From a23ce429779011de127e8ff6c9bf3486d87154d5 Mon Sep 17 00:00:00 2001
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Sat, 3 Oct 2015 15:22:29 -0400
Subject: [PATCH] flask: Allow initial domain to use XENPF_get_symbol

It looks to be missing in the policy file for the initial
domain. Eventually we may want to extend this access to
non-dom0 domains but for now it certainly dom0-only.

Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
---
 tools/flask/policy/policy/modules/xen/xen.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te
index 5e94ee38b1..d35ae221f0 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -71,6 +71,7 @@ allow dom0_t xen_t:xen2 {
 };
 allow dom0_t xen_t:xen2 {
     pmu_ctrl
+    get_symbol
 };
 allow dom0_t xen_t:mmu memorymap;
 
-- 
2.39.5