aboutsummaryrefslogtreecommitdiffstats
path: root/xen/xsm/flask/policy/access_vectors
diff options
context:
space:
mode:
Diffstat (limited to 'xen/xsm/flask/policy/access_vectors')
-rw-r--r--xen/xsm/flask/policy/access_vectors5
1 files changed, 2 insertions, 3 deletions
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
index 2fdaede5e8..36cbacfa13 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -368,12 +368,11 @@ class resource
# target = resource's security label
# also checked when using some core Xen devices (target xen_t)
use
-# PHYSDEVOP_map_pirq and ioapic writes for dom0
+# PHYSDEVOP_map_pirq and ioapic writes for dom0, when acting on real IRQs
# For GSI interrupts, the IRQ's label is indexed by the IRQ number
# For MSI interrupts, the label of the PCI device is used
add_irq
-# PHYSDEVOP_unmap_pirq:
-# This is currently only checked for GSI interrupts
+# PHYSDEVOP_unmap_pirq (same as map, and only for real IRQs)
remove_irq
# XEN_DOMCTL_ioport_permission, XEN_DOMCTL_ioport_mapping
add_ioport
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-09 15:50:48 +0000