WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [Patch 4 / 8][ACM] - policy generation tool support

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] [Patch 4 / 8][ACM] - policy generation tool support
From: Reiner Sailer <sailer@xxxxxxxxxx>
Date: Tue, 11 Apr 2006 22:28:10 -0400
Cc: toml@xxxxxxxxxx, sailer@xxxxxxxxxx
Delivery-date: Tue, 11 Apr 2006 19:30:17 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
This patch adds support for managing and creating the simplified policies to the policy generation tools.

Signed-off by: Thomas Lendacky <toml@xxxxxxxxxx>
Signed-off by: Reiner Sailer <sailer@xxxxxxxxxx>

---
 tools/security/python/xensec_gen/cgi-bin/policylabel.cgi | 1396 ---------------
 tools/security/python/xensec_gen/cgi-bin/policy.cgi      | 1338 ++++++++++++--
 tools/security/python/xensec_gen/index.html              |   58 
 3 files changed, 1196 insertions(+), 1596 deletions(-)

Index: xen-unstable.hg-shype/tools/security/python/xensec_gen/cgi-bin/policy.cgi
===================================================================
--- 
xen-unstable.hg-shype.orig/tools/security/python/xensec_gen/cgi-bin/policy.cgi
+++ xen-unstable.hg-shype/tools/security/python/xensec_gen/cgi-bin/policy.cgi
@@ -2,7 +2,7 @@
 #
 # The Initial Developer of the Original Code is International
 # Business Machines Corporation. Portions created by IBM
-# Corporation are Copyright (C) 2005 International Business
+# Corporation are Copyright (C) 2005, 2006 International Business
 # Machines Corporation. All Rights Reserved.
 #
 # This program is free software; you can redistribute it and/or modify
@@ -31,9 +31,9 @@ from StringIO import StringIO
 from sets import Set
 
 def getSavedData( ):
-       global formData, policyXml, formVariables, formCSNames
-       global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
-       global allCSMTypes
+       global formData, policyXml
+       global formVariables, formCSNames, formVmNames, formResNames
+       global allCSMTypes, allVmChWs, allVmStes, allResStes
 
        # Process the XML upload policy file
        if formData.has_key( 'i_policy' ):
@@ -64,6 +64,46 @@ def getSavedData( ):
                        if len( dataList ) > 0:
                                exec 'allCSMTypes[csName][1] = ' + dataList[0]
 
+       # The form can contain any number of "Virtual Machines"
+       #   so update the list of form variables to include
+       #   each virtual machine (hidden input variable)
+       for vmName in formVmNames[1]:
+               newVm( vmName )
+
+               vmFormVar = allVmChWs[vmName]
+               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
+                       dataList = formData.getlist( vmFormVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( vmFormVar[1], list ):
+                                       exec 'vmFormVar[1] = ' + dataList[0]
+                               else:
+                                       vmFormVar[1] = dataList[0]
+
+               vmFormVar = allVmStes[vmName]
+               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
+                       dataList = formData.getlist( vmFormVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( vmFormVar[1], list ):
+                                       exec 'vmFormVar[1] = ' + dataList[0]
+                               else:
+                                       vmFormVar[1] = dataList[0]
+
+       # The form can contain any number of "Resources"
+       #   so update the list of form variables to include
+       #   each resource (hidden input variable)
+       for resName in formResNames[1]:
+               newRes( resName )
+
+               resFormVar = allResStes[resName]
+               if (resFormVar[2] != '') and formData.has_key( resFormVar[2] ):
+                       dataList = formData.getlist( resFormVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( resFormVar[1], list ):
+                                       exec 'resFormVar[1] = ' + dataList[0]
+                               else:
+                                       resFormVar[1] = dataList[0]
+
+
 def getCurrentTime( ):
        return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
 
@@ -77,14 +117,49 @@ def getName( domNode ):
        for childNode in nameNodes[0].childNodes:
                if childNode.nodeType == xml.dom.Node.TEXT_NODE:
                        name = name + childNode.data
+       return name
+
+def getPolicyName( domNode ):
+       nameNodes = domNode.getElementsByTagName( 'PolicyName' )
+       if len( nameNodes ) == 0:
+               formatXmlError( '"<PolicyName>" tag is missing' )
+               return None
+
+       name = ''
+       for childNode in nameNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       name = name + childNode.data
 
        return name
 
+def getUrl( domNode ):
+       urlNodes = domNode.getElementsByTagName( 'PolicyUrl' )
+       if len( urlNodes ) == 0:
+               return ''
+
+       url = ''
+       for childNode in urlNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       url = url + childNode.data
+
+       return url
+
+def getRef( domNode ):
+       refNodes = domNode.getElementsByTagName( 'Reference' )
+       if len( refNodes ) == 0:
+               return ''
+
+       ref = ''
+       for childNode in refNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       ref = ref + childNode.data
+
+       return ref
+
 def getDate( domNode ):
        dateNodes = domNode.getElementsByTagName( 'Date' )
        if len( dateNodes ) == 0:
-               formatXmlError( '"<Date>" tag is missing' )
-               return None
+               return ''
 
        date = ''
        for childNode in dateNodes[0].childNodes:
@@ -93,6 +168,18 @@ def getDate( domNode ):
 
        return date
 
+def getNSUrl( domNode ):
+       urlNodes = domNode.getElementsByTagName( 'NameSpaceUrl' )
+       if len( urlNodes ) == 0:
+               return ''
+
+       url = ''
+       for childNode in urlNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       url = url + childNode.data
+
+       return url
+
 def getSteTypes( domNode, missingIsError = 0 ):
        steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
        if len( steNodes ) == 0:
@@ -170,9 +257,7 @@ def formatXmlGenError( msg ):
        xmlMessages.append( cgi.escape( msg ) )
 
 def parseXml( xmlInput ):
-       global xmlMessages, xmlError, xmlLine, xmlColumn
-
-       xmlParser  = xml.sax.make_parser( )
+       xmlParser = xml.sax.make_parser( )
        try:
                domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
 
@@ -198,14 +283,16 @@ def parseXml( xmlInput ):
 
 def parsePolicyXml( ):
        global policyXml
-       global formPolicyName, formPolicyDate, formPolicyOrder
-       global formSteTypes, formChWallTypes
-       global allCSMTypes
+       global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, 
formPolicyNSUrl
+       global formPolicyOrder
+       global formSteTypes, formChWallTypes, formVmNames, formVmNameDom0
+       global allCSMTypes, allVmStes, allVmChWs
 
        domDoc = parseXml( policyXml )
        if domDoc == None:
                return
 
+       # Process the PolicyHeader
        domRoot    = domDoc.documentElement
        domHeaders = domRoot.getElementsByTagName( 'PolicyHeader' )
        if len( domHeaders ) == 0:
@@ -215,7 +302,7 @@ def parsePolicyXml( ):
                formatXmlError( msg )
                return
 
-       pName = getName( domHeaders[0] )
+       pName = getPolicyName( domHeaders[0] )
        if pName == None:
                msg = ''
                msg = msg + 'Error processing the Policy header information.\n'
@@ -223,18 +310,13 @@ def parsePolicyXml( ):
                formatXmlError( msg )
                return
 
-       formPolicyName[1] = pName
-
-       pDate = getDate( domHeaders[0] )
-       if pDate == None:
-               msg = ''
-               msg = msg + 'Error processing the Policy header information.\n'
-               msg = msg + 'Please validate the Policy file used.'
-               formatXmlError( msg )
-               return
-
-       formPolicyDate[1] = pDate
+       formPolicyName[1]  = pName
+       formPolicyUrl[1]   = getUrl( domHeaders[0] )
+       formPolicyRef[1]   = getRef( domHeaders[0] )
+       formPolicyDate[1]  = getDate( domHeaders[0] )
+       formPolicyNSUrl[1] = getNSUrl( domHeaders[0] )
 
+       # Process the STEs
        pOrder = ''
        domStes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
        if len( domStes ) > 0:
@@ -259,6 +341,7 @@ def parsePolicyXml( ):
 
                formSteTypes[1] = steTypes
 
+       # Process the ChineseWalls and Conflict Sets
        domChWalls = domRoot.getElementsByTagName( 'ChineseWall' )
        if len( domChWalls ) > 0:
                if domChWalls[0].hasAttribute( 'priority' ):
@@ -291,45 +374,39 @@ def parsePolicyXml( ):
                formChWallTypes[1] = chwTypes
 
                csNodes = domChWalls[0].getElementsByTagName( 'ConflictSets' )
-               if len( csNodes ) == 0:
-                       msg = ''
-                       msg = msg + 'Required "<ConflictSets>" tag missing.\n'
-                       msg = msg + 'Please validate the Policy file used.'
-                       formatXmlError( msg )
-                       return
-
-               cNodes = csNodes[0].getElementsByTagName( 'Conflict' )
-               if len( cNodes ) == 0:
-                       msg = ''
-                       msg = msg + 'Required "<Conflict>" tag missing.\n'
-                       msg = msg + 'Please validate the Policy file used.'
-                       formatXmlError( msg )
-                       return
-
-               for cNode in cNodes:
-                       csName = cNode.getAttribute( 'name' )
-                       newCS( csName, 1 )
-
-                       csMemberList = getTypes( cNode )
-                       if csMemberList == None:
+               if csNodes and (len( csNodes ) > 0):
+                       cNodes = csNodes[0].getElementsByTagName( 'Conflict' )
+                       if not cNodes or len( cNodes ) == 0:
                                msg = ''
-                               msg = msg + 'Error processing the Conflict Set 
members.\n'
+                               msg = msg + 'Required "<Conflict>" tag 
missing.\n'
                                msg = msg + 'Please validate the Policy file 
used.'
                                formatXmlError( msg )
                                return
 
-                       # Verify the conflict set members are valid types
-                       ctSet = Set( formChWallTypes[1] )
-                       csSet = Set( csMemberList )
-                       if not csSet.issubset( ctSet ):
-                               msg = ''
-                               msg = msg + 'Error processing Conflict Set "' + 
csName + '".\n'
-                               msg = msg + 'Members of the conflict set are 
not valid '
-                               msg = msg + 'Chinese Wall types.\n'
-                               msg = msg + 'Please validate the Policy file 
used.'
-                               formatXmlError( msg )
+                       for cNode in cNodes:
+                               csName = cNode.getAttribute( 'name' )
+                               newCS( csName, 1 )
+
+                               csMemberList = getTypes( cNode )
+                               if csMemberList == None:
+                                       msg = ''
+                                       msg = msg + 'Error processing the 
Conflict Set members.\n'
+                                       msg = msg + 'Please validate the Policy 
file used.'
+                                       formatXmlError( msg )
+                                       return
+
+                               # Verify the conflict set members are valid 
types
+                               ctSet = Set( formChWallTypes[1] )
+                               csSet = Set( csMemberList )
+                               if not csSet.issubset( ctSet ):
+                                       msg = ''
+                                       msg = msg + 'Error processing Conflict 
Set "' + csName + '".\n'
+                                       msg = msg + 'Members of the conflict 
set are not valid '
+                                       msg = msg + 'Chinese Wall types.\n'
+                                       msg = msg + 'Please validate the Policy 
file used.'
+                                       formatXmlError( msg )
 
-                       allCSMTypes[csName][1] = csMemberList
+                                       allCSMTypes[csName][1] = csMemberList
 
        if pOrder != '':
                formPolicyOrder[1] = pOrder
@@ -342,6 +419,74 @@ def parsePolicyXml( ):
                        formatXmlError( msg )
                        return
 
+       # Process the Labels
+       domLabels = domRoot.getElementsByTagName( 'SecurityLabelTemplate' )
+       if not domLabels or (len( domLabels ) == 0):
+               msg = ''
+               msg = msg + '<SecurityLabelTemplate> tag is missing.\n'
+               msg = msg + 'Please validate the Policy file used.'
+               formatXmlError( msg )
+               return
+
+
+       # Process the VMs
+       domSubjects = domLabels[0].getElementsByTagName( 'SubjectLabels' )
+       if len( domSubjects ) > 0:
+               formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' )
+               domNodes = domSubjects[0].getElementsByTagName( 
'VirtualMachineLabel' )
+               for domNode in domNodes:
+                       vmName = getName( domNode )
+                       if vmName == None:
+                               msg = ''
+                               msg = msg + 'Error processing the 
VirtualMachineLabel name.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               continue
+
+                       steTypes = getSteTypes( domNode )
+                       if steTypes == None:
+                               msg = ''
+                               msg = msg + 'Error processing the 
SimpleTypeEnforcement types.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       chwTypes = getChWTypes( domNode )
+                       if chwTypes == None:
+                               msg = ''
+                               msg = msg + 'Error processing the ChineseWall 
types.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       newVm( vmName, 1 )
+                       allVmStes[vmName][1] = steTypes
+                       allVmChWs[vmName][1] = chwTypes
+
+       # Process the Resources
+       domObjects = domLabels[0].getElementsByTagName( 'ObjectLabels' )
+       if len( domObjects ) > 0:
+               domNodes = domObjects[0].getElementsByTagName( 'ResourceLabel' )
+               for domNode in domNodes:
+                       resName = getName( domNode )
+                       if resName == None:
+                               msg = ''
+                               msg = msg + 'Error processing the ResourceLabel 
name.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               continue
+
+                       steTypes = getSteTypes( domNode )
+                       if steTypes == None:
+                               msg = ''
+                               msg = msg + 'Error processing the 
SimpleTypeEnforcement types.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       newRes( resName, 1 )
+                       allResStes[resName][1] = steTypes
+
 def modFormTemplate( formTemplate, suffix ):
        formVar = [x for x in formTemplate]
 
@@ -383,19 +528,80 @@ def newCS( csName, addToList = 0 ):
                        formCSNames[1].append( csName )
                        formCSNames[1] = removeDups( formCSNames[1] )
 
+def newVm( vmName, addToList = 0 ):
+       global formVmNames
+       global templateVmDel, allVmDel, templateVmDom0, allVmDom0
+       global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd
+       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+       global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd
+       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+       # Make sure we have an actual name and check one of the 'all'
+       # variables to be sure it hasn't been previously defined
+       if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )):
+               vmSuffix = '_' + vmName
+               allVmDom0[vmName]   = modFormTemplate( templateVmDom0,   
vmSuffix )
+               allVmDel[vmName]    = modFormTemplate( templateVmDel,    
vmSuffix )
+               allVmChWs[vmName]   = modFormTemplate( templateVmChWs,   
vmSuffix )
+               allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, 
vmSuffix )
+               allVmChW[vmName]    = modFormTemplate( templateVmChW,    
vmSuffix )
+               allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, 
vmSuffix )
+               allVmStes[vmName]   = modFormTemplate( templateVmStes,   
vmSuffix )
+               allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, 
vmSuffix )
+               allVmSte[vmName]    = modFormTemplate( templateVmSte,    
vmSuffix )
+               allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, 
vmSuffix )
+               if addToList == 1:
+                       formVmNames[1].append( vmName )
+                       formVmNames[1] = removeDups( formVmNames[1] )
+
+def newRes( resName, addToList = 0 ):
+       global formResNames
+       global templateResDel, allResDel
+       global templateResStes, templateResSteDel, templateResSte, 
templateResSteAdd
+       global allResStes, allResSteDel, allResSteType, allResSteAdd
+
+       # Make sure we have an actual name and check one of the 'all'
+       # variables to be sure it hasn't been previously defined
+       if (len( resName ) > 0) and (not allResDel.has_key( resName )):
+               resSuffix = '_' + resName
+               allResDel[resName]    = modFormTemplate( templateResDel,    
resSuffix )
+               allResStes[resName]   = modFormTemplate( templateResStes,   
resSuffix )
+               allResSteDel[resName] = modFormTemplate( templateResSteDel, 
resSuffix )
+               allResSte[resName]    = modFormTemplate( templateResSte,    
resSuffix )
+               allResSteAdd[resName] = modFormTemplate( templateResSteAdd, 
resSuffix )
+               if addToList == 1:
+                       formResNames[1].append( resName )
+                       formResNames[1] = removeDups( formResNames[1] )
+
 def updateInfo( ):
-       global formData, formPolicyName, formPolicyDate, formPolicyOrder
+       global formData, formPolicyName, formPolicyUrl, formPolicyRef, 
formPolicyDate, formPolicyNSUrl
+       global formPolicyOrder
 
        if formData.has_key( formPolicyName[3] ):
                formPolicyName[1] = formData[formPolicyName[3]].value
        elif formData.has_key( formPolicyUpdate[3] ):
                formPolicyName[1] = ''
 
+       if formData.has_key( formPolicyUrl[3] ):
+               formPolicyUrl[1] = formData[formPolicyUrl[3]].value
+       elif formData.has_key( formPolicyUpdate[3] ):
+               formPolicyUrl[1] = ''
+
+       if formData.has_key( formPolicyRef[3] ):
+               formPolicyRef[1] = formData[formPolicyRef[3]].value
+       elif formData.has_key( formPolicyUpdate[3] ):
+               formPolicyRef[1] = ''
+
        if formData.has_key( formPolicyDate[3] ):
                formPolicyDate[1] = formData[formPolicyDate[3]].value
        elif formData.has_key( formPolicyUpdate[3] ):
                formPolicyDate[1] = ''
 
+       if formData.has_key( formPolicyNSUrl[3] ):
+               formPolicyNSUrl[1] = formData[formPolicyNSUrl[3]].value
+       elif formData.has_key( formPolicyUpdate[3] ):
+               formPolicyNSUrl[1] = ''
+
        if formData.has_key( formPolicyOrder[3] ):
                formPolicyOrder[1] = formData[formPolicyOrder[3]].value
 
@@ -483,6 +689,136 @@ def delCSMember( csName ):
                        csm = csm.strip( )
                        formVar[1].remove( csm )
 
+def addVm( ):
+       global formData, fromVmName, formVmNames, formVmNameDom0
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formVmAdd[3] )):
+               if formData.has_key( formVmName[3] ):
+                       vmName = formData[formVmName[3]].value
+                       vmName = vmName.strip( )
+                       newVm( vmName, 1 )
+                       if formVmNameDom0[1] == '':
+                               formVmNameDom0[1] = vmName
+
+def delVm( vmName ):
+       global formVmNames, formVmNameDom0
+       global allVmDel, allVmDom0
+       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+       vmName = vmName.strip( )
+       formVmNames[1].remove( vmName )
+       del allVmDom0[vmName]
+       del allVmDel[vmName]
+       del allVmChWs[vmName]
+       del allVmChWDel[vmName]
+       del allVmChW[vmName]
+       del allVmChWAdd[vmName]
+       del allVmStes[vmName]
+       del allVmSteDel[vmName]
+       del allVmSte[vmName]
+       del allVmSteAdd[vmName]
+
+       if formVmNameDom0[1] == vmName:
+               if len( formVmNames[1] ) > 0:
+                       formVmNameDom0[1] = formVmNames[1][0]
+               else:
+                       formVmNameDom0[1] = ''
+
+def makeVmDom0( vmName ):
+       global formVmNameDom0
+
+       vmName = vmName.strip( )
+       formVmNameDom0[1] = vmName
+
+def addVmChW( vmName ):
+       global formData, allVmChW, allVmChWs
+
+       formVar = allVmChW[vmName]
+       if formData.has_key( formVar[3] ):
+               chwList = formData.getlist( formVar[3] )
+               formVar = allVmChWs[vmName]
+               for chw in chwList:
+                       chw = chw.strip( )
+                       formVar[1].append( chw )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delVmChW( vmName ):
+       global formData, allVmChWs
+
+       formVar = allVmChWs[vmName]
+       if formData.has_key( formVar[3] ):
+               chwList = formData.getlist( formVar[3] )
+               for chw in chwList:
+                       chw = chw.strip( )
+                       formVar[1].remove( chw )
+
+def addVmSte( vmName ):
+       global formData, allVmSte, allVmStes
+
+       formVar = allVmSte[vmName]
+       if formData.has_key( formVar[3] ):
+               steList = formData.getlist( formVar[3] )
+               formVar = allVmStes[vmName]
+               for ste in steList:
+                       ste = ste.strip( )
+                       formVar[1].append( ste )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delVmSte( vmName ):
+       global formData, allVmStes
+
+       formVar = allVmStes[vmName]
+       if formData.has_key( formVar[3] ):
+               steList = formData.getlist( formVar[3] )
+               for ste in steList:
+                       ste = ste.strip( )
+                       formVar[1].remove( ste )
+
+def addRes( ):
+       global formData, fromResName, formResNames
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formResAdd[3] )):
+               if formData.has_key( formResName[3] ):
+                       resName = formData[formResName[3]].value
+                       resName = resName.strip( )
+                       newRes( resName, 1 )
+
+def delRes( resName ):
+       global formResNames
+       global allResDel
+       global allResStes, allResSteDel, allResSteType, allResSteAdd
+
+       resName = resName.strip( )
+       formResNames[1].remove( resName )
+       del allResDel[resName]
+       del allResStes[resName]
+       del allResSteDel[resName]
+       del allResSte[resName]
+       del allResSteAdd[resName]
+
+def addResSte( vmName ):
+       global formData, allResSte, allResStes
+
+       formVar = allResSte[vmName]
+       if formData.has_key( formVar[3] ):
+               steList = formData.getlist( formVar[3] )
+               formVar = allResStes[vmName]
+               for ste in steList:
+                       ste = ste.strip( )
+                       formVar[1].append( ste )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delResSte( vmName ):
+       global formData, allResStes
+
+       formVar = allResStes[vmName]
+       if formData.has_key( formVar[3] ):
+               steList = formData.getlist( formVar[3] )
+               for ste in steList:
+                       ste = ste.strip( )
+                       formVar[1].remove( ste )
+
 def processRequest( ):
        global policyXml
        global formData, formPolicyUpdate
@@ -490,6 +826,12 @@ def processRequest( ):
        global formChWallAdd, formChWallDel
        global formCSAdd, allCSDel
        global formCSNames, allCSMAdd, allCSMDel
+       global formVmAdd
+       global formVmNames, allVmDel, allVmDom0
+       global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel
+       global formResAdd
+       global formResNames, allResDel
+       global allResSteAdd, allResSteDel
 
        if policyXml != '':
                parsePolicyXml( )
@@ -498,11 +840,13 @@ def processRequest( ):
        # an action is performed
        updateInfo( )
 
-       # Allow the adding of types/sets if the user has hit the
-       # enter key when attempting to add a type/set
+       # Allow the adding of types/sets/vms if the user has hit the
+       # enter key when attempting to add a type/set/vm
        addSteType( )
        addChWallType( )
        addCS( )
+       addVm( )
+       addRes( )
 
        if formData.has_key( formSteDel[3] ):
                delSteType( )
@@ -522,6 +866,37 @@ def processRequest( ):
                        elif formData.has_key( allCSMDel[csName][3] ):
                                delCSMember( csName )
 
+       for vmName in formVmNames[1]:
+               if formData.has_key( allVmDel[vmName][3] ):
+                       delVm( vmName )
+                       continue
+
+               if formData.has_key( allVmDom0[vmName][3] ):
+                       makeVmDom0( vmName )
+
+               if formData.has_key( allVmChWAdd[vmName][3] ):
+                       addVmChW( vmName )
+
+               elif formData.has_key( allVmChWDel[vmName][3] ):
+                       delVmChW( vmName )
+
+               elif formData.has_key( allVmSteAdd[vmName][3] ):
+                       addVmSte( vmName )
+
+               elif formData.has_key( allVmSteDel[vmName][3] ):
+                       delVmSte( vmName )
+
+       for resName in formResNames[1]:
+               if formData.has_key( allResDel[resName][3] ):
+                       delRes( resName )
+                       continue
+
+               if formData.has_key( allResSteAdd[resName][3] ):
+                       addResSte( resName )
+
+               elif formData.has_key( allResSteDel[resName][3] ):
+                       delResSte( resName )
+
 def makeName( name, suffix='' ):
        rName = name
        if suffix != '':
@@ -553,7 +928,7 @@ def makeValue( value, suffix='' ):
 def makeValueAttr( value, suffix='' ):
        return 'value="' + makeValue( value, suffix ) + '"'
 
-def sendHtmlFormVar( formVar, attrs='' ):
+def sendHtmlFormVar( formVar, attrs='', rb_select=0 ):
        nameAttr  = ''
        valueAttr = ''
        htmlText  = ''
@@ -614,7 +989,7 @@ def sendHtmlFormVar( formVar, attrs='' )
 
                                print '<INPUT type="radio"', nameAttr, 
valueAttr, addAttrs, checked, '>', htmlText, '<BR>'
 
-       if formVar[2] != '':
+       if ( formVar[2] != '' ) and ( rb_select == 0 ):
                nameAttr = makeNameAttr( formVar[2] )
                valueAttr = makeValueAttr( formVar[1] )
                print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
@@ -625,7 +1000,9 @@ def sendHtmlHeaders( ):
        print
 
 def sendPolicyHtml( ):
-       global xmlError, xmlIncomplete, xmlMessages, formXmlGen
+       global xmlError, xmlIncomplete, xmlMessages
+       global formDefaultButton, formXmlGen
+       global formVmNameDom0
 
        print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
        print '  "http://www.w3.org/TR/html4/loose.dtd";>'
@@ -704,12 +1081,17 @@ def sendPolicyHtml( ):
        print '  <TR>'
        print '    <TD>'
        print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="49%">'
+       print '          <COL width="2%">'
+       print '          <COL width="49%">'
+       print '        </COLGROUP>'
        print '        <TR>'
-       print '          <TD width="49%">'
+       print '          <TD>'
        sendPSteHtml( )
        print '          </TD>'
-       print '          <TD width="2%">&nbsp;</TD>'
-       print '          <TD width="49%">'
+       print '          <TD>&nbsp;</TD>'
+       print '          <TD>'
        sendPChWallHtml( )
        print '          </TD>'
        print '        </TR>'
@@ -717,7 +1099,57 @@ def sendPolicyHtml( ):
        print '    </TD>'
        print '  </TR>'
 
+       # Separator
+       print '  <TR>'
+       print '    <TD>'
+       print '      <HR>'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Policy Labels (vms)
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="100%">'
+       print '        </COLGROUP>'
+       print '        <TR>'
+       print '          <TD>'
+       sendPLSubHtml( )
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Separator
+       print '  <TR>'
+       print '    <TD>'
+       print '      <HR>'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Policy Labels (resources)
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="100%">'
+       print '        </COLGROUP>'
+       print '        <TR>'
+       print '          <TD>'
+       sendPLObjHtml( )
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+
        print '</TABLE>'
+
+       # Send some data that needs to be available across sessions
+       sendHtmlFormVar( formVmNameDom0 )
+
        print '</FORM>'
        print '</CENTER>'
 
@@ -733,8 +1165,8 @@ def sendHtmlHead( ):
        print '<!--'
        print 'BODY            {background-color: #EEEEFF;}'
        print 'TABLE.container {width:  90%; border: 1px solid black; 
border-collapse: seperate;}'
-       print 'TABLE.fullbox   {width: 100%; border: 1px solid black; 
border-collapse: collapse;}'
-       print 'TABLE.full      {width: 100%; border: 0px solid black; 
border-collapse: collapse;}'
+       print 'TABLE.full      {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
+       print 'TABLE.fullbox   {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
        print 'THEAD           {font-weight: bold; font-size: larger;}'
        print 'TD              {border: 0px solid black; vertical-align: top;}'
        print 'TD.heading      {border: 0px solid black; vertical-align: top; 
font-weight: bold; font-size: larger;}'
@@ -752,7 +1184,8 @@ def sendHtmlHead( ):
        print '</HEAD>'
 
 def sendPHeaderHtml( ):
-       global formPolicyName, formPolicyDate, formPolicyOrder, formPolicyUpdate
+       global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, 
formPolicyNSUrl
+       global formPolicyOrder, formPolicyUpdate
 
        # Policy header definition
        print '<TABLE class="full">'
@@ -770,12 +1203,30 @@ def sendPHeaderHtml( ):
        print '    </TD>'
        print '  </TR>'
        print '  <TR>'
+       print '    <TD align="right">Url:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyUrl, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Reference:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyRef, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
        print '    <TD align="right">Date:</TD>'
        print '    <TD align="left">'
        sendHtmlFormVar( formPolicyDate, 'class="full"' )
        print '    </TD>'
        print '  </TR>'
        print '  <TR>'
+       print '    <TD align="right">NameSpace URL:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyNSUrl, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
        print '    <TD align="right">Primary Policy:</TD>'
        print '    <TD align="left">'
        sendHtmlFormVar( formPolicyOrder )
@@ -983,76 +1434,397 @@ def sendPChWallHtml( ):
 
        print '</TABLE>'
 
-def checkXmlData( ):
-       global xmlIncomplete
-
-       # Validate the Policy Header requirements
-       if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
-               if ( len( formPolicyName[1] ) == 0 ) or ( len( 
formPolicyDate[1] ) == 0 ):
-                       msg = ''
-                       msg = msg + 'The XML policy schema requires that the 
Policy '
-                       msg = msg + 'Information Name and Date fields both have 
values '
-                       msg = msg + 'or both not have values.'
-                       formatXmlGenError( msg )
-
-       if formPolicyOrder[1] == 'v_ChWall':
-               if len( formChWallTypes[1] ) == 0:
-                       msg = ''
-                       msg = msg + 'You have specified the primary policy to 
be '
-                       msg = msg + 'Chinese Wall but have not created any 
Chinese '
-                       msg = msg + 'Wall types.  Please create some Chinese 
Wall '
-                       msg = msg + 'types or change the primary policy.'
-                       formatXmlGenError( msg )
-
-       if formPolicyOrder[1] == 'v_Ste':
-               if len( formSteTypes[1] ) == 0:
-                       msg = ''
-                       msg = msg + 'You have specified the primary policy to 
be '
-                       msg = msg + 'Simple Type Enforcement but have not 
created '
-                       msg = msg + 'any Simple Type Enforcement types.  Please 
create '
-                       msg = msg + 'some Simple Type Enforcement types or 
change the '
-                       msg = msg + 'primary policy.'
-                       formatXmlGenError( msg )
-
-       # Validate the Chinese Wall required data
-       if len( formChWallTypes[1] ) > 0:
-               if len( formCSNames[1] ) == 0:
-                       msg = ''
-                       msg = msg + 'The XML policy schema for the Chinese Wall 
'
-                       msg = msg + 'requires at least one Conflict Set be 
defined.'
-                       formatXmlGenError( msg )
-
-def sendXmlHeaders( ):
-       # HTML headers
-       print 'Content-Type: text/xml'
-       print 'Content-Disposition: attachment; filename=security_policy.xml'
-       print
-
-def sendPolicyXml( ):
-       print '<?xml version="1.0"?>'
-
-       print '<SecurityPolicyDefinition xmlns="http://www.ibm.com";'
-       print '                          
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";'
-       print '                          xsi:schemaLocation="http://www.ibm.com 
security_policy.xsd">'
-
-       # Policy header
-       sendPHeaderXml( )
-
-       # Policy (types)
-       sendPSteXml( )
-       sendPChWallXml( )
+def sendPLSubHtml( ):
+       global formVmNames, formVmDel, formVmName, formVmAdd
+       global allVmDel, allVmDom0
+       global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd
+       global allVmStes, allVmSteDel, allVmSte, allVmSteAdd
+       global formSteTypes, formChWallTypes
 
-       print '</SecurityPolicyDefinition>'
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="100%">'
+       print '  </COLGROUP>'
+
+       # Virtual Machines...
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="10%">'
+       print '          <COL width="40%">'
+       print '          <COL width="50%">'
+       print '        </COLGROUP>'
+       print '        <TR>'
+       print '          <TD class="heading" align="center" colspan="3">Virtual 
Machine Classes</TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD colspan="2">'
+       sendHtmlFormVar( formVmName, 'class="full"' )
+       sendHtmlFormVar( formVmNames )
+       print '          </TD>'
+       print '          <TD>&nbsp;</TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formVmAdd, 'class="full"' )
+       print '          </TD>'
+       print '          <TD colspan="2">'
+       print '            Create a new VM class with the above name'
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+       if len( formVmNames[1] ) > 0:
+               print '  <TR>'
+               print '    <TD colspan="1">'
+               print '      &nbsp;'
+               print '    </TD>'
+               print '  </TR>'
+               print '  <TR>'
+               print '    <TD>'
+               print '      <TABLE class="fullbox">'
+               print '        <COLGROUP>'
+               print '          <COL width="10%">'
+               print '          <COL width="40%">'
+               print '          <COL width="50%">'
+               print '        </COLGROUP>'
+               print '        <THEAD>'
+               print '          <TR>'
+               print '            <TD class="fullbox">Dom 0?</TD>'
+               print '            <TD class="fullbox">Name</TD>'
+               print '            <TD class="fullbox">Actions</TD>'
+               print '          </TR>'
+               print '        </THEAD>'
+               for i, vmName in enumerate( formVmNames[1] ):
+                       print '        <TR>'
+                       print '          <TD class="fullbox">'
+                       if formVmNameDom0[1] == vmName:
+                               print 'Yes'
+                       else:
+                               print '&nbsp;'
+                       print '          </TD>'
+                       print '          <TD class="fullbox">' + vmName + 
'</TD>'
+                       print '          <TD class="fullbox">'
+                       print '            <A href="#' + vmName + '">Edit</A>'
+                       formVar = allVmDel[vmName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       formVar = allVmDom0[vmName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       print '          </TD>'
+                       print '        </TR>'
+               print '      </TABLE>'
+               print '    </TD>'
+               print '  </TR>'
+               for vmName in formVmNames[1]:
+                       print '  <TR>'
+                       print '    <TD>'
+                       print '      <HR>'
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD>'
+                       print '      <TABLE class="full">'
+                       print '        <COLGROUP>'
+                       print '          <COL width="10%">'
+                       print '          <COL width="39%">'
+                       print '          <COL width="2%">'
+                       print '          <COL width="10%">'
+                       print '          <COL width="39%">'
+                       print '        </COLGROUP>'
+                       print '        <TR>'
+                       print '          <TD colspan="5" align="center" 
class="heading">'
+                       print '            <A name="' + vmName + '">Virtual 
Machine Class: ' + vmName + '</A>'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2" align="center">Simple 
Type Enforcement Types</TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2" align="center">Chinese 
Wall Types</TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2">'
+                       formVar = allVmStes[vmName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2">'
+                       formVar = allVmChWs[vmName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD>'
+                       formVar = allVmSteDel[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Delete the type(s) selected above'
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD>'
+                       formVar = allVmChWDel[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Delete the type(s) selected above'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2">'
+                       stSet = Set( formSteTypes[1] )
+                       vmSet = Set( allVmStes[vmName][1] )
+                       formVar = allVmSte[vmName]
+                       formVar[1] = []
+                       for steType in stSet.difference( vmSet ):
+                               formVar[1].append( steType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2">'
+                       ctSet = Set( formChWallTypes[1] )
+                       vmSet = Set( allVmChWs[vmName][1] )
+                       formVar = allVmChW[vmName]
+                       formVar[1] = []
+                       for chwallType in ctSet.difference( vmSet ):
+                               formVar[1].append( chwallType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD>'
+                       formVar = allVmSteAdd[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Add the type(s) selected above'
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD>'
+                       formVar = allVmChWAdd[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Add the type(s) selected above'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '      </TABLE>'
+                       print '    </TD>'
+                       print '  </TR>'
+
+       print '</TABLE>'
+
+def sendPLObjHtml( ):
+       global formResNames, formResDel, formResName, formResAdd
+       global allResDel
+       global allResStes, allResSteDel, allResSte, allResSteAdd
+       global formSteTypes, formChWallTypes
+
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="100%">'
+       print '  </COLGROUP>'
+
+       # Resources...
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="10%">'
+       print '          <COL width="40%">'
+       print '          <COL width="50%">'
+       print '        </COLGROUP>'
+       print '        <TR>'
+       print '          <TD class="heading" align="center" 
colspan="3">Resource Classes</TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD colspan="2">'
+       sendHtmlFormVar( formResName, 'class="full"' )
+       sendHtmlFormVar( formResNames )
+       print '          </TD>'
+       print '          <TD>&nbsp;</TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formResAdd, 'class="full"' )
+       print '          </TD>'
+       print '          <TD colspan="2">'
+       print '            Create a new Resource class with the above name'
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+       if len( formResNames[1] ) > 0:
+               print '  <TR>'
+               print '    <TD colspan="1">'
+               print '      &nbsp;'
+               print '    </TD>'
+               print '  </TR>'
+               print '  <TR>'
+               print '    <TD>'
+               print '      <TABLE class="fullbox">'
+               print '        <COLGROUP>'
+               print '          <COL width="50%">'
+               print '          <COL width="50%">'
+               print '        </COLGROUP>'
+               print '        <THEAD>'
+               print '          <TR>'
+               print '            <TD class="fullbox">Name</TD>'
+               print '            <TD class="fullbox">Actions</TD>'
+               print '          </TR>'
+               print '        </THEAD>'
+               for i, resName in enumerate( formResNames[1] ):
+                       print '        <TR>'
+                       print '          <TD class="fullbox">' + resName + 
'</TD>'
+                       print '          <TD class="fullbox">'
+                       print '            <A href="#' + resName + '">Edit</A>'
+                       formVar = allResDel[resName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       print '          </TD>'
+                       print '        </TR>'
+               print '      </TABLE>'
+               print '    </TD>'
+               print '  </TR>'
+               for resName in formResNames[1]:
+                       print '  <TR>'
+                       print '    <TD>'
+                       print '      <HR>'
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD>'
+                       print '      <TABLE class="full">'
+                       print '        <COLGROUP>'
+                       print '          <COL width="10%">'
+                       print '          <COL width="90%">'
+                       print '        </COLGROUP>'
+                       print '        <TR>'
+                       print '          <TD colspan="2" align="center" 
class="heading">'
+                       print '            <A name="' + resName + '">Resource 
Class: ' + resName + '</A>'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2" align="center">Simple 
Type Enforcement Types</TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2">'
+                       formVar = allResStes[resName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD>'
+                       formVar = allResSteDel[resName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Delete the type(s) selected above'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2">'
+                       stSet = Set( formSteTypes[1] )
+                       resSet = Set( allResStes[resName][1] )
+                       formVar = allResSte[resName]
+                       formVar[1] = []
+                       for steType in stSet.difference( resSet ):
+                               formVar[1].append( steType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD>'
+                       formVar = allResSteAdd[resName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Add the type(s) selected above'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '      </TABLE>'
+                       print '    </TD>'
+                       print '  </TR>'
+
+       print '</TABLE>'
+
+def checkXmlData( ):
+       global xmlIncomplete
+       global formPolicyName, formPolicyOrder
+       global formChWallTypes, formSteTypes, formCSNames
+
+       # Validate the Policy Header requirements
+       if ( len( formPolicyName[1] ) == 0 ):
+               msg = ''
+               msg = msg + 'The XML policy schema requires that the Policy '
+               msg = msg + 'Information Name field have a value.'
+               formatXmlGenError( msg )
+
+       if formPolicyOrder[1] == 'v_ChWall':
+               if len( formChWallTypes[1] ) == 0:
+                       msg = ''
+                       msg = msg + 'You have specified the primary policy to 
be '
+                       msg = msg + 'Chinese Wall but have not created any 
Chinese '
+                       msg = msg + 'Wall types.  Please create some Chinese 
Wall '
+                       msg = msg + 'types or change the primary policy.'
+                       formatXmlGenError( msg )
+
+       if formPolicyOrder[1] == 'v_Ste':
+               if len( formSteTypes[1] ) == 0:
+                       msg = ''
+                       msg = msg + 'You have specified the primary policy to 
be '
+                       msg = msg + 'Simple Type Enforcement but have not 
created '
+                       msg = msg + 'any Simple Type Enforcement types.  Please 
create '
+                       msg = msg + 'some Simple Type Enforcement types or 
change the '
+                       msg = msg + 'primary policy.'
+                       formatXmlGenError( msg )
+
+def sendXmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/xml'
+       print 'Content-Disposition: attachment; filename=security_policy.xml'
+       print
+
+def sendPolicyXml( ):
+       print '<?xml version="1.0"?>'
+
+       print '<SecurityPolicyDefinition xmlns="http://www.ibm.com";'
+       print '                          
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";'
+       print '                          xsi:schemaLocation="http://www.ibm.com 
security_policy.xsd">'
+
+       # Policy header
+       sendPHeaderXml( )
+
+       # Policy (types)
+       sendPSteXml( )
+       sendPChWallXml( )
+
+       # Policy Labels (subjects and objects)
+       print '<SecurityLabelTemplate>'
+       sendPLSubXml( )
+       sendPLObjXml( )
+       print '</SecurityLabelTemplate>'
+       print '</SecurityPolicyDefinition>'
 
 def sendPHeaderXml( ):
-       global formPolicyName, formPolicyDate
+       global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, 
formPolicyNSUrl
 
        # Policy header definition
-       if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
-               print '<PolicyHeader>'
-               print '  <Name>' + formPolicyName[1] + '</Name>'
+       print '<PolicyHeader>'
+       print '  <PolicyName>' + formPolicyName[1] + '</PolicyName>'
+       if len( formPolicyUrl[1] ) > 0:
+               print '  <PolicyUrl>' + formPolicyUrl[1] + '</PolicyUrl>'
+       if len( formPolicyRef[1] ) > 0:
+               print '  <Reference>' + formPolicyRef[1] + '</Reference>'
+       if len( formPolicyDate[1] ) > 0:
                print '  <Date>' + formPolicyDate[1] + '</Date>'
-               print '</PolicyHeader>'
+       if len( formPolicyNSUrl[1] ) > 0:
+               print '  <NameSpaceUrl>' + formPolicyNSUrl[1] + 
'</NameSpaceUrl>'
+       print '</PolicyHeader>'
 
 def sendPSteXml( ):
        global formPolicyOrder, formSteTypes
@@ -1091,20 +1863,72 @@ def sendPChWallXml( ):
                print '    <Type>' + chWallType + '</Type>'
        print '  </ChineseWallTypes>'
 
-       # Chinese Wall Conflict Sets...
-       print '  <ConflictSets>'
-       for cs in formCSNames[1]:
-               formVar = allCSMTypes[cs]
-               if len( formVar[1] ) == 0:
-                       continue
-               print '    <Conflict name="' + cs + '">'
-               for csm in formVar[1]:
-                       print '      <Type>' + csm + '</Type>'
-               print '    </Conflict>'
-       print '  </ConflictSets>'
+       # Chinese Wall Conflict Sets (if any) ...
+       if len( formCSNames[1] ) > 0:
+               print '  <ConflictSets>'
+               for cs in formCSNames[1]:
+                       formVar = allCSMTypes[cs]
+                       if len( formVar[1] ) == 0:
+                               continue
+                       print '    <Conflict name="' + cs + '">'
+                       for csm in formVar[1]:
+                               print '      <Type>' + csm + '</Type>'
+                       print '    </Conflict>'
+               print '  </ConflictSets>'
 
        print '</ChineseWall>'
 
+def sendPLSubXml( ):
+       global formVmNames, allVmChWs, allVmStes
+
+       # Virtual machines...
+       if len( formVmNames[1] ) == 0:
+               return
+
+       print '  <SubjectLabels bootstrap="' + formVmNameDom0[1] + '">'
+       for vmName in formVmNames[1]:
+               print '    <VirtualMachineLabel>'
+               print '      <Name>' + vmName + '</Name>'
+               formVar = allVmStes[vmName]
+               if len( formVar[1] ) > 0:
+                       print '      <SimpleTypeEnforcementTypes>'
+                       for ste in formVar[1]:
+                               print '      <Type>' + ste + '</Type>'
+                       print '      </SimpleTypeEnforcementTypes>'
+
+               formVar = allVmChWs[vmName]
+               if len( formVar[1] ) > 0:
+                       print '      <ChineseWallTypes>'
+                       for chw in formVar[1]:
+                               print '        <Type>' + chw + '</Type>'
+                       print '      </ChineseWallTypes>'
+
+               print '    </VirtualMachineLabel>'
+
+       print '  </SubjectLabels>'
+
+def sendPLObjXml( ):
+       global formResNames, allResStes
+
+       # Resources...
+       if len( formResNames[1] ) == 0:
+               return
+
+       print '  <ObjectLabels>'
+       for resName in formResNames[1]:
+               print '    <ResourceLabel>'
+               print '      <Name>' + resName + '</Name>'
+               formVar = allResStes[resName]
+               if len( formVar[1] ) > 0:
+                       print '      <SimpleTypeEnforcementTypes>'
+                       for ste in formVar[1]:
+                               print '        <Type>' + ste + '</Type>'
+                       print '      </SimpleTypeEnforcementTypes>'
+
+               print '    </ResourceLabel>'
+
+       print '  </ObjectLabels>'
+
 
 # Set up initial HTML variables
 headTitle = 'Xen Policy Generation'
@@ -1125,6 +1949,20 @@ formPolicyName    = [ 'text',
                        '',
                        '',
                    ]
+formPolicyUrl     = [ 'text',
+                       '',
+                       'h_policyUrl',
+                       'i_policyUrl',
+                       '',
+                       '',
+                       ]
+formPolicyRef    = [ 'text',
+                       '',
+                       'h_policyRef',
+                       'i_policyRef',
+                       '',
+                       '',
+                       ]
 formPolicyDate    = [ 'text',
                        getCurrentTime( ),
                        'h_policyDate',
@@ -1132,6 +1970,13 @@ formPolicyDate    = [ 'text',
                        '',
                        '',
                    ]
+formPolicyNSUrl   = [ 'text',
+                       '',
+                       'h_policyNSUrl',
+                       'i_policyNSUrl',
+                       '',
+                       '',
+                       ]
 formPolicyOrder   = [ 'radiobutton-all',
                        'v_ChWall',
                        'h_policyOrder',
@@ -1289,13 +2134,218 @@ allCSMDel         = {};
 allCSMType        = {};
 allCSMAdd         = {};
 
+formVmNames       = [ '',
+                       [],
+                       'h_vmNames',
+                       '',
+                       '',
+                       '',
+                   ]
+formVmDel         = [ 'button',
+                       '',
+                       '',
+                       'i_vmDel',
+                       'Delete',
+                       '',
+                   ]
+formVmName        = [ 'text',
+                       '',
+                       '',
+                       'i_vmName',
+                       '',
+                       '',
+                   ]
+formVmAdd         = [ 'button',
+                       '',
+                       '',
+                       'i_vmAdd',
+                       'New',
+                       '',
+                   ]
+
+formVmNameDom0    = [ '',
+                       '',
+                       'h_vmDom0',
+                       '',
+                       '',
+                       '',
+                   ]
+
+# This is a set of templates used for each virtual machine
+#   Each virtual machine is initially assigned these templates,
+#   then each form attribute value is changed to append
+#   "_virtual-machine-name" for uniqueness.
+templateVmDel     = [ 'button',
+                       '',
+                       '',
+                       'i_vmDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmDom0    = [ 'button',
+                       '',
+                       '',
+                       'i_vmDom0',
+                       'SetDom0',
+                       '',
+                   ]
+allVmDel          = {};
+allVmDom0         = {};
+
+templateVmChWs    = [ 'list',
+                       [],
+                       'h_vmChWs',
+                       'i_vmChWs',
+                       '',
+                       '',
+                   ]
+templateVmChWDel  = [ 'button',
+                       '',
+                       '',
+                       'i_vmChWDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmChW     = [ 'list',
+                       [],
+                       '',
+                       'i_vmChW',
+                       '',
+                       '',
+                   ]
+templateVmChWAdd  = [ 'button',
+                       '',
+                       '',
+                       'i_vmChWAdd',
+                       'Add',
+                       '',
+                   ]
+allVmChWs         = {};
+allVmChWDel       = {};
+allVmChW          = {};
+allVmChWAdd       = {};
+
+templateVmStes    = [ 'list',
+                       [],
+                       'h_vmStes',
+                       'i_vmStes',
+                       '',
+                       '',
+                   ]
+templateVmSteDel  = [ 'button',
+                       '',
+                       '',
+                       'i_vmSteDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmSte     = [ 'list',
+                       [],
+                       '',
+                       'i_vmSte',
+                       '',
+                       '',
+                   ]
+templateVmSteAdd  = [ 'button',
+                       '',
+                       '',
+                       'i_vmSteAdd',
+                       'Add',
+                       '',
+                   ]
+allVmStes         = {};
+allVmSteDel       = {};
+allVmSte          = {};
+allVmSteAdd       = {};
+
+formResNames      = [ '',
+                       [],
+                       'h_resNames',
+                       '',
+                       '',
+                       '',
+                   ]
+formResDel        = [ 'button',
+                       '',
+                       '',
+                       'i_resDel',
+                       'Delete',
+                       '',
+                   ]
+formResName       = [ 'text',
+                       '',
+                       '',
+                       'i_resName',
+                       '',
+                       '',
+                   ]
+formResAdd        = [ 'button',
+                       '',
+                       '',
+                       'i_resAdd',
+                       'New',
+                       '',
+                   ]
+
+# This is a set of templates used for each resource
+#   Each resource is initially assigned these templates,
+#   then each form attribute value is changed to append
+#   "_resource-name" for uniqueness.
+templateResDel    = [ 'button',
+                       '',
+                       '',
+                       'i_resDel',
+                       'Delete',
+                       '',
+                   ]
+allResDel         = {};
+
+templateResStes   = [ 'list',
+                       [],
+                       'h_resStes',
+                       'i_resStes',
+                       '',
+                       '',
+                   ]
+templateResSteDel = [ 'button',
+                       '',
+                       '',
+                       'i_resSteDel',
+                       'Delete',
+                       '',
+                   ]
+templateResSte    = [ 'list',
+                       [],
+                       '',
+                       'i_resSte',
+                       '',
+                       '',
+                   ]
+templateResSteAdd = [ 'button',
+                       '',
+                       '',
+                       'i_resSteAdd',
+                       'Add',
+                       '',
+                   ]
+allResStes        = {};
+allResSteDel      = {};
+allResSte         = {};
+allResSteAdd      = {};
+
 # A list of all form variables used for saving info across requests
 formVariables     = [ formPolicyName,
+                       formPolicyUrl,
+                       formPolicyRef,
                        formPolicyDate,
+                       formPolicyNSUrl,
                        formPolicyOrder,
                        formSteTypes,
                        formChWallTypes,
                        formCSNames,
+                       formVmNames,
+                       formVmNameDom0,
+                       formResNames,
                    ]
 
 policyXml         = ''
Index: 
xen-unstable.hg-shype/tools/security/python/xensec_gen/cgi-bin/policylabel.cgi
===================================================================
--- 
xen-unstable.hg-shype.orig/tools/security/python/xensec_gen/cgi-bin/policylabel.cgi
+++ /dev/null
@@ -1,1396 +0,0 @@
-#!/usr/bin/python
-#
-# The Initial Developer of the Original Code is International
-# Business Machines Corporation. Portions created by IBM
-# Corporation are Copyright (C) 2005 International Business
-# Machines Corporation. All Rights Reserved.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License,
-# or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-
-import os
-import cgi
-import cgitb; cgitb.enable( )
-import time
-import xml.dom.minidom
-import xml.sax
-import xml.sax.handler
-from StringIO import StringIO
-from sets import Set
-
-def getSavedData( ):
-       global formData, policyXml, policyLabelXml
-       global formVariables, formVmNames
-       global allVmChWs, allVmStes
-
-       # Process the XML upload policy file
-       if formData.has_key( 'i_policy' ):
-               dataList = formData.getlist( 'i_policy' )
-               if len( dataList ) > 0:
-                       policyXml = dataList[0].strip( )
-
-       # The XML upload policy file must be specified at the start
-       if formData.has_key( 'i_policyLabelCreate' ):
-               if policyXml == '':
-                       msg = ''
-                       msg = msg + 'A Policy file was not supplied.  A Policy 
file '
-                       msg = msg + 'must be supplied in order to successfully 
create '
-                       msg = msg + 'a Policy Labeling file.'
-                       formatXmlError( msg )
-
-       # Process the XML upload policy label file
-       if formData.has_key( 'i_policyLabel' ):
-               dataList = formData.getlist( 'i_policyLabel' )
-               if len( dataList ) > 0:
-                       policyLabelXml = dataList[0].strip( )
-
-       # Process all the hidden input variables (if present)
-       for formVar in formVariables:
-               if formVar[2] == '':
-                       continue
-
-               if formData.has_key( formVar[2] ):
-                       dataList = formData.getlist( formVar[2] )
-                       if len( dataList ) > 0:
-                               if isinstance( formVar[1], list ):
-                                       exec 'formVar[1] = ' + dataList[0]
-                               else:
-                                       formVar[1] = dataList[0]
-
-       # The form can contain any number of "Virtual Machines"
-       #   so update the list of form variables to include
-       #   each virtual machine (hidden input variable)
-       for vmName in formVmNames[1]:
-               newVm( vmName )
-
-               vmFormVar = allVmChWs[vmName]
-               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
-                       dataList = formData.getlist( vmFormVar[2] )
-                       if len( dataList ) > 0:
-                               if isinstance( vmFormVar[1], list ):
-                                       exec 'vmFormVar[1] = ' + dataList[0]
-                               else:
-                                       vmFormVar[1] = dataList[0]
-
-               vmFormVar = allVmStes[vmName]
-               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
-                       dataList = formData.getlist( vmFormVar[2] )
-                       if len( dataList ) > 0:
-                               if isinstance( vmFormVar[1], list ):
-                                       exec 'vmFormVar[1] = ' + dataList[0]
-                               else:
-                                       vmFormVar[1] = dataList[0]
-
-def getCurrentTime( ):
-       return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
-
-def getName( domNode ):
-       nameNodes = domNode.getElementsByTagName( 'Name' )
-       if len( nameNodes ) == 0:
-               formatXmlError( '"<Name>" tag is missing' )
-               return None
-
-       name = ''
-       for childNode in nameNodes[0].childNodes:
-               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
-                       name = name + childNode.data
-
-       return name
-
-def getDate( domNode ):
-       dateNodes = domNode.getElementsByTagName( 'Date' )
-       if len( dateNodes ) == 0:
-               formatXmlError( '"<Date>" tag is missing' )
-               return None
-
-       date = ''
-       for childNode in dateNodes[0].childNodes:
-               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
-                       date = date + childNode.data
-
-       return date
-
-def getDefUrl( domNode ):
-       domNodes = domNode.getElementsByTagName( 'PolicyName' )
-       if len( domNodes ) == 0:
-               formatXmlError( '"<PolicyName>" tag is missing' )
-               return None
-
-       urlNodes = domNode.getElementsByTagName( 'Url' )
-       if len( urlNodes ) == 0:
-               formatXmlError( '"<Url>" tag is missing' )
-               return None
-
-       url = ''
-       for childNode in urlNodes[0].childNodes:
-               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
-                       url = url + childNode.data
-
-       return url
-
-def getDefRef( domNode ):
-       domNodes = domNode.getElementsByTagName( 'PolicyName' )
-       if len( domNodes ) == 0:
-               formatXmlError( '"<PolicyName>" tag is missing' )
-               return None
-
-       refNodes = domNode.getElementsByTagName( 'Reference' )
-       if len( refNodes ) == 0:
-               formatXmlError( '"<Reference>" tag is missing' )
-               return None
-
-       ref = ''
-       for childNode in refNodes[0].childNodes:
-               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
-                       ref = ref + childNode.data
-
-       return ref
-
-def getSteTypes( domNode, missingIsError = 0 ):
-       steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
-       if len( steNodes ) == 0:
-               if missingIsError == 1:
-                       formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is 
missing' )
-                       return None
-               else:
-                       return []
-
-       return getTypes( steNodes[0] )
-
-def getChWTypes( domNode, missingIsError = 0 ):
-       chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
-       if len( chwNodes ) == 0:
-               if missingIsError == 1:
-                       formatXmlError( '"<ChineseWallTypes>" tag is missing' )
-                       return None
-               else:
-                       return []
-
-       return getTypes( chwNodes[0] )
-
-def getTypes( domNode ):
-       types = []
-
-       domNodes = domNode.getElementsByTagName( 'Type' )
-       if len( domNodes ) == 0:
-               formatXmlError( '"<Type>" tag is missing' )
-               return None
-
-       for domNode in domNodes:
-               typeText = ''
-               for childNode in domNode.childNodes:
-                       if childNode.nodeType == xml.dom.Node.TEXT_NODE:
-                               typeText = typeText + childNode.data
-
-               if typeText == '':
-                       formatXmlError( 'No text associated with the "<Type>" 
tag' )
-                       return None
-
-               types.append( typeText )
-
-       return types
-
-def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
-       global xmlMessages, xmlError
-
-       xmlError = 1
-       addMsg = cgi.escape( msg )
-
-       if lineNum != -1:
-               sio = StringIO( xml )
-               for xmlLine in sio:
-                       lineNum = lineNum - 1
-                       if lineNum == 0:
-                               break;
-
-               addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )
-
-               if colNum != -1:
-                       errLine = ''
-                       for i in range( colNum ):
-                               errLine = errLine + '-'
-
-                       addMsg += '\n' + errLine + '^'
-
-               addMsg += '</PRE>'
-
-       xmlMessages.append( addMsg )
-
-def formatXmlGenError( msg ):
-       global xmlMessages, xmlIncomplete
-
-       xmlIncomplete = 1
-       xmlMessages.append( cgi.escape( msg ) )
-
-def parseXml( xmlInput ):
-       global xmlMessages, xmlError, xmlLine, xmlColumn
-
-       xmlParser  = xml.sax.make_parser( )
-       try:
-               domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
-
-       except xml.sax.SAXParseException, xmlErr:
-               msg = ''
-               msg = msg + 'XML parsing error occurred at line '
-               msg = msg + `xmlErr.getLineNumber( )`
-               msg = msg + ', column '
-               msg = msg + `xmlErr.getColumnNumber( )`
-               msg = msg + ': reason = "'
-               msg = msg + xmlErr.getMessage( )
-               msg = msg + '"'
-               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
-               return None
-
-       except xml.sax.SAXException, xmlErr:
-               msg = ''
-               msg = msg + 'XML Parsing error: ' + `xmlErr`
-               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
-               return None
-
-       return domDoc
-
-def parsePolicyXml( ):
-       global policyXml
-       global formSteTypes, formChWallTypes
-
-       domDoc = parseXml( policyXml )
-       if domDoc == None:
-               return
-
-       domRoot  = domDoc.documentElement
-       domNodes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
-       if len( domNodes ) > 0:
-               steTypes = getSteTypes( domNodes[0], 1 )
-               if steTypes == None:
-                       msg = ''
-                       msg = msg + 'Error processing the SimpleTypeEnforcement 
types.\n'
-                       msg = msg + 'Please validate the Policy Definition file 
used.'
-                       formatXmlError( msg )
-                       return
-
-               formSteTypes[1] = steTypes
-
-       domNodes = domRoot.getElementsByTagName( 'ChineseWall' )
-       if len( domNodes ) > 0:
-               chwTypes = getChWTypes( domNodes[0], 1 )
-               if chwTypes == None:
-                       msg = ''
-                       msg = msg + 'Error processing the ChineseWall types.\n'
-                       msg = msg + 'Please validate the Policy Definition file 
used.'
-                       formatXmlError( msg )
-                       return
-
-               formChWallTypes[1] = chwTypes
-
-def parsePolicyLabelXml( ):
-       global policyLabelXml
-
-       domDoc = parseXml( policyLabelXml )
-       if domDoc == None:
-               return
-
-       domRoot     = domDoc.documentElement
-       domHeaders = domRoot.getElementsByTagName( 'LabelHeader' )
-       if len( domHeaders ) == 0:
-               msg = ''
-               msg = msg + '"<LabelHeader>" tag is missing.\n'
-               msg = msg + 'Please validate the Policy Labeling file used.'
-               formatXmlError( msg )
-               return
-
-       pName = getName( domHeaders[0] )
-       if pName == None:
-               msg = ''
-               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
-               msg = msg + 'Please validate the Policy Labeling file used.'
-               formatXmlError( msg )
-               return
-
-       formPolicyLabelName[1] = pName
-
-       pDate = getDate( domHeaders[0] )
-       if pDate == None:
-               msg = ''
-               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
-               msg = msg + 'Please validate the Policy Labeling file used.'
-               formatXmlError( msg )
-               return
-
-       formPolicyLabelDate[1] = pDate
-
-       pUrl = getDefUrl( domHeaders[0] )
-       if pUrl == None:
-               msg = ''
-               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
-               msg = msg + 'Please validate the Policy Labeling file used.'
-               formatXmlError( msg )
-               return
-
-       formPolicyUrl[1] = pUrl
-
-       pRef = getDefRef( domHeaders[0] )
-       if pRef == None:
-               msg = ''
-               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
-               msg = msg + 'Please validate the Policy Labeling file used.'
-               formatXmlError( msg )
-               return
-
-       formPolicyRef[1] = pRef
-
-       domSubjects = domRoot.getElementsByTagName( 'SubjectLabels' )
-       if len( domSubjects ) > 0:
-               formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' )
-               domNodes = domSubjects[0].getElementsByTagName( 
'VirtualMachineLabel' )
-               for domNode in domNodes:
-                       vmName = getName( domNode )
-                       if vmName == None:
-                               msg = ''
-                               msg = msg + 'Error processing the 
VirtualMachineLabel name.\n'
-                               msg = msg + 'Please validate the Policy 
Labeling file used.'
-                               formatXmlError( msg )
-                               continue
-
-                       steTypes = getSteTypes( domNode )
-                       if steTypes == None:
-                               msg = ''
-                               msg = msg + 'Error processing the 
SimpleTypeEnforcement types.\n'
-                               msg = msg + 'Please validate the Policy 
Labeling file used.'
-                               formatXmlError( msg )
-                               return
-
-                       chwTypes = getChWTypes( domNode )
-                       if chwTypes == None:
-                               msg = ''
-                               msg = msg + 'Error processing the ChineseWall 
types.\n'
-                               msg = msg + 'Please validate the Policy 
Labeling file used.'
-                               formatXmlError( msg )
-                               return
-
-                       newVm( vmName, 1 )
-                       allVmStes[vmName][1] = steTypes
-                       allVmChWs[vmName][1] = chwTypes
-
-def removeDups( curList ):
-       newList = []
-       curSet  = Set( curList )
-       for x in curSet:
-               newList.append( x )
-       newList.sort( )
-
-       return newList
-
-def newVm( vmName, addToList = 0 ):
-       global formVmNames
-       global templateVmDel, allVmDel, templateVmDom0, allVmDom0
-       global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd
-       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
-       global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd
-       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
-
-       # Make sure we have an actual name and check one of the 'all'
-       # variables to be sure it hasn't been previously defined
-       if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )):
-               vmSuffix = '_' + vmName
-               allVmDom0[vmName]   = modFormTemplate( templateVmDom0,   
vmSuffix )
-               allVmDel[vmName]    = modFormTemplate( templateVmDel,    
vmSuffix )
-               allVmChWs[vmName]   = modFormTemplate( templateVmChWs,   
vmSuffix )
-               allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, 
vmSuffix )
-               allVmChW[vmName]    = modFormTemplate( templateVmChW,    
vmSuffix )
-               allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, 
vmSuffix )
-               allVmStes[vmName]   = modFormTemplate( templateVmStes,   
vmSuffix )
-               allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, 
vmSuffix )
-               allVmSte[vmName]    = modFormTemplate( templateVmSte,    
vmSuffix )
-               allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, 
vmSuffix )
-               if addToList == 1:
-                       formVmNames[1].append( vmName )
-                       formVmNames[1] = removeDups( formVmNames[1] )
-
-def updateInfo( ):
-       global formData, formPolicyLabelName, formPolicyLabelDate
-       global formPolicyUrl, formPolicyRef
-
-       if formData.has_key( formPolicyLabelName[3] ):
-               formPolicyLabelName[1] = formData[formPolicyLabelName[3]].value
-       elif formData.has_key( formPolicyLabelUpdate[3] ):
-               formPolicyLabelName[1] = ''
-
-       if formData.has_key( formPolicyLabelDate[3] ):
-               formPolicyLabelDate[1] = formData[formPolicyLabelDate[3]].value
-       elif formData.has_key( formPolicyLabelUpdate[3] ):
-               formPolicyLabelDate[1] = ''
-
-       if formData.has_key( formPolicyUrl[3] ):
-               formPolicyUrl[1] = formData[formPolicyUrl[3]].value
-       elif formData.has_key( formPolicyLabelUpdate[3] ):
-               formPolicyUrl[1] = ''
-
-       if formData.has_key( formPolicyRef[3] ):
-               formPolicyRef[1] = formData[formPolicyRef[3]].value
-       elif formData.has_key( formPolicyLabelUpdate[3] ):
-               formPolicyRef[1] = ''
-
-def addVm( ):
-       global formData, fromVmName, formVmNames, formVmNameDom0
-
-       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formVmAdd[3] )):
-               if formData.has_key( formVmName[3] ):
-                       vmName = formData[formVmName[3]].value
-                       vmName = vmName.strip( )
-                       newVm( vmName, 1 )
-                       if formVmNameDom0[1] == '':
-                               formVmNameDom0[1] = vmName
-
-def delVm( vmName ):
-       global formVmNames, formVmNameDom0
-       global allVmDel, allVmDom0
-       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
-       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
-
-       vmName = vmName.strip( )
-       formVmNames[1].remove( vmName )
-       del allVmDom0[vmName]
-       del allVmDel[vmName]
-       del allVmChWs[vmName]
-       del allVmChWDel[vmName]
-       del allVmChW[vmName]
-       del allVmChWAdd[vmName]
-       del allVmStes[vmName]
-       del allVmSteDel[vmName]
-       del allVmSte[vmName]
-       del allVmSteAdd[vmName]
-
-       if formVmNameDom0[1] == vmName:
-               if len( formVmNames[1] ) > 0:
-                       formVmNameDom0[1] = formVmNames[1][0]
-               else:
-                       formVmNameDom0[1] = ''
-
-def makeVmDom0( vmName ):
-       global formVmNameDom0
-
-       vmName = vmName.strip( )
-       formVmNameDom0[1] = vmName
-
-def addVmChW( chwName ):
-       global formData, allVmChW, allVmChWs
-
-       formVar = allVmChW[chwName]
-       if formData.has_key( formVar[3] ):
-               chwList = formData.getlist( formVar[3] )
-               formVar = allVmChWs[chwName]
-               for chw in chwList:
-                       chw = chw.strip( )
-                       formVar[1].append( chw )
-                       formVar[1] = removeDups( formVar[1] )
-
-def delVmChW( chwName ):
-       global formData, allVmChWs
-
-       formVar = allVmChWs[chwName]
-       if formData.has_key( formVar[3] ):
-               chwList = formData.getlist( formVar[3] )
-               for chw in chwList:
-                       chw = chw.strip( )
-                       formVar[1].remove( chw )
-
-def addVmSte( steName ):
-       global formData, allVmSte, allVmStes
-
-       formVar = allVmSte[steName]
-       if formData.has_key( formVar[3] ):
-               steList = formData.getlist( formVar[3] )
-               formVar = allVmStes[steName]
-               for ste in steList:
-                       ste = ste.strip( )
-                       formVar[1].append( ste )
-                       formVar[1] = removeDups( formVar[1] )
-
-def delVmSte( steName ):
-       global formData, allVmStes
-
-       formVar = allVmStes[steName]
-       if formData.has_key( formVar[3] ):
-               steList = formData.getlist( formVar[3] )
-               for ste in steList:
-                       ste = ste.strip( )
-                       formVar[1].remove( ste )
-
-def processRequest( ):
-       global formData, policyXml, policyLabelXml, formPolicyLabelUpdate
-       global formVmAdd
-       global formVmNames, allVmDel, allVmDom0
-       global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel
-
-       if policyXml != '':
-               parsePolicyXml( )
-
-       if policyLabelXml != '':
-               parsePolicyLabelXml( )
-
-       # Allow the updating of the header information whenever
-       # an action is performed
-       updateInfo( )
-
-       # Allow the adding of labels if the user has hit the
-       # enter key when attempting to add a type/set
-       addVm( )
-
-       for vmName in formVmNames[1]:
-               if formData.has_key( allVmDel[vmName][3] ):
-                       delVm( vmName )
-                       continue
-
-               if formData.has_key( allVmDom0[vmName][3] ):
-                       makeVmDom0( vmName )
-
-               if formData.has_key( allVmChWAdd[vmName][3] ):
-                       addVmChW( vmName )
-
-               elif formData.has_key( allVmChWDel[vmName][3] ):
-                       delVmChW( vmName )
-
-               elif formData.has_key( allVmSteAdd[vmName][3] ):
-                       addVmSte( vmName )
-
-               elif formData.has_key( allVmSteDel[vmName][3] ):
-                       delVmSte( vmName )
-
-def modFormTemplate( formTemplate, suffix ):
-       formVar = [x for x in formTemplate]
-
-       if formVar[2] != '':
-               formVar[2] = formVar[2] + suffix
-       if formVar[3] != '':
-               formVar[3] = formVar[3] + suffix
-       if (formVar[0] != 'button') and (formVar[4] != ''):
-               formVar[4] = formVar[4] + suffix
-
-       return formVar;
-
-def makeName( name, suffix='' ):
-       rName = name
-       if suffix != '':
-               rName = rName + '_' + suffix
-
-       return rName
-
-def makeNameAttr( name, suffix='' ):
-       return 'name="' + makeName( name, suffix ) + '"'
-
-def makeValue( value, suffix='' ):
-       rValue = value
-
-       if isinstance( value, list ):
-               rValue = '['
-               for val in value:
-                       rValue = rValue + '\'' + val
-                       if suffix != '':
-                               rValue = rValue + '_' + suffix
-                       rValue = rValue + '\','
-               rValue = rValue + ']'
-
-       else:
-               if suffix != '':
-                       rValue = rValue + '_' + suffix
-
-       return rValue
-
-def makeValueAttr( value, suffix='' ):
-       return 'value="' + makeValue( value, suffix ) + '"'
-
-def sendHtmlFormVar( formVar, attrs='', rb_select=0 ):
-       nameAttr  = ''
-       valueAttr = ''
-       htmlText  = ''
-
-       if formVar[0] == 'text':
-               if formVar[3] != '':
-                       nameAttr = makeNameAttr( formVar[3] )
-               valueAttr = makeValueAttr( formVar[1] )
-
-               print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>'
-
-       elif formVar[0] == 'list':
-               if formVar[3] != '':
-                       nameAttr = makeNameAttr( formVar[3] )
-
-               print '<SELECT', nameAttr, attrs, '>'
-               for option in formVar[1]:
-                       print '<OPTION>' + option + '</OPTION>'
-               print '</SELECT>'
-
-       elif formVar[0] == 'button':
-               if formVar[3] != '':
-                       nameAttr = makeNameAttr( formVar[3] )
-               if formVar[4] != '':
-                       valueAttr = makeValueAttr( formVar[4] )
-
-               print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>'
-
-       elif formVar[0] == 'radiobutton':
-               if formVar[3] != '':
-                       nameAttr  = makeNameAttr( formVar[3] )
-                       valueAttr = makeValueAttr( formVar[4][rb_select] )
-                       htmlText  = formVar[5][rb_select]
-                       if formVar[4][rb_select] == formVar[1]:
-                               checked = 'checked'
-                       else:
-                               checked = ''
-
-                       print '<INPUT type="radio"', nameAttr, valueAttr, 
attrs, checked, '>', htmlText
-
-       elif formVar[0] == 'radiobutton-all':
-               if formVar[3] != '':
-                       nameAttr = makeNameAttr( formVar[3] )
-                       buttonVals  = formVar[4]
-                       for i, buttonVal in enumerate( buttonVals ):
-                               htmlText = ''
-                               addAttrs = ''
-                               checked  = ''
-
-                               valueAttr = makeValueAttr( buttonVal )
-                               if formVar[5] != '':
-                                       htmlText = formVar[5][i]
-                               if attrs != '':
-                                       addAttrs = attrs[i]
-                               if buttonVal == formVar[1]:
-                                       checked = 'checked'
-
-                               print '<INPUT type="radio"', nameAttr, 
valueAttr, addAttrs, checked, '>', htmlText
-
-       if ( formVar[2] != '' ) and ( rb_select == 0 ):
-               nameAttr = makeNameAttr( formVar[2] )
-               valueAttr = makeValueAttr( formVar[1] )
-               print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
-
-def sendHtmlHeaders( ):
-       # HTML headers
-       print 'Content-Type: text/html'
-       print
-
-def sendPolicyLabelHtml( ):
-       global xmlError, xmlIncomplete, xmlMessages, formXmlGen
-       global formVmNameDom0, formSteTypes, formChWallTypes
-
-       print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
-       print '  "http://www.w3.org/TR/html4/loose.dtd";>'
-
-       print '<HTML>'
-
-       sendHtmlHead( )
-
-       print '<BODY>'
-
-       # An input XML file was specified that had errors, output the
-       # error information
-       if xmlError == 1:
-               print '<P>'
-               print 'An error has been encountered while processing the input'
-               print 'XML file:'
-               print '<UL>'
-               for msg in xmlMessages:
-                       print '<LI>'
-                       print msg
-               print '</UL>'
-               print '</BODY>'
-               print '</HTML>'
-               return
-
-       # When attempting to generate the XML output, all required data was not
-       # present, output the error information
-       if xmlIncomplete == 1:
-               print '<P>'
-               print 'An error has been encountered while validating the data'
-               print 'required for the output XML file:'
-               print '<UL>'
-               for msg in xmlMessages:
-                       print '<LI>'
-                       print msg
-               print '</UL>'
-               print '</BODY>'
-               print '</HTML>'
-               return
-
-       print '<CENTER>'
-       print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">'
-       print '<TABLE class="container">'
-       print '  <COLGROUP>'
-       print '    <COL width="100%">'
-       print '  </COLGROUP>'
-
-       print '  <TR>'
-       print '    <TD>'
-       sendHtmlFormVar( formDefaultButton, 'class="hidden"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD>'
-       sendHtmlFormVar( formXmlGen )
-       print '    </TD>'
-       print '  </TR>'
-
-       # Policy Labeling header
-       print '  <TR>'
-       print '    <TD>'
-       sendPLHeaderHtml( )
-       print '    </TD>'
-       print '  </TR>'
-
-       # Separator
-       print '  <TR>'
-       print '    <TD>'
-       print '      <HR>'
-       print '    </TD>'
-       print '  </TR>'
-
-       # Policy Labels (vms)
-       print '  <TR>'
-       print '    <TD>'
-       print '      <TABLE class="full">'
-       print '        <TR>'
-       print '          <TD width="100%">'
-       sendPLSubHtml( )
-       print '          </TD>'
-       print '        </TR>'
-       print '      </TABLE>'
-       print '    </TD>'
-       print '  </TR>'
-
-       print '</TABLE>'
-
-       # Send some data that needs to be available across sessions
-       sendHtmlFormVar( formVmNameDom0 )
-       sendHtmlFormVar( formSteTypes )
-       sendHtmlFormVar( formChWallTypes )
-
-       print '</FORM>'
-       print '</CENTER>'
-
-       print '</BODY>'
-
-       print '</HTML>'
-
-def sendHtmlHead( ):
-       global headTitle
-
-       print '<HEAD>'
-       print '<STYLE type="text/css">'
-       print '<!--'
-       print 'BODY            {background-color: #EEEEFF;}'
-       print 'TABLE.container {width:  90%; border: 1px solid black; 
border-collapse: seperate;}'
-       print 'TABLE.full      {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
-       print 'TABLE.fullbox   {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
-       print 'THEAD           {font-weight: bold; font-size: larger;}'
-       print 'TD              {border: 0px solid black; vertical-align: top;}'
-       print 'TD.heading      {border: 0px solid black; vertical-align: top; 
font-weight: bold; font-size: larger;}'
-       print 'TD.subheading   {border: 0px solid black; vertical-align: top; 
font-size: smaller;}'
-       print 'TD.fullbox      {border: 1px solid black; vertical-align: top;}'
-       print 'SELECT.full     {width: 100%;}'
-       print 'INPUT.full      {width: 100%;}'
-       print 'INPUT.link      {cursor: pointer; background-color: #EEEEFF; 
border: 0px; text-decoration: underline; color: blue;}'
-       print 'INPUT.hidden    {visibility: hidden; width: 1px; height: 1px;}'
-       print ':link           {color: blue;}'
-       print ':visited        {color: red;}'
-       print '-->'
-       print '</STYLE>'
-       print '<TITLE>', headTitle, '</TITLE>'
-       print '</HEAD>'
-
-def sendPLHeaderHtml( ):
-       global formPolicyLabelName, formPolicyLabelDate
-       global formPolicyUrl, formPolicyRef
-       global formPolicyLabelUpdate
-
-       # Policy Labeling header definition
-       print '<TABLE class="full">'
-       print '  <COLGROUP>'
-       print '    <COL width="20%">'
-       print '    <COL width="80%">'
-       print '  </COLGROUP>'
-       print '  <TR>'
-       print '    <TD class="heading" align="center" colspan="2">Policy 
Labeling Information</TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="right">Name:</TD>'
-       print '    <TD align="left">'
-       sendHtmlFormVar( formPolicyLabelName, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="right">Date:</TD>'
-       print '    <TD align="left">'
-       sendHtmlFormVar( formPolicyLabelDate, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="right">Policy URL:</TD>'
-       print '    <TD align="left">'
-       sendHtmlFormVar( formPolicyUrl, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="right">Policy Reference:</TD>'
-       print '    <TD align="left">'
-       sendHtmlFormVar( formPolicyRef, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="center" colspan="2">'
-       sendHtmlFormVar( formPolicyLabelUpdate )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="center" colspan="2" class="subheading">'
-       print '      (The Policy Labeling Information is updated whenever an 
action is performed'
-       print '       or it can be updated separately using the "Update" 
button)'
-       print '    </TD>'
-       print '  </TR>'
-       print '</TABLE>'
-
-def sendPLSubHtml( ):
-       global formVmNames, formVmDel, formVmName, formVmAdd
-       global allVmDel, allVmDom0
-       global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd
-       global allVmStes, allVmSteDel, allVmSte, allVmSteAdd
-       global formSteTypes, formChWallTypes
-
-       print '<TABLE class="full">'
-       print '  <COLGROUP>'
-       print '    <COL width="100%">'
-       print '  </COLGROUP>'
-
-       # Virtual Machines...
-       print '  <TR>'
-       print '    <TD>'
-       print '      <TABLE class="full">'
-       print '        <COLGROUP>'
-       print '          <COL width="10%">'
-       print '          <COL width="40%">'
-       print '          <COL width="50%">'
-       print '        </COLGROUP>'
-       print '        <TR>'
-       print '          <TD class="heading" align="center" colspan="3">Virtual 
Machine Classes</TD>'
-       print '        </TR>'
-       print '        <TR>'
-       print '          <TD colspan="2">'
-       sendHtmlFormVar( formVmName, 'class="full"' )
-       sendHtmlFormVar( formVmNames )
-       print '          </TD>'
-       print '          <TD>&nbsp;</TD>'
-       print '        </TR>'
-       print '        <TR>'
-       print '          <TD>'
-       sendHtmlFormVar( formVmAdd, 'class="full"' )
-       print '          </TD>'
-       print '          <TD colspan="2">'
-       print '            Create a new VM class with the above name'
-       print '          </TD>'
-       print '        </TR>'
-       print '      </TABLE>'
-       print '    </TD>'
-       print '  </TR>'
-       if len( formVmNames[1] ) > 0:
-               print '  <TR>'
-               print '    <TD colspan="1">'
-               print '      &nbsp;'
-               print '    </TD>'
-               print '  </TR>'
-               print '  <TR>'
-               print '    <TD>'
-               print '      <TABLE class="fullbox">'
-               print '        <COLGROUP>'
-               print '          <COL width="10%">'
-               print '          <COL width="40%">'
-               print '          <COL width="50%">'
-               print '        </COLGROUP>'
-               print '        <THEAD>'
-               print '          <TR>'
-               print '            <TD class="fullbox">Dom 0?</TD>'
-               print '            <TD class="fullbox">Name</TD>'
-               print '            <TD class="fullbox">Actions</TD>'
-               print '          </TR>'
-               print '        </THEAD>'
-               for i, vmName in enumerate( formVmNames[1] ):
-                       print '        <TR>'
-                       print '          <TD class="fullbox">'
-                       if formVmNameDom0[1] == vmName:
-                               print 'Yes'
-                       else:
-                               print '&nbsp;'
-                       print '          </TD>'
-                       print '          <TD class="fullbox">' + vmName + 
'</TD>'
-                       print '          <TD class="fullbox">'
-                       print '            <A href="#' + vmName + '">Edit</A>'
-                       formVar = allVmDel[vmName]
-                       sendHtmlFormVar( formVar, 'class="link"' )
-                       formVar = allVmDom0[vmName]
-                       sendHtmlFormVar( formVar, 'class="link"' )
-                       print '          </TD>'
-                       print '        </TR>'
-               print '      </TABLE>'
-               print '    </TD>'
-               print '  </TR>'
-               for vmName in formVmNames[1]:
-                       print '  <TR>'
-                       print '    <TD>'
-                       print '      <HR>'
-                       print '    </TD>'
-                       print '  </TR>'
-                       print '  <TR>'
-                       print '    <TD>'
-                       print '      <TABLE class="full">'
-                       print '        <COLGROUP>'
-                       print '          <COL width="10%">'
-                       print '          <COL width="39%">'
-                       print '          <COL width="2%">'
-                       print '          <COL width="10%">'
-                       print '          <COL width="39%">'
-                       print '        </COLGROUP>'
-                       print '        <TR>'
-                       print '          <TD colspan="5" align="center" 
class="heading">'
-                       print '            <A name="' + vmName + '">Virtual 
Machine Class: ' + vmName + '</A>'
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD colspan="2" align="center">Simple 
Type Enforcement Types</TD>'
-                       print '          <TD>&nbsp;</TD>'
-                       print '          <TD colspan="2" align="center">Chinese 
Wall Types</TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD colspan="2">'
-                       formVar = allVmStes[vmName];
-                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
-                       print '          </TD>'
-                       print '          <TD>&nbsp;</TD>'
-                       print '          <TD colspan="2">'
-                       formVar = allVmChWs[vmName];
-                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD>'
-                       formVar = allVmSteDel[vmName];
-                       sendHtmlFormVar( formVar, 'class="full"' )
-                       print '          </TD>'
-                       print '          <TD>'
-                       print '            Delete the type(s) selected above'
-                       print '          </TD>'
-                       print '          <TD>&nbsp;</TD>'
-                       print '          <TD>'
-                       formVar = allVmChWDel[vmName];
-                       sendHtmlFormVar( formVar, 'class="full"' )
-                       print '          </TD>'
-                       print '          <TD>'
-                       print '            Delete the type(s) selected above'
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD colspan="2">'
-                       stSet = Set( formSteTypes[1] )
-                       vmSet = Set( allVmStes[vmName][1] )
-                       formVar = allVmSte[vmName]
-                       formVar[1] = []
-                       for steType in stSet.difference( vmSet ):
-                               formVar[1].append( steType )
-                       formVar[1].sort( )
-                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
-                       print '          </TD>'
-                       print '          <TD>&nbsp;</TD>'
-                       print '          <TD colspan="2">'
-                       ctSet = Set( formChWallTypes[1] )
-                       vmSet = Set( allVmChWs[vmName][1] )
-                       formVar = allVmChW[vmName]
-                       formVar[1] = []
-                       for chwallType in ctSet.difference( vmSet ):
-                               formVar[1].append( chwallType )
-                       formVar[1].sort( )
-                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD>'
-                       formVar = allVmSteAdd[vmName];
-                       sendHtmlFormVar( formVar, 'class="full"' )
-                       print '          </TD>'
-                       print '          <TD>'
-                       print '            Add the type(s) selected above'
-                       print '          </TD>'
-                       print '          <TD>&nbsp;</TD>'
-                       print '          <TD>'
-                       formVar = allVmChWAdd[vmName];
-                       sendHtmlFormVar( formVar, 'class="full"' )
-                       print '          </TD>'
-                       print '          <TD>'
-                       print '            Add the type(s) selected above'
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '      </TABLE>'
-                       print '    </TD>'
-                       print '  </TR>'
-
-       print '</TABLE>'
-
-def sendPLObjHtml( ):
-
-       # Resources...
-       print '<TABLE class="full">'
-       print '  <COLGROUP>'
-       print '    <COL width="60%">'
-       print '    <COL width="20%">'
-       print '    <COL width="20%">'
-       print '  </COLGROUP>'
-
-       print '  <TR>'
-       print '    <TD align="center" colspan="3" 
class="heading">Resources</TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD colspan="2">'
-       #sendHtmlFormVar( formVmNames, 'class="full" size="4" multiple"' )
-       print '    </TD>'
-       print '    <TD>'
-       #sendHtmlFormVar( formVmDel, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD colspan="2">'
-       #sendHtmlFormVar( formVmName, 'class="full"' )
-       print '    </TD>'
-       print '    <TD>'
-       #sendHtmlFormVar( formVmAdd, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '</TABLE>'
-
-def checkXmlData( ):
-       global xmlIncomplete
-
-       # Validate the Policy Label Header requirements
-       if ( len( formPolicyLabelName[1] ) == 0 ) or \
-          ( len( formPolicyLabelDate[1] ) == 0 ) or \
-          ( len( formPolicyUrl[1] ) == 0 ) or \
-          ( len( formPolicyRef[1] ) == 0 ):
-                       msg = ''
-                       msg = msg + 'The XML policy label schema requires that 
the Policy '
-                       msg = msg + 'Labeling Information Name, Date, Policy 
URL and '
-                       msg = msg + 'Policy Reference fields all have values.'
-                       formatXmlGenError( msg )
-
-def sendXmlHeaders( ):
-       # HTML headers
-       print 'Content-Type: text/xml'
-       print 'Content-Disposition: attachment; 
filename=security_label_template.xml'
-       print
-
-def sendPolicyLabelXml( ):
-       print '<?xml version="1.0"?>'
-
-       print '<SecurityLabelTemplate xmlns="http://www.ibm.com";'
-       print '                       
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";'
-       print '                       xsi:schemaLocation="http://www.ibm.com 
security_policy.xsd">'
-
-       # Policy Labeling header
-       sendPLHeaderXml( )
-
-       # Policy Labels (subjects and objects)
-       sendPLSubXml( )
-       #sendPLObjXml( )
-
-       print '</SecurityLabelTemplate>'
-
-def sendPLHeaderXml( ):
-       global formPolicyLabelName, formPolicyLabelDate
-       global formPolicyUrl, formPolicyRef
-
-       # Policy Labeling header definition
-       print '<LabelHeader>'
-       print '  <Name>' + formPolicyLabelName[1] + '</Name>'
-       print '  <Date>' + formPolicyLabelDate[1] + '</Date>'
-       print '  <PolicyName>'
-       print '    <Url>' + formPolicyUrl[1] + '</Url>'
-       print '    <Reference>' + formPolicyRef[1] + '</Reference>'
-       print '  </PolicyName>'
-       print '</LabelHeader>'
-
-def sendPLSubXml( ):
-       global formVmNames, allVmChWs, allVmStes
-
-       # Virtual machines...
-       if len( formVmNames[1] ) == 0:
-               return
-
-       print '<SubjectLabels bootstrap="' + formVmNameDom0[1] + '">'
-       for vmName in formVmNames[1]:
-               print '  <VirtualMachineLabel>'
-               print '    <Name>' + vmName + '</Name>'
-               formVar = allVmStes[vmName]
-               if len( formVar[1] ) > 0:
-                       print '    <SimpleTypeEnforcementTypes>'
-                       for ste in formVar[1]:
-                               print '      <Type>' + ste + '</Type>'
-                       print '    </SimpleTypeEnforcementTypes>'
-
-               formVar = allVmChWs[vmName]
-               if len( formVar[1] ) > 0:
-                       print '    <ChineseWallTypes>'
-                       for chw in formVar[1]:
-                               print '      <Type>' + chw + '</Type>'
-                       print '    </ChineseWallTypes>'
-
-               print '  </VirtualMachineLabel>'
-
-       print '</SubjectLabels>'
-
-
-# Set up initial HTML variables
-headTitle = 'Xen Policy Labeling Generation'
-
-# Form variables
-#   The format of these variables is as follows:
-#   [ p0, p1, p2, p3, p4, p5 ]
-#     p0 = input type
-#     p1 = the current value of the variable
-#     p2 = the hidden input name attribute
-#     p3 = the name attribute
-#     p4 = the value attribute
-#     p5 = text to associate with the tag
-formPolicyLabelName   = [ 'text',
-                       '',
-                       'h_policyLabelName',
-                       'i_policyLabelName',
-                       '',
-                       '',
-                       ]
-formPolicyLabelDate   = [ 'text',
-                       getCurrentTime( ),
-                       'h_policyLabelDate',
-                       'i_policyLabelDate',
-                       '',
-                       '',
-                       ]
-formPolicyUrl         = [ 'text',
-                       '',
-                       'h_policyUrl',
-                       'i_policyUrl',
-                       '',
-                       '',
-                       ]
-formPolicyRef         = [ 'text',
-                       '',
-                       'h_policyRef',
-                       'i_policyRef',
-                       '',
-                       '',
-                       ]
-formPolicyLabelUpdate = [ 'button',
-                       '',
-                       '',
-                       'i_PolicyLabelUpdate',
-                       'Update',
-                       '',
-                   ]
-
-formVmNames       = [ '',
-                       [],
-                       'h_vmNames',
-                       '',
-                       '',
-                       '',
-                   ]
-formVmDel         = [ 'button',
-                       '',
-                       '',
-                       'i_vmDel',
-                       'Delete',
-                       '',
-                   ]
-formVmName        = [ 'text',
-                       '',
-                       '',
-                       'i_vmName',
-                       '',
-                       '',
-                   ]
-formVmAdd         = [ 'button',
-                       '',
-                       '',
-                       'i_vmAdd',
-                       'New',
-                       '',
-                   ]
-
-formVmNameDom0    = [ '',
-                       '',
-                       'h_vmDom0',
-                       '',
-                       '',
-                       '',
-                   ]
-
-formXmlGen        = [ 'button',
-                       '',
-                       '',
-                       'i_xmlGen',
-                       'Generate XML',
-                       '',
-                   ]
-
-formDefaultButton = [ 'button',
-                       '',
-                       '',
-                       'i_defaultButton',
-                       '.',
-                       '',
-                   ]
-
-formSteTypes      = [ '',
-                        [],
-                       'h_steTypes',
-                       '',
-                       '',
-                       '',
-                   ]
-formChWallTypes   = [ '',
-                        [],
-                       'h_chwallTypes',
-                       '',
-                       '',
-                       '',
-                   ]
-
-# This is a set of templates used for each virtual machine
-#   Each virtual machine is initially assigned these templates,
-#   then each form attribute value is changed to append
-#   "_virtual-machine-name" for uniqueness.
-templateVmDel     = [ 'button',
-                       '',
-                       '',
-                       'i_vmDel',
-                       'Delete',
-                       '',
-                   ]
-templateVmDom0    = [ 'button',
-                       '',
-                       '',
-                       'i_vmDom0',
-                       'SetDom0',
-                       '',
-                   ]
-allVmDel          = {};
-allVmDom0         = {};
-
-templateVmChWs    = [ 'list',
-                       [],
-                       'h_vmChWs',
-                       'i_vmChWs',
-                       '',
-                       '',
-                   ]
-templateVmChWDel  = [ 'button',
-                       '',
-                       '',
-                       'i_vmChWDel',
-                       'Delete',
-                       '',
-                   ]
-templateVmChW     = [ 'list',
-                       [],
-                       '',
-                       'i_vmChW',
-                       '',
-                       '',
-                   ]
-templateVmChWAdd  = [ 'button',
-                       '',
-                       '',
-                       'i_vmChWAdd',
-                       'Add',
-                       '',
-                   ]
-allVmChWs         = {};
-allVmChWDel       = {};
-allVmChW          = {};
-allVmChWAdd       = {};
-
-templateVmStes    = [ 'list',
-                       [],
-                       'h_vmStes',
-                       'i_vmStes',
-                       '',
-                       '',
-                   ]
-templateVmSteDel  = [ 'button',
-                       '',
-                       '',
-                       'i_vmSteDel',
-                       'Delete',
-                       '',
-                   ]
-templateVmSte     = [ 'list',
-                       [],
-                       '',
-                       'i_vmSte',
-                       '',
-                       '',
-                   ]
-templateVmSteAdd  = [ 'button',
-                       '',
-                       '',
-                       'i_vmSteAdd',
-                       'Add',
-                       '',
-                   ]
-allVmStes         = {};
-allVmSteDel       = {};
-allVmSte          = {};
-allVmSteAdd       = {};
-
-# A list of all form variables used for saving info across requests
-formVariables     = [ formPolicyLabelName,
-                       formPolicyLabelDate,
-                       formPolicyUrl,
-                       formPolicyRef,
-                       formVmNames,
-                       formVmNameDom0,
-                       formSteTypes,
-                       formChWallTypes,
-                   ]
-
-policyXml         = ''
-policyLabelXml    = ''
-xmlError          = 0
-xmlIncomplete     = 0
-xmlMessages       = []
-
-
-# Extract any form data
-formData = cgi.FieldStorage( )
-
-# Process the form
-getSavedData( )
-processRequest( )
-
-if formData.has_key( formXmlGen[3] ):
-       # Generate and send the XML file
-       checkXmlData( )
-
-       if xmlIncomplete == 0:
-               sendXmlHeaders( )
-               sendPolicyLabelXml( )
-
-if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
-       # Send HTML to continue processing the form
-       sendHtmlHeaders( )
-       sendPolicyLabelHtml( )
Index: xen-unstable.hg-shype/tools/security/python/xensec_gen/index.html
===================================================================
--- xen-unstable.hg-shype.orig/tools/security/python/xensec_gen/index.html
+++ xen-unstable.hg-shype/tools/security/python/xensec_gen/index.html
@@ -1,7 +1,7 @@
 <!--
  The Initial Developer of the Original Code is International
  Business Machines Corporation. Portions created by IBM
- Corporation are Copyright (C) 2005 International Business
+ Corporation are Copyright (C) 2005, 2006 International Business
  Machines Corporation. All Rights Reserved.
  -->
 
@@ -10,7 +10,7 @@
 <HTML>
   <HEAD>
     <META name="author" content="Tom Lendacky">
-    <META name="copyright" content="Copyright (C) 2005 International Business 
Machines Corporation. All rights reserved">
+    <META name="copyright" content="Copyright (C) 2005, 2006 International 
Business Machines Corporation. All rights reserved">
 
     <STYLE type="text/css">
       <!--
@@ -67,60 +67,6 @@
       </TR>
     </TABLE>
     </FORM>
-
-    <FORM action="/cgi-bin/policylabel.cgi" method="post" 
enctype="multipart/form-data">
-    <TABLE class="xen">
-      <COLGROUP>
-        <COL width="25%">
-        <COL width="20%">
-        <COL width="55%">
-      </COLGROUP>
-
-      <TR>
-        <TD valign="top" class="heading">
-          Security Policy Labeling
-        </TD>
-        <TD valign="top" colspan="2">
-          To generate or edit the Xen Security Policy Labeling you <B>must</B>
-          specify the name of
-          an existing Xen Security Policy file in the
-          <B>"Policy File"</B> entry field.<BR>
-          To generate new Xen Security Policy Labeling leave the
-          <B>"Policy Labeling File"</B> entry field
-          empty and click the "Create" button.<BR>
-          To modify existing Xen Security Policy Labeling enter the
-          file name containing the labeling in the
-          <B>"Policy Labeling File"</B> entry field
-          and click the "Create" button.<HR>
-        </TD>
-      </TR>
-      <TR>
-        <TD></TD>
-        <TD>
-          Policy File:
-        </TD>
-        <TD>
-          <INPUT type="file" size="50" name="i_policy">
-        </TD>
-      </TR>
-      <TR>
-        <TD></TD>
-        <TD>
-          Policy Labeling File:
-        </TD>
-        <TD>
-          <INPUT type="file" size="50" name="i_policyLabel">
-        </TD>
-      </TR>
-      <TR>
-        <TD></TD>
-        <TD valign="top">
-          <INPUT type="submit" name="i_policyLabelCreate" value="Create">
-        </TD>
-        <TD></TD>
-      </TR>
-    </TABLE>
-    </FORM>
   </CENTER>
   </BODY>
 </HTML>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [Patch 4 / 8][ACM] - policy generation tool support, Reiner Sailer <=