From 919f59b3b99e1d845c6a1f30125e79e828805d87 Mon Sep 17 00:00:00 2001
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Date: Tue, 7 May 2013 16:49:18 +0200
Subject: xsm: add hooks for claim

Adds XSM hooks for the recently introduced XENMEM_claim_pages and
XENMEM_get_outstanding_pages operations, and adds FLASK access vectors
for them. This makes the access control decisions for these operations
match those in the rest of the hypervisor.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com> (for 4.3 release)
Acked-by: Keir Fraser <keir@xen.org>
---
 tools/flask/policy/policy/modules/xen/xen.if | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tools/flask')

diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if
index 3a59f38567..c86a6189c6 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -49,7 +49,7 @@ define(`create_domain_common', `
 			getdomaininfo hypercall setvcpucontext setextvcpucontext
 			getscheduler getvcpuinfo getvcpuextstate getaddrsize
 			getaffinity setaffinity };
-	allow $1 $2:domain2 { set_cpuid settsc setscheduler };
+	allow $1 $2:domain2 { set_cpuid settsc setscheduler setclaim };
 	allow $1 $2:security check_context;
 	allow $1 $2:shadow enable;
 	allow $1 $2:mmu { map_read map_write adjust memorymap physmap pinpage mmuext_op };
-- 
cgit v1.2.3