debuggers.hg

view tools/python/xen/xend/XendXSPolicy.py @ 0:7d21f7218375

Exact replica of unstable on 051908 + README-this
author Mukesh Rathor
date Mon May 19 15:34:57 2008 -0700 (2008-05-19)
parents
children
line source
1 #============================================================================
2 # This library is free software; you can redistribute it and/or
3 # modify it under the terms of version 2.1 of the GNU Lesser General Public
4 # License as published by the Free Software Foundation.
5 #
6 # This library is distributed in the hope that it will be useful,
7 # but WITHOUT ANY WARRANTY; without even the implied warranty of
8 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
9 # Lesser General Public License for more details.
10 #
11 # You should have received a copy of the GNU Lesser General Public
12 # License along with this library; if not, write to the Free Software
13 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
14 #============================================================================
15 # Copyright (c) 2007 IBM Corporation
16 # Copyright (c) 2006 Xensource
17 #============================================================================
19 import base64
20 import logging
21 from xen.xend import XendDomain
22 from xen.xend.XendBase import XendBase
23 from xen.xend.XendError import *
24 from xen.xend.XendAPIConstants import *
25 from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance
26 from xen.util import xsconstants
27 import xen.util.xsm.xsm as security
29 log = logging.getLogger("xend.XendXSPolicy")
30 log.setLevel(logging.TRACE)
33 class XendXSPolicy(XendBase):
34 """ Administration class for an XSPolicy. """
36 def getClass(self):
37 return "XSPolicy"
39 def getMethods(self):
40 methods = ['activate_xspolicy']
41 return XendBase.getMethods() + methods
43 def getFuncs(self):
44 funcs = [ 'get_xstype',
45 'set_xspolicy',
46 'reset_xspolicy',
47 'get_xspolicy',
48 'rm_xsbootpolicy',
49 'get_resource_label',
50 'set_resource_label',
51 'get_labeled_resources',
52 'can_run' ]
53 return XendBase.getFuncs() + funcs
55 getClass = classmethod(getClass)
56 getMethods = classmethod(getMethods)
57 getFuncs = classmethod(getFuncs)
59 def __init__(self, xspol, record, uuid):
60 """ xspol = actual XSPolicy object """
61 self.xspol = xspol
62 XendBase.__init__(self, uuid, record)
64 def get_record(self):
65 xspol_record = {
66 'uuid' : self.get_uuid(),
67 'flags' : XSPolicyAdminInstance().get_policy_flags(self.xspol),
68 'repr' : self.xspol.toxml(),
69 'type' : self.xspol.get_type(),
70 }
71 return xspol_record
73 def get_xstype(self):
74 return XSPolicyAdminInstance().isXSEnabled()
76 def set_xspolicy(self, xstype, xml, flags, overwrite):
77 ref = ""
78 xstype = int(xstype)
79 flags = int(flags)
81 polstate = { 'xs_ref': "", 'repr' : "", 'type' : 0,
82 'flags' : 0 , 'version': 0 , 'errors' : "", 'xserr' : 0 }
83 if xstype == xsconstants.XS_POLICY_ACM:
84 poladmin = XSPolicyAdminInstance()
85 try:
86 (xspol, rc, errors) = poladmin.add_acmpolicy_to_system(
87 xml, flags,
88 overwrite)
89 if rc != 0:
90 polstate.update( { 'xserr' : rc,
91 'errors': base64.b64encode(errors) } )
92 else:
93 ref = xspol.get_ref()
94 polstate = {
95 'xs_ref' : ref,
96 'flags' : poladmin.get_policy_flags(xspol),
97 'type' : xstype,
98 'repr' : "",
99 'version': xspol.get_version(),
100 'errors' : base64.b64encode(errors),
101 'xserr' : rc,
102 }
103 except Exception, e:
104 raise
105 else:
106 raise SecurityError(-xsconstants.XSERR_POLICY_TYPE_UNSUPPORTED)
107 return polstate
110 def reset_xspolicy(self, xstype):
111 xstype = int(xstype)
112 polstate = { 'xs_ref': "", 'repr' : "", 'type' : 0,
113 'flags' : 0 , 'version': 0 , 'errors' : "", 'xserr' : 0 }
114 if xstype == xsconstants.XS_POLICY_ACM:
115 poladmin = XSPolicyAdminInstance()
116 try:
117 (xspol, rc, errors) = poladmin.reset_acmpolicy()
118 if rc != 0:
119 polstate.update( { 'xserr' : rc,
120 'errors': base64.b64encode(errors) } )
121 else:
122 ref = xspol.get_ref()
123 polstate = {
124 'xs_ref' : ref,
125 'flags' : poladmin.get_policy_flags(xspol),
126 'type' : xstype,
127 'repr' : "",
128 'version': xspol.get_version(),
129 'errors' : base64.b64encode(errors),
130 'xserr' : rc,
131 }
132 except Exception, e:
133 raise
134 else:
135 raise SecurityError(-xsconstants.XSERR_POLICY_TYPE_UNSUPPORTED)
136 return polstate
139 def activate_xspolicy(self, flags):
140 flags = int(flags)
141 rc = -xsconstants.XSERR_GENERAL_FAILURE
142 poladmin = XSPolicyAdminInstance()
143 try:
144 rc = poladmin.activate_xspolicy(self.xspol, flags)
145 except Exception, e:
146 log.info("Activate_policy: %s" % str(e))
147 if rc != flags:
148 raise SecurityError(rc)
149 return flags
151 def get_xspolicy(self):
152 polstate = { 'xs_ref' : "",
153 'repr' : "",
154 'type' : 0,
155 'flags' : 0,
156 'version': "",
157 'errors' : "",
158 'xserr' : 0 }
159 poladmin = XSPolicyAdminInstance()
160 refs = poladmin.get_policies_refs()
161 # Will return one or no policy
162 if refs and len(refs) > 0:
163 ref = refs[0]
164 xspol = XSPolicyAdminInstance().policy_from_ref(ref)
165 if xspol:
166 polstate = {
167 'xs_ref' : ref,
168 'repr' : xspol.toxml(),
169 'type' : xspol.get_type(),
170 'flags' : poladmin.get_policy_flags(xspol),
171 'version': xspol.get_version(),
172 'errors' : "",
173 'xserr' : 0,
174 }
175 return polstate
177 def rm_xsbootpolicy(self):
178 rc = XSPolicyAdminInstance().rm_bootpolicy()
179 if rc != xsconstants.XSERR_SUCCESS:
180 raise SecurityError(rc)
182 def get_labeled_resources(self):
183 return security.get_labeled_resources_xapi()
185 def set_resource_label(self, resource, sec_lab, old_lab):
186 rc = security.set_resource_label_xapi(resource, sec_lab, old_lab)
187 if rc != xsconstants.XSERR_SUCCESS:
188 raise SecurityError(rc)
190 def get_resource_label(self, resource):
191 res = security.get_resource_label_xapi(resource)
192 return res
194 def can_run(self, sec_label):
195 irc = security.validate_label_xapi(sec_label, 'dom')
196 if irc != xsconstants.XSERR_SUCCESS:
197 raise SecurityError(irc)
198 return security.check_can_run(sec_label)
200 get_xstype = classmethod(get_xstype)
201 get_xspolicy = classmethod(get_xspolicy)
202 set_xspolicy = classmethod(set_xspolicy)
203 reset_xspolicy = classmethod(reset_xspolicy)
204 rm_xsbootpolicy = classmethod(rm_xsbootpolicy)
205 set_resource_label = classmethod(set_resource_label)
206 get_resource_label = classmethod(get_resource_label)
207 get_labeled_resources = classmethod(get_labeled_resources)
208 can_run = classmethod(can_run)
211 class XendACMPolicy(XendXSPolicy):
212 """ Administration class of an ACMPolicy """
214 def getClass(self):
215 return "ACMPolicy"
217 def getAttrRO(self):
218 attrRO = [ 'xml',
219 'map',
220 'binary',
221 'header' ]
222 return XendXSPolicy.getAttrRO() + attrRO
224 def getFuncs(self):
225 funcs = [ 'get_enforced_binary', 'get_VM_ssidref' ]
226 return XendBase.getFuncs() + funcs
228 getClass = classmethod(getClass)
229 getAttrRO = classmethod(getAttrRO)
230 getFuncs = classmethod(getFuncs)
232 def __init__(self, acmpol, record, uuid):
233 """ acmpol = actual ACMPolicy object """
234 self.acmpol = acmpol
235 XendXSPolicy.__init__(self, acmpol, record, uuid)
237 def get_record(self):
238 polstate = {
239 'uuid' : self.get_uuid(),
240 'flags' : XSPolicyAdminInstance().get_policy_flags(self.acmpol),
241 'repr' : self.acmpol.toxml(),
242 'type' : self.acmpol.get_type(),
243 }
244 return polstate
246 def get_header(self):
247 header = {
248 'policyname' : "", 'policyurl' : "", 'reference' : "",
249 'date' : "", 'namespaceurl' : "", 'version' : "",
250 }
251 try:
252 header = self.acmpol.get_header_fields_map()
253 except:
254 pass
255 return header
257 def get_xml(self):
258 return self.acmpol.toxml()
260 def get_map(self):
261 return self.acmpol.get_map()
263 def get_binary(self):
264 polbin = self.acmpol.get_bin()
265 return base64.b64encode(polbin)
267 def get_VM_ssidref(self, vm_ref):
268 dom = XendDomain.instance().get_vm_by_uuid(vm_ref)
269 if not dom:
270 raise InvalidHandleError("VM", vm_ref)
271 if dom._stateGet() not in [ XEN_API_VM_POWER_STATE_RUNNING, \
272 XEN_API_VM_POWER_STATE_PAUSED ]:
273 raise VMBadState("Domain is not running or paused.")
274 ssid = security.get_ssid(dom.getDomid())
275 if not ssid:
276 raise SecurityError(-xsconstants.XSERR_GENERAL_FAILURE)
277 return ssid[3]
279 def get_enforced_binary(self):
280 polbin = XSPolicyAdminInstance(). \
281 get_enforced_binary(xsconstants.XS_POLICY_ACM)
282 if polbin:
283 return base64.b64encode(polbin)
284 return None
286 get_enforced_binary = classmethod(get_enforced_binary)
287 get_VM_ssidref = classmethod(get_VM_ssidref)