xend: Flask MLS security label handling

author Keir Fraser <keir.fraser@citrix.com>

Wed, 26 Aug 2009 14:35:14 +0000 (15:35 +0100)

committer Keir Fraser <keir.fraser@citrix.com>

Wed, 26 Aug 2009 14:35:14 +0000 (15:35 +0100)
author Keir Fraser <keir.fraser@citrix.com>
Wed, 26 Aug 2009 14:35:14 +0000 (15:35 +0100)
committer Keir Fraser <keir.fraser@citrix.com>
Wed, 26 Aug 2009 14:35:14 +0000 (15:35 +0100)
diff --git a/tools/python/xen/util/xsm/flask/flask.py b/tools/python/xen/util/xsm/flask/flask.py

index 04dc3913c41b79878e8a0fd9bbd24c5c79a64cde..754961cede073e797272c53ed40f47951f5d0223 100644 (file)
--- a/tools/python/xen/util/xsm/flask/flask.py
+++ b/tools/python/xen/util/xsm/flask/flask.py
@@ -25,7 +25,7 @@ def label2ssidref(label, policy, type):
      try:
          return flask.flask_context_to_sid(label)
      except:
-        return ""
+       raise XSMError('Invalid context %s' % label)
  
  def parse_security_label(security_label):
      return security_label
diff --git a/tools/python/xen/xend/XendConfig.py b/tools/python/xen/xend/XendConfig.py

index 20ecca8b01ae4ed993cc102ab19bc997ccb7b74e..6f39e7ed1abe22f93bb18116699c22f1ec1a2271 100644 (file)
--- a/tools/python/xen/xend/XendConfig.py
+++ b/tools/python/xen/xend/XendConfig.py
@@ -802,11 +802,6 @@ class XendConfig(dict):
                  if not sxp.child_value(sxp_cfg, 'security_label'):
                      del cfg['security']
  
-            sec_lab = cfg['security_label'].split(":")
-            if len(sec_lab) != 3:
-                raise XendConfigError("Badly formatted security label: %s"
-                                      % cfg['security_label'])
-
          old_state = sxp.child_value(sxp_cfg, 'state')
          if old_state:
              for i in range(len(CONFIG_OLD_DOM_STATES)):
diff --git a/tools/python/xen/xm/create.py b/tools/python/xen/xm/create.py

index d2ea7ecf35a36dbc1d036c1a965ab077bb45f5e6..92ab12b0faf1541c71a2d097c5d7000ebf2a178c 100644 (file)
--- a/tools/python/xen/xm/create.py
+++ b/tools/python/xen/xm/create.py
@@ -1163,17 +1163,11 @@ def preprocess_access_control(vals):
      num = len(vals.access_control)
      if num == 1:
          access_control = (vals.access_control)[0]
-        d = {}
-        a = access_control.split(',')
-        if len(a) > 2:
-            err('Too many elements in access_control specifier: ' + access_control)
-        for b in a:
-            (k, v) = b.strip().split('=', 1)
-            k = k.strip()
-            v = v.strip()
-            if k not in ['policy','label']:
-                err('Invalid access_control specifier: ' + access_control)
-            d[k] = v
+        acc_re = 'policy=(?P<policy>.*),label=(?P<label>.*)'
+        acc_match = re.match(acc_re,access_control)
+        if acc_match == None:
+            err('Invalid access_control specifier: ' + access_control)
+        d = acc_match.groupdict();
          access_controls.append(d)
          vals.access_control = access_controls
      elif num > 1:
author	Keir Fraser <keir.fraser@citrix.com>
	Wed, 26 Aug 2009 14:35:14 +0000 (15:35 +0100)
committer	Keir Fraser <keir.fraser@citrix.com>
	Wed, 26 Aug 2009 14:35:14 +0000 (15:35 +0100)
tools/python/xen/util/xsm/flask/flask.py		patch \| blob \| history
tools/python/xen/xend/XendConfig.py		patch \| blob \| history
tools/python/xen/xm/create.py		patch \| blob \| history