7 files changed, 18 insertions, 10 deletions

diff --git a/tools/flask/policy/policy/flask/access_vectors b/tools/flask/policy/policy/flask/access_vectors
index 1b2687a8f9..38036d0ef6 100644
--- a/tools/flask/policy/policy/flask/access_vectors
+++ b/tools/flask/policy/policy/flask/access_vectors
@@ -128,6 +128,7 @@ class mmu
     pinpage
     mfnlist
     memorymap
+    remote_remap
 }
 
 class shadow
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 7bb3ea1872..19391fc3cb 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -3517,7 +3517,7 @@ int do_mmu_update(
         {
             p2m_type_t p2mt;
 
-            rc = xsm_mmu_normal_update(d, pg_owner, req.val);
+            rc = xsm_mmu_normal_update(d, pt_owner, pg_owner, req.val);
             if ( rc )
                 break;
             rc = -EINVAL;
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index ce3b6aa9d5..43829c7762 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -141,8 +141,8 @@ struct xsm_operations {
     int (*getidletime) (void);
     int (*machine_memory_map) (void);
     int (*domain_memory_map) (struct domain *d);
-    int (*mmu_normal_update) (struct domain *d, struct domain *f, 
-                                                                intpte_t fpte);
+    int (*mmu_normal_update) (struct domain *d, struct domain *t,
+                              struct domain *f, intpte_t fpte);
     int (*mmu_machphys_update) (struct domain *d, unsigned long mfn);
     int (*update_va_mapping) (struct domain *d, struct domain *f, 
                                                             l1_pgentry_t pte);
@@ -593,10 +593,10 @@ static inline int xsm_domain_memory_map(struct domain *d)
     return xsm_call(domain_memory_map(d));
 }
 
-static inline int xsm_mmu_normal_update (struct domain *d, struct domain *f, 
-                                                                intpte_t fpte)
+static inline int xsm_mmu_normal_update (struct domain *d, struct domain *t,
+                                         struct domain *f, intpte_t fpte)
 {
-    return xsm_call(mmu_normal_update(d, f, fpte));
+    return xsm_call(mmu_normal_update(d, t, f, fpte));
 }
 
 static inline int xsm_mmu_machphys_update (struct domain *d, unsigned long mfn)
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index d6f2da023f..7066dfb5b1 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -399,8 +399,8 @@ static int dummy_domain_memory_map (struct domain *d)
     return 0;
 }
 
-static int dummy_mmu_normal_update (struct domain *d, struct domain *f, 
-                                                                intpte_t fpte)
+static int dummy_mmu_normal_update (struct domain *d, struct domain *t,
+                                    struct domain *f, intpte_t fpte)
 {
     return 0;
 }
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 1a3f3b30ac..04c2f687ad 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1008,8 +1008,8 @@ static int flask_domain_memory_map(struct domain *d)
     return domain_has_perm(current->domain, d, SECCLASS_MMU, MMU__MEMORYMAP);
 }
 
-static int flask_mmu_normal_update(struct domain *d, struct domain *f, 
-                                   intpte_t fpte)
+static int flask_mmu_normal_update(struct domain *d, struct domain *t,
+                                   struct domain *f, intpte_t fpte)
 {
     int rc = 0;
     u32 map_perms = MMU__MAP_READ;
@@ -1017,6 +1017,11 @@ static int flask_mmu_normal_update(struct domain *d, struct domain *f,
     struct domain_security_struct *dsec;
     u32 fsid;
 
+    if (d != t)
+        rc = domain_has_perm(d, t, SECCLASS_MMU, MMU__REMOTE_REMAP);
+    if ( rc )
+        return rc;
+
     if ( !(l1e_get_flags(l1e_from_intpte(fpte)) & _PAGE_PRESENT) )
         return 0;
 
diff --git a/xen/xsm/flask/include/av_perm_to_string.h b/xen/xsm/flask/include/av_perm_to_string.h
index 70aa02d2da..56572a76b6 100644
--- a/xen/xsm/flask/include/av_perm_to_string.h
+++ b/xen/xsm/flask/include/av_perm_to_string.h
@@ -87,6 +87,7 @@
    S_(SECCLASS_MMU, MMU__PINPAGE, "pinpage")
    S_(SECCLASS_MMU, MMU__MFNLIST, "mfnlist")
    S_(SECCLASS_MMU, MMU__MEMORYMAP, "memorymap")
+   S_(SECCLASS_MMU, MMU__REMOTE_REMAP, "remote_remap")
    S_(SECCLASS_SHADOW, SHADOW__DISABLE, "disable")
    S_(SECCLASS_SHADOW, SHADOW__ENABLE, "enable")
    S_(SECCLASS_SHADOW, SHADOW__LOGDIRTY, "logdirty")
diff --git a/xen/xsm/flask/include/av_permissions.h b/xen/xsm/flask/include/av_permissions.h
index 4c2ffb61e8..67511adae5 100644
--- a/xen/xsm/flask/include/av_permissions.h
+++ b/xen/xsm/flask/include/av_permissions.h
@@ -92,6 +92,7 @@
 #define MMU__PINPAGE                              0x00000200UL
 #define MMU__MFNLIST                              0x00000400UL
 #define MMU__MEMORYMAP                            0x00000800UL
+#define MMU__REMOTE_REMAP                         0x00001000UL
 
 #define SHADOW__DISABLE                           0x00000001UL
 #define SHADOW__ENABLE                            0x00000002UL