Xen devel - May 2013 - [PATCH] flask/policy: device model stubdom fixes

This fixes framebuffer support for device model stubdoms after 3f28d007
which added the target_hack permission but did not allow the permission
to the stubdom it was created for.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
 tools/flask/policy/policy/modules/xen/xen.if | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/flask/policy/policy/modules/xen/xen.if
b/tools/flask/policy/policy/modules/xen/xen.if
index c86a618..97af0a8 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -143,7 +143,7 @@ define(`device_model'', `
 	allow $1 $2_channel:event create;
 
 	allow $1 $2_target:domain shutdown;
-	allow $1 $2_target:mmu { map_read map_write adjust physmap };
+	allow $1 $2_target:mmu { map_read map_write adjust physmap target_hack };
 	allow $1 $2_target:hvm { getparam setparam trackdirtyvram hvmctl irqlevel
pciroute cacheattr send_irq };
 '')
 
-- 
1.8.1.4

On Thu, 2013-05-30 at 08:57 -0400, Daniel De Graaf
wrote:
> This fixes framebuffer support for device model stubdoms after 3f28d007
> which added the target_hack permission but did not allow the permission
> to the stubdom it was created for.
> 
> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>

I wasn''t sure who was supposed to commit this, but I''ve done
it...

Ian.