From f53e1bf04b43e1f9213cd6850167b26485941421 Mon Sep 17 00:00:00 2001
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Date: Fri, 11 Jan 2013 10:37:47 +0000
Subject: xsm/flask: add missing hooks

The FLASK module was missing implementations of some hooks and did not
have access vectors defined for 10 domctls; define these now.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
---
 tools/flask/policy/policy/modules/xen/xen.if | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'tools/flask')

diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if
index 2ad11b2206..59ba17120f 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -29,6 +29,7 @@ define(`create_domain_common', `
 			getdomaininfo hypercall setvcpucontext setextvcpucontext
 			scheduler getvcpuinfo getvcpuextstate getaddrsize
 			getvcpuaffinity setvcpuaffinity };
+	allow $1 $2:domain2 { set_cpuid settsc };
 	allow $1 $2:security check_context;
 	allow $1 $2:shadow enable;
 	allow $1 $2:mmu {map_read map_write adjust memorymap physmap pinpage};
@@ -67,6 +68,7 @@ define(`migrate_domain_out', `
 	allow $1 $2:hvm { gethvmc getparam irqlevel };
 	allow $1 $2:mmu { stat pageinfo map_read };
 	allow $1 $2:domain { getaddrsize getvcpucontext getextvcpucontext getvcpuextstate pause destroy };
+	allow $1 $2:domain2 gettsc;
 ')
 
 ################################################################################
@@ -112,7 +114,7 @@ define(`device_model', `
 	domain_comms($1, $2)
 	allow $1 $2:domain { set_target shutdown };
 	allow $1 $2:mmu { map_read map_write adjust physmap };
-	allow $1 $2:hvm { getparam setparam trackdirtyvram hvmctl irqlevel pciroute };
+	allow $1 $2:hvm { getparam setparam trackdirtyvram hvmctl irqlevel pciroute cacheattr send_irq };
 ')
 ################################################################################
 #
-- 
cgit v1.2.3