}
+static int
+virSecurityDACSetInputLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainInputDefPtr input)
+
+{
+ virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityLabelDefPtr seclabel;
+ int ret = -1;
+ uid_t user;
+ gid_t group;
+
+ seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
+ if (seclabel && !seclabel->relabel)
+ return 0;
+
+ switch ((virDomainInputType) input->type) {
+ case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH:
+ if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0)
+ return -1;
+
+ ret = virSecurityDACSetOwnership(priv, NULL, input->source.evdev, user, group);
+ break;
+
+ case VIR_DOMAIN_INPUT_TYPE_MOUSE:
+ case VIR_DOMAIN_INPUT_TYPE_TABLET:
+ case VIR_DOMAIN_INPUT_TYPE_KBD:
+ case VIR_DOMAIN_INPUT_TYPE_LAST:
+ ret = 0;
+ break;
+ }
+
+ return ret;
+}
+
+static int
+virSecurityDACRestoreInputLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
+ virDomainInputDefPtr input)
+{
+ virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ int ret = -1;
+
+ switch ((virDomainInputType) input->type) {
+ case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH:
+ ret = virSecurityDACRestoreSecurityFileLabel(priv, input->source.evdev);
+ break;
+
+ case VIR_DOMAIN_INPUT_TYPE_MOUSE:
+ case VIR_DOMAIN_INPUT_TYPE_TABLET:
+ case VIR_DOMAIN_INPUT_TYPE_KBD:
+ case VIR_DOMAIN_INPUT_TYPE_LAST:
+ ret = 0;
+ break;
+ }
+
+ return ret;
+}
+
+
static int
virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
NULL) < 0)
rc = -1;
}
+
+ for (i = 0; i < def->ninputs; i++) {
+ if (virSecurityDACRestoreInputLabel(mgr, def, def->inputs[i]) < 0)
+ rc = -1;
+ }
+
for (i = 0; i < def->ndisks; i++) {
if (virSecurityDACRestoreSecurityImageLabelInt(mgr,
def,
def->disks[i]) < 0)
return -1;
}
+
+ for (i = 0; i < def->ninputs; i++) {
+ if (virSecurityDACSetInputLabel(mgr, def, def->inputs[i]) < 0)
+ return -1;
+ }
+
for (i = 0; i < def->nhostdevs; i++) {
if (virSecurityDACSetSecurityHostdevLabel(mgr,
def,
}
+static int
+virSecuritySELinuxSetInputLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainInputDefPtr input)
+{
+ virSecurityLabelDefPtr seclabel;
+
+ seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+ if (seclabel == NULL)
+ return 0;
+
+ switch ((virDomainInputType) input->type) {
+ case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH:
+ if (virSecuritySELinuxSetFilecon(mgr, input->source.evdev,
+ seclabel->imagelabel) < 0)
+ return -1;
+ break;
+
+ case VIR_DOMAIN_INPUT_TYPE_MOUSE:
+ case VIR_DOMAIN_INPUT_TYPE_TABLET:
+ case VIR_DOMAIN_INPUT_TYPE_KBD:
+ case VIR_DOMAIN_INPUT_TYPE_LAST:
+ break;
+ }
+
+ return 0;
+}
+
+
+static int
+virSecuritySELinuxRestoreInputLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainInputDefPtr input)
+{
+ int rc = 0;
+ virSecurityLabelDefPtr seclabel;
+
+ seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+ if (seclabel == NULL)
+ return 0;
+
+ switch ((virDomainInputType) input->type) {
+ case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH:
+ rc = virSecuritySELinuxRestoreSecurityFileLabel(mgr,
+ input->source.evdev);
+ break;
+
+ case VIR_DOMAIN_INPUT_TYPE_MOUSE:
+ case VIR_DOMAIN_INPUT_TYPE_TABLET:
+ case VIR_DOMAIN_INPUT_TYPE_KBD:
+ case VIR_DOMAIN_INPUT_TYPE_LAST:
+ break;
+ }
+
+ return rc;
+}
+
+
static int
virSecuritySELinuxSetSecurityTPMFileLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
NULL) < 0)
rc = -1;
}
+
+ for (i = 0; i < def->ninputs; i++) {
+ if (virSecuritySELinuxRestoreInputLabel(mgr, def, def->inputs[i]) < 0)
+ rc = -1;
+ }
+
for (i = 0; i < def->ndisks; i++) {
virDomainDiskDefPtr disk = def->disks[i];
NULL) < 0)
return -1;
}
+
+ for (i = 0; i < def->ninputs; i++) {
+ if (virSecuritySELinuxSetInputLabel(mgr, def, def->inputs[i]) < 0)
+ return -1;
+ }
+
if (def->tpm) {
if (virSecuritySELinuxSetSecurityTPMFileLabel(mgr, def,
def->tpm) < 0)
projects / libvirt.git / commitdiff