[PATCH 6/8] Pull code which finds a free MCS label out into its own method

"Daniel P. Berrange" <berrange@xxxxxxxxxx> · Fri, 10 Aug 2012 14:48:01 +0100

From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>

The code for picking a MCS label is about to get significantly
more complicated, so it deserves to be in a standlone method,
instead of a switch/case body.

Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
 src/security/security_selinux.c | 75 ++++++++++++++++++++++++++---------------
 1 file changed, 47 insertions(+), 28 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 5c917ea..4963ef5 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -98,6 +98,48 @@ virSecuritySELinuxMCSRemove(virSecurityManagerPtr mgr,
     virHashRemoveEntry(data->mcs, mcs);
 }
 
+
+static char *
+virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr)
+{
+    virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
+    int c1 = 0;
+    int c2 = 0;
+    char *mcs = NULL;
+
+    for (;;) {
+        c1 = virRandomBits(10);
+        c2 = virRandomBits(10);
+
+        if (c1 == c2) {
+            if (virAsprintf(&mcs, "s0:c%d", c1) < 0) {
+                virReportOOMError();
+                return NULL;
+            }
+        } else {
+            if (c1 > c2) {
+                c1 ^= c2;
+                c2 ^= c1;
+                c1 ^= c2;
+            }
+            if (virAsprintf(&mcs, "s0:c%d,c%d", c1, c2) < 0) {
+                virReportOOMError();
+                return NULL;
+            }
+        }
+
+        if (virHashLookup(data->mcs, mcs) == NULL)
+            goto cleanup;
+
+        VIR_FREE(mcs);
+    }
+
+cleanup:
+    VIR_DEBUG("Found context '%s'", NULLSTR(mcs));
+    return mcs;
+}
+
+
 static char *
 virSecuritySELinuxGenNewContext(const char *basecontext, const char *mcs)
 {
@@ -316,8 +358,6 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
     int rc = -1;
     char *mcs = NULL;
     char *scontext = NULL;
-    int c1 = 0;
-    int c2 = 0;
     context_t ctx = NULL;
     const char *range;
     virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
@@ -372,32 +412,11 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
         break;
 
     case VIR_DOMAIN_SECLABEL_DYNAMIC:
-        for (;;) {
-            int rv;
-            c1 = virRandomBits(10);
-            c2 = virRandomBits(10);
-
-            if ( c1 == c2 ) {
-                if (virAsprintf(&mcs, "s0:c%d", c1) < 0) {
-                    virReportOOMError();
-                    goto cleanup;
-                }
-            } else {
-                if (c1 > c2) {
-                    c1 ^= c2;
-                    c2 ^= c1;
-                    c1 ^= c2;
-                }
-                if (virAsprintf(&mcs, "s0:c%d,c%d", c1, c2) < 0) {
-                    virReportOOMError();
-                    goto cleanup;
-                }
-            }
-            if ((rv = virSecuritySELinuxMCSAdd(mgr, mcs)) < 0)
-                goto cleanup;
-            if (rv == 0)
-                break;
-        }
+        if (!(mcs = virSecuritySELinuxMCSFind(mgr)))
+            goto cleanup;
+
+        if (virSecuritySELinuxMCSAdd(mgr, mcs) < 0)
+            goto cleanup;
 
         if (!(def->seclabel.label =
               virSecuritySELinuxGenNewContext(def->seclabel.baselabel ?
-- 
1.7.11.2

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list





