xsm, flask: sample flask policy

- The patch includes a policy for xen that can be booted into
  enforcing mode and supports creation and management of
  paravirtualized guests.  The policy follows the dom0/domU usage
  model, extension to other models or the addition of management or IO
  permissions should be much more straightforward now. The option
  flask_enforcing=1 can be passed on the xen line in grub to boot
  into enforcing mode.

- The policy provides a basic policy for booting the platform and
  creating a domU with the label system_u:object_r:domU_t.  The policy
  can be easily extended to support new types by modifying the xen.te
  source file.

- The policy includes some basic macros which may be helpful in
  extending the policy.

- The policy is compatible with and requires the most recent XSM
  patch, xsm-flask-io-sysctl-hooks-090308.diff.

- The policy is not built as part of the make all as it requires the
  SELinux policy compiler which may/may not be installed on all
  systems.  Users must go into the tools/flask/policy directory and
  explicitly compile the policy.

Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>

1 files changed, 1 insertions, 0 deletions

diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if
new file mode 100644
index 0000000000..792d600548
--- /dev/null
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -0,0 +1 @@
+#