[libvirt] [PATCH 6/8] Pull code which finds a free MCS label out into its own method
From: "Daniel P. Berrange" <berrange(a)redhat.com>
The code for picking a MCS label is about to get significantly
more complicated, so it deserves to be in a standlone method,
instead of a switch/case body.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/security/security_selinux.c | 75 ++++++++++++++++++++++++++---------------
1 file changed, 47 insertions(+), 28 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 5c917ea..4963ef5 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -98,6 +98,48 @@ virSecuritySELinuxMCSRemove(virSecurityManagerPtr mgr,
virHashRemoveEntry(data->mcs, mcs);
}
+
+static char *
+virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr)
+{
+ virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
+ int c1 = 0;
+ int c2 = 0;
+ char *mcs = NULL;
+
+ for (;;) {
+ c1 = virRandomBits(10);
+ c2 = virRandomBits(10);
+
+ if (c1 == c2) {
+ if (virAsprintf(&mcs, "s0:c%d", c1) < 0) {
+ virReportOOMError();
+ return NULL;
+ }
+ } else {
+ if (c1 > c2) {
+ c1 ^= c2;
+ c2 ^= c1;
+ c1 ^= c2;
+ }
+ if (virAsprintf(&mcs, "s0:c%d,c%d", c1, c2) < 0) {
+ virReportOOMError();
+ return NULL;
+ }
+ }
+
+ if (virHashLookup(data->mcs, mcs) == NULL)
+ goto cleanup;
+
+ VIR_FREE(mcs);
+ }
+
+cleanup:
+ VIR_DEBUG("Found context '%s'", NULLSTR(mcs));
+ return mcs;
+}
+
+
static char *
virSecuritySELinuxGenNewContext(const char *basecontext, const char *mcs)
{
@@ -316,8 +358,6 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
int rc = -1;
char *mcs = NULL;
char *scontext = NULL;
- int c1 = 0;
- int c2 = 0;
context_t ctx = NULL;
const char *range;
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
@@ -372,32 +412,11 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
break;
case VIR_DOMAIN_SECLABEL_DYNAMIC:
- for (;;) {
- int rv;
- c1 = virRandomBits(10);
- c2 = virRandomBits(10);
-
- if ( c1 == c2 ) {
- if (virAsprintf(&mcs, "s0:c%d", c1) < 0) {
- virReportOOMError();
- goto cleanup;
- }
- } else {
- if (c1 > c2) {
- c1 ^= c2;
- c2 ^= c1;
- c1 ^= c2;
- }
- if (virAsprintf(&mcs, "s0:c%d,c%d", c1, c2) < 0) {
- virReportOOMError();
- goto cleanup;
- }
- }
- if ((rv = virSecuritySELinuxMCSAdd(mgr, mcs)) < 0)
- goto cleanup;
- if (rv == 0)
- break;
- }
+ if (!(mcs = virSecuritySELinuxMCSFind(mgr)))
+ goto cleanup;
+
+ if (virSecuritySELinuxMCSAdd(mgr, mcs) < 0)
+ goto cleanup;
if (!(def->seclabel.label =
virSecuritySELinuxGenNewContext(def->seclabel.baselabel ?
--
1.7.11.2