aboutsummaryrefslogtreecommitdiffstats
path: root/xen/xsm/flask/policy/access_vectors
diff options
context:
space:
mode:
Diffstat (limited to 'xen/xsm/flask/policy/access_vectors')
-rw-r--r--xen/xsm/flask/policy/access_vectors178
1 files changed, 178 insertions, 0 deletions
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
new file mode 100644
index 0000000000..c7e29abb32
--- /dev/null
+++ b/xen/xsm/flask/policy/access_vectors
@@ -0,0 +1,178 @@
+#
+# Define the access vectors.
+#
+# class class_name { permission_name ... }
+
+class xen
+{
+ scheduler
+ settime
+ tbufcontrol
+ readconsole
+ clearconsole
+ perfcontrol
+ mtrr_add
+ mtrr_del
+ mtrr_read
+ microcode
+ physinfo
+ quirk
+ writeconsole
+ readapic
+ writeapic
+ privprofile
+ nonprivprofile
+ kexec
+ firmware
+ sleep
+ frequency
+ getidle
+ debug
+ getcpuinfo
+ heap
+ pm_op
+ mca_op
+ lockprof
+ cpupool_op
+ sched_op
+}
+
+class domain
+{
+ setvcpucontext
+ pause
+ unpause
+ resume
+ create
+ transition
+ max_vcpus
+ destroy
+ setvcpuaffinity
+ getvcpuaffinity
+ scheduler
+ getdomaininfo
+ getvcpuinfo
+ getvcpucontext
+ setdomainmaxmem
+ setdomainhandle
+ setdebugging
+ hypercall
+ settime
+ set_target
+ shutdown
+ setaddrsize
+ getaddrsize
+ trigger
+ getextvcpucontext
+ setextvcpucontext
+ getvcpuextstate
+ setvcpuextstate
+ getpodtarget
+ setpodtarget
+ set_misc_info
+ set_virq_handler
+}
+
+class domain2
+{
+ relabelfrom
+ relabelto
+ relabelself
+}
+
+class hvm
+{
+ sethvmc
+ gethvmc
+ setparam
+ getparam
+ pcilevel
+ irqlevel
+ pciroute
+ bind_irq
+ cacheattr
+ trackdirtyvram
+ hvmctl
+ mem_event
+ mem_sharing
+}
+
+class event
+{
+ bind
+ send
+ status
+ notify
+ create
+ reset
+}
+
+class grant
+{
+ map_read
+ map_write
+ unmap
+ transfer
+ setup
+ copy
+ query
+}
+
+class mmu
+{
+ map_read
+ map_write
+ pageinfo
+ pagelist
+ adjust
+ stat
+ translategp
+ updatemp
+ physmap
+ pinpage
+ mfnlist
+ memorymap
+ remote_remap
+}
+
+class shadow
+{
+ disable
+ enable
+ logdirty
+}
+
+class resource
+{
+ add
+ remove
+ use
+ add_irq
+ remove_irq
+ add_ioport
+ remove_ioport
+ add_iomem
+ remove_iomem
+ stat_device
+ add_device
+ remove_device
+ plug
+ unplug
+ setup
+}
+
+class security
+{
+ compute_av
+ compute_create
+ compute_member
+ check_context
+ load_policy
+ compute_relabel
+ compute_user
+ setenforce
+ setbool
+ setsecparam
+ add_ocontext
+ del_ocontext
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-09 12:47:12 +0000