[Xen-devel] [PATCH 1/6] Flask: Support for ARM xentrace

[Benjamin Sanda]

From: bensanda <ben.sa...@dornerworks.com>

Modified to provide support for xentrace on the ARM platform. Added flask 
credential to allow dom0 dom_xen mapping and write access for trace buffers.

Signed-off-by: Benjamin Sanda <ben.sa...@dornerworks.com>
---
 tools/flask/policy/policy/modules/xen/xen.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tools/flask/policy/policy/modules/xen/xen.te 
b/tools/flask/policy/policy/modules/xen/xen.te
index d35ae22..41d276a 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -90,6 +90,8 @@ allow dom0_t dom0_t:domain2 {
 };
 allow dom0_t dom0_t:resource { add remove };
 
+allow dom0_t domxen_t:mmu { memorymap map_write };
+
 # These permissions allow using the FLASK security server to compute access
 # checks locally, which could be used by a domain or service (such as xenstore)
 # that does not have its own security server to make access decisions based on
-- 
2.7.2


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel