From 1b2564299803bb54d0a696a0ad2e83358a15d27d Mon Sep 17 00:00:00 2001
From: Keir Fraser <keir.fraser@citrix.com>
Date: Mon, 27 Oct 2008 10:29:39 +0000
Subject: [PATCH] Add 2 more permissions to the XSM/Flask default policy.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
---
 tools/flask/policy/policy/modules/xen/xen.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te
index 62920fc68e..85651cf1fb 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -74,7 +74,7 @@ allow dom0_t iomem_t:mmu {map_read map_write};
 allow dom0_t pirq_t:event {vector};
 allow dom0_t xen_t:mmu {memorymap};
 
-allow dom0_t dom0_t:mmu {pinpage map_read map_write adjust};
+allow dom0_t dom0_t:mmu {pinpage map_read map_write adjust updatemp};
 allow dom0_t dom0_t:grant {query setup};
 allow dom0_t dom0_t:domain {scheduler getdomaininfo getvcpuinfo getvcpuaffinity};
 
@@ -112,6 +112,7 @@ allow domU_t evchnU-0_t:event {send};
 
 allow dom0_t dom0_t:event {send};
 allow dom0_t domU_t:grant {copy};
+allow domU_t domU_t:grant {copy};
 
 manage_domain(dom0_t, domU_t)
 
-- 
2.30.2