diff --git libsepol-2.5/ChangeLog libsepol-2.5/ChangeLog index ace3d54..41bf8c0 100644 --- libsepol-2.5/ChangeLog +++ libsepol-2.5/ChangeLog @@ -1,3 +1,6 @@ + * Add support for portcon dccp protocol, from Richard Haines + * Fix bug in CIL when resetting classes, from Steve Lawrence + 2.5 2016-02-23 * Fix unused variable annotations, from Nicolas Iooss. * Fix uninitialized variable in CIL, from Nicolas Iooss. diff --git libsepol-2.5/cil/src/cil.c libsepol-2.5/cil/src/cil.c index afdc240..de7033a 100644 --- libsepol-2.5/cil/src/cil.c +++ libsepol-2.5/cil/src/cil.c @@ -108,6 +108,7 @@ static void cil_init_keys(void) CIL_KEY_STAR = cil_strpool_add("*"); CIL_KEY_UDP = cil_strpool_add("udp"); CIL_KEY_TCP = cil_strpool_add("tcp"); + CIL_KEY_DCCP = cil_strpool_add("dccp"); CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow"); CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif"); CIL_KEY_ALLOW = cil_strpool_add("allow"); diff --git libsepol-2.5/cil/src/cil_binary.c libsepol-2.5/cil/src/cil_binary.c index f749e53..5d7e52e 100644 --- libsepol-2.5/cil/src/cil_binary.c +++ libsepol-2.5/cil/src/cil_binary.c @@ -3035,6 +3035,9 @@ int cil_portcon_to_policydb(policydb_t *pdb, struct cil_sort *portcons) case CIL_PROTOCOL_TCP: new_ocon->u.port.protocol = IPPROTO_TCP; break; + case CIL_PROTOCOL_DCCP: + new_ocon->u.port.protocol = IPPROTO_DCCP; + break; default: /* should not get here */ rc = SEPOL_ERR; diff --git libsepol-2.5/cil/src/cil_build_ast.c libsepol-2.5/cil/src/cil_build_ast.c index 1135e06..90fee8e 100644 --- libsepol-2.5/cil/src/cil_build_ast.c +++ libsepol-2.5/cil/src/cil_build_ast.c @@ -4261,6 +4261,8 @@ int cil_gen_portcon(struct cil_db *db, struct cil_tree_node *parse_current, stru portcon->proto = CIL_PROTOCOL_UDP; } else if (proto == CIL_KEY_TCP) { portcon->proto = CIL_PROTOCOL_TCP; + } else if (proto == CIL_KEY_DCCP) { + portcon->proto = CIL_PROTOCOL_DCCP; } else { cil_log(CIL_ERR, "Invalid protocol\n"); rc = SEPOL_ERR; diff --git libsepol-2.5/cil/src/cil_internal.h libsepol-2.5/cil/src/cil_internal.h index a0a5480..a75ddf8 100644 --- libsepol-2.5/cil/src/cil_internal.h +++ libsepol-2.5/cil/src/cil_internal.h @@ -101,6 +101,7 @@ char *CIL_KEY_OBJECT_R; char *CIL_KEY_STAR; char *CIL_KEY_TCP; char *CIL_KEY_UDP; +char *CIL_KEY_DCCP; char *CIL_KEY_AUDITALLOW; char *CIL_KEY_TUNABLEIF; char *CIL_KEY_ALLOW; @@ -713,7 +714,8 @@ struct cil_filecon { enum cil_protocol { CIL_PROTOCOL_UDP = 1, - CIL_PROTOCOL_TCP + CIL_PROTOCOL_TCP, + CIL_PROTOCOL_DCCP }; struct cil_portcon { diff --git libsepol-2.5/cil/src/cil_policy.c libsepol-2.5/cil/src/cil_policy.c index 2c9b158..382129b 100644 --- libsepol-2.5/cil/src/cil_policy.c +++ libsepol-2.5/cil/src/cil_policy.c @@ -123,6 +123,8 @@ int cil_portcon_to_policy(FILE **file_arr, struct cil_sort *sort) fprintf(file_arr[NETIFCONS], "udp "); } else if (portcon->proto == CIL_PROTOCOL_TCP) { fprintf(file_arr[NETIFCONS], "tcp "); + } else if (portcon->proto == CIL_PROTOCOL_DCCP) { + fprintf(file_arr[NETIFCONS], "dccp "); } fprintf(file_arr[NETIFCONS], "%d ", portcon->port_low); fprintf(file_arr[NETIFCONS], "%d ", portcon->port_high); diff --git libsepol-2.5/cil/src/cil_reset_ast.c libsepol-2.5/cil/src/cil_reset_ast.c index 06146ca..de00679 100644 --- libsepol-2.5/cil/src/cil_reset_ast.c +++ libsepol-2.5/cil/src/cil_reset_ast.c @@ -23,7 +23,7 @@ static void cil_reset_class(struct cil_class *class) { if (class->common != NULL) { struct cil_class *common = class->common; - cil_symtab_map(&common->perms, __class_reset_perm_values, &common->num_perms); + cil_symtab_map(&class->perms, __class_reset_perm_values, &common->num_perms); /* during a re-resolve, we need to reset the common, so a classcommon * statement isn't seen as a duplicate */ class->num_perms -= common->num_perms; diff --git libsepol-2.5/cil/src/cil_tree.c libsepol-2.5/cil/src/cil_tree.c index 1c23efc..563b817 100644 --- libsepol-2.5/cil/src/cil_tree.c +++ libsepol-2.5/cil/src/cil_tree.c @@ -1319,6 +1319,8 @@ void cil_tree_print_node(struct cil_tree_node *node) cil_log(CIL_INFO, " udp"); } else if (portcon->proto == CIL_PROTOCOL_TCP) { cil_log(CIL_INFO, " tcp"); + } else if (portcon->proto == CIL_PROTOCOL_DCCP) { + cil_log(CIL_INFO, " dccp"); } cil_log(CIL_INFO, " (%d %d)", portcon->port_low, portcon->port_high); diff --git libsepol-2.5/include/sepol/port_record.h libsepol-2.5/include/sepol/port_record.h index 697cea4..c07d1fa 100644 --- libsepol-2.5/include/sepol/port_record.h +++ libsepol-2.5/include/sepol/port_record.h @@ -14,6 +14,7 @@ typedef struct sepol_port_key sepol_port_key_t; #define SEPOL_PROTO_UDP 0 #define SEPOL_PROTO_TCP 1 +#define SEPOL_PROTO_DCCP 2 /* Key */ extern int sepol_port_compare(const sepol_port_t * port, diff --git libsepol-2.5/src/module_to_cil.c libsepol-2.5/src/module_to_cil.c index 18ec6b9..b478d9f 100644 --- libsepol-2.5/src/module_to_cil.c +++ libsepol-2.5/src/module_to_cil.c @@ -2537,6 +2537,7 @@ static int ocontext_selinux_port_to_cil(struct policydb *pdb, struct ocontext *p switch (portcon->u.port.protocol) { case IPPROTO_TCP: protocol = "tcp"; break; case IPPROTO_UDP: protocol = "udp"; break; + case IPPROTO_DCCP: protocol = "dccp"; break; default: log_err("Unknown portcon protocol: %i", portcon->u.port.protocol); rc = -1; diff --git libsepol-2.5/src/port_record.c libsepol-2.5/src/port_record.c index 6a33d93..ed9093b 100644 --- libsepol-2.5/src/port_record.c +++ libsepol-2.5/src/port_record.c @@ -184,6 +184,8 @@ const char *sepol_port_get_proto_str(int proto) return "udp"; case SEPOL_PROTO_TCP: return "tcp"; + case SEPOL_PROTO_DCCP: + return "dccp"; default: return "???"; } diff --git libsepol-2.5/src/ports.c libsepol-2.5/src/ports.c index 607a629..b1ee094 100644 --- libsepol-2.5/src/ports.c +++ libsepol-2.5/src/ports.c @@ -16,6 +16,8 @@ static inline int sepol2ipproto(sepol_handle_t * handle, int proto) return IPPROTO_TCP; case SEPOL_PROTO_UDP: return IPPROTO_UDP; + case SEPOL_PROTO_DCCP: + return IPPROTO_DCCP; default: ERR(handle, "unsupported protocol %u", proto); return STATUS_ERR; @@ -30,6 +32,8 @@ static inline int ipproto2sepol(sepol_handle_t * handle, int proto) return SEPOL_PROTO_TCP; case IPPROTO_UDP: return SEPOL_PROTO_UDP; + case IPPROTO_DCCP: + return SEPOL_PROTO_DCCP; default: ERR(handle, "invalid protocol %u " "found in policy", proto); return STATUS_ERR;