rpms / setools

Clone
Source Code
GIT

Blame SOURCES/0014-Add-support-for-DCCP-and-SCTP-protocols.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   53d48a22156fdb5f5e09714cf8395734e37617f9
  2.   SOURCES
  3.   0014-Add-support-for-DCCP-and-SCTP-protocols.patch
Blob History Raw
53d48a 
From 78260f2d8fdeb05a9d53727ea64bf5b2d08d3349 Mon Sep 17 00:00:00 2001
53d48a 
From: Vit Mojzis <vmojzis@redhat.com>
53d48a 
Date: Fri, 20 Jul 2018 17:33:22 +0200
53d48a 
Subject: [PATCH] Add support for DCCP and SCTP protocols
53d48a
53d48a 
Resolves: rhbz#1607273
53d48a 
---
53d48a 
 libapol/include/apol/util.h          | 12 ++++++------
53d48a 
 libapol/src/util.c                   | 17 +++++++++++++++++
53d48a 
 libapol/swig/apol.i                  |  3 +++
53d48a 
 libqpol/include/qpol/portcon_query.h | 13 +++++++++++--
53d48a 
 libqpol/src/policy_define.c          | 10 ++++++++++
53d48a 
 libqpol/src/policy_parse.y           |  7 +++++++
53d48a 
 libqpol/swig/qpol.i                  |  3 +++
53d48a 
 python/setools/seinfo.c              |  4 +++-
53d48a 
 secmds/seinfo.c                      |  4 ++++
53d48a 
 9 files changed, 64 insertions(+), 9 deletions(-)
53d48a
53d48a 
diff --git a/libapol/include/apol/util.h b/libapol/include/apol/util.h
53d48a 
index 99db1685..3e370332 100644
53d48a 
--- a/libapol/include/apol/util.h
53d48a 
+++ b/libapol/include/apol/util.h
53d48a 
@@ -48,8 +48,8 @@ extern "C"
53d48a 
  * Given a portcon protocol, return a read-only string that describes
53d48a 
  * that protocol.
53d48a 
  *
53d48a 
- * @param protocol Portcon protocol, one of IPPROTO_TCP or IPPROTO_UDP
53d48a 
- * from netinet/in.h.
53d48a 
+ * @param protocol Portcon protocol, one of IPPROTO_TCP, IPPROTO_UDP,
53d48a 
+ * IPPROTO_DCCP or IPPROTO_SCTP from netinet/in.h.
53d48a 
  *
53d48a 
  * @return A string that describes the protocol, or NULL if the
53d48a 
  * protocol is invalid.  Do not free() this string.
53d48a 
@@ -59,10 +59,10 @@ extern "C"
53d48a 
 /**
53d48a 
  * Given the name of a portcon protocol, return its numeric value.
53d48a 
  *
53d48a 
- * @param protocol_str Portcon protocol, one of "tcp", "TCP", "udp", or "UDP".
53d48a 
- *
53d48a 
- * @return Numeric value for the protocol, one of IPPROTO_TCP or IPPROTO_UDP
53d48a 
- * from netinet/in.h.  Upon error return 0.
53d48a 
+ * @param protocol_str Portcon protocol, one of "tcp", "TCP", "udp", "UDP",
53d48a 
+ * "dccp", "DCCP", "sctp" or "SCTP".
53d48a 
+ * @return Numeric value for the protocol, one of IPPROTO_TCP, IPPROTO_UDP,
53d48a 
+ * IPPROTO_DCCP or IPPROTO_SCTP from netinet/in.h.  Upon error return 0.
53d48a 
  */
53d48a 
 	extern uint8_t apol_str_to_protocol(const char *protocol_str);
53d48a
53d48a 
diff --git a/libapol/src/util.c b/libapol/src/util.c
53d48a 
index dd6d300d..fc38d9d5 100644
53d48a 
--- a/libapol/src/util.c
53d48a 
+++ b/libapol/src/util.c
53d48a 
@@ -42,6 +42,13 @@
53d48a 
 #include <arpa/inet.h>
53d48a 
 #include <netinet/in.h>		       /* needed for portcon's protocol */
53d48a
53d48a 
+#ifndef IPPROTO_DCCP
53d48a 
+#define IPPROTO_DCCP 33
53d48a 
+#endif
53d48a 
+#ifndef IPPROTO_SCTP
53d48a 
+#define IPPROTO_SCTP 132
53d48a 
+#endif
53d48a 
+
53d48a 
 /* use 8k line size */
53d48a 
 #define APOL_LINE_SZ 8192
53d48a 
 #define APOL_ENVIRON_VAR_NAME "APOL_INSTALL_DIR"
53d48a 
@@ -173,6 +180,10 @@ const char *apol_protocol_to_str(uint8_t protocol)
53d48a 
 		return "tcp";
53d48a 
 	case IPPROTO_UDP:
53d48a 
 		return "udp";
53d48a 
+	case IPPROTO_DCCP:
53d48a 
+		return "dccp";
53d48a 
+	case IPPROTO_SCTP:
53d48a 
+		return "sctp";
53d48a 
 	default:
53d48a 
 		errno = EPROTONOSUPPORT;
53d48a 
 		return NULL;
53d48a 
@@ -191,6 +202,12 @@ uint8_t apol_str_to_protocol(const char *protocol_str)
53d48a 
 	if (strcmp(protocol_str, "udp") == 0 || strcmp(protocol_str, "UDP") == 0) {
53d48a 
 		return IPPROTO_UDP;
53d48a 
 	}
53d48a 
+	if (strcmp(protocol_str, "dccp") == 0 || strcmp(protocol_str, "DCCP") == 0) {
53d48a 
+		return IPPROTO_DCCP;
53d48a 
+	}
53d48a 
+	if (strcmp(protocol_str, "sctp") == 0 || strcmp(protocol_str, "SCTP") == 0) {
53d48a 
+		return IPPROTO_SCTP;
53d48a 
+	}
53d48a 
 	errno = EPROTONOSUPPORT;
53d48a 
 	return 0;
53d48a 
 }
53d48a 
diff --git a/libapol/swig/apol.i b/libapol/swig/apol.i
53d48a 
index 8a4a195f..6a650315 100644
53d48a 
--- a/libapol/swig/apol.i
53d48a 
+++ b/libapol/swig/apol.i
53d48a 
@@ -227,6 +227,9 @@ const char *libapol_get_version(void);
53d48a 
 /* defines from netinet/in.h for ip protocols */
53d48a 
 #define IPPROTO_TCP  6
53d48a 
 #define IPPROTO_UDP 17
53d48a 
+#define IPPROTO_DCCP 33
53d48a 
+#define IPPROTO_SCTP 132
53d48a 
+
53d48a 
 const char *apol_protocol_to_str(uint8_t protocol);
53d48a 
 uint8_t apol_str_to_protocol(const char *protocol_str);
53d48a 
 %newobject wrap_apol_str_to_internal_ip(char*);
53d48a 
diff --git a/libqpol/include/qpol/portcon_query.h b/libqpol/include/qpol/portcon_query.h
53d48a 
index 63210feb..72e8ce9e 100644
53d48a 
--- a/libqpol/include/qpol/portcon_query.h
53d48a 
+++ b/libqpol/include/qpol/portcon_query.h
53d48a 
@@ -37,6 +37,13 @@ extern "C"
53d48a 
 #include <qpol/iterator.h>
53d48a 
 #include <qpol/policy.h>
53d48a
53d48a 
+#ifndef IPPROTO_DCCP
53d48a 
+#define IPPROTO_DCCP 33
53d48a 
+#endif
53d48a 
+#ifndef IPPROTO_SCTP
53d48a 
+#define IPPROTO_SCTP 132
53d48a 
+#endif
53d48a 
+
53d48a 
 	typedef struct qpol_portcon qpol_portcon_t;
53d48a
53d48a 
 /**
53d48a 
@@ -46,7 +53,8 @@ extern "C"
53d48a 
  *  @param high The high port of the range of ports; if searching for a
53d48a 
  *  single port, set high equal to low.
53d48a 
  *  @param protocol The protocol used in the portcon statement.
53d48a 
- *  Value should be one of IPPROTO_TCP or IPPROTO_UDP from netinet/in.h
53d48a 
+ *  Value should be one of IPPROTO_TCP, IPPROTO_UDP, IPPROTO_DCCP or
53d48a 
+ *  IPPROTO_SCTP from netinet/in.h
53d48a 
  *  @param ocon Pointer in which to store the statement returned.
53d48a 
  *  The caller should not free this pointer.
53d48a 
  *  @return 0 on success and < 0 on failure; if the call fails,
53d48a 
@@ -73,7 +81,8 @@ extern "C"
53d48a 
  *  @param policy The policy associated with the portcon statement.
53d48a 
  *  @param ocon The portcon statement from which to get the protocol.
53d48a 
  *  @param protocol Pointer to set to the value of protocol.
53d48a 
- *  Value will be one of IPPROTO_TCP or IPPROTO_UDP from netinet/in.h
53d48a 
+ *  Value will be one of IPPROTO_TCP, IPPROTO_UDP, IPPROTO_DCCP or
53d48a 
+ *  IPPROTO_SCTP from netinet/in.h
53d48a 
  *  @return 0 on success and < 0 on failure; if the call fails,
53d48a 
  *  errno will be set and *protocol will be 0;
53d48a 
  */
53d48a 
diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
53d48a 
index 15f70ba3..2c5d488b 100644
53d48a 
--- a/libqpol/src/policy_define.c
53d48a 
+++ b/libqpol/src/policy_define.c
53d48a 
@@ -63,6 +63,12 @@
53d48a 
 #ifdef HAVE_SEPOL_ERRCODES
53d48a 
 #include <sepol/errcodes.h>
53d48a 
 #endif
53d48a 
+#ifndef IPPROTO_DCCP
53d48a 
+#define IPPROTO_DCCP 33
53d48a 
+#endif
53d48a 
+#ifndef IPPROTO_SCTP
53d48a 
+#define IPPROTO_SCTP 132
53d48a 
+#endif
53d48a
53d48a 
 #include "queue.h"
53d48a 
 /* Required for SETools libqpol - Removed #include "checkpolicy.h"*/
53d48a 
@@ -4350,6 +4356,10 @@ int define_port_context(unsigned int low, unsigned int high)
53d48a 
 		protocol = IPPROTO_TCP;
53d48a 
 	} else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) {
53d48a 
 		protocol = IPPROTO_UDP;
53d48a 
+	} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
53d48a 
+		protocol = IPPROTO_DCCP;
53d48a 
+	} else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
53d48a 
+		protocol = IPPROTO_SCTP;
53d48a 
 	} else {
53d48a 
 		yyerror2("unrecognized protocol %s", id);
53d48a 
 		free(newc);
53d48a 
diff --git a/libqpol/src/policy_parse.y b/libqpol/src/policy_parse.y
53d48a 
index 357f3d8f..e07ff52c 100644
53d48a 
--- a/libqpol/src/policy_parse.y
53d48a 
+++ b/libqpol/src/policy_parse.y
53d48a 
@@ -52,6 +52,13 @@
53d48a 
 #include <arpa/inet.h>
53d48a 
 #include <stdlib.h>
53d48a
53d48a 
+#ifndef IPPROTO_DCCP
53d48a 
+#define IPPROTO_DCCP 33
53d48a 
+#endif
53d48a 
+#ifndef IPPROTO_SCTP
53d48a 
+#define IPPROTO_SCTP 132
53d48a 
+#endif
53d48a 
+
53d48a 
 #include <sepol/policydb/expand.h>
53d48a 
 #include <sepol/policydb/policydb.h>
53d48a 
 #include <sepol/policydb/services.h>
53d48a 
diff --git a/libqpol/swig/qpol.i b/libqpol/swig/qpol.i
53d48a 
index b604488a..9fbb8286 100644
53d48a 
--- a/libqpol/swig/qpol.i
53d48a 
+++ b/libqpol/swig/qpol.i
53d48a 
@@ -2005,6 +2005,9 @@ typedef struct qpol_nodecon {} qpol_nodecon_t;
53d48a 
 /* from netinet/in.h */
53d48a 
 #define IPPROTO_TCP 6
53d48a 
 #define IPPROTO_UDP 17
53d48a 
+#define IPPROTO_DCCP 33
53d48a 
+#define IPPROTO_SCTP 132
53d48a 
+
53d48a 
 typedef struct qpol_portcon {} qpol_portcon_t;
53d48a 
 %extend qpol_portcon_t {
53d48a 
 	qpol_portcon(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) {
53d48a 
diff --git a/python/setools/seinfo.c b/python/setools/seinfo.c
53d48a 
index 211930a3..7c22f9e7 100644
53d48a 
--- a/python/setools/seinfo.c
53d48a 
+++ b/python/setools/seinfo.c
53d48a 
@@ -512,7 +512,9 @@ static PyObject*  get_ports(const char *num, const apol_policy_t * policydb)
53d48a 
 		}
53d48a
53d48a 
 		if ((ocon_proto != IPPROTO_TCP) &&
53d48a 
-		    (ocon_proto != IPPROTO_UDP))
53d48a 
+		    (ocon_proto != IPPROTO_UDP) &&
53d48a 
+		    (ocon_proto != IPPROTO_DCCP) &&
53d48a 
+		    (ocon_proto != IPPROTO_SCTP))
53d48a 
 			goto cleanup;
53d48a
53d48a 
 		if (qpol_portcon_get_context(q, portcon, &ctxt)) {
53d48a 
diff --git a/secmds/seinfo.c b/secmds/seinfo.c
53d48a 
index a9708907..3c71af57 100644
53d48a 
--- a/secmds/seinfo.c
53d48a 
+++ b/secmds/seinfo.c
53d48a 
@@ -1155,6 +1155,10 @@ static int print_portcon(FILE * fp, const char *num, const char *protocol, const
53d48a 
 			proto = IPPROTO_TCP;
53d48a 
 		else if (!strcmp(protocol, "udp"))
53d48a 
 			proto = IPPROTO_UDP;
53d48a 
+		else if (!strcmp(protocol, "dccp"))
53d48a 
+			proto = IPPROTO_DCCP;
53d48a 
+		else if (!strcmp(protocol, "sctp"))
53d48a 
+			proto = IPPROTO_SCTP;
53d48a 
 		else {
53d48a 
 			ERR(policydb, "Unable to get portcon by protocol: bad protocol %s.", protocol);
53d48a 
 			goto cleanup;
53d48a 
--
53d48a 
2.14.3
53d48a

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation