Re: [Xen-devel] [PATCH 1/6] Flask: Support for ARM xentrace

Julien Grall Sat, 19 Mar 2016 01:07:52 -0700

(+ Daniel De Graaf maintainer of the XSM/Flask code)

On 16/03/16 20:51, Benjamin Sanda wrote:

From: bensanda <ben.sa...@dornerworks.com>


Modified to provide support for xentrace on the ARM platform. Added flask 
credential to allow dom0 dom_xen mapping and write access for trace buffers.

Signed-off-by: Benjamin Sanda <ben.sa...@dornerworks.com>
---
  tools/flask/policy/policy/modules/xen/xen.te | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/tools/flask/policy/policy/modules/xen/xen.te 
b/tools/flask/policy/policy/modules/xen/xen.te
index d35ae22..41d276a 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -90,6 +90,8 @@ allow dom0_t dom0_t:domain2 {
  };
  allow dom0_t dom0_t:resource { add remove };

+allow dom0_t domxen_t:mmu { memorymap map_write };
+
  # These permissions allow using the FLASK security server to compute access
  # checks locally, which could be used by a domain or service (such as 
xenstore)
  # that does not have its own security server to make access decisions based on


--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 1/6] Flask: Support for ARM xentrace

Reply via email to