Browse Source

libsepol patch update

Signed-off-by: basebuilder_pel7ppc64bebuilder0 <basebuilder@powerel.org>
master
basebuilder_pel7ppc64bebuilder0 6 years ago
parent
commit
ce7a691b61
  1. 61
      SOURCES/0014-Add-support-for-DCCP-and-SCTP-protocols.patch

61
SOURCES/0014-Add-support-for-DCCP-and-SCTP-protocols.patch

@ -44,7 +44,7 @@ index 99db1685..3e370332 100644
+ * @return Numeric value for the protocol, one of IPPROTO_TCP, IPPROTO_UDP, + * @return Numeric value for the protocol, one of IPPROTO_TCP, IPPROTO_UDP,
+ * IPPROTO_DCCP or IPPROTO_SCTP from netinet/in.h. Upon error return 0. + * IPPROTO_DCCP or IPPROTO_SCTP from netinet/in.h. Upon error return 0.
*/ */
extern uint8_t apol_str_to_protocol(const char *protocol_str); extern uint8_t apol_str_to_protocol(const char *protocol_str);
diff --git a/libapol/src/util.c b/libapol/src/util.c diff --git a/libapol/src/util.c b/libapol/src/util.c
index dd6d300d..fc38d9d5 100644 index dd6d300d..fc38d9d5 100644
@ -65,28 +65,28 @@ index dd6d300d..fc38d9d5 100644
#define APOL_LINE_SZ 8192 #define APOL_LINE_SZ 8192
#define APOL_ENVIRON_VAR_NAME "APOL_INSTALL_DIR" #define APOL_ENVIRON_VAR_NAME "APOL_INSTALL_DIR"
@@ -173,6 +180,10 @@ const char *apol_protocol_to_str(uint8_t protocol) @@ -173,6 +180,10 @@ const char *apol_protocol_to_str(uint8_t protocol)
return "tcp"; return "tcp";
case IPPROTO_UDP: case IPPROTO_UDP:
return "udp"; return "udp";
+ case IPPROTO_DCCP: + case IPPROTO_DCCP:
+ return "dccp"; + return "dccp";
+ case IPPROTO_SCTP: + case IPPROTO_SCTP:
+ return "sctp"; + return "sctp";
default: default:
errno = EPROTONOSUPPORT; errno = EPROTONOSUPPORT;
return NULL; return NULL;
@@ -191,6 +202,12 @@ uint8_t apol_str_to_protocol(const char *protocol_str) @@ -191,6 +202,12 @@ uint8_t apol_str_to_protocol(const char *protocol_str)
if (strcmp(protocol_str, "udp") == 0 || strcmp(protocol_str, "UDP") == 0) { if (strcmp(protocol_str, "udp") == 0 || strcmp(protocol_str, "UDP") == 0) {
return IPPROTO_UDP; return IPPROTO_UDP;
} }
+ if (strcmp(protocol_str, "dccp") == 0 || strcmp(protocol_str, "DCCP") == 0) { + if (strcmp(protocol_str, "dccp") == 0 || strcmp(protocol_str, "DCCP") == 0) {
+ return IPPROTO_DCCP; + return IPPROTO_DCCP;
+ } + }
+ if (strcmp(protocol_str, "sctp") == 0 || strcmp(protocol_str, "SCTP") == 0) { + if (strcmp(protocol_str, "sctp") == 0 || strcmp(protocol_str, "SCTP") == 0) {
+ return IPPROTO_SCTP; + return IPPROTO_SCTP;
+ } + }
errno = EPROTONOSUPPORT; errno = EPROTONOSUPPORT;
return 0; return 0;
} }
diff --git a/libapol/swig/apol.i b/libapol/swig/apol.i diff --git a/libapol/swig/apol.i b/libapol/swig/apol.i
index 8a4a195f..6a650315 100644 index 8a4a195f..6a650315 100644
@ -117,7 +117,7 @@ index 63210feb..72e8ce9e 100644
+#define IPPROTO_SCTP 132 +#define IPPROTO_SCTP 132
+#endif +#endif
+ +
typedef struct qpol_portcon qpol_portcon_t; typedef struct qpol_portcon qpol_portcon_t;
/** /**
@@ -46,7 +53,8 @@ extern "C" @@ -46,7 +53,8 @@ extern "C"
@ -158,16 +158,16 @@ index 15f70ba3..2c5d488b 100644
#include "queue.h" #include "queue.h"
/* Required for SETools libqpol - Removed #include "checkpolicy.h"*/ /* Required for SETools libqpol - Removed #include "checkpolicy.h"*/
@@ -4350,6 +4356,10 @@ int define_port_context(unsigned int low, unsigned int high) @@ -4350,6 +4356,10 @@ int define_port_context(unsigned int low, unsigned int high)
protocol = IPPROTO_TCP; protocol = IPPROTO_TCP;
} else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) { } else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) {
protocol = IPPROTO_UDP; protocol = IPPROTO_UDP;
+ } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { + } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
+ protocol = IPPROTO_DCCP; + protocol = IPPROTO_DCCP;
+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) { + } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
+ protocol = IPPROTO_SCTP; + protocol = IPPROTO_SCTP;
} else { } else {
yyerror2("unrecognized protocol %s", id); yyerror2("unrecognized protocol %s", id);
free(newc); free(newc);
diff --git a/libqpol/src/policy_parse.y b/libqpol/src/policy_parse.y diff --git a/libqpol/src/policy_parse.y b/libqpol/src/policy_parse.y
index 357f3d8f..e07ff52c 100644 index 357f3d8f..e07ff52c 100644
--- a/libqpol/src/policy_parse.y --- a/libqpol/src/policy_parse.y
@ -199,36 +199,37 @@ index b604488a..9fbb8286 100644
+ +
typedef struct qpol_portcon {} qpol_portcon_t; typedef struct qpol_portcon {} qpol_portcon_t;
%extend qpol_portcon_t { %extend qpol_portcon_t {
qpol_portcon(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) { qpol_portcon(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) {
diff --git a/python/setools/seinfo.c b/python/setools/seinfo.c diff --git a/python/setools/seinfo.c b/python/setools/seinfo.c
index 211930a3..7c22f9e7 100644 index 211930a3..7c22f9e7 100644
--- a/python/setools/seinfo.c --- a/python/setools/seinfo.c
+++ b/python/setools/seinfo.c +++ b/python/setools/seinfo.c
@@ -512,7 +512,9 @@ static PyObject* get_ports(const char *num, const apol_policy_t * policydb) @@ -512,7 +512,9 @@ static PyObject* get_ports(const char *num, const apol_policy_t * policydb)
} }
if ((ocon_proto != IPPROTO_TCP) && if ((ocon_proto != IPPROTO_TCP) &&
- (ocon_proto != IPPROTO_UDP)) - (ocon_proto != IPPROTO_UDP))
+ (ocon_proto != IPPROTO_UDP) && + (ocon_proto != IPPROTO_UDP) &&
+ (ocon_proto != IPPROTO_DCCP) && + (ocon_proto != IPPROTO_DCCP) &&
+ (ocon_proto != IPPROTO_SCTP)) + (ocon_proto != IPPROTO_SCTP))
goto cleanup; goto cleanup;
if (qpol_portcon_get_context(q, portcon, &ctxt)) { if (qpol_portcon_get_context(q, portcon, &ctxt)) {
diff --git a/secmds/seinfo.c b/secmds/seinfo.c diff --git a/secmds/seinfo.c b/secmds/seinfo.c
index a9708907..3c71af57 100644 index a9708907..3c71af57 100644
--- a/secmds/seinfo.c --- a/secmds/seinfo.c
+++ b/secmds/seinfo.c +++ b/secmds/seinfo.c
@@ -1155,6 +1155,10 @@ static int print_portcon(FILE * fp, const char *num, const char *protocol, const @@ -1155,6 +1155,10 @@ static int print_portcon(FILE * fp, const char *num, const char *protocol, const
proto = IPPROTO_TCP; proto = IPPROTO_TCP;
else if (!strcmp(protocol, "udp")) else if (!strcmp(protocol, "udp"))
proto = IPPROTO_UDP; proto = IPPROTO_UDP;
+ else if (!strcmp(protocol, "dccp")) + else if (!strcmp(protocol, "dccp"))
+ proto = IPPROTO_DCCP; + proto = IPPROTO_DCCP;
+ else if (!strcmp(protocol, "sctp")) + else if (!strcmp(protocol, "sctp"))
+ proto = IPPROTO_SCTP; + proto = IPPROTO_SCTP;
else { else {
ERR(policydb, "Unable to get portcon by protocol: bad protocol %s.", protocol); ERR(policydb, "Unable to get portcon by protocol: bad protocol %s.", protocol);
goto cleanup; goto cleanup;
-- --
2.14.3 2.14.3


Loading…
Cancel
Save