classmethod(getMethods)
   12.55 +    getFuncs    = classmethod(getFuncs)
   12.56 +
   12.57 +    def __init__(self, xspol, record, uuid):
   12.58 +        """ xspol = actual XSPolicy  object """
   12.59 +        self.xspol = xspol
   12.60 +        XendBase.__init__(self, uuid, record)
   12.61 +
   12.62 +    def get_record(self):
   12.63 +        xspol_record = {
   12.64 +          'uuid'   : self.get_uuid(),
   12.65 +          'flags'  : XSPolicyAdminInstance().get_policy_flags(self.xspol),
   12.66 +          'repr'   : self.xspol.toxml(),
   12.67 +          'type'   : self.xspol.get_type(),
   12.68 +        }
   12.69 +        return xspol_record
   12.70 +
   12.71 +    def get_xstype(self):
   12.72 +        return XSPolicyAdminInstance().isXSEnabled()
   12.73 +
   12.74 +    def set_xspolicy(self, xstype, xml, flags, overwrite):
   12.75 +        ref = ""
   12.76 +        xstype = int(xstype)
   12.77 +        flags  = int(flags)
   12.78 +
   12.79 +        polstate = { 'xs_ref': "", 'repr'   : "", 'type'   : 0,
   12.80 +                     'flags' : 0 , 'version': 0 , 'errors' : "", 'xserr' : 0 }
   12.81 +        if xstype == xsconstants.XS_POLICY_ACM:
   12.82 +            poladmin = XSPolicyAdminInstance()
   12.83 +            try:
   12.84 +                (xspol, rc, errors) = poladmin.add_acmpolicy_to_system(
   12.85 +                                                                   xml, flags,
   12.86 +                                                                   overwrite)
   12.87 +                if rc != 0:
   12.88 +                    polstate.update( { 'xserr' : rc,
   12.89 +                                       'errors': base64.b64encode(errors) } )
   12.90 +                else:
   12.91 +                    ref = xspol.get_ref()
   12.92 +                    polstate = {
   12.93 +                      'xs_ref' : ref,
   12.94 +                      'flags'  : poladmin.get_policy_flags(xspol),
   12.95 +                      'type'   : xstype,
   12.96 +                      'repr'   : "",
   12.97 +                      'version': xspol.get_version(),
   12.98 +                      'errors' : base64.b64encode(errors),
   12.99 +                      'xserr'  : rc,
  12.100 +                    }
  12.101 +            except Exception, e:
  12.102 +                raise
  12.103 +        else:
  12.104 +            raise SecurityError(-xsconstants.XSERR_POLICY_TYPE_UNSUPPORTED)
  12.105 +        return polstate
  12.106 +
  12.107 +    def activate_xspolicy(self, flags):
  12.108 +        flags = int(flags)
  12.109 +        rc = -xsconstants.XSERR_GENERAL_FAILURE
  12.110 +        poladmin = XSPolicyAdminInstance()
  12.111 +        try:
  12.112 +            rc = poladmin.activate_xspolicy(self.xspol, flags)
  12.113 +        except Exception, e:
  12.114 +            log.info("Activate_policy: %s" % str(e))
  12.115 +        if rc != flags:
  12.116 +            raise SecurityError(rc)
  12.117 +        return flags
  12.118 +
  12.119 +    def get_xspolicy(self):
  12.120 +        polstate = { 'xs_ref' : "",
  12.121 +                     'repr'   : "",
  12.122 +                     'type'   : 0,
  12.123 +                     'flags'  : 0,
  12.124 +                     'version': "",
  12.125 +                     'errors' : "",
  12.126 +                     'xserr'  : 0 }
  12.127 +        poladmin = XSPolicyAdminInstance()
  12.128 +        refs = poladmin.get_policies_refs()
  12.129 +        # Will return one or no policy
  12.130 +        if refs and len(refs) > 0:
  12.131 +            ref = refs[0]
  12.132 +            xspol = XSPolicyAdminInstance().policy_from_ref(ref)
  12.133 +            try:
  12.134 +                xspol.grab_lock()
  12.135 +
  12.136 +                polstate = {
  12.137 +                  'xs_ref' : ref,
  12.138 +                  'repr'   : xspol.toxml(),
  12.139 +                  'type'   : xspol.get_type(),
  12.140 +                  'flags'  : poladmin.get_policy_flags(xspol),
  12.141 +                  'version': xspol.get_version(),
  12.142 +                  'errors' : "",
  12.143 +                  'xserr'  : 0,
  12.144 +                }
  12.145 +            finally:
  12.146 +                if xspol:
  12.147 +                    xspol.unlock()
  12.148 +        return polstate
  12.149 +
  12.150 +    def rm_xsbootpolicy(self):
  12.151 +        rc = XSPolicyAdminInstance().rm_bootpolicy()
  12.152 +        if rc != xsconstants.XSERR_SUCCESS:
  12.153 +            raise SecurityError(rc)
  12.154 +
  12.155 +    def get_labeled_resources(self):
  12.156 +        return security.get_labeled_resources_xapi()
  12.157 +
  12.158 +    def set_resource_label(self, resource, sec_lab, old_lab):
  12.159 +        rc = security.set_resource_label_xapi(resource, sec_lab, old_lab)
  12.160 +        if rc != xsconstants.XSERR_SUCCESS:
  12.161 +            raise SecurityError(rc)
  12.162 +
  12.163 +    def get_resource_label(self, resource):
  12.164 +        res = security.get_resource_label_xapi(resource)
  12.165 +        return res
  12.166 +
  12.167 +    get_xstype      = classmethod(get_xstype)
  12.168 +    get_xspolicy    = classmethod(get_xspolicy)
  12.169 +    set_xspolicy    = classmethod(set_xspolicy)
  12.170 +    rm_xsbootpolicy = classmethod(rm_xsbootpolicy)
  12.171 +    set_resource_label = classmethod(set_resource_label)
  12.172 +    get_resource_label = classmethod(get_resource_label)
  12.173 +    get_labeled_resources = classmethod(get_labeled_resources)
  12.174 +
  12.175 +
  12.176 +class XendACMPolicy(XendXSPolicy):
  12.177 +    """ Administration class of an ACMPolicy """
  12.178 +
  12.179 +    def getClass(self):
  12.180 +        return "ACMPolicy"
  12.181 +
  12.182 +    def getAttrRO(self):
  12.183 +        attrRO = [ 'xml',
  12.184 +                   'map',
  12.185 +                   'binary',
  12.186 +                   'header' ]
  12.187 +        return XendXSPolicy.getAttrRO() + attrRO
  12.188 +
  12.189 +    getClass    = classmethod(getClass)
  12.190 +    getAttrRO   = classmethod(getAttrRO)
  12.191 +
  12.192 +    def __init__(self, acmpol, record, uuid):
  12.193 +        """ acmpol = actual ACMPolicy object """
  12.194 +        self.acmpol = acmpol
  12.195 +        XendXSPolicy.__init__(self, acmpol, record, uuid)
  12.196 +
  12.197 +    def get_record(self):
  12.198 +        polstate = {
  12.199 +          'uuid'   : self.get_uuid(),
  12.200 +          'flags'  : XSPolicyAdminInstance().get_policy_flags(self.acmpol),
  12.201 +          'repr'   : self.acmpol.toxml(),
  12.202 +          'type'   : self.acmpol.get_type(),
  12.203 +        }
  12.204 +        return polstate
  12.205 +
  12.206 +    def get_header(self):
  12.207 +        header = {
  12.208 +          'policyname'   : "", 'policyurl'    : "", 'reference'    : "",
  12.209 +          'date'         : "", 'namespaceurl' : "", 'version'      : "",
  12.210 +        }
  12.211 +        try:
  12.212 +            header = self.acmpol.get_header_fields_map()
  12.213 +        except:
  12.214 +            pass
  12.215 +        return header
  12.216 +
  12.217 +    def get_xml(self):
  12.218 +        return self.acmpol.toxml()
  12.219 +
  12.220 +    def get_map(self):
  12.221 +        return self.acmpol.get_map()
  12.222 +
  12.223 +    def get_binary(self):
  12.224 +        polbin = self.acmpol.get_bin()
  12.225 +        return base64.b64encode(polbin)
    13.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    13.2 +++ b/tools/python/xen/xend/XendXSPolicyAdmin.py	Mon Jul 09 14:51:44 2007 +0100
    13.3 @@ -0,0 +1,313 @@
    13.4 +#============================================================================
    13.5 +# This library is free software; you can redistribute it and/or
    13.6 +# modify it under the terms of version 2.1 of the GNU Lesser General Public
    13.7 +# License as published by the Free Software Foundation.
    13.8 +#
    13.9 +# This library is distributed in the hope that it will be useful,
   13.10 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
   13.11 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   13.12 +# Lesser General Public License for more details.
   13.13 +#
   13.14 +# You should have received a copy of the GNU Lesser General Public
   13.15 +# License along with this library; if not, write to the Free Software
   13.16 +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   13.17 +#============================================================================
   13.18 +# Copyright (C) 2006,2007 International Business Machines Corp.
   13.19 +# Author: Stefan Berger <stefanb@us.ibm.com>
   13.20 +#============================================================================
   13.21 +import os
   13.22 +import shutil
   13.23 +
   13.24 +from xml.dom import minidom, Node
   13.25 +
   13.26 +from xen.xend.XendLogging import log
   13.27 +from xen.xend import uuid
   13.28 +from xen.util import security, xsconstants, dictio, bootloader
   13.29 +from xen.util.xspolicy import XSPolicy
   13.30 +from xen.util.acmpolicy import ACMPolicy
   13.31 +from xen.xend.XendError import SecurityError
   13.32 +
   13.33 +XS_MANAGED_POLICIES_FILE = "/etc/xen/acm-security/policies/managed_policies"
   13.34 +
   13.35 +class XSPolicyAdmin:
   13.36 +    """ The class that handles the managed policies in the system.
   13.37 +        Handles adding and removing managed policies. All managed
   13.38 +        policies are handled using a reference (UUID) which is
   13.39 +        assigned to the policy by this class.
   13.40 +    """
   13.41 +
   13.42 +    def __init__(self, maxpolicies):
   13.43 +        """ Create a management class for managing the system's
   13.44 +            policies.
   13.45 +
   13.46 +            @param maxpolicies: The max. number of policies allowed
   13.47 +                                on the system (currently '1')
   13.48 +        """
   13.49 +        self.maxpolicies = maxpolicies
   13.50 +        try:
   13.51 +            self.policies = dictio.dict_read("managed_policies",
   13.52 +                                             XS_MANAGED_POLICIES_FILE)
   13.53 +        except Exception, e:
   13.54 +            self.policies = {}
   13.55 +
   13.56 +        self.xsobjs = {}
   13.57 +        for ref, data in self.policies.items():
   13.58 +            name = data[0]
   13.59 +            typ = data[1]
   13.60 +            try:
   13.61 +                if typ == xsconstants.ACM_POLICY_ID:
   13.62 +                    self.xsobjs[ref] = ACMPolicy(name=name, ref=ref)
   13.63 +                else:
   13.64 +                    del self.policies[ref]
   13.65 +            except Exception, e:
   13.66 +                log.error("XSPolicyAdmin: Could not find policy '%s': %s" %
   13.67 +                         (name, str(e)))
   13.68 +                del self.policies[ref]
   13.69 +        log.debug("XSPolicyAdmin: Known policies: %s" % self.policies)
   13.70 +
   13.71 +    def isXSEnabled(self):
   13.72 +        """ Check whether 'security' is enabled on this system.
   13.73 +            This currently only checks for ACM-enablement.
   13.74 +        """
   13.75 +        rc = 0
   13.76 +        if security.on():
   13.77 +            rc |= xsconstants.XS_POLICY_ACM
   13.78 +        return rc
   13.79 +
   13.80 +    def add_acmpolicy_to_system(self, xmltext, flags, overwrite):
   13.81 +        """ Add an ACM policy's xml representation to the system. The
   13.82 +            policy will automatically be compiled
   13.83 +         flags:
   13.84 +          XS_INST_BOOT : make policy the one to boot the system with
   13.85 +                         by default; if there's a policy already installed,
   13.86 +                         refuse to install this policy unless its one with
   13.87 +                         the same name
   13.88 +          XS_INST_LOAD : load the policy immediately; if this does not work
   13.89 +                         refuse to install this policy
   13.90 +         overwrite:
   13.91 +          If any policy is installed and this is False, refuse to install
   13.92 +          this policy
   13.93 +          If flags is True, then any existing policy will be removed from
   13.94 +          the system and the new one will be installed
   13.95 +        """
   13.96 +        errors = ""
   13.97 +        loadedpol = self.get_loaded_policy()
   13.98 +        if loadedpol:
   13.99 +            # This is meant as an update to a currently loaded policy
  13.100 +            if flags & xsconstants.XS_INST_LOAD == 0:
  13.101 +                raise SecurityError(-xsconstants.XSERR_POLICY_LOADED)
  13.102 +            rc, errors = loadedpol.update(xmltext)
  13.103 +            if rc == 0:
  13.104 +                self.rm_bootpolicy()
  13.105 +                irc = self.activate_xspolicy(loadedpol, flags)
  13.106 +            return (loadedpol, rc, errors)
  13.107 +
  13.108 +        try:
  13.109 +            dom = minidom.parseString(xmltext.encode("utf-8"))
  13.110 +        except:
  13.111 +            raise SecurityError(-xsconstants.XSERR_BAD_XML)
  13.112 +
  13.113 +        ref = uuid.createString()
  13.114 +
  13.115 +        acmpol = ACMPolicy(dom=dom, ref=ref)
  13.116 +
  13.117 +        #First some basic tests that do not modify anything:
  13.118 +
  13.119 +        if flags & xsconstants.XS_INST_BOOT and not overwrite:
  13.120 +            filename = acmpol.get_filename(".bin","",dotted=True)
  13.121 +            if bootloader.get_default_policy != None and \
  13.122 +               not bootloader.loads_default_policy(filename):
  13.123 +                raise SecurityError(-xsconstants.XSERR_BOOTPOLICY_INSTALLED)
  13.124 +
  13.125 +        if not overwrite and len(self.policies) >= self.maxpolicies:
  13.126 +            raise SecurityError(-xsconstants.XSERR_BOOTPOLICY_INSTALLED)
  13.127 +
  13.128 +        if overwrite:
  13.129 +            #This should only give one key since only one policy is
  13.130 +            #allowed.
  13.131 +            keys = self.policies.keys()
  13.132 +            for k in keys:
  13.133 +                self.rm_bootpolicy()
  13.134 +                rc = self.rm_policy_from_system(k, force=overwrite)
  13.135 +                if rc != xsconstants.XSERR_SUCCESS:
  13.136 +                    raise SecurityError(rc)
  13.137 +
  13.138 +        rc = acmpol.compile()
  13.139 +        if rc != 0:
  13.140 +            raise SecurityError(rc)
  13.141 +
  13.142 +        if flags & xsconstants.XS_INST_LOAD:
  13.143 +            rc = acmpol.loadintohv()
  13.144 +            if rc != 0:
  13.145 +                raise SecurityError(rc)
  13.146 +
  13.147 +        if flags & xsconstants.XS_INST_BOOT:
  13.148 +            rc = self.make_boot_policy(acmpol)
  13.149 +            if rc != 0:
  13.150 +                # If it cannot be installed due to unsupported
  13.151 +                # bootloader, let it be ok.
  13.152 +                pass
  13.153 +
  13.154 +        if dom:
  13.155 +            new_entry = { ref : tuple([acmpol.get_name(),
  13.156 +                                       xsconstants.ACM_POLICY_ID]) }
  13.157 +            self.policies.update(new_entry)
  13.158 +            self.xsobjs[ref]  = acmpol
  13.159 +            dictio.dict_write(self.policies,
  13.160 +                              "managed_policies",
  13.161 +                              XS_MANAGED_POLICIES_FILE)
  13.162 +        return (acmpol, xsconstants.XSERR_SUCCESS, errors)
  13.163 +
  13.164 +    def make_boot_policy(self, acmpol):
  13.165 +        spolfile = acmpol.get_filename(".bin")
  13.166 +        dpolfile = "/boot/" + acmpol.get_filename(".bin","",dotted=True)
  13.167 +        if not os.path.isfile(spolfile):
  13.168 +            log.error("binary policy file does not exist.")
  13.169 +            return -xsconstants.XSERR_FILE_ERROR
  13.170 +        try:
  13.171 +            shutil.copyfile(spolfile, dpolfile)
  13.172 +        except:
  13.173 +            return -xsconstants.XSERR_FILE_ERROR
  13.174 +
  13.175 +        try:
  13.176 +            filename = acmpol.get_filename(".bin","",dotted=True)
  13.177 +            if bootloader.set_default_boot_policy(filename) != True:
  13.178 +                return xsconstants.XSERR_BOOTPOLICY_INSTALL_ERROR
  13.179 +        except:
  13.180 +            return xsconstants.XSERR_FILE_ERROR
  13.181 +        return xsconstants.XSERR_SUCCESS
  13.182 +
  13.183 +    def activate_xspolicy(self, xspol, flags):
  13.184 +        rc = xsconstants.XSERR_SUCCESS
  13.185 +        if flags & xsconstants.XS_INST_LOAD:
  13.186 +            rc = xspol.loadintohv()
  13.187 +        if rc == xsconstants.XSERR_SUCCESS and \
  13.188 +           flags & xsconstants.XS_INST_BOOT:
  13.189 +            rc = self.make_boot_policy(xspol)
  13.190 +        if rc == xsconstants.XSERR_SUCCESS:
  13.191 +            rc = flags
  13.192 +        return rc
  13.193 +
  13.194 +    def rm_policy_from_system(self, ref, force=False):
  13.195 +        if self.policies.has_key(ref):
  13.196 +            acmpol = self.xsobjs[ref]
  13.197 +            rc = acmpol.destroy()
  13.198 +            if rc == xsconstants.XSERR_SUCCESS or force:
  13.199 +                del self.policies[ref]
  13.200 +                del self.xsobjs[ref]
  13.201 +                dictio.dict_write(self.policies,
  13.202 +                                  "managed_policies",
  13.203 +                                  XS_MANAGED_POLICIES_FILE)
  13.204 +                rc = xsconstants.XSERR_SUCCESS
  13.205 +            return rc
  13.206 +
  13.207 +    def rm_bootpolicy(self):
  13.208 +        """ Remove any (ACM) boot policy from the grub configuration file
  13.209 +        """
  13.210 +        rc = 0
  13.211 +        title = bootloader.get_default_title()
  13.212 +        if title != None:
  13.213 +            polnames = []
  13.214 +            for (k, v) in self.xsobjs.items():
  13.215 +                polnames.append(v.get_filename(".bin","",dotted=True))
  13.216 +            bootloader.rm_policy_from_boottitle(title, polnames)
  13.217 +        else:
  13.218 +            rc = -xsconstants.XSERR_NO_DEFAULT_BOOT_TITLE
  13.219 +        return rc
  13.220 +
  13.221 +    def get_policy_flags(self, acmpol):
  13.222 +        """ Get the currently active flags of a policy, i.e., whether the
  13.223 +            system is using this policy as its boot policy for the default
  13.224 +            boot title.
  13.225 +        """
  13.226 +        flags = 0
  13.227 +
  13.228 +        filename = acmpol.get_filename(".bin","", dotted=True)
  13.229 +        if bootloader.loads_default_policy(filename):
  13.230 +            flags |= xsconstants.XS_INST_BOOT
  13.231 +
  13.232 +        if acmpol.isloaded():
  13.233 +            flags |= xsconstants.XS_INST_LOAD
  13.234 +        return flags
  13.235 +
  13.236 +    def get_policies(self):
  13.237 +        """ Get all managed policies. """
  13.238 +        return self.xsobjs.values()
  13.239 +
  13.240 +    def get_policies_refs(self):
  13.241 +        """ Get all managed policies' references. """
  13.242 +        return self.xsobjs.keys()
  13.243 +
  13.244 +    def has_ref(self, ref):
  13.245 +        """ Check whether there is a policy with the given reference """
  13.246 +        return self.xsobjs.has_key(ref)
  13.247 +
  13.248 +    def policy_from_ref(self, ref):
  13.249 +        """ Get the policy's object given its reference """
  13.250 +        if ref in self.xsobjs.keys():
  13.251 +            return self.xsobjs[ref]
  13.252 +        return None
  13.253 +
  13.254 +    def ref_from_polname(self, polname):
  13.255 +        """ Get the reference of the policy given its name """
  13.256 +        ref = None
  13.257 +        for (k, v) in self.xsobjs.items():
  13.258 +            if v.get_name() == polname:
  13.259 +                ref = k
  13.260 +                break
  13.261 +        return ref
  13.262 +
  13.263 +    def lock_policy(self, ref):
  13.264 +        """ get exclusive access to a policy """
  13.265 +        self.xsobjs[ref].grab_lock()
  13.266 +
  13.267 +    def unlock_policy(self, ref):
  13.268 +        """ release exclusive access to a policy """
  13.269 +        self.xsobjs[ref].unlock()
  13.270 +
  13.271 +    def get_loaded_policy(self):
  13.272 +        for pol in self.xsobjs.values():
  13.273 +            if pol.isloaded():
  13.274 +                return pol
  13.275 +        return None
  13.276 +
  13.277 +    def get_policy_by_name(self, name):
  13.278 +        for pol in self.xsobjs.values():
  13.279 +            if pol.get_name() == name:
  13.280 +                return pol
  13.281 +        return None
  13.282 +
  13.283 +    def get_domain0_bootlabel(self):
  13.284 +        """ Get the domain0 bootlabel from the default boot title """
  13.285 +        title = ""
  13.286 +        def_title = bootloader.get_default_title()
  13.287 +        line = bootloader.get_kernel_val(def_title, "ssidref")
  13.288 +        if line:
  13.289 +            parms = line.split(":",1)
  13.290 +            if len(parms) > 1:
  13.291 +                title = parms[1]
  13.292 +        return title
  13.293 +
  13.294 +    def set_domain0_bootlabel(self, xspol, label):
  13.295 +        """ Set the domain-0 bootlabel under the given policy """
  13.296 +        return xspol.set_vm_bootlabel(label)
  13.297 +
  13.298 +    def rm_domain0_bootlabel(self):
  13.299 +        """ Remove the domain-0 bootlabel from the default boot title """
  13.300 +        def_title = bootloader.get_default_title()
  13.301 +        return bootloader.set_kernel_attval(def_title, "ssidref", None)
  13.302 +
  13.303 +    def ssidref_to_vmlabel(self, ssidref):
  13.304 +        """ Given an ssidref, return the vmlabel under the current policy """
  13.305 +        vmlabel = ""
  13.306 +        pol = self.get_loaded_policy()
  13.307 +        if pol:
  13.308 +            vmlabel = pol.policy_get_domain_label_by_ssidref_formatted(ssidref)
  13.309 +        return vmlabel
  13.310 +
  13.311 +poladmin = None
  13.312 +
  13.313 +def XSPolicyAdminInstance(maxpolicies=1):
  13.314 +    global poladmin
  13.315 +    if poladmin == None:
  13.316 +        poladmin = XSPolicyAdmin(maxpolicies)
    14.1 --- a/tools/python/xen/xend/server/blkif.py	Mon Jul 09 14:30:46 2007 +0100
    14.2 +++ b/tools/python/xen/xend/server/blkif.py	Mon Jul 09 14:51:44 2007 +0100
    14.3 @@ -73,10 +73,17 @@ class BlkifController(DevController):
    14.4              back['uuid'] = uuid
    14.5  
    14.6          if security.on():
    14.7 -            (label, ssidref, policy) = security.get_res_security_details(uname)
    14.8 -            back.update({'acm_label'  : label,
    14.9 -                         'acm_ssidref': str(ssidref),
   14.10 -                         'acm_policy' : policy})
   14.11 +            (label, ssidref, policy) = \
   14.12 +                                 security.get_res_security_details(uname)
   14.13 +            domain_label = self.vm.get_security_label()
   14.14 +            if domain_label:
   14.15 +                rc = security.res_security_check_xapi(label, ssidref, policy,
   14.16 +                                                      domain_label)
   14.17 +                if rc == 0:
   14.18 +                    raise VmError("VM's access to block device '%s' denied." %
   14.19 +                                  uname)
   14.20 +            else:
   14.21 +                raise VmError("VM must have a security label.")
   14.22  
   14.23          devid = blkif.blkdev_name_to_number(dev)
   14.24          if devid is None:
    15.1 --- a/tools/security/policies/security_policy.xsd	Mon Jul 09 14:30:46 2007 +0100
    15.2 +++ b/tools/security/policies/security_policy.xsd	Mon Jul 09 14:51:44 2007 +0100
    15.3 @@ -22,7 +22,7 @@
    15.4  				<xsd:element name="Reference" type="xsd:string" minOccurs="0" maxOccurs="1" />
    15.5  				<xsd:element name="Date" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element>
    15.6  				<xsd:element name="NameSpaceUrl" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element>
    15.7 -				<xsd:element name="Version" minOccurs="0" maxOccurs="1" type="VersionFormat"/>
    15.8 +				<xsd:element name="Version" minOccurs="1" maxOccurs="1" type="VersionFormat"/>
    15.9  				<xsd:element ref="FromPolicy" minOccurs="0" maxOccurs="1"/>
   15.10  			</xsd:sequence>
   15.11  		</xsd:complexType>
   15.12 @@ -91,23 +91,23 @@
   15.13  			<xsd:sequence>
   15.14  				<xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" />
   15.15  			</xsd:sequence>
   15.16 -			<xsd:attribute name="name" type="xsd:string" use="optional"></xsd:attribute>
   15.17 +			<xsd:attribute name="name" type="xsd:string" use="required"></xsd:attribute>
   15.18  		</xsd:complexType>
   15.19  	</xsd:element>
   15.20  	<xsd:element name="VirtualMachineLabel">
   15.21  		<xsd:complexType>
   15.22  			<xsd:sequence>
   15.23 -				<xsd:element ref="Name"></xsd:element>
   15.24 +				<xsd:element name="Name" type="NameWithFrom"></xsd:element>
   15.25  				<xsd:element ref="SimpleTypeEnforcementTypes" minOccurs="0" maxOccurs="unbounded" />
   15.26 -				<xsd:element ref="ChineseWallTypes" minOccurs="0" maxOccurs="unbounded" />
   15.27 +				<xsd:element name="ChineseWallTypes" type="SingleChineseWallType" />
   15.28  			</xsd:sequence>
   15.29  		</xsd:complexType>
   15.30  	</xsd:element>
   15.31  	<xsd:element name="ResourceLabel">
   15.32  		<xsd:complexType>
   15.33  			<xsd:sequence>
   15.34 -				<xsd:element ref="Name"></xsd:element>
   15.35 -				<xsd:element ref="SimpleTypeEnforcementTypes" minOccurs="0" maxOccurs="unbounded" />
   15.36 +				<xsd:element name="Name" type="NameWithFrom"></xsd:element>
   15.37 +				<xsd:element name="SimpleTypeEnforcementTypes" type="SingleSimpleTypeEnforcementType" />
   15.38  			</xsd:sequence>
   15.39  		</xsd:complexType>
   15.40  	</xsd:element>
   15.41 @@ -131,4 +131,21 @@
   15.42  			<xsd:pattern value="[0-9]{1,8}.[0-9]{1,8}"></xsd:pattern>
   15.43  		</xsd:restriction>
   15.44  	</xsd:simpleType>
   15.45 +	<xsd:complexType name="NameWithFrom">
   15.46 +		<xsd:simpleContent>
   15.47 +			<xsd:extension base="xsd:string">
   15.48 +				<xsd:attribute name="from" type="xsd:string" use="optional"></xsd:attribute>
   15.49 +			</xsd:extension>
   15.50 +		</xsd:simpleContent>
   15.51 +	</xsd:complexType>
   15.52 +	<xsd:complexType name="SingleSimpleTypeEnforcementType">
   15.53 +		<xsd:sequence>
   15.54 +			<xsd:element maxOccurs="1" minOccurs="1" ref="Type" />
   15.55 +		</xsd:sequence>
   15.56 +	</xsd:complexType>
   15.57 +	<xsd:complexType name="SingleChineseWallType">
   15.58 +		<xsd:sequence>
   15.59 +			<xsd:element maxOccurs="1" minOccurs="1" ref="Type" />
   15.60 +		</xsd:sequence>
   15.61 +	</xsd:complexType>
   15.62  </xsd:schema>