powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity

libsepol patch update 

Signed-off-by: basebuilder_pel7ppc64bebuilder0 <basebuilder@powerel.org>
master
basebuilder_pel7ppc64bebuilder0 2018-12-16 15:08:35 +01:00
parent 235ee692da
commit ce7a691b61
1 changed files with 44 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
SOURCES/0014-Add-support-for-DCCP-and-SCTP-protocols.patch
View File

@ -44,8 +44,8 @@ index 99db1685..3e370332 100644
+ * @return Numeric value for the protocol, one of IPPROTO_TCP, IPPROTO_UDP, + * @return Numeric value for the protocol, one of IPPROTO_TCP, IPPROTO_UDP,
+ * IPPROTO_DCCP or IPPROTO_SCTP from netinet/in.h. Upon error return 0. + * IPPROTO_DCCP or IPPROTO_SCTP from netinet/in.h. Upon error return 0.
*/ */
extern uint8_t apol_str_to_protocol(const char *protocol_str); extern uint8_t apol_str_to_protocol(const char *protocol_str);

diff --git a/libapol/src/util.c b/libapol/src/util.c diff --git a/libapol/src/util.c b/libapol/src/util.c
index dd6d300d..fc38d9d5 100644 index dd6d300d..fc38d9d5 100644
--- a/libapol/src/util.c --- a/libapol/src/util.c
@ -53,7 +53,7 @@ index dd6d300d..fc38d9d5 100644
@@ -42,6 +42,13 @@ @@ -42,6 +42,13 @@
#include <arpa/inet.h> #include <arpa/inet.h>
#include <netinet/in.h> /* needed for portcon's protocol */ #include <netinet/in.h> /* needed for portcon's protocol */

+#ifndef IPPROTO_DCCP +#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33 +#define IPPROTO_DCCP 33
+#endif +#endif
@ -65,28 +65,28 @@ index dd6d300d..fc38d9d5 100644
#define APOL_LINE_SZ 8192 #define APOL_LINE_SZ 8192
#define APOL_ENVIRON_VAR_NAME "APOL_INSTALL_DIR" #define APOL_ENVIRON_VAR_NAME "APOL_INSTALL_DIR"
@@ -173,6 +180,10 @@ const char *apol_protocol_to_str(uint8_t protocol) @@ -173,6 +180,10 @@ const char *apol_protocol_to_str(uint8_t protocol)
return "tcp"; return "tcp";
case IPPROTO_UDP: case IPPROTO_UDP:
return "udp"; return "udp";
+ case IPPROTO_DCCP: + case IPPROTO_DCCP:
+ return "dccp"; + return "dccp";
+ case IPPROTO_SCTP: + case IPPROTO_SCTP:
+ return "sctp"; + return "sctp";
default: default:
errno = EPROTONOSUPPORT; errno = EPROTONOSUPPORT;
return NULL; return NULL;
@@ -191,6 +202,12 @@ uint8_t apol_str_to_protocol(const char *protocol_str) @@ -191,6 +202,12 @@ uint8_t apol_str_to_protocol(const char *protocol_str)
if (strcmp(protocol_str, "udp") == 0 || strcmp(protocol_str, "UDP") == 0) { if (strcmp(protocol_str, "udp") == 0 || strcmp(protocol_str, "UDP") == 0) {
return IPPROTO_UDP; return IPPROTO_UDP;
} }
+ if (strcmp(protocol_str, "dccp") == 0 || strcmp(protocol_str, "DCCP") == 0) { + if (strcmp(protocol_str, "dccp") == 0 || strcmp(protocol_str, "DCCP") == 0) {
+ return IPPROTO_DCCP; + return IPPROTO_DCCP;
+ } + }
+ if (strcmp(protocol_str, "sctp") == 0 || strcmp(protocol_str, "SCTP") == 0) { + if (strcmp(protocol_str, "sctp") == 0 || strcmp(protocol_str, "SCTP") == 0) {
+ return IPPROTO_SCTP; + return IPPROTO_SCTP;
+ } + }
errno = EPROTONOSUPPORT; errno = EPROTONOSUPPORT;
return 0; return 0;
} }
diff --git a/libapol/swig/apol.i b/libapol/swig/apol.i diff --git a/libapol/swig/apol.i b/libapol/swig/apol.i
index 8a4a195f..6a650315 100644 index 8a4a195f..6a650315 100644
@ -109,7 +109,7 @@ index 63210feb..72e8ce9e 100644
@@ -37,6 +37,13 @@ extern "C" @@ -37,6 +37,13 @@ extern "C"
#include <qpol/iterator.h> #include <qpol/iterator.h>
#include <qpol/policy.h> #include <qpol/policy.h>

+#ifndef IPPROTO_DCCP +#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33 +#define IPPROTO_DCCP 33
+#endif +#endif
@ -117,15 +117,15 @@ index 63210feb..72e8ce9e 100644
+#define IPPROTO_SCTP 132 +#define IPPROTO_SCTP 132
+#endif +#endif
+ +
typedef struct qpol_portcon qpol_portcon_t; typedef struct qpol_portcon qpol_portcon_t;

/** /**
@@ -46,7 +53,8 @@ extern "C" @@ -46,7 +53,8 @@ extern "C"
* @param high The high port of the range of ports; if searching for a * @param high The high port of the range of ports; if searching for a
* single port, set high equal to low. * single port, set high equal to low.
* @param protocol The protocol used in the portcon statement. * @param protocol The protocol used in the portcon statement.
- * Value should be one of IPPROTO_TCP or IPPROTO_UDP from netinet/in.h - * Value should be one of IPPROTO_TCP or IPPROTO_UDP from netinet/in.h
+ * Value should be one of IPPROTO_TCP, IPPROTO_UDP, IPPROTO_DCCP or + * Value should be one of IPPROTO_TCP, IPPROTO_UDP, IPPROTO_DCCP or
+ * IPPROTO_SCTP from netinet/in.h + * IPPROTO_SCTP from netinet/in.h
* @param ocon Pointer in which to store the statement returned. * @param ocon Pointer in which to store the statement returned.
* The caller should not free this pointer. * The caller should not free this pointer.
@ -135,7 +135,7 @@ index 63210feb..72e8ce9e 100644
* @param ocon The portcon statement from which to get the protocol. * @param ocon The portcon statement from which to get the protocol.
* @param protocol Pointer to set to the value of protocol. * @param protocol Pointer to set to the value of protocol.
- * Value will be one of IPPROTO_TCP or IPPROTO_UDP from netinet/in.h - * Value will be one of IPPROTO_TCP or IPPROTO_UDP from netinet/in.h
+ * Value will be one of IPPROTO_TCP, IPPROTO_UDP, IPPROTO_DCCP or + * Value will be one of IPPROTO_TCP, IPPROTO_UDP, IPPROTO_DCCP or
+ * IPPROTO_SCTP from netinet/in.h + * IPPROTO_SCTP from netinet/in.h
* @return 0 on success and < 0 on failure; if the call fails, * @return 0 on success and < 0 on failure; if the call fails,
* errno will be set and *protocol will be 0; * errno will be set and *protocol will be 0;
@ -154,20 +154,20 @@ index 15f70ba3..2c5d488b 100644
+#ifndef IPPROTO_SCTP +#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132 +#define IPPROTO_SCTP 132
+#endif +#endif

#include "queue.h" #include "queue.h"
/* Required for SETools libqpol - Removed #include "checkpolicy.h"*/ /* Required for SETools libqpol - Removed #include "checkpolicy.h"*/
@@ -4350,6 +4356,10 @@ int define_port_context(unsigned int low, unsigned int high) @@ -4350,6 +4356,10 @@ int define_port_context(unsigned int low, unsigned int high)
protocol = IPPROTO_TCP; protocol = IPPROTO_TCP;
} else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) { } else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) {
protocol = IPPROTO_UDP; protocol = IPPROTO_UDP;
+ } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { + } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
+ protocol = IPPROTO_DCCP; + protocol = IPPROTO_DCCP;
+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) { + } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
+ protocol = IPPROTO_SCTP; + protocol = IPPROTO_SCTP;
} else { } else {
yyerror2("unrecognized protocol %s", id); yyerror2("unrecognized protocol %s", id);
free(newc); free(newc);
diff --git a/libqpol/src/policy_parse.y b/libqpol/src/policy_parse.y diff --git a/libqpol/src/policy_parse.y b/libqpol/src/policy_parse.y
index 357f3d8f..e07ff52c 100644 index 357f3d8f..e07ff52c 100644
--- a/libqpol/src/policy_parse.y --- a/libqpol/src/policy_parse.y
@ -175,7 +175,7 @@ index 357f3d8f..e07ff52c 100644
@@ -52,6 +52,13 @@ @@ -52,6 +52,13 @@
#include <arpa/inet.h> #include <arpa/inet.h>
#include <stdlib.h> #include <stdlib.h>

+#ifndef IPPROTO_DCCP +#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33 +#define IPPROTO_DCCP 33
+#endif +#endif
@ -199,36 +199,37 @@ index b604488a..9fbb8286 100644
+ +
typedef struct qpol_portcon {} qpol_portcon_t; typedef struct qpol_portcon {} qpol_portcon_t;
%extend qpol_portcon_t { %extend qpol_portcon_t {
qpol_portcon(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) { qpol_portcon(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) {
diff --git a/python/setools/seinfo.c b/python/setools/seinfo.c diff --git a/python/setools/seinfo.c b/python/setools/seinfo.c
index 211930a3..7c22f9e7 100644 index 211930a3..7c22f9e7 100644
--- a/python/setools/seinfo.c --- a/python/setools/seinfo.c
+++ b/python/setools/seinfo.c +++ b/python/setools/seinfo.c
@@ -512,7 +512,9 @@ static PyObject* get_ports(const char *num, const apol_policy_t * policydb) @@ -512,7 +512,9 @@ static PyObject* get_ports(const char *num, const apol_policy_t * policydb)
} }

if ((ocon_proto != IPPROTO_TCP) && if ((ocon_proto != IPPROTO_TCP) &&
- (ocon_proto != IPPROTO_UDP)) - (ocon_proto != IPPROTO_UDP))
+ (ocon_proto != IPPROTO_UDP) && + (ocon_proto != IPPROTO_UDP) &&
+ (ocon_proto != IPPROTO_DCCP) && + (ocon_proto != IPPROTO_DCCP) &&
+ (ocon_proto != IPPROTO_SCTP)) + (ocon_proto != IPPROTO_SCTP))
goto cleanup; goto cleanup;

if (qpol_portcon_get_context(q, portcon, &ctxt)) { if (qpol_portcon_get_context(q, portcon, &ctxt)) {
diff --git a/secmds/seinfo.c b/secmds/seinfo.c diff --git a/secmds/seinfo.c b/secmds/seinfo.c
index a9708907..3c71af57 100644 index a9708907..3c71af57 100644
--- a/secmds/seinfo.c --- a/secmds/seinfo.c
+++ b/secmds/seinfo.c +++ b/secmds/seinfo.c
@@ -1155,6 +1155,10 @@ static int print_portcon(FILE * fp, const char *num, const char *protocol, const @@ -1155,6 +1155,10 @@ static int print_portcon(FILE * fp, const char *num, const char *protocol, const
proto = IPPROTO_TCP; proto = IPPROTO_TCP;
else if (!strcmp(protocol, "udp")) else if (!strcmp(protocol, "udp"))
proto = IPPROTO_UDP; proto = IPPROTO_UDP;
+ else if (!strcmp(protocol, "dccp")) + else if (!strcmp(protocol, "dccp"))
+ proto = IPPROTO_DCCP; + proto = IPPROTO_DCCP;
+ else if (!strcmp(protocol, "sctp")) + else if (!strcmp(protocol, "sctp"))
+ proto = IPPROTO_SCTP; + proto = IPPROTO_SCTP;
else { else {
ERR(policydb, "Unable to get portcon by protocol: bad protocol %s.", protocol); ERR(policydb, "Unable to get portcon by protocol: bad protocol %s.", protocol);
goto cleanup; goto cleanup;
-- --
2.14.3 2.14.3