ia64/xen-unstable

changeset 15588:bd2f9628114e

[Docs] Documentation of extension of the Xen-API for managing security policies

Provides an extension to the Xen-API documentation with the classes
and methods implemented for supporting of managing security policies
using the Xen-API.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author kfraser@localhost.localdomain
date Thu Jul 12 10:06:44 2007 +0100 (2007-07-12)
parents d0477293897c
children e704430b5b32
files docs/xen-api/xenapi-datamodel-graph.dot docs/xen-api/xenapi-datamodel.tex
line diff
     1.1 --- a/docs/xen-api/xenapi-datamodel-graph.dot	Thu Jul 12 09:53:58 2007 +0100
     1.2 +++ b/docs/xen-api/xenapi-datamodel-graph.dot	Thu Jul 12 10:06:44 2007 +0100
     1.3 @@ -12,7 +12,7 @@
     1.4  digraph "Xen-API Class Diagram" {
     1.5  fontname="Verdana";
     1.6  
     1.7 -node [ shape=box ]; session VM host network VIF PIF SR VDI VBD PBD user;
     1.8 +node [ shape=box ]; session VM host network VIF PIF SR VDI VBD PBD user XSPolicy ACMPolicy;
     1.9  node [shape=ellipse]; PIF_metrics VIF_metrics VM_metrics VBD_metrics PBD_metrics VM_guest_metrics host_metrics;
    1.10  node [shape=box]; host_cpu console
    1.11  session -> host [ arrowhead="none" ]
    1.12 @@ -36,4 +36,6 @@ VDI -> VBD [ arrowhead="crow", arrowtail
    1.13  VBD -> VM [ arrowhead="none", arrowtail="crow" ]
    1.14  VTPM -> VM [ arrowhead="none", arrowtail="crow" ]
    1.15  VBD -> VBD_metrics [ arrowhead="none" ]
    1.16 +XSPolicy -> host [ arrowhead="none" ]
    1.17 +XSPolicy -> ACMPolicy [ arrowhead="none" ]
    1.18  }
     2.1 --- a/docs/xen-api/xenapi-datamodel.tex	Thu Jul 12 09:53:58 2007 +0100
     2.2 +++ b/docs/xen-api/xenapi-datamodel.tex	Thu Jul 12 10:06:44 2007 +0100
     2.3 @@ -46,6 +46,8 @@ Name & Description \\
     2.4  {\tt console} & A console \\
     2.5  {\tt user} & A user of the system \\
     2.6  {\tt debug} & A basic class for testing \\
     2.7 +{\tt XSPolicy} & A class for handling Xen Security Policies \\
     2.8 +{\tt ACMPolicy} & A class for handling ACM-type policies \\
     2.9  \hline
    2.10  \end{tabular}\end{center}
    2.11  \section{Relationships Between Classes}
    2.12 @@ -226,6 +228,7 @@ The following enumeration types are used
    2.13  
    2.14  \vspace{1cm}
    2.15  \newpage
    2.16 +
    2.17  \section{Error Handling}
    2.18  When a low-level transport error occurs, or a request is malformed at the HTTP
    2.19  or XML-RPC level, the server may send an XML-RPC Fault response, or the client
    2.20 @@ -469,6 +472,17 @@ HVM is required for this operation
    2.21  \begin{verbatim}VM_HVM_REQUIRED(vm)\end{verbatim}
    2.22  \begin{center}\rule{10em}{0.1pt}\end{center}
    2.23  
    2.24 +\subsubsection{SECURITY\_ERROR}
    2.25 +
    2.26 +A security error occurred. The parameter provides the xen security
    2.27 +error code and a message describing the error.
    2.28 +
    2.29 +\vspace{0.3cm}
    2.30 +{\bf Signature:}
    2.31 +\begin{verbatim}SECURITY_ERROR(xserr, message)\end{verbatim}
    2.32 +\begin{center}\rule{10em}{0.1pt}\end{center}
    2.33 +
    2.34 +
    2.35  \newpage
    2.36  \section{Class: session}
    2.37  \subsection{Fields for class: session}
    2.38 @@ -1401,6 +1415,7 @@ Quals & Field & Type & Description \\
    2.39  $\mathit{RO}_\mathit{run}$ &  {\tt is\_control\_domain} & bool & true if this is a control domain (domain 0 or a driver domain) \\
    2.40  $\mathit{RO}_\mathit{run}$ &  {\tt metrics} & VM\_metrics ref & metrics associated with this VM \\
    2.41  $\mathit{RO}_\mathit{run}$ &  {\tt guest\_metrics} & VM\_guest\_metrics ref & metrics associated with the running guest \\
    2.42 +$\mathit{RO}_\mathit{run}$ &  {\tt security/label} & string & the VM's security label \\
    2.43  \hline
    2.44  \end{longtable}
    2.45  \subsection{RPCs associated with class: VM}
    2.46 @@ -4398,6 +4413,82 @@ value of the field
    2.47  \vspace{0.3cm}
    2.48  \vspace{0.3cm}
    2.49  \vspace{0.3cm}
    2.50 +\subsubsection{RPC name:~get\_security\_label}
    2.51 +
    2.52 +{\bf Overview:}
    2.53 +Get the security label field of the given VM. Refer to the XSPolicy class
    2.54 +for the format of the security label.
    2.55 +
    2.56 + \noindent {\bf Signature:}
    2.57 +\begin{verbatim} string get_security_label (session_id s, VM ref self)\end{verbatim}
    2.58 +
    2.59 +
    2.60 +\noindent{\bf Arguments:}
    2.61 +
    2.62 +
    2.63 +\vspace{0.3cm}
    2.64 +\begin{tabular}{|c|c|p{7cm}|}
    2.65 + \hline
    2.66 +{\bf type} & {\bf name} & {\bf description} \\ \hline
    2.67 +{\tt VM ref } & self & reference to the object \\ \hline
    2.68 +
    2.69 +\end{tabular}
    2.70 +
    2.71 +\vspace{0.3cm}
    2.72 +
    2.73 + \noindent {\bf Return Type:}
    2.74 +{\tt
    2.75 +string
    2.76 +}
    2.77 +
    2.78 +
    2.79 +value of the field
    2.80 +\vspace{0.3cm}
    2.81 +\vspace{0.3cm}
    2.82 +\vspace{0.3cm}
    2.83 +\subsubsection{RPC name:~set\_security\_label}
    2.84 +
    2.85 +{\bf Overview:}
    2.86 +Set the security label field of the given VM. Refer to the XSPolicy class
    2.87 +for the format of the security label.
    2.88 +
    2.89 + \noindent {\bf Signature:}
    2.90 +\begin{verbatim} int set_security_label (session_id s, VM ref self, string
    2.91 +security_label, string old_label)\end{verbatim}
    2.92 +
    2.93 +
    2.94 +\noindent{\bf Arguments:}
    2.95 +
    2.96 +
    2.97 +\vspace{0.3cm}
    2.98 +\begin{tabular}{|c|c|p{7cm}|}
    2.99 + \hline
   2.100 +{\bf type} & {\bf name} & {\bf description} \\ \hline
   2.101 +{\tt VM ref } & self & reference to the object \\ \hline
   2.102 +{\tt string } & security\_label & security label for the VM \\ \hline
   2.103 +{\tt string } & old\_label & Optional label value that the security label \\
   2.104 +& & must currently have for the change to succeed.\\ \hline
   2.105 +
   2.106 +\end{tabular}
   2.107 +
   2.108 +\vspace{0.3cm}
   2.109 +
   2.110 + \noindent {\bf Return Type:}
   2.111 +{\tt
   2.112 +int
   2.113 +}
   2.114 +
   2.115 +
   2.116 +Returns the ssidref in case of an VM that is currently running or
   2.117 +paused, zero in case of a dormant VM (halted, suspended).
   2.118 +
   2.119 +\vspace{0.3cm}
   2.120 +
   2.121 +\noindent{\bf Possible Error Codes:} {\tt SECURITY\_ERROR}
   2.122 +
   2.123 +\vspace{0.3cm}
   2.124 +\vspace{0.3cm}
   2.125 +\vspace{0.3cm}
   2.126  \subsubsection{RPC name:~create}
   2.127  
   2.128  {\bf Overview:} 
   2.129 @@ -11317,6 +11408,79 @@ void
   2.130  \vspace{0.3cm}
   2.131  \vspace{0.3cm}
   2.132  \vspace{0.3cm}
   2.133 +\subsubsection{RPC name:~set\_security\_label}
   2.134 +
   2.135 +{\bf Overview:}
   2.136 +Set the security label of the given VDI. Refer to the XSPolicy class
   2.137 +for the format of the security label.
   2.138 +
   2.139 + \noindent {\bf Signature:}
   2.140 +\begin{verbatim} void set_security_label (session_id s, VDI ref self, string
   2.141 +security_label, string old_label)\end{verbatim}
   2.142 +
   2.143 +
   2.144 +\noindent{\bf Arguments:}
   2.145 +
   2.146 +
   2.147 +\vspace{0.3cm}
   2.148 +\begin{tabular}{|c|c|p{7cm}|}
   2.149 + \hline
   2.150 +{\bf type} & {\bf name} & {\bf description} \\ \hline
   2.151 +{\tt VDI ref } & self & reference to the object \\ \hline
   2.152 +
   2.153 +{\tt string } & security\_label & New value of the security label \\ \hline
   2.154 +{\tt string } & old\_label & Optional label value that the security label \\
   2.155 +& & must currently have for the change to succeed.\\ \hline
   2.156 +\end{tabular}
   2.157 +
   2.158 +\vspace{0.3cm}
   2.159 +
   2.160 + \noindent {\bf Return Type:}
   2.161 +{\tt
   2.162 +void
   2.163 +}
   2.164 +
   2.165 +
   2.166 +\vspace{0.3cm}
   2.167 +
   2.168 +\noindent{\bf Possible Error Codes:} {\tt SECURITY\_ERROR}
   2.169 +
   2.170 +\vspace{0.3cm}
   2.171 +\vspace{0.3cm}
   2.172 +\vspace{0.3cm}
   2.173 +\subsubsection{RPC name:~get\_security\_label}
   2.174 +
   2.175 +{\bf Overview:}
   2.176 +Get the security label of the given VDI.
   2.177 +
   2.178 + \noindent {\bf Signature:}
   2.179 +\begin{verbatim} string get_security_label (session_id s, VDI ref self)\end{verbatim}
   2.180 +
   2.181 +
   2.182 +\noindent{\bf Arguments:}
   2.183 +
   2.184 +
   2.185 +
   2.186 +\vspace{0.3cm}
   2.187 +\begin{tabular}{|c|c|p{7cm}|}
   2.188 + \hline
   2.189 +{\bf type} & {\bf name} & {\bf description} \\ \hline
   2.190 +{\tt VDI ref } & self & reference to the object \\ \hline
   2.191 +
   2.192 +\end{tabular}
   2.193 +
   2.194 +\vspace{0.3cm}
   2.195 +
   2.196 + \noindent {\bf Return Type:}
   2.197 +{\tt
   2.198 +string
   2.199 +}
   2.200 +
   2.201 +
   2.202 +value of the given field
   2.203 +\vspace{0.3cm}
   2.204 +\vspace{0.3cm}
   2.205 +\vspace{0.3cm}
   2.206  \subsubsection{RPC name:~create}
   2.207  
   2.208  {\bf Overview:} 
   2.209 @@ -13424,6 +13588,38 @@ value of the field
   2.210  \vspace{0.3cm}
   2.211  \vspace{0.3cm}
   2.212  \vspace{0.3cm}
   2.213 +\subsubsection{RPC name:~get\_runtime\_properties}
   2.214 +
   2.215 +{\bf Overview:}
   2.216 +Get the runtime\_properties field of the given VTPM.
   2.217 +
   2.218 +\noindent {\bf Signature:}
   2.219 +\begin{verbatim} ((string -> string) Map) get_runtime_properties (session_id s, VTPM ref self)\end{verbatim}
   2.220 +
   2.221 +
   2.222 +\noindent{\bf Arguments:}
   2.223 +
   2.224 +
   2.225 +\vspace{0.3cm}
   2.226 +\begin{tabular}{|c|c|p{7cm}|}
   2.227 + \hline
   2.228 +{\bf type} & {\bf name} & {\bf description} \\ \hline
   2.229 +{\tt VTPM ref } & self & reference to the object \\ \hline
   2.230 +
   2.231 +\end{tabular}
   2.232 +
   2.233 +\vspace{0.3cm}
   2.234 +
   2.235 + \noindent {\bf Return Type:}
   2.236 +{\tt
   2.237 +(string $\rightarrow$ string) Map
   2.238 +}
   2.239 +
   2.240 +
   2.241 +value of the field
   2.242 +\vspace{0.3cm}
   2.243 +\vspace{0.3cm}
   2.244 +\vspace{0.3cm}
   2.245  \subsubsection{RPC name:~create}
   2.246  
   2.247  {\bf Overview:} 
   2.248 @@ -14269,6 +14465,634 @@ all fields from the object
   2.249  
   2.250  \vspace{1cm}
   2.251  \newpage
   2.252 +\section{Class: XSPolicy}
   2.253 +\subsection{Fields for class: XSPolicy}
   2.254 +\begin{longtable}{|lllp{0.38\textwidth}|}
   2.255 +\hline
   2.256 +\multicolumn{1}{|l}{Name} & \multicolumn{3}{l|}{\bf XSPolicy} \\
   2.257 +\multicolumn{1}{|l}{Description} & \multicolumn{3}{l|}{\parbox{11cm}{\em A Xen Security Policy}} \\
   2.258 +\hline
   2.259 +Quals & Field & Type & Description \\
   2.260 +\hline
   2.261 +$\mathit{RO}_\mathit{run}$ &  {\tt uuid} & string  & unique identifier / object reference \\
   2.262 +$\mathit{RW}$              &  {\tt repr} & string  & representation of policy, i.e., XML \\
   2.263 +$\mathit{RO}_\mathit{run}$ &  {\tt type} & xs\_type & type of the policy \\
   2.264 +$\mathit{RO}_\mathit{run}$ & {\tt flags} & xs\_instantiationflags & policy
   2.265 +status flags \\
   2.266 +\hline
   2.267 +\end{longtable}
   2.268 +\subsection{Semantics of the class: XSPolicy}
   2.269 +
   2.270 +The XSPolicy class is used for administering Xen Security policies. Through
   2.271 +this class a new policy can be uploaded to the system, loaded into the
   2.272 +Xen hypervisor for enforcement and be set as the policy that the
   2.273 +system is automatically loading when the machine is started.
   2.274 +
   2.275 +This class returns information about the currently administered policy,
   2.276 +including a reference to the policy. This reference can then be used with
   2.277 +policy-specific classes, i.e., the ACMPolicy class, to allow retrieval of
   2.278 +information or changes to be made to a particular policy.
   2.279 +
   2.280 +\subsection{Structure and datatypes of class: XSPolicy}
   2.281 +
   2.282 +Format of the security label:
   2.283 +
   2.284 +A security label consist of the three different parts {\it policy type},
   2.285 +{\it policy name} and {\it label} separated with colons. To specify
   2.286 +the virtual machine label for an ACM-type policy {\it xm-test}, the
   2.287 +security label string would be {\it ACM:xm-test:blue}, where blue
   2.288 +denotes the virtual machine's label. The format of resource labels is
   2.289 +the same.\\[0.5cm]
   2.290 +The following flags are used by this class:
   2.291 +
   2.292 +\begin{longtable}{|l|l|l|}
   2.293 +\hline
   2.294 +{\tt xs\_type} & value & meaning \\
   2.295 +\hline
   2.296 +\hspace{0.5cm}{\tt XS\_POLICY\_ACM} & (1 $<<$ 0) & ACM-type policy \\
   2.297 +\hline
   2.298 +\end{longtable}
   2.299 +
   2.300 +\begin{longtable}{|l|l|l|}
   2.301 +\hline
   2.302 +{\tt xs\_instantiationflags} & value & meaning \\
   2.303 +\hline
   2.304 +\hspace{0.5cm}{\tt XS\_INST\_NONE} & 0 & do nothing \\
   2.305 +\hspace{0.5cm}{\tt XS\_INST\_BOOT} & (1 $<<$ 0) & make system boot with this policy \\
   2.306 +\hspace{0.5cm}{\tt XS\_INST\_LOAD} & (1 $<<$ 1) & load policy immediately \\
   2.307 +\hline
   2.308 +\end{longtable}
   2.309 +
   2.310 +\begin{longtable}{|l|l|l|}
   2.311 +\hline
   2.312 +{\tt xs\_policystate} & type & meaning \\
   2.313 +\hline
   2.314 +\hspace{0.5cm}{\tt xserr} & int & Error code from operation (if applicable) \\
   2.315 +\hspace{0.5cm}{\tt xs\_ref}  & XSPolicy ref & reference to the XS policy as returned by the API \\
   2.316 +\hspace{0.5cm}{\tt repr} & string & representation of the policy, i.e., XML \\
   2.317 +\hspace{0.5cm}{\tt type} & xs\_type & the type of the policy \\
   2.318 +\hspace{0.5cm}{\tt flags } & xs\_instantiationflags  & instantiation flags of the policy \\
   2.319 +\hspace{0.5cm}{\tt version} & string & version of the policy \\
   2.320 +\hspace{0.5cm}{\tt errors} & string & Base64-encoded sequence of integer tuples consisting \\
   2.321 +& & of (error code, detail); will be returned as part  \\
   2.322 +& & of the xs\_setpolicy function. \\
   2.323 +\hline
   2.324 +\end{longtable}
   2.325 +
   2.326 +\subsection{Additional RPCs associated with class: XSPolicy}
   2.327 +\subsubsection{RPC name:~get\_xstype}
   2.328 +
   2.329 +{\bf Overview:}
   2.330 +Return the Xen Security Policy types supported by this system
   2.331 +
   2.332 + \noindent {\bf Signature:}
   2.333 +\begin{verbatim} xs_type get_xstype (session_id s)\end{verbatim}
   2.334 +
   2.335 + \noindent {\bf Return Type:}
   2.336 +{\tt
   2.337 +xs\_type
   2.338 +}
   2.339 +
   2.340 +flags representing the supported Xen security policy types
   2.341 + \vspace{0.3cm}
   2.342 +\vspace{0.3cm}
   2.343 +\vspace{0.3cm}
   2.344 +\subsubsection{RPC name:~set\_xspolicy}
   2.345 +
   2.346 +{\bf Overview:}
   2.347 +Set the current XSPolicy. This function can also be be used for updating of
   2.348 +an existing policy whose name must be equivalent to the one of the
   2.349 +currently running policy.
   2.350 +
   2.351 +\noindent {\bf Signature:}
   2.352 +\begin{verbatim} xs_policystate set_xspolicy (session_id s, xs_type type, string repr,
   2.353 +xs_instantiationflags flags, bool overwrite)\end{verbatim}
   2.354 +
   2.355 +\noindent{\bf Arguments:}
   2.356 +
   2.357 +\vspace{0.3cm}
   2.358 +
   2.359 +\begin{tabular}{|c|c|p{7cm}|}
   2.360 + \hline
   2.361 +{\bf type} & {\bf name} & {\bf description} \\ \hline
   2.362 +{\tt xs\_type } & type & the type of policy \\ \hline
   2.363 +{\tt string} & repr & representation of the policy, i.e., XML \\ \hline
   2.364 +{\tt xs\_instantiationflags}    & flags & flags for the setting of the policy \\ \hline
   2.365 +{\tt bool}   & overwrite & whether to overwrite an existing policy \\ \hline
   2.366 +
   2.367 +\end{tabular}
   2.368 +
   2.369 +\vspace{0.3cm}
   2.370 +
   2.371 +
   2.372 + \noindent {\bf Return Type:}
   2.373 +{\tt
   2.374 +xs\_policystate
   2.375 +}
   2.376 +
   2.377 +
   2.378 +State information about the policy. In case an error occurred, the 'xs\_err'
   2.379 +field contains the error code. The 'errors' may contain further information
   2.380 +about the error.
   2.381 +\vspace{0.3cm}
   2.382 +\vspace{0.3cm}
   2.383 +\vspace{0.3cm}
   2.384 +\subsubsection{RPC name:~get\_xspolicy}
   2.385 +
   2.386 +{\bf Overview:}
   2.387 +Get information regarding the currently set Xen Security Policy
   2.388 +
   2.389 + \noindent {\bf Signature:}
   2.390 +\begin{verbatim} xs_policystate get_xspolicy (session_id s)\end{verbatim}
   2.391 +
   2.392 +\vspace{0.3cm}
   2.393 +
   2.394 + \noindent {\bf Return Type:}
   2.395 +{\tt
   2.396 +xs\_policystate
   2.397 +}
   2.398 +
   2.399 +
   2.400 +Policy state information.
   2.401 +\vspace{0.3cm}
   2.402 +\vspace{0.3cm}
   2.403 +\vspace{0.3cm}
   2.404 +\subsubsection{RPC name:~rm\_xsbootpolicy}
   2.405 +
   2.406 +{\bf Overview:}
   2.407 +Remove any policy from the default boot configuration.
   2.408 +
   2.409 + \noindent {\bf Signature:}
   2.410 +\begin{verbatim} void rm_xsbootpolicy (session_id s)\end{verbatim}
   2.411 +
   2.412 +\vspace{0.3cm}
   2.413 +
   2.414 +\noindent{\bf Possible Error Codes:} {\tt SECURITY\_ERROR}
   2.415 +
   2.416 +\vspace{0.3cm}
   2.417 +\vspace{0.3cm}
   2.418 +\vspace{0.3cm}
   2.419 +\subsubsection{RPC name:~get\_labeled\_resources}
   2.420 +
   2.421 +{\bf Overview:}
   2.422 +Get a list of resources that have been labeled.
   2.423 +
   2.424 + \noindent {\bf Signature:}
   2.425 +\begin{verbatim} ((string -> string) Map) get_labeled_resources (session_id s)\end{verbatim}
   2.426 +
   2.427 +
   2.428 +\vspace{0.3cm}
   2.429 +
   2.430 + \noindent {\bf Return Type:}
   2.431 +{\tt
   2.432 +(string $\rightarrow$ string) Map
   2.433 +}
   2.434 +
   2.435 +
   2.436 +A map of resources with their labels.
   2.437 +\vspace{0.3cm}
   2.438 +\vspace{0.3cm}
   2.439 +\vspace{0.3cm}
   2.440 +\subsubsection{RPC name:~set\_resource\_label}
   2.441 +
   2.442 +{\bf Overview:}
   2.443 +Label the given resource with the given label. An empty label removes any label
   2.444 +from the resource.
   2.445 +
   2.446 + \noindent {\bf Signature:}
   2.447 +\begin{verbatim} void set_resource_label (session_id s, string resource, string
   2.448 +label, string old_label)\end{verbatim}
   2.449 +
   2.450 +
   2.451 +\noindent{\bf Arguments:}
   2.452 +
   2.453 +
   2.454 +\vspace{0.3cm}
   2.455 +\begin{tabular}{|c|c|p{7cm}|}
   2.456 + \hline
   2.457 +{\bf type} & {\bf name} & {\bf description} \\ \hline
   2.458 +{\tt string } & resource & resource to label \\ \hline
   2.459 +{\tt string } & label & label for the resource \\ \hline
   2.460 +{\tt string } & old\_label & Optional label value that the security label \\
   2.461 +& & must currently have for the change to succeed. \\ \hline
   2.462 +
   2.463 +\end{tabular}
   2.464 +
   2.465 +\vspace{0.3cm}
   2.466 +
   2.467 +\noindent{\bf Possible Error Codes:} {\tt SECURITY\_ERROR}
   2.468 +
   2.469 +\vspace{0.3cm}
   2.470 +\vspace{0.3cm}
   2.471 +\vspace{0.3cm}
   2.472 +\subsubsection{RPC name:~get\_resource\_label}
   2.473 +
   2.474 +{\bf Overview:}
   2.475 +Get the label of the given resource.
   2.476 +
   2.477 + \noindent {\bf Signature:}
   2.478 +\begin{verbatim} string get_resource_label (session_id s, string resource)\end{verbatim}
   2.479 +
   2.480 +
   2.481 +\noindent{\bf Arguments:}
   2.482 +
   2.483 +
   2.484 +\vspace{0.3cm}
   2.485 +\begin{tabular}{|c|c|p{7cm}|}
   2.486 + \hline
   2.487 +{\bf type} & {\bf name} & {\bf description} \\ \hline
   2.488 +{\tt string } & resource & resource to label \\ \hline
   2.489 +
   2.490 +\end{tabular}
   2.491 +
   2.492 +\vspace{0.3cm}
   2.493 +
   2.494 + \noindent {\bf Return Type:}
   2.495 +{\tt
   2.496 +string
   2.497 +}
   2.498 +
   2.499 +
   2.500 +The label of the given resource.
   2.501 +\vspace{0.3cm}
   2.502 +\vspace{0.3cm}
   2.503 +\vspace{0.3cm}
   2.504 +\subsubsection{RPC name:~activate\_xspolicy}
   2.505 +
   2.506 +{\bf Overview:}
   2.507 +Load the referenced policy into the hypervisor.
   2.508 +
   2.509 + \noindent {\bf Signature:}
   2.510 +\begin{verbatim} xs_instantiationflags activate_xspolicy (session_id s, xs_ref xspolicy,
   2.511 +xs_instantiationflags flags)\end{verbatim}
   2.512 +
   2.513 +
   2.514 +\noindent{\bf Arguments:}
   2.515 +
   2.516 +
   2.517 +\vspace{0.3cm}
   2.518 +\begin{tabular}{|c|c|p{7cm}|}
   2.519 + \hline
   2.520 +{\bf type} & {\bf name} & {\bf description} \\ \hline
   2.521 +{\tt xs ref } & self & reference to the object \\ \hline
   2.522 +{\tt xs\_instantiationflags } & flags & flags to activate on a policy; flags
   2.523 +  can only be set \\ \hline
   2.524 +
   2.525 +\end{tabular}
   2.526 +
   2.527 +\vspace{0.3cm}
   2.528 +
   2.529 +
   2.530 + \noindent {\bf Return Type:}
   2.531 +{\tt
   2.532 +xs\_instantiationflags
   2.533 +}
   2.534 +
   2.535 +
   2.536 +Currently active instantiation flags.
   2.537 +\vspace{0.3cm}
   2.538 +
   2.539 +\noindent{\bf Possible Error Codes:} {\tt SECURITY\_ERROR}
   2.540 +
   2.541 +\vspace{0.3cm}
   2.542 +\vspace{0.3cm}
   2.543 +\vspace{0.3cm}
   2.544 +\subsubsection{RPC name:~get\_all}
   2.545 +
   2.546 +{\bf Overview:}
   2.547 +Return a list of all the XSPolicies known to the system.
   2.548 +
   2.549 + \noindent {\bf Signature:}
   2.550 +\begin{verbatim} ((XSPolicy ref) Set) get_all (session_id s)\end{verbatim}
   2.551 +
   2.552 +
   2.553 +\vspace{0.3cm}
   2.554 +
   2.555 + \noindent {\bf Return Type:}
   2.556 +{\tt
   2.557 +(XSPolicy ref) Set
   2.558 +}
   2.559 +
   2.560 +
   2.561 +A list of all the IDs of all the XSPolicies
   2.562 +\vspace{0.3cm}
   2.563 +\vspace{0.3cm}
   2.564 +\vspace{0.3cm}
   2.565 +\subsubsection{RPC name:~get\_uuid}
   2.566 +
   2.567 +{\bf Overview:}
   2.568 +Get the uuid field of the given XSPolicy.
   2.569 +
   2.570 + \noindent {\bf Signature:}
   2.571 +\begin{verbatim} string get_uuid (session_id s, XSPolicy ref self)\end{verbatim}
   2.572 +
   2.573 +
   2.574 +\noindent{\bf Arguments:}
   2.575 +
   2.576 +
   2.577 +\vspace{0.3cm}
   2.578 +\begin{tabular}{|c|c|p{7cm}|}
   2.579 + \hline
   2.580 +{\bf type} & {\bf name} & {\bf description} \\ \hline
   2.581 +{\tt XSPolicy ref } & self & reference to the object \\ \hline
   2.582 +
   2.583 +\end{tabular}
   2.584 +
   2.585 +\vspace{0.3cm}
   2.586 +
   2.587 + \noindent {\bf Return Type:}
   2.588 +{\tt
   2.589 +string
   2.590 +}
   2.591 +
   2.592 +
   2.593 +value of the field
   2.594 +\vspace{0.3cm}
   2.595 +\vspace{0.3cm}
   2.596 +\vspace{0.3cm}
   2.597 +\subsubsection{RPC name:~get\_record}
   2.598 +
   2.599 +{\bf Overview:}
   2.600 +Get a record of the referenced XSPolicy.
   2.601 +
   2.602 + \noindent {\bf Signature:}
   2.603 +\begin{verbatim} (XSPolicy record) get_record (session_id s, xs_ref xspolicy)\end{verbatim}
   2.604 +
   2.605 +
   2.606 +\noindent{\bf Arguments:}
   2.607 +
   2.608 +
   2.609 +\vspace{0.3cm}
   2.610 +\begin{tabular}{|c|c|p{7cm}|}
   2.611 + \hline
   2.612 +{\bf type} & {\bf name} & {\bf description} \\ \hline
   2.613 +{\tt xs ref } & self & reference to the object \\ \hline
   2.614 +
   2.615 +\end{tabular}
   2.616 +
   2.617 +\vspace{0.3cm}
   2.618 +
   2.619 + \noindent {\bf Return Type:}
   2.620 +{\tt
   2.621 +XSPolicy record
   2.622 +}
   2.623 +
   2.624 +
   2.625 +all fields from the object
   2.626 +\vspace{0.3cm}
   2.627 +\vspace{0.3cm}
   2.628 +\vspace{0.3cm}
   2.629 +\newpage
   2.630 +\section{Class: ACMPolicy}
   2.631 +\subsection{Fields for class: ACMPolicy}
   2.632 +\begin{longtable}{|lllp{0.38\textwidth}|}
   2.633 +\hline
   2.634 +\multicolumn{1}{|l}{Name} & \multicolumn{3}{l|}{\bf ACMPolicy} \\
   2.635 +\multicolumn{1}{|l}{Description} & \multicolumn{3}{l|}{\parbox{11cm}{\em An ACM Security Policy}} \\
   2.636 +\hline
   2.637 +Quals & Field & Type & Description \\
   2.638 +\hline
   2.639 +$\mathit{RO}_\mathit{run}$ &  {\tt uuid} & string & unique identifier / object reference \\
   2.640 +$\mathit{RW}$              &  {\tt repr} & string & representation of policy, in XML \\
   2.641 +$\mathit{RO}_\mathit{run}$ &  {\tt type} & xs\_type & type of the policy \\
   2.642 +$\mathit{RO}_\mathit{run}$ & {\tt flags} & xs\_instantiationflags & policy
   2.643 +status flags \\
   2.644 +\hline
   2.645 +\end{longtable}
   2.646 +
   2.647 +\subsection{Structure and datatypes of class: ACMPolicy}
   2.648 +
   2.649 +\vspace{0.5cm}
   2.650 +The following data structures are used:
   2.651 +
   2.652 +\begin{longtable}{|l|l|l|}
   2.653 +\hline
   2.654 +{\tt RIP acm\_policyheader} & type & meaning \\
   2.655 +\hline
   2.656 +\hspace{0.5cm}{\tt policyname}   & string & name of the policy \\
   2.657 +\hspace{0.5cm}{\tt policyurl }   & string & URL of the policy \\
   2.658 +\hspace{0.5cm}{\tt date}         & string & data of the policy \\
   2.659 +\hspace{0.5cm}{\tt reference}    & string & reference of the policy \\
   2.660 +\hspace{0.5cm}{\tt namespaceurl} & string & namespaceurl of the policy \\
   2.661 +\hspace{0.5cm}{\tt version}      & string & version of the policy \\
   2.662 +\hline
   2.663 +\end{longtable}
   2.664 +
   2.665 +\vspace{0.3cm}
   2.666 +\vspace{0.3cm}
   2.667 +\vspace{0.3cm}
   2.668 +\subsubsection{RPC name:~get\_header}
   2.669 +
   2.670 +{\bf Overview:}
   2.671 +Get the referenced policy's header information.
   2.672 +
   2.673 + \noindent {\bf Signature:}
   2.674 +\begin{verbatim} acm_policyheader get_header (session_id s, xs ref self)\end{verbatim}
   2.675 +
   2.676 +
   2.677 +\noindent{\bf Arguments:}
   2.678 +
   2.679 +
   2.680 +\vspace{0.3cm}
   2.681 +\begin{tabular}{|c|c|p{7cm}|}
   2.682 + \hline
   2.683 +{\bf type} & {\bf name} & {\bf description} \\ \hline
   2.684 +{\tt xs ref } & self & reference to the object \\ \hline
   2.685 +
   2.686 +\end{tabular}
   2.687 +
   2.688 +\vspace{0.3cm}
   2.689 +
   2.690 + \noindent {\bf Return Type:}
   2.691 +{\tt
   2.692 +acm\_policyheader
   2.693 +}
   2.694 +
   2.695 +
   2.696 +The policy's header information.
   2.697 +\vspace{0.3cm}
   2.698 +\vspace{0.3cm}
   2.699 +\vspace{0.3cm}
   2.700 +\subsubsection{RPC name:~get\_xml}
   2.701 +
   2.702 +{\bf Overview:}
   2.703 +Get the XML representation of the given policy.
   2.704 +
   2.705 + \noindent {\bf Signature:}
   2.706 +\begin{verbatim} string get_XML (session_id s, xs ref self)\end{verbatim}
   2.707 +
   2.708 +
   2.709 +\noindent{\bf Arguments:}
   2.710 +
   2.711 +
   2.712 +\vspace{0.3cm}
   2.713 +\begin{tabular}{|c|c|p{7cm}|}
   2.714 + \hline
   2.715 +{\bf type} & {\bf name} & {\bf description} \\ \hline
   2.716 +{\tt xs ref } & self & reference to the object \\ \hline
   2.717 +
   2.718 +\end{tabular}
   2.719 +
   2.720 +\vspace{0.3cm}
   2.721 +
   2.722 + \noindent {\bf Return Type:}
   2.723 +{\tt
   2.724 +string
   2.725 +}
   2.726 +
   2.727 +
   2.728 +XML representation of the referenced policy
   2.729 +\vspace{0.3cm}
   2.730 +\vspace{0.3cm}
   2.731 +\vspace{0.3cm}
   2.732 +\subsubsection{RPC name:~get\_map}
   2.733 +
   2.734 +{\bf Overview:}
   2.735 +Get the mapping information of the given policy.
   2.736 +
   2.737 + \noindent {\bf Signature:}
   2.738 +\begin{verbatim} string get_map (session_id s, xs ref self)\end{verbatim}
   2.739 +
   2.740 +
   2.741 +\noindent{\bf Arguments:}
   2.742 +
   2.743 +
   2.744 +\vspace{0.3cm}
   2.745 +\begin{tabular}{|c|c|p{7cm}|}
   2.746 + \hline
   2.747 +{\bf type} & {\bf name} & {\bf description} \\ \hline
   2.748 +{\tt xs ref } & self & reference to the object \\ \hline
   2.749 +
   2.750 +\end{tabular}
   2.751 +
   2.752 +\vspace{0.3cm}
   2.753 +
   2.754 + \noindent {\bf Return Type:}
   2.755 +{\tt
   2.756 +string
   2.757 +}
   2.758 +
   2.759 +
   2.760 +Mapping information of the referenced policy.
   2.761 +\vspace{0.3cm}
   2.762 +\vspace{0.3cm}
   2.763 +\vspace{0.3cm}
   2.764 +\subsubsection{RPC name:~get\_binary}
   2.765 +
   2.766 +{\bf Overview:}
   2.767 +Get the binary policy representation of the referenced policy.
   2.768 +
   2.769 + \noindent {\bf Signature:}
   2.770 +\begin{verbatim} string get_map (session_id s, xs ref self)\end{verbatim}
   2.771 +
   2.772 +
   2.773 +\noindent{\bf Arguments:}
   2.774 +
   2.775 +
   2.776 +\vspace{0.3cm}
   2.777 +\begin{tabular}{|c|c|p{7cm}|}
   2.778 + \hline
   2.779 +{\bf type} & {\bf name} & {\bf description} \\ \hline
   2.780 +{\tt xs ref } & self & reference to the object \\ \hline
   2.781 +
   2.782 +\end{tabular}
   2.783 +
   2.784 +\vspace{0.3cm}
   2.785 +
   2.786 + \noindent {\bf Return Type:}
   2.787 +{\tt
   2.788 +string
   2.789 +}
   2.790 +
   2.791 +
   2.792 +Base64-encoded representation of the binary policy.
   2.793 +\vspace{0.3cm}
   2.794 +\vspace{0.3cm}
   2.795 +\vspace{0.3cm}
   2.796 +\subsubsection{RPC name:~get\_all}
   2.797 +
   2.798 +{\bf Overview:}
   2.799 +Return a list of all the ACMPolicies known to the system.
   2.800 +
   2.801 + \noindent {\bf Signature:}
   2.802 +\begin{verbatim} ((ACMPolicy ref) Set) get_all (session_id s)\end{verbatim}
   2.803 +
   2.804 +
   2.805 +\vspace{0.3cm}
   2.806 +
   2.807 + \noindent {\bf Return Type:}
   2.808 +{\tt
   2.809 +(ACMPolicy ref) Set
   2.810 +}
   2.811 +
   2.812 +
   2.813 +A list of all the IDs of all the ACMPolicies
   2.814 +\vspace{0.3cm}
   2.815 +\vspace{0.3cm}
   2.816 +\vspace{0.3cm}
   2.817 +\subsubsection{RPC name:~get\_uuid}
   2.818 +
   2.819 +{\bf Overview:}
   2.820 +Get the uuid field of the given ACMPolicy.
   2.821 +
   2.822 + \noindent {\bf Signature:}
   2.823 +\begin{verbatim} string get_uuid (session_id s, ACMPolicy ref self)\end{verbatim}
   2.824 +
   2.825 +
   2.826 +\noindent{\bf Arguments:}
   2.827 +
   2.828 +
   2.829 +\vspace{0.3cm}
   2.830 +\begin{tabular}{|c|c|p{7cm}|}
   2.831 + \hline
   2.832 +{\bf type} & {\bf name} & {\bf description} \\ \hline
   2.833 +{\tt ACMPolicy ref } & self & reference to the object \\ \hline
   2.834 +
   2.835 +\end{tabular}
   2.836 +
   2.837 +\vspace{0.3cm}
   2.838 +
   2.839 + \noindent {\bf Return Type:}
   2.840 +{\tt
   2.841 +string
   2.842 +}
   2.843 +
   2.844 +
   2.845 +value of the field
   2.846 +\vspace{0.3cm}
   2.847 +\vspace{0.3cm}
   2.848 +\vspace{0.3cm}
   2.849 +\subsubsection{RPC name:~get\_record}
   2.850 +
   2.851 +{\bf Overview:}
   2.852 +Get a record of the referenced ACMPolicy.
   2.853 +
   2.854 + \noindent {\bf Signature:}
   2.855 +\begin{verbatim} (XSPolicy record) get_record (session_id s, xs_ref xspolicy)\end{verbatim}
   2.856 +
   2.857 +
   2.858 +\noindent{\bf Arguments:}
   2.859 +
   2.860 +
   2.861 +\vspace{0.3cm}
   2.862 +\begin{tabular}{|c|c|p{7cm}|}
   2.863 + \hline
   2.864 +{\bf type} & {\bf name} & {\bf description} \\ \hline
   2.865 +{\tt xs ref } & self & reference to the object \\ \hline
   2.866 +
   2.867 +\end{tabular}
   2.868 +
   2.869 +\vspace{0.3cm}
   2.870 +
   2.871 + \noindent {\bf Return Type:}
   2.872 +{\tt
   2.873 +XSPolicy record
   2.874 +}
   2.875 +
   2.876 +
   2.877 +all fields from the object
   2.878 +
   2.879 +\newpage
   2.880  \section{Class: debug}
   2.881  \subsection{Fields for class: debug}
   2.882  {\bf Class debug has no fields.}