From aee3b77c336b7ae54914e322239ffabee59d74eb Mon Sep 17 00:00:00 2001
From: Erik Skultety <eskultet@redhat.com>
Date: Thu, 12 Feb 2015 18:32:41 +0100
Subject: [PATCH] security: Refactor virSecurityManagerGenLabel
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

if (mgr == NULL || mgr->drv == NULL)
    return ret;

This check isn't really necessary, security manager cannot be a NULL
pointer as it is either selinux (by default) or 'none', if no other driver is
set in the config. Even with no config file driver name yields 'none'.

The other hunk checks for domain's security model validity, but we should
also check devices' security model as well, therefore this hunk is moved into
a separate function which is called by virSecurityManagerCheckAllLabel that
checks both the domain's security model and devices' security model.

https://bugzilla.redhat.com/show_bug.cgi?id=1165485
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
 src/security/security_manager.c | 38 ++++++++++++++++-----------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 4b5132f8d0..f2a32bc1fa 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -576,33 +576,15 @@ virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
                            virDomainDefPtr vm)
 {
     int ret = -1;
-    size_t i, j;
+    size_t i;
     virSecurityManagerPtr* sec_managers = NULL;
     virSecurityLabelDefPtr seclabel;
     bool generated = false;
 
-    if (mgr == NULL || mgr->drv == NULL)
-        return ret;
-
     if ((sec_managers = virSecurityManagerGetNested(mgr)) == NULL)
         return ret;
 
     virObjectLock(mgr);
-    for (i = 0; i < vm->nseclabels; i++) {
-        if (!vm->seclabels[i]->model)
-            continue;
-
-        for (j = 0; sec_managers[j]; j++)
-            if (STREQ(vm->seclabels[i]->model, sec_managers[j]->drv->name))
-                break;
-
-        if (!sec_managers[j]) {
-            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                           _("Unable to find security driver for label %s"),
-                           vm->seclabels[i]->model);
-            goto cleanup;
-        }
-    }
 
     for (i = 0; sec_managers[i]; i++) {
         generated = false;
@@ -727,6 +709,21 @@ static int virSecurityManagerCheckModel(virSecurityManagerPtr mgr,
 }
 
 
+static int
+virSecurityManagerCheckDomainLabel(virSecurityManagerPtr mgr,
+                                   virDomainDefPtr def)
+{
+    size_t i;
+
+    for (i = 0; i < def->nseclabels; i++) {
+        if (virSecurityManagerCheckModel(mgr, def->seclabels[i]->model) < 0)
+            return -1;
+    }
+
+    return 0;
+}
+
+
 static int
 virSecurityManagerCheckDiskLabel(virSecurityManagerPtr mgr,
                                  virDomainDiskDefPtr disk)
@@ -772,6 +769,9 @@ int virSecurityManagerCheckAllLabel(virSecurityManagerPtr mgr,
 {
     size_t i;
 
+    if (virSecurityManagerCheckDomainLabel(mgr, vm) < 0)
+        return -1;
+
     for (i = 0; i < vm->ndisks; i++) {
         if (virSecurityManagerCheckDiskLabel(mgr, vm->disks[i]) < 0)
             return -1;