| Message ID | 1461490487-19829-1-git-send-email-richard_c_haines@btinternet.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
Richard Haines wrote: > Commit 3895fbbe0cf2ec52d6b6eda66084b6e9f8d88fb2 ("selinux: Add support > for portcon dccp protocol") added support for the (portcon dccp ..) > statement. This fix will allow policy to be built on platforms > (see [1]) that do not have DCCP support by defining the IANA > assigned IP Protocol Number 33 to IPPROTO_DCCP. > > [1] https://android-review.googlesource.com/#/c/219568/ > > Signed-off-by: Richard Haines<richard_c_haines@btinternet.com> > --- > checkpolicy/checkpolicy.c | 3 +++ > checkpolicy/policy_define.c | 3 +++ > libsepol/cil/src/cil_binary.c | 3 +++ > libsepol/src/module_to_cil.c | 3 +++ > libsepol/src/ports.c | 3 +++ Seems like this should be in a private header. > 5 files changed, 15 insertions(+) > > diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c > index ea9ee00..7947c20 100644 > --- a/checkpolicy/checkpolicy.c > +++ b/checkpolicy/checkpolicy.c > @@ -64,6 +64,9 @@ > #include<sys/stat.h> > #include<sys/socket.h> > #include<netinet/in.h> > +#ifndef IPPROTO_DCCP > +#define IPPROTO_DCCP 33 > +#endif > #include<arpa/inet.h> > #include<fcntl.h> > #include<stdio.h> > diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c > index 7a4d2f1..2068b71 100644 > --- a/checkpolicy/policy_define.c > +++ b/checkpolicy/policy_define.c > @@ -36,6 +36,9 @@ > #include<string.h> > #include<sys/socket.h> > #include<netinet/in.h> > +#ifndef IPPROTO_DCCP > +#define IPPROTO_DCCP 33 > +#endif > #include<arpa/inet.h> > #include<stdlib.h> > #include<limits.h> > diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c > index 8233dfd..b8437c9 100644 > --- a/libsepol/cil/src/cil_binary.c > +++ b/libsepol/cil/src/cil_binary.c > @@ -31,6 +31,9 @@ > #include<stdio.h> > #include<assert.h> > #include<netinet/in.h> > +#ifndef IPPROTO_DCCP > +#define IPPROTO_DCCP 33 > +#endif > > #include<sepol/policydb/policydb.h> > #include<sepol/policydb/polcaps.h> > diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c > index b478d9f..38f0dc3 100644 > --- a/libsepol/src/module_to_cil.c > +++ b/libsepol/src/module_to_cil.c > @@ -26,6 +26,9 @@ > #include<getopt.h> > #include<libgen.h> > #include<netinet/in.h> > +#ifndef IPPROTO_DCCP > +#define IPPROTO_DCCP 33 > +#endif > #include<signal.h> > #include<stdarg.h> > #include<stdio.h> > diff --git a/libsepol/src/ports.c b/libsepol/src/ports.c > index b1ee094..62ec602 100644 > --- a/libsepol/src/ports.c > +++ b/libsepol/src/ports.c > @@ -1,4 +1,7 @@ > #include<netinet/in.h> > +#ifndef IPPROTO_DCCP > +#define IPPROTO_DCCP 33 > +#endif > #include<stdlib.h> > > #include "debug.h"
> On Sunday, 24 April 2016, 20:02, Joshua Brindle <brindle@quarksecurity.com> wrote: > > Richard Haines wrote: >> Commit 3895fbbe0cf2ec52d6b6eda66084b6e9f8d88fb2 ("selinux: Add support >> for portcon dccp protocol") added support for the (portcon dccp ..) >> statement. This fix will allow policy to be built on platforms >> (see [1]) that do not have DCCP support by defining the IANA >> assigned IP Protocol Number 33 to IPPROTO_DCCP. >> >> [1] https://android-review.googlesource.com/#/c/219568/ >> >> Signed-off-by: Richard Haines<richard_c_haines@btinternet.com> >> --- >> checkpolicy/checkpolicy.c | 3 +++ >> checkpolicy/policy_define.c | 3 +++ >> libsepol/cil/src/cil_binary.c | 3 +++ >> libsepol/src/module_to_cil.c | 3 +++ >> libsepol/src/ports.c | 3 +++ > > Seems like this should be in a private header. I finally choose the way I did this to make it clear that netinet/in.h may not have dccp support. > > >> 5 files changed, 15 insertions(+) >> >> diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c >> index ea9ee00..7947c20 100644 >> --- a/checkpolicy/checkpolicy.c >> +++ b/checkpolicy/checkpolicy.c >> @@ -64,6 +64,9 @@ >> #include<sys/stat.h> >> #include<sys/socket.h> >> #include<netinet/in.h> >> +#ifndef IPPROTO_DCCP >> +#define IPPROTO_DCCP 33 >> +#endif >> #include<arpa/inet.h> >> #include<fcntl.h> >> #include<stdio.h> >> diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c >> index 7a4d2f1..2068b71 100644 >> --- a/checkpolicy/policy_define.c >> +++ b/checkpolicy/policy_define.c >> @@ -36,6 +36,9 @@ >> #include<string.h> >> #include<sys/socket.h> >> #include<netinet/in.h> >> +#ifndef IPPROTO_DCCP >> +#define IPPROTO_DCCP 33 >> +#endif >> #include<arpa/inet.h> >> #include<stdlib.h> >> #include<limits.h> >> diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c >> index 8233dfd..b8437c9 100644 >> --- a/libsepol/cil/src/cil_binary.c >> +++ b/libsepol/cil/src/cil_binary.c >> @@ -31,6 +31,9 @@ >> #include<stdio.h> >> #include<assert.h> >> #include<netinet/in.h> >> +#ifndef IPPROTO_DCCP >> +#define IPPROTO_DCCP 33 >> +#endif >> >> #include<sepol/policydb/policydb.h> >> #include<sepol/policydb/polcaps.h> >> diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c >> index b478d9f..38f0dc3 100644 >> --- a/libsepol/src/module_to_cil.c >> +++ b/libsepol/src/module_to_cil.c >> @@ -26,6 +26,9 @@ >> #include<getopt.h> >> #include<libgen.h> >> #include<netinet/in.h> >> +#ifndef IPPROTO_DCCP >> +#define IPPROTO_DCCP 33 >> +#endif >> #include<signal.h> >> #include<stdarg.h> >> #include<stdio.h> >> diff --git a/libsepol/src/ports.c b/libsepol/src/ports.c >> index b1ee094..62ec602 100644 >> --- a/libsepol/src/ports.c >> +++ b/libsepol/src/ports.c >> @@ -1,4 +1,7 @@ >> #include<netinet/in.h> >> +#ifndef IPPROTO_DCCP >> +#define IPPROTO_DCCP 33 >> +#endif >> #include<stdlib.h> >> >> #include "debug.h" >
On 04/25/2016 09:19 AM, Richard Haines wrote: > > > > > >> On Sunday, 24 April 2016, 20:02, Joshua Brindle <brindle@quarksecurity.com> wrote: >>> Richard Haines wrote: >>> Commit 3895fbbe0cf2ec52d6b6eda66084b6e9f8d88fb2 ("selinux: Add support >>> for portcon dccp protocol") added support for the (portcon dccp ..) >>> statement. This fix will allow policy to be built on platforms >>> (see [1]) that do not have DCCP support by defining the IANA >>> assigned IP Protocol Number 33 to IPPROTO_DCCP. >>> >>> [1] https://android-review.googlesource.com/#/c/219568/ >>> >>> Signed-off-by: Richard Haines<richard_c_haines@btinternet.com> >>> --- >>> checkpolicy/checkpolicy.c | 3 +++ >>> checkpolicy/policy_define.c | 3 +++ >>> libsepol/cil/src/cil_binary.c | 3 +++ >>> libsepol/src/module_to_cil.c | 3 +++ >>> libsepol/src/ports.c | 3 +++ >> > >> Seems like this should be in a private header. > > I finally choose the way I did this to make it clear that netinet/in.h > may not have dccp support. Yes, doesn't seem worth defining a libsepol header that defines it and then including that in each of these files. It isn't as though the definition will ever change... >> >> >>> 5 files changed, 15 insertions(+) >>> >>> diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c >>> index ea9ee00..7947c20 100644 >>> --- a/checkpolicy/checkpolicy.c >>> +++ b/checkpolicy/checkpolicy.c >>> @@ -64,6 +64,9 @@ >>> #include<sys/stat.h> >>> #include<sys/socket.h> >>> #include<netinet/in.h> >>> +#ifndef IPPROTO_DCCP >>> +#define IPPROTO_DCCP 33 >>> +#endif >>> #include<arpa/inet.h> >>> #include<fcntl.h> >>> #include<stdio.h> >>> diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c >>> index 7a4d2f1..2068b71 100644 >>> --- a/checkpolicy/policy_define.c >>> +++ b/checkpolicy/policy_define.c >>> @@ -36,6 +36,9 @@ >>> #include<string.h> >>> #include<sys/socket.h> >>> #include<netinet/in.h> >>> +#ifndef IPPROTO_DCCP >>> +#define IPPROTO_DCCP 33 >>> +#endif >>> #include<arpa/inet.h> >>> #include<stdlib.h> >>> #include<limits.h> >>> diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c >>> index 8233dfd..b8437c9 100644 >>> --- a/libsepol/cil/src/cil_binary.c >>> +++ b/libsepol/cil/src/cil_binary.c >>> @@ -31,6 +31,9 @@ >>> #include<stdio.h> >>> #include<assert.h> >>> #include<netinet/in.h> >>> +#ifndef IPPROTO_DCCP >>> +#define IPPROTO_DCCP 33 >>> +#endif >>> >>> #include<sepol/policydb/policydb.h> >>> #include<sepol/policydb/polcaps.h> >>> diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c >>> index b478d9f..38f0dc3 100644 >>> --- a/libsepol/src/module_to_cil.c >>> +++ b/libsepol/src/module_to_cil.c >>> @@ -26,6 +26,9 @@ >>> #include<getopt.h> >>> #include<libgen.h> >>> #include<netinet/in.h> >>> +#ifndef IPPROTO_DCCP >>> +#define IPPROTO_DCCP 33 >>> +#endif >>> #include<signal.h> >>> #include<stdarg.h> >>> #include<stdio.h> >>> diff --git a/libsepol/src/ports.c b/libsepol/src/ports.c >>> index b1ee094..62ec602 100644 >>> --- a/libsepol/src/ports.c >>> +++ b/libsepol/src/ports.c >>> @@ -1,4 +1,7 @@ >>> #include<netinet/in.h> >>> +#ifndef IPPROTO_DCCP >>> +#define IPPROTO_DCCP 33 >>> +#endif >>> #include<stdlib.h> >>> >>> #include "debug.h" >> > _______________________________________________ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. > To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov. >
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c index ea9ee00..7947c20 100644 --- a/checkpolicy/checkpolicy.c +++ b/checkpolicy/checkpolicy.c @@ -64,6 +64,9 @@ #include <sys/stat.h> #include <sys/socket.h> #include <netinet/in.h> +#ifndef IPPROTO_DCCP +#define IPPROTO_DCCP 33 +#endif #include <arpa/inet.h> #include <fcntl.h> #include <stdio.h> diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index 7a4d2f1..2068b71 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -36,6 +36,9 @@ #include <string.h> #include <sys/socket.h> #include <netinet/in.h> +#ifndef IPPROTO_DCCP +#define IPPROTO_DCCP 33 +#endif #include <arpa/inet.h> #include <stdlib.h> #include <limits.h> diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index 8233dfd..b8437c9 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -31,6 +31,9 @@ #include <stdio.h> #include <assert.h> #include <netinet/in.h> +#ifndef IPPROTO_DCCP +#define IPPROTO_DCCP 33 +#endif #include <sepol/policydb/policydb.h> #include <sepol/policydb/polcaps.h> diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index b478d9f..38f0dc3 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -26,6 +26,9 @@ #include <getopt.h> #include <libgen.h> #include <netinet/in.h> +#ifndef IPPROTO_DCCP +#define IPPROTO_DCCP 33 +#endif #include <signal.h> #include <stdarg.h> #include <stdio.h> diff --git a/libsepol/src/ports.c b/libsepol/src/ports.c index b1ee094..62ec602 100644 --- a/libsepol/src/ports.c +++ b/libsepol/src/ports.c @@ -1,4 +1,7 @@ #include <netinet/in.h> +#ifndef IPPROTO_DCCP +#define IPPROTO_DCCP 33 +#endif #include <stdlib.h> #include "debug.h"
Commit 3895fbbe0cf2ec52d6b6eda66084b6e9f8d88fb2 ("selinux: Add support for portcon dccp protocol") added support for the (portcon dccp ..) statement. This fix will allow policy to be built on platforms (see [1]) that do not have DCCP support by defining the IANA assigned IP Protocol Number 33 to IPPROTO_DCCP. [1] https://android-review.googlesource.com/#/c/219568/ Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> --- checkpolicy/checkpolicy.c | 3 +++ checkpolicy/policy_define.c | 3 +++ libsepol/cil/src/cil_binary.c | 3 +++ libsepol/src/module_to_cil.c | 3 +++ libsepol/src/ports.c | 3 +++ 5 files changed, 15 insertions(+)