#
# Define common prefixes for access vectors
#
# common common_name { permission_name ... }

common ispriv
{
	ispriv
}

#
# Define a common prefix for file access vectors.
#


#
# Define the access vectors.
#
# class class_name [ inherits common_name ] { permission_name ... }


#
# Define the access vector interpretation for file-related objects.
#

class xen
inherits ispriv
{
	scheduler
	settime
	tbufcontrol
	readconsole
	clearconsole
	perfcontrol
	readmsr
	writemsr
	mtrr_add
	mtrr_del
	mtrr_read
	microcode
	physinfo
	quirk
	mmap
}

class domain
{
	setvcpucontext
	pause
	unpause
	create
	max_vcpus
	destroy
	setvcpuaffinity
	scheduler
	getdomaininfo
	getvcpuinfo
	getvcpucontext
	setdomainmaxmem
	setdomainhandle
	setdebugging
	hypercall
	transition
}

class event
{
	bind
	close
	send
	status
	unmask
	notify
	create
	alloc
}

class grant
{
	map_read
	map_write
	unmap
	transfer
	setup
}

class mmu
{
	map_read
	map_write
	map_anonymous
	pageinfo
	pagelist
}

class shadow
{
	disable
	enable
	flush
	clean
	peek
}

class resource
{
	add
	remove
	use
	add_irq
	remove_irq
	add_ioport
	remove_ioport
	add_iomem
	remove_iomem
}

class security
{
	compute_av
	compute_create
	compute_member
	check_context
	load_policy
	compute_relabel
	compute_user
	setenforce     # was avc_toggle in system class
	setbool
	setsecparam
}
