From ff5d3cc782d80862272982198365e874c674880a Mon Sep 17 00:00:00 2001 From: Keir Fraser Date: Thu, 25 Oct 2007 09:25:03 +0100 Subject: [PATCH] xend, acm: small fixes Check that the policy is of type ACM and return an error if it is not. Reworked the way the label of a domain is read. Signed-off-by; Stefan Berger --- tools/python/xen/util/xsm/acm/acm.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tools/python/xen/util/xsm/acm/acm.py b/tools/python/xen/util/xsm/acm/acm.py index 15026d347a..cf47fafb68 100644 --- a/tools/python/xen/util/xsm/acm/acm.py +++ b/tools/python/xen/util/xsm/acm/acm.py @@ -656,6 +656,10 @@ def get_res_security_details(resource): log.info("Resource label for "+resource+" not in file, using DEFAULT.") return default_security_details() + if policytype != xsconstants.ACM_POLICY_ID: + raise VmError("Unknown policy type '%s in label for resource '%s'" % + (policytype, resource)) + # is this resource label for the running policy? if policy == active_policy: ssidref = label2ssidref(label, policy, 'res') @@ -1373,11 +1377,9 @@ def get_security_label(self, xspol=None): from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance xspol = XSPolicyAdminInstance().get_loaded_policy() - if domid == 0: + label = "" if xspol: label = xspol.policy_get_domain_label_formatted(domid) - else: - label = "" - else: - label = self.info.get('security_label', '') + if domid != 0: + label = self.info.get('security_label', label) return label -- 2.30.2