ia64/xen-unstable

annotate tools/security/policies/security_policy.xsd @ 9830:9a5bc502a77a

This patch adds a policy name to the policy definition. This policy name
must be unique and must change if the content of the file changes. The
policy name is used to ensure that the XM tools and the hypervisor work
on the same policy, i.e., interpret the security information on domains
consistently. This patch also simplifies the policy management by moving
policy and labels into a single file.

Signed-off by: Reiner Sailer <sailer@us.ibm.com>
author smh22@firebug.cl.cam.ac.uk
date Mon Apr 24 10:50:38 2006 +0100 (2006-04-24)
parents 06d84bf87159
children 50965ae270c9
rev   line source
kaf24@6269 1 <?xml version="1.0" encoding="UTF-8"?>
kaf24@6269 2 <!-- Author: Ray Valdez, Reiner Sailer {rvaldez,sailer}@us.ibm.com -->
kaf24@6269 3 <!-- This file defines the schema, which is used to define -->
smh22@9830 4 <!-- the security policy and the security labels in Xen. -->
kaf24@6269 5
kaf24@6269 6 <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.ibm.com" xmlns="http://www.ibm.com" elementFormDefault="qualified">
kaf24@6269 7 <xsd:element name="SecurityPolicyDefinition">
kaf24@6269 8 <xsd:complexType>
kaf24@6269 9 <xsd:sequence>
smh22@9830 10 <xsd:element ref="PolicyHeader" minOccurs="1" maxOccurs="1"></xsd:element>
kaf24@6269 11 <xsd:element ref="SimpleTypeEnforcement" minOccurs="0" maxOccurs="1"></xsd:element>
kaf24@6269 12 <xsd:element ref="ChineseWall" minOccurs="0" maxOccurs="1"></xsd:element>
smh22@9830 13 <xsd:element ref="SecurityLabelTemplate" minOccurs="1" maxOccurs="1"></xsd:element>
kaf24@6269 14 </xsd:sequence>
kaf24@6269 15 </xsd:complexType>
kaf24@6269 16 </xsd:element>
smh22@9830 17 <xsd:element name="PolicyHeader">
smh22@9830 18 <xsd:complexType>
smh22@9830 19 <xsd:sequence>
smh22@9830 20 <xsd:element name="PolicyName" minOccurs="1" maxOccurs="1" type="xsd:string"></xsd:element>
smh22@9830 21 <xsd:element name="PolicyUrl" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element>
smh22@9830 22 <xsd:element name="Reference" type="xsd:string" minOccurs="0" maxOccurs="1" />
smh22@9830 23 <xsd:element name="Date" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element>
smh22@9830 24 <xsd:element name="NameSpaceUrl" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element>
smh22@9830 25 </xsd:sequence>
smh22@9830 26 </xsd:complexType>
smh22@9830 27 </xsd:element>
smh22@9830 28 <xsd:element name="ChineseWall">
smh22@9830 29 <xsd:complexType>
smh22@9830 30 <xsd:sequence>
smh22@9830 31 <xsd:element ref="ChineseWallTypes" minOccurs="1" maxOccurs="1" />
smh22@9830 32 <xsd:element ref="ConflictSets" minOccurs="0" maxOccurs="1" />
smh22@9830 33 </xsd:sequence>
smh22@9830 34 <xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
smh22@9830 35 </xsd:complexType>
smh22@9830 36 </xsd:element>
smh22@9830 37 <xsd:element name="SimpleTypeEnforcement">
smh22@9830 38 <xsd:complexType>
smh22@9830 39 <xsd:sequence>
smh22@9830 40 <xsd:element ref="SimpleTypeEnforcementTypes" />
smh22@9830 41 </xsd:sequence>
smh22@9830 42 <xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
smh22@9830 43 </xsd:complexType>
smh22@9830 44 </xsd:element>
kaf24@6269 45 <xsd:element name="SecurityLabelTemplate">
kaf24@6269 46 <xsd:complexType>
kaf24@6269 47 <xsd:sequence>
kaf24@6269 48 <xsd:element name="SubjectLabels" minOccurs="0" maxOccurs="1">
kaf24@6269 49 <xsd:complexType>
kaf24@6269 50 <xsd:sequence>
kaf24@6269 51 <xsd:element ref="VirtualMachineLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
kaf24@6269 52 </xsd:sequence>
kaf24@6269 53 <xsd:attribute name="bootstrap" type="xsd:string" use="required"></xsd:attribute>
kaf24@6269 54 </xsd:complexType>
kaf24@6269 55 </xsd:element>
kaf24@6269 56 <xsd:element name="ObjectLabels" minOccurs="0" maxOccurs="1">
kaf24@6269 57 <xsd:complexType>
kaf24@6269 58 <xsd:sequence>
kaf24@6269 59 <xsd:element ref="ResourceLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
kaf24@6269 60 </xsd:sequence>
kaf24@6269 61 </xsd:complexType>
kaf24@6269 62 </xsd:element>
kaf24@6269 63 </xsd:sequence>
kaf24@6269 64 </xsd:complexType>
kaf24@6269 65 </xsd:element>
kaf24@6269 66 <xsd:element name="ChineseWallTypes">
kaf24@6269 67 <xsd:complexType>
kaf24@6269 68 <xsd:sequence>
kaf24@6269 69 <xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" />
kaf24@6269 70 </xsd:sequence>
kaf24@6269 71 </xsd:complexType>
kaf24@6269 72 </xsd:element>
kaf24@6269 73 <xsd:element name="ConflictSets">
kaf24@6269 74 <xsd:complexType>
kaf24@6269 75 <xsd:sequence>
kaf24@6269 76 <xsd:element maxOccurs="unbounded" minOccurs="1" ref="Conflict" />
kaf24@6269 77 </xsd:sequence>
kaf24@6269 78 </xsd:complexType>
kaf24@6269 79 </xsd:element>
kaf24@6269 80 <xsd:element name="SimpleTypeEnforcementTypes">
kaf24@6269 81 <xsd:complexType>
kaf24@6269 82 <xsd:sequence>
kaf24@6269 83 <xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" />
kaf24@6269 84 </xsd:sequence>
kaf24@6269 85 </xsd:complexType>
kaf24@6269 86 </xsd:element>
kaf24@6269 87 <xsd:element name="Conflict">
kaf24@6269 88 <xsd:complexType>
kaf24@6269 89 <xsd:sequence>
kaf24@6269 90 <xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" />
kaf24@6269 91 </xsd:sequence>
kaf24@6269 92 <xsd:attribute name="name" type="xsd:string" use="optional"></xsd:attribute>
kaf24@6269 93 </xsd:complexType>
kaf24@6269 94 </xsd:element>
kaf24@6269 95 <xsd:element name="VirtualMachineLabel">
kaf24@6269 96 <xsd:complexType>
kaf24@6269 97 <xsd:sequence>
kaf24@6269 98 <xsd:element ref="Name"></xsd:element>
kaf24@6269 99 <xsd:element ref="SimpleTypeEnforcementTypes" minOccurs="0" maxOccurs="unbounded" />
kaf24@6269 100 <xsd:element ref="ChineseWallTypes" minOccurs="0" maxOccurs="unbounded" />
kaf24@6269 101 </xsd:sequence>
kaf24@6269 102 </xsd:complexType>
kaf24@6269 103 </xsd:element>
kaf24@6269 104 <xsd:element name="ResourceLabel">
kaf24@6269 105 <xsd:complexType>
kaf24@6269 106 <xsd:sequence>
kaf24@6269 107 <xsd:element ref="Name"></xsd:element>
kaf24@6269 108 <xsd:element ref="SimpleTypeEnforcementTypes" minOccurs="0" maxOccurs="unbounded" />
kaf24@6269 109 </xsd:sequence>
kaf24@6269 110 </xsd:complexType>
kaf24@6269 111 </xsd:element>
kaf24@6269 112 <xsd:element name="Name" type="xsd:string" />
kaf24@6269 113 <xsd:element name="Type" type="xsd:string" />
kaf24@6269 114 <xsd:simpleType name="PolicyOrder">
kaf24@6269 115 <xsd:restriction base="xsd:string">
kaf24@6269 116 <xsd:enumeration value="PrimaryPolicyComponent"></xsd:enumeration>
kaf24@6269 117 </xsd:restriction>
kaf24@6269 118 </xsd:simpleType>
kaf24@6269 119 </xsd:schema>