ia64/xen-unstable

diff tools/security/policies/security_policy.xsd @ 9830:9a5bc502a77a

This patch adds a policy name to the policy definition. This policy name
must be unique and must change if the content of the file changes. The
policy name is used to ensure that the XM tools and the hypervisor work
on the same policy, i.e., interpret the security information on domains
consistently. This patch also simplifies the policy management by moving
policy and labels into a single file.

Signed-off by: Reiner Sailer <sailer@us.ibm.com>
author smh22@firebug.cl.cam.ac.uk
date Mon Apr 24 10:50:38 2006 +0100 (2006-04-24)
parents 06d84bf87159
children 50965ae270c9
line diff
     1.1 --- a/tools/security/policies/security_policy.xsd	Sun Apr 23 09:20:31 2006 +0100
     1.2 +++ b/tools/security/policies/security_policy.xsd	Mon Apr 24 10:50:38 2006 +0100
     1.3 @@ -1,22 +1,50 @@
     1.4  <?xml version="1.0" encoding="UTF-8"?>
     1.5  <!-- Author: Ray Valdez, Reiner Sailer {rvaldez,sailer}@us.ibm.com -->
     1.6  <!--         This file defines the schema, which is used to define -->
     1.7 -<!--         the security policy and the security labels in Xe.    -->
     1.8 +<!--         the security policy and the security labels in Xen.    -->
     1.9  
    1.10  <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.ibm.com" xmlns="http://www.ibm.com" elementFormDefault="qualified">
    1.11  	<xsd:element name="SecurityPolicyDefinition">
    1.12  		<xsd:complexType>
    1.13  			<xsd:sequence>
    1.14 -				<xsd:element ref="PolicyHeader" minOccurs="0" maxOccurs="1"></xsd:element>
    1.15 +				<xsd:element ref="PolicyHeader" minOccurs="1" maxOccurs="1"></xsd:element>
    1.16  				<xsd:element ref="SimpleTypeEnforcement" minOccurs="0" maxOccurs="1"></xsd:element>
    1.17  				<xsd:element ref="ChineseWall" minOccurs="0" maxOccurs="1"></xsd:element>
    1.18 +				<xsd:element ref="SecurityLabelTemplate" minOccurs="1" maxOccurs="1"></xsd:element>
    1.19  			</xsd:sequence>
    1.20  		</xsd:complexType>
    1.21  	</xsd:element>
    1.22 +	<xsd:element name="PolicyHeader">
    1.23 +		<xsd:complexType>
    1.24 +			<xsd:sequence>
    1.25 +				<xsd:element name="PolicyName" minOccurs="1" maxOccurs="1" type="xsd:string"></xsd:element>
    1.26 +				<xsd:element name="PolicyUrl" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element>
    1.27 +				<xsd:element name="Reference" type="xsd:string" minOccurs="0" maxOccurs="1" />
    1.28 +				<xsd:element name="Date" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element>
    1.29 +				<xsd:element name="NameSpaceUrl" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element>
    1.30 +			</xsd:sequence>
    1.31 +		</xsd:complexType>
    1.32 +	</xsd:element>
    1.33 +	<xsd:element name="ChineseWall">
    1.34 +		<xsd:complexType>
    1.35 +			<xsd:sequence>
    1.36 +				<xsd:element ref="ChineseWallTypes" minOccurs="1" maxOccurs="1" />
    1.37 +				<xsd:element ref="ConflictSets" minOccurs="0" maxOccurs="1" />
    1.38 +			</xsd:sequence>
    1.39 +			<xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
    1.40 +		</xsd:complexType>
    1.41 +	</xsd:element>
    1.42 +	<xsd:element name="SimpleTypeEnforcement">
    1.43 +		<xsd:complexType>
    1.44 +			<xsd:sequence>
    1.45 +				<xsd:element ref="SimpleTypeEnforcementTypes" />
    1.46 +			</xsd:sequence>
    1.47 +			<xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
    1.48 +		</xsd:complexType>
    1.49 +	</xsd:element>
    1.50  	<xsd:element name="SecurityLabelTemplate">
    1.51  		<xsd:complexType>
    1.52  			<xsd:sequence>
    1.53 -				<xsd:element ref="LabelHeader" minOccurs="1" maxOccurs="1"></xsd:element>
    1.54  				<xsd:element name="SubjectLabels" minOccurs="0" maxOccurs="1">
    1.55  					<xsd:complexType>
    1.56  						<xsd:sequence>
    1.57 @@ -35,40 +63,6 @@
    1.58  			</xsd:sequence>
    1.59  		</xsd:complexType>
    1.60  	</xsd:element>
    1.61 -	<xsd:element name="PolicyHeader">
    1.62 -		<xsd:complexType>
    1.63 -			<xsd:sequence>
    1.64 -				<xsd:element ref="Name" minOccurs="1" maxOccurs="1" />
    1.65 -				<xsd:element ref="Date" minOccurs="1" maxOccurs="1" />
    1.66 -			</xsd:sequence>
    1.67 -		</xsd:complexType>
    1.68 -	</xsd:element>
    1.69 -	<xsd:element name="LabelHeader">
    1.70 -		<xsd:complexType>
    1.71 -			<xsd:sequence>
    1.72 -				<xsd:element ref="Name"></xsd:element>
    1.73 -				<xsd:element ref="Date" minOccurs="1" maxOccurs="1"></xsd:element>
    1.74 -				<xsd:element ref="PolicyName" minOccurs="1" maxOccurs="1"></xsd:element>
    1.75 -			</xsd:sequence>
    1.76 -		</xsd:complexType>
    1.77 -	</xsd:element>
    1.78 -	<xsd:element name="SimpleTypeEnforcement">
    1.79 -		<xsd:complexType>
    1.80 -			<xsd:sequence>
    1.81 -				<xsd:element ref="SimpleTypeEnforcementTypes" />
    1.82 -			</xsd:sequence>
    1.83 -			<xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
    1.84 -		</xsd:complexType>
    1.85 -	</xsd:element>
    1.86 -	<xsd:element name="ChineseWall">
    1.87 -		<xsd:complexType>
    1.88 -			<xsd:sequence>
    1.89 -				<xsd:element ref="ChineseWallTypes" />
    1.90 -				<xsd:element ref="ConflictSets" />
    1.91 -			</xsd:sequence>
    1.92 -			<xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
    1.93 -		</xsd:complexType>
    1.94 -	</xsd:element>
    1.95  	<xsd:element name="ChineseWallTypes">
    1.96  		<xsd:complexType>
    1.97  			<xsd:sequence>
    1.98 @@ -115,24 +109,11 @@
    1.99  			</xsd:sequence>
   1.100  		</xsd:complexType>
   1.101  	</xsd:element>
   1.102 -	<xsd:element name="PolicyName">
   1.103 -		<xsd:complexType>
   1.104 -			<xsd:sequence>
   1.105 -				<xsd:element ref="Url" />
   1.106 -				<xsd:element ref="Reference" />
   1.107 -			</xsd:sequence>
   1.108 -		</xsd:complexType>
   1.109 -	</xsd:element>
   1.110 -	<xsd:element name="Date" type="xsd:string" />
   1.111  	<xsd:element name="Name" type="xsd:string" />
   1.112  	<xsd:element name="Type" type="xsd:string" />
   1.113 -	<xsd:element name="Reference" type="xsd:string" />
   1.114 -	<xsd:element name="Url"></xsd:element>
   1.115 -
   1.116  	<xsd:simpleType name="PolicyOrder">
   1.117  		<xsd:restriction base="xsd:string">
   1.118  			<xsd:enumeration value="PrimaryPolicyComponent"></xsd:enumeration>
   1.119  		</xsd:restriction>
   1.120  	</xsd:simpleType>
   1.121 -
   1.122  </xsd:schema>