[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v11 11/14] flask/policy: allow domU to use previously-mapped I/O-memory

To: xen-devel@xxxxxxxxxxxxx
From: Arianna Avanzini <avanzini.arianna@xxxxxxxxx>
Date: Sun, 24 Aug 2014 22:30:04 +0200
Cc: Ian.Campbell@xxxxxxxxxxxxx, paolo.valente@xxxxxxxxxx, keir@xxxxxxx, stefano.stabellini@xxxxxxxxxxxxx, Ian.Jackson@xxxxxxxxxxxxx, dario.faggioli@xxxxxxxxxx, tim@xxxxxxx, julien.grall@xxxxxxxxxx, etrudeau@xxxxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, JBeulich@xxxxxxxx, avanzini.arianna@xxxxxxxxx, viktor.kleinik@xxxxxxxxxxxxxxx, andrii.tseglytskyi@xxxxxxxxxxxxxxx
Delivery-date: Sun, 24 Aug 2014 20:29:50 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

From: Andrii Tseglytskyi <andrii.tseglytskyi@xxxxxxxxxxxxxxx>

This commit allows the domU to access previously-mapped I/O-memory
even if XSM is enabled and FLASK is enforced.

Signed-off-by: Andrii Tseglytskyi <andrii.tseglytskyi@xxxxxxxxxxxxxxx>
Signed-off-by: Arianna Avanzini <avanzini.arianna@xxxxxxxxx>
Cc: Dario Faggioli <dario.faggioli@xxxxxxxxxx>
Cc: Paolo Valente <paolo.valente@xxxxxxxxxx>
Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Cc: Julien Grall <julien.grall@xxxxxxxxxx>
Cc: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>
Cc: Jan Beulich <JBeulich@xxxxxxxx>
Cc: Keir Fraser <keir@xxxxxxx>
Cc: Tim Deegan <tim@xxxxxxx>
Cc: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Cc: Eric Trudeau <etrudeau@xxxxxxxxxxxx>
Cc: Viktor Kleinik <viktor.kleinik@xxxxxxxxxxxxxxx>
---
 tools/flask/policy/policy/modules/xen/xen.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/flask/policy/policy/modules/xen/xen.te 
b/tools/flask/policy/policy/modules/xen/xen.te
index bb59fe8..34b5bfa 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -107,6 +107,7 @@ admin_device(dom0_t, device_t)
 admin_device(dom0_t, irq_t)
 admin_device(dom0_t, ioport_t)
 admin_device(dom0_t, iomem_t)
+admin_device(domU_t, iomem_t)
 
 domain_comms(dom0_t, dom0_t)
 
-- 
2.1.0


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v11 00/14] Implement the XEN_DOMCTL_memory_mapping hypercall for ARM
  - From: Arianna Avanzini

Prev by Date: [Xen-devel] [PATCH v11 09/14] tools/libxl: handle the iomem parameter with the memory_mapping hcall
Next by Date: [Xen-devel] [PATCH v11 12/14] tools/libxl: explicitly grant access to needed I/O-memory ranges
Previous by thread: [Xen-devel] [PATCH v11 09/14] tools/libxl: handle the iomem parameter with the memory_mapping hcall
Next by thread: [Xen-devel] [PATCH v11 12/14] tools/libxl: explicitly grant access to needed I/O-memory ranges
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.