[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH 1/6] Flask: Support for ARM xentrace
- To: Benjamin Sanda <ben.sanda@xxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- From: Julien Grall <julien.grall@xxxxxxx>
- Date: Thu, 17 Mar 2016 15:03:15 +0000
- Cc: Keir Fraser <keir@xxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Dario Faggioli <dario.faggioli@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Paul Sujkov <psujkov@xxxxxxxxx>
- Delivery-date: Thu, 17 Mar 2016 15:03:24 +0000
- List-id: Xen developer discussion <xen-devel.lists.xen.org>
(+ Daniel De Graaf maintainer of the XSM/Flask code)
On 16/03/16 20:51, Benjamin Sanda wrote:
From: bensanda <ben.sanda@xxxxxxxxxxxxxxx>
Modified to provide support for xentrace on the ARM platform. Added flask
credential to allow dom0 dom_xen mapping and write access for trace buffers.
Signed-off-by: Benjamin Sanda <ben.sanda@xxxxxxxxxxxxxxx>
---
tools/flask/policy/policy/modules/xen/xen.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools/flask/policy/policy/modules/xen/xen.te
b/tools/flask/policy/policy/modules/xen/xen.te
index d35ae22..41d276a 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -90,6 +90,8 @@ allow dom0_t dom0_t:domain2 {
};
allow dom0_t dom0_t:resource { add remove };
+allow dom0_t domxen_t:mmu { memorymap map_write };
+
# These permissions allow using the FLASK security server to compute access
# checks locally, which could be used by a domain or service (such as
xenstore)
# that does not have its own security server to make access decisions based on
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
