On Thu, May 28, 2020 at 2:41 PM James Carter <jwcart2@xxxxxxxxx> wrote: > > The comparison function, portcon_data_cmp(), only made use of the > protocol to put tcp before udp, dccp, and sctp. Rules that have > the same port range, but with different protocols would be considered > equal unless one of the protocols was tcp. When generating a CIL or > conf source policy from a binary or using the "-S" option in > checkpolicy the non-tcp portcon rules with the same port range would > not be consistently sorted. > > Changed portcon_data_cmp() to sort portcon rules like the CIL function > cil_post_portcon_compare(). > > Reported-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > Signed-off-by: James Carter <jwcart2@xxxxxxxxx> Any idea why it used that logic previously? And how does this compare with sepol_port_compare/compare2() used by libsemanage? Regardless, Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
