Richard Haines via Selinux
2018-03-20 17:49:30 UTC
Allow setools to interpret SCTP portcon policy statements
Signed-off-by: Richard Haines <***@btinternet.com>
---
libqpol/policy_define.c | 2 ++
setools/policyrep/netcontext.py | 3 ++-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/libqpol/policy_define.c b/libqpol/policy_define.c
index dcc69fc..bffe451 100644
--- a/libqpol/policy_define.c
+++ b/libqpol/policy_define.c
@@ -4933,6 +4933,8 @@ int define_port_context(unsigned int low, unsigned int high)
protocol = IPPROTO_UDP;
} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
protocol = IPPROTO_DCCP;
+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
+ protocol = IPPROTO_SCTP;
} else {
yyerror2("unrecognized protocol %s", id);
goto bad;
diff --git a/setools/policyrep/netcontext.py b/setools/policyrep/netcontext.py
index c7076d2..1793677 100644
--- a/setools/policyrep/netcontext.py
+++ b/setools/policyrep/netcontext.py
@@ -17,7 +17,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
-from socket import AF_INET, AF_INET6, IPPROTO_TCP, IPPROTO_UDP, getprotobyname
+from socket import AF_INET, AF_INET6, IPPROTO_TCP, IPPROTO_UDP, IPPROTO_SCTP, getprotobyname
from collections import namedtuple
from ipaddress import ip_address, ip_network
@@ -196,6 +196,7 @@ class PortconProtocol(int, PolicyEnum):
tcp = IPPROTO_TCP
udp = IPPROTO_UDP
dccp = IPPROTO_DCCP
+ sctp = IPPROTO_SCTP
class Portcon(NetContext):
Signed-off-by: Richard Haines <***@btinternet.com>
---
libqpol/policy_define.c | 2 ++
setools/policyrep/netcontext.py | 3 ++-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/libqpol/policy_define.c b/libqpol/policy_define.c
index dcc69fc..bffe451 100644
--- a/libqpol/policy_define.c
+++ b/libqpol/policy_define.c
@@ -4933,6 +4933,8 @@ int define_port_context(unsigned int low, unsigned int high)
protocol = IPPROTO_UDP;
} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
protocol = IPPROTO_DCCP;
+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
+ protocol = IPPROTO_SCTP;
} else {
yyerror2("unrecognized protocol %s", id);
goto bad;
diff --git a/setools/policyrep/netcontext.py b/setools/policyrep/netcontext.py
index c7076d2..1793677 100644
--- a/setools/policyrep/netcontext.py
+++ b/setools/policyrep/netcontext.py
@@ -17,7 +17,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
-from socket import AF_INET, AF_INET6, IPPROTO_TCP, IPPROTO_UDP, getprotobyname
+from socket import AF_INET, AF_INET6, IPPROTO_TCP, IPPROTO_UDP, IPPROTO_SCTP, getprotobyname
from collections import namedtuple
from ipaddress import ip_address, ip_network
@@ -196,6 +196,7 @@ class PortconProtocol(int, PolicyEnum):
tcp = IPPROTO_TCP
udp = IPPROTO_UDP
dccp = IPPROTO_DCCP
+ sctp = IPPROTO_SCTP
class Portcon(NetContext):
--
2.14.3
2.14.3