xen: add XSM hook for XENMEM_exchange

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
author: Daniel De Graaf <dgdegra@tycho.nsa.gov> 2013-01-11 10:40:58 +0000
committer: Daniel De Graaf <dgdegra@tycho.nsa.gov> 2013-01-11 10:40:58 +0000
commit: 58632b5b140c35e8003a4efbe1eabe936c602490 (patch)
tree: 11ef5d938d4e9b82cd0469e350b896169d9f6a49 /tools/flask
parent: aaba7a677dfc5e42aa4064565948cb2632f83dd5 (diff)
download: xen-58632b5b140c35e8003a4efbe1eabe936c602490.tar.gz
xen-58632b5b140c35e8003a4efbe1eabe936c602490.tar.bz2
xen-58632b5b140c35e8003a4efbe1eabe936c602490.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if
index fda5cb5b26..d9d534427b 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -30,6 +30,7 @@ define(`declare_domain', `
 #   containing at most one domain. This is not enforced by policy.
 define(`declare_singleton_domain', `
 	type $1, domain_type`'ifelse(`$#', `1', `', `,shift($@)');
+	define(`$1_self', `$1')
 	type $1_channel, event_type;
 	type_transition $1 domain_type:event $1_channel;
 	declare_domain_common($1, $1)
@@ -161,6 +162,7 @@ define(`make_device_model', `
 # use_device(domain, device)
 #   Allow a device to be used by a domain
 define(`use_device', `
+    allow $1 $1_self:mmu exchange;
     allow $1 $2:resource use;
     allow $1 domio_t:mmu { map_read map_write };
 ')
author	Daniel De Graaf <dgdegra@tycho.nsa.gov>	2013-01-11 10:40:58 +0000
committer	Daniel De Graaf <dgdegra@tycho.nsa.gov>	2013-01-11 10:40:58 +0000
commit	58632b5b140c35e8003a4efbe1eabe936c602490 (patch)
tree	11ef5d938d4e9b82cd0469e350b896169d9f6a49 /tools/flask
parent	aaba7a677dfc5e42aa4064565948cb2632f83dd5 (diff)
download	xen-58632b5b140c35e8003a4efbe1eabe936c602490.tar.gz xen-58632b5b140c35e8003a4efbe1eabe936c602490.tar.bz2 xen-58632b5b140c35e8003a4efbe1eabe936c602490.zip