WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] [TPM] Add tests cases for the ACM securit

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] [TPM] Add tests cases for the ACM security hooks and tools to
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 18 Oct 2006 16:50:14 +0000
Delivery-date: Wed, 18 Oct 2006 09:50:58 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Node ID 4ecfbf08b44911dbd86c5e59b63c672c642c3220
# Parent  cbc181eb54fa226606499bc405ecf90967c4e0be
[TPM] Add tests cases for the ACM security hooks and tools to
the xm test suite. The tests can be run with ACM turned off (not
compiled into Xen; see user doc for this), but most of them will be
skipped then. They can be run with a command like

make -C tests/security-acm check-TESTS

from the xm-test directory. They are also part of the default tests in
the tests suite and part of a new group test 'security'.
Since some of the tests require resources to be labeled, one must
explicitly enable the resources to be allowed to be labeled by the
test
suite by running

./configure --enable-full-labeling

once. To turn it off, the '--enable-full-labeling' parameter should be
omitted.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
---
 tools/xm-test/README                                                 |   32 ++
 tools/xm-test/configure.ac                                           |   15 +
 tools/xm-test/grouptest/default                                      |    1 
 tools/xm-test/grouptest/security                                     |    1 
 tools/xm-test/lib/XmTestLib/XenDomain.py                             |    2 
 tools/xm-test/lib/XmTestLib/acm.py                                   |   80 
++++++
 tools/xm-test/tests/Makefile.am                                      |    1 
 tools/xm-test/tests/security-acm/01_security-acm_basic.py            |  118 
++++++++++
 tools/xm-test/tests/security-acm/02_security-acm_dom_start.py        |   64 
+++++
 tools/xm-test/tests/security-acm/03_security-acm_dom_conflict.py     |   60 
+++++
 tools/xm-test/tests/security-acm/04_security-acm_dom_res.py          |   69 
+++++
 tools/xm-test/tests/security-acm/05_security-acm_dom_res_conf.py     |   38 +++
 tools/xm-test/tests/security-acm/06_security-acm_dom_block_attach.py |   82 
++++++
 tools/xm-test/tests/security-acm/Makefile.am                         |   25 ++
 tools/xm-test/tests/security-acm/acm_utils.py                        |   15 +
 tools/xm-test/tests/security-acm/xm-test-security_policy.xml         |  110 
+++++++++
 16 files changed, 713 insertions(+)

diff -r cbc181eb54fa -r 4ecfbf08b449 tools/xm-test/README
--- a/tools/xm-test/README      Wed Oct 18 15:26:08 2006 +0100
+++ b/tools/xm-test/README      Wed Oct 18 16:07:55 2006 +0100
@@ -110,6 +110,38 @@ the kernel, please use the key word "bui
  
 Xm-test will look for disk.img in the ramdisk directory when run by
 default.
+
+
+BUILDING for ACM Security Testing
+=================================
+
+A number of tests have been added to test the access control module (ACM)
+in the Xen hypervisor and the tools for supporting ACM. Those tests are
+located in the security-acm directory. If ACM support is compiled into Xen
+(see the user guide for how to do this) those tests can be run with the
+following command from the xm-test directory
+
+./runtest.sh [...] -g security <report>
+
+Some of these tests will work even without support of ACM by Xen.
+
+Several of these tests require the privilege of being allowed to label
+resources and will otherwise be skipped. By default the test suite
+is not allowed to automatically label resources since this may affect
+existing labels. To enable this, the test suite must be configured with
+the following parameter passed to the configure scripts (in addition to
+any other desired parameters)
+
+./configure --enable-full-labeling
+
+To revoke the privilege at a later time run the configure scripts without
+this parameter:
+
+./configure
+
+If a 'make' has previously been run for building the test suite, it is not
+necessary to run 'make' again just for enabling or disabling the automatic
+labeling of resources.
 
 
 Running
diff -r cbc181eb54fa -r 4ecfbf08b449 tools/xm-test/configure.ac
--- a/tools/xm-test/configure.ac        Wed Oct 18 15:26:08 2006 +0100
+++ b/tools/xm-test/configure.ac        Wed Oct 18 16:07:55 2006 +0100
@@ -37,6 +37,20 @@ fi
 
 AM_CONDITIONAL(HVM, test x$ENABLE_HVM = xTrue)
 AC_SUBST(ENABLE_HVM)
+
+AC_ARG_ENABLE(full-labeling,
+       [[  --enable-full-labeling         allows the test suite to label all 
resources]],
+       [
+               ENABLE_LABELING=True
+       ],[
+               ENABLE_LABELING=False
+       ])
+
+if test "x$ENABLE_LABELING" = "xTrue"; then
+       echo "ACM_LABEL_RESOURCES = True" > lib/XmTestLib/acm_config.py
+else
+       rm -f lib/XmTestLib/acm_config.py*
+fi
 
 # Network needs to know ips to use: dhcp or a range of IPs in the form
 # of: 192.168.1.1-192.168.1.100
@@ -127,6 +141,7 @@ AC_CONFIG_FILES([
     tests/restore/Makefile
     tests/save/Makefile
     tests/sched-credit/Makefile
+    tests/security-acm/Makefile
     tests/sedf/Makefile
     tests/shutdown/Makefile
     tests/sysrq/Makefile
diff -r cbc181eb54fa -r 4ecfbf08b449 tools/xm-test/grouptest/default
--- a/tools/xm-test/grouptest/default   Wed Oct 18 15:26:08 2006 +0100
+++ b/tools/xm-test/grouptest/default   Wed Oct 18 16:07:55 2006 +0100
@@ -22,6 +22,7 @@ restore
 restore
 save
 sched-credit
+security-acm
 shutdown
 sysrq
 unpause
diff -r cbc181eb54fa -r 4ecfbf08b449 tools/xm-test/lib/XmTestLib/XenDomain.py
--- a/tools/xm-test/lib/XmTestLib/XenDomain.py  Wed Oct 18 15:26:08 2006 +0100
+++ b/tools/xm-test/lib/XmTestLib/XenDomain.py  Wed Oct 18 16:07:55 2006 +0100
@@ -102,6 +102,8 @@ class XenConfig:
         self.defaultOpts["disk"] = []
         self.defaultOpts["vif"]  = []
         self.defaultOpts["vtpm"] = []
+        if isACMEnabled():
+            self.defaultOpts["access_control"] = []
 
         self.opts = self.defaultOpts
 
diff -r cbc181eb54fa -r 4ecfbf08b449 tools/xm-test/tests/Makefile.am
--- a/tools/xm-test/tests/Makefile.am   Wed Oct 18 15:26:08 2006 +0100
+++ b/tools/xm-test/tests/Makefile.am   Wed Oct 18 16:07:55 2006 +0100
@@ -19,6 +19,7 @@ SUBDIRS =                     \
                pause           \
                reboot          \
                sched-credit    \
+               security-acm    \
                sedf            \
                shutdown        \
                sysrq           \
diff -r cbc181eb54fa -r 4ecfbf08b449 tools/xm-test/grouptest/security
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/xm-test/grouptest/security  Wed Oct 18 16:07:55 2006 +0100
@@ -0,0 +1,1 @@
+security-acm
diff -r cbc181eb54fa -r 4ecfbf08b449 tools/xm-test/lib/XmTestLib/acm.py
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/xm-test/lib/XmTestLib/acm.py        Wed Oct 18 16:07:55 2006 +0100
@@ -0,0 +1,80 @@
+#!/usr/bin/python
+"""
+ Copyright (C) International Business Machines Corp., 2006
+ Author: Stefan Berger <stefanb@xxxxxxxxxx>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; under version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+"""
+from Test import *
+from xen.util import security
+
+try:
+    from acm_config import *
+except:
+    ACM_LABEL_RESOURCES = False
+
+labeled_resources = {}
+acm_verbose = False
+
+def isACMEnabled():
+    return security.on()
+
+
+def ACMLoadPolicy(policy='xm-test'):
+    s, o = traceCommand("xm makepolicy %s" % (policy))
+    if s != 0:
+        FAIL("Need to be able to do 'xm makepolicy %s' but could not" %
+             (policy))
+    s, o = traceCommand("xm loadpolicy %s" % (policy))
+    if s != 0:
+        FAIL("Could not load the required policy '%s'.\n"
+             "Start the system without any policy.\n%s" %
+             (policy, o))
+
+
+# Applications may label resources explicitly by calling this function
+def ACMLabelResource(resource, label='red'):
+    if acm_verbose:
+        print "labeling resource %s with label %s" % (resource, label)
+    if not ACM_LABEL_RESOURCES:
+        SKIP("Skipping test since not allowed to label resources in "
+             "test suite")
+    if not isACMResourceLabeled(resource):
+        ACMUnlabelResource(resource)
+        s, o = traceCommand("xm addlabel %s res %s" % (label, resource))
+        if s != 0:
+            FAIL("Could not add label to resource")
+        else:
+            labeled_resources["%s" % resource] = 1
+
+
+# Application may remove a label from a resource. It has to call this
+# function and must do so once a resource for re-labeling a resource
+def ACMUnlabelResource(resource):
+    s, o = traceCommand("xm rmlabel res %s" % (resource))
+    labeled_resources["%s" % resource] = 0
+
+
+def isACMResourceLabeled(resource):
+    """ Check whether a resource has been labeled using this API
+        and while running the application """
+    try:
+        if labeled_resources["%s" % resource] == 1:
+            if acm_verbose:
+                print "resource %s already labeled!" % resource
+            return True
+    except:
+        return False
+    return False
diff -r cbc181eb54fa -r 4ecfbf08b449 
tools/xm-test/tests/security-acm/01_security-acm_basic.py
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/xm-test/tests/security-acm/01_security-acm_basic.py Wed Oct 18 
16:07:55 2006 +0100
@@ -0,0 +1,118 @@
+#!/usr/bin/python
+
+# Copyright (C) International Business Machines Corp., 2006
+# Author: Stefan Berger <stefanb@xxxxxxxxxx>
+#
+# A couple of simple tests that test ACM security extensions
+# for the xm tool. The following xm subcommands are tested:
+#
+# - makepolicy
+# - labels
+# - rmlabel
+# - addlabel
+# - getlabel
+# - resources
+
+from XmTestLib import *
+from xen.util import security
+import commands
+import os
+import re
+
+testpolicy = "xm-test"
+testlabel = "blue"
+vmconfigfile = "/tmp/xm-test.conf"
+testresource = "phy:ram0"
+
+status, output = traceCommand("xm makepolicy %s" % (testpolicy))
+if status != 0 or output != "":
+    FAIL("'xm makepolicy' failed with status %d and output\n%s" %
+         (status,output));
+
+status, output = traceCommand("xm labels %s" % (testpolicy))
+if status != 0:
+    FAIL("'xm labels' failed with status %d.\n" % status)
+
+#Need to get a vm config file - just have it written to a file
+domain = XmTestDomain()
+domain.config.write(vmconfigfile)
+
+#Whatever label it might have - remove it
+status, output = traceCommand("xm rmlabel dom %s" %
+                              (vmconfigfile))
+
+status, output = traceCommand("xm addlabel %s dom %s %s" %
+                              (testlabel, vmconfigfile, testpolicy))
+if status != 0:
+    FAIL("'xm addlabel' failed with status %d.\n" % status)
+
+status, output = traceCommand("xm getlabel dom %s" %
+                              (vmconfigfile))
+
+if status != 0:
+    FAIL("'xm getlabel' failed with status %d, output:\n%s" %
+         (status, output))
+if output != "policy=%s,label=%s" % (testpolicy,testlabel):
+    FAIL("Received unexpected output from 'xm getlabel': \n%s" %
+         (output))
+
+
+status, output = traceCommand("xm rmlabel dom %s" %
+                              (vmconfigfile))
+
+if status != 0:
+    FAIL("'xm rmlabel' failed with status %d, output: \n%s" %
+         (status,output))
+if output != "":
+    FAIL("Received unexpected output from 'xm rmlabel': \n%s" %
+         (output))
+
+status, output = traceCommand("xm getlabel dom %s" %
+                              (vmconfigfile))
+
+if output != "Error: 'Domain not labeled'":
+    FAIL("Received unexpected output from 'xm getlabel': \n%s" %
+         (output))
+
+#Whatever label the resource might have, remove it
+status, output = traceCommand("xm rmlabel res %s" %
+                              (testresource))
+
+status, output = traceCommand("xm addlabel %s res %s %s" %
+                              (testlabel, testresource, testpolicy))
+if status != 0:
+    FAIL("'xm addlabel' on resource failed with status %d.\n" % status)
+
+status, output = traceCommand("xm getlabel res %s" % (testresource))
+
+if status != 0:
+    FAIL("'xm getlabel' on resource failed with status %d, output:\n%s" %
+         (status, output))
+if output != "policy=%s,label=%s" % (testpolicy,testlabel):
+    FAIL("Received unexpected output from 'xm getlabel': \n%s" %
+         (output))
+
+status, output = traceCommand("xm resources")
+
+if status != 0:
+    FAIL("'xm resources' did not run properly")
+if not re.search(security.unify_resname(testresource), output):
+    FAIL("'xm resources' did not show the tested resource '%s'." %
+         testresource)
+
+status, output = traceCommand("xm rmlabel res %s" %
+                              (testresource))
+
+if status != 0:
+    FAIL("'xm rmlabel' on resource failed with status %d, output: \n%s" %
+         (status,output))
+if output != "":
+    FAIL("Received unexpected output from 'xm rmlabel': \n%s" %
+         (output))
+
+status, output = traceCommand("xm getlabel res %s" %
+                              (testresource))
+
+if output != "Error: 'Resource not labeled'":
+    FAIL("Received unexpected output from 'xm getlabel': \n%s" %
+         (output))
diff -r cbc181eb54fa -r 4ecfbf08b449 
tools/xm-test/tests/security-acm/02_security-acm_dom_start.py
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/xm-test/tests/security-acm/02_security-acm_dom_start.py     Wed Oct 
18 16:07:55 2006 +0100
@@ -0,0 +1,64 @@
+#!/usr/bin/python
+
+# Copyright (C) International Business Machines Corp., 2006
+# Author: Stefan Berger <stefanb@xxxxxxxxxx>
+#
+# Simple test that starts two labeled domains; both domains should start
+#
+# The following xm subcommands are tested:
+# - dumppolicy
+# - labels
+
+from XmTestLib import *
+from acm_utils import *
+import commands
+import os
+
+testlabel1 = "green"
+testlabel2 = "red"
+
+status, output = traceCommand("xm labels")
+
+labels = ["SystemManagement", "blue", "red", "green"]
+for l in labels:
+    if not re.search(l, output):
+        FAIL("Label '%s' not found in current policy!", l)
+
+status, output = traceCommand("xm dumppolicy")
+if status != 0:
+    FAIL("'xm dumppolicy' returned an error code.")
+lines = ["ssidref 0:  00 00 00 00",
+         "ssidref 1:  01 00 00 00",
+         "ssidref 2:  00 01 00 00",
+         "ssidref 3:  00 00 01 00",
+         "ssidref 4:  00 00 00 01"]
+for l in lines:
+    if not re.search(l, output):
+        FAIL("Could not find '%s' in output of 'xm dumppolicy'" % l)
+
+config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel1)}
+verbose = True
+domain1 = XmTestDomain(name="domain-%s" % testlabel1,
+                       extraConfig=config)
+
+try:
+    domain1.start(noConsole=True)
+except DomainError, e:
+    if verbose:
+        print e.extra
+    FAIL("Unable to start 1st labeled test domain.")
+
+config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel2)}
+
+domain2 = XmTestDomain(name="domain-%s" % testlabel2,
+                       extraConfig=config)
+
+try:
+    domain2.start(noConsole=True)
+except DomainError, e:
+    if verbose:
+        print e.extra
+    FAIL("Unable to start 2nd labeled test domain.")
+
+domain2.destroy()
+domain1.destroy()
diff -r cbc181eb54fa -r 4ecfbf08b449 
tools/xm-test/tests/security-acm/03_security-acm_dom_conflict.py
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/xm-test/tests/security-acm/03_security-acm_dom_conflict.py  Wed Oct 
18 16:07:55 2006 +0100
@@ -0,0 +1,60 @@
+#!/usr/bin/python
+
+# Copyright (C) International Business Machines Corp., 2006
+# Author: Stefan Berger <stefanb@xxxxxxxxxx>
+#
+# A test that exercises the conflict set of the chinese wall policy.
+# Start a first domain and then a second one. The second one is
+# expected NOT to be starteable.
+
+from XmTestLib import *
+from acm_utils import *
+import commands
+import os
+
+testlabel1 = "blue"
+testlabel2 = "red"
+
+config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel1)}
+
+domain1 = XmTestDomain(name="domain-%s" % testlabel1,
+                       extraConfig=config)
+
+try:
+    domain1.start(noConsole=True)
+except DomainError, e:
+    if verbose:
+        print e.extra
+    FAIL("Unable to start 1st labeled test domain")
+
+# Verify with xm dry-run
+status, output = traceCommand("xm dry-run /tmp/xm-test.conf | "
+                              "grep -v \"Dry Run\"")
+if status != 0:
+    FAIL("'xm dry-run' failed")
+if not re.search("PERMITTED", output):
+    FAIL("'xm dry-run' did not succeed.")
+
+config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel2)}
+
+domain2 = XmTestDomain(name="domain-%s" % testlabel2,
+                       extraConfig=config)
+
+try:
+    domain2.start(noConsole=True)
+    # Should never get here!
+    FAIL("Could start a domain in a conflict set - "
+         "this should not be possible")
+except DomainError, e:
+    #This is exactly what we want in this case
+    status = 0
+
+# Verify with xm dry-run
+status, output = traceCommand("xm dry-run /tmp/xm-test.conf | "
+                              "grep -v \"Dry Run\"")
+if status != 0:
+    FAIL("'xm dry-run' failed.")
+if not re.search("PERMITTED", output):
+    FAIL("'xm dry-run' did not show that operation was permitted.")
+
+domain1.destroy()
diff -r cbc181eb54fa -r 4ecfbf08b449 
tools/xm-test/tests/security-acm/04_security-acm_dom_res.py
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/xm-test/tests/security-acm/04_security-acm_dom_res.py       Wed Oct 
18 16:07:55 2006 +0100
@@ -0,0 +1,69 @@
+#!/usr/bin/python
+
+# Copyright (C) International Business Machines Corp., 2006
+# Author: Stefan Berger <stefanb@xxxxxxxxxx>
+#
+# Simple test that starts two labeled domains using labeled resources each
+#
+
+from XmTestLib import *
+from acm_utils import *
+import commands
+import os
+
+testlabel1 = "green"
+resource1  = "phy:ram0"
+testlabel2 = "red"
+resource2  = "phy:/dev/ram1"
+
+config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel1),
+          "disk"          :"%s,hda1,w" % (resource1)}
+domain1 = XmTestDomain(name="domain-%s" % testlabel1,
+                       extraConfig=config)
+
+# Explicity label the resource
+ACMLabelResource(resource1, testlabel1)
+
+try:
+    domain1.start(noConsole=True)
+except DomainError, e:
+    if verbose:
+        print e.extra
+    FAIL("Unable to start 1st labeled test domain.")
+
+# Verify with xm dry-run
+status, output = traceCommand("xm dry-run /tmp/xm-test.conf | "
+                              "grep -v \"Dry Run\"")
+
+if status != 0:
+    FAIL("'xm dry-run' failed")
+if not re.search("%s: PERMITTED" % resource1, output):
+    FAIL("'xm dry-run' did not succeed.")
+
+config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel2),
+          "disk"          :"%s,hda1,w" % (resource2)}
+
+domain2 = XmTestDomain(name="domain-%s" % testlabel2,
+                       extraConfig=config)
+
+# Explicity label the resource
+ACMLabelResource(resource2, testlabel2)
+
+try:
+    domain2.start(noConsole=True)
+except DomainError, e:
+    if verbose:
+        print e.extra
+    FAIL("Unable to start 2nd labeled test domain.")
+
+# Verify with xm dry-run
+status, output = traceCommand("xm dry-run /tmp/xm-test.conf | "
+                              "grep -v \"Dry Run\"")
+
+if status != 0:
+    FAIL("'xm dry-run' failed")
+if not re.search("%s: PERMITTED" % resource2, output):
+    FAIL("'xm dry-run' did not succeed.")
+
+domain2.destroy()
+domain1.destroy()
diff -r cbc181eb54fa -r 4ecfbf08b449 
tools/xm-test/tests/security-acm/05_security-acm_dom_res_conf.py
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/xm-test/tests/security-acm/05_security-acm_dom_res_conf.py  Wed Oct 
18 16:07:55 2006 +0100
@@ -0,0 +1,38 @@
+#!/usr/bin/python
+
+# Copyright (C) International Business Machines Corp., 2006
+# Author: Stefan Berger <stefanb@xxxxxxxxxx>
+#
+# A test that tries to start a domain using a resource that it is
+# not supposed to be able to use due to its labeling
+
+from XmTestLib import *
+from acm_utils import *
+import commands
+import os
+
+testlabel1 = "blue"
+resource1  = "phy:ram0"
+
+config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel1),
+          "disk"          :"%s,hda1,w" % (resource1)}
+
+domain1 = XmTestDomain(name="domain-%s" % testlabel1,
+                       extraConfig=config)
+
+ACMLabelResource(resource1,"red")
+
+try:
+    domain1.start(noConsole=True)
+    # Should never get here
+    FAIL("Could start domain with resource that it is not supposed to access.")
+except DomainError, e:
+    #That's exactly what we want to have in this case
+    dummy = 0
+
+# Verify via dry-run
+status, output = traceCommand("xm dry-run /tmp/xm-test.conf | "
+                              "grep -v \"Dry Run\"")
+if not re.search("%s: DENIED" %resource1, output):
+    FAIL("'xm dry-run' did not show expected result that operation was NOT "
+         "permitted: \n%s" % output)
diff -r cbc181eb54fa -r 4ecfbf08b449 
tools/xm-test/tests/security-acm/06_security-acm_dom_block_attach.py
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/xm-test/tests/security-acm/06_security-acm_dom_block_attach.py      
Wed Oct 18 16:07:55 2006 +0100
@@ -0,0 +1,82 @@
+#!/usr/bin/python
+
+# Copyright (C) International Business Machines Corp., 2005
+# Author: Stefan Berger <stefanb@xxxxxxxxxx>
+# Based on block-create/01_block_attach_device_pos.py
+#
+# Create a domain and attach 2 resources to it. The first resource
+# should be attacheable, the 2nd one should not be due to the label it has.
+
+import re
+from XmTestLib import *
+from XmTestLib import block_utils
+from acm_utils import *
+
+testlabel1 = "blue"
+resource1 = "phy:ram1"
+resourcelabel1 = "blue"
+resource2 = "phy:/dev/ram0"
+resourcelabel2 = "red"
+
+if ENABLE_HVM_SUPPORT:
+    SKIP("Block-attach not supported for HVM domains")
+
+# Create a domain (default XmTestDomain, with our ramdisk)
+config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel1)}
+
+domain = XmTestDomain(extraConfig=config)
+
+try:
+    console = domain.start()
+except DomainError, e:
+    FAIL(str(e))
+
+# Attach a console to it
+try:
+    console.setHistorySaveCmds(value=True)
+    # Run 'ls'
+    run = console.runCmd("ls")
+except ConsoleError, e:
+    saveLog(console.getHistory())
+    FAIL(str(e))
+
+
+# Explicitly label the 1st resource
+ACMLabelResource(resource1, resourcelabel1)
+block_utils.block_attach(domain, resource1, "sdb1")
+
+try:
+       run1 = console.runCmd("cat /proc/partitions")
+except ConsoleError, e:
+       FAIL(str(e))
+
+#Explicitly label the 2nd resource
+ACMLabelResource(resource2, resourcelabel2)
+#Cannot call block_attach here since we legally may fail the command
+status, output = traceCommand("xm block-attach %s %s %s w" %
+                               (domain.getName(), resource2, "sdb2" ))
+
+for i in range(10):
+    if block_utils.get_state(domain, "sdb2") == 4:
+        break
+    time.sleep(1)
+
+try:
+       run2 = console.runCmd("cat /proc/partitions")
+except ConsoleError, e:
+       FAIL(str(e))
+
+# Close the console
+domain.closeConsole()
+
+# Stop the domain (nice shutdown)
+domain.stop()
+
+if not re.search("sdb1",run1["output"]):
+    FAIL("Labeled device 'sdb1' is not actually connected to the domU")
+
+if not re.search("sdb1",run2["output"]):
+    FAIL("Labeled device 'sdb1' has disappeared?!")
+
+if re.search("sdb2",run2["output"]):
+    FAIL("Labeled device 'sdb2' is connected to the domU but should not be")
diff -r cbc181eb54fa -r 4ecfbf08b449 
tools/xm-test/tests/security-acm/Makefile.am
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/xm-test/tests/security-acm/Makefile.am      Wed Oct 18 16:07:55 
2006 +0100
@@ -0,0 +1,25 @@
+SUBDIRS =
+
+TESTS = 01_security-acm_basic.test \
+        02_security-acm_dom_start.test \
+        03_security-acm_dom_conflict.test \
+        04_security-acm_dom_res.test \
+        05_security-acm_dom_res_conf.test \
+        06_security-acm_dom_block_attach.test
+
+XFAIL_TESTS =
+
+EXTRA_DIST = $(TESTS) $(XFAIL_TESTS) acm_utils.py
+TESTS_ENVIRONMENT=@TENV@
+
+%.test: %.py
+       cp $< $@
+       chmod +x $@
+       @cp -f xm-test-security_policy.xml /etc/xen/acm-security/policies
+
+clean-local: am_config_clean-local
+
+am_config_clean-local:
+       rm -f *test
+       rm -f *log
+       rm -f *~
diff -r cbc181eb54fa -r 4ecfbf08b449 
tools/xm-test/tests/security-acm/acm_utils.py
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/xm-test/tests/security-acm/acm_utils.py     Wed Oct 18 16:07:55 
2006 +0100
@@ -0,0 +1,15 @@
+#!/usr/bin/python
+
+# Copyright (C) International Business Machines Corp., 2006
+# Author: Stefan Berger <stefanb@xxxxxxxxxx>
+
+from XmTestLib import *
+from XmTestLib.acm import *
+
+testpolicy = "xm-test"
+vmconfigfile = "/tmp/xm-test.conf"
+
+if not isACMEnabled():
+    SKIP("Not running this test since ACM not enabled.")
+
+ACMLoadPolicy(testpolicy)
diff -r cbc181eb54fa -r 4ecfbf08b449 
tools/xm-test/tests/security-acm/xm-test-security_policy.xml
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/xm-test/tests/security-acm/xm-test-security_policy.xml      Wed Oct 
18 16:07:55 2006 +0100
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Auto-generated by ezPolicy        -->
+<SecurityPolicyDefinition xmlns="http://www.ibm.com"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd ">
+    <PolicyHeader>
+        <PolicyName>xm-test</PolicyName>
+        <Date>Fri Sep 29 14:44:38 2006</Date>
+    </PolicyHeader>
+
+    <SimpleTypeEnforcement>
+        <SimpleTypeEnforcementTypes>
+            <Type>SystemManagement</Type>
+            <Type>green</Type>
+            <Type>red</Type>
+            <Type>blue</Type>
+        </SimpleTypeEnforcementTypes>
+    </SimpleTypeEnforcement>
+
+    <ChineseWall priority="PrimaryPolicyComponent">
+        <ChineseWallTypes>
+            <Type>SystemManagement</Type>
+            <Type>green</Type>
+            <Type>red</Type>
+            <Type>blue</Type>
+        </ChineseWallTypes>
+
+        <ConflictSets>
+            <Conflict name="RER">
+                <Type>blue</Type>
+                <Type>red</Type>
+            </Conflict>
+       </ConflictSets>
+    </ChineseWall>
+
+    <SecurityLabelTemplate>
+        <SubjectLabels bootstrap="SystemManagement">
+            <VirtualMachineLabel>
+                <Name>SystemManagement</Name>
+                <SimpleTypeEnforcementTypes>
+                    <Type>SystemManagement</Type>
+                    <Type>green</Type>
+                    <Type>red</Type>
+                    <Type>blue</Type>
+                </SimpleTypeEnforcementTypes>
+                <ChineseWallTypes>
+                    <Type>SystemManagement</Type>
+                </ChineseWallTypes>
+            </VirtualMachineLabel>
+
+            <VirtualMachineLabel>
+                <Name>green</Name>
+                <SimpleTypeEnforcementTypes>
+                    <Type>green</Type>
+                </SimpleTypeEnforcementTypes>
+                <ChineseWallTypes>
+                    <Type>green</Type>
+                </ChineseWallTypes>
+            </VirtualMachineLabel>
+
+            <VirtualMachineLabel>
+                <Name>red</Name>
+                <SimpleTypeEnforcementTypes>
+                    <Type>red</Type>
+                </SimpleTypeEnforcementTypes>
+                <ChineseWallTypes>
+                    <Type>red</Type>
+                </ChineseWallTypes>
+            </VirtualMachineLabel>
+
+            <VirtualMachineLabel>
+                <Name>blue</Name>
+                <SimpleTypeEnforcementTypes>
+                    <Type>blue</Type>
+                </SimpleTypeEnforcementTypes>
+                <ChineseWallTypes>
+                    <Type>blue</Type>
+                </ChineseWallTypes>
+            </VirtualMachineLabel>
+        </SubjectLabels>
+
+        <ObjectLabels>
+            <ResourceLabel>
+                <Name>SystemManagement</Name>
+                <SimpleTypeEnforcementTypes>
+                    <Type>SystemManagement</Type>
+                </SimpleTypeEnforcementTypes>
+            </ResourceLabel>
+
+            <ResourceLabel>
+                <Name>green</Name>
+                <SimpleTypeEnforcementTypes>
+                    <Type>green</Type>
+                </SimpleTypeEnforcementTypes>
+            </ResourceLabel>
+
+            <ResourceLabel>
+                <Name>red</Name>
+                <SimpleTypeEnforcementTypes>
+                    <Type>red</Type>
+                </SimpleTypeEnforcementTypes>
+            </ResourceLabel>
+
+            <ResourceLabel>
+                <Name>blue</Name>
+                <SimpleTypeEnforcementTypes>
+                    <Type>blue</Type>
+                </SimpleTypeEnforcementTypes>
+            </ResourceLabel>
+        </ObjectLabels>
+    </SecurityLabelTemplate>
+</SecurityPolicyDefinition>

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] [TPM] Add tests cases for the ACM security hooks and tools to, Xen patchbot-unstable <=