[Xen-changelog] [xen-unstable] xend: Flask MLS security label handling

[Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>]

# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1251297314 -3600
# Node ID 71389988f5d4e6417f7da1d86da984acd5118efc
# Parent  49bfec374bafbbb09c8e7dad6d96474eb6f6c6a4
xend: Flask MLS security label handling

Changed the way security labels are handled to allow domains to be
labeled with Flask MLS security labels.  Changed the error message
generated when an invalid context is submitted to be more useful.

Signed-off-by: Machon B. Gregory <mbgrego@xxxxxxxxxxxxxx>
Signed-off-by: George S. Coker, II <gscoker@xxxxxxxxxxxxxx>
---
 tools/python/xen/util/xsm/flask/flask.py |    2 +-
 tools/python/xen/xend/XendConfig.py      |    5 -----
 tools/python/xen/xm/create.py            |   16 +++++-----------
 3 files changed, 6 insertions(+), 17 deletions(-)

diff -r 49bfec374baf -r 71389988f5d4 tools/python/xen/util/xsm/flask/flask.py
--- a/tools/python/xen/util/xsm/flask/flask.py  Tue Aug 25 16:26:02 2009 +0100
+++ b/tools/python/xen/util/xsm/flask/flask.py  Wed Aug 26 15:35:14 2009 +0100
@@ -25,7 +25,7 @@ def label2ssidref(label, policy, type):
     try:
         return flask.flask_context_to_sid(label)
     except:
-        return ""
+       raise XSMError('Invalid context %s' % label)
 
 def parse_security_label(security_label):
     return security_label
diff -r 49bfec374baf -r 71389988f5d4 tools/python/xen/xend/XendConfig.py
--- a/tools/python/xen/xend/XendConfig.py       Tue Aug 25 16:26:02 2009 +0100
+++ b/tools/python/xen/xend/XendConfig.py       Wed Aug 26 15:35:14 2009 +0100
@@ -802,11 +802,6 @@ class XendConfig(dict):
                 if not sxp.child_value(sxp_cfg, 'security_label'):
                     del cfg['security']
 
-            sec_lab = cfg['security_label'].split(":")
-            if len(sec_lab) != 3:
-                raise XendConfigError("Badly formatted security label: %s"
-                                      % cfg['security_label'])
-
         old_state = sxp.child_value(sxp_cfg, 'state')
         if old_state:
             for i in range(len(CONFIG_OLD_DOM_STATES)):
diff -r 49bfec374baf -r 71389988f5d4 tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py     Tue Aug 25 16:26:02 2009 +0100
+++ b/tools/python/xen/xm/create.py     Wed Aug 26 15:35:14 2009 +0100
@@ -1163,17 +1163,11 @@ def preprocess_access_control(vals):
     num = len(vals.access_control)
     if num == 1:
         access_control = (vals.access_control)[0]
-        d = {}
-        a = access_control.split(',')
-        if len(a) > 2:
-            err('Too many elements in access_control specifier: ' + 
access_control)
-        for b in a:
-            (k, v) = b.strip().split('=', 1)
-            k = k.strip()
-            v = v.strip()
-            if k not in ['policy','label']:
-                err('Invalid access_control specifier: ' + access_control)
-            d[k] = v
+        acc_re = 'policy=(?P<policy>.*),label=(?P<label>.*)'
+        acc_match = re.match(acc_re,access_control)
+        if acc_match == None:
+            err('Invalid access_control specifier: ' + access_control)
+        d = acc_match.groupdict();
         access_controls.append(d)
         vals.access_control = access_controls
     elif num > 1:

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog