diff options
| author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-05-07 16:49:18 +0200 |
|---|---|---|
| committer | Jan Beulich <jbeulich@suse.com> | 2013-05-07 16:49:18 +0200 |
| commit | 919f59b3b99e1d845c6a1f30125e79e828805d87 (patch) | |
| tree | aa20c9a715a12b2ba54bf9ec992a7f4a507c4bb7 /tools/flask | |
| parent | 013e34f5a61725012467f17650597d351fc0ca99 (diff) | |
| download | xen-919f59b3b99e1d845c6a1f30125e79e828805d87.tar.gz xen-919f59b3b99e1d845c6a1f30125e79e828805d87.tar.bz2 xen-919f59b3b99e1d845c6a1f30125e79e828805d87.zip | |
xsm: add hooks for claim
Adds XSM hooks for the recently introduced XENMEM_claim_pages and
XENMEM_get_outstanding_pages operations, and adds FLASK access vectors
for them. This makes the access control decisions for these operations
match those in the rest of the hypervisor.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com> (for 4.3 release)
Acked-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'tools/flask')
| -rw-r--r-- | tools/flask/policy/policy/modules/xen/xen.if | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if index 3a59f38567..c86a6189c6 100644 --- a/tools/flask/policy/policy/modules/xen/xen.if +++ b/tools/flask/policy/policy/modules/xen/xen.if @@ -49,7 +49,7 @@ define(`create_domain_common', ` getdomaininfo hypercall setvcpucontext setextvcpucontext getscheduler getvcpuinfo getvcpuextstate getaddrsize getaffinity setaffinity }; - allow $1 $2:domain2 { set_cpuid settsc setscheduler }; + allow $1 $2:domain2 { set_cpuid settsc setscheduler setclaim }; allow $1 $2:security check_context; allow $1 $2:shadow enable; allow $1 $2:mmu { map_read map_write adjust memorymap physmap pinpage mmuext_op }; |