Add 2 more permissions to the XSM/Flask default policy.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author: Keir Fraser <keir.fraser@citrix.com> 2008-10-27 10:29:39 +0000
committer: Keir Fraser <keir.fraser@citrix.com> 2008-10-27 10:29:39 +0000
commit: 1b2564299803bb54d0a696a0ad2e83358a15d27d (patch)
tree: b332cbd56ef035fa12be008ac24ded418417a7c5 /tools/flask
parent: 2f819e06d1f32cecd5179acc9fd037e2e3102d1b (diff)
download: xen-1b2564299803bb54d0a696a0ad2e83358a15d27d.tar.gz
xen-1b2564299803bb54d0a696a0ad2e83358a15d27d.tar.bz2
xen-1b2564299803bb54d0a696a0ad2e83358a15d27d.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te
index 62920fc68e..85651cf1fb 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -74,7 +74,7 @@ allow dom0_t iomem_t:mmu {map_read map_write};
 allow dom0_t pirq_t:event {vector};
 allow dom0_t xen_t:mmu {memorymap};
 
-allow dom0_t dom0_t:mmu {pinpage map_read map_write adjust};
+allow dom0_t dom0_t:mmu {pinpage map_read map_write adjust updatemp};
 allow dom0_t dom0_t:grant {query setup};
 allow dom0_t dom0_t:domain {scheduler getdomaininfo getvcpuinfo getvcpuaffinity};
 
@@ -112,6 +112,7 @@ allow domU_t evchnU-0_t:event {send};
 
 allow dom0_t dom0_t:event {send};
 allow dom0_t domU_t:grant {copy};
+allow domU_t domU_t:grant {copy};
 
 manage_domain(dom0_t, domU_t)
author	Keir Fraser <keir.fraser@citrix.com>	2008-10-27 10:29:39 +0000
committer	Keir Fraser <keir.fraser@citrix.com>	2008-10-27 10:29:39 +0000
commit	1b2564299803bb54d0a696a0ad2e83358a15d27d (patch)
tree	b332cbd56ef035fa12be008ac24ded418417a7c5 /tools/flask
parent	2f819e06d1f32cecd5179acc9fd037e2e3102d1b (diff)
download	xen-1b2564299803bb54d0a696a0ad2e83358a15d27d.tar.gz xen-1b2564299803bb54d0a696a0ad2e83358a15d27d.tar.bz2 xen-1b2564299803bb54d0a696a0ad2e83358a15d27d.zip