From 913481379c3086ab99b5eea089bd12c1095198bf Mon Sep 17 00:00:00 2001
From: Keir Fraser <keir.fraser@citrix.com>
Date: Wed, 8 Oct 2008 10:03:09 +0100
Subject: [PATCH] flask: Add 2 permissions to the default flask policy to get a
 VIF-enabled guest to work

This adds two more permissions to the default Flask policy to get a VM
with a network interface to work.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
---
 tools/flask/policy/policy/modules/xen/xen.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te
index dff345c7e9..62920fc68e 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -110,6 +110,9 @@ allow dom0_t evchn0-U_t:event {send};
 create_channel(domU_t, dom0_t, evchnU-0_t)
 allow domU_t evchnU-0_t:event {send};
 
+allow dom0_t dom0_t:event {send};
+allow dom0_t domU_t:grant {copy};
+
 manage_domain(dom0_t, domU_t)
 
 ################################################################################
-- 
2.30.2