Now that we have qemuSecurityRestoreTPMLabels() we might as well
have qemuSecuritySetTPMLabels(). The aim here is to remove
qemuSecurityStartTPMEmulator() which couples two separate things
into a single function call.
Therefore, introduce qemuSecuritySetTPMLabels() which does only
set seclabels on the TPM state.
Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
src/qemu/qemu_security.c | 26 ++++++++++++++++++++++++++
src/qemu/qemu_security.h | 4 ++++
2 files changed, 30 insertions(+)
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 82d686b0e3..daf01bb803 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -576,6 +576,32 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
}
+int
+qemuSecuritySetTPMLabels(virQEMUDriver *driver,
+ virDomainObj *vm,
+ bool setTPMStateLabel)
+{
+ qemuDomainObjPrivate *priv = vm->privateData;
+ int ret = -1;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ goto cleanup;
+
+ if (virSecurityManagerSetTPMLabels(driver->securityManager,
+ vm->def, setTPMStateLabel) < 0)
+ goto cleanup;
+
+ if (virSecurityManagerTransactionCommit(driver->securityManager,
+ -1, priv->rememberOwner) < 0)
+ goto cleanup;
+
+ ret = 0;
+ cleanup:
+ virSecurityManagerTransactionAbort(driver->securityManager);
+ return ret;
+}
+
+
int
qemuSecurityRestoreTPMLabels(virQEMUDriver *driver,
virDomainObj *vm,
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index b6f917a62f..198f8ef0d4 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -94,6 +94,10 @@ int qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
int *exitstatus,
int *cmdret);
+int qemuSecuritySetTPMLabels(virQEMUDriver *driver,
+ virDomainObj *vm,
+ bool setTPMStateLabel);
+
int qemuSecurityRestoreTPMLabels(virQEMUDriver *driver,
virDomainObj *vm,
bool restoreTPMStateLabel);
--
2.38.2
