rpms/checkpolicy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

checkpolicy-2.5-5

Browse Source 
- Set flex as default lexer
- Fix checkmodule output message
This commit is contained in:
Petr Lautrbach 2016-06-23 13:55:16 +02:00
parent eedb877c67
commit a1e6032110
2 changed files with 70 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
checkpolicy-fedora.patch
View File

@ -1,16 +1,46 @@
diff --git checkpolicy-2.5/Android.mk checkpolicy-2.5/Android.mk
index 98f5168..3b7ff8a 100644
--- checkpolicy-2.5/Android.mk
+++ checkpolicy-2.5/Android.mk
@@ -12,10 +12,6 @@ common_cflags := \
-Wall -Wshadow -O2 \
-pipe -fno-strict-aliasing \
-ifeq ($(HOST_OS),darwin)
-common_cflags += -DDARWIN
-endif
-
common_includes := \
$(LOCAL_PATH)/ \
$(LOCAL_PATH)/../libsepol/include/ \
diff --git checkpolicy-2.5/ChangeLog checkpolicy-2.5/ChangeLog diff --git checkpolicy-2.5/ChangeLog checkpolicy-2.5/ChangeLog
index dfe4908..eae775f 100644 index dfe4908..429a163 100644
--- checkpolicy-2.5/ChangeLog --- checkpolicy-2.5/ChangeLog
+++ checkpolicy-2.5/ChangeLog +++ checkpolicy-2.5/ChangeLog
@@ -1,3 +1,6 @@ @@ -1,3 +1,9 @@
+ * Set flex as default lexer, from Julien Pivotto.
+ * Fix checkmodule output message, from Petr Lautrbach.
+ * Build policy on systems not supporting DCCP protocol, from Richard Haines. + * Build policy on systems not supporting DCCP protocol, from Richard Haines.
+ * Fail if module name different than output base filename, from James Carter + * Fail if module name different than output base filename, from James Carter
+ * Add support for portcon dccp protocol, from Richard Haines + * Add support for portcon dccp protocol, from Richard Haines
+
2.5 2016-02-23 2.5 2016-02-23
* Add neverallow support for ioctl extended permissions, from Jeff Vander Stoep. * Add neverallow support for ioctl extended permissions, from Jeff Vander Stoep.
* fix double free on name-based type transitions, from Stephen Smalley. * fix double free on name-based type transitions, from Stephen Smalley.
diff --git checkpolicy-2.5/Makefile checkpolicy-2.5/Makefile
index e5fae3d..53a3074 100644
--- checkpolicy-2.5/Makefile
+++ checkpolicy-2.5/Makefile
@@ -8,6 +8,7 @@ LIBDIR ?= $(PREFIX)/lib
INCLUDEDIR ?= $(PREFIX)/include
TARGETS = checkpolicy checkmodule
+LEX = flex
YACC = bison -y
CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
diff --git checkpolicy-2.5/checkmodule.c checkpolicy-2.5/checkmodule.c diff --git checkpolicy-2.5/checkmodule.c checkpolicy-2.5/checkmodule.c
index 5957d29..418f77b 100644 index 5957d29..53cc5a0 100644
--- checkpolicy-2.5/checkmodule.c --- checkpolicy-2.5/checkmodule.c
+++ checkpolicy-2.5/checkmodule.c +++ checkpolicy-2.5/checkmodule.c
@@ -19,6 +19,7 @@ @@ -19,6 +19,7 @@
@ -47,11 +77,20 @@ index 5957d29..418f77b 100644
if (modpolicydb.policy_type == POLICY_BASE && !cil) { if (modpolicydb.policy_type == POLICY_BASE && !cil) {
/* Verify that we can successfully expand the base module. */ /* Verify that we can successfully expand the base module. */
policydb_t kernpolicydb; policydb_t kernpolicydb;
@@ -294,7 +314,7 @@ int main(int argc, char **argv)
if (!cil) {
printf("%s: writing binary representation (version %d) to %s\n",
- argv[0], policyvers, file);
+ argv[0], policyvers, outfile);
if (write_binary_policy(&modpolicydb, outfp) != 0) {
fprintf(stderr, "%s: error writing %s\n", argv[0], outfile);
diff --git checkpolicy-2.5/checkpolicy.c checkpolicy-2.5/checkpolicy.c diff --git checkpolicy-2.5/checkpolicy.c checkpolicy-2.5/checkpolicy.c
index 9da661e..7947c20 100644 index 9da661e..2d68316 100644
--- checkpolicy-2.5/checkpolicy.c --- checkpolicy-2.5/checkpolicy.c
+++ checkpolicy-2.5/checkpolicy.c +++ checkpolicy-2.5/checkpolicy.c
@@ -64,6 +64,9 @@ @@ -64,13 +64,16 @@
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <netinet/in.h> #include <netinet/in.h>
@ -61,6 +100,14 @@ index 9da661e..7947c20 100644
#include <arpa/inet.h> #include <arpa/inet.h>
#include <fcntl.h> #include <fcntl.h>
#include <stdio.h> #include <stdio.h>
#include <errno.h>
#include <sys/mman.h>
-#ifdef DARWIN
+#ifdef __APPLE__
#include <ctype.h>
#endif
@@ -919,6 +922,8 @@ int main(int argc, char **argv) @@ -919,6 +922,8 @@ int main(int argc, char **argv)
protocol = IPPROTO_TCP; protocol = IPPROTO_TCP;
else if (!strcmp(ans, "udp") || !strcmp(ans, "UDP")) else if (!strcmp(ans, "udp") || !strcmp(ans, "UDP"))
@ -71,7 +118,7 @@ index 9da661e..7947c20 100644
printf("unknown protocol\n"); printf("unknown protocol\n");
break; break;
diff --git checkpolicy-2.5/policy_define.c checkpolicy-2.5/policy_define.c diff --git checkpolicy-2.5/policy_define.c checkpolicy-2.5/policy_define.c
index ee20fea..2068b71 100644 index ee20fea..100e517 100644
--- checkpolicy-2.5/policy_define.c --- checkpolicy-2.5/policy_define.c
+++ checkpolicy-2.5/policy_define.c +++ checkpolicy-2.5/policy_define.c
@@ -36,6 +36,9 @@ @@ -36,6 +36,9 @@
@ -93,3 +140,12 @@ index ee20fea..2068b71 100644
} else { } else {
yyerror2("unrecognized protocol %s", id); yyerror2("unrecognized protocol %s", id);
free(newc); free(newc);
@@ -5135,7 +5140,7 @@ int define_ipv6_node_context(void)
memset(newc, 0, sizeof(ocontext_t));
-#ifdef DARWIN
+#ifdef __APPLE__
memcpy(&newc->u.node6.addr[0], &addr.s6_addr[0], 16);
memcpy(&newc->u.node6.mask[0], &mask.s6_addr[0], 16);
#else

12
checkpolicy.spec
View File

@ -1,16 +1,16 @@
%define libselinuxver 2.5-0 %define libselinuxver 2.5-7
%define libsepolver 2.5-0 %define libsepolver 2.5-7
Summary: SELinux policy compiler Summary: SELinux policy compiler
Name: checkpolicy Name: checkpolicy
Version: 2.5 Version: 2.5
Release: 4%{?dist} Release: 5%{?dist}
License: GPLv2 License: GPLv2
Group: Development/System Group: Development/System
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/checkpolicy-2.5.tar.gz Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/checkpolicy-2.5.tar.gz
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run: # run:
# $ VERSION=2.5 ./make-fedora-selinux-patch.sh checkpolicy # $ VERSION=2.5 ./make-fedora-selinux-patch.sh checkpolicy
# HEAD https://github.com/fedora-selinux/selinux/commit/f900ff37022119de47d516f103ccfd339d52c861 # HEAD https://github.com/fedora-selinux/selinux/commit/9abe77e2a670f2f2dfb91f9cec46ee37f9c23995
Patch1: checkpolicy-fedora.patch Patch1: checkpolicy-fedora.patch
Conflicts: selinux-policy-base < 3.13.1-138 Conflicts: selinux-policy-base < 3.13.1-138
BuildRoot: %{_tmppath}/%{name}-buildroot BuildRoot: %{_tmppath}/%{name}-buildroot
@ -61,6 +61,10 @@ rm -rf ${RPM_BUILD_ROOT}
%{_bindir}/sedispol %{_bindir}/sedispol
%changelog %changelog
* Thu Jun 23 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-5
- Set flex as default lexer
- Fix checkmodule output message
* Wed May 11 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-4 * Wed May 11 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-4
- Rebuilt with libsepol-2.5-6 - Rebuilt with libsepol-2.5-6