Add 2 more permissions to the XSM/Flask default policy.

author Keir Fraser <keir.fraser@citrix.com>

Mon, 27 Oct 2008 10:29:39 +0000 (10:29 +0000)

committer Keir Fraser <keir.fraser@citrix.com>

Mon, 27 Oct 2008 10:29:39 +0000 (10:29 +0000)
author Keir Fraser <keir.fraser@citrix.com>
Mon, 27 Oct 2008 10:29:39 +0000 (10:29 +0000)
committer Keir Fraser <keir.fraser@citrix.com>
Mon, 27 Oct 2008 10:29:39 +0000 (10:29 +0000)
diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te

index 62920fc68ea02a22ae5f2a756bbc61cde42debbd..85651cf1fb6163b95763b6b948e214313fdd462e 100644 (file)
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -74,7 +74,7 @@ allow dom0_t iomem_t:mmu {map_read map_write};
  allow dom0_t pirq_t:event {vector};
  allow dom0_t xen_t:mmu {memorymap};
  
-allow dom0_t dom0_t:mmu {pinpage map_read map_write adjust};
+allow dom0_t dom0_t:mmu {pinpage map_read map_write adjust updatemp};
  allow dom0_t dom0_t:grant {query setup};
  allow dom0_t dom0_t:domain {scheduler getdomaininfo getvcpuinfo getvcpuaffinity};
  
@@ -112,6 +112,7 @@ allow domU_t evchnU-0_t:event {send};
  
  allow dom0_t dom0_t:event {send};
  allow dom0_t domU_t:grant {copy};
+allow domU_t domU_t:grant {copy};
  
  manage_domain(dom0_t, domU_t)
author	Keir Fraser <keir.fraser@citrix.com>
	Mon, 27 Oct 2008 10:29:39 +0000 (10:29 +0000)
committer	Keir Fraser <keir.fraser@citrix.com>
	Mon, 27 Oct 2008 10:29:39 +0000 (10:29 +0000)