diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2012-02-02 15:21:42 +0000 |
---|---|---|
committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2012-02-02 15:21:42 +0000 |
commit | c14a9b21171a7dd847188b3f882cf9efd490c414 (patch) | |
tree | 21903f29ba37a1c6db6f9d81d498ff8f09391c5c /tools/flask/policy/policy/modules/xen/xen.te | |
parent | a15e8b800a7dc62b1edc4314856dbc8f5003a28a (diff) | |
download | xen-c14a9b21171a7dd847188b3f882cf9efd490c414.tar.gz xen-c14a9b21171a7dd847188b3f882cf9efd490c414.tar.bz2 xen-c14a9b21171a7dd847188b3f882cf9efd490c414.zip |
flask/policy: use declare_domain for dom0_t
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'tools/flask/policy/policy/modules/xen/xen.te')
-rw-r--r-- | tools/flask/policy/policy/modules/xen/xen.te | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te index 67dd0dfa88..fb71b757ca 100644 --- a/tools/flask/policy/policy/modules/xen/xen.te +++ b/tools/flask/policy/policy/modules/xen/xen.te @@ -25,7 +25,7 @@ attribute mls_priv; type xen_t, xen_type, mls_priv; # Domain 0 -type dom0_t, domain_type, mls_priv; +declare_domain(dom0_t, mls_priv); # Untracked I/O memory (pseudo-domain) type domio_t, xen_type; @@ -63,8 +63,6 @@ allow dom0_t security_t:security { check_context compute_av compute_create setbool setsecparam add_ocontext del_ocontext }; allow dom0_t dom0_t:domain { getdomaininfo getvcpuinfo getvcpuaffinity }; -allow dom0_t dom0_t:grant { query setup }; -allow dom0_t dom0_t:mmu { adjust physmap map_read map_write stat pinpage }; allow dom0_t dom0_t:resource { add remove }; admin_device(dom0_t, device_t) |