From 35a5ddf29ab47c772b77e253131b3cb4757b6336 Mon Sep 17 00:00:00 2001
From: Jean Guyader <jean.guyader@eu.citrix.com>
Date: Tue, 8 Nov 2011 19:41:47 +0000
Subject: xsm: Add support for HVMOP_track_dirty_vram.

Xen try to inforce the xsm policy when a HVMOP_track_dirty_vram
is received (xen/arch/x86/hvm/hvm.c:3637). It was failing because
in flask_hvmcontext, xsm didn't have any case for this operation.

Signed-off-by: Jean Guyader <jean.guyader@eu.citrix.com>
Committed-by: Keir Fraser <keir@xen.org>
---
 tools/flask/policy/policy/flask/access_vectors | 1 +
 tools/flask/policy/policy/modules/xen/xen.if   | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

(limited to 'tools/flask')

diff --git a/tools/flask/policy/policy/flask/access_vectors b/tools/flask/policy/policy/flask/access_vectors
index 27fb9d7913..9d09c5bfce 100644
--- a/tools/flask/policy/policy/flask/access_vectors
+++ b/tools/flask/policy/policy/flask/access_vectors
@@ -90,6 +90,7 @@ class hvm
     pciroute
 	bind_irq
 	cacheattr
+    trackdirtyvram
 }
 
 class event
diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if
index 99afad6f6b..bf3b794c8e 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -22,7 +22,7 @@ define(`create_domain', `
 ################################################################################
 define(`create_hvm_dom', `
 	create_domain($1, $2, $3)
-	allow $1 $2:hvm { setparam getparam cacheattr pciroute irqlevel	pcilevel };
+	allow $1 $2:hvm { setparam getparam cacheattr pciroute irqlevel	pcilevel trackdirtyvram };
 	allow $2 $2:hvm setparam;
 ')	
 
-- 
cgit v1.2.3