selinux: Add support for portcon dccp protocol This adds CIL and checkpolicy support for the (portcon dccp ...) statement. The kernel already handles name_bind and name_connect permissions for the dccp_socket class. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>

commit: 3895fbbe0cf2ec52d6b6eda66084b6e9f8d88fb2 [log] [tgz]
author: Richard Haines <richard_c_haines@btinternet.com> Wed Apr 06 12:44:35 2016 +0100
committer: James Carter <jwcart2@tycho.nsa.gov> Wed Apr 06 10:14:27 2016 -0400
tree: f517e80fa8ab68b57086ea96a36ff8af6a8c79a6
parent: f5c0b471e9ea4b12679742e6765da72bbc05977b [diff] [blame]
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index 9da661e..ea9ee00 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c

@@ -919,6 +919,8 @@
 				protocol = IPPROTO_TCP;
 			else if (!strcmp(ans, "udp") || !strcmp(ans, "UDP"))
 				protocol = IPPROTO_UDP;
+			else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP"))
+				protocol = IPPROTO_DCCP;
 			else {
 				printf("unknown protocol\n");
 				break;
commit	3895fbbe0cf2ec52d6b6eda66084b6e9f8d88fb2	[log] [tgz]
author	Richard Haines <richard_c_haines@btinternet.com>	Wed Apr 06 12:44:35 2016 +0100
committer	James Carter <jwcart2@tycho.nsa.gov>	Wed Apr 06 10:14:27 2016 -0400
tree	f517e80fa8ab68b57086ea96a36ff8af6a8c79a6
parent	f5c0b471e9ea4b12679742e6765da72bbc05977b [diff] [blame]