Browse Source

checkpolicy package update

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
master
basebuilder_pel7x64builder0 6 years ago
parent
commit
a61fe425cb
  1. 30
      SOURCES/checkpolicy-rhel.patch
  2. 14
      SPECS/checkpolicy.spec

30
SOURCES/checkpolicy-rhel.patch

@ -89,7 +89,7 @@ index 5957d29..53cc5a0 100644
if (write_binary_policy(&modpolicydb, outfp) != 0) { if (write_binary_policy(&modpolicydb, outfp) != 0) {
fprintf(stderr, "%s: error writing %s\n", argv[0], outfile); fprintf(stderr, "%s: error writing %s\n", argv[0], outfile);
diff --git checkpolicy-2.5/checkpolicy.c checkpolicy-2.5/checkpolicy.c diff --git checkpolicy-2.5/checkpolicy.c checkpolicy-2.5/checkpolicy.c
index 9da661e..5bc0c56 100644 index 9da661e..f682355 100644
--- checkpolicy-2.5/checkpolicy.c --- checkpolicy-2.5/checkpolicy.c
+++ checkpolicy-2.5/checkpolicy.c +++ checkpolicy-2.5/checkpolicy.c
@@ -22,6 +22,7 @@ @@ -22,6 +22,7 @@
@ -100,12 +100,15 @@ index 9da661e..5bc0c56 100644
* Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
* Copyright (C) 2003 - 2005 Tresys Technology, LLC * Copyright (C) 2003 - 2005 Tresys Technology, LLC
* Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
@@ -64,13 +65,16 @@ @@ -64,13 +65,19 @@
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <netinet/in.h> #include <netinet/in.h>
+#ifndef IPPROTO_DCCP +#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33 +#define IPPROTO_DCCP 33
+#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif +#endif
#include <arpa/inet.h> #include <arpa/inet.h>
#include <fcntl.h> #include <fcntl.h>
@ -118,7 +121,7 @@ index 9da661e..5bc0c56 100644
#include <ctype.h> #include <ctype.h>
#endif #endif
@@ -679,6 +683,8 @@ int main(int argc, char **argv) @@ -679,6 +686,8 @@ int main(int argc, char **argv)
printf("h) change a boolean value\n"); printf("h) change a boolean value\n");
printf("i) display constraint expressions\n"); printf("i) display constraint expressions\n");
printf("j) display validatetrans expressions\n"); printf("j) display validatetrans expressions\n");
@ -127,16 +130,18 @@ index 9da661e..5bc0c56 100644
#ifdef EQUIVTYPES #ifdef EQUIVTYPES
printf("z) Show equivalent types\n"); printf("z) Show equivalent types\n");
#endif #endif
@@ -919,6 +925,8 @@ int main(int argc, char **argv) @@ -919,6 +928,10 @@ int main(int argc, char **argv)
protocol = IPPROTO_TCP; protocol = IPPROTO_TCP;
else if (!strcmp(ans, "udp") || !strcmp(ans, "UDP")) else if (!strcmp(ans, "udp") || !strcmp(ans, "UDP"))
protocol = IPPROTO_UDP; protocol = IPPROTO_UDP;
+ else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP")) + else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP"))
+ protocol = IPPROTO_DCCP; + protocol = IPPROTO_DCCP;
+ else if (!strcmp(ans, "sctp") || !strcmp(ans, "SCTP"))
+ protocol = IPPROTO_SCTP;
else { else {
printf("unknown protocol\n"); printf("unknown protocol\n");
break; break;
@@ -1198,6 +1206,50 @@ int main(int argc, char **argv) @@ -1198,6 +1211,50 @@ int main(int argc, char **argv)
"\nNo validatetrans expressions found.\n"); "\nNo validatetrans expressions found.\n");
} }
break; break;
@ -188,7 +193,7 @@ index 9da661e..5bc0c56 100644
case 'z': case 'z':
identify_equiv_types(); identify_equiv_types();
diff --git checkpolicy-2.5/policy_define.c checkpolicy-2.5/policy_define.c diff --git checkpolicy-2.5/policy_define.c checkpolicy-2.5/policy_define.c
index ee20fea..f65958c 100644 index ee20fea..a275e33 100644
--- checkpolicy-2.5/policy_define.c --- checkpolicy-2.5/policy_define.c
+++ checkpolicy-2.5/policy_define.c +++ checkpolicy-2.5/policy_define.c
@@ -20,6 +20,7 @@ @@ -20,6 +20,7 @@
@ -199,26 +204,31 @@ index ee20fea..f65958c 100644
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 2. * the Free Software Foundation, version 2.
@@ -36,6 +37,9 @@ @@ -36,6 +37,12 @@
#include <string.h> #include <string.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <netinet/in.h> #include <netinet/in.h>
+#ifndef IPPROTO_DCCP +#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33 +#define IPPROTO_DCCP 33
+#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif +#endif
#include <arpa/inet.h> #include <arpa/inet.h>
#include <stdlib.h> #include <stdlib.h>
#include <limits.h> #include <limits.h>
@@ -4876,6 +4880,8 @@ int define_port_context(unsigned int low, unsigned int high) @@ -4876,6 +4883,10 @@ int define_port_context(unsigned int low, unsigned int high)
protocol = IPPROTO_TCP; protocol = IPPROTO_TCP;
} else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) { } else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) {
protocol = IPPROTO_UDP; protocol = IPPROTO_UDP;
+ } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { + } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
+ protocol = IPPROTO_DCCP; + protocol = IPPROTO_DCCP;
+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
+ protocol = IPPROTO_SCTP;
} else { } else {
yyerror2("unrecognized protocol %s", id); yyerror2("unrecognized protocol %s", id);
free(newc); free(newc);
@@ -4931,6 +4937,192 @@ int define_port_context(unsigned int low, unsigned int high) @@ -4931,6 +4942,192 @@ int define_port_context(unsigned int low, unsigned int high)
return -1; return -1;
} }
@ -411,7 +421,7 @@ index ee20fea..f65958c 100644
int define_netif_context(void) int define_netif_context(void)
{ {
ocontext_t *newc, *c, *head; ocontext_t *newc, *c, *head;
@@ -5135,7 +5327,7 @@ int define_ipv6_node_context(void) @@ -5135,7 +5332,7 @@ int define_ipv6_node_context(void)
memset(newc, 0, sizeof(ocontext_t)); memset(newc, 0, sizeof(ocontext_t));

14
SPECS/checkpolicy.spec

@ -1,13 +1,13 @@
%define libselinuxver 2.5-12 %define libselinuxver 2.5-14.1
%define libsepolver 2.5-8 %define libsepolver 2.5-10
Summary: SELinux policy compiler Summary: SELinux policy compiler
Name: checkpolicy Name: checkpolicy
Version: 2.5 Version: 2.5
Release: 6%{?dist} Release: 8%{?dist}
License: GPLv2 License: GPLv2
Group: Development/System Group: Development/System
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/checkpolicy-2.5.tar.gz Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/checkpolicy-2.5.tar.gz
# HEAD f4e2ab4e29496130bc89dddf8096e9367b25665b # HEAD bfaa258580f74440ca92d68828ac31f58656f5ef
Patch1: checkpolicy-rhel.patch Patch1: checkpolicy-rhel.patch


BuildRoot: %{_tmppath}/%{name}-buildroot BuildRoot: %{_tmppath}/%{name}-buildroot
@ -59,6 +59,12 @@ rm -rf ${RPM_BUILD_ROOT}
%{_bindir}/sedispol %{_bindir}/sedispol


%changelog %changelog
* Thu Jul 26 2018 Vit Mojzis <vmojzis@redhat.com> - 2.5-8
- Add support for the SCTP portcon keyword (#1572269)

* Fri May 11 2018 Vit Mojzis <vmojzis@redhat.com> - 2.5-7
- Incorporate support for extended_socket_class from libsepol (#1572269)

* Thu Oct 19 2017 Vit Mojzis <vmojzis@redhat.com> - 2.5-6 * Thu Oct 19 2017 Vit Mojzis <vmojzis@redhat.com> - 2.5-6
- Add ibendport ocontext handling - Add ibendport ocontext handling
- Add support for ibendportcon labels - Add support for ibendportcon labels

Loading…
Cancel
Save