From patchwork Tue May 9 20:50:36 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Jurgens X-Patchwork-Id: 9718965 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id BC79260237 for ; Tue, 9 May 2017 20:57:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A9CCD28488 for ; Tue, 9 May 2017 20:57:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9B0C6284CF; Tue, 9 May 2017 20:57:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B5FFD28488 for ; Tue, 9 May 2017 20:57:55 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.38,316,1491264000"; d="scan'208";a="5619776" IronPort-PHdr: =?us-ascii?q?9a23=3AvOwhQhdZ52abYumirGIUWu6xlGMj4u6mDksu8pMi?= =?us-ascii?q?zoh2WeGdxcq7ZhyN2/xhgRfzUJnB7Loc0qyN4v+mATVLuM3Y+Fk5M7V0Hycfjs?= =?us-ascii?q?sXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aFRrwLxd6?= =?us-ascii?q?KfroEYDOkcu3y/qy+5rOaAlUmTaxe71/IRG0oAnLqsUanIRuJrs/xxfUv3BFZ/?= =?us-ascii?q?lYyWR0KFyJgh3y/N2w/Jlt8yRRv/Iu6ctNWrjkcqo7ULJVEi0oP3g668P3uxbD?= =?us-ascii?q?SxCP5mYHXWUNjhVIGQnF4wrkUZr3ryD3q/By2CiePc3xULA0RTGv5LplRRP0lC?= =?us-ascii?q?sKMSMy/2/Nisx0kalVvhSvqRJiyILQeY2ZKeZycqbbcNgHR2ROQ9xRWjRBDI2i?= =?us-ascii?q?coUBAekPM+FaoInzv1sDrwayCAeyC+P00TJEmmP60Lcm3+k7DQ3KwAotFM8Ovn?= =?us-ascii?q?TOq9X1Mb8fX+6vw6nO0D7Na+5W2S3y6IfWdBAhuuyHULVtfsXLz0kvFh3KjlGS?= =?us-ascii?q?qYH+OjOayOANs2yB4OpmUuKuhHQrpB12ojiq38ohjJTCiIENyl3c6Cl0z4k4Kc?= =?us-ascii?q?e4RUJme9KoDpRduz+AO4drWs8uXmVltSggxrAJu5O3ZjUGxZUnyhLFdvCLbYyF?= =?us-ascii?q?7xT+X+iLOzh4nmhqeLeniha39kiv1/PzW9Gv0FZPsipFit7Mtm0R1xDL6siIVP?= =?us-ascii?q?99/kC51DaTzQ/T8OBEIV0vlabBN54gwqI/lpoUsUjZGC/5hF72g7OMekUh++io?= =?us-ascii?q?7/zrYrTgppCCK495khzyP6shl8ClAek0LxICU3aU9OiizrHv4FX1QLBQgf03lq?= =?us-ascii?q?nZvoraJcMepqOhGA9azIIj6xe5Dze739UUhGIILFVYeBKBk4fmJUrOLevkDfa/?= =?us-ascii?q?n1uskDBry+rAPr36GJrBNHfDkLD/fbpl8U5T1BIzzcxD55JTErwBIvXzWknru9?= =?us-ascii?q?zEDh82KQq0zv3lCNV60IMeXHiAArSFMKzMq1+I/fgjI+6WZI8aoDz9MeQq5+by?= =?us-ascii?q?jX8lnl8QZaup3ZkNZ3+kHfRmOEKZYXztgtcfCmoKsA4+TPHliVKZTD5TYWqyX7?= =?us-ascii?q?8m6jE8EoKmAp/JRpqxj7yZwCe7AppWa3hIC1CNFXfocpuLW+0XZSKcPMBujzsE?= =?us-ascii?q?VaK7RI85zxGusw36xKR7IerI4CEYsojj1Ndt7e3JiR4y7SB0D9ia02yVUm57gm?= =?us-ascii?q?YIRzgw3KBjvEBw0UmD3rZig/xZFN1T4PVJXh08NZHC0+xwE8ryVR7ZfteVVFam?= =?us-ascii?q?Rc2rDiwtTt0r2d8DeFpyG9Knjh/fxSWqGKMVm6aNBJMq7qLWx2LxKNply3bayK?= =?us-ascii?q?khiEErQ8tONG2hgK5y7A3TB4rQn0WYkaamb6Ic0zTX9GeAzGqOol9XXBR2Uarb?= =?us-ascii?q?QXAVflHWosjh5kPeU7+uDqwqPRVZycGYMKtKa8bpgE5eRPj5ItTeYnmxm3+0BR?= =?us-ascii?q?mS2ryDcpDme2IH3CXSEEIEiRwc/W6aNQgiASesu2zeDCZ0GlLpf0zs8PJ+pWi+?= =?us-ascii?q?Tk8szgGGdlZh1rSu+hIPgvycUfwT1KoeuCg9szV0AEq939XOBtqDvQVhf6JcYc?= =?us-ascii?q?4m7VdEz23ZtAt9PoG6I6BlnF4efBx9v1ny2BVvFoVAjc8qoWswwwVvM6KY0U1O?= =?us-ascii?q?dymD0J/qJrLXL3P+/Be1a67ZwlveysqZ+r8T6PQkrFXupBqpFkQ483VgyNlVz2?= =?us-ascii?q?CR5o7MDAoVX5PxV1w49x5gq7HcfCY9+5ve1WdwPqmsrj/Cx9UpCfMryxm6e9df?= =?us-ascii?q?LL2LFBXpE8ABGcihNvYqlEO0bhIBJuxS87Q0P8y+ffucxKGrJPpgnC6hjWlf/I?= =?us-ascii?q?Byz1+D9ytmRe7MxJsK3/aY3g6bWDjml1ehrtr7mYZaajEOBmC/0zTrBJZNZq1u?= =?us-ascii?q?eoYGEWGuI8yzxtV6mZHtQGVV+0S9CFMc38+lYx2Sb0by3QdIz0QYvWSnmTekzz?= =?us-ascii?q?xzizwpsKuf0zDSw+TlbhoLIHJERGlljVfqLoi5lNQaXEmubwczjhul4lz2x69B?= =?us-ascii?q?pKRwN2PTW1tHfzDqL2F+Vau9rr6CY89U6JM0qClXS/qzYVSbSr77vhsb3DjuH3?= =?us-ascii?q?BGxDA6cTGqu4n2nwdghGKbMnlzsGLTedtsyhfH+NzcWflR0yIcRCl/jTnXAkaz?= =?us-ascii?q?P8O18tWTmZbOqfu+V3+9WZ1IayXrypmAtCSj721wHRK/h+yzmsHgEQUiyS/0zc?= =?us-ascii?q?RqVSHSoBnmeIXkzKO6MeZ7fklvAl/x8M96Fp14kos3mJ4cw34aiYuJ/XAfi2f8?= =?us-ascii?q?Lc1b2b7ibHoKXTMLwMDa4A7+2EB4LXKG2YT5Vm6bwsR/e9m2eGQW2jgy78pSEq?= =?us-ascii?q?eb8KREnTdpolq/tQ/Rf/59kSoGxPsw7n4VnuEJtBArziqDHrAYBVNYMjD0lxSU?= =?us-ascii?q?89C+q71aZH61frit0EpzhsyuDLCeogBcQXr5dI0tHSlq4sV4KlLM32X56pv4d9?= =?us-ascii?q?nIcdITqhqUng/aj+dINZ08jfUKhS9oOG7nu30q1fI7hwR03Z6mpIiHN3lt/KWh?= =?us-ascii?q?Dx5ALDL1escT9S/1jalEmMaWw56gHo96FzUWR5vnU+ioECkIufT8MAaODSc8pW?= =?us-ascii?q?uFFrrRGg+f8khmoGzVH5CtKX6XOGETzc9+SxmFOExfnAcUUS00npEjEACq2Mvh?= =?us-ascii?q?cEJi6zAf+FH3txxMyvhyOBnnSGffowWoZSkoR5iDNhZW6RtC50jNO8yE8u1zBz?= =?us-ascii?q?1Y/oGmrAGVL2yUfQBIDWUXVUyYG1DsJKOh6MLG8+eGGuq+NOfBbq+WqeNATfuI?= =?us-ascii?q?w4yg0pd+9TaWKsqPJmViD+E82kdbR3B1AcrYly8KSyMNkyLNaM6aqQym9SJrq8?= =?us-ascii?q?Cz6vPrWBjg5YGXEbtdLc1v+wyqgaeEL+OQijx5JihF2ZMX33DIzqQf3FkJiyx1?= =?us-ascii?q?bTaiDbEAuTTKTKLKla9dFwQbZD9rNMtU86I82RFAOcjBitzvzr54luU4C1lEVV?= =?us-ascii?q?z7gcGpecIKI2C7NFzdAkaEKLWGKifPw83tZqO8U7JQhv1OtxKsoTabD1PjPjOb?= =?us-ascii?q?mjnxSR+gKv9DjCeaPBxCv4GwaRdtBnb9Q934cBG7N8V3jTIuy70umnzKLXIcMS?= =?us-ascii?q?R7c05Vs7KQ9j1Xje9wG2xb9HVlM/KJmz2D4OnbN5YWq+FkDj5wl+JH5nQ10aFV?= =?us-ascii?q?4DhYRPxymyvTrtlur0ugkuaR1jptSABOpSpThIKXoUViPr3U9oJaVnba5h0N4n?= =?us-ascii?q?ufCw8Rqtt+ENLvpbpfytfRm6LoMjtC9czb/dcEDcjONM2HKGYhMQbuGDPMFwQF?= =?us-ascii?q?TDGrNWbZh0FGjf6d6GaarpkgpZjqgpYOTaVbVFMtHPMAFktlBMACIItwXj48i7?= =?us-ascii?q?Gbg9QH5WSgoxTKQ8Vapo7IVvSXAfr1KTaZiaJLZxwHwL/iKoQTLIL70VR4alZm?= =?us-ascii?q?hITKB1bQXddVry19aQ80pV9B8GJ5TmwyxU3lbBii4GUUFfGqnR47kRdxYeMo9D?= =?us-ascii?q?jw+Vg3PUbKqDE2kEYvhdXvmSqRfyLpLKesQYFWDDL5t0sxM5P/XQl4dgiynUtq?= =?us-ascii?q?NDfKWb1Rk6dgdWBsiA/Zp5RDA/hcQrNYYBUI3/GYe+0o0UhAqiWg3UJH4/XKBo?= =?us-ascii?q?FmlAYxcp6sqGlA2x55Y94zPqzQJ6tJwkJWhq2Qoi+izvoxzxMGJ0YR7GOSfzYF?= =?us-ascii?q?uFYWObk9OSWn5PZs5hCCmzZYY2cMVuAqre9t9kMzI+SA1Tzv0r5ZJkC3KeOfM7?= =?us-ascii?q?uTu3Lcms6QXlMwykQImlFY8rhx18cjdVebWF4rzLuQDBkGL9TNKRtSb8ZI83jT?= =?us-ascii?q?ZymOu/3XwZ1pJ4W9CvzoTeiWuakJmE2kAgcpEJkX7skaBJasylvYLcDpLb4e1x?= =?us-ascii?q?oi+BnrJE+EDPRVeBOHijEHrN+jzJVvx4lSOikdAXlhMSWw/rvXoggqgOCdU9cw?= =?us-ascii?q?Y3YaWZAJNn0wWM2ngSJZuG5ADDav2OID1AeC9yP8pjjXDDTkdNpsevOUZRJqCN?= =?us-ascii?q?Gr9jQy6LS5iVnS8prCPW76LshitsXJ6ewEu5aNE+lUQqVls0fAh4lYQGSnU23V?= =?us-ascii?q?Ed+1PZfwbZUsbdzvB3a1VVy/ky46Q933PNmzMqiCmRvoSppMsImHwDAjMtewFi?= =?us-ascii?q?0fGxd1oOED+KJ8ZA0YbpUmYB7ptx4xOLelLAeezNquX36nKSFKQPlH0eW6e7tX?= =?us-ascii?q?wjI2Ye++yXsvUo81wPGy8U8NQpEKiRfeyuy4aoZFUCj8AHpddxzBpSokjWRhMP?= =?us-ascii?q?g9wvsnyhPSrVYcKyyLdPBuaGFcpN4zG1WSLG5sBWUlWV+Tk5DD4hW20LAI/ypR?= =?us-ascii?q?hdFU0fdKsHLmpJ/QfCqsWLC3qZXSqycgYsUmo6x1MYznPMSGsYjTkSHBQ5bLsw?= =?us-ascii?q?2KSii6G+BdmthKLyJSWONIln09OcwapYpB7lI8Vt04J7xOFKYspreqaT5/DSAK?= =?us-ascii?q?1CEXSpmO0SAFjOqnx7TakRKQf4g4PxwfrJVOmN0dXDBqYikGvq+sS53Wl3OYSm?= =?us-ascii?q?gMOAoT9x5D5BgHloBrZe3l/JDIQ4VSyzFIp/J0Uy3LFpZs91v6RWGWgUT4SPu7?= =?us-ascii?q?nOyz2AJe1vTs3ccHWBRnE0hS2/5Wllc0KLFwM6QRsJTGvSOIdUP7uWLtyfGpJF?= =?us-ascii?q?pKxM3VaVL3EpTKuXD7Ui0G9n0eXZVPx23HFZQOjwp5b74mq09WIIC7fEby/T8k?= =?us-ascii?q?yp9oH7m5VMCr200qoWwARyi0D9pLE/tmv07PWD15f5Crr43oO5RUQm9M5pKdr0?= =?us-ascii?q?lWkEBzPC6l05pdK9pA4jkUXDdRpzWducG9SMxH2cBtCJ8NLc1zu3DnGKNLIJKR?= =?us-ascii?q?uWE5uqTzyn/F/DAxqFi6xC+pFK++U+JU5GweGgInJmSYtkkvD/Uj8mbU8lDRrF?= =?us-ascii?q?905f1XBr6RgkVtuDx9BIxBBi5V1XC5KFR+VGVGs+JfKKnOb8xQX/wyagS1Nxw4?= =?us-ascii?q?C/Emw1SD/Vtoknfhfyxyqgxa9jjdXwYuTykamLPtliAFp866JzAaU4pIYislby?= =?us-ascii?q?jbMQKXgydXvAxQa0tyQZAWHs5F+60H3YtT5sfCS0GsJj8eURN/KA04yuRQlVRf?= =?us-ascii?q?sEqGZC/RFwyoeujTshdvZ8eesNapLOjl/AdAko7oq+44+LkfS3CkhAGgT8vToJ?= =?us-ascii?q?P7tt2PqkSBbrz4M/GmbX/HUjfMkQi6ha04AJnS4yjTLA1bJoFgyXU6fJfhCXTE?= =?us-ascii?q?PQhdKqIfIEpbS751ZctareBdesBrZrwF+alzCRKbXhnvApCgrOFaLlbPQjTTNz?= =?us-ascii?q?2B8vejoY3J8LPdVfPtZteLx3baWaJ4Iol16T/nG7fwy4Be/lD62vB39kN1UVLG?= =?us-ascii?q?KTyOrMz9JgMX48mvblfivoc3EjzIHZh9i2ftxkVcd8oNWSKq7pUYyJRd6HnuVe?= =?us-ascii?q?J0yE/zsPdd97N884k4/6hpyduoJafVMflas1VoAgKTBgVx8pUiGnZ/SntUYu8M?= =?us-ascii?q?LPfRYaUZgtzvq+/tEawX8weZ++tDadvIP0vBgNWwCimASRxYmwcMsTwaIRGa1/?= =?us-ascii?q?6Lga90Ttuqqvbi10Ix+Ve+KAUGzLd36YeC5KWIuPfdbwHNwrgcRqjqWsTzo6wq?= =?us-ascii?q?u0OW/vAklbgOemlvbw2mFugdWNQdyX37zaA21yIsDt/MH679+P5ZSX01hDXgm4?= =?us-ascii?q?pyH18OAPMbAaKL/ZhCnmc/g+HZMNwWfbxFmmaLDxGkCaUOyX+s6yuQO2llmQrD?= =?us-ascii?q?0xT/TGK89lP2qjV4QSTUxdf5jkVVTqW3BVtVXyexJUB3qjePMxTztNrruaU161?= =?us-ascii?q?o7Mnf4u9KMimShPq9XH8zlK9CGJyk7uk4XhoUrRtOzwYAbBca9INAJ/XF6dfve?= =?us-ascii?q?7mOmnjRPo6hZmoXe5duV9e/PHXm6iK2aqauCyyxEynQiulE/8N+gPOnU59KWW/?= =?us-ascii?q?Soy3oRTyBntgvDXh61r6fWr1UKNk2LzkjLgo0KPtdW3XUi0EHp+vQjSsop9ApC?= =?us-ascii?q?DobAe+8CpTfrNTv1wFeQecg4WTWF3jtMAF31DUd3F7Qm1GL3psLJmm/a+0c0SY?= =?us-ascii?q?loa0znmRt3Ap0jJkIs81gWzDAMEQoMaRCHFLGnH1nlLY8fWEcfbhSIwaa1db0q?= =?us-ascii?q?3U1pxbOv/vXcYfZ7B6oXOfZXlhSOk0RDGpIKra0eR6pxe0dH+67LugfiC4bmX/?= =?us-ascii?q?/8lXozLPG1Wd5V8cQYt3sk/wa+SAGt6Y9Z4LYHlJ+IdqBFYZ/WvMB/9Utn5iAA?= =?us-ascii?q?djZLgBdhixO1S+ccpPrs4tLDqpqn9v6uVLoxR+UQ7xU0G35+gIX0gF85p9HYyf?= =?us-ascii?q?xRRZDUiYTw8QBNP2SFuJ3A3BlmNOoCMYSrc6h8938fPSgRO2oOPcaKa/k7+yJt?= =?us-ascii?q?Py/c50ZcDcMQZdMVJ87NmQFIikL3WLFc7NfbGkSCB4d1ac8o83L9yCop/pskTu?= =?us-ascii?q?bg9Di2KIjQ715TOfNDkCJslNXFqOgO3/XSDCkX4X+Eaxl62S6Cz4eCC+zw/OqW?= =?us-ascii?q?0t3UUU0JHjIuWYdHODWC4RCnRvaylJjxTgyU6NX8j44leU2MQXyxmKAFsqdSHu?= =?us-ascii?q?5aliX0wCRRFoDvi/KSqdqs53NdtkdbH4Zr8R3FBKJfM41+ORT/kMmrWkd8CTXk?= =?us-ascii?q?dcHRdxohouyWyfkQ4+RwMEv+f4wbIgkex7L893VVUhNkSKTqsVaBQeIReNxmRe?= =?us-ascii?q?vLrn9J8oJgMLYDMkWSqpLsrzdIrk02AQAyZb8/qzxVbE/OkxNPV6bzor4AhRMW?= =?us-ascii?q?UcRltk9UBWKwJGU+6iLFVaRSjKmRDuYZ/SmTTqwKTkVnLyJ/QxKz2JV1eLupnO?= =?us-ascii?q?tKsn1HniNjuvcq1yFpRBqmtS3qua0NxSoq+KukuzUZpXxFUuKenj/JCVVd1vsK?= =?us-ascii?q?i7wRC3L/6VOhYXkDa5Dy7KNgJcT6+okr+24/bgk7fy0aQeSgDDn9j6GWDYyBvt?= =?us-ascii?q?JcgAWAucvUYr+1MycSKq4xyRT9SHhhygLehgpn8HMXQjW8698pPIq9OcIixium?= =?us-ascii?q?B2fbcFIM77hSsMv2s14LTfc5ZUlnwGp9zsiNXjcNS9DXG2Ypkggkbn1JcJBD6R?= =?us-ascii?q?4aD6kohTKIvqha/g4KezrUF4Wl+pXKncjWw3U9Ss1qxm3OrK2fmpwqyGFlm89z?= =?us-ascii?q?7iOWpHQSdunYXtRwAnjyyohfyvLxZ/G3vuABVoRm1KyrUOUePcm75Wu2xJJqV1?= =?us-ascii?q?egxrQfHFq5M+gDy6zZUyi/Sm2YXuKLfHaKnzojNE79+wWoJEUtaMhWt089LvfC?= =?us-ascii?q?hplEmgL6T7x0QDmQqETAzGwnNuMaax42uJm5dAMXVuIRYPKcJec2yv0kFFQMd2?= =?us-ascii?q?PJHTdxC+KuqV6tm4x7NG964UT0ZuTt9g7mPcCXGhkDFo7atYB+9uCgRmKGIn9g?= =?us-ascii?q?1xxyPE979+vFEFQxrOBceY6LndfMn9R7zfIFd/B1PC0zpNETnoNj6ZGK38qRcB?= =?us-ascii?q?DRz5PyJdTLrfiCB/3Q0V4memZAUroWeQn1/Zk1PsYlW73PGrtUpRodBbAgQJwg?= =?us-ascii?q?K2j+6rp5LAZycg7NfrS7nNPmpuWRZptbv3XW9E4/LD/Aux0fzfy5VQt7b5S0iH?= =?us-ascii?q?jpOJAwQihOr8ZxChtnAIRPB9kAoBS5DJKOnqG0lcOx8Vtgu+AWqarwFuzK1NOh?= =?us-ascii?q?0oV1Xpha41GLPTnICKlvg0Rllfiyguzb35nwE8zif9QEWPJ8Qm7fZb/MBp+/JS?= =?us-ascii?q?6WOsLgZ05G9KaR0KlnXRWVZSD5WbeGtSKjOPtr/UU7ypJ3fPDNwzw19b7Ww9jy?= =?us-ascii?q?aH9Bpiels3GJMIBQ7EHFBeDEWBJUU/WF+n5/HaILdYv06PsOMds6zdiZ+QZ88D?= =?us-ascii?q?RC0MqDI6imtULMxEN7dZTFI0vt2iY5X5QKIRulPUsrm2/ZpWzXAW5AIci8Nclt?= =?us-ascii?q?nNGVAwTv50ZrmmEtYXVOF3H1RdeXJWgb28W+ZBCF9AJLE9YPhei3dlAktqeqU+?= =?us-ascii?q?lnJo1Fmfm2tLUAidtmMDrASM9ePyHRN792IiFRAv/UpFc2fhEIqaM1VZkxZZiP?= =?us-ascii?q?JkMHLUiBxDjuwgrCy030ases2LyHISkM7nVH1LXF0T5Wqwm+o/aZjdXpUKrFY5?= =?us-ascii?q?HuQP7SLC0lWymVRTsoCkmp41aktOQAvPeDP2cfpkobYjmTCA4OvKxvq8bfDnPL?= =?us-ascii?q?k+15YJIKnOyaWzz3SCBglqoyAyFLtVqWQ/oCDgnbdHnhj3BZuAO8J/9A53Xlb6?= =?us-ascii?q?eXxqBNQewZHpNMcuGFQ9vfYf1ePDkoljAFN+u9fNDRtKg53UzSTWsYEqjI81ue?= =?us-ascii?q?QFSQQvOC2zK4FbkS6pM5visu58L4gj58E6OOOa2W4TGp7N2WliGd7MHXUCEPfl?= =?us-ascii?q?Y6jeQZSD2NyR9BJWUGI9QYvEXkRKmQIU1L0SR62qpVxxYQdVErATVV2XpMkaP4?= =?us-ascii?q?Q5VU?= X-IPAS-Result: =?us-ascii?q?A2HVAwB+LBJZ/wHyM5BdHAEBBAEBCgEBFwEBBAEBCgEBgwE?= =?us-ascii?q?pgW6OdJBicpcMJIpyVwEBAQEBAQEBAgECaAUjgjMigkEGAQIXDVUDCQEBFwgpC?= =?us-ascii?q?AMBUxkFiFCBTAS0cDomAop7iD2CZ4sABZAigQGMYpMbixeGUpRAWFkxTyEVhGo?= =?us-ascii?q?LAQEBQhyBZnOIdAEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 09 May 2017 20:57:54 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v49Kvg64007617; Tue, 9 May 2017 16:57:46 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v49Kvfls149488 for ; Tue, 9 May 2017 16:57:41 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v49KvfWm007615 for ; Tue, 9 May 2017 16:57:41 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1B5AgAJLBJZf4GlL8FdHAEBBAEBCgEBgyyCF450kGJylw+GJAKFRAECAQEBAQECEwEBIV2FFgMDGg1SEBgIMVcZiFWBULR1OopxMog9gmeLAAWQIoEBjGKTG5FplEBWWjFPIRWFOhyBZj02iHQBAQE X-IPAS-Result: A1B5AgAJLBJZf4GlL8FdHAEBBAEBCgEBgyyCF450kGJylw+GJAKFRAECAQEBAQECEwEBIV2FFgMDGg1SEBgIMVcZiFWBULR1OopxMog9gmeLAAWQIoEBjGKTG5FplEBWWjFPIRWFOhyBZj02iHQBAQE X-IronPort-AV: E=Sophos;i="5.38,316,1491278400"; d="scan'208";a="6046350" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 09 May 2017 16:57:40 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3A5PFHqhWfTjes2PxcMI3wNDYm41PV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYYxaAt8tkgFKBZ4jH8fUM07OQ6PG/HzRZqs/a6TgrS99lb1c9k8?= =?us-ascii?q?IYnggtUoauKHbQC7rUVRE8B9lIT1R//nu2YgB/Ecf6YEDO8DXptWZBUhrwOhBo?= =?us-ascii?q?KevrB4Xck9q41/yo+53Ufg5EmCexbal8IRiyrwjdrNUajZZtJqosxBbFv2ZDdv?= =?us-ascii?q?hLy29vOV+dhQv36N2q/J5k/SRQuvYh+NBFXK7nYak2TqFWASo/PWwt68LlqRfM?= =?us-ascii?q?TQ2U5nsBSWoWiQZHAxLE7B7hQJj8tDbxu/dn1ymbOc32Sq00WSin4qx2RhLklD?= =?us-ascii?q?sLOjgk+2zMlMd+kLxUrw6gpxxnwo7bfoeVNOZlfqjAed8WXHdNUtpNWyBEBI63?= =?us-ascii?q?cokBAPcbPetAr4fzuUYAoxW9CwerBuzvxCRFimPq0aAgz+gsCx3K0BAmEtkTsH?= =?us-ascii?q?rUttL1NKIKXO671qbIyyjIYfdL2Tfn54jHbBYhoeqRVr93bMXe008vFwLbgVWU?= =?us-ascii?q?q4zoJDaV2foJs2if9eVgU+WvimE9pw5tpTivw94hh4/UjYwW0lDJ7Th1zYI7KN?= =?us-ascii?q?GiR0N2Y8SoHIZRuiyaLYd6X90uTmVutS0n0LMJo4S7czIPyJk/xx7QdfiHc4+Q?= =?us-ascii?q?7xLmSumRJTN4i2hjeLK4iBe+61SvyurmWsm11FZGtitFkt/SuXARzxHf98yKR/?= =?us-ascii?q?Vn8kqu2zuDzR3f5+BELEwuiKbXNZoszqY1lpUJsETDGiH2mF/xjK+Tbkgr5/Kn?= =?us-ascii?q?6+LmYrr4op+cNZR5igTgPaQqnsywG+I4Mg8BXmSB5eu807jj8VXjQLpWlv02jr?= =?us-ascii?q?XZsJfCKMQAuKG5Bw5V0oA+6xewFDqmzNQZkmUHLFJCYh6HiZPpNEvULPD3Cve/?= =?us-ascii?q?nQfkrDA+3P3CP7v8Er3RP3PDl/HnZr875ElCmyQpytUKy5tSQpMcOv3+XFS54N?= =?us-ascii?q?DRCB40Nw6cxuvjDNx70ZNYUmWKVPzKeJjOuEOFs7p8a9KHY5UY7XOkc6Ao?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0HrAQB+LBJZf4GlL8FdHAEBBAEBCgEBF?= =?us-ascii?q?wEBBAEBCgEBgwGCF450kGJylw+GJAKFRAEBAQEBAQEBAgECEAEBIV2CMyIBgkA?= =?us-ascii?q?DAxoNUhAYCDFXGYhVgVC0cDqKcTKIPYJniwAFkCKBAYxikxuRaZRAVlsxTyEVh?= =?us-ascii?q?TocgWY9Noh0AQEB?= X-IPAS-Result: =?us-ascii?q?A0HrAQB+LBJZf4GlL8FdHAEBBAEBCgEBFwEBBAEBCgEBgwG?= =?us-ascii?q?CF450kGJylw+GJAKFRAEBAQEBAQEBAgECEAEBIV2CMyIBgkADAxoNUhAYCDFXG?= =?us-ascii?q?YhVgVC0cDqKcTKIPYJniwAFkCKBAYxikxuRaZRAVlsxTyEVhTocgWY9Noh0AQE?= =?us-ascii?q?B?= X-IronPort-AV: E=Sophos;i="5.38,316,1491264000"; d="scan'208";a="5619762" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from mail-il-dmz.mellanox.com (HELO mellanox.co.il) ([193.47.165.129]) by emsm-gh1-uea11.nsa.gov with ESMTP; 09 May 2017 20:57:38 +0000 Received: from Internal Mail-Server by MTLPINE1 (envelope-from danielj@mellanox.com) with ESMTPS (AES256-SHA encrypted); 9 May 2017 23:50:56 +0300 Received: from x-vnc01.mtx.labs.mlnx. (x-vnc01.mtx.labs.mlnx [10.12.150.16]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id v49Koor3031538; Tue, 9 May 2017 23:50:55 +0300 From: Dan Jurgens To: selinux@tycho.nsa.gov Subject: [PATCH 3/9] libsepol: Add Infiniband Pkey handling to CIL Date: Tue, 9 May 2017 23:50:36 +0300 Message-Id: <1494363042-121766-4-git-send-email-danielj@mellanox.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1494363042-121766-1-git-send-email-danielj@mellanox.com> References: <1494363042-121766-1-git-send-email-danielj@mellanox.com> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Daniel Jurgens Add Infiniband pkey parsing, symbol table management, and policy generation to CIL. Signed-off-by: Daniel Jurgens --- libsepol/cil/src/cil.c | 19 ++++++++ libsepol/cil/src/cil_binary.c | 39 ++++++++++++++++ libsepol/cil/src/cil_binary.h | 12 +++++ libsepol/cil/src/cil_build_ast.c | 86 ++++++++++++++++++++++++++++++++++++ libsepol/cil/src/cil_build_ast.h | 2 + libsepol/cil/src/cil_copy_ast.c | 26 +++++++++++ libsepol/cil/src/cil_copy_ast.h | 1 + libsepol/cil/src/cil_flavor.h | 1 + libsepol/cil/src/cil_internal.h | 11 +++++ libsepol/cil/src/cil_policy.c | 16 +++++++ libsepol/cil/src/cil_post.c | 45 +++++++++++++++++++ libsepol/cil/src/cil_post.h | 1 + libsepol/cil/src/cil_reset_ast.c | 9 ++++ libsepol/cil/src/cil_resolve_ast.c | 27 +++++++++++ libsepol/cil/src/cil_resolve_ast.h | 1 + libsepol/cil/src/cil_tree.c | 16 ++++++- libsepol/cil/src/cil_verify.c | 23 ++++++++++ 17 files changed, 334 insertions(+), 1 deletions(-) diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index a64c528..6b51b8f 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -187,6 +187,7 @@ static void cil_init_keys(void) CIL_KEY_MLSVALIDATETRANS = cil_strpool_add("mlsvalidatetrans"); CIL_KEY_CONTEXT = cil_strpool_add("context"); CIL_KEY_FILECON = cil_strpool_add("filecon"); + CIL_KEY_IBPKEYCON = cil_strpool_add("ibpkeycon"); CIL_KEY_PORTCON = cil_strpool_add("portcon"); CIL_KEY_NODECON = cil_strpool_add("nodecon"); CIL_KEY_GENFSCON = cil_strpool_add("genfscon"); @@ -256,6 +257,7 @@ void cil_db_init(struct cil_db **db) cil_sort_init(&(*db)->genfscon); cil_sort_init(&(*db)->filecon); cil_sort_init(&(*db)->nodecon); + cil_sort_init(&(*db)->ibpkeycon); cil_sort_init(&(*db)->portcon); cil_sort_init(&(*db)->pirqcon); cil_sort_init(&(*db)->iomemcon); @@ -307,6 +309,7 @@ void cil_db_destroy(struct cil_db **db) cil_sort_destroy(&(*db)->genfscon); cil_sort_destroy(&(*db)->filecon); cil_sort_destroy(&(*db)->nodecon); + cil_sort_destroy(&(*db)->ibpkeycon); cil_sort_destroy(&(*db)->portcon); cil_sort_destroy(&(*db)->pirqcon); cil_sort_destroy(&(*db)->iomemcon); @@ -724,6 +727,9 @@ void cil_destroy_data(void **data, enum cil_flavor flavor) case CIL_FILECON: cil_destroy_filecon(*data); break; + case CIL_IBPKEYCON: + cil_destroy_ibpkeycon(*data); + break; case CIL_PORTCON: cil_destroy_portcon(*data); break; @@ -1091,6 +1097,8 @@ const char * cil_node_to_string(struct cil_tree_node *node) return CIL_KEY_FSUSE; case CIL_FILECON: return CIL_KEY_FILECON; + case CIL_IBPKEYCON: + return CIL_KEY_IBPKEYCON; case CIL_PORTCON: return CIL_KEY_PORTCON; case CIL_NODECON: @@ -2240,6 +2248,17 @@ void cil_filecon_init(struct cil_filecon **filecon) (*filecon)->context = NULL; } +void cil_ibpkeycon_init(struct cil_ibpkeycon **ibpkeycon) +{ + *ibpkeycon = cil_malloc(sizeof(**ibpkeycon)); + + (*ibpkeycon)->subnet_prefix_str = NULL; + (*ibpkeycon)->pkey_low = 0; + (*ibpkeycon)->pkey_high = 0; + (*ibpkeycon)->context_str = NULL; + (*ibpkeycon)->context = NULL; +} + void cil_portcon_init(struct cil_portcon **portcon) { *portcon = cil_malloc(sizeof(**portcon)); diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index e1481a4..75398ff 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -3218,6 +3218,40 @@ exit: return rc; } +int cil_ibpkeycon_to_policydb(policydb_t *pdb, struct cil_sort *ibpkeycons) +{ + int rc = SEPOL_ERR; + uint32_t i = 0; + ocontext_t *tail = NULL; + struct in6_addr subnet_prefix; + + for (i = 0; i < ibpkeycons->count; i++) { + struct cil_ibpkeycon *cil_ibpkeycon = ibpkeycons->array[i]; + ocontext_t *new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_IBPKEY], &tail); + + rc = inet_pton(AF_INET6, cil_ibpkeycon->subnet_prefix_str, &subnet_prefix); + if (rc != 1) { + cil_log(CIL_ERR, "ibpkeycon subnet prefix not in valid IPV6 format\n"); + rc = SEPOL_ERR; + goto exit; + } + + memcpy(new_ocon->u.ibpkey.subnet_prefix, &subnet_prefix.s6_addr[0], + sizeof(*new_ocon->u.ibpkey.subnet_prefix)); + new_ocon->u.ibpkey.low_pkey = cil_ibpkeycon->pkey_low; + new_ocon->u.ibpkey.high_pkey = cil_ibpkeycon->pkey_high; + + rc = __cil_context_to_sepol_context(pdb, cil_ibpkeycon->context, &new_ocon->context[0]); + if (rc != SEPOL_OK) + goto exit; + } + + return SEPOL_OK; + +exit: + return rc; +} + int cil_portcon_to_policydb(policydb_t *pdb, struct cil_sort *portcons) { int rc = SEPOL_ERR; @@ -3848,6 +3882,11 @@ int __cil_contexts_to_policydb(policydb_t *pdb, const struct cil_db *db) goto exit; } + rc = cil_ibpkeycon_to_policydb(pdb, db->ibpkeycon); + if (rc != SEPOL_OK) { + goto exit; + } + if (db->target_platform == SEPOL_TARGET_XEN) { rc = cil_pirqcon_to_policydb(pdb, db->pirqcon); if (rc != SEPOL_OK) { diff --git a/libsepol/cil/src/cil_binary.h b/libsepol/cil/src/cil_binary.h index c59b1e3..a03d250 100644 --- a/libsepol/cil/src/cil_binary.h +++ b/libsepol/cil/src/cil_binary.h @@ -330,6 +330,18 @@ int cil_sepol_level_define(policydb_t *pdb, struct cil_sens *cil_sens); int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_rangetransition *rangetrans, hashtab_t range_trans_table); /** + * Insert cil ibpkeycon structure into sepol policydb. + * The function is given a structure containing the sorted ibpkeycons and + * loops over this structure inserting them into the policy database. + * + * @param[in] pdb The policy database to insert the ibpkeycon into. + * @param[in] node The cil_sort structure that contains the sorted ibpkeycons. + * + * @return SEPOL_OK upon success or an error otherwise. + */ +int cil_ibpkeycon_to_policydb(policydb_t *pdb, struct cil_sort *ibpkeycons); + +/** * Insert cil portcon structure into sepol policydb. * The function is given a structure containing the sorted portcons and * loops over this structure inserting them into the policy database. diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index 4b03dc3..4ca88c1 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -4187,6 +4187,89 @@ void cil_destroy_filecon(struct cil_filecon *filecon) free(filecon); } +int cil_gen_ibpkeycon(__attribute__((unused)) struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node) +{ + enum cil_syntax syntax[] = { + CIL_SYN_STRING, + CIL_SYN_STRING, + CIL_SYN_STRING | CIL_SYN_LIST, + CIL_SYN_STRING | CIL_SYN_LIST, + CIL_SYN_END + }; + int syntax_len = sizeof(syntax) / sizeof(*syntax); + int rc = SEPOL_ERR; + struct cil_ibpkeycon *ibpkeycon = NULL; + + if (!db || !parse_current || !ast_node) + goto exit; + + rc = __cil_verify_syntax(parse_current, syntax, syntax_len); + if (rc != SEPOL_OK) + goto exit; + + cil_ibpkeycon_init(&ibpkeycon); + + ibpkeycon->subnet_prefix_str = parse_current->next->data; + + if (parse_current->next->next->cl_head) { + if (parse_current->next->next->cl_head->next && + !parse_current->next->next->cl_head->next->next) { + rc = cil_fill_integer(parse_current->next->next->cl_head, &ibpkeycon->pkey_low, 0); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Improper ibpkey specified\n"); + goto exit; + } + rc = cil_fill_integer(parse_current->next->next->cl_head->next, &ibpkeycon->pkey_high, 0); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Improper ibpkey specified\n"); + goto exit; + } + } else { + cil_log(CIL_ERR, "Improper ibpkey range specified\n"); + rc = SEPOL_ERR; + goto exit; + } + } else { + rc = cil_fill_integer(parse_current->next->next, &ibpkeycon->pkey_low, 0); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Improper ibpkey specified\n"); + goto exit; + } + ibpkeycon->pkey_high = ibpkeycon->pkey_low; + } + + if (!parse_current->next->next->next->cl_head) { + ibpkeycon->context_str = parse_current->next->next->next->data; + } else { + cil_context_init(&ibpkeycon->context); + + rc = cil_fill_context(parse_current->next->next->next->cl_head, ibpkeycon->context); + if (rc != SEPOL_OK) + goto exit; + } + + ast_node->data = ibpkeycon; + ast_node->flavor = CIL_IBPKEYCON; + return SEPOL_OK; + +exit: + cil_tree_log(parse_current, CIL_ERR, "Bad ibpkeycon declaration"); + cil_destroy_ibpkeycon(ibpkeycon); + + return rc; +} + +void cil_destroy_ibpkeycon(struct cil_ibpkeycon *ibpkeycon) +{ + if (!ibpkeycon) + return; + + if (!ibpkeycon->context_str && ibpkeycon->context) + cil_destroy_context(ibpkeycon->context); + + free(ibpkeycon); +} + int cil_gen_portcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node) { enum cil_syntax syntax[] = { @@ -6143,6 +6226,9 @@ int __cil_build_ast_node_helper(struct cil_tree_node *parse_current, uint32_t *f } else if (parse_current->data == CIL_KEY_FILECON) { rc = cil_gen_filecon(db, parse_current, ast_node); *finished = CIL_TREE_SKIP_NEXT; + } else if (parse_current->data == CIL_KEY_IBPKEYCON) { + rc = cil_gen_ibpkeycon(db, parse_current, ast_node); + *finished = CIL_TREE_SKIP_NEXT; } else if (parse_current->data == CIL_KEY_PORTCON) { rc = cil_gen_portcon(db, parse_current, ast_node); *finished = CIL_TREE_SKIP_NEXT; diff --git a/libsepol/cil/src/cil_build_ast.h b/libsepol/cil/src/cil_build_ast.h index 5466203..64da477 100644 --- a/libsepol/cil/src/cil_build_ast.h +++ b/libsepol/cil/src/cil_build_ast.h @@ -173,6 +173,8 @@ int cil_gen_context(struct cil_db *db, struct cil_tree_node *parse_current, stru void cil_destroy_context(struct cil_context *context); int cil_gen_filecon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); void cil_destroy_filecon(struct cil_filecon *filecon); +int cil_gen_ibpkeycon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); +void cil_destroy_ibpkeycon(struct cil_ibpkeycon *ibpkeycon); int cil_gen_portcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); void cil_destroy_portcon(struct cil_portcon *portcon); int cil_gen_nodecon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c index 2d085dd..5c55983 100644 --- a/libsepol/cil/src/cil_copy_ast.c +++ b/libsepol/cil/src/cil_copy_ast.c @@ -1181,6 +1181,29 @@ int cil_copy_nodecon(struct cil_db *db, void *data, void **copy, __attribute__(( return SEPOL_OK; } +int cil_copy_ibpkeycon(struct cil_db *db, void *data, void **copy, __attribute__((unused)) symtab_t *symtab) +{ + struct cil_ibpkeycon *orig = data; + struct cil_ibpkeycon *new = NULL; + + cil_ibpkeycon_init(&new); + + new->subnet_prefix_str = orig->subnet_prefix_str; + new->pkey_low = orig->pkey_low; + new->pkey_high = orig->pkey_high; + + if (orig->context_str) { + new->context_str = orig->context_str; + } else { + cil_context_init(&new->context); + cil_copy_fill_context(db, orig->context, new->context); + } + + *copy = new; + + return SEPOL_OK; +} + int cil_copy_portcon(struct cil_db *db, void *data, void **copy, __attribute__((unused)) symtab_t *symtab) { struct cil_portcon *orig = data; @@ -1890,6 +1913,9 @@ int __cil_copy_node_helper(struct cil_tree_node *orig, __attribute__((unused)) u case CIL_NODECON: copy_func = &cil_copy_nodecon; break; + case CIL_IBPKEYCON: + copy_func = &cil_copy_ibpkeycon; + break; case CIL_PORTCON: copy_func = &cil_copy_portcon; break; diff --git a/libsepol/cil/src/cil_copy_ast.h b/libsepol/cil/src/cil_copy_ast.h index 78c34b8..a50c370 100644 --- a/libsepol/cil/src/cil_copy_ast.h +++ b/libsepol/cil/src/cil_copy_ast.h @@ -99,6 +99,7 @@ int cil_copy_netifcon(struct cil_db *db, void *data, void **copy, symtab_t *symt int cil_copy_genfscon(struct cil_db *db, void *data, void **copy, symtab_t *symtab); int cil_copy_filecon(struct cil_db *db, void *data, void **copy, symtab_t *symtab); int cil_copy_nodecon(struct cil_db *db, void *data, void **copy, symtab_t *symtab); +int cil_copy_ibpkeycon(struct cil_db *db, void *data, void **copy, symtab_t *symtab); int cil_copy_portcon(struct cil_db *db, void *data, void **copy, symtab_t *symtab); int cil_copy_pirqcon(struct cil_db *db, void *data, void **copy, symtab_t *symtab); int cil_copy_iomemcon(struct cil_db *db, void *data, void **copy, symtab_t *symtab); diff --git a/libsepol/cil/src/cil_flavor.h b/libsepol/cil/src/cil_flavor.h index cd08b97..242154d 100644 --- a/libsepol/cil/src/cil_flavor.h +++ b/libsepol/cil/src/cil_flavor.h @@ -112,6 +112,7 @@ enum cil_flavor { CIL_HANDLEUNKNOWN, CIL_MLS, CIL_SRC_INFO, + CIL_IBPKEYCON, /* * boolean constraint set catset diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h index efa2cd6..de2a8df 100644 --- a/libsepol/cil/src/cil_internal.h +++ b/libsepol/cil/src/cil_internal.h @@ -202,6 +202,7 @@ char *CIL_KEY_VALIDATETRANS; char *CIL_KEY_MLSVALIDATETRANS; char *CIL_KEY_CONTEXT; char *CIL_KEY_FILECON; +char *CIL_KEY_IBPKEYCON; char *CIL_KEY_PORTCON; char *CIL_KEY_NODECON; char *CIL_KEY_GENFSCON; @@ -285,6 +286,7 @@ struct cil_db { struct cil_sort *genfscon; struct cil_sort *filecon; struct cil_sort *nodecon; + struct cil_sort *ibpkeycon; struct cil_sort *portcon; struct cil_sort *pirqcon; struct cil_sort *iomemcon; @@ -728,6 +730,14 @@ enum cil_protocol { CIL_PROTOCOL_DCCP }; +struct cil_ibpkeycon { + char *subnet_prefix_str; + uint32_t pkey_low; + uint32_t pkey_high; + char *context_str; + struct cil_context *context; +}; + struct cil_portcon { enum cil_protocol proto; uint32_t port_low; @@ -997,6 +1007,7 @@ void cil_catset_init(struct cil_catset **catset); void cil_cats_init(struct cil_cats **cats); void cil_senscat_init(struct cil_senscat **senscat); void cil_filecon_init(struct cil_filecon **filecon); +void cil_ibpkeycon_init(struct cil_ibpkeycon **ibpkeycon); void cil_portcon_init(struct cil_portcon **portcon); void cil_nodecon_init(struct cil_nodecon **nodecon); void cil_genfscon_init(struct cil_genfscon **genfscon); diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c index 77179e6..35a0a29 100644 --- a/libsepol/cil/src/cil_policy.c +++ b/libsepol/cil/src/cil_policy.c @@ -1714,6 +1714,21 @@ static void cil_genfscons_to_policy(FILE *out, struct cil_sort *genfscons, int m } } +static void cil_ibpkeycons_to_policy(FILE *out, struct cil_sort *ibpkeycons, int mls) +{ + uint32_t i = 0; + + for (i = 0; i < ibpkeycons->count; i++) { + struct cil_ibpkeycon *ibpkeycon = (struct cil_ibpkeycon *)ibpkeycons->array[i]; + + fprintf(out, "ibpkeycon %s ", ibpkeycon->subnet_prefix_str); + fprintf(out, "%d ", ibpkeycon->pkey_low); + fprintf(out, "%d ", ibpkeycon->pkey_high); + cil_context_to_policy(out, ibpkeycon->context, mls); + fprintf(out, "\n"); + } +} + static void cil_portcons_to_policy(FILE *out, struct cil_sort *portcons, int mls) { unsigned i; @@ -1942,6 +1957,7 @@ void cil_gen_policy(FILE *out, struct cil_db *db) cil_genfscons_to_policy(out, db->genfscon, db->mls); cil_portcons_to_policy(out, db->portcon, db->mls); cil_netifcons_to_policy(out, db->netifcon, db->mls); + cil_ibpkeycons_to_policy(out, db->ibpkeycon, db->mls); cil_nodecons_to_policy(out, db->nodecon, db->mls); cil_pirqcons_to_policy(out, db->pirqcon, db->mls); cil_iomemcons_to_policy(out, db->iomemcon, db->mls); diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c index e32a8fc..8b6608a 100644 --- a/libsepol/cil/src/cil_post.c +++ b/libsepol/cil/src/cil_post.c @@ -154,6 +154,28 @@ int cil_post_filecon_compare(const void *a, const void *b) return rc; } +int cil_post_ibpkeycon_compare(const void *a, const void *b) +{ + int rc = SEPOL_ERR; + struct cil_ibpkeycon *aibpkeycon = *(struct cil_ibpkeycon **)a; + struct cil_ibpkeycon *bibpkeycon = *(struct cil_ibpkeycon **)b; + + rc = strcmp(aibpkeycon->subnet_prefix_str, bibpkeycon->subnet_prefix_str); + if (rc) + return rc; + + rc = (aibpkeycon->pkey_high - aibpkeycon->pkey_low) + - (bibpkeycon->pkey_high - bibpkeycon->pkey_low); + if (rc == 0) { + if (aibpkeycon->pkey_low < bibpkeycon->pkey_low) + rc = -1; + else if (bibpkeycon->pkey_low < aibpkeycon->pkey_low) + rc = 1; + } + + return rc; +} + int cil_post_portcon_compare(const void *a, const void *b) { int rc = SEPOL_ERR; @@ -401,6 +423,9 @@ static int __cil_post_db_count_helper(struct cil_tree_node *node, uint32_t *fini case CIL_NODECON: db->nodecon->count++; break; + case CIL_IBPKEYCON: + db->ibpkeycon->count++; + break; case CIL_PORTCON: db->portcon->count++; break; @@ -535,6 +560,17 @@ static int __cil_post_db_array_helper(struct cil_tree_node *node, uint32_t *fini sort->index++; break; } + case CIL_IBPKEYCON: { + struct cil_sort *sort = db->ibpkeycon; + uint32_t count = sort->count; + uint32_t i = sort->index; + + if (!sort->array) + sort->array = cil_malloc(sizeof(*sort->array) * count); + sort->array[i] = node->data; + sort->index++; + break; + } case CIL_PORTCON: { struct cil_sort *sort = db->portcon; uint32_t count = sort->count; @@ -1610,6 +1646,14 @@ static int __cil_post_db_cat_helper(struct cil_tree_node *node, uint32_t *finish } break; } + case CIL_IBPKEYCON: { + struct cil_ibpkeycon *ibpkeycon = node->data; + + rc = __evaluate_levelrange_expression(ibpkeycon->context->range, db); + if (rc != SEPOL_OK) + goto exit; + break; + } case CIL_PORTCON: { struct cil_portcon *portcon = node->data; rc = __evaluate_levelrange_expression(portcon->context->range, db); @@ -1969,6 +2013,7 @@ static int cil_post_db(struct cil_db *db) qsort(db->netifcon->array, db->netifcon->count, sizeof(db->netifcon->array), cil_post_netifcon_compare); qsort(db->genfscon->array, db->genfscon->count, sizeof(db->genfscon->array), cil_post_genfscon_compare); + qsort(db->ibpkeycon->array, db->ibpkeycon->count, sizeof(db->ibpkeycon->array), cil_post_ibpkeycon_compare); qsort(db->portcon->array, db->portcon->count, sizeof(db->portcon->array), cil_post_portcon_compare); qsort(db->nodecon->array, db->nodecon->count, sizeof(db->nodecon->array), cil_post_nodecon_compare); qsort(db->fsuse->array, db->fsuse->count, sizeof(db->fsuse->array), cil_post_fsuse_compare); diff --git a/libsepol/cil/src/cil_post.h b/libsepol/cil/src/cil_post.h index 74393cc..fe7f3a5 100644 --- a/libsepol/cil/src/cil_post.h +++ b/libsepol/cil/src/cil_post.h @@ -38,6 +38,7 @@ struct fc_data { void cil_post_fc_fill_data(struct fc_data *fc, char *path); int cil_post_filecon_compare(const void *a, const void *b); +int cil_post_ibpkeycon_compare(const void *a, const void *b); int cil_post_portcon_compare(const void *a, const void *b); int cil_post_genfscon_compare(const void *a, const void *b); int cil_post_netifcon_compare(const void *a, const void *b); diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c index de00679..d366ae3 100644 --- a/libsepol/cil/src/cil_reset_ast.c +++ b/libsepol/cil/src/cil_reset_ast.c @@ -288,6 +288,12 @@ static void cil_reset_filecon(struct cil_filecon *filecon) } } +static void cil_reset_ibpkeycon(struct cil_ibpkeycon *ibpkeycon) +{ + if (!ibpkeycon->context) + cil_reset_context(ibpkeycon->context); +} + static void cil_reset_portcon(struct cil_portcon *portcon) { if (portcon->context_str == NULL) { @@ -489,6 +495,9 @@ int __cil_reset_node(struct cil_tree_node *node, __attribute__((unused)) uint32 case CIL_FILECON: cil_reset_filecon(node->data); break; + case CIL_IBPKEYCON: + cil_reset_ibpkeycon(node->data); + break; case CIL_PORTCON: cil_reset_portcon(node->data); break; diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c index 6da44ba..1df41da 100644 --- a/libsepol/cil/src/cil_resolve_ast.c +++ b/libsepol/cil/src/cil_resolve_ast.c @@ -1875,6 +1875,30 @@ int cil_resolve_filecon(struct cil_tree_node *current, void *extra_args) return SEPOL_OK; } +int cil_resolve_ibpkeycon(struct cil_tree_node *current, void *extra_args) +{ + struct cil_ibpkeycon *ibpkeycon = current->data; + struct cil_symtab_datum *context_datum = NULL; + int rc = SEPOL_ERR; + + if (ibpkeycon->context_str) { + rc = cil_resolve_name(current, ibpkeycon->context_str, CIL_SYM_CONTEXTS, extra_args, &context_datum); + if (rc != SEPOL_OK) + goto exit; + + ibpkeycon->context = (struct cil_context *)context_datum; + } else { + rc = cil_resolve_context(current, ibpkeycon->context, extra_args); + if (rc != SEPOL_OK) + goto exit; + } + + return SEPOL_OK; + +exit: + return rc; +} + int cil_resolve_portcon(struct cil_tree_node *current, void *extra_args) { struct cil_portcon *portcon = current->data; @@ -3516,6 +3540,9 @@ int __cil_resolve_ast_node(struct cil_tree_node *node, void *extra_args) case CIL_FILECON: rc = cil_resolve_filecon(node, args); break; + case CIL_IBPKEYCON: + rc = cil_resolve_ibpkeycon(node, args); + break; case CIL_PORTCON: rc = cil_resolve_portcon(node, args); break; diff --git a/libsepol/cil/src/cil_resolve_ast.h b/libsepol/cil/src/cil_resolve_ast.h index 1175f97..0506a3d 100644 --- a/libsepol/cil/src/cil_resolve_ast.h +++ b/libsepol/cil/src/cil_resolve_ast.h @@ -74,6 +74,7 @@ int cil_resolve_constrain(struct cil_tree_node *current, void *extra_args); int cil_resolve_validatetrans(struct cil_tree_node *current, void *extra_args); int cil_resolve_context(struct cil_tree_node *current, struct cil_context *context, void *extra_args); int cil_resolve_filecon(struct cil_tree_node *current, void *extra_args); +int cil_resolve_ibpkeycon(struct cil_tree_node *current, void *extra_args); int cil_resolve_portcon(struct cil_tree_node *current, void *extra_args); int cil_resolve_genfscon(struct cil_tree_node *current, void *extra_args); int cil_resolve_nodecon(struct cil_tree_node *current, void *extra_args); diff --git a/libsepol/cil/src/cil_tree.c b/libsepol/cil/src/cil_tree.c index 9ff9d4b..4703e5f 100644 --- a/libsepol/cil/src/cil_tree.c +++ b/libsepol/cil/src/cil_tree.c @@ -1,6 +1,6 @@ /* * Copyright 2011 Tresys Technology, LLC. All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * @@ -1398,6 +1398,20 @@ void cil_tree_print_node(struct cil_tree_node *node) return; } + case CIL_IBPKEYCON: { + struct cil_ibpkeycon *ibpkeycon = node->data; + + cil_log(CIL_INFO, "IBPKEYCON: %s", ibpkeycon->subnet_prefix_str); + cil_log(CIL_INFO, " (%d %d) ", ibpkeycon->pkey_low, ibpkeycon->pkey_high); + + if (ibpkeycon->context) + cil_tree_print_context(ibpkeycon->context); + else if (ibpkeycon->context_str) + cil_log(CIL_INFO, " %s", ibpkeycon->context_str); + + cil_log(CIL_INFO, "\n"); + return; + } case CIL_PORTCON: { struct cil_portcon *portcon = node->data; cil_log(CIL_INFO, "PORTCON:"); diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c index 47dcfaa..108da33 100644 --- a/libsepol/cil/src/cil_verify.c +++ b/libsepol/cil/src/cil_verify.c @@ -1080,6 +1080,26 @@ exit: return rc; } +int __cil_verify_ibpkeycon(struct cil_db *db, struct cil_tree_node *node) +{ + int rc = SEPOL_ERR; + struct cil_ibpkeycon *pkey = node->data; + struct cil_context *ctx = pkey->context; + + /* Verify only when anonymous */ + if (!ctx->datum.name) { + rc = __cil_verify_context(db, ctx); + if (rc != SEPOL_OK) + goto exit; + } + + return SEPOL_OK; + +exit: + cil_tree_log(node, CIL_ERR, "Invalid ibpkeycon"); + return rc; +} + int __cil_verify_portcon(struct cil_db *db, struct cil_tree_node *node) { int rc = SEPOL_ERR; @@ -1452,6 +1472,9 @@ int __cil_verify_helper(struct cil_tree_node *node, uint32_t *finished, void *ex case CIL_NODECON: rc = __cil_verify_nodecon(db, node); break; + case CIL_IBPKEYCON: + rc = __cil_verify_ibpkeycon(db, node); + break; case CIL_PORTCON: rc = __cil_verify_portcon(db, node); break;