1008 lines
34 KiB
Diff
1008 lines
34 KiB
Diff
diff --git libsepol-2.7/cil/include/cil/cil.h libsepol-2.7/cil/include/cil/cil.h
|
|
index 86117f2..f8cfc3b 100644
|
|
--- libsepol-2.7/cil/include/cil/cil.h
|
|
+++ libsepol-2.7/cil/include/cil/cil.h
|
|
@@ -50,6 +50,7 @@ extern int cil_userprefixes_to_string(cil_db_t *db, char **out, size_t *size);
|
|
extern int cil_selinuxusers_to_string(cil_db_t *db, char **out, size_t *size);
|
|
extern int cil_filecons_to_string(cil_db_t *db, char **out, size_t *size);
|
|
extern void cil_set_disable_dontaudit(cil_db_t *db, int disable_dontaudit);
|
|
+extern void cil_set_multiple_decls(cil_db_t *db, int multiple_decls);
|
|
extern void cil_set_disable_neverallow(cil_db_t *db, int disable_neverallow);
|
|
extern void cil_set_preserve_tunables(cil_db_t *db, int preserve_tunables);
|
|
extern int cil_set_handle_unknown(cil_db_t *db, int handle_unknown);
|
|
diff --git libsepol-2.7/cil/src/cil.c libsepol-2.7/cil/src/cil.c
|
|
index c02a41a..2a7ec06 100644
|
|
--- libsepol-2.7/cil/src/cil.c
|
|
+++ libsepol-2.7/cil/src/cil.c
|
|
@@ -109,6 +109,7 @@ static void cil_init_keys(void)
|
|
CIL_KEY_UDP = cil_strpool_add("udp");
|
|
CIL_KEY_TCP = cil_strpool_add("tcp");
|
|
CIL_KEY_DCCP = cil_strpool_add("dccp");
|
|
+ CIL_KEY_SCTP = cil_strpool_add("sctp");
|
|
CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow");
|
|
CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif");
|
|
CIL_KEY_ALLOW = cil_strpool_add("allow");
|
|
@@ -1691,6 +1692,11 @@ void cil_set_mls(struct cil_db *db, int mls)
|
|
db->mls = mls;
|
|
}
|
|
|
|
+void cil_set_multiple_decls(struct cil_db *db, int multiple_decls)
|
|
+{
|
|
+ db->multiple_decls = multiple_decls;
|
|
+}
|
|
+
|
|
void cil_set_target_platform(struct cil_db *db, int target_platform)
|
|
{
|
|
db->target_platform = target_platform;
|
|
@@ -2059,6 +2065,7 @@ void cil_typeattribute_init(struct cil_typeattribute **attr)
|
|
(*attr)->expr_list = NULL;
|
|
(*attr)->types = NULL;
|
|
(*attr)->used = CIL_FALSE;
|
|
+ (*attr)->keep = CIL_FALSE;
|
|
}
|
|
|
|
void cil_typeattributeset_init(struct cil_typeattributeset **attrset)
|
|
diff --git libsepol-2.7/cil/src/cil_binary.c libsepol-2.7/cil/src/cil_binary.c
|
|
index c0ca60f..0cc6eeb 100644
|
|
--- libsepol-2.7/cil/src/cil_binary.c
|
|
+++ libsepol-2.7/cil/src/cil_binary.c
|
|
@@ -34,6 +34,9 @@
|
|
#ifndef IPPROTO_DCCP
|
|
#define IPPROTO_DCCP 33
|
|
#endif
|
|
+#ifndef IPPROTO_SCTP
|
|
+#define IPPROTO_SCTP 132
|
|
+#endif
|
|
|
|
#include <sepol/policydb/policydb.h>
|
|
#include <sepol/policydb/polcaps.h>
|
|
@@ -567,7 +570,7 @@ int cil_typeattribute_to_policydb(policydb_t *pdb, struct cil_typeattribute *cil
|
|
char *key = NULL;
|
|
type_datum_t *sepol_attr = NULL;
|
|
|
|
- if (!cil_attr->used) {
|
|
+ if (!cil_attr->keep) {
|
|
return SEPOL_OK;
|
|
}
|
|
|
|
@@ -632,7 +635,7 @@ int cil_typeattribute_to_bitmap(policydb_t *pdb, const struct cil_db *db, struct
|
|
ebitmap_node_t *tnode;
|
|
unsigned int i;
|
|
|
|
- if (!cil_attr->used) {
|
|
+ if (!cil_attr->keep) {
|
|
return SEPOL_OK;
|
|
}
|
|
|
|
@@ -1442,7 +1445,7 @@ static int __cil_should_expand_attribute( const struct cil_db *db, struct cil_sy
|
|
|
|
attr = (struct cil_typeattribute *)datum;
|
|
|
|
- return !attr->used || (ebitmap_cardinality(attr->types) < db->attrs_expand_size);
|
|
+ return !attr->keep || (ebitmap_cardinality(attr->types) < db->attrs_expand_size);
|
|
}
|
|
|
|
int __cil_avrule_to_avtab(policydb_t *pdb, const struct cil_db *db, struct cil_avrule *cil_avrule, cond_node_t *cond_node, enum cil_flavor cond_flavor)
|
|
@@ -2525,7 +2528,7 @@ int __cil_constrain_expr_datum_to_sepol_expr(policydb_t *pdb, const struct cil_d
|
|
if (rc != SEPOL_OK) {
|
|
if (FLAVOR(item->data) == CIL_TYPEATTRIBUTE) {
|
|
struct cil_typeattribute *attr = item->data;
|
|
- if (!attr->used) {
|
|
+ if (!attr->keep) {
|
|
rc = 0;
|
|
}
|
|
}
|
|
@@ -3272,6 +3275,9 @@ int cil_portcon_to_policydb(policydb_t *pdb, struct cil_sort *portcons)
|
|
case CIL_PROTOCOL_DCCP:
|
|
new_ocon->u.port.protocol = IPPROTO_DCCP;
|
|
break;
|
|
+ case CIL_PROTOCOL_SCTP:
|
|
+ new_ocon->u.port.protocol = IPPROTO_SCTP;
|
|
+ break;
|
|
default:
|
|
/* should not get here */
|
|
rc = SEPOL_ERR;
|
|
diff --git libsepol-2.7/cil/src/cil_build_ast.c libsepol-2.7/cil/src/cil_build_ast.c
|
|
index 04492e5..b90b0f6 100644
|
|
--- libsepol-2.7/cil/src/cil_build_ast.c
|
|
+++ libsepol-2.7/cil/src/cil_build_ast.c
|
|
@@ -82,10 +82,33 @@ exit:
|
|
return rc;
|
|
}
|
|
|
|
-int cil_gen_node(__attribute__((unused)) struct cil_db *db, struct cil_tree_node *ast_node, struct cil_symtab_datum *datum, hashtab_key_t key, enum cil_sym_index sflavor, enum cil_flavor nflavor)
|
|
+/*
|
|
+ * Determine whether or not multiple declarations of the same key can share a
|
|
+ * datum, given the new datum and the one already present in a given symtab.
|
|
+ */
|
|
+int cil_is_datum_multiple_decl(__attribute__((unused)) struct cil_symtab_datum *cur,
|
|
+ __attribute__((unused)) struct cil_symtab_datum *old,
|
|
+ enum cil_flavor f)
|
|
+{
|
|
+ int rc = CIL_FALSE;
|
|
+
|
|
+ switch (f) {
|
|
+ case CIL_TYPE:
|
|
+ case CIL_TYPEATTRIBUTE:
|
|
+ /* type and typeattribute statements insert empty datums, ret true */
|
|
+ rc = CIL_TRUE;
|
|
+ break;
|
|
+ default:
|
|
+ break;
|
|
+ }
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_symtab_datum *datum, hashtab_key_t key, enum cil_sym_index sflavor, enum cil_flavor nflavor)
|
|
{
|
|
int rc = SEPOL_ERR;
|
|
symtab_t *symtab = NULL;
|
|
+ struct cil_symtab_datum *prev;
|
|
|
|
rc = __cil_verify_name((const char*)key);
|
|
if (rc != SEPOL_OK) {
|
|
@@ -103,15 +126,26 @@ int cil_gen_node(__attribute__((unused)) struct cil_db *db, struct cil_tree_node
|
|
if (symtab != NULL) {
|
|
rc = cil_symtab_insert(symtab, (hashtab_key_t)key, datum, ast_node);
|
|
if (rc == SEPOL_EEXIST) {
|
|
- cil_log(CIL_ERR, "Re-declaration of %s %s\n",
|
|
- cil_node_to_string(ast_node), key);
|
|
- if (cil_symtab_get_datum(symtab, key, &datum) == SEPOL_OK) {
|
|
- if (sflavor == CIL_SYM_BLOCKS) {
|
|
- struct cil_tree_node *node = datum->nodes->head->data;
|
|
- cil_tree_log(node, CIL_ERR, "Previous declaration");
|
|
+ if (!db->multiple_decls ||
|
|
+ cil_symtab_get_datum(symtab, (hashtab_key_t)key, &prev) != SEPOL_OK ||
|
|
+ !cil_is_datum_multiple_decl(datum, prev, nflavor)) {
|
|
+
|
|
+ /* multiple_decls not ok, ret error */
|
|
+ cil_log(CIL_ERR, "Re-declaration of %s %s\n",
|
|
+ cil_node_to_string(ast_node), key);
|
|
+ if (cil_symtab_get_datum(symtab, key, &datum) == SEPOL_OK) {
|
|
+ if (sflavor == CIL_SYM_BLOCKS) {
|
|
+ struct cil_tree_node *node = datum->nodes->head->data;
|
|
+ cil_tree_log(node, CIL_ERR, "Previous declaration");
|
|
+ }
|
|
}
|
|
+ goto exit;
|
|
}
|
|
- goto exit;
|
|
+ /* multiple_decls is enabled and works for this datum type, add node */
|
|
+ cil_list_append(prev->nodes, CIL_NODE, ast_node);
|
|
+ ast_node->data = prev;
|
|
+ cil_symtab_datum_destroy(datum);
|
|
+ free(datum);
|
|
}
|
|
}
|
|
|
|
@@ -4371,6 +4405,8 @@ int cil_gen_portcon(struct cil_db *db, struct cil_tree_node *parse_current, stru
|
|
portcon->proto = CIL_PROTOCOL_TCP;
|
|
} else if (proto == CIL_KEY_DCCP) {
|
|
portcon->proto = CIL_PROTOCOL_DCCP;
|
|
+ } else if (proto == CIL_KEY_SCTP) {
|
|
+ portcon->proto = CIL_PROTOCOL_SCTP;
|
|
} else {
|
|
cil_log(CIL_ERR, "Invalid protocol\n");
|
|
rc = SEPOL_ERR;
|
|
diff --git libsepol-2.7/cil/src/cil_internal.h libsepol-2.7/cil/src/cil_internal.h
|
|
index 6d6a7d9..6ff3228 100644
|
|
--- libsepol-2.7/cil/src/cil_internal.h
|
|
+++ libsepol-2.7/cil/src/cil_internal.h
|
|
@@ -103,6 +103,7 @@ char *CIL_KEY_STAR;
|
|
char *CIL_KEY_TCP;
|
|
char *CIL_KEY_UDP;
|
|
char *CIL_KEY_DCCP;
|
|
+char *CIL_KEY_SCTP;
|
|
char *CIL_KEY_AUDITALLOW;
|
|
char *CIL_KEY_TUNABLEIF;
|
|
char *CIL_KEY_ALLOW;
|
|
@@ -316,6 +317,7 @@ struct cil_db {
|
|
int preserve_tunables;
|
|
int handle_unknown;
|
|
int mls;
|
|
+ int multiple_decls;
|
|
int target_platform;
|
|
int policy_version;
|
|
};
|
|
@@ -530,6 +532,7 @@ struct cil_typeattribute {
|
|
struct cil_list *expr_list;
|
|
ebitmap_t *types;
|
|
int used; // whether or not this attribute was used in a binary policy rule
|
|
+ int keep;
|
|
};
|
|
|
|
struct cil_typeattributeset {
|
|
@@ -738,7 +741,8 @@ struct cil_filecon {
|
|
enum cil_protocol {
|
|
CIL_PROTOCOL_UDP = 1,
|
|
CIL_PROTOCOL_TCP,
|
|
- CIL_PROTOCOL_DCCP
|
|
+ CIL_PROTOCOL_DCCP,
|
|
+ CIL_PROTOCOL_SCTP
|
|
};
|
|
|
|
struct cil_ibpkeycon {
|
|
diff --git libsepol-2.7/cil/src/cil_policy.c libsepol-2.7/cil/src/cil_policy.c
|
|
index 729b6e0..5edab5e 100644
|
|
--- libsepol-2.7/cil/src/cil_policy.c
|
|
+++ libsepol-2.7/cil/src/cil_policy.c
|
|
@@ -775,7 +775,7 @@ static void cil_classes_to_policy(FILE *out, struct cil_list *classorder)
|
|
}
|
|
}
|
|
|
|
-static void cil_defaults_to_policy(FILE *out, struct cil_list *defaults, char *kind)
|
|
+static void cil_defaults_to_policy(FILE *out, struct cil_list *defaults, const char *kind)
|
|
{
|
|
struct cil_list_item *i1, *i2, *i3;
|
|
struct cil_default *def;
|
|
@@ -1085,7 +1085,7 @@ static void cil_typeattributes_to_policy(FILE *out, struct cil_list *types, stru
|
|
type = i1->data;
|
|
cil_list_for_each(i2, attributes) {
|
|
attribute = i2->data;
|
|
- if (!attribute->used)
|
|
+ if (!attribute->keep)
|
|
continue;
|
|
if (ebitmap_get_bit(attribute->types, type->value)) {
|
|
if (first) {
|
|
@@ -1757,6 +1757,8 @@ static void cil_portcons_to_policy(FILE *out, struct cil_sort *portcons, int mls
|
|
fprintf(out, "tcp ");
|
|
} else if (portcon->proto == CIL_PROTOCOL_DCCP) {
|
|
fprintf(out, "dccp ");
|
|
+ } else if (portcon->proto == CIL_PROTOCOL_SCTP) {
|
|
+ fprintf(out, "sctp ");
|
|
}
|
|
if (portcon->port_low == portcon->port_high) {
|
|
fprintf(out, "%d ", portcon->port_low);
|
|
diff --git libsepol-2.7/cil/src/cil_post.c libsepol-2.7/cil/src/cil_post.c
|
|
index ad073e8..a212245 100644
|
|
--- libsepol-2.7/cil/src/cil_post.c
|
|
+++ libsepol-2.7/cil/src/cil_post.c
|
|
@@ -1297,6 +1297,55 @@ static int cil_typeattribute_used(struct cil_typeattribute *attr, struct cil_db
|
|
return CIL_TRUE;
|
|
}
|
|
|
|
+static void __mark_neverallow_attrs(struct cil_list *expr_list)
|
|
+{
|
|
+ struct cil_list_item *curr;
|
|
+
|
|
+ cil_list_for_each(curr, expr_list) {
|
|
+ if (curr->flavor == CIL_DATUM) {
|
|
+ if (NODE(curr->data)->flavor == CIL_TYPEATTRIBUTE) {
|
|
+ struct cil_typeattribute *attr = curr->data;
|
|
+ if (strstr(DATUM(attr)->name, TYPEATTR_INFIX)) {
|
|
+ __mark_neverallow_attrs(attr->expr_list);
|
|
+ } else {
|
|
+ attr->used |= CIL_ATTR_NEVERALLOW;
|
|
+ }
|
|
+ }
|
|
+ } else if (curr->flavor == CIL_LIST) {
|
|
+ __mark_neverallow_attrs(curr->data);
|
|
+ }
|
|
+ }
|
|
+}
|
|
+
|
|
+static int __cil_post_db_neverallow_attr_helper(struct cil_tree_node *node, uint32_t *finished, __attribute__((unused)) void *extra_args)
|
|
+{
|
|
+ switch (node->flavor) {
|
|
+ case CIL_BLOCK: {
|
|
+ struct cil_block *blk = node->data;
|
|
+ if (blk->is_abstract == CIL_TRUE) {
|
|
+ *finished = CIL_TREE_SKIP_HEAD;
|
|
+ }
|
|
+ break;
|
|
+ }
|
|
+ case CIL_MACRO: {
|
|
+ *finished = CIL_TREE_SKIP_HEAD;
|
|
+ break;
|
|
+ }
|
|
+ case CIL_TYPEATTRIBUTE: {
|
|
+ struct cil_typeattribute *attr = node->data;
|
|
+ if ((attr->used & CIL_ATTR_NEVERALLOW) &&
|
|
+ strstr(DATUM(attr)->name, TYPEATTR_INFIX)) {
|
|
+ __mark_neverallow_attrs(attr->expr_list);
|
|
+ }
|
|
+ break;
|
|
+ }
|
|
+ default:
|
|
+ break;
|
|
+ }
|
|
+
|
|
+ return SEPOL_OK;
|
|
+}
|
|
+
|
|
static int __cil_post_db_attr_helper(struct cil_tree_node *node, uint32_t *finished, void *extra_args)
|
|
{
|
|
int rc = SEPOL_ERR;
|
|
@@ -1320,7 +1369,7 @@ static int __cil_post_db_attr_helper(struct cil_tree_node *node, uint32_t *finis
|
|
rc = __evaluate_type_expression(attr, db);
|
|
if (rc != SEPOL_OK) goto exit;
|
|
}
|
|
- attr->used = cil_typeattribute_used(attr, db);
|
|
+ attr->keep = cil_typeattribute_used(attr, db);
|
|
break;
|
|
}
|
|
case CIL_ROLEATTRIBUTE: {
|
|
@@ -2031,6 +2080,12 @@ static int cil_post_db(struct cil_db *db)
|
|
goto exit;
|
|
}
|
|
|
|
+ rc = cil_tree_walk(db->ast->root, __cil_post_db_neverallow_attr_helper, NULL, NULL, db);
|
|
+ if (rc != SEPOL_OK) {
|
|
+ cil_log(CIL_INFO, "Failed to mark attributes used by generated attributes used in neverallow rules\n");
|
|
+ goto exit;
|
|
+ }
|
|
+
|
|
rc = cil_tree_walk(db->ast->root, __cil_post_db_attr_helper, NULL, NULL, db);
|
|
if (rc != SEPOL_OK) {
|
|
cil_log(CIL_INFO, "Failed to create attribute bitmaps\n");
|
|
diff --git libsepol-2.7/cil/src/cil_reset_ast.c libsepol-2.7/cil/src/cil_reset_ast.c
|
|
index 8a13a1c..43e6b88 100644
|
|
--- libsepol-2.7/cil/src/cil_reset_ast.c
|
|
+++ libsepol-2.7/cil/src/cil_reset_ast.c
|
|
@@ -186,6 +186,7 @@ static void cil_reset_typeattr(struct cil_typeattribute *attr)
|
|
attr->expr_list = NULL;
|
|
}
|
|
attr->used = CIL_FALSE;
|
|
+ attr->keep = CIL_FALSE;
|
|
}
|
|
|
|
static void cil_reset_typeattributeset(struct cil_typeattributeset *tas)
|
|
diff --git libsepol-2.7/cil/src/cil_strpool.c libsepol-2.7/cil/src/cil_strpool.c
|
|
index b1396d2..97d4c4b 100644
|
|
--- libsepol-2.7/cil/src/cil_strpool.c
|
|
+++ libsepol-2.7/cil/src/cil_strpool.c
|
|
@@ -119,6 +119,7 @@ void cil_strpool_destroy(void)
|
|
if (cil_strpool_readers == 0) {
|
|
hashtab_map(cil_strpool_tab, cil_strpool_entry_destroy, NULL);
|
|
hashtab_destroy(cil_strpool_tab);
|
|
+ cil_strpool_tab = NULL;
|
|
}
|
|
pthread_mutex_unlock(&cil_strpool_mutex);
|
|
}
|
|
diff --git libsepol-2.7/cil/src/cil_tree.c libsepol-2.7/cil/src/cil_tree.c
|
|
index d36401b..2abbb96 100644
|
|
--- libsepol-2.7/cil/src/cil_tree.c
|
|
+++ libsepol-2.7/cil/src/cil_tree.c
|
|
@@ -503,15 +503,19 @@ exit:
|
|
void cil_tree_print_expr(struct cil_list *datum_expr, struct cil_list *str_expr)
|
|
{
|
|
char *expr_str;
|
|
+ int rc;
|
|
|
|
cil_log(CIL_INFO, "(");
|
|
|
|
if (datum_expr != NULL) {
|
|
- cil_expr_to_string(datum_expr, &expr_str);
|
|
+ rc = cil_expr_to_string(datum_expr, &expr_str);
|
|
} else {
|
|
- cil_expr_to_string(str_expr, &expr_str);
|
|
+ rc = cil_expr_to_string(str_expr, &expr_str);
|
|
+ }
|
|
+ if (rc < 0) {
|
|
+ cil_log(CIL_INFO, "ERROR)");
|
|
+ return;
|
|
}
|
|
-
|
|
cil_log(CIL_INFO, "%s)", expr_str);
|
|
free(expr_str);
|
|
}
|
|
@@ -1432,6 +1436,8 @@ void cil_tree_print_node(struct cil_tree_node *node)
|
|
cil_log(CIL_INFO, " tcp");
|
|
} else if (portcon->proto == CIL_PROTOCOL_DCCP) {
|
|
cil_log(CIL_INFO, " dccp");
|
|
+ } else if (portcon->proto == CIL_PROTOCOL_SCTP) {
|
|
+ cil_log(CIL_INFO, " sctp");
|
|
}
|
|
cil_log(CIL_INFO, " (%d %d)", portcon->port_low, portcon->port_high);
|
|
|
|
diff --git libsepol-2.7/include/Makefile libsepol-2.7/include/Makefile
|
|
index 56b7a11..1ad4eca 100644
|
|
--- libsepol-2.7/include/Makefile
|
|
+++ libsepol-2.7/include/Makefile
|
|
@@ -1,17 +1,17 @@
|
|
# Installation directories.
|
|
-PREFIX ?= $(DESTDIR)/usr
|
|
-INCDIR ?= $(PREFIX)/include/sepol
|
|
+PREFIX ?= /usr
|
|
+INCDIR = $(PREFIX)/include/sepol
|
|
CILDIR ?= ../cil
|
|
|
|
all:
|
|
|
|
install: all
|
|
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
|
|
- test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb
|
|
- test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil
|
|
- install -m 644 $(wildcard sepol/*.h) $(INCDIR)
|
|
- install -m 644 $(wildcard sepol/policydb/*.h) $(INCDIR)/policydb
|
|
- install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(INCDIR)/cil
|
|
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR)
|
|
+ test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755 -d $(DESTDIR)$(INCDIR)/policydb
|
|
+ test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d $(DESTDIR)$(INCDIR)/cil
|
|
+ install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR)
|
|
+ install -m 644 $(wildcard sepol/policydb/*.h) $(DESTDIR)$(INCDIR)/policydb
|
|
+ install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(DESTDIR)$(INCDIR)/cil
|
|
|
|
indent:
|
|
../../scripts/Lindent $(wildcard sepol/*.h)
|
|
diff --git libsepol-2.7/include/sepol/policydb/avtab.h libsepol-2.7/include/sepol/policydb/avtab.h
|
|
index 958848e..10ecde9 100644
|
|
--- libsepol-2.7/include/sepol/policydb/avtab.h
|
|
+++ libsepol-2.7/include/sepol/policydb/avtab.h
|
|
@@ -1,5 +1,5 @@
|
|
|
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
|
|
|
/*
|
|
* Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
|
|
diff --git libsepol-2.7/include/sepol/policydb/constraint.h libsepol-2.7/include/sepol/policydb/constraint.h
|
|
index 927bdc0..b91fc4e 100644
|
|
--- libsepol-2.7/include/sepol/policydb/constraint.h
|
|
+++ libsepol-2.7/include/sepol/policydb/constraint.h
|
|
@@ -1,4 +1,4 @@
|
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
|
|
|
/* FLASK */
|
|
|
|
diff --git libsepol-2.7/include/sepol/policydb/context.h libsepol-2.7/include/sepol/policydb/context.h
|
|
index 2eaa686..c27c334 100644
|
|
--- libsepol-2.7/include/sepol/policydb/context.h
|
|
+++ libsepol-2.7/include/sepol/policydb/context.h
|
|
@@ -1,4 +1,4 @@
|
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
|
|
|
/* FLASK */
|
|
|
|
diff --git libsepol-2.7/include/sepol/policydb/ebitmap.h libsepol-2.7/include/sepol/policydb/ebitmap.h
|
|
index e90371e..94fb7ef 100644
|
|
--- libsepol-2.7/include/sepol/policydb/ebitmap.h
|
|
+++ libsepol-2.7/include/sepol/policydb/ebitmap.h
|
|
@@ -1,4 +1,4 @@
|
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
|
|
|
/* FLASK */
|
|
|
|
diff --git libsepol-2.7/include/sepol/policydb/flask_types.h libsepol-2.7/include/sepol/policydb/flask_types.h
|
|
index e01669c..714176f 100644
|
|
--- libsepol-2.7/include/sepol/policydb/flask_types.h
|
|
+++ libsepol-2.7/include/sepol/policydb/flask_types.h
|
|
@@ -1,7 +1,7 @@
|
|
/* -*- linux-c -*- */
|
|
|
|
/*
|
|
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
|
|
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
|
|
*/
|
|
|
|
#ifndef _SEPOL_POLICYDB_FLASK_TYPES_H_
|
|
diff --git libsepol-2.7/include/sepol/policydb/hashtab.h libsepol-2.7/include/sepol/policydb/hashtab.h
|
|
index ae5674a..ef1bb67 100644
|
|
--- libsepol-2.7/include/sepol/policydb/hashtab.h
|
|
+++ libsepol-2.7/include/sepol/policydb/hashtab.h
|
|
@@ -1,4 +1,4 @@
|
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
|
|
|
/* FLASK */
|
|
|
|
diff --git libsepol-2.7/include/sepol/policydb/mls_types.h libsepol-2.7/include/sepol/policydb/mls_types.h
|
|
index 568386c..a06723b 100644
|
|
--- libsepol-2.7/include/sepol/policydb/mls_types.h
|
|
+++ libsepol-2.7/include/sepol/policydb/mls_types.h
|
|
@@ -1,4 +1,4 @@
|
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
|
/*
|
|
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
|
|
*
|
|
diff --git libsepol-2.7/include/sepol/policydb/policydb.h libsepol-2.7/include/sepol/policydb/policydb.h
|
|
index 1b2d782..f8626ef 100644
|
|
--- libsepol-2.7/include/sepol/policydb/policydb.h
|
|
+++ libsepol-2.7/include/sepol/policydb/policydb.h
|
|
@@ -1,4 +1,4 @@
|
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
|
|
|
/*
|
|
* Updated: Joshua Brindle <jbrindle@tresys.com>
|
|
diff --git libsepol-2.7/include/sepol/policydb/services.h libsepol-2.7/include/sepol/policydb/services.h
|
|
index efdf7de..6ef27a8 100644
|
|
--- libsepol-2.7/include/sepol/policydb/services.h
|
|
+++ libsepol-2.7/include/sepol/policydb/services.h
|
|
@@ -2,7 +2,7 @@
|
|
/* -*- linux-c -*- */
|
|
|
|
/*
|
|
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
|
|
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
|
|
*/
|
|
|
|
#ifndef _SEPOL_POLICYDB_SERVICES_H_
|
|
diff --git libsepol-2.7/include/sepol/policydb/sidtab.h libsepol-2.7/include/sepol/policydb/sidtab.h
|
|
index 2df1a50..893e6f0 100644
|
|
--- libsepol-2.7/include/sepol/policydb/sidtab.h
|
|
+++ libsepol-2.7/include/sepol/policydb/sidtab.h
|
|
@@ -1,4 +1,4 @@
|
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
|
|
|
/* FLASK */
|
|
|
|
diff --git libsepol-2.7/include/sepol/policydb/symtab.h libsepol-2.7/include/sepol/policydb/symtab.h
|
|
index 68b5ad4..8b9ddca 100644
|
|
--- libsepol-2.7/include/sepol/policydb/symtab.h
|
|
+++ libsepol-2.7/include/sepol/policydb/symtab.h
|
|
@@ -1,5 +1,5 @@
|
|
|
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
|
|
|
/* FLASK */
|
|
|
|
diff --git libsepol-2.7/include/sepol/port_record.h libsepol-2.7/include/sepol/port_record.h
|
|
index df04ea0..77149cf 100644
|
|
--- libsepol-2.7/include/sepol/port_record.h
|
|
+++ libsepol-2.7/include/sepol/port_record.h
|
|
@@ -16,6 +16,7 @@ typedef struct sepol_port_key sepol_port_key_t;
|
|
#define SEPOL_PROTO_UDP 0
|
|
#define SEPOL_PROTO_TCP 1
|
|
#define SEPOL_PROTO_DCCP 2
|
|
+#define SEPOL_PROTO_SCTP 3
|
|
|
|
/* Key */
|
|
extern int sepol_port_compare(const sepol_port_t * port,
|
|
diff --git libsepol-2.7/man/Makefile libsepol-2.7/man/Makefile
|
|
index 1192433..9b75454 100644
|
|
--- libsepol-2.7/man/Makefile
|
|
+++ libsepol-2.7/man/Makefile
|
|
@@ -1,12 +1,13 @@
|
|
# Installation directories.
|
|
-MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
|
|
-MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
|
|
+PREFIX ?= /usr
|
|
+MAN8DIR ?= $(PREFIX)/share/man/man8
|
|
+MAN3DIR ?= $(PREFIX)/share/man/man3
|
|
|
|
all:
|
|
|
|
install: all
|
|
- mkdir -p $(MAN3DIR)
|
|
- mkdir -p $(MAN8DIR)
|
|
- install -m 644 man3/*.3 $(MAN3DIR)
|
|
- install -m 644 man8/*.8 $(MAN8DIR)
|
|
+ mkdir -p $(DESTDIR)$(MAN3DIR)
|
|
+ mkdir -p $(DESTDIR)$(MAN8DIR)
|
|
+ install -m 644 man3/*.3 $(DESTDIR)$(MAN3DIR)
|
|
+ install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR)
|
|
|
|
diff --git libsepol-2.7/man/man3/sepol_genbools.3 libsepol-2.7/man/man3/sepol_genbools.3
|
|
index dcfb69d..5363383 100644
|
|
--- libsepol-2.7/man/man3/sepol_genbools.3
|
|
+++ libsepol-2.7/man/man3/sepol_genbools.3
|
|
@@ -1,4 +1,4 @@
|
|
-.TH "sepol_genbools" "3" "11 August 2004" "sds@epoch.ncsc.mil" "SE Linux binary policy API documentation"
|
|
+.TH "sepol_genbools" "3" "11 August 2004" "sds@tycho.nsa.gov" "SE Linux binary policy API documentation"
|
|
.SH "NAME"
|
|
sepol_genbools \- Rewrite a binary policy with different boolean settings
|
|
.SH "SYNOPSIS"
|
|
diff --git libsepol-2.7/man/man8/genpolbools.8 libsepol-2.7/man/man8/genpolbools.8
|
|
index afeaced..fc792c8 100644
|
|
--- libsepol-2.7/man/man8/genpolbools.8
|
|
+++ libsepol-2.7/man/man8/genpolbools.8
|
|
@@ -1,4 +1,4 @@
|
|
-.TH "genpolbools" "8" "11 August 2004" "sds@epoch.ncsc.mil" "SELinux Command Line documentation"
|
|
+.TH "genpolbools" "8" "11 August 2004" "sds@tycho.nsa.gov" "SELinux Command Line documentation"
|
|
.SH "NAME"
|
|
genpolbools \- Rewrite a binary policy with different boolean settings
|
|
.SH "SYNOPSIS"
|
|
diff --git libsepol-2.7/src/Makefile libsepol-2.7/src/Makefile
|
|
index 819d261..ccb7023 100644
|
|
--- libsepol-2.7/src/Makefile
|
|
+++ libsepol-2.7/src/Makefile
|
|
@@ -1,10 +1,9 @@
|
|
# Installation directories.
|
|
-PREFIX ?= $(DESTDIR)/usr
|
|
+PREFIX ?= /usr
|
|
INCLUDEDIR ?= $(PREFIX)/include
|
|
LIBDIR ?= $(PREFIX)/lib
|
|
-SHLIBDIR ?= $(DESTDIR)/lib
|
|
+SHLIBDIR ?= /lib
|
|
RANLIB ?= ranlib
|
|
-LIBBASE ?= $(shell basename $(LIBDIR))
|
|
CILDIR ?= ../cil
|
|
|
|
VERSION = $(shell cat ../VERSION)
|
|
@@ -52,7 +51,7 @@ $(LIBSO): $(LOBJS) $(LIBMAP)
|
|
ln -sf $@ $(TARGET)
|
|
|
|
$(LIBPC): $(LIBPC).in ../VERSION
|
|
- sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
|
|
+ sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
|
|
|
|
$(LIBMAP): $(LIBMAP).in
|
|
ifneq ($(DISABLE_CIL),y)
|
|
@@ -80,16 +79,16 @@ endif
|
|
$(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
|
|
|
|
install: all
|
|
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
|
|
- install -m 644 $(LIBA) $(LIBDIR)
|
|
- test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
|
|
- install -m 755 $(LIBSO) $(SHLIBDIR)
|
|
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
|
|
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
|
|
- $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
|
|
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
|
|
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
|
|
+ test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR)
|
|
+ install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
|
|
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig
|
|
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
|
|
+ $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
|
|
|
|
relabel:
|
|
- /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
|
|
+ /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
|
|
|
|
clean:
|
|
-rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(TARGET) $(CIL_GENERATED)
|
|
diff --git libsepol-2.7/src/avtab.c libsepol-2.7/src/avtab.c
|
|
index 3854d6f..257f051 100644
|
|
--- libsepol-2.7/src/avtab.c
|
|
+++ libsepol-2.7/src/avtab.c
|
|
@@ -1,5 +1,5 @@
|
|
|
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
|
|
|
/*
|
|
* Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
|
|
diff --git libsepol-2.7/src/booleans.c libsepol-2.7/src/booleans.c
|
|
index c914a28..30fcf29 100644
|
|
--- libsepol-2.7/src/booleans.c
|
|
+++ libsepol-2.7/src/booleans.c
|
|
@@ -155,6 +155,7 @@ int sepol_bool_query(sepol_handle_t * handle,
|
|
booldatum = hashtab_search(policydb->p_bools.table, name);
|
|
if (!booldatum) {
|
|
*response = NULL;
|
|
+ free(name);
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
diff --git libsepol-2.7/src/ebitmap.c libsepol-2.7/src/ebitmap.c
|
|
index 218adc2..76e6e41 100644
|
|
--- libsepol-2.7/src/ebitmap.c
|
|
+++ libsepol-2.7/src/ebitmap.c
|
|
@@ -1,5 +1,5 @@
|
|
|
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
|
|
|
/* FLASK */
|
|
|
|
diff --git libsepol-2.7/src/hashtab.c libsepol-2.7/src/hashtab.c
|
|
index ec49c15..f5407ab 100644
|
|
--- libsepol-2.7/src/hashtab.c
|
|
+++ libsepol-2.7/src/hashtab.c
|
|
@@ -1,5 +1,5 @@
|
|
|
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
|
|
|
/*
|
|
* Updated : Karl MacMillan <kmacmillan@mentalrootkit.com>
|
|
diff --git libsepol-2.7/src/ibendport_record.c libsepol-2.7/src/ibendport_record.c
|
|
index 912aeb5..bc56f09 100644
|
|
--- libsepol-2.7/src/ibendport_record.c
|
|
+++ libsepol-2.7/src/ibendport_record.c
|
|
@@ -32,14 +32,11 @@ struct sepol_ibendport_key {
|
|
int sepol_ibendport_alloc_ibdev_name(sepol_handle_t *handle,
|
|
char **ibdev_name)
|
|
{
|
|
- char *tmp_ibdev_name = NULL;
|
|
-
|
|
- tmp_ibdev_name = calloc(1, IB_DEVICE_NAME_MAX);
|
|
+ *ibdev_name = calloc(1, IB_DEVICE_NAME_MAX);
|
|
|
|
- if (!tmp_ibdev_name)
|
|
+ if (!*ibdev_name)
|
|
goto omem;
|
|
|
|
- *ibdev_name = tmp_ibdev_name;
|
|
return STATUS_SUCCESS;
|
|
|
|
omem:
|
|
diff --git libsepol-2.7/src/kernel_to_cil.c libsepol-2.7/src/kernel_to_cil.c
|
|
index f1905a9..b1eb66d 100644
|
|
--- libsepol-2.7/src/kernel_to_cil.c
|
|
+++ libsepol-2.7/src/kernel_to_cil.c
|
|
@@ -12,6 +12,9 @@
|
|
#ifndef IPPROTO_DCCP
|
|
#define IPPROTO_DCCP 33
|
|
#endif
|
|
+#ifndef IPPROTO_SCTP
|
|
+#define IPPROTO_SCTP 132
|
|
+#endif
|
|
|
|
#include <sepol/policydb/avtab.h>
|
|
#include <sepol/policydb/conditional.h>
|
|
@@ -2631,6 +2634,7 @@ static int write_selinux_port_rules_to_cil(FILE *out, struct policydb *pdb)
|
|
case IPPROTO_TCP: protocol = "tcp"; break;
|
|
case IPPROTO_UDP: protocol = "udp"; break;
|
|
case IPPROTO_DCCP: protocol = "dccp"; break;
|
|
+ case IPPROTO_SCTP: protocol = "sctp"; break;
|
|
default:
|
|
sepol_log_err("Unknown portcon protocol: %i", portcon->u.port.protocol);
|
|
rc = -1;
|
|
@@ -2788,7 +2792,7 @@ static int write_selinux_ibpkey_rules_to_cil(FILE *out, struct policydb *pdb)
|
|
{
|
|
struct ocontext *ibpkeycon;
|
|
char subnet_prefix_str[INET6_ADDRSTRLEN];
|
|
- struct in6_addr subnet_prefix = {0};
|
|
+ struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT;
|
|
uint16_t low;
|
|
uint16_t high;
|
|
char low_high_str[44]; /* 2^64 <= 20 digits so "(low high)" <= 44 chars */
|
|
diff --git libsepol-2.7/src/kernel_to_common.c libsepol-2.7/src/kernel_to_common.c
|
|
index 01ffc8f..342bc3c 100644
|
|
--- libsepol-2.7/src/kernel_to_common.c
|
|
+++ libsepol-2.7/src/kernel_to_common.c
|
|
@@ -10,6 +10,9 @@
|
|
#ifndef IPPROTO_DCCP
|
|
#define IPPROTO_DCCP 33
|
|
#endif
|
|
+#ifndef IPPROTO_SCTP
|
|
+#define IPPROTO_SCTP 132
|
|
+#endif
|
|
|
|
#include <sepol/policydb/ebitmap.h>
|
|
#include <sepol/policydb/hashtab.h>
|
|
diff --git libsepol-2.7/src/kernel_to_conf.c libsepol-2.7/src/kernel_to_conf.c
|
|
index a74873f..9540520 100644
|
|
--- libsepol-2.7/src/kernel_to_conf.c
|
|
+++ libsepol-2.7/src/kernel_to_conf.c
|
|
@@ -11,6 +11,9 @@
|
|
#ifndef IPPROTO_DCCP
|
|
#define IPPROTO_DCCP 33
|
|
#endif
|
|
+#ifndef IPPROTO_SCTP
|
|
+#define IPPROTO_SCTP 132
|
|
+#endif
|
|
|
|
#include <sepol/policydb/avtab.h>
|
|
#include <sepol/policydb/conditional.h>
|
|
@@ -2491,6 +2494,7 @@ static int write_selinux_port_rules_to_conf(FILE *out, struct policydb *pdb)
|
|
case IPPROTO_TCP: protocol = "tcp"; break;
|
|
case IPPROTO_UDP: protocol = "udp"; break;
|
|
case IPPROTO_DCCP: protocol = "dccp"; break;
|
|
+ case IPPROTO_SCTP: protocol = "sctp"; break;
|
|
default:
|
|
sepol_log_err("Unknown portcon protocol: %i", portcon->u.port.protocol);
|
|
rc = -1;
|
|
@@ -2649,7 +2653,7 @@ static int write_selinux_ibpkey_rules_to_conf(FILE *out, struct policydb *pdb)
|
|
{
|
|
struct ocontext *ibpkeycon;
|
|
char subnet_prefix_str[INET6_ADDRSTRLEN];
|
|
- struct in6_addr subnet_prefix = {0};
|
|
+ struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT;
|
|
uint16_t low;
|
|
uint16_t high;
|
|
char low_high_str[44]; /* 2^64 <= 20 digits so "low-high" <= 44 chars */
|
|
diff --git libsepol-2.7/src/libsepol.map.in libsepol-2.7/src/libsepol.map.in
|
|
index dd1fec2..d879016 100644
|
|
--- libsepol-2.7/src/libsepol.map.in
|
|
+++ libsepol-2.7/src/libsepol.map.in
|
|
@@ -49,10 +49,13 @@ LIBSEPOL_1.1 {
|
|
cil_set_mls;
|
|
cil_set_attrs_expand_generated;
|
|
cil_set_attrs_expand_size;
|
|
+ cil_set_multiple_decls;
|
|
cil_write_policy_conf;
|
|
sepol_ppfile_to_module_package;
|
|
sepol_module_package_to_cil;
|
|
sepol_module_policydb_to_cil;
|
|
sepol_kernel_policydb_to_cil;
|
|
sepol_kernel_policydb_to_conf;
|
|
+ sepol_polcap_getnum;
|
|
+ sepol_polcap_getname;
|
|
} LIBSEPOL_1.0;
|
|
diff --git libsepol-2.7/src/libsepol.pc.in libsepol-2.7/src/libsepol.pc.in
|
|
index e52f589..f807fec 100644
|
|
--- libsepol-2.7/src/libsepol.pc.in
|
|
+++ libsepol-2.7/src/libsepol.pc.in
|
|
@@ -1,6 +1,6 @@
|
|
prefix=@prefix@
|
|
exec_prefix=${prefix}
|
|
-libdir=${exec_prefix}/@libdir@
|
|
+libdir=@libdir@
|
|
includedir=@includedir@
|
|
|
|
Name: libsepol
|
|
diff --git libsepol-2.7/src/mls.c libsepol-2.7/src/mls.c
|
|
index be85475..bf1fdbd 100644
|
|
--- libsepol-2.7/src/mls.c
|
|
+++ libsepol-2.7/src/mls.c
|
|
@@ -1,4 +1,4 @@
|
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
|
/*
|
|
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
|
|
*
|
|
diff --git libsepol-2.7/src/mls.h libsepol-2.7/src/mls.h
|
|
index 98da3d3..5ca3cd5 100644
|
|
--- libsepol-2.7/src/mls.h
|
|
+++ libsepol-2.7/src/mls.h
|
|
@@ -1,4 +1,4 @@
|
|
-/* Author: Stephen Smalley, <sds@epoch.ncsc.mil>
|
|
+/* Author: Stephen Smalley, <sds@tycho.nsa.gov>
|
|
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
|
|
*
|
|
* Support for enhanced MLS infrastructure.
|
|
diff --git libsepol-2.7/src/module_to_cil.c libsepol-2.7/src/module_to_cil.c
|
|
index 619a48f..5b8ed19 100644
|
|
--- libsepol-2.7/src/module_to_cil.c
|
|
+++ libsepol-2.7/src/module_to_cil.c
|
|
@@ -30,6 +30,9 @@
|
|
#ifndef IPPROTO_DCCP
|
|
#define IPPROTO_DCCP 33
|
|
#endif
|
|
+#ifndef IPPROTO_SCTP
|
|
+#define IPPROTO_SCTP 132
|
|
+#endif
|
|
#include <signal.h>
|
|
#include <stdarg.h>
|
|
#include <stdio.h>
|
|
@@ -2656,6 +2659,7 @@ static int ocontext_selinux_port_to_cil(struct policydb *pdb, struct ocontext *p
|
|
case IPPROTO_TCP: protocol = "tcp"; break;
|
|
case IPPROTO_UDP: protocol = "udp"; break;
|
|
case IPPROTO_DCCP: protocol = "dccp"; break;
|
|
+ case IPPROTO_SCTP: protocol = "sctp"; break;
|
|
default:
|
|
log_err("Unknown portcon protocol: %i", portcon->u.port.protocol);
|
|
rc = -1;
|
|
@@ -2687,7 +2691,7 @@ static int ocontext_selinux_ibpkey_to_cil(struct policydb *pdb,
|
|
int rc = -1;
|
|
struct ocontext *ibpkeycon;
|
|
char subnet_prefix_str[INET6_ADDRSTRLEN];
|
|
- struct in6_addr subnet_prefix = {0};
|
|
+ struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT;
|
|
uint16_t high;
|
|
uint16_t low;
|
|
|
|
diff --git libsepol-2.7/src/policydb.c libsepol-2.7/src/policydb.c
|
|
index 691101e..c752123 100644
|
|
--- libsepol-2.7/src/policydb.c
|
|
+++ libsepol-2.7/src/policydb.c
|
|
@@ -1,5 +1,5 @@
|
|
|
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
|
|
|
/*
|
|
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
|
|
@@ -1420,6 +1420,8 @@ void ocontext_selinux_free(ocontext_t **ocontexts)
|
|
if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF
|
|
|| i == OCON_FSUSE)
|
|
free(ctmp->u.name);
|
|
+ else if (i == OCON_IBENDPORT)
|
|
+ free(ctmp->u.ibendport.dev_name);
|
|
free(ctmp);
|
|
}
|
|
}
|
|
diff --git libsepol-2.7/src/port_record.c libsepol-2.7/src/port_record.c
|
|
index ed9093b..15fb198 100644
|
|
--- libsepol-2.7/src/port_record.c
|
|
+++ libsepol-2.7/src/port_record.c
|
|
@@ -186,6 +186,8 @@ const char *sepol_port_get_proto_str(int proto)
|
|
return "tcp";
|
|
case SEPOL_PROTO_DCCP:
|
|
return "dccp";
|
|
+ case SEPOL_PROTO_SCTP:
|
|
+ return "sctp";
|
|
default:
|
|
return "???";
|
|
}
|
|
diff --git libsepol-2.7/src/ports.c libsepol-2.7/src/ports.c
|
|
index 62ec602..cc55863 100644
|
|
--- libsepol-2.7/src/ports.c
|
|
+++ libsepol-2.7/src/ports.c
|
|
@@ -2,6 +2,9 @@
|
|
#ifndef IPPROTO_DCCP
|
|
#define IPPROTO_DCCP 33
|
|
#endif
|
|
+#ifndef IPPROTO_SCTP
|
|
+#define IPPROTO_SCTP 132
|
|
+#endif
|
|
#include <stdlib.h>
|
|
|
|
#include "debug.h"
|
|
@@ -21,6 +24,8 @@ static inline int sepol2ipproto(sepol_handle_t * handle, int proto)
|
|
return IPPROTO_UDP;
|
|
case SEPOL_PROTO_DCCP:
|
|
return IPPROTO_DCCP;
|
|
+ case SEPOL_PROTO_SCTP:
|
|
+ return IPPROTO_SCTP;
|
|
default:
|
|
ERR(handle, "unsupported protocol %u", proto);
|
|
return STATUS_ERR;
|
|
@@ -37,6 +42,8 @@ static inline int ipproto2sepol(sepol_handle_t * handle, int proto)
|
|
return SEPOL_PROTO_UDP;
|
|
case IPPROTO_DCCP:
|
|
return SEPOL_PROTO_DCCP;
|
|
+ case IPPROTO_SCTP:
|
|
+ return SEPOL_PROTO_SCTP;
|
|
default:
|
|
ERR(handle, "invalid protocol %u " "found in policy", proto);
|
|
return STATUS_ERR;
|
|
diff --git libsepol-2.7/src/services.c libsepol-2.7/src/services.c
|
|
index 10338a6..d40793e 100644
|
|
--- libsepol-2.7/src/services.c
|
|
+++ libsepol-2.7/src/services.c
|
|
@@ -1,6 +1,6 @@
|
|
|
|
/*
|
|
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
|
|
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
|
|
*/
|
|
/*
|
|
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
|
|
diff --git libsepol-2.7/src/sidtab.c libsepol-2.7/src/sidtab.c
|
|
index 5bd7999..23b2e8f 100644
|
|
--- libsepol-2.7/src/sidtab.c
|
|
+++ libsepol-2.7/src/sidtab.c
|
|
@@ -1,5 +1,5 @@
|
|
|
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
|
|
|
/* FLASK */
|
|
|
|
diff --git libsepol-2.7/src/symtab.c libsepol-2.7/src/symtab.c
|
|
index c1e625d..9a417ca 100644
|
|
--- libsepol-2.7/src/symtab.c
|
|
+++ libsepol-2.7/src/symtab.c
|
|
@@ -1,5 +1,5 @@
|
|
|
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
|
|
|
/* FLASK */
|
|
|
|
diff --git libsepol-2.7/src/write.c libsepol-2.7/src/write.c
|
|
index e486e28..1fb3095 100644
|
|
--- libsepol-2.7/src/write.c
|
|
+++ libsepol-2.7/src/write.c
|
|
@@ -1,5 +1,5 @@
|
|
|
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
|
|
|
/*
|
|
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
|
|
diff --git libsepol-2.7/utils/Makefile libsepol-2.7/utils/Makefile
|
|
index fba1d8a..31932c1 100644
|
|
--- libsepol-2.7/utils/Makefile
|
|
+++ libsepol-2.7/utils/Makefile
|
|
@@ -1,5 +1,5 @@
|
|
# Installation directories.
|
|
-PREFIX ?= $(DESTDIR)/usr
|
|
+PREFIX ?= /usr
|
|
BINDIR ?= $(PREFIX)/bin
|
|
|
|
CFLAGS ?= -Wall -Werror
|
|
@@ -12,8 +12,8 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
|
|
all: $(TARGETS)
|
|
|
|
install: all
|
|
- -mkdir -p $(BINDIR)
|
|
- install -m 755 $(TARGETS) $(BINDIR)
|
|
+ -mkdir -p $(DESTDIR)$(BINDIR)
|
|
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
|
|
|
|
clean:
|
|
-rm -f $(TARGETS) *.o
|