[libvirt] [PATCH v5 3/3] selinux: deal with dtb file

[Olivia Yin]

---
 src/security/security_dac.c     |    8 ++++++++
 src/security/security_selinux.c |    8 ++++++++
 src/security/virt-aa-helper.c   |    4 ++++
 3 files changed, 20 insertions(+), 0 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 0b274b7..35b90da 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -760,6 +760,10 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
         virSecurityDACRestoreSecurityFileLabel(def->os.initrd) < 0)
         rc = -1;
 
+    if (def->os.dtb &&
+        virSecurityDACRestoreSecurityFileLabel(def->os.dtb) < 0)
+        rc = -1;
+
     return rc;
 }
 
@@ -822,6 +826,10 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
         virSecurityDACSetOwnership(def->os.initrd, user, group) < 0)
         return -1;
 
+    if (def->os.dtb &&
+        virSecurityDACSetOwnership(def->os.dtb, user, group) < 0)
+        return -1;
+
     return 0;
 }
 
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index a042b26..0dbfd35 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1720,6 +1720,10 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
         virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.initrd) < 0)
         rc = -1;
 
+    if (def->os.dtb &&
+        virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.dtb) < 0)
+        rc = -1;
+
     return rc;
 }
 
@@ -2116,6 +2120,10 @@ virSecuritySELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
         virSecuritySELinuxSetFilecon(def->os.initrd, data->content_context) < 0)
         return -1;
 
+    if (def->os.dtb &&
+        virSecuritySELinuxSetFilecon(def->os.dtb, data->content_context) < 0)
+        return -1;
+
     if (stdin_path) {
         if (virSecuritySELinuxSetFilecon(stdin_path, data->content_context) < 0 &&
             virStorageFileIsSharedFSType(stdin_path,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index c1a3ec9..f764f77 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -993,6 +993,10 @@ get_files(vahControl * ctl)
         if (vah_add_file(&buf, ctl->def->os.initrd, "r") != 0)
             goto clean;
 
+    if (ctl->def->os.dtb)
+        if (vah_add_file(&buf, ctl->def->os.dtb, "r") != 0)
+            goto clean;
+
     if (ctl->def->os.loader && ctl->def->os.loader)
         if (vah_add_file(&buf, ctl->def->os.loader, "r") != 0)
             goto clean;
-- 
1.6.4