aboutsummaryrefslogtreecommitdiffstats
path: root/tools/flask/policy/policy/modules/xen/xen.te
diff options
context:
space:
mode:
Diffstat (limited to 'tools/flask/policy/policy/modules/xen/xen.te')
-rw-r--r--tools/flask/policy/policy/modules/xen/xen.te13
1 files changed, 13 insertions, 0 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te
index f7343a2dd6..29885c4a38 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -100,6 +100,19 @@ if (!prot_doms_locked) {
domain_comms(dom0_t, prot_domU_t)
domain_comms(domU_t, prot_domU_t)
+# domHVM_t is meant to be paired with a qemu-dm stub domain of type dm_dom_t
+declare_domain(domHVM_t)
+create_domain(dom0_t, domHVM_t)
+manage_domain(dom0_t, domHVM_t)
+domain_comms(dom0_t, domHVM_t)
+domain_self_comms(domHVM_t)
+
+declare_domain(dm_dom_t)
+create_domain(dom0_t, dm_dom_t)
+manage_domain(dom0_t, dm_dom_t)
+domain_comms(dom0_t, dm_dom_t)
+device_model(dm_dom_t, domHVM_t)
+
###############################################################################
#
# Device delegation
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 12:06:30 +0000