diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-01-11 10:40:58 +0000 |
---|---|---|
committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-01-11 10:40:58 +0000 |
commit | 58632b5b140c35e8003a4efbe1eabe936c602490 (patch) | |
tree | 11ef5d938d4e9b82cd0469e350b896169d9f6a49 /tools/flask | |
parent | aaba7a677dfc5e42aa4064565948cb2632f83dd5 (diff) | |
download | xen-58632b5b140c35e8003a4efbe1eabe936c602490.tar.gz xen-58632b5b140c35e8003a4efbe1eabe936c602490.tar.bz2 xen-58632b5b140c35e8003a4efbe1eabe936c602490.zip |
xen: add XSM hook for XENMEM_exchange
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'tools/flask')
-rw-r--r-- | tools/flask/policy/policy/modules/xen/xen.if | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if index fda5cb5b26..d9d534427b 100644 --- a/tools/flask/policy/policy/modules/xen/xen.if +++ b/tools/flask/policy/policy/modules/xen/xen.if @@ -30,6 +30,7 @@ define(`declare_domain', ` # containing at most one domain. This is not enforced by policy. define(`declare_singleton_domain', ` type $1, domain_type`'ifelse(`$#', `1', `', `,shift($@)'); + define(`$1_self', `$1') type $1_channel, event_type; type_transition $1 domain_type:event $1_channel; declare_domain_common($1, $1) @@ -161,6 +162,7 @@ define(`make_device_model', ` # use_device(domain, device) # Allow a device to be used by a domain define(`use_device', ` + allow $1 $1_self:mmu exchange; allow $1 $2:resource use; allow $1 domio_t:mmu { map_read map_write }; ') |