ia64/xen-unstable

changeset 15962:40d88481cd3f

XSM:FLASK support for domain management under Xen-API
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
author Keir Fraser <keir@xensource.com>
date Sun Sep 23 12:45:07 2007 +0100 (2007-09-23)
parents 5957d62f7290
children 4fdcea9881b2
files tools/python/xen/util/xsm/acm/acm.py tools/python/xen/util/xsm/dummy/dummy.py tools/python/xen/util/xsm/flask/flask.py tools/python/xen/xend/XendDomainInfo.py tools/python/xen/xm/xenapi_create.py
line diff
     1.1 --- a/tools/python/xen/util/xsm/acm/acm.py	Sun Sep 23 12:18:36 2007 +0100
     1.2 +++ b/tools/python/xen/util/xsm/acm/acm.py	Sun Sep 23 12:45:07 2007 +0100
     1.3 @@ -1308,12 +1308,33 @@ def parse_security_label(security_label)
     1.4          return security_label
     1.5  
     1.6  def set_security_label(policy, label):
     1.7 -    policytype = xsconstants.ACM_POLICY_ID
     1.8      if label != "" and policy != "":
     1.9 -        return "%s:%s:%s" % (policytype, policy, label)
    1.10 +        return "%s:%s:%s" % (xsconstants.ACM_POLICY_ID, policy, label)
    1.11      else:
    1.12          return ""
    1.13  
    1.14  def ssidref2security_label(ssidref):
    1.15      from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance
    1.16      return XSPolicyAdminInstance().ssidref_to_vmlabel(ssidref)
    1.17 +
    1.18 +def get_security_label(self, xspol=None):
    1.19 +    """
    1.20 +       Get the security label of a domain
    1.21 +       @param xspol   The policy to use when converting the ssid into
    1.22 +                      a label; only to be passed during the updating
    1.23 +                      of the policy
    1.24 +    """
    1.25 +    domid = self.getDomid()
    1.26 +
    1.27 +    if not xspol:
    1.28 +        from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance
    1.29 +        xspol = XSPolicyAdminInstance().get_loaded_policy()
    1.30 +
    1.31 +    if domid == 0:
    1.32 +        if xspol:
    1.33 +            label = xspol.policy_get_domain_label_formatted(domid)
    1.34 +        else:
    1.35 +            label = ""
    1.36 +    else:
    1.37 +        label = self.info.get('security_label', '')
    1.38 +    return label
     2.1 --- a/tools/python/xen/util/xsm/dummy/dummy.py	Sun Sep 23 12:18:36 2007 +0100
     2.2 +++ b/tools/python/xen/util/xsm/dummy/dummy.py	Sun Sep 23 12:45:07 2007 +0100
     2.3 @@ -51,3 +51,6 @@ def ssidref2security_label(ssidref):
     2.4  
     2.5  def has_authorization(ssidref):
     2.6      return True
     2.7 +
     2.8 +def get_security_label(self, xspol=None):
     2.9 +    return ""
     3.1 --- a/tools/python/xen/util/xsm/flask/flask.py	Sun Sep 23 12:18:36 2007 +0100
     3.2 +++ b/tools/python/xen/util/xsm/flask/flask.py	Sun Sep 23 12:45:07 2007 +0100
     3.3 @@ -35,3 +35,7 @@ def set_security_label(policy, label):
     3.4  
     3.5  def ssidref2security_label(ssidref):
     3.6      return ssidref2label(ssidref)
     3.7 +
     3.8 +def get_security_label(self, xspol=None):
     3.9 +    label = self.info.get('security_label', '')
    3.10 +    return label
     4.1 --- a/tools/python/xen/xend/XendDomainInfo.py	Sun Sep 23 12:18:36 2007 +0100
     4.2 +++ b/tools/python/xen/xend/XendDomainInfo.py	Sun Sep 23 12:45:07 2007 +0100
     4.3 @@ -2275,25 +2275,8 @@ class XendDomainInfo:
     4.4  
     4.5  
     4.6      def get_security_label(self, xspol=None):
     4.7 -        """
     4.8 -           Get the security label of a domain
     4.9 -           @param xspol   The policy to use when converting the ssid into
    4.10 -                          a label; only to be passed during the updating
    4.11 -                          of the policy
    4.12 -        """
    4.13 -        domid = self.getDomid()
    4.14 -
    4.15 -        if not xspol:
    4.16 -            from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance
    4.17 -            xspol = XSPolicyAdminInstance().get_loaded_policy()
    4.18 -
    4.19 -        if domid == 0:
    4.20 -            if xspol:
    4.21 -                label = xspol.policy_get_domain_label_formatted(domid)
    4.22 -            else:
    4.23 -                label = ""
    4.24 -        else:
    4.25 -            label = self.info.get('security_label', '')
    4.26 +        import xen.util.xsm.xsm as security
    4.27 +        label = security.get_security_label(self, xspol)
    4.28          return label
    4.29  
    4.30      def set_security_label(self, seclab, old_seclab, xspol=None,
     5.1 --- a/tools/python/xen/xm/xenapi_create.py	Sun Sep 23 12:18:36 2007 +0100
     5.2 +++ b/tools/python/xen/xm/xenapi_create.py	Sun Sep 23 12:45:07 2007 +0100
     5.3 @@ -26,6 +26,7 @@ from xen.xend.XendAPIConstants import XE
     5.4       XEN_API_ON_CRASH_BEHAVIOUR
     5.5  from xen.xm.opts import OptionError
     5.6  from xen.util import xsconstants
     5.7 +import xen.util.xsm.xsm as security
     5.8  
     5.9  import sys
    5.10  import os
    5.11 @@ -569,7 +570,7 @@ class sxp2xml:
    5.12          if sec_data:
    5.13              try :
    5.14                  vm.attributes['security_label'] = \
    5.15 -                      "%s:%s:%s" % (xsconstants.ACM_POLICY_ID, sec_data[0][1][1],sec_data[0][2][1])
    5.16 +                                    security.set_security_label(sec_data[0][1][1],sec_data[0][2][1])
    5.17              except Exception, e:
    5.18                  raise "Invalid security data format: %s" % str(sec_data)
    5.19  
    5.20 @@ -753,11 +754,7 @@ class sxp2xml:
    5.21          policy = get_child_by_name(vif_sxp, "policy")
    5.22          label = get_child_by_name(vif_sxp, "label")
    5.23  
    5.24 -        if label and policy:
    5.25 -            vif.attributes["security_label"] \
    5.26 -                 = "%s:%s:%s" % (xsconstants.ACM_POLICY_ID, policy, label)
    5.27 -        else:
    5.28 -            vif.attributes["security_label"] = ""
    5.29 +        vif.attributes["security_label"] = security.set_security_label(policy, label)
    5.30  
    5.31          if get_child_by_name(vif_sxp, "bridge") is not None:
    5.32              vif.attributes["network"] \