From c9f7324e6c6f634bc0f7214fd0ab12fb9847c857 Mon Sep 17 00:00:00 2001
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Date: Fri, 2 Dec 2011 13:45:15 -0800
Subject: xsm: remove unused xsm_assign_vector check

The PHYSDEVOP_alloc_irq_vector hypercall is a noop, so its XSM check
is not useful. Remove it and the "event vector" FLASK permission.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
---
 tools/flask/policy/policy/flask/access_vectors | 1 -
 tools/flask/policy/policy/modules/xen/xen.if   | 1 -
 tools/flask/policy/policy/modules/xen/xen.te   | 1 -
 3 files changed, 3 deletions(-)

(limited to 'tools/flask')

diff --git a/tools/flask/policy/policy/flask/access_vectors b/tools/flask/policy/policy/flask/access_vectors
index 9d09c5bfce..1b2687a8f9 100644
--- a/tools/flask/policy/policy/flask/access_vectors
+++ b/tools/flask/policy/policy/flask/access_vectors
@@ -100,7 +100,6 @@ class event
 	status
 	notify
 	create
-    vector
     reset
 }
 
diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if
index bf3b794c8e..d12af740cf 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -67,7 +67,6 @@ define(`create_channel', `
 ###############################################################################
 define(`create_passthrough_resource', `
         type $3, resource_type;
-        allow $1 $3:event vector;
         allow $1 $2:resource {add remove};
         allow $1 ioport_t:resource {add_ioport use};
         allow $1 iomem_t:resource {add_iomem use};
diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te
index d95a7da9b7..8113467080 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -31,7 +31,6 @@ scheduler physinfo heap quirk readconsole writeconsole settime microcode};
 
 allow dom0_t domio_t:mmu {map_read map_write};
 allow dom0_t iomem_t:mmu {map_read map_write};
-allow dom0_t pirq_t:event {vector};
 allow dom0_t xen_t:mmu {memorymap};
 
 allow dom0_t dom0_t:mmu {pinpage map_read map_write adjust updatemp};
-- 
cgit v1.2.3