From e6e4a0126ed2171728e40f9494f3d45a13f02eb3 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 19 May 2005 18:04:58 +0000 Subject: [PATCH] - Update to NSA Release Added sepol_ prefix to Flask types to avoid namespace collision with libselinux. --- .cvsignore | 1 + checkpolicy-rhat.patch | 198 +++++++++++++++++++++++++++++++++++++++++ checkpolicy.spec | 2 + sources | 2 +- 4 files changed, 202 insertions(+), 1 deletion(-) create mode 100644 checkpolicy-rhat.patch diff --git a/.cvsignore b/.cvsignore index 8ae3c8d..05898b9 100644 --- a/.cvsignore +++ b/.cvsignore @@ -12,3 +12,4 @@ checkpolicy-1.21.4.tgz checkpolicy-1.22.tgz checkpolicy-1.23.1.tgz checkpolicy-1.23.2.tgz +checkpolicy-1.23.3.tgz diff --git a/checkpolicy-rhat.patch b/checkpolicy-rhat.patch new file mode 100644 index 0000000..b5ed7c6 --- /dev/null +++ b/checkpolicy-rhat.patch @@ -0,0 +1,198 @@ +--- checkpolicy-1.23.3/checkpolicy.c~ 2005-05-19 13:46:55.000000000 -0400 ++++ checkpolicy-1.23.3/checkpolicy.c 2005-05-19 14:04:16.000000000 -0400 +@@ -104,6 +104,12 @@ + exit(1); + } + ++#define FGETS(out, size, in) \ ++if (fgets(out,size,in)==NULL) { \ ++ fprintf(stderr, "fgets failed at line %d: %s\n", __LINE__,\ ++ strerror(errno)); \ ++ exit(1);\ ++} + static int print_sid(sepol_security_id_t sid, + context_struct_t * context __attribute__ ((unused)), void *data __attribute__ ((unused))) + { +@@ -692,19 +698,19 @@ + printf("q) Exit\n"); + while (1) { + printf("\nChoose: "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + switch (ans[0]) { + case '0': + printf("source sid? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + ssid = atoi(ans); + + printf("target sid? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + tsid = atoi(ans); + + printf("target class? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + if (isdigit(ans[0])) { + tclass = atoi(ans); + if (!tclass || tclass > policydb.p_classes.nprim) { +@@ -756,7 +762,7 @@ + break; + case '1': + printf("sid? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + ssid = atoi(ans); + ret = sepol_sid_to_context(ssid, + &scontext, &scontext_len); +@@ -777,7 +783,7 @@ + break; + case '2': + printf("scontext? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + scontext_len = strlen(ans); + ans[scontext_len - 1] = 0; + ret = sepol_context_to_sid(ans, scontext_len, +@@ -802,14 +808,14 @@ + ch = ans[0]; + + printf("source sid? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + ssid = atoi(ans); + printf("target sid? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + tsid = atoi(ans); + + printf("object class? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + if (isdigit(ans[0])) { + tclass = atoi(ans); + if (!tclass || tclass > policydb.p_classes.nprim) { +@@ -852,7 +858,7 @@ + break; + case '7': + printf("pathname? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + pathlen = strlen(ans); + ans[pathlen - 1] = 0; + printf("%s: loading policy configuration from %s\n", argv[0], ans); +@@ -890,7 +896,7 @@ + break; + case '8': + printf("fs kdevname? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + ans[strlen(ans) - 1] = 0; + sepol_fs_sid(ans, &ssid, &tsid); + printf("fs_sid %d default_file_sid %d\n", +@@ -898,7 +904,7 @@ + break; + case '9': + printf("protocol? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + ans[strlen(ans) - 1] = 0; + if (!strcmp(ans, "tcp") || !strcmp(ans, "TCP")) + protocol = IPPROTO_TCP; +@@ -909,14 +915,14 @@ + break; + } + printf("port? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + port = atoi(ans); + sepol_port_sid(0, 0, protocol, port, &ssid); + printf("sid %d\n", ssid); + break; + case 'a': + printf("netif name? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + ans[strlen(ans) - 1] = 0; + sepol_netif_sid(ans, &ssid, &tsid); + printf("if_sid %d default_msg_sid %d\n", +@@ -929,7 +935,7 @@ + struct in6_addr addr6; + + printf("protocol family? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + ans[strlen(ans) - 1] = 0; + if (!strcasecmp(ans, "ipv4")) + family = AF_INET; +@@ -941,7 +947,7 @@ + } + + printf("node address? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + ans[strlen(ans) - 1] = 0; + + if (family == AF_INET) { +@@ -963,7 +969,7 @@ + } + case 'c': + printf("fstype? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + ans[strlen(ans) - 1] = 0; + sepol_fs_use(ans, &uret, &ssid); + switch (uret) { +@@ -987,15 +993,15 @@ + break; + case 'd': + printf("fstype? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + ans[strlen(ans) - 1] = 0; + fstype = strdup(ans); + printf("path? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + ans[strlen(ans) - 1] = 0; + path = strdup(ans); + printf("object class? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + if (isdigit(ans[0])) { + tclass = atoi(ans); + if (!tclass || tclass > policydb.p_classes.nprim) { +@@ -1019,12 +1025,12 @@ + break; + case 'e': + printf("from SID? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + ans[strlen(ans) - 1] = 0; + ssid = atoi(ans); + + printf("username? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + ans[strlen(ans) - 1] = 0; + + ret = sepol_get_user_sids(ssid, ans, &sids, &nel); +@@ -1055,7 +1061,7 @@ + break; + case 'h': + printf("name? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + ans[strlen(ans) - 1] = 0; + + name = malloc((strlen(ans) + 1) * sizeof(char)); +@@ -1067,7 +1073,7 @@ + + + printf("state? "); +- fgets(ans, sizeof(ans), stdin); ++ FGETS(ans, sizeof(ans), stdin); + ans[strlen(ans) - 1] = 0; + + if (atoi(ans)) diff --git a/checkpolicy.spec b/checkpolicy.spec index eec3cec..9ecfc1d 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -6,6 +6,7 @@ Release: 1 License: GPL Group: Development/System Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz +Patch: checkpolicy-rhat.patch Prefix: %{_prefix} BuildRoot: %{_tmppath}/%{name}-buildroot BuildRequires: byacc flex libsepol-devel >= %{libsepolver} @@ -27,6 +28,7 @@ Only required for building policies. %prep %setup -q +%patch -p1 -b .rhat %build make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" diff --git a/sources b/sources index 5de7415..6d747f2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -06bc15b0dbd6c9fbb8dba0da133e2ab0 checkpolicy-1.23.3.tgz +9a0b845bee0d324436e17ec4ae2dba6c checkpolicy-1.23.3.tgz