xsm: Permit dom0 to use dmops

c/s 524a98c2ac5 "public / x86: introduce __HYPERCALL_dm_op" gave flask permisisons for a stubdomain to use dmops, but omitted the case of a device model running in dom0. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Tested-by: Paul Durrant <paul.durrant@citrix.com>
author: Andrew Cooper <andrew.cooper3@citrix.com> 2017-01-27 14:16:58 +0000
committer: Ian Jackson <Ian.Jackson@eu.citrix.com> 2017-01-30 12:03:55 +0000
commit: 5a77ccf609da289131bd1664ee20c17b1f9bb93c (patch)
tree: fd8403523759b97d63e5b27a7af75f9780f27df4 /tools/flask
parent: 7a4cf23e2653e8abf4793820487df32b094de56a (diff)
download: xen-5a77ccf609da289131bd1664ee20c17b1f9bb93c.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/flask/policy/modules/xen.if b/tools/flask/policy/modules/xen.if
index f5d254f053..ed0df4f010 100644
--- a/tools/flask/policy/modules/xen.if
+++ b/tools/flask/policy/modules/xen.if
@@ -58,7 +58,7 @@ define(`create_domain_common', `
 	allow $1 $2:mmu { map_read map_write adjust memorymap physmap pinpage mmuext_op updatemp };
 	allow $1 $2:grant setup;
 	allow $1 $2:hvm { cacheattr getparam hvmctl sethvmc
-			setparam nested altp2mhvm altp2mhvm_op };
+			setparam nested altp2mhvm altp2mhvm_op dm };
 ')
 
 # create_domain(priv, target)
author	Andrew Cooper <andrew.cooper3@citrix.com>	2017-01-27 14:16:58 +0000
committer	Ian Jackson <Ian.Jackson@eu.citrix.com>	2017-01-30 12:03:55 +0000
commit	5a77ccf609da289131bd1664ee20c17b1f9bb93c (patch)
tree	fd8403523759b97d63e5b27a7af75f9780f27df4 /tools/flask
parent	7a4cf23e2653e8abf4793820487df32b094de56a (diff)
download	xen-5a77ccf609da289131bd1664ee20c17b1f9bb93c.tar.gz