# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1196943149 0
# Node ID 3df07c94c9aac344276ce4fcb22da6f33d2c1930
# Parent 0f9b5ab59579e8b980e231bfd3fdf5ab8a74e005
xm-test: An additional ACM security test case for the test suite.
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
---
tools/xm-test/lib/XmTestLib/acm.py | 8
tools/xm-test/tests/security-acm/10_security-acm_pol_update.py | 350
++++++++++
tools/xm-test/tests/security-acm/Makefile.am | 8
tools/xm-test/tests/security-acm/xm-test-update-security_policy.xml | 117 +++
4 files changed, 479 insertions(+), 4 deletions(-)
diff -r 0f9b5ab59579 -r 3df07c94c9aa tools/xm-test/lib/XmTestLib/acm.py
--- a/tools/xm-test/lib/XmTestLib/acm.py Thu Dec 06 11:56:51 2007 +0000
+++ b/tools/xm-test/lib/XmTestLib/acm.py Thu Dec 06 12:12:29 2007 +0000
@@ -30,11 +30,17 @@ except:
labeled_resources = {}
acm_verbose = False
+policy='xm-test'
+
def isACMEnabled():
return security.on()
-def ACMSetPolicy(policy='xm-test'):
+def setCurrentPolicy(plcy):
+ global policy
+ policy = plcy
+
+def ACMSetPolicy():
cmd='xm dumppolicy | grep -E "^POLICY REFERENCE = ' + policy + '.$"'
s, o = traceCommand(cmd)
if o != "":
diff -r 0f9b5ab59579 -r 3df07c94c9aa
tools/xm-test/tests/security-acm/10_security-acm_pol_update.py
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/xm-test/tests/security-acm/10_security-acm_pol_update.py Thu Dec
06 12:12:29 2007 +0000
@@ -0,0 +1,350 @@
+#!/usr/bin/python
+
+# Copyright (C) International Business Machines Corp., 2006
+# Author: Stefan Berger <stefanb@xxxxxxxxxx>
+#
+
+import os
+import re
+import commands
+from XmTestLib import *
+import xen.util.xsm.xsm as security
+from xen.util import xsconstants
+
+def checkLabel(labeldata, expected, domname):
+ if labeldata[0] != expected[0]:
+ FAIL("Policy type of %s is bad: %s" % (domname, labeldata[0]))
+ if labeldata[1] != expected[1]:
+ FAIL("Unexpected policy indicated in %s label '%s', expected '%s'." %
+ (domname, labeldata[1], expected[1]))
+ if labeldata[2] != expected[2]:
+ FAIL("%s does not have '%s' label but '%s'." %
+ (domname, expected[2], labeldata[2]))
+
+testpolicy = "xm-test"
+testlabel1 = "blue"
+testlabel2 = "red"
+testlabel3 = "green"
+
+s, o = traceCommand('xm resources | grep -E "^[phy|file|vlan]" ')
+resnames = []
+if o:
+ resnames = o.split('\n')
+
+ for res in resnames:
+ s, o = traceCommand('xm rmlabel res %s' % res)
+
+#Unlabeled domain must not start under xm-test policy
+domain_ul = XmTestDomain(name='domain-unlabeled',
+ extraConfig=None)
+del domain_ul.config.opts['access_control']
+try:
+ domain_ul.start(noConsole=True)
+ FAIL("Could start unlabeled domain.")
+except DomainError, e:
+ pass
+
+
+config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel1)}
+
+domain_blue = XmTestDomain(name='domain-%s' % testlabel1,
+ extraConfig=config)
+
+config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel3)}
+
+domain_green = XmTestDomain(name='domain-%s' % testlabel3,
+ extraConfig=config)
+
+
+try:
+ domain_blue.start(noConsole=True)
+except DomainError, e:
+ if verbose:
+ print e.extra
+ FAIL("Unable to start blue labeled test domain")
+
+s, o = traceCommand('xm list Domain-0 --label | grep -E "Domain-0"')
+if s:
+ FAIL("Could not get the label of Domain-0")
+
+info = o.strip().split(' ')
+labeldata = info[-1].split(':')
+if len(labeldata) != 3:
+ FAIL("Label of Domain-0 is bad: '%s'" % info[-1])
+checkLabel(labeldata,
+ [xsconstants.ACM_POLICY_ID, "xm-test", "SystemManagement"],
+ "Domain-0")
+
+# Should be able to set the Domain-0 label to blue
+s, o = traceCommand('xm addlabel blue mgt Domain-0')
+if s:
+ FAIL("Could not set the label of Domain-0 to 'blue'.")
+s,o = traceCommand('xm list Domain-0 --label | grep -E "Domain-0"')
+if s:
+ FAIL("Could not get the label of Domain-0")
+
+info = o.strip().split()
+labeldata = info[-1].split(':')
+if len(labeldata) != 3:
+ FAIL("Label of Domain-0 is bad: '%s'" % info[-1])
+checkLabel(labeldata,
+ [xsconstants.ACM_POLICY_ID, "xm-test", "blue"],
+ "Domain-0")
+
+#Should not be able to set the label of Domain-0 to 'red'
+s, o = traceCommand('xm addlabel red mgt Domain-0')
+if not s:
+ FAIL("Could set the label of Domain-0 to 'red'.")
+s,o = traceCommand('xm list Domain-0 --label | grep -E "Domain-0"')
+if s:
+ FAIL("Could not get the label of Domain-0")
+
+info = o.strip().split()
+labeldata = info[-1].split(':')
+if len(labeldata) != 3:
+ FAIL("Label of Domain-0 is bad: '%s'" % info[-1])
+checkLabel(labeldata,
+ [xsconstants.ACM_POLICY_ID, "xm-test", "blue"],
+ "Domain-0")
+
+# Should be able to set the label of Domain-0 to 'SystemManagement'
+s, o = traceCommand('xm addlabel SystemManagement mgt Domain-0')
+if s:
+ FAIL("Could not set the label of Domain-0 to 'SystemManagement'.")
+s,o = traceCommand('xm list Domain-0 --label | grep -E "Domain-0"')
+if s:
+ FAIL("Could not get the label of Domain-0")
+
+info = o.strip().split()
+labeldata = info[-1].split(':')
+if len(labeldata) != 3:
+ FAIL("Label of Domain-0 is bad: '%s'" % info[-1])
+checkLabel(labeldata,
+ [xsconstants.ACM_POLICY_ID, "xm-test", "SystemManagement"],
+ "Domain-0")
+
+#Label some resource green
+#Label some resource red
+#Label some resource blue
+
+s, o = traceCommand('xm addlabel green res file:/tmp/green')
+if s:
+ FAIL("Could not label resource 'green'.")
+s, o = traceCommand('xm addlabel red res file:/tmp/red')
+if s:
+ FAIL("Could not label resource 'red'.")
+s, o = traceCommand('xm addlabel blue res file:/tmp/blue')
+if s:
+ FAIL("Could not label resrouce 'blue'")
+
+# Start a green domain
+try:
+ domain_green.start(noConsole=True)
+except DomainError, e:
+ if verbose:
+ print e.extra
+ FAIL("Unable to start green labeled test domain")
+
+# Update the system's policy. Should not work, since blue Domain is running
+s, o = traceCommand('xm setpolicy ACM xm-test-update')
+if not s:
+ FAIL("Could set the new policy even though blue domain is running.")
+
+s, o = traceCommand('xm getpolicy | grep "Policy name"')
+info = o.split(':')
+poldata = [i.strip() for i in info]
+
+if poldata[1] != 'xm-test':
+ FAIL("Policy should be 'xm-test' but is now '%s'." % poldata[1])
+
+# Check that no labels have changed
+s, o = traceCommand('xm getlabel res file:/tmp/green')
+if s:
+ FAIL("Could not get label for green resource.")
+label=o.strip()
+if label != 'ACM:xm-test:green':
+ FAIL("Label for green resource has changed to '%s', but should not have,"
+ % label)
+
+s, o = traceCommand('xm getlabel res file:/tmp/red')
+if s:
+ FAIL("Could not get label for red resource.")
+label=o.strip()
+if label != 'ACM:xm-test:red':
+ FAIL("Label for red resource has changed to '%s', but should not have,"
+ % label)
+
+s, o = traceCommand('xm getlabel res file:/tmp/blue')
+if s:
+ FAIL("Could not get label for blue resource.")
+label=o.strip()
+if label != 'ACM:xm-test:blue':
+ FAIL("Label for blue resource has changed to '%s', but should not have,"
+ % label)
+
+# Terminate blue domain
+domain_blue.stop()
+
+# Update the system's policy. Should work and rename the green domain to GREEN
+s, o = traceCommand('xm setpolicy ACM xm-test-update')
+if s:
+ FAIL("Could not set the new policy.")
+
+acm.setCurrentPolicy('xm-test-update')
+
+s, o = traceCommand('xm getpolicy | grep "Policy name"')
+info = o.split(':')
+poldata = [i.strip() for i in info]
+
+if poldata[1] != 'xm-test-update':
+ FAIL("Policy should be 'xm-test-update' but is now '%s'." % poldata[1])
+
+# check previously labeled resources
+# - green should be GREEN now
+# - blue should have been invalidated
+# - red should be the same
+s, o = traceCommand('xm getlabel res file:/tmp/green')
+if s:
+ FAIL("Could not get label for GREEN resource.")
+label=o.strip()
+if label != 'ACM:xm-test-update:GREEN':
+ FAIL("Label for green resource has changed to '%s', but should not have,"
+ % label)
+
+s, o = traceCommand('xm getlabel res file:/tmp/red')
+if s:
+ FAIL("Could not get label for RED resource.")
+label=o.strip()
+if label != 'ACM:xm-test-update:RED':
+ FAIL("Label for RED resource has changed to '%s', expected is '%s',"
+ % (label,'ACM:xm-test-update:RED'))
+
+s, o = traceCommand('xm getlabel res file:/tmp/blue')
+if s:
+ FAIL("Could not get label for blue resource.")
+label=o.strip()
+if label != 'INV_ACM:xm-test:blue':
+ FAIL("Label for blue resource has changed to '%s', expected is '%s',"
+ % (label,'INV_ACM:xm-test:blue'))
+
+config = {"access_control":"policy=%s,label=%s" %
('xm-test-update',testlabel2)}
+
+domain_red = XmTestDomain(name='domain-%s' % testlabel2,
+ extraConfig=config)
+
+# Start the red domain - should not work due to conflict set
+try:
+ domain_red.start(noConsole=True)
+ FAIL("Could start 'red' domain.")
+except DomainError, e:
+ pass
+
+# Terminate GREEN domain
+domain_green.destroy()
+
+# Start the red domain - should work now
+try:
+ domain_red.start()
+except DomainError, e:
+ FAIL("Could not start 'red' domain.")
+
+# Stop the red domain.
+domain_red.destroy()
+
+# Make Domain-0 GREEN
+s, o = traceCommand('xm addlabel GREEN mgt Domain-0')
+if s:
+ FAIL("Could not set Domain-0's label to 'GREEN'.")
+s,o = traceCommand('xm list Domain-0 --label | grep -E "Domain-0"')
+if s:
+ FAIL("Could not get the label of Domain-0")
+
+info = o.strip().split()
+labeldata = info[-1].split(':')
+if len(labeldata) != 3:
+ FAIL("Label of Domain-0 is bad: '%s'" % info[-1])
+checkLabel(labeldata,
+ [xsconstants.ACM_POLICY_ID, "xm-test-update", "GREEN"],
+ "Domain-0")
+
+# Start the red domain - should not work due to conflict set
+try:
+ domain_red.start()
+ FAIL("Could start 'red' domain.")
+except DomainError, e:
+ pass
+
+# Set Domain-0's domain to SystemManagement
+s, o = traceCommand('xm addlabel SystemManagement mgt Domain-0')
+if s:
+ FAIL("Could not set Domain-0's label to SystemManagement.")
+
+# Start unlabeled domain - should work
+try:
+ domain_ul.start(noConsole=True)
+except DomainError, e:
+ FAIL("Could not start unlabeled domain.")
+
+# Stop red domain
+domain_red.destroy()
+
+# reset the policy - should not work
+s, o = traceCommand('xm resetpolicy')
+if not s:
+ FAIL("Could reset the policy.")
+
+# Stop unlabeled domain
+domain_ul.destroy()
+
+
+# Mark Domain-0 as red. This must not have any effect on the later reset
+s, o = traceCommand('xm addlabel red mgt Domain-0')
+if s:
+ FAIL("Could not set Domain-0's label to 'red'.")
+s,o = traceCommand('xm list Domain-0 --label | grep -E "Domain-0"')
+if s:
+ FAIL("Could not get the label of Domain-0")
+
+info = o.strip().split()
+labeldata = info[-1].split(':')
+if len(labeldata) != 3:
+ FAIL("Label of Domain-0 is bad: '%s'" % info[-1])
+checkLabel(labeldata,
+ [xsconstants.ACM_POLICY_ID, "xm-test-update", "red"],
+ "Domain-0")
+
+# reset the policy - should work
+s, o = traceCommand('xm resetpolicy')
+if s:
+ FAIL("Could not reset the policy.")
+
+# check previously labeled resources
+# - GREEN should be invalid
+# - red should be invalid
+# - blue should be invalid
+s, o = traceCommand('xm getlabel res file:/tmp/green')
+if s:
+ FAIL("Could not get label for GREEN resource.")
+label=o.strip()
+exp='INV_ACM:xm-test-update:GREEN'
+if label != exp:
+ FAIL("Label for green resource has changed to '%s', but should be '%s',"
+ % (label, exp))
+
+s, o = traceCommand('xm getlabel res file:/tmp/red')
+if s:
+ FAIL("Could not get label for RED resource.")
+label=o.strip()
+exp='INV_ACM:xm-test-update:RED'
+if label != exp:
+ FAIL("Label for RED resource has changed to '%s', but should be '%s'.,"
+ % (label, exp))
+
+s, o = traceCommand('xm getlabel res file:/tmp/blue')
+if s:
+ FAIL("Could not get label for blue resource.")
+label=o.strip()
+exp='INV_ACM:xm-test:blue'
+if label != exp:
+ FAIL("Label for blue resource has changed to '%s', but should be '%s',"
+ % (label, exp))
diff -r 0f9b5ab59579 -r 3df07c94c9aa
tools/xm-test/tests/security-acm/Makefile.am
--- a/tools/xm-test/tests/security-acm/Makefile.am Thu Dec 06 11:56:51
2007 +0000
+++ b/tools/xm-test/tests/security-acm/Makefile.am Thu Dec 06 12:12:29
2007 +0000
@@ -8,7 +8,8 @@ TESTS = 01_security-acm_basic.test \
06_security-acm_dom_block_attach.test \
07_security-acm_pol_update.test \
08_security-acm_xapi.test \
- 09_security-acm_pol_update.test
+ 09_security-acm_pol_update.test \
+ 10_security-acm_pol_update.test
XFAIL_TESTS =
@@ -19,8 +20,9 @@ TESTS_ENVIRONMENT=@TENV@
cp $< $@
chmod +x $@
@if [ -d /etc/xen/acm-security/policies ]; then \
- cp -f xm-test-security_policy.xml \
- /etc/xen/acm-security/policies; \
+ cp -f xm-test-security_policy.xml \
+ xm-test-update-security_policy.xml\
+ /etc/xen/acm-security/policies; \
fi;
clean-local: am_config_clean-local
diff -r 0f9b5ab59579 -r 3df07c94c9aa
tools/xm-test/tests/security-acm/xm-test-update-security_policy.xml
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/xm-test/tests/security-acm/xm-test-update-security_policy.xml
Thu Dec 06 12:12:29 2007 +0000
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Auto-generated by ezPolicy -->
+<SecurityPolicyDefinition xmlns="http://www.ibm.com";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd ">
+ <PolicyHeader>
+ <PolicyName>xm-test-update</PolicyName>
+ <Date>Fri Sep 29 14:44:38 2006</Date>
+ <Version>1.1</Version>
+ <FromPolicy>
+ <PolicyName>xm-test</PolicyName>
+ <Version>1.0</Version>
+ </FromPolicy>
+ </PolicyHeader>
+
+ <SimpleTypeEnforcement>
+ <SimpleTypeEnforcementTypes>
+ <Type>SystemManagement</Type>
+ <Type>GREEN</Type>
+ <Type>red</Type>
+ <Type>__UNLABELED__</Type>
+ </SimpleTypeEnforcementTypes>
+ </SimpleTypeEnforcement>
+
+ <ChineseWall priority="PrimaryPolicyComponent">
+ <ChineseWallTypes>
+ <Type>SystemManagement</Type>
+ <Type>GREEN</Type>
+ <Type>red</Type>
+ <Type>__UNLABELED__</Type>
+ </ChineseWallTypes>
+
+ <ConflictSets>
+ <Conflict name="RER">
+ <Type>GREEN</Type>
+ <Type>red</Type>
+ </Conflict>
+ </ConflictSets>
+ </ChineseWall>
+
+ <SecurityLabelTemplate>
+ <SubjectLabels bootstrap="SystemManagement">
+ <VirtualMachineLabel>
+ <Name>SystemManagement</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>SystemManagement</Type>
+ <Type>GREEN</Type>
+ <Type>red</Type>
+ <Type>__UNLABELED__</Type>
+ </SimpleTypeEnforcementTypes>
+ <ChineseWallTypes>
+ <Type>SystemManagement</Type>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+
+ <VirtualMachineLabel>
+ <Name from="green">GREEN</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>GREEN</Type>
+ </SimpleTypeEnforcementTypes>
+ <ChineseWallTypes>
+ <Type>GREEN</Type>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+
+ <VirtualMachineLabel>
+ <Name>red</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>red</Type>
+ </SimpleTypeEnforcementTypes>
+ <ChineseWallTypes>
+ <Type>red</Type>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+
+ <VirtualMachineLabel>
+ <Name>__UNLABELED__</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>__UNLABELED__</Type>
+ </SimpleTypeEnforcementTypes>
+ <ChineseWallTypes>
+ <Type>__UNLABELED__</Type>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+
+ </SubjectLabels>
+
+ <ObjectLabels>
+ <ResourceLabel>
+ <Name>SystemManagement</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>SystemManagement</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+
+ <ResourceLabel>
+ <Name from="green">GREEN</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>GREEN</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+
+ <ResourceLabel>
+ <Name from="red">RED</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>red</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+
+ <ResourceLabel>
+ <Name>__UNLABELED__</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>__UNLABELED__</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+
+ </ObjectLabels>
+ </SecurityLabelTemplate>
+</SecurityPolicyDefinition>
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home