xen/xsm: distinguish scheduler get/set operations

Add getscheduler and setscheduler permissions to replace the monolithic scheduler permission in the scheduler_op domctl and sysctl. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
author: Daniel De Graaf <dgdegra@tycho.nsa.gov> 2013-01-11 10:49:10 +0000
committer: Daniel De Graaf <dgdegra@tycho.nsa.gov> 2013-01-11 10:49:10 +0000
commit: dfb32a89d40f3a45203895c63810305daecdc420 (patch)
tree: 99412d03671457208f7139e2e9df7ddcfd6f7eb3 /xen/xsm/flask/policy/access_vectors
parent: a655abfd8a4bf03de9c9a8d820125be8323d64f8 (diff)
download: xen-dfb32a89d40f3a45203895c63810305daecdc420.tar.gz
xen-dfb32a89d40f3a45203895c63810305daecdc420.tar.bz2
xen-dfb32a89d40f3a45203895c63810305daecdc420.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
index 7a7e253a93..b982cf5c88 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -5,7 +5,6 @@
 
 class xen
 {
-	scheduler
 	settime
 	tbufcontrol
 	readconsole
@@ -34,9 +33,10 @@ class xen
 	mca_op
 	lockprof
 	cpupool_op
-	sched_op
 	tmem_op
 	tmem_control
+	getscheduler
+	setscheduler
 }
 
 class domain
@@ -51,7 +51,7 @@ class domain
     destroy
     setvcpuaffinity
 	getvcpuaffinity
-	scheduler
+	getscheduler
 	getdomaininfo
 	getvcpuinfo
 	getvcpucontext
@@ -85,6 +85,7 @@ class domain2
 	set_cpuid
 	gettsc
 	settsc
+	setscheduler
 }
 
 class hvm
author	Daniel De Graaf <dgdegra@tycho.nsa.gov>	2013-01-11 10:49:10 +0000
committer	Daniel De Graaf <dgdegra@tycho.nsa.gov>	2013-01-11 10:49:10 +0000
commit	dfb32a89d40f3a45203895c63810305daecdc420 (patch)
tree	99412d03671457208f7139e2e9df7ddcfd6f7eb3 /xen/xsm/flask/policy/access_vectors
parent	a655abfd8a4bf03de9c9a8d820125be8323d64f8 (diff)
download	xen-dfb32a89d40f3a45203895c63810305daecdc420.tar.gz xen-dfb32a89d40f3a45203895c63810305daecdc420.tar.bz2 xen-dfb32a89d40f3a45203895c63810305daecdc420.zip