1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
{
"pdps": [{"name" : "pdp_mls", "keystone_project_id" : "", "description": "", "policies": [{"name": "MLS policy example"}]}],
"policies":[{ "name": "MLS policy example", "genre": "authz", "description": "", "model": {"name": "MLS"} , "mandatory" :false , "override":true}],
"models":[{"name":"MLS", "description":"","meta_rules": [{"name" : "mls"}], "override":true}],
"subjects": [{ "name":"adminuser", "description": "", "extra": {}, "policies": [{ "name": "MLS policy example"}]} ,
{ "name": "user1", "description": "", "extra": {}, "policies": [{ "name": "MLS policy example"}] },
{ "name": "user2", "description": "", "extra": {}, "policies": [{ "name": "MLS policy example"}] }],
"subject_categories": [{ "name":"subject-security-level", "description": "" }],
"subject_data": [{ "name":"low", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "subject-security-level"}},
{ "name":"medium", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "subject-security-level"}},
{ "name":"high", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "subject-security-level"}}],
"subject_assignments":[{ "subject" : {"name": "adminuser"}, "category" : {"name": "subject-security-level"}, "assignments": [{"name" : "high"}]},
{ "subject" : {"name": "user1"}, "category" : {"name": "subject-security-level"}, "assignments": [{"name" : "medium"}] }],
"objects": [{ "name":"vm0", "description": "", "extra": {}, "policies": [{"name": "MLS policy example"}]} ,
{"name": "vm1", "description": "", "extra": {}, "policies": [{"name": "MLS policy example"}]} ],
"object_categories": [{"name":"object-security-level", "description": ""}],
"object_data": [{ "name":"low", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "object-security-level"}},
{ "name":"medium", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "object-security-level"}},
{ "name":"high", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "object-security-level"}}],
"object_assignments":[{ "object" : {"name": "vm0"}, "category" : {"name": "object-security-level"}, "assignments": [{"name" : "medium"}]},
{ "object" : {"name": "vm1"}, "category" : {"name": "object-security-level"}, "assignments": [{"name" : "low"}]}],
"actions": [{ "name": "start", "description": "", "extra": {}, "policies": [{"name": "MLS policy example"}]} ,
{ "name": "stop", "description": "", "extra": {}, "policies": [{"name": "MLS policy example"}]}],
"action_categories": [{"name":"action-type", "description": ""}],
"action_data": [{"name":"vm-action", "description": "", "policies": [{"name": "MLS policy example"}], "category": {"name": "action-type"}},
{"name":"storage-action", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "action-type"}}],
"action_assignments":[{ "action" : {"name": "start"}, "category" : {"name": "action-type"}, "assignments": [{"name" : "vm-action"}]},
{ "action" : {"name": "stop"}, "category" : {"name": "action-type"}, "assignments": [{"name" : "vm-action"}]}],
"meta_rules":[{"name":"mls", "description": "",
"subject_categories": [{"name": "subject-security-level"}],
"object_categories": [{"name": "object-security-level"}],
"action_categories": [{"name": "action-type"}]
}],
"rules": [{
"meta_rule": {"name" : "mls"},
"rule": {"subject_data" : [{"name":"high"}], "object_data": [{"name": "medium"}], "action_data": [{"name": "vm-action"}]},
"policy": {"name" :"MLS policy example"},
"instructions" : {"decision" : "grant"}
}, {
"meta_rule": {"name" : "mls"},
"rule": {"subject_data" : [{"name":"high"}], "object_data": [{"name": "low"}], "action_data": [{"name": "vm-action"}]},
"policy": {"name" :"MLS policy example"},
"instructions" : {"decision" : "grant"}
}, {
"meta_rule": {"name" : "mls"},
"rule": {"subject_data" : [{"name":"medium"}], "object_data": [{"name": "low"}], "action_data": [{"name": "vm-action"}]},
"policy": {"name" :"MLS policy example"},
"instructions" : {"decision" : "grant"}
}]
}
|
