[selinux-policy: 2613/3172] Fix network_port() in corenetwork to correctly handle port ranges.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:52:19 UTC 2010
commit 85e71c86da2caf5b4e8a730464a8afc6b0ba3ea5
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Apr 13 11:06:02 2010 -0400
Fix network_port() in corenetwork to correctly handle port ranges.
Changelog | 1 +
policy/modules/kernel/corenetwork.te.m4 | 14 ++++++++++++--
2 files changed, 13 insertions(+), 2 deletions(-)
---
diff --git a/Changelog b/Changelog
index ccdaf25..e41356a 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Fix network_port() in corenetwork to correctly handle port ranges.
- SE-Postgresql updates from KaiGai Kohei.
- X object manager revisions from Eamon Walsh.
- Added modules:
diff --git a/policy/modules/kernel/corenetwork.te.m4 b/policy/modules/kernel/corenetwork.te.m4
index 27b4bb6..6ceddc8 100644
--- a/policy/modules/kernel/corenetwork.te.m4
+++ b/policy/modules/kernel/corenetwork.te.m4
@@ -6,6 +6,16 @@
define(`shiftn',`ifelse($1,0,`shift($*)',`shiftn(decr($1),shift(shift($*)))')')
#
+# range_start(num)
+#
+# return the low port in a range.
+#
+# range_start(600) returns "600"
+# range_start(1200-1600) returns "1200"
+#
+define(`range_start',`ifelse(-1,index(`$1', `-'),$1,substr($1,0,index(`$1', `-')))')
+
+#
# build_option(option_name,true,[false])
#
# makes an ifdef. hacky quoting changes because with
@@ -68,10 +78,10 @@ declare_nodes($1_node_t,shift($*))
')
define(`declare_ports',`dnl
-ifelse(eval($3 < 1024),1,`
+ifelse(eval(range_start($3) < 1024),1,`
typeattribute $1 reserved_port_type;
#bindresvport in glibc starts searching for reserved ports at 600
-ifelse(eval($3 >= 600),1,`typeattribute $1 rpc_port_type;',`dnl')
+ifelse(eval(range_start($3) >= 600),1,`typeattribute $1 rpc_port_type;',`dnl')
',`dnl')
portcon $2 $3 gen_context(system_u:object_r:$1,$4)
ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
More information about the scm-commits
mailing list