From patchwork Thu May 18 22:25:43 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Jurgens X-Patchwork-Id: 9735335 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3CF47601A1 for ; Thu, 18 May 2017 22:27:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 260CD288B2 for ; Thu, 18 May 2017 22:27:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 18FDE288BE; Thu, 18 May 2017 22:27:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 61D35288B2 for ; Thu, 18 May 2017 22:27:14 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.38,360,1491264000"; d="scan'208";a="7229057" IronPort-PHdr: =?us-ascii?q?9a23=3AcGPozx1ChqYyyBLbsmDT+DRfVm0co7zxezQtwd8Z?= =?us-ascii?q?sewXKPnxwZ3uMQTl6Ol3ixeRBMOAuq0C0bKd6vqocFdDyK7JiGoFfp1IWk1Nou?= =?us-ascii?q?QttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZr?= =?us-ascii?q?KeTpAI7SiNm82/yv95HJbQhFgDiwbalsIBmqogndq9caipZ+J6gszRfEvmFGcP?= =?us-ascii?q?lMy2NyIlKTkRf85sOu85Nm7i9dpfEv+dNeXKvjZ6g3QqBWAzogM2Au+c3krgLD?= =?us-ascii?q?QheV5nsdSWoZjBxFCBXY4R7gX5fxtiz6tvdh2CSfIMb7Q6w4VSik4qx2RhDoki?= =?us-ascii?q?MHPCMn/m/RhMJ7kaZXrAu8qxBjxoLZZpyeOvhjcaPHZd4URXRPUNtfWSJCBY2z?= =?us-ascii?q?bYUPD/IDMOpFoYTyuUAOoACiCQWwHu7j1iVFimPq0aA8zu8vERvG3AslH98Wvn?= =?us-ascii?q?rbttP1P7oWX+Co1qnIwivMb/VN2Tzg74XHbwouofeNXb1udcrRy1IiFwbbgVWU?= =?us-ascii?q?rYzqJTWV1uMCsmSB8+VgUuevhnchpgpsoTav3t8hhpTGi48a0FzJ9Th1zJwrKd?= =?us-ascii?q?C3VkJ3e8OoHINNuyyeOYZ6WMwvTmNytCony7ALuYS3cDUUxJkjwRPUduaJfJKS?= =?us-ascii?q?4h35UeacOTJ4hHV4d72hnxuy6k2gyvHkVsmzzVZKsjJJktnSuXAJ0Bze8tSHRe?= =?us-ascii?q?Fn/kegxDaPzBrf6v1EIE8olarbLIQtwrgsmZoIrUvPBCr2mETyjKOOd0Uk/Pan?= =?us-ascii?q?6/j/b7n7qZKROJV4hwHjPqg0hMCyDvo0PhITU2SD/OSzzrzj/Un3QLVQif02l7?= =?us-ascii?q?HUsIvEKsQfp665BRJV04k65xmkCDemzdIYkmUZI1JeYx+Hk4joNE3OIPD/F/u/?= =?us-ascii?q?hU+sny1xy/DJOb3hHI3BLmLfn7f5YbZ990lcxRIxzdBY4ZJbEK0BIPLpVU/3r9?= =?us-ascii?q?HYDBg5Mwqxw+n9E9V9yp0RWXiUAqODN6PSq1CI7Po1I+aQfI8VpCr9K/896v7s?= =?us-ascii?q?j382g0MSfaqy3ZsQbnC4H+pmLl6XYXron9cAHnwFvhc4TOz2lV2OSzlTZ2y9X6?= =?us-ascii?q?gk/DE0FJqmDZvfRoCqmLGA0ia7HplTZm9YEFCBCnnoeJuZVPcLciKdONdhkiYD?= =?us-ascii?q?VbijVYAuyQ2uuBX9y7p9Iere4jcYuo771Nhp++3Tkgk/+iFoAMSY1GGNSX10kn?= =?us-ascii?q?4TSj8owq9/u019y1aE0ah+mfBYE8Jc5+9RWAcgKZHc1/B6C8z1Wg/ZY9iJVEyp?= =?us-ascii?q?Qs+9DD4tSdIxxsMBbFxmG9W+lBzD2TSlA6MNnbyRGJM06r7c32T2J8tly3fH1a?= =?us-ascii?q?4hj189T8tKMW2qn69/9w7JC47PiUqZjaWqdaUC3CHT7muDy3SBvF1AWg5qTarF?= =?us-ascii?q?RWwfZlfRrdnh/UzNVLiiCbAmMgta1c6CMbFGasb3glpaXvvjI8rRY2awm2e2GB?= =?us-ascii?q?aJyaiBY5bqemUHwSXdE1IIkg4J8naaLgg+ASGhr3jZDDx0GlLle1ns/vVmqHOn?= =?us-ascii?q?Uk80yBmHYFN517Wv4B4VhOecRugL3r0eoichqi50HE65393MF9WPuRBtfKJGYd?= =?us-ascii?q?My+F1Hz37WtxRhPpy8KKBvnlAecx5tsEPoyxp3C55AnNMvrHMyzQp+MLmY0V1a?= =?us-ascii?q?dz+C2pDwILLXIHHo/B+zc67Wxk3e0NGO96cM8vs4qFLjvByyG0oh6Xpn0N5V02?= =?us-ascii?q?aG6pXNFgoSXor7Ulwr+Bhiu7Hafi496pvO2nJxK6m0syHN28gyCeQ/1hmges1T?= =?us-ascii?q?MKSeFA/9C8caHdShKPQ2m1i1aRIJJPtS9KAuP8OhbPuGxLWmPP1mnDKhg2VH5Z?= =?us-ascii?q?py0kSW+yp6VOHIw44Pw+uE0QufSzf8kFChv9j5mI9eYTESAnSwyTL/BINKeK19?= =?us-ascii?q?Y5wLBnyzI82y3Nl+gITtW3FA/l65G1wGwNOpeQaVb1HlwQ1fyFkYoX29liu81D?= =?us-ascii?q?F7jzYprq+D0yPU2OTiaAALOmhVS2l+lV3sO5S7j8gGXEi0aAgkjB2l5Uf+x6hf?= =?us-ascii?q?uqt/NHLeTl1WcCjsKGFuSKywtqCNY8RX8pMnrT1XUPigYVCdUrP9vRoa3D//H2?= =?us-ascii?q?tZ3jA3bS2lupX+nxx8h2KQN3JzrHvfec5q3xff48bQRflL3joJXCN4kyXYBkCg?= =?us-ascii?q?P9m1+tWZj5PDsuGlV2K9T5FTajfkzYeBtCu9+G1rDgayn+urmt3mFwg60DP018?= =?us-ascii?q?JwWSXOshn8fpHh176mPuJ/YkloGFj85tJgGoF5loswgI8f2WIGiZWS83sKinzz?= =?us-ascii?q?MchH1qLldnYNQiQLw9HN6gj/xEJjNm6Jx57+VniF2stufcS6YmcM1i0n9cxFE6?= =?us-ascii?q?CU7LhYnStypFq1tgfRbeR7njca1fQi8ngajP8VuAA11CWSHqgSHVVEPSzrjxmI?= =?us-ascii?q?7M6xrKNMZGu0cri/ykx+ncunDL6cvgFQQnH5eo0tHSVo9MVwLErM0GHv6oHjYN?= =?us-ascii?q?TQc9QTuQCPnhfeiehaNZIxmuAMhSV5JWL3pWclxPIjjRxywZG6u5CKK31386Kk?= =?us-ascii?q?Bh5VLSH6Z8IP+jDtlKpekNyZ34a1EpVmADULU4PiTei0HzIKqfTnKwGOHSUkqn?= =?us-ascii?q?iBBLrfGRGQ6F98oHLJD5CkKWuXKWIEzdV5WhadPldfjBoPXDU9g545DByly9Lv?= =?us-ascii?q?cEd+/DAR6UD3pgFKyu12Kxn1Sn3fqxuwajcoVJifKwJb7g9Y6EfTLcye6edzEj?= =?us-ascii?q?pW/pK/sQONLXabaB5QDWETXUyEBU7sMaWy5dXa9OiYHOW+JePUYbqSsexeS+uI?= =?us-ascii?q?xZW334tj5TmMMsGPMWd+D/0nwEVMR2t0G8LHlDUTUCwYizjCb9aFqxum/C14sN?= =?us-ascii?q?y/+uzxWA3z/YuPF6dSMdJ39hCsm6uCOfSchCNjJjZc0ZMNxWTFx6ID014XkS1u?= =?us-ascii?q?cCOtEbsYvy7XUK3QgrNXDwIcay5rOstI9bwz0RRWOcHBjNP1yrl4juUuBlhfSV?= =?us-ascii?q?Phn9ulZcsQI2GyLFnHHlqENKyaJT3XxMH6eaW8SadKg+VMrx29ojibE075PjSY?= =?us-ascii?q?iznpWRGvMedWgyGdIBNeuZuychJ3BWjkVtLmZQWxMMVrgj0u3b00mnTKOHYEMT?= =?us-ascii?q?diaExCsLuQ7SJEgvV4AGFB72RqIvealCqD6OnYMJkWu+NxAitoj+Ja/Gg6y7xN?= =?us-ascii?q?4S5ZX/x6hjHdrtF0o168jOmC0SFnXwBNqjZWnoKEp19uOaHE9plGQ3nE5gsB7X?= =?us-ascii?q?mXCxQJp9plDcfju6ZOxdjTjKjzMitN88rI/csAAMjZMNmHP2A/MRXzFz7bEhAF?= =?us-ascii?q?QCWwNW7FmUxSiv6S+WOOrpQgrJjjhoYOQKdBVFMpDvMaFlhlHNsaLZhsXzMknr?= =?us-ascii?q?mbjMgT6HWjshbeX8RasYrBVv6IBvXvMjmZh6FeZxQU2bP4MZgTNorj1kN4ZVl1?= =?us-ascii?q?hprKFFTLUNBKui1ucAk0oEBX/3h/Sm08wEXlawy37H8UD/60kQY8ihFibuQ16D?= =?us-ascii?q?fs/1A3K0LWpCs3lUk9g8/lgTeQcTHvKqe/RptWCy3quEgyKZ70XwF1bQiukkN+?= =?us-ascii?q?LzfEW6hdj71+emB3kAXco4dAGeZATa1YZx8d3fKXZvUs0VtCsSinwEhH5eXLCZ?= =?us-ascii?q?R8iAsqbZ6sr3VF2w19dtI1I7LfJLZRxFhKmq2OpjOo1vw2wAIGIUYC7nmdeCoT?= =?us-ascii?q?tUwLMbkmPDao8fZq6QyZmDtDeXIAV/w0rfJ27kk9IfiPzzr8075fLUC8L/afIL?= =?us-ascii?q?2Cu2fej8GIWE8/1kMTmkZe/Lh2y9osc02aV0A31rueCRQIOdDEKQ5Lc8pY7GLT?= =?us-ascii?q?cjqWseXR3ZJ1OJ2wGf3vTe+IsqYbn1yrHAIoH4kX9MsOAIOs0EbCIcfgNr4Fxg?= =?us-ascii?q?0n5B73K1WdEPRJZBWLnS8arM6l0p933JRSJioGDGpnKyW3/LHXpwExgPWdQNg2?= =?us-ascii?q?f20aXooYNnM2QsG6nTBWv2hYBjmtzu0Z0BSC7yP7pinICDn8aMBja+mSZRJtD9?= =?us-ascii?q?G74jo/866riVLN9ZXePW76P8x4utDT8eMau4qHC/RMQLlmrUjcn4hYR3q3U2/A?= =?us-ascii?q?CtO6O5/wa4wwYtPuEXa6TkazizQrQMftJNytNLSHgRn0RYZIt4mWxDMjNdW9Fz?= =?us-ascii?q?4EHRdwu+ED6blzZQ0Ee5o0fQTktwIgOKyjOA2YyMmhQ36xKTtKSPlS1fm6Z71S?= =?us-ascii?q?zyorcu+6yHshQ4onwOm28U8CXooFggvYxfm9e4lUSTLzFWBFewXTuSo5kHBsOf?= =?us-ascii?q?w2wuc+3BzHr0ETMzWLdexvb2xEucszCEiJLnV3EGU4QUaQjYTe4gK22bAd4Tdd?= =?us-ascii?q?lc5O0eJZqHj+ooPfYDW0VaOwt5rVtTEtYsI7rK1vL4PjONCGu4nEnj3fVpXQtR?= =?us-ascii?q?eFUCGiHfpAhtdQOD5YQOVPmWw9NswGpItB6U41VsggIrxCE7Qjqa6xZjplFyES?= =?us-ascii?q?yzUVV4Sa3DwNmu28wafVlg+McJQ+NxwJqI9Cgt0cUyFqYiMeo6ujV57OmWGdV2?= =?us-ascii?q?YFOhse4wNX6Q0ckY9we/zq75DTTJ9Q0TJWpex7UjfTHJly61T7Un2WgUT/SPi5?= =?us-ascii?q?ieymwB9dwenj0tkeVx9zE05dyPhKlkEwMrF4N7EQvpLWsj+PbU76pnjiyPGhJF?= =?us-ascii?q?ZK0sDUa0f4A5DbtWXiVi0c+HsURYBLyHHeGpQSkxZ5aKgxq1VWJYCqYED+6CI4?= =?us-ascii?q?x45xBbm3Sdirx0o5rXYBXyqrHcBNBP1msFLWXT1lYoqkqJb+NpVTXGBf5oOSp0?= =?us-ascii?q?1ekEV3PC6z0YBcJN1V4j4QQDhPpi2Qs8GoSM1e3896FZwML8x+u3f8GaNEJIOe?= =?us-ascii?q?r2cwurPx1n/T4yo8v0uixDWvB6+4SPpU/2wYGgU1OWuerlcgD+4y/WfO6FDMsk?= =?us-ascii?q?t5/+BDBreRi0VxpSxyHpFKBjlS0nCkIE5/TH5cs+VVMK7VadBTQ+EuZR+zPBwz?= =?us-ascii?q?DfEm31aT8kFygXf0eC1ytgxU+iDbQwk0VTcagrbrmT0CtM6nIyUWS5RWYjU9dy?= =?us-ascii?q?3FMR6UmThLvBZDbEFnQ4wZAtFA+7wAwYtY4s/CRl22JSEDQhNiKhoy0eBDmk5b?= =?us-ascii?q?rEWYZSfdABKodfnVqB14Z8ORo9OyIfvk4ghHkpvnv/4896odXX2qgwqtQcrRr4?= =?us-ascii?q?XkrN2FqlOOdLvkM+27eXLBTj/Mgg6riLg5EZbK5DbcMBBHK5Zk1HUoe57hBnDX?= =?us-ascii?q?PR5ePaIUO1JbVbxmadVBuu1VfMFkd7oV9aJvGx6KSAjiF5CorPlDMlncXy/eLz?= =?us-ascii?q?mb/uy5v43T8aTXSfL8acyU23bHX6V3M49g6TblBrjq0ZVR+lbt1/dp8UN6V0bJ?= =?us-ascii?q?Pz6do9TmOwwE+tOudk38sZ01BTnWGot/kGLxxkFccMoaWzWq8I8EyJxD9XnwVf?= =?us-ascii?q?l10lP0sO1P7blr9Zc447Z1yceuP6jSLe5WsUh9AhibHg9q7IkiAHBjR2BNZe8c?= =?us-ascii?q?MOvRfb4Hgs/wtu/6DLEX6BmJ++xDc9THOUDBms67Cj6CVRxIhgABqSQVLgGEzf?= =?us-ascii?q?6Kh7d0Sdq5pej+wk8t4UKxLgQBzLB24YeL4LSIqfTSbxvMybgERqnqSd/yrrs2?= =?us-ascii?q?vUOS/ucolLkUemx6ewenCvQSVtYBxmf8yqAn1SAsHNnFH7Lu4v5DUG82kSz7lp?= =?us-ascii?q?BhBVoWHOgUHb2R8YRYgGg4h/TTNscKfaBahmaPCRmkH6cEyX6v8CaXIW9lghTU?= =?us-ascii?q?3xHxR2Oz4kX2ojVjQSvQ1dfjj1ZaVqWqBUdIQSWlI0h4sCmAPADwrtr4pbw17F?= =?us-ascii?q?0qMmzjrN+NkmqhN69QH837PtOcOjM4pFMQjJ02XdyvwpsWGd+yLdYe6n1+aeHe?= =?us-ascii?q?62yzmS9bv6hHn5be4t2S+vjPAXavlamapKuWxDBEynk4ukoy6su8OfHP+dKKRe?= =?us-ascii?q?io12cLQCtlvQvOQQK1oKTBr18IIUyLzFvLmIsSM9Fdxnk400Hr6fMtQN0t6Qpe?= =?us-ascii?q?EZzAaOkapTDpPzv0w0iQbM4rViWE1DtXBF31G0FiGKcgwGLwoN7JlXDI9l0qR4?= =?us-ascii?q?lwclfqhRlpAIQ4N00t8lkXwiwMEQQXbxCUEq2oD1z/LYQYTUgDdQiH3L+id6c2?= =?us-ascii?q?3Ex82Kmg6/PIYOxnGaUNKuhSgRKUkFhcAJIWvrUUQKhgdF9F6K7Xug/iBpD8UP?= =?us-ascii?q?jnjnoxO+e6QsJb8cAFr3st+Bu/Rx675Jhf6LYUlY6HebRZYZjWu8B89V1o6SQI?= =?us-ascii?q?dixXjxh1lwm5XvwEpOD//tjbt4Kl6v60W6YxW+oX9xY1B2Nkj5vzmVwjus/Y1+?= =?us-ascii?q?NdSo3TlIT+/xtAI2aQt4bGzxZ8KeQPK4WxfLZj7XkHJDYRJ2gIPdWIb/kw+Sht?= =?us-ascii?q?MC/c51ZaGMMDecsYPNbRmQBTkkDpRKtT+dTfGlCCDYd8adsl4Hf2yDA68Js8Tv?= =?us-ascii?q?zv6CSsKpDF8lFBJfVDgztwlNjavuga3eLSCDQL4XmecxV1zTmNy4OTBPbs/eWB?= =?us-ascii?q?09XUV1IaHiEoU4dSPieC+Re9SuqziprpThue6tXvj5ImaEKQWnuxkbwKsqlSF+?= =?us-ascii?q?5AliL73j9ZGoDumf2Vt9us6G1KtlxIC4tz6QPKGL9fP5phIxj4kNekRlRkDCvl?= =?us-ascii?q?ZM7UbgYuuPaRxuoU/+p+NVHxapMALx0YzLL67X5VTgpwR77solaWQ/4eZNt8RP?= =?us-ascii?q?PDtHBV5ppqK7UTM1iFuJzqsjBIpUgzAA8ubr8wsjNaeVfVkQ1QWqb7orgAhRUA?= =?us-ascii?q?Ud93vk9MA2GwOHkk6zrBS6tVkLGbCOYJ/TWLUqwOT0JoPztxQxypw5VuYKKlk+?= =?us-ascii?q?1IvG1AnyN9puUq0jN9SRuzvC3jvaQN1iw69LG/rjUBtmRPTv+CnCfQFVVD0PMK?= =?us-ascii?q?gL8eC3bl6Vy8ZmMPY5fy4LljOMTv6Igg43U5YRU4fC0GXP+tCz/xj6OWGIOPtM?= =?us-ascii?q?9ThB+XtMXIc7CzMTAYNq4hxhL7W3h9zg/ekQ5p8GsVWDqg6sQpJIGgOck4xyqo?= =?us-ascii?q?HnPbeEwL4qNTv8v7rUQLQ/cuaVN93GVj1dCKRi8TS8zBFWY1ihMpaGtef5JF9x?= =?us-ascii?q?AaC7MkgjCWsala5gsUeivbEpy5+onMmsfFwXY9TdNtxmPYuKKFgpcq3WZ+m9Nz?= =?us-ascii?q?6C6OuWgde/beU8ByHnj5zp1fxvDmZ/WxruAHT5NryLahUP4CKsmj/m+22JR2Wk?= =?us-ascii?q?C73bkeGlu5MPMZxrjFSSulTneYWeuTeWiWgzk5KlLy5QWvLlAvdMdKrko9P/De?= =?us-ascii?q?hp5diwLhUq17RiGKqV/d0mMjLfsQdxgqt4e/ZwwKUOkRavCZJegvw/0+C1wMYm?= =?us-ascii?q?TLHSRsCO+2tlitk5Z9O3l650X1f/jt+Bj8MNSOAhkEDZLarplp9POhWG2BP2Ng?= =?us-ascii?q?wQZpPElw8OffC0gxtvFCfJmMh9TQgM570eEdffd3LSI9osITmp5k6YSMyMeKdh?= =?us-ascii?q?XRwYzoJdDbpfiYB/Pfwl8vemFdVboZeh366JkgPt4+QL3TBrpZvRITBaQgR5wh?= =?us-ascii?q?LWjx/rluLAxvag7ReKi0gs7yq+KFeJRUo37W7kouIyrHuhwDy/m0TQllYJCwg3?= =?us-ascii?q?X9Poo8RjVbr91iEhFmBpdAG9scrwq7BJ6ZgK+6i8er+0N7p+AFr7H9CvXL1NSl?= =?us-ascii?q?xYV+QYJW5UuRPDbeHKNrmFhqjvyugvfc1Zn8EcTiedcaW+VgWm7FbqXJHp6jKj?= =?us-ascii?q?KPJs38Z1RG/KCC375jVBWeejz5VbKctCK4LPVk/Vk7yotgcerXzTwt6azb2dTr?= =?us-ascii?q?a2FfpyejtmKJNIBE4VzLH+PeWRVUReCC8GZ/Eq0ddZH0+/sWMdw+3Nic5BF+7C?= =?us-ascii?q?9c38uBIqihqFLM2018eZzUMEvp2zg2WZMULxSnK0QhmmzZpWrHAXRaMMekLdJi?= =?us-ascii?q?gMuaDhD34Elxg24tbHZbGmX0XdeRJXQb28WmaQ2P7g1EE9YDn++xeU4/raCyV+?= =?us-ascii?q?hoOpNbluWutbUHl8tpKi7VSMhdJSHQI6d8PiBNAeXXuFgofhkEvqA3WogvZpiO?= =?us-ascii?q?J1gIPVydySP00QvC0Ur0d8Gj1KaJPCYa6HNHwKzZ0TJUvQm2pe6ZgtH/ULDedJ?= =?us-ascii?q?z2U+TdPzE/VjGbWzsyFV2k+Umgu/Uep/qYIHofrkoSYi2MFA4ZvrpvosTIDm/P?= =?us-ascii?q?he1je4UHhPKfWyD3Ui14jqsyBj1QuECKWfUDEBfZb377jGpbogyiKedG/Wj5YL?= =?us-ascii?q?2A2qpVR+sWD5NXcv2XRtvXZfFTKjQzmzUHJum8Zdzcrrc+0lLOV2cZFbfH9EHN?= =?us-ascii?q?BHKRF+eRwzPtQJU9o5k/ui1u/MnZ2CBwDffmJbGa8hKn9MaakTyXtOvFHj0hak?= =?us-ascii?q?o0jeYAKGyMxB1JLmYUTdoSvRe+Eea7e09Q2Sdx2qpV0BgWdVE2CyVj?= X-IPAS-Result: =?us-ascii?q?A2GXAgCcHh5Z/wHyM5BcGwEBAQMBAQEJAQEBFgEBAQMBAQE?= =?us-ascii?q?JAQEBgwEpgW6OeJB7cpcQJIt1VwEBAQEBAQEBAgECaAUjgjMkgkIGAQIXDVUDC?= =?us-ascii?q?QEBFwgpCAMBUxkFiE+BTwSwazomAoskiD2CZ4RmhiMFkCeBAYxrkx2LGYZTlEZ?= =?us-ascii?q?YWTFPIRWEbQsBAQFCHIFmc4V1gj0BAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 18 May 2017 22:27:13 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v4IMRAmd024465; Thu, 18 May 2017 18:27:12 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v4IMQ8uB076194 for ; Thu, 18 May 2017 18:26:08 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v4IMQ2uE024119 for ; Thu, 18 May 2017 18:26:08 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1CxAwDZHh5Z/4GlL8FcHAEBBAEBCgEBgyyCF454kHtylxMchggChkcBAgEBAQEBAmsohRkGGg1SEBgIMVcZiFSBU7BuOosaMog9gmeEZoYjBZAngQGMa5MdkWyURldZMU8hFYU9HIFmPTaFdYI9AQEB X-IPAS-Result: A1CxAwDZHh5Z/4GlL8FcHAEBBAEBCgEBgyyCF454kHtylxMchggChkcBAgEBAQEBAmsohRkGGg1SEBgIMVcZiFSBU7BuOosaMog9gmeEZoYjBZAngQGMa5MdkWyURldZMU8hFYU9HIFmPTaFdYI9AQEB X-IronPort-AV: E=Sophos;i="5.38,360,1491278400"; d="scan'208";a="6058446" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 18 May 2017 18:26:06 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AwW2rbhGE39H61aCe5qmEvp1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ78pciwAkXT6L1XgUPTWs2DsrQf2rWQ6firADZIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+?= =?us-ascii?q?KPjrFY7OlcS30P2594HObwlSijewZbF/IA+ooQnNucUanJVuIbstxxXUpXdFZ/?= =?us-ascii?q?5Yzn5yK1KJmBb86Maw/Jp9/ClVpvks6c1OX7jkcqohVbBXAygoPG4z5M3wqBnM?= =?us-ascii?q?VhCP6WcGUmUXiRVHHQ7I5wznU5jrsyv6su192DSGPcDzULs5Vyiu47ttRRT1ky?= =?us-ascii?q?oMKSI3/3/LhcxxlKJboQyupxpjw47PfYqZMONycr7Bcd8GQGZMWNtaWS5cDYOm?= =?us-ascii?q?d4YBD/QPM/tWoYf+oFUBrxW+CBKwCO/z0DJEmmX70bEm3+knDArI3BYgH9ULsH?= =?us-ascii?q?nMotv6LqESWv2xwqnV1zXDYO1Z2THm6IPVdR0uvOuDXbRxccXPzUkvFRjIjlCO?= =?us-ascii?q?pozhOzOazOINs2+U7uZ6Se2vjGsnphh3rzOyxckskpHEip8Rx13K7yl0z4Q4Kc?= =?us-ascii?q?elREN6YdOoCoZcuz+eOoZwX8gsWXtnuDwgxb0DoZO7fDYFyJAgxxPHbvyIbYyI?= =?us-ascii?q?4hb5W+aXJjd5i2hpd664hxqo8EigzvXwVsiy0FlUsipIisTAu3QD2hDJ5cWKSO?= =?us-ascii?q?Fx8lqg1DuPzQzf9/9ILEQsmareMZEhw7owlpQJsUTEGy/7gFj5g7WQdkUl5Oeo?= =?us-ascii?q?7+bnb67jppCCM490jhvxMqIpms2wG+g3Lg8OX22D9eSmyLLj5VH5QKlNjvAuia?= =?us-ascii?q?nWrpTaJcUdpq6kDA5YyZoj6hajADem19QUh38HLElfdx6dgIjpPE/Oc7jECqKk?= =?us-ascii?q?jlCtlip77+zXNb3mRJPWJz7Ml6myU6x67htwwQx7781F6J9SEflVLPv1W0L1tv?= =?us-ascii?q?TdAxs9Ogqz06DsD9ArhdBWYn6GHqLMaPCailSP/O96ZrDUPII=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0HoAgCcHh5Z/4GlL8FcHAEBBAEBCgEBF?= =?us-ascii?q?wEBBAEBCgEBgwGCF454kHtylxMchggChkcBAQEBAQEBAQIBAmgogjMkAYJBBho?= =?us-ascii?q?NUhAYCDFXGYhUgVOwazqLGjKIPYJnhGaGIwWQJ4EBjGuTHZFslEZYWTFPIRWFP?= =?us-ascii?q?RyBZj02hXWCPQEBAQ?= X-IPAS-Result: =?us-ascii?q?A0HoAgCcHh5Z/4GlL8FcHAEBBAEBCgEBFwEBBAEBCgEBgwG?= =?us-ascii?q?CF454kHtylxMchggChkcBAQEBAQEBAQIBAmgogjMkAYJBBhoNUhAYCDFXGYhUg?= =?us-ascii?q?VOwazqLGjKIPYJnhGaGIwWQJ4EBjGuTHZFslEZYWTFPIRWFPRyBZj02hXWCPQE?= =?us-ascii?q?BAQ?= X-IronPort-AV: E=Sophos;i="5.38,360,1491264000"; d="scan'208";a="7228987" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from mail-il-dmz.mellanox.com (HELO mellanox.co.il) ([193.47.165.129]) by emsm-gh1-uea10.nsa.gov with ESMTP; 18 May 2017 22:26:05 +0000 Received: from Internal Mail-Server by MTLPINE1 (envelope-from danielj@mellanox.com) with ESMTPS (AES256-SHA encrypted); 19 May 2017 01:26:03 +0300 Received: from x-vnc01.mtx.labs.mlnx. (x-vnc01.mtx.labs.mlnx [10.12.150.16]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id v4IMPsGb013313; Fri, 19 May 2017 01:26:02 +0300 From: Dan Jurgens To: selinux@tycho.nsa.gov Subject: [PATCH v2 3/9] libsepol: Add Infiniband Pkey handling to CIL Date: Fri, 19 May 2017 01:25:43 +0300 Message-Id: <1495146349-75366-4-git-send-email-danielj@mellanox.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1495146349-75366-1-git-send-email-danielj@mellanox.com> References: <1495146349-75366-1-git-send-email-danielj@mellanox.com> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Daniel Jurgens Add Infiniband pkey parsing, symbol table management, and policy generation to CIL. Signed-off-by: Daniel Jurgens --- libsepol/cil/src/cil.c | 19 +++++++++ libsepol/cil/src/cil_binary.c | 39 +++++++++++++++++ libsepol/cil/src/cil_binary.h | 12 ++++++ libsepol/cil/src/cil_build_ast.c | 86 ++++++++++++++++++++++++++++++++++++++ libsepol/cil/src/cil_build_ast.h | 2 + libsepol/cil/src/cil_copy_ast.c | 26 ++++++++++++ libsepol/cil/src/cil_copy_ast.h | 1 + libsepol/cil/src/cil_flavor.h | 1 + libsepol/cil/src/cil_internal.h | 11 +++++ libsepol/cil/src/cil_policy.c | 16 +++++++ libsepol/cil/src/cil_post.c | 45 ++++++++++++++++++++ libsepol/cil/src/cil_post.h | 1 + libsepol/cil/src/cil_reset_ast.c | 9 ++++ libsepol/cil/src/cil_resolve_ast.c | 27 ++++++++++++ libsepol/cil/src/cil_resolve_ast.h | 1 + libsepol/cil/src/cil_tree.c | 16 ++++++- libsepol/cil/src/cil_verify.c | 23 ++++++++++ 17 files changed, 334 insertions(+), 1 deletion(-) diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index 9b9ccc36..3df670a7 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -188,6 +188,7 @@ static void cil_init_keys(void) CIL_KEY_MLSVALIDATETRANS = cil_strpool_add("mlsvalidatetrans"); CIL_KEY_CONTEXT = cil_strpool_add("context"); CIL_KEY_FILECON = cil_strpool_add("filecon"); + CIL_KEY_IBPKEYCON = cil_strpool_add("ibpkeycon"); CIL_KEY_PORTCON = cil_strpool_add("portcon"); CIL_KEY_NODECON = cil_strpool_add("nodecon"); CIL_KEY_GENFSCON = cil_strpool_add("genfscon"); @@ -257,6 +258,7 @@ void cil_db_init(struct cil_db **db) cil_sort_init(&(*db)->genfscon); cil_sort_init(&(*db)->filecon); cil_sort_init(&(*db)->nodecon); + cil_sort_init(&(*db)->ibpkeycon); cil_sort_init(&(*db)->portcon); cil_sort_init(&(*db)->pirqcon); cil_sort_init(&(*db)->iomemcon); @@ -308,6 +310,7 @@ void cil_db_destroy(struct cil_db **db) cil_sort_destroy(&(*db)->genfscon); cil_sort_destroy(&(*db)->filecon); cil_sort_destroy(&(*db)->nodecon); + cil_sort_destroy(&(*db)->ibpkeycon); cil_sort_destroy(&(*db)->portcon); cil_sort_destroy(&(*db)->pirqcon); cil_sort_destroy(&(*db)->iomemcon); @@ -728,6 +731,9 @@ void cil_destroy_data(void **data, enum cil_flavor flavor) case CIL_FILECON: cil_destroy_filecon(*data); break; + case CIL_IBPKEYCON: + cil_destroy_ibpkeycon(*data); + break; case CIL_PORTCON: cil_destroy_portcon(*data); break; @@ -1097,6 +1103,8 @@ const char * cil_node_to_string(struct cil_tree_node *node) return CIL_KEY_FSUSE; case CIL_FILECON: return CIL_KEY_FILECON; + case CIL_IBPKEYCON: + return CIL_KEY_IBPKEYCON; case CIL_PORTCON: return CIL_KEY_PORTCON; case CIL_NODECON: @@ -2255,6 +2263,17 @@ void cil_filecon_init(struct cil_filecon **filecon) (*filecon)->context = NULL; } +void cil_ibpkeycon_init(struct cil_ibpkeycon **ibpkeycon) +{ + *ibpkeycon = cil_malloc(sizeof(**ibpkeycon)); + + (*ibpkeycon)->subnet_prefix_str = NULL; + (*ibpkeycon)->pkey_low = 0; + (*ibpkeycon)->pkey_high = 0; + (*ibpkeycon)->context_str = NULL; + (*ibpkeycon)->context = NULL; +} + void cil_portcon_init(struct cil_portcon **portcon) { *portcon = cil_malloc(sizeof(**portcon)); diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index e1481a43..1ddbf21f 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -3218,6 +3218,40 @@ exit: return rc; } +int cil_ibpkeycon_to_policydb(policydb_t *pdb, struct cil_sort *ibpkeycons) +{ + int rc = SEPOL_ERR; + uint32_t i = 0; + ocontext_t *tail = NULL; + struct in6_addr subnet_prefix; + + for (i = 0; i < ibpkeycons->count; i++) { + struct cil_ibpkeycon *cil_ibpkeycon = ibpkeycons->array[i]; + ocontext_t *new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_IBPKEY], &tail); + + rc = inet_pton(AF_INET6, cil_ibpkeycon->subnet_prefix_str, &subnet_prefix); + if (rc != 1) { + cil_log(CIL_ERR, "ibpkeycon subnet prefix not in valid IPV6 format\n"); + rc = SEPOL_ERR; + goto exit; + } + + memcpy(&new_ocon->u.ibpkey.subnet_prefix, &subnet_prefix.s6_addr[0], + sizeof(new_ocon->u.ibpkey.subnet_prefix)); + new_ocon->u.ibpkey.low_pkey = cil_ibpkeycon->pkey_low; + new_ocon->u.ibpkey.high_pkey = cil_ibpkeycon->pkey_high; + + rc = __cil_context_to_sepol_context(pdb, cil_ibpkeycon->context, &new_ocon->context[0]); + if (rc != SEPOL_OK) + goto exit; + } + + return SEPOL_OK; + +exit: + return rc; +} + int cil_portcon_to_policydb(policydb_t *pdb, struct cil_sort *portcons) { int rc = SEPOL_ERR; @@ -3848,6 +3882,11 @@ int __cil_contexts_to_policydb(policydb_t *pdb, const struct cil_db *db) goto exit; } + rc = cil_ibpkeycon_to_policydb(pdb, db->ibpkeycon); + if (rc != SEPOL_OK) { + goto exit; + } + if (db->target_platform == SEPOL_TARGET_XEN) { rc = cil_pirqcon_to_policydb(pdb, db->pirqcon); if (rc != SEPOL_OK) { diff --git a/libsepol/cil/src/cil_binary.h b/libsepol/cil/src/cil_binary.h index c59b1e3c..a03d250d 100644 --- a/libsepol/cil/src/cil_binary.h +++ b/libsepol/cil/src/cil_binary.h @@ -330,6 +330,18 @@ int cil_sepol_level_define(policydb_t *pdb, struct cil_sens *cil_sens); int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_rangetransition *rangetrans, hashtab_t range_trans_table); /** + * Insert cil ibpkeycon structure into sepol policydb. + * The function is given a structure containing the sorted ibpkeycons and + * loops over this structure inserting them into the policy database. + * + * @param[in] pdb The policy database to insert the ibpkeycon into. + * @param[in] node The cil_sort structure that contains the sorted ibpkeycons. + * + * @return SEPOL_OK upon success or an error otherwise. + */ +int cil_ibpkeycon_to_policydb(policydb_t *pdb, struct cil_sort *ibpkeycons); + +/** * Insert cil portcon structure into sepol policydb. * The function is given a structure containing the sorted portcons and * loops over this structure inserting them into the policy database. diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index 36cc6735..11215744 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -4256,6 +4256,89 @@ void cil_destroy_filecon(struct cil_filecon *filecon) free(filecon); } +int cil_gen_ibpkeycon(__attribute__((unused)) struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node) +{ + enum cil_syntax syntax[] = { + CIL_SYN_STRING, + CIL_SYN_STRING, + CIL_SYN_STRING | CIL_SYN_LIST, + CIL_SYN_STRING | CIL_SYN_LIST, + CIL_SYN_END + }; + int syntax_len = sizeof(syntax) / sizeof(*syntax); + int rc = SEPOL_ERR; + struct cil_ibpkeycon *ibpkeycon = NULL; + + if (!db || !parse_current || !ast_node) + goto exit; + + rc = __cil_verify_syntax(parse_current, syntax, syntax_len); + if (rc != SEPOL_OK) + goto exit; + + cil_ibpkeycon_init(&ibpkeycon); + + ibpkeycon->subnet_prefix_str = parse_current->next->data; + + if (parse_current->next->next->cl_head) { + if (parse_current->next->next->cl_head->next && + !parse_current->next->next->cl_head->next->next) { + rc = cil_fill_integer(parse_current->next->next->cl_head, &ibpkeycon->pkey_low, 0); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Improper ibpkey specified\n"); + goto exit; + } + rc = cil_fill_integer(parse_current->next->next->cl_head->next, &ibpkeycon->pkey_high, 0); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Improper ibpkey specified\n"); + goto exit; + } + } else { + cil_log(CIL_ERR, "Improper ibpkey range specified\n"); + rc = SEPOL_ERR; + goto exit; + } + } else { + rc = cil_fill_integer(parse_current->next->next, &ibpkeycon->pkey_low, 0); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Improper ibpkey specified\n"); + goto exit; + } + ibpkeycon->pkey_high = ibpkeycon->pkey_low; + } + + if (!parse_current->next->next->next->cl_head) { + ibpkeycon->context_str = parse_current->next->next->next->data; + } else { + cil_context_init(&ibpkeycon->context); + + rc = cil_fill_context(parse_current->next->next->next->cl_head, ibpkeycon->context); + if (rc != SEPOL_OK) + goto exit; + } + + ast_node->data = ibpkeycon; + ast_node->flavor = CIL_IBPKEYCON; + return SEPOL_OK; + +exit: + cil_tree_log(parse_current, CIL_ERR, "Bad ibpkeycon declaration"); + cil_destroy_ibpkeycon(ibpkeycon); + + return rc; +} + +void cil_destroy_ibpkeycon(struct cil_ibpkeycon *ibpkeycon) +{ + if (!ibpkeycon) + return; + + if (!ibpkeycon->context_str && ibpkeycon->context) + cil_destroy_context(ibpkeycon->context); + + free(ibpkeycon); +} + int cil_gen_portcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node) { enum cil_syntax syntax[] = { @@ -6215,6 +6298,9 @@ int __cil_build_ast_node_helper(struct cil_tree_node *parse_current, uint32_t *f } else if (parse_current->data == CIL_KEY_FILECON) { rc = cil_gen_filecon(db, parse_current, ast_node); *finished = CIL_TREE_SKIP_NEXT; + } else if (parse_current->data == CIL_KEY_IBPKEYCON) { + rc = cil_gen_ibpkeycon(db, parse_current, ast_node); + *finished = CIL_TREE_SKIP_NEXT; } else if (parse_current->data == CIL_KEY_PORTCON) { rc = cil_gen_portcon(db, parse_current, ast_node); *finished = CIL_TREE_SKIP_NEXT; diff --git a/libsepol/cil/src/cil_build_ast.h b/libsepol/cil/src/cil_build_ast.h index 33bae997..c2d7b31e 100644 --- a/libsepol/cil/src/cil_build_ast.h +++ b/libsepol/cil/src/cil_build_ast.h @@ -175,6 +175,8 @@ int cil_gen_context(struct cil_db *db, struct cil_tree_node *parse_current, stru void cil_destroy_context(struct cil_context *context); int cil_gen_filecon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); void cil_destroy_filecon(struct cil_filecon *filecon); +int cil_gen_ibpkeycon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); +void cil_destroy_ibpkeycon(struct cil_ibpkeycon *ibpkeycon); int cil_gen_portcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); void cil_destroy_portcon(struct cil_portcon *portcon); int cil_gen_nodecon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c index d6685050..7307b08b 100644 --- a/libsepol/cil/src/cil_copy_ast.c +++ b/libsepol/cil/src/cil_copy_ast.c @@ -1204,6 +1204,29 @@ int cil_copy_nodecon(struct cil_db *db, void *data, void **copy, __attribute__(( return SEPOL_OK; } +int cil_copy_ibpkeycon(struct cil_db *db, void *data, void **copy, __attribute__((unused)) symtab_t *symtab) +{ + struct cil_ibpkeycon *orig = data; + struct cil_ibpkeycon *new = NULL; + + cil_ibpkeycon_init(&new); + + new->subnet_prefix_str = orig->subnet_prefix_str; + new->pkey_low = orig->pkey_low; + new->pkey_high = orig->pkey_high; + + if (orig->context_str) { + new->context_str = orig->context_str; + } else { + cil_context_init(&new->context); + cil_copy_fill_context(db, orig->context, new->context); + } + + *copy = new; + + return SEPOL_OK; +} + int cil_copy_portcon(struct cil_db *db, void *data, void **copy, __attribute__((unused)) symtab_t *symtab) { struct cil_portcon *orig = data; @@ -1916,6 +1939,9 @@ int __cil_copy_node_helper(struct cil_tree_node *orig, __attribute__((unused)) u case CIL_NODECON: copy_func = &cil_copy_nodecon; break; + case CIL_IBPKEYCON: + copy_func = &cil_copy_ibpkeycon; + break; case CIL_PORTCON: copy_func = &cil_copy_portcon; break; diff --git a/libsepol/cil/src/cil_copy_ast.h b/libsepol/cil/src/cil_copy_ast.h index 78c34b87..a50c3708 100644 --- a/libsepol/cil/src/cil_copy_ast.h +++ b/libsepol/cil/src/cil_copy_ast.h @@ -99,6 +99,7 @@ int cil_copy_netifcon(struct cil_db *db, void *data, void **copy, symtab_t *symt int cil_copy_genfscon(struct cil_db *db, void *data, void **copy, symtab_t *symtab); int cil_copy_filecon(struct cil_db *db, void *data, void **copy, symtab_t *symtab); int cil_copy_nodecon(struct cil_db *db, void *data, void **copy, symtab_t *symtab); +int cil_copy_ibpkeycon(struct cil_db *db, void *data, void **copy, symtab_t *symtab); int cil_copy_portcon(struct cil_db *db, void *data, void **copy, symtab_t *symtab); int cil_copy_pirqcon(struct cil_db *db, void *data, void **copy, symtab_t *symtab); int cil_copy_iomemcon(struct cil_db *db, void *data, void **copy, symtab_t *symtab); diff --git a/libsepol/cil/src/cil_flavor.h b/libsepol/cil/src/cil_flavor.h index c01f967a..4505b8bb 100644 --- a/libsepol/cil/src/cil_flavor.h +++ b/libsepol/cil/src/cil_flavor.h @@ -113,6 +113,7 @@ enum cil_flavor { CIL_HANDLEUNKNOWN, CIL_MLS, CIL_SRC_INFO, + CIL_IBPKEYCON, /* * boolean constraint set catset diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h index aee3f00c..2add97bb 100644 --- a/libsepol/cil/src/cil_internal.h +++ b/libsepol/cil/src/cil_internal.h @@ -203,6 +203,7 @@ char *CIL_KEY_VALIDATETRANS; char *CIL_KEY_MLSVALIDATETRANS; char *CIL_KEY_CONTEXT; char *CIL_KEY_FILECON; +char *CIL_KEY_IBPKEYCON; char *CIL_KEY_PORTCON; char *CIL_KEY_NODECON; char *CIL_KEY_GENFSCON; @@ -286,6 +287,7 @@ struct cil_db { struct cil_sort *genfscon; struct cil_sort *filecon; struct cil_sort *nodecon; + struct cil_sort *ibpkeycon; struct cil_sort *portcon; struct cil_sort *pirqcon; struct cil_sort *iomemcon; @@ -737,6 +739,14 @@ enum cil_protocol { CIL_PROTOCOL_DCCP }; +struct cil_ibpkeycon { + char *subnet_prefix_str; + uint32_t pkey_low; + uint32_t pkey_high; + char *context_str; + struct cil_context *context; +}; + struct cil_portcon { enum cil_protocol proto; uint32_t port_low; @@ -1007,6 +1017,7 @@ void cil_catset_init(struct cil_catset **catset); void cil_cats_init(struct cil_cats **cats); void cil_senscat_init(struct cil_senscat **senscat); void cil_filecon_init(struct cil_filecon **filecon); +void cil_ibpkeycon_init(struct cil_ibpkeycon **ibpkeycon); void cil_portcon_init(struct cil_portcon **portcon); void cil_nodecon_init(struct cil_nodecon **nodecon); void cil_genfscon_init(struct cil_genfscon **genfscon); diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c index 77179e63..35a0a29e 100644 --- a/libsepol/cil/src/cil_policy.c +++ b/libsepol/cil/src/cil_policy.c @@ -1714,6 +1714,21 @@ static void cil_genfscons_to_policy(FILE *out, struct cil_sort *genfscons, int m } } +static void cil_ibpkeycons_to_policy(FILE *out, struct cil_sort *ibpkeycons, int mls) +{ + uint32_t i = 0; + + for (i = 0; i < ibpkeycons->count; i++) { + struct cil_ibpkeycon *ibpkeycon = (struct cil_ibpkeycon *)ibpkeycons->array[i]; + + fprintf(out, "ibpkeycon %s ", ibpkeycon->subnet_prefix_str); + fprintf(out, "%d ", ibpkeycon->pkey_low); + fprintf(out, "%d ", ibpkeycon->pkey_high); + cil_context_to_policy(out, ibpkeycon->context, mls); + fprintf(out, "\n"); + } +} + static void cil_portcons_to_policy(FILE *out, struct cil_sort *portcons, int mls) { unsigned i; @@ -1942,6 +1957,7 @@ void cil_gen_policy(FILE *out, struct cil_db *db) cil_genfscons_to_policy(out, db->genfscon, db->mls); cil_portcons_to_policy(out, db->portcon, db->mls); cil_netifcons_to_policy(out, db->netifcon, db->mls); + cil_ibpkeycons_to_policy(out, db->ibpkeycon, db->mls); cil_nodecons_to_policy(out, db->nodecon, db->mls); cil_pirqcons_to_policy(out, db->pirqcon, db->mls); cil_iomemcons_to_policy(out, db->iomemcon, db->mls); diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c index 1941fab3..893860d5 100644 --- a/libsepol/cil/src/cil_post.c +++ b/libsepol/cil/src/cil_post.c @@ -154,6 +154,28 @@ int cil_post_filecon_compare(const void *a, const void *b) return rc; } +int cil_post_ibpkeycon_compare(const void *a, const void *b) +{ + int rc = SEPOL_ERR; + struct cil_ibpkeycon *aibpkeycon = *(struct cil_ibpkeycon **)a; + struct cil_ibpkeycon *bibpkeycon = *(struct cil_ibpkeycon **)b; + + rc = strcmp(aibpkeycon->subnet_prefix_str, bibpkeycon->subnet_prefix_str); + if (rc) + return rc; + + rc = (aibpkeycon->pkey_high - aibpkeycon->pkey_low) + - (bibpkeycon->pkey_high - bibpkeycon->pkey_low); + if (rc == 0) { + if (aibpkeycon->pkey_low < bibpkeycon->pkey_low) + rc = -1; + else if (bibpkeycon->pkey_low < aibpkeycon->pkey_low) + rc = 1; + } + + return rc; +} + int cil_post_portcon_compare(const void *a, const void *b) { int rc = SEPOL_ERR; @@ -401,6 +423,9 @@ static int __cil_post_db_count_helper(struct cil_tree_node *node, uint32_t *fini case CIL_NODECON: db->nodecon->count++; break; + case CIL_IBPKEYCON: + db->ibpkeycon->count++; + break; case CIL_PORTCON: db->portcon->count++; break; @@ -535,6 +560,17 @@ static int __cil_post_db_array_helper(struct cil_tree_node *node, uint32_t *fini sort->index++; break; } + case CIL_IBPKEYCON: { + struct cil_sort *sort = db->ibpkeycon; + uint32_t count = sort->count; + uint32_t i = sort->index; + + if (!sort->array) + sort->array = cil_malloc(sizeof(*sort->array) * count); + sort->array[i] = node->data; + sort->index++; + break; + } case CIL_PORTCON: { struct cil_sort *sort = db->portcon; uint32_t count = sort->count; @@ -1618,6 +1654,14 @@ static int __cil_post_db_cat_helper(struct cil_tree_node *node, uint32_t *finish } break; } + case CIL_IBPKEYCON: { + struct cil_ibpkeycon *ibpkeycon = node->data; + + rc = __evaluate_levelrange_expression(ibpkeycon->context->range, db); + if (rc != SEPOL_OK) + goto exit; + break; + } case CIL_PORTCON: { struct cil_portcon *portcon = node->data; rc = __evaluate_levelrange_expression(portcon->context->range, db); @@ -1977,6 +2021,7 @@ static int cil_post_db(struct cil_db *db) qsort(db->netifcon->array, db->netifcon->count, sizeof(db->netifcon->array), cil_post_netifcon_compare); qsort(db->genfscon->array, db->genfscon->count, sizeof(db->genfscon->array), cil_post_genfscon_compare); + qsort(db->ibpkeycon->array, db->ibpkeycon->count, sizeof(db->ibpkeycon->array), cil_post_ibpkeycon_compare); qsort(db->portcon->array, db->portcon->count, sizeof(db->portcon->array), cil_post_portcon_compare); qsort(db->nodecon->array, db->nodecon->count, sizeof(db->nodecon->array), cil_post_nodecon_compare); qsort(db->fsuse->array, db->fsuse->count, sizeof(db->fsuse->array), cil_post_fsuse_compare); diff --git a/libsepol/cil/src/cil_post.h b/libsepol/cil/src/cil_post.h index 74393ccf..fe7f3a58 100644 --- a/libsepol/cil/src/cil_post.h +++ b/libsepol/cil/src/cil_post.h @@ -38,6 +38,7 @@ struct fc_data { void cil_post_fc_fill_data(struct fc_data *fc, char *path); int cil_post_filecon_compare(const void *a, const void *b); +int cil_post_ibpkeycon_compare(const void *a, const void *b); int cil_post_portcon_compare(const void *a, const void *b); int cil_post_genfscon_compare(const void *a, const void *b); int cil_post_netifcon_compare(const void *a, const void *b); diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c index 676e156e..fc23a2c8 100644 --- a/libsepol/cil/src/cil_reset_ast.c +++ b/libsepol/cil/src/cil_reset_ast.c @@ -288,6 +288,12 @@ static void cil_reset_filecon(struct cil_filecon *filecon) } } +static void cil_reset_ibpkeycon(struct cil_ibpkeycon *ibpkeycon) +{ + if (!ibpkeycon->context) + cil_reset_context(ibpkeycon->context); +} + static void cil_reset_portcon(struct cil_portcon *portcon) { if (portcon->context_str == NULL) { @@ -489,6 +495,9 @@ int __cil_reset_node(struct cil_tree_node *node, __attribute__((unused)) uint32 case CIL_FILECON: cil_reset_filecon(node->data); break; + case CIL_IBPKEYCON: + cil_reset_ibpkeycon(node->data); + break; case CIL_PORTCON: cil_reset_portcon(node->data); break; diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c index 8925b271..9e3cb2b5 100644 --- a/libsepol/cil/src/cil_resolve_ast.c +++ b/libsepol/cil/src/cil_resolve_ast.c @@ -1923,6 +1923,30 @@ int cil_resolve_filecon(struct cil_tree_node *current, void *extra_args) return SEPOL_OK; } +int cil_resolve_ibpkeycon(struct cil_tree_node *current, void *extra_args) +{ + struct cil_ibpkeycon *ibpkeycon = current->data; + struct cil_symtab_datum *context_datum = NULL; + int rc = SEPOL_ERR; + + if (ibpkeycon->context_str) { + rc = cil_resolve_name(current, ibpkeycon->context_str, CIL_SYM_CONTEXTS, extra_args, &context_datum); + if (rc != SEPOL_OK) + goto exit; + + ibpkeycon->context = (struct cil_context *)context_datum; + } else { + rc = cil_resolve_context(current, ibpkeycon->context, extra_args); + if (rc != SEPOL_OK) + goto exit; + } + + return SEPOL_OK; + +exit: + return rc; +} + int cil_resolve_portcon(struct cil_tree_node *current, void *extra_args) { struct cil_portcon *portcon = current->data; @@ -3567,6 +3591,9 @@ int __cil_resolve_ast_node(struct cil_tree_node *node, void *extra_args) case CIL_FILECON: rc = cil_resolve_filecon(node, args); break; + case CIL_IBPKEYCON: + rc = cil_resolve_ibpkeycon(node, args); + break; case CIL_PORTCON: rc = cil_resolve_portcon(node, args); break; diff --git a/libsepol/cil/src/cil_resolve_ast.h b/libsepol/cil/src/cil_resolve_ast.h index 1175f974..0506a3de 100644 --- a/libsepol/cil/src/cil_resolve_ast.h +++ b/libsepol/cil/src/cil_resolve_ast.h @@ -74,6 +74,7 @@ int cil_resolve_constrain(struct cil_tree_node *current, void *extra_args); int cil_resolve_validatetrans(struct cil_tree_node *current, void *extra_args); int cil_resolve_context(struct cil_tree_node *current, struct cil_context *context, void *extra_args); int cil_resolve_filecon(struct cil_tree_node *current, void *extra_args); +int cil_resolve_ibpkeycon(struct cil_tree_node *current, void *extra_args); int cil_resolve_portcon(struct cil_tree_node *current, void *extra_args); int cil_resolve_genfscon(struct cil_tree_node *current, void *extra_args); int cil_resolve_nodecon(struct cil_tree_node *current, void *extra_args); diff --git a/libsepol/cil/src/cil_tree.c b/libsepol/cil/src/cil_tree.c index 2cc2744a..89706d0f 100644 --- a/libsepol/cil/src/cil_tree.c +++ b/libsepol/cil/src/cil_tree.c @@ -1,6 +1,6 @@ /* * Copyright 2011 Tresys Technology, LLC. All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * @@ -1409,6 +1409,20 @@ void cil_tree_print_node(struct cil_tree_node *node) return; } + case CIL_IBPKEYCON: { + struct cil_ibpkeycon *ibpkeycon = node->data; + + cil_log(CIL_INFO, "IBPKEYCON: %s", ibpkeycon->subnet_prefix_str); + cil_log(CIL_INFO, " (%d %d) ", ibpkeycon->pkey_low, ibpkeycon->pkey_high); + + if (ibpkeycon->context) + cil_tree_print_context(ibpkeycon->context); + else if (ibpkeycon->context_str) + cil_log(CIL_INFO, " %s", ibpkeycon->context_str); + + cil_log(CIL_INFO, "\n"); + return; + } case CIL_PORTCON: { struct cil_portcon *portcon = node->data; cil_log(CIL_INFO, "PORTCON:"); diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c index 47dcfaa2..108da33d 100644 --- a/libsepol/cil/src/cil_verify.c +++ b/libsepol/cil/src/cil_verify.c @@ -1080,6 +1080,26 @@ exit: return rc; } +int __cil_verify_ibpkeycon(struct cil_db *db, struct cil_tree_node *node) +{ + int rc = SEPOL_ERR; + struct cil_ibpkeycon *pkey = node->data; + struct cil_context *ctx = pkey->context; + + /* Verify only when anonymous */ + if (!ctx->datum.name) { + rc = __cil_verify_context(db, ctx); + if (rc != SEPOL_OK) + goto exit; + } + + return SEPOL_OK; + +exit: + cil_tree_log(node, CIL_ERR, "Invalid ibpkeycon"); + return rc; +} + int __cil_verify_portcon(struct cil_db *db, struct cil_tree_node *node) { int rc = SEPOL_ERR; @@ -1452,6 +1472,9 @@ int __cil_verify_helper(struct cil_tree_node *node, uint32_t *finished, void *ex case CIL_NODECON: rc = __cil_verify_nodecon(db, node); break; + case CIL_IBPKEYCON: + rc = __cil_verify_ibpkeycon(db, node); + break; case CIL_PORTCON: rc = __cil_verify_portcon(db, node); break;