Policy version 30 introduced the devicetreecon
statement and also expanded the existing I/O memory range to 64 bits in order to support hardware with more than 44 bits of physical address space (32-bit count of 4K pages).
See the “XSM/FLASK Configuration” document for further information ()
Label i/o memory. This may be a single memory location or a range.
Statement definition:
(iomemcon mem_addr|(mem_low mem_high) context_id)
Where:
Example:
An anonymous context for a memory address range of 0xfebe0-0xfebff
:
(iomemcon (1043424 1043455) (unconfined.user object_r unconfined.object low_low))
Label i/o ports. This may be a single port or a range.
Statement definition:
(ioportcon port|(port_low port_high) context_id)
Where:
Example:
An anonymous context for a single port of :0xecc0
:
(ioportcon 60608 (unconfined.user object_r unconfined.object low_low))
Label a PCI device.
Statement definition:
(pcidevicecon device context_id)
Where:
Example:
An anonymous context for a pci device address of 0xc800
:
(pcidevicecon 51200 (unconfined.user object_r unconfined.object low_low))
Label an interrupt level.
Statement definition:
(pirqcon irq_level context_id)
Where:
Example:
An anonymous context for IRQ 33:
(pirqcon 33 (unconfined.user object_r unconfined.object low_low))
Label device tree nodes.
Statement definition:
(devicetreecon path context_id)
Where:
Example:
An anonymous context for the specified path:
(devicetreecon "/this is/a/path" (unconfined.user object_r unconfined.object low_low))