From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vincent Hanquez Subject: [PATCH 3/3] add flask capabilities in python xc bindings Date: Tue, 22 Jun 2010 10:26:58 +0100 Message-ID: <1277198818-27090-4-git-send-email-vincent.hanquez@eu.citrix.com> References: <1277198818-27090-1-git-send-email-vincent.hanquez@eu.citrix.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------1.7.1" Return-path: In-Reply-To: <1277198818-27090-1-git-send-email-vincent.hanquez@eu.citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Xen Devel Cc: Vincent Hanquez List-Id: xen-devel@lists.xenproject.org --------------1.7.1 Content-Type: text/plain; charset="UTF-8"; format=fixed Content-Transfer-Encoding: quoted-printable Signed-off-by: Vincent Hanquez --- tools/python/xen/lowlevel/xc/xc.c | 251 +++++++++++++++++++++++++++++++= ++++++ 1 files changed, 251 insertions(+), 0 deletions(-) --------------1.7.1 Content-Type: text/x-patch; name="0003-add-flask-capabilities-in-python-xc-bindings.patch" Content-Disposition: attachment; filename="0003-add-flask-capabilities-in-python-xc-bindings.patch" Content-Transfer-Encoding: quoted-printable diff --git a/tools/python/xen/lowlevel/xc/xc.c b/tools/python/xen/lowleve= l/xc/xc.c index a7286c4..66d247b 100644 --- a/tools/python/xen/lowlevel/xc/xc.c +++ b/tools/python/xen/lowlevel/xc/xc.c @@ -34,6 +34,8 @@ #define PKG "xen.lowlevel.xc" #define CLS "xc" =20 +#define FLASK_CTX_LEN 1024 + static PyObject *xc_error_obj, *zero; =20 typedef struct { @@ -2077,6 +2079,202 @@ static PyObject *pyxc_cpupool_freeinfo(XcObject *= self) return cpumap_to_cpulist(cpumap); } =20 +static PyObject *pyflask_context_to_sid(PyObject *self, PyObject *args, + PyObjec= t *kwds) +{ + xc_interface *xc_handle; + char *ctx; + char *buf; + uint32_t len; + uint32_t sid; + int ret; + + static char *kwd_list[] =3D { "context", NULL }; + + if ( !PyArg_ParseTupleAndKeywords(args, kwds, "s", kwd_list, + &ctx) ) + return NULL; + + len =3D strlen(ctx); + + buf =3D malloc(len); + if (!buf) { + errno =3D -ENOMEM; + PyErr_SetFromErrno(xc_error_obj); + } + =20 + memcpy(buf, ctx, len); + =20 + xc_handle =3D xc_interface_open(0,0,0); + if (!xc_handle) { + free(buf); + return PyErr_SetFromErrno(xc_error_obj); + } + =20 + ret =3D xc_flask_context_to_sid(xc_handle, buf, len, &sid); + =20 + xc_interface_close(xc_handle); + + free(buf); + =20 + if ( ret !=3D 0 ) { + errno =3D -ret; + return PyErr_SetFromErrno(xc_error_obj); + } + + return PyInt_FromLong(sid); +} + +static PyObject *pyflask_sid_to_context(PyObject *self, PyObject *args, + PyObjec= t *kwds) +{ + xc_interface *xc_handle; + uint32_t sid; + char ctx[FLASK_CTX_LEN]; + uint32_t ctx_len =3D FLASK_CTX_LEN; + int ret; + + static char *kwd_list[] =3D { "sid", NULL }; + + if ( !PyArg_ParseTupleAndKeywords(args, kwds, "i", kwd_list, + &sid) ) + return NULL; + + xc_handle =3D xc_interface_open(0,0,0); + if (!xc_handle) { + return PyErr_SetFromErrno(xc_error_obj); + } + =20 + ret =3D xc_flask_sid_to_context(xc_handle, sid, ctx, ctx_len); + =20 + xc_interface_close(xc_handle); + =20 + if ( ret !=3D 0 ) { + errno =3D -ret; + return PyErr_SetFromErrno(xc_error_obj); + } + + return Py_BuildValue("s", ctx, ctx_len); +} + +static PyObject *pyflask_load(PyObject *self, PyObject *args, PyObject *= kwds) +{ + xc_interface *xc_handle; + char *policy; + uint32_t len; + int ret; + + static char *kwd_list[] =3D { "policy", NULL }; + =20 + if( !PyArg_ParseTupleAndKeywords(args, kwds, "s#", kwd_list, &policy= , &len) ) + return NULL; + + xc_handle =3D xc_interface_open(0,0,0); + if (!xc_handle) { + return PyErr_SetFromErrno(xc_error_obj); + } + + ret =3D xc_flask_load(xc_handle, policy, len); + + xc_interface_close(xc_handle); + + if ( ret !=3D 0 ) { + errno =3D -ret; + return PyErr_SetFromErrno(xc_error_obj); + } + + return Py_BuildValue("i", ret); +} + +static PyObject *pyflask_getenforce(PyObject *self) +{ + xc_interface *xc_handle; + int ret; + + xc_handle =3D xc_interface_open(0,0,0); + if (!xc_handle) { + return PyErr_SetFromErrno(xc_error_obj); + } + =20 + ret =3D xc_flask_getenforce(xc_handle); + =20 + xc_interface_close(xc_handle); + =20 + if ( ret < 0 ) { + errno =3D -ret; + return PyErr_SetFromErrno(xc_error_obj); + } + + return Py_BuildValue("i", ret); +} + +static PyObject *pyflask_setenforce(PyObject *self, PyObject *args, + PyObject *kw= ds) +{ + xc_interface *xc_handle; + int mode; + int ret; + + static char *kwd_list[] =3D { "mode", NULL }; + + if ( !PyArg_ParseTupleAndKeywords(args, kwds, "i", kwd_list, + &mode) ) + return NULL; + + xc_handle =3D xc_interface_open(0,0,0); + if (!xc_handle) { + return PyErr_SetFromErrno(xc_error_obj); + } + =20 + ret =3D xc_flask_setenforce(xc_handle, mode); + =20 + xc_interface_close(xc_handle); + =20 + if ( ret !=3D 0 ) { + errno =3D -ret; + return PyErr_SetFromErrno(xc_error_obj); + } + + return Py_BuildValue("i", ret); +} + +static PyObject *pyflask_access(PyObject *self, PyObject *args, + PyObject *kwds) +{ + xc_interface *xc_handle; + char *tcon, *scon; + uint16_t tclass; + uint32_t req, allowed, decided, auditallow, auditdeny, seqno; + int ret; + + static char *kwd_list[] =3D { "src_context", "tar_context",=20 + "tar_class", "req_permissions", + "decided", "auditallow","auditdeny", + "seqno", NULL }; + + if ( !PyArg_ParseTupleAndKeywords(args, kwds, "ssil|llll", kwd_list, + &scon, &tcon, &tclass, &req, &deci= ded, + &auditallow, &auditdeny, &seqno) ) + return NULL; + + xc_handle =3D xc_interface_open(0,0,0); + if (!xc_handle) { + return PyErr_SetFromErrno(xc_error_obj); + } + =20 + ret =3D xc_flask_access(xc_handle, scon, tcon, tclass, req, &allowed= , &decided, + &auditallow, &auditdeny, &seqno); + =20 + xc_interface_close(xc_handle); + + if ( ret !=3D 0 ) { + errno =3D -ret; + return PyErr_SetFromErrno(xc_error_obj); + } + + return Py_BuildValue("i",ret); +} + static PyMethodDef pyxc_methods[] =3D { { "domain_create",=20 (PyCFunction)pyxc_domain_create,=20 @@ -2676,6 +2874,59 @@ static PyMethodDef pyxc_methods[] =3D { "Get info about cpus not in any cpupool.\n" "Returns: [list]: List of CPUs\n" }, =20 + { "flask_context_to_sid", + (PyCFunction)pyflask_context_to_sid, + METH_KEYWORDS, "\n" + "Convert a context string to a dynamic SID.\n" + " context [str]: String specifying context to be converted\n" + "Returns: [int]: Numeric SID on success; -1 on error.\n" }, + + { "flask_sid_to_context", + (PyCFunction)pyflask_sid_to_context, + METH_KEYWORDS, "\n" + "Convert a dynamic SID to context string.\n" + " context [int]: SID to be converted\n" + "Returns: [str]: Numeric SID on success; -1 on error.\n" }, + + { "flask_load", + (PyCFunction)pyflask_load, + METH_KEYWORDS, "\n" + "Loads a policy into the hypervisor.\n" + " policy [str]: policy to be load\n" + "Returns: [int]: 0 on success; -1 on failure.\n" },=20 + =20 + { "flask_getenforce", + (PyCFunction)pyflask_getenforce, + METH_NOARGS, "\n" + "Returns the current mode of the Flask XSM module.\n" + "Returns: [int]: 0 for permissive; 1 for enforcing; -1 on failure.= \n" },=20 + + { "flask_setenforce", + (PyCFunction)pyflask_setenforce, + METH_KEYWORDS, "\n" + "Modifies the current mode for the Flask XSM module.\n" + " mode [int]: mode to change to\n" + "Returns: [int]: 0 on success; -1 on failure.\n" },=20 + + { "flask_access", + (PyCFunction)pyflask_access, + METH_KEYWORDS, "\n" + "Returns whether a source context has access to target context bas= ed on \ + class and permissions requested.\n" + " scon [str]: source context\n" + " tcon [str]: target context\n" + " tclass [int]: target security class\n" + " req [int] requested permissions\n" + " allowed [int] permissions allow for the target class between the= source \ + and target context\n" + " decided [int] the permissions that were returned in the allowed = \ + parameter\n" + " auditallow [int] permissions set to audit on allow\n" + " auditdeny [int] permissions set to audit on deny\n" + " seqno [int] not used\n" + "Returns: [int]: 0 on all permission granted; -1 if any permission= s are \ + denied\n" },=20 + { NULL, NULL, 0, NULL } }; =20 --------------1.7.1 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --------------1.7.1--