3 files changed, 10 insertions, 0 deletions

diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 21aef2add9..f7b0399c2c 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -124,6 +124,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
     set_to_dummy_if_null(ops, mmu_update);
     set_to_dummy_if_null(ops, mmuext_op);
     set_to_dummy_if_null(ops, update_va_mapping);
+    set_to_dummy_if_null(ops, priv_mapping);
     set_to_dummy_if_null(ops, bind_pt_irq);
     set_to_dummy_if_null(ops, unbind_pt_irq);
     set_to_dummy_if_null(ops, ioport_permission);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 23c523386b..04c8a3913e 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1345,6 +1345,11 @@ static int flask_update_va_mapping(struct domain *d, struct domain *f,
     return domain_has_perm(d, f, SECCLASS_MMU, map_perms);
 }
 
+static int flask_priv_mapping(struct domain *d, struct domain *t)
+{
+    return domain_has_perm(d, t, SECCLASS_MMU, MMU__TARGET_HACK);
+}
+
 static int flask_get_device_group(uint32_t machine_bdf)
 {
     u32 rsid;
@@ -1534,6 +1539,7 @@ static struct xsm_operations flask_ops = {
     .mmu_update = flask_mmu_update,
     .mmuext_op = flask_mmuext_op,
     .update_va_mapping = flask_update_va_mapping,
+    .priv_mapping = flask_priv_mapping,
     .get_device_group = flask_get_device_group,
     .test_assign_device = flask_test_assign_device,
     .assign_device = flask_assign_device,
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
index 36b8b2c271..c8ae8060cd 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -330,6 +330,9 @@ class mmu
 #  source = domain making the hypercall
 #  target = domain whose pages are being exchanged
     exchange
+# Allow a privileged domain to install a map of a page it does not own.  Used
+# for stub domain device models with the PV framebuffer.
+    target_hack
 }
 
 # control of the paging_domctl split by subop