Xen Statements

Policy version 30 introduced the devicetreecon statement and also expanded the existing I/O memory range to 64 bits in order to support hardware with more than 44 bits of physical address space (32-bit count of 4K pages).

See the “XSM/FLASK Configuration” document for further information ()

iomemcon

Label i/o memory. This may be a single memory location or a range.

Statement definition:

    (iomemcon mem_addr|(mem_low mem_high) context_id)

Where:

Example:

An anonymous context for a memory address range of 0xfebe0-0xfebff:

    (iomemcon (1043424 1043455) (unconfined.user object_r unconfined.object low_low))

ioportcon

Label i/o ports. This may be a single port or a range.

Statement definition:

    (ioportcon port|(port_low port_high) context_id)

Where:

Example:

An anonymous context for a single port of :0xecc0:

    (ioportcon 60608 (unconfined.user object_r unconfined.object low_low))

pcidevicecon

Label a PCI device.

Statement definition:

    (pcidevicecon device context_id)

Where:

Example:

An anonymous context for a pci device address of 0xc800:

    (pcidevicecon 51200 (unconfined.user object_r unconfined.object low_low))

pirqcon

Label an interrupt level.

Statement definition:

    (pirqcon irq_level context_id)

Where:

Example:

An anonymous context for IRQ 33:

    (pirqcon 33 (unconfined.user object_r unconfined.object low_low))

devicetreecon

Label device tree nodes.

Statement definition:

    (devicetreecon path context_id)

Where:

Example:

An anonymous context for the specified path:

    (devicetreecon "/this is/a/path" (unconfined.user object_r unconfined.object low_low))