Xen StatementsPolicy version 30 introduced the devicetreecon statement and also expanded the existing I/O memory range to 64 bits in order to support hardware with more than 44 bits of physical address space (32-bit count of 4K pages).See the "XSM/FLASK Configuration" document for further information ()iomemconLabel i/o memory. This may be a single memory location or a range.Statement definition:Where:iomemconThe iomemcon keyword.mem_addr |(mem_low mem_high)A single memory address to apply the context, or a range of addresses.The entries must consist of numerics [0-9].context_idA previously declared context identifier or an anonymous security context (user role type levelrange), the range MUST be defined whether the policy is MLS/MCS enabled or not.Example:An anonymous context for a memory address range of 0xfebe0-0xfebff:ioportconLabel i/o ports. This may be a single port or a range.Statement definition:Where:ioportconThe ioportcon keyword.port |(port_low port_high)A single port to apply the context, or a range of ports.The entries must consist of numerics [0-9].context_idA previously declared context identifier or an anonymous security context (user role type levelrange), the range MUST be defined whether the policy is MLS/MCS enabled or not.Example:An anonymous context for a single port of :0xecc0:pcideviceconLabel a PCI device.Statement definition:Where:pcideviceconThe pcidevicecon keyword.deviceThe device number.The entries must consist of numerics [0-9].context_idA previously declared context identifier or an anonymous security context (user role type levelrange), the range MUST be defined whether the policy is MLS/MCS enabled or not.Example:An anonymous context for a pci device address of 0xc800:pirqconLabel an interrupt level.Statement definition:Where:pirqconThe pirqcon keyword.irq_levelThe interrupt request number. The entries must consist of numerics [0-9].context_idA previously declared context identifier or an anonymous security context (user role type levelrange), the range MUST be defined whether the policy is MLS/MCS enabled or not.Example:An anonymous context for IRQ 33:devicetreeconLabel device tree nodes.Statement definition:Where:devicetreeconThe devicetreecon keyword.pathThe device tree path. If this contains spaces enclose within "".context_idA previously declared context identifier or an anonymous security context (user role type levelrange), the range MUST be defined whether the policy is MLS/MCS enabled or not.Example:An anonymous context for the specified path: