diff options
| author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-02 13:48:31 -0800 |
|---|---|---|
| committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-02 13:48:31 -0800 |
| commit | 38804f14f8dfbe8f3eb6b57edc631ea04f4d0670 (patch) | |
| tree | e5d04922d1d87bc09f43d37581628e9b0812632a /tools/flask/policy/policy/modules/xen/xen.if | |
| parent | 9e3bff9fa50dc62da89576492e63083961862a63 (diff) | |
| download | xen-38804f14f8dfbe8f3eb6b57edc631ea04f4d0670.tar.gz xen-38804f14f8dfbe8f3eb6b57edc631ea04f4d0670.tar.bz2 xen-38804f14f8dfbe8f3eb6b57edc631ea04f4d0670.zip | |
xsm: clean up initial SIDs
The domU SID is never used before a policy load, and so does not
belong in the initial_sids list.
The PIRQ SID is now incorrectly named; it should simply be called IRQ.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'tools/flask/policy/policy/modules/xen/xen.if')
| -rw-r--r-- | tools/flask/policy/policy/modules/xen/xen.if | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if index d12af740cf..1b508987f2 100644 --- a/tools/flask/policy/policy/modules/xen/xen.if +++ b/tools/flask/policy/policy/modules/xen/xen.if @@ -70,10 +70,10 @@ define(`create_passthrough_resource', ` allow $1 $2:resource {add remove}; allow $1 ioport_t:resource {add_ioport use}; allow $1 iomem_t:resource {add_iomem use}; - allow $1 pirq_t:resource {add_irq use}; + allow $1 irq_t:resource {add_irq use}; allow $1 domio_t:mmu {map_read map_write}; allow $2 domio_t:mmu {map_write}; - allow $2 pirq_t:resource {use}; + allow $2 irq_t:resource {use}; allow $1 $3:resource {add_irq add_iomem add_ioport remove_irq remove_iomem remove_ioport use add_device remove_device}; allow $2 $3:resource {use add_ioport add_iomem remove_ioport remove_iomem}; allow $2 $3:mmu {map_read map_write}; |