From patchwork Mon May 15 20:42:38 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Jurgens X-Patchwork-Id: 9727971 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2DBF36028A for ; Mon, 15 May 2017 20:50:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0B671289A7 for ; Mon, 15 May 2017 20:50:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id F411B289AC; Mon, 15 May 2017 20:50:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 571ED289A8 for ; Mon, 15 May 2017 20:50:48 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.38,346,1491264000"; d="scan'208";a="5797786" IronPort-PHdr: =?us-ascii?q?9a23=3AFH9lIRIEMnLEDX68itmcpTZWNBhigK39O0sv0rFi?= =?us-ascii?q?tYgQK/v5rarrMEGX3/hxlliBBdydsKMbzbON+Pm9AyQp2tWoiDg6aptCVhsI24?= =?us-ascii?q?09vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7?= =?us-ascii?q?Ovr6GpLIj8Swyuu+54Dfbx9GiTe5Y75+Ngi6oAveusULgYZuNLs6xwfUrHdPZ+?= =?us-ascii?q?lY335jK0iJnxb76Mew/Zpj/DpVtvk86cNOUrj0crohQ7BAAzsoL2465MvwtRne?= =?us-ascii?q?VgSP/WcTUn8XkhVTHQfI6gzxU4rrvSv7sup93zSaPdHzQLspVzmu87tnRRn1gy?= =?us-ascii?q?gJLT459HzchNJ2gqxVvRmtowVzz5PIbI2QMvd1Y6HTcs4ARWdZXshfSTFPDI2/?= =?us-ascii?q?YYUIDeUBM/5Yoovgq1YAsxS+HhKhCP/zxjJSmnP7x7E23/gnHArb3AIgBdUOsH?= =?us-ascii?q?HModv7LqgSV/2+wq3VzTXZYPNZxzH96JPVeR0mvP6DR7RwccvPxkkrFQPIlVCQ?= =?us-ascii?q?ppLhPzORzOsNtW+b7uV6We2zjG4nrhh8rz6yzckijYnJg5gaylHC9ShhwYY6Ps?= =?us-ascii?q?O3SEhmbt68F5tQrT2aO5FrTcw8XWFlvjsxxL4euZOjYSQHx5sqywTfZvCaaYSE?= =?us-ascii?q?/B3uWPiLLTtlnH5pZbayihio/UWvyODwTNS43VdKoyZfj9XAqHQA2hrO4cadUP?= =?us-ascii?q?R95F2u2TOX2gDW7eFLPF47mLLAK54k3r4wjp0TsVnfHiPumEX5kquWdkI89+i0?= =?us-ascii?q?8evneLTmpoKHN4NulgH/Mrghmsy4AegiNAgBQ3Ob9vim2L3m/E35RK1Gjvwwkq?= =?us-ascii?q?bHrJDXPdkXq6G2DgNP0osv9gyzAymp3dgGh3ULMUpJeBedgIjoP1HOLur4DfC6?= =?us-ascii?q?g1m0izdk2fTGPrznApXQIXnPiazufbFg605a1AU808tf6olICrABPP3zWkjxuM?= =?us-ascii?q?beDh8iKQO42ennCNJj1o8GQ2KAHreZML/OsV+P/u8vIe6MZIkPtzbhK/gq/fju?= =?us-ascii?q?gGQ7mV8ae6mp2IEYaGukHvt4OUWZemDggtAbEWcFpgA+VvDliEWeUT5PYHa/R6?= =?us-ascii?q?A85jMhB426DofDXYetgLqA3CelBZBWaGRGCk2DEHjzaoWEXesMaD+ILs9miDwE?= =?us-ascii?q?WqCrS5U92hG2qA/6171nI/La+y0ZsZLj0cZ65/fImBE86zN7EsOd03uXQGFshG?= =?us-ascii?q?MIQD02075jrkxh0FuD1rJ4g/NAH9xJ+/xJShs6NYLbz+FiFt/9RgfBftCPSFa6?= =?us-ascii?q?X9mrGi8xQcwrw98PYkd9HNOiggrF3yW0H78fj6aLC4As8qLAw3jxIN5wxGva1K?= =?us-ascii?q?Y7lVkrWddANWqjhqFj7QfTHJLJn1+fl6m0aaQWxDTN+3ubzWqSoEFYVxZ9UKXE?= =?us-ascii?q?XHAYYEvbttH55kfbQ7+vD7QrKA1BxtSYKqtJa93pk0tJSO3lONvAf2K7g32wCg?= =?us-ascii?q?qQxrOQcIrqfH0Q0zvFCEceiQAT/G2GOBMmBii7uWLeDSduFUrrY0z27eZxtmm3?= =?us-ascii?q?TkguzwGFd0dhzaa6+gYJhfyATPMexrwEuD07pDVyAFm93snWBsGFpwp5faVQeM?= =?us-ascii?q?g94Vlc1W7DsAx9JJOgJbh4hlECawR3o1/u1xJvB4VDi8cqr3QqzBdpJKKbylxB?= =?us-ascii?q?dDSY3Y3qNr3QMGny8wila7TK1VHGzNaW5qAP5ewipFr+pgGpF1Qt82983tZPz3?= =?us-ascii?q?Sc44/GDA0IUZL+Skw37QR1p6nGYikh4IPZzWZsMaeusj/FwNIpGPAoyg2mf9dY?= =?us-ascii?q?PqKEERX9E8sAC8ioNuMqh0CjbggYM+BK6K40I8SmeuOI2aGxOOZggCypjX5c4I?= =?us-ascii?q?1mzEKD6TB8RfXV35YA2f2Y2RGHVzjkhle7rs/3gZxEZS0VHmen1SjrGZNeZqxo?= =?us-ascii?q?coYPEmqhP8q3xtBiiJH3QH5Y6ESvB1UY18+1YRCSdUDy3RVM1UQLpnyqgS24zz?= =?us-ascii?q?1wkzEtsKWfxzfDzP78exodPW5HXm5ijU3jIYKsldAVQFCobxQ1lBui/Uv62alb?= =?us-ascii?q?q7hjL2nUW0dEZTT5L2FlUqu2ubqPeMpP6JIusSpNSuS8ZkqWSrnnoxsVyynjBX?= =?us-ascii?q?dRxCgndzG2vZX0hxh6iGOGLHZvtXbZYt9/xRPe5NzaWP5Q0SELRDJgiTnWAFi8?= =?us-ascii?q?PsWm/c6Om5fFrO++S3qrVodPfinz0YOAqCy76HVwAR24m/CznsPoERIm3i/82d?= =?us-ascii?q?hnTj7IrAvgbYnwzai6NvhnfkZwDl/m98V6Ap1+kpc3hJwIwXgVnIiV/X4dnWjp?= =?us-ascii?q?K9lUwqX+bH4RRT4Mxd7Y+w3l1FFlLnKO2431THOdzdV9Z9OieGMZxjo979xWCK?= =?us-ascii?q?eT9LFEnjV6olyjrQ/KYvhygDEdyeAo6HEEn+EFog0tzj+SAroKB0lXITTslwiU?= =?us-ascii?q?79C5tKhXemCvfqWr2Upgm9CuEbGCrhtaWHnnZpcoBTVw4dlnMFLQzH3z7ZnpeM?= =?us-ascii?q?HKYtIOsh2ZiAvPj+lJKJMxj/YKizBoOWTnsX0i0e47ggRk3Yums4ifN2Vt4KW5?= =?us-ascii?q?DwZCNjLoeswe4T7tjaNRn8qM2YCgAIlhEC0RXJT0VfKoDC4StfP/OgaWCjI8t3?= =?us-ascii?q?ObFqTHHQCF7kdms2zAE4qwOnGKP3kW089iRAKHKExEhwAUQS86kYInGQCkw8zh?= =?us-ascii?q?akh56S4L6l7+tBRM1vpiNwPjXWfHuAeodjA0RYCRLBVM6AFC+0DVMcmF4+J9AS?= =?us-ascii?q?5X45qhrBaXJWyDfQRICmMJVVKYCFD/JLWu4sPA8+eADOqkM/TOeamOqfBZV/qQ?= =?us-ascii?q?wJKgyI9m/zKSOcWTInltFec011FFXX9nB8TZgCkARDYPly3TdcKbogmz+jFvpM?= =?us-ascii?q?Cl7PvrQB7v5ZeIC7ZKK9Vj4R63jb2GN+GKgCZ5LjZZ24gWynDUzbgTxlkSizth?= =?us-ascii?q?dzO1C7QPqTbNTL7Mmq9QFxMbZTlzO9VV4KInxAZNP9LbitTu1rNjlPE6F1JFWU?= =?us-ascii?q?bmmsGzaswAO3u9O0/fBEaXKLSGIiXGw8ftYaymUb1QlP5ZtxOxuTaBCE/jIjqD?= =?us-ascii?q?lzjvVx+1N+FDkCCbMwZauI2ndRZtE2fjRsr8ahKnKN93kSE2wbosi3PSK2ETKi?= =?us-ascii?q?Zzc0VMrr2M6iNVmfR/FHJf4XV7N+WEnDyZ7+bAIJYMrfRrGjh0l/5d4Hki1rRV?= =?us-ascii?q?9z9LS+Z6mCvItNFuvUqrkvKVxTpkTRpOsCxEiJiPvUV/P6XW7INAVW/Y/BIK7m?= =?us-ascii?q?WRCxMKq8FjCtLxp6Ba0sLPm77rKDde79LU+tMRB9POJ8KZKnUhPgTmGCXPAQse?= =?us-ascii?q?VzGrK3vQh0NDn/GJ7HGVqIY1qoT0kpoUVrBbTEA1Fu8dCkl9B9MCIZh3XjQikb?= =?us-ascii?q?OAkcEH+2GxrBjLS8VcpJzHUeiSAfr3IjaDkbZEfwcIwa//LYkLLIL71FZtakdk?= =?us-ascii?q?k4nRHErQRc5CoitkbgAuoUVN9GNxTmo82k7/bQOt+nATH+aunhEqkgt+ffgt9D?= =?us-ascii?q?D07lcrIVrKoTE8kFM2mdTknz+RdiX+LL23XY5ICCr5rFQ+MpT+QwlpdwKyhlBk?= =?us-ascii?q?OC3CR71Pk7tqbXprhxPEuZtTBf5cSrVJYBwQxPGTefolylFcqiKpxU9J++TFFY?= =?us-ascii?q?dilAstcZ6psX1MwQRjY8ApJabIPqpG0kBQhr6Svi+vzu0xxhERKFwJ8G6Jey4I?= =?us-ascii?q?v1cINqU8KCqu5exs6g2ClyFFeGcSS/oguuhq+V8lO+Sc0yLg1KZOKlqvOOyEMa?= =?us-ascii?q?yWoXLAmtKIQl4rzUwIllNF8qVx0ccta0qUTV4gzbuLGxQPK8XCNRlfb9BO+3jL?= =?us-ascii?q?YSaOreLNzIpoMIW6EODoS/KBu7gQgkKlBwsmBZoD7t4GHpW210HYN8jnJqYfyR?= =?us-ascii?q?ox/ATrOEmFDPNRdR2WijgHvcC/w4Js3YRGPD4dG399MSK557bMuAAlnOeDXM03?= =?us-ascii?q?YncGXooILHQ2V9OmmyRBpXRPECG30v4FyAiF9zL8oiPQDCPiYNplZfaUYghhCN?= =?us-ascii?q?6w+TUi6aS2jkTX8prGLWHgKdtiosPP6f8dp5ufEPNbU719s0bam4lFSH2nSHLA?= =?us-ascii?q?EdmwJ5fscYYsdsD0Bmy8UlOhlzI/V93xM8q1LqiUnQHoQp5ZsIqB3DEjL8C9EC?= =?us-ascii?q?0eGxdrquEM46J8fREMb4A9YRH2qwQ0L7a/LxuA0tWyX2atLiNbT+VezeW/YLxX?= =?us-ascii?q?0yosb++hxXQ9T5E7z/O4/lUXSJEMkB7e2e6pZ5NCXijrBnxdZwLPqDIjmGhlN+?= =?us-ascii?q?Y93vkwzwvNsVgcNTCLc+ppZ3Zfst4nBFOdO3N2BnM2R1+Bl4bD5BCj36wK9StH?= =?us-ascii?q?g9lUyfFFsGT5vpLHez2jRqqrpI7PvCU9c9gpvbdxMZf5LcuctJLShDvfTIPfsg?= =?us-ascii?q?edSi61C+JamsRMICJfWPRIlnwlOc0CuYpF90UxU9wzKKFRB6Y3p7ClczxkATQV?= =?us-ascii?q?zS8DWIOKxCYCjfuk27vGiheQd4wvMAYCsJVDntQdUyl2YicFpKG7TovYinWKR3?= =?us-ascii?q?QMLgoI8QtM4wcAmZNqceD+/IrEVplMxCBKo/hsSCvECoFo90fnSmGRmVX4Uu+u?= =?us-ascii?q?k/au3Q1J1//szsMbVwRhCUdDw+ZWl00oKL5zK6kRsY7KsiOIdU3gs2L3zeuqPl?= =?us-ascii?q?9RxtPId1fgForKqXL8UjEA+X0TXYJOxmvTGogSkwp4baYrpU9DIIO9d0b/+TMr?= =?us-ascii?q?2ZpmE6O/VcCxyFYvtWwGSDuyE9pdF+Fmt0raVyd/Y5C2rpXpIZZST3RR+J2cql?= =?us-ascii?q?dZjF5iPzS/yZVCN8FH+iQMUyRXoTWBoNuyT9VO2c5wD58QPNh/v2nyGKZaN5iN?= =?us-ascii?q?uX03uqfiynjB+z8itle6wS+8G668T+1C+G0fFR8lJ2OEqkkgF+Es6Hvd8kjRsl?= =?us-ascii?q?Bo+OdWHrePjV9rrzZ7ApBDHTdJ1XerLlR1UHlGs/tVKKXTc8xAXfYyfwWjOxog?= =?us-ascii?q?Gv46x0aJ5117nW/lYyxusQtX4zzdXw4xVSQOnrfhhTgepdq9NT8cVZ1IcS0rbz?= =?us-ascii?q?3ZJAKDhSBXoBFfZllqW58DGNZK4bUb0pZP88XfV0msMTkFUwJmNg0my/pTj0lD?= =?us-ascii?q?sF+XeSrFFwqnae7PsgFrfceWtMOpLvP58xlch4z6ru847LsMR2e6mQKzXN/StY?= =?us-ascii?q?n8ucOWtkGWbqf3L/W8YWPdTDjLlR2/nrkkAIXW8yXRLQZWJYJ3xmYjYZjkFWHE?= =?us-ascii?q?Jw9GJ74BK0pdS696dc1MovpGaM98ZKYJ5ahtCwqdRhzxBYOvrONJLkrISDTaKC?= =?us-ascii?q?WB7PKwrZzP4rzaVOfveNaAx3DZTKJrJp168yX0G6/20Y9C/Ur7wu9t9lhmSVfc?= =?us-ascii?q?Li+BsM/sJhgM5Mm/bEvtooMmHTXKAJdqinXtwltMd80NQy2l6J4Y0o9W6G7sSe?= =?us-ascii?q?Jk1Uj+qPFS96N65oYp/r9k0tq0JaPOKfRAq0BnHBmUBgJu9pozHGhzXWdRYvUe?= =?us-ascii?q?KP3JZ6QWkdjuq/zrF6wQ8BCV+fZWacHAJ0HansmwEC+cRAdBnAccrT4aMgqc2O?= =?us-ascii?q?KEm6BuT8alvvL12kU341ixNhQG1qxi5Z+Y+qqUo+/adxnRwqICWqjkXMPzqakj?= =?us-ascii?q?tF2J6P04jrEOfHd1Ywq9HOgbSMEd2n/qzbo2wiI0D8PDA7Xg9eZFV3I9hT/gmp?= =?us-ascii?q?Z9H1AMFvMVG7qL855ekX0jm+zFLN0Wb7xNmnqSFR6+DLAO03mr6zGYIGN9mBHB?= =?us-ascii?q?zwnwQX+v7F/xtSJ4RyrMwMvkkkpRTLa3Hl1eXyuuOU9/qzOPJxHltN/4tKU69k?= =?us-ascii?q?02NXbktN2Vnmu7JLxXB9H/JMCbISQsuF0YlpkxScK02YAHGdu9J8wc8GpiYfvf?= =?us-ascii?q?9WyrlTNBo6ZdiIbE5MGa5OnXF2G6j6KGs7WN2CxYyn8gsFE78dCgM/HD6saEQ/?= =?us-ascii?q?u2ymkRSD1/tBHZXx6vrbzbrU4bNlCX0EvRn4wKJN5Z12Ei1k76/OgjXM4z9AJG?= =?us-ascii?q?G4bCZvMCoCv+OD7qzleffd03TCie0z1YHl7vF1l3BrQ80nrqvM3VjXfQ50EoRo?= =?us-ascii?q?5oekzmhB14FZ83Jl425VgM3CUDDRYCZgyBALGvH0TlIpMOVVIfZhSfwLi6ZqA3?= =?us-ascii?q?0FVozbOu/+/SY/ZzB6gMNvZBlg6BhkVbGpYNvKICR7JzZkFS+7TKpgj4DIjnRe?= =?us-ascii?q?LpmWA3Nf2vTcBQ6doZuGc64gajWxqg7o9O764Bh5CUaqFEYZbNvMdm70dk/DIP?= =?us-ascii?q?bTJCgBx+jxO/TOAdq/vu4sDBv5q09umuVKgsR+IN9xg3HWh+jIX/gEolod7J0+?= =?us-ascii?q?dQUIrViZ7w8ApVOX6FpJ7a0wVgKeoJM4+rYKxg+GsDJycEIXIBI8GbZOQ94y9i?= =?us-ascii?q?MTXT+0ZNAtgWatMCIcrBgwZUhVP1WLtL7MrUBkeYC5tvd8Av92f3xyo68YEiXe?= =?us-ascii?q?b86D+7PpTf71BRP/xdjCVjjs/CpPMPzfrUFicX/WGTawJpzSOa15mNF/Hw8P2D?= =?us-ascii?q?yN7KUVMGAik2U4BaKDqZ5wOnQuu1lJP0UgKb8cLzhIwxdFiQR3OrhqgFtLhDEf?= =?us-ascii?q?JYgCXhwjdeDpz1h+6Ss9e09GRXtEdIH5po4BLZH6VfOpF7ORXmmcmxWkhzGDfw?= =?us-ascii?q?eMHOehopouqWyf8G4/9iOEvmeY8bPhUExqr/6XpSSAtuVLH2sUiCUOIUZdtpUv?= =?us-ascii?q?XEoW5J6YNuLK8PJludpIfwojdOtl82HBcjaKUsoTxCaknOgApVVr77uLEckQsc?= =?us-ascii?q?Ssd1t1JDF2y2OWI+4SfHVKtOgameDfwa6DOTQbIUX0VvKCN+TAu/2I9ydLuxgf?= =?us-ascii?q?BHrmRGkzt/oPgt0zxmQgGwtjHsp6IJxDIv5bC5tDQHuXxeTeWekjzFCUtCzPQU?= =?us-ascii?q?l6gcD2vt6V2mbHkFcoTy/KFtJd78+ok5/3Q/fRIjcjUHXeS+ES7wibiFAoiSsN?= =?us-ascii?q?1BhR6Nv97OYaW0LSgIObQ30QjjSGRl0gjCgBZo93MGQje+498qKoW9Pd0oxySy?= =?us-ascii?q?FmjdalkM/rlFsM3vul4XVOE2c09uwH1/0sibQS0AXMPPG2Iyjgkqd2pEdJZD5A?= =?us-ascii?q?QBF6kvhDaIv7VJ8hsSYDjKDoSv4pPQktvQ2XkhUddqwXrbpq+FhpIqyH1lnNd0?= =?us-ascii?q?7i+SuHsMbOHYVs5sAmTp1ohB0+D+YO+tsu8fQot81LuhSOMCMtWk+WauxJVqW0?= =?us-ascii?q?qly68CH1q4LOADxanUUyO/RW2eR+uLb3CGnywlPU7q+RmoMlo3Zd9Pr088MevC?= =?us-ascii?q?hZlcmhbjUbxuRSWQolnbw3IlMe8AcQI5ppuncRQQTOENf+icOfQuwPomBVQXcX?= =?us-ascii?q?DJGzd2BvStsV6pm4h7J2lg4Vvkbuvw6AzmN8GSGhYcG47AspFx4eC6Rn6GOXJ4?= =?us-ascii?q?1B1yO010+P3FF1U/se9cd5iRkMPVh9R81u4FbOliPjEnut4UgYJj8oiU0MGFcR?= =?us-ascii?q?3LyZbyP97VqOCCA/LD10QqZn1aUr0BbAP7+Yo6Ot85W6XNErZCvBUcBK06QJk/?= =?us-ascii?q?OGfr8KF7Mhl/cgnLZLS7msPqvP6EZoNIp3/K6VI9NCnduwUZyvy1UQN0cYunh3?= =?us-ascii?q?DzIJAsXDJOscdhChx8HItAA8kAtRaoA4aImKGnjN+840R6u+sUvqfrEvDK0M62?= =?us-ascii?q?355tX5hb+UOLICzRC7d1jUh/iOS9nOvA2IHrCcz+YdMESPR7QmndZ7/CH4W/LC?= =?us-ascii?q?+OO83ld05C8r6cy655Ug6KaSD4RaWGsiqkOO9j4UUhxYxyZPDTwyA177HHxNvy?= =?us-ascii?q?YHlWpjy9on6NNZtf6kHKBOPZUxxbVfqF8HhqHbcJYovs7ugDKt8iz8aG4wl18j?= =?us-ascii?q?tC1NCKI7WurkPW3UJ7b53bJlPz2yklQYkKPAi/MUw0jG/csHvSHXRcLsmiKclq?= =?us-ascii?q?m9uVEB3t509vlmEpZ25BHHfoRNiLNWgcwcK+axWA9BhXANYbg+63ZUk4u7WwSe?= =?us-ascii?q?ZyOZVFnv6lua4akdZvNyHPRM9aPzzfLL92IjpdFOPPq0Y0YhQcqbg6Rp81ZYSS?= =?us-ascii?q?IEMAKEqP0jj9wQzG0U31bNysyL2JLDwN8npZ073JyyNMqBe9ufaYhM3jTb/YYY?= =?us-ascii?q?rqU//SKiolSyqaSS48EEmz5VekoP0EvPyCLWcYuFAUbTqYCBQPqaB3sdjQEmjT?= =?us-ascii?q?lPVsfJIQn/+aQSHwRzN8lKcpGCZLsVqDQ+ECFQnLdXPhhnRTuBC6LP9W4X3ld6?= =?us-ascii?q?GYxrZSW+EOAItMd/qZQ8HCefBfPDcljTMZN/y5f9LCrrY1yFXITXEWE6PQ7l2R?= =?us-ascii?q?UFaWQuCAxzLsRYgVpIY0ui809d/RnSJ6CLrIMKiFpz6v84+4iyCYtffYVmYzf0?= =?us-ascii?q?xmyN4FVXKMxBhGNXEsF8AeuEarRLWJIUlLyiEHk+VrjjMFfkxRT2dh33tN1KKx?= =?us-ascii?q?E8tYRFoWpGajRPkPaldnSjg3+BnZsUXJfdUctJWLFCdl/bwWRN9YdaEl?= X-IPAS-Result: =?us-ascii?q?A2HUAwDJExpZ/wHyM5BcHAEBBAEBCgEBFgEBAQMBAQEJAQE?= =?us-ascii?q?BgwEpgW6OdpBtcpcPJIs7VwEBAQEBAQEBAgECaAUjgjMkgkIGAQIXDVUDCQEBF?= =?us-ascii?q?wgpCAMBUxkFiFCBTgSuVDomAosEiD2CZ4sJBZAigQGMZ5MdixeGUpRDWFkxTyE?= =?us-ascii?q?VhG0LAQEBQhyBZnOIbAEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 15 May 2017 20:50:46 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v4FKojPi024006; Mon, 15 May 2017 16:50:46 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v4FKo5oV276901 for ; Mon, 15 May 2017 16:50:05 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v4FKo4PP023984 for ; Mon, 15 May 2017 16:50:04 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1B0AgCMExpZf4GlL8FcHAEBBAEBCgEBgyyCF452kG1ylxKGJAKGDQECAQEBAQECEwEBIV2FGQMDGg1SEBgIMVcZiFWBUq5UOop6Mog9gmeLCQWQIoEBjGeTHZFplENWWjFPIRWFPRyBZj02iGwBAQE X-IPAS-Result: A1B0AgCMExpZf4GlL8FcHAEBBAEBCgEBgyyCF452kG1ylxKGJAKGDQECAQEBAQECEwEBIV2FGQMDGg1SEBgIMVcZiFWBUq5UOop6Mog9gmeLCQWQIoEBjGeTHZFplENWWjFPIRWFPRyBZj02iGwBAQE X-IronPort-AV: E=Sophos;i="5.38,346,1491278400"; d="scan'208";a="6053087" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 15 May 2017 16:50:03 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AC+UW5BFxxMJ2k4kYMfiH+51GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ78oM2wAkXT6L1XgUPTWs2DsrQf2rWQ6vurADFaqb+681k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRo?= =?us-ascii?q?LerpBIHSk9631+ev8JHPfglEnjSwbLdwIRmssAncuMYajZZiJ6ov1xDEvmZGd+?= =?us-ascii?q?NKyG1yOFmdhQz85sC+/J5i9yRfpfcs/NNeXKv5Yqo1U6VWACwpPG4p6sLrswLD?= =?us-ascii?q?TRaU6XsHTmoWiBtIDBPb4xz8Q5z8rzH1tut52CmdIM32UbU5Uims4qt3VBPljj?= =?us-ascii?q?oMOiUn+2/LlMN/kKNboAqgpxNhxY7UfJqVP+d6cq/EYN8WWXZNUsNXWidcAI2z?= =?us-ascii?q?cpEPAvIBM+hGsofzqVgAoxy8CgmiH+7j1iNEi2Xq0aAgz+gtDQfL1xEgEdIUt3?= =?us-ascii?q?TUqc34OqkIXuCz0aLGySjDb+lZ2Tjj7ojIaQ0qrPaRUr1qd8rRyFcgFwfHjliL?= =?us-ascii?q?rIzqITeV1uAXvGid6OphWvijhHIgqwF0uzWiwNonhIfOhoIQ0F/E9CN5zZ40Jd?= =?us-ascii?q?KjVkF7Z8OrEINXtyGAK4t6WN4tTH92uCs817YIuoa7cTAXxJkjyRPTcfOKfoqS?= =?us-ascii?q?7h7+VeucIS10iG97dL+7gRu57FKuxffmVsau1VZHtipFncfItnAKzxHT79aISv?= =?us-ascii?q?95/ki73zaP0A/S5vtYLkAzj6bbKpohzqYxlpoVr0vDAjf7lFjygaKYbEkp9eql?= =?us-ascii?q?5/76brjnppKQLZJ4hh/6P6g2n8ywG+U4MgwAX2iB/uS80aXu8lDjT7VMj/05jK?= =?us-ascii?q?3ZsJLBKMQeuKG5BwtV3Zwl6xa4ADaqysgXnX4CLF5dYhKIk5DpO03SIPD/Ffq/?= =?us-ascii?q?mEqjkDNqx/DAI73gDY7ALmTDkbj9fbZ97FRQyAwozd9F/Z5UBbYBIOygEnP24c?= =?us-ascii?q?fVCh4/Lhyc3/fsCNI70JgXH22IHPy3KqTX5HOB4KoNPvODaYkO8GLxIv4k6vrs?= =?us-ascii?q?pXo0nVsUe665m5AQbSbrTbxdP0yFbC+00Z86GmAQs197FbSyhQ=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0HsAQDJExpZf4GlL8FcHAEBBAEBCgEBF?= =?us-ascii?q?wEBBAEBCgEBgwGCF452kG1ylxKGJAKGDQEBAQEBAQEBAgECEAEBIV2CMyQBgkE?= =?us-ascii?q?DAxoNUhAYCDFXGYhVgVKuVDqKejKIPYJniwkFkCKBAYxnkx2RaZRDVlsxTyEVh?= =?us-ascii?q?T0cgWY9NohsAQEB?= X-IPAS-Result: =?us-ascii?q?A0HsAQDJExpZf4GlL8FcHAEBBAEBCgEBFwEBBAEBCgEBgwG?= =?us-ascii?q?CF452kG1ylxKGJAKGDQEBAQEBAQEBAgECEAEBIV2CMyQBgkEDAxoNUhAYCDFXG?= =?us-ascii?q?YhVgVKuVDqKejKIPYJniwkFkCKBAYxnkx2RaZRDVlsxTyEVhT0cgWY9NohsAQE?= =?us-ascii?q?B?= X-IronPort-AV: E=Sophos;i="5.38,346,1491264000"; d="scan'208";a="5797733" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from mail-il-dmz.mellanox.com (HELO mellanox.co.il) ([193.47.165.129]) by emsm-gh1-uea11.nsa.gov with ESMTP; 15 May 2017 20:50:02 +0000 Received: from Internal Mail-Server by MTLPINE1 (envelope-from danielj@mellanox.com) with ESMTPS (AES256-SHA encrypted); 15 May 2017 23:43:22 +0300 Received: from x-vnc01.mtx.labs.mlnx. (x-vnc01.mtx.labs.mlnx [10.12.150.16]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id v4FKglb5005032; Mon, 15 May 2017 23:43:21 +0300 From: Dan Jurgens To: selinux@tycho.nsa.gov Subject: [PATCH v1 6/9] libsepol: Add IB end port handling to CIL Date: Mon, 15 May 2017 23:42:38 +0300 Message-Id: <1494880961-73481-7-git-send-email-danielj@mellanox.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1494880961-73481-1-git-send-email-danielj@mellanox.com> References: <1494880961-73481-1-git-send-email-danielj@mellanox.com> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Daniel Jurgens Add IB end port parsing, symbol table management, and policy generation to CIL. Signed-off-by: Daniel Jurgens --- v1: James Carter: - Add cil_resolve_ibendportcon prototype in cil_resolve_ast.h Signed-off-by: Daniel Jurgens --- libsepol/cil/src/cil.c | 18 +++++++++++ libsepol/cil/src/cil_binary.c | 29 +++++++++++++++++ libsepol/cil/src/cil_binary.h | 12 +++++++ libsepol/cil/src/cil_build_ast.c | 65 ++++++++++++++++++++++++++++++++++++++ libsepol/cil/src/cil_build_ast.h | 2 ++ libsepol/cil/src/cil_copy_ast.c | 25 +++++++++++++++ libsepol/cil/src/cil_flavor.h | 1 + libsepol/cil/src/cil_internal.h | 9 ++++++ libsepol/cil/src/cil_policy.c | 15 +++++++++ libsepol/cil/src/cil_post.c | 42 ++++++++++++++++++++++++ libsepol/cil/src/cil_post.h | 1 + libsepol/cil/src/cil_reset_ast.c | 10 ++++++ libsepol/cil/src/cil_resolve_ast.c | 28 ++++++++++++++++ libsepol/cil/src/cil_resolve_ast.h | 1 + libsepol/cil/src/cil_tree.c | 13 ++++++++ libsepol/cil/src/cil_verify.c | 23 ++++++++++++++ 16 files changed, 294 insertions(+) diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index 3df670a..c02a41a 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -189,6 +189,7 @@ static void cil_init_keys(void) CIL_KEY_CONTEXT = cil_strpool_add("context"); CIL_KEY_FILECON = cil_strpool_add("filecon"); CIL_KEY_IBPKEYCON = cil_strpool_add("ibpkeycon"); + CIL_KEY_IBENDPORTCON = cil_strpool_add("ibendportcon"); CIL_KEY_PORTCON = cil_strpool_add("portcon"); CIL_KEY_NODECON = cil_strpool_add("nodecon"); CIL_KEY_GENFSCON = cil_strpool_add("genfscon"); @@ -259,6 +260,7 @@ void cil_db_init(struct cil_db **db) cil_sort_init(&(*db)->filecon); cil_sort_init(&(*db)->nodecon); cil_sort_init(&(*db)->ibpkeycon); + cil_sort_init(&(*db)->ibendportcon); cil_sort_init(&(*db)->portcon); cil_sort_init(&(*db)->pirqcon); cil_sort_init(&(*db)->iomemcon); @@ -311,6 +313,7 @@ void cil_db_destroy(struct cil_db **db) cil_sort_destroy(&(*db)->filecon); cil_sort_destroy(&(*db)->nodecon); cil_sort_destroy(&(*db)->ibpkeycon); + cil_sort_destroy(&(*db)->ibendportcon); cil_sort_destroy(&(*db)->portcon); cil_sort_destroy(&(*db)->pirqcon); cil_sort_destroy(&(*db)->iomemcon); @@ -737,6 +740,9 @@ void cil_destroy_data(void **data, enum cil_flavor flavor) case CIL_PORTCON: cil_destroy_portcon(*data); break; + case CIL_IBENDPORTCON: + cil_destroy_ibendportcon(*data); + break; case CIL_NODECON: cil_destroy_nodecon(*data); break; @@ -1105,6 +1111,8 @@ const char * cil_node_to_string(struct cil_tree_node *node) return CIL_KEY_FILECON; case CIL_IBPKEYCON: return CIL_KEY_IBPKEYCON; + case CIL_IBENDPORTCON: + return CIL_KEY_IBENDPORTCON; case CIL_PORTCON: return CIL_KEY_PORTCON; case CIL_NODECON: @@ -1838,6 +1846,16 @@ void cil_netifcon_init(struct cil_netifcon **netifcon) (*netifcon)->context_str = NULL; } +void cil_ibendportcon_init(struct cil_ibendportcon **ibendportcon) +{ + *ibendportcon = cil_malloc(sizeof(**ibendportcon)); + + (*ibendportcon)->dev_name_str = NULL; + (*ibendportcon)->port = 0; + (*ibendportcon)->context_str = NULL; + (*ibendportcon)->context = NULL; +} + void cil_context_init(struct cil_context **context) { *context = cil_malloc(sizeof(**context)); diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index 75398ff..fb65698 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -3323,6 +3323,30 @@ exit: return rc; } +int cil_ibendportcon_to_policydb(policydb_t *pdb, struct cil_sort *ibendportcons) +{ + int rc = SEPOL_ERR; + uint32_t i; + ocontext_t *tail = NULL; + + for (i = 0; i < ibendportcons->count; i++) { + ocontext_t *new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_IBENDPORT], &tail); + struct cil_ibendportcon *cil_ibendportcon = ibendportcons->array[i]; + + new_ocon->u.ibendport.dev_name = cil_strdup(cil_ibendportcon->dev_name_str); + new_ocon->u.ibendport.port = cil_ibendportcon->port; + + rc = __cil_context_to_sepol_context(pdb, cil_ibendportcon->context, &new_ocon->context[0]); + if (rc != SEPOL_OK) + goto exit; + } + + return SEPOL_OK; + +exit: + return rc; +} + int cil_nodecon_to_policydb(policydb_t *pdb, struct cil_sort *nodecons) { int rc = SEPOL_ERR; @@ -3887,6 +3911,11 @@ int __cil_contexts_to_policydb(policydb_t *pdb, const struct cil_db *db) goto exit; } + rc = cil_ibendportcon_to_policydb(pdb, db->ibendportcon); + if (rc != SEPOL_OK) { + goto exit; + } + if (db->target_platform == SEPOL_TARGET_XEN) { rc = cil_pirqcon_to_policydb(pdb, db->pirqcon); if (rc != SEPOL_OK) { diff --git a/libsepol/cil/src/cil_binary.h b/libsepol/cil/src/cil_binary.h index a03d250..5367feb 100644 --- a/libsepol/cil/src/cil_binary.h +++ b/libsepol/cil/src/cil_binary.h @@ -342,6 +342,18 @@ int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, st int cil_ibpkeycon_to_policydb(policydb_t *pdb, struct cil_sort *ibpkeycons); /** + * Insert cil idbev structure into sepol policydb. + * The function is given a structure containing the sorted ibendportcons and + * loops over this structure inserting them into the policy database. + * + * @param[in] pdb The policy database to insert the pkeycon into. + * @param[in] node The cil_sort structure that contains the sorted ibendportcons. + * + * @return SEPOL_OK upon success or an error otherwise. + */ +int cil_ibendportcon_to_policydb(policydb_t *pdb, struct cil_sort *pkeycons); + +/** * Insert cil portcon structure into sepol policydb. * The function is given a structure containing the sorted portcons and * loops over this structure inserting them into the policy database. diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index 1121574..0a9a5e5 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -4667,6 +4667,68 @@ void cil_destroy_netifcon(struct cil_netifcon *netifcon) free(netifcon); } +int cil_gen_ibendportcon(__attribute__((unused)) struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node) +{ + enum cil_syntax syntax[] = { + CIL_SYN_STRING, + CIL_SYN_STRING, + CIL_SYN_STRING, + CIL_SYN_STRING | CIL_SYN_LIST, + CIL_SYN_END + }; + int syntax_len = sizeof(syntax) / sizeof(*syntax); + int rc = SEPOL_ERR; + struct cil_ibendportcon *ibendportcon = NULL; + + if (!db || !parse_current || !ast_node) + goto exit; + + rc = __cil_verify_syntax(parse_current, syntax, syntax_len); + if (rc != SEPOL_OK) + goto exit; + + cil_ibendportcon_init(&ibendportcon); + + ibendportcon->dev_name_str = parse_current->next->data; + + rc = cil_fill_integer(parse_current->next->next, &ibendportcon->port, 10); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Improper ibendport port specified\n"); + goto exit; + } + + if (!parse_current->next->next->next->cl_head) { + ibendportcon->context_str = parse_current->next->next->data; + } else { + cil_context_init(&ibendportcon->context); + + rc = cil_fill_context(parse_current->next->next->next->cl_head, ibendportcon->context); + if (rc != SEPOL_OK) + goto exit; + } + + ast_node->data = ibendportcon; + ast_node->flavor = CIL_IBENDPORTCON; + + return SEPOL_OK; + +exit: + cil_tree_log(parse_current, CIL_ERR, "Bad ibendportcon declaration"); + cil_destroy_ibendportcon(ibendportcon); + return SEPOL_ERR; +} + +void cil_destroy_ibendportcon(struct cil_ibendportcon *ibendportcon) +{ + if (!ibendportcon) + return; + + if (!ibendportcon->context_str && ibendportcon->context) + cil_destroy_context(ibendportcon->context); + + free(ibendportcon); +} + int cil_gen_pirqcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node) { enum cil_syntax syntax[] = { @@ -6301,6 +6363,9 @@ int __cil_build_ast_node_helper(struct cil_tree_node *parse_current, uint32_t *f } else if (parse_current->data == CIL_KEY_IBPKEYCON) { rc = cil_gen_ibpkeycon(db, parse_current, ast_node); *finished = CIL_TREE_SKIP_NEXT; + } else if (parse_current->data == CIL_KEY_IBENDPORTCON) { + rc = cil_gen_ibendportcon(db, parse_current, ast_node); + *finished = CIL_TREE_SKIP_NEXT; } else if (parse_current->data == CIL_KEY_PORTCON) { rc = cil_gen_portcon(db, parse_current, ast_node); *finished = CIL_TREE_SKIP_NEXT; diff --git a/libsepol/cil/src/cil_build_ast.h b/libsepol/cil/src/cil_build_ast.h index c2d7b31..8153e51 100644 --- a/libsepol/cil/src/cil_build_ast.h +++ b/libsepol/cil/src/cil_build_ast.h @@ -177,6 +177,8 @@ int cil_gen_filecon(struct cil_db *db, struct cil_tree_node *parse_current, stru void cil_destroy_filecon(struct cil_filecon *filecon); int cil_gen_ibpkeycon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); void cil_destroy_ibpkeycon(struct cil_ibpkeycon *ibpkeycon); +int cil_gen_ibendportcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); +void cil_destroy_ibendportcon(struct cil_ibendportcon *ibendportcon); int cil_gen_portcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); void cil_destroy_portcon(struct cil_portcon *portcon); int cil_gen_nodecon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c index 7307b08..7af00aa 100644 --- a/libsepol/cil/src/cil_copy_ast.c +++ b/libsepol/cil/src/cil_copy_ast.c @@ -1227,6 +1227,28 @@ int cil_copy_ibpkeycon(struct cil_db *db, void *data, void **copy, __attribute__ return SEPOL_OK; } +int cil_copy_ibendportcon(struct cil_db *db, void *data, void **copy, __attribute__((unused)) symtab_t *symtab) +{ + struct cil_ibendportcon *orig = data; + struct cil_ibendportcon *new = NULL; + + cil_ibendportcon_init(&new); + + new->dev_name_str = orig->dev_name_str; + new->port = orig->port; + + if (orig->context_str) { + new->context_str = orig->context_str; + } else { + cil_context_init(&new->context); + cil_copy_fill_context(db, orig->context, new->context); + } + + *copy = new; + + return SEPOL_OK; +} + int cil_copy_portcon(struct cil_db *db, void *data, void **copy, __attribute__((unused)) symtab_t *symtab) { struct cil_portcon *orig = data; @@ -1942,6 +1964,9 @@ int __cil_copy_node_helper(struct cil_tree_node *orig, __attribute__((unused)) u case CIL_IBPKEYCON: copy_func = &cil_copy_ibpkeycon; break; + case CIL_IBENDPORTCON: + copy_func = &cil_copy_ibendportcon; + break; case CIL_PORTCON: copy_func = &cil_copy_portcon; break; diff --git a/libsepol/cil/src/cil_flavor.h b/libsepol/cil/src/cil_flavor.h index 4505b8b..c2f0cee 100644 --- a/libsepol/cil/src/cil_flavor.h +++ b/libsepol/cil/src/cil_flavor.h @@ -114,6 +114,7 @@ enum cil_flavor { CIL_MLS, CIL_SRC_INFO, CIL_IBPKEYCON, + CIL_IBENDPORTCON, /* * boolean constraint set catset diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h index 2add97b..6d6a7d9 100644 --- a/libsepol/cil/src/cil_internal.h +++ b/libsepol/cil/src/cil_internal.h @@ -204,6 +204,7 @@ char *CIL_KEY_MLSVALIDATETRANS; char *CIL_KEY_CONTEXT; char *CIL_KEY_FILECON; char *CIL_KEY_IBPKEYCON; +char *CIL_KEY_IBENDPORTCON; char *CIL_KEY_PORTCON; char *CIL_KEY_NODECON; char *CIL_KEY_GENFSCON; @@ -288,6 +289,7 @@ struct cil_db { struct cil_sort *filecon; struct cil_sort *nodecon; struct cil_sort *ibpkeycon; + struct cil_sort *ibendportcon; struct cil_sort *portcon; struct cil_sort *pirqcon; struct cil_sort *iomemcon; @@ -789,6 +791,12 @@ struct cil_netifcon { char *context_str; }; +struct cil_ibendportcon { + char *dev_name_str; + uint32_t port; + char *context_str; + struct cil_context *context; +}; struct cil_pirqcon { uint32_t pirq; char *context_str; @@ -974,6 +982,7 @@ int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_s void cil_sort_init(struct cil_sort **sort); void cil_sort_destroy(struct cil_sort **sort); void cil_netifcon_init(struct cil_netifcon **netifcon); +void cil_ibendportcon_init(struct cil_ibendportcon **ibendportcon); void cil_context_init(struct cil_context **context); void cil_level_init(struct cil_level **level); void cil_levelrange_init(struct cil_levelrange **lvlrange); diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c index 35a0a29..2196ae8 100644 --- a/libsepol/cil/src/cil_policy.c +++ b/libsepol/cil/src/cil_policy.c @@ -1729,6 +1729,20 @@ static void cil_ibpkeycons_to_policy(FILE *out, struct cil_sort *ibpkeycons, int } } +static void cil_ibendportcons_to_policy(FILE *out, struct cil_sort *ibendportcons, int mls) +{ + uint32_t i; + + for (i = 0; i < ibendportcons->count; i++) { + struct cil_ibendportcon *ibendportcon = (struct cil_ibendportcon *)ibendportcons->array[i]; + + fprintf(out, "ibendportcon %s ", ibendportcon->dev_name_str); + fprintf(out, "%u ", ibendportcon->port); + cil_context_to_policy(out, ibendportcon->context, mls); + fprintf(out, "\n"); + } +} + static void cil_portcons_to_policy(FILE *out, struct cil_sort *portcons, int mls) { unsigned i; @@ -1958,6 +1972,7 @@ void cil_gen_policy(FILE *out, struct cil_db *db) cil_portcons_to_policy(out, db->portcon, db->mls); cil_netifcons_to_policy(out, db->netifcon, db->mls); cil_ibpkeycons_to_policy(out, db->ibpkeycon, db->mls); + cil_ibendportcons_to_policy(out, db->ibendportcon, db->mls); cil_nodecons_to_policy(out, db->nodecon, db->mls); cil_pirqcons_to_policy(out, db->pirqcon, db->mls); cil_iomemcons_to_policy(out, db->iomemcon, db->mls); diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c index 893860d..0d494ea 100644 --- a/libsepol/cil/src/cil_post.c +++ b/libsepol/cil/src/cil_post.c @@ -217,6 +217,25 @@ int cil_post_netifcon_compare(const void *a, const void *b) return strcmp(anetifcon->interface_str, bnetifcon->interface_str); } +int cil_post_ibendportcon_compare(const void *a, const void *b) +{ + int rc = SEPOL_ERR; + + struct cil_ibendportcon *aibendportcon = *(struct cil_ibendportcon **)a; + struct cil_ibendportcon *bibendportcon = *(struct cil_ibendportcon **)b; + + rc = strcmp(aibendportcon->dev_name_str, bibendportcon->dev_name_str); + if (rc) + return rc; + + if (aibendportcon->port < bibendportcon->port) + return -1; + else if (bibendportcon->port < aibendportcon->port) + return 1; + + return rc; +} + int cil_post_nodecon_compare(const void *a, const void *b) { struct cil_nodecon *anodecon; @@ -426,6 +445,9 @@ static int __cil_post_db_count_helper(struct cil_tree_node *node, uint32_t *fini case CIL_IBPKEYCON: db->ibpkeycon->count++; break; + case CIL_IBENDPORTCON: + db->ibendportcon->count++; + break; case CIL_PORTCON: db->portcon->count++; break; @@ -516,6 +538,17 @@ static int __cil_post_db_array_helper(struct cil_tree_node *node, uint32_t *fini sort->index++; break; } + case CIL_IBENDPORTCON: { + struct cil_sort *sort = db->ibendportcon; + uint32_t count = sort->count; + uint32_t i = sort->index; + + if (!sort->array) + sort->array = cil_malloc(sizeof(*sort->array) * count); + sort->array[i] = node->data; + sort->index++; + break; + } case CIL_FSUSE: { struct cil_sort *sort = db->fsuse; uint32_t count = sort->count; @@ -1662,6 +1695,14 @@ static int __cil_post_db_cat_helper(struct cil_tree_node *node, uint32_t *finish goto exit; break; } + case CIL_IBENDPORTCON: { + struct cil_ibendportcon *ibendportcon = node->data; + + rc = __evaluate_levelrange_expression(ibendportcon->context->range, db); + if (rc != SEPOL_OK) + goto exit; + break; + } case CIL_PORTCON: { struct cil_portcon *portcon = node->data; rc = __evaluate_levelrange_expression(portcon->context->range, db); @@ -2022,6 +2063,7 @@ static int cil_post_db(struct cil_db *db) qsort(db->netifcon->array, db->netifcon->count, sizeof(db->netifcon->array), cil_post_netifcon_compare); qsort(db->genfscon->array, db->genfscon->count, sizeof(db->genfscon->array), cil_post_genfscon_compare); qsort(db->ibpkeycon->array, db->ibpkeycon->count, sizeof(db->ibpkeycon->array), cil_post_ibpkeycon_compare); + qsort(db->ibendportcon->array, db->ibendportcon->count, sizeof(db->ibendportcon->array), cil_post_ibendportcon_compare); qsort(db->portcon->array, db->portcon->count, sizeof(db->portcon->array), cil_post_portcon_compare); qsort(db->nodecon->array, db->nodecon->count, sizeof(db->nodecon->array), cil_post_nodecon_compare); qsort(db->fsuse->array, db->fsuse->count, sizeof(db->fsuse->array), cil_post_fsuse_compare); diff --git a/libsepol/cil/src/cil_post.h b/libsepol/cil/src/cil_post.h index fe7f3a5..3d54154 100644 --- a/libsepol/cil/src/cil_post.h +++ b/libsepol/cil/src/cil_post.h @@ -40,6 +40,7 @@ void cil_post_fc_fill_data(struct fc_data *fc, char *path); int cil_post_filecon_compare(const void *a, const void *b); int cil_post_ibpkeycon_compare(const void *a, const void *b); int cil_post_portcon_compare(const void *a, const void *b); +int cil_post_ibendportcon_compare(const void *a, const void *b); int cil_post_genfscon_compare(const void *a, const void *b); int cil_post_netifcon_compare(const void *a, const void *b); int cil_post_nodecon_compare(const void *a, const void *b); diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c index fc23a2c..73034a9 100644 --- a/libsepol/cil/src/cil_reset_ast.c +++ b/libsepol/cil/src/cil_reset_ast.c @@ -326,6 +326,13 @@ static void cil_reset_netifcon(struct cil_netifcon *netifcon) } } +static void cil_reset_ibendportcon(struct cil_ibendportcon *ibendportcon) +{ + if (!ibendportcon->context_str) { + cil_reset_context(ibendportcon->context); + } +} + static void cil_reset_pirqcon(struct cil_pirqcon *pirqcon) { if (pirqcon->context_str == NULL) { @@ -498,6 +505,9 @@ int __cil_reset_node(struct cil_tree_node *node, __attribute__((unused)) uint32 case CIL_IBPKEYCON: cil_reset_ibpkeycon(node->data); break; + case CIL_IBENDPORTCON: + cil_reset_ibendportcon(node->data); + break; case CIL_PORTCON: cil_reset_portcon(node->data); break; diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c index 9e3cb2b..a671068 100644 --- a/libsepol/cil/src/cil_resolve_ast.c +++ b/libsepol/cil/src/cil_resolve_ast.c @@ -2086,6 +2086,31 @@ exit: return rc; } +int cil_resolve_ibendportcon(struct cil_tree_node *current, void *extra_args) +{ + struct cil_ibendportcon *ibendportcon = current->data; + struct cil_symtab_datum *con_datum = NULL; + + int rc = SEPOL_ERR; + + if (ibendportcon->context_str) { + rc = cil_resolve_name(current, ibendportcon->context_str, CIL_SYM_CONTEXTS, extra_args, &con_datum); + if (rc != SEPOL_OK) + goto exit; + + ibendportcon->context = (struct cil_context *)con_datum; + } else { + rc = cil_resolve_context(current, ibendportcon->context, extra_args); + if (rc != SEPOL_OK) + goto exit; + } + + return SEPOL_OK; + +exit: + return rc; +} + int cil_resolve_pirqcon(struct cil_tree_node *current, void *extra_args) { struct cil_pirqcon *pirqcon = current->data; @@ -3606,6 +3631,9 @@ int __cil_resolve_ast_node(struct cil_tree_node *node, void *extra_args) case CIL_NETIFCON: rc = cil_resolve_netifcon(node, args); break; + case CIL_IBENDPORTCON: + rc = cil_resolve_ibendportcon(node, args); + break; case CIL_PIRQCON: rc = cil_resolve_pirqcon(node, args); break; diff --git a/libsepol/cil/src/cil_resolve_ast.h b/libsepol/cil/src/cil_resolve_ast.h index 0506a3d..82c8ea3 100644 --- a/libsepol/cil/src/cil_resolve_ast.h +++ b/libsepol/cil/src/cil_resolve_ast.h @@ -75,6 +75,7 @@ int cil_resolve_validatetrans(struct cil_tree_node *current, void *extra_args); int cil_resolve_context(struct cil_tree_node *current, struct cil_context *context, void *extra_args); int cil_resolve_filecon(struct cil_tree_node *current, void *extra_args); int cil_resolve_ibpkeycon(struct cil_tree_node *current, void *extra_args); +int cil_resolve_ibendportcon(struct cil_tree_node *current, void *extra_args); int cil_resolve_portcon(struct cil_tree_node *current, void *extra_args); int cil_resolve_genfscon(struct cil_tree_node *current, void *extra_args); int cil_resolve_nodecon(struct cil_tree_node *current, void *extra_args); diff --git a/libsepol/cil/src/cil_tree.c b/libsepol/cil/src/cil_tree.c index 89706d0..d36401b 100644 --- a/libsepol/cil/src/cil_tree.c +++ b/libsepol/cil/src/cil_tree.c @@ -1506,6 +1506,19 @@ void cil_tree_print_node(struct cil_tree_node *node) cil_log(CIL_INFO, "\n"); return; } + case CIL_IBENDPORTCON: { + struct cil_ibendportcon *ibendportcon = node->data; + + cil_log(CIL_INFO, "IBENDPORTCON: %s %u ", ibendportcon->dev_name_str, ibendportcon->port); + + if (ibendportcon->context) + cil_tree_print_context(ibendportcon->context); + else if (ibendportcon->context_str) + cil_log(CIL_INFO, " %s", ibendportcon->context_str); + + cil_log(CIL_INFO, "\n"); + return; + } case CIL_PIRQCON: { struct cil_pirqcon *pirqcon = node->data; diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c index 108da33..1036d73 100644 --- a/libsepol/cil/src/cil_verify.c +++ b/libsepol/cil/src/cil_verify.c @@ -1012,6 +1012,26 @@ exit: return rc; } +int __cil_verify_ibendportcon(struct cil_db *db, struct cil_tree_node *node) +{ + int rc = SEPOL_ERR; + struct cil_ibendportcon *ib_end_port = node->data; + struct cil_context *ctx = ib_end_port->context; + + /* Verify only when anonymous */ + if (!ctx->datum.name) { + rc = __cil_verify_context(db, ctx); + if (rc != SEPOL_OK) + goto exit; + } + + return SEPOL_OK; + +exit: + cil_tree_log(node, CIL_ERR, "Invalid ibendportcon"); + return rc; +} + int __cil_verify_genfscon(struct cil_db *db, struct cil_tree_node *node) { int rc = SEPOL_ERR; @@ -1475,6 +1495,9 @@ int __cil_verify_helper(struct cil_tree_node *node, uint32_t *finished, void *ex case CIL_IBPKEYCON: rc = __cil_verify_ibpkeycon(db, node); break; + case CIL_IBENDPORTCON: + rc = __cil_verify_ibendportcon(db, node); + break; case CIL_PORTCON: rc = __cil_verify_portcon(db, node); break;