debuggers.hg
changeset 16560:54482c56e435
Implement legacy XML-RPC interface for ACM commands.
This patch moves the directory of files where xend is writing policies
and resource labels into to /var/lib/xend/security/policies.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
This patch moves the directory of files where xend is writing policies
and resource labels into to /var/lib/xend/security/policies.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
| author | Keir Fraser <keir.fraser@citrix.com> |
|---|---|
| date | Wed Dec 05 09:45:13 2007 +0000 (2007-12-05) |
| parents | 5255eac35270 |
| children | 9cc381efbc29 |
| files | tools/python/xen/util/acmpolicy.py tools/python/xen/util/xsm/acm/acm.py tools/python/xen/xend/XendOptions.py tools/python/xen/xend/XendXSPolicyAdmin.py tools/python/xen/xm/setpolicy.py tools/security/Makefile tools/security/policies/DEFAULT-UL-security_policy.xml tools/security/policies/default-security_policy.xml tools/security/policies/default-ul-security_policy.xml |
line diff
1.1 --- a/tools/python/xen/util/acmpolicy.py Wed Dec 05 09:44:20 2007 +0000 1.2 +++ b/tools/python/xen/util/acmpolicy.py Wed Dec 05 09:45:13 2007 +0000 1.3 @@ -1,4 +1,4 @@ 1.4 - #============================================================================ 1.5 +#============================================================================ 1.6 # This library is free software; you can redistribute it and/or 1.7 # modify it under the terms of version 2.1 of the GNU Lesser General Public 1.8 # License as published by the Free Software Foundation. 1.9 @@ -17,10 +17,11 @@ 1.10 #============================================================================ 1.11 1.12 import os 1.13 -import commands 1.14 -import struct 1.15 import stat 1.16 import array 1.17 +import struct 1.18 +import shutil 1.19 +import commands 1.20 from xml.dom import minidom, Node 1.21 from xen.xend.XendLogging import log 1.22 from xen.util import xsconstants, bootloader, mkdir 1.23 @@ -28,6 +29,7 @@ from xen.util.xspolicy import XSPolicy 1.24 from xen.xend.XendError import SecurityError 1.25 import xen.util.xsm.acm.acm as security 1.26 from xen.util.xsm.xsm import XSMError 1.27 +from xen.xend import XendOptions 1.28 1.29 ACM_POLICIES_DIR = security.policy_dir_prefix + "/" 1.30 1.31 @@ -64,6 +66,73 @@ ACM_CHWALL_CONFLICT = 0x103 1.32 ACM_SSIDREF_IN_USE = 0x104 1.33 1.34 1.35 +DEFAULT_policy = \ 1.36 +"<?xml version=\"1.0\" ?>\n" +\ 1.37 +"<SecurityPolicyDefinition xmlns=\"http://www.ibm.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://www.ibm.com ../../security_policy.xsd\">\n" +\ 1.38 +" <PolicyHeader>\n" +\ 1.39 +" <PolicyName>DEFAULT</PolicyName>\n" +\ 1.40 +" <Version>1.0</Version>\n" +\ 1.41 +" </PolicyHeader>\n" +\ 1.42 +" <SimpleTypeEnforcement>\n" +\ 1.43 +" <SimpleTypeEnforcementTypes>\n" +\ 1.44 +" <Type>SystemManagement</Type>\n" +\ 1.45 +" </SimpleTypeEnforcementTypes>\n" +\ 1.46 +" </SimpleTypeEnforcement>\n" +\ 1.47 +" <ChineseWall>\n" +\ 1.48 +" <ChineseWallTypes>\n" +\ 1.49 +" <Type>SystemManagement</Type>\n" +\ 1.50 +" </ChineseWallTypes>\n" +\ 1.51 +" </ChineseWall>\n" +\ 1.52 +" <SecurityLabelTemplate>\n" +\ 1.53 +" <SubjectLabels bootstrap=\"SystemManagement\">\n" +\ 1.54 +" <VirtualMachineLabel>\n" +\ 1.55 +" <Name>SystemManagement</Name>\n" +\ 1.56 +" <SimpleTypeEnforcementTypes>\n" +\ 1.57 +" <Type>SystemManagement</Type>\n" +\ 1.58 +" </SimpleTypeEnforcementTypes>\n" +\ 1.59 +" <ChineseWallTypes>\n" +\ 1.60 +" <Type/>\n" +\ 1.61 +" </ChineseWallTypes>\n" +\ 1.62 +" </VirtualMachineLabel>\n" +\ 1.63 +" </SubjectLabels>\n" +\ 1.64 +" </SecurityLabelTemplate>\n" +\ 1.65 +"</SecurityPolicyDefinition>\n" 1.66 + 1.67 + 1.68 +def get_DEFAULT_policy(): 1.69 + return DEFAULT_policy 1.70 + 1.71 +def initialize(): 1.72 + xoptions = XendOptions.instance() 1.73 + basedir = xoptions.get_xend_security_path() 1.74 + policiesdir = basedir + "/policies" 1.75 + mkdir.parents(policiesdir, stat.S_IRWXU) 1.76 + 1.77 + instdir = security.install_policy_dir_prefix 1.78 + DEF_policy_file = "DEFAULT-security_policy.xml" 1.79 + xsd_file = "security_policy.xsd" 1.80 + 1.81 + files = [ xsd_file ] 1.82 + 1.83 + for file in files: 1.84 + if not os.path.isfile(policiesdir + "/" + file ): 1.85 + try: 1.86 + shutil.copyfile(instdir + "/" + file, 1.87 + policiesdir + "/" + file) 1.88 + except Exception, e: 1.89 + log.info("could not copy '%s': %s" % 1.90 + (file, str(e))) 1.91 + #Install default policy. 1.92 + f = open(policiesdir + "/" + DEF_policy_file, 'w') 1.93 + if f: 1.94 + f.write(get_DEFAULT_policy()) 1.95 + f.close() 1.96 + else: 1.97 + log.error("Could not write the default policy's file.") 1.98 + defpol = ACMPolicy(xml=get_DEFAULT_policy()) 1.99 + defpol.compile() 1.100 + 1.101 + 1.102 class ACMPolicy(XSPolicy): 1.103 """ 1.104 ACMPolicy class. Implements methods for getting information from 1.105 @@ -92,7 +161,6 @@ class ACMPolicy(XSPolicy): 1.106 rc = self.validate() 1.107 if rc != xsconstants.XSERR_SUCCESS: 1.108 raise SecurityError(rc) 1.109 - mkdir.parents(ACM_POLICIES_DIR, stat.S_IRWXU) 1.110 if ref: 1.111 from xen.xend.XendXSPolicy import XendACMPolicy 1.112 self.xendacmpolicy = XendACMPolicy(self, {}, ref) 1.113 @@ -341,8 +409,13 @@ class ACMPolicy(XSPolicy): 1.114 minor = int(tmp[1]) 1.115 return (major, minor) 1.116 1.117 + def get_policies_path(self): 1.118 + xoptions = XendOptions.instance() 1.119 + basedir = xoptions.get_xend_security_path() 1.120 + return basedir + "/policies/" 1.121 1.122 - def policy_path(self, name, prefix = ACM_POLICIES_DIR ): 1.123 + def policy_path(self, name): 1.124 + prefix = self.get_policies_path() 1.125 path = prefix + name.replace('.','/') 1.126 _path = path.split("/") 1.127 del _path[-1] 1.128 @@ -394,12 +467,14 @@ class ACMPolicy(XSPolicy): 1.129 # 1.130 # Utility functions related to the policy's files 1.131 # 1.132 - def get_filename(self, postfix, prefix = ACM_POLICIES_DIR, dotted=False): 1.133 + def get_filename(self, postfix, prefix=None, dotted=False): 1.134 """ 1.135 Create the filename for the policy. The prefix is prepended 1.136 to the path. If dotted is True, then a policy name like 1.137 'a.b.c' will remain as is, otherwise it will become 'a/b/c' 1.138 """ 1.139 + if prefix == None: 1.140 + prefix = self.get_policies_path() 1.141 name = self.get_name() 1.142 if name: 1.143 p = name.split(".") 1.144 @@ -432,6 +507,17 @@ class ACMPolicy(XSPolicy): 1.145 def get_bin(self): 1.146 return self.__readfile(".bin") 1.147 1.148 + def copy_policy_file(self, suffix, destdir): 1.149 + spolfile = self.get_filename(suffix) 1.150 + dpolfile = destdir + "/" + self.get_filename(suffix,"",dotted=True) 1.151 + try: 1.152 + shutil.copyfile(spolfile, dpolfile) 1.153 + except Exception, e: 1.154 + log.error("Could not copy policy file %s to %s: %s" % 1.155 + (spolfile, dpolfile, str(e))) 1.156 + return -xsconstants.XSERR_FILE_ERROR 1.157 + return xsconstants.XSERR_SUCCESS 1.158 + 1.159 # 1.160 # DOM-related functions 1.161 # 1.162 @@ -831,9 +917,14 @@ class ACMPolicy(XSPolicy): 1.163 if path: 1.164 f = open(path, 'w') 1.165 if f: 1.166 - f.write(self.toxml()) 1.167 - f.close() 1.168 - rc = 0 1.169 + try: 1.170 + try: 1.171 + f.write(self.toxml()) 1.172 + rc = 0 1.173 + except: 1.174 + pass 1.175 + finally: 1.176 + f.close() 1.177 return rc 1.178 1.179 def __write_to_file(self, suffix, data):
2.1 --- a/tools/python/xen/util/xsm/acm/acm.py Wed Dec 05 09:44:20 2007 +0000 2.2 +++ b/tools/python/xen/util/xsm/acm/acm.py Wed Dec 05 09:45:13 2007 +0000 2.3 @@ -35,7 +35,8 @@ from xen.util import dictio, xsconstants 2.4 from xen.xend.XendConstants import * 2.5 2.6 #global directories and tools for security management 2.7 -security_dir_prefix = "/etc/xen/acm-security" 2.8 +install_policy_dir_prefix = "/etc/xen/acm-security/policies" 2.9 +security_dir_prefix = XendOptions.instance().get_xend_security_path() 2.10 policy_dir_prefix = security_dir_prefix + "/policies" 2.11 res_label_filename = policy_dir_prefix + "/resource_labels" 2.12 boot_filename = "/boot/grub/menu.lst" 2.13 @@ -323,7 +324,7 @@ def label2ssidref(labelname, policyname, 2.14 maps current policy to default directory 2.15 to find mapping file """ 2.16 2.17 - if policyname in ['NULL', 'INACTIVE', 'DEFAULT', 'INACCESSIBLE' ]: 2.18 + if policyname in ['NULL', 'INACTIVE', 'INACCESSIBLE' ]: 2.19 err("Cannot translate labels for \'" + policyname + "\' policy.") 2.20 2.21 allowed_types = ['ANY'] 2.22 @@ -447,10 +448,8 @@ def get_ssid(domain): 2.23 except: 2.24 err("Cannot determine security information.") 2.25 2.26 - if active_policy in ["DEFAULT"]: 2.27 - label = "DEFAULT" 2.28 - else: 2.29 - label = ssidref2label(ssid_info["ssidref"]) 2.30 + label = ssidref2label(ssid_info["ssidref"]) 2.31 + 2.32 return(ssid_info["policyreference"], 2.33 label, 2.34 ssid_info["policytype"],
3.1 --- a/tools/python/xen/xend/XendOptions.py Wed Dec 05 09:44:20 2007 +0000 3.2 +++ b/tools/python/xen/xend/XendOptions.py Wed Dec 05 09:45:13 2007 +0000 3.3 @@ -120,6 +120,9 @@ class XendOptions: 3.4 """Default xend QCoW storage repository location.""" 3.5 xend_storage_path_default = '/var/lib/xend/storage' 3.6 3.7 + """Default xend security state storage path.""" 3.8 + xend_security_path_default = '/var/lib/xend/security' 3.9 + 3.10 """Default script to configure a backend network interface""" 3.11 vif_script = osdep.vif_script 3.12 3.13 @@ -245,6 +248,11 @@ class XendOptions: 3.14 """ 3.15 return self.get_config_string("xend-storage-path", self.xend_storage_path_default) 3.16 3.17 + def get_xend_security_path(self): 3.18 + """ Get the path for security state 3.19 + """ 3.20 + return self.get_config_string("xend-security-path", self.xend_security_path_default) 3.21 + 3.22 def get_network_script(self): 3.23 """@return the script used to alter the network configuration when 3.24 Xend starts and stops, or None if no such script is specified."""
4.1 --- a/tools/python/xen/xend/XendXSPolicyAdmin.py Wed Dec 05 09:44:20 2007 +0000 4.2 +++ b/tools/python/xen/xend/XendXSPolicyAdmin.py Wed Dec 05 09:45:13 2007 +0000 4.3 @@ -22,10 +22,10 @@ from xml.dom import minidom, Node 4.4 4.5 from xen.xend.XendLogging import log 4.6 from xen.xend import uuid 4.7 -from xen.util import xsconstants, dictio, bootloader 4.8 +from xen.util import xsconstants, bootloader 4.9 import xen.util.xsm.acm.acm as security 4.10 from xen.util.xspolicy import XSPolicy 4.11 -from xen.util.acmpolicy import ACMPolicy 4.12 +from xen.util.acmpolicy import ACMPolicy, initialize 4.13 from xen.xend.XendError import SecurityError 4.14 4.15 4.16 @@ -48,6 +48,7 @@ class XSPolicyAdmin: 4.17 self.xsobjs = {} 4.18 4.19 act_pol_name = self.get_hv_loaded_policy_name() 4.20 + initialize() 4.21 4.22 ref = uuid.createString() 4.23 try: 4.24 @@ -59,6 +60,7 @@ class XSPolicyAdmin: 4.25 4.26 log.debug("XSPolicyAdmin: Known policies: %s" % self.policies) 4.27 4.28 + 4.29 def isXSEnabled(self): 4.30 """ Check whether 'security' is enabled on this system. 4.31 This currently only checks for ACM-enablement. 4.32 @@ -99,12 +101,23 @@ class XSPolicyAdmin: 4.33 # This is meant as an update to a currently loaded policy 4.34 if flags & xsconstants.XS_INST_LOAD == 0: 4.35 raise SecurityError(-xsconstants.XSERR_POLICY_LOADED) 4.36 - if flags & xsconstants.XS_INST_BOOT == 0: 4.37 - self.rm_bootpolicy() 4.38 + 4.39 + # Remember old flags, so they can be restored if update fails 4.40 + old_flags = self.get_policy_flags(loadedpol) 4.41 + 4.42 + # Remove policy from bootloader in case of new name of policy 4.43 + self.rm_bootpolicy() 4.44 + 4.45 rc, errors = loadedpol.update(xmltext) 4.46 if rc == 0: 4.47 irc = self.activate_xspolicy(loadedpol, flags) 4.48 # policy is loaded; if setting the boot flag fails it's ok. 4.49 + else: 4.50 + old_flags = old_flags & xsconstants.XS_INST_BOOT 4.51 + log.info("OLD FLAGS TO RESTORE: %s" % str(old_flags)) 4.52 + if old_flags != 0: 4.53 + self.activate_xspolicy(loadedpol, xsconstants.XS_INST_BOOT) 4.54 + 4.55 return (loadedpol, rc, errors) 4.56 4.57 try: 4.58 @@ -161,15 +174,11 @@ class XSPolicyAdmin: 4.59 return (acmpol, xsconstants.XSERR_SUCCESS, errors) 4.60 4.61 def make_boot_policy(self, acmpol): 4.62 - spolfile = acmpol.get_filename(".bin") 4.63 - dpolfile = "/boot/" + acmpol.get_filename(".bin","",dotted=True) 4.64 - if not os.path.isfile(spolfile): 4.65 - log.error("binary policy file does not exist.") 4.66 - return -xsconstants.XSERR_FILE_ERROR 4.67 - try: 4.68 - shutil.copyfile(spolfile, dpolfile) 4.69 - except: 4.70 - return -xsconstants.XSERR_FILE_ERROR 4.71 + if acmpol.is_default_policy(): 4.72 + return xsconstants.XSERR_SUCCESS 4.73 + rc = acmpol.copy_policy_file(".bin","/boot") 4.74 + if rc != xsconstants.XSERR_SUCCESS: 4.75 + return rc 4.76 4.77 try: 4.78 filename = acmpol.get_filename(".bin","",dotted=True) 4.79 @@ -231,7 +240,8 @@ class XSPolicyAdmin: 4.80 flags = 0 4.81 4.82 filename = acmpol.get_filename(".bin","", dotted=True) 4.83 - if bootloader.loads_default_policy(filename): 4.84 + if bootloader.loads_default_policy(filename) or \ 4.85 + acmpol.is_default_policy(): 4.86 flags |= xsconstants.XS_INST_BOOT 4.87 4.88 if acmpol.isloaded():
5.1 --- a/tools/python/xen/xm/setpolicy.py Wed Dec 05 09:44:20 2007 +0000 5.2 +++ b/tools/python/xen/xm/setpolicy.py Wed Dec 05 09:45:13 2007 +0000 5.3 @@ -25,6 +25,7 @@ import base64 5.4 import struct 5.5 import xen.util.xsm.xsm as security 5.6 from xen.util import xsconstants 5.7 +from xen.util.xsm.acm.acm import install_policy_dir_prefix 5.8 from xen.util.acmpolicy import ACMPolicy, \ 5.9 ACM_EVTCHN_SHARING_VIOLATION,\ 5.10 ACM_GNTTAB_SHARING_VIOLATION, \ 5.11 @@ -32,7 +33,6 @@ from xen.util.acmpolicy import ACMPolicy 5.12 ACM_CHWALL_CONFLICT, \ 5.13 ACM_SSIDREF_IN_USE 5.14 from xen.xm.opts import OptionError 5.15 -from xen.util.xsm.acm.acm import policy_dir_prefix 5.16 from xen.xm import main as xm_main 5.17 from xen.xm.getpolicy import getpolicy 5.18 from xen.xm.main import server 5.19 @@ -86,7 +86,7 @@ def setpolicy(policytype, policy_name, f 5.20 if policytype.upper() == xsconstants.ACM_POLICY_ID: 5.21 xs_type = xsconstants.XS_POLICY_ACM 5.22 5.23 - for prefix in [ './', policy_dir_prefix+"/" ]: 5.24 + for prefix in [ './', install_policy_dir_prefix+"/" ]: 5.25 policy_file = prefix + "/".join(policy_name.split(".")) + \ 5.26 "-security_policy.xml" 5.27 5.28 @@ -99,9 +99,12 @@ def setpolicy(policytype, policy_name, f 5.29 f.close() 5.30 except: 5.31 raise OptionError("Could not read policy file from current" 5.32 - " directory or '%s'." % policy_dir_prefix) 5.33 + " directory or '%s'." % 5.34 + install_policy_dir_prefix) 5.35 5.36 if xm_main.serverType == xm_main.SERVER_XEN_API: 5.37 + if xs_type != int(server.xenapi.XSPolicy.get_xstype()): 5.38 + raise security.XSMError("ACM policy type not supported.") 5.39 5.40 try: 5.41 policystate = server.xenapi.XSPolicy.set_xspolicy(xs_type, 5.42 @@ -124,6 +127,8 @@ def setpolicy(policytype, policy_name, f 5.43 getpolicy(False) 5.44 else: 5.45 # Non-Xen-API call. 5.46 + if xs_type != server.xend.security.get_xstype(): 5.47 + raise security.XSMError("ACM policy type not supported.") 5.48 5.49 rc, errors = server.xend.security.set_policy(xs_type, 5.50 xml,
6.1 --- a/tools/security/Makefile Wed Dec 05 09:44:20 2007 +0000 6.2 +++ b/tools/security/Makefile Wed Dec 05 09:45:13 2007 +0000 6.3 @@ -32,7 +32,7 @@ ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR 6.4 6.5 ACM_SCHEMA = security_policy.xsd 6.6 ACM_EXAMPLES = client_v1 test 6.7 -ACM_DEF_POLICIES = default default-ul 6.8 +ACM_DEF_POLICIES = DEFAULT-UL 6.9 ACM_POLICY_SUFFIX = security_policy.xml 6.10 6.11 ifeq ($(ACM_SECURITY),y)
7.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 7.2 +++ b/tools/security/policies/DEFAULT-UL-security_policy.xml Wed Dec 05 09:45:13 2007 +0000 7.3 @@ -0,0 +1,41 @@ 7.4 +<?xml version="1.0" ?> 7.5 +<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd"> 7.6 + <PolicyHeader> 7.7 + <PolicyName>DEFAULT-UL</PolicyName> 7.8 + <Version>1.0</Version> 7.9 + </PolicyHeader> 7.10 + <SimpleTypeEnforcement> 7.11 + <SimpleTypeEnforcementTypes> 7.12 + <Type>SystemManagement</Type> 7.13 + <Type>__UNLABELED__</Type> 7.14 + </SimpleTypeEnforcementTypes> 7.15 + </SimpleTypeEnforcement> 7.16 + <ChineseWall> 7.17 + <ChineseWallTypes> 7.18 + <Type>SystemManagement</Type> 7.19 + </ChineseWallTypes> 7.20 + </ChineseWall> 7.21 + <SecurityLabelTemplate> 7.22 + <SubjectLabels bootstrap="SystemManagement"> 7.23 + <VirtualMachineLabel> 7.24 + <Name>SystemManagement</Name> 7.25 + <SimpleTypeEnforcementTypes> 7.26 + <Type>SystemManagement</Type> 7.27 + <Type>__UNLABELED__</Type> 7.28 + </SimpleTypeEnforcementTypes> 7.29 + <ChineseWallTypes> 7.30 + <Type/> 7.31 + </ChineseWallTypes> 7.32 + </VirtualMachineLabel> 7.33 + <VirtualMachineLabel> 7.34 + <Name>__UNLABELED__</Name> 7.35 + <SimpleTypeEnforcementTypes> 7.36 + <Type>__UNLABELED__</Type> 7.37 + </SimpleTypeEnforcementTypes> 7.38 + <ChineseWallTypes> 7.39 + <Type/> 7.40 + </ChineseWallTypes> 7.41 + </VirtualMachineLabel> 7.42 + </SubjectLabels> 7.43 + </SecurityLabelTemplate> 7.44 +</SecurityPolicyDefinition>
8.1 --- a/tools/security/policies/default-security_policy.xml Wed Dec 05 09:44:20 2007 +0000 8.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 8.3 @@ -1,30 +0,0 @@ 8.4 -<?xml version="1.0" ?> 8.5 -<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd"> 8.6 - <PolicyHeader> 8.7 - <PolicyName>DEFAULT</PolicyName> 8.8 - <Version>1.0</Version> 8.9 - </PolicyHeader> 8.10 - <SimpleTypeEnforcement> 8.11 - <SimpleTypeEnforcementTypes> 8.12 - <Type>SystemManagement</Type> 8.13 - </SimpleTypeEnforcementTypes> 8.14 - </SimpleTypeEnforcement> 8.15 - <ChineseWall> 8.16 - <ChineseWallTypes> 8.17 - <Type>SystemManagement</Type> 8.18 - </ChineseWallTypes> 8.19 - </ChineseWall> 8.20 - <SecurityLabelTemplate> 8.21 - <SubjectLabels bootstrap="SystemManagement"> 8.22 - <VirtualMachineLabel> 8.23 - <Name>SystemManagement</Name> 8.24 - <SimpleTypeEnforcementTypes> 8.25 - <Type>SystemManagement</Type> 8.26 - </SimpleTypeEnforcementTypes> 8.27 - <ChineseWallTypes> 8.28 - <Type/> 8.29 - </ChineseWallTypes> 8.30 - </VirtualMachineLabel> 8.31 - </SubjectLabels> 8.32 - </SecurityLabelTemplate> 8.33 -</SecurityPolicyDefinition>
9.1 --- a/tools/security/policies/default-ul-security_policy.xml Wed Dec 05 09:44:20 2007 +0000 9.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 9.3 @@ -1,41 +0,0 @@ 9.4 -<?xml version="1.0" ?> 9.5 -<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd"> 9.6 - <PolicyHeader> 9.7 - <PolicyName>DEFAULT-UL</PolicyName> 9.8 - <Version>1.0</Version> 9.9 - </PolicyHeader> 9.10 - <SimpleTypeEnforcement> 9.11 - <SimpleTypeEnforcementTypes> 9.12 - <Type>SystemManagement</Type> 9.13 - <Type>__UNLABELED__</Type> 9.14 - </SimpleTypeEnforcementTypes> 9.15 - </SimpleTypeEnforcement> 9.16 - <ChineseWall> 9.17 - <ChineseWallTypes> 9.18 - <Type>SystemManagement</Type> 9.19 - </ChineseWallTypes> 9.20 - </ChineseWall> 9.21 - <SecurityLabelTemplate> 9.22 - <SubjectLabels bootstrap="SystemManagement"> 9.23 - <VirtualMachineLabel> 9.24 - <Name>SystemManagement</Name> 9.25 - <SimpleTypeEnforcementTypes> 9.26 - <Type>SystemManagement</Type> 9.27 - <Type>__UNLABELED__</Type> 9.28 - </SimpleTypeEnforcementTypes> 9.29 - <ChineseWallTypes> 9.30 - <Type/> 9.31 - </ChineseWallTypes> 9.32 - </VirtualMachineLabel> 9.33 - <VirtualMachineLabel> 9.34 - <Name>__UNLABELED__</Name> 9.35 - <SimpleTypeEnforcementTypes> 9.36 - <Type>__UNLABELED__</Type> 9.37 - </SimpleTypeEnforcementTypes> 9.38 - <ChineseWallTypes> 9.39 - <Type/> 9.40 - </ChineseWallTypes> 9.41 - </VirtualMachineLabel> 9.42 - </SubjectLabels> 9.43 - </SecurityLabelTemplate> 9.44 -</SecurityPolicyDefinition>