From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 14 Dec 2022 09:27:57 +0000 (+0100)
Subject: qemu_security: Introduce qemuSecuritySetTPMLabels()
X-Git-Tag: v9.0.0-rc1~123
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bdbb8e7b00f29567491542204ebaf42eedf87df0;p=thirdparty%2Flibvirt.git

qemu_security: Introduce qemuSecuritySetTPMLabels()

Now that we have qemuSecurityRestoreTPMLabels() we might as well
have qemuSecuritySetTPMLabels(). The aim here is to remove
qemuSecurityStartTPMEmulator() which couples two separate things
into a single function call.

Therefore, introduce qemuSecuritySetTPMLabels() which does only
set seclabels on the TPM state.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---

diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 82d686b0e3..daf01bb803 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -576,6 +576,32 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
 }
 
 
+int
+qemuSecuritySetTPMLabels(virQEMUDriver *driver,
+                         virDomainObj *vm,
+                         bool setTPMStateLabel)
+{
+    qemuDomainObjPrivate *priv = vm->privateData;
+    int ret = -1;
+
+    if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
+        goto cleanup;
+
+    if (virSecurityManagerSetTPMLabels(driver->securityManager,
+                                       vm->def, setTPMStateLabel) < 0)
+        goto cleanup;
+
+    if (virSecurityManagerTransactionCommit(driver->securityManager,
+                                            -1, priv->rememberOwner) < 0)
+        goto cleanup;
+
+    ret = 0;
+ cleanup:
+    virSecurityManagerTransactionAbort(driver->securityManager);
+    return ret;
+}
+
+
 int
 qemuSecurityRestoreTPMLabels(virQEMUDriver *driver,
                              virDomainObj *vm,
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index b6f917a62f..198f8ef0d4 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -94,6 +94,10 @@ int qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
                                  int *exitstatus,
                                  int *cmdret);
 
+int qemuSecuritySetTPMLabels(virQEMUDriver *driver,
+                             virDomainObj *vm,
+                             bool setTPMStateLabel);
+
 int qemuSecurityRestoreTPMLabels(virQEMUDriver *driver,
                                  virDomainObj *vm,
                                  bool restoreTPMStateLabel);