From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Fri, 27 Jan 2017 14:16:58 +0000 (+0000)
Subject: xsm: Permit dom0 to use dmops
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~2879
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=5a77ccf609da289131bd1664ee20c17b1f9bb93c;p=xen.git

xsm: Permit dom0 to use dmops

c/s 524a98c2ac5 "public / x86: introduce __HYPERCALL_dm_op" gave flask
permisisons for a stubdomain to use dmops, but omitted the case of a device
model running in dom0.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Tested-by: Paul Durrant <paul.durrant@citrix.com>
---

diff --git a/tools/flask/policy/modules/xen.if b/tools/flask/policy/modules/xen.if
index f5d254f053..ed0df4f010 100644
--- a/tools/flask/policy/modules/xen.if
+++ b/tools/flask/policy/modules/xen.if
@@ -58,7 +58,7 @@ define(`create_domain_common', `
 	allow $1 $2:mmu { map_read map_write adjust memorymap physmap pinpage mmuext_op updatemp };
 	allow $1 $2:grant setup;
 	allow $1 $2:hvm { cacheattr getparam hvmctl sethvmc
-			setparam nested altp2mhvm altp2mhvm_op };
+			setparam nested altp2mhvm altp2mhvm_op dm };
 ')
 
 # create_domain(priv, target)