ia64/xen-unstable

changeset 15614:7ef821ff6d89

[Xm-Test] Additional tests for the xm-test suite

This adds a couple of test cases exercising the new policy management
functionality to the security tests.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author kfraser@localhost.localdomain
date Wed Jul 18 10:08:37 2007 +0100 (2007-07-18)
parents 4197a1aad70b
children 9c077fc8ccf1
files tools/xm-test/lib/XmTestLib/XenAPIDomain.py tools/xm-test/lib/XmTestLib/acm.py tools/xm-test/tests/security-acm/01_security-acm_basic.py tools/xm-test/tests/security-acm/07_security-acm_pol_update.py tools/xm-test/tests/security-acm/08_security-acm_xapi.py tools/xm-test/tests/security-acm/09_security-acm_pol_update.py tools/xm-test/tests/security-acm/Makefile.am tools/xm-test/tests/security-acm/xm-test-new-security_policy.xml
line diff
     1.1 --- a/tools/xm-test/lib/XmTestLib/XenAPIDomain.py	Wed Jul 18 10:04:46 2007 +0100
     1.2 +++ b/tools/xm-test/lib/XmTestLib/XenAPIDomain.py	Wed Jul 18 10:08:37 2007 +0100
     1.3 @@ -23,6 +23,7 @@ import os
     1.4  import sys
     1.5  from XmTestLib import *
     1.6  from types import DictType
     1.7 +from acm import *
     1.8  
     1.9  
    1.10  class XenAPIConfig:
    1.11 @@ -38,6 +39,9 @@ class XenAPIConfig:
    1.12                             'kernel' : 'PV_kernel',
    1.13                             'ramdisk': 'PV_ramdisk',
    1.14                             'root'   : 'PV_args'}
    1.15 +        if isACMEnabled():
    1.16 +            #A default so every VM can start with ACM enabled
    1.17 +            self.opts["security_label"] = "ACM:xm-test:red"
    1.18  
    1.19      def setOpt(self, name, value):
    1.20          """Set an option in the config"""
     2.1 --- a/tools/xm-test/lib/XmTestLib/acm.py	Wed Jul 18 10:04:46 2007 +0100
     2.2 +++ b/tools/xm-test/lib/XmTestLib/acm.py	Wed Jul 18 10:08:37 2007 +0100
     2.3 @@ -19,6 +19,9 @@
     2.4  """
     2.5  from Test import *
     2.6  from xen.util import security
     2.7 +from xen.xm.main import server
     2.8 +from xen.util import xsconstants
     2.9 +import re
    2.10  
    2.11  try:
    2.12      from acm_config import *
    2.13 @@ -32,16 +35,47 @@ def isACMEnabled():
    2.14      return security.on()
    2.15  
    2.16  
    2.17 +def getSystemPolicyName():
    2.18 +    s,o = traceCommand("xm getpolicy")
    2.19 +    m = re.compile("Policy name[\s]*: ([A-z\-]+)").search(o)
    2.20 +    if m:
    2.21 +        polname = m.group(1)
    2.22 +        return polname
    2.23 +    return ""
    2.24 +
    2.25 +
    2.26 +def ACMLoadPolicy_XenAPI(policy='xm-test'):
    2.27 +    polname = getSystemPolicyName()
    2.28 +    if polname != policy:
    2.29 +        # Try it, maybe it's not activated
    2.30 +        traceCommand("xm setpolicy %s %s" %
    2.31 +                     (xsconstants.XS_POLICY_ACM, policy))
    2.32 +        polname = getSystemPolicyName()
    2.33 +        if polname != policy:
    2.34 +            FAIL("Need to have a system with no or policy '%s' active, "
    2.35 +                 "not %s" % (policy,polname))
    2.36 +        else:
    2.37 +            s, o = traceCommand("xm activatepolicy --load")
    2.38 +    else:
    2.39 +        s, o = traceCommand("xm activatepolicy --load")
    2.40 +        if not re.search("Successfully", o):
    2.41 +            FAIL("Could not set the policy '%s'." % policy)
    2.42 +
    2.43 +
    2.44  def ACMLoadPolicy(policy='xm-test'):
    2.45 -    s, o = traceCommand("xm makepolicy %s" % (policy))
    2.46 -    if s != 0:
    2.47 -        FAIL("Need to be able to do 'xm makepolicy %s' but could not" %
    2.48 -             (policy))
    2.49 -    s, o = traceCommand("xm loadpolicy %s" % (policy))
    2.50 -    if s != 0:
    2.51 -        FAIL("Could not load the required policy '%s'.\n"
    2.52 -             "Start the system without any policy.\n%s" %
    2.53 -             (policy, o))
    2.54 +    from xen.xm import main
    2.55 +    if main.serverType == main.SERVER_XEN_API:
    2.56 +        ACMLoadPolicy_XenAPI()
    2.57 +    else:
    2.58 +        s, o = traceCommand("xm makepolicy %s" % (policy))
    2.59 +        if s != 0:
    2.60 +            FAIL("Need to be able to do 'xm makepolicy %s' but could not" %
    2.61 +                 (policy))
    2.62 +        s, o = traceCommand("xm loadpolicy %s" % (policy))
    2.63 +        if s != 0:
    2.64 +            FAIL("Could not load the required policy '%s'.\n"
    2.65 +                 "Start the system without any policy.\n%s" %
    2.66 +                 (policy, o))
    2.67  
    2.68  def ACMPrepareSystem(resources):
    2.69      if isACMEnabled():
     3.1 --- a/tools/xm-test/tests/security-acm/01_security-acm_basic.py	Wed Jul 18 10:04:46 2007 +0100
     3.2 +++ b/tools/xm-test/tests/security-acm/01_security-acm_basic.py	Wed Jul 18 10:08:37 2007 +0100
     3.3 @@ -15,6 +15,7 @@
     3.4  
     3.5  from XmTestLib import *
     3.6  from xen.util import security
     3.7 +from xen.util import xsconstants
     3.8  import commands
     3.9  import os
    3.10  import re
    3.11 @@ -28,7 +29,7 @@ if not isACMEnabled():
    3.12      SKIP("Not running this test since ACM not enabled.")
    3.13  
    3.14  status, output = traceCommand("xm makepolicy %s" % (testpolicy))
    3.15 -if status != 0 or output != "":
    3.16 +if status != 0:
    3.17      FAIL("'xm makepolicy' failed with status %d and output\n%s" %
    3.18           (status,output));
    3.19  
    3.20 @@ -47,7 +48,7 @@ status, output = traceCommand("xm rmlabe
    3.21  status, output = traceCommand("xm addlabel %s dom %s %s" %
    3.22                                (testlabel, vmconfigfile, testpolicy))
    3.23  if status != 0:
    3.24 -    FAIL("'xm addlabel' failed with status %d.\n" % status)
    3.25 +    FAIL("(1) 'xm addlabel' failed with status %d.\n" % status)
    3.26  
    3.27  status, output = traceCommand("xm getlabel dom %s" %
    3.28                                (vmconfigfile))
    3.29 @@ -55,8 +56,9 @@ status, output = traceCommand("xm getlab
    3.30  if status != 0:
    3.31      FAIL("'xm getlabel' failed with status %d, output:\n%s" %
    3.32           (status, output))
    3.33 -if output != "policy=%s,label=%s" % (testpolicy,testlabel):
    3.34 -    FAIL("Received unexpected output from 'xm getlabel': \n%s" %
    3.35 +if output != "policytype=%s,policy=%s,label=%s" % \
    3.36 +             (xsconstants.ACM_POLICY_ID, testpolicy, testlabel):
    3.37 +    FAIL("(1) Received unexpected output from 'xm getlabel dom': \n%s" %
    3.38           (output))
    3.39  
    3.40  
    3.41 @@ -74,30 +76,34 @@ status, output = traceCommand("xm getlab
    3.42                                (vmconfigfile))
    3.43  
    3.44  if output != "Error: 'Domain not labeled'":
    3.45 -    FAIL("Received unexpected output from 'xm getlabel': \n%s" %
    3.46 +    FAIL("(2) Received unexpected output from 'xm getlabel dom': \n%s" %
    3.47           (output))
    3.48  
    3.49  #Whatever label the resource might have, remove it
    3.50  status, output = traceCommand("xm rmlabel res %s" %
    3.51                                (testresource))
    3.52 +if status != 0:
    3.53 +    FAIL("'xm rmlabel' on resource failed with status %d.\n" % status)
    3.54  
    3.55  status, output = traceCommand("xm addlabel %s res %s %s" %
    3.56                                (testlabel, testresource, testpolicy))
    3.57  if status != 0:
    3.58 -    FAIL("'xm addlabel' on resource failed with status %d.\n" % status)
    3.59 +    FAIL("(2) 'xm addlabel' on resource failed with status %d.\n" % status)
    3.60  
    3.61  status, output = traceCommand("xm getlabel res %s" % (testresource))
    3.62  
    3.63  if status != 0:
    3.64      FAIL("'xm getlabel' on resource failed with status %d, output:\n%s" %
    3.65           (status, output))
    3.66 -if output != "policy=%s,label=%s" % (testpolicy,testlabel):
    3.67 -    FAIL("Received unexpected output from 'xm getlabel': \n%s" %
    3.68 +if output != "%s:%s:%s" % (xsconstants.ACM_POLICY_ID,\
    3.69 +                           testpolicy,testlabel):
    3.70 +    FAIL("Received unexpected output from 'xm getlabel res': \n%s" %
    3.71           (output))
    3.72  
    3.73  status, output = traceCommand("xm resources")
    3.74  
    3.75  if status != 0:
    3.76 +    print "status = %s" % str(status)
    3.77      FAIL("'xm resources' did not run properly")
    3.78  if not re.search(security.unify_resname(testresource), output):
    3.79      FAIL("'xm resources' did not show the tested resource '%s'." %
    3.80 @@ -117,5 +123,5 @@ status, output = traceCommand("xm getlab
    3.81                                (testresource))
    3.82  
    3.83  if output != "Error: 'Resource not labeled'":
    3.84 -    FAIL("Received unexpected output from 'xm getlabel': \n%s" %
    3.85 +    FAIL("Received unexpected output from 'xm getlabel res': \n%s" %
    3.86           (output))
     4.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     4.2 +++ b/tools/xm-test/tests/security-acm/07_security-acm_pol_update.py	Wed Jul 18 10:08:37 2007 +0100
     4.3 @@ -0,0 +1,303 @@
     4.4 +#!/usr/bin/python
     4.5 +
     4.6 +# Copyright (C) International Business Machines Corp., 2006
     4.7 +# Author: Stefan Berger <stefanb@us.ibm.com>
     4.8 +
     4.9 +# Test to exercise the xspolicy class
    4.10 +
    4.11 +from XmTestLib import xapi
    4.12 +from XmTestLib.XenAPIDomain import XmTestAPIDomain
    4.13 +from XmTestLib import *
    4.14 +from xen.xend import XendAPIConstants
    4.15 +from xen.util import acmpolicy, security, xsconstants
    4.16 +from xen.util.acmpolicy import ACMPolicy
    4.17 +from xen.xend.XendDomain import DOM0_UUID
    4.18 +
    4.19 +import commands
    4.20 +import os
    4.21 +import base64
    4.22 +
    4.23 +xm_test = {}
    4.24 +xm_test['policyname'] = "xm-test"
    4.25 +xm_test['date'] = "Fri Sep 29 14:44:38 2006"
    4.26 +xm_test['url']  = None
    4.27 +
    4.28 +vm_label_red   = "%s:xm-test:red" % xsconstants.ACM_POLICY_ID
    4.29 +vm_label_green = "%s:xm-test:green" % xsconstants.ACM_POLICY_ID
    4.30 +vm_label_blue  = "%s:xm-test:blue" % xsconstants.ACM_POLICY_ID
    4.31 +vm_label_sys   = "%s:xm-test:SystemManagement" % xsconstants.ACM_POLICY_ID
    4.32 +
    4.33 +vm_label_black = "%s:xm-test:black"
    4.34 +
    4.35 +session = xapi.connect()
    4.36 +
    4.37 +oldlabel = session.xenapi.VM.get_security_label(DOM0_UUID)
    4.38 +
    4.39 +ssidref = session.xenapi.VM.set_security_label(DOM0_UUID,
    4.40 +                                               vm_label_sys,
    4.41 +                                               oldlabel)
    4.42 +if int(ssidref) <= 0 or int(ssidref) != 0x00010001:
    4.43 +    FAIL("(0) Domain-0 label for '%s' has unexpected failure: %08x" %
    4.44 +         (vm_label_sys, int(ssidref)))
    4.45 +print "ssidref for '%s' is 0x%08x" % (vm_label_sys, int(ssidref))
    4.46 +
    4.47 +
    4.48 +xstype = session.xenapi.XSPolicy.get_xstype()
    4.49 +if int(xstype) & xsconstants.XS_POLICY_ACM == 0:
    4.50 +    SKIP("ACM not enabled/compiled in Xen")
    4.51 +
    4.52 +policystate = session.xenapi.XSPolicy.get_xspolicy()
    4.53 +if not policystate.has_key('xs_ref'):
    4.54 +    FAIL("get_xspolicy must return member 'xs_ref'")
    4.55 +
    4.56 +xs_ref = policystate['xs_ref']
    4.57 +if xs_ref != "":
    4.58 +    origpolicyxml = session.xenapi.ACMPolicy.get_xml(xs_ref)
    4.59 +else:
    4.60 +    origpolicyxml = ""
    4.61 +
    4.62 +f = open("xm-test-security_policy.xml", 'r')
    4.63 +if f:
    4.64 +    newpolicyxml = f.read()
    4.65 +    f.close()
    4.66 +else:
    4.67 +    FAIL("Could not read 'xm-test' policy")
    4.68 +
    4.69 +try:
    4.70 +    os.unlink("/boot/xm-test.bin")
    4.71 +except:
    4.72 +    pass
    4.73 +
    4.74 +policystate = session.xenapi.XSPolicy.get_xspolicy()
    4.75 +
    4.76 +if int(policystate['type']) == 0:
    4.77 +    policystate = session.xenapi.XSPolicy.set_xspolicy(
    4.78 +                          xsconstants.XS_POLICY_ACM,
    4.79 +                          newpolicyxml,
    4.80 +                          xsconstants.XS_INST_LOAD | xsconstants.XS_INST_BOOT,
    4.81 +                          1)
    4.82 +    if int(policystate['flags']) == -1:
    4.83 +        FAIL("Could not set the new policy.")
    4.84 +
    4.85 +print "state of policy = %s " % policystate
    4.86 +
    4.87 +rc = session.xenapi.XSPolicy.activate_xspolicy(
    4.88 +                          policystate['xs_ref'],
    4.89 +                          xsconstants.XS_INST_LOAD | xsconstants.XS_INST_BOOT)
    4.90 +if int(rc) != xsconstants.XS_INST_LOAD | xsconstants.XS_INST_BOOT:
    4.91 +    FAIL("Could not activate the current policy: rc = %08x" % int(rc))
    4.92 +
    4.93 +if not os.path.exists("/boot/xm-test.bin"):
    4.94 +    FAIL("Binary policy was not installed. Check grub config file.")
    4.95 +
    4.96 +policystate = session.xenapi.XSPolicy.get_xspolicy()
    4.97 +
    4.98 +if int(policystate['flags']) != xsconstants.XS_INST_BOOT | \
    4.99 +                                xsconstants.XS_INST_LOAD:
   4.100 +    FAIL("Flags (%x) are not indicating the correct state of the policy.",
   4.101 +         int(policystate['flags']))
   4.102 +
   4.103 +policystate = session.xenapi.XSPolicy.get_xspolicy()
   4.104 +xs_ref = policystate['xs_ref']
   4.105 +
   4.106 +newpolicyxml = None
   4.107 +f = open("xm-test-new-security_policy.xml", 'r')
   4.108 +if f:
   4.109 +    newpolicyxml = f.read()
   4.110 +    f.close()
   4.111 +else:
   4.112 +    FAIL("Could not read 'xm-test-new' policy")
   4.113 +
   4.114 +cur_acmpol = ACMPolicy(xml = policystate['repr'])
   4.115 +new_acmpol = ACMPolicy(xml = newpolicyxml)
   4.116 +
   4.117 +new_acmpol.update_frompolicy(cur_acmpol)
   4.118 +
   4.119 +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM,
   4.120 +                          new_acmpol.toxml(),
   4.121 +                          xsconstants.XS_INST_LOAD | xsconstants.XS_INST_BOOT,
   4.122 +                          1)
   4.123 +
   4.124 +f = open("xm-test-security_policy.xml", 'r')
   4.125 +if f:
   4.126 +    newpolicyxml = f.read()
   4.127 +    f.close()
   4.128 +else:
   4.129 +    FAIL("Could not read 'xm-test-new' policy")
   4.130 +
   4.131 +cur_acmpol = new_acmpol
   4.132 +new_acmpol = ACMPolicy(xml = newpolicyxml)
   4.133 +
   4.134 +new_acmpol.update_frompolicy(cur_acmpol)
   4.135 +
   4.136 +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM,
   4.137 +                          new_acmpol.toxml(),
   4.138 +                          xsconstants.XS_INST_LOAD | xsconstants.XS_INST_BOOT,
   4.139 +                          1)
   4.140 +
   4.141 +dom0_lab = session.xenapi.VM.get_security_label(DOM0_UUID)
   4.142 +
   4.143 +ssidref = session.xenapi.VM.set_security_label(DOM0_UUID,
   4.144 +                                               vm_label_sys, dom0_lab)
   4.145 +if int(ssidref) <= 0 or int(ssidref) != 0x00010001:
   4.146 +    FAIL("(1) Domain-0 label for '%s' has unexpected failure: %08x" %
   4.147 +         (vm_label_sys, int(ssidref)))
   4.148 +print "ssidref for '%s' is 0x%08x" % (vm_label_sys, int(ssidref))
   4.149 +
   4.150 +try:
   4.151 +    ssidref = session.xenapi.VM.set_security_label(DOM0_UUID,
   4.152 +                                                   vm_label_black,
   4.153 +                                                   vm_label_sys)
   4.154 +    FAIL("Could set label '%s', although it's not in the policy. "
   4.155 +         "ssidref=%s" % (vm_label_black, ssidref))
   4.156 +except:
   4.157 +    pass
   4.158 +
   4.159 +ssidref = session.xenapi.VM.set_security_label(DOM0_UUID,
   4.160 +                                               vm_label_red,
   4.161 +                                               vm_label_sys)
   4.162 +if int(ssidref) <= 0:
   4.163 +    FAIL("(2) Domain-0 label for '%s' has unexpected failure: %08x" %
   4.164 +         (vm_label_red, int(ssidref)))
   4.165 +print "ssidref for '%s' is 0x%08x" % (vm_label_red, int(ssidref))
   4.166 +
   4.167 +label = session.xenapi.VM.get_security_label(DOM0_UUID)
   4.168 +
   4.169 +if label != vm_label_red:
   4.170 +    FAIL("Dom0 label '%s' not as expected '%s'" % (label, vm_label_red))
   4.171 +
   4.172 +
   4.173 +ssidref = session.xenapi.VM.set_security_label(DOM0_UUID,
   4.174 +                                               vm_label_sys,
   4.175 +                                               vm_label_red)
   4.176 +if int(ssidref) <= 0 or int(ssidref) != 0x00010001:
   4.177 +    FAIL("(3) Domain-0 label for '%s' has unexpected failure: %08x" %
   4.178 +         (vm_label_sys, int(ssidref)))
   4.179 +
   4.180 +label = session.xenapi.VM.get_security_label(DOM0_UUID)
   4.181 +
   4.182 +if label != vm_label_sys:
   4.183 +    FAIL("Dom0 label '%s' not as expected '%s'" % label, dom0_label)
   4.184 +
   4.185 +header = session.xenapi.ACMPolicy.get_header(xs_ref)
   4.186 +
   4.187 +if header['policyname'] != xm_test['policyname']:
   4.188 +    FAIL("Name in header is '%s', expected is '%s'." %
   4.189 +         (header['policyname'],xm_test['policyname']))
   4.190 +if header['date'] != xm_test['date']:
   4.191 +    FAIL("Date in header is '%s', expected is '%s'." %
   4.192 +         (header['date'],xm_test['date']))
   4.193 +if header.has_key("url") and header['url' ] != xm_test['url' ]:
   4.194 +    FAIL("URL  in header is '%s', expected is '%s'." %
   4.195 +         (header['url' ],xm_test['url' ]))
   4.196 +
   4.197 +# Create another domain
   4.198 +try:
   4.199 +    # XmTestAPIDomain tries to establish a connection to XenD
   4.200 +    domain = XmTestAPIDomain(extraConfig={ 'security_label' : vm_label_blue })
   4.201 +except Exception, e:
   4.202 +    SKIP("Skipping test. Error: %s" % str(e))
   4.203 +
   4.204 +
   4.205 +vm_uuid = domain.get_uuid()
   4.206 +
   4.207 +res = session.xenapi.VM.get_security_label(vm_uuid)
   4.208 +if res != vm_label_blue:
   4.209 +    FAIL("VM has security label '%s', expected is '%s'" %
   4.210 +         (res, vm_label_blue))
   4.211 +
   4.212 +try:
   4.213 +    domain.start(noConsole=True)
   4.214 +except:
   4.215 +    FAIL("Could not create domain")
   4.216 +
   4.217 +
   4.218 +# Attempt to relabel the running domain
   4.219 +ssidref = session.xenapi.VM.set_security_label(vm_uuid,
   4.220 +                                               vm_label_red,
   4.221 +                                               vm_label_blue)
   4.222 +if int(ssidref) <= 0:
   4.223 +    FAIL("Could not relabel running domain to '%s'." % vm_label_red)
   4.224 +
   4.225 +# user domain is 'red', dom0 is current 'SystemManagement'.
   4.226 +# Try to move domain-0 to 'red' first, then to 'blue'.
   4.227 +
   4.228 +# Moving domain-0 to 'red' should work
   4.229 +ssidref = session.xenapi.VM.set_security_label(DOM0_UUID,
   4.230 +                                               vm_label_red,
   4.231 +                                               vm_label_sys)
   4.232 +if int(ssidref) <= 0:
   4.233 +    FAIL("Could not label domain-0 '%s'" % vm_label_red)
   4.234 +
   4.235 +# Moving the guest domain to 'blue' should not work due to conflict set
   4.236 +try:
   4.237 +    ssidref = session.xenapi.VM.set_security_label(vm_uuid,
   4.238 +                                                   vm_label_blue,
   4.239 +                                                   vm_label_red)
   4.240 +    FAIL("Could label guest domain with '%s', although this is in a conflict "
   4.241 +         "set. ssidref=%x" % (vm_label_blue,int(ssidref)))
   4.242 +except:
   4.243 +    pass
   4.244 +
   4.245 +label = session.xenapi.VM.get_security_label(vm_uuid)
   4.246 +if label != vm_label_red:
   4.247 +    FAIL("User domain has wrong label '%s', expected '%s'." %
   4.248 +         (label, vm_label_red))
   4.249 +
   4.250 +label = session.xenapi.VM.get_security_label(DOM0_UUID)
   4.251 +if label != vm_label_red:
   4.252 +    FAIL("Domain-0 has wrong label '%s'; expected '%s'." %
   4.253 +         (label, vm_label_red))
   4.254 +
   4.255 +ssidref = session.xenapi.VM.set_security_label(DOM0_UUID,
   4.256 +                                               vm_label_sys,
   4.257 +                                               vm_label_red)
   4.258 +if int(ssidref) < 0:
   4.259 +    FAIL("Could not set the domain-0 security label to '%s'." %
   4.260 +         (vm_label_sys))
   4.261 +
   4.262 +# pause the domain and relabel it...
   4.263 +session.xenapi.VM.pause(vm_uuid)
   4.264 +
   4.265 +label = session.xenapi.VM.get_security_label(vm_uuid)
   4.266 +if label != vm_label_red:
   4.267 +    FAIL("User domain has wrong label '%s', expected '%s'." %
   4.268 +         (label, vm_label_red))
   4.269 +
   4.270 +ssidref = session.xenapi.VM.set_security_label(vm_uuid,
   4.271 +                                               vm_label_blue,
   4.272 +                                               vm_label_red)
   4.273 +print "guest domain new label '%s'; ssidref is 0x%08x" % \
   4.274 +      (vm_label_blue, int(ssidref))
   4.275 +if int(ssidref) <= 0:
   4.276 +    FAIL("Could not label guest domain with '%s'" % (vm_label_blue))
   4.277 +
   4.278 +label = session.xenapi.VM.get_security_label(vm_uuid)
   4.279 +if label != vm_label_blue:
   4.280 +    FAIL("User domain has wrong label '%s', expected '%s'." %
   4.281 +         (label, vm_label_blue))
   4.282 +
   4.283 +session.xenapi.VM.unpause(vm_uuid)
   4.284 +
   4.285 +rc = session.xenapi.VM.suspend(vm_uuid)
   4.286 +
   4.287 +ssidref = session.xenapi.VM.set_security_label(vm_uuid,
   4.288 +                                               vm_label_green,
   4.289 +                                               vm_label_blue)
   4.290 +print "guest domain new label '%s'; ssidref is 0x%08x" % \
   4.291 +      (vm_label_green, int(ssidref))
   4.292 +if int(ssidref) < 0:
   4.293 +    FAIL("Could not label suspended guest domain with '%s'" % (vm_label_blue))
   4.294 +
   4.295 +label = session.xenapi.VM.get_security_label(vm_uuid)
   4.296 +if label != vm_label_green:
   4.297 +    FAIL("User domain has wrong label '%s', expected '%s'." %
   4.298 +         (label, vm_label_green))
   4.299 +
   4.300 +
   4.301 +rc = session.xenapi.VM.resume(vm_uuid, False)
   4.302 +
   4.303 +label = session.xenapi.VM.get_security_label(vm_uuid)
   4.304 +if label != vm_label_green:
   4.305 +    FAIL("User domain has wrong label '%s', expected '%s'." %
   4.306 +         (label, vm_label_green))
     5.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     5.2 +++ b/tools/xm-test/tests/security-acm/08_security-acm_xapi.py	Wed Jul 18 10:08:37 2007 +0100
     5.3 @@ -0,0 +1,354 @@
     5.4 +#!/usr/bin/python
     5.5 +
     5.6 +# Copyright (C) International Business Machines Corp., 2007
     5.7 +# Author: Stefan Berger <stefanb@us.ibm.com>
     5.8 +
     5.9 +# VM creation test with labeled VM and labeled VDI
    5.10 +
    5.11 +from XmTestLib import xapi
    5.12 +from XmTestLib.XenAPIDomain import XmTestAPIDomain
    5.13 +from XmTestLib import *
    5.14 +from xen.xend import XendAPIConstants
    5.15 +from xen.util import acmpolicy, security, xsconstants
    5.16 +import commands
    5.17 +import os
    5.18 +
    5.19 +vm_label_red    = xsconstants.ACM_POLICY_ID + ":xm-test:red"
    5.20 +vm_label_green  = xsconstants.ACM_POLICY_ID + ":xm-test:green"
    5.21 +vdi_label_red   = xsconstants.ACM_POLICY_ID + ":xm-test:red"
    5.22 +vdi_label_green = xsconstants.ACM_POLICY_ID + ":xm-test:green"
    5.23 +
    5.24 +vdi_file = "/dev/ram0"
    5.25 +vdi_path = "phy:" + vdi_file
    5.26 +
    5.27 +#Note:
    5.28 +# If during the suspend/resume operations 'red' instead of 'green' is
    5.29 +# used, the Chinese Wall policy goes into effect and disallows the
    5.30 +# suspended VM from being resumed...
    5.31 +
    5.32 +try:
    5.33 +    # XmTestAPIDomain tries to establish a connection to XenD
    5.34 +    domain = XmTestAPIDomain(extraConfig={ 'security_label' : vm_label_red })
    5.35 +except Exception, e:
    5.36 +    SKIP("Skipping test. Error: %s" % str(e))
    5.37 +
    5.38 +vm_uuid = domain.get_uuid()
    5.39 +
    5.40 +session = xapi.connect()
    5.41 +xstype = session.xenapi.XSPolicy.get_xstype()
    5.42 +if int(xstype) & xsconstants.XS_POLICY_ACM == 0:
    5.43 +    SKIP("ACM not enabled/compiled in Xen")
    5.44 +
    5.45 +f = open("xm-test-security_policy.xml", 'r')
    5.46 +if f:
    5.47 +    newpolicyxml = f.read()
    5.48 +    f.close()
    5.49 +else:
    5.50 +    FAIL("Could not read 'xm-test' policy")
    5.51 +
    5.52 +policystate = session.xenapi.XSPolicy.get_xspolicy()
    5.53 +if int(policystate['type']) == 0:
    5.54 +    policystate = session.xenapi.XSPolicy.set_xspolicy(
    5.55 +                         xsconstants.XS_POLICY_ACM,
    5.56 +                         newpolicyxml,
    5.57 +                         xsconstants.XS_INST_BOOT | xsconstants.XS_INST_LOAD,
    5.58 +                         True)
    5.59 +    if int(policystate['flags']) == -1:
    5.60 +        FAIL("Could not set the new policy.")
    5.61 +
    5.62 +policystate = session.xenapi.XSPolicy.get_xspolicy()
    5.63 +print "policystate = %s" % policystate
    5.64 +acm_ref = policystate['xs_ref']
    5.65 +
    5.66 +
    5.67 +#
    5.68 +# Some tests with labeling of resources
    5.69 +#
    5.70 +labels = session.xenapi.XSPolicy.get_labeled_resources()
    5.71 +print "labeled resources are:\n%s" % labels
    5.72 +
    5.73 +oldlabel = session.xenapi.XSPolicy.get_resource_label("phy:/dev/ram0")
    5.74 +
    5.75 +rc  = session.xenapi.XSPolicy.set_resource_label("phy:/dev/ram0", "",
    5.76 +                                                 oldlabel)
    5.77 +
    5.78 +rc  = session.xenapi.XSPolicy.set_resource_label("phy:/dev/ram0",
    5.79 +                                                 vdi_label_green,
    5.80 +                                                 "")
    5.81 +
    5.82 +res = session.xenapi.XSPolicy.get_resource_label("phy:/dev/ram0")
    5.83 +if res != vdi_label_green:
    5.84 +    FAIL("(1) get_resource_label returned unexpected result %s, wanted %s" %
    5.85 +         (res, vdi_label_green))
    5.86 +
    5.87 +
    5.88 +#
    5.89 +# Some test with labeling of VMs
    5.90 +#
    5.91 +
    5.92 +res = session.xenapi.VM.get_security_label(vm_uuid)
    5.93 +
    5.94 +if res != vm_label_red:
    5.95 +    FAIL("VM.get_security_label returned wrong security label '%s'." % res)
    5.96 +
    5.97 +res = session.xenapi.VM.set_security_label(vm_uuid, vm_label_green,
    5.98 +                                                    vm_label_red)
    5.99 +
   5.100 +res = session.xenapi.VM.get_security_label(vm_uuid)
   5.101 +if res != vm_label_green:
   5.102 +     FAIL("VM does not show expected label '%s' but '%s'." %
   5.103 +          (vm_label_green, res))
   5.104 +
   5.105 +res = session.xenapi.VM.set_security_label(vm_uuid, "", vm_label_green)
   5.106 +if int(res) != 0:
   5.107 +    FAIL("Should be able to unlabel the domain while it's halted.")
   5.108 +
   5.109 +res = session.xenapi.VM.get_security_label(vm_uuid)
   5.110 +if res != "":
   5.111 +    FAIL("Unexpected VM security label after removal: %s" % res)
   5.112 +
   5.113 +res = session.xenapi.VM.set_security_label(vm_uuid, vm_label_red, res)
   5.114 +if int(res) != 0:
   5.115 +    FAIL("Could not label the VM to '%s'" % vm_label_red)
   5.116 +
   5.117 +res = session.xenapi.VM.get_security_label(vm_uuid)
   5.118 +if res != vm_label_red:
   5.119 +    FAIL("VM has wrong label '%s', expected '%s'." % (res, vm_label_red))
   5.120 +
   5.121 +sr_uuid = session.xenapi.SR.get_by_name_label("Local")
   5.122 +if len(sr_uuid) == 0:
   5.123 +    FAIL("Could not get a handle on SR 'Local'")
   5.124 +
   5.125 +
   5.126 +vdi_rec = { 'name_label'  : "My disk",
   5.127 +            'SR'          : sr_uuid[0],
   5.128 +            'virtual_size': 0,
   5.129 +            'sector_size' : 512,
   5.130 +            'parent'      : '',
   5.131 +            'SR_name'     : 'Local',
   5.132 +            'type'        : 'system',
   5.133 +            'shareable'   : False,
   5.134 +            'read-only'   : False,
   5.135 +            'other_config': {'location': vdi_path}
   5.136 +}
   5.137 +
   5.138 +vdi_ref = session.xenapi.VDI.create(vdi_rec)
   5.139 +
   5.140 +res = session.xenapi.VDI.get_name_label(vdi_ref)
   5.141 +if res != vdi_rec['name_label']:
   5.142 +    print "Destroying VDI now"
   5.143 +    session.xenapi.VDI.destroy(vdi_ref)
   5.144 +    FAIL("VDI_get_name_label return wrong information")
   5.145 +
   5.146 +res = session.xenapi.VDI.get_record(vdi_ref)
   5.147 +print "vdi_record : %s" % res
   5.148 +
   5.149 +oldlabel = session.xenapi.XSPolicy.get_resource_label(vdi_path)
   5.150 +
   5.151 +#Remove label from VDI device
   5.152 +rc  = session.xenapi.XSPolicy.set_resource_label(vdi_path,
   5.153 +                                                 "",
   5.154 +                                                 oldlabel)
   5.155 +
   5.156 +
   5.157 +# Attach a VBD to the VM
   5.158 +
   5.159 +vbd_rec = { 'VM'      : vm_uuid,
   5.160 +            'VDI'     : vdi_ref,
   5.161 +            'device'  : "xvda1",
   5.162 +            'mode'    : 1,
   5.163 +            'bootable': 0,
   5.164 +}
   5.165 +
   5.166 +vbd_ref = session.xenapi.VBD.create(vbd_rec)
   5.167 +
   5.168 +res = session.xenapi.VBD.get_record(vbd_ref)
   5.169 +
   5.170 +try:
   5.171 +    domain.start(noConsole=True)
   5.172 +    # Should not get here.
   5.173 +    print "Destroying VDI now"
   5.174 +    session.xenapi.VDI.destroy(vdi_ref)
   5.175 +    FAIL("Could start VM with a VBD that it is not allowed to access.")
   5.176 +except:
   5.177 +    pass
   5.178 +    print "Could not create domain -- that's good"
   5.179 +
   5.180 +
   5.181 +#
   5.182 +# Label the VDI now
   5.183 +#
   5.184 +
   5.185 +rc    = session.xenapi.VDI.set_security_label(vdi_ref, vdi_label_red, "")
   5.186 +if int(rc) != 0:
   5.187 +    FAIL("Could not set the VDI label to '%s'" % vdi_label_red)
   5.188 +
   5.189 +label = session.xenapi.VDI.get_security_label(vdi_ref)
   5.190 +if label != vdi_label_red:
   5.191 +    session.xenapi.VDI.destroy(vdi_ref)
   5.192 +    FAIL("Unexpected label '%s' on VDI, wanted '%s'" %
   5.193 +         (label, vdi_label_red))
   5.194 +
   5.195 +rc    = session.xenapi.VDI.set_security_label(vdi_ref, "", label)
   5.196 +if int(rc) != 0:
   5.197 +    session.xenapi.VDI.destroy(vdi_ref)
   5.198 +    FAIL("Should be able to unlabel VDI.")
   5.199 +
   5.200 +rc    = session.xenapi.VDI.set_security_label(vdi_ref, vdi_label_red, "")
   5.201 +if int(rc) != 0:
   5.202 +    session.xenapi.VDI.destroy(vdi_ref)
   5.203 +    FAIL("Should be able to label VDI with label '%s'" % vid_label_red)
   5.204 +
   5.205 +res   = session.xenapi.XSPolicy.get_resource_label(vdi_path)
   5.206 +if res != vdi_label_red:
   5.207 +    session.xenapi.VDI.destroy(vdi_ref)
   5.208 +    FAIL("(2) get_resource_label on %s returned unexpected result %s, wanted '%s'" %
   5.209 +         (vdi_path, res, vdi_label_red))
   5.210 +
   5.211 +res = session.xenapi.VDI.get_security_label(vdi_ref)
   5.212 +if res != vdi_label_red:
   5.213 +    session.xenapi.VDI.destroy(vdi_ref)
   5.214 +    FAIL("get_security_label returned unexpected result %s, wanted '%s'" %
   5.215 +         (res, vdi_label_red))
   5.216 +
   5.217 +domain.start(noConsole=True)
   5.218 +
   5.219 +console = domain.getConsole()
   5.220 +
   5.221 +domName = domain.getName()
   5.222 +
   5.223 +try:
   5.224 +    run = console.runCmd("cat /proc/interrupts")
   5.225 +except ConsoleError, e:
   5.226 +    saveLog(console.getHistory())
   5.227 +    FAIL("Could not access proc-filesystem")
   5.228 +
   5.229 +# Try to relabel while VM is running
   5.230 +try:
   5.231 +    res = session.xenapi.VM.set_security_label(vm_uuid, vm_label_green,
   5.232 +                                               vm_label_red)
   5.233 +except:
   5.234 +    pass
   5.235 +
   5.236 +lab = session.xenapi.VM.get_security_label(vm_uuid)
   5.237 +if lab == vm_label_green:
   5.238 +    FAIL("Should not be able to reset the security label while running."
   5.239 +         "tried to set to %s, got %s, old: %s" %(vm_label_green, lab,
   5.240 +         vm_label_red))
   5.241 +
   5.242 +
   5.243 +#
   5.244 +# Suspend the domain and relabel it
   5.245 +#
   5.246 +
   5.247 +try:
   5.248 +    status, output = traceCommand("xm suspend %s" % domName,
   5.249 +                                  timeout=30)
   5.250 +except TimeoutError, e:
   5.251 +    session.xenapi.VDI.destroy(vdi_ref)
   5.252 +    FAIL("Failure from suspending VM: %s." % str(e))
   5.253 +
   5.254 +# Try to relabel while VM is suspended -- this should work
   5.255 +
   5.256 +rc  = session.xenapi.VM.set_security_label(vm_uuid, vm_label_green,
   5.257 +                                           vm_label_red)
   5.258 +if int(rc) != 0:
   5.259 +    FAIL("VM security label could not be set to %s" % vm_label_green)
   5.260 +
   5.261 +res = session.xenapi.VM.get_security_label(vm_uuid)
   5.262 +if res != vm_label_green:
   5.263 +    session.xenapi.VDI.destroy(vdi_ref)
   5.264 +    FAIL("VM (suspended) has label '%s', expected '%s'." %
   5.265 +         (res, vm_label_green))
   5.266 +
   5.267 +status, output = traceCommand("xm list")
   5.268 +
   5.269 +#Try to resume now -- should fail due to denied access to block device
   5.270 +try:
   5.271 +    status, output = traceCommand("xm resume %s" % domName,
   5.272 +                                  timeout=30)
   5.273 +    if status == 0:
   5.274 +        session.xenapi.VDI.destroy(vdi_ref)
   5.275 +        FAIL("Could resume re-labeled VM: %s" % output)
   5.276 +except Exception, e:
   5.277 +    session.xenapi.VDI.destroy(vdi_ref)
   5.278 +    FAIL("1. Error resuming the VM: %s." % str(e))
   5.279 +
   5.280 +# Relabel VM so it would resume
   5.281 +res = session.xenapi.VM.set_security_label(vm_uuid, vm_label_red,
   5.282 +                                           vm_label_green)
   5.283 +if int(res) != 0:
   5.284 +    session.xenapi.VDI.destroy(vdi_ref)
   5.285 +    FAIL("Could not relabel VM to have it resume.")
   5.286 +
   5.287 +res = session.xenapi.VM.get_security_label(vm_uuid)
   5.288 +if res != vm_label_red:
   5.289 +    session.xenapi.VDI.destroy(vdi_ref)
   5.290 +    FAIL("VM (suspended) has label '%s', expected '%s'." %
   5.291 +         (res, vm_label_red))
   5.292 +
   5.293 +
   5.294 +# Relabel the resource so VM should not resume
   5.295 +try:
   5.296 +    session.xenapi.XSPolicy.set_resource_label(vdi_path,
   5.297 +                                               vdi_label_green,
   5.298 +                                               "")
   5.299 +except Exception, e:
   5.300 +    session.xenapi.VDI.destroy(vdi_ref)
   5.301 +    FAIL("Could not label the VDI to '%s': %x" %
   5.302 +         (vdi_label_green, int(rc)))
   5.303 +
   5.304 +#Try to resume now -- should fail due to denied access to block device
   5.305 +try:
   5.306 +    status, output = traceCommand("xm resume %s" % domName,
   5.307 +                                  timeout=30)
   5.308 +    if status == 0:
   5.309 +        session.xenapi.VDI.destroy(vdi_ref)
   5.310 +        FAIL("Could resume re-labeled VM: %s" % output)
   5.311 +except Exception, e:
   5.312 +    session.xenapi.VDI.destroy(vdi_ref)
   5.313 +    FAIL("2. Error resuming the VM: %s." % str(e))
   5.314 +
   5.315 +
   5.316 +status, output = traceCommand("xm list")
   5.317 +
   5.318 +# Relabel the resource so VM can resume
   5.319 +try:
   5.320 +    session.xenapi.XSPolicy.set_resource_label(vdi_path,
   5.321 +                                               vdi_label_red,
   5.322 +                                               vdi_label_green)
   5.323 +except Exception, e:
   5.324 +    session.xenapi.VDI.destroy(vdi_ref)
   5.325 +    FAIL("Could not label the resource to '%s'" % vid_label_red)
   5.326 +
   5.327 +res = session.xenapi.XSPolicy.get_resource_label(vdi_path)
   5.328 +if res != vdi_label_red:
   5.329 +    session.xenapi.VDI.destroy(vdi_ref)
   5.330 +    FAIL("'%s' has label '%s', expected '%s'." %
   5.331 +         (vdi_path, res, vdi_label_red))
   5.332 +
   5.333 +#Try to resume now -- should work
   5.334 +try:
   5.335 +    status, output = traceCommand("xm resume %s" % domName,
   5.336 +                                  timeout=30)
   5.337 +    if status != 0:
   5.338 +        session.xenapi.VDI.destroy(vdi_ref)
   5.339 +        FAIL("Could not resume re-labeled VM: %s" % output)
   5.340 +except Exception, e:
   5.341 +    session.xenapi.VDI.destroy(vdi_ref)
   5.342 +    FAIL("3. Error resuming the VM: %s." % str(e))
   5.343 +
   5.344 +
   5.345 +status, output = traceCommand("xm list")
   5.346 +
   5.347 +console = domain.getConsole()
   5.348 +
   5.349 +try:
   5.350 +    run = console.runCmd("cat /proc/interrupts")
   5.351 +except ConsoleError, e:
   5.352 +    saveLog(console.getHistory())
   5.353 +    session.xenapi.VDI.destroy(vdi_ref)
   5.354 +    FAIL("Could not access proc-filesystem")
   5.355 +
   5.356 +domain.stop()
   5.357 +domain.destroy()
     6.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     6.2 +++ b/tools/xm-test/tests/security-acm/09_security-acm_pol_update.py	Wed Jul 18 10:08:37 2007 +0100
     6.3 @@ -0,0 +1,427 @@
     6.4 +#!/usr/bin/python
     6.5 +
     6.6 +# Copyright (C) International Business Machines Corp., 2007
     6.7 +# Author: Stefan Berger <stefanb@us.ibm.com>
     6.8 +
     6.9 +# Test to exercise the xspolicy and acmpolicy classes
    6.10 +
    6.11 +from XmTestLib import xapi
    6.12 +from XmTestLib.XenAPIDomain import XmTestAPIDomain
    6.13 +from XmTestLib import *
    6.14 +from xen.xend import XendAPIConstants
    6.15 +from xen.util import security, xsconstants
    6.16 +from xen.util.acmpolicy import ACMPolicy
    6.17 +from xen.xend.XendDomain import DOM0_UUID
    6.18 +import base64
    6.19 +import struct
    6.20 +import time
    6.21 +
    6.22 +def typestoxml(types):
    6.23 +    res = ""
    6.24 +    for t in types:
    6.25 +        res += "<Type>" + t + "</Type>\n"
    6.26 +    return res
    6.27 +
    6.28 +def cfstoxml(cfss):
    6.29 +    res = ""
    6.30 +    for cfs in cfss:
    6.31 +        res += "<Conflict name=\"" + cfs['name'] + "\">\n" + \
    6.32 +               typestoxml(cfs['chws']) + \
    6.33 +               "</Conflict>\n"
    6.34 +    return res
    6.35 +
    6.36 +def vmlabelstoxml(vmlabels, vmfrommap):
    6.37 +    res = ""
    6.38 +    for vmlabel in vmlabels:
    6.39 +        res += "<VirtualMachineLabel>\n"
    6.40 +        if vmlabel['name'] in vmfrommap:
    6.41 +            res += "<Name from=\""+ vmfrommap[vmlabel['name']] +"\">"
    6.42 +        else:
    6.43 +            res += "<Name>"
    6.44 +        res += vmlabel['name'] + "</Name>\n"
    6.45 +        res += "<SimpleTypeEnforcementTypes>\n" + \
    6.46 +                  typestoxml(vmlabel['stes']) + \
    6.47 +               "</SimpleTypeEnforcementTypes>\n"
    6.48 +        if vmlabel.has_key('chws'):
    6.49 +            res += "<ChineseWallTypes>\n" + \
    6.50 +                     typestoxml(vmlabel['chws']) + \
    6.51 +                   "</ChineseWallTypes>\n"
    6.52 +        res += "</VirtualMachineLabel>\n"
    6.53 +    return res
    6.54 +
    6.55 +
    6.56 +def reslabelstoxml(reslabels, resfrommap):
    6.57 +    res = ""
    6.58 +    for reslabel in reslabels:
    6.59 +        res += "<ResourceLabel>\n"
    6.60 +        if resfrommap.has_key(reslabel['name']):
    6.61 +            res += "<Name from=\""+ resfrommap[reslabel['name']] +"\">"
    6.62 +        else:
    6.63 +            res += "<Name>"
    6.64 +        res += reslabel['name'] + "</Name>\n"
    6.65 +        res += "<SimpleTypeEnforcementTypes>\n" + \
    6.66 +                  typestoxml(reslabel['stes']) + \
    6.67 +               "</SimpleTypeEnforcementTypes>\n"
    6.68 +        res += "</ResourceLabel>\n"
    6.69 +    return res
    6.70 +
    6.71 +def create_xml_policy(hdr, stes, chws,
    6.72 +                      vmlabels, vmfrommap, bootstrap,
    6.73 +                      reslabels, resfrommap,
    6.74 +                      cfss):
    6.75 +    hdr_xml ="<PolicyHeader>\n" + \
    6.76 +             "  <PolicyName>" + hdr['name'] + "</PolicyName>\n" + \
    6.77 +             "  <Version>"    + hdr['version'] + "</Version>\n" + \
    6.78 +             "  <FromPolicy>\n" + \
    6.79 +             "    <PolicyName>" + hdr['oldname'] + "</PolicyName>\n" + \
    6.80 +             "    <Version>"    + hdr['oldversion'] + "</Version>\n" + \
    6.81 +             "  </FromPolicy>\n" + \
    6.82 +               "</PolicyHeader>\n"
    6.83 +
    6.84 +    stes_xml = "<SimpleTypeEnforcement>\n" + \
    6.85 +               "  <SimpleTypeEnforcementTypes>\n" + \
    6.86 +                typestoxml(stes) + \
    6.87 +               "  </SimpleTypeEnforcementTypes>\n" + \
    6.88 +               "</SimpleTypeEnforcement>\n"
    6.89 +
    6.90 +    chws_xml = "<ChineseWall>\n" + \
    6.91 +               "  <ChineseWallTypes>\n" + \
    6.92 +               typestoxml(chws) + \
    6.93 +               "  </ChineseWallTypes>\n" + \
    6.94 +               "  <ConflictSets>\n" + \
    6.95 +               cfstoxml(cfss) + \
    6.96 +               "  </ConflictSets>\n" + \
    6.97 +               "</ChineseWall>\n"
    6.98 +
    6.99 +    subjlabel_xml = "<SubjectLabels bootstrap=\""+ bootstrap +"\">\n" + \
   6.100 +                     vmlabelstoxml(vmlabels, vmfrommap) + \
   6.101 +                    "</SubjectLabels>\n"
   6.102 +    objlabel_xml  = "<ObjectLabels>\n" + \
   6.103 +                      reslabelstoxml(reslabels, resfrommap) + \
   6.104 +                    "</ObjectLabels>\n"
   6.105 +
   6.106 +    policyxml = "<?xml version=\"1.0\" ?>\n" + \
   6.107 +                "<SecurityPolicyDefinition xmlns=\"http://www.ibm.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://www.ibm.com ../../security_policy.xsd \">\n" + \
   6.108 +                hdr_xml + \
   6.109 +                stes_xml + \
   6.110 +                chws_xml + \
   6.111 +                "<SecurityLabelTemplate>\n" + \
   6.112 +                  subjlabel_xml + \
   6.113 +                  objlabel_xml + \
   6.114 +                "</SecurityLabelTemplate>\n" + \
   6.115 +                "</SecurityPolicyDefinition>\n"
   6.116 +    return policyxml
   6.117 +
   6.118 +
   6.119 +def update_hdr(hdr):
   6.120 +    """ Update the version information in the header """
   6.121 +    hdr['oldversion'] = hdr['version']
   6.122 +    hdr['oldname']    = hdr['name']
   6.123 +    vers = hdr['version']
   6.124 +    tmp = vers.split('.')
   6.125 +    if len(tmp) == 1:
   6.126 +        rev = 1
   6.127 +    else:
   6.128 +        rev = int(tmp[1]) + 1
   6.129 +    hdr['version'] = "%s.%s" % (tmp[0],rev)
   6.130 +    return hdr
   6.131 +
   6.132 +session = xapi.connect()
   6.133 +
   6.134 +policystate = session.xenapi.XSPolicy.get_xspolicy()
   6.135 +
   6.136 +if policystate['repr'] != "":
   6.137 +    print "%s" % policystate['repr']
   6.138 +    try:
   6.139 +        acmpol = ACMPolicy(xml=policystate['repr'])
   6.140 +    except Exception, e:
   6.141 +        FAIL("Failure from creating ACMPolicy object: %s" % str(e))
   6.142 +    oldname = acmpol.policy_dom_get_hdr_item("PolicyName")
   6.143 +    oldvers = acmpol.policy_dom_get_hdr_item("Version")
   6.144 +    tmp = oldvers.split(".")
   6.145 +    if len(tmp) == 1:
   6.146 +        rev = 1
   6.147 +    else:
   6.148 +        rev = int(tmp[1]) + 1
   6.149 +    newvers = "%s.%s" % (tmp[0], str(rev))
   6.150 +    print "old name/version = %s/%s" % (oldname, oldvers)
   6.151 +else:
   6.152 +    oldname = None
   6.153 +    oldvers = None
   6.154 +    newvers = "1.0"
   6.155 +
   6.156 +# Initialize the header of the policy
   6.157 +hdr = {}
   6.158 +hdr['name'] = "xm-test"
   6.159 +hdr['version'] = newvers
   6.160 +
   6.161 +if oldname:
   6.162 +    hdr['oldname']    = oldname
   6.163 +    if oldvers and oldvers != "":
   6.164 +        hdr['oldversion'] = oldvers
   6.165 +
   6.166 +stes = [ "SystemManagement", "red", "green", "blue" ]
   6.167 +
   6.168 +chws = [ "SystemManagement", "red", "green", "blue" ]
   6.169 +
   6.170 +bootstrap = "SystemManagement"
   6.171 +
   6.172 +vm_sysmgt = { 'name' : bootstrap,
   6.173 +              'stes' : stes,
   6.174 +              'chws' : [ "SystemManagement" ] }
   6.175 +
   6.176 +vm_red   = { 'name' : "red" ,
   6.177 +             'stes' : ["red"] ,
   6.178 +             'chws' : ["red"] }
   6.179 +
   6.180 +vm_green = { 'name' : "green" ,
   6.181 +             'stes' : ["green"] ,
   6.182 +             'chws' : ["green"] }
   6.183 +
   6.184 +vm_blue  = { 'name' : "blue" ,
   6.185 +             'stes' : ["blue"] ,
   6.186 +             'chws' : ["blue"] }
   6.187 +
   6.188 +res_red   = { 'name' : "red" ,
   6.189 +              'stes' : ["red"] }
   6.190 +
   6.191 +res_green = { 'name' : "green" ,
   6.192 +              'stes' : ["green"] }
   6.193 +
   6.194 +res_blue  = { 'name' : "blue" ,
   6.195 +              'stes' : ["blue"] }
   6.196 +
   6.197 +cfs_1 = { 'name' : "CFS1",
   6.198 +          'chws' : [ "red" , "blue" ] }
   6.199 +
   6.200 +vmlabels = [ vm_sysmgt, vm_red, vm_green, vm_blue ]
   6.201 +vmfrommap = {}
   6.202 +reslabels = [ res_red, res_green, res_blue ]
   6.203 +resfrommap = {}
   6.204 +cfss = [ cfs_1 ]
   6.205 +
   6.206 +vm_label_red    = xsconstants.ACM_POLICY_ID + ":xm-test:red"
   6.207 +vm_label_green  = xsconstants.ACM_POLICY_ID + ":xm-test:green"
   6.208 +vm_label_blue   = xsconstants.ACM_POLICY_ID + ":xm-test:blue"
   6.209 +
   6.210 +xml = create_xml_policy(hdr, stes, chws,
   6.211 +                        vmlabels, vmfrommap, bootstrap,
   6.212 +                        reslabels, resfrommap,
   6.213 +                        cfss)
   6.214 +
   6.215 +xml_good = xml
   6.216 +
   6.217 +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM,
   6.218 +                                                   xml,
   6.219 +                                                   xsconstants.XS_INST_LOAD,
   6.220 +                                                   True)
   6.221 +
   6.222 +print "\n\npolicystate = %s" % policystate
   6.223 +
   6.224 +policystate = session.xenapi.XSPolicy.get_xspolicy()
   6.225 +
   6.226 +#
   6.227 +# Create two non-conflicting domains and start them
   6.228 +#
   6.229 +try:
   6.230 +    # XmTestAPIDomain tries to establish a connection to XenD
   6.231 +    domain1 = XmTestAPIDomain(extraConfig={ 'security_label' : vm_label_red })
   6.232 +except Exception, e:
   6.233 +    SKIP("Skipping test. Error: %s" % str(e))
   6.234 +
   6.235 +
   6.236 +vm1_uuid = domain1.get_uuid()
   6.237 +
   6.238 +try:
   6.239 +    domain1.start(noConsole=True)
   6.240 +except:
   6.241 +    FAIL("Could not start domain1")
   6.242 +
   6.243 +print "Domain 1 started"
   6.244 +
   6.245 +try:
   6.246 +    # XmTestAPIDomain tries to establish a connection to XenD
   6.247 +    domain2 = XmTestAPIDomain(extraConfig={'security_label': vm_label_green })
   6.248 +except Exception, e:
   6.249 +    SKIP("Skipping test. Error: %s" % str(e))
   6.250 +
   6.251 +vm2_uuid = domain2.get_uuid()
   6.252 +
   6.253 +try:
   6.254 +    domain2.start(noConsole=True)
   6.255 +except:
   6.256 +    FAIL("Could not start domain1")
   6.257 +
   6.258 +
   6.259 +print "Domain 2 started"
   6.260 +
   6.261 +# Try a policy that would put the two domains into conflict
   6.262 +cfs_2 = { 'name' : "CFS1",
   6.263 +          'chws' : [ "red" , "green" ] }
   6.264 +cfss = [ cfs_2 ]
   6.265 +
   6.266 +hdr = update_hdr(hdr)
   6.267 +xml = create_xml_policy(hdr, stes, chws,
   6.268 +                        vmlabels, vmfrommap, bootstrap,
   6.269 +                        reslabels, resfrommap,
   6.270 +                        cfss)
   6.271 +
   6.272 +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM,
   6.273 +                                                   xml,
   6.274 +                                                   xsconstants.XS_INST_LOAD,
   6.275 +                                                   True)
   6.276 +
   6.277 +print "policystate %s" % policystate
   6.278 +
   6.279 +if int(policystate['xserr']) == 0:
   6.280 +    FAIL("(1) Should not have been able to set this policy.")
   6.281 +
   6.282 +if len(policystate['errors']) == 0:
   6.283 +    FAIL("Hypervisor should have reported errros.")
   6.284 +
   6.285 +errors = base64.b64decode(policystate['errors'])
   6.286 +
   6.287 +print "Length of errors: %d" % len(errors)
   6.288 +a,b = struct.unpack("!ii",errors)
   6.289 +
   6.290 +print "%08x , %08x" % (a,b)
   6.291 +
   6.292 +#
   6.293 +# Create a faulty policy with 'red' STE missing
   6.294 +#
   6.295 +
   6.296 +cfss = [ cfs_1 ]
   6.297 +stes = [ "SystemManagement", "green", "blue" ]
   6.298 +
   6.299 +xml = create_xml_policy(hdr, stes, chws,
   6.300 +                        vmlabels, vmfrommap, bootstrap,
   6.301 +                        reslabels, resfrommap,
   6.302 +                        cfss)
   6.303 +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM,
   6.304 +                                                   xml,
   6.305 +                                                   xsconstants.XS_INST_LOAD,
   6.306 +                                                   True)
   6.307 +
   6.308 +print "Result from setting faulty(!) policy with STE 'red' missing:"
   6.309 +print "policystate %s" % policystate
   6.310 +
   6.311 +if int(policystate['xserr']) == 0:
   6.312 +    FAIL("(2) Should not have been able to set this policy.")
   6.313 +
   6.314 +#
   6.315 +# Create a policy with 'red' VMLabel missing -- should not work since it is
   6.316 +# in use.
   6.317 +#
   6.318 +stes = [ "SystemManagement", "red", "green", "blue" ]
   6.319 +
   6.320 +vmlabels = [ vm_sysmgt, vm_green, vm_blue ]
   6.321 +
   6.322 +xml = create_xml_policy(hdr, stes, chws,
   6.323 +                        vmlabels, vmfrommap, bootstrap,
   6.324 +                        reslabels, resfrommap,
   6.325 +                        cfss)
   6.326 +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM,
   6.327 +                                                   xml,
   6.328 +                                                   xsconstants.XS_INST_LOAD,
   6.329 +                                                   True)
   6.330 +print "Result from setting faulty(!) policy with VMlabel 'red' missing:"
   6.331 +print "policystate %s" % policystate
   6.332 +
   6.333 +if int(policystate['xserr']) == 0:
   6.334 +    FAIL("(3) Should not have been able to set this policy.")
   6.335 +
   6.336 +#
   6.337 +# Create a policy with 'blue' VMLabel missing -- should work since it is NOT
   6.338 +# in use.
   6.339 +#
   6.340 +vmlabels = [ vm_sysmgt, vm_red, vm_green ]
   6.341 +
   6.342 +xml = create_xml_policy(hdr, stes, chws,
   6.343 +                        vmlabels, vmfrommap, bootstrap,
   6.344 +                        reslabels, resfrommap,
   6.345 +                        cfss)
   6.346 +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM,
   6.347 +                                                   xml,
   6.348 +                                                   xsconstants.XS_INST_LOAD,
   6.349 +                                                   True)
   6.350 +
   6.351 +print "Result from setting (good) policy with VMlabel 'blue' missing:"
   6.352 +print "policystate %s" % policystate
   6.353 +
   6.354 +if int(policystate['xserr']) != 0:
   6.355 +    FAIL("(4) Should have been able to set this policy: %s" % xml)
   6.356 +
   6.357 +#
   6.358 +# Move the green VMLabel towards blue which should put the running
   6.359 +# domain with label blue into a conflict set
   6.360 +#
   6.361 +vmlabels = [ vm_sysmgt, vm_red, vm_blue ]
   6.362 +
   6.363 +vmfrommap = { "blue" : "green" }  #  new : old
   6.364 +
   6.365 +hdr = update_hdr(hdr)  #Needed, since last update was successful
   6.366 +xml = create_xml_policy(hdr, stes, chws,
   6.367 +                        vmlabels, vmfrommap, bootstrap,
   6.368 +                        reslabels, resfrommap,
   6.369 +                        cfss)
   6.370 +
   6.371 +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM,
   6.372 +                                                   xml,
   6.373 +                                                   xsconstants.XS_INST_LOAD,
   6.374 +                                                   True)
   6.375 +
   6.376 +print "policystate %s" % policystate
   6.377 +
   6.378 +if int(policystate['xserr']) == 0:
   6.379 +    FAIL("(5) Should not have been able to set this policy.")
   6.380 +
   6.381 +#
   6.382 +# Try to install a policy where a VM label has a faulty VM label name
   6.383 +#
   6.384 +vmfrommap = {}
   6.385 +
   6.386 +vm_blue_bad = { 'name' : "blue:x" ,   # ':' no allowed
   6.387 +                'stes' : ["blue"],
   6.388 +                'chws' : ["blue"] }
   6.389 +
   6.390 +vmlabels = [ vm_sysmgt, vm_red, vm_green, vm_blue_bad ]
   6.391 +
   6.392 +xml = create_xml_policy(hdr, stes, chws,
   6.393 +                        vmlabels, vmfrommap, bootstrap,
   6.394 +                        reslabels, resfrommap,
   6.395 +                        cfss)
   6.396 +
   6.397 +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM,
   6.398 +                                                   xml,
   6.399 +                                                   xsconstants.XS_INST_LOAD,
   6.400 +                                                   True)
   6.401 +
   6.402 +print "policystate %s" % policystate
   6.403 +
   6.404 +if int(policystate['xserr']) == 0:
   6.405 +    FAIL("(6) Should not have been able to set this policy.")
   6.406 +
   6.407 +#
   6.408 +# End the test by installing the initial policy again
   6.409 +#
   6.410 +
   6.411 +cur_version = hdr['version']
   6.412 +(maj, min) = cur_version.split(".")
   6.413 +cur_version = "%s.%s" % (maj, str(int(min)-1) )
   6.414 +
   6.415 +orig_acmpol = ACMPolicy(xml=xml_good)
   6.416 +orig_acmpol.set_frompolicy_version(cur_version)
   6.417 +orig_acmpol.set_policy_version(hdr['version'])
   6.418 +
   6.419 +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM,
   6.420 +                                                   orig_acmpol.toxml(),
   6.421 +                                                   xsconstants.XS_INST_LOAD,
   6.422 +                                                   True)
   6.423 +
   6.424 +if int(policystate['xserr']) != 0:
   6.425 +    FAIL("(END) Should have been able to set this policy.")
   6.426 +
   6.427 +domain1.stop()
   6.428 +domain2.stop()
   6.429 +domain1.destroy()
   6.430 +domain2.destroy()
     7.1 --- a/tools/xm-test/tests/security-acm/Makefile.am	Wed Jul 18 10:04:46 2007 +0100
     7.2 +++ b/tools/xm-test/tests/security-acm/Makefile.am	Wed Jul 18 10:08:37 2007 +0100
     7.3 @@ -5,7 +5,10 @@ TESTS = 01_security-acm_basic.test \
     7.4          03_security-acm_dom_conflict.test \
     7.5          04_security-acm_dom_res.test \
     7.6          05_security-acm_dom_res_conf.test \
     7.7 -        06_security-acm_dom_block_attach.test
     7.8 +        06_security-acm_dom_block_attach.test \
     7.9 +        07_security-acm_pol_update.test \
    7.10 +        08_security-acm_xapi.test \
    7.11 +        09_security-acm_pol_update.test
    7.12  
    7.13  XFAIL_TESTS =
    7.14  
     8.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     8.2 +++ b/tools/xm-test/tests/security-acm/xm-test-new-security_policy.xml	Wed Jul 18 10:08:37 2007 +0100
     8.3 @@ -0,0 +1,97 @@
     8.4 +<?xml version="1.0" encoding="UTF-8"?>
     8.5 +<!-- Auto-generated by ezPolicy        -->
     8.6 +<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd ">
     8.7 +    <PolicyHeader>
     8.8 +        <PolicyName>xm-test</PolicyName>
     8.9 +        <Date>Fri Sep 29 14:44:38 2006</Date>
    8.10 +        <Version>1.1</Version>
    8.11 +        <FromPolicy>
    8.12 +            <PolicyName>xm-test</PolicyName>
    8.13 +            <Version>1.0</Version>
    8.14 +        </FromPolicy>
    8.15 +    </PolicyHeader>
    8.16 +
    8.17 +    <SimpleTypeEnforcement>
    8.18 +        <SimpleTypeEnforcementTypes>
    8.19 +            <Type>SystemManagement</Type>
    8.20 +            <Type>green</Type>
    8.21 +            <Type>red</Type>
    8.22 +        </SimpleTypeEnforcementTypes>
    8.23 +    </SimpleTypeEnforcement>
    8.24 +
    8.25 +    <ChineseWall priority="PrimaryPolicyComponent">
    8.26 +        <ChineseWallTypes>
    8.27 +            <Type>SystemManagement</Type>
    8.28 +            <Type>green</Type>
    8.29 +            <Type>red</Type>
    8.30 +        </ChineseWallTypes>
    8.31 +
    8.32 +        <ConflictSets>
    8.33 +            <Conflict name="RER">
    8.34 +                <Type>green</Type>
    8.35 +                <Type>red</Type>
    8.36 +            </Conflict>
    8.37 +       </ConflictSets>
    8.38 +    </ChineseWall>
    8.39 +
    8.40 +    <SecurityLabelTemplate>
    8.41 +        <SubjectLabels bootstrap="SystemManagement">
    8.42 +            <VirtualMachineLabel>
    8.43 +                <Name>SystemManagement</Name>
    8.44 +                <SimpleTypeEnforcementTypes>
    8.45 +                    <Type>SystemManagement</Type>
    8.46 +                    <Type>green</Type>
    8.47 +                    <Type>red</Type>
    8.48 +                </SimpleTypeEnforcementTypes>
    8.49 +                <ChineseWallTypes>
    8.50 +                    <Type>SystemManagement</Type>
    8.51 +                </ChineseWallTypes>
    8.52 +            </VirtualMachineLabel>
    8.53 +
    8.54 +            <VirtualMachineLabel>
    8.55 +                <Name>green</Name>
    8.56 +                <SimpleTypeEnforcementTypes>
    8.57 +                    <Type>green</Type>
    8.58 +                </SimpleTypeEnforcementTypes>
    8.59 +                <ChineseWallTypes>
    8.60 +                    <Type>green</Type>
    8.61 +                </ChineseWallTypes>
    8.62 +            </VirtualMachineLabel>
    8.63 +
    8.64 +            <VirtualMachineLabel>
    8.65 +                <Name>red</Name>
    8.66 +                <SimpleTypeEnforcementTypes>
    8.67 +                    <Type>red</Type>
    8.68 +                </SimpleTypeEnforcementTypes>
    8.69 +                <ChineseWallTypes>
    8.70 +                    <Type>red</Type>
    8.71 +                </ChineseWallTypes>
    8.72 +            </VirtualMachineLabel>
    8.73 +
    8.74 +        </SubjectLabels>
    8.75 +
    8.76 +        <ObjectLabels>
    8.77 +            <ResourceLabel>
    8.78 +                <Name>SystemManagement</Name>
    8.79 +                <SimpleTypeEnforcementTypes>
    8.80 +                    <Type>SystemManagement</Type>
    8.81 +                </SimpleTypeEnforcementTypes>
    8.82 +            </ResourceLabel>
    8.83 +
    8.84 +            <ResourceLabel>
    8.85 +                <Name>green</Name>
    8.86 +                <SimpleTypeEnforcementTypes>
    8.87 +                    <Type>green</Type>
    8.88 +                </SimpleTypeEnforcementTypes>
    8.89 +            </ResourceLabel>
    8.90 +
    8.91 +            <ResourceLabel>
    8.92 +                <Name>red</Name>
    8.93 +                <SimpleTypeEnforcementTypes>
    8.94 +                    <Type>red</Type>
    8.95 +                </SimpleTypeEnforcementTypes>
    8.96 +            </ResourceLabel>
    8.97 +
    8.98 +        </ObjectLabels>
    8.99 +    </SecurityLabelTemplate>
   8.100 +</SecurityPolicyDefinition>