From: Cole Robinson <crobinso@redhat.com>
Date: Tue, 8 Oct 2019 15:55:24 +0000 (-0400)
Subject: security: apparmor: Push virStorageSource checks to add_file_path
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=c7eea3f559340723d5200278105d63eb3c686561;p=libvirt.git

security: apparmor: Push virStorageSource checks to add_file_path

This mirrors the code layout in security_selinux.c. It will also make
it easier to share the checks for qcow2 external data_file support
eventually

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
---

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 9f39eb2e2b..20281c38b7 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -917,6 +917,10 @@ add_file_path(virStorageSourcePtr src,
 {
     int ret;
 
+    /* execute the callback only for local storage */
+    if (!src->path || !virStorageSourceIsLocalStorage(src))
+        return 0;
+
     if (depth == 0) {
         if (src->readonly)
             ret = vah_add_file(buf, src->path, "rk");
@@ -941,12 +945,8 @@ disk_add_files(virDomainDiskDefPtr disk,
     virStorageSourcePtr tmp;
 
     for (tmp = disk->src; virStorageSourceIsBacking(tmp); tmp = tmp->backingStore) {
-        /* execute the callback only for local storage */
-        if (virStorageSourceIsLocalStorage(tmp) &&
-            tmp->path) {
-            if (add_file_path(tmp, depth, buf) < 0)
-                return -1;
-        }
+        if (add_file_path(tmp, depth, buf) < 0)
+            return -1;
 
         depth++;
     }