Pull code which finds a free MCS label out into its own method

The code for picking a MCS label is about to get significantly more complicated, so it deserves to be in a standlone method, instead of a switch/case body. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-09 17:43:12 +01:00 · 2012-08-09 17:43:12 +01:00 · b6e66cb6dd
parent b77e9814e4
commit b6e66cb6dd
1 changed files with 46 additions and 27 deletions
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@ -98,6 +98,48 @@ virSecuritySELinuxMCSRemove(virSecurityManagerPtr mgr,
    virHashRemoveEntry(data->mcs, mcs);
 }

+
+static char *
+virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr)
+{
+    virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
+    int c1 = 0;
+    int c2 = 0;
+    char *mcs = NULL;
+
+    for (;;) {
+        c1 = virRandomBits(10);
+        c2 = virRandomBits(10);
+
+        if (c1 == c2) {
+            if (virAsprintf(&mcs, "s0:c%d", c1) < 0) {
+                virReportOOMError();
+                return NULL;
+            }
+        } else {
+            if (c1 > c2) {
+                int t = c1;
+                c1 = c2;
+                c2 = t;
+            }
+            if (virAsprintf(&mcs, "s0:c%d,c%d", c1, c2) < 0) {
+                virReportOOMError();
+                return NULL;
+            }
+        }
+
+        if (virHashLookup(data->mcs, mcs) == NULL)
+            goto cleanup;
+
+        VIR_FREE(mcs);
+    }
+
+cleanup:
+    VIR_DEBUG("Found context '%s'", NULLSTR(mcs));
+    return mcs;
+}
+
+
 static char *
 virSecuritySELinuxGenNewContext(const char *basecontext, const char *mcs)
 {
@ -316,8 +358,6 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
    int rc = -1;
    char *mcs = NULL;
    char *scontext = NULL;
-    int c1 = 0;
-    int c2 = 0;
    context_t ctx = NULL;
    const char *range;
    virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
@ -372,32 +412,11 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
        break;

    case VIR_DOMAIN_SECLABEL_DYNAMIC:
-        for (;;) {
-            int rv;
-            c1 = virRandomBits(10);
-            c2 = virRandomBits(10);
+        if (!(mcs = virSecuritySELinuxMCSFind(mgr)))
+            goto cleanup;

-            if ( c1 == c2 ) {
-                if (virAsprintf(&mcs, "s0:c%d", c1) < 0) {
-                    virReportOOMError();
-                    goto cleanup;
-                }
-            } else {
-                if (c1 > c2) {
-                    c1 ^= c2;
-                    c2 ^= c1;
-                    c1 ^= c2;
-                }
-                if (virAsprintf(&mcs, "s0:c%d,c%d", c1, c2) < 0) {
-                    virReportOOMError();
-                    goto cleanup;
-                }
-            }
-            if ((rv = virSecuritySELinuxMCSAdd(mgr, mcs)) < 0)
-                goto cleanup;
-            if (rv == 0)
-                break;
-        }
+        if (virSecuritySELinuxMCSAdd(mgr, mcs) < 0)
+            goto cleanup;

        if (!(def->seclabel.label =
              virSecuritySELinuxGenNewContext(def->seclabel.baselabel ?