ia64/xen-unstable

changeset 17361:ff32e4cd61af

xend: XSPolicy.can_run xend support

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author Keir Fraser <keir.fraser@citrix.com>
date Tue Apr 01 10:08:03 2008 +0100 (2008-04-01)
parents 6a7a61c26b14
children db943e8d1051
files tools/python/xen/util/xsconstants.py tools/python/xen/util/xsm/acm/acm.py tools/python/xen/xend/XendXSPolicy.py
line diff
     1.1 --- a/tools/python/xen/util/xsconstants.py	Tue Apr 01 10:07:35 2008 +0100
     1.2 +++ b/tools/python/xen/util/xsconstants.py	Tue Apr 01 10:08:03 2008 +0100
     1.3 @@ -57,7 +57,9 @@ XSERR_POLICY_NOT_LOADED        = 22 + XS
     1.4  XSERR_RESOURCE_ACCESS          = 23 + XSERR_BASE
     1.5  XSERR_HV_OP_FAILED             = 24 + XSERR_BASE
     1.6  XSERR_BOOTPOLICY_INSTALL_ERROR = 25 + XSERR_BASE
     1.7 -XSERR_LAST                     = 25 + XSERR_BASE ## KEEP LAST
     1.8 +XSERR_VM_NOT_AUTHORIZED        = 26 + XSERR_BASE
     1.9 +XSERR_VM_IN_CONFLICT           = 27 + XSERR_BASE
    1.10 +XSERR_LAST                     = 27 + XSERR_BASE ## KEEP LAST
    1.11  
    1.12  XSERR_MESSAGES = [
    1.13      '',
    1.14 @@ -85,7 +87,9 @@ XSERR_MESSAGES = [
    1.15      'The policy is not loaded',
    1.16      'Error accessing resource',
    1.17      'Operation failed in hypervisor',
    1.18 -    'Boot policy installation error'
    1.19 +    'Boot policy installation error',
    1.20 +    'VM is not authorized to run',
    1.21 +    'VM label conflicts with another VM'
    1.22  ]
    1.23  
    1.24  def xserr2string(err):
     2.1 --- a/tools/python/xen/util/xsm/acm/acm.py	Tue Apr 01 10:07:35 2008 +0100
     2.2 +++ b/tools/python/xen/util/xsm/acm/acm.py	Tue Apr 01 10:08:03 2008 +0100
     2.3 @@ -68,6 +68,7 @@ policy_name_re = re.compile(".*[chwall|s
     2.4  #decision hooks known to the hypervisor
     2.5  ACMHOOK_sharing = 1
     2.6  ACMHOOK_authorization = 2
     2.7 +ACMHOOK_conflictset = 3
     2.8  
     2.9  #other global variables
    2.10  NULL_SSIDREF = 0
    2.11 @@ -373,7 +374,7 @@ def label2ssidref(labelname, policyname,
    2.12          else:
    2.13              return (sec_ssid[0] << 16) | pri_ssid[0]
    2.14      finally:
    2.15 -       mapfile_unlock()
    2.16 +        mapfile_unlock()
    2.17  
    2.18  
    2.19  def refresh_ssidref(config):
    2.20 @@ -552,6 +553,18 @@ def hv_get_policy():
    2.21      return rc, bin_pol
    2.22  
    2.23  
    2.24 +def is_in_conflict(ssidref):
    2.25 +    """ Check whether the given ssidref is in conflict with any running
    2.26 +        domain.
    2.27 +    """
    2.28 +    decision = acm.getdecision('ssidref', str(ssidref),
    2.29 +                               'ssidref', str(ssidref),
    2.30 +                               ACMHOOK_conflictset)
    2.31 +    if decision == "DENIED":
    2.32 +        return True
    2.33 +    return False
    2.34 +
    2.35 +
    2.36  def set_policy(xs_type, xml, flags, overwrite):
    2.37      """
    2.38          Xend exports this function via XML-RPC
    2.39 @@ -1550,6 +1563,33 @@ def get_security_label(self, xspol=None)
    2.40      return label
    2.41  
    2.42  
    2.43 +def check_can_run(sec_label):
    2.44 +    """ Check whether a VM could run, given its vm label. A VM can run if
    2.45 +       - it is authorized
    2.46 +       - is not in conflict with any running domain
    2.47 +    """
    2.48 +    try:
    2.49 +        mapfile_lock()
    2.50 +
    2.51 +        if sec_label == None or sec_label == "":
    2.52 +            vm_label = ACM_LABEL_UNLABELED
    2.53 +        else:
    2.54 +            poltype, policy, vm_label = sec_label.split(':')
    2.55 +            if policy != get_active_policy_name():
    2.56 +                return -xsconstants.XSERR_BAD_POLICY_NAME
    2.57 +        ssidref = label2ssidref(vm_label, policy, 'dom')
    2.58 +        if ssidref != xsconstants.INVALID_SSIDREF:
    2.59 +            if not has_authorization(ssidref):
    2.60 +                return -xsconstants.XSERR_VM_NOT_AUTHORIZED
    2.61 +            if is_in_conflict(ssidref):
    2.62 +                return -xsconstants.XSERR_VM_IN_CONFLICT
    2.63 +            return -xsconstants.XSERR_SUCCESS
    2.64 +        else:
    2.65 +            return -xsconstants.XSERR_BAD_LABEL
    2.66 +    finally:
    2.67 +        mapfile_unlock()
    2.68 +
    2.69 +
    2.70  __cond = threading.Condition()
    2.71  __script_runner = None
    2.72  __orders = []
     3.1 --- a/tools/python/xen/xend/XendXSPolicy.py	Tue Apr 01 10:07:35 2008 +0100
     3.2 +++ b/tools/python/xen/xend/XendXSPolicy.py	Tue Apr 01 10:08:03 2008 +0100
     3.3 @@ -48,7 +48,8 @@ class XendXSPolicy(XendBase):
     3.4                    'rm_xsbootpolicy',
     3.5                    'get_resource_label',
     3.6                    'set_resource_label',
     3.7 -                  'get_labeled_resources' ]
     3.8 +                  'get_labeled_resources',
     3.9 +                  'can_run' ]
    3.10          return XendBase.getFuncs() + funcs
    3.11  
    3.12      getClass    = classmethod(getClass)
    3.13 @@ -190,6 +191,12 @@ class XendXSPolicy(XendBase):
    3.14          res = security.get_resource_label_xapi(resource)
    3.15          return res
    3.16  
    3.17 +    def can_run(self, sec_label):
    3.18 +        irc = security.validate_label_xapi(sec_label, 'dom')
    3.19 +        if irc != xsconstants.XSERR_SUCCESS:
    3.20 +            raise SecurityError(irc)
    3.21 +        return security.check_can_run(sec_label)
    3.22 +
    3.23      get_xstype      = classmethod(get_xstype)
    3.24      get_xspolicy    = classmethod(get_xspolicy)
    3.25      set_xspolicy    = classmethod(set_xspolicy)
    3.26 @@ -198,6 +205,7 @@ class XendXSPolicy(XendBase):
    3.27      set_resource_label = classmethod(set_resource_label)
    3.28      get_resource_label = classmethod(get_resource_label)
    3.29      get_labeled_resources = classmethod(get_labeled_resources)
    3.30 +    can_run = classmethod(can_run)
    3.31  
    3.32  
    3.33  class XendACMPolicy(XendXSPolicy):