diff options
Diffstat (limited to 'tools/flask/policy/policy/access_vectors')
| -rw-r--r-- | tools/flask/policy/policy/access_vectors | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/tools/flask/policy/policy/access_vectors b/tools/flask/policy/policy/access_vectors new file mode 100644 index 0000000000..4fd61f1a59 --- /dev/null +++ b/tools/flask/policy/policy/access_vectors @@ -0,0 +1,24 @@ +# Locally defined access vectors +# +# Define access vectors for the security classes defined in security_classes +# + +# Note: this is an example; the xenstore daemon provided with Xen does +# not yet include XSM support, and the exact permissions may be defined +# differently if such support is added. +class xenstore { + # read from keys owned by the target domain (if permissions allow) + read + # write to keys owned by the target domain (if permissions allow) + write + # change permissions of a key owned by the target domain + chmod + # change the owner of a key which was owned by the target domain + chown_from + # change the owner of a key to the target domain + chown_to + # access a key owned by the target domain without permission + override + # introduce a domain + introduce +} |