xsm: add remote_remap permission

The mmu_update hypercall can be used to manipulate the page tables of a remote domain. Add a check for this in the XSM hook in addition to the existing check on mapping pages of a remote domain. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
author: Daniel De Graaf <dgdegra@tycho.nsa.gov> 2011-12-18 14:33:19 +0000
committer: Daniel De Graaf <dgdegra@tycho.nsa.gov> 2011-12-18 14:33:19 +0000
commit: 4c1b911bbcd97fb68b4a9e0903a6644e50adda01 (patch)
tree: ced092f6dc59142d3362611e9acf117ffc250363 /tools/flask
parent: d55b4c2dc629e9460d72c17bb2b0fa2028123199 (diff)
download: xen-4c1b911bbcd97fb68b4a9e0903a6644e50adda01.tar.gz
xen-4c1b911bbcd97fb68b4a9e0903a6644e50adda01.tar.bz2
xen-4c1b911bbcd97fb68b4a9e0903a6644e50adda01.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/tools/flask/policy/policy/flask/access_vectors b/tools/flask/policy/policy/flask/access_vectors
index 1b2687a8f9..38036d0ef6 100644
--- a/tools/flask/policy/policy/flask/access_vectors
+++ b/tools/flask/policy/policy/flask/access_vectors
@@ -128,6 +128,7 @@ class mmu
     pinpage
     mfnlist
     memorymap
+    remote_remap
 }
 
 class shadow
author	Daniel De Graaf <dgdegra@tycho.nsa.gov>	2011-12-18 14:33:19 +0000
committer	Daniel De Graaf <dgdegra@tycho.nsa.gov>	2011-12-18 14:33:19 +0000
commit	4c1b911bbcd97fb68b4a9e0903a6644e50adda01 (patch)
tree	ced092f6dc59142d3362611e9acf117ffc250363 /tools/flask
parent	d55b4c2dc629e9460d72c17bb2b0fa2028123199 (diff)
download	xen-4c1b911bbcd97fb68b4a9e0903a6644e50adda01.tar.gz xen-4c1b911bbcd97fb68b4a9e0903a6644e50adda01.tar.bz2 xen-4c1b911bbcd97fb68b4a9e0903a6644e50adda01.zip