|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] flask/policy: use declare_domain for dom0_t
# HG changeset patch
# User Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
# Date 1328196102 0
# Node ID 1a748779e068368bcf4e57937798c05f6f8ce3ba
# Parent 87d642dc65bb723fac66a0bfdeb7204174ec293f
flask/policy: use declare_domain for dom0_t
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Committed-by: Keir Fraser <keir@xxxxxxx>
---
diff -r 87d642dc65bb -r 1a748779e068
tools/flask/policy/policy/modules/xen/xen.if
--- a/tools/flask/policy/policy/modules/xen/xen.if Thu Feb 02 15:21:13
2012 +0000
+++ b/tools/flask/policy/policy/modules/xen/xen.if Thu Feb 02 15:21:42
2012 +0000
@@ -5,10 +5,10 @@
# Domain creation and setup
#
################################################################################
-# declare_domain(type)
+# declare_domain(type, attrs...)
# Declare a type as a domain type, and allow basic domain setup
define(`declare_domain', `
- type $1, domain_type;
+ type $1, domain_type`'ifelse(`$#', `1', `', `,shift($@)');
allow $1 $1:grant { query setup };
allow $1 $1:mmu { adjust physmap map_read map_write stat pinpage };
allow $1 $1:hvm { getparam setparam };
diff -r 87d642dc65bb -r 1a748779e068
tools/flask/policy/policy/modules/xen/xen.te
--- a/tools/flask/policy/policy/modules/xen/xen.te Thu Feb 02 15:21:13
2012 +0000
+++ b/tools/flask/policy/policy/modules/xen/xen.te Thu Feb 02 15:21:42
2012 +0000
@@ -25,7 +25,7 @@
type xen_t, xen_type, mls_priv;
# Domain 0
-type dom0_t, domain_type, mls_priv;
+declare_domain(dom0_t, mls_priv);
# Untracked I/O memory (pseudo-domain)
type domio_t, xen_type;
@@ -63,8 +63,6 @@
setbool setsecparam add_ocontext del_ocontext };
allow dom0_t dom0_t:domain { getdomaininfo getvcpuinfo getvcpuaffinity };
-allow dom0_t dom0_t:grant { query setup };
-allow dom0_t dom0_t:mmu { adjust physmap map_read map_write stat pinpage };
allow dom0_t dom0_t:resource { add remove };
admin_device(dom0_t, device_t)
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |