From 58632b5b140c35e8003a4efbe1eabe936c602490 Mon Sep 17 00:00:00 2001
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Date: Fri, 11 Jan 2013 10:40:58 +0000
Subject: xen: add XSM hook for XENMEM_exchange

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
---
 tools/flask/policy/policy/modules/xen/xen.if | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'tools/flask')

diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if
index fda5cb5b26..d9d534427b 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -30,6 +30,7 @@ define(`declare_domain', `
 #   containing at most one domain. This is not enforced by policy.
 define(`declare_singleton_domain', `
 	type $1, domain_type`'ifelse(`$#', `1', `', `,shift($@)');
+	define(`$1_self', `$1')
 	type $1_channel, event_type;
 	type_transition $1 domain_type:event $1_channel;
 	declare_domain_common($1, $1)
@@ -161,6 +162,7 @@ define(`make_device_model', `
 # use_device(domain, device)
 #   Allow a device to be used by a domain
 define(`use_device', `
+    allow $1 $1_self:mmu exchange;
     allow $1 $2:resource use;
     allow $1 domio_t:mmu { map_read map_write };
 ')
-- 
cgit v1.2.3