ia64/xen-unstable

view tools/security/python/xensec_tools/acm_getdecision @ 9835:cf20dbbf5c2b

This patch adds new python access control management scripts, which
integrate into Xen Management and which support the new access control
labels (labels replace the ssidref numbers at the management user
interface).

Signed-off by: Reiner Sailer <sailer@us.ibm.com>
author smh22@firebug.cl.cam.ac.uk
date Mon Apr 24 10:58:25 2006 +0100 (2006-04-24)
parents
children
line source
1 #!/usr/bin/env python
2 # -*- mode: python; -*-
3 import sys
4 import traceback
5 import getopt
7 # add fallback path for non-native python path installs if needed
8 sys.path.insert(-1, '/usr/lib/python')
9 sys.path.insert(-1, '/usr/lib64/python')
11 from xen.util.security import ACMError, err, get_decision, active_policy
13 def usage():
14 print "Usage: acm_getdecision -i domainid --label labelname"
15 print " Test program illustrating the retrieval of"
16 print " access control decisions from Xen. At this time,"
17 print " only sharing (STE) policy decisions are supported."
18 print " Arguments are two paramters in any combination:"
19 print "\t -i domain_id or --domid domain_id"
20 print "\t -l labelname or --label labelname"
21 print " Return value:"
22 print "\t PERMITTED if access is permitted"
23 print "\t DENIED if access is denied"
24 print "\t ACMError -- e.g., unknown label or domain id"
25 err("Usage")
27 try:
29 if len(sys.argv) != 5:
30 usage()
32 decision_args = []
34 for idx in range(1, len(sys.argv), 2):
35 if sys.argv[idx] in ['-i', '--domid']:
36 decision_args.append(['domid', sys.argv[idx+1]])
37 elif sys.argv[idx] in ['-l', '--label']:
38 decision_args.append(['access_control',
39 ['policy', active_policy],
40 ['label', sys.argv[idx+1]]
41 ])
42 else:
43 print "unknown argument %s" % sys.argv[idx]
44 usage()
46 if len(decision_args) != 2:
47 print "too many arguments"
48 usage()
50 print get_decision(decision_args[0], decision_args[1])
52 except ACMError:
53 pass
54 except:
55 traceback.print_exc(limit=1)