From mboxrd@z Thu Jan 1 00:00:00 1970 From: Machon Gregory Subject: [Patch] tools/python/xen Flask MLS security label handling Date: Tue, 25 Aug 2009 14:01:22 -0400 Message-ID: <4A9426F2.40203@tycho.ncsc.mil> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------080703080306080602070609" Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com Cc: gscoker@tycho.ncsc.mil List-Id: xen-devel@lists.xenproject.org This is a multi-part message in MIME format. --------------080703080306080602070609 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Changed the way security labels are handled to allow domains to be labeled with Flask MLS security labels. Changed the error message generated when an invalid context is submitted to be more useful. Signed-off-by: Machon B. Gregory Signed-off-by: George S. Coker, II --- tools/python/xen/util/xsm/flask/flask.py | 2 +- tools/python/xen/xend/XendConfig.py | 5 ----- tools/python/xen/xm/create.py | 16 +++++----------- 3 files changed, 6 insertions(+), 17 deletions(-) -- Machon Gregory National Information Assurance Research Lab (NIARL) --------------080703080306080602070609 Content-Type: text/plain; name="xen-mls-label-handling.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="xen-mls-label-handling.diff" diff -r c5125c0ea051 tools/python/xen/util/xsm/flask/flask.py --- a/tools/python/xen/util/xsm/flask/flask.py +++ b/tools/python/xen/util/xsm/flask/flask.py @@ -25,7 +25,7 @@ try: return flask.flask_context_to_sid(label) except: - return "" + raise XSMError('Invalid context %s' % label) def parse_security_label(security_label): return security_label diff -r c5125c0ea051 tools/python/xen/xend/XendConfig.py --- a/tools/python/xen/xend/XendConfig.py +++ b/tools/python/xen/xend/XendConfig.py @@ -799,11 +799,6 @@ if not sxp.child_value(sxp_cfg, 'security_label'): del cfg['security'] - sec_lab = cfg['security_label'].split(":") - if len(sec_lab) != 3: - raise XendConfigError("Badly formatted security label: %s" - % cfg['security_label']) - old_state = sxp.child_value(sxp_cfg, 'state') if old_state: for i in range(len(CONFIG_OLD_DOM_STATES)): diff -r c5125c0ea051 tools/python/xen/xm/create.py --- a/tools/python/xen/xm/create.py +++ b/tools/python/xen/xm/create.py @@ -1163,17 +1163,11 @@ num = len(vals.access_control) if num == 1: access_control = (vals.access_control)[0] - d = {} - a = access_control.split(',') - if len(a) > 2: - err('Too many elements in access_control specifier: ' + access_control) - for b in a: - (k, v) = b.strip().split('=', 1) - k = k.strip() - v = v.strip() - if k not in ['policy','label']: - err('Invalid access_control specifier: ' + access_control) - d[k] = v + acc_re = 'policy=(?P.*),label=(?P