rpms/libsepol
6
0
Fork 0
Code Issues Pull Requests Releases Activity

libsepol-2.7-6

Browse Source 
- Prevent freeing unitialized value in ibendport handling
- Add support for the SCTP portcon keyword
- Export sepol_polcap_getnum/name functions
This commit is contained in:
Petr Lautrbach 2018-03-21 16:07:12 +01:00
parent fc3f64a7e0
commit 3a48e0a688
2 changed files with 254 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

269
libsepol-fedora.patch
View File

@ -11,10 +11,18 @@ index 86117f2..f8cfc3b 100644
extern void cil_set_preserve_tunables(cil_db_t *db, int preserve_tunables); extern void cil_set_preserve_tunables(cil_db_t *db, int preserve_tunables);
extern int cil_set_handle_unknown(cil_db_t *db, int handle_unknown); extern int cil_set_handle_unknown(cil_db_t *db, int handle_unknown);
diff --git libsepol-2.7/cil/src/cil.c libsepol-2.7/cil/src/cil.c diff --git libsepol-2.7/cil/src/cil.c libsepol-2.7/cil/src/cil.c
index c02a41a..5a64c2b 100644 index c02a41a..2a7ec06 100644
--- libsepol-2.7/cil/src/cil.c --- libsepol-2.7/cil/src/cil.c
+++ libsepol-2.7/cil/src/cil.c +++ libsepol-2.7/cil/src/cil.c
@@ -1691,6 +1691,11 @@ void cil_set_mls(struct cil_db *db, int mls) @@ -109,6 +109,7 @@ static void cil_init_keys(void)
CIL_KEY_UDP = cil_strpool_add("udp");
CIL_KEY_TCP = cil_strpool_add("tcp");
CIL_KEY_DCCP = cil_strpool_add("dccp");
+ CIL_KEY_SCTP = cil_strpool_add("sctp");
CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow");
CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif");
CIL_KEY_ALLOW = cil_strpool_add("allow");
@@ -1691,6 +1692,11 @@ void cil_set_mls(struct cil_db *db, int mls)
db->mls = mls; db->mls = mls;
} }
@ -26,7 +34,7 @@ index c02a41a..5a64c2b 100644
void cil_set_target_platform(struct cil_db *db, int target_platform) void cil_set_target_platform(struct cil_db *db, int target_platform)
{ {
db->target_platform = target_platform; db->target_platform = target_platform;
@@ -2059,6 +2064,7 @@ void cil_typeattribute_init(struct cil_typeattribute **attr) @@ -2059,6 +2065,7 @@ void cil_typeattribute_init(struct cil_typeattribute **attr)
(*attr)->expr_list = NULL; (*attr)->expr_list = NULL;
(*attr)->types = NULL; (*attr)->types = NULL;
(*attr)->used = CIL_FALSE; (*attr)->used = CIL_FALSE;
@ -35,10 +43,20 @@ index c02a41a..5a64c2b 100644
void cil_typeattributeset_init(struct cil_typeattributeset **attrset) void cil_typeattributeset_init(struct cil_typeattributeset **attrset)
diff --git libsepol-2.7/cil/src/cil_binary.c libsepol-2.7/cil/src/cil_binary.c diff --git libsepol-2.7/cil/src/cil_binary.c libsepol-2.7/cil/src/cil_binary.c
index c0ca60f..431cd9c 100644 index c0ca60f..0cc6eeb 100644
--- libsepol-2.7/cil/src/cil_binary.c --- libsepol-2.7/cil/src/cil_binary.c
+++ libsepol-2.7/cil/src/cil_binary.c +++ libsepol-2.7/cil/src/cil_binary.c
@@ -567,7 +567,7 @@ int cil_typeattribute_to_policydb(policydb_t *pdb, struct cil_typeattribute *cil @@ -34,6 +34,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <sepol/policydb/policydb.h>
#include <sepol/policydb/polcaps.h>
@@ -567,7 +570,7 @@ int cil_typeattribute_to_policydb(policydb_t *pdb, struct cil_typeattribute *cil
char *key = NULL; char *key = NULL;
type_datum_t *sepol_attr = NULL; type_datum_t *sepol_attr = NULL;
@ -47,7 +65,7 @@ index c0ca60f..431cd9c 100644
return SEPOL_OK; return SEPOL_OK;
} }
@@ -632,7 +632,7 @@ int cil_typeattribute_to_bitmap(policydb_t *pdb, const struct cil_db *db, struct @@ -632,7 +635,7 @@ int cil_typeattribute_to_bitmap(policydb_t *pdb, const struct cil_db *db, struct
ebitmap_node_t *tnode; ebitmap_node_t *tnode;
unsigned int i; unsigned int i;
@ -56,7 +74,7 @@ index c0ca60f..431cd9c 100644
return SEPOL_OK; return SEPOL_OK;
} }
@@ -1442,7 +1442,7 @@ static int __cil_should_expand_attribute( const struct cil_db *db, struct cil_sy @@ -1442,7 +1445,7 @@ static int __cil_should_expand_attribute( const struct cil_db *db, struct cil_sy
attr = (struct cil_typeattribute *)datum; attr = (struct cil_typeattribute *)datum;
@ -65,7 +83,7 @@ index c0ca60f..431cd9c 100644
} }
int __cil_avrule_to_avtab(policydb_t *pdb, const struct cil_db *db, struct cil_avrule *cil_avrule, cond_node_t *cond_node, enum cil_flavor cond_flavor) int __cil_avrule_to_avtab(policydb_t *pdb, const struct cil_db *db, struct cil_avrule *cil_avrule, cond_node_t *cond_node, enum cil_flavor cond_flavor)
@@ -2525,7 +2525,7 @@ int __cil_constrain_expr_datum_to_sepol_expr(policydb_t *pdb, const struct cil_d @@ -2525,7 +2528,7 @@ int __cil_constrain_expr_datum_to_sepol_expr(policydb_t *pdb, const struct cil_d
if (rc != SEPOL_OK) { if (rc != SEPOL_OK) {
if (FLAVOR(item->data) == CIL_TYPEATTRIBUTE) { if (FLAVOR(item->data) == CIL_TYPEATTRIBUTE) {
struct cil_typeattribute *attr = item->data; struct cil_typeattribute *attr = item->data;
@ -74,8 +92,18 @@ index c0ca60f..431cd9c 100644
rc = 0; rc = 0;
} }
} }
@@ -3272,6 +3275,9 @@ int cil_portcon_to_policydb(policydb_t *pdb, struct cil_sort *portcons)
case CIL_PROTOCOL_DCCP:
new_ocon->u.port.protocol = IPPROTO_DCCP;
break;
+ case CIL_PROTOCOL_SCTP:
+ new_ocon->u.port.protocol = IPPROTO_SCTP;
+ break;
default:
/* should not get here */
rc = SEPOL_ERR;
diff --git libsepol-2.7/cil/src/cil_build_ast.c libsepol-2.7/cil/src/cil_build_ast.c diff --git libsepol-2.7/cil/src/cil_build_ast.c libsepol-2.7/cil/src/cil_build_ast.c
index 04492e5..e84336b 100644 index 04492e5..b90b0f6 100644
--- libsepol-2.7/cil/src/cil_build_ast.c --- libsepol-2.7/cil/src/cil_build_ast.c
+++ libsepol-2.7/cil/src/cil_build_ast.c +++ libsepol-2.7/cil/src/cil_build_ast.c
@@ -82,10 +82,33 @@ exit: @@ -82,10 +82,33 @@ exit:
@ -147,11 +175,28 @@ index 04492e5..e84336b 100644
} }
} }
@@ -4371,6 +4405,8 @@ int cil_gen_portcon(struct cil_db *db, struct cil_tree_node *parse_current, stru
portcon->proto = CIL_PROTOCOL_TCP;
} else if (proto == CIL_KEY_DCCP) {
portcon->proto = CIL_PROTOCOL_DCCP;
+ } else if (proto == CIL_KEY_SCTP) {
+ portcon->proto = CIL_PROTOCOL_SCTP;
} else {
cil_log(CIL_ERR, "Invalid protocol\n");
rc = SEPOL_ERR;
diff --git libsepol-2.7/cil/src/cil_internal.h libsepol-2.7/cil/src/cil_internal.h diff --git libsepol-2.7/cil/src/cil_internal.h libsepol-2.7/cil/src/cil_internal.h
index 6d6a7d9..8393e39 100644 index 6d6a7d9..6ff3228 100644
--- libsepol-2.7/cil/src/cil_internal.h --- libsepol-2.7/cil/src/cil_internal.h
+++ libsepol-2.7/cil/src/cil_internal.h +++ libsepol-2.7/cil/src/cil_internal.h
@@ -316,6 +316,7 @@ struct cil_db { @@ -103,6 +103,7 @@ char *CIL_KEY_STAR;
char *CIL_KEY_TCP;
char *CIL_KEY_UDP;
char *CIL_KEY_DCCP;
+char *CIL_KEY_SCTP;
char *CIL_KEY_AUDITALLOW;
char *CIL_KEY_TUNABLEIF;
char *CIL_KEY_ALLOW;
@@ -316,6 +317,7 @@ struct cil_db {
int preserve_tunables; int preserve_tunables;
int handle_unknown; int handle_unknown;
int mls; int mls;
@ -159,7 +204,7 @@ index 6d6a7d9..8393e39 100644
int target_platform; int target_platform;
int policy_version; int policy_version;
}; };
@@ -530,6 +531,7 @@ struct cil_typeattribute { @@ -530,6 +532,7 @@ struct cil_typeattribute {
struct cil_list *expr_list; struct cil_list *expr_list;
ebitmap_t *types; ebitmap_t *types;
int used; // whether or not this attribute was used in a binary policy rule int used; // whether or not this attribute was used in a binary policy rule
@ -167,8 +212,18 @@ index 6d6a7d9..8393e39 100644
}; };
struct cil_typeattributeset { struct cil_typeattributeset {
@@ -738,7 +741,8 @@ struct cil_filecon {
enum cil_protocol {
CIL_PROTOCOL_UDP = 1,
CIL_PROTOCOL_TCP,
- CIL_PROTOCOL_DCCP
+ CIL_PROTOCOL_DCCP,
+ CIL_PROTOCOL_SCTP
};
struct cil_ibpkeycon {
diff --git libsepol-2.7/cil/src/cil_policy.c libsepol-2.7/cil/src/cil_policy.c diff --git libsepol-2.7/cil/src/cil_policy.c libsepol-2.7/cil/src/cil_policy.c
index 729b6e0..99eb53c 100644 index 729b6e0..5edab5e 100644
--- libsepol-2.7/cil/src/cil_policy.c --- libsepol-2.7/cil/src/cil_policy.c
+++ libsepol-2.7/cil/src/cil_policy.c +++ libsepol-2.7/cil/src/cil_policy.c
@@ -775,7 +775,7 @@ static void cil_classes_to_policy(FILE *out, struct cil_list *classorder) @@ -775,7 +775,7 @@ static void cil_classes_to_policy(FILE *out, struct cil_list *classorder)
@ -189,6 +244,15 @@ index 729b6e0..99eb53c 100644
continue; continue;
if (ebitmap_get_bit(attribute->types, type->value)) { if (ebitmap_get_bit(attribute->types, type->value)) {
if (first) { if (first) {
@@ -1757,6 +1757,8 @@ static void cil_portcons_to_policy(FILE *out, struct cil_sort *portcons, int mls
fprintf(out, "tcp ");
} else if (portcon->proto == CIL_PROTOCOL_DCCP) {
fprintf(out, "dccp ");
+ } else if (portcon->proto == CIL_PROTOCOL_SCTP) {
+ fprintf(out, "sctp ");
}
if (portcon->port_low == portcon->port_high) {
fprintf(out, "%d ", portcon->port_low);
diff --git libsepol-2.7/cil/src/cil_post.c libsepol-2.7/cil/src/cil_post.c diff --git libsepol-2.7/cil/src/cil_post.c libsepol-2.7/cil/src/cil_post.c
index ad073e8..a212245 100644 index ad073e8..a212245 100644
--- libsepol-2.7/cil/src/cil_post.c --- libsepol-2.7/cil/src/cil_post.c
@ -296,7 +360,7 @@ index b1396d2..97d4c4b 100644
pthread_mutex_unlock(&cil_strpool_mutex); pthread_mutex_unlock(&cil_strpool_mutex);
} }
diff --git libsepol-2.7/cil/src/cil_tree.c libsepol-2.7/cil/src/cil_tree.c diff --git libsepol-2.7/cil/src/cil_tree.c libsepol-2.7/cil/src/cil_tree.c
index d36401b..b394a9d 100644 index d36401b..2abbb96 100644
--- libsepol-2.7/cil/src/cil_tree.c --- libsepol-2.7/cil/src/cil_tree.c
+++ libsepol-2.7/cil/src/cil_tree.c +++ libsepol-2.7/cil/src/cil_tree.c
@@ -503,15 +503,19 @@ exit: @@ -503,15 +503,19 @@ exit:
@ -322,6 +386,15 @@ index d36401b..b394a9d 100644
cil_log(CIL_INFO, "%s)", expr_str); cil_log(CIL_INFO, "%s)", expr_str);
free(expr_str); free(expr_str);
} }
@@ -1432,6 +1436,8 @@ void cil_tree_print_node(struct cil_tree_node *node)
cil_log(CIL_INFO, " tcp");
} else if (portcon->proto == CIL_PROTOCOL_DCCP) {
cil_log(CIL_INFO, " dccp");
+ } else if (portcon->proto == CIL_PROTOCOL_SCTP) {
+ cil_log(CIL_INFO, " sctp");
}
cil_log(CIL_INFO, " (%d %d)", portcon->port_low, portcon->port_high);
diff --git libsepol-2.7/include/Makefile libsepol-2.7/include/Makefile diff --git libsepol-2.7/include/Makefile libsepol-2.7/include/Makefile
index 56b7a11..1ad4eca 100644 index 56b7a11..1ad4eca 100644
--- libsepol-2.7/include/Makefile --- libsepol-2.7/include/Makefile
@ -470,6 +543,18 @@ index 68b5ad4..8b9ddca 100644
/* FLASK */ /* FLASK */
diff --git libsepol-2.7/include/sepol/port_record.h libsepol-2.7/include/sepol/port_record.h
index df04ea0..77149cf 100644
--- libsepol-2.7/include/sepol/port_record.h
+++ libsepol-2.7/include/sepol/port_record.h
@@ -16,6 +16,7 @@ typedef struct sepol_port_key sepol_port_key_t;
#define SEPOL_PROTO_UDP 0
#define SEPOL_PROTO_TCP 1
#define SEPOL_PROTO_DCCP 2
+#define SEPOL_PROTO_SCTP 3
/* Key */
extern int sepol_port_compare(const sepol_port_t * port,
diff --git libsepol-2.7/man/Makefile libsepol-2.7/man/Makefile diff --git libsepol-2.7/man/Makefile libsepol-2.7/man/Makefile
index 1192433..9b75454 100644 index 1192433..9b75454 100644
--- libsepol-2.7/man/Makefile --- libsepol-2.7/man/Makefile
@ -610,11 +695,50 @@ index ec49c15..f5407ab 100644
/* /*
* Updated : Karl MacMillan <kmacmillan@mentalrootkit.com> * Updated : Karl MacMillan <kmacmillan@mentalrootkit.com>
diff --git libsepol-2.7/src/ibendport_record.c libsepol-2.7/src/ibendport_record.c
index 912aeb5..bc56f09 100644
--- libsepol-2.7/src/ibendport_record.c
+++ libsepol-2.7/src/ibendport_record.c
@@ -32,14 +32,11 @@ struct sepol_ibendport_key {
int sepol_ibendport_alloc_ibdev_name(sepol_handle_t *handle,
char **ibdev_name)
{
- char *tmp_ibdev_name = NULL;
-
- tmp_ibdev_name = calloc(1, IB_DEVICE_NAME_MAX);
+ *ibdev_name = calloc(1, IB_DEVICE_NAME_MAX);
- if (!tmp_ibdev_name)
+ if (!*ibdev_name)
goto omem;
- *ibdev_name = tmp_ibdev_name;
return STATUS_SUCCESS;
omem:
diff --git libsepol-2.7/src/kernel_to_cil.c libsepol-2.7/src/kernel_to_cil.c diff --git libsepol-2.7/src/kernel_to_cil.c libsepol-2.7/src/kernel_to_cil.c
index f1905a9..0055c23 100644 index f1905a9..b1eb66d 100644
--- libsepol-2.7/src/kernel_to_cil.c --- libsepol-2.7/src/kernel_to_cil.c
+++ libsepol-2.7/src/kernel_to_cil.c +++ libsepol-2.7/src/kernel_to_cil.c
@@ -2788,7 +2788,7 @@ static int write_selinux_ibpkey_rules_to_cil(FILE *out, struct policydb *pdb) @@ -12,6 +12,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <sepol/policydb/avtab.h>
#include <sepol/policydb/conditional.h>
@@ -2631,6 +2634,7 @@ static int write_selinux_port_rules_to_cil(FILE *out, struct policydb *pdb)
case IPPROTO_TCP: protocol = "tcp"; break;
case IPPROTO_UDP: protocol = "udp"; break;
case IPPROTO_DCCP: protocol = "dccp"; break;
+ case IPPROTO_SCTP: protocol = "sctp"; break;
default:
sepol_log_err("Unknown portcon protocol: %i", portcon->u.port.protocol);
rc = -1;
@@ -2788,7 +2792,7 @@ static int write_selinux_ibpkey_rules_to_cil(FILE *out, struct policydb *pdb)
{ {
struct ocontext *ibpkeycon; struct ocontext *ibpkeycon;
char subnet_prefix_str[INET6_ADDRSTRLEN]; char subnet_prefix_str[INET6_ADDRSTRLEN];
@ -623,11 +747,43 @@ index f1905a9..0055c23 100644
uint16_t low; uint16_t low;
uint16_t high; uint16_t high;
char low_high_str[44]; /* 2^64 <= 20 digits so "(low high)" <= 44 chars */ char low_high_str[44]; /* 2^64 <= 20 digits so "(low high)" <= 44 chars */
diff --git libsepol-2.7/src/kernel_to_common.c libsepol-2.7/src/kernel_to_common.c
index 01ffc8f..342bc3c 100644
--- libsepol-2.7/src/kernel_to_common.c
+++ libsepol-2.7/src/kernel_to_common.c
@@ -10,6 +10,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <sepol/policydb/ebitmap.h>
#include <sepol/policydb/hashtab.h>
diff --git libsepol-2.7/src/kernel_to_conf.c libsepol-2.7/src/kernel_to_conf.c diff --git libsepol-2.7/src/kernel_to_conf.c libsepol-2.7/src/kernel_to_conf.c
index a74873f..95aa92f 100644 index a74873f..9540520 100644
--- libsepol-2.7/src/kernel_to_conf.c --- libsepol-2.7/src/kernel_to_conf.c
+++ libsepol-2.7/src/kernel_to_conf.c +++ libsepol-2.7/src/kernel_to_conf.c
@@ -2649,7 +2649,7 @@ static int write_selinux_ibpkey_rules_to_conf(FILE *out, struct policydb *pdb) @@ -11,6 +11,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <sepol/policydb/avtab.h>
#include <sepol/policydb/conditional.h>
@@ -2491,6 +2494,7 @@ static int write_selinux_port_rules_to_conf(FILE *out, struct policydb *pdb)
case IPPROTO_TCP: protocol = "tcp"; break;
case IPPROTO_UDP: protocol = "udp"; break;
case IPPROTO_DCCP: protocol = "dccp"; break;
+ case IPPROTO_SCTP: protocol = "sctp"; break;
default:
sepol_log_err("Unknown portcon protocol: %i", portcon->u.port.protocol);
rc = -1;
@@ -2649,7 +2653,7 @@ static int write_selinux_ibpkey_rules_to_conf(FILE *out, struct policydb *pdb)
{ {
struct ocontext *ibpkeycon; struct ocontext *ibpkeycon;
char subnet_prefix_str[INET6_ADDRSTRLEN]; char subnet_prefix_str[INET6_ADDRSTRLEN];
@ -637,10 +793,10 @@ index a74873f..95aa92f 100644
uint16_t high; uint16_t high;
char low_high_str[44]; /* 2^64 <= 20 digits so "low-high" <= 44 chars */ char low_high_str[44]; /* 2^64 <= 20 digits so "low-high" <= 44 chars */
diff --git libsepol-2.7/src/libsepol.map.in libsepol-2.7/src/libsepol.map.in diff --git libsepol-2.7/src/libsepol.map.in libsepol-2.7/src/libsepol.map.in
index dd1fec2..2a9996f 100644 index dd1fec2..d879016 100644
--- libsepol-2.7/src/libsepol.map.in --- libsepol-2.7/src/libsepol.map.in
+++ libsepol-2.7/src/libsepol.map.in +++ libsepol-2.7/src/libsepol.map.in
@@ -49,6 +49,7 @@ LIBSEPOL_1.1 { @@ -49,10 +49,13 @@ LIBSEPOL_1.1 {
cil_set_mls; cil_set_mls;
cil_set_attrs_expand_generated; cil_set_attrs_expand_generated;
cil_set_attrs_expand_size; cil_set_attrs_expand_size;
@ -648,6 +804,12 @@ index dd1fec2..2a9996f 100644
cil_write_policy_conf; cil_write_policy_conf;
sepol_ppfile_to_module_package; sepol_ppfile_to_module_package;
sepol_module_package_to_cil; sepol_module_package_to_cil;
sepol_module_policydb_to_cil;
sepol_kernel_policydb_to_cil;
sepol_kernel_policydb_to_conf;
+ sepol_polcap_getnum;
+ sepol_polcap_getname;
} LIBSEPOL_1.0;
diff --git libsepol-2.7/src/libsepol.pc.in libsepol-2.7/src/libsepol.pc.in diff --git libsepol-2.7/src/libsepol.pc.in libsepol-2.7/src/libsepol.pc.in
index e52f589..f807fec 100644 index e52f589..f807fec 100644
--- libsepol-2.7/src/libsepol.pc.in --- libsepol-2.7/src/libsepol.pc.in
@ -681,10 +843,28 @@ index 98da3d3..5ca3cd5 100644
* *
* Support for enhanced MLS infrastructure. * Support for enhanced MLS infrastructure.
diff --git libsepol-2.7/src/module_to_cil.c libsepol-2.7/src/module_to_cil.c diff --git libsepol-2.7/src/module_to_cil.c libsepol-2.7/src/module_to_cil.c
index 619a48f..15b58a7 100644 index 619a48f..5b8ed19 100644
--- libsepol-2.7/src/module_to_cil.c --- libsepol-2.7/src/module_to_cil.c
+++ libsepol-2.7/src/module_to_cil.c +++ libsepol-2.7/src/module_to_cil.c
@@ -2687,7 +2687,7 @@ static int ocontext_selinux_ibpkey_to_cil(struct policydb *pdb, @@ -30,6 +30,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
@@ -2656,6 +2659,7 @@ static int ocontext_selinux_port_to_cil(struct policydb *pdb, struct ocontext *p
case IPPROTO_TCP: protocol = "tcp"; break;
case IPPROTO_UDP: protocol = "udp"; break;
case IPPROTO_DCCP: protocol = "dccp"; break;
+ case IPPROTO_SCTP: protocol = "sctp"; break;
default:
log_err("Unknown portcon protocol: %i", portcon->u.port.protocol);
rc = -1;
@@ -2687,7 +2691,7 @@ static int ocontext_selinux_ibpkey_to_cil(struct policydb *pdb,
int rc = -1; int rc = -1;
struct ocontext *ibpkeycon; struct ocontext *ibpkeycon;
char subnet_prefix_str[INET6_ADDRSTRLEN]; char subnet_prefix_str[INET6_ADDRSTRLEN];
@ -713,6 +893,51 @@ index 691101e..c752123 100644
free(ctmp); free(ctmp);
} }
} }
diff --git libsepol-2.7/src/port_record.c libsepol-2.7/src/port_record.c
index ed9093b..15fb198 100644
--- libsepol-2.7/src/port_record.c
+++ libsepol-2.7/src/port_record.c
@@ -186,6 +186,8 @@ const char *sepol_port_get_proto_str(int proto)
return "tcp";
case SEPOL_PROTO_DCCP:
return "dccp";
+ case SEPOL_PROTO_SCTP:
+ return "sctp";
default:
return "???";
}
diff --git libsepol-2.7/src/ports.c libsepol-2.7/src/ports.c
index 62ec602..cc55863 100644
--- libsepol-2.7/src/ports.c
+++ libsepol-2.7/src/ports.c
@@ -2,6 +2,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <stdlib.h>
#include "debug.h"
@@ -21,6 +24,8 @@ static inline int sepol2ipproto(sepol_handle_t * handle, int proto)
return IPPROTO_UDP;
case SEPOL_PROTO_DCCP:
return IPPROTO_DCCP;
+ case SEPOL_PROTO_SCTP:
+ return IPPROTO_SCTP;
default:
ERR(handle, "unsupported protocol %u", proto);
return STATUS_ERR;
@@ -37,6 +42,8 @@ static inline int ipproto2sepol(sepol_handle_t * handle, int proto)
return SEPOL_PROTO_UDP;
case IPPROTO_DCCP:
return SEPOL_PROTO_DCCP;
+ case IPPROTO_SCTP:
+ return SEPOL_PROTO_SCTP;
default:
ERR(handle, "invalid protocol %u " "found in policy", proto);
return STATUS_ERR;
diff --git libsepol-2.7/src/services.c libsepol-2.7/src/services.c diff --git libsepol-2.7/src/services.c libsepol-2.7/src/services.c
index 10338a6..d40793e 100644 index 10338a6..d40793e 100644
--- libsepol-2.7/src/services.c --- libsepol-2.7/src/services.c

9
libsepol.spec
View File

@ -1,13 +1,13 @@
Summary: SELinux binary policy manipulation library Summary: SELinux binary policy manipulation library
Name: libsepol Name: libsepol
Version: 2.7 Version: 2.7
Release: 5%{?dist} Release: 6%{?dist}
License: LGPLv2+ License: LGPLv2+
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/libsepol-2.7.tar.gz Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/libsepol-2.7.tar.gz
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run: # run:
# $ VERSION=2.7 ./make-fedora-selinux-patch.sh libsepol # $ VERSION=2.7 ./make-fedora-selinux-patch.sh libsepol
# HEAD https://github.com/fedora-selinux/selinux/commit/4e253a0231ca085df03b55c4c0490ad6a0e261eb # HEAD https://github.com/fedora-selinux/selinux/commit/0a28664012ec7383cf5cbdef4ad2dbedf1f70707
Patch1: libsepol-fedora.patch Patch1: libsepol-fedora.patch
URL: https://github.com/SELinuxProject/selinux/wiki URL: https://github.com/SELinuxProject/selinux/wiki
BuildRequires: gcc BuildRequires: gcc
@ -97,6 +97,11 @@ exit 0
%{_libdir}/libsepol.so.1 %{_libdir}/libsepol.so.1
%changelog %changelog
* Wed Mar 21 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-6
- Prevent freeing unitialized value in ibendport handling
- Add support for the SCTP portcon keyword
- Export sepol_polcap_getnum/name functions
* Tue Mar 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-5 * Tue Mar 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-5
- cil: Create new keep field for type attribute sets - cil: Create new keep field for type attribute sets
- build: follow standard semantics for DESTDIR and PREFIX - build: follow standard semantics for DESTDIR and PREFIX