security: apparmor: Push virStorageSource checks to add_file_path

This mirrors the code layout in security_selinux.c. It will also make
it easier to share the checks for qcow2 external data_file support
eventually

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
This commit is contained in:
Cole Robinson 2019-10-08 11:55:24 -04:00
parent 7c0bf48bc9
commit c7eea3f559

View File

@ -917,6 +917,10 @@ add_file_path(virStorageSourcePtr src,
{ {
int ret; int ret;
/* execute the callback only for local storage */
if (!src->path || !virStorageSourceIsLocalStorage(src))
return 0;
if (depth == 0) { if (depth == 0) {
if (src->readonly) if (src->readonly)
ret = vah_add_file(buf, src->path, "rk"); ret = vah_add_file(buf, src->path, "rk");
@ -941,12 +945,8 @@ disk_add_files(virDomainDiskDefPtr disk,
virStorageSourcePtr tmp; virStorageSourcePtr tmp;
for (tmp = disk->src; virStorageSourceIsBacking(tmp); tmp = tmp->backingStore) { for (tmp = disk->src; virStorageSourceIsBacking(tmp); tmp = tmp->backingStore) {
/* execute the callback only for local storage */ if (add_file_path(tmp, depth, buf) < 0)
if (virStorageSourceIsLocalStorage(tmp) && return -1;
tmp->path) {
if (add_file_path(tmp, depth, buf) < 0)
return -1;
}
depth++; depth++;
} }