ia64/xen-unstable

changeset 14924:d5d6d2a8d10c

acm: Changes to XML schema of the policy

This patch changes the XML schema of the ACM policy to require a
version and that every conflict set have a name. Every VM label must
have one Chinese Wall Type and every resource label one Simple Type
Enforcement Type. As a consequence of this some example policies
needed to be changed. Also not offering that many configuration
options for compiling xen anymore to make things simpler.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author kfraser@localhost.localdomain
date Wed Apr 25 09:31:52 2007 +0100 (2007-04-25)
parents 3d613faed8c3
children 4677ee247aa9
files Config.mk docs/src/user.tex tools/security/Makefile tools/security/policies/example/chwall/client_v1-security_policy.xml tools/security/policies/example/chwall_ste/client_v1-security_policy.xml tools/security/policies/example/client_v1-security_policy.xml tools/security/policies/example/test-security_policy.xml tools/security/python/xensec_gen/cgi-bin/policy.cgi tools/security/xensec_ezpolicy tools/xm-test/tests/security-acm/xm-test-security_policy.xml
line diff
     1.1 --- a/Config.mk	Tue Apr 24 23:40:40 2007 +0100
     1.2 +++ b/Config.mk	Wed Apr 25 09:31:52 2007 +0100
     1.3 @@ -83,8 +83,6 @@ ACM_SECURITY ?= n
     1.4  # ACM_DEFAULT_SECURITY_POLICY
     1.5  # Supported models are:
     1.6  #	ACM_NULL_POLICY
     1.7 -#	ACM_CHINESE_WALL_POLICY
     1.8 -#	ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
     1.9  #	ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
    1.10  ACM_DEFAULT_SECURITY_POLICY ?= ACM_NULL_POLICY
    1.11  
     2.1 --- a/docs/src/user.tex	Tue Apr 24 23:40:40 2007 +0100
     2.2 +++ b/docs/src/user.tex	Wed Apr 25 09:31:52 2007 +0100
     2.3 @@ -2673,33 +2673,34 @@ 03 <SecurityPolicyDefinition
     2.4        xsi:schemaLocation=
     2.5            "http://www.ibm.com ../../security_policy.xsd ">
     2.6  04     <PolicyHeader>
     2.7 -05         <PolicyName>example.chwall_ste.test</PolicyName>
     2.8 +05         <PolicyName>example.test</PolicyName>
     2.9  06         <Date>Wed Jul 12 17:32:59 2006</Date>
    2.10 -07     </PolicyHeader>
    2.11 -08
    2.12 -09     <SimpleTypeEnforcement>
    2.13 -10         <SimpleTypeEnforcementTypes>
    2.14 -11             <Type>SystemManagement</Type>
    2.15 -12             <Type>PepsiCo</Type>
    2.16 -13             <Type>CocaCola</Type>
    2.17 -14         </SimpleTypeEnforcementTypes>
    2.18 -15     </SimpleTypeEnforcement>
    2.19 -16
    2.20 -17     <ChineseWall priority="PrimaryPolicyComponent">
    2.21 -18         <ChineseWallTypes>
    2.22 -19             <Type>SystemManagement</Type>
    2.23 -20             <Type>PepsiCo</Type>
    2.24 -21             <Type>CocaCola</Type>
    2.25 -22         </ChineseWallTypes>
    2.26 -23
    2.27 -24         <ConflictSets>
    2.28 -25             <Conflict name="RER1">
    2.29 -26                 <Type>CocaCola</Type>
    2.30 -27                 <Type>PepsiCo</Type>
    2.31 -28             </Conflict>
    2.32 -29        </ConflictSets>
    2.33 -30     </ChineseWall>
    2.34 -31
    2.35 +07         <Version>1.0</Version>
    2.36 +08     </PolicyHeader>
    2.37 +09
    2.38 +10     <SimpleTypeEnforcement>
    2.39 +11         <SimpleTypeEnforcementTypes>
    2.40 +12             <Type>SystemManagement</Type>
    2.41 +13             <Type>PepsiCo</Type>
    2.42 +14             <Type>CocaCola</Type>
    2.43 +15         </SimpleTypeEnforcementTypes>
    2.44 +16     </SimpleTypeEnforcement>
    2.45 +17
    2.46 +18     <ChineseWall priority="PrimaryPolicyComponent">
    2.47 +19         <ChineseWallTypes>
    2.48 +20             <Type>SystemManagement</Type>
    2.49 +21             <Type>PepsiCo</Type>
    2.50 +22             <Type>CocaCola</Type>
    2.51 +23         </ChineseWallTypes>
    2.52 +24
    2.53 +25         <ConflictSets>
    2.54 +26             <Conflict name="RER1">
    2.55 +27                 <Type>CocaCola</Type>
    2.56 +28                 <Type>PepsiCo</Type>
    2.57 +29             </Conflict>
    2.58 +30        </ConflictSets>
    2.59 +31     </ChineseWall>
    2.60 +32
    2.61  \end{verbatim}
    2.62  \end{scriptsize}
    2.63  \caption{Example XML security policy file -- Part I: Types and Rules Definition.}
     3.1 --- a/tools/security/Makefile	Tue Apr 24 23:40:40 2007 +0100
     3.2 +++ b/tools/security/Makefile	Wed Apr 25 09:31:52 2007 +0100
     3.3 @@ -16,12 +16,6 @@ LDFLAGS    += $(shell xml2-config --libs
     3.4  ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_NULL_POLICY)
     3.5  POLICY=null
     3.6  endif
     3.7 -ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_CHINESE_WALL_POLICY)
     3.8 -POLICY=chwall
     3.9 -endif
    3.10 -ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
    3.11 -POLICY=ste
    3.12 -endif
    3.13  ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)
    3.14  POLICY=chwall_ste
    3.15  endif
    3.16 @@ -46,7 +40,7 @@ ACM_SECGEN_HTMLDIR= /var/lib/xensec_gen
    3.17  ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR)/cgi-bin
    3.18  
    3.19  ACM_SCHEMA        = security_policy.xsd
    3.20 -ACM_EXAMPLES      = chwall ste chwall_ste
    3.21 +ACM_EXAMPLES      = client_v1 test
    3.22  ACM_POLICY_SUFFIX = security_policy.xml
    3.23  
    3.24  ifeq ($(ACM_SECURITY),y)
    3.25 @@ -66,8 +60,7 @@ install: all $(ACM_CONFIG_FILE)
    3.26  	$(INSTALL_DATA) policies/$(ACM_SCHEMA) $(DESTDIR)$(ACM_POLICY_DIR)
    3.27  	$(INSTALL_DIR) $(DESTDIR)$(ACM_POLICY_DIR)/example
    3.28  	for i in $(ACM_EXAMPLES); do \
    3.29 -		$(INSTALL_DIR) $(DESTDIR)$(ACM_POLICY_DIR)/example/$$i; \
    3.30 -		$(INSTALL_DATA) policies/example/$$i/client_v1-$(ACM_POLICY_SUFFIX) $(DESTDIR)$(ACM_POLICY_DIR)/example/$$i; \
    3.31 +		$(INSTALL_DATA) policies/example/$$i-$(ACM_POLICY_SUFFIX) $(DESTDIR)$(ACM_POLICY_DIR)/example/; \
    3.32  	done
    3.33  	$(INSTALL_DIR) $(DESTDIR)$(ACM_SCRIPT_DIR)
    3.34  	$(INSTALL_PROG) $(ACM_SCRIPTS) $(DESTDIR)$(ACM_SCRIPT_DIR)
    3.35 @@ -94,10 +87,10 @@ build: $(ACM_INST_TOOLS) $(ACM_NOINST_TO
    3.36  	chmod 700 $(ACM_SCRIPTS)
    3.37  
    3.38  xensec_tool: $(OBJS_TOOL)
    3.39 -	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ -L$(XEN_LIBXC) -lxenctrl
    3.40 +	$(CC) -g $(CFLAGS) $(LDFLAGS) -O0 -o $@ $^ -L$(XEN_LIBXC) -lxenctrl
    3.41  
    3.42  xensec_xml2bin: $(OBJS_XML2BIN)
    3.43 -	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
    3.44 +	$(CC) -g $(CFLAGS) $(LDFLAGS) -O0 -o $@ $^
    3.45  
    3.46  xensec_gen: xensec_gen.py
    3.47  	cp -f $^ $@
     4.1 --- a/tools/security/policies/example/chwall/client_v1-security_policy.xml	Tue Apr 24 23:40:40 2007 +0100
     4.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     4.3 @@ -1,90 +0,0 @@
     4.4 -<?xml version="1.0" encoding="UTF-8"?>
     4.5 -<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
     4.6 -<!--             This file defines the security policies, which     -->
     4.7 -<!--             can be enforced by the Xen Access Control Module.  -->
     4.8 -<!--             Currently: Chinese Wall and Simple Type Enforcement-->
     4.9 -<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd ">
    4.10 -	<PolicyHeader>
    4.11 -		<PolicyName>example.chwall.client_v1</PolicyName>
    4.12 -		<PolicyUrl>www.ibm.com/example/chwall/client_v1</PolicyUrl>
    4.13 -		<Date>2006-03-31</Date>
    4.14 -	</PolicyHeader>
    4.15 -	<!--                                             -->
    4.16 -	<!-- example of a chinese wall type definition   -->
    4.17 -	<!-- along with its conflict sets                -->
    4.18 -	<!-- (typse in a confict set are exclusive, i.e. -->
    4.19 -	<!--  once a Domain with one type of a set is    -->
    4.20 -	<!--  running, no other Domain with another type -->
    4.21 -	<!--  of the same conflict set can start.)       -->
    4.22 -	<ChineseWall priority="PrimaryPolicyComponent">
    4.23 -		<ChineseWallTypes>
    4.24 -			<Type>cw_SystemManagement</Type>
    4.25 -			<Type>cw_Sensitive</Type>
    4.26 -			<Type>cw_Isolated</Type>
    4.27 -			<Type>cw_Distrusted</Type>
    4.28 -		</ChineseWallTypes>
    4.29 -		<ConflictSets>
    4.30 -			<Conflict name="Protection1">
    4.31 -				<Type>cw_Sensitive</Type>
    4.32 -				<Type>cw_Distrusted</Type>
    4.33 -			</Conflict>
    4.34 -		</ConflictSets>
    4.35 -	</ChineseWall>
    4.36 -	<SecurityLabelTemplate>
    4.37 -		<SubjectLabels bootstrap="dom_SystemManagement">
    4.38 -			<!-- single ste typed domains            -->
    4.39 -			<!-- ACM enforces that only domains with -->
    4.40 -			<!-- the same type can share information -->
    4.41 -			<!--                                     -->
    4.42 -			<!-- Bootstrap label is assigned to Dom0 -->
    4.43 -			<VirtualMachineLabel>
    4.44 -				<Name>dom_HomeBanking</Name>
    4.45 -				<ChineseWallTypes>
    4.46 -					<Type>cw_Sensitive</Type>
    4.47 -				</ChineseWallTypes>
    4.48 -			</VirtualMachineLabel>
    4.49 -
    4.50 -			<VirtualMachineLabel>
    4.51 -				<Name>dom_Fun</Name>
    4.52 -				<ChineseWallTypes>
    4.53 -					<Type>cw_Distrusted</Type>
    4.54 -				</ChineseWallTypes>
    4.55 -			</VirtualMachineLabel>
    4.56 -
    4.57 -			<VirtualMachineLabel>
    4.58 -				<!-- donating some cycles to seti@home -->
    4.59 -				<Name>dom_BoincClient</Name>
    4.60 -				<ChineseWallTypes>
    4.61 -					<Type>cw_Isolated</Type>
    4.62 -				</ChineseWallTypes>
    4.63 -			</VirtualMachineLabel>
    4.64 -
    4.65 -			<!-- Domains with multiple ste types services; such domains   -->
    4.66 -			<!-- must keep the types inside their domain safely confined. -->
    4.67 -			<VirtualMachineLabel>
    4.68 -				<Name>dom_SystemManagement</Name>
    4.69 -				<ChineseWallTypes>
    4.70 -					<Type>cw_SystemManagement</Type>
    4.71 -				</ChineseWallTypes>
    4.72 -			</VirtualMachineLabel>
    4.73 -
    4.74 -			<VirtualMachineLabel>
    4.75 -				<!-- serves persistent storage to other domains -->
    4.76 -				<Name>dom_StorageDomain</Name>
    4.77 -				<ChineseWallTypes>
    4.78 -					<Type>cw_SystemManagement</Type>
    4.79 -				</ChineseWallTypes>
    4.80 -			</VirtualMachineLabel>
    4.81 -
    4.82 -			<VirtualMachineLabel>
    4.83 -				<!-- serves network access to other domains -->
    4.84 -				<Name>dom_NetworkDomain</Name>
    4.85 -				<ChineseWallTypes>
    4.86 -					<Type>cw_SystemManagement</Type>
    4.87 -				</ChineseWallTypes>
    4.88 -			</VirtualMachineLabel>
    4.89 -		</SubjectLabels>
    4.90 -	</SecurityLabelTemplate>
    4.91 -
    4.92 -</SecurityPolicyDefinition>
    4.93 -
     5.1 --- a/tools/security/policies/example/chwall_ste/client_v1-security_policy.xml	Tue Apr 24 23:40:40 2007 +0100
     5.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     5.3 @@ -1,194 +0,0 @@
     5.4 -<?xml version="1.0" encoding="UTF-8"?>
     5.5 -<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
     5.6 -<!--             This file defines the security policies, which     -->
     5.7 -<!--             can be enforced by the Xen Access Control Module.  -->
     5.8 -<!--             Currently: Chinese Wall and Simple Type Enforcement-->
     5.9 -<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd ">
    5.10 -	<PolicyHeader>
    5.11 -		<PolicyName>example.chwall_ste.client_v1</PolicyName>
    5.12 -		<PolicyUrl>www.ibm.com/example/chwall_ste/client_v1</PolicyUrl>
    5.13 -		<Date>2006-03-31</Date>
    5.14 -	</PolicyHeader>
    5.15 -	<!--                                                        -->
    5.16 -	<!-- example of a simple type enforcement policy definition -->
    5.17 -	<!--                                                        -->
    5.18 -	<SimpleTypeEnforcement>
    5.19 -		<SimpleTypeEnforcementTypes>
    5.20 -			<Type>ste_SystemManagement</Type><!-- machine/security management -->
    5.21 -			<Type>ste_PersonalFinances</Type><!-- personal finances -->
    5.22 -			<Type>ste_InternetInsecure</Type><!-- games, active X, etc. -->
    5.23 -			<Type>ste_DonatedCycles</Type><!-- donation to BOINC/seti@home -->
    5.24 -			<Type>ste_PersistentStorageA</Type><!-- domain managing the harddrive A-->
    5.25 -			<Type>ste_NetworkAdapter0</Type><!-- type of the domain managing ethernet adapter 0-->
    5.26 -		</SimpleTypeEnforcementTypes>
    5.27 -	</SimpleTypeEnforcement>
    5.28 -	<!--                                             -->
    5.29 -	<!-- example of a chinese wall type definition   -->
    5.30 -	<!-- along with its conflict sets                -->
    5.31 -	<!-- (typse in a confict set are exclusive, i.e. -->
    5.32 -	<!--  once a Domain with one type of a set is    -->
    5.33 -	<!--  running, no other Domain with another type -->
    5.34 -	<!--  of the same conflict set can start.)       -->
    5.35 -	<ChineseWall priority="PrimaryPolicyComponent">
    5.36 -		<ChineseWallTypes>
    5.37 -			<Type>cw_SystemManagement</Type>
    5.38 -			<Type>cw_Sensitive</Type>
    5.39 -			<Type>cw_Isolated</Type>
    5.40 -			<Type>cw_Distrusted</Type>
    5.41 -		</ChineseWallTypes>
    5.42 -
    5.43 -		<ConflictSets>
    5.44 -			<Conflict name="Protection1">
    5.45 -				<Type>cw_Sensitive</Type>
    5.46 -				<Type>cw_Distrusted</Type>
    5.47 -			</Conflict>
    5.48 -		</ConflictSets>
    5.49 -	</ChineseWall>
    5.50 -	<SecurityLabelTemplate>
    5.51 -		<SubjectLabels bootstrap="dom_SystemManagement">
    5.52 -			<!-- single ste typed domains            -->
    5.53 -			<!-- ACM enforces that only domains with -->
    5.54 -			<!-- the same type can share information -->
    5.55 -			<!--                                     -->
    5.56 -			<!-- Bootstrap label is assigned to Dom0 -->
    5.57 -			<VirtualMachineLabel>
    5.58 -				<Name>dom_HomeBanking</Name>
    5.59 -				<SimpleTypeEnforcementTypes>
    5.60 -					<Type>ste_PersonalFinances</Type>
    5.61 -				</SimpleTypeEnforcementTypes>
    5.62 -
    5.63 -				<ChineseWallTypes>
    5.64 -					<Type>cw_Sensitive</Type>
    5.65 -				</ChineseWallTypes>
    5.66 -			</VirtualMachineLabel>
    5.67 -
    5.68 -			<VirtualMachineLabel>
    5.69 -				<Name>dom_Fun</Name>
    5.70 -				<SimpleTypeEnforcementTypes>
    5.71 -					<Type>ste_InternetInsecure</Type>
    5.72 -				</SimpleTypeEnforcementTypes>
    5.73 -
    5.74 -				<ChineseWallTypes>
    5.75 -					<Type>cw_Distrusted</Type>
    5.76 -				</ChineseWallTypes>
    5.77 -			</VirtualMachineLabel>
    5.78 -
    5.79 -			<VirtualMachineLabel>
    5.80 -				<!-- donating some cycles to seti@home -->
    5.81 -				<Name>dom_BoincClient</Name>
    5.82 -				<SimpleTypeEnforcementTypes>
    5.83 -					<Type>ste_DonatedCycles</Type>
    5.84 -				</SimpleTypeEnforcementTypes>
    5.85 -
    5.86 -				<ChineseWallTypes>
    5.87 -					<Type>cw_Isolated</Type>
    5.88 -				</ChineseWallTypes>
    5.89 -			</VirtualMachineLabel>
    5.90 -
    5.91 -			<!-- Domains with multiple ste types services; such domains   -->
    5.92 -			<!-- must keep the types inside their domain safely confined. -->
    5.93 -			<VirtualMachineLabel>
    5.94 -				<Name>dom_SystemManagement</Name>
    5.95 -				<SimpleTypeEnforcementTypes>
    5.96 -					<!-- since dom0 needs access to every domain and -->
    5.97 -					<!-- resource right now ... -->
    5.98 -					<Type>ste_SystemManagement</Type>
    5.99 -					<Type>ste_PersonalFinances</Type>
   5.100 -					<Type>ste_InternetInsecure</Type>
   5.101 -					<Type>ste_DonatedCycles</Type>
   5.102 -					<Type>ste_PersistentStorageA</Type>
   5.103 -					<Type>ste_NetworkAdapter0</Type>
   5.104 -				</SimpleTypeEnforcementTypes>
   5.105 -
   5.106 -				<ChineseWallTypes>
   5.107 -					<Type>cw_SystemManagement</Type>
   5.108 -				</ChineseWallTypes>
   5.109 -			</VirtualMachineLabel>
   5.110 -
   5.111 -			<VirtualMachineLabel>
   5.112 -				<!-- serves persistent storage to other domains -->
   5.113 -				<Name>dom_StorageDomain</Name>
   5.114 -				<SimpleTypeEnforcementTypes>
   5.115 -					<!-- access right to the resource (hard drive a) -->
   5.116 -					<Type>ste_PersistentStorageA</Type>
   5.117 -					<!-- can serve following types -->
   5.118 -					<Type>ste_PersonalFinances</Type>
   5.119 -					<Type>ste_InternetInsecure</Type>
   5.120 -				</SimpleTypeEnforcementTypes>
   5.121 -
   5.122 -				<ChineseWallTypes>
   5.123 -					<Type>cw_SystemManagement</Type>
   5.124 -				</ChineseWallTypes>
   5.125 -			</VirtualMachineLabel>
   5.126 -
   5.127 -			<VirtualMachineLabel>
   5.128 -				<!-- serves network access to other domains -->
   5.129 -				<Name>dom_NetworkDomain</Name>
   5.130 -				<SimpleTypeEnforcementTypes>
   5.131 -					<!-- access right to the resource (ethernet card) -->
   5.132 -					<Type>ste_NetworkAdapter0</Type>
   5.133 -					<!-- can serve following types -->
   5.134 -					<Type>ste_PersonalFinances</Type>
   5.135 -					<Type>ste_InternetInsecure</Type>
   5.136 -					<Type>ste_DonatedCycles</Type>
   5.137 -				</SimpleTypeEnforcementTypes>
   5.138 -
   5.139 -				<ChineseWallTypes>
   5.140 -					<Type>cw_SystemManagement</Type>
   5.141 -				</ChineseWallTypes>
   5.142 -			</VirtualMachineLabel>
   5.143 -		</SubjectLabels>
   5.144 -
   5.145 -		<ObjectLabels>
   5.146 -			<ResourceLabel>
   5.147 -				<Name>res_ManagementResource</Name>
   5.148 -				<SimpleTypeEnforcementTypes>
   5.149 -					<Type>ste_SystemManagement</Type>
   5.150 -				</SimpleTypeEnforcementTypes>
   5.151 -			</ResourceLabel>
   5.152 -
   5.153 -			<ResourceLabel>
   5.154 -				<Name>res_HardDrive(hda)</Name>
   5.155 -				<SimpleTypeEnforcementTypes>
   5.156 -					<Type>ste_PersistentStorageA</Type>
   5.157 -				</SimpleTypeEnforcementTypes>
   5.158 -			</ResourceLabel>
   5.159 -
   5.160 -			<ResourceLabel>
   5.161 -				<Name>res_LogicalDiskPartition1(hda1)</Name>
   5.162 -				<SimpleTypeEnforcementTypes>
   5.163 -					<Type>ste_PersonalFinances</Type>
   5.164 -				</SimpleTypeEnforcementTypes>
   5.165 -			</ResourceLabel>
   5.166 -
   5.167 -			<ResourceLabel>
   5.168 -				<Name>res_LogicalDiskPartition2(hda2)</Name>
   5.169 -				<SimpleTypeEnforcementTypes>
   5.170 -					<Type>ste_InternetInsecure</Type>
   5.171 -				</SimpleTypeEnforcementTypes>
   5.172 -			</ResourceLabel>
   5.173 -
   5.174 -			<ResourceLabel>
   5.175 -				<Name>res_EthernetCard</Name>
   5.176 -				<SimpleTypeEnforcementTypes>
   5.177 -					<Type>ste_NetworkAdapter0</Type>
   5.178 -				</SimpleTypeEnforcementTypes>
   5.179 -			</ResourceLabel>
   5.180 -
   5.181 -			<ResourceLabel>
   5.182 -				<Name>res_SecurityToken</Name>
   5.183 -				<SimpleTypeEnforcementTypes>
   5.184 -					<Type>ste_PersonalFinances</Type>
   5.185 -				</SimpleTypeEnforcementTypes>
   5.186 -			</ResourceLabel>
   5.187 -
   5.188 -			<ResourceLabel>
   5.189 -				<Name>res_GraphicsAdapter</Name>
   5.190 -				<SimpleTypeEnforcementTypes>
   5.191 -					<Type>ste_SystemManagement</Type>
   5.192 -				</SimpleTypeEnforcementTypes>
   5.193 -			</ResourceLabel>
   5.194 -		</ObjectLabels>
   5.195 -	</SecurityLabelTemplate>
   5.196 -</SecurityPolicyDefinition>
   5.197 -
     6.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     6.2 +++ b/tools/security/policies/example/client_v1-security_policy.xml	Wed Apr 25 09:31:52 2007 +0100
     6.3 @@ -0,0 +1,195 @@
     6.4 +<?xml version="1.0" encoding="UTF-8"?>
     6.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
     6.6 +<!--             This file defines the security policies, which     -->
     6.7 +<!--             can be enforced by the Xen Access Control Module.  -->
     6.8 +<!--             Currently: Chinese Wall and Simple Type Enforcement-->
     6.9 +<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd ">
    6.10 +	<PolicyHeader>
    6.11 +		<PolicyName>example.client_v1</PolicyName>
    6.12 +		<PolicyUrl>www.ibm.com/example/client_v1</PolicyUrl>
    6.13 +		<Date>2006-03-31</Date>
    6.14 +		<Version>1.0</Version>
    6.15 +	</PolicyHeader>
    6.16 +	<!--                                                        -->
    6.17 +	<!-- example of a simple type enforcement policy definition -->
    6.18 +	<!--                                                        -->
    6.19 +	<SimpleTypeEnforcement>
    6.20 +		<SimpleTypeEnforcementTypes>
    6.21 +			<Type>ste_SystemManagement</Type><!-- machine/security management -->
    6.22 +			<Type>ste_PersonalFinances</Type><!-- personal finances -->
    6.23 +			<Type>ste_InternetInsecure</Type><!-- games, active X, etc. -->
    6.24 +			<Type>ste_DonatedCycles</Type><!-- donation to BOINC/seti@home -->
    6.25 +			<Type>ste_PersistentStorageA</Type><!-- domain managing the harddrive A-->
    6.26 +			<Type>ste_NetworkAdapter0</Type><!-- type of the domain managing ethernet adapter 0-->
    6.27 +		</SimpleTypeEnforcementTypes>
    6.28 +	</SimpleTypeEnforcement>
    6.29 +	<!--                                             -->
    6.30 +	<!-- example of a chinese wall type definition   -->
    6.31 +	<!-- along with its conflict sets                -->
    6.32 +	<!-- (typse in a confict set are exclusive, i.e. -->
    6.33 +	<!--  once a Domain with one type of a set is    -->
    6.34 +	<!--  running, no other Domain with another type -->
    6.35 +	<!--  of the same conflict set can start.)       -->
    6.36 +	<ChineseWall priority="PrimaryPolicyComponent">
    6.37 +		<ChineseWallTypes>
    6.38 +			<Type>cw_SystemManagement</Type>
    6.39 +			<Type>cw_Sensitive</Type>
    6.40 +			<Type>cw_Isolated</Type>
    6.41 +			<Type>cw_Distrusted</Type>
    6.42 +		</ChineseWallTypes>
    6.43 +
    6.44 +		<ConflictSets>
    6.45 +			<Conflict name="Protection1">
    6.46 +				<Type>cw_Sensitive</Type>
    6.47 +				<Type>cw_Distrusted</Type>
    6.48 +			</Conflict>
    6.49 +		</ConflictSets>
    6.50 +	</ChineseWall>
    6.51 +	<SecurityLabelTemplate>
    6.52 +		<SubjectLabels bootstrap="dom_SystemManagement">
    6.53 +			<!-- single ste typed domains            -->
    6.54 +			<!-- ACM enforces that only domains with -->
    6.55 +			<!-- the same type can share information -->
    6.56 +			<!--                                     -->
    6.57 +			<!-- Bootstrap label is assigned to Dom0 -->
    6.58 +			<VirtualMachineLabel>
    6.59 +				<Name>dom_HomeBanking</Name>
    6.60 +				<SimpleTypeEnforcementTypes>
    6.61 +					<Type>ste_PersonalFinances</Type>
    6.62 +				</SimpleTypeEnforcementTypes>
    6.63 +
    6.64 +				<ChineseWallTypes>
    6.65 +					<Type>cw_Sensitive</Type>
    6.66 +				</ChineseWallTypes>
    6.67 +			</VirtualMachineLabel>
    6.68 +
    6.69 +			<VirtualMachineLabel>
    6.70 +				<Name>dom_Fun</Name>
    6.71 +				<SimpleTypeEnforcementTypes>
    6.72 +					<Type>ste_InternetInsecure</Type>
    6.73 +				</SimpleTypeEnforcementTypes>
    6.74 +
    6.75 +				<ChineseWallTypes>
    6.76 +					<Type>cw_Distrusted</Type>
    6.77 +				</ChineseWallTypes>
    6.78 +			</VirtualMachineLabel>
    6.79 +
    6.80 +			<VirtualMachineLabel>
    6.81 +				<!-- donating some cycles to seti@home -->
    6.82 +				<Name>dom_BoincClient</Name>
    6.83 +				<SimpleTypeEnforcementTypes>
    6.84 +					<Type>ste_DonatedCycles</Type>
    6.85 +				</SimpleTypeEnforcementTypes>
    6.86 +
    6.87 +				<ChineseWallTypes>
    6.88 +					<Type>cw_Isolated</Type>
    6.89 +				</ChineseWallTypes>
    6.90 +			</VirtualMachineLabel>
    6.91 +
    6.92 +			<!-- Domains with multiple ste types services; such domains   -->
    6.93 +			<!-- must keep the types inside their domain safely confined. -->
    6.94 +			<VirtualMachineLabel>
    6.95 +				<Name>dom_SystemManagement</Name>
    6.96 +				<SimpleTypeEnforcementTypes>
    6.97 +					<!-- since dom0 needs access to every domain and -->
    6.98 +					<!-- resource right now ... -->
    6.99 +					<Type>ste_SystemManagement</Type>
   6.100 +					<Type>ste_PersonalFinances</Type>
   6.101 +					<Type>ste_InternetInsecure</Type>
   6.102 +					<Type>ste_DonatedCycles</Type>
   6.103 +					<Type>ste_PersistentStorageA</Type>
   6.104 +					<Type>ste_NetworkAdapter0</Type>
   6.105 +				</SimpleTypeEnforcementTypes>
   6.106 +
   6.107 +				<ChineseWallTypes>
   6.108 +					<Type>cw_SystemManagement</Type>
   6.109 +				</ChineseWallTypes>
   6.110 +			</VirtualMachineLabel>
   6.111 +
   6.112 +			<VirtualMachineLabel>
   6.113 +				<!-- serves persistent storage to other domains -->
   6.114 +				<Name>dom_StorageDomain</Name>
   6.115 +				<SimpleTypeEnforcementTypes>
   6.116 +					<!-- access right to the resource (hard drive a) -->
   6.117 +					<Type>ste_PersistentStorageA</Type>
   6.118 +					<!-- can serve following types -->
   6.119 +					<Type>ste_PersonalFinances</Type>
   6.120 +					<Type>ste_InternetInsecure</Type>
   6.121 +				</SimpleTypeEnforcementTypes>
   6.122 +
   6.123 +				<ChineseWallTypes>
   6.124 +					<Type>cw_SystemManagement</Type>
   6.125 +				</ChineseWallTypes>
   6.126 +			</VirtualMachineLabel>
   6.127 +
   6.128 +			<VirtualMachineLabel>
   6.129 +				<!-- serves network access to other domains -->
   6.130 +				<Name>dom_NetworkDomain</Name>
   6.131 +				<SimpleTypeEnforcementTypes>
   6.132 +					<!-- access right to the resource (ethernet card) -->
   6.133 +					<Type>ste_NetworkAdapter0</Type>
   6.134 +					<!-- can serve following types -->
   6.135 +					<Type>ste_PersonalFinances</Type>
   6.136 +					<Type>ste_InternetInsecure</Type>
   6.137 +					<Type>ste_DonatedCycles</Type>
   6.138 +				</SimpleTypeEnforcementTypes>
   6.139 +
   6.140 +				<ChineseWallTypes>
   6.141 +					<Type>cw_SystemManagement</Type>
   6.142 +				</ChineseWallTypes>
   6.143 +			</VirtualMachineLabel>
   6.144 +		</SubjectLabels>
   6.145 +
   6.146 +		<ObjectLabels>
   6.147 +			<ResourceLabel>
   6.148 +				<Name>res_ManagementResource</Name>
   6.149 +				<SimpleTypeEnforcementTypes>
   6.150 +					<Type>ste_SystemManagement</Type>
   6.151 +				</SimpleTypeEnforcementTypes>
   6.152 +			</ResourceLabel>
   6.153 +
   6.154 +			<ResourceLabel>
   6.155 +				<Name>res_HardDrive(hda)</Name>
   6.156 +				<SimpleTypeEnforcementTypes>
   6.157 +					<Type>ste_PersistentStorageA</Type>
   6.158 +				</SimpleTypeEnforcementTypes>
   6.159 +			</ResourceLabel>
   6.160 +
   6.161 +			<ResourceLabel>
   6.162 +				<Name>res_LogicalDiskPartition1(hda1)</Name>
   6.163 +				<SimpleTypeEnforcementTypes>
   6.164 +					<Type>ste_PersonalFinances</Type>
   6.165 +				</SimpleTypeEnforcementTypes>
   6.166 +			</ResourceLabel>
   6.167 +
   6.168 +			<ResourceLabel>
   6.169 +				<Name>res_LogicalDiskPartition2(hda2)</Name>
   6.170 +				<SimpleTypeEnforcementTypes>
   6.171 +					<Type>ste_InternetInsecure</Type>
   6.172 +				</SimpleTypeEnforcementTypes>
   6.173 +			</ResourceLabel>
   6.174 +
   6.175 +			<ResourceLabel>
   6.176 +				<Name>res_EthernetCard</Name>
   6.177 +				<SimpleTypeEnforcementTypes>
   6.178 +					<Type>ste_NetworkAdapter0</Type>
   6.179 +				</SimpleTypeEnforcementTypes>
   6.180 +			</ResourceLabel>
   6.181 +
   6.182 +			<ResourceLabel>
   6.183 +				<Name>res_SecurityToken</Name>
   6.184 +				<SimpleTypeEnforcementTypes>
   6.185 +					<Type>ste_PersonalFinances</Type>
   6.186 +				</SimpleTypeEnforcementTypes>
   6.187 +			</ResourceLabel>
   6.188 +
   6.189 +			<ResourceLabel>
   6.190 +				<Name>res_GraphicsAdapter</Name>
   6.191 +				<SimpleTypeEnforcementTypes>
   6.192 +					<Type>ste_SystemManagement</Type>
   6.193 +				</SimpleTypeEnforcementTypes>
   6.194 +			</ResourceLabel>
   6.195 +		</ObjectLabels>
   6.196 +	</SecurityLabelTemplate>
   6.197 +</SecurityPolicyDefinition>
   6.198 +
     7.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     7.2 +++ b/tools/security/policies/example/test-security_policy.xml	Wed Apr 25 09:31:52 2007 +0100
     7.3 @@ -0,0 +1,97 @@
     7.4 +<?xml version="1.0" encoding="UTF-8"?>
     7.5 +<!-- Auto-generated by ezPolicy        -->
     7.6 +<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd ">
     7.7 +    <PolicyHeader>
     7.8 +        <PolicyName>example.test</PolicyName>
     7.9 +        <Date>Mon Apr 16 13:13:59 2007</Date>
    7.10 +        <Version>1.0</Version>
    7.11 +    </PolicyHeader>
    7.12 +
    7.13 +    <SimpleTypeEnforcement>
    7.14 +        <SimpleTypeEnforcementTypes>
    7.15 +            <Type>SystemManagement</Type>
    7.16 +            <Type>PepsiCo</Type>
    7.17 +            <Type>CocaCola</Type>
    7.18 +        </SimpleTypeEnforcementTypes>
    7.19 +    </SimpleTypeEnforcement>
    7.20 +
    7.21 +    <ChineseWall priority="PrimaryPolicyComponent">
    7.22 +        <ChineseWallTypes>
    7.23 +            <Type>SystemManagement</Type>
    7.24 +            <Type>PepsiCo</Type>
    7.25 +            <Type>CocaCola</Type>
    7.26 +            <Type>VIOServer</Type>
    7.27 +        </ChineseWallTypes>
    7.28 +
    7.29 +    </ChineseWall>
    7.30 +
    7.31 +    <SecurityLabelTemplate>
    7.32 +        <SubjectLabels bootstrap="SystemManagement">
    7.33 +            <VirtualMachineLabel>
    7.34 +                <Name>SystemManagement</Name>
    7.35 +                <SimpleTypeEnforcementTypes>
    7.36 +                    <Type>SystemManagement</Type>
    7.37 +                    <Type>PepsiCo</Type>
    7.38 +                    <Type>CocaCola</Type>
    7.39 +                </SimpleTypeEnforcementTypes>
    7.40 +                <ChineseWallTypes>
    7.41 +                    <Type>SystemManagement</Type>
    7.42 +                </ChineseWallTypes>
    7.43 +            </VirtualMachineLabel>
    7.44 +
    7.45 +            <VirtualMachineLabel>
    7.46 +                <Name>PepsiCo</Name>
    7.47 +                <SimpleTypeEnforcementTypes>
    7.48 +                    <Type>PepsiCo</Type>
    7.49 +                </SimpleTypeEnforcementTypes>
    7.50 +                <ChineseWallTypes>
    7.51 +                    <Type>PepsiCo</Type>
    7.52 +                </ChineseWallTypes>
    7.53 +            </VirtualMachineLabel>
    7.54 +
    7.55 +            <VirtualMachineLabel>
    7.56 +                <Name>CocaCola</Name>
    7.57 +                <SimpleTypeEnforcementTypes>
    7.58 +                    <Type>CocaCola</Type>
    7.59 +                </SimpleTypeEnforcementTypes>
    7.60 +                <ChineseWallTypes>
    7.61 +                    <Type>CocaCola</Type>
    7.62 +                </ChineseWallTypes>
    7.63 +            </VirtualMachineLabel>
    7.64 +
    7.65 +            <VirtualMachineLabel>
    7.66 +                <Name>VIO</Name>
    7.67 +                <SimpleTypeEnforcementTypes>
    7.68 +                    <Type>CocaCola</Type>
    7.69 +                    <Type>PepsiCo</Type>
    7.70 +                </SimpleTypeEnforcementTypes>
    7.71 +                <ChineseWallTypes>
    7.72 +                    <Type>VIOServer</Type>
    7.73 +                </ChineseWallTypes>
    7.74 +            </VirtualMachineLabel>
    7.75 +        </SubjectLabels>
    7.76 +
    7.77 +        <ObjectLabels>
    7.78 +            <ResourceLabel>
    7.79 +                <Name>SystemManagement</Name>
    7.80 +                <SimpleTypeEnforcementTypes>
    7.81 +                    <Type>SystemManagement</Type>
    7.82 +                </SimpleTypeEnforcementTypes>
    7.83 +            </ResourceLabel>
    7.84 +
    7.85 +            <ResourceLabel>
    7.86 +                <Name>PepsiCo</Name>
    7.87 +                <SimpleTypeEnforcementTypes>
    7.88 +                    <Type>PepsiCo</Type>
    7.89 +                </SimpleTypeEnforcementTypes>
    7.90 +            </ResourceLabel>
    7.91 +
    7.92 +            <ResourceLabel>
    7.93 +                <Name>CocaCola</Name>
    7.94 +                <SimpleTypeEnforcementTypes>
    7.95 +                    <Type>CocaCola</Type>
    7.96 +                </SimpleTypeEnforcementTypes>
    7.97 +            </ResourceLabel>
    7.98 +        </ObjectLabels>
    7.99 +    </SecurityLabelTemplate>
   7.100 +</SecurityPolicyDefinition>
     8.1 --- a/tools/security/python/xensec_gen/cgi-bin/policy.cgi	Tue Apr 24 23:40:40 2007 +0100
     8.2 +++ b/tools/security/python/xensec_gen/cgi-bin/policy.cgi	Wed Apr 25 09:31:52 2007 +0100
     8.3 @@ -1816,6 +1816,7 @@ def sendPHeaderXml( ):
     8.4  	# Policy header definition
     8.5  	print '<PolicyHeader>'
     8.6  	print '  <PolicyName>' + formPolicyName[1] + '</PolicyName>'
     8.7 +	print '  <Version>1.0</Version>'
     8.8  	if len( formPolicyUrl[1] ) > 0:
     8.9  		print '  <PolicyUrl>' + formPolicyUrl[1] + '</PolicyUrl>'
    8.10  	if len( formPolicyRef[1] ) > 0:
     9.1 --- a/tools/security/xensec_ezpolicy	Tue Apr 24 23:40:40 2007 +0100
     9.2 +++ b/tools/security/xensec_ezpolicy	Wed Apr 25 09:31:52 2007 +0100
     9.3 @@ -1131,15 +1131,16 @@ def dict_read(dictname, filename):
     9.4  
     9.5  #==================== Policy Generation/Translation functions
     9.6  
     9.7 -def printPolicyHeader (fd, policyname, timestamp):
     9.8 +def printPolicyHeader (fd, policyname, timestamp, version="1.0"):
     9.9      fd.write( """<?xml version=\"1.0\" encoding=\"UTF-8\"?>
    9.10  <!-- Auto-generated by ezPolicy        -->
    9.11  <SecurityPolicyDefinition xmlns=\"http://www.ibm.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://www.ibm.com ../../security_policy.xsd \">
    9.12      <PolicyHeader>
    9.13          <PolicyName>%s</PolicyName>
    9.14          <Date>%s</Date>
    9.15 +        <Version>%s</Version>
    9.16      </PolicyHeader>
    9.17 -""" % (policyname, timestamp))
    9.18 +""" % (policyname, timestamp, version))
    9.19  
    9.20  
    9.21  
    10.1 --- a/tools/xm-test/tests/security-acm/xm-test-security_policy.xml	Tue Apr 24 23:40:40 2007 +0100
    10.2 +++ b/tools/xm-test/tests/security-acm/xm-test-security_policy.xml	Wed Apr 25 09:31:52 2007 +0100
    10.3 @@ -4,6 +4,7 @@
    10.4      <PolicyHeader>
    10.5          <PolicyName>xm-test</PolicyName>
    10.6          <Date>Fri Sep 29 14:44:38 2006</Date>
    10.7 +        <Version>1.0</Version>
    10.8      </PolicyHeader>
    10.9  
   10.10      <SimpleTypeEnforcement>