diff options
| author | Keir Fraser <keir@xen.org> | 2013-01-11 10:36:06 +0000 |
|---|---|---|
| committer | Keir Fraser <keir@xen.org> | 2013-01-11 10:36:06 +0000 |
| commit | 4b73f651d09d7e566ec3b6f0df16af7b5b1dd8be (patch) | |
| tree | 6d998faeee5f44dd682fb3039d78c97e0c3431c9 /xen/xsm/flask/policy/access_vectors | |
| parent | e7dc4bd7684398cb0b4d4140ff36ffdfdde3ce25 (diff) | |
| download | xen-4b73f651d09d7e566ec3b6f0df16af7b5b1dd8be.tar.gz xen-4b73f651d09d7e566ec3b6f0df16af7b5b1dd8be.tar.bz2 xen-4b73f651d09d7e566ec3b6f0df16af7b5b1dd8be.zip | |
xsm: Move flask policy files into hypervisor (missed from earlier commit).
Signed-off-by: Keir Fraser <keir@xen.org>
--HG--
rename : tools/flask/policy/policy/flask/access_vectors => xen/xsm/flask/policy/access_vectors
rename : tools/flask/policy/policy/flask/initial_sids => xen/xsm/flask/policy/initial_sids
rename : tools/flask/policy/policy/flask/mkaccess_vector.sh => xen/xsm/flask/policy/mkaccess_vector.sh
rename : tools/flask/policy/policy/flask/mkflask.sh => xen/xsm/flask/policy/mkflask.sh
rename : tools/flask/policy/policy/flask/security_classes => xen/xsm/flask/policy/security_classes
Diffstat (limited to 'xen/xsm/flask/policy/access_vectors')
| -rw-r--r-- | xen/xsm/flask/policy/access_vectors | 178 |
1 files changed, 178 insertions, 0 deletions
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors new file mode 100644 index 0000000000..c7e29abb32 --- /dev/null +++ b/xen/xsm/flask/policy/access_vectors @@ -0,0 +1,178 @@ +# +# Define the access vectors. +# +# class class_name { permission_name ... } + +class xen +{ + scheduler + settime + tbufcontrol + readconsole + clearconsole + perfcontrol + mtrr_add + mtrr_del + mtrr_read + microcode + physinfo + quirk + writeconsole + readapic + writeapic + privprofile + nonprivprofile + kexec + firmware + sleep + frequency + getidle + debug + getcpuinfo + heap + pm_op + mca_op + lockprof + cpupool_op + sched_op +} + +class domain +{ + setvcpucontext + pause + unpause + resume + create + transition + max_vcpus + destroy + setvcpuaffinity + getvcpuaffinity + scheduler + getdomaininfo + getvcpuinfo + getvcpucontext + setdomainmaxmem + setdomainhandle + setdebugging + hypercall + settime + set_target + shutdown + setaddrsize + getaddrsize + trigger + getextvcpucontext + setextvcpucontext + getvcpuextstate + setvcpuextstate + getpodtarget + setpodtarget + set_misc_info + set_virq_handler +} + +class domain2 +{ + relabelfrom + relabelto + relabelself +} + +class hvm +{ + sethvmc + gethvmc + setparam + getparam + pcilevel + irqlevel + pciroute + bind_irq + cacheattr + trackdirtyvram + hvmctl + mem_event + mem_sharing +} + +class event +{ + bind + send + status + notify + create + reset +} + +class grant +{ + map_read + map_write + unmap + transfer + setup + copy + query +} + +class mmu +{ + map_read + map_write + pageinfo + pagelist + adjust + stat + translategp + updatemp + physmap + pinpage + mfnlist + memorymap + remote_remap +} + +class shadow +{ + disable + enable + logdirty +} + +class resource +{ + add + remove + use + add_irq + remove_irq + add_ioport + remove_ioport + add_iomem + remove_iomem + stat_device + add_device + remove_device + plug + unplug + setup +} + +class security +{ + compute_av + compute_create + compute_member + check_context + load_policy + compute_relabel + compute_user + setenforce + setbool + setsecparam + add_ocontext + del_ocontext +} |