From patchwork Tue May 9 20:50:39 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Jurgens X-Patchwork-Id: 9718953 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4038960364 for ; Tue, 9 May 2017 20:52:06 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 305012848B for ; Tue, 9 May 2017 20:52:06 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 249BC28497; Tue, 9 May 2017 20:52:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A220A2848B for ; Tue, 9 May 2017 20:52:04 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.38,316,1491264000"; d="scan'208";a="5619549" IronPort-PHdr: =?us-ascii?q?9a23=3A+/NuHRVChWnZ9i4hj8JVkcgjBQ3V8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYYhWAv6dThVPEFb/W9+hDw7KP9fuxBipYuN3Y6iBKWacPfidNsd?= =?us-ascii?q?8RkQ0kDZzNImzAB9muURYHGt9fXkRu5XCxPBsdMs//Y1rPvi/6tmZKSV3wOgVv?= =?us-ascii?q?O+v6BJPZgdip2OCu4Z3TZBhDiCagbb9oIhi7qQfcutMKjYd/Jao91wXFr3hVcO?= =?us-ascii?q?lK2G1kIk6ekQzh7cmq5p5j9CpQu/Ml98FeVKjxYro1Q79FAjk4Km45/MLkuwXN?= =?us-ascii?q?QguJ/XscT34ZkgFUDAjf7RH1RYn+vy3nvedgwiaaPMn2TbcpWTS+6qpgVRHlhD?= =?us-ascii?q?sbOzM/7WrYhNZwjKZGqxy/oRJxzZPfbIWMOPZjYq/ReNUXTndDUMlMTSxMGoOy?= =?us-ascii?q?YZUSAeQPPuhWqIvyp1UWrRa8GAWhCv3gyiRTi3PqwaE3yfgtHBva0AA8Gd8FrX?= =?us-ascii?q?TarM/yNKcXSe27wrPHzTPeZP1SxDf98ofIfQ4nofGXQLl9dtfexlMpFwPEkFqQ?= =?us-ascii?q?rY7lMiiQ1usTt2ib6/BvVeSoi28osQ1+vj+vxsI1h4TPm4kbxFfE9SBjz4Y0I9?= =?us-ascii?q?21UE97bsW6H5tWqi6aL4x2Qtk+Q21ypSk11KMGtJimdyYJ0JQq3wPTZvOIfoSS?= =?us-ascii?q?4h/vSfydLSl3iX57Yr6zmg6+/VWkx+DyTMW531RHojBYntTNtn0BzQHf5taDR/?= =?us-ascii?q?Z740yvwyyA1xrJ5eFBOU00kK3bJIM/zbMojZoTtFjDHjfxmEXrkK+abkUk9fas?= =?us-ascii?q?6+TgerjmuoWTN5V1igHjKaQigNC/AOQkPQgOWGiX4+K826H4/ULlWrlKi/w2kq?= =?us-ascii?q?3BvJDbI8QUuLK5DhdI3oss5BuzFTer3MkCkXUZI19JZgiLg5XxN1HLOv/4DPO/?= =?us-ascii?q?g1q2kDdswvDLJqbhDYvJLnjClrfhYLl851dHxwo00NBf4Y5bBa8aIP/oRk/wtM?= =?us-ascii?q?DXDh8+MwCuxebnE89y2pkRWWKIHK+VKLnSvkOQ5uIzP+mMY5cYuDT6K/gj/fHu?= =?us-ascii?q?kX85lkUbfaSy35sXb3a4HvF8LEWCfXrjnM0BEXwQsgo5Vuzqh0WIUSRPaHaqQ6?= =?us-ascii?q?I8+jY7BZqkDYfBXI+inL+B3Dy8Hp1QZ2BGFEuBEXnsd4WZVPYDcz+SIsl9kjwZ?= =?us-ascii?q?T7ShTJUh1R62vg/g17VnNvbU+jEftZ/72tl15unTlRQs+jxuFMmd3X+CQHxznm?= =?us-ascii?q?MSXTA2xLp/oUt/ylidzad4n+ZUFdtJ5/NGSg06L4LTz/RmC9DuXQLMZsqGR0qj?= =?us-ascii?q?QtWhBzExUs89zsQQY0ljAdWijxHC3y2sA7MPkbyEGoA0+LrG33ftP8Z912rG1K?= =?us-ascii?q?45glY7XstAL3emi7Vj+AjUAo7Gj1+Wl722dagG2i7C6nuDx3KUvE5ESA5wTbnF?= =?us-ascii?q?XXcHa0rWrNX54UXCQqSrCbQjKwdByMiCJrFMatLzl1VGR/bjOMrAbG6rnWe/Gw?= =?us-ascii?q?qIzKuWbIX2Y2UdwDndCE8cng8I5nmKMgw+Bia6o2LCFzxiD0nvbF3w/uVks3O0?= =?us-ascii?q?UEs0zwCMb0182Lu44QIahPyGS/MOxbIIoikgpC9oHFam2NLWDcCMpw17fKVTed?= =?us-ascii?q?k9+ktI1XrFtwxhOZytN75thkYEfARtvkPuzA56Cp1ansgwrXMq1xJyKaaC31xd?= =?us-ascii?q?aTyUx5fwOqfYKmPq5hCgd7bW2k3C0NaR4qoP5u44pE/lvA61F0oi6G5q09xN03?= =?us-ascii?q?ud/5nKFwQTUYnrXkYw7Rh6qKnQYjMh6IPMyX1sLa60vyfB290zB+slzQugcsxc?= =?us-ascii?q?MKyeFw/yFNAaC9KpKOwwlFijdggEM/xK9K4oI8OmcOOL17S2M+Z6nTKpk35H7Z?= =?us-ascii?q?tn3U2Q8ipwUOnI34wKw/uAxAuISy/8jEu9ssDwgY1Efj8SHnC4ySj/GI5cfbZy?= =?us-ascii?q?fYAMCWagJs243NN+i4TrW3FG6F6pH0kG19OxeRqOc1z92hVd1EoNrnyjhSu30S?= =?us-ascii?q?Z0kyoyo6qBwiPO2f/tdAcCOmJRQ2lil1jsK5Cuj98GREiocxQplBy96Ebm2qdU?= =?us-ascii?q?uaV/IHPXQUpTYyf2KGRiXbequbqZf85D8pUovjtLUO6ke1CVVqb9owcG0yPkB2?= =?us-ascii?q?ZewjE7dzWuuprnhBx3k3iSI2hprHreY81wwg3f5NPET/5LwjUGXDV4iSXQBlWk?= =?us-ascii?q?Idmp/Mmbl4vEsuCkTW6uSp1TcS7tzYOPrya74WxqARulkPCpnd3rCw860TX019?= =?us-ascii?q?NyTyXHsA78YpX316S9Ke9nekhoBETg68ZjAYFxjI8whJAW2XgHiZSY5mEHkX/y?= =?us-ascii?q?MdVd2KLxcGENSSQNw9HL/AjvwFdjIW6Rx4LlSnWdxdNsZ8O9YmMS3iIy8dpKB7?= =?us-ascii?q?uT7L1KhiZ1uUe4oh7KYfRnmTcd0/Qu4mYAg+4VoAot0jmdArcKEElAJyPsihCI?= =?us-ascii?q?48qko6lNf2mvdryw1FZ5ndCnF7yCpx1QWHD+epg+ByNw6NtwME7U2n3p9o7kYM?= =?us-ascii?q?XQbc4UthCMkBfPke5VKIkqm/oJmyVnP3n9vXs7xO4nlxBu2ou6vIefIWV34K25?= =?us-ascii?q?GgJYNiHyZ84L5DHti7tRk92I34CpA5phGi8HXJ32QvK0CDgSr+joNx6SED0grX?= =?us-ascii?q?eWAaLfEhWC6EditH/AD5GrN22XJXUAw9VtXh+dKFZYgAAOUzUwhoQ5GRyyxMz9?= =?us-ascii?q?bEd54Sgc5kTlpRRR0e9oOBz/U2jFqAeudDg0VICVLABK4QFa+0fVLcue4/prHy?= =?us-ascii?q?5C452hqBKCKnSBaAROEWEGRFaECkv+Prm1+9bA6fOYCvClL/vJfLWOs/BRWOmG?= =?us-ascii?q?xZKoyItm8CiDOt+JPnZ8E/0xwlBDUmxhG8TFhzUPTDQalyzXYM6duBe8/Sh3o9?= =?us-ascii?q?ux8Pv1RQ3v4pGPBKFKMdV1/BC2g7mMOPKMhCpjLjZYzJwMz2fSyLcDxF4Slz1u?= =?us-ascii?q?dz61HLQFryHNSKbQlbFLDx4HcSx8LtBF76Qi0QlRIs7Ulsn61qZmgfIvDVdKS0?= =?us-ascii?q?DhkNmzZcMWO2G9KE/HBEGTObScPzHKzdv7YaamRr1Ui+VVtwa9tiyHHE/mJDiD?= =?us-ascii?q?kCPpVx+3O+FWkC6bJABeuJ26cht1B2jjVszpZQCgMNBtiz023bo0hmjROGEGLT?= =?us-ascii?q?d8dllBrrqK7SNXmv9/AXBO7mJ5LemYnCaU9+/YKowMvvtzGiR5jOxa4HUgy7tO?= =?us-ascii?q?8CFESv11mC3Iod5ov16mk/OAyj59XBpJsDZLi5qBvV9+NqXB6plARXHE8QoV7W?= =?us-ascii?q?qOEBsFud1lCtzzu6BX0dXPlbz8Jylc/N7O+sscHcfUItqdMHU9KRrpBCLUDAwd?= =?us-ascii?q?QDG2LmHQmVZSkP6I9nKPsJg3sYPsl4ANSr9GTlw6DOkWCkB4HNwEOph3RCooka?= =?us-ascii?q?KcjM4L5Xu+qwPdRMNEsZDbTviSG+ngKC6FjblYYBsF2aj4Ip4NNoLh1ExtdEJ6?= =?us-ascii?q?kZ/RG0XKQ9BCuCJhYREvoElX9nhxUHEz0Vr/agyx+H8TCeK0nhkuhwRlYOQt+z?= =?us-ascii?q?Ds41EsK1XXuiQ/i0gxls/jgTyLdz7xNqiwV5lMCyXor0gxLo/7QwFtYAKokkxr?= =?us-ascii?q?LinESKxKgrtnbWBklgncuZ5VFv5dSa1LexgQxP6Na/Uvy1RcpT2txVVb6uvdFZ?= =?us-ascii?q?tiiAwqfIawr3JH3gJvdsQ1JavRJaVXyFhfnbiOvii22eAy2wIRO0EN8GaOdyES?= =?us-ascii?q?o0wIKqMqJyy28exw8QaCgSdMeHAQV/o2pfJn7kA9OuSEzy3+yLNDL0exN+KRL6?= =?us-ascii?q?yHp2jAic6IQlQ11kwWjUVF+6Z50ds7eUqOS08v1KeRFwgONcfaLwFacdBd9HzI?= =?us-ascii?q?cCaNtuXN2o51MJ+7FuDzTu+OtbwYgkS6EwY1B44M9NgOHoGw0EHEKsfqNKQFxg?= =?us-ascii?q?s25Av1PlqFFuhGeBKQnTgcosG/1oJ43Y5TJjEFG2VyLyW26qzRpgA0nPqJRM02?= =?us-ascii?q?bWsCXosYKnI2X9W3lDNev3RGCjm4z/wWyAyD7zLnvCvfEiP8b915aPeTfxNsB8?= =?us-ascii?q?m8+S8j/KiulV7X7pLeKnnnOtt4pN/P6P4Vp42cBvxOV7l9qUDcmodDR3O0T2HP?= =?us-ascii?q?DMS1J5nsa4gsd9D0DGi1UkCngTIvU8jxJMqtLrSPgQzwQYZUt5Ob0y4lNc68ET?= =?us-ascii?q?ETABhwp+ce5K5mYg0DeZU7awbytwsiL6y/PBuY0tK2Tma2NzRWS/hfzeOnZ71Y?= =?us-ascii?q?1Ccjcui6yH48QZ4g1Om37VQBRJcUgRHC3fyjfZVRUTDvGnxBfAXCvSk5l3JhN+?= =?us-ascii?q?koxOc/3BPIvEITMzCMbOxmdHZIv9ciClOOOX92EHY3R0eAjYrf5Q6hx6wS/ypY?= =?us-ascii?q?n9ZTze1FsHj/s4TCbzKtWK2ks47avzAmbdc4v617KZbjLdeetJPCgjzfS4HdvR?= =?us-ascii?q?eBUC67C/VVhMBfICdYQflOnmElP9YJtJFa5kowTMg+IaVDCKcxprywbzprEzIS?= =?us-ascii?q?xzcDV4ycxDwCnvu827zCmxiLbpsiNgcJv49fjdsDTSF2eDgeq7W5V4TWjWOETX?= =?us-ascii?q?ILIAgL5wRW+A0AjpNwfvzi4IfQQ59M1j9Wo/ZwUiTVE5ll7Eb0RX+Njlj5Uvqh?= =?us-ascii?q?lfal3QVIzPLjytMbQgJwCVBBx+ZKkUslMKt3K68RvoHWsj+Ickf6vHn1xuW/OV?= =?us-ascii?q?df09HZeVrjAYXZsmr8VzET9mcPRY9T0n3fE4odkxZhYqYxuFpMOJymelr55zE8?= =?us-ascii?q?3YRmBaO4VcewyFs+sXYGXT2lE8RfBOFisVLXXjJlY5SqqJXqO5VSXmFQ94eHq1?= =?us-ascii?q?dcikltNTC2yYZEIcFX/jEMRCRPoSmavNaqRsxPw9N5D58NItd6unfyAqBENYOQ?= =?us-ascii?q?o3IopLPg1GXV+zcmsFe13D+zAbO3T/pF/20CHQUkP36RqlMyD+sq6GvS8UvAsl?= =?us-ascii?q?F1/+daGriAll99oDBjEZBSHjxJz2yqL0xvTHlatOVXMKXVc8pAQ/YsYR+gJRk+?= =?us-ascii?q?GuA630yT/UB5hnD5YzRsuQtc/iDSRQg0VS0OjbfqljwSsManOSUVS5hQdzUucz?= =?us-ascii?q?/FKx6HmSBQpBtfZFtqVIofAtZZ4Lwb3IxU/8TESUawKSEKQh1iNgQk0fVBj05P?= =?us-ascii?q?qkOYdj7BDQCwb/bArgV3fduNrM6uNPn54ABHiob8veAk66kDQmaplRerQd/As4?= =?us-ascii?q?/2rseKuVeWdKfkL+28ZmfMTDjWghCqn7gkC4TF8jPOPwVFM5l60WQrYZz/Bm7R?= =?us-ascii?q?JxhGILgbJ0VDX6BgddpGuvxaZ9NjeKsR+69tAQyISwjyF4Oxt/lJMEzTRSjAIC?= =?us-ascii?q?qc6OC/p5zc7aDFQ+j6esOM32rHQ75wPppi8jb7Favl3ZNc90br1Ppg7V91SV/D?= =?us-ascii?q?My+dttvhPR8L6NOkdkT8op0jBSnWD4tokHrx2kFAcNIaQze0/5sFyJNW8mrwRP?= =?us-ascii?q?l80kj0ru1d6ado5pUw479018i4P6HSJupGsUV/GBibGh1q9okxAGh4X21RevQR?= =?us-ascii?q?KOvLcqsEkcDjsPv3F6sK6B2P5+NWd93HJ13bmsalDjGQUxtEnB0OqTQCNAuTy+?= =?us-ascii?q?aFm7NoScaiveX5xlgt7EagIREb171t+IOE+raSpODNcRvRzL8EWqz0ScPvtLgs?= =?us-ascii?q?vFmS5fI8nr4UZmN1exGnEPQaVsMFxGfv17oqzSU3E8PHBb3g5uVOV3cknjLkh5?= =?us-ascii?q?B9HkkZGvIOErqN5oRShGA4m/bWNtcOaKBNhn6PFQK4Er8F0XOr6TGYIG9rghHU?= =?us-ascii?q?1BH/XH284UTqrSBiRyvM1NDjnlBTVrapGUdYRzCpNlNgsDOTIAros8L6uaIx7E?= =?us-ascii?q?wtM2zksteNmHGgOLNREc3/PsaTITIopFINkZ0+WsCv2Z0BGdWjOtsR92t+bvTG?= =?us-ascii?q?4WOxjyBBu7tHh5bZ4syN/PXXHGWvj6qeq7qX3zBU0Hk4vVY46tC7LfHD/NiKTv?= =?us-ascii?q?un1moLSCd/oQTBVQavqrPHt1AUJVCL0EDTlYMWJN5Z2Wc31lr65OkjR9I+7x5e?= =?us-ascii?q?GZrBZ/wcozDzJDr0zkyFb9IxSCaezyNdHkjpHllgBKg8xGXwsdrNlXfL/l0lRp?= =?us-ascii?q?J9d0L5ihNqCIU4M1gi6EANwioEEwgCdwyUDK2yCUTiN4sEWlAJaQ6b07iiZqc3?= =?us-ascii?q?wUpzz6ut5O/SaOxxHK8NOehdjwGQhlhbG5QWsaIETLJ6ZVBd6LbdphL+BIj/Q/?= =?us-ascii?q?jmiX0wOOW0QsFb688WrWct7x2kRxW+9ZdM8aoUhIqPdq5ebpjGpNp84Ft/5T4T?= =?us-ascii?q?aixNhwBygAi4UeAHquHs+NrbsJu06ua2TqktWuEX+gMoCGR5kpT/nkosoczN1+?= =?us-ascii?q?dbUI3ak57z8AdXI36FoIzayQVzKfISK4K3e7Zt720HKDICJ30SPdqXZf484zVu?= =?us-ascii?q?MDnK/FxNHMcMZdIePMrQlgFZkVXpV6tP9sXHGl+ZBYBzd9or72btyzA674E8Uu?= =?us-ascii?q?D+5z+yP5zf6EtNP/xbhiV2iN3CvPQVwebVCCUP/XmZcQZ6wieYxJmLFfn95viD?= =?us-ascii?q?yNDbV1MHAi45SZxdKyCY+Qy6XOa1kovmUh+M4M/pnJ0+bF6QRmC2nKkdvaZDC/?= =?us-ascii?q?RAhTvn3jheDY31g/OVs8ay52tXrFJHDZ1z4QfDGKpBIpVxIQ74mdWzRkhgGiv/?= =?us-ascii?q?f9nZdhUwt+qQ2ucM5OJ+O0zlZYAFJhIEyrT66WdaTwZ1TL75oEyZXOILa9d8Tv?= =?us-ascii?q?PLsGxV45p6K6ATJFiduIDqrjBQpV8qAg8mcqM/oydGeUnJmA1VX6f0t6AaigsA?= =?us-ascii?q?T9F2pU9MFXi3OGIk6DrNTb5Vg7WJCPwJ7jWTSbQDU0BvMiN4XxO114thdqCsnf?= =?us-ascii?q?BGqGxGmD1yoOQk0jxhXhu8ujbsq7gL2T0+5LGyrC8BtmBdTuWCjyfIDk1OzPsW?= =?us-ascii?q?gqcHEHbu8EGybnYFYovz5rlnOMvh+JIu43Q6exojeTMJUf6nCyHqgKOCGpaPv8?= =?us-ascii?q?5EhB6RpMXOaqe+LSoVNrQ9zxLvXWRy0gjanBZ17WQKQzSg7Nk/JIW+OMYo3TSo?= =?us-ascii?q?GWnFdFkW5qNGrcrxuUQNTOQodVNr2H9j3dSfRi0RWMzPHH44jgk6aWpedpJO8h?= =?us-ascii?q?saF7Q1jTaJualG5RsYYDDOEoSq4oPQh9vH2WEhTdd2wWLbvq+FiY0k0H1rn9N5?= =?us-ascii?q?9SCPt24Ud+PGT89gGH7z2ZlDyebmffWirvgHSJd6yLSmSPICPc2j+Wy42Zp0Xk?= =?us-ascii?q?+lwq8TH0G+MO8Fx7fUTz2pSWuGVuSXa2KMhSo2Mlbu5Rm0KV06cMVKr089M+va?= =?us-ascii?q?gZ5ckwzhUa9qSSiLoF/bzXAjMfkEeA4sv4enYQMKRvYLZ+eAPegu3OE+CFwUYn?= =?us-ascii?q?/VHCt2DvS7sUKsnIdnOHVv/0H6bf7r8g/4LNuYAgMEHpLCrp5t5fy6QXqMOXph?= =?us-ascii?q?zB1xP0l08PzSF1Yrue9fdJaRm8bfh9Jh3e4DafhtLTU3usQPlYJ79YmUzMCKfA?= =?us-ascii?q?nKwZnsI9HVvuOVA+bbz0QtZmFaTqQZbh3o6IkgOd45QbLTF6NDvRsAHag6XIAh?= =?us-ascii?q?N2Dp+aFsKwNzdhTeZK66g8ntouKLaIBZp3rR7lI3NyfTpQEMyuazTQxgdJCqhn?= =?us-ascii?q?PyIJ8qSjJGtd1tBQNsHJFTFMMYswqnH5mUlbm1i9Cv/0N6uvcKvrTrB/HL1dS5?= =?us-ascii?q?2oBxUIZA5UyPIjndHq5rgl5qju6qmPfPzoHxCd/+edMDTOV6THbFaqXHHoqjND?= =?us-ascii?q?2DIcf8e09a876Gzr11SBKRZDr2X6Ceri2rKO1k4Vknyox/ZOfTyzgt4K/A1dvq?= =?us-ascii?q?Y2FUvDyjrWKINJRD8FzKH/LRUAxORfqD7mllAbUdbZHo++cWLdwi3N+c7hF37D?= =?us-ascii?q?RD1suFPqegolbI2kJ6bpLbMFDp1j04WYYQJhS/NlEggWjDqnTSGX5cNNSrKdFx?= =?us-ascii?q?gNaJCRzg/1Jxln8pZm5AHGroWNiQNW8U1cKiZA2F6hhLAMgbn+GtYkM4tbO9Sf?= =?us-ascii?q?NuOppbneWlr6gHkdlzJyHIXshaMDnaLKVqMTpJEuXPuF8obwYBs7cvRog1ZZmO?= =?us-ascii?q?IEUAMEqb1yPyzA3C3lPwd9yt0qaJPSkX/m9Az7Lf3jhGvxO5tuqBgs3/TLDZa4?= =?us-ascii?q?n7XPzIPyomUTGVXi8/EVuv+Ve4u/oEu+eYIWgfolAIeC6SDhAcprx3p9jKEmDT?= =?us-ascii?q?gfFjfIENhP2CVCD/UjZ3lLAzBilVsUCBWOQDFQ3MYH/6gWpcpRauJvlS8nL5d7?= =?us-ascii?q?eY3LZaW/QKAotQdf2UW9nYefVZJzcyjDUZOf28csbar7kj11LHU2oZH7PP9F2E?= =?us-ascii?q?Q06cWuacyC7zXYUJo4g0vTIl+sneni9yD6vFPrWSqiWw8oGmliaYuOzfVm4rY0?= =?us-ascii?q?AvhuINHnWBk1F8LzQfBtUUvlz9arKRbEZLknQygKRh3AFfVh50VyhC23sevuun?= =?us-ascii?q?FcBfUhZAgGqoQfACbnhyATc09EmN8kv5ZtlW6pObfHNX6rZZEdlVF/Iv8oSCff?= =?us-ascii?q?JIzQ=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2HVAwBSKxJZ/wHyM5BdHAEBBAEBCgEBFwEBBAEBCgEBgwE?= =?us-ascii?q?pgW6OdJBicpcMJIpyVwEBAQEBAQEBAgECaAUjgjMigkEGAQIXDVUDCQEBFwgpC?= =?us-ascii?q?AMBUxkFiFCBTAS0czomAop7iD2CZ4sABZAigQGMYpMbixeGUpRAWFkxTyEVhGo?= =?us-ascii?q?LAQEBQhyBZnOIdAEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 09 May 2017 20:52:03 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v49Kq2oj005742; Tue, 9 May 2017 16:52:02 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v49Kp56S149467 for ; Tue, 9 May 2017 16:51:05 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v49Kp5ap005421 for ; Tue, 9 May 2017 16:51:05 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1B5AgDVKhJZf4GlL8FdHAEBBAEBCgEBgyyCF450kGJylw+GJAKFRAECAQEBAQECEwEBIV2FFgMDGg1SEBgIMVcZiFWBULRyOopwMog9gmeLAAWQIoEBjGKTG5FplEBWWjFPIRWFOhyBZj02iHQBAQE X-IPAS-Result: A1B5AgDVKhJZf4GlL8FdHAEBBAEBCgEBgyyCF450kGJylw+GJAKFRAECAQEBAQECEwEBIV2FFgMDGg1SEBgIMVcZiFWBULRyOopwMog9gmeLAAWQIoEBjGKTG5FplEBWWjFPIRWFOhyBZj02iHQBAQE X-IronPort-AV: E=Sophos;i="5.38,316,1491278400"; d="scan'208";a="6046337" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 09 May 2017 16:51:04 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AZDHDkhWQcc+AeFuj8K9YoR5RbCzV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYYxOGt8tkgFKBZ4jH8fUM07OQ6PG/HzRZqs/b4DgrS99lb1c9k8?= =?us-ascii?q?IYnggtUoauKHbQC7rUVRE8B9lIT1R//nu2YgB/Ecf6YEDO8DXptWZBUhrwOhBo?= =?us-ascii?q?KevrB4Xck9q41/yo+53Ufg5EmCexbal8IRiyrwjdrNUajZZtJqos1BfEoWZDdv?= =?us-ascii?q?hLy29vOV+dhQv36N2q/J5k/SRQuvYh+NBFXK7nYak2TqFWASo/PWwt68LlqRfM?= =?us-ascii?q?TQ2U5nsBSWoWiQZHAxLE7B7hQJj8tDbxu/dn1ymbOc32Sq00WSin4qx2RhLklD?= =?us-ascii?q?sLOjgk+2zMlMd+kLxUrw6gpxxnwo7bfoeVNOZlfqjAed8WXHdNUtpNWyBEBI63?= =?us-ascii?q?cokBAPcbPetAr4fzuUYAoxW9CwerBuzvxCRFimPq0aAgz+gsCx3K0BAmEtkTsH?= =?us-ascii?q?rUttL1NKIKXO671qbIyyjIYfdL2Tfn54jHbBYhoeqRVr93bMXe008vFwLbgVWU?= =?us-ascii?q?q4zoJDaV2foJs2if9eVgU+WvimE9pw5tpTivw94hh4/UjYwbzVDE8D92wIczJd?= =?us-ascii?q?CgSU50esCrEJ1NuCGCMIt2WN8iT3t1tykk1L0Lv4OwcisSyJk/2hLSb/KKf5KH?= =?us-ascii?q?7x/hTuqdPDZ1iXJ/dL6imRq/9U6twfDmWMauylZFtC9Fn8HMtn8T0xzT7dCKSv?= =?us-ascii?q?5j8Uel3TaAzQbT6uZLIEwuiaXbLIQtwr80lpYLsETDGDH5mFnugaOLckgp9PKk?= =?us-ascii?q?5uvlb7n8u5ORNo95hhvjPqgwnsGzGeE4PRIPX2if9+S8zrrj/UjhTbpXlPI2lK?= =?us-ascii?q?jZv47eJcQZvaO5BhFa0oIn6xmlCTem19sZkWMbI1JCfRKLl5LpNE3WIPDkEfe/?= =?us-ascii?q?hEyhkCx1yPDCP73hBIjNL3fYnbf9fbdy905cyA0pwdBZ/JJbEKsNIP30Wk/v55?= =?us-ascii?q?TkCUoiPgi1xfv3IMls3YMZH2SUC+mWN72Bn0WP47cDKu/ERpIPtzv7MLBx6/fo?= =?us-ascii?q?jHI9m3cYcK2t1J0QeDazGfEwcBbRWmblntpUSTRChQE5VuG/zQTaCTM=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0HrAQBSKxJZf4GlL8FdHAEBBAEBCgEBF?= =?us-ascii?q?wEBBAEBCgEBgwGCF450kGJylw+GJAKFRAEBAQEBAQEBAgECEAEBIV2CMyIBgkA?= =?us-ascii?q?DAxoNUhAYCDFXGYhVgVC0czqKcTKIPYJniwAFkCKBAYxikxuRaZRAVlsxTyEVh?= =?us-ascii?q?TocgWY9Noh0AQEB?= X-IPAS-Result: =?us-ascii?q?A0HrAQBSKxJZf4GlL8FdHAEBBAEBCgEBFwEBBAEBCgEBgwG?= =?us-ascii?q?CF450kGJylw+GJAKFRAEBAQEBAQEBAgECEAEBIV2CMyIBgkADAxoNUhAYCDFXG?= =?us-ascii?q?YhVgVC0czqKcTKIPYJniwAFkCKBAYxikxuRaZRAVlsxTyEVhTocgWY9Noh0AQE?= =?us-ascii?q?B?= X-IronPort-AV: E=Sophos;i="5.38,316,1491264000"; d="scan'208";a="6821806" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from mail-il-dmz.mellanox.com (HELO mellanox.co.il) ([193.47.165.129]) by emsm-gh1-uea10.nsa.gov with ESMTP; 09 May 2017 20:51:03 +0000 Received: from Internal Mail-Server by MTLPINE1 (envelope-from danielj@mellanox.com) with ESMTPS (AES256-SHA encrypted); 9 May 2017 23:51:00 +0300 Received: from x-vnc01.mtx.labs.mlnx. (x-vnc01.mtx.labs.mlnx [10.12.150.16]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id v49Koor6031538; Tue, 9 May 2017 23:50:59 +0300 From: Dan Jurgens To: selinux@tycho.nsa.gov Subject: [PATCH 6/9] libsepol: Add IB end port handling to CIL Date: Tue, 9 May 2017 23:50:39 +0300 Message-Id: <1494363042-121766-7-git-send-email-danielj@mellanox.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1494363042-121766-1-git-send-email-danielj@mellanox.com> References: <1494363042-121766-1-git-send-email-danielj@mellanox.com> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Daniel Jurgens Add IB end port parsing, symbol table management, and policy generation to CIL. Signed-off-by: Daniel Jurgens --- libsepol/cil/src/cil.c | 18 ++++++++++ libsepol/cil/src/cil_binary.c | 29 ++++++++++++++++ libsepol/cil/src/cil_binary.h | 12 +++++++ libsepol/cil/src/cil_build_ast.c | 65 ++++++++++++++++++++++++++++++++++++ libsepol/cil/src/cil_build_ast.h | 2 + libsepol/cil/src/cil_copy_ast.c | 25 ++++++++++++++ libsepol/cil/src/cil_flavor.h | 1 + libsepol/cil/src/cil_internal.h | 9 +++++ libsepol/cil/src/cil_policy.c | 15 ++++++++ libsepol/cil/src/cil_post.c | 42 +++++++++++++++++++++++ libsepol/cil/src/cil_post.h | 1 + libsepol/cil/src/cil_reset_ast.c | 10 +++++ libsepol/cil/src/cil_resolve_ast.c | 28 +++++++++++++++ libsepol/cil/src/cil_tree.c | 13 +++++++ libsepol/cil/src/cil_verify.c | 23 +++++++++++++ 15 files changed, 293 insertions(+), 0 deletions(-) diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index 6b51b8f..f3849ef 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -188,6 +188,7 @@ static void cil_init_keys(void) CIL_KEY_CONTEXT = cil_strpool_add("context"); CIL_KEY_FILECON = cil_strpool_add("filecon"); CIL_KEY_IBPKEYCON = cil_strpool_add("ibpkeycon"); + CIL_KEY_IBENDPORTCON = cil_strpool_add("ibendportcon"); CIL_KEY_PORTCON = cil_strpool_add("portcon"); CIL_KEY_NODECON = cil_strpool_add("nodecon"); CIL_KEY_GENFSCON = cil_strpool_add("genfscon"); @@ -258,6 +259,7 @@ void cil_db_init(struct cil_db **db) cil_sort_init(&(*db)->filecon); cil_sort_init(&(*db)->nodecon); cil_sort_init(&(*db)->ibpkeycon); + cil_sort_init(&(*db)->ibendportcon); cil_sort_init(&(*db)->portcon); cil_sort_init(&(*db)->pirqcon); cil_sort_init(&(*db)->iomemcon); @@ -310,6 +312,7 @@ void cil_db_destroy(struct cil_db **db) cil_sort_destroy(&(*db)->filecon); cil_sort_destroy(&(*db)->nodecon); cil_sort_destroy(&(*db)->ibpkeycon); + cil_sort_destroy(&(*db)->ibendportcon); cil_sort_destroy(&(*db)->portcon); cil_sort_destroy(&(*db)->pirqcon); cil_sort_destroy(&(*db)->iomemcon); @@ -733,6 +736,9 @@ void cil_destroy_data(void **data, enum cil_flavor flavor) case CIL_PORTCON: cil_destroy_portcon(*data); break; + case CIL_IBENDPORTCON: + cil_destroy_ibendportcon(*data); + break; case CIL_NODECON: cil_destroy_nodecon(*data); break; @@ -1099,6 +1105,8 @@ const char * cil_node_to_string(struct cil_tree_node *node) return CIL_KEY_FILECON; case CIL_IBPKEYCON: return CIL_KEY_IBPKEYCON; + case CIL_IBENDPORTCON: + return CIL_KEY_IBENDPORTCON; case CIL_PORTCON: return CIL_KEY_PORTCON; case CIL_NODECON: @@ -1832,6 +1840,16 @@ void cil_netifcon_init(struct cil_netifcon **netifcon) (*netifcon)->context_str = NULL; } +void cil_ibendportcon_init(struct cil_ibendportcon **ibendportcon) +{ + *ibendportcon = cil_malloc(sizeof(**ibendportcon)); + + (*ibendportcon)->dev_name_str = NULL; + (*ibendportcon)->port = 0; + (*ibendportcon)->context_str = NULL; + (*ibendportcon)->context = NULL; +} + void cil_context_init(struct cil_context **context) { *context = cil_malloc(sizeof(**context)); diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index 75398ff..fb65698 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -3323,6 +3323,30 @@ exit: return rc; } +int cil_ibendportcon_to_policydb(policydb_t *pdb, struct cil_sort *ibendportcons) +{ + int rc = SEPOL_ERR; + uint32_t i; + ocontext_t *tail = NULL; + + for (i = 0; i < ibendportcons->count; i++) { + ocontext_t *new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_IBENDPORT], &tail); + struct cil_ibendportcon *cil_ibendportcon = ibendportcons->array[i]; + + new_ocon->u.ibendport.dev_name = cil_strdup(cil_ibendportcon->dev_name_str); + new_ocon->u.ibendport.port = cil_ibendportcon->port; + + rc = __cil_context_to_sepol_context(pdb, cil_ibendportcon->context, &new_ocon->context[0]); + if (rc != SEPOL_OK) + goto exit; + } + + return SEPOL_OK; + +exit: + return rc; +} + int cil_nodecon_to_policydb(policydb_t *pdb, struct cil_sort *nodecons) { int rc = SEPOL_ERR; @@ -3887,6 +3911,11 @@ int __cil_contexts_to_policydb(policydb_t *pdb, const struct cil_db *db) goto exit; } + rc = cil_ibendportcon_to_policydb(pdb, db->ibendportcon); + if (rc != SEPOL_OK) { + goto exit; + } + if (db->target_platform == SEPOL_TARGET_XEN) { rc = cil_pirqcon_to_policydb(pdb, db->pirqcon); if (rc != SEPOL_OK) { diff --git a/libsepol/cil/src/cil_binary.h b/libsepol/cil/src/cil_binary.h index a03d250..5367feb 100644 --- a/libsepol/cil/src/cil_binary.h +++ b/libsepol/cil/src/cil_binary.h @@ -342,6 +342,18 @@ int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, st int cil_ibpkeycon_to_policydb(policydb_t *pdb, struct cil_sort *ibpkeycons); /** + * Insert cil idbev structure into sepol policydb. + * The function is given a structure containing the sorted ibendportcons and + * loops over this structure inserting them into the policy database. + * + * @param[in] pdb The policy database to insert the pkeycon into. + * @param[in] node The cil_sort structure that contains the sorted ibendportcons. + * + * @return SEPOL_OK upon success or an error otherwise. + */ +int cil_ibendportcon_to_policydb(policydb_t *pdb, struct cil_sort *pkeycons); + +/** * Insert cil portcon structure into sepol policydb. * The function is given a structure containing the sorted portcons and * loops over this structure inserting them into the policy database. diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index 4ca88c1..ede19a2 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -4598,6 +4598,68 @@ void cil_destroy_netifcon(struct cil_netifcon *netifcon) free(netifcon); } +int cil_gen_ibendportcon(__attribute__((unused)) struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node) +{ + enum cil_syntax syntax[] = { + CIL_SYN_STRING, + CIL_SYN_STRING, + CIL_SYN_STRING, + CIL_SYN_STRING | CIL_SYN_LIST, + CIL_SYN_END + }; + int syntax_len = sizeof(syntax) / sizeof(*syntax); + int rc = SEPOL_ERR; + struct cil_ibendportcon *ibendportcon = NULL; + + if (!db || !parse_current || !ast_node) + goto exit; + + rc = __cil_verify_syntax(parse_current, syntax, syntax_len); + if (rc != SEPOL_OK) + goto exit; + + cil_ibendportcon_init(&ibendportcon); + + ibendportcon->dev_name_str = parse_current->next->data; + + rc = cil_fill_integer(parse_current->next->next, &ibendportcon->port, 10); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Improper ibendport port specified\n"); + goto exit; + } + + if (!parse_current->next->next->next->cl_head) { + ibendportcon->context_str = parse_current->next->next->data; + } else { + cil_context_init(&ibendportcon->context); + + rc = cil_fill_context(parse_current->next->next->next->cl_head, ibendportcon->context); + if (rc != SEPOL_OK) + goto exit; + } + + ast_node->data = ibendportcon; + ast_node->flavor = CIL_IBENDPORTCON; + + return SEPOL_OK; + +exit: + cil_tree_log(parse_current, CIL_ERR, "Bad ibendportcon declaration"); + cil_destroy_ibendportcon(ibendportcon); + return SEPOL_ERR; +} + +void cil_destroy_ibendportcon(struct cil_ibendportcon *ibendportcon) +{ + if (!ibendportcon) + return; + + if (!ibendportcon->context_str && ibendportcon->context) + cil_destroy_context(ibendportcon->context); + + free(ibendportcon); +} + int cil_gen_pirqcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node) { enum cil_syntax syntax[] = { @@ -6229,6 +6291,9 @@ int __cil_build_ast_node_helper(struct cil_tree_node *parse_current, uint32_t *f } else if (parse_current->data == CIL_KEY_IBPKEYCON) { rc = cil_gen_ibpkeycon(db, parse_current, ast_node); *finished = CIL_TREE_SKIP_NEXT; + } else if (parse_current->data == CIL_KEY_IBENDPORTCON) { + rc = cil_gen_ibendportcon(db, parse_current, ast_node); + *finished = CIL_TREE_SKIP_NEXT; } else if (parse_current->data == CIL_KEY_PORTCON) { rc = cil_gen_portcon(db, parse_current, ast_node); *finished = CIL_TREE_SKIP_NEXT; diff --git a/libsepol/cil/src/cil_build_ast.h b/libsepol/cil/src/cil_build_ast.h index 64da477..a31f6a4 100644 --- a/libsepol/cil/src/cil_build_ast.h +++ b/libsepol/cil/src/cil_build_ast.h @@ -175,6 +175,8 @@ int cil_gen_filecon(struct cil_db *db, struct cil_tree_node *parse_current, stru void cil_destroy_filecon(struct cil_filecon *filecon); int cil_gen_ibpkeycon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); void cil_destroy_ibpkeycon(struct cil_ibpkeycon *ibpkeycon); +int cil_gen_ibendportcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); +void cil_destroy_ibendportcon(struct cil_ibendportcon *ibendportcon); int cil_gen_portcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); void cil_destroy_portcon(struct cil_portcon *portcon); int cil_gen_nodecon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c index 5c55983..665fe77 100644 --- a/libsepol/cil/src/cil_copy_ast.c +++ b/libsepol/cil/src/cil_copy_ast.c @@ -1204,6 +1204,28 @@ int cil_copy_ibpkeycon(struct cil_db *db, void *data, void **copy, __attribute__ return SEPOL_OK; } +int cil_copy_ibendportcon(struct cil_db *db, void *data, void **copy, __attribute__((unused)) symtab_t *symtab) +{ + struct cil_ibendportcon *orig = data; + struct cil_ibendportcon *new = NULL; + + cil_ibendportcon_init(&new); + + new->dev_name_str = orig->dev_name_str; + new->port = orig->port; + + if (orig->context_str) { + new->context_str = orig->context_str; + } else { + cil_context_init(&new->context); + cil_copy_fill_context(db, orig->context, new->context); + } + + *copy = new; + + return SEPOL_OK; +} + int cil_copy_portcon(struct cil_db *db, void *data, void **copy, __attribute__((unused)) symtab_t *symtab) { struct cil_portcon *orig = data; @@ -1916,6 +1938,9 @@ int __cil_copy_node_helper(struct cil_tree_node *orig, __attribute__((unused)) u case CIL_IBPKEYCON: copy_func = &cil_copy_ibpkeycon; break; + case CIL_IBENDPORTCON: + copy_func = &cil_copy_ibendportcon; + break; case CIL_PORTCON: copy_func = &cil_copy_portcon; break; diff --git a/libsepol/cil/src/cil_flavor.h b/libsepol/cil/src/cil_flavor.h index 242154d..04f4abd 100644 --- a/libsepol/cil/src/cil_flavor.h +++ b/libsepol/cil/src/cil_flavor.h @@ -113,6 +113,7 @@ enum cil_flavor { CIL_MLS, CIL_SRC_INFO, CIL_IBPKEYCON, + CIL_IBENDPORTCON, /* * boolean constraint set catset diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h index de2a8df..9d403f6 100644 --- a/libsepol/cil/src/cil_internal.h +++ b/libsepol/cil/src/cil_internal.h @@ -203,6 +203,7 @@ char *CIL_KEY_MLSVALIDATETRANS; char *CIL_KEY_CONTEXT; char *CIL_KEY_FILECON; char *CIL_KEY_IBPKEYCON; +char *CIL_KEY_IBENDPORTCON; char *CIL_KEY_PORTCON; char *CIL_KEY_NODECON; char *CIL_KEY_GENFSCON; @@ -287,6 +288,7 @@ struct cil_db { struct cil_sort *filecon; struct cil_sort *nodecon; struct cil_sort *ibpkeycon; + struct cil_sort *ibendportcon; struct cil_sort *portcon; struct cil_sort *pirqcon; struct cil_sort *iomemcon; @@ -780,6 +782,12 @@ struct cil_netifcon { char *context_str; }; +struct cil_ibendportcon { + char *dev_name_str; + uint32_t port; + char *context_str; + struct cil_context *context; +}; struct cil_pirqcon { uint32_t pirq; char *context_str; @@ -965,6 +973,7 @@ int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_s void cil_sort_init(struct cil_sort **sort); void cil_sort_destroy(struct cil_sort **sort); void cil_netifcon_init(struct cil_netifcon **netifcon); +void cil_ibendportcon_init(struct cil_ibendportcon **ibendportcon); void cil_context_init(struct cil_context **context); void cil_level_init(struct cil_level **level); void cil_levelrange_init(struct cil_levelrange **lvlrange); diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c index 35a0a29..2196ae8 100644 --- a/libsepol/cil/src/cil_policy.c +++ b/libsepol/cil/src/cil_policy.c @@ -1729,6 +1729,20 @@ static void cil_ibpkeycons_to_policy(FILE *out, struct cil_sort *ibpkeycons, int } } +static void cil_ibendportcons_to_policy(FILE *out, struct cil_sort *ibendportcons, int mls) +{ + uint32_t i; + + for (i = 0; i < ibendportcons->count; i++) { + struct cil_ibendportcon *ibendportcon = (struct cil_ibendportcon *)ibendportcons->array[i]; + + fprintf(out, "ibendportcon %s ", ibendportcon->dev_name_str); + fprintf(out, "%u ", ibendportcon->port); + cil_context_to_policy(out, ibendportcon->context, mls); + fprintf(out, "\n"); + } +} + static void cil_portcons_to_policy(FILE *out, struct cil_sort *portcons, int mls) { unsigned i; @@ -1958,6 +1972,7 @@ void cil_gen_policy(FILE *out, struct cil_db *db) cil_portcons_to_policy(out, db->portcon, db->mls); cil_netifcons_to_policy(out, db->netifcon, db->mls); cil_ibpkeycons_to_policy(out, db->ibpkeycon, db->mls); + cil_ibendportcons_to_policy(out, db->ibendportcon, db->mls); cil_nodecons_to_policy(out, db->nodecon, db->mls); cil_pirqcons_to_policy(out, db->pirqcon, db->mls); cil_iomemcons_to_policy(out, db->iomemcon, db->mls); diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c index 8b6608a..25ee90c 100644 --- a/libsepol/cil/src/cil_post.c +++ b/libsepol/cil/src/cil_post.c @@ -217,6 +217,25 @@ int cil_post_netifcon_compare(const void *a, const void *b) return strcmp(anetifcon->interface_str, bnetifcon->interface_str); } +int cil_post_ibendportcon_compare(const void *a, const void *b) +{ + int rc = SEPOL_ERR; + + struct cil_ibendportcon *aibendportcon = *(struct cil_ibendportcon **)a; + struct cil_ibendportcon *bibendportcon = *(struct cil_ibendportcon **)b; + + rc = strcmp(aibendportcon->dev_name_str, bibendportcon->dev_name_str); + if (rc) + return rc; + + if (aibendportcon->port < bibendportcon->port) + return -1; + else if (bibendportcon->port < aibendportcon->port) + return 1; + + return rc; +} + int cil_post_nodecon_compare(const void *a, const void *b) { struct cil_nodecon *anodecon; @@ -426,6 +445,9 @@ static int __cil_post_db_count_helper(struct cil_tree_node *node, uint32_t *fini case CIL_IBPKEYCON: db->ibpkeycon->count++; break; + case CIL_IBENDPORTCON: + db->ibendportcon->count++; + break; case CIL_PORTCON: db->portcon->count++; break; @@ -516,6 +538,17 @@ static int __cil_post_db_array_helper(struct cil_tree_node *node, uint32_t *fini sort->index++; break; } + case CIL_IBENDPORTCON: { + struct cil_sort *sort = db->ibendportcon; + uint32_t count = sort->count; + uint32_t i = sort->index; + + if (!sort->array) + sort->array = cil_malloc(sizeof(*sort->array) * count); + sort->array[i] = node->data; + sort->index++; + break; + } case CIL_FSUSE: { struct cil_sort *sort = db->fsuse; uint32_t count = sort->count; @@ -1654,6 +1687,14 @@ static int __cil_post_db_cat_helper(struct cil_tree_node *node, uint32_t *finish goto exit; break; } + case CIL_IBENDPORTCON: { + struct cil_ibendportcon *ibendportcon = node->data; + + rc = __evaluate_levelrange_expression(ibendportcon->context->range, db); + if (rc != SEPOL_OK) + goto exit; + break; + } case CIL_PORTCON: { struct cil_portcon *portcon = node->data; rc = __evaluate_levelrange_expression(portcon->context->range, db); @@ -2014,6 +2055,7 @@ static int cil_post_db(struct cil_db *db) qsort(db->netifcon->array, db->netifcon->count, sizeof(db->netifcon->array), cil_post_netifcon_compare); qsort(db->genfscon->array, db->genfscon->count, sizeof(db->genfscon->array), cil_post_genfscon_compare); qsort(db->ibpkeycon->array, db->ibpkeycon->count, sizeof(db->ibpkeycon->array), cil_post_ibpkeycon_compare); + qsort(db->ibendportcon->array, db->ibendportcon->count, sizeof(db->ibendportcon->array), cil_post_ibendportcon_compare); qsort(db->portcon->array, db->portcon->count, sizeof(db->portcon->array), cil_post_portcon_compare); qsort(db->nodecon->array, db->nodecon->count, sizeof(db->nodecon->array), cil_post_nodecon_compare); qsort(db->fsuse->array, db->fsuse->count, sizeof(db->fsuse->array), cil_post_fsuse_compare); diff --git a/libsepol/cil/src/cil_post.h b/libsepol/cil/src/cil_post.h index fe7f3a5..3d54154 100644 --- a/libsepol/cil/src/cil_post.h +++ b/libsepol/cil/src/cil_post.h @@ -40,6 +40,7 @@ void cil_post_fc_fill_data(struct fc_data *fc, char *path); int cil_post_filecon_compare(const void *a, const void *b); int cil_post_ibpkeycon_compare(const void *a, const void *b); int cil_post_portcon_compare(const void *a, const void *b); +int cil_post_ibendportcon_compare(const void *a, const void *b); int cil_post_genfscon_compare(const void *a, const void *b); int cil_post_netifcon_compare(const void *a, const void *b); int cil_post_nodecon_compare(const void *a, const void *b); diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c index d366ae3..ff67913 100644 --- a/libsepol/cil/src/cil_reset_ast.c +++ b/libsepol/cil/src/cil_reset_ast.c @@ -326,6 +326,13 @@ static void cil_reset_netifcon(struct cil_netifcon *netifcon) } } +static void cil_reset_ibendportcon(struct cil_ibendportcon *ibendportcon) +{ + if (!ibendportcon->context_str) { + cil_reset_context(ibendportcon->context); + } +} + static void cil_reset_pirqcon(struct cil_pirqcon *pirqcon) { if (pirqcon->context_str == NULL) { @@ -498,6 +505,9 @@ int __cil_reset_node(struct cil_tree_node *node, __attribute__((unused)) uint32 case CIL_IBPKEYCON: cil_reset_ibpkeycon(node->data); break; + case CIL_IBENDPORTCON: + cil_reset_ibendportcon(node->data); + break; case CIL_PORTCON: cil_reset_portcon(node->data); break; diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c index 1df41da..69ce786 100644 --- a/libsepol/cil/src/cil_resolve_ast.c +++ b/libsepol/cil/src/cil_resolve_ast.c @@ -2038,6 +2038,31 @@ exit: return rc; } +int cil_resolve_ibendportcon(struct cil_tree_node *current, void *extra_args) +{ + struct cil_ibendportcon *ibendportcon = current->data; + struct cil_symtab_datum *con_datum = NULL; + + int rc = SEPOL_ERR; + + if (ibendportcon->context_str) { + rc = cil_resolve_name(current, ibendportcon->context_str, CIL_SYM_CONTEXTS, extra_args, &con_datum); + if (rc != SEPOL_OK) + goto exit; + + ibendportcon->context = (struct cil_context *)con_datum; + } else { + rc = cil_resolve_context(current, ibendportcon->context, extra_args); + if (rc != SEPOL_OK) + goto exit; + } + + return SEPOL_OK; + +exit: + return rc; +} + int cil_resolve_pirqcon(struct cil_tree_node *current, void *extra_args) { struct cil_pirqcon *pirqcon = current->data; @@ -3555,6 +3580,9 @@ int __cil_resolve_ast_node(struct cil_tree_node *node, void *extra_args) case CIL_NETIFCON: rc = cil_resolve_netifcon(node, args); break; + case CIL_IBENDPORTCON: + rc = cil_resolve_ibendportcon(node, args); + break; case CIL_PIRQCON: rc = cil_resolve_pirqcon(node, args); break; diff --git a/libsepol/cil/src/cil_tree.c b/libsepol/cil/src/cil_tree.c index 4703e5f..599f756 100644 --- a/libsepol/cil/src/cil_tree.c +++ b/libsepol/cil/src/cil_tree.c @@ -1495,6 +1495,19 @@ void cil_tree_print_node(struct cil_tree_node *node) cil_log(CIL_INFO, "\n"); return; } + case CIL_IBENDPORTCON: { + struct cil_ibendportcon *ibendportcon = node->data; + + cil_log(CIL_INFO, "IBENDPORTCON: %s %u ", ibendportcon->dev_name_str, ibendportcon->port); + + if (ibendportcon->context) + cil_tree_print_context(ibendportcon->context); + else if (ibendportcon->context_str) + cil_log(CIL_INFO, " %s", ibendportcon->context_str); + + cil_log(CIL_INFO, "\n"); + return; + } case CIL_PIRQCON: { struct cil_pirqcon *pirqcon = node->data; diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c index 108da33..1036d73 100644 --- a/libsepol/cil/src/cil_verify.c +++ b/libsepol/cil/src/cil_verify.c @@ -1012,6 +1012,26 @@ exit: return rc; } +int __cil_verify_ibendportcon(struct cil_db *db, struct cil_tree_node *node) +{ + int rc = SEPOL_ERR; + struct cil_ibendportcon *ib_end_port = node->data; + struct cil_context *ctx = ib_end_port->context; + + /* Verify only when anonymous */ + if (!ctx->datum.name) { + rc = __cil_verify_context(db, ctx); + if (rc != SEPOL_OK) + goto exit; + } + + return SEPOL_OK; + +exit: + cil_tree_log(node, CIL_ERR, "Invalid ibendportcon"); + return rc; +} + int __cil_verify_genfscon(struct cil_db *db, struct cil_tree_node *node) { int rc = SEPOL_ERR; @@ -1475,6 +1495,9 @@ int __cil_verify_helper(struct cil_tree_node *node, uint32_t *finished, void *ex case CIL_IBPKEYCON: rc = __cil_verify_ibpkeycon(db, node); break; + case CIL_IBENDPORTCON: + rc = __cil_verify_ibendportcon(db, node); + break; case CIL_PORTCON: rc = __cil_verify_portcon(db, node); break;