ia64/xen-unstable

changeset 18723:b99ab7f88a82

Add 2 more permissions to the XSM/Flask default policy.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author Keir Fraser <keir.fraser@citrix.com>
date Mon Oct 27 10:29:39 2008 +0000 (2008-10-27)
parents 3ff349c7aeb7
children efc0a4065ee1
files tools/flask/policy/policy/modules/xen/xen.te
line diff
     1.1 --- a/tools/flask/policy/policy/modules/xen/xen.te	Mon Oct 27 10:08:48 2008 +0000
     1.2 +++ b/tools/flask/policy/policy/modules/xen/xen.te	Mon Oct 27 10:29:39 2008 +0000
     1.3 @@ -74,7 +74,7 @@ allow dom0_t iomem_t:mmu {map_read map_w
     1.4  allow dom0_t pirq_t:event {vector};
     1.5  allow dom0_t xen_t:mmu {memorymap};
     1.6  
     1.7 -allow dom0_t dom0_t:mmu {pinpage map_read map_write adjust};
     1.8 +allow dom0_t dom0_t:mmu {pinpage map_read map_write adjust updatemp};
     1.9  allow dom0_t dom0_t:grant {query setup};
    1.10  allow dom0_t dom0_t:domain {scheduler getdomaininfo getvcpuinfo getvcpuaffinity};
    1.11  
    1.12 @@ -112,6 +112,7 @@ allow domU_t evchnU-0_t:event {send};
    1.13  
    1.14  allow dom0_t dom0_t:event {send};
    1.15  allow dom0_t domU_t:grant {copy};
    1.16 +allow domU_t domU_t:grant {copy};
    1.17  
    1.18  manage_domain(dom0_t, domU_t)
    1.19