From mboxrd@z Thu Jan  1 00:00:00 1970
From: Reiner Sailer <sailer@us.ibm.com>
Subject: [Patch 1 / 8][ACM] - name and simplify security policies
Date: Tue, 11 Apr 2006 22:26:42 -0400
Message-ID: <443C6562.20708@us.ibm.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------070306050800030708080606"
Return-path: <xen-devel-bounces@lists.xensource.com>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: xen-devel@lists.xensource.com
Cc: sailer@us.ibm.com
List-Id: xen-devel@lists.xenproject.org

This is a multi-part message in MIME format.
--------------070306050800030708080606
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

This patch adds a policy name to the policy definition. This policy name 
must be unique and must change if the content of the file changes. The 
policy name is used to ensure that the XM tools and the hypervisor work 
on the same policy, i.e., interpret the security information on domains 
consistently. This patch also simplifies the policy management by moving 
policy and labels into a single file.

Signed-off by: Reiner Sailer <sailer@us.ibm.com>

--------------070306050800030708080606
Content-Type: text/plain;
 name="patch1_acm_policies.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="patch1_acm_policies.diff"


---
 tools/security/policies/chwall/chwall-security_label_template.xml         |   76 ---
 tools/security/policies/chwall/chwall-security_policy.xml                 |   36 -
 tools/security/policies/chwall_ste/chwall_ste-security_label_template.xml |  167 --------
 tools/security/policies/chwall_ste/chwall_ste-security_policy.xml         |   49 --
 tools/security/policies/null/null-security_label_template.xml             |   24 -
 tools/security/policies/null/null-security_policy.xml                     |   14 
 tools/security/policies/ste/ste-security_label_template.xml               |  143 -------
 tools/security/policies/ste/ste-security_policy.xml                       |   27 -
 tools/security/policies/example/chwall/client_v1-security_policy.xml      |   90 ++++
 tools/security/policies/example/chwall_ste/client_v1-security_policy.xml  |  194 ++++++++++
 tools/security/policies/example/ste/client_v1-security_policy.xml         |  149 +++++++
 tools/security/policies/security_policy.xsd                               |   75 +--
 12 files changed, 461 insertions(+), 583 deletions(-)

Index: xen-unstable.hg-shype/tools/security/policies/chwall/chwall-security_label_template.xml
===================================================================
--- xen-unstable.hg-shype.orig/tools/security/policies/chwall/chwall-security_label_template.xml
+++ /dev/null
@@ -1,76 +0,0 @@
-<?xml version="1.0"?>
-<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
-<!--              This file defines the security labels, which can  -->
-<!--              be attached to Domains and resources. Based on    -->
-<!--              these labels, the access control module decides   -->
-<!--              about sharing between Domains and about access    -->
-<!--              of Domains to real resources.                     -->
-
-<SecurityLabelTemplate
- xmlns="http://www.ibm.com"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
-   <LabelHeader>
-      <Name>chwall-security_label_template</Name>
-      <Date>2005-08-10</Date>
-      <PolicyName>
-         <Url>chwall-security_policy.xml</Url>
-         <Reference>abcdef123456abcdef</Reference>
-      </PolicyName>
-   </LabelHeader>
-
-   <SubjectLabels bootstrap="dom_SystemManagement">
-      <!-- single ste typed domains            -->
-      <!-- ACM enforces that only domains with -->
-      <!-- the same type can share information -->
-      <!--                                     -->
-      <!-- Bootstrap label is assigned to Dom0 -->
-      <VirtualMachineLabel>
-      	<Name>dom_HomeBanking</Name>
-         <ChineseWallTypes>
-            <Type>cw_Sensitive</Type>
-         </ChineseWallTypes>
-      </VirtualMachineLabel>
-
-      <VirtualMachineLabel>
-      	<Name>dom_Fun</Name>
-         <ChineseWallTypes>
-            <Type>cw_Distrusted</Type>
-         </ChineseWallTypes>
-      </VirtualMachineLabel>
-
-      <VirtualMachineLabel>
-        <!-- donating some cycles to seti@home -->
-      	<Name>dom_BoincClient</Name>
-         <ChineseWallTypes>
-            <Type>cw_Isolated</Type>
-         </ChineseWallTypes>
-      </VirtualMachineLabel>
-
-      <!-- Domains with multiple ste types services; such domains   -->
-      <!-- must keep the types inside their domain safely confined. -->
-      <VirtualMachineLabel>
-      	<Name>dom_SystemManagement</Name>
-         <ChineseWallTypes>
-            <Type>cw_SystemManagement</Type>
-         </ChineseWallTypes>
-      </VirtualMachineLabel>
-
-      <VirtualMachineLabel>
-        <!-- serves persistent storage to other domains -->
-      	<Name>dom_StorageDomain</Name>
-         <ChineseWallTypes>
-            <Type>cw_SystemManagement</Type>
-         </ChineseWallTypes>
-      </VirtualMachineLabel>
-
-      <VirtualMachineLabel>
-        <!-- serves network access to other domains -->
-      	<Name>dom_NetworkDomain</Name>
-         <ChineseWallTypes>
-            <Type>cw_SystemManagement</Type>
-         </ChineseWallTypes>
-      </VirtualMachineLabel>
-   </SubjectLabels>
-</SecurityLabelTemplate>
-
Index: xen-unstable.hg-shype/tools/security/policies/chwall/chwall-security_policy.xml
===================================================================
--- xen-unstable.hg-shype.orig/tools/security/policies/chwall/chwall-security_policy.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
-<!--             This file defines the security policies, which     -->
-<!--             can be enforced by the Xen Access Control Module.  -->
-<!--             Currently: Chinese Wall and Simple Type Enforcement-->
-<SecurityPolicyDefinition xmlns="http://www.ibm.com"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
-<PolicyHeader>
-		<Name>chwall-security_policy</Name>
-		<Date>2005-08-10</Date>
-</PolicyHeader>
-<!--                                             -->
-<!-- example of a chinese wall type definition   -->
-<!-- along with its conflict sets                -->
-<!-- (typse in a confict set are exclusive, i.e. -->
-<!--  once a Domain with one type of a set is    -->
-<!--  running, no other Domain with another type -->
-<!--  of the same conflict set can start.)       -->
-	<ChineseWall priority="PrimaryPolicyComponent">
-        <ChineseWallTypes>
-            <Type>cw_SystemManagement</Type>
-            <Type>cw_Sensitive</Type>
-            <Type>cw_Isolated</Type>
-            <Type>cw_Distrusted</Type>
-        </ChineseWallTypes>
-
-        <ConflictSets>
-        <Conflict name="Protection1">
-            <Type>cw_Sensitive</Type>
-            <Type>cw_Distrusted</Type>
-        </Conflict>
-        </ConflictSets>
-	</ChineseWall>
-</SecurityPolicyDefinition>
-
Index: xen-unstable.hg-shype/tools/security/policies/chwall_ste/chwall_ste-security_label_template.xml
===================================================================
--- xen-unstable.hg-shype.orig/tools/security/policies/chwall_ste/chwall_ste-security_label_template.xml
+++ /dev/null
@@ -1,167 +0,0 @@
-<?xml version="1.0"?>
-<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
-<!--              This file defines the security labels, which can  -->
-<!--              be attached to Domains and resources. Based on    -->
-<!--              these labels, the access control module decides   -->
-<!--              about sharing between Domains and about access    -->
-<!--              of Domains to real resources.                     -->
-
-<SecurityLabelTemplate
- xmlns="http://www.ibm.com"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
-   <LabelHeader>
-      <Name>chwall_ste-security_label_template</Name>
-      <Date>2005-08-10</Date>
-      <PolicyName>
-         <Url>chwall_ste-security_policy.xml</Url>
-         <Reference>abcdef123456abcdef</Reference>
-      </PolicyName>
-   </LabelHeader>
-
-   <SubjectLabels bootstrap="dom_SystemManagement">
-      <!-- single ste typed domains            -->
-      <!-- ACM enforces that only domains with -->
-      <!-- the same type can share information -->
-      <!--                                     -->
-      <!-- Bootstrap label is assigned to Dom0 -->
-      <VirtualMachineLabel>
-      	<Name>dom_HomeBanking</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_PersonalFinances</Type>
-         </SimpleTypeEnforcementTypes>
-
-         <ChineseWallTypes>
-            <Type>cw_Sensitive</Type>
-         </ChineseWallTypes>
-      </VirtualMachineLabel>
-
-      <VirtualMachineLabel>
-      	<Name>dom_Fun</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_InternetInsecure</Type>
-         </SimpleTypeEnforcementTypes>
-
-         <ChineseWallTypes>
-            <Type>cw_Distrusted</Type>
-         </ChineseWallTypes>
-      </VirtualMachineLabel>
-
-      <VirtualMachineLabel>
-        <!-- donating some cycles to seti@home -->
-      	<Name>dom_BoincClient</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_DonatedCycles</Type>
-         </SimpleTypeEnforcementTypes>
-
-         <ChineseWallTypes>
-            <Type>cw_Isolated</Type>
-         </ChineseWallTypes>
-      </VirtualMachineLabel>
-
-      <!-- Domains with multiple ste types services; such domains   -->
-      <!-- must keep the types inside their domain safely confined. -->
-      <VirtualMachineLabel>
-      	<Name>dom_SystemManagement</Name>
-         <SimpleTypeEnforcementTypes>
-            <!-- since dom0 needs access to every domain and -->
-            <!-- resource right now ... -->
-            <Type>ste_SystemManagement</Type>
-            <Type>ste_PersonalFinances</Type>
-            <Type>ste_InternetInsecure</Type>
-            <Type>ste_DonatedCycles</Type>
-            <Type>ste_PersistentStorageA</Type>
-            <Type>ste_NetworkAdapter0</Type>
-         </SimpleTypeEnforcementTypes>
-
-         <ChineseWallTypes>
-            <Type>cw_SystemManagement</Type>
-         </ChineseWallTypes>
-      </VirtualMachineLabel>
-
-      <VirtualMachineLabel>
-        <!-- serves persistent storage to other domains -->
-      	<Name>dom_StorageDomain</Name>
-         <SimpleTypeEnforcementTypes>
-            <!-- access right to the resource (hard drive a) -->
-            <Type>ste_PersistentStorageA</Type>
-            <!-- can serve following types -->
-            <Type>ste_PersonalFinances</Type>
-            <Type>ste_InternetInsecure</Type>
-         </SimpleTypeEnforcementTypes>
-
-         <ChineseWallTypes>
-            <Type>cw_SystemManagement</Type>
-         </ChineseWallTypes>
-      </VirtualMachineLabel>
-
-      <VirtualMachineLabel>
-        <!-- serves network access to other domains -->
-      	<Name>dom_NetworkDomain</Name>
-         <SimpleTypeEnforcementTypes>
-            <!-- access right to the resource (ethernet card) -->
-            <Type>ste_NetworkAdapter0</Type>
-            <!-- can serve following types -->
-            <Type>ste_PersonalFinances</Type>
-            <Type>ste_InternetInsecure</Type>
-            <Type>ste_DonatedCycles</Type>
-         </SimpleTypeEnforcementTypes>
-
-         <ChineseWallTypes>
-            <Type>cw_SystemManagement</Type>
-         </ChineseWallTypes>
-      </VirtualMachineLabel>
-   </SubjectLabels>
-
-   <ObjectLabels>
-      <ResourceLabel>
-      	<Name>res_ManagementResource</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_SystemManagement</Type>
-         </SimpleTypeEnforcementTypes>
-      </ResourceLabel>
-
-      <ResourceLabel>
-      	<Name>res_HardDrive (hda)</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_PersistentStorageA</Type>
-         </SimpleTypeEnforcementTypes>
-      </ResourceLabel>
-
-      <ResourceLabel>
-      	<Name>res_LogicalDiskPartition1 (hda1)</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_PersonalFinances</Type>
-         </SimpleTypeEnforcementTypes>
-      </ResourceLabel>
-
-      <ResourceLabel>
-      	<Name>res_LogicalDiskPartition2 (hda2)</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_InternetInsecure</Type>
-         </SimpleTypeEnforcementTypes>
-      </ResourceLabel>
-
-      <ResourceLabel>
-      	<Name>res_EthernetCard</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_NetworkAdapter0</Type>
-         </SimpleTypeEnforcementTypes>
-      </ResourceLabel>
-
-      <ResourceLabel>
-      	<Name>res_SecurityToken</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_PersonalFinances</Type>
-         </SimpleTypeEnforcementTypes>
-      </ResourceLabel>
-
-      <ResourceLabel>
-      	<Name>res_GraphicsAdapter</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_SystemManagement</Type>
-         </SimpleTypeEnforcementTypes>
-      </ResourceLabel>
-   </ObjectLabels>
-</SecurityLabelTemplate>
-
Index: xen-unstable.hg-shype/tools/security/policies/chwall_ste/chwall_ste-security_policy.xml
===================================================================
--- xen-unstable.hg-shype.orig/tools/security/policies/chwall_ste/chwall_ste-security_policy.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
-<!--             This file defines the security policies, which     -->
-<!--             can be enforced by the Xen Access Control Module.  -->
-<!--             Currently: Chinese Wall and Simple Type Enforcement-->
-<SecurityPolicyDefinition xmlns="http://www.ibm.com"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
-<PolicyHeader>
-		<Name>chwall_ste-security_policy</Name>
-		<Date>2005-08-10</Date>
-</PolicyHeader>
-<!--                                                        -->
-<!-- example of a simple type enforcement policy definition -->
-<!--                                                        -->
-	<SimpleTypeEnforcement>
-        <SimpleTypeEnforcementTypes>
-            <Type>ste_SystemManagement</Type>   <!-- machine/security management -->
-            <Type>ste_PersonalFinances</Type>   <!-- personal finances -->
-            <Type>ste_InternetInsecure</Type>   <!-- games, active X, etc. -->
-            <Type>ste_DonatedCycles</Type>      <!-- donation to BOINC/seti@home -->
-            <Type>ste_PersistentStorageA</Type> <!-- domain managing the harddrive A-->
-            <Type>ste_NetworkAdapter0</Type>    <!-- type of the domain managing ethernet adapter 0-->
-        </SimpleTypeEnforcementTypes>
-	</SimpleTypeEnforcement>
-<!--                                             -->
-<!-- example of a chinese wall type definition   -->
-<!-- along with its conflict sets                -->
-<!-- (typse in a confict set are exclusive, i.e. -->
-<!--  once a Domain with one type of a set is    -->
-<!--  running, no other Domain with another type -->
-<!--  of the same conflict set can start.)       -->
-	<ChineseWall priority="PrimaryPolicyComponent">
-        <ChineseWallTypes>
-            <Type>cw_SystemManagement</Type>
-            <Type>cw_Sensitive</Type>
-            <Type>cw_Isolated</Type>
-            <Type>cw_Distrusted</Type>
-        </ChineseWallTypes>
-
-        <ConflictSets>
-        <Conflict name="Protection1">
-            <Type>cw_Sensitive</Type>
-            <Type>cw_Distrusted</Type>
-        </Conflict>
-        </ConflictSets>
-	</ChineseWall>
-</SecurityPolicyDefinition>
-
Index: xen-unstable.hg-shype/tools/security/policies/example/chwall/client_v1-security_policy.xml
===================================================================
--- /dev/null
+++ xen-unstable.hg-shype/tools/security/policies/example/chwall/client_v1-security_policy.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
+<!--             This file defines the security policies, which     -->
+<!--             can be enforced by the Xen Access Control Module.  -->
+<!--             Currently: Chinese Wall and Simple Type Enforcement-->
+<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd ">
+	<PolicyHeader>
+		<PolicyName>example.chwall.client_v1</PolicyName>
+		<PolicyUrl>www.ibm.com/example/chwall/client_v1</PolicyUrl>
+		<Date>2006-03-31</Date>
+	</PolicyHeader>
+	<!--                                             -->
+	<!-- example of a chinese wall type definition   -->
+	<!-- along with its conflict sets                -->
+	<!-- (typse in a confict set are exclusive, i.e. -->
+	<!--  once a Domain with one type of a set is    -->
+	<!--  running, no other Domain with another type -->
+	<!--  of the same conflict set can start.)       -->
+	<ChineseWall priority="PrimaryPolicyComponent">
+		<ChineseWallTypes>
+			<Type>cw_SystemManagement</Type>
+			<Type>cw_Sensitive</Type>
+			<Type>cw_Isolated</Type>
+			<Type>cw_Distrusted</Type>
+		</ChineseWallTypes>
+		<ConflictSets>
+			<Conflict name="Protection1">
+				<Type>cw_Sensitive</Type>
+				<Type>cw_Distrusted</Type>
+			</Conflict>
+		</ConflictSets>
+	</ChineseWall>
+	<SecurityLabelTemplate>
+		<SubjectLabels bootstrap="dom_SystemManagement">
+			<!-- single ste typed domains            -->
+			<!-- ACM enforces that only domains with -->
+			<!-- the same type can share information -->
+			<!--                                     -->
+			<!-- Bootstrap label is assigned to Dom0 -->
+			<VirtualMachineLabel>
+				<Name>dom_HomeBanking</Name>
+				<ChineseWallTypes>
+					<Type>cw_Sensitive</Type>
+				</ChineseWallTypes>
+			</VirtualMachineLabel>
+
+			<VirtualMachineLabel>
+				<Name>dom_Fun</Name>
+				<ChineseWallTypes>
+					<Type>cw_Distrusted</Type>
+				</ChineseWallTypes>
+			</VirtualMachineLabel>
+
+			<VirtualMachineLabel>
+				<!-- donating some cycles to seti@home -->
+				<Name>dom_BoincClient</Name>
+				<ChineseWallTypes>
+					<Type>cw_Isolated</Type>
+				</ChineseWallTypes>
+			</VirtualMachineLabel>
+
+			<!-- Domains with multiple ste types services; such domains   -->
+			<!-- must keep the types inside their domain safely confined. -->
+			<VirtualMachineLabel>
+				<Name>dom_SystemManagement</Name>
+				<ChineseWallTypes>
+					<Type>cw_SystemManagement</Type>
+				</ChineseWallTypes>
+			</VirtualMachineLabel>
+
+			<VirtualMachineLabel>
+				<!-- serves persistent storage to other domains -->
+				<Name>dom_StorageDomain</Name>
+				<ChineseWallTypes>
+					<Type>cw_SystemManagement</Type>
+				</ChineseWallTypes>
+			</VirtualMachineLabel>
+
+			<VirtualMachineLabel>
+				<!-- serves network access to other domains -->
+				<Name>dom_NetworkDomain</Name>
+				<ChineseWallTypes>
+					<Type>cw_SystemManagement</Type>
+				</ChineseWallTypes>
+			</VirtualMachineLabel>
+		</SubjectLabels>
+	</SecurityLabelTemplate>
+
+</SecurityPolicyDefinition>
+
Index: xen-unstable.hg-shype/tools/security/policies/example/chwall_ste/client_v1-security_policy.xml
===================================================================
--- /dev/null
+++ xen-unstable.hg-shype/tools/security/policies/example/chwall_ste/client_v1-security_policy.xml
@@ -0,0 +1,194 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
+<!--             This file defines the security policies, which     -->
+<!--             can be enforced by the Xen Access Control Module.  -->
+<!--             Currently: Chinese Wall and Simple Type Enforcement-->
+<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd ">
+	<PolicyHeader>
+		<PolicyName>example.chwall_ste.client_v1</PolicyName>
+		<PolicyUrl>www.ibm.com/example/chwall_ste/client_v1</PolicyUrl>
+		<Date>2006-03-31</Date>
+	</PolicyHeader>
+	<!--                                                        -->
+	<!-- example of a simple type enforcement policy definition -->
+	<!--                                                        -->
+	<SimpleTypeEnforcement>
+		<SimpleTypeEnforcementTypes>
+			<Type>ste_SystemManagement</Type><!-- machine/security management -->
+			<Type>ste_PersonalFinances</Type><!-- personal finances -->
+			<Type>ste_InternetInsecure</Type><!-- games, active X, etc. -->
+			<Type>ste_DonatedCycles</Type><!-- donation to BOINC/seti@home -->
+			<Type>ste_PersistentStorageA</Type><!-- domain managing the harddrive A-->
+			<Type>ste_NetworkAdapter0</Type><!-- type of the domain managing ethernet adapter 0-->
+		</SimpleTypeEnforcementTypes>
+	</SimpleTypeEnforcement>
+	<!--                                             -->
+	<!-- example of a chinese wall type definition   -->
+	<!-- along with its conflict sets                -->
+	<!-- (typse in a confict set are exclusive, i.e. -->
+	<!--  once a Domain with one type of a set is    -->
+	<!--  running, no other Domain with another type -->
+	<!--  of the same conflict set can start.)       -->
+	<ChineseWall priority="PrimaryPolicyComponent">
+		<ChineseWallTypes>
+			<Type>cw_SystemManagement</Type>
+			<Type>cw_Sensitive</Type>
+			<Type>cw_Isolated</Type>
+			<Type>cw_Distrusted</Type>
+		</ChineseWallTypes>
+
+		<ConflictSets>
+			<Conflict name="Protection1">
+				<Type>cw_Sensitive</Type>
+				<Type>cw_Distrusted</Type>
+			</Conflict>
+		</ConflictSets>
+	</ChineseWall>
+	<SecurityLabelTemplate>
+		<SubjectLabels bootstrap="dom_SystemManagement">
+			<!-- single ste typed domains            -->
+			<!-- ACM enforces that only domains with -->
+			<!-- the same type can share information -->
+			<!--                                     -->
+			<!-- Bootstrap label is assigned to Dom0 -->
+			<VirtualMachineLabel>
+				<Name>dom_HomeBanking</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_PersonalFinances</Type>
+				</SimpleTypeEnforcementTypes>
+
+				<ChineseWallTypes>
+					<Type>cw_Sensitive</Type>
+				</ChineseWallTypes>
+			</VirtualMachineLabel>
+
+			<VirtualMachineLabel>
+				<Name>dom_Fun</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_InternetInsecure</Type>
+				</SimpleTypeEnforcementTypes>
+
+				<ChineseWallTypes>
+					<Type>cw_Distrusted</Type>
+				</ChineseWallTypes>
+			</VirtualMachineLabel>
+
+			<VirtualMachineLabel>
+				<!-- donating some cycles to seti@home -->
+				<Name>dom_BoincClient</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_DonatedCycles</Type>
+				</SimpleTypeEnforcementTypes>
+
+				<ChineseWallTypes>
+					<Type>cw_Isolated</Type>
+				</ChineseWallTypes>
+			</VirtualMachineLabel>
+
+			<!-- Domains with multiple ste types services; such domains   -->
+			<!-- must keep the types inside their domain safely confined. -->
+			<VirtualMachineLabel>
+				<Name>dom_SystemManagement</Name>
+				<SimpleTypeEnforcementTypes>
+					<!-- since dom0 needs access to every domain and -->
+					<!-- resource right now ... -->
+					<Type>ste_SystemManagement</Type>
+					<Type>ste_PersonalFinances</Type>
+					<Type>ste_InternetInsecure</Type>
+					<Type>ste_DonatedCycles</Type>
+					<Type>ste_PersistentStorageA</Type>
+					<Type>ste_NetworkAdapter0</Type>
+				</SimpleTypeEnforcementTypes>
+
+				<ChineseWallTypes>
+					<Type>cw_SystemManagement</Type>
+				</ChineseWallTypes>
+			</VirtualMachineLabel>
+
+			<VirtualMachineLabel>
+				<!-- serves persistent storage to other domains -->
+				<Name>dom_StorageDomain</Name>
+				<SimpleTypeEnforcementTypes>
+					<!-- access right to the resource (hard drive a) -->
+					<Type>ste_PersistentStorageA</Type>
+					<!-- can serve following types -->
+					<Type>ste_PersonalFinances</Type>
+					<Type>ste_InternetInsecure</Type>
+				</SimpleTypeEnforcementTypes>
+
+				<ChineseWallTypes>
+					<Type>cw_SystemManagement</Type>
+				</ChineseWallTypes>
+			</VirtualMachineLabel>
+
+			<VirtualMachineLabel>
+				<!-- serves network access to other domains -->
+				<Name>dom_NetworkDomain</Name>
+				<SimpleTypeEnforcementTypes>
+					<!-- access right to the resource (ethernet card) -->
+					<Type>ste_NetworkAdapter0</Type>
+					<!-- can serve following types -->
+					<Type>ste_PersonalFinances</Type>
+					<Type>ste_InternetInsecure</Type>
+					<Type>ste_DonatedCycles</Type>
+				</SimpleTypeEnforcementTypes>
+
+				<ChineseWallTypes>
+					<Type>cw_SystemManagement</Type>
+				</ChineseWallTypes>
+			</VirtualMachineLabel>
+		</SubjectLabels>
+
+		<ObjectLabels>
+			<ResourceLabel>
+				<Name>res_ManagementResource</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_SystemManagement</Type>
+				</SimpleTypeEnforcementTypes>
+			</ResourceLabel>
+
+			<ResourceLabel>
+				<Name>res_HardDrive(hda)</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_PersistentStorageA</Type>
+				</SimpleTypeEnforcementTypes>
+			</ResourceLabel>
+
+			<ResourceLabel>
+				<Name>res_LogicalDiskPartition1(hda1)</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_PersonalFinances</Type>
+				</SimpleTypeEnforcementTypes>
+			</ResourceLabel>
+
+			<ResourceLabel>
+				<Name>res_LogicalDiskPartition2(hda2)</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_InternetInsecure</Type>
+				</SimpleTypeEnforcementTypes>
+			</ResourceLabel>
+
+			<ResourceLabel>
+				<Name>res_EthernetCard</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_NetworkAdapter0</Type>
+				</SimpleTypeEnforcementTypes>
+			</ResourceLabel>
+
+			<ResourceLabel>
+				<Name>res_SecurityToken</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_PersonalFinances</Type>
+				</SimpleTypeEnforcementTypes>
+			</ResourceLabel>
+
+			<ResourceLabel>
+				<Name>res_GraphicsAdapter</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_SystemManagement</Type>
+				</SimpleTypeEnforcementTypes>
+			</ResourceLabel>
+		</ObjectLabels>
+	</SecurityLabelTemplate>
+</SecurityPolicyDefinition>
+
Index: xen-unstable.hg-shype/tools/security/policies/example/ste/client_v1-security_policy.xml
===================================================================
--- /dev/null
+++ xen-unstable.hg-shype/tools/security/policies/example/ste/client_v1-security_policy.xml
@@ -0,0 +1,149 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
+<!--             This file defines the security policies, which     -->
+<!--             can be enforced by the Xen Access Control Module.  -->
+<!--             Currently: Chinese Wall and Simple Type Enforcement-->
+<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd ">
+	<PolicyHeader>
+		<PolicyName>example.ste.client_v1</PolicyName>
+		<PolicyUrl>www.ibm.com/example/ste/client_v1</PolicyUrl>
+		<Date>2006-03-31</Date>
+	</PolicyHeader>
+	<!--                                                        -->
+	<!-- example of a simple type enforcement policy definition -->
+	<!--                                                        -->
+	<SimpleTypeEnforcement>
+		<SimpleTypeEnforcementTypes>
+			<Type>ste_SystemManagement</Type><!-- machine/security management -->
+			<Type>ste_PersonalFinances</Type><!-- personal finances -->
+			<Type>ste_InternetInsecure</Type><!-- games, active X, etc. -->
+			<Type>ste_DonatedCycles</Type><!-- donation to BOINC/seti@home -->
+			<Type>ste_PersistentStorageA</Type><!-- domain managing the harddrive A-->
+			<Type>ste_NetworkAdapter0</Type><!-- type of the domain managing ethernet adapter 0-->
+		</SimpleTypeEnforcementTypes>
+	</SimpleTypeEnforcement>
+	<SecurityLabelTemplate>
+		<SubjectLabels bootstrap="dom_SystemManagement">
+			<!-- single ste typed domains            -->
+			<!-- ACM enforces that only domains with -->
+			<!-- the same type can share information -->
+			<!--                                     -->
+			<!-- Bootstrap label is assigned to Dom0 -->
+			<VirtualMachineLabel>
+				<Name>dom_HomeBanking</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_PersonalFinances</Type>
+				</SimpleTypeEnforcementTypes>
+			</VirtualMachineLabel>
+
+			<VirtualMachineLabel>
+				<Name>dom_Fun</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_InternetInsecure</Type>
+				</SimpleTypeEnforcementTypes>
+			</VirtualMachineLabel>
+
+			<VirtualMachineLabel>
+				<!-- donating some cycles to seti@home -->
+				<Name>dom_BoincClient</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_DonatedCycles</Type>
+				</SimpleTypeEnforcementTypes>
+			</VirtualMachineLabel>
+
+			<!-- Domains with multiple ste types services; such domains   -->
+			<!-- must keep the types inside their domain safely confined. -->
+			<VirtualMachineLabel>
+				<Name>dom_SystemManagement</Name>
+				<SimpleTypeEnforcementTypes>
+					<!-- since dom0 needs access to every domain and -->
+					<!-- resource right now ... -->
+					<Type>ste_SystemManagement</Type>
+					<Type>ste_PersonalFinances</Type>
+					<Type>ste_InternetInsecure</Type>
+					<Type>ste_DonatedCycles</Type>
+					<Type>ste_PersistentStorageA</Type>
+					<Type>ste_NetworkAdapter0</Type>
+				</SimpleTypeEnforcementTypes>
+			</VirtualMachineLabel>
+
+			<VirtualMachineLabel>
+				<!-- serves persistent storage to other domains -->
+				<Name>dom_StorageDomain</Name>
+				<SimpleTypeEnforcementTypes>
+					<!-- access right to the resource (hard drive a) -->
+					<Type>ste_PersistentStorageA</Type>
+					<!-- can serve following types -->
+					<Type>ste_PersonalFinances</Type>
+					<Type>ste_InternetInsecure</Type>
+				</SimpleTypeEnforcementTypes>
+			</VirtualMachineLabel>
+
+			<VirtualMachineLabel>
+				<!-- serves network access to other domains -->
+				<Name>dom_NetworkDomain</Name>
+				<SimpleTypeEnforcementTypes>
+					<!-- access right to the resource (ethernet card) -->
+					<Type>ste_NetworkAdapter0</Type>
+					<!-- can serve following types -->
+					<Type>ste_PersonalFinances</Type>
+					<Type>ste_InternetInsecure</Type>
+					<Type>ste_DonatedCycles</Type>
+				</SimpleTypeEnforcementTypes>
+			</VirtualMachineLabel>
+		</SubjectLabels>
+
+		<ObjectLabels>
+			<ResourceLabel>
+				<Name>res_ManagementResource</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_SystemManagement</Type>
+				</SimpleTypeEnforcementTypes>
+			</ResourceLabel>
+
+			<ResourceLabel>
+				<Name>res_HardDrive(hda)</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_PersistentStorageA</Type>
+				</SimpleTypeEnforcementTypes>
+			</ResourceLabel>
+
+			<ResourceLabel>
+				<Name>res_LogicalDiskPartition1(hda1)</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_PersonalFinances</Type>
+				</SimpleTypeEnforcementTypes>
+			</ResourceLabel>
+
+			<ResourceLabel>
+				<Name>res_LogicalDiskPartition2(hda2)</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_InternetInsecure</Type>
+				</SimpleTypeEnforcementTypes>
+			</ResourceLabel>
+
+			<ResourceLabel>
+				<Name>res_EthernetCard</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_NetworkAdapter0</Type>
+				</SimpleTypeEnforcementTypes>
+			</ResourceLabel>
+
+			<ResourceLabel>
+				<Name>res_SecurityToken</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_PersonalFinances</Type>
+				</SimpleTypeEnforcementTypes>
+			</ResourceLabel>
+
+			<ResourceLabel>
+				<Name>res_GraphicsAdapter</Name>
+				<SimpleTypeEnforcementTypes>
+					<Type>ste_SystemManagement</Type>
+				</SimpleTypeEnforcementTypes>
+			</ResourceLabel>
+		</ObjectLabels>
+	</SecurityLabelTemplate>
+
+</SecurityPolicyDefinition>
+
Index: xen-unstable.hg-shype/tools/security/policies/null/null-security_label_template.xml
===================================================================
--- xen-unstable.hg-shype.orig/tools/security/policies/null/null-security_label_template.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<?xml version="1.0"?>
-<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
-<!--              This file defines the security labels, which can  -->
-<!--              be attached to Domains and resources. Based on    -->
-<!--              these labels, the access control module decides   -->
-<!--              about sharing between Domains and about access    -->
-<!--              of Domains to real resources.                     -->
-
-<SecurityLabelTemplate
- xmlns="http://www.ibm.com"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
-   <LabelHeader>
-      <Name>null-security_label_template</Name>
-
-      <Date>2005-08-10</Date>
-      <PolicyName>
-         <Url>null-security_policy.xml</Url>
-
-         <Reference>abcdef123456abcdef</Reference>
-      </PolicyName>
-   </LabelHeader>
-</SecurityLabelTemplate>
-
Index: xen-unstable.hg-shype/tools/security/policies/null/null-security_policy.xml
===================================================================
--- xen-unstable.hg-shype.orig/tools/security/policies/null/null-security_policy.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
-<!--             This file defines the security policies, which     -->
-<!--             can be enforced by the Xen Access Control Module.  -->
-<!--             Currently: Chinese Wall and Simple Type Enforcement-->
-<SecurityPolicyDefinition xmlns="http://www.ibm.com"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
-<PolicyHeader>
-		<Name>null-security_policy</Name>
-		<Date>2005-08-10</Date>
-</PolicyHeader>
-</SecurityPolicyDefinition>
-
Index: xen-unstable.hg-shype/tools/security/policies/security_policy.xsd
===================================================================
--- xen-unstable.hg-shype.orig/tools/security/policies/security_policy.xsd
+++ xen-unstable.hg-shype/tools/security/policies/security_policy.xsd
@@ -1,55 +1,37 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Author: Ray Valdez, Reiner Sailer {rvaldez,sailer}@us.ibm.com -->
 <!--         This file defines the schema, which is used to define -->
-<!--         the security policy and the security labels in Xe.    -->
+<!--         the security policy and the security labels in Xen.    -->
 
 <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.ibm.com" xmlns="http://www.ibm.com" elementFormDefault="qualified">
 	<xsd:element name="SecurityPolicyDefinition">
 		<xsd:complexType>
 			<xsd:sequence>
-				<xsd:element ref="PolicyHeader" minOccurs="0" maxOccurs="1"></xsd:element>
+				<xsd:element ref="PolicyHeader" minOccurs="1" maxOccurs="1"></xsd:element>
 				<xsd:element ref="SimpleTypeEnforcement" minOccurs="0" maxOccurs="1"></xsd:element>
 				<xsd:element ref="ChineseWall" minOccurs="0" maxOccurs="1"></xsd:element>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="SecurityLabelTemplate">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="LabelHeader" minOccurs="1" maxOccurs="1"></xsd:element>
-				<xsd:element name="SubjectLabels" minOccurs="0" maxOccurs="1">
-					<xsd:complexType>
-						<xsd:sequence>
-							<xsd:element ref="VirtualMachineLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
-						</xsd:sequence>
-						<xsd:attribute name="bootstrap" type="xsd:string" use="required"></xsd:attribute>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="ObjectLabels" minOccurs="0" maxOccurs="1">
-					<xsd:complexType>
-						<xsd:sequence>
-							<xsd:element ref="ResourceLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
-						</xsd:sequence>
-					</xsd:complexType>
-				</xsd:element>
+				<xsd:element ref="SecurityLabelTemplate" minOccurs="1" maxOccurs="1"></xsd:element>
 			</xsd:sequence>
 		</xsd:complexType>
 	</xsd:element>
 	<xsd:element name="PolicyHeader">
 		<xsd:complexType>
 			<xsd:sequence>
-				<xsd:element ref="Name" minOccurs="1" maxOccurs="1" />
-				<xsd:element ref="Date" minOccurs="1" maxOccurs="1" />
+				<xsd:element name="PolicyName" minOccurs="1" maxOccurs="1" type="xsd:string"></xsd:element>
+				<xsd:element name="PolicyUrl" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element>
+				<xsd:element name="Reference" type="xsd:string" minOccurs="0" maxOccurs="1" />
+				<xsd:element name="Date" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element>
+				<xsd:element name="NameSpaceUrl" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element>
 			</xsd:sequence>
 		</xsd:complexType>
 	</xsd:element>
-	<xsd:element name="LabelHeader">
+	<xsd:element name="ChineseWall">
 		<xsd:complexType>
 			<xsd:sequence>
-				<xsd:element ref="Name"></xsd:element>
-				<xsd:element ref="Date" minOccurs="1" maxOccurs="1"></xsd:element>
-				<xsd:element ref="PolicyName" minOccurs="1" maxOccurs="1"></xsd:element>
+				<xsd:element ref="ChineseWallTypes" minOccurs="1" maxOccurs="1" />
+				<xsd:element ref="ConflictSets" minOccurs="0" maxOccurs="1" />
 			</xsd:sequence>
+			<xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
 		</xsd:complexType>
 	</xsd:element>
 	<xsd:element name="SimpleTypeEnforcement">
@@ -60,13 +42,25 @@
 			<xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
 		</xsd:complexType>
 	</xsd:element>
-	<xsd:element name="ChineseWall">
+	<xsd:element name="SecurityLabelTemplate">
 		<xsd:complexType>
 			<xsd:sequence>
-				<xsd:element ref="ChineseWallTypes" />
-				<xsd:element ref="ConflictSets" />
+				<xsd:element name="SubjectLabels" minOccurs="0" maxOccurs="1">
+					<xsd:complexType>
+						<xsd:sequence>
+							<xsd:element ref="VirtualMachineLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
+						</xsd:sequence>
+						<xsd:attribute name="bootstrap" type="xsd:string" use="required"></xsd:attribute>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="ObjectLabels" minOccurs="0" maxOccurs="1">
+					<xsd:complexType>
+						<xsd:sequence>
+							<xsd:element ref="ResourceLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
+						</xsd:sequence>
+					</xsd:complexType>
+				</xsd:element>
 			</xsd:sequence>
-			<xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
 		</xsd:complexType>
 	</xsd:element>
 	<xsd:element name="ChineseWallTypes">
@@ -115,24 +109,11 @@
 			</xsd:sequence>
 		</xsd:complexType>
 	</xsd:element>
-	<xsd:element name="PolicyName">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="Url" />
-				<xsd:element ref="Reference" />
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Date" type="xsd:string" />
 	<xsd:element name="Name" type="xsd:string" />
 	<xsd:element name="Type" type="xsd:string" />
-	<xsd:element name="Reference" type="xsd:string" />
-	<xsd:element name="Url"></xsd:element>
-
 	<xsd:simpleType name="PolicyOrder">
 		<xsd:restriction base="xsd:string">
 			<xsd:enumeration value="PrimaryPolicyComponent"></xsd:enumeration>
 		</xsd:restriction>
 	</xsd:simpleType>
-
 </xsd:schema>
Index: xen-unstable.hg-shype/tools/security/policies/ste/ste-security_label_template.xml
===================================================================
--- xen-unstable.hg-shype.orig/tools/security/policies/ste/ste-security_label_template.xml
+++ /dev/null
@@ -1,143 +0,0 @@
-<?xml version="1.0"?>
-<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
-<!--              This file defines the security labels, which can  -->
-<!--              be attached to Domains and resources. Based on    -->
-<!--              these labels, the access control module decides   -->
-<!--              about sharing between Domains and about access    -->
-<!--              of Domains to real resources.                     -->
-
-<SecurityLabelTemplate
- xmlns="http://www.ibm.com"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
-   <LabelHeader>
-      <Name>ste-security_label_template</Name>
-      <Date>2005-08-10</Date>
-      <PolicyName>
-         <Url>ste-security_policy.xml</Url>
-         <Reference>abcdef123456abcdef</Reference>
-      </PolicyName>
-   </LabelHeader>
-
-   <SubjectLabels bootstrap="dom_SystemManagement">
-      <!-- single ste typed domains            -->
-      <!-- ACM enforces that only domains with -->
-      <!-- the same type can share information -->
-      <!--                                     -->
-      <!-- Bootstrap label is assigned to Dom0 -->
-      <VirtualMachineLabel>
-      	<Name>dom_HomeBanking</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_PersonalFinances</Type>
-         </SimpleTypeEnforcementTypes>
-      </VirtualMachineLabel>
-
-      <VirtualMachineLabel>
-      	<Name>dom_Fun</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_InternetInsecure</Type>
-         </SimpleTypeEnforcementTypes>
-      </VirtualMachineLabel>
-
-      <VirtualMachineLabel>
-        <!-- donating some cycles to seti@home -->
-      	<Name>dom_BoincClient</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_DonatedCycles</Type>
-         </SimpleTypeEnforcementTypes>
-      </VirtualMachineLabel>
-
-      <!-- Domains with multiple ste types services; such domains   -->
-      <!-- must keep the types inside their domain safely confined. -->
-      <VirtualMachineLabel>
-      	<Name>dom_SystemManagement</Name>
-         <SimpleTypeEnforcementTypes>
-            <!-- since dom0 needs access to every domain and -->
-            <!-- resource right now ... -->
-            <Type>ste_SystemManagement</Type>
-            <Type>ste_PersonalFinances</Type>
-            <Type>ste_InternetInsecure</Type>
-            <Type>ste_DonatedCycles</Type>
-            <Type>ste_PersistentStorageA</Type>
-            <Type>ste_NetworkAdapter0</Type>
-         </SimpleTypeEnforcementTypes>
-      </VirtualMachineLabel>
-
-      <VirtualMachineLabel>
-        <!-- serves persistent storage to other domains -->
-      	<Name>dom_StorageDomain</Name>
-         <SimpleTypeEnforcementTypes>
-            <!-- access right to the resource (hard drive a) -->
-            <Type>ste_PersistentStorageA</Type>
-            <!-- can serve following types -->
-            <Type>ste_PersonalFinances</Type>
-            <Type>ste_InternetInsecure</Type>
-         </SimpleTypeEnforcementTypes>
-      </VirtualMachineLabel>
-
-      <VirtualMachineLabel>
-        <!-- serves network access to other domains -->
-      	<Name>dom_NetworkDomain</Name>
-         <SimpleTypeEnforcementTypes>
-            <!-- access right to the resource (ethernet card) -->
-            <Type>ste_NetworkAdapter0</Type>
-            <!-- can serve following types -->
-            <Type>ste_PersonalFinances</Type>
-            <Type>ste_InternetInsecure</Type>
-            <Type>ste_DonatedCycles</Type>
-         </SimpleTypeEnforcementTypes>
-      </VirtualMachineLabel>
-   </SubjectLabels>
-
-   <ObjectLabels>
-      <ResourceLabel>
-      	<Name>res_ManagementResource</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_SystemManagement</Type>
-         </SimpleTypeEnforcementTypes>
-      </ResourceLabel>
-
-      <ResourceLabel>
-      	<Name>res_HardDrive (hda)</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_PersistentStorageA</Type>
-         </SimpleTypeEnforcementTypes>
-      </ResourceLabel>
-
-      <ResourceLabel>
-      	<Name>res_LogicalDiskPartition1 (hda1)</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_PersonalFinances</Type>
-         </SimpleTypeEnforcementTypes>
-      </ResourceLabel>
-
-      <ResourceLabel>
-      	<Name>res_LogicalDiskPartition2 (hda2)</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_InternetInsecure</Type>
-         </SimpleTypeEnforcementTypes>
-      </ResourceLabel>
-
-      <ResourceLabel>
-      	<Name>res_EthernetCard</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_NetworkAdapter0</Type>
-         </SimpleTypeEnforcementTypes>
-      </ResourceLabel>
-
-      <ResourceLabel>
-      	<Name>res_SecurityToken</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_PersonalFinances</Type>
-         </SimpleTypeEnforcementTypes>
-      </ResourceLabel>
-
-      <ResourceLabel>
-      	<Name>res_GraphicsAdapter</Name>
-         <SimpleTypeEnforcementTypes>
-            <Type>ste_SystemManagement</Type>
-         </SimpleTypeEnforcementTypes>
-      </ResourceLabel>
-   </ObjectLabels>
-</SecurityLabelTemplate>
-
Index: xen-unstable.hg-shype/tools/security/policies/ste/ste-security_policy.xml
===================================================================
--- xen-unstable.hg-shype.orig/tools/security/policies/ste/ste-security_policy.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
-<!--             This file defines the security policies, which     -->
-<!--             can be enforced by the Xen Access Control Module.  -->
-<!--             Currently: Chinese Wall and Simple Type Enforcement-->
-<SecurityPolicyDefinition xmlns="http://www.ibm.com"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
-<PolicyHeader>
-		<Name>ste-security_policy</Name>
-		<Date>2005-08-10</Date>
-</PolicyHeader>
-<!--                                                        -->
-<!-- example of a simple type enforcement policy definition -->
-<!--                                                        -->
-	<SimpleTypeEnforcement>
-        <SimpleTypeEnforcementTypes>
-            <Type>ste_SystemManagement</Type>   <!-- machine/security management -->
-            <Type>ste_PersonalFinances</Type>   <!-- personal finances -->
-            <Type>ste_InternetInsecure</Type>   <!-- games, active X, etc. -->
-            <Type>ste_DonatedCycles</Type>      <!-- donation to BOINC/seti@home -->
-            <Type>ste_PersistentStorageA</Type> <!-- domain managing the harddrive A-->
-            <Type>ste_NetworkAdapter0</Type>    <!-- type of the domain managing ethernet adapter 0-->
-        </SimpleTypeEnforcementTypes>
-	</SimpleTypeEnforcement>
-</SecurityPolicyDefinition>
-


--------------070306050800030708080606
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

--------------070306050800030708080606--