--- a/usr/src/cmd/fmac/checkpolicy/policy_parse.y	Fri May 02 19:07:02 2008 -0700
+++ b/usr/src/cmd/fmac/checkpolicy/policy_parse.y	Tue Jun 03 17:45:24 2008 -0700
@@ -21,6 +21,11 @@
  */
 
 /*
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/*
  * Original files contributed to OpenSolaris.org under license by the
  * United States Government (NSA) to Sun Microsystems, Inc.
  */
@@ -34,7 +39,10 @@
 #include "queue.h"
 #include <sys/fmac/av_inherit.h>
 #include <sys/fmac/security.h>
+#include <sys/types.h>
+#include <sys/socket.h>
 #include <netinet/in.h>
+#include <arpa/inet.h>
 #include "checkpolicy.h"
 #include <stdint.h>
 #include <stdio.h>
@@ -135,6 +143,7 @@
 %token IDENTIFIER
 %token USER_IDENTIFIER
 %token NUMBER
+%token IPV4ADDRESS
 %token EQUALS
 %token NOTEQUAL
 
@@ -498,16 +507,14 @@
                         | GENFSCON identifier path security_context_def
 			{if (define_genfs_context(0)) return -1;}
 			;
-ipv4_addr_def		: number '.' number '.' number '.' number
+ipv4_addr_def		: IPV4ADDRESS
 			{ 
-			  unsigned int addr;
-	  		  unsigned char *p = ((unsigned char *)&addr);
-
-			  p[0] = $1 & 0xff;				
-			  p[1] = $3 & 0xff;
-			  p[2] = $5 & 0xff;
-			  p[3] = $7 & 0xff;
-			  $$ = addr;
+			  in_addr_t addr;
+			  if (inet_pton(AF_INET, yytext, &addr) != 1) {
+				yyerror("invalid IPv4 address");
+				return -1;
+			  }
+			  $$ = addr;	/* network order */
 			}
     			;
 security_context_def	: user_id ':' identifier ':' identifier opt_mls_range_def

--- a/usr/src/cmd/fmac/checkpolicy/policy_scan.l	Fri May 02 19:07:02 2008 -0700
+++ b/usr/src/cmd/fmac/checkpolicy/policy_scan.l	Tue Jun 03 17:45:24 2008 -0700
@@ -23,6 +23,11 @@
  */
 
 /*
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/*
  * Original files contributed to OpenSolaris.org under license by the
  * United States Government (NSA) to Sun Microsystems, Inc.
  */
@@ -47,8 +52,10 @@
 %p 12500
 %a 10000
 %n 2500
-letter  [A-Za-z]
-digit   [0-9]
+letter		[A-Za-z]
+digit		[0-9]
+octet		({digit}{1,3})
+ipv4address	{octet}((\.{octet}){3})
 %%
 \n.*				{ strncpy(linebuf[lno], yytext+1, 255);
                                   linebuf[lno][254] = 0;
@@ -161,6 +168,7 @@
 {letter}({letter}|{digit}|_)*	{ return(IDENTIFIER); }
 {letter}({letter}|{digit}|_|"."|"-")*	{ return(USER_IDENTIFIER); }
 {digit}{digit}*                 { return(NUMBER); }
+{ipv4address}			{ return(IPV4ADDRESS); }
 #[^\n]*                         { /* delete comments */ }
 [ \t\f]+			{ /* delete whitespace */ }
 "==" 				{ return(EQUALS); }

--- a/usr/src/cmd/fmac/checkpolicy/write.c	Fri May 02 19:07:02 2008 -0700
+++ b/usr/src/cmd/fmac/checkpolicy/write.c	Tue Jun 03 17:45:24 2008 -0700
@@ -20,6 +20,11 @@
  */
 
 /*
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/*
  * Original files contributed to OpenSolaris.org under license by the
  * United States Government (NSA) to Sun Microsystems, Inc.
  */
@@ -735,8 +740,9 @@
 					return (-1);
 				break;
 			case OCON_NODE:
-				buf[0] = SS_CPU_TO_LE32(c->u.node.addr);
-				buf[1] = SS_CPU_TO_LE32(c->u.node.mask);
+				/* store in network order */
+				buf[0] = c->u.node.addr;
+				buf[1] = c->u.node.mask;
 				items = fwrite(buf, sizeof (uint32_t), 2, fp);
 				if (items != 2)
 					return (-1);

--- a/usr/src/common/fmac/ss/policydb.c	Fri May 02 19:07:02 2008 -0700
+++ b/usr/src/common/fmac/ss/policydb.c	Tue Jun 03 17:45:24 2008 -0700
@@ -1237,8 +1237,9 @@
 				    fp);
 				if (items != 2)
 					goto bad;
-				c->u.node.addr = SS_LE32_TO_CPU(buf[0]);
-				c->u.node.mask = SS_LE32_TO_CPU(buf[1]);
+				/* addr and mask stored in network order */
+				c->u.node.addr = buf[0];
+				c->u.node.mask = buf[1];
 				if (context_read_and_validate(&c->context[0],
 				    p, fp))
 					goto bad;