diff options
author | Keir Fraser <keir.fraser@citrix.com> | 2008-10-27 10:29:39 +0000 |
---|---|---|
committer | Keir Fraser <keir.fraser@citrix.com> | 2008-10-27 10:29:39 +0000 |
commit | 1b2564299803bb54d0a696a0ad2e83358a15d27d (patch) | |
tree | b332cbd56ef035fa12be008ac24ded418417a7c5 /tools/flask/policy/policy/modules/xen/xen.te | |
parent | 2f819e06d1f32cecd5179acc9fd037e2e3102d1b (diff) | |
download | xen-1b2564299803bb54d0a696a0ad2e83358a15d27d.tar.gz xen-1b2564299803bb54d0a696a0ad2e83358a15d27d.tar.bz2 xen-1b2564299803bb54d0a696a0ad2e83358a15d27d.zip |
Add 2 more permissions to the XSM/Flask default policy.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
Diffstat (limited to 'tools/flask/policy/policy/modules/xen/xen.te')
-rw-r--r-- | tools/flask/policy/policy/modules/xen/xen.te | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te index 62920fc68e..85651cf1fb 100644 --- a/tools/flask/policy/policy/modules/xen/xen.te +++ b/tools/flask/policy/policy/modules/xen/xen.te @@ -74,7 +74,7 @@ allow dom0_t iomem_t:mmu {map_read map_write}; allow dom0_t pirq_t:event {vector}; allow dom0_t xen_t:mmu {memorymap}; -allow dom0_t dom0_t:mmu {pinpage map_read map_write adjust}; +allow dom0_t dom0_t:mmu {pinpage map_read map_write adjust updatemp}; allow dom0_t dom0_t:grant {query setup}; allow dom0_t dom0_t:domain {scheduler getdomaininfo getvcpuinfo getvcpuaffinity}; @@ -112,6 +112,7 @@ allow domU_t evchnU-0_t:event {send}; allow dom0_t dom0_t:event {send}; allow dom0_t domU_t:grant {copy}; +allow domU_t domU_t:grant {copy}; manage_domain(dom0_t, domU_t) |