Re: [Xen-devel] [PATCH] flask: fix build after the introduction of DMOP

Wed, 25 Jan 2017 02:46:17 -0800 

> -----Original Message-----
> From: Wei Liu [mailto:wei.l...@citrix.com]
> Sent: 25 January 2017 10:43
> To: Xen-devel <xen-de...@lists.xenproject.org>
> Cc: Wei Liu <wei.l...@citrix.com>; Daniel De Graaf
> <dgde...@tycho.nsa.gov>; Paul Durrant <paul.durr...@citrix.com>; Ian
> Jackson <ian.jack...@citrix.com>
> Subject: [PATCH] flask: fix build after the introduction of DMOP
> 
> In 58cbc034 send_irq permission was removed but there was still
> reference to it in policy file. Remove the stale reference.
> 
> And now we also need dm permission. Add that.
> 
> Signed-off-by: Wei Liu <wei.l...@citrix.com>
> ---
> Cc: Daniel De Graaf <dgde...@tycho.nsa.gov>
> Cc: Paul Durrant <paul.durr...@citrix.com>
> Cc: Ian Jackson <ian.jack...@eu.citrix.com>
> 
> Staging is currently broken.

Sorry about that.

Reviewed-by: Paul Durrant <paul.durr...@citrix.com>

> ---
>  tools/flask/policy/modules/xen.if   | 2 +-
>  xen/xsm/flask/policy/access_vectors | 2 ++
>  2 files changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/flask/policy/modules/xen.if
> b/tools/flask/policy/modules/xen.if
> index 45e5cea04f..f5d254f053 100644
> --- a/tools/flask/policy/modules/xen.if
> +++ b/tools/flask/policy/modules/xen.if
> @@ -58,7 +58,7 @@ define(`create_domain_common', `
>       allow $1 $2:mmu { map_read map_write adjust memorymap
> physmap pinpage mmuext_op updatemp };
>       allow $1 $2:grant setup;
>       allow $1 $2:hvm { cacheattr getparam hvmctl sethvmc
> -                     setparam nested altp2mhvm altp2mhvm_op
> send_irq };
> +                     setparam nested altp2mhvm altp2mhvm_op };
>  ')
> 
>  # create_domain(priv, target)
> diff --git a/xen/xsm/flask/policy/access_vectors
> b/xen/xsm/flask/policy/access_vectors
> index 36a7df9394..1f7eb35fc8 100644
> --- a/xen/xsm/flask/policy/access_vectors
> +++ b/xen/xsm/flask/policy/access_vectors
> @@ -284,6 +284,8 @@ class hvm
>  # HVMOP_altp2m_destroy_p2m HVMOP_altp2m_switch_p2m
>  # HVMOP_altp2m_set_mem_access HVMOP_altp2m_change_gfn
>      altp2mhvm_op
> +# DMOP
> +    dm
>  }
> 
>  # Class event describes event channels.  Interdomain event channels have
> their
> --
> 2.11.0


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Reply via email to