From d70b2042c66a4ccd17d9ae5c1bf78d474f20db30 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Tue, 4 Oct 2016 09:17:25 +0200 Subject: [PATCH] checkpolicy-2.5-8 - Add types associated to a role in the current scope when parsing --- checkpolicy-fedora.patch | 19 ++++++++++++++----- checkpolicy.spec | 11 +++++++---- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/checkpolicy-fedora.patch b/checkpolicy-fedora.patch index 4b922a1..1378043 100644 --- a/checkpolicy-fedora.patch +++ b/checkpolicy-fedora.patch @@ -14,10 +14,11 @@ index 98f5168..3b7ff8a 100644 $(LOCAL_PATH)/ \ $(LOCAL_PATH)/../libsepol/include/ \ diff --git checkpolicy-2.5/ChangeLog checkpolicy-2.5/ChangeLog -index dfe4908..f2216ec 100644 +index dfe4908..0e13227 100644 --- checkpolicy-2.5/ChangeLog +++ checkpolicy-2.5/ChangeLog -@@ -1,3 +1,11 @@ +@@ -1,3 +1,12 @@ ++ * Add types associated to a role in the current scope when parsing, from Nicolas Iooss. + * Extend checkpolicy pathname matching, from Stephen Smalley. + * Fix typos in test/dispol, from Petr Lautrbach. + * Set flex as default lexer, from Julien Pivotto. @@ -120,7 +121,7 @@ index 9da661e..2d68316 100644 printf("unknown protocol\n"); break; diff --git checkpolicy-2.5/policy_define.c checkpolicy-2.5/policy_define.c -index ee20fea..100e517 100644 +index ee20fea..128869c 100644 --- checkpolicy-2.5/policy_define.c +++ checkpolicy-2.5/policy_define.c @@ -36,6 +36,9 @@ @@ -133,7 +134,15 @@ index ee20fea..100e517 100644 #include #include #include -@@ -4876,6 +4879,8 @@ int define_port_context(unsigned int low, unsigned int high) +@@ -2611,6 +2614,7 @@ int define_role_types(void) + free(id); + return -1; + } ++ role = get_local_role(id, role->s.value, (role->flavor == ROLE_ATTRIB)); + + while ((id = queue_remove(id_queue))) { + if (set_types(&role->types, id, &add, 0)) +@@ -4876,6 +4880,8 @@ int define_port_context(unsigned int low, unsigned int high) protocol = IPPROTO_TCP; } else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) { protocol = IPPROTO_UDP; @@ -142,7 +151,7 @@ index ee20fea..100e517 100644 } else { yyerror2("unrecognized protocol %s", id); free(newc); -@@ -5135,7 +5140,7 @@ int define_ipv6_node_context(void) +@@ -5135,7 +5141,7 @@ int define_ipv6_node_context(void) memset(newc, 0, sizeof(ocontext_t)); diff --git a/checkpolicy.spec b/checkpolicy.spec index c93ddeb..49c1eb4 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -1,16 +1,16 @@ -%define libselinuxver 2.5-11 -%define libsepolver 2.5-9 +%define libselinuxver 2.5-12 +%define libsepolver 2.5-10 Summary: SELinux policy compiler Name: checkpolicy Version: 2.5 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2 Group: Development/System Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/checkpolicy-2.5.tar.gz # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # run: # $ VERSION=2.5 ./make-fedora-selinux-patch.sh checkpolicy -# HEAD https://github.com/fedora-selinux/selinux/commit/dbf42c22e798a5e2cf9c1fc711c803e7da20cfb4 +# HEAD https://github.com/fedora-selinux/selinux/commit/caefad506ca46db441952ab64ebfc6202897516b Patch1: checkpolicy-fedora.patch Conflicts: selinux-policy-base < 3.13.1-138 BuildRoot: %{_tmppath}/%{name}-buildroot @@ -61,6 +61,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_bindir}/sedispol %changelog +* Mon Oct 03 2016 Petr Lautrbach 2.5-8 +- Add types associated to a role in the current scope when parsing + * Mon Aug 01 2016 Petr Lautrbach 2.5-7 - Extend checkpolicy pathname matching - Rebuilt with libsepol-2.5-9