|
|
@ -89,7 +89,7 @@ index 5957d29..53cc5a0 100644 |
|
|
|
if (write_binary_policy(&modpolicydb, outfp) != 0) { |
|
|
|
if (write_binary_policy(&modpolicydb, outfp) != 0) { |
|
|
|
fprintf(stderr, "%s: error writing %s\n", argv[0], outfile); |
|
|
|
fprintf(stderr, "%s: error writing %s\n", argv[0], outfile); |
|
|
|
diff --git checkpolicy-2.5/checkpolicy.c checkpolicy-2.5/checkpolicy.c |
|
|
|
diff --git checkpolicy-2.5/checkpolicy.c checkpolicy-2.5/checkpolicy.c |
|
|
|
index 9da661e..5bc0c56 100644 |
|
|
|
index 9da661e..f682355 100644 |
|
|
|
--- checkpolicy-2.5/checkpolicy.c |
|
|
|
--- checkpolicy-2.5/checkpolicy.c |
|
|
|
+++ checkpolicy-2.5/checkpolicy.c |
|
|
|
+++ checkpolicy-2.5/checkpolicy.c |
|
|
|
@@ -22,6 +22,7 @@ |
|
|
|
@@ -22,6 +22,7 @@ |
|
|
@ -100,12 +100,15 @@ index 9da661e..5bc0c56 100644 |
|
|
|
* Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. |
|
|
|
* Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. |
|
|
|
* Copyright (C) 2003 - 2005 Tresys Technology, LLC |
|
|
|
* Copyright (C) 2003 - 2005 Tresys Technology, LLC |
|
|
|
* Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> |
|
|
|
* Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> |
|
|
|
@@ -64,13 +65,16 @@ |
|
|
|
@@ -64,13 +65,19 @@ |
|
|
|
#include <sys/stat.h> |
|
|
|
#include <sys/stat.h> |
|
|
|
#include <sys/socket.h> |
|
|
|
#include <sys/socket.h> |
|
|
|
#include <netinet/in.h> |
|
|
|
#include <netinet/in.h> |
|
|
|
+#ifndef IPPROTO_DCCP |
|
|
|
+#ifndef IPPROTO_DCCP |
|
|
|
+#define IPPROTO_DCCP 33 |
|
|
|
+#define IPPROTO_DCCP 33 |
|
|
|
|
|
|
|
+#endif |
|
|
|
|
|
|
|
+#ifndef IPPROTO_SCTP |
|
|
|
|
|
|
|
+#define IPPROTO_SCTP 132 |
|
|
|
+#endif |
|
|
|
+#endif |
|
|
|
#include <arpa/inet.h> |
|
|
|
#include <arpa/inet.h> |
|
|
|
#include <fcntl.h> |
|
|
|
#include <fcntl.h> |
|
|
@ -118,7 +121,7 @@ index 9da661e..5bc0c56 100644 |
|
|
|
#include <ctype.h> |
|
|
|
#include <ctype.h> |
|
|
|
#endif |
|
|
|
#endif |
|
|
|
|
|
|
|
|
|
|
|
@@ -679,6 +683,8 @@ int main(int argc, char **argv) |
|
|
|
@@ -679,6 +686,8 @@ int main(int argc, char **argv) |
|
|
|
printf("h) change a boolean value\n"); |
|
|
|
printf("h) change a boolean value\n"); |
|
|
|
printf("i) display constraint expressions\n"); |
|
|
|
printf("i) display constraint expressions\n"); |
|
|
|
printf("j) display validatetrans expressions\n"); |
|
|
|
printf("j) display validatetrans expressions\n"); |
|
|
@ -127,16 +130,18 @@ index 9da661e..5bc0c56 100644 |
|
|
|
#ifdef EQUIVTYPES |
|
|
|
#ifdef EQUIVTYPES |
|
|
|
printf("z) Show equivalent types\n"); |
|
|
|
printf("z) Show equivalent types\n"); |
|
|
|
#endif |
|
|
|
#endif |
|
|
|
@@ -919,6 +925,8 @@ int main(int argc, char **argv) |
|
|
|
@@ -919,6 +928,10 @@ int main(int argc, char **argv) |
|
|
|
protocol = IPPROTO_TCP; |
|
|
|
protocol = IPPROTO_TCP; |
|
|
|
else if (!strcmp(ans, "udp") || !strcmp(ans, "UDP")) |
|
|
|
else if (!strcmp(ans, "udp") || !strcmp(ans, "UDP")) |
|
|
|
protocol = IPPROTO_UDP; |
|
|
|
protocol = IPPROTO_UDP; |
|
|
|
+ else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP")) |
|
|
|
+ else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP")) |
|
|
|
+ protocol = IPPROTO_DCCP; |
|
|
|
+ protocol = IPPROTO_DCCP; |
|
|
|
|
|
|
|
+ else if (!strcmp(ans, "sctp") || !strcmp(ans, "SCTP")) |
|
|
|
|
|
|
|
+ protocol = IPPROTO_SCTP; |
|
|
|
else { |
|
|
|
else { |
|
|
|
printf("unknown protocol\n"); |
|
|
|
printf("unknown protocol\n"); |
|
|
|
break; |
|
|
|
break; |
|
|
|
@@ -1198,6 +1206,50 @@ int main(int argc, char **argv) |
|
|
|
@@ -1198,6 +1211,50 @@ int main(int argc, char **argv) |
|
|
|
"\nNo validatetrans expressions found.\n"); |
|
|
|
"\nNo validatetrans expressions found.\n"); |
|
|
|
} |
|
|
|
} |
|
|
|
break; |
|
|
|
break; |
|
|
@ -188,7 +193,7 @@ index 9da661e..5bc0c56 100644 |
|
|
|
case 'z': |
|
|
|
case 'z': |
|
|
|
identify_equiv_types(); |
|
|
|
identify_equiv_types(); |
|
|
|
diff --git checkpolicy-2.5/policy_define.c checkpolicy-2.5/policy_define.c |
|
|
|
diff --git checkpolicy-2.5/policy_define.c checkpolicy-2.5/policy_define.c |
|
|
|
index ee20fea..f65958c 100644 |
|
|
|
index ee20fea..a275e33 100644 |
|
|
|
--- checkpolicy-2.5/policy_define.c |
|
|
|
--- checkpolicy-2.5/policy_define.c |
|
|
|
+++ checkpolicy-2.5/policy_define.c |
|
|
|
+++ checkpolicy-2.5/policy_define.c |
|
|
|
@@ -20,6 +20,7 @@ |
|
|
|
@@ -20,6 +20,7 @@ |
|
|
@ -199,26 +204,31 @@ index ee20fea..f65958c 100644 |
|
|
|
* This program is free software; you can redistribute it and/or modify |
|
|
|
* This program is free software; you can redistribute it and/or modify |
|
|
|
* it under the terms of the GNU General Public License as published by |
|
|
|
* it under the terms of the GNU General Public License as published by |
|
|
|
* the Free Software Foundation, version 2. |
|
|
|
* the Free Software Foundation, version 2. |
|
|
|
@@ -36,6 +37,9 @@ |
|
|
|
@@ -36,6 +37,12 @@ |
|
|
|
#include <string.h> |
|
|
|
#include <string.h> |
|
|
|
#include <sys/socket.h> |
|
|
|
#include <sys/socket.h> |
|
|
|
#include <netinet/in.h> |
|
|
|
#include <netinet/in.h> |
|
|
|
+#ifndef IPPROTO_DCCP |
|
|
|
+#ifndef IPPROTO_DCCP |
|
|
|
+#define IPPROTO_DCCP 33 |
|
|
|
+#define IPPROTO_DCCP 33 |
|
|
|
|
|
|
|
+#endif |
|
|
|
|
|
|
|
+#ifndef IPPROTO_SCTP |
|
|
|
|
|
|
|
+#define IPPROTO_SCTP 132 |
|
|
|
+#endif |
|
|
|
+#endif |
|
|
|
#include <arpa/inet.h> |
|
|
|
#include <arpa/inet.h> |
|
|
|
#include <stdlib.h> |
|
|
|
#include <stdlib.h> |
|
|
|
#include <limits.h> |
|
|
|
#include <limits.h> |
|
|
|
@@ -4876,6 +4880,8 @@ int define_port_context(unsigned int low, unsigned int high) |
|
|
|
@@ -4876,6 +4883,10 @@ int define_port_context(unsigned int low, unsigned int high) |
|
|
|
protocol = IPPROTO_TCP; |
|
|
|
protocol = IPPROTO_TCP; |
|
|
|
} else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) { |
|
|
|
} else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) { |
|
|
|
protocol = IPPROTO_UDP; |
|
|
|
protocol = IPPROTO_UDP; |
|
|
|
+ } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { |
|
|
|
+ } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { |
|
|
|
+ protocol = IPPROTO_DCCP; |
|
|
|
+ protocol = IPPROTO_DCCP; |
|
|
|
|
|
|
|
+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) { |
|
|
|
|
|
|
|
+ protocol = IPPROTO_SCTP; |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
yyerror2("unrecognized protocol %s", id); |
|
|
|
yyerror2("unrecognized protocol %s", id); |
|
|
|
free(newc); |
|
|
|
free(newc); |
|
|
|
@@ -4931,6 +4937,192 @@ int define_port_context(unsigned int low, unsigned int high) |
|
|
|
@@ -4931,6 +4942,192 @@ int define_port_context(unsigned int low, unsigned int high) |
|
|
|
return -1; |
|
|
|
return -1; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
@ -411,7 +421,7 @@ index ee20fea..f65958c 100644 |
|
|
|
int define_netif_context(void) |
|
|
|
int define_netif_context(void) |
|
|
|
{ |
|
|
|
{ |
|
|
|
ocontext_t *newc, *c, *head; |
|
|
|
ocontext_t *newc, *c, *head; |
|
|
|
@@ -5135,7 +5327,7 @@ int define_ipv6_node_context(void) |
|
|
|
@@ -5135,7 +5332,7 @@ int define_ipv6_node_context(void) |
|
|
|
|
|
|
|
|
|
|
|
memset(newc, 0, sizeof(ocontext_t)); |
|
|
|
memset(newc, 0, sizeof(ocontext_t)); |
|
|
|
|
|
|
|
|
|
|
|