diff options
Diffstat (limited to 'xen/xsm/flask')
-rw-r--r-- | xen/xsm/flask/hooks.c | 3 | ||||
-rw-r--r-- | xen/xsm/flask/policy/access_vectors | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index fa0589a2d7..b1e2593378 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -727,6 +727,9 @@ static int flask_domctl(struct domain *d, int cmd) case XEN_DOMCTL_audit_p2m: return current_has_perm(d, SECCLASS_HVM, HVM__AUDIT_P2M); + case XEN_DOMCTL_set_max_evtchn: + return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SET_MAX_EVTCHN); + default: printk("flask_domctl: Unknown op %d\n", cmd); return -EPERM; diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors index 5dfe13b016..1fbe241ef4 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -194,6 +194,8 @@ class domain2 setscheduler # XENMEM_claim_pages setclaim +# XEN_DOMCTL_set_max_evtchn + set_max_evtchn } # Similar to class domain, but primarily contains domctls related to HVM domains |