xsm: Add support for HVMOP_track_dirty_vram.

author Jean Guyader <jean.guyader@eu.citrix.com>

Tue, 8 Nov 2011 19:41:47 +0000 (19:41 +0000)

committer Jean Guyader <jean.guyader@eu.citrix.com>

Tue, 8 Nov 2011 19:41:47 +0000 (19:41 +0000)
author Jean Guyader <jean.guyader@eu.citrix.com>
Tue, 8 Nov 2011 19:41:47 +0000 (19:41 +0000)
committer Jean Guyader <jean.guyader@eu.citrix.com>
Tue, 8 Nov 2011 19:41:47 +0000 (19:41 +0000)
diff --git a/tools/flask/policy/policy/flask/access_vectors b/tools/flask/policy/policy/flask/access_vectors

index 27fb9d7913500f6737814278302ffe58b61287f9..9d09c5bfce87ac67758d1f28ab0f1c8b1021511c 100644 (file)
--- a/tools/flask/policy/policy/flask/access_vectors
+++ b/tools/flask/policy/policy/flask/access_vectors
@@ -90,6 +90,7 @@ class hvm
      pciroute
         bind_irq
         cacheattr
+    trackdirtyvram
  }
  
  class event
diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if

index 99afad6f6be67265105de6a7d91c12343f9e335a..bf3b794c8e3a188b628024e966e97a9655874ec2 100644 (file)
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -22,7 +22,7 @@ define(`create_domain', `
  ################################################################################
  define(`create_hvm_dom', `
         create_domain($1, $2, $3)
-       allow $1 $2:hvm { setparam getparam cacheattr pciroute irqlevel pcilevel };
+       allow $1 $2:hvm { setparam getparam cacheattr pciroute irqlevel pcilevel trackdirtyvram };
         allow $2 $2:hvm setparam;
  ')     
  
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c

index 30c91e5691d067793d863c4854d96906d9114d0e..e70feda5a4c80dd91d0dd96c98661ef4a8bd9187 100644 (file)
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -816,6 +816,9 @@ static int flask_hvmcontext(struct domain *d, uint32_t cmd)
      case XEN_DOMCTL_gethvmcontext_partial:
          perm = HVM__GETHVMC;
          break;
+    case HVMOP_track_dirty_vram:
+        perm = HVM__TRACKDIRTYVRAM;
+        break;
      default:
          return -EPERM;
      }
diff --git a/xen/xsm/flask/include/av_perm_to_string.h b/xen/xsm/flask/include/av_perm_to_string.h

index b10a2525890bbde379d06e4e1e22adc34e9029cf..c32488ee9bcac3967e08b4ce4d70b5e74c2c1817 100644 (file)
--- a/xen/xsm/flask/include/av_perm_to_string.h
+++ b/xen/xsm/flask/include/av_perm_to_string.h
@@ -56,6 +56,7 @@
     S_(SECCLASS_HVM, HVM__GETHVMC, "gethvmc")
     S_(SECCLASS_HVM, HVM__SETPARAM, "setparam")
     S_(SECCLASS_HVM, HVM__GETPARAM, "getparam")
+   S_(SECCLASS_HVM, HVM__TRACKDIRTYVRAM, "trackdirtyvram")
     S_(SECCLASS_HVM, HVM__PCILEVEL, "pcilevel")
     S_(SECCLASS_HVM, HVM__IRQLEVEL, "irqlevel")
     S_(SECCLASS_HVM, HVM__PCIROUTE, "pciroute")
diff --git a/xen/xsm/flask/include/av_permissions.h b/xen/xsm/flask/include/av_permissions.h

index 14bd0536dd411f4370e5baf3f9d4a7bda7615375..f5dcc6f8fe3fee01150289a605b21abea787eabd 100644 (file)
--- a/xen/xsm/flask/include/av_permissions.h
+++ b/xen/xsm/flask/include/av_permissions.h
@@ -63,6 +63,7 @@
  #define HVM__PCIROUTE                             0x00000040UL
  #define HVM__BIND_IRQ                             0x00000080UL
  #define HVM__CACHEATTR                            0x00000100UL
+#define HVM__TRACKDIRTYVRAM                       0x00000200UL
  
  #define EVENT__BIND                               0x00000001UL
  #define EVENT__SEND                               0x00000002UL
author	Jean Guyader <jean.guyader@eu.citrix.com>
	Tue, 8 Nov 2011 19:41:47 +0000 (19:41 +0000)
committer	Jean Guyader <jean.guyader@eu.citrix.com>
	Tue, 8 Nov 2011 19:41:47 +0000 (19:41 +0000)
tools/flask/policy/policy/flask/access_vectors		patch \| blob \| history
tools/flask/policy/policy/modules/xen/xen.if		patch \| blob \| history
xen/xsm/flask/hooks.c		patch \| blob \| history
xen/xsm/flask/include/av_perm_to_string.h		patch \| blob \| history
xen/xsm/flask/include/av_permissions.h		patch \| blob \| history