mirror of
https://github.com/topjohnwu/selinux.git
synced 2024-12-04 01:20:52 +00:00
Revert "selinux: Add support for portcon dccp protocol"
This commit breaks Android's Mac build.
external/selinux/checkpolicy/checkpolicy.c:923:16: error: use of undeclared
identifier 'IPPROTO_DCCP'
protocol = IPPROTO_DCCP;
^
1 error generated.
This reverts commit 3895fbbe0c
.
Change-Id: I2d3b01152359c113c7fc619f419dc0e1c72ece64
This commit is contained in:
parent
3467cc8e8a
commit
e92bf4c2ca
@ -919,8 +919,6 @@ int main(int argc, char **argv)
|
||||
protocol = IPPROTO_TCP;
|
||||
else if (!strcmp(ans, "udp") || !strcmp(ans, "UDP"))
|
||||
protocol = IPPROTO_UDP;
|
||||
else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP"))
|
||||
protocol = IPPROTO_DCCP;
|
||||
else {
|
||||
printf("unknown protocol\n");
|
||||
break;
|
||||
|
@ -4876,8 +4876,6 @@ int define_port_context(unsigned int low, unsigned int high)
|
||||
protocol = IPPROTO_TCP;
|
||||
} else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) {
|
||||
protocol = IPPROTO_UDP;
|
||||
} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
|
||||
protocol = IPPROTO_DCCP;
|
||||
} else {
|
||||
yyerror2("unrecognized protocol %s", id);
|
||||
free(newc);
|
||||
|
@ -108,7 +108,6 @@ static void cil_init_keys(void)
|
||||
CIL_KEY_STAR = cil_strpool_add("*");
|
||||
CIL_KEY_UDP = cil_strpool_add("udp");
|
||||
CIL_KEY_TCP = cil_strpool_add("tcp");
|
||||
CIL_KEY_DCCP = cil_strpool_add("dccp");
|
||||
CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow");
|
||||
CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif");
|
||||
CIL_KEY_ALLOW = cil_strpool_add("allow");
|
||||
|
@ -3035,9 +3035,6 @@ int cil_portcon_to_policydb(policydb_t *pdb, struct cil_sort *portcons)
|
||||
case CIL_PROTOCOL_TCP:
|
||||
new_ocon->u.port.protocol = IPPROTO_TCP;
|
||||
break;
|
||||
case CIL_PROTOCOL_DCCP:
|
||||
new_ocon->u.port.protocol = IPPROTO_DCCP;
|
||||
break;
|
||||
default:
|
||||
/* should not get here */
|
||||
rc = SEPOL_ERR;
|
||||
|
@ -4261,8 +4261,6 @@ int cil_gen_portcon(struct cil_db *db, struct cil_tree_node *parse_current, stru
|
||||
portcon->proto = CIL_PROTOCOL_UDP;
|
||||
} else if (proto == CIL_KEY_TCP) {
|
||||
portcon->proto = CIL_PROTOCOL_TCP;
|
||||
} else if (proto == CIL_KEY_DCCP) {
|
||||
portcon->proto = CIL_PROTOCOL_DCCP;
|
||||
} else {
|
||||
cil_log(CIL_ERR, "Invalid protocol\n");
|
||||
rc = SEPOL_ERR;
|
||||
|
@ -101,7 +101,6 @@ char *CIL_KEY_OBJECT_R;
|
||||
char *CIL_KEY_STAR;
|
||||
char *CIL_KEY_TCP;
|
||||
char *CIL_KEY_UDP;
|
||||
char *CIL_KEY_DCCP;
|
||||
char *CIL_KEY_AUDITALLOW;
|
||||
char *CIL_KEY_TUNABLEIF;
|
||||
char *CIL_KEY_ALLOW;
|
||||
@ -714,8 +713,7 @@ struct cil_filecon {
|
||||
|
||||
enum cil_protocol {
|
||||
CIL_PROTOCOL_UDP = 1,
|
||||
CIL_PROTOCOL_TCP,
|
||||
CIL_PROTOCOL_DCCP
|
||||
CIL_PROTOCOL_TCP
|
||||
};
|
||||
|
||||
struct cil_portcon {
|
||||
|
@ -123,8 +123,6 @@ int cil_portcon_to_policy(FILE **file_arr, struct cil_sort *sort)
|
||||
fprintf(file_arr[NETIFCONS], "udp ");
|
||||
} else if (portcon->proto == CIL_PROTOCOL_TCP) {
|
||||
fprintf(file_arr[NETIFCONS], "tcp ");
|
||||
} else if (portcon->proto == CIL_PROTOCOL_DCCP) {
|
||||
fprintf(file_arr[NETIFCONS], "dccp ");
|
||||
}
|
||||
fprintf(file_arr[NETIFCONS], "%d ", portcon->port_low);
|
||||
fprintf(file_arr[NETIFCONS], "%d ", portcon->port_high);
|
||||
|
@ -1319,8 +1319,6 @@ void cil_tree_print_node(struct cil_tree_node *node)
|
||||
cil_log(CIL_INFO, " udp");
|
||||
} else if (portcon->proto == CIL_PROTOCOL_TCP) {
|
||||
cil_log(CIL_INFO, " tcp");
|
||||
} else if (portcon->proto == CIL_PROTOCOL_DCCP) {
|
||||
cil_log(CIL_INFO, " dccp");
|
||||
}
|
||||
cil_log(CIL_INFO, " (%d %d)", portcon->port_low, portcon->port_high);
|
||||
|
||||
|
@ -14,7 +14,6 @@ typedef struct sepol_port_key sepol_port_key_t;
|
||||
|
||||
#define SEPOL_PROTO_UDP 0
|
||||
#define SEPOL_PROTO_TCP 1
|
||||
#define SEPOL_PROTO_DCCP 2
|
||||
|
||||
/* Key */
|
||||
extern int sepol_port_compare(const sepol_port_t * port,
|
||||
|
@ -2537,7 +2537,6 @@ static int ocontext_selinux_port_to_cil(struct policydb *pdb, struct ocontext *p
|
||||
switch (portcon->u.port.protocol) {
|
||||
case IPPROTO_TCP: protocol = "tcp"; break;
|
||||
case IPPROTO_UDP: protocol = "udp"; break;
|
||||
case IPPROTO_DCCP: protocol = "dccp"; break;
|
||||
default:
|
||||
log_err("Unknown portcon protocol: %i", portcon->u.port.protocol);
|
||||
rc = -1;
|
||||
|
@ -184,8 +184,6 @@ const char *sepol_port_get_proto_str(int proto)
|
||||
return "udp";
|
||||
case SEPOL_PROTO_TCP:
|
||||
return "tcp";
|
||||
case SEPOL_PROTO_DCCP:
|
||||
return "dccp";
|
||||
default:
|
||||
return "???";
|
||||
}
|
||||
|
@ -16,8 +16,6 @@ static inline int sepol2ipproto(sepol_handle_t * handle, int proto)
|
||||
return IPPROTO_TCP;
|
||||
case SEPOL_PROTO_UDP:
|
||||
return IPPROTO_UDP;
|
||||
case SEPOL_PROTO_DCCP:
|
||||
return IPPROTO_DCCP;
|
||||
default:
|
||||
ERR(handle, "unsupported protocol %u", proto);
|
||||
return STATUS_ERR;
|
||||
@ -32,8 +30,6 @@ static inline int ipproto2sepol(sepol_handle_t * handle, int proto)
|
||||
return SEPOL_PROTO_TCP;
|
||||
case IPPROTO_UDP:
|
||||
return SEPOL_PROTO_UDP;
|
||||
case IPPROTO_DCCP:
|
||||
return SEPOL_PROTO_DCCP;
|
||||
default:
|
||||
ERR(handle, "invalid protocol %u " "found in policy", proto);
|
||||
return STATUS_ERR;
|
||||
|
@ -155,7 +155,7 @@ These examples show named and anonymous [`nodecon`](cil_network_labeling_stateme
|
||||
portcon
|
||||
-------
|
||||
|
||||
Label a udp, tcp or dccp port.
|
||||
Label a udp or tcp port.
|
||||
|
||||
**Statement definition:**
|
||||
|
||||
@ -175,7 +175,7 @@ Label a udp, tcp or dccp port.
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td align="left"><p><code>protocol</code></p></td>
|
||||
<td align="left"><p>The protocol keyword <code>tcp</code>, <code>udp</code> or <code>dccp</code>.</p></td>
|
||||
<td align="left"><p>The protocol keyword <code>tcp</code> or <code>udp</code>.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td align="left"><p><code>port |</code></p>
|
||||
@ -199,4 +199,3 @@ These examples show named and anonymous [`portcon`](cil_network_labeling_stateme
|
||||
(portcon tcp 3333 (unconfined.user object_r unconfined.object levelrange_1))
|
||||
(portcon udp 4444 (unconfined.user object_r unconfined.object ((s0) level_2)))
|
||||
(portcon tcp (2000 20000) (unconfined.user object_r unconfined.object (systemlow level_3)))
|
||||
(portcon dccp (6840 6880) (unconfined.user object_r unconfined.object ((s0) level_2)))
|
||||
|
@ -270,7 +270,6 @@
|
||||
(nodecon ip_v6 netmask_v6 system_u_bin_t_l2h)
|
||||
(portcon udp 25 system_u_bin_t_l2h)
|
||||
(portcon tcp 22 system_u_bin_t_l2h)
|
||||
(portcon dccp (2048 2096) system_u_bin_t_l2h)
|
||||
(genfscon - "/usr/bin" system_u_bin_t_l2h)
|
||||
(netifcon eth0 system_u_bin_t_l2h system_u_bin_t_l2h) ;different contexts?
|
||||
(fsuse xattr ext3 system_u_bin_t_l2h)
|
||||
|
Loading…
Reference in New Issue
Block a user