diff for duplicates of <1485177542.4077.2.camel@btinternet.com> diff --git a/a/1.txt b/N1/1.txt index 92ad976..83007d1 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -102,7 +102,7 @@ channels, however it could be that these are needed by other services but sctp associations are not allowed on all of them. This is my attempt to answer Paul's comments on a previous patch (see h -ttp://marc.info/?l=selinux&m\x141801137004870&w=2) that I've added here: +ttp://marc.info/?l=selinux&m=141801137004870&w=2) that I've added here: ------------------ With connectionless protocols, e.g. UDP, there is not peer label since there is no connected peer. With connection based protocols, e.g. TCP, @@ -246,10 +246,10 @@ indentation. > > permission > > + * for the port. > > */ -> > if (sksec->sclass = SECCLASS_TCP_SOCKET || -> > - sksec->sclass = SECCLASS_DCCP_SOCKET) { -> > + sksec->sclass = SECCLASS_DCCP_SOCKET || -> > + sksec->sclass = SECCLASS_SCTP_SOCKET) { +> > if (sksec->sclass == SECCLASS_TCP_SOCKET || +> > - sksec->sclass == SECCLASS_DCCP_SOCKET) { +> > + sksec->sclass == SECCLASS_DCCP_SOCKET || +> > + sksec->sclass == SECCLASS_SCTP_SOCKET) { > > struct common_audit_data ad; > > struct lsm_network_audit net = {0,}; > > struct sockaddr_in *addr4 = NULL; @@ -258,14 +258,14 @@ indentation. > > if (err) > > goto out; > > -> > - perm = (sksec->sclass = SECCLASS_TCP_SOCKET) ? +> > - perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ? > > - TCP_SOCKET__NAME_CONNECT : > > DCCP_SOCKET__NAME_CONNECT; -> > + if (sksec->sclass = SECCLASS_TCP_SOCKET) +> > + if (sksec->sclass == SECCLASS_TCP_SOCKET) > > + perm = TCP_SOCKET__NAME_CONNECT; -> > + else if (sksec->sclass = SECCLASS_DCCP_SOCKET) +> > + else if (sksec->sclass == SECCLASS_DCCP_SOCKET) > > + perm = DCCP_SOCKET__NAME_CONNECT; -> > + else if (sksec->sclass = SECCLASS_SCTP_SOCKET) +> > + else if (sksec->sclass == SECCLASS_SCTP_SOCKET) > > + perm = SCTP_SOCKET__NAME_CONNECT; > > Use a switch? @@ -344,12 +344,12 @@ Removed peeloff as not required. > > *op > > u32 peer_sid = SECSID_NULL; > > -> > if (sksec->sclass = SECCLASS_UNIX_STREAM_SOCKET || -> > - sksec->sclass = SECCLASS_TCP_SOCKET) -> > + sksec->sclass = SECCLASS_TCP_SOCKET || -> > + sksec->sclass = SECCLASS_SCTP_SOCKET) +> > if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET || +> > - sksec->sclass == SECCLASS_TCP_SOCKET) +> > + sksec->sclass == SECCLASS_TCP_SOCKET || +> > + sksec->sclass == SECCLASS_SCTP_SOCKET) > > peer_sid = sksec->peer_sid; -> > if (peer_sid = SECSID_NULL) +> > if (peer_sid == SECSID_NULL) > > return -ENOPROTOOPT; > > @@ -4828,6 +4898,36 @@ static void selinux_sock_graft(struct sock > > *sk, struct socket *parent) @@ -367,7 +367,7 @@ Removed peeloff as not required. > > + > > + peerlbl_active = selinux_peerlbl_enabled(); > > + -> > + if (sksec->peer_sid = SECINITSID_UNLABELED && +> > + if (sksec->peer_sid == SECINITSID_UNLABELED && > > peerlbl_active) { > > + /* Here because this is the first association on > > this diff --git a/a/content_digest b/N1/content_digest index 9ac3cea..b8b6bb7 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -115,7 +115,7 @@ "but sctp associations are not allowed on all of them.\n" "\n" "This is my attempt to answer Paul's comments on a previous patch (see h\n" - "ttp://marc.info/?l=selinux&m\0241801137004870&w=2) that I've added here:\n" + "ttp://marc.info/?l=selinux&m=141801137004870&w=2) that I've added here:\n" "------------------\n" "With connectionless protocols, e.g. UDP, there is not peer label since\n" "there\302\240is no connected peer.\302\240\302\240With connection based protocols, e.g. TCP,\n" @@ -259,10 +259,10 @@ "> > permission\n" "> > +\t\302\240* for the port.\n" "> > \302\240\t\302\240*/\n" - "> > \302\240\tif (sksec->sclass = SECCLASS_TCP_SOCKET ||\n" - "> > -\t\302\240\302\240\302\240\302\240sksec->sclass = SECCLASS_DCCP_SOCKET) {\n" - "> > +\t\302\240\302\240\302\240\302\240sksec->sclass = SECCLASS_DCCP_SOCKET ||\n" - "> > +\t\302\240\302\240\302\240\302\240sksec->sclass = SECCLASS_SCTP_SOCKET) {\n" + "> > \302\240\tif (sksec->sclass == SECCLASS_TCP_SOCKET ||\n" + "> > -\t\302\240\302\240\302\240\302\240sksec->sclass == SECCLASS_DCCP_SOCKET) {\n" + "> > +\t\302\240\302\240\302\240\302\240sksec->sclass == SECCLASS_DCCP_SOCKET ||\n" + "> > +\t\302\240\302\240\302\240\302\240sksec->sclass == SECCLASS_SCTP_SOCKET) {\n" "> > \302\240\t\tstruct common_audit_data ad;\n" "> > \302\240\t\tstruct lsm_network_audit net = {0,};\n" "> > \302\240\t\tstruct sockaddr_in *addr4 = NULL;\n" @@ -271,14 +271,14 @@ "> > \302\240\t\tif (err)\n" "> > \302\240\t\t\tgoto out;\n" "> > \302\240\n" - "> > -\t\tperm = (sksec->sclass = SECCLASS_TCP_SOCKET) ?\n" + "> > -\t\tperm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?\n" "> > -\t\t\302\240\302\240\302\240\302\240\302\240\302\240\302\240TCP_SOCKET__NAME_CONNECT :\n" "> > DCCP_SOCKET__NAME_CONNECT;\n" - "> > +\t\tif (sksec->sclass = SECCLASS_TCP_SOCKET)\n" + "> > +\t\tif (sksec->sclass == SECCLASS_TCP_SOCKET)\n" "> > +\t\t\tperm = TCP_SOCKET__NAME_CONNECT;\n" - "> > +\t\telse if (sksec->sclass = SECCLASS_DCCP_SOCKET)\n" + "> > +\t\telse if (sksec->sclass == SECCLASS_DCCP_SOCKET)\n" "> > +\t\t\tperm = DCCP_SOCKET__NAME_CONNECT;\n" - "> > +\t\telse if (sksec->sclass = SECCLASS_SCTP_SOCKET)\n" + "> > +\t\telse if (sksec->sclass == SECCLASS_SCTP_SOCKET)\n" "> > +\t\t\tperm = SCTP_SOCKET__NAME_CONNECT;\n" "> \n" "> Use a switch?\n" @@ -357,12 +357,12 @@ "> > *op\n" "> > \302\240\tu32 peer_sid = SECSID_NULL;\n" "> > \302\240\n" - "> > \302\240\tif (sksec->sclass = SECCLASS_UNIX_STREAM_SOCKET ||\n" - "> > -\t\302\240\302\240\302\240\302\240sksec->sclass = SECCLASS_TCP_SOCKET)\n" - "> > +\t\302\240\302\240\302\240\302\240sksec->sclass = SECCLASS_TCP_SOCKET ||\n" - "> > +\t\302\240\302\240\302\240\302\240sksec->sclass = SECCLASS_SCTP_SOCKET)\n" + "> > \302\240\tif (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||\n" + "> > -\t\302\240\302\240\302\240\302\240sksec->sclass == SECCLASS_TCP_SOCKET)\n" + "> > +\t\302\240\302\240\302\240\302\240sksec->sclass == SECCLASS_TCP_SOCKET ||\n" + "> > +\t\302\240\302\240\302\240\302\240sksec->sclass == SECCLASS_SCTP_SOCKET)\n" "> > \302\240\t\tpeer_sid = sksec->peer_sid;\n" - "> > \302\240\tif (peer_sid = SECSID_NULL)\n" + "> > \302\240\tif (peer_sid == SECSID_NULL)\n" "> > \302\240\t\treturn -ENOPROTOOPT;\n" "> > @@ -4828,6 +4898,36 @@ static void selinux_sock_graft(struct sock\n" "> > *sk, struct socket *parent)\n" @@ -380,7 +380,7 @@ "> > +\n" "> > +\tpeerlbl_active = selinux_peerlbl_enabled();\n" "> > +\n" - "> > +\tif (sksec->peer_sid = SECINITSID_UNLABELED &&\n" + "> > +\tif (sksec->peer_sid == SECINITSID_UNLABELED &&\n" "> > peerlbl_active) {\n" "> > +\t\t/* Here because this is the first association on\n" "> > this\n" @@ -439,4 +439,4 @@ "> the body of a message to majordomo@vger.kernel.org\n" "> More majordomo info at\302\240\302\240http://vger.kernel.org/majordomo-info.html" -8a4da3b0a0d4304f7a2a7674b29df809ea29716655e4ee003eebeac0a7262f37 +be626b393a46b7518d95a0b0855e15fec47e19f97d719d08df7f5679c5304998
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.