[SECURITY] Allow domid and ssidref args to get_decision in

author kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>

Thu, 1 Jun 2006 17:30:28 +0000 (18:30 +0100)

committer kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>

Thu, 1 Jun 2006 17:30:28 +0000 (18:30 +0100)
author kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
Thu, 1 Jun 2006 17:30:28 +0000 (18:30 +0100)
committer kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
Thu, 1 Jun 2006 17:30:28 +0000 (18:30 +0100)
diff --git a/tools/python/xen/util/security.py b/tools/python/xen/util/security.py

index 752ab15e087f5b02bd13bdd2b8ce53f58fb22561..6a9e393ca761c44499d556824c63c958b6e531a5 100644 (file)
--- a/tools/python/xen/util/security.py
+++ b/tools/python/xen/util/security.py
@@ -426,6 +426,15 @@ def get_decision(arg1, arg2):
              err("Argument type not supported.")
          ssidref = label2ssidref(arg2[2][1], arg2[1][1])
          arg2 = ['ssidref', str(ssidref)]
+
+    # accept only int or string types for domid and ssidref
+    if isinstance(arg1[1], int):
+        arg1[1] = str(arg1[1])
+    if isinstance(arg2[1], int):
+        arg2[1] = str(arg2[1])
+    if not isinstance(arg1[1], str) or not isinstance(arg2[1], str):
+        err("Invalid id or ssidref type, string or int required")
+
      try:
          decision = acm.getdecision(arg1[0], arg1[1], arg2[0], arg2[1])
      except:
author	kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
	Thu, 1 Jun 2006 17:30:28 +0000 (18:30 +0100)
committer	kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
	Thu, 1 Jun 2006 17:30:28 +0000 (18:30 +0100)