diff options
| author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-02 13:48:31 -0800 |
|---|---|---|
| committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-02 13:48:31 -0800 |
| commit | 38804f14f8dfbe8f3eb6b57edc631ea04f4d0670 (patch) | |
| tree | e5d04922d1d87bc09f43d37581628e9b0812632a /tools/flask/policy/policy/modules/xen/xen.te | |
| parent | 9e3bff9fa50dc62da89576492e63083961862a63 (diff) | |
| download | xen-38804f14f8dfbe8f3eb6b57edc631ea04f4d0670.tar.gz xen-38804f14f8dfbe8f3eb6b57edc631ea04f4d0670.tar.bz2 xen-38804f14f8dfbe8f3eb6b57edc631ea04f4d0670.zip | |
xsm: clean up initial SIDs
The domU SID is never used before a policy load, and so does not
belong in the initial_sids list.
The PIRQ SID is now incorrectly named; it should simply be called IRQ.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'tools/flask/policy/policy/modules/xen/xen.te')
| -rw-r--r-- | tools/flask/policy/policy/modules/xen/xen.te | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te index 8113467080..1a7f29ad72 100644 --- a/tools/flask/policy/policy/modules/xen/xen.te +++ b/tools/flask/policy/policy/modules/xen/xen.te @@ -16,7 +16,7 @@ type unlabeled_t, domain_type; type security_t, domain_type; -type pirq_t, resource_type; +type irq_t, resource_type; type ioport_t, resource_type; type iomem_t, resource_type; type device_t, resource_type; @@ -43,8 +43,8 @@ allow xen_t ioport_t:resource {add_ioport remove_ioport}; allow dom0_t ioport_t:resource {use}; allow xen_t iomem_t:resource {add_iomem remove_iomem}; allow dom0_t iomem_t:resource {use}; -allow xen_t pirq_t:resource {add_irq remove_irq}; -allow dom0_t pirq_t:resource { add_irq remove_irq use}; +allow xen_t irq_t:resource {add_irq remove_irq}; +allow dom0_t irq_t:resource { add_irq remove_irq use}; allow dom0_t dom0_t:resource { add remove }; allow dom0_t xen_t:xen firmware; @@ -140,12 +140,11 @@ manage_domain(dom0_t, domHU_t) ################################################################################ sid xen gen_context(system_u:system_r:xen_t,s0) sid dom0 gen_context(system_u:system_r:dom0_t,s0) -sid domU gen_context(system_u:system_r:domU_t,s0) sid domxen gen_context(system_u:system_r:domxen_t,s0) sid domio gen_context(system_u:system_r:domio_t,s0) sid unlabeled gen_context(system_u:system_r:unlabeled_t,s0) sid security gen_context(system_u:system_r:security_t,s0) -sid pirq gen_context(system_u:object_r:pirq_t,s0) +sid irq gen_context(system_u:object_r:irq_t,s0) sid iomem gen_context(system_u:object_r:iomem_t,s0) sid ioport gen_context(system_u:object_r:ioport_t,s0) sid device gen_context(system_u:object_r:device_t,s0) |