Signed-off-by: Jiang Jiacheng <jiangjiacheng@xxxxxxxxxx> --- src/security/security_apparmor.c | 91 +++++++++++--------------------- 1 file changed, 31 insertions(+), 60 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index 36e8ce42b5..64b57f6a22 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -70,9 +70,9 @@ struct SDPDOP { static int profile_status(const char *str, const int check_enforcing) { - char *content = NULL; - char *tmp = NULL; - char *etmp = NULL; + g_autofree char *content = NULL; + g_autofree char *tmp = NULL; + g_autofree char *etmp = NULL; int rc = -2; /* create string that is '<str> \0' for accurate matching */ @@ -87,7 +87,7 @@ profile_status(const char *str, const int check_enforcing) virReportSystemError(errno, _("Failed to read AppArmor profiles list " "\'%s\'"), APPARMOR_PROFILES_PATH); - goto cleanup; + return -2; } if (strstr(content, tmp) != NULL) @@ -99,11 +99,6 @@ profile_status(const char *str, const int check_enforcing) rc = 1; /* return '1' if loaded and enforcing */ } - VIR_FREE(content); - cleanup: - VIR_FREE(tmp); - VIR_FREE(etmp); - return rc; } @@ -320,12 +315,11 @@ AppArmorSetSecurityHostLabel(virSCSIVHostDevice *dev G_GNUC_UNUSED, static int AppArmorSecurityManagerProbe(const char *virtDriver G_GNUC_UNUSED) { - char *template_qemu = NULL; - char *template_lxc = NULL; - int rc = SECURITY_DRIVER_DISABLE; + g_autofree char *template_qemu = NULL; + g_autofree char *template_lxc = NULL; if (use_apparmor() < 0) - return rc; + return SECURITY_DRIVER_DISABLE; /* see if template file exists */ template_qemu = g_strdup_printf("%s/TEMPLATE.qemu", APPARMOR_DIR "/libvirt"); @@ -334,20 +328,15 @@ AppArmorSecurityManagerProbe(const char *virtDriver G_GNUC_UNUSED) if (!virFileExists(template_qemu)) { virReportError(VIR_ERR_INTERNAL_ERROR, _("template \'%s\' does not exist"), template_qemu); - goto cleanup; + return SECURITY_DRIVER_DISABLE; } if (!virFileExists(template_lxc)) { virReportError(VIR_ERR_INTERNAL_ERROR, _("template \'%s\' does not exist"), template_lxc); - goto cleanup; + return SECURITY_DRIVER_DISABLE; } - rc = SECURITY_DRIVER_ENABLE; - cleanup: - VIR_FREE(template_qemu); - VIR_FREE(template_lxc); - - return rc; + return SECURITY_DRIVER_ENABLE; } /* Security driver initialization. DOI is for 'Domain of Interpretation' and is @@ -387,8 +376,7 @@ static int AppArmorGenSecurityLabel(virSecurityManager *mgr G_GNUC_UNUSED, virDomainDef *def) { - int rc = -1; - char *profile_name = NULL; + g_autofree char *profile_name = NULL; virSecurityLabelDef *secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_APPARMOR_NAME); @@ -402,18 +390,18 @@ AppArmorGenSecurityLabel(virSecurityManager *mgr G_GNUC_UNUSED, if (secdef->baselabel) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Cannot set a base label with AppArmour")); - return rc; + return -1; } if (secdef->label || secdef->imagelabel) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("security label already defined for VM")); - return rc; + return -1; } if ((profile_name = get_profile_name(def)) == NULL) - return rc; + return -1; secdef->label = g_strdup(profile_name); @@ -431,18 +419,13 @@ AppArmorGenSecurityLabel(virSecurityManager *mgr G_GNUC_UNUSED, goto err; } - rc = 0; - goto cleanup; + return 0; err: VIR_FREE(secdef->label); VIR_FREE(secdef->imagelabel); VIR_FREE(secdef->model); - - cleanup: - VIR_FREE(profile_name); - - return rc; + return -1; } static int @@ -476,33 +459,29 @@ AppArmorGetSecurityProcessLabel(virSecurityManager *mgr G_GNUC_UNUSED, { int rc = -1; int status; - char *profile_name = NULL; + g_autofree char *profile_name = NULL; if ((profile_name = get_profile_name(def)) == NULL) - return rc; + return -1; status = profile_status(profile_name, 1); if (status < -1) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("error getting profile status")); - goto cleanup; + return -1; } else if (status == -1) { sec->label[0] = '\0'; } else { if (virStrcpy(sec->label, profile_name, VIR_SECURITY_LABEL_BUFLEN) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("error copying profile name")); - goto cleanup; + return -1; } } sec->enforcing = status == 1; - rc = 0; - - cleanup: - VIR_FREE(profile_name); - return rc; + return 0; } /* Called on VM shutdown and destroy. See AppArmorGenSecurityLabel (above) for @@ -555,7 +534,7 @@ AppArmorSetSecurityProcessLabel(virSecurityManager *mgr G_GNUC_UNUSED, virDomainDef *def) { int rc = -1; - char *profile_name = NULL; + g_autofree char *profile_name = NULL; virSecurityLabelDef *secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_APPARMOR_NAME); @@ -563,7 +542,7 @@ AppArmorSetSecurityProcessLabel(virSecurityManager *mgr G_GNUC_UNUSED, return 0; if ((profile_name = get_profile_name(def)) == NULL) - return rc; + return -1; if (STRNEQ(SECURITY_APPARMOR_NAME, secdef->model)) { virReportError(VIR_ERR_INTERNAL_ERROR, @@ -572,21 +551,17 @@ AppArmorSetSecurityProcessLabel(virSecurityManager *mgr G_GNUC_UNUSED, "hypervisor driver is \'%s\'."), secdef->model, SECURITY_APPARMOR_NAME); if (use_apparmor() > 0) - goto cleanup; + return -1; } VIR_DEBUG("Changing AppArmor profile to %s", profile_name); if (aa_change_profile(profile_name) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("error calling aa_change_profile()")); - goto cleanup; + return -1; } - rc = 0; - - cleanup: - VIR_FREE(profile_name); - return rc; + return 0; } /* Called directly by API user prior to virCommandRun(). @@ -600,8 +575,8 @@ AppArmorSetSecurityChildProcessLabel(virSecurityManager *mgr G_GNUC_UNUSED, virCommand *cmd) { int rc = -1; - char *profile_name = NULL; - char *cmd_str = NULL; + g_autofree char *profile_name = NULL; + g_autofree char *cmd_str = NULL; virSecurityLabelDef *secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_APPARMOR_NAME); @@ -615,21 +590,17 @@ AppArmorSetSecurityChildProcessLabel(virSecurityManager *mgr G_GNUC_UNUSED, "hypervisor driver is \'%s\'."), secdef->model, SECURITY_APPARMOR_NAME); if (use_apparmor() > 0) - goto cleanup; + return -1; } if ((profile_name = get_profile_name(def)) == NULL) - goto cleanup; + return -1; cmd_str = virCommandToString(cmd, false); VIR_DEBUG("Changing AppArmor profile to %s on %s", profile_name, cmd_str); virCommandSetAppArmorProfile(cmd, profile_name); - rc = 0; - cleanup: - VIR_FREE(profile_name); - VIR_FREE(cmd_str); - return rc; + return 0; } static int -- 2.33.0