--- xen-unstable.hg/tools/xm-test/lib/XmTestLib/XenAPIDomain.py | 4 xen-unstable.hg/tools/xm-test/lib/XmTestLib/acm.py | 52 + xen-unstable.hg/tools/xm-test/tests/security-acm/01_security-acm_basic.py | 24 xen-unstable.hg/tools/xm-test/tests/security-acm/07_security-acm_pol_update.py | 303 +++++++ xen-unstable.hg/tools/xm-test/tests/security-acm/08_security-acm_xapi.py | 354 ++++++++ xen-unstable.hg/tools/xm-test/tests/security-acm/09_security-acm_pol_update.py | 427 ++++++++++ xen-unstable.hg/tools/xm-test/tests/security-acm/Makefile.am | 5 xen-unstable.hg/tools/xm-test/tests/security-acm/xm-test-new-security_policy.xml | 97 ++ xen-unstable.hg/tools/xm-test/tests/vtpm/vtpm_utils.py | 4 9 files changed, 1250 insertions(+), 20 deletions(-) Index: root/xen-unstable.hg/tools/xm-test/lib/XmTestLib/acm.py =================================================================== --- root.orig/xen-unstable.hg/tools/xm-test/lib/XmTestLib/acm.py +++ root/xen-unstable.hg/tools/xm-test/lib/XmTestLib/acm.py @@ -19,6 +19,9 @@ """ from Test import * from xen.util import security +from xen.xm.main import server +from xen.util import xsconstants +import re try: from acm_config import * @@ -32,16 +35,47 @@ def isACMEnabled(): return security.on() +def getSystemPolicyName(): + s,o = traceCommand("xm getpolicy") + m = re.compile("Policy name[\s]*: ([A-z\-]+)").search(o) + if m: + polname = m.group(1) + return polname + return "" + + +def ACMLoadPolicy_XenAPI(policy='xm-test'): + polname = getSystemPolicyName() + if polname != policy: + # Try it, maybe it's not activated + traceCommand("xm setpolicy %s %s" % + (xsconstants.XS_POLICY_ACM, policy)) + polname = getSystemPolicyName() + if polname != policy: + FAIL("Need to have a system with no or policy '%s' active, " + "not %s" % (policy,polname)) + else: + s, o = traceCommand("xm activatepolicy --load") + else: + s, o = traceCommand("xm activatepolicy --load") + if not re.search("Successfully", o): + FAIL("Could not set the policy '%s'." % policy) + + def ACMLoadPolicy(policy='xm-test'): - s, o = traceCommand("xm makepolicy %s" % (policy)) - if s != 0: - FAIL("Need to be able to do 'xm makepolicy %s' but could not" % - (policy)) - s, o = traceCommand("xm loadpolicy %s" % (policy)) - if s != 0: - FAIL("Could not load the required policy '%s'.\n" - "Start the system without any policy.\n%s" % - (policy, o)) + from xen.xm import main + if main.serverType == main.SERVER_XEN_API: + ACMLoadPolicy_XenAPI() + else: + s, o = traceCommand("xm makepolicy %s" % (policy)) + if s != 0: + FAIL("Need to be able to do 'xm makepolicy %s' but could not" % + (policy)) + s, o = traceCommand("xm loadpolicy %s" % (policy)) + if s != 0: + FAIL("Could not load the required policy '%s'.\n" + "Start the system without any policy.\n%s" % + (policy, o)) def ACMPrepareSystem(resources): if isACMEnabled(): Index: root/xen-unstable.hg/tools/xm-test/tests/vtpm/vtpm_utils.py =================================================================== --- root.orig/xen-unstable.hg/tools/xm-test/tests/vtpm/vtpm_utils.py +++ root/xen-unstable.hg/tools/xm-test/tests/vtpm/vtpm_utils.py @@ -15,4 +15,6 @@ if output == "": "need /dev/tpm0") def vtpm_cleanup(domName): - traceCommand("/etc/xen/scripts/vtpm-delete %s" % domName) + from xen.xm import main + if main.serverType != main.SERVER_XEN_API: + traceCommand("/etc/xen/scripts/vtpm-delete %s" % domName) Index: root/xen-unstable.hg/tools/xm-test/tests/security-acm/08_security-acm_xapi.py =================================================================== --- /dev/null +++ root/xen-unstable.hg/tools/xm-test/tests/security-acm/08_security-acm_xapi.py @@ -0,0 +1,354 @@ +#!/usr/bin/python + +# Copyright (C) International Business Machines Corp., 2007 +# Author: Stefan Berger + +# VM creation test with labeled VM and labeled VDI + +from XmTestLib import xapi +from XmTestLib.XenAPIDomain import XmTestAPIDomain +from XmTestLib import * +from xen.xend import XendAPIConstants +from xen.util import acmpolicy, security, xsconstants +import commands +import os + +vm_label_red = xsconstants.ACM_POLICY_ID + ":xm-test:red" +vm_label_green = xsconstants.ACM_POLICY_ID + ":xm-test:green" +vdi_label_red = xsconstants.ACM_POLICY_ID + ":xm-test:red" +vdi_label_green = xsconstants.ACM_POLICY_ID + ":xm-test:green" + +vdi_file = "/dev/ram0" +vdi_path = "phy:" + vdi_file + +#Note: +# If during the suspend/resume operations 'red' instead of 'green' is +# used, the Chinese Wall policy goes into effect and disallows the +# suspended VM from being resumed... + +try: + # XmTestAPIDomain tries to establish a connection to XenD + domain = XmTestAPIDomain(extraConfig={ 'security_label' : vm_label_red }) +except Exception, e: + SKIP("Skipping test. Error: %s" % str(e)) + +vm_uuid = domain.get_uuid() + +session = xapi.connect() +xstype = session.xenapi.XSPolicy.get_xstype() +if int(xstype) & xsconstants.XS_POLICY_ACM == 0: + SKIP("ACM not enabled/compiled in Xen") + +f = open("xm-test-security_policy.xml", 'r') +if f: + newpolicyxml = f.read() + f.close() +else: + FAIL("Could not read 'xm-test' policy") + +policystate = session.xenapi.XSPolicy.get_xspolicy() +if int(policystate['type']) == 0: + policystate = session.xenapi.XSPolicy.set_xspolicy( + xsconstants.XS_POLICY_ACM, + newpolicyxml, + xsconstants.XS_INST_BOOT | xsconstants.XS_INST_LOAD, + True) + if int(policystate['flags']) == -1: + FAIL("Could not set the new policy.") + +policystate = session.xenapi.XSPolicy.get_xspolicy() +print "policystate = %s" % policystate +acm_ref = policystate['xs_ref'] + + +# +# Some tests with labeling of resources +# +labels = session.xenapi.XSPolicy.get_labeled_resources() +print "labeled resources are:\n%s" % labels + +oldlabel = session.xenapi.XSPolicy.get_resource_label("phy:/dev/ram0") + +rc = session.xenapi.XSPolicy.set_resource_label("phy:/dev/ram0", "", + oldlabel) + +rc = session.xenapi.XSPolicy.set_resource_label("phy:/dev/ram0", + vdi_label_green, + "") + +res = session.xenapi.XSPolicy.get_resource_label("phy:/dev/ram0") +if res != vdi_label_green: + FAIL("(1) get_resource_label returned unexpected result %s, wanted %s" % + (res, vdi_label_green)) + + +# +# Some test with labeling of VMs +# + +res = session.xenapi.VM.get_security_label(vm_uuid) + +if res != vm_label_red: + FAIL("VM.get_security_label returned wrong security label '%s'." % res) + +res = session.xenapi.VM.set_security_label(vm_uuid, vm_label_green, + vm_label_red) + +res = session.xenapi.VM.get_security_label(vm_uuid) +if res != vm_label_green: + FAIL("VM does not show expected label '%s' but '%s'." % + (vm_label_green, res)) + +res = session.xenapi.VM.set_security_label(vm_uuid, "", vm_label_green) +if int(res) != 0: + FAIL("Should be able to unlabel the domain while it's halted.") + +res = session.xenapi.VM.get_security_label(vm_uuid) +if res != "": + FAIL("Unexpected VM security label after removal: %s" % res) + +res = session.xenapi.VM.set_security_label(vm_uuid, vm_label_red, res) +if int(res) != 0: + FAIL("Could not label the VM to '%s'" % vm_label_red) + +res = session.xenapi.VM.get_security_label(vm_uuid) +if res != vm_label_red: + FAIL("VM has wrong label '%s', expected '%s'." % (res, vm_label_red)) + +sr_uuid = session.xenapi.SR.get_by_name_label("Local") +if len(sr_uuid) == 0: + FAIL("Could not get a handle on SR 'Local'") + + +vdi_rec = { 'name_label' : "My disk", + 'SR' : sr_uuid[0], + 'virtual_size': 0, + 'sector_size' : 512, + 'parent' : '', + 'SR_name' : 'Local', + 'type' : 'system', + 'shareable' : False, + 'read-only' : False, + 'other_config': {'location': vdi_path} +} + +vdi_ref = session.xenapi.VDI.create(vdi_rec) + +res = session.xenapi.VDI.get_name_label(vdi_ref) +if res != vdi_rec['name_label']: + print "Destroying VDI now" + session.xenapi.VDI.destroy(vdi_ref) + FAIL("VDI_get_name_label return wrong information") + +res = session.xenapi.VDI.get_record(vdi_ref) +print "vdi_record : %s" % res + +oldlabel = session.xenapi.XSPolicy.get_resource_label(vdi_path) + +#Remove label from VDI device +rc = session.xenapi.XSPolicy.set_resource_label(vdi_path, + "", + oldlabel) + + +# Attach a VBD to the VM + +vbd_rec = { 'VM' : vm_uuid, + 'VDI' : vdi_ref, + 'device' : "xvda1", + 'mode' : 1, + 'bootable': 0, +} + +vbd_ref = session.xenapi.VBD.create(vbd_rec) + +res = session.xenapi.VBD.get_record(vbd_ref) + +try: + domain.start(noConsole=True) + # Should not get here. + print "Destroying VDI now" + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Could start VM with a VBD that it is not allowed to access.") +except: + pass + print "Could not create domain -- that's good" + + +# +# Label the VDI now +# + +rc = session.xenapi.VDI.set_security_label(vdi_ref, vdi_label_red, "") +if int(rc) != 0: + FAIL("Could not set the VDI label to '%s'" % vdi_label_red) + +label = session.xenapi.VDI.get_security_label(vdi_ref) +if label != vdi_label_red: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Unexpected label '%s' on VDI, wanted '%s'" % + (label, vdi_label_red)) + +rc = session.xenapi.VDI.set_security_label(vdi_ref, "", label) +if int(rc) != 0: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Should be able to unlabel VDI.") + +rc = session.xenapi.VDI.set_security_label(vdi_ref, vdi_label_red, "") +if int(rc) != 0: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Should be able to label VDI with label '%s'" % vid_label_red) + +res = session.xenapi.XSPolicy.get_resource_label(vdi_path) +if res != vdi_label_red: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("(2) get_resource_label on %s returned unexpected result %s, wanted '%s'" % + (vdi_path, res, vdi_label_red)) + +res = session.xenapi.VDI.get_security_label(vdi_ref) +if res != vdi_label_red: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("get_security_label returned unexpected result %s, wanted '%s'" % + (res, vdi_label_red)) + +domain.start(noConsole=True) + +console = domain.getConsole() + +domName = domain.getName() + +try: + run = console.runCmd("cat /proc/interrupts") +except ConsoleError, e: + saveLog(console.getHistory()) + FAIL("Could not access proc-filesystem") + +# Try to relabel while VM is running +try: + res = session.xenapi.VM.set_security_label(vm_uuid, vm_label_green, + vm_label_red) +except: + pass + +lab = session.xenapi.VM.get_security_label(vm_uuid) +if lab == vm_label_green: + FAIL("Should not be able to reset the security label while running." + "tried to set to %s, got %s, old: %s" %(vm_label_green, lab, + vm_label_red)) + + +# +# Suspend the domain and relabel it +# + +try: + status, output = traceCommand("xm suspend %s" % domName, + timeout=30) +except TimeoutError, e: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Failure from suspending VM: %s." % str(e)) + +# Try to relabel while VM is suspended -- this should work + +rc = session.xenapi.VM.set_security_label(vm_uuid, vm_label_green, + vm_label_red) +if int(rc) != 0: + FAIL("VM security label could not be set to %s" % vm_label_green) + +res = session.xenapi.VM.get_security_label(vm_uuid) +if res != vm_label_green: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("VM (suspended) has label '%s', expected '%s'." % + (res, vm_label_green)) + +status, output = traceCommand("xm list") + +#Try to resume now -- should fail due to denied access to block device +try: + status, output = traceCommand("xm resume %s" % domName, + timeout=30) + if status == 0: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Could resume re-labeled VM: %s" % output) +except Exception, e: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("1. Error resuming the VM: %s." % str(e)) + +# Relabel VM so it would resume +res = session.xenapi.VM.set_security_label(vm_uuid, vm_label_red, + vm_label_green) +if int(res) != 0: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Could not relabel VM to have it resume.") + +res = session.xenapi.VM.get_security_label(vm_uuid) +if res != vm_label_red: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("VM (suspended) has label '%s', expected '%s'." % + (res, vm_label_red)) + + +# Relabel the resource so VM should not resume +try: + session.xenapi.XSPolicy.set_resource_label(vdi_path, + vdi_label_green, + "") +except Exception, e: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Could not label the VDI to '%s': %x" % + (vdi_label_green, int(rc))) + +#Try to resume now -- should fail due to denied access to block device +try: + status, output = traceCommand("xm resume %s" % domName, + timeout=30) + if status == 0: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Could resume re-labeled VM: %s" % output) +except Exception, e: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("2. Error resuming the VM: %s." % str(e)) + + +status, output = traceCommand("xm list") + +# Relabel the resource so VM can resume +try: + session.xenapi.XSPolicy.set_resource_label(vdi_path, + vdi_label_red, + vdi_label_green) +except Exception, e: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Could not label the resource to '%s'" % vid_label_red) + +res = session.xenapi.XSPolicy.get_resource_label(vdi_path) +if res != vdi_label_red: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("'%s' has label '%s', expected '%s'." % + (vdi_path, res, vdi_label_red)) + +#Try to resume now -- should work +try: + status, output = traceCommand("xm resume %s" % domName, + timeout=30) + if status != 0: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Could not resume re-labeled VM: %s" % output) +except Exception, e: + session.xenapi.VDI.destroy(vdi_ref) + FAIL("3. Error resuming the VM: %s." % str(e)) + + +status, output = traceCommand("xm list") + +console = domain.getConsole() + +try: + run = console.runCmd("cat /proc/interrupts") +except ConsoleError, e: + saveLog(console.getHistory()) + session.xenapi.VDI.destroy(vdi_ref) + FAIL("Could not access proc-filesystem") + +domain.stop() +domain.destroy() Index: root/xen-unstable.hg/tools/xm-test/tests/security-acm/Makefile.am =================================================================== --- root.orig/xen-unstable.hg/tools/xm-test/tests/security-acm/Makefile.am +++ root/xen-unstable.hg/tools/xm-test/tests/security-acm/Makefile.am @@ -5,7 +5,10 @@ TESTS = 01_security-acm_basic.test \ 03_security-acm_dom_conflict.test \ 04_security-acm_dom_res.test \ 05_security-acm_dom_res_conf.test \ - 06_security-acm_dom_block_attach.test + 06_security-acm_dom_block_attach.test \ + 07_security-acm_pol_update.test \ + 08_security-acm_xapi.test \ + 09_security-acm_pol_update.test XFAIL_TESTS = Index: root/xen-unstable.hg/tools/xm-test/tests/security-acm/07_security-acm_pol_update.py =================================================================== --- /dev/null +++ root/xen-unstable.hg/tools/xm-test/tests/security-acm/07_security-acm_pol_update.py @@ -0,0 +1,303 @@ +#!/usr/bin/python + +# Copyright (C) International Business Machines Corp., 2006 +# Author: Stefan Berger + +# Test to exercise the xspolicy class + +from XmTestLib import xapi +from XmTestLib.XenAPIDomain import XmTestAPIDomain +from XmTestLib import * +from xen.xend import XendAPIConstants +from xen.util import acmpolicy, security, xsconstants +from xen.util.acmpolicy import ACMPolicy +from xen.xend.XendDomain import DOM0_UUID + +import commands +import os +import base64 + +xm_test = {} +xm_test['policyname'] = "xm-test" +xm_test['date'] = "Fri Sep 29 14:44:38 2006" +xm_test['url'] = None + +vm_label_red = "%s:xm-test:red" % xsconstants.ACM_POLICY_ID +vm_label_green = "%s:xm-test:green" % xsconstants.ACM_POLICY_ID +vm_label_blue = "%s:xm-test:blue" % xsconstants.ACM_POLICY_ID +vm_label_sys = "%s:xm-test:SystemManagement" % xsconstants.ACM_POLICY_ID + +vm_label_black = "%s:xm-test:black" + +session = xapi.connect() + +oldlabel = session.xenapi.VM.get_security_label(DOM0_UUID) + +ssidref = session.xenapi.VM.set_security_label(DOM0_UUID, + vm_label_sys, + oldlabel) +if int(ssidref) <= 0 or int(ssidref) != 0x00010001: + FAIL("(0) Domain-0 label for '%s' has unexpected failure: %08x" % + (vm_label_sys, int(ssidref))) +print "ssidref for '%s' is 0x%08x" % (vm_label_sys, int(ssidref)) + + +xstype = session.xenapi.XSPolicy.get_xstype() +if int(xstype) & xsconstants.XS_POLICY_ACM == 0: + SKIP("ACM not enabled/compiled in Xen") + +policystate = session.xenapi.XSPolicy.get_xspolicy() +if not policystate.has_key('xs_ref'): + FAIL("get_xspolicy must return member 'xs_ref'") + +xs_ref = policystate['xs_ref'] +if xs_ref != "": + origpolicyxml = session.xenapi.ACMPolicy.get_xml(xs_ref) +else: + origpolicyxml = "" + +f = open("xm-test-security_policy.xml", 'r') +if f: + newpolicyxml = f.read() + f.close() +else: + FAIL("Could not read 'xm-test' policy") + +try: + os.unlink("/boot/xm-test.bin") +except: + pass + +policystate = session.xenapi.XSPolicy.get_xspolicy() + +if int(policystate['type']) == 0: + policystate = session.xenapi.XSPolicy.set_xspolicy( + xsconstants.XS_POLICY_ACM, + newpolicyxml, + xsconstants.XS_INST_LOAD | xsconstants.XS_INST_BOOT, + 1) + if int(policystate['flags']) == -1: + FAIL("Could not set the new policy.") + +print "state of policy = %s " % policystate + +rc = session.xenapi.XSPolicy.activate_xspolicy( + policystate['xs_ref'], + xsconstants.XS_INST_LOAD | xsconstants.XS_INST_BOOT) +if int(rc) != xsconstants.XS_INST_LOAD | xsconstants.XS_INST_BOOT: + FAIL("Could not activate the current policy: rc = %08x" % int(rc)) + +if not os.path.exists("/boot/xm-test.bin"): + FAIL("Binary policy was not installed. Check grub config file.") + +policystate = session.xenapi.XSPolicy.get_xspolicy() + +if int(policystate['flags']) != xsconstants.XS_INST_BOOT | \ + xsconstants.XS_INST_LOAD: + FAIL("Flags (%x) are not indicating the correct state of the policy.", + int(policystate['flags'])) + +policystate = session.xenapi.XSPolicy.get_xspolicy() +xs_ref = policystate['xs_ref'] + +newpolicyxml = None +f = open("xm-test-new-security_policy.xml", 'r') +if f: + newpolicyxml = f.read() + f.close() +else: + FAIL("Could not read 'xm-test-new' policy") + +cur_acmpol = ACMPolicy(xml = policystate['repr']) +new_acmpol = ACMPolicy(xml = newpolicyxml) + +new_acmpol.update_frompolicy(cur_acmpol) + +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, + new_acmpol.toxml(), + xsconstants.XS_INST_LOAD | xsconstants.XS_INST_BOOT, + 1) + +f = open("xm-test-security_policy.xml", 'r') +if f: + newpolicyxml = f.read() + f.close() +else: + FAIL("Could not read 'xm-test-new' policy") + +cur_acmpol = new_acmpol +new_acmpol = ACMPolicy(xml = newpolicyxml) + +new_acmpol.update_frompolicy(cur_acmpol) + +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, + new_acmpol.toxml(), + xsconstants.XS_INST_LOAD | xsconstants.XS_INST_BOOT, + 1) + +dom0_lab = session.xenapi.VM.get_security_label(DOM0_UUID) + +ssidref = session.xenapi.VM.set_security_label(DOM0_UUID, + vm_label_sys, dom0_lab) +if int(ssidref) <= 0 or int(ssidref) != 0x00010001: + FAIL("(1) Domain-0 label for '%s' has unexpected failure: %08x" % + (vm_label_sys, int(ssidref))) +print "ssidref for '%s' is 0x%08x" % (vm_label_sys, int(ssidref)) + +try: + ssidref = session.xenapi.VM.set_security_label(DOM0_UUID, + vm_label_black, + vm_label_sys) + FAIL("Could set label '%s', although it's not in the policy. " + "ssidref=%s" % (vm_label_black, ssidref)) +except: + pass + +ssidref = session.xenapi.VM.set_security_label(DOM0_UUID, + vm_label_red, + vm_label_sys) +if int(ssidref) <= 0: + FAIL("(2) Domain-0 label for '%s' has unexpected failure: %08x" % + (vm_label_red, int(ssidref))) +print "ssidref for '%s' is 0x%08x" % (vm_label_red, int(ssidref)) + +label = session.xenapi.VM.get_security_label(DOM0_UUID) + +if label != vm_label_red: + FAIL("Dom0 label '%s' not as expected '%s'" % (label, vm_label_red)) + + +ssidref = session.xenapi.VM.set_security_label(DOM0_UUID, + vm_label_sys, + vm_label_red) +if int(ssidref) <= 0 or int(ssidref) != 0x00010001: + FAIL("(3) Domain-0 label for '%s' has unexpected failure: %08x" % + (vm_label_sys, int(ssidref))) + +label = session.xenapi.VM.get_security_label(DOM0_UUID) + +if label != vm_label_sys: + FAIL("Dom0 label '%s' not as expected '%s'" % label, dom0_label) + +header = session.xenapi.ACMPolicy.get_header(xs_ref) + +if header['policyname'] != xm_test['policyname']: + FAIL("Name in header is '%s', expected is '%s'." % + (header['policyname'],xm_test['policyname'])) +if header['date'] != xm_test['date']: + FAIL("Date in header is '%s', expected is '%s'." % + (header['date'],xm_test['date'])) +if header.has_key("url") and header['url' ] != xm_test['url' ]: + FAIL("URL in header is '%s', expected is '%s'." % + (header['url' ],xm_test['url' ])) + +# Create another domain +try: + # XmTestAPIDomain tries to establish a connection to XenD + domain = XmTestAPIDomain(extraConfig={ 'security_label' : vm_label_blue }) +except Exception, e: + SKIP("Skipping test. Error: %s" % str(e)) + + +vm_uuid = domain.get_uuid() + +res = session.xenapi.VM.get_security_label(vm_uuid) +if res != vm_label_blue: + FAIL("VM has security label '%s', expected is '%s'" % + (res, vm_label_blue)) + +try: + domain.start(noConsole=True) +except: + FAIL("Could not create domain") + + +# Attempt to relabel the running domain +ssidref = session.xenapi.VM.set_security_label(vm_uuid, + vm_label_red, + vm_label_blue) +if int(ssidref) <= 0: + FAIL("Could not relabel running domain to '%s'." % vm_label_red) + +# user domain is 'red', dom0 is current 'SystemManagement'. +# Try to move domain-0 to 'red' first, then to 'blue'. + +# Moving domain-0 to 'red' should work +ssidref = session.xenapi.VM.set_security_label(DOM0_UUID, + vm_label_red, + vm_label_sys) +if int(ssidref) <= 0: + FAIL("Could not label domain-0 '%s'" % vm_label_red) + +# Moving the guest domain to 'blue' should not work due to conflict set +try: + ssidref = session.xenapi.VM.set_security_label(vm_uuid, + vm_label_blue, + vm_label_red) + FAIL("Could label guest domain with '%s', although this is in a conflict " + "set. ssidref=%x" % (vm_label_blue,int(ssidref))) +except: + pass + +label = session.xenapi.VM.get_security_label(vm_uuid) +if label != vm_label_red: + FAIL("User domain has wrong label '%s', expected '%s'." % + (label, vm_label_red)) + +label = session.xenapi.VM.get_security_label(DOM0_UUID) +if label != vm_label_red: + FAIL("Domain-0 has wrong label '%s'; expected '%s'." % + (label, vm_label_red)) + +ssidref = session.xenapi.VM.set_security_label(DOM0_UUID, + vm_label_sys, + vm_label_red) +if int(ssidref) < 0: + FAIL("Could not set the domain-0 security label to '%s'." % + (vm_label_sys)) + +# pause the domain and relabel it... +session.xenapi.VM.pause(vm_uuid) + +label = session.xenapi.VM.get_security_label(vm_uuid) +if label != vm_label_red: + FAIL("User domain has wrong label '%s', expected '%s'." % + (label, vm_label_red)) + +ssidref = session.xenapi.VM.set_security_label(vm_uuid, + vm_label_blue, + vm_label_red) +print "guest domain new label '%s'; ssidref is 0x%08x" % \ + (vm_label_blue, int(ssidref)) +if int(ssidref) <= 0: + FAIL("Could not label guest domain with '%s'" % (vm_label_blue)) + +label = session.xenapi.VM.get_security_label(vm_uuid) +if label != vm_label_blue: + FAIL("User domain has wrong label '%s', expected '%s'." % + (label, vm_label_blue)) + +session.xenapi.VM.unpause(vm_uuid) + +rc = session.xenapi.VM.suspend(vm_uuid) + +ssidref = session.xenapi.VM.set_security_label(vm_uuid, + vm_label_green, + vm_label_blue) +print "guest domain new label '%s'; ssidref is 0x%08x" % \ + (vm_label_green, int(ssidref)) +if int(ssidref) < 0: + FAIL("Could not label suspended guest domain with '%s'" % (vm_label_blue)) + +label = session.xenapi.VM.get_security_label(vm_uuid) +if label != vm_label_green: + FAIL("User domain has wrong label '%s', expected '%s'." % + (label, vm_label_green)) + + +rc = session.xenapi.VM.resume(vm_uuid, False) + +label = session.xenapi.VM.get_security_label(vm_uuid) +if label != vm_label_green: + FAIL("User domain has wrong label '%s', expected '%s'." % + (label, vm_label_green)) Index: root/xen-unstable.hg/tools/xm-test/tests/security-acm/01_security-acm_basic.py =================================================================== --- root.orig/xen-unstable.hg/tools/xm-test/tests/security-acm/01_security-acm_basic.py +++ root/xen-unstable.hg/tools/xm-test/tests/security-acm/01_security-acm_basic.py @@ -15,6 +15,7 @@ from XmTestLib import * from xen.util import security +from xen.util import xsconstants import commands import os import re @@ -28,7 +29,7 @@ if not isACMEnabled(): SKIP("Not running this test since ACM not enabled.") status, output = traceCommand("xm makepolicy %s" % (testpolicy)) -if status != 0 or output != "": +if status != 0: FAIL("'xm makepolicy' failed with status %d and output\n%s" % (status,output)); @@ -47,7 +48,7 @@ status, output = traceCommand("xm rmlabe status, output = traceCommand("xm addlabel %s dom %s %s" % (testlabel, vmconfigfile, testpolicy)) if status != 0: - FAIL("'xm addlabel' failed with status %d.\n" % status) + FAIL("(1) 'xm addlabel' failed with status %d.\n" % status) status, output = traceCommand("xm getlabel dom %s" % (vmconfigfile)) @@ -55,8 +56,9 @@ status, output = traceCommand("xm getlab if status != 0: FAIL("'xm getlabel' failed with status %d, output:\n%s" % (status, output)) -if output != "policy=%s,label=%s" % (testpolicy,testlabel): - FAIL("Received unexpected output from 'xm getlabel': \n%s" % +if output != "policytype=%s,policy=%s,label=%s" % \ + (xsconstants.ACM_POLICY_ID, testpolicy, testlabel): + FAIL("(1) Received unexpected output from 'xm getlabel dom': \n%s" % (output)) @@ -74,30 +76,34 @@ status, output = traceCommand("xm getlab (vmconfigfile)) if output != "Error: 'Domain not labeled'": - FAIL("Received unexpected output from 'xm getlabel': \n%s" % + FAIL("(2) Received unexpected output from 'xm getlabel dom': \n%s" % (output)) #Whatever label the resource might have, remove it status, output = traceCommand("xm rmlabel res %s" % (testresource)) +if status != 0: + FAIL("'xm rmlabel' on resource failed with status %d.\n" % status) status, output = traceCommand("xm addlabel %s res %s %s" % (testlabel, testresource, testpolicy)) if status != 0: - FAIL("'xm addlabel' on resource failed with status %d.\n" % status) + FAIL("(2) 'xm addlabel' on resource failed with status %d.\n" % status) status, output = traceCommand("xm getlabel res %s" % (testresource)) if status != 0: FAIL("'xm getlabel' on resource failed with status %d, output:\n%s" % (status, output)) -if output != "policy=%s,label=%s" % (testpolicy,testlabel): - FAIL("Received unexpected output from 'xm getlabel': \n%s" % +if output != "%s:%s:%s" % (xsconstants.ACM_POLICY_ID,\ + testpolicy,testlabel): + FAIL("Received unexpected output from 'xm getlabel res': \n%s" % (output)) status, output = traceCommand("xm resources") if status != 0: + print "status = %s" % str(status) FAIL("'xm resources' did not run properly") if not re.search(security.unify_resname(testresource), output): FAIL("'xm resources' did not show the tested resource '%s'." % @@ -117,5 +123,5 @@ status, output = traceCommand("xm getlab (testresource)) if output != "Error: 'Resource not labeled'": - FAIL("Received unexpected output from 'xm getlabel': \n%s" % + FAIL("Received unexpected output from 'xm getlabel res': \n%s" % (output)) Index: root/xen-unstable.hg/tools/xm-test/tests/security-acm/09_security-acm_pol_update.py =================================================================== --- /dev/null +++ root/xen-unstable.hg/tools/xm-test/tests/security-acm/09_security-acm_pol_update.py @@ -0,0 +1,427 @@ +#!/usr/bin/python + +# Copyright (C) International Business Machines Corp., 2007 +# Author: Stefan Berger + +# Test to exercise the xspolicy and acmpolicy classes + +from XmTestLib import xapi +from XmTestLib.XenAPIDomain import XmTestAPIDomain +from XmTestLib import * +from xen.xend import XendAPIConstants +from xen.util import security, xsconstants +from xen.util.acmpolicy import ACMPolicy +from xen.xend.XendDomain import DOM0_UUID +import base64 +import struct +import time + +def typestoxml(types): + res = "" + for t in types: + res += "" + t + "\n" + return res + +def cfstoxml(cfss): + res = "" + for cfs in cfss: + res += "\n" + \ + typestoxml(cfs['chws']) + \ + "\n" + return res + +def vmlabelstoxml(vmlabels, vmfrommap): + res = "" + for vmlabel in vmlabels: + res += "\n" + if vmlabel['name'] in vmfrommap: + res += "" + else: + res += "" + res += vmlabel['name'] + "\n" + res += "\n" + \ + typestoxml(vmlabel['stes']) + \ + "\n" + if vmlabel.has_key('chws'): + res += "\n" + \ + typestoxml(vmlabel['chws']) + \ + "\n" + res += "\n" + return res + + +def reslabelstoxml(reslabels, resfrommap): + res = "" + for reslabel in reslabels: + res += "\n" + if resfrommap.has_key(reslabel['name']): + res += "" + else: + res += "" + res += reslabel['name'] + "\n" + res += "\n" + \ + typestoxml(reslabel['stes']) + \ + "\n" + res += "\n" + return res + +def create_xml_policy(hdr, stes, chws, + vmlabels, vmfrommap, bootstrap, + reslabels, resfrommap, + cfss): + hdr_xml ="\n" + \ + " " + hdr['name'] + "\n" + \ + " " + hdr['version'] + "\n" + \ + " \n" + \ + " " + hdr['oldname'] + "\n" + \ + " " + hdr['oldversion'] + "\n" + \ + " \n" + \ + "\n" + + stes_xml = "\n" + \ + " \n" + \ + typestoxml(stes) + \ + " \n" + \ + "\n" + + chws_xml = "\n" + \ + " \n" + \ + typestoxml(chws) + \ + " \n" + \ + " \n" + \ + cfstoxml(cfss) + \ + " \n" + \ + "\n" + + subjlabel_xml = "\n" + \ + vmlabelstoxml(vmlabels, vmfrommap) + \ + "\n" + objlabel_xml = "\n" + \ + reslabelstoxml(reslabels, resfrommap) + \ + "\n" + + policyxml = "\n" + \ + "\n" + \ + hdr_xml + \ + stes_xml + \ + chws_xml + \ + "\n" + \ + subjlabel_xml + \ + objlabel_xml + \ + "\n" + \ + "\n" + return policyxml + + +def update_hdr(hdr): + """ Update the version information in the header """ + hdr['oldversion'] = hdr['version'] + hdr['oldname'] = hdr['name'] + vers = hdr['version'] + tmp = vers.split('.') + if len(tmp) == 1: + rev = 1 + else: + rev = int(tmp[1]) + 1 + hdr['version'] = "%s.%s" % (tmp[0],rev) + return hdr + +session = xapi.connect() + +policystate = session.xenapi.XSPolicy.get_xspolicy() + +if policystate['repr'] != "": + print "%s" % policystate['repr'] + try: + acmpol = ACMPolicy(xml=policystate['repr']) + except Exception, e: + FAIL("Failure from creating ACMPolicy object: %s" % str(e)) + oldname = acmpol.policy_dom_get_hdr_item("PolicyName") + oldvers = acmpol.policy_dom_get_hdr_item("Version") + tmp = oldvers.split(".") + if len(tmp) == 1: + rev = 1 + else: + rev = int(tmp[1]) + 1 + newvers = "%s.%s" % (tmp[0], str(rev)) + print "old name/version = %s/%s" % (oldname, oldvers) +else: + oldname = None + oldvers = None + newvers = "1.0" + +# Initialize the header of the policy +hdr = {} +hdr['name'] = "xm-test" +hdr['version'] = newvers + +if oldname: + hdr['oldname'] = oldname + if oldvers and oldvers != "": + hdr['oldversion'] = oldvers + +stes = [ "SystemManagement", "red", "green", "blue" ] + +chws = [ "SystemManagement", "red", "green", "blue" ] + +bootstrap = "SystemManagement" + +vm_sysmgt = { 'name' : bootstrap, + 'stes' : stes, + 'chws' : [ "SystemManagement" ] } + +vm_red = { 'name' : "red" , + 'stes' : ["red"] , + 'chws' : ["red"] } + +vm_green = { 'name' : "green" , + 'stes' : ["green"] , + 'chws' : ["green"] } + +vm_blue = { 'name' : "blue" , + 'stes' : ["blue"] , + 'chws' : ["blue"] } + +res_red = { 'name' : "red" , + 'stes' : ["red"] } + +res_green = { 'name' : "green" , + 'stes' : ["green"] } + +res_blue = { 'name' : "blue" , + 'stes' : ["blue"] } + +cfs_1 = { 'name' : "CFS1", + 'chws' : [ "red" , "blue" ] } + +vmlabels = [ vm_sysmgt, vm_red, vm_green, vm_blue ] +vmfrommap = {} +reslabels = [ res_red, res_green, res_blue ] +resfrommap = {} +cfss = [ cfs_1 ] + +vm_label_red = xsconstants.ACM_POLICY_ID + ":xm-test:red" +vm_label_green = xsconstants.ACM_POLICY_ID + ":xm-test:green" +vm_label_blue = xsconstants.ACM_POLICY_ID + ":xm-test:blue" + +xml = create_xml_policy(hdr, stes, chws, + vmlabels, vmfrommap, bootstrap, + reslabels, resfrommap, + cfss) + +xml_good = xml + +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, + xml, + xsconstants.XS_INST_LOAD, + True) + +print "\n\npolicystate = %s" % policystate + +policystate = session.xenapi.XSPolicy.get_xspolicy() + +# +# Create two non-conflicting domains and start them +# +try: + # XmTestAPIDomain tries to establish a connection to XenD + domain1 = XmTestAPIDomain(extraConfig={ 'security_label' : vm_label_red }) +except Exception, e: + SKIP("Skipping test. Error: %s" % str(e)) + + +vm1_uuid = domain1.get_uuid() + +try: + domain1.start(noConsole=True) +except: + FAIL("Could not start domain1") + +print "Domain 1 started" + +try: + # XmTestAPIDomain tries to establish a connection to XenD + domain2 = XmTestAPIDomain(extraConfig={'security_label': vm_label_green }) +except Exception, e: + SKIP("Skipping test. Error: %s" % str(e)) + +vm2_uuid = domain2.get_uuid() + +try: + domain2.start(noConsole=True) +except: + FAIL("Could not start domain1") + + +print "Domain 2 started" + +# Try a policy that would put the two domains into conflict +cfs_2 = { 'name' : "CFS1", + 'chws' : [ "red" , "green" ] } +cfss = [ cfs_2 ] + +hdr = update_hdr(hdr) +xml = create_xml_policy(hdr, stes, chws, + vmlabels, vmfrommap, bootstrap, + reslabels, resfrommap, + cfss) + +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, + xml, + xsconstants.XS_INST_LOAD, + True) + +print "policystate %s" % policystate + +if int(policystate['xserr']) == 0: + FAIL("(1) Should not have been able to set this policy.") + +if len(policystate['errors']) == 0: + FAIL("Hypervisor should have reported errros.") + +errors = base64.b64decode(policystate['errors']) + +print "Length of errors: %d" % len(errors) +a,b = struct.unpack("!ii",errors) + +print "%08x , %08x" % (a,b) + +# +# Create a faulty policy with 'red' STE missing +# + +cfss = [ cfs_1 ] +stes = [ "SystemManagement", "green", "blue" ] + +xml = create_xml_policy(hdr, stes, chws, + vmlabels, vmfrommap, bootstrap, + reslabels, resfrommap, + cfss) +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, + xml, + xsconstants.XS_INST_LOAD, + True) + +print "Result from setting faulty(!) policy with STE 'red' missing:" +print "policystate %s" % policystate + +if int(policystate['xserr']) == 0: + FAIL("(2) Should not have been able to set this policy.") + +# +# Create a policy with 'red' VMLabel missing -- should not work since it is +# in use. +# +stes = [ "SystemManagement", "red", "green", "blue" ] + +vmlabels = [ vm_sysmgt, vm_green, vm_blue ] + +xml = create_xml_policy(hdr, stes, chws, + vmlabels, vmfrommap, bootstrap, + reslabels, resfrommap, + cfss) +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, + xml, + xsconstants.XS_INST_LOAD, + True) +print "Result from setting faulty(!) policy with VMlabel 'red' missing:" +print "policystate %s" % policystate + +if int(policystate['xserr']) == 0: + FAIL("(3) Should not have been able to set this policy.") + +# +# Create a policy with 'blue' VMLabel missing -- should work since it is NOT +# in use. +# +vmlabels = [ vm_sysmgt, vm_red, vm_green ] + +xml = create_xml_policy(hdr, stes, chws, + vmlabels, vmfrommap, bootstrap, + reslabels, resfrommap, + cfss) +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, + xml, + xsconstants.XS_INST_LOAD, + True) + +print "Result from setting (good) policy with VMlabel 'blue' missing:" +print "policystate %s" % policystate + +if int(policystate['xserr']) != 0: + FAIL("(4) Should have been able to set this policy: %s" % xml) + +# +# Move the green VMLabel towards blue which should put the running +# domain with label blue into a conflict set +# +vmlabels = [ vm_sysmgt, vm_red, vm_blue ] + +vmfrommap = { "blue" : "green" } # new : old + +hdr = update_hdr(hdr) #Needed, since last update was successful +xml = create_xml_policy(hdr, stes, chws, + vmlabels, vmfrommap, bootstrap, + reslabels, resfrommap, + cfss) + +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, + xml, + xsconstants.XS_INST_LOAD, + True) + +print "policystate %s" % policystate + +if int(policystate['xserr']) == 0: + FAIL("(5) Should not have been able to set this policy.") + +# +# Try to install a policy where a VM label has a faulty VM label name +# +vmfrommap = {} + +vm_blue_bad = { 'name' : "blue:x" , # ':' no allowed + 'stes' : ["blue"], + 'chws' : ["blue"] } + +vmlabels = [ vm_sysmgt, vm_red, vm_green, vm_blue_bad ] + +xml = create_xml_policy(hdr, stes, chws, + vmlabels, vmfrommap, bootstrap, + reslabels, resfrommap, + cfss) + +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, + xml, + xsconstants.XS_INST_LOAD, + True) + +print "policystate %s" % policystate + +if int(policystate['xserr']) == 0: + FAIL("(6) Should not have been able to set this policy.") + +# +# End the test by installing the initial policy again +# + +cur_version = hdr['version'] +(maj, min) = cur_version.split(".") +cur_version = "%s.%s" % (maj, str(int(min)-1) ) + +orig_acmpol = ACMPolicy(xml=xml_good) +orig_acmpol.set_frompolicy_version(cur_version) +orig_acmpol.set_policy_version(hdr['version']) + +policystate = session.xenapi.XSPolicy.set_xspolicy(xsconstants.XS_POLICY_ACM, + orig_acmpol.toxml(), + xsconstants.XS_INST_LOAD, + True) + +if int(policystate['xserr']) != 0: + FAIL("(END) Should have been able to set this policy.") + +domain1.stop() +domain2.stop() +domain1.destroy() +domain2.destroy() Index: root/xen-unstable.hg/tools/xm-test/lib/XmTestLib/XenAPIDomain.py =================================================================== --- root.orig/xen-unstable.hg/tools/xm-test/lib/XmTestLib/XenAPIDomain.py +++ root/xen-unstable.hg/tools/xm-test/lib/XmTestLib/XenAPIDomain.py @@ -23,6 +23,7 @@ import os import sys from XmTestLib import * from types import DictType +from acm import * class XenAPIConfig: @@ -38,6 +39,9 @@ class XenAPIConfig: 'kernel' : 'PV_kernel', 'ramdisk': 'PV_ramdisk', 'root' : 'PV_args'} + if isACMEnabled(): + #A default so every VM can start with ACM enabled + self.opts["security_label"] = "ACM:xm-test:red" def setOpt(self, name, value): """Set an option in the config""" Index: root/xen-unstable.hg/tools/xm-test/tests/security-acm/xm-test-new-security_policy.xml =================================================================== --- /dev/null +++ root/xen-unstable.hg/tools/xm-test/tests/security-acm/xm-test-new-security_policy.xml @@ -0,0 +1,97 @@ + + + + + xm-test + Fri Sep 29 14:44:38 2006 + 1.1 + + xm-test + 1.0 + + + + + + SystemManagement + green + red + + + + + + SystemManagement + green + red + + + + + green + red + + + + + + + + SystemManagement + + SystemManagement + green + red + + + SystemManagement + + + + + green + + green + + + green + + + + + red + + red + + + red + + + + + + + + SystemManagement + + SystemManagement + + + + + green + + green + + + + + red + + red + + + + + +