[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [Patch 4 / 8][ACM] - policy generation tool support



This patch adds support for managing and creating the simplified policies to the policy generation tools.

Signed-off by: Thomas Lendacky <toml@xxxxxxxxxx>
Signed-off by: Reiner Sailer <sailer@xxxxxxxxxx>

---
 tools/security/python/xensec_gen/cgi-bin/policylabel.cgi | 1396 ---------------
 tools/security/python/xensec_gen/cgi-bin/policy.cgi      | 1338 ++++++++++++--
 tools/security/python/xensec_gen/index.html              |   58 
 3 files changed, 1196 insertions(+), 1596 deletions(-)

Index: xen-unstable.hg-shype/tools/security/python/xensec_gen/cgi-bin/policy.cgi
===================================================================
--- 
xen-unstable.hg-shype.orig/tools/security/python/xensec_gen/cgi-bin/policy.cgi
+++ xen-unstable.hg-shype/tools/security/python/xensec_gen/cgi-bin/policy.cgi
@@ -2,7 +2,7 @@
 #
 # The Initial Developer of the Original Code is International
 # Business Machines Corporation. Portions created by IBM
-# Corporation are Copyright (C) 2005 International Business
+# Corporation are Copyright (C) 2005, 2006 International Business
 # Machines Corporation. All Rights Reserved.
 #
 # This program is free software; you can redistribute it and/or modify
@@ -31,9 +31,9 @@ from StringIO import StringIO
 from sets import Set
 
 def getSavedData( ):
-       global formData, policyXml, formVariables, formCSNames
-       global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
-       global allCSMTypes
+       global formData, policyXml
+       global formVariables, formCSNames, formVmNames, formResNames
+       global allCSMTypes, allVmChWs, allVmStes, allResStes
 
        # Process the XML upload policy file
        if formData.has_key( 'i_policy' ):
@@ -64,6 +64,46 @@ def getSavedData( ):
                        if len( dataList ) > 0:
                                exec 'allCSMTypes[csName][1] = ' + dataList[0]
 
+       # The form can contain any number of "Virtual Machines"
+       #   so update the list of form variables to include
+       #   each virtual machine (hidden input variable)
+       for vmName in formVmNames[1]:
+               newVm( vmName )
+
+               vmFormVar = allVmChWs[vmName]
+               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
+                       dataList = formData.getlist( vmFormVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( vmFormVar[1], list ):
+                                       exec 'vmFormVar[1] = ' + dataList[0]
+                               else:
+                                       vmFormVar[1] = dataList[0]
+
+               vmFormVar = allVmStes[vmName]
+               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
+                       dataList = formData.getlist( vmFormVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( vmFormVar[1], list ):
+                                       exec 'vmFormVar[1] = ' + dataList[0]
+                               else:
+                                       vmFormVar[1] = dataList[0]
+
+       # The form can contain any number of "Resources"
+       #   so update the list of form variables to include
+       #   each resource (hidden input variable)
+       for resName in formResNames[1]:
+               newRes( resName )
+
+               resFormVar = allResStes[resName]
+               if (resFormVar[2] != '') and formData.has_key( resFormVar[2] ):
+                       dataList = formData.getlist( resFormVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( resFormVar[1], list ):
+                                       exec 'resFormVar[1] = ' + dataList[0]
+                               else:
+                                       resFormVar[1] = dataList[0]
+
+
 def getCurrentTime( ):
        return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
 
@@ -77,14 +117,49 @@ def getName( domNode ):
        for childNode in nameNodes[0].childNodes:
                if childNode.nodeType == xml.dom.Node.TEXT_NODE:
                        name = name + childNode.data
+       return name
+
+def getPolicyName( domNode ):
+       nameNodes = domNode.getElementsByTagName( 'PolicyName' )
+       if len( nameNodes ) == 0:
+               formatXmlError( '"<PolicyName>" tag is missing' )
+               return None
+
+       name = ''
+       for childNode in nameNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       name = name + childNode.data
 
        return name
 
+def getUrl( domNode ):
+       urlNodes = domNode.getElementsByTagName( 'PolicyUrl' )
+       if len( urlNodes ) == 0:
+               return ''
+
+       url = ''
+       for childNode in urlNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       url = url + childNode.data
+
+       return url
+
+def getRef( domNode ):
+       refNodes = domNode.getElementsByTagName( 'Reference' )
+       if len( refNodes ) == 0:
+               return ''
+
+       ref = ''
+       for childNode in refNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       ref = ref + childNode.data
+
+       return ref
+
 def getDate( domNode ):
        dateNodes = domNode.getElementsByTagName( 'Date' )
        if len( dateNodes ) == 0:
-               formatXmlError( '"<Date>" tag is missing' )
-               return None
+               return ''
 
        date = ''
        for childNode in dateNodes[0].childNodes:
@@ -93,6 +168,18 @@ def getDate( domNode ):
 
        return date
 
+def getNSUrl( domNode ):
+       urlNodes = domNode.getElementsByTagName( 'NameSpaceUrl' )
+       if len( urlNodes ) == 0:
+               return ''
+
+       url = ''
+       for childNode in urlNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       url = url + childNode.data
+
+       return url
+
 def getSteTypes( domNode, missingIsError = 0 ):
        steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
        if len( steNodes ) == 0:
@@ -170,9 +257,7 @@ def formatXmlGenError( msg ):
        xmlMessages.append( cgi.escape( msg ) )
 
 def parseXml( xmlInput ):
-       global xmlMessages, xmlError, xmlLine, xmlColumn
-
-       xmlParser  = xml.sax.make_parser( )
+       xmlParser = xml.sax.make_parser( )
        try:
                domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
 
@@ -198,14 +283,16 @@ def parseXml( xmlInput ):
 
 def parsePolicyXml( ):
        global policyXml
-       global formPolicyName, formPolicyDate, formPolicyOrder
-       global formSteTypes, formChWallTypes
-       global allCSMTypes
+       global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, 
formPolicyNSUrl
+       global formPolicyOrder
+       global formSteTypes, formChWallTypes, formVmNames, formVmNameDom0
+       global allCSMTypes, allVmStes, allVmChWs
 
        domDoc = parseXml( policyXml )
        if domDoc == None:
                return
 
+       # Process the PolicyHeader
        domRoot    = domDoc.documentElement
        domHeaders = domRoot.getElementsByTagName( 'PolicyHeader' )
        if len( domHeaders ) == 0:
@@ -215,7 +302,7 @@ def parsePolicyXml( ):
                formatXmlError( msg )
                return
 
-       pName = getName( domHeaders[0] )
+       pName = getPolicyName( domHeaders[0] )
        if pName == None:
                msg = ''
                msg = msg + 'Error processing the Policy header information.\n'
@@ -223,18 +310,13 @@ def parsePolicyXml( ):
                formatXmlError( msg )
                return
 
-       formPolicyName[1] = pName
-
-       pDate = getDate( domHeaders[0] )
-       if pDate == None:
-               msg = ''
-               msg = msg + 'Error processing the Policy header information.\n'
-               msg = msg + 'Please validate the Policy file used.'
-               formatXmlError( msg )
-               return
-
-       formPolicyDate[1] = pDate
+       formPolicyName[1]  = pName
+       formPolicyUrl[1]   = getUrl( domHeaders[0] )
+       formPolicyRef[1]   = getRef( domHeaders[0] )
+       formPolicyDate[1]  = getDate( domHeaders[0] )
+       formPolicyNSUrl[1] = getNSUrl( domHeaders[0] )
 
+       # Process the STEs
        pOrder = ''
        domStes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
        if len( domStes ) > 0:
@@ -259,6 +341,7 @@ def parsePolicyXml( ):
 
                formSteTypes[1] = steTypes
 
+       # Process the ChineseWalls and Conflict Sets
        domChWalls = domRoot.getElementsByTagName( 'ChineseWall' )
        if len( domChWalls ) > 0:
                if domChWalls[0].hasAttribute( 'priority' ):
@@ -291,45 +374,39 @@ def parsePolicyXml( ):
                formChWallTypes[1] = chwTypes
 
                csNodes = domChWalls[0].getElementsByTagName( 'ConflictSets' )
-               if len( csNodes ) == 0:
-                       msg = ''
-                       msg = msg + 'Required "<ConflictSets>" tag missing.\n'
-                       msg = msg + 'Please validate the Policy file used.'
-                       formatXmlError( msg )
-                       return
-
-               cNodes = csNodes[0].getElementsByTagName( 'Conflict' )
-               if len( cNodes ) == 0:
-                       msg = ''
-                       msg = msg + 'Required "<Conflict>" tag missing.\n'
-                       msg = msg + 'Please validate the Policy file used.'
-                       formatXmlError( msg )
-                       return
-
-               for cNode in cNodes:
-                       csName = cNode.getAttribute( 'name' )
-                       newCS( csName, 1 )
-
-                       csMemberList = getTypes( cNode )
-                       if csMemberList == None:
+               if csNodes and (len( csNodes ) > 0):
+                       cNodes = csNodes[0].getElementsByTagName( 'Conflict' )
+                       if not cNodes or len( cNodes ) == 0:
                                msg = ''
-                               msg = msg + 'Error processing the Conflict Set 
members.\n'
+                               msg = msg + 'Required "<Conflict>" tag 
missing.\n'
                                msg = msg + 'Please validate the Policy file 
used.'
                                formatXmlError( msg )
                                return
 
-                       # Verify the conflict set members are valid types
-                       ctSet = Set( formChWallTypes[1] )
-                       csSet = Set( csMemberList )
-                       if not csSet.issubset( ctSet ):
-                               msg = ''
-                               msg = msg + 'Error processing Conflict Set "' + 
csName + '".\n'
-                               msg = msg + 'Members of the conflict set are 
not valid '
-                               msg = msg + 'Chinese Wall types.\n'
-                               msg = msg + 'Please validate the Policy file 
used.'
-                               formatXmlError( msg )
+                       for cNode in cNodes:
+                               csName = cNode.getAttribute( 'name' )
+                               newCS( csName, 1 )
+
+                               csMemberList = getTypes( cNode )
+                               if csMemberList == None:
+                                       msg = ''
+                                       msg = msg + 'Error processing the 
Conflict Set members.\n'
+                                       msg = msg + 'Please validate the Policy 
file used.'
+                                       formatXmlError( msg )
+                                       return
+
+                               # Verify the conflict set members are valid 
types
+                               ctSet = Set( formChWallTypes[1] )
+                               csSet = Set( csMemberList )
+                               if not csSet.issubset( ctSet ):
+                                       msg = ''
+                                       msg = msg + 'Error processing Conflict 
Set "' + csName + '".\n'
+                                       msg = msg + 'Members of the conflict 
set are not valid '
+                                       msg = msg + 'Chinese Wall types.\n'
+                                       msg = msg + 'Please validate the Policy 
file used.'
+                                       formatXmlError( msg )
 
-                       allCSMTypes[csName][1] = csMemberList
+                                       allCSMTypes[csName][1] = csMemberList
 
        if pOrder != '':
                formPolicyOrder[1] = pOrder
@@ -342,6 +419,74 @@ def parsePolicyXml( ):
                        formatXmlError( msg )
                        return
 
+       # Process the Labels
+       domLabels = domRoot.getElementsByTagName( 'SecurityLabelTemplate' )
+       if not domLabels or (len( domLabels ) == 0):
+               msg = ''
+               msg = msg + '<SecurityLabelTemplate> tag is missing.\n'
+               msg = msg + 'Please validate the Policy file used.'
+               formatXmlError( msg )
+               return
+
+
+       # Process the VMs
+       domSubjects = domLabels[0].getElementsByTagName( 'SubjectLabels' )
+       if len( domSubjects ) > 0:
+               formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' )
+               domNodes = domSubjects[0].getElementsByTagName( 
'VirtualMachineLabel' )
+               for domNode in domNodes:
+                       vmName = getName( domNode )
+                       if vmName == None:
+                               msg = ''
+                               msg = msg + 'Error processing the 
VirtualMachineLabel name.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               continue
+
+                       steTypes = getSteTypes( domNode )
+                       if steTypes == None:
+                               msg = ''
+                               msg = msg + 'Error processing the 
SimpleTypeEnforcement types.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       chwTypes = getChWTypes( domNode )
+                       if chwTypes == None:
+                               msg = ''
+                               msg = msg + 'Error processing the ChineseWall 
types.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       newVm( vmName, 1 )
+                       allVmStes[vmName][1] = steTypes
+                       allVmChWs[vmName][1] = chwTypes
+
+       # Process the Resources
+       domObjects = domLabels[0].getElementsByTagName( 'ObjectLabels' )
+       if len( domObjects ) > 0:
+               domNodes = domObjects[0].getElementsByTagName( 'ResourceLabel' )
+               for domNode in domNodes:
+                       resName = getName( domNode )
+                       if resName == None:
+                               msg = ''
+                               msg = msg + 'Error processing the ResourceLabel 
name.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               continue
+
+                       steTypes = getSteTypes( domNode )
+                       if steTypes == None:
+                               msg = ''
+                               msg = msg + 'Error processing the 
SimpleTypeEnforcement types.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       newRes( resName, 1 )
+                       allResStes[resName][1] = steTypes
+
 def modFormTemplate( formTemplate, suffix ):
        formVar = [x for x in formTemplate]
 
@@ -383,19 +528,80 @@ def newCS( csName, addToList = 0 ):
                        formCSNames[1].append( csName )
                        formCSNames[1] = removeDups( formCSNames[1] )
 
+def newVm( vmName, addToList = 0 ):
+       global formVmNames
+       global templateVmDel, allVmDel, templateVmDom0, allVmDom0
+       global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd
+       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+       global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd
+       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+       # Make sure we have an actual name and check one of the 'all'
+       # variables to be sure it hasn't been previously defined
+       if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )):
+               vmSuffix = '_' + vmName
+               allVmDom0[vmName]   = modFormTemplate( templateVmDom0,   
vmSuffix )
+               allVmDel[vmName]    = modFormTemplate( templateVmDel,    
vmSuffix )
+               allVmChWs[vmName]   = modFormTemplate( templateVmChWs,   
vmSuffix )
+               allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, 
vmSuffix )
+               allVmChW[vmName]    = modFormTemplate( templateVmChW,    
vmSuffix )
+               allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, 
vmSuffix )
+               allVmStes[vmName]   = modFormTemplate( templateVmStes,   
vmSuffix )
+               allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, 
vmSuffix )
+               allVmSte[vmName]    = modFormTemplate( templateVmSte,    
vmSuffix )
+               allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, 
vmSuffix )
+               if addToList == 1:
+                       formVmNames[1].append( vmName )
+                       formVmNames[1] = removeDups( formVmNames[1] )
+
+def newRes( resName, addToList = 0 ):
+       global formResNames
+       global templateResDel, allResDel
+       global templateResStes, templateResSteDel, templateResSte, 
templateResSteAdd
+       global allResStes, allResSteDel, allResSteType, allResSteAdd
+
+       # Make sure we have an actual name and check one of the 'all'
+       # variables to be sure it hasn't been previously defined
+       if (len( resName ) > 0) and (not allResDel.has_key( resName )):
+               resSuffix = '_' + resName
+               allResDel[resName]    = modFormTemplate( templateResDel,    
resSuffix )
+               allResStes[resName]   = modFormTemplate( templateResStes,   
resSuffix )
+               allResSteDel[resName] = modFormTemplate( templateResSteDel, 
resSuffix )
+               allResSte[resName]    = modFormTemplate( templateResSte,    
resSuffix )
+               allResSteAdd[resName] = modFormTemplate( templateResSteAdd, 
resSuffix )
+               if addToList == 1:
+                       formResNames[1].append( resName )
+                       formResNames[1] = removeDups( formResNames[1] )
+
 def updateInfo( ):
-       global formData, formPolicyName, formPolicyDate, formPolicyOrder
+       global formData, formPolicyName, formPolicyUrl, formPolicyRef, 
formPolicyDate, formPolicyNSUrl
+       global formPolicyOrder
 
        if formData.has_key( formPolicyName[3] ):
                formPolicyName[1] = formData[formPolicyName[3]].value
        elif formData.has_key( formPolicyUpdate[3] ):
                formPolicyName[1] = ''
 
+       if formData.has_key( formPolicyUrl[3] ):
+               formPolicyUrl[1] = formData[formPolicyUrl[3]].value
+       elif formData.has_key( formPolicyUpdate[3] ):
+               formPolicyUrl[1] = ''
+
+       if formData.has_key( formPolicyRef[3] ):
+               formPolicyRef[1] = formData[formPolicyRef[3]].value
+       elif formData.has_key( formPolicyUpdate[3] ):
+               formPolicyRef[1] = ''
+
        if formData.has_key( formPolicyDate[3] ):
                formPolicyDate[1] = formData[formPolicyDate[3]].value
        elif formData.has_key( formPolicyUpdate[3] ):
                formPolicyDate[1] = ''
 
+       if formData.has_key( formPolicyNSUrl[3] ):
+               formPolicyNSUrl[1] = formData[formPolicyNSUrl[3]].value
+       elif formData.has_key( formPolicyUpdate[3] ):
+               formPolicyNSUrl[1] = ''
+
        if formData.has_key( formPolicyOrder[3] ):
                formPolicyOrder[1] = formData[formPolicyOrder[3]].value
 
@@ -483,6 +689,136 @@ def delCSMember( csName ):
                        csm = csm.strip( )
                        formVar[1].remove( csm )
 
+def addVm( ):
+       global formData, fromVmName, formVmNames, formVmNameDom0
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formVmAdd[3] )):
+               if formData.has_key( formVmName[3] ):
+                       vmName = formData[formVmName[3]].value
+                       vmName = vmName.strip( )
+                       newVm( vmName, 1 )
+                       if formVmNameDom0[1] == '':
+                               formVmNameDom0[1] = vmName
+
+def delVm( vmName ):
+       global formVmNames, formVmNameDom0
+       global allVmDel, allVmDom0
+       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+       vmName = vmName.strip( )
+       formVmNames[1].remove( vmName )
+       del allVmDom0[vmName]
+       del allVmDel[vmName]
+       del allVmChWs[vmName]
+       del allVmChWDel[vmName]
+       del allVmChW[vmName]
+       del allVmChWAdd[vmName]
+       del allVmStes[vmName]
+       del allVmSteDel[vmName]
+       del allVmSte[vmName]
+       del allVmSteAdd[vmName]
+
+       if formVmNameDom0[1] == vmName:
+               if len( formVmNames[1] ) > 0:
+                       formVmNameDom0[1] = formVmNames[1][0]
+               else:
+                       formVmNameDom0[1] = ''
+
+def makeVmDom0( vmName ):
+       global formVmNameDom0
+
+       vmName = vmName.strip( )
+       formVmNameDom0[1] = vmName
+
+def addVmChW( vmName ):
+       global formData, allVmChW, allVmChWs
+
+       formVar = allVmChW[vmName]
+       if formData.has_key( formVar[3] ):
+               chwList = formData.getlist( formVar[3] )
+               formVar = allVmChWs[vmName]
+               for chw in chwList:
+                       chw = chw.strip( )
+                       formVar[1].append( chw )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delVmChW( vmName ):
+       global formData, allVmChWs
+
+       formVar = allVmChWs[vmName]
+       if formData.has_key( formVar[3] ):
+               chwList = formData.getlist( formVar[3] )
+               for chw in chwList:
+                       chw = chw.strip( )
+                       formVar[1].remove( chw )
+
+def addVmSte( vmName ):
+       global formData, allVmSte, allVmStes
+
+       formVar = allVmSte[vmName]
+       if formData.has_key( formVar[3] ):
+               steList = formData.getlist( formVar[3] )
+               formVar = allVmStes[vmName]
+               for ste in steList:
+                       ste = ste.strip( )
+                       formVar[1].append( ste )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delVmSte( vmName ):
+       global formData, allVmStes
+
+       formVar = allVmStes[vmName]
+       if formData.has_key( formVar[3] ):
+               steList = formData.getlist( formVar[3] )
+               for ste in steList:
+                       ste = ste.strip( )
+                       formVar[1].remove( ste )
+
+def addRes( ):
+       global formData, fromResName, formResNames
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formResAdd[3] )):
+               if formData.has_key( formResName[3] ):
+                       resName = formData[formResName[3]].value
+                       resName = resName.strip( )
+                       newRes( resName, 1 )
+
+def delRes( resName ):
+       global formResNames
+       global allResDel
+       global allResStes, allResSteDel, allResSteType, allResSteAdd
+
+       resName = resName.strip( )
+       formResNames[1].remove( resName )
+       del allResDel[resName]
+       del allResStes[resName]
+       del allResSteDel[resName]
+       del allResSte[resName]
+       del allResSteAdd[resName]
+
+def addResSte( vmName ):
+       global formData, allResSte, allResStes
+
+       formVar = allResSte[vmName]
+       if formData.has_key( formVar[3] ):
+               steList = formData.getlist( formVar[3] )
+               formVar = allResStes[vmName]
+               for ste in steList:
+                       ste = ste.strip( )
+                       formVar[1].append( ste )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delResSte( vmName ):
+       global formData, allResStes
+
+       formVar = allResStes[vmName]
+       if formData.has_key( formVar[3] ):
+               steList = formData.getlist( formVar[3] )
+               for ste in steList:
+                       ste = ste.strip( )
+                       formVar[1].remove( ste )
+
 def processRequest( ):
        global policyXml
        global formData, formPolicyUpdate
@@ -490,6 +826,12 @@ def processRequest( ):
        global formChWallAdd, formChWallDel
        global formCSAdd, allCSDel
        global formCSNames, allCSMAdd, allCSMDel
+       global formVmAdd
+       global formVmNames, allVmDel, allVmDom0
+       global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel
+       global formResAdd
+       global formResNames, allResDel
+       global allResSteAdd, allResSteDel
 
        if policyXml != '':
                parsePolicyXml( )
@@ -498,11 +840,13 @@ def processRequest( ):
        # an action is performed
        updateInfo( )
 
-       # Allow the adding of types/sets if the user has hit the
-       # enter key when attempting to add a type/set
+       # Allow the adding of types/sets/vms if the user has hit the
+       # enter key when attempting to add a type/set/vm
        addSteType( )
        addChWallType( )
        addCS( )
+       addVm( )
+       addRes( )
 
        if formData.has_key( formSteDel[3] ):
                delSteType( )
@@ -522,6 +866,37 @@ def processRequest( ):
                        elif formData.has_key( allCSMDel[csName][3] ):
                                delCSMember( csName )
 
+       for vmName in formVmNames[1]:
+               if formData.has_key( allVmDel[vmName][3] ):
+                       delVm( vmName )
+                       continue
+
+               if formData.has_key( allVmDom0[vmName][3] ):
+                       makeVmDom0( vmName )
+
+               if formData.has_key( allVmChWAdd[vmName][3] ):
+                       addVmChW( vmName )
+
+               elif formData.has_key( allVmChWDel[vmName][3] ):
+                       delVmChW( vmName )
+
+               elif formData.has_key( allVmSteAdd[vmName][3] ):
+                       addVmSte( vmName )
+
+               elif formData.has_key( allVmSteDel[vmName][3] ):
+                       delVmSte( vmName )
+
+       for resName in formResNames[1]:
+               if formData.has_key( allResDel[resName][3] ):
+                       delRes( resName )
+                       continue
+
+               if formData.has_key( allResSteAdd[resName][3] ):
+                       addResSte( resName )
+
+               elif formData.has_key( allResSteDel[resName][3] ):
+                       delResSte( resName )
+
 def makeName( name, suffix='' ):
        rName = name
        if suffix != '':
@@ -553,7 +928,7 @@ def makeValue( value, suffix='' ):
 def makeValueAttr( value, suffix='' ):
        return 'value="' + makeValue( value, suffix ) + '"'
 
-def sendHtmlFormVar( formVar, attrs='' ):
+def sendHtmlFormVar( formVar, attrs='', rb_select=0 ):
        nameAttr  = ''
        valueAttr = ''
        htmlText  = ''
@@ -614,7 +989,7 @@ def sendHtmlFormVar( formVar, attrs='' )
 
                                print '<INPUT type="radio"', nameAttr, 
valueAttr, addAttrs, checked, '>', htmlText, '<BR>'
 
-       if formVar[2] != '':
+       if ( formVar[2] != '' ) and ( rb_select == 0 ):
                nameAttr = makeNameAttr( formVar[2] )
                valueAttr = makeValueAttr( formVar[1] )
                print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
@@ -625,7 +1000,9 @@ def sendHtmlHeaders( ):
        print
 
 def sendPolicyHtml( ):
-       global xmlError, xmlIncomplete, xmlMessages, formXmlGen
+       global xmlError, xmlIncomplete, xmlMessages
+       global formDefaultButton, formXmlGen
+       global formVmNameDom0
 
        print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
        print '  "http://www.w3.org/TR/html4/loose.dtd";>'
@@ -704,12 +1081,17 @@ def sendPolicyHtml( ):
        print '  <TR>'
        print '    <TD>'
        print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="49%">'
+       print '          <COL width="2%">'
+       print '          <COL width="49%">'
+       print '        </COLGROUP>'
        print '        <TR>'
-       print '          <TD width="49%">'
+       print '          <TD>'
        sendPSteHtml( )
        print '          </TD>'
-       print '          <TD width="2%">&nbsp;</TD>'
-       print '          <TD width="49%">'
+       print '          <TD>&nbsp;</TD>'
+       print '          <TD>'
        sendPChWallHtml( )
        print '          </TD>'
        print '        </TR>'
@@ -717,7 +1099,57 @@ def sendPolicyHtml( ):
        print '    </TD>'
        print '  </TR>'
 
+       # Separator
+       print '  <TR>'
+       print '    <TD>'
+       print '      <HR>'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Policy Labels (vms)
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="100%">'
+       print '        </COLGROUP>'
+       print '        <TR>'
+       print '          <TD>'
+       sendPLSubHtml( )
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Separator
+       print '  <TR>'
+       print '    <TD>'
+       print '      <HR>'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Policy Labels (resources)
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="100%">'
+       print '        </COLGROUP>'
+       print '        <TR>'
+       print '          <TD>'
+       sendPLObjHtml( )
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+
        print '</TABLE>'
+
+       # Send some data that needs to be available across sessions
+       sendHtmlFormVar( formVmNameDom0 )
+
        print '</FORM>'
        print '</CENTER>'
 
@@ -733,8 +1165,8 @@ def sendHtmlHead( ):
        print '<!--'
        print 'BODY            {background-color: #EEEEFF;}'
        print 'TABLE.container {width:  90%; border: 1px solid black; 
border-collapse: seperate;}'
-       print 'TABLE.fullbox   {width: 100%; border: 1px solid black; 
border-collapse: collapse;}'
-       print 'TABLE.full      {width: 100%; border: 0px solid black; 
border-collapse: collapse;}'
+       print 'TABLE.full      {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
+       print 'TABLE.fullbox   {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
        print 'THEAD           {font-weight: bold; font-size: larger;}'
        print 'TD              {border: 0px solid black; vertical-align: top;}'
        print 'TD.heading      {border: 0px solid black; vertical-align: top; 
font-weight: bold; font-size: larger;}'
@@ -752,7 +1184,8 @@ def sendHtmlHead( ):
        print '</HEAD>'
 
 def sendPHeaderHtml( ):
-       global formPolicyName, formPolicyDate, formPolicyOrder, formPolicyUpdate
+       global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, 
formPolicyNSUrl
+       global formPolicyOrder, formPolicyUpdate
 
        # Policy header definition
        print '<TABLE class="full">'
@@ -770,12 +1203,30 @@ def sendPHeaderHtml( ):
        print '    </TD>'
        print '  </TR>'
        print '  <TR>'
+       print '    <TD align="right">Url:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyUrl, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Reference:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyRef, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
        print '    <TD align="right">Date:</TD>'
        print '    <TD align="left">'
        sendHtmlFormVar( formPolicyDate, 'class="full"' )
        print '    </TD>'
        print '  </TR>'
        print '  <TR>'
+       print '    <TD align="right">NameSpace URL:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyNSUrl, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
        print '    <TD align="right">Primary Policy:</TD>'
        print '    <TD align="left">'
        sendHtmlFormVar( formPolicyOrder )
@@ -983,76 +1434,397 @@ def sendPChWallHtml( ):
 
        print '</TABLE>'
 
-def checkXmlData( ):
-       global xmlIncomplete
-
-       # Validate the Policy Header requirements
-       if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
-               if ( len( formPolicyName[1] ) == 0 ) or ( len( 
formPolicyDate[1] ) == 0 ):
-                       msg = ''
-                       msg = msg + 'The XML policy schema requires that the 
Policy '
-                       msg = msg + 'Information Name and Date fields both have 
values '
-                       msg = msg + 'or both not have values.'
-                       formatXmlGenError( msg )
-
-       if formPolicyOrder[1] == 'v_ChWall':
-               if len( formChWallTypes[1] ) == 0:
-                       msg = ''
-                       msg = msg + 'You have specified the primary policy to 
be '
-                       msg = msg + 'Chinese Wall but have not created any 
Chinese '
-                       msg = msg + 'Wall types.  Please create some Chinese 
Wall '
-                       msg = msg + 'types or change the primary policy.'
-                       formatXmlGenError( msg )
-
-       if formPolicyOrder[1] == 'v_Ste':
-               if len( formSteTypes[1] ) == 0:
-                       msg = ''
-                       msg = msg + 'You have specified the primary policy to 
be '
-                       msg = msg + 'Simple Type Enforcement but have not 
created '
-                       msg = msg + 'any Simple Type Enforcement types.  Please 
create '
-                       msg = msg + 'some Simple Type Enforcement types or 
change the '
-                       msg = msg + 'primary policy.'
-                       formatXmlGenError( msg )
-
-       # Validate the Chinese Wall required data
-       if len( formChWallTypes[1] ) > 0:
-               if len( formCSNames[1] ) == 0:
-                       msg = ''
-                       msg = msg + 'The XML policy schema for the Chinese Wall 
'
-                       msg = msg + 'requires at least one Conflict Set be 
defined.'
-                       formatXmlGenError( msg )
-
-def sendXmlHeaders( ):
-       # HTML headers
-       print 'Content-Type: text/xml'
-       print 'Content-Disposition: attachment; filename=security_policy.xml'
-       print
-
-def sendPolicyXml( ):
-       print '<?xml version="1.0"?>'
-
-       print '<SecurityPolicyDefinition xmlns="http://www.ibm.com";'
-       print '                          
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";'
-       print '                          xsi:schemaLocation="http://www.ibm.com 
security_policy.xsd">'
-
-       # Policy header
-       sendPHeaderXml( )
-
-       # Policy (types)
-       sendPSteXml( )
-       sendPChWallXml( )
+def sendPLSubHtml( ):
+       global formVmNames, formVmDel, formVmName, formVmAdd
+       global allVmDel, allVmDom0
+       global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd
+       global allVmStes, allVmSteDel, allVmSte, allVmSteAdd
+       global formSteTypes, formChWallTypes
 
-       print '</SecurityPolicyDefinition>'
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="100%">'
+       print '  </COLGROUP>'
+
+       # Virtual Machines...
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="10%">'
+       print '          <COL width="40%">'
+       print '          <COL width="50%">'
+       print '        </COLGROUP>'
+       print '        <TR>'
+       print '          <TD class="heading" align="center" colspan="3">Virtual 
Machine Classes</TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD colspan="2">'
+       sendHtmlFormVar( formVmName, 'class="full"' )
+       sendHtmlFormVar( formVmNames )
+       print '          </TD>'
+       print '          <TD>&nbsp;</TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formVmAdd, 'class="full"' )
+       print '          </TD>'
+       print '          <TD colspan="2">'
+       print '            Create a new VM class with the above name'
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+       if len( formVmNames[1] ) > 0:
+               print '  <TR>'
+               print '    <TD colspan="1">'
+               print '      &nbsp;'
+               print '    </TD>'
+               print '  </TR>'
+               print '  <TR>'
+               print '    <TD>'
+               print '      <TABLE class="fullbox">'
+               print '        <COLGROUP>'
+               print '          <COL width="10%">'
+               print '          <COL width="40%">'
+               print '          <COL width="50%">'
+               print '        </COLGROUP>'
+               print '        <THEAD>'
+               print '          <TR>'
+               print '            <TD class="fullbox">Dom 0?</TD>'
+               print '            <TD class="fullbox">Name</TD>'
+               print '            <TD class="fullbox">Actions</TD>'
+               print '          </TR>'
+               print '        </THEAD>'
+               for i, vmName in enumerate( formVmNames[1] ):
+                       print '        <TR>'
+                       print '          <TD class="fullbox">'
+                       if formVmNameDom0[1] == vmName:
+                               print 'Yes'
+                       else:
+                               print '&nbsp;'
+                       print '          </TD>'
+                       print '          <TD class="fullbox">' + vmName + 
'</TD>'
+                       print '          <TD class="fullbox">'
+                       print '            <A href="#' + vmName + '">Edit</A>'
+                       formVar = allVmDel[vmName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       formVar = allVmDom0[vmName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       print '          </TD>'
+                       print '        </TR>'
+               print '      </TABLE>'
+               print '    </TD>'
+               print '  </TR>'
+               for vmName in formVmNames[1]:
+                       print '  <TR>'
+                       print '    <TD>'
+                       print '      <HR>'
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD>'
+                       print '      <TABLE class="full">'
+                       print '        <COLGROUP>'
+                       print '          <COL width="10%">'
+                       print '          <COL width="39%">'
+                       print '          <COL width="2%">'
+                       print '          <COL width="10%">'
+                       print '          <COL width="39%">'
+                       print '        </COLGROUP>'
+                       print '        <TR>'
+                       print '          <TD colspan="5" align="center" 
class="heading">'
+                       print '            <A name="' + vmName + '">Virtual 
Machine Class: ' + vmName + '</A>'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2" align="center">Simple 
Type Enforcement Types</TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2" align="center">Chinese 
Wall Types</TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2">'
+                       formVar = allVmStes[vmName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2">'
+                       formVar = allVmChWs[vmName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD>'
+                       formVar = allVmSteDel[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Delete the type(s) selected above'
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD>'
+                       formVar = allVmChWDel[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Delete the type(s) selected above'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2">'
+                       stSet = Set( formSteTypes[1] )
+                       vmSet = Set( allVmStes[vmName][1] )
+                       formVar = allVmSte[vmName]
+                       formVar[1] = []
+                       for steType in stSet.difference( vmSet ):
+                               formVar[1].append( steType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2">'
+                       ctSet = Set( formChWallTypes[1] )
+                       vmSet = Set( allVmChWs[vmName][1] )
+                       formVar = allVmChW[vmName]
+                       formVar[1] = []
+                       for chwallType in ctSet.difference( vmSet ):
+                               formVar[1].append( chwallType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD>'
+                       formVar = allVmSteAdd[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Add the type(s) selected above'
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD>'
+                       formVar = allVmChWAdd[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Add the type(s) selected above'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '      </TABLE>'
+                       print '    </TD>'
+                       print '  </TR>'
+
+       print '</TABLE>'
+
+def sendPLObjHtml( ):
+       global formResNames, formResDel, formResName, formResAdd
+       global allResDel
+       global allResStes, allResSteDel, allResSte, allResSteAdd
+       global formSteTypes, formChWallTypes
+
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="100%">'
+       print '  </COLGROUP>'
+
+       # Resources...
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="10%">'
+       print '          <COL width="40%">'
+       print '          <COL width="50%">'
+       print '        </COLGROUP>'
+       print '        <TR>'
+       print '          <TD class="heading" align="center" 
colspan="3">Resource Classes</TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD colspan="2">'
+       sendHtmlFormVar( formResName, 'class="full"' )
+       sendHtmlFormVar( formResNames )
+       print '          </TD>'
+       print '          <TD>&nbsp;</TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formResAdd, 'class="full"' )
+       print '          </TD>'
+       print '          <TD colspan="2">'
+       print '            Create a new Resource class with the above name'
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+       if len( formResNames[1] ) > 0:
+               print '  <TR>'
+               print '    <TD colspan="1">'
+               print '      &nbsp;'
+               print '    </TD>'
+               print '  </TR>'
+               print '  <TR>'
+               print '    <TD>'
+               print '      <TABLE class="fullbox">'
+               print '        <COLGROUP>'
+               print '          <COL width="50%">'
+               print '          <COL width="50%">'
+               print '        </COLGROUP>'
+               print '        <THEAD>'
+               print '          <TR>'
+               print '            <TD class="fullbox">Name</TD>'
+               print '            <TD class="fullbox">Actions</TD>'
+               print '          </TR>'
+               print '        </THEAD>'
+               for i, resName in enumerate( formResNames[1] ):
+                       print '        <TR>'
+                       print '          <TD class="fullbox">' + resName + 
'</TD>'
+                       print '          <TD class="fullbox">'
+                       print '            <A href="#' + resName + '">Edit</A>'
+                       formVar = allResDel[resName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       print '          </TD>'
+                       print '        </TR>'
+               print '      </TABLE>'
+               print '    </TD>'
+               print '  </TR>'
+               for resName in formResNames[1]:
+                       print '  <TR>'
+                       print '    <TD>'
+                       print '      <HR>'
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD>'
+                       print '      <TABLE class="full">'
+                       print '        <COLGROUP>'
+                       print '          <COL width="10%">'
+                       print '          <COL width="90%">'
+                       print '        </COLGROUP>'
+                       print '        <TR>'
+                       print '          <TD colspan="2" align="center" 
class="heading">'
+                       print '            <A name="' + resName + '">Resource 
Class: ' + resName + '</A>'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2" align="center">Simple 
Type Enforcement Types</TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2">'
+                       formVar = allResStes[resName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD>'
+                       formVar = allResSteDel[resName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Delete the type(s) selected above'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2">'
+                       stSet = Set( formSteTypes[1] )
+                       resSet = Set( allResStes[resName][1] )
+                       formVar = allResSte[resName]
+                       formVar[1] = []
+                       for steType in stSet.difference( resSet ):
+                               formVar[1].append( steType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD>'
+                       formVar = allResSteAdd[resName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Add the type(s) selected above'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '      </TABLE>'
+                       print '    </TD>'
+                       print '  </TR>'
+
+       print '</TABLE>'
+
+def checkXmlData( ):
+       global xmlIncomplete
+       global formPolicyName, formPolicyOrder
+       global formChWallTypes, formSteTypes, formCSNames
+
+       # Validate the Policy Header requirements
+       if ( len( formPolicyName[1] ) == 0 ):
+               msg = ''
+               msg = msg + 'The XML policy schema requires that the Policy '
+               msg = msg + 'Information Name field have a value.'
+               formatXmlGenError( msg )
+
+       if formPolicyOrder[1] == 'v_ChWall':
+               if len( formChWallTypes[1] ) == 0:
+                       msg = ''
+                       msg = msg + 'You have specified the primary policy to 
be '
+                       msg = msg + 'Chinese Wall but have not created any 
Chinese '
+                       msg = msg + 'Wall types.  Please create some Chinese 
Wall '
+                       msg = msg + 'types or change the primary policy.'
+                       formatXmlGenError( msg )
+
+       if formPolicyOrder[1] == 'v_Ste':
+               if len( formSteTypes[1] ) == 0:
+                       msg = ''
+                       msg = msg + 'You have specified the primary policy to 
be '
+                       msg = msg + 'Simple Type Enforcement but have not 
created '
+                       msg = msg + 'any Simple Type Enforcement types.  Please 
create '
+                       msg = msg + 'some Simple Type Enforcement types or 
change the '
+                       msg = msg + 'primary policy.'
+                       formatXmlGenError( msg )
+
+def sendXmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/xml'
+       print 'Content-Disposition: attachment; filename=security_policy.xml'
+       print
+
+def sendPolicyXml( ):
+       print '<?xml version="1.0"?>'
+
+       print '<SecurityPolicyDefinition xmlns="http://www.ibm.com";'
+       print '                          
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";'
+       print '                          xsi:schemaLocation="http://www.ibm.com 
security_policy.xsd">'
+
+       # Policy header
+       sendPHeaderXml( )
+
+       # Policy (types)
+       sendPSteXml( )
+       sendPChWallXml( )
+
+       # Policy Labels (subjects and objects)
+       print '<SecurityLabelTemplate>'
+       sendPLSubXml( )
+       sendPLObjXml( )
+       print '</SecurityLabelTemplate>'
+       print '</SecurityPolicyDefinition>'
 
 def sendPHeaderXml( ):
-       global formPolicyName, formPolicyDate
+       global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, 
formPolicyNSUrl
 
        # Policy header definition
-       if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
-               print '<PolicyHeader>'
-               print '  <Name>' + formPolicyName[1] + '</Name>'
+       print '<PolicyHeader>'
+       print '  <PolicyName>' + formPolicyName[1] + '</PolicyName>'
+       if len( formPolicyUrl[1] ) > 0:
+               print '  <PolicyUrl>' + formPolicyUrl[1] + '</PolicyUrl>'
+       if len( formPolicyRef[1] ) > 0:
+               print '  <Reference>' + formPolicyRef[1] + '</Reference>'
+       if len( formPolicyDate[1] ) > 0:
                print '  <Date>' + formPolicyDate[1] + '</Date>'
-               print '</PolicyHeader>'
+       if len( formPolicyNSUrl[1] ) > 0:
+               print '  <NameSpaceUrl>' + formPolicyNSUrl[1] + 
'</NameSpaceUrl>'
+       print '</PolicyHeader>'
 
 def sendPSteXml( ):
        global formPolicyOrder, formSteTypes
@@ -1091,20 +1863,72 @@ def sendPChWallXml( ):
                print '    <Type>' + chWallType + '</Type>'
        print '  </ChineseWallTypes>'
 
-       # Chinese Wall Conflict Sets...
-       print '  <ConflictSets>'
-       for cs in formCSNames[1]:
-               formVar = allCSMTypes[cs]
-               if len( formVar[1] ) == 0:
-                       continue
-               print '    <Conflict name="' + cs + '">'
-               for csm in formVar[1]:
-                       print '      <Type>' + csm + '</Type>'
-               print '    </Conflict>'
-       print '  </ConflictSets>'
+       # Chinese Wall Conflict Sets (if any) ...
+       if len( formCSNames[1] ) > 0:
+               print '  <ConflictSets>'
+               for cs in formCSNames[1]:
+                       formVar = allCSMTypes[cs]
+                       if len( formVar[1] ) == 0:
+                               continue
+                       print '    <Conflict name="' + cs + '">'
+                       for csm in formVar[1]:
+                               print '      <Type>' + csm + '</Type>'
+                       print '    </Conflict>'
+               print '  </ConflictSets>'
 
        print '</ChineseWall>'
 
+def sendPLSubXml( ):
+       global formVmNames, allVmChWs, allVmStes
+
+       # Virtual machines...
+       if len( formVmNames[1] ) == 0:
+               return
+
+       print '  <SubjectLabels bootstrap="' + formVmNameDom0[1] + '">'
+       for vmName in formVmNames[1]:
+               print '    <VirtualMachineLabel>'
+               print '      <Name>' + vmName + '</Name>'
+               formVar = allVmStes[vmName]
+               if len( formVar[1] ) > 0:
+                       print '      <SimpleTypeEnforcementTypes>'
+                       for ste in formVar[1]:
+                               print '      <Type>' + ste + '</Type>'
+                       print '      </SimpleTypeEnforcementTypes>'
+
+               formVar = allVmChWs[vmName]
+               if len( formVar[1] ) > 0:
+                       print '      <ChineseWallTypes>'
+                       for chw in formVar[1]:
+                               print '        <Type>' + chw + '</Type>'
+                       print '      </ChineseWallTypes>'
+
+               print '    </VirtualMachineLabel>'
+
+       print '  </SubjectLabels>'
+
+def sendPLObjXml( ):
+       global formResNames, allResStes
+
+       # Resources...
+       if len( formResNames[1] ) == 0:
+               return
+
+       print '  <ObjectLabels>'
+       for resName in formResNames[1]:
+               print '    <ResourceLabel>'
+               print '      <Name>' + resName + '</Name>'
+               formVar = allResStes[resName]
+               if len( formVar[1] ) > 0:
+                       print '      <SimpleTypeEnforcementTypes>'
+                       for ste in formVar[1]:
+                               print '        <Type>' + ste + '</Type>'
+                       print '      </SimpleTypeEnforcementTypes>'
+
+               print '    </ResourceLabel>'
+
+       print '  </ObjectLabels>'
+
 
 # Set up initial HTML variables
 headTitle = 'Xen Policy Generation'
@@ -1125,6 +1949,20 @@ formPolicyName    = [ 'text',
                        '',
                        '',
                    ]
+formPolicyUrl     = [ 'text',
+                       '',
+                       'h_policyUrl',
+                       'i_policyUrl',
+                       '',
+                       '',
+                       ]
+formPolicyRef    = [ 'text',
+                       '',
+                       'h_policyRef',
+                       'i_policyRef',
+                       '',
+                       '',
+                       ]
 formPolicyDate    = [ 'text',
                        getCurrentTime( ),
                        'h_policyDate',
@@ -1132,6 +1970,13 @@ formPolicyDate    = [ 'text',
                        '',
                        '',
                    ]
+formPolicyNSUrl   = [ 'text',
+                       '',
+                       'h_policyNSUrl',
+                       'i_policyNSUrl',
+                       '',
+                       '',
+                       ]
 formPolicyOrder   = [ 'radiobutton-all',
                        'v_ChWall',
                        'h_policyOrder',
@@ -1289,13 +2134,218 @@ allCSMDel         = {};
 allCSMType        = {};
 allCSMAdd         = {};
 
+formVmNames       = [ '',
+                       [],
+                       'h_vmNames',
+                       '',
+                       '',
+                       '',
+                   ]
+formVmDel         = [ 'button',
+                       '',
+                       '',
+                       'i_vmDel',
+                       'Delete',
+                       '',
+                   ]
+formVmName        = [ 'text',
+                       '',
+                       '',
+                       'i_vmName',
+                       '',
+                       '',
+                   ]
+formVmAdd         = [ 'button',
+                       '',
+                       '',
+                       'i_vmAdd',
+                       'New',
+                       '',
+                   ]
+
+formVmNameDom0    = [ '',
+                       '',
+                       'h_vmDom0',
+                       '',
+                       '',
+                       '',
+                   ]
+
+# This is a set of templates used for each virtual machine
+#   Each virtual machine is initially assigned these templates,
+#   then each form attribute value is changed to append
+#   "_virtual-machine-name" for uniqueness.
+templateVmDel     = [ 'button',
+                       '',
+                       '',
+                       'i_vmDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmDom0    = [ 'button',
+                       '',
+                       '',
+                       'i_vmDom0',
+                       'SetDom0',
+                       '',
+                   ]
+allVmDel          = {};
+allVmDom0         = {};
+
+templateVmChWs    = [ 'list',
+                       [],
+                       'h_vmChWs',
+                       'i_vmChWs',
+                       '',
+                       '',
+                   ]
+templateVmChWDel  = [ 'button',
+                       '',
+                       '',
+                       'i_vmChWDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmChW     = [ 'list',
+                       [],
+                       '',
+                       'i_vmChW',
+                       '',
+                       '',
+                   ]
+templateVmChWAdd  = [ 'button',
+                       '',
+                       '',
+                       'i_vmChWAdd',
+                       'Add',
+                       '',
+                   ]
+allVmChWs         = {};
+allVmChWDel       = {};
+allVmChW          = {};
+allVmChWAdd       = {};
+
+templateVmStes    = [ 'list',
+                       [],
+                       'h_vmStes',
+                       'i_vmStes',
+                       '',
+                       '',
+                   ]
+templateVmSteDel  = [ 'button',
+                       '',
+                       '',
+                       'i_vmSteDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmSte     = [ 'list',
+                       [],
+                       '',
+                       'i_vmSte',
+                       '',
+                       '',
+                   ]
+templateVmSteAdd  = [ 'button',
+                       '',
+                       '',
+                       'i_vmSteAdd',
+                       'Add',
+                       '',
+                   ]
+allVmStes         = {};
+allVmSteDel       = {};
+allVmSte          = {};
+allVmSteAdd       = {};
+
+formResNames      = [ '',
+                       [],
+                       'h_resNames',
+                       '',
+                       '',
+                       '',
+                   ]
+formResDel        = [ 'button',
+                       '',
+                       '',
+                       'i_resDel',
+                       'Delete',
+                       '',
+                   ]
+formResName       = [ 'text',
+                       '',
+                       '',
+                       'i_resName',
+                       '',
+                       '',
+                   ]
+formResAdd        = [ 'button',
+                       '',
+                       '',
+                       'i_resAdd',
+                       'New',
+                       '',
+                   ]
+
+# This is a set of templates used for each resource
+#   Each resource is initially assigned these templates,
+#   then each form attribute value is changed to append
+#   "_resource-name" for uniqueness.
+templateResDel    = [ 'button',
+                       '',
+                       '',
+                       'i_resDel',
+                       'Delete',
+                       '',
+                   ]
+allResDel         = {};
+
+templateResStes   = [ 'list',
+                       [],
+                       'h_resStes',
+                       'i_resStes',
+                       '',
+                       '',
+                   ]
+templateResSteDel = [ 'button',
+                       '',
+                       '',
+                       'i_resSteDel',
+                       'Delete',
+                       '',
+                   ]
+templateResSte    = [ 'list',
+                       [],
+                       '',
+                       'i_resSte',
+                       '',
+                       '',
+                   ]
+templateResSteAdd = [ 'button',
+                       '',
+                       '',
+                       'i_resSteAdd',
+                       'Add',
+                       '',
+                   ]
+allResStes        = {};
+allResSteDel      = {};
+allResSte         = {};
+allResSteAdd      = {};
+
 # A list of all form variables used for saving info across requests
 formVariables     = [ formPolicyName,
+                       formPolicyUrl,
+                       formPolicyRef,
                        formPolicyDate,
+                       formPolicyNSUrl,
                        formPolicyOrder,
                        formSteTypes,
                        formChWallTypes,
                        formCSNames,
+                       formVmNames,
+                       formVmNameDom0,
+                       formResNames,
                    ]
 
 policyXml         = ''
Index: 
xen-unstable.hg-shype/tools/security/python/xensec_gen/cgi-bin/policylabel.cgi
===================================================================
--- 
xen-unstable.hg-shype.orig/tools/security/python/xensec_gen/cgi-bin/policylabel.cgi
+++ /dev/null
@@ -1,1396 +0,0 @@
-#!/usr/bin/python
-#
-# The Initial Developer of the Original Code is International
-# Business Machines Corporation. Portions created by IBM
-# Corporation are Copyright (C) 2005 International Business
-# Machines Corporation. All Rights Reserved.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License,
-# or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-
-import os
-import cgi
-import cgitb; cgitb.enable( )
-import time
-import xml.dom.minidom
-import xml.sax
-import xml.sax.handler
-from StringIO import StringIO
-from sets import Set
-
-def getSavedData( ):
-       global formData, policyXml, policyLabelXml
-       global formVariables, formVmNames
-       global allVmChWs, allVmStes
-
-       # Process the XML upload policy file
-       if formData.has_key( 'i_policy' ):
-               dataList = formData.getlist( 'i_policy' )
-               if len( dataList ) > 0:
-                       policyXml = dataList[0].strip( )
-
-       # The XML upload policy file must be specified at the start
-       if formData.has_key( 'i_policyLabelCreate' ):
-               if policyXml == '':
-                       msg = ''
-                       msg = msg + 'A Policy file was not supplied.  A Policy 
file '
-                       msg = msg + 'must be supplied in order to successfully 
create '
-                       msg = msg + 'a Policy Labeling file.'
-                       formatXmlError( msg )
-
-       # Process the XML upload policy label file
-       if formData.has_key( 'i_policyLabel' ):
-               dataList = formData.getlist( 'i_policyLabel' )
-               if len( dataList ) > 0:
-                       policyLabelXml = dataList[0].strip( )
-
-       # Process all the hidden input variables (if present)
-       for formVar in formVariables:
-               if formVar[2] == '':
-                       continue
-
-               if formData.has_key( formVar[2] ):
-                       dataList = formData.getlist( formVar[2] )
-                       if len( dataList ) > 0:
-                               if isinstance( formVar[1], list ):
-                                       exec 'formVar[1] = ' + dataList[0]
-                               else:
-                                       formVar[1] = dataList[0]
-
-       # The form can contain any number of "Virtual Machines"
-       #   so update the list of form variables to include
-       #   each virtual machine (hidden input variable)
-       for vmName in formVmNames[1]:
-               newVm( vmName )
-
-               vmFormVar = allVmChWs[vmName]
-               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
-                       dataList = formData.getlist( vmFormVar[2] )
-                       if len( dataList ) > 0:
-                               if isinstance( vmFormVar[1], list ):
-                                       exec 'vmFormVar[1] = ' + dataList[0]
-                               else:
-                                       vmFormVar[1] = dataList[0]
-
-               vmFormVar = allVmStes[vmName]
-               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
-                       dataList = formData.getlist( vmFormVar[2] )
-                       if len( dataList ) > 0:
-                               if isinstance( vmFormVar[1], list ):
-                                       exec 'vmFormVar[1] = ' + dataList[0]
-                               else:
-                                       vmFormVar[1] = dataList[0]
-
-def getCurrentTime( ):
-       return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
-
-def getName( domNode ):
-       nameNodes = domNode.getElementsByTagName( 'Name' )
-       if len( nameNodes ) == 0:
-               formatXmlError( '"<Name>" tag is missing' )
-               return None
-
-       name = ''
-       for childNode in nameNodes[0].childNodes:
-               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
-                       name = name + childNode.data
-
-       return name
-
-def getDate( domNode ):
-       dateNodes = domNode.getElementsByTagName( 'Date' )
-       if len( dateNodes ) == 0:
-               formatXmlError( '"<Date>" tag is missing' )
-               return None
-
-       date = ''
-       for childNode in dateNodes[0].childNodes:
-               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
-                       date = date + childNode.data
-
-       return date
-
-def getDefUrl( domNode ):
-       domNodes = domNode.getElementsByTagName( 'PolicyName' )
-       if len( domNodes ) == 0:
-               formatXmlError( '"<PolicyName>" tag is missing' )
-               return None
-
-       urlNodes = domNode.getElementsByTagName( 'Url' )
-       if len( urlNodes ) == 0:
-               formatXmlError( '"<Url>" tag is missing' )
-               return None
-
-       url = ''
-       for childNode in urlNodes[0].childNodes:
-               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
-                       url = url + childNode.data
-
-       return url
-
-def getDefRef( domNode ):
-       domNodes = domNode.getElementsByTagName( 'PolicyName' )
-       if len( domNodes ) == 0:
-               formatXmlError( '"<PolicyName>" tag is missing' )
-               return None
-
-       refNodes = domNode.getElementsByTagName( 'Reference' )
-       if len( refNodes ) == 0:
-               formatXmlError( '"<Reference>" tag is missing' )
-               return None
-
-       ref = ''
-       for childNode in refNodes[0].childNodes:
-               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
-                       ref = ref + childNode.data
-
-       return ref
-
-def getSteTypes( domNode, missingIsError = 0 ):
-       steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
-       if len( steNodes ) == 0:
-               if missingIsError == 1:
-                       formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is 
missing' )
-                       return None
-               else:
-                       return []
-
-       return getTypes( steNodes[0] )
-
-def getChWTypes( domNode, missingIsError = 0 ):
-       chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
-       if len( chwNodes ) == 0:
-               if missingIsError == 1:
-                       formatXmlError( '"<ChineseWallTypes>" tag is missing' )
-                       return None
-               else:
-                       return []
-
-       return getTypes( chwNodes[0] )
-
-def getTypes( domNode ):
-       types = []
-
-       domNodes = domNode.getElementsByTagName( 'Type' )
-       if len( domNodes ) == 0:
-               formatXmlError( '"<Type>" tag is missing' )
-               return None
-
-       for domNode in domNodes:
-               typeText = ''
-               for childNode in domNode.childNodes:
-                       if childNode.nodeType == xml.dom.Node.TEXT_NODE:
-                               typeText = typeText + childNode.data
-
-               if typeText == '':
-                       formatXmlError( 'No text associated with the "<Type>" 
tag' )
-                       return None
-
-               types.append( typeText )
-
-       return types
-
-def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
-       global xmlMessages, xmlError
-
-       xmlError = 1
-       addMsg = cgi.escape( msg )
-
-       if lineNum != -1:
-               sio = StringIO( xml )
-               for xmlLine in sio:
-                       lineNum = lineNum - 1
-                       if lineNum == 0:
-                               break;
-
-               addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )
-
-               if colNum != -1:
-                       errLine = ''
-                       for i in range( colNum ):
-                               errLine = errLine + '-'
-
-                       addMsg += '\n' + errLine + '^'
-
-               addMsg += '</PRE>'
-
-       xmlMessages.append( addMsg )
-
-def formatXmlGenError( msg ):
-       global xmlMessages, xmlIncomplete
-
-       xmlIncomplete = 1
-       xmlMessages.append( cgi.escape( msg ) )
-
-def parseXml( xmlInput ):
-       global xmlMessages, xmlError, xmlLine, xmlColumn
-
-       xmlParser  = xml.sax.make_parser( )
-       try:
-               domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
-
-       except xml.sax.SAXParseException, xmlErr:
-               msg = ''
-               msg = msg + 'XML parsing error occurred at line '
-               msg = msg + `xmlErr.getLineNumber( )`
-               msg = msg + ', column '
-               msg = msg + `xmlErr.getColumnNumber( )`
-               msg = msg + ': reason = "'
-               msg = msg + xmlErr.getMessage( )
-               msg = msg + '"'
-               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
-               return None
-
-       except xml.sax.SAXException, xmlErr:
-               msg = ''
-               msg = msg + 'XML Parsing error: ' + `xmlErr`
-               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
-               return None
-
-       return domDoc
-
-def parsePolicyXml( ):
-       global policyXml
-       global formSteTypes, formChWallTypes
-
-       domDoc = parseXml( policyXml )
-       if domDoc == None:
-               return
-
-       domRoot  = domDoc.documentElement
-       domNodes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
-       if len( domNodes ) > 0:
-               steTypes = getSteTypes( domNodes[0], 1 )
-               if steTypes == None:
-                       msg = ''
-                       msg = msg + 'Error processing the SimpleTypeEnforcement 
types.\n'
-                       msg = msg + 'Please validate the Policy Definition file 
used.'
-                       formatXmlError( msg )
-                       return
-
-               formSteTypes[1] = steTypes
-
-       domNodes = domRoot.getElementsByTagName( 'ChineseWall' )
-       if len( domNodes ) > 0:
-               chwTypes = getChWTypes( domNodes[0], 1 )
-               if chwTypes == None:
-                       msg = ''
-                       msg = msg + 'Error processing the ChineseWall types.\n'
-                       msg = msg + 'Please validate the Policy Definition file 
used.'
-                       formatXmlError( msg )
-                       return
-
-               formChWallTypes[1] = chwTypes
-
-def parsePolicyLabelXml( ):
-       global policyLabelXml
-
-       domDoc = parseXml( policyLabelXml )
-       if domDoc == None:
-               return
-
-       domRoot     = domDoc.documentElement
-       domHeaders = domRoot.getElementsByTagName( 'LabelHeader' )
-       if len( domHeaders ) == 0:
-               msg = ''
-               msg = msg + '"<LabelHeader>" tag is missing.\n'
-               msg = msg + 'Please validate the Policy Labeling file used.'
-               formatXmlError( msg )
-               return
-
-       pName = getName( domHeaders[0] )
-       if pName == None:
-               msg = ''
-               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
-               msg = msg + 'Please validate the Policy Labeling file used.'
-               formatXmlError( msg )
-               return
-
-       formPolicyLabelName[1] = pName
-
-       pDate = getDate( domHeaders[0] )
-       if pDate == None:
-               msg = ''
-               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
-               msg = msg + 'Please validate the Policy Labeling file used.'
-               formatXmlError( msg )
-               return
-
-       formPolicyLabelDate[1] = pDate
-
-       pUrl = getDefUrl( domHeaders[0] )
-       if pUrl == None:
-               msg = ''
-               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
-               msg = msg + 'Please validate the Policy Labeling file used.'
-               formatXmlError( msg )
-               return
-
-       formPolicyUrl[1] = pUrl
-
-       pRef = getDefRef( domHeaders[0] )
-       if pRef == None:
-               msg = ''
-               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
-               msg = msg + 'Please validate the Policy Labeling file used.'
-               formatXmlError( msg )
-               return
-
-       formPolicyRef[1] = pRef
-
-       domSubjects = domRoot.getElementsByTagName( 'SubjectLabels' )
-       if len( domSubjects ) > 0:
-               formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' )
-               domNodes = domSubjects[0].getElementsByTagName( 
'VirtualMachineLabel' )
-               for domNode in domNodes:
-                       vmName = getName( domNode )
-                       if vmName == None:
-                               msg = ''
-                               msg = msg + 'Error processing the 
VirtualMachineLabel name.\n'
-                               msg = msg + 'Please validate the Policy 
Labeling file used.'
-                               formatXmlError( msg )
-                               continue
-
-                       steTypes = getSteTypes( domNode )
-                       if steTypes == None:
-                               msg = ''
-                               msg = msg + 'Error processing the 
SimpleTypeEnforcement types.\n'
-                               msg = msg + 'Please validate the Policy 
Labeling file used.'
-                               formatXmlError( msg )
-                               return
-
-                       chwTypes = getChWTypes( domNode )
-                       if chwTypes == None:
-                               msg = ''
-                               msg = msg + 'Error processing the ChineseWall 
types.\n'
-                               msg = msg + 'Please validate the Policy 
Labeling file used.'
-                               formatXmlError( msg )
-                               return
-
-                       newVm( vmName, 1 )
-                       allVmStes[vmName][1] = steTypes
-                       allVmChWs[vmName][1] = chwTypes
-
-def removeDups( curList ):
-       newList = []
-       curSet  = Set( curList )
-       for x in curSet:
-               newList.append( x )
-       newList.sort( )
-
-       return newList
-
-def newVm( vmName, addToList = 0 ):
-       global formVmNames
-       global templateVmDel, allVmDel, templateVmDom0, allVmDom0
-       global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd
-       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
-       global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd
-       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
-
-       # Make sure we have an actual name and check one of the 'all'
-       # variables to be sure it hasn't been previously defined
-       if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )):
-               vmSuffix = '_' + vmName
-               allVmDom0[vmName]   = modFormTemplate( templateVmDom0,   
vmSuffix )
-               allVmDel[vmName]    = modFormTemplate( templateVmDel,    
vmSuffix )
-               allVmChWs[vmName]   = modFormTemplate( templateVmChWs,   
vmSuffix )
-               allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, 
vmSuffix )
-               allVmChW[vmName]    = modFormTemplate( templateVmChW,    
vmSuffix )
-               allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, 
vmSuffix )
-               allVmStes[vmName]   = modFormTemplate( templateVmStes,   
vmSuffix )
-               allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, 
vmSuffix )
-               allVmSte[vmName]    = modFormTemplate( templateVmSte,    
vmSuffix )
-               allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, 
vmSuffix )
-               if addToList == 1:
-                       formVmNames[1].append( vmName )
-                       formVmNames[1] = removeDups( formVmNames[1] )
-
-def updateInfo( ):
-       global formData, formPolicyLabelName, formPolicyLabelDate
-       global formPolicyUrl, formPolicyRef
-
-       if formData.has_key( formPolicyLabelName[3] ):
-               formPolicyLabelName[1] = formData[formPolicyLabelName[3]].value
-       elif formData.has_key( formPolicyLabelUpdate[3] ):
-               formPolicyLabelName[1] = ''
-
-       if formData.has_key( formPolicyLabelDate[3] ):
-               formPolicyLabelDate[1] = formData[formPolicyLabelDate[3]].value
-       elif formData.has_key( formPolicyLabelUpdate[3] ):
-               formPolicyLabelDate[1] = ''
-
-       if formData.has_key( formPolicyUrl[3] ):
-               formPolicyUrl[1] = formData[formPolicyUrl[3]].value
-       elif formData.has_key( formPolicyLabelUpdate[3] ):
-               formPolicyUrl[1] = ''
-
-       if formData.has_key( formPolicyRef[3] ):
-               formPolicyRef[1] = formData[formPolicyRef[3]].value
-       elif formData.has_key( formPolicyLabelUpdate[3] ):
-               formPolicyRef[1] = ''
-
-def addVm( ):
-       global formData, fromVmName, formVmNames, formVmNameDom0
-
-       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formVmAdd[3] )):
-               if formData.has_key( formVmName[3] ):
-                       vmName = formData[formVmName[3]].value
-                       vmName = vmName.strip( )
-                       newVm( vmName, 1 )
-                       if formVmNameDom0[1] == '':
-                               formVmNameDom0[1] = vmName
-
-def delVm( vmName ):
-       global formVmNames, formVmNameDom0
-       global allVmDel, allVmDom0
-       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
-       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
-
-       vmName = vmName.strip( )
-       formVmNames[1].remove( vmName )
-       del allVmDom0[vmName]
-       del allVmDel[vmName]
-       del allVmChWs[vmName]
-       del allVmChWDel[vmName]
-       del allVmChW[vmName]
-       del allVmChWAdd[vmName]
-       del allVmStes[vmName]
-       del allVmSteDel[vmName]
-       del allVmSte[vmName]
-       del allVmSteAdd[vmName]
-
-       if formVmNameDom0[1] == vmName:
-               if len( formVmNames[1] ) > 0:
-                       formVmNameDom0[1] = formVmNames[1][0]
-               else:
-                       formVmNameDom0[1] = ''
-
-def makeVmDom0( vmName ):
-       global formVmNameDom0
-
-       vmName = vmName.strip( )
-       formVmNameDom0[1] = vmName
-
-def addVmChW( chwName ):
-       global formData, allVmChW, allVmChWs
-
-       formVar = allVmChW[chwName]
-       if formData.has_key( formVar[3] ):
-               chwList = formData.getlist( formVar[3] )
-               formVar = allVmChWs[chwName]
-               for chw in chwList:
-                       chw = chw.strip( )
-                       formVar[1].append( chw )
-                       formVar[1] = removeDups( formVar[1] )
-
-def delVmChW( chwName ):
-       global formData, allVmChWs
-
-       formVar = allVmChWs[chwName]
-       if formData.has_key( formVar[3] ):
-               chwList = formData.getlist( formVar[3] )
-               for chw in chwList:
-                       chw = chw.strip( )
-                       formVar[1].remove( chw )
-
-def addVmSte( steName ):
-       global formData, allVmSte, allVmStes
-
-       formVar = allVmSte[steName]
-       if formData.has_key( formVar[3] ):
-               steList = formData.getlist( formVar[3] )
-               formVar = allVmStes[steName]
-               for ste in steList:
-                       ste = ste.strip( )
-                       formVar[1].append( ste )
-                       formVar[1] = removeDups( formVar[1] )
-
-def delVmSte( steName ):
-       global formData, allVmStes
-
-       formVar = allVmStes[steName]
-       if formData.has_key( formVar[3] ):
-               steList = formData.getlist( formVar[3] )
-               for ste in steList:
-                       ste = ste.strip( )
-                       formVar[1].remove( ste )
-
-def processRequest( ):
-       global formData, policyXml, policyLabelXml, formPolicyLabelUpdate
-       global formVmAdd
-       global formVmNames, allVmDel, allVmDom0
-       global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel
-
-       if policyXml != '':
-               parsePolicyXml( )
-
-       if policyLabelXml != '':
-               parsePolicyLabelXml( )
-
-       # Allow the updating of the header information whenever
-       # an action is performed
-       updateInfo( )
-
-       # Allow the adding of labels if the user has hit the
-       # enter key when attempting to add a type/set
-       addVm( )
-
-       for vmName in formVmNames[1]:
-               if formData.has_key( allVmDel[vmName][3] ):
-                       delVm( vmName )
-                       continue
-
-               if formData.has_key( allVmDom0[vmName][3] ):
-                       makeVmDom0( vmName )
-
-               if formData.has_key( allVmChWAdd[vmName][3] ):
-                       addVmChW( vmName )
-
-               elif formData.has_key( allVmChWDel[vmName][3] ):
-                       delVmChW( vmName )
-
-               elif formData.has_key( allVmSteAdd[vmName][3] ):
-                       addVmSte( vmName )
-
-               elif formData.has_key( allVmSteDel[vmName][3] ):
-                       delVmSte( vmName )
-
-def modFormTemplate( formTemplate, suffix ):
-       formVar = [x for x in formTemplate]
-
-       if formVar[2] != '':
-               formVar[2] = formVar[2] + suffix
-       if formVar[3] != '':
-               formVar[3] = formVar[3] + suffix
-       if (formVar[0] != 'button') and (formVar[4] != ''):
-               formVar[4] = formVar[4] + suffix
-
-       return formVar;
-
-def makeName( name, suffix='' ):
-       rName = name
-       if suffix != '':
-               rName = rName + '_' + suffix
-
-       return rName
-
-def makeNameAttr( name, suffix='' ):
-       return 'name="' + makeName( name, suffix ) + '"'
-
-def makeValue( value, suffix='' ):
-       rValue = value
-
-       if isinstance( value, list ):
-               rValue = '['
-               for val in value:
-                       rValue = rValue + '\'' + val
-                       if suffix != '':
-                               rValue = rValue + '_' + suffix
-                       rValue = rValue + '\','
-               rValue = rValue + ']'
-
-       else:
-               if suffix != '':
-                       rValue = rValue + '_' + suffix
-
-       return rValue
-
-def makeValueAttr( value, suffix='' ):
-       return 'value="' + makeValue( value, suffix ) + '"'
-
-def sendHtmlFormVar( formVar, attrs='', rb_select=0 ):
-       nameAttr  = ''
-       valueAttr = ''
-       htmlText  = ''
-
-       if formVar[0] == 'text':
-               if formVar[3] != '':
-                       nameAttr = makeNameAttr( formVar[3] )
-               valueAttr = makeValueAttr( formVar[1] )
-
-               print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>'
-
-       elif formVar[0] == 'list':
-               if formVar[3] != '':
-                       nameAttr = makeNameAttr( formVar[3] )
-
-               print '<SELECT', nameAttr, attrs, '>'
-               for option in formVar[1]:
-                       print '<OPTION>' + option + '</OPTION>'
-               print '</SELECT>'
-
-       elif formVar[0] == 'button':
-               if formVar[3] != '':
-                       nameAttr = makeNameAttr( formVar[3] )
-               if formVar[4] != '':
-                       valueAttr = makeValueAttr( formVar[4] )
-
-               print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>'
-
-       elif formVar[0] == 'radiobutton':
-               if formVar[3] != '':
-                       nameAttr  = makeNameAttr( formVar[3] )
-                       valueAttr = makeValueAttr( formVar[4][rb_select] )
-                       htmlText  = formVar[5][rb_select]
-                       if formVar[4][rb_select] == formVar[1]:
-                               checked = 'checked'
-                       else:
-                               checked = ''
-
-                       print '<INPUT type="radio"', nameAttr, valueAttr, 
attrs, checked, '>', htmlText
-
-       elif formVar[0] == 'radiobutton-all':
-               if formVar[3] != '':
-                       nameAttr = makeNameAttr( formVar[3] )
-                       buttonVals  = formVar[4]
-                       for i, buttonVal in enumerate( buttonVals ):
-                               htmlText = ''
-                               addAttrs = ''
-                               checked  = ''
-
-                               valueAttr = makeValueAttr( buttonVal )
-                               if formVar[5] != '':
-                                       htmlText = formVar[5][i]
-                               if attrs != '':
-                                       addAttrs = attrs[i]
-                               if buttonVal == formVar[1]:
-                                       checked = 'checked'
-
-                               print '<INPUT type="radio"', nameAttr, 
valueAttr, addAttrs, checked, '>', htmlText
-
-       if ( formVar[2] != '' ) and ( rb_select == 0 ):
-               nameAttr = makeNameAttr( formVar[2] )
-               valueAttr = makeValueAttr( formVar[1] )
-               print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
-
-def sendHtmlHeaders( ):
-       # HTML headers
-       print 'Content-Type: text/html'
-       print
-
-def sendPolicyLabelHtml( ):
-       global xmlError, xmlIncomplete, xmlMessages, formXmlGen
-       global formVmNameDom0, formSteTypes, formChWallTypes
-
-       print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
-       print '  "http://www.w3.org/TR/html4/loose.dtd";>'
-
-       print '<HTML>'
-
-       sendHtmlHead( )
-
-       print '<BODY>'
-
-       # An input XML file was specified that had errors, output the
-       # error information
-       if xmlError == 1:
-               print '<P>'
-               print 'An error has been encountered while processing the input'
-               print 'XML file:'
-               print '<UL>'
-               for msg in xmlMessages:
-                       print '<LI>'
-                       print msg
-               print '</UL>'
-               print '</BODY>'
-               print '</HTML>'
-               return
-
-       # When attempting to generate the XML output, all required data was not
-       # present, output the error information
-       if xmlIncomplete == 1:
-               print '<P>'
-               print 'An error has been encountered while validating the data'
-               print 'required for the output XML file:'
-               print '<UL>'
-               for msg in xmlMessages:
-                       print '<LI>'
-                       print msg
-               print '</UL>'
-               print '</BODY>'
-               print '</HTML>'
-               return
-
-       print '<CENTER>'
-       print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">'
-       print '<TABLE class="container">'
-       print '  <COLGROUP>'
-       print '    <COL width="100%">'
-       print '  </COLGROUP>'
-
-       print '  <TR>'
-       print '    <TD>'
-       sendHtmlFormVar( formDefaultButton, 'class="hidden"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD>'
-       sendHtmlFormVar( formXmlGen )
-       print '    </TD>'
-       print '  </TR>'
-
-       # Policy Labeling header
-       print '  <TR>'
-       print '    <TD>'
-       sendPLHeaderHtml( )
-       print '    </TD>'
-       print '  </TR>'
-
-       # Separator
-       print '  <TR>'
-       print '    <TD>'
-       print '      <HR>'
-       print '    </TD>'
-       print '  </TR>'
-
-       # Policy Labels (vms)
-       print '  <TR>'
-       print '    <TD>'
-       print '      <TABLE class="full">'
-       print '        <TR>'
-       print '          <TD width="100%">'
-       sendPLSubHtml( )
-       print '          </TD>'
-       print '        </TR>'
-       print '      </TABLE>'
-       print '    </TD>'
-       print '  </TR>'
-
-       print '</TABLE>'
-
-       # Send some data that needs to be available across sessions
-       sendHtmlFormVar( formVmNameDom0 )
-       sendHtmlFormVar( formSteTypes )
-       sendHtmlFormVar( formChWallTypes )
-
-       print '</FORM>'
-       print '</CENTER>'
-
-       print '</BODY>'
-
-       print '</HTML>'
-
-def sendHtmlHead( ):
-       global headTitle
-
-       print '<HEAD>'
-       print '<STYLE type="text/css">'
-       print '<!--'
-       print 'BODY            {background-color: #EEEEFF;}'
-       print 'TABLE.container {width:  90%; border: 1px solid black; 
border-collapse: seperate;}'
-       print 'TABLE.full      {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
-       print 'TABLE.fullbox   {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
-       print 'THEAD           {font-weight: bold; font-size: larger;}'
-       print 'TD              {border: 0px solid black; vertical-align: top;}'
-       print 'TD.heading      {border: 0px solid black; vertical-align: top; 
font-weight: bold; font-size: larger;}'
-       print 'TD.subheading   {border: 0px solid black; vertical-align: top; 
font-size: smaller;}'
-       print 'TD.fullbox      {border: 1px solid black; vertical-align: top;}'
-       print 'SELECT.full     {width: 100%;}'
-       print 'INPUT.full      {width: 100%;}'
-       print 'INPUT.link      {cursor: pointer; background-color: #EEEEFF; 
border: 0px; text-decoration: underline; color: blue;}'
-       print 'INPUT.hidden    {visibility: hidden; width: 1px; height: 1px;}'
-       print ':link           {color: blue;}'
-       print ':visited        {color: red;}'
-       print '-->'
-       print '</STYLE>'
-       print '<TITLE>', headTitle, '</TITLE>'
-       print '</HEAD>'
-
-def sendPLHeaderHtml( ):
-       global formPolicyLabelName, formPolicyLabelDate
-       global formPolicyUrl, formPolicyRef
-       global formPolicyLabelUpdate
-
-       # Policy Labeling header definition
-       print '<TABLE class="full">'
-       print '  <COLGROUP>'
-       print '    <COL width="20%">'
-       print '    <COL width="80%">'
-       print '  </COLGROUP>'
-       print '  <TR>'
-       print '    <TD class="heading" align="center" colspan="2">Policy 
Labeling Information</TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="right">Name:</TD>'
-       print '    <TD align="left">'
-       sendHtmlFormVar( formPolicyLabelName, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="right">Date:</TD>'
-       print '    <TD align="left">'
-       sendHtmlFormVar( formPolicyLabelDate, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="right">Policy URL:</TD>'
-       print '    <TD align="left">'
-       sendHtmlFormVar( formPolicyUrl, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="right">Policy Reference:</TD>'
-       print '    <TD align="left">'
-       sendHtmlFormVar( formPolicyRef, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="center" colspan="2">'
-       sendHtmlFormVar( formPolicyLabelUpdate )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="center" colspan="2" class="subheading">'
-       print '      (The Policy Labeling Information is updated whenever an 
action is performed'
-       print '       or it can be updated separately using the "Update" 
button)'
-       print '    </TD>'
-       print '  </TR>'
-       print '</TABLE>'
-
-def sendPLSubHtml( ):
-       global formVmNames, formVmDel, formVmName, formVmAdd
-       global allVmDel, allVmDom0
-       global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd
-       global allVmStes, allVmSteDel, allVmSte, allVmSteAdd
-       global formSteTypes, formChWallTypes
-
-       print '<TABLE class="full">'
-       print '  <COLGROUP>'
-       print '    <COL width="100%">'
-       print '  </COLGROUP>'
-
-       # Virtual Machines...
-       print '  <TR>'
-       print '    <TD>'
-       print '      <TABLE class="full">'
-       print '        <COLGROUP>'
-       print '          <COL width="10%">'
-       print '          <COL width="40%">'
-       print '          <COL width="50%">'
-       print '        </COLGROUP>'
-       print '        <TR>'
-       print '          <TD class="heading" align="center" colspan="3">Virtual 
Machine Classes</TD>'
-       print '        </TR>'
-       print '        <TR>'
-       print '          <TD colspan="2">'
-       sendHtmlFormVar( formVmName, 'class="full"' )
-       sendHtmlFormVar( formVmNames )
-       print '          </TD>'
-       print '          <TD>&nbsp;</TD>'
-       print '        </TR>'
-       print '        <TR>'
-       print '          <TD>'
-       sendHtmlFormVar( formVmAdd, 'class="full"' )
-       print '          </TD>'
-       print '          <TD colspan="2">'
-       print '            Create a new VM class with the above name'
-       print '          </TD>'
-       print '        </TR>'
-       print '      </TABLE>'
-       print '    </TD>'
-       print '  </TR>'
-       if len( formVmNames[1] ) > 0:
-               print '  <TR>'
-               print '    <TD colspan="1">'
-               print '      &nbsp;'
-               print '    </TD>'
-               print '  </TR>'
-               print '  <TR>'
-               print '    <TD>'
-               print '      <TABLE class="fullbox">'
-               print '        <COLGROUP>'
-               print '          <COL width="10%">'
-               print '          <COL width="40%">'
-               print '          <COL width="50%">'
-               print '        </COLGROUP>'
-               print '        <THEAD>'
-               print '          <TR>'
-               print '            <TD class="fullbox">Dom 0?</TD>'
-               print '            <TD class="fullbox">Name</TD>'
-               print '            <TD class="fullbox">Actions</TD>'
-               print '          </TR>'
-               print '        </THEAD>'
-               for i, vmName in enumerate( formVmNames[1] ):
-                       print '        <TR>'
-                       print '          <TD class="fullbox">'
-                       if formVmNameDom0[1] == vmName:
-                               print 'Yes'
-                       else:
-                               print '&nbsp;'
-                       print '          </TD>'
-                       print '          <TD class="fullbox">' + vmName + 
'</TD>'
-                       print '          <TD class="fullbox">'
-                       print '            <A href="#' + vmName + '">Edit</A>'
-                       formVar = allVmDel[vmName]
-                       sendHtmlFormVar( formVar, 'class="link"' )
-                       formVar = allVmDom0[vmName]
-                       sendHtmlFormVar( formVar, 'class="link"' )
-                       print '          </TD>'
-                       print '        </TR>'
-               print '      </TABLE>'
-               print '    </TD>'
-               print '  </TR>'
-               for vmName in formVmNames[1]:
-                       print '  <TR>'
-                       print '    <TD>'
-                       print '      <HR>'
-                       print '    </TD>'
-                       print '  </TR>'
-                       print '  <TR>'
-                       print '    <TD>'
-                       print '      <TABLE class="full">'
-                       print '        <COLGROUP>'
-                       print '          <COL width="10%">'
-                       print '          <COL width="39%">'
-                       print '          <COL width="2%">'
-                       print '          <COL width="10%">'
-                       print '          <COL width="39%">'
-                       print '        </COLGROUP>'
-                       print '        <TR>'
-                       print '          <TD colspan="5" align="center" 
class="heading">'
-                       print '            <A name="' + vmName + '">Virtual 
Machine Class: ' + vmName + '</A>'
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD colspan="2" align="center">Simple 
Type Enforcement Types</TD>'
-                       print '          <TD>&nbsp;</TD>'
-                       print '          <TD colspan="2" align="center">Chinese 
Wall Types</TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD colspan="2">'
-                       formVar = allVmStes[vmName];
-                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
-                       print '          </TD>'
-                       print '          <TD>&nbsp;</TD>'
-                       print '          <TD colspan="2">'
-                       formVar = allVmChWs[vmName];
-                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD>'
-                       formVar = allVmSteDel[vmName];
-                       sendHtmlFormVar( formVar, 'class="full"' )
-                       print '          </TD>'
-                       print '          <TD>'
-                       print '            Delete the type(s) selected above'
-                       print '          </TD>'
-                       print '          <TD>&nbsp;</TD>'
-                       print '          <TD>'
-                       formVar = allVmChWDel[vmName];
-                       sendHtmlFormVar( formVar, 'class="full"' )
-                       print '          </TD>'
-                       print '          <TD>'
-                       print '            Delete the type(s) selected above'
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD colspan="2">'
-                       stSet = Set( formSteTypes[1] )
-                       vmSet = Set( allVmStes[vmName][1] )
-                       formVar = allVmSte[vmName]
-                       formVar[1] = []
-                       for steType in stSet.difference( vmSet ):
-                               formVar[1].append( steType )
-                       formVar[1].sort( )
-                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
-                       print '          </TD>'
-                       print '          <TD>&nbsp;</TD>'
-                       print '          <TD colspan="2">'
-                       ctSet = Set( formChWallTypes[1] )
-                       vmSet = Set( allVmChWs[vmName][1] )
-                       formVar = allVmChW[vmName]
-                       formVar[1] = []
-                       for chwallType in ctSet.difference( vmSet ):
-                               formVar[1].append( chwallType )
-                       formVar[1].sort( )
-                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD>'
-                       formVar = allVmSteAdd[vmName];
-                       sendHtmlFormVar( formVar, 'class="full"' )
-                       print '          </TD>'
-                       print '          <TD>'
-                       print '            Add the type(s) selected above'
-                       print '          </TD>'
-                       print '          <TD>&nbsp;</TD>'
-                       print '          <TD>'
-                       formVar = allVmChWAdd[vmName];
-                       sendHtmlFormVar( formVar, 'class="full"' )
-                       print '          </TD>'
-                       print '          <TD>'
-                       print '            Add the type(s) selected above'
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '      </TABLE>'
-                       print '    </TD>'
-                       print '  </TR>'
-
-       print '</TABLE>'
-
-def sendPLObjHtml( ):
-
-       # Resources...
-       print '<TABLE class="full">'
-       print '  <COLGROUP>'
-       print '    <COL width="60%">'
-       print '    <COL width="20%">'
-       print '    <COL width="20%">'
-       print '  </COLGROUP>'
-
-       print '  <TR>'
-       print '    <TD align="center" colspan="3" 
class="heading">Resources</TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD colspan="2">'
-       #sendHtmlFormVar( formVmNames, 'class="full" size="4" multiple"' )
-       print '    </TD>'
-       print '    <TD>'
-       #sendHtmlFormVar( formVmDel, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD colspan="2">'
-       #sendHtmlFormVar( formVmName, 'class="full"' )
-       print '    </TD>'
-       print '    <TD>'
-       #sendHtmlFormVar( formVmAdd, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '</TABLE>'
-
-def checkXmlData( ):
-       global xmlIncomplete
-
-       # Validate the Policy Label Header requirements
-       if ( len( formPolicyLabelName[1] ) == 0 ) or \
-          ( len( formPolicyLabelDate[1] ) == 0 ) or \
-          ( len( formPolicyUrl[1] ) == 0 ) or \
-          ( len( formPolicyRef[1] ) == 0 ):
-                       msg = ''
-                       msg = msg + 'The XML policy label schema requires that 
the Policy '
-                       msg = msg + 'Labeling Information Name, Date, Policy 
URL and '
-                       msg = msg + 'Policy Reference fields all have values.'
-                       formatXmlGenError( msg )
-
-def sendXmlHeaders( ):
-       # HTML headers
-       print 'Content-Type: text/xml'
-       print 'Content-Disposition: attachment; 
filename=security_label_template.xml'
-       print
-
-def sendPolicyLabelXml( ):
-       print '<?xml version="1.0"?>'
-
-       print '<SecurityLabelTemplate xmlns="http://www.ibm.com";'
-       print '                       
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";'
-       print '                       xsi:schemaLocation="http://www.ibm.com 
security_policy.xsd">'
-
-       # Policy Labeling header
-       sendPLHeaderXml( )
-
-       # Policy Labels (subjects and objects)
-       sendPLSubXml( )
-       #sendPLObjXml( )
-
-       print '</SecurityLabelTemplate>'
-
-def sendPLHeaderXml( ):
-       global formPolicyLabelName, formPolicyLabelDate
-       global formPolicyUrl, formPolicyRef
-
-       # Policy Labeling header definition
-       print '<LabelHeader>'
-       print '  <Name>' + formPolicyLabelName[1] + '</Name>'
-       print '  <Date>' + formPolicyLabelDate[1] + '</Date>'
-       print '  <PolicyName>'
-       print '    <Url>' + formPolicyUrl[1] + '</Url>'
-       print '    <Reference>' + formPolicyRef[1] + '</Reference>'
-       print '  </PolicyName>'
-       print '</LabelHeader>'
-
-def sendPLSubXml( ):
-       global formVmNames, allVmChWs, allVmStes
-
-       # Virtual machines...
-       if len( formVmNames[1] ) == 0:
-               return
-
-       print '<SubjectLabels bootstrap="' + formVmNameDom0[1] + '">'
-       for vmName in formVmNames[1]:
-               print '  <VirtualMachineLabel>'
-               print '    <Name>' + vmName + '</Name>'
-               formVar = allVmStes[vmName]
-               if len( formVar[1] ) > 0:
-                       print '    <SimpleTypeEnforcementTypes>'
-                       for ste in formVar[1]:
-                               print '      <Type>' + ste + '</Type>'
-                       print '    </SimpleTypeEnforcementTypes>'
-
-               formVar = allVmChWs[vmName]
-               if len( formVar[1] ) > 0:
-                       print '    <ChineseWallTypes>'
-                       for chw in formVar[1]:
-                               print '      <Type>' + chw + '</Type>'
-                       print '    </ChineseWallTypes>'
-
-               print '  </VirtualMachineLabel>'
-
-       print '</SubjectLabels>'
-
-
-# Set up initial HTML variables
-headTitle = 'Xen Policy Labeling Generation'
-
-# Form variables
-#   The format of these variables is as follows:
-#   [ p0, p1, p2, p3, p4, p5 ]
-#     p0 = input type
-#     p1 = the current value of the variable
-#     p2 = the hidden input name attribute
-#     p3 = the name attribute
-#     p4 = the value attribute
-#     p5 = text to associate with the tag
-formPolicyLabelName   = [ 'text',
-                       '',
-                       'h_policyLabelName',
-                       'i_policyLabelName',
-                       '',
-                       '',
-                       ]
-formPolicyLabelDate   = [ 'text',
-                       getCurrentTime( ),
-                       'h_policyLabelDate',
-                       'i_policyLabelDate',
-                       '',
-                       '',
-                       ]
-formPolicyUrl         = [ 'text',
-                       '',
-                       'h_policyUrl',
-                       'i_policyUrl',
-                       '',
-                       '',
-                       ]
-formPolicyRef         = [ 'text',
-                       '',
-                       'h_policyRef',
-                       'i_policyRef',
-                       '',
-                       '',
-                       ]
-formPolicyLabelUpdate = [ 'button',
-                       '',
-                       '',
-                       'i_PolicyLabelUpdate',
-                       'Update',
-                       '',
-                   ]
-
-formVmNames       = [ '',
-                       [],
-                       'h_vmNames',
-                       '',
-                       '',
-                       '',
-                   ]
-formVmDel         = [ 'button',
-                       '',
-                       '',
-                       'i_vmDel',
-                       'Delete',
-                       '',
-                   ]
-formVmName        = [ 'text',
-                       '',
-                       '',
-                       'i_vmName',
-                       '',
-                       '',
-                   ]
-formVmAdd         = [ 'button',
-                       '',
-                       '',
-                       'i_vmAdd',
-                       'New',
-                       '',
-                   ]
-
-formVmNameDom0    = [ '',
-                       '',
-                       'h_vmDom0',
-                       '',
-                       '',
-                       '',
-                   ]
-
-formXmlGen        = [ 'button',
-                       '',
-                       '',
-                       'i_xmlGen',
-                       'Generate XML',
-                       '',
-                   ]
-
-formDefaultButton = [ 'button',
-                       '',
-                       '',
-                       'i_defaultButton',
-                       '.',
-                       '',
-                   ]
-
-formSteTypes      = [ '',
-                        [],
-                       'h_steTypes',
-                       '',
-                       '',
-                       '',
-                   ]
-formChWallTypes   = [ '',
-                        [],
-                       'h_chwallTypes',
-                       '',
-                       '',
-                       '',
-                   ]
-
-# This is a set of templates used for each virtual machine
-#   Each virtual machine is initially assigned these templates,
-#   then each form attribute value is changed to append
-#   "_virtual-machine-name" for uniqueness.
-templateVmDel     = [ 'button',
-                       '',
-                       '',
-                       'i_vmDel',
-                       'Delete',
-                       '',
-                   ]
-templateVmDom0    = [ 'button',
-                       '',
-                       '',
-                       'i_vmDom0',
-                       'SetDom0',
-                       '',
-                   ]
-allVmDel          = {};
-allVmDom0         = {};
-
-templateVmChWs    = [ 'list',
-                       [],
-                       'h_vmChWs',
-                       'i_vmChWs',
-                       '',
-                       '',
-                   ]
-templateVmChWDel  = [ 'button',
-                       '',
-                       '',
-                       'i_vmChWDel',
-                       'Delete',
-                       '',
-                   ]
-templateVmChW     = [ 'list',
-                       [],
-                       '',
-                       'i_vmChW',
-                       '',
-                       '',
-                   ]
-templateVmChWAdd  = [ 'button',
-                       '',
-                       '',
-                       'i_vmChWAdd',
-                       'Add',
-                       '',
-                   ]
-allVmChWs         = {};
-allVmChWDel       = {};
-allVmChW          = {};
-allVmChWAdd       = {};
-
-templateVmStes    = [ 'list',
-                       [],
-                       'h_vmStes',
-                       'i_vmStes',
-                       '',
-                       '',
-                   ]
-templateVmSteDel  = [ 'button',
-                       '',
-                       '',
-                       'i_vmSteDel',
-                       'Delete',
-                       '',
-                   ]
-templateVmSte     = [ 'list',
-                       [],
-                       '',
-                       'i_vmSte',
-                       '',
-                       '',
-                   ]
-templateVmSteAdd  = [ 'button',
-                       '',
-                       '',
-                       'i_vmSteAdd',
-                       'Add',
-                       '',
-                   ]
-allVmStes         = {};
-allVmSteDel       = {};
-allVmSte          = {};
-allVmSteAdd       = {};
-
-# A list of all form variables used for saving info across requests
-formVariables     = [ formPolicyLabelName,
-                       formPolicyLabelDate,
-                       formPolicyUrl,
-                       formPolicyRef,
-                       formVmNames,
-                       formVmNameDom0,
-                       formSteTypes,
-                       formChWallTypes,
-                   ]
-
-policyXml         = ''
-policyLabelXml    = ''
-xmlError          = 0
-xmlIncomplete     = 0
-xmlMessages       = []
-
-
-# Extract any form data
-formData = cgi.FieldStorage( )
-
-# Process the form
-getSavedData( )
-processRequest( )
-
-if formData.has_key( formXmlGen[3] ):
-       # Generate and send the XML file
-       checkXmlData( )
-
-       if xmlIncomplete == 0:
-               sendXmlHeaders( )
-               sendPolicyLabelXml( )
-
-if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
-       # Send HTML to continue processing the form
-       sendHtmlHeaders( )
-       sendPolicyLabelHtml( )
Index: xen-unstable.hg-shype/tools/security/python/xensec_gen/index.html
===================================================================
--- xen-unstable.hg-shype.orig/tools/security/python/xensec_gen/index.html
+++ xen-unstable.hg-shype/tools/security/python/xensec_gen/index.html
@@ -1,7 +1,7 @@
 <!--
  The Initial Developer of the Original Code is International
  Business Machines Corporation. Portions created by IBM
- Corporation are Copyright (C) 2005 International Business
+ Corporation are Copyright (C) 2005, 2006 International Business
  Machines Corporation. All Rights Reserved.
  -->
 
@@ -10,7 +10,7 @@
 <HTML>
   <HEAD>
     <META name="author" content="Tom Lendacky">
-    <META name="copyright" content="Copyright (C) 2005 International Business 
Machines Corporation. All rights reserved">
+    <META name="copyright" content="Copyright (C) 2005, 2006 International 
Business Machines Corporation. All rights reserved">
 
     <STYLE type="text/css">
       <!--
@@ -67,60 +67,6 @@
       </TR>
     </TABLE>
     </FORM>
-
-    <FORM action="/cgi-bin/policylabel.cgi" method="post" 
enctype="multipart/form-data">
-    <TABLE class="xen">
-      <COLGROUP>
-        <COL width="25%">
-        <COL width="20%">
-        <COL width="55%">
-      </COLGROUP>
-
-      <TR>
-        <TD valign="top" class="heading">
-          Security Policy Labeling
-        </TD>
-        <TD valign="top" colspan="2">
-          To generate or edit the Xen Security Policy Labeling you <B>must</B>
-          specify the name of
-          an existing Xen Security Policy file in the
-          <B>"Policy File"</B> entry field.<BR>
-          To generate new Xen Security Policy Labeling leave the
-          <B>"Policy Labeling File"</B> entry field
-          empty and click the "Create" button.<BR>
-          To modify existing Xen Security Policy Labeling enter the
-          file name containing the labeling in the
-          <B>"Policy Labeling File"</B> entry field
-          and click the "Create" button.<HR>
-        </TD>
-      </TR>
-      <TR>
-        <TD></TD>
-        <TD>
-          Policy File:
-        </TD>
-        <TD>
-          <INPUT type="file" size="50" name="i_policy">
-        </TD>
-      </TR>
-      <TR>
-        <TD></TD>
-        <TD>
-          Policy Labeling File:
-        </TD>
-        <TD>
-          <INPUT type="file" size="50" name="i_policyLabel">
-        </TD>
-      </TR>
-      <TR>
-        <TD></TD>
-        <TD valign="top">
-          <INPUT type="submit" name="i_policyLabelCreate" value="Create">
-        </TD>
-        <TD></TD>
-      </TR>
-    </TABLE>
-    </FORM>
   </CENTER>
   </BODY>
 </HTML>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.