diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-01-11 10:37:47 +0000 |
---|---|---|
committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-01-11 10:37:47 +0000 |
commit | f53e1bf04b43e1f9213cd6850167b26485941421 (patch) | |
tree | 47a9575abcb81a32bd2e108299f04714bf710910 /tools/flask/policy | |
parent | 2b7a98eed8069cb6fe1b967236d80d0a8cf2913e (diff) | |
download | xen-f53e1bf04b43e1f9213cd6850167b26485941421.tar.gz xen-f53e1bf04b43e1f9213cd6850167b26485941421.tar.bz2 xen-f53e1bf04b43e1f9213cd6850167b26485941421.zip |
xsm/flask: add missing hooks
The FLASK module was missing implementations of some hooks and did not
have access vectors defined for 10 domctls; define these now.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'tools/flask/policy')
-rw-r--r-- | tools/flask/policy/policy/modules/xen/xen.if | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if index 2ad11b2206..59ba17120f 100644 --- a/tools/flask/policy/policy/modules/xen/xen.if +++ b/tools/flask/policy/policy/modules/xen/xen.if @@ -29,6 +29,7 @@ define(`create_domain_common', ` getdomaininfo hypercall setvcpucontext setextvcpucontext scheduler getvcpuinfo getvcpuextstate getaddrsize getvcpuaffinity setvcpuaffinity }; + allow $1 $2:domain2 { set_cpuid settsc }; allow $1 $2:security check_context; allow $1 $2:shadow enable; allow $1 $2:mmu {map_read map_write adjust memorymap physmap pinpage}; @@ -67,6 +68,7 @@ define(`migrate_domain_out', ` allow $1 $2:hvm { gethvmc getparam irqlevel }; allow $1 $2:mmu { stat pageinfo map_read }; allow $1 $2:domain { getaddrsize getvcpucontext getextvcpucontext getvcpuextstate pause destroy }; + allow $1 $2:domain2 gettsc; ') ################################################################################ @@ -112,7 +114,7 @@ define(`device_model', ` domain_comms($1, $2) allow $1 $2:domain { set_target shutdown }; allow $1 $2:mmu { map_read map_write adjust physmap }; - allow $1 $2:hvm { getparam setparam trackdirtyvram hvmctl irqlevel pciroute }; + allow $1 $2:hvm { getparam setparam trackdirtyvram hvmctl irqlevel pciroute cacheattr send_irq }; ') ################################################################################ # |