debuggers.hg
changeset 17568:931932f5fc6d
[Xend/ACM] Embed the policy schema in the python file
This patch embeds the ACM policy's schema in the python file where the
schema is being accessed for verifying the policy XML. This way also
programs that cannot access a protected directory where the schema may
be located in can use this class.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
This patch embeds the ACM policy's schema in the python file where the
schema is being accessed for verifying the policy XML. This way also
programs that cannot access a protected directory where the schema may
be located in can use this class.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
| author | Keir Fraser <keir.fraser@citrix.com> |
|---|---|
| date | Thu May 01 09:55:06 2008 +0100 (2008-05-01) |
| parents | 2ab9f85f221f |
| children | 2cf9a8736bab |
| files | tools/python/xen/util/acmpolicy.py |
line diff
1.1 --- a/tools/python/xen/util/acmpolicy.py Thu May 01 09:53:26 2008 +0100 1.2 +++ b/tools/python/xen/util/acmpolicy.py Thu May 01 09:55:06 2008 +0100 1.3 @@ -49,8 +49,6 @@ ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY = 2 1.4 ACM_POLICY_UNDEFINED = 15 1.5 1.6 1.7 -ACM_SCHEMA_FILE = ACM_POLICIES_DIR + "security_policy.xsd" 1.8 - 1.9 ACM_LABEL_UNLABELED = "__UNLABELED__" 1.10 ACM_LABEL_UNLABELED_DISPLAY = "unlabeled" 1.11 1.12 @@ -118,6 +116,153 @@ DEFAULT_policy = \ 1.13 " </SecurityLabelTemplate>\n" +\ 1.14 "</SecurityPolicyDefinition>\n" 1.15 1.16 +ACM_SCHEMA="""<?xml version="1.0" encoding="UTF-8"?> 1.17 +<!-- Author: Ray Valdez, Reiner Sailer {rvaldez,sailer}@us.ibm.com --> 1.18 +<!-- This file defines the schema, which is used to define --> 1.19 +<!-- the security policy and the security labels in Xen. --> 1.20 + 1.21 +<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.ibm.com" xmlns="http://www.ibm.com" elementFormDefault="qualified"> 1.22 + <xsd:element name="SecurityPolicyDefinition"> 1.23 + <xsd:complexType> 1.24 + <xsd:sequence> 1.25 + <xsd:element ref="PolicyHeader" minOccurs="1" maxOccurs="1"></xsd:element> 1.26 + <xsd:element ref="SimpleTypeEnforcement" minOccurs="0" maxOccurs="1"></xsd:element> 1.27 + <xsd:element ref="ChineseWall" minOccurs="0" maxOccurs="1"></xsd:element> 1.28 + <xsd:element ref="SecurityLabelTemplate" minOccurs="1" maxOccurs="1"></xsd:element> 1.29 + </xsd:sequence> 1.30 + </xsd:complexType> 1.31 + </xsd:element> 1.32 + <xsd:element name="PolicyHeader"> 1.33 + <xsd:complexType> 1.34 + <xsd:sequence> 1.35 + <xsd:element name="PolicyName" minOccurs="1" maxOccurs="1" type="xsd:string"></xsd:element> 1.36 + <xsd:element name="PolicyUrl" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element> 1.37 + <xsd:element name="Reference" type="xsd:string" minOccurs="0" maxOccurs="1" /> 1.38 + <xsd:element name="Date" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element> 1.39 + <xsd:element name="NameSpaceUrl" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element> 1.40 + <xsd:element name="Version" minOccurs="1" maxOccurs="1" type="VersionFormat"/> 1.41 + <xsd:element ref="FromPolicy" minOccurs="0" maxOccurs="1"/> 1.42 + </xsd:sequence> 1.43 + </xsd:complexType> 1.44 + </xsd:element> 1.45 + <xsd:element name="ChineseWall"> 1.46 + <xsd:complexType> 1.47 + <xsd:sequence> 1.48 + <xsd:element ref="ChineseWallTypes" minOccurs="1" maxOccurs="1" /> 1.49 + <xsd:element ref="ConflictSets" minOccurs="0" maxOccurs="1" /> 1.50 + </xsd:sequence> 1.51 + <xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute> 1.52 + </xsd:complexType> 1.53 + </xsd:element> 1.54 + <xsd:element name="SimpleTypeEnforcement"> 1.55 + <xsd:complexType> 1.56 + <xsd:sequence> 1.57 + <xsd:element ref="SimpleTypeEnforcementTypes" /> 1.58 + </xsd:sequence> 1.59 + <xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute> 1.60 + </xsd:complexType> 1.61 + </xsd:element> 1.62 + <xsd:element name="SecurityLabelTemplate"> 1.63 + <xsd:complexType> 1.64 + <xsd:sequence> 1.65 + <xsd:element name="SubjectLabels" minOccurs="0" maxOccurs="1"> 1.66 + <xsd:complexType> 1.67 + <xsd:sequence> 1.68 + <xsd:element ref="VirtualMachineLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element> 1.69 + </xsd:sequence> 1.70 + <xsd:attribute name="bootstrap" type="xsd:string" use="required"></xsd:attribute> 1.71 + </xsd:complexType> 1.72 + </xsd:element> 1.73 + <xsd:element name="ObjectLabels" minOccurs="0" maxOccurs="1"> 1.74 + <xsd:complexType> 1.75 + <xsd:sequence> 1.76 + <xsd:element ref="ResourceLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element> 1.77 + </xsd:sequence> 1.78 + </xsd:complexType> 1.79 + </xsd:element> 1.80 + </xsd:sequence> 1.81 + </xsd:complexType> 1.82 + </xsd:element> 1.83 + <xsd:element name="ChineseWallTypes"> 1.84 + <xsd:complexType> 1.85 + <xsd:sequence> 1.86 + <xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" /> 1.87 + </xsd:sequence> 1.88 + </xsd:complexType> 1.89 + </xsd:element> 1.90 + <xsd:element name="ConflictSets"> 1.91 + <xsd:complexType> 1.92 + <xsd:sequence> 1.93 + <xsd:element maxOccurs="unbounded" minOccurs="1" ref="Conflict" /> 1.94 + </xsd:sequence> 1.95 + </xsd:complexType> 1.96 + </xsd:element> 1.97 + <xsd:element name="SimpleTypeEnforcementTypes"> 1.98 + <xsd:complexType> 1.99 + <xsd:sequence> 1.100 + <xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" /> 1.101 + </xsd:sequence> 1.102 + </xsd:complexType> 1.103 + </xsd:element> 1.104 + <xsd:element name="Conflict"> 1.105 + <xsd:complexType> 1.106 + <xsd:sequence> 1.107 + <xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" /> 1.108 + </xsd:sequence> 1.109 + <xsd:attribute name="name" type="xsd:string" use="required"></xsd:attribute> 1.110 + </xsd:complexType> 1.111 + </xsd:element> 1.112 + <xsd:element name="VirtualMachineLabel"> 1.113 + <xsd:complexType> 1.114 + <xsd:sequence> 1.115 + <xsd:element name="Name" type="NameWithFrom"></xsd:element> 1.116 + <xsd:element ref="SimpleTypeEnforcementTypes" minOccurs="0" maxOccurs="unbounded" /> 1.117 + <xsd:element ref="ChineseWallTypes" minOccurs="0" maxOccurs="unbounded" /> 1.118 + </xsd:sequence> 1.119 + </xsd:complexType> 1.120 + </xsd:element> 1.121 + <xsd:element name="ResourceLabel"> 1.122 + <xsd:complexType> 1.123 + <xsd:sequence> 1.124 + <xsd:element name="Name" type="NameWithFrom"></xsd:element> 1.125 + <xsd:element name="SimpleTypeEnforcementTypes" type="SingleSimpleTypeEnforcementType" /> 1.126 + </xsd:sequence> 1.127 + </xsd:complexType> 1.128 + </xsd:element> 1.129 + <xsd:element name="Name" type="xsd:string" /> 1.130 + <xsd:element name="Type" type="xsd:string" /> 1.131 + <xsd:simpleType name="PolicyOrder"> 1.132 + <xsd:restriction base="xsd:string"> 1.133 + <xsd:enumeration value="PrimaryPolicyComponent"></xsd:enumeration> 1.134 + </xsd:restriction> 1.135 + </xsd:simpleType> 1.136 + <xsd:element name="FromPolicy"> 1.137 + <xsd:complexType> 1.138 + <xsd:sequence> 1.139 + <xsd:element name="PolicyName" minOccurs="1" maxOccurs="1" type="xsd:string"/> 1.140 + <xsd:element name="Version" minOccurs="1" maxOccurs="1" type="VersionFormat"/> 1.141 + </xsd:sequence> 1.142 + </xsd:complexType> 1.143 + </xsd:element> 1.144 + <xsd:simpleType name="VersionFormat"> 1.145 + <xsd:restriction base="xsd:string"> 1.146 + <xsd:pattern value="[0-9]{1,8}.[0-9]{1,8}"></xsd:pattern> 1.147 + </xsd:restriction> 1.148 + </xsd:simpleType> 1.149 + <xsd:complexType name="NameWithFrom"> 1.150 + <xsd:simpleContent> 1.151 + <xsd:extension base="xsd:string"> 1.152 + <xsd:attribute name="from" type="xsd:string" use="optional"></xsd:attribute> 1.153 + </xsd:extension> 1.154 + </xsd:simpleContent> 1.155 + </xsd:complexType> 1.156 + <xsd:complexType name="SingleSimpleTypeEnforcementType"> 1.157 + <xsd:sequence> 1.158 + <xsd:element maxOccurs="1" minOccurs="1" ref="Type" /> 1.159 + </xsd:sequence> 1.160 + </xsd:complexType> 1.161 +</xsd:schema>""" 1.162 + 1.163 1.164 def get_DEFAULT_policy(dom0label=""): 1.165 fromnode = "" 1.166 @@ -133,18 +278,7 @@ def initialize(): 1.167 1.168 instdir = security.install_policy_dir_prefix 1.169 DEF_policy_file = "DEFAULT-security_policy.xml" 1.170 - xsd_file = "security_policy.xsd" 1.171 1.172 - files = [ xsd_file ] 1.173 - 1.174 - for file in files: 1.175 - if not os.path.isfile(policiesdir + "/" + file ): 1.176 - try: 1.177 - shutil.copyfile(instdir + "/" + file, 1.178 - policiesdir + "/" + file) 1.179 - except Exception, e: 1.180 - log.info("could not copy '%s': %s" % 1.181 - (file, str(e))) 1.182 #Install default policy. 1.183 f = open(policiesdir + "/" + DEF_policy_file, 'w') 1.184 if f: 1.185 @@ -219,7 +353,8 @@ class ACMPolicy(XSPolicy): 1.186 log.warn("Libxml2 python-wrapper is not installed on the system.") 1.187 return xsconstants.XSERR_SUCCESS 1.188 try: 1.189 - parserctxt = libxml2.schemaNewParserCtxt(ACM_SCHEMA_FILE) 1.190 + parserctxt = libxml2.schemaNewMemParserCtxt(ACM_SCHEMA, 1.191 + len(ACM_SCHEMA)) 1.192 schemaparser = parserctxt.schemaParse() 1.193 valid = schemaparser.schemaNewValidCtxt() 1.194 doc = libxml2.parseDoc(self.toxml())