From patchwork Mon May 15 20:42:34 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Jurgens X-Patchwork-Id: 9727955 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id EA2376028A for ; Mon, 15 May 2017 20:44:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C17152899F for ; Mon, 15 May 2017 20:44:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B55E4289A3; Mon, 15 May 2017 20:44:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 274B12899F for ; Mon, 15 May 2017 20:44:02 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.38,346,1491264000"; d="scan'208";a="5797387" IronPort-PHdr: =?us-ascii?q?9a23=3A0O1fJRCv/gJDTsN1/TSQUyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSPr6osSwAkXT6L1XgUPTWs2DsrQf2rWQ6vurADFaqb+681k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRo?= =?us-ascii?q?LerpBIHSk9631+ev8JHPfglEnjSwbLdwIRmssAncuMYajZZiJ6ov1xDEvmZGd+?= =?us-ascii?q?NKyG1yOFmdhQz85sC+/J5i9yRfpfcs/NNeXKv5Yqo1U6VWACwpPG4p6sLrswLD?= =?us-ascii?q?TRaU6XsHTmoWiBtIDBPb4xz8Q5z8rzH1tut52CmdIM32UbU5Uims4qt3VBPljj?= =?us-ascii?q?oMODAj8GHTl8d+kqRVrhy8rBB72oLYfZ2ZOP94c6jAf90VWHBBU95RWSJfH42y?= =?us-ascii?q?YYgBAe0DMuZWt4nwpUYCoBWgCgm3H+7j1iNEi2Xq0aAgz+gtDQfL1xEgEdIUt3?= =?us-ascii?q?TUqc34OqkIXuCz0aLGySjDb+lZ2Tjj7ojIaQ0qrPaRUr1qd8rRyFcgFwfHjliL?= =?us-ascii?q?rIzqITeV1uAXvGid6OphWvijhHIgqwF0uzWiwNonhIfOhoIQ0F/E9CN5zZ4wJd?= =?us-ascii?q?KiUE53e9+kEJ1WuiqHNIV2WtsvT3xntSs10LELuYO3cDIUxJko2RLTceGLf5CV?= =?us-ascii?q?7h/nWuudOzh1iXB/dL6ihhu/8VKsxvDiWsSw1ltBszBLncPWtn8X0hze8s2HSv?= =?us-ascii?q?xg8Ui/wTuPzAXT6v1cIUAziKrbN4Ytwr4umZoXtkTOBjP2l1/sjK+Xa0Uk4fKk?= =?us-ascii?q?6/jnY7r6pp+cMJV4igfiPaQ1hsOzG+E4MgkKX2SD+OS80qPs/VHhTblXgfA7nb?= =?us-ascii?q?PVvZDHKcgBuKK0DBFZ3pw+5xqnCjepytUYnX0JLFJffxKHipDkO0rQL/D8DPe/?= =?us-ascii?q?hUmskThyy//dOb3hH5PNIWTdn7f6Zrt9905dxxYzzdBY/Z5UDKoBL+jpVk/+s9?= =?us-ascii?q?zYEAc1MxaozOb/FNV9yoQeVHqNAq+eNqPdq0OI5uI1LOmKf4IVujH9K/4g5/H0?= =?us-ascii?q?ln85hUESfbOy3ZcNb3C4BPtmKV2DYXXwmtcBDXsKvg0mQezoil2NSyJcZ3WpX6?= =?us-ascii?q?I74DE7CZymAJzNRoCpnbyA0zy0HoBQZmBaF1CAC3Dod5+LW/0UciKdPtdhkiAY?= =?us-ascii?q?VbimU4IhzQ+huxTkxLphL+rU5ioYuIni1Ndr+eLciws+9TtuD8SSy2uNVX17nn?= =?us-ascii?q?sURz8q26ByuVFyylCF0ah+nvNXC9hT5/JSXwggK5Hc1et6B8r1WgLbcdeDUEym?= =?us-ascii?q?Tcm+ATEtUtIxxMcDbFthG9q4lBDOxDalA7gQl7OXHpM06b7c02L3J8lj13bMzL?= =?us-ascii?q?MhgEU+QstTKW2mgbZy9wnVB47VjUqZk7ildaEC0y7R7meCzXGDvEZAUAFuV6XF?= =?us-ascii?q?WGoQZkrSrdvi4UPDQKWiCbM9MgtO0cSCMLdFasX1jVVaQ/fuINTfYmO2m2e2Hh?= =?us-ascii?q?uIw7eMYJPre2UbxindDlILkxoQ/XaHKwgxGD2to2TAAzxyDVjveV/j8fFiqHOn?= =?us-ascii?q?SU851x+Fb1V72Lqv+x4VnueRS+sJ0bIeuSchsC10HFKn0N3KFdWMvQ1hfL9TYd?= =?us-ascii?q?kl+ldIyXrZtxBhPpynN61jiF8ecwByv0zwzRV6EYtAntY3o3Mt1gp9M7qY0ElG?= =?us-ascii?q?dzOaw5//JqHXJnP1/BC1ZK7cwkve38qO+qcT9PQ4rE3uvA+zFkU49XVoz9hV02?= =?us-ascii?q?CH65XPFAoSUIv9Ul059hhhvb3aZTM954zM3312Laa0qiPC284uBOY9yRavZdRf?= =?us-ascii?q?MKSZFALpEM0VHcuuKOs3m1SzaRIEJu9S/rYuP8y6b/uGxLKrPOF4kT28kGtH+o?= =?us-ascii?q?F93VyW9ydnUOHHw5MFz+uf3gudWDf2lE2hvdzvmYBYeTESGXKyxjT+C45VeKJy?= =?us-ascii?q?ZpoLCGepI8Cs3dVxm5/tVGBe9F6/BlMJwtWleRyMYFzhxQdQz1gYoWS7mSukyD?= =?us-ascii?q?x5iyoprqSF3CzJ2OTiaAEKOnVNRGllg1bsJJK7j9YAUEiucQcpiAOv5VzmyKhD?= =?us-ascii?q?uKR/M27TTF9GfifsK2FiTrW/tqCZY8NU9pMnrz9XX/+hYVCfULL9pAEa0yz7FW?= =?us-ascii?q?tE2D87by2quon+nxFilGKSMWt8rHvDdsF03hrQ+NvcRftN0TUcXyl4lSPbBl6i?= =?us-ascii?q?MNm15d+UjYvMsviiV2K9UZ1eaTfrzYKcuyun4m1qGwezkOyzmt3gFwg63jT219?= =?us-ascii?q?1rVSXOthn8eI7r2769MeJ9cUliHEX85NZiGoFijoswg4kd2XwbhpWO4XoLiHzz?= =?us-ascii?q?Pstf2aL/anoNWDEKzsXO4Aj92U1jKHOJyJ7iVnmHxMtuecW6aHsM2i0h98BKFL?= =?us-ascii?q?uU7LtckCtvpVq4qQbRbuZnnjgBzvsv5mUXg/oUuAUx1SWRGLcSHVNXPSb0jRSH?= =?us-ascii?q?88i+rLlLZGaoabWwzFBxnc2lDL2YuA5QQm32epAmHS9s6cV/NknB0Hjv5oHif9?= =?us-ascii?q?nfccgfthuKnBfcl+JVMo4+luIWhSp7PmLwpX4lxPA9jRx1xpy6v5aIK2N2/KK/?= =?us-ascii?q?HBFYKif5Z8QJ+jHilaxehNqZ35izHpV9HTUGRIPoQui1EDIWq/vnLxyBEDsgqn?= =?us-ascii?q?iFA7rSBhKf6Fx4oHLVCJCnLWqXJH4EzdV4WBaSOkJfgAcOXDU1gJE1DAaqy9L9?= =?us-ascii?q?cE1h/DAe+kb4qgdQyuJvLxT/TGHfqxqzZzcqTpiQMRpW4htE50jLLcyU9vhzED?= =?us-ascii?q?1A/p29sAyNLXSWZxxSAmEUXkyJHEzsPriy5djA6uSYCPCxL/3UbbWJs+xeWO+C?= =?us-ascii?q?xYiz3Yt+4zaMKsKPM2FhD/w73kpMQ2t0G8HemzUBRSwYiT7Nb9KbpBe7/y14sN?= =?us-ascii?q?qz8PL1VwLz/YGPEaddMc1z+xCqhqeOL+CQizx/KTZE0ZMMwGTFyLYB01EPjCFu?= =?us-ascii?q?bSOiEawatS7KTqLfhLNYDwIBZyN0LstI4Lo23hNRNs7DltP1yrl4g+YvC1tfW1?= =?us-ascii?q?3tgMSpatYOI2G6NFLKH1yEO6iDJTHRxMH3e6y8Q6VKjOpIrx2wpSqbE0j7MzSN?= =?us-ascii?q?jTnmSQ2gMfpWgyGdIBxev5q9fw13Bmf/SdLqcBq7MMV4jTcu2707mmvKNXIAMT?= =?us-ascii?q?h7a05NqKeQ4jlAgvVnAGFB4HtlLfOfmyaF4enYK5AWvuFtAitoluJV+nA6x6FS?= =?us-ascii?q?7CFeS/x/gDHSocJ2o1G6jumPzSJqXwdVqjlVno2Lsl9iNr/H9pRbQnbL5hEN7X?= =?us-ascii?q?iKCxsQvddlDsDvu6ZKxdjVja7zNDBC89HU/MsbHcTULtyIMGY5OxrzBDHUFBcF?= =?us-ascii?q?TSKsNWzHgUxdkfWS9nmLoZghsZXjgoQBSqVcVFAvEfMaEEtlFsQYIJhrRjMkja?= =?us-ascii?q?KbjMkQ6HWlrRnRS8JavpbcW/2PH/rgMzeZgqNCZxcSxrP4N4sTPJXh20N+cll6?= =?us-ascii?q?gJjKG03IUN9XrS1udBE0r1tW/Xh5Vm08xUTlaga3738SEf67hRk2iwRkbeQq7j?= =?us-ascii?q?fs7E89JkDWqysojEkxhdLljCiNcD72Kae8R5tWCy31tkcvNJP0WBx1bQqskkxn?= =?us-ascii?q?LzrLW7VRj758em9xkw/cpYFDGfhCQq1YeBUQ3+2YZ+000VRArSWq3UlH6vXfBp?= =?us-ascii?q?tmjwYqcpmsr2lc2w15at41Pq/QJKtTwlhWmK2Oojei1votzw8GO0YN7GSSdTYS?= =?us-ascii?q?uEMWLbkpOTCn/vZw5gyCgDZMY2kMV+A3rfJt+EM9I/6AwDzg0rJZLEC+KfCfJb?= =?us-ascii?q?uDu2fcjc6IXk8w1kQQmkZY57d2z8YjfFePV0001rSRDQ4JNc3MKAFOccVd6GXT?= =?us-ascii?q?fTyPseXRwZN5JYO9Gf70TeWWrqYbnlqkHBo1H4QL9skBGp6s0FvGIsfhLb8Fzg?= =?us-ascii?q?4g5AvtJFWYFvhJfwiLkDgfqcGl0JB3xZVdJi0aAWhlKiW4+LLXpg4sgPqeU9Y7?= =?us-ascii?q?eWsVXowBNn0qQsK6gDJZs25GDDapzuIT0BKC4CPkpiTMEDn8aMJua+qIahNpD9?= =?us-ascii?q?G2/yk//7WthF7J7JrePWD6NNVlut/J8+8aoYiIC+9MR7lnr0jcg5VYR2CtU2PX?= =?us-ascii?q?Et61PZjxZJMqbdzoCna3SVO/izUtT8jtJtqtKLaHgR3wT4ZOrIabxCwjNdO6Fj?= =?us-ascii?q?wGBxdwpuQD5KVgZQ0DY5s2egPntwU+NqOlOwiUyNOuTHixKTFOVflQ0f26Z6BL?= =?us-ascii?q?zyorduK6x2EgQYs8z+mr6kMNRZYKjx/Yxfa/Z4lRTynzGnpBewrRvyo1jW5hOf?= =?us-ascii?q?guwu0n2hPHrUEcMyyXdOxucGFLpdU8BVKOLnpoEmU4Ql+djYzE4g6qxb8f5DBS?= =?us-ascii?q?n9dO3u1DqXT+sILfbCiqWKO1tZXfqzAgYsQ+o61tLYzjJdOLu4jAkTzZV5TfqB?= =?us-ascii?q?CKUDCkGPpAgdhfOjhYQflSlWEiI8wGtpJL6VAtWccmO7xPFK4sq6iwaTpiDC4d?= =?us-ascii?q?0S8ZV4SE3DwZmumywqbUmA2MfZolKxELrJJCgt4BXCFseSMeuLWvV4PImG+YUm?= =?us-ascii?q?ILOhsc7RxQ5AIckY99Zvzq4IjSQ5BQ0DNZv/V0Ui/PFplp6VT7UH2WjkbkR/Wh?= =?us-ascii?q?ieCp2hhSzP302NkBRBF/EVRdx/pRlkYwMrF4MbMQvonRvTKTaUP6pnjiyPW4K1?= =?us-ascii?q?lVyM3UcVL4DI7EtWrzUi0c5XMUSpVVyHHaD5gSlRR2aLozrlVWPI+mYlr+5yAj?= =?us-ascii?q?x4lxEbi0T9ykx1YkrXYDRielCdlBBvpnsF3JRjJqfYqnqJL/O5VdWmVQ4oGSq0?= =?us-ascii?q?9FkEVxNC600YJcK8ZJ4jEWRjhOrzKdvN+8SMBY3M92CJgMIsxhtHjhAqNEP4OR?= =?us-ascii?q?o2Y3urzpxX/V4Tc8sE21xD+rAa+3U/pZ/3ECGgUuP2mRsFMvD/Yq8mvI8VDAqV?= =?us-ascii?q?F0/+ZaBriTlkp9ujB9EY5SBjxRz3CqM0xzTGVas+VdMKnVb8tcQ/wpaB+zJxA+?= =?us-ascii?q?EOUp01aP/U5qgXfzezZyuRdC+yDBQwk0UjEYgrf3lj0EsM6nPSIVRolVYjo/dy?= =?us-ascii?q?fFMxyUmSRJsxZFcU1qXIoZAtld8bEBwYRU5tbCSVqrKSwdXhxiMRw33OFCmkFd?= =?us-ascii?q?q0WXZzrdDRa2evnSqBF3e9merNKxJvTj4AhHkp/nsPw/96gbXHKmlxGiTczcoo?= =?us-ascii?q?PhuNCHrVeBdKD9M+Kge3DBVyTMgQq2hbg6E5nA5zLTPxZDK5lm1XokZoDsCXTV?= =?us-ascii?q?MhtbJ6IUPVZbWLt+adVBvOBVedFod7oO+aBwGB2LXBXvF5KzrPNeNFbcWSzeLz?= =?us-ascii?q?md8uy4uY/T9afdSfT6acOR23bKWLl3PpBn6TnhB7jlz4le+lbs2vh38kN2U1/G?= =?us-ascii?q?MzqOrN75PAME+NGidlf+vp0uBT7WHI1wn2TzyU5dbMcXXimq8IgCyJxD9nbwSO?= =?us-ascii?q?V40kztv+1O7bVk7pM3479xw8euOajSMehasVNgAhWMAwVl7JEtAGxhSGBNfu8e?= =?us-ascii?q?Mu3ecL8fjc/wt+D3DLAY5weN++NHc9fHIV/OmtWnADGGVRNEhBsBqSIdLgaE1f?= =?us-ascii?q?6KgbV0ScG+pej9wE0t/UOzLhsbzLBp+YeE+7aHpO7NYBvX1rgIQK/qRtn8rr40?= =?us-ascii?q?oUOd+eUklKISemxyewCnEvISVsgTxmf6yqAl0DwjHtjfH736/v5DTHU5kijmm5?= =?us-ascii?q?9jA1UcAukUEqaT/YRCgmc4nPTUNtILcqBDnmaPEQCrEroZxHG29SSYO2hljQvI?= =?us-ascii?q?0x3qRmOz9lD2pzdiQSTQ19fjjlZVVr6vCEdUWyqkIk54sDWKPAbytdr3v6o17F?= =?us-ascii?q?ssPWz/qNKNjnahN69LH83iPtyTPzM4pFUNjJ0+Xtavw5wUGcKhINcN93Fzdv7e?= =?us-ascii?q?62Stky9drKdImZHT4sSU+vrNG3mvkbGaqruKxDBCyXg4pksz6ta+OfHS/9eKWe?= =?us-ascii?q?in134NTydjvAvMRwS1paHGoF0PNkyL1UjKlJYMPt5HwXkyzlvm6/Q7QNIv6AVe?= =?us-ascii?q?EZ7NZ/cZpTD2ODb52lifbMwqWSmZyTtYBEr1EUN/GKg+xm3/oN7JmW3X+10ySY?= =?us-ascii?q?l6b1bnigBvD4UkNUIt70AawjEZHggTcx+bA6+nBV/+IIsfT0cDdw6I3Lekdacs?= =?us-ascii?q?x0FzxK2g5PPLZ+xmG6UNLupdjhKJnFVDGJIWsKgeTal5e1BD9K/YuBLiC4nhX/?= =?us-ascii?q?jpj3YwM+O6QtxC+8ADq3Qi+hq/Rwan6Zpb7rYaiYqHebRYbpXXp8Bz8Vtn6iAT?= =?us-ascii?q?eSBXhxh/lRy5W/gGpO//+tjbrIao6uG2Wak2RuUX7BY1CH58j5vxnFAjucvY1/?= =?us-ascii?q?pYSoDOlYv/9x1CLGCQt4bHyRl8LvAOJJixcLZn7XUHKDAUJ2gSMtqOd/k8/yht?= =?us-ascii?q?PS3L51NYHsMDedMYPcTKmQBOiU3lQapT+dTfGl+ZDYdzas8p4nHvyD8v7ZszTu?= =?us-ascii?q?bg6TGxJZDF7FFBJfBDgzt2lNLEuucVxeDeCC8N4XmWcxJ12D+Ny4GRC/bs+uWB?= =?us-ascii?q?0M3UV0kYES4ySYhdIiSN9Be6Seq0m5XpUx+U5dXogJ0kbkKQW2a9nKIbvaZQCe?= =?us-ascii?q?RAkDn03iBCFoDpgPKYq9Ws53FNtlJZDIZz7QbIGKFePpVnJxv4ltOkRlVnBifl?= =?us-ascii?q?fsHbaAYusvKMxugQ++V+K1f+ZYgDLxIL1b3672ZVTgxpSLLxpVaWQ+YRZNpgSP?= =?us-ascii?q?PZoXFY8oZgJLEVPFmdvpPmtDFIp04qAAUxcr8/siRadlXSnA1SQ6v0vr8AhRcb?= =?us-ascii?q?Ud59o0BMAni8OGM55zrATqRVl7KcCPka/zScVKAOVF9oMixmSROvxJpuY6epne?= =?us-ascii?q?xAsm5ekSNyvOMq0yd/SBWhtiPioaMN2TQ9+LC3rzgBtnlFQf+YkyjWE1lDy+4K?= =?us-ascii?q?jagEAXb49VO8eGUDbJf14LR/J8Tg8okh43IlbRo/fy0GWfmgBDzxjqOJBIyPq9?= =?us-ascii?q?FchB+WtcXQbL+zMzIdNrAgxhLiXXR91BbRnApw+msRXjqg9MMkJJm6Ocs9xyqo?= =?us-ascii?q?B3LUdFAX76NNrcv+qF8LTOwtaV97x2VjyMeHTDUXRMPTA2Y1khQkaWJcfZJB9x?= =?us-ascii?q?AaGacogjKTs6hI5A4UZinbEpi/9onWg8jIxWE3Tc12yWLOuq2FmpQq3WVqm9Nw?= =?us-ascii?q?6S6Ptmodd+jcU8J3GXjz0YFfye3iaPm3tOAIVpdmwqy7UPAeKsmj5Xe22JJyV0?= =?us-ascii?q?+nxrQfH0K5MOgHxrfaTyeqV3aVWeGKc2iQhTY2LFT+5R6yLl04cM1KtVMyMvPe?= =?us-ascii?q?hp5AkA3sSa90RiSVpVLA0GwjMP8VdwEot4ejYQAKSvAeZ/SEL+g03PI+EEcMb2?= =?us-ascii?q?POHSZuDu+2sF2tnIt8O3h740X1e+ft8gfgMNSMHBkIC4jaoYBt+faiXGKOJWdg?= =?us-ascii?q?zAFuPElz7+rQDEo+tulAc5uKhtjQg9N70fIZd/dzLyIyp8QfmoV56YmbyM2Kaw?= =?us-ascii?q?3ezo7uJdHJpfiVG/PfwFouemFbSroWfxj45oQ7Pt48Xr3cA6FZvRACCqQgR5wh?= =?us-ascii?q?LWjx/rluLAxvag7ReKi0gs7yq+OFfptUvX7W4U4uIyrHvh0Dy+C0TRZlYJywgH?= =?us-ascii?q?XyOp8wTCpbr9JxEhtmAJdPG8QYogqgB56bhrq2i8e1+0xgoO8KravwBezW1NSj?= =?us-ascii?q?wYp+QYJW5UqVMzbNHKNrmFhqjvyugvfc1Zn8EcfiedICVOhmTW/Jc7vGHoSkKj?= =?us-ascii?q?KSIcLxYE9G/KSa0LJ+SBmRYzr5X6Wevi2+KPpk+Vk7ypB/fOfL1zwi8bXb2Nr0?= =?us-ascii?q?Z2FGqSavqnGHNIdf7FPUH+zRQQpURuCe/WZmA6IXd430+/kKMdM53dic7BN/7D?= =?us-ascii?q?NY0MuKO6KhtFPD2lpndZLHK0vkwyM5VpMWLxS/MEssh2jZp2/DAXRdKMirN81t?= =?us-ascii?q?gNeTDhzw6Eh9g2YtZnROGmDwX9eeJXAb296iZA2N7A9LDcwMn+2weUEjraCyVO?= =?us-ascii?q?9oOolFmeWtqbUHntZpKz3VSMhcIS7QMKd8PiBNAeXXuFgofhkEvqAuVYguYpSO?= =?us-ascii?q?JEIHMFycySPp1wfCylP7eMC22KaSPikW9nRHz7TY0TlDvAS2pfaYgtf+ULDCdp?= =?us-ascii?q?33UuTdMDY+VjGdQzQ+C0Gp+U2ru/AcpvqXPX8fokwIYiKVEAMTqbpgosPKDm/S?= =?us-ascii?q?h+JjeIYHhO6eWy/qUy14lbcyCjxNtU+SX/oJDRPWYGP5gGpApAyiIedB/XDgb7?= =?us-ascii?q?2f3KpVQe0WApBXf/2fWdTYfO5RJzYymjUeIua8cMXWr6wl3VLQUWsZD67I+UWF?= =?us-ascii?q?TE6YR/yT2zPmUIYOsogqpCUo4NPQny5wE6TOJbqfoSCh8pLrxBqf7PbTUmgrfl?= =?us-ascii?q?wdnPMJAG7HxgJJbm4DFYI7okboF4KJYQ5uyWgmhOR1k0sAcQJyX3ls+nhbmPK0?= =?us-ascii?q?HMpJD1UTiTX9E7U9cFlrAWZorgex6QrobIlF4Jje?= X-IPAS-Result: =?us-ascii?q?A2H2HQCREhpZ/wHyM5BcHAEBBAEBCgEBFwEBBAEBCgEBgwE?= =?us-ascii?q?pYoEMjnaQbYIMAZEPhFovA4JKiG5XAQEBAQEBAQECAQJoKIIzJCxUAQEBAQEBA?= =?us-ascii?q?QEBTDE8BgECJFUDCQEBFwgpCAMBUxkFFog6gU4ErlI6JgKLBIg9jXAFkCKBAYx?= =?us-ascii?q?nhxyDNYhMgleIQIZSlENYgQpPIRWEeQFAAxyBZnOGMSuCEAEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 15 May 2017 20:44:00 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v4FKhwaO021308; Mon, 15 May 2017 16:43:59 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v4FKhLKj276868 for ; Mon, 15 May 2017 16:43:21 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v4FKhKYw021276 for ; Mon, 15 May 2017 16:43:21 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1DhAgCREhpZf4GlL8FcHQEFAQsBgyyBC4EMjnaQbZgEJIJKgzYChg0BAgEBAQEBAhMBASFdhRkDAydSEBgIMVcZG4g6gVKuUjqKegExiD2NcAWQIoEBjGeHHIM1iEyCV48SlENWgQtPIRWFOgMcgWY9NoYxK4IQAQEB X-IPAS-Result: A1DhAgCREhpZf4GlL8FcHQEFAQsBgyyBC4EMjnaQbZgEJIJKgzYChg0BAgEBAQEBAhMBASFdhRkDAydSEBgIMVcZG4g6gVKuUjqKegExiD2NcAWQIoEBjGeHHIM1iEyCV48SlENWgQtPIRWFOgMcgWY9NoYxK4IQAQEB X-IronPort-AV: E=Sophos;i="5.38,346,1491278400"; d="scan'208";a="6053068" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 15 May 2017 16:43:19 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3ANUe8yB+CqPlD/P9uRHKM819IXTAuvvDOBiVQ1KB4?= =?us-ascii?q?1u0cTK2v8tzYMVDF4r011RmSDNqdsqkP0reM+4nbGkU4qa6bt34DdJEeHzQksu?= =?us-ascii?q?4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1?= =?us-ascii?q?Ov71GonPhMiryuy+4ZPebgFKiTanfL9/Ihq6oRjRu8UInIBvNrs/xhzVr3VSZu?= =?us-ascii?q?9Y33loJVWdnxb94se/4ptu+DlOtvwi6sBNT7z0c7w3QrJEAjsmNXs15NDwuhnY?= =?us-ascii?q?UQSP/HocXX4InRdOHgPI8Qv1Xpb1siv9q+p9xCyXNtD4QLwoRTiv6bpgRQT2gy?= =?us-ascii?q?kbKTE27GDXitRxjK1FphKhuwd/yJPQbI2MKfZyYr/RcdYcSGFcXMheSjZBD5u8?= =?us-ascii?q?YYUREuQPM+VWoY7/qFsAthayGRWgCfnzxjJSmnP6was32PkhHwHc2wwgGsoDvn?= =?us-ascii?q?rOo9XzKawcVf21zLPHzTrdafNWwir25Y/VfR87p/GMXKx/cc7TyUQ0EgPKkFGQ?= =?us-ascii?q?qYj/MDOT0eQMvHKX4PZnVeKqkmMqrRx6rDaoxscpkIbJh4QVx0jB9Spj2IY5P9?= =?us-ascii?q?y4SEh9bNW5E5VQrzmXO5ZyT84sWW1ltyQ3xqcbtZO6fCUG0okrywDbZvGBboOG?= =?us-ascii?q?+AjsVPyLLjd9nH9leKywhxK18UW4z+3zSM200FJQoSpDldnNuWoB2ADU6sSdS/?= =?us-ascii?q?t9+l+t2TeJ1w/N9uFJOV04mK7VJpI7zbM9lIAfvVnCEyL2gkn6kbGae0E89uit?= =?us-ascii?q?8evnY7HmppGGN49zjwHzKrkhlda5AeQ5LAcOW2qb9P+51LL9+U35RK9Fjvsxkq?= =?us-ascii?q?jWqpzVOcMbpquhDw9Pzokj8wq/Dyuh0NkAhnkIMlZFeBOBj4j0NFDDO+z4DPej?= =?us-ascii?q?jFSslzdn3fbGPqb7DZnXIXjDl6nhLv5B7BtHxQ4yy81Pz45FAbEGZvToUwn+s8?= =?us-ascii?q?KLIAU+NlmYyuCvKshn2Y4YQirbDqafMa7Ws3eN6+YrKu+LdMkevzOreKtt3OLn?= =?us-ascii?q?kXJswQxVRqKux5ZCLSngRvk=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0HqEQBvERpZf4GlL8FcHQEFAQsBFwEBB?= =?us-ascii?q?AEBCgEBgwGBC4EMjnaQbYINkQ+EaCSCSoM2AoYNAQEBAQEBAQECAQIQAQEhXYI?= =?us-ascii?q?zJAErVAEBAQEBAQEBAUwxPAMDJ1IQGAgxVxkbiDqBUq5YOop6ATGIPY1wBZAig?= =?us-ascii?q?QGMZ4ccgzWITIJXjxKUQ1aBDE8hFYU6AxyBZj02hjErghABAQE?= X-IPAS-Result: =?us-ascii?q?A0HqEQBvERpZf4GlL8FcHQEFAQsBFwEBBAEBCgEBgwGBC4E?= =?us-ascii?q?MjnaQbYINkQ+EaCSCSoM2AoYNAQEBAQEBAQECAQIQAQEhXYIzJAErVAEBAQEBA?= =?us-ascii?q?QEBAUwxPAMDJ1IQGAgxVxkbiDqBUq5YOop6ATGIPY1wBZAigQGMZ4ccgzWITIJ?= =?us-ascii?q?XjxKUQ1aBDE8hFYU6AxyBZj02hjErghABAQE?= X-IronPort-AV: E=Sophos;i="5.38,346,1491264000"; d="scan'208";a="7074946" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from mail-il-dmz.mellanox.com (HELO mellanox.co.il) ([193.47.165.129]) by emsm-gh1-uea10.nsa.gov with ESMTP; 15 May 2017 20:43:18 +0000 Received: from Internal Mail-Server by MTLPINE1 (envelope-from danielj@mellanox.com) with ESMTPS (AES256-SHA encrypted); 15 May 2017 23:43:16 +0300 Received: from x-vnc01.mtx.labs.mlnx. (x-vnc01.mtx.labs.mlnx [10.12.150.16]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id v4FKglb1005032; Mon, 15 May 2017 23:43:15 +0300 From: Dan Jurgens To: selinux@tycho.nsa.gov Subject: [PATCH v1 2/9] libsepol: Add ibpkey ocontext handling Date: Mon, 15 May 2017 23:42:34 +0300 Message-Id: <1494880961-73481-3-git-send-email-danielj@mellanox.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1494880961-73481-1-git-send-email-danielj@mellanox.com> References: <1494880961-73481-1-git-send-email-danielj@mellanox.com> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Daniel Jurgens Add support for reading, writing, and copying Infinabinda Pkey ocontext data. Also add support for querying a Pkey sid to checkpolicy. Signed-off-by: Daniel Jurgens --- v1: Stephen Smalley: - Removed domain and type params from sepol_ibpkey_sid. - Removed splen param from sepol_ibpkey_sid, it never varied. - Removed extra XPERMS_IOCTL version from policydb_compat_info. - Confirm that low order bytes of IPv6 addr for subnet prefix is 0's. James Carter: - Added ibpkey handling to kernel_to_cil.c and kernel_to_conf.c Signed-off-by: Daniel Jurgens --- checkpolicy/checkpolicy.c | 25 +++++++++++++ libsepol/include/sepol/policydb/services.h | 8 ++++ libsepol/src/expand.c | 9 +++++ libsepol/src/kernel_to_cil.c | 58 +++++++++++++++++++++++++++++ libsepol/src/kernel_to_conf.c | 59 ++++++++++++++++++++++++++++++ libsepol/src/libsepol.map.in | 1 + libsepol/src/module_to_cil.c | 38 +++++++++++++++++++ libsepol/src/policydb.c | 37 +++++++++++++++++++ libsepol/src/services.c | 51 ++++++++++++++++++++++++++ libsepol/src/write.c | 16 ++++++++ 10 files changed, 302 insertions(+) diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c index 534fc22..d0e46ba 100644 --- a/checkpolicy/checkpolicy.c +++ b/checkpolicy/checkpolicy.c @@ -22,6 +22,7 @@ * * Policy Module support. * + * Copyright (C) 2017 Mellanox Technologies Inc. * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * Copyright (C) 2003 - 2005 Tresys Technology, LLC * Copyright (C) 2003 Red Hat, Inc., James Morris @@ -699,6 +700,7 @@ int main(int argc, char **argv) printf("h) change a boolean value\n"); printf("i) display constraint expressions\n"); printf("j) display validatetrans expressions\n"); + printf("k) Call ibpkey_sid\n"); #ifdef EQUIVTYPES printf("z) Show equivalent types\n"); #endif @@ -1220,6 +1222,29 @@ int main(int argc, char **argv) "\nNo validatetrans expressions found.\n"); } break; + case 'k': + { + char *p; + struct in6_addr addr6; + unsigned int pkey; + + printf("subnet prefix? "); + FGETS(ans, sizeof(ans), stdin); + ans[strlen(ans) - 1] = 0; + p = (char *)&addr6; + + if (inet_pton(AF_INET6, ans, p) < 1) { + printf("error parsing subnet prefix\n"); + break; + } + + printf("pkey? "); + FGETS(ans, sizeof(ans), stdin); + pkey = atoi(ans); + sepol_ibpkey_sid(p, pkey, &ssid); + printf("sid %d\n", ssid); + } + break; #ifdef EQUIVTYPES case 'z': identify_equiv_types(); diff --git a/libsepol/include/sepol/policydb/services.h b/libsepol/include/sepol/policydb/services.h index 9162149..459254e 100644 --- a/libsepol/include/sepol/policydb/services.h +++ b/libsepol/include/sepol/policydb/services.h @@ -188,6 +188,14 @@ extern int sepol_port_sid(uint16_t domain, uint16_t port, sepol_security_id_t * out_sid); /* + * Return the SID of the ibpkey specified by + * `subnet prefix', and `pkey'. + */ +extern int sepol_ibpkey_sid(void *subnet_prefix_p, + uint16_t pkey, + sepol_security_id_t *out_sid); + +/* * Return the SIDs to use for a network interface * with the name `name'. The `if_sid' SID is returned for * the interface and the `msg_sid' SID is returned as diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c index 54bf781..c45ecbe 100644 --- a/libsepol/src/expand.c +++ b/libsepol/src/expand.c @@ -4,6 +4,7 @@ * * Copyright (C) 2004-2005 Tresys Technology, LLC * Copyright (C) 2007 Red Hat, Inc. + * Copyright (C) 2017 Mellanox Technologies, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -2217,6 +2218,14 @@ static int ocontext_copy_selinux(expand_state_t *state) return -1; } break; + case OCON_IBPKEY: + n->u.ibpkey.subnet_prefix[0] = c->u.ibpkey.subnet_prefix[0]; + n->u.ibpkey.subnet_prefix[1] = c->u.ibpkey.subnet_prefix[1]; + n->u.ibpkey.subnet_prefix[2] = c->u.ibpkey.subnet_prefix[2]; + n->u.ibpkey.subnet_prefix[3] = c->u.ibpkey.subnet_prefix[3]; + n->u.ibpkey.low_pkey = c->u.ibpkey.low_pkey; + n->u.ibpkey.high_pkey = c->u.ibpkey.high_pkey; + break; case OCON_PORT: n->u.port.protocol = c->u.port.protocol; n->u.port.low_port = c->u.port.low_port; diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c index 3a1c0be..fcfd0e0 100644 --- a/libsepol/src/kernel_to_cil.c +++ b/libsepol/src/kernel_to_cil.c @@ -2784,6 +2784,59 @@ exit: return rc; } +static int write_selinux_ibpkey_rules_to_cil(FILE *out, struct policydb *pdb) +{ + struct ocontext *ibpkeycon; + char subnet_prefix[INET6_ADDRSTRLEN]; + uint16_t low; + uint16_t high; + char low_high_str[44]; /* 2^64 <= 20 digits so "(low high)" <= 44 chars */ + char *ctx; + int rc = 0; + + for (ibpkeycon = pdb->ocontexts[OCON_IBPKEY]; ibpkeycon != NULL; + ibpkeycon = ibpkeycon->next) { + if (inet_ntop(AF_INET6, &ibpkeycon->u.ibpkey.subnet_prefix, + subnet_prefix, INET6_ADDRSTRLEN) == NULL) { + sepol_log_err("ibpkeycon subnet_prefix is invalid: %s", + strerror(errno)); + rc = -1; + goto exit; + } + + low = ibpkeycon->u.ibpkey.low_pkey; + high = ibpkeycon->u.ibpkey.high_pkey; + if (low == high) { + rc = snprintf(low_high_str, 44, "%u", low); + } else { + rc = snprintf(low_high_str, 44, "(%u %u)", low, high); + } + if (rc < 0 || rc >= 44) { + rc = -1; + goto exit; + } + + ctx = context_to_str(pdb, &ibpkeycon->context[0]); + if (!ctx) { + rc = -1; + goto exit; + } + + sepol_printf(out, "(ibpkeycon %s %s %s)\n", subnet_prefix, low_high_str, ctx); + + free(ctx); + } + + rc = 0; + +exit: + if (rc != 0) { + sepol_log_err("Error writing ibpkeycon rules to CIL\n"); + } + + return rc; +} + static int write_xen_isid_rules_to_cil(FILE *out, struct policydb *pdb) { return write_sid_context_rules_to_cil(out, pdb, xen_sid_to_str); @@ -3180,6 +3233,11 @@ int sepol_kernel_policydb_to_cil(FILE *out, struct policydb *pdb) if (rc != 0) { goto exit; } + + rc = write_selinux_ibpkey_rules_to_cil(out, pdb); + if (rc != 0) { + goto exit; + } } else if (pdb->target_platform == SEPOL_TARGET_XEN) { rc = write_xen_isid_rules_to_cil(out, pdb); if (rc != 0) { diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index 22a0909..795cf56 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -2645,6 +2645,60 @@ exit: return rc; } +static int write_selinux_ibpkey_rules_to_conf(FILE *out, struct policydb *pdb) +{ + struct ocontext *ibpkeycon; + char subnet_prefix[INET6_ADDRSTRLEN]; + uint16_t low; + uint16_t high; + char low_high_str[44]; /* 2^64 <= 20 digits so "low-high" <= 44 chars */ + char *ctx; + int rc = 0; + + for (ibpkeycon = pdb->ocontexts[OCON_IBPKEY]; ibpkeycon != NULL; + ibpkeycon = ibpkeycon->next) { + if (inet_ntop(AF_INET6, &ibpkeycon->u.ibpkey.subnet_prefix, + subnet_prefix, INET6_ADDRSTRLEN) == NULL) { + sepol_log_err("ibpkeycon address is invalid: %s", + strerror(errno)); + rc = -1; + goto exit; + } + + low = ibpkeycon->u.ibpkey.low_pkey; + high = ibpkeycon->u.ibpkey.high_pkey; + if (low == high) { + rc = snprintf(low_high_str, 44, "%u", low); + } else { + rc = snprintf(low_high_str, 44, "%u-%u", low, high); + } + if (rc < 0 || rc >= 44) { + rc = -1; + goto exit; + } + + ctx = context_to_str(pdb, &ibpkeycon->context[0]); + if (!ctx) { + rc = -1; + goto exit; + } + + sepol_printf(out, "ibpkeycon %s %s %s\n", subnet_prefix, + low_high_str, ctx); + + free(ctx); + } + + rc = 0; + +exit: + if (rc != 0) { + sepol_log_err("Error writing ibpkeycon rules to policy.conf\n"); + } + + return rc; +} + static int write_xen_isid_rules_to_conf(FILE *out, struct policydb *pdb) { return write_sid_context_rules_to_conf(out, pdb, xen_sid_to_str); @@ -3045,6 +3099,11 @@ int sepol_kernel_policydb_to_conf(FILE *out, struct policydb *pdb) if (rc != 0) { goto exit; } + + rc = write_selinux_ibpkey_rules_to_conf(out, pdb); + if (rc != 0) { + goto exit; + } } else if (pdb->target_platform == SEPOL_TARGET_XEN) { rc = write_xen_isid_rules_to_conf(out, pdb); if (rc != 0) { diff --git a/libsepol/src/libsepol.map.in b/libsepol/src/libsepol.map.in index 4042640..36225d1 100644 --- a/libsepol/src/libsepol.map.in +++ b/libsepol/src/libsepol.map.in @@ -6,6 +6,7 @@ LIBSEPOL_1.0 { sepol_context_*; sepol_mls_*; sepol_check_context; sepol_iface_*; sepol_port_*; + sepol_ibpkey_*; sepol_node_*; sepol_user_*; sepol_genusers; sepol_set_delusers; sepol_msg_*; sepol_debug; diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index 7d8eb20..c97f453 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -3,6 +3,7 @@ * Functions to convert policy module to CIL * * Copyright (C) 2015 Tresys Technology, LLC + * Copyright (C) 2017 Mellanox Technologies Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -2656,6 +2657,42 @@ exit: return rc; } +static int ocontext_selinux_ibpkey_to_cil(struct policydb *pdb, + struct ocontext *ibpkeycons) +{ + int rc = -1; + struct ocontext *ibpkeycon; + char subnet_prefix[INET6_ADDRSTRLEN]; + uint16_t high; + uint16_t low; + + for (ibpkeycon = ibpkeycons; ibpkeycon; ibpkeycon = ibpkeycon->next) { + low = ibpkeycon->u.ibpkey.low_pkey; + high = ibpkeycon->u.ibpkey.high_pkey; + + if (inet_ntop(AF_INET6, &ibpkeycon->u.ibpkey.subnet_prefix, + subnet_prefix, INET6_ADDRSTRLEN) == NULL) { + log_err("ibpkeycon subnet_prefix is invalid: %s", + strerror(errno)); + rc = -1; + goto exit; + } + + if (low == high) + cil_printf("(ibpkeycon %s %i ", subnet_prefix, low); + else + cil_printf("(ibpkeycon %s (%i %i) ", subnet_prefix, low, + high); + + context_to_cil(pdb, &ibpkeycon->context[0]); + + cil_printf(")\n"); + } + return 0; +exit: + return rc; +} + static int ocontext_selinux_netif_to_cil(struct policydb *pdb, struct ocontext *netifs) { struct ocontext *netif; @@ -2889,6 +2926,7 @@ static int ocontexts_to_cil(struct policydb *pdb) ocontext_selinux_node_to_cil, ocontext_selinux_fsuse_to_cil, ocontext_selinux_node6_to_cil, + ocontext_selinux_ibpkey_to_cil, }; static int (*ocon_xen_funcs[OCON_NUM])(struct policydb *pdb, struct ocontext *ocon) = { ocontext_xen_isid_to_cil, diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 7093b29..d6e8e6f 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -18,6 +18,7 @@ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * Copyright (C) 2003 - 2005 Tresys Technology, LLC * Copyright (C) 2003 - 2007 Red Hat, Inc. + * Copyright (C) 2017 Mellanox Technologies Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -186,6 +187,13 @@ static struct policydb_compat_info policydb_compat[] = { .target_platform = SEPOL_TARGET_SELINUX, }, { + .type = POLICY_KERN, + .version = POLICYDB_VERSION_INFINIBAND, + .sym_num = SYM_NUM, + .ocon_num = OCON_IBPKEY + 1, + .target_platform = SEPOL_TARGET_SELINUX, + }, + { .type = POLICY_BASE, .version = MOD_POLICYDB_VERSION_BASE, .sym_num = SYM_NUM, @@ -284,6 +292,13 @@ static struct policydb_compat_info policydb_compat[] = { .target_platform = SEPOL_TARGET_SELINUX, }, { + .type = POLICY_BASE, + .version = MOD_POLICYDB_VERSION_INFINIBAND, + .sym_num = SYM_NUM, + .ocon_num = OCON_IBPKEY + 1, + .target_platform = SEPOL_TARGET_SELINUX, + }, + { .type = POLICY_MOD, .version = MOD_POLICYDB_VERSION_BASE, .sym_num = SYM_NUM, @@ -381,6 +396,13 @@ static struct policydb_compat_info policydb_compat[] = { .ocon_num = 0, .target_platform = SEPOL_TARGET_SELINUX, }, + { + .type = POLICY_MOD, + .version = MOD_POLICYDB_VERSION_INFINIBAND, + .sym_num = SYM_NUM, + .ocon_num = 0, + .target_platform = SEPOL_TARGET_SELINUX, + }, }; #if 0 @@ -2782,6 +2804,21 @@ static int ocontext_read_selinux(struct policydb_compat_info *info, (&c->context[1], p, fp)) return -1; break; + case OCON_IBPKEY: + rc = next_entry(buf, fp, sizeof(uint32_t) * 6); + if (rc < 0 || buf[2] || buf[3]) + return -1; + + c->u.ibpkey.subnet_prefix[0] = buf[0]; + c->u.ibpkey.subnet_prefix[1] = buf[1]; + + c->u.ibpkey.low_pkey = le32_to_cpu(buf[4]); + c->u.ibpkey.high_pkey = le32_to_cpu(buf[5]); + + if (context_read_and_validate + (&c->context[0], p, fp)) + return -1; + break; case OCON_PORT: rc = next_entry(buf, fp, sizeof(uint32_t) * 3); if (rc < 0) diff --git a/libsepol/src/services.c b/libsepol/src/services.c index 03fb120..4236aac 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -21,6 +21,7 @@ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * Copyright (C) 2003 - 2004 Tresys Technology, LLC * Copyright (C) 2003 - 2004 Red Hat, Inc. + * Copyright (C) 2017 Mellanox Technologies Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -1910,6 +1911,56 @@ int hidden sepol_fs_sid(char *name, return rc; } +static int match_subnet_prefix(uint32_t *input, uint32_t *subnet_prefix) +{ + int i, fail = 0; + + for (i = 0; i < 4; i++) + if (subnet_prefix[i] != input[i]) { + fail = 1; + break; + } + + return !fail; +} + +/* + * Return the SID of the ibpkey specified by + * `subnet prefix', and `pkey number'. + */ +int hidden sepol_ibpkey_sid(void *subnet_prefix_p, + uint16_t pkey, sepol_security_id_t *out_sid) +{ + ocontext_t *c; + int rc = 0; + + c = policydb->ocontexts[OCON_IBPKEY]; + while (c) { + if (c->u.ibpkey.low_pkey <= pkey && + c->u.ibpkey.high_pkey >= pkey && + match_subnet_prefix(subnet_prefix_p, + c->u.ibpkey.subnet_prefix)) + break; + c = c->next; + } + + if (c) { + if (!c->sid[0]) { + rc = sepol_sidtab_context_to_sid(sidtab, + &c->context[0], + &c->sid[0]); + if (rc) + goto out; + } + *out_sid = c->sid[0]; + } else { + *out_sid = SECINITSID_UNLABELED; + } + +out: + return rc; +} + /* * Return the SID of the port specified by * `domain', `type', `protocol', and `port'. diff --git a/libsepol/src/write.c b/libsepol/src/write.c index e75b9ab..fa1b7d1 100644 --- a/libsepol/src/write.c +++ b/libsepol/src/write.c @@ -16,6 +16,7 @@ * * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * Copyright (C) 2003-2005 Tresys Technology, LLC + * Copyright (C) 2017 Mellanox Technologies Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -1410,6 +1411,21 @@ static int ocontext_write_selinux(struct policydb_compat_info *info, if (context_write(p, &c->context[1], fp)) return POLICYDB_ERROR; break; + case OCON_IBPKEY: + /* The subnet prefix is in network order */ + for (j = 0; j < 4; j++) + buf[j] = c->u.ibpkey.subnet_prefix[j]; + + buf[4] = cpu_to_le32(c->u.ibpkey.low_pkey); + buf[5] = cpu_to_le32(c->u.ibpkey.high_pkey); + + items = put_entry(buf, sizeof(uint32_t), 6, fp); + if (items != 6) + return POLICYDB_ERROR; + + if (context_write(p, &c->context[0], fp)) + return POLICYDB_ERROR; + break; case OCON_PORT: buf[0] = c->u.port.protocol; buf[1] = c->u.port.low_port;