On Wed, Mar 16, 2016 at 01:51:34PM -0700, Benjamin Sanda wrote:
> From: bensanda <ben.sa...@dornerworks.com>
>
> Modified to provide support for xentrace on the ARM platform. Added flask
> credential to allow dom0 dom_xen mapping and write access for trace buffers.
So .. what does that mean?
Is that something xentrace requests? Why is this ARM specific?
Looking at xsm_sysctl and how the trace is setup it checks for
XEN__TBUFCONTROL?
But this is more specific?
>
> Signed-off-by: Benjamin Sanda <ben.sa...@dornerworks.com>
> ---
> tools/flask/policy/policy/modules/xen/xen.te | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/tools/flask/policy/policy/modules/xen/xen.te
> b/tools/flask/policy/policy/modules/xen/xen.te
> index d35ae22..41d276a 100644
> --- a/tools/flask/policy/policy/modules/xen/xen.te
> +++ b/tools/flask/policy/policy/modules/xen/xen.te
> @@ -90,6 +90,8 @@ allow dom0_t dom0_t:domain2 {
> };
> allow dom0_t dom0_t:resource { add remove };
>
> +allow dom0_t domxen_t:mmu { memorymap map_write };
> +
> # These permissions allow using the FLASK security server to compute access
> # checks locally, which could be used by a domain or service (such as
> xenstore)
> # that does not have its own security server to make access decisions based
> on
> --
> 2.7.2
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
