selinux: deal with dtb file

2024-08-07 01:13:49 +00:00 · 2013-03-14 12:49:44 +08:00 · 2013-03-14 12:49:44 +08:00 · 26705e02c1
commit 26705e02c1
parent 0b3509e245
3 changed files with 20 additions and 0 deletions
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@ -760,6 +760,10 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
        virSecurityDACRestoreSecurityFileLabel(def->os.initrd) < 0)
        rc = -1;

+    if (def->os.dtb &&
+        virSecurityDACRestoreSecurityFileLabel(def->os.dtb) < 0)
+        rc = -1;
+
    return rc;
 }

@ -822,6 +826,10 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
        virSecurityDACSetOwnership(def->os.initrd, user, group) < 0)
        return -1;

+    if (def->os.dtb &&
+        virSecurityDACSetOwnership(def->os.dtb, user, group) < 0)
+        return -1;
+
    return 0;
 }

--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@ -1765,6 +1765,10 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
        virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.initrd) < 0)
        rc = -1;

+    if (def->os.dtb &&
+        virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.dtb) < 0)
+        rc = -1;
+
    return rc;
 }

@ -2161,6 +2165,10 @@ virSecuritySELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
        virSecuritySELinuxSetFilecon(def->os.initrd, data->content_context) < 0)
        return -1;

+    if (def->os.dtb &&
+        virSecuritySELinuxSetFilecon(def->os.dtb, data->content_context) < 0)
+        return -1;
+
    if (stdin_path) {
        if (virSecuritySELinuxSetFilecon(stdin_path, data->content_context) < 0 &&
            virStorageFileIsSharedFSType(stdin_path,
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@ -993,6 +993,10 @@ get_files(vahControl * ctl)
        if (vah_add_file(&buf, ctl->def->os.initrd, "r") != 0)
            goto clean;

+    if (ctl->def->os.dtb)
+        if (vah_add_file(&buf, ctl->def->os.dtb, "r") != 0)
+            goto clean;
+
    if (ctl->def->os.loader && ctl->def->os.loader)
        if (vah_add_file(&buf, ctl->def->os.loader, "r") != 0)
            goto clean;