From da41740d00b89d4141398600869e4a656da2501b Mon Sep 17 00:00:00 2001
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Date: Thu, 9 Feb 2012 18:25:49 +0000
Subject: flask/policy: add device model types to example policy

This adds an example user for device_model_stubdomain_seclabel.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
---
 tools/flask/policy/policy/modules/xen/xen.if | 11 ++++++++++-
 tools/flask/policy/policy/modules/xen/xen.te | 13 +++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

(limited to 'tools/flask')

diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if
index dde7f90e44..87ef1654f5 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -25,7 +25,7 @@ define(`create_domain', `
 	allow $1 $2:shadow enable;
 	allow $1 $2:mmu {map_read map_write adjust memorymap physmap pinpage};
 	allow $1 $2:grant setup;
-	allow $1 $2:hvm { cacheattr getparam hvmctl irqlevel pciroute setparam };
+	allow $1 $2:hvm { cacheattr getparam hvmctl irqlevel pciroute setparam pcilevel trackdirtyvram };
 	allow $1 $2_$1_channel:event create;
 ')
 
@@ -36,6 +36,7 @@ define(`manage_domain', `
 			getaddrsize pause unpause trigger shutdown destroy
 			setvcpuaffinity setdomainmaxmem };
 ')
+
 ################################################################################
 #
 # Inter-domain communication
@@ -75,6 +76,14 @@ define(`domain_self_comms', `
 	allow $1 $1:grant { map_read map_write copy unmap };
 ')
 
+# device_model(dm_dom, hvm_dom)
+#   Define how a device model domain interacts with its target
+define(`device_model', `
+	domain_comms($1, $2)
+	allow $1 $2:domain { set_target shutdown };
+	allow $1 $2:mmu { map_read map_write adjust physmap };
+	allow $1 $2:hvm { getparam setparam trackdirtyvram hvmctl irqlevel pciroute };
+')
 ################################################################################
 #
 # Device types and delegation (PCI passthrough)
diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te
index f7343a2dd6..29885c4a38 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -100,6 +100,19 @@ if (!prot_doms_locked) {
 domain_comms(dom0_t, prot_domU_t)
 domain_comms(domU_t, prot_domU_t)
 
+# domHVM_t is meant to be paired with a qemu-dm stub domain of type dm_dom_t
+declare_domain(domHVM_t)
+create_domain(dom0_t, domHVM_t)
+manage_domain(dom0_t, domHVM_t)
+domain_comms(dom0_t, domHVM_t)
+domain_self_comms(domHVM_t)
+
+declare_domain(dm_dom_t)
+create_domain(dom0_t, dm_dom_t)
+manage_domain(dom0_t, dm_dom_t)
+domain_comms(dom0_t, dm_dom_t)
+device_model(dm_dom_t, domHVM_t)
+
 ###############################################################################
 #
 # Device delegation
-- 
cgit v1.2.3