| Message ID | 20180320174930.3207-1-richard_c_haines@btinternet.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
On 03/20/2018 01:49 PM, Richard Haines via Selinux wrote: > Allow setools to interpret SCTP portcon policy statements > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > --- > libqpol/policy_define.c | 2 ++ > setools/policyrep/netcontext.py | 3 ++- > 2 files changed, 4 insertions(+), 1 deletion(-) > > diff --git a/libqpol/policy_define.c b/libqpol/policy_define.c > index dcc69fc..bffe451 100644 > --- a/libqpol/policy_define.c > +++ b/libqpol/policy_define.c > @@ -4933,6 +4933,8 @@ int define_port_context(unsigned int low, unsigned int high) > protocol = IPPROTO_UDP; > } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { > protocol = IPPROTO_DCCP; > + } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) { > + protocol = IPPROTO_SCTP; > } else { > yyerror2("unrecognized protocol %s", id); > goto bad; > diff --git a/setools/policyrep/netcontext.py b/setools/policyrep/netcontext.py > index c7076d2..1793677 100644 > --- a/setools/policyrep/netcontext.py > +++ b/setools/policyrep/netcontext.py > @@ -17,7 +17,7 @@ > # License along with SETools. If not, see > # <http://www.gnu.org/licenses/>. > # > -from socket import AF_INET, AF_INET6, IPPROTO_TCP, IPPROTO_UDP, getprotobyname > +from socket import AF_INET, AF_INET6, IPPROTO_TCP, IPPROTO_UDP, IPPROTO_SCTP, getprotobyname > from collections import namedtuple > from ipaddress import ip_address, ip_network > > @@ -196,6 +196,7 @@ class PortconProtocol(int, PolicyEnum): > tcp = IPPROTO_TCP > udp = IPPROTO_UDP > dccp = IPPROTO_DCCP > + sctp = IPPROTO_SCTP > > > class Portcon(NetContext): Thanks for the patch, but I'm reimplementing the SETools policyrep, so I've added the equivalent support already.
diff --git a/libqpol/policy_define.c b/libqpol/policy_define.c index dcc69fc..bffe451 100644 --- a/libqpol/policy_define.c +++ b/libqpol/policy_define.c @@ -4933,6 +4933,8 @@ int define_port_context(unsigned int low, unsigned int high) protocol = IPPROTO_UDP; } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { protocol = IPPROTO_DCCP; + } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) { + protocol = IPPROTO_SCTP; } else { yyerror2("unrecognized protocol %s", id); goto bad; diff --git a/setools/policyrep/netcontext.py b/setools/policyrep/netcontext.py index c7076d2..1793677 100644 --- a/setools/policyrep/netcontext.py +++ b/setools/policyrep/netcontext.py @@ -17,7 +17,7 @@ # License along with SETools. If not, see # <http://www.gnu.org/licenses/>. # -from socket import AF_INET, AF_INET6, IPPROTO_TCP, IPPROTO_UDP, getprotobyname +from socket import AF_INET, AF_INET6, IPPROTO_TCP, IPPROTO_UDP, IPPROTO_SCTP, getprotobyname from collections import namedtuple from ipaddress import ip_address, ip_network @@ -196,6 +196,7 @@ class PortconProtocol(int, PolicyEnum): tcp = IPPROTO_TCP udp = IPPROTO_UDP dccp = IPPROTO_DCCP + sctp = IPPROTO_SCTP class Portcon(NetContext):
Allow setools to interpret SCTP portcon policy statements Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> --- libqpol/policy_define.c | 2 ++ setools/policyrep/netcontext.py | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-)