pool/checkpolicy
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 609005 from home:mcepl:SELinux

Browse Source 
Rebase to 2.7

OBS-URL: https://build.opensuse.org/request/show/609005
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/checkpolicy?expand=0&rev=39
This commit is contained in:
Johannes Segitz 2018-05-23 08:27:50 +00:00 committed by Git OBS Bridge
parent 58446a0a21
commit 04327bf5b0
6 changed files with 281 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
checkpolicy-2.6.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0bebd18688ca8027b1b3b4ff1532c0626f1fe49883ae6cb74d9d385940e74157
size 69748

3
checkpolicy-2.7.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5413479f1dcde866c19896b4dbfec315d822aa431606e1d03c944408984c3201
size 65967

228
checkpolicy-build.patch Normal file
View File

@ -0,0 +1,228 @@
diff --git checkpolicy-2.7/Makefile checkpolicy-2.7/Makefile
index 68e11f2..4c817cd 100644
--- checkpolicy-2.7/Makefile
+++ checkpolicy-2.7/Makefile
@@ -1,12 +1,9 @@
#
# Makefile for building the checkpolicy program
#
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
-INCLUDEDIR ?= $(PREFIX)/include
-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
TARGETS = checkpolicy checkmodule
LEX = flex
@@ -14,7 +11,12 @@ YACC = bison -y
CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
-override CFLAGS += -I.
+# If no specific libsepol.a is specified, fall back on LDFLAGS search path
+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
+# is no need to define a value for LDLIBS_LIBSEPOLA
+ifeq ($(LIBSEPOLA),)
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
+endif
CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \
policy_define.o
@@ -27,8 +29,10 @@ all: $(TARGETS)
$(MAKE) -C test
checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA)
+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA)
checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA)
+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA)
%.o: %.c
$(CC) $(CFLAGS) -o $@ -c $<
@@ -46,15 +50,15 @@ lex.yy.c: policy_scan.l y.tab.c
$(LEX) policy_scan.l
install: all
- -mkdir -p $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 755 $(TARGETS) $(BINDIR)
- install -m 644 checkpolicy.8 $(MANDIR)/man8
- install -m 644 checkmodule.8 $(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
+ install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8
relabel: install
- /sbin/restorecon $(BINDIR)/checkpolicy
- /sbin/restorecon $(BINDIR)/checkmodule
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule
clean:
-rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c y.tab.h lex.yy.c
diff --git checkpolicy-2.7/checkmodule.8 checkpolicy-2.7/checkmodule.8
index ee95882..cf76591 100644
--- checkpolicy-2.7/checkmodule.8
+++ checkpolicy-2.7/checkmodule.8
@@ -64,4 +64,4 @@ especially "Configuring the SELinux Policy".
This manual page was copied from the checkpolicy man page
written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
and edited by Dan Walsh <dwalsh@redhat.com>.
-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
diff --git checkpolicy-2.7/checkpolicy.8 checkpolicy-2.7/checkpolicy.8
index 7b28696..1c8805d 100644
--- checkpolicy-2.7/checkpolicy.8
+++ checkpolicy-2.7/checkpolicy.8
@@ -58,5 +58,5 @@ especially "Configuring the SELinux Policy".
.SH AUTHOR
This manual page was written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
-and edited by Stephen Smalley <sds@epoch.ncsc.mil>.
-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
+and edited by Stephen Smalley <sds@tycho.nsa.gov>.
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
diff --git checkpolicy-2.7/checkpolicy.c checkpolicy-2.7/checkpolicy.c
index b75f2af..fbda455 100644
--- checkpolicy-2.7/checkpolicy.c
+++ checkpolicy-2.7/checkpolicy.c
@@ -1,6 +1,6 @@
/*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
@@ -69,6 +69,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <arpa/inet.h>
#include <fcntl.h>
#include <stdio.h>
@@ -944,6 +947,8 @@ int main(int argc, char **argv)
protocol = IPPROTO_UDP;
else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP"))
protocol = IPPROTO_DCCP;
+ else if (!strcmp(ans, "sctp") || !strcmp(ans, "SCTP"))
+ protocol = IPPROTO_SCTP;
else {
printf("unknown protocol\n");
break;
diff --git checkpolicy-2.7/policy_define.c checkpolicy-2.7/policy_define.c
index f12ebdb..11fd37d 100644
--- checkpolicy-2.7/policy_define.c
+++ checkpolicy-2.7/policy_define.c
@@ -1,5 +1,5 @@
/*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
@@ -40,6 +40,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <arpa/inet.h>
#include <stdlib.h>
#include <limits.h>
@@ -5004,6 +5007,8 @@ int define_port_context(unsigned int low, unsigned int high)
protocol = IPPROTO_UDP;
} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
protocol = IPPROTO_DCCP;
+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
+ protocol = IPPROTO_SCTP;
} else {
yyerror2("unrecognized protocol %s", id);
goto bad;
diff --git checkpolicy-2.7/policy_parse.y checkpolicy-2.7/policy_parse.y
index 6b406c8..247bd4e 100644
--- checkpolicy-2.7/policy_parse.y
+++ checkpolicy-2.7/policy_parse.y
@@ -1,6 +1,6 @@
/*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
diff --git checkpolicy-2.7/policy_scan.l checkpolicy-2.7/policy_scan.l
index e6c4898..e93ccb6 100644
--- checkpolicy-2.7/policy_scan.l
+++ checkpolicy-2.7/policy_scan.l
@@ -1,6 +1,6 @@
/*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/* Updated: David Caplan, <dac@tresys.com>
diff --git checkpolicy-2.7/queue.c checkpolicy-2.7/queue.c
index acc991c..82e6673 100644
--- checkpolicy-2.7/queue.c
+++ checkpolicy-2.7/queue.c
@@ -1,5 +1,5 @@
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */
diff --git checkpolicy-2.7/queue.h checkpolicy-2.7/queue.h
index 655c94b..60c07fe 100644
--- checkpolicy-2.7/queue.h
+++ checkpolicy-2.7/queue.h
@@ -1,5 +1,5 @@
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */
diff --git checkpolicy-2.7/test/Makefile checkpolicy-2.7/test/Makefile
index 59fa446..89e7557 100644
--- checkpolicy-2.7/test/Makefile
+++ checkpolicy-2.7/test/Makefile
@@ -1,19 +1,22 @@
#
# Makefile for building the dispol program
#
-PREFIX ?= $(DESTDIR)/usr
-BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= $(PREFIX)/lib
-INCLUDEDIR ?= $(PREFIX)/include
-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
-
CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
+# If no specific libsepol.a is specified, fall back on LDFLAGS search path
+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
+# is no need to define a value for LDLIBS_LIBSEPOLA
+ifeq ($(LIBSEPOLA),)
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
+endif
+
all: dispol dismod
dispol: dispol.o $(LIBSEPOLA)
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA)
dismod: dismod.o $(LIBSEPOLA)
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA)
clean:
-rm -f dispol dismod *.o

BIN
checkpolicy-tests.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

5
checkpolicy.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Wed May 16 07:16:19 UTC 2018 - mcepl@suse.com
- Rebase to 2.7
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Nov 24 09:01:04 UTC 2017 - jsegitz@suse.com Fri Nov 24 09:01:04 UTC 2017 - jsegitz@suse.com

58
checkpolicy.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package checkpolicy # spec file for package checkpolicy
# #
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -18,17 +18,20 @@
%define libsepol_ver 2.6 %define libsepol_ver 2.6
Name: checkpolicy Name: checkpolicy
Version: 2.6 Version: 2.7
Release: 0 Release: 0
Summary: SELinux policy compiler Summary: SELinux policy compiler
License: GPL-2.0+ License: GPL-2.0-or-later
Group: Productivity/Security Group: Productivity/Security
Url: https://github.com/SELinuxProject/selinux Url: https://github.com/SELinuxProject/selinux
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/%{name}-%{version}.tar.gz Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/%{name}-%{version}.tar.gz
Source1: checkpolicy-tests.tar.gz
Patch0: checkpolicy-build.patch
BuildRequires: bison BuildRequires: bison
BuildRequires: byacc
BuildRequires: flex BuildRequires: flex
BuildRequires: libselinux-devel BuildRequires: libselinux-devel
BuildRequires: libsepol-devel-static >= %{libsepol_ver} BuildRequires: libsepol-devel-static => %{libsepol_ver}
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
@ -40,29 +43,52 @@ utilities that implement mandatory access control policies, such as
Type Enforcement, Role-based Access Control and Multi-Level Type Enforcement, Role-based Access Control and Multi-Level
Security.) Security.)
%package devel
Summary: Development files for SELinux policy compiler
Group: Development/Libraries/C and C++
Requires: %{name} = %{version}
%description devel
checkpolicy is the SELinux policy compiler. It uses libsepol to
generate the binary policy.
This package contains the development files, which are
necessary to develop your own software using checkpolicy.
%package -n python3-%{name}
Summary: Python bindings for SELinux policy compiler
Group: Development/Libraries/Python
Requires: %{name} = %{version}
%description -n python3-%{name}
checkpolicy is the SELinux policy compiler. It uses libsepol to
generate the binary policy.
This package contains the Python bindindgs, which are necessary
to use checkpolicy from Python.
%prep %prep
%setup -q %setup -q
%patch0 -p1
%build %build
make %{?_smp_mflags} clean make clean
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags} make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" LDFLAGS="$RPM_LD_FLAGS"
cd test (cd test
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags} make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" LDFLAGS="$RPM_LD_FLAGS" )
%install %install
mkdir -p %{buildroot}%{_bindir} mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
make LIBDIR="%{_libdir}" DESTDIR=%{buildroot} install make LIBDIR="%{_libdir}" DESTDIR="${RPM_BUILD_ROOT}" install
install test/dismod %{buildroot}%{_bindir}/sedismod install test/dismod ${RPM_BUILD_ROOT}%{_bindir}/sedismod
install test/dispol %{buildroot}%{_bindir}/sedispol install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%doc COPYING ChangeLog
%{_bindir}/checkpolicy %{_bindir}/checkpolicy
%{_bindir}/checkmodule %{_bindir}/checkmodule
%{_bindir}/sedismod %{_bindir}/sedismod
%{_bindir}/sedispol %{_bindir}/sedispol
%{_mandir}/man8/checkmodule.8%{ext_man} %{_mandir}/man8/check*.*%{ext_man}
%{_mandir}/man8/checkpolicy.8%{ext_man}
%changelog %changelog