[PATCH] selinux: Build policy on systems not supporting DCCP protocol

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] selinux: Build policy on systems not supporting DCCP protocol
@ 2016-04-24  9:34 Richard Haines
  2016-04-24 19:02 ` Joshua Brindle
  0 siblings, 1 reply; 4+ messages in thread
From: Richard Haines @ 2016-04-24  9:34 UTC (permalink / raw)
  To: selinux

Commit 3895fbbe0cf2ec52d6b6eda66084b6e9f8d88fb2 ("selinux: Add support
for portcon dccp protocol") added support for the (portcon dccp ..)
statement. This fix will allow policy to be built on platforms
(see [1]) that do not have DCCP support by defining the IANA
assigned IP Protocol Number 33 to IPPROTO_DCCP.

[1] https://android-review.googlesource.com/#/c/219568/

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
 checkpolicy/checkpolicy.c     | 3 +++
 checkpolicy/policy_define.c   | 3 +++
 libsepol/cil/src/cil_binary.c | 3 +++
 libsepol/src/module_to_cil.c  | 3 +++
 libsepol/src/ports.c          | 3 +++
 5 files changed, 15 insertions(+)

diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index ea9ee00..7947c20 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -64,6 +64,9 @@
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
+#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33
+#endif
 #include <arpa/inet.h>
 #include <fcntl.h>
 #include <stdio.h>
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index 7a4d2f1..2068b71 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -36,6 +36,9 @@
 #include <string.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
+#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33
+#endif
 #include <arpa/inet.h>
 #include <stdlib.h>
 #include <limits.h>
diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
index 8233dfd..b8437c9 100644
--- a/libsepol/cil/src/cil_binary.c
+++ b/libsepol/cil/src/cil_binary.c
@@ -31,6 +31,9 @@
 #include <stdio.h>
 #include <assert.h>
 #include <netinet/in.h>
+#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33
+#endif
 
 #include <sepol/policydb/policydb.h>
 #include <sepol/policydb/polcaps.h>
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index b478d9f..38f0dc3 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -26,6 +26,9 @@
 #include <getopt.h>
 #include <libgen.h>
 #include <netinet/in.h>
+#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33
+#endif
 #include <signal.h>
 #include <stdarg.h>
 #include <stdio.h>
diff --git a/libsepol/src/ports.c b/libsepol/src/ports.c
index b1ee094..62ec602 100644
--- a/libsepol/src/ports.c
+++ b/libsepol/src/ports.c
@@ -1,4 +1,7 @@
 #include <netinet/in.h>
+#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33
+#endif
 #include <stdlib.h>
 
 #include "debug.h"
-- 
2.5.5

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] selinux: Build policy on systems not supporting DCCP protocol
  2016-04-24  9:34 [PATCH] selinux: Build policy on systems not supporting DCCP protocol Richard Haines
@ 2016-04-24 19:02 ` Joshua Brindle
  2016-04-25 13:19   ` Richard Haines
  0 siblings, 1 reply; 4+ messages in thread
From: Joshua Brindle @ 2016-04-24 19:02 UTC (permalink / raw)
  To: Richard Haines; +Cc: selinux

Richard Haines wrote:
> Commit 3895fbbe0cf2ec52d6b6eda66084b6e9f8d88fb2 ("selinux: Add support
> for portcon dccp protocol") added support for the (portcon dccp ..)
> statement. This fix will allow policy to be built on platforms
> (see [1]) that do not have DCCP support by defining the IANA
> assigned IP Protocol Number 33 to IPPROTO_DCCP.
>
> [1] https://android-review.googlesource.com/#/c/219568/
>
> Signed-off-by: Richard Haines<richard_c_haines@btinternet.com>
> ---
>   checkpolicy/checkpolicy.c     | 3 +++
>   checkpolicy/policy_define.c   | 3 +++
>   libsepol/cil/src/cil_binary.c | 3 +++
>   libsepol/src/module_to_cil.c  | 3 +++
>   libsepol/src/ports.c          | 3 +++

Seems like this should be in a private header.

>   5 files changed, 15 insertions(+)
>
> diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
> index ea9ee00..7947c20 100644
> --- a/checkpolicy/checkpolicy.c
> +++ b/checkpolicy/checkpolicy.c
> @@ -64,6 +64,9 @@
>   #include<sys/stat.h>
>   #include<sys/socket.h>
>   #include<netinet/in.h>
> +#ifndef IPPROTO_DCCP
> +#define IPPROTO_DCCP 33
> +#endif
>   #include<arpa/inet.h>
>   #include<fcntl.h>
>   #include<stdio.h>
> diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
> index 7a4d2f1..2068b71 100644
> --- a/checkpolicy/policy_define.c
> +++ b/checkpolicy/policy_define.c
> @@ -36,6 +36,9 @@
>   #include<string.h>
>   #include<sys/socket.h>
>   #include<netinet/in.h>
> +#ifndef IPPROTO_DCCP
> +#define IPPROTO_DCCP 33
> +#endif
>   #include<arpa/inet.h>
>   #include<stdlib.h>
>   #include<limits.h>
> diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
> index 8233dfd..b8437c9 100644
> --- a/libsepol/cil/src/cil_binary.c
> +++ b/libsepol/cil/src/cil_binary.c
> @@ -31,6 +31,9 @@
>   #include<stdio.h>
>   #include<assert.h>
>   #include<netinet/in.h>
> +#ifndef IPPROTO_DCCP
> +#define IPPROTO_DCCP 33
> +#endif
>
>   #include<sepol/policydb/policydb.h>
>   #include<sepol/policydb/polcaps.h>
> diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
> index b478d9f..38f0dc3 100644
> --- a/libsepol/src/module_to_cil.c
> +++ b/libsepol/src/module_to_cil.c
> @@ -26,6 +26,9 @@
>   #include<getopt.h>
>   #include<libgen.h>
>   #include<netinet/in.h>
> +#ifndef IPPROTO_DCCP
> +#define IPPROTO_DCCP 33
> +#endif
>   #include<signal.h>
>   #include<stdarg.h>
>   #include<stdio.h>
> diff --git a/libsepol/src/ports.c b/libsepol/src/ports.c
> index b1ee094..62ec602 100644
> --- a/libsepol/src/ports.c
> +++ b/libsepol/src/ports.c
> @@ -1,4 +1,7 @@
>   #include<netinet/in.h>
> +#ifndef IPPROTO_DCCP
> +#define IPPROTO_DCCP 33
> +#endif
>   #include<stdlib.h>
>
>   #include "debug.h"

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] selinux: Build policy on systems not supporting DCCP protocol
  2016-04-24 19:02 ` Joshua Brindle
@ 2016-04-25 13:19   ` Richard Haines
  2016-04-25 18:33     ` Stephen Smalley
  0 siblings, 1 reply; 4+ messages in thread
From: Richard Haines @ 2016-04-25 13:19 UTC (permalink / raw)
  To: Joshua Brindle; +Cc: selinux@tycho.nsa.gov






> On Sunday, 24 April 2016, 20:02, Joshua Brindle <brindle@quarksecurity.com> wrote:
> > Richard Haines wrote:
>>  Commit 3895fbbe0cf2ec52d6b6eda66084b6e9f8d88fb2 ("selinux: Add support
>>  for portcon dccp protocol") added support for the (portcon dccp ..)
>>  statement. This fix will allow policy to be built on platforms
>>  (see [1]) that do not have DCCP support by defining the IANA
>>  assigned IP Protocol Number 33 to IPPROTO_DCCP.
>> 
>>  [1] https://android-review.googlesource.com/#/c/219568/
>> 
>>  Signed-off-by: Richard Haines<richard_c_haines@btinternet.com>
>>  ---
>>    checkpolicy/checkpolicy.c     | 3 +++
>>    checkpolicy/policy_define.c   | 3 +++
>>    libsepol/cil/src/cil_binary.c | 3 +++
>>    libsepol/src/module_to_cil.c  | 3 +++
>>    libsepol/src/ports.c          | 3 +++
> 

> Seems like this should be in a private header.

I finally choose the way I did this to make it clear that netinet/in.h
may not have dccp support.
> 
> 
>>    5 files changed, 15 insertions(+)
>> 
>>  diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
>>  index ea9ee00..7947c20 100644
>>  --- a/checkpolicy/checkpolicy.c
>>  +++ b/checkpolicy/checkpolicy.c
>>  @@ -64,6 +64,9 @@
>>    #include<sys/stat.h>
>>    #include<sys/socket.h>
>>    #include<netinet/in.h>
>>  +#ifndef IPPROTO_DCCP
>>  +#define IPPROTO_DCCP 33
>>  +#endif
>>    #include<arpa/inet.h>
>>    #include<fcntl.h>
>>    #include<stdio.h>
>>  diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
>>  index 7a4d2f1..2068b71 100644
>>  --- a/checkpolicy/policy_define.c
>>  +++ b/checkpolicy/policy_define.c
>>  @@ -36,6 +36,9 @@
>>    #include<string.h>
>>    #include<sys/socket.h>
>>    #include<netinet/in.h>
>>  +#ifndef IPPROTO_DCCP
>>  +#define IPPROTO_DCCP 33
>>  +#endif
>>    #include<arpa/inet.h>
>>    #include<stdlib.h>
>>    #include<limits.h>
>>  diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
>>  index 8233dfd..b8437c9 100644
>>  --- a/libsepol/cil/src/cil_binary.c
>>  +++ b/libsepol/cil/src/cil_binary.c
>>  @@ -31,6 +31,9 @@
>>    #include<stdio.h>
>>    #include<assert.h>
>>    #include<netinet/in.h>
>>  +#ifndef IPPROTO_DCCP
>>  +#define IPPROTO_DCCP 33
>>  +#endif
>> 
>>    #include<sepol/policydb/policydb.h>
>>    #include<sepol/policydb/polcaps.h>
>>  diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
>>  index b478d9f..38f0dc3 100644
>>  --- a/libsepol/src/module_to_cil.c
>>  +++ b/libsepol/src/module_to_cil.c
>>  @@ -26,6 +26,9 @@
>>    #include<getopt.h>
>>    #include<libgen.h>
>>    #include<netinet/in.h>
>>  +#ifndef IPPROTO_DCCP
>>  +#define IPPROTO_DCCP 33
>>  +#endif
>>    #include<signal.h>
>>    #include<stdarg.h>
>>    #include<stdio.h>
>>  diff --git a/libsepol/src/ports.c b/libsepol/src/ports.c
>>  index b1ee094..62ec602 100644
>>  --- a/libsepol/src/ports.c
>>  +++ b/libsepol/src/ports.c
>>  @@ -1,4 +1,7 @@
>>    #include<netinet/in.h>
>>  +#ifndef IPPROTO_DCCP
>>  +#define IPPROTO_DCCP 33
>>  +#endif
>>    #include<stdlib.h>
>> 
>>    #include "debug.h"
> 

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] selinux: Build policy on systems not supporting DCCP protocol
  2016-04-25 13:19   ` Richard Haines
@ 2016-04-25 18:33     ` Stephen Smalley
  0 siblings, 0 replies; 4+ messages in thread
From: Stephen Smalley @ 2016-04-25 18:33 UTC (permalink / raw)
  To: Richard Haines, Joshua Brindle; +Cc: selinux@tycho.nsa.gov

On 04/25/2016 09:19 AM, Richard Haines wrote:
> 
> 
> 
> 
> 
>> On Sunday, 24 April 2016, 20:02, Joshua Brindle <brindle@quarksecurity.com> wrote:
>>> Richard Haines wrote:
>>>  Commit 3895fbbe0cf2ec52d6b6eda66084b6e9f8d88fb2 ("selinux: Add support
>>>  for portcon dccp protocol") added support for the (portcon dccp ..)
>>>  statement. This fix will allow policy to be built on platforms
>>>  (see [1]) that do not have DCCP support by defining the IANA
>>>  assigned IP Protocol Number 33 to IPPROTO_DCCP.
>>>
>>>  [1] https://android-review.googlesource.com/#/c/219568/
>>>
>>>  Signed-off-by: Richard Haines<richard_c_haines@btinternet.com>
>>>  ---
>>>    checkpolicy/checkpolicy.c     | 3 +++
>>>    checkpolicy/policy_define.c   | 3 +++
>>>    libsepol/cil/src/cil_binary.c | 3 +++
>>>    libsepol/src/module_to_cil.c  | 3 +++
>>>    libsepol/src/ports.c          | 3 +++
>>
> 
>> Seems like this should be in a private header.
> 
> I finally choose the way I did this to make it clear that netinet/in.h
> may not have dccp support.

Yes, doesn't seem worth defining a libsepol header that defines it and
then including that in each of these files.  It isn't as though the
definition will ever change...

>>
>>
>>>    5 files changed, 15 insertions(+)
>>>
>>>  diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
>>>  index ea9ee00..7947c20 100644
>>>  --- a/checkpolicy/checkpolicy.c
>>>  +++ b/checkpolicy/checkpolicy.c
>>>  @@ -64,6 +64,9 @@
>>>    #include<sys/stat.h>
>>>    #include<sys/socket.h>
>>>    #include<netinet/in.h>
>>>  +#ifndef IPPROTO_DCCP
>>>  +#define IPPROTO_DCCP 33
>>>  +#endif
>>>    #include<arpa/inet.h>
>>>    #include<fcntl.h>
>>>    #include<stdio.h>
>>>  diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
>>>  index 7a4d2f1..2068b71 100644
>>>  --- a/checkpolicy/policy_define.c
>>>  +++ b/checkpolicy/policy_define.c
>>>  @@ -36,6 +36,9 @@
>>>    #include<string.h>
>>>    #include<sys/socket.h>
>>>    #include<netinet/in.h>
>>>  +#ifndef IPPROTO_DCCP
>>>  +#define IPPROTO_DCCP 33
>>>  +#endif
>>>    #include<arpa/inet.h>
>>>    #include<stdlib.h>
>>>    #include<limits.h>
>>>  diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
>>>  index 8233dfd..b8437c9 100644
>>>  --- a/libsepol/cil/src/cil_binary.c
>>>  +++ b/libsepol/cil/src/cil_binary.c
>>>  @@ -31,6 +31,9 @@
>>>    #include<stdio.h>
>>>    #include<assert.h>
>>>    #include<netinet/in.h>
>>>  +#ifndef IPPROTO_DCCP
>>>  +#define IPPROTO_DCCP 33
>>>  +#endif
>>>
>>>    #include<sepol/policydb/policydb.h>
>>>    #include<sepol/policydb/polcaps.h>
>>>  diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
>>>  index b478d9f..38f0dc3 100644
>>>  --- a/libsepol/src/module_to_cil.c
>>>  +++ b/libsepol/src/module_to_cil.c
>>>  @@ -26,6 +26,9 @@
>>>    #include<getopt.h>
>>>    #include<libgen.h>
>>>    #include<netinet/in.h>
>>>  +#ifndef IPPROTO_DCCP
>>>  +#define IPPROTO_DCCP 33
>>>  +#endif
>>>    #include<signal.h>
>>>    #include<stdarg.h>
>>>    #include<stdio.h>
>>>  diff --git a/libsepol/src/ports.c b/libsepol/src/ports.c
>>>  index b1ee094..62ec602 100644
>>>  --- a/libsepol/src/ports.c
>>>  +++ b/libsepol/src/ports.c
>>>  @@ -1,4 +1,7 @@
>>>    #include<netinet/in.h>
>>>  +#ifndef IPPROTO_DCCP
>>>  +#define IPPROTO_DCCP 33
>>>  +#endif
>>>    #include<stdlib.h>
>>>
>>>    #include "debug.h"
>>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
> 

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2016-04-25 18:33 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-04-24  9:34 [PATCH] selinux: Build policy on systems not supporting DCCP protocol Richard Haines
2016-04-24 19:02 ` Joshua Brindle
2016-04-25 13:19   ` Richard Haines
2016-04-25 18:33     ` Stephen Smalley

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.