From 287067263c0e6f124e04ee5a93f70e65d768b3de Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Mon, 23 Jul 2018 15:55:34 +0200
Subject: [PATCH] Improve 0004-Add-support-for-SCTP-protocol.patch

The previous version was missing some definitions of IPPROTO_SCTP
and IPPROTO_DCCP, which caused policy.info(policy.PORT) to fail when the
policy contained SCTP or DCCP portcon definitions.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1568333
---
 0004-Add-support-for-SCTP-protocol.patch | 93 +++++++++++++++++++++---
 1 file changed, 84 insertions(+), 9 deletions(-)

diff --git a/0004-Add-support-for-SCTP-protocol.patch b/0004-Add-support-for-SCTP-protocol.patch
index 4223a46..f8e149b 100644
--- a/0004-Add-support-for-SCTP-protocol.patch
+++ b/0004-Add-support-for-SCTP-protocol.patch
@@ -1,4 +1,4 @@
-From 3ef6369a22691e8e11cbf63f37b114941b3577a1 Mon Sep 17 00:00:00 2001
+From 5b08107d3f336e44e43fa3383b409a4cb1e963ed Mon Sep 17 00:00:00 2001
 From: Vit Mojzis <vmojzis@redhat.com>
 Date: Mon, 16 Apr 2018 20:46:20 +0200
 Subject: [PATCH] Add support for SCTP protocol
@@ -7,11 +7,14 @@ Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1568333
 
 Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
 ---
- libqpol/include/qpol/linux_types.h |  1 +
- libqpol/policy_define.c            |  5 +++++
- setools/perm_map                   | 30 ++++++++++++++++++++++++++++++
- setools/policyrep/netcontext.py    |  5 +++++
- 4 files changed, 41 insertions(+)
+ libqpol/include/qpol/linux_types.h   |  1 +
+ libqpol/include/qpol/portcon_query.h |  7 +++++++
+ libqpol/policy_define.c              |  5 +++++
+ setools/perm_map                     | 30 ++++++++++++++++++++++++++++++
+ setools/policyrep/netcontext.py      |  5 +++++
+ setools/policyrep/qpol.i             |  2 ++
+ setools/portconquery.py              | 17 ++++++++++++++---
+ 7 files changed, 64 insertions(+), 3 deletions(-)
 
 diff --git a/libqpol/include/qpol/linux_types.h b/libqpol/include/qpol/linux_types.h
 index c3c056b..0985162 100644
@@ -25,6 +28,24 @@ index c3c056b..0985162 100644
  #endif
  
  #endif
+diff --git a/libqpol/include/qpol/portcon_query.h b/libqpol/include/qpol/portcon_query.h
+index 63210fe..61b9dd3 100644
+--- a/libqpol/include/qpol/portcon_query.h
++++ b/libqpol/include/qpol/portcon_query.h
+@@ -37,6 +37,13 @@ extern "C"
+ #include <qpol/iterator.h>
+ #include <qpol/policy.h>
+ 
++#ifndef IPPROTO_DCCP
++#define IPPROTO_DCCP 33
++#endif
++#ifndef IPPROTO_SCTP
++#define IPPROTO_SCTP 132
++#endif
++
+ 	typedef struct qpol_portcon qpol_portcon_t;
+ 
+ /**
 diff --git a/libqpol/policy_define.c b/libqpol/policy_define.c
 index dcc69fc..1e623a3 100644
 --- a/libqpol/policy_define.c
@@ -104,10 +125,10 @@ index 0a9f91c..25fae09 100644
  class packet_socket 22
                append         w        10
 diff --git a/setools/policyrep/netcontext.py b/setools/policyrep/netcontext.py
-index c7076d2..2d890f3 100644
+index 9a01fc5..630b42c 100644
 --- a/setools/policyrep/netcontext.py
 +++ b/setools/policyrep/netcontext.py
-@@ -38,6 +38,10 @@ try:
+@@ -35,6 +35,10 @@ try:
      IPPROTO_DCCP = getprotobyname("dccp")
  except socket.error:
      IPPROTO_DCCP = 33
@@ -118,7 +139,7 @@ index c7076d2..2d890f3 100644
  
  
  def netifcon_factory(policy, name):
-@@ -196,6 +200,7 @@ class PortconProtocol(int, PolicyEnum):
+@@ -161,6 +165,7 @@ class PortconProtocol(int, PolicyEnum):
      tcp = IPPROTO_TCP
      udp = IPPROTO_UDP
      dccp = IPPROTO_DCCP
@@ -126,6 +147,60 @@ index c7076d2..2d890f3 100644
  
  
  class Portcon(NetContext):
+diff --git a/setools/policyrep/qpol.i b/setools/policyrep/qpol.i
+index ecd6957..9c29619 100644
+--- a/setools/policyrep/qpol.i
++++ b/setools/policyrep/qpol.i
+@@ -2280,6 +2280,8 @@ typedef struct qpol_nodecon {} qpol_nodecon_t;
+ /* from netinet/in.h */
+ #define IPPROTO_TCP 6
+ #define IPPROTO_UDP 17
++#define IPPROTO_DCCP 33
++#define IPPROTO_SCTP 132
+ typedef struct qpol_portcon {} qpol_portcon_t;
+ %extend qpol_portcon {
+     qpol_portcon(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) {
+diff --git a/setools/portconquery.py b/setools/portconquery.py
+index 896e00d..1fe3674 100644
+--- a/setools/portconquery.py
++++ b/setools/portconquery.py
+@@ -17,14 +17,24 @@
+ # <http://www.gnu.org/licenses/>.
+ #
+ import logging
+-from socket import IPPROTO_TCP, IPPROTO_UDP
++from socket import IPPROTO_TCP, IPPROTO_UDP, getprotobyname
++
++# Python does not have a constant
++# for the DCCP protocol.
++try:
++    IPPROTO_DCCP = getprotobyname("dccp")
++except socket.error:
++    IPPROTO_DCCP = 33
++try:
++    IPPROTO_SCTP = getprotobyname("sctp")
++except socket.error:
++    IPPROTO_SCTP = 132
+ 
+ from .mixins import MatchContext
+ from .query import PolicyQuery
+ from .policyrep import PortconRange, PortconProtocol
+ from .util import match_range
+ 
+-
+ class PortconQuery(MatchContext, PolicyQuery):
+ 
+     """
+@@ -35,7 +45,8 @@ class PortconQuery(MatchContext, PolicyQuery):
+ 
+     Keyword Parameters/Class attributes:
+     protocol        The protocol to match (socket.IPPROTO_TCP for
+-                    TCP or socket.IPPROTO_UDP for UDP)
++                    TCP, socket.IPPROTO_UDP for UDP, socket.IPPROTO_DCCP
++                    for DCCP or socket.IPPROTO_SCTP for SCTP)
+ 
+     ports           A 2-tuple of the port range to match. (Set both to
+                     the same value for a single port)
 -- 
 2.14.3