Fix network_port() in corenetwork to correctly handle port ranges.

2010-04-13 11:06:02 -04:00 · 2010-04-13 11:06:02 -04:00 · 85e71c86da
commit 85e71c86da
parent ec8d32c8e9
2 changed files with 13 additions and 2 deletions
--- a/1
+++ b/1
@ -1,3 +1,4 @@
 - Fix network_port() in corenetwork to correctly handle port ranges.
 - SE-Postgresql updates from KaiGai Kohei.
 - X object manager revisions from Eamon Walsh.
 - Added modules:
--- a/policy/modules/kernel/corenetwork.te.m4
+++ b/policy/modules/kernel/corenetwork.te.m4
@ -5,6 +5,16 @@
 #
 define(`shiftn',`ifelse($1,0,`shift($*)',`shiftn(decr($1),shift(shift($*)))')')
 #
 # range_start(num)
 #
 # return the low port in a range.
 #
 # range_start(600) returns "600"
 # range_start(1200-1600) returns "1200"
 #
 define(`range_start',`ifelse(-1,index(`$1', `-'),$1,substr($1,0,index(`$1', `-')))')
 #
 # build_option(option_name,true,[false])
 #
@ -68,10 +78,10 @@ declare_nodes($1_node_t,shift($*))
 ')
 define(`declare_ports',`dnl
-ifelse(eval($3 < 1024),1,`
+ifelse(eval(range_start($3) < 1024),1,`
 typeattribute $1 reserved_port_type;
 #bindresvport in glibc starts searching for reserved ports at 600
-ifelse(eval($3 >= 600),1,`typeattribute $1 rpc_port_type;',`dnl')
+ifelse(eval(range_start($3) >= 600),1,`typeattribute $1 rpc_port_type;',`dnl')
 ',`dnl')
 portcon $2 $3 gen_context(system_u:object_r:$1,$4)
 ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl