ia64/xen-unstable

changeset 17511:86b8417db325

ACM: Put hash of XML policy into binary policy to tie them together

This patch extends the ACM binary policy format with an embedded hash
of the corresponding XML policy in order to tie them together. This
allows xend to determine whether it has the correct XML policy in its
repository and react appropriately if it does not have it.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author Keir Fraser <keir.fraser@citrix.com>
date Wed Apr 23 13:29:09 2008 +0100 (2008-04-23)
parents bc7ee2f93852
children ee8fe9aa9c55
files tools/python/xen/util/acmpolicy.py tools/python/xen/xend/XendXSPolicyAdmin.py xen/include/public/xsm/acm.h xen/include/xsm/acm/acm_core.h xen/xsm/acm/acm_policy.c
line diff
     1.1 --- a/tools/python/xen/util/acmpolicy.py	Wed Apr 23 13:32:58 2008 +0100
     1.2 +++ b/tools/python/xen/util/acmpolicy.py	Wed Apr 23 13:29:09 2008 +0100
     1.3 @@ -17,6 +17,7 @@
     1.4  #============================================================================
     1.5  
     1.6  import os
     1.7 +import sha
     1.8  import stat
     1.9  import array
    1.10  import struct
    1.11 @@ -35,7 +36,7 @@ ACM_POLICIES_DIR = security.policy_dir_p
    1.12  
    1.13  # Constants needed for generating a binary policy from its XML
    1.14  # representation
    1.15 -ACM_POLICY_VERSION = 3  # Latest one
    1.16 +ACM_POLICY_VERSION = 4  # Latest one
    1.17  ACM_CHWALL_VERSION = 1
    1.18  
    1.19  ACM_STE_VERSION = 1
    1.20 @@ -965,6 +966,10 @@ class ACMPolicy(XSPolicy):
    1.21              return dom.toxml()
    1.22          return None
    1.23  
    1.24 +    def hash(self):
    1.25 +        """ Calculate a SAH1 hash of the XML policy """
    1.26 +        return sha.sha(self.toxml())
    1.27 +
    1.28      def save(self):
    1.29          ### Save the XML policy into a file ###
    1.30          rc = -xsconstants.XSERR_FILE_ERROR
    1.31 @@ -1403,7 +1408,7 @@ class ACMPolicy(XSPolicy):
    1.32              ste_bin += "\x00"
    1.33  
    1.34          #Write binary header:
    1.35 -        headerformat="!iiiiiiiiii"
    1.36 +        headerformat="!iiiiiiiiii20s"
    1.37          totallen_bin = struct.calcsize(headerformat) + \
    1.38                         len(pr_bin) + len(chw_bin) + len(ste_bin)
    1.39          polref_offset = struct.calcsize(headerformat)
    1.40 @@ -1425,7 +1430,8 @@ class ACMPolicy(XSPolicy):
    1.41                                primpoloffset,
    1.42                                secpolcode,
    1.43                                secpoloffset,
    1.44 -                              major, minor)
    1.45 +                              major, minor,
    1.46 +                              self.hash().digest())
    1.47  
    1.48          all_bin = array.array('B')
    1.49          for s in [ hdr_bin, pr_bin, chw_bin, ste_bin ]:
    1.50 @@ -1443,6 +1449,21 @@ class ACMPolicy(XSPolicy):
    1.51              rc = -xsconstants.XSERR_BAD_LABEL
    1.52          return rc, mapfile, all_bin.tostring()
    1.53  
    1.54 +    def validate_enforced_policy_hash(self):
    1.55 +        """ verify that the policy hash embedded in the binary policy
    1.56 +            that is currently enforce matches the one of the XML policy.
    1.57 +        """
    1.58 +        if self.hash().digest() != self.get_enforced_policy_hash():
    1.59 +            raise Exception('Policy hashes do not match')
    1.60 +
    1.61 +    def get_enforced_policy_hash(self):
    1.62 +        binpol = self.get_enforced_binary()
    1.63 +        headerformat="!iiiiiiiiii20s"
    1.64 +        res = struct.unpack(headerformat, binpol[:60])
    1.65 +        if len(res) >= 11:
    1.66 +            return res[10]
    1.67 +        return None
    1.68 +
    1.69      def get_enforced_binary(self):
    1.70          rc, binpol = security.hv_get_policy()
    1.71          if rc != 0:
     2.1 --- a/tools/python/xen/xend/XendXSPolicyAdmin.py	Wed Apr 23 13:32:58 2008 +0100
     2.2 +++ b/tools/python/xen/xend/XendXSPolicyAdmin.py	Wed Apr 23 13:29:09 2008 +0100
     2.3 @@ -54,6 +54,7 @@ class XSPolicyAdmin:
     2.4          try:
     2.5              self.xsobjs[ref] = ACMPolicy(name=act_pol_name, ref=ref)
     2.6              self.policies[ref] = (act_pol_name, xsconstants.ACM_POLICY_ID)
     2.7 +            self.xsobjs[ref].validate_enforced_policy_hash()
     2.8          except Exception, e:
     2.9              log.error("Could not find XML representation of policy '%s': "
    2.10                        "%s" % (act_pol_name,e))
     3.1 --- a/xen/include/public/xsm/acm.h	Wed Apr 23 13:32:58 2008 +0100
     3.2 +++ b/xen/include/public/xsm/acm.h	Wed Apr 23 13:29:09 2008 +0100
     3.3 @@ -91,7 +91,7 @@
     3.4   * whenever the interpretation of the related
     3.5   * policy's data structure changes
     3.6   */
     3.7 -#define ACM_POLICY_VERSION 3
     3.8 +#define ACM_POLICY_VERSION 4
     3.9  #define ACM_CHWALL_VERSION 1
    3.10  #define ACM_STE_VERSION  1
    3.11  
    3.12 @@ -131,6 +131,10 @@ typedef uint16_t domaintype_t;
    3.13  /* high-16 = version, low-16 = check magic */
    3.14  #define ACM_MAGIC  0x0001debc
    3.15  
    3.16 +/* size of the SHA1 hash identifying the XML policy from which the
    3.17 +   binary policy was created */
    3.18 +#define ACM_SHA1_HASH_SIZE    20
    3.19 +
    3.20  /* each offset in bytes from start of the struct they
    3.21   * are part of */
    3.22  
    3.23 @@ -160,6 +164,7 @@ struct acm_policy_buffer {
    3.24      uint32_t secondary_policy_code;
    3.25      uint32_t secondary_buffer_offset;
    3.26      struct acm_policy_version xml_pol_version; /* add in V3 */
    3.27 +    uint8_t xml_policy_hash[ACM_SHA1_HASH_SIZE]; /* added in V4 */
    3.28  };
    3.29  
    3.30  
     4.1 --- a/xen/include/xsm/acm/acm_core.h	Wed Apr 23 13:32:58 2008 +0100
     4.2 +++ b/xen/include/xsm/acm/acm_core.h	Wed Apr 23 13:29:09 2008 +0100
     4.3 @@ -34,6 +34,7 @@ struct acm_binary_policy {
     4.4      u16 primary_policy_code;
     4.5      u16 secondary_policy_code;
     4.6      struct acm_policy_version xml_pol_version;
     4.7 +    u8 xml_policy_hash[ACM_SHA1_HASH_SIZE];
     4.8  };
     4.9  
    4.10  struct chwall_binary_policy {
     5.1 --- a/xen/xsm/acm/acm_policy.c	Wed Apr 23 13:32:58 2008 +0100
     5.2 +++ b/xen/xsm/acm/acm_policy.c	Wed Apr 23 13:29:09 2008 +0100
     5.3 @@ -156,6 +156,10 @@ static int
     5.4             &pol->xml_pol_version,
     5.5             sizeof(acm_bin_pol.xml_pol_version));
     5.6  
     5.7 +    memcpy(&acm_bin_pol.xml_policy_hash,
     5.8 +           pol->xml_policy_hash,
     5.9 +           sizeof(acm_bin_pol.xml_policy_hash));
    5.10 +
    5.11      if ( acm_primary_ops->is_default_policy() &&
    5.12           acm_secondary_ops->is_default_policy() )
    5.13          require_update = 0;
    5.14 @@ -258,6 +262,10 @@ acm_get_policy(XEN_GUEST_HANDLE_64(void)
    5.15             &acm_bin_pol.xml_pol_version,
    5.16             sizeof(struct acm_policy_version));
    5.17  
    5.18 +    memcpy(&bin_pol->xml_policy_hash,
    5.19 +           &acm_bin_pol.xml_policy_hash,
    5.20 +           sizeof(acm_bin_pol.xml_policy_hash));
    5.21 +
    5.22      ret = acm_dump_policy_reference(
    5.23                 policy_buffer + be32_to_cpu(bin_pol->policy_reference_offset),
    5.24                 buf_size - be32_to_cpu(bin_pol->policy_reference_offset));