commit 118c0cd1038efb8d869db70753d2ac449f4fda9b
author Daniel Jurgens <danielj@mellanox.com> Mon May 22 16:08:27 2017 +0300
committer Stephen Smalley <sds@tycho.nsa.gov> Tue May 23 16:20:55 2017 -0400
tree e033354de8310e94d5089cd45e2883a2fe333f94
parent 5bc05dd2a52755b1f9d16fc12fea74e54c71bf5b

libsepol: Add ibendport ocontext handling

Add support for reading, writing, and copying IB end port ocontext data.
Also add support for querying a IB end port sid to checkpolicy.

Signed-off-by: Daniel Jurgens <danielj@mellanox.com>

checkpolicy/checkpolicy.c

diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index 8aeecc1..b75f2af 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -701,6 +701,7 @@
 	printf("i)  display constraint expressions\n");
 	printf("j)  display validatetrans expressions\n");
 	printf("k)  Call ibpkey_sid\n");
+	printf("l)  Call ibendport_sid\n");
 #ifdef EQUIVTYPES
 	printf("z)  Show equivalent types\n");
 #endif
@@ -1247,6 +1248,25 @@
 				printf("sid %d\n", ssid);
 			}
 			break;
+		case 'l':
+			printf("device name (eg. mlx4_0)?  ");
+			FGETS(ans, sizeof(ans), stdin);
+			ans[strlen(ans) - 1] = 0;
+
+			name = malloc((strlen(ans) + 1) * sizeof(char));
+			if (!name) {
+				fprintf(stderr, "couldn't malloc string.\n");
+				break;
+			}
+			strcpy(name, ans);
+
+			printf("port? ");
+			FGETS(ans, sizeof(ans), stdin);
+			port = atoi(ans);
+			sepol_ibendport_sid(name, port, &ssid);
+			printf("sid %d\n", ssid);
+			free(name);
+			break;
 #ifdef EQUIVTYPES
 		case 'z':
 			identify_equiv_types();