From da41740d00b89d4141398600869e4a656da2501b Mon Sep 17 00:00:00 2001
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Date: Thu, 9 Feb 2012 18:25:49 +0000
Subject: flask/policy: add device model types to example policy

This adds an example user for device_model_stubdomain_seclabel.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
---
 docs/misc/xsm-flask.txt | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'docs/misc/xsm-flask.txt')

diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt
index 5b4297da85..e2e415d578 100644
--- a/docs/misc/xsm-flask.txt
+++ b/docs/misc/xsm-flask.txt
@@ -61,6 +61,10 @@ that can be used without dom0 disaggregation. The main types for domUs are:
  - isolated_domU_t can only communicate with dom0
  - prot_domU_t is a domain type whose creation can be disabled with a boolean
 
+HVM domains with stubdomain device models use two types (one per domain):
+ - domHVM_t is an HVM domain that uses a stubdomain device model
+ - dm_dom_t is the device model for a domain with type domHVM_t
+
 One disadvantage of using type enforcement to enforce isolation is that a new
 type is needed for each group of domains. In addition, it is not possible to
 allow isolated_domU_t cannot to create loopback event channels without allowing
-- 
cgit v1.2.3