From patchwork Mon May 22 13:08:24 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Jurgens X-Patchwork-Id: 9740263 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3950C601C2 for ; Mon, 22 May 2017 13:11:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 28FB92846A for ; Mon, 22 May 2017 13:11:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1D6E52870C; Mon, 22 May 2017 13:11:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7EA182846A for ; Mon, 22 May 2017 13:11:09 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.38,377,1491264000"; d="scan'208";a="7297816" IronPort-PHdr: =?us-ascii?q?9a23=3AmqoXdREHv+4tXkSGwzMCfJ1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ79psm/bnLW6fgltlLVR4KTs6sC0LuJ9fq/EjJaqb+681k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRo?= =?us-ascii?q?LerpBIHSk9631+ev8JHPfglEnjSwbLdwIRmsswnctMYajIp8Jq0s1hbHv3xEdv?= =?us-ascii?q?hMy2h1P1yThRH85smx/J5n7Stdvu8q+tBDX6vnYak2VKRUAzs6PW874s3rrgTD?= =?us-ascii?q?QhCU5nQASGUWkwFHDBbD4RrnQ5r+qCr6tu562CmHIc37SK0/VDq+46t3ThLjlS?= =?us-ascii?q?kINyQ98GrKlMJ+iqxVqw+lqxBm3oLYfISZOfxjda3fYNwaX3JMUMZPWSJcDI2y?= =?us-ascii?q?bIwBAOgPPeZArYTxulUDogWlBQS3GO/j1iVFimPs0KEmz+gsFxzN0gw6H9IJtX?= =?us-ascii?q?TZtNv7O70UUeuoyKfI0C/Db/xI1jf784jDbxcsruyWUrJ2cMre100vFwHeg1WV?= =?us-ascii?q?t4PlOzeV2f4Ls2ic4OtsT/6gi2kiqwxopDWk28kiio7Mho0Py1DE8z10wIMvKt?= =?us-ascii?q?2gUkJ7YNikHZ1NvC+ZL4t7Wt4uTm5ntSogyrAKpIS3cDYFxZg53RLTduSLf5WM?= =?us-ascii?q?7x/tTuqcLjV1iGh4dL++hxu+61WsxvP4W8SyzV1EtDBKksPWuXAIzxHT78+HRe?= =?us-ascii?q?Zj8Uq5wjaP0hzT6vlDIUApiarXM54hzaA0lpoUqUnDAjX5mF/3jK+LbUUo4PSo?= =?us-ascii?q?6uT7bbXmoZ+QLYl0hR3lMqsygMC/BOU4MgwWU2ia/+SzyqHj8FXkTLhFgfA6iK?= =?us-ascii?q?nUvI3AKcgFqaO1HRVZ3ps75xa6FTim0dAYnXcdLFJCfRKKl5PpNE/KIPD5C/e/?= =?us-ascii?q?nlutnC5wyPDBI73hBInCIWbYkLr6YbZ861JTyAo0zdxF4ZJUEasOLOj8Wk/2qt?= =?us-ascii?q?zUFgU5PBCsw+b7FNV90ZsTWWCIAq+fKqzSrV+I6fgpI+SXZo8VvzD9K/0/6P71?= =?us-ascii?q?kX82h0UdfbKz0ZsQcnC4EexsI1+Fbnr0ntcBDWAKsxI8TOzoklKNTT1TZ221X6?= =?us-ascii?q?I65zE7FpmrDYnHRoCwj72Oxzq7HptKZmBbEFyMFm3od4qcUfcWdC2SOtNhkiAD?= =?us-ascii?q?VbW5U48uywqhuxH8y7pmMurU/TYVtZP929dr+eLfjxYy9SZ7D86FyWGCU3l0nn?= =?us-ascii?q?8URz8xxK1wvEt9ylGF0adlnfNYEd1T6uhTXQgkL57cyPZ2C9foWgLOZt2JUkqp?= =?us-ascii?q?Qs26ATEtSdI828IBY1pnFNW4lR3Mwy2qA7oJmLORH5w07rjQ337vKMZh03zGzr?= =?us-ascii?q?Uuj0E6QstTMm2rnq9/9w7PB4HXl0WWiaOqeroA3C7X9GaO1m2OvFlGXw52VKXK?= =?us-ascii?q?R3EfZk/NotT+6ULOVbiuCa4oMgFZ086NNrNKasH1jVVBXPriONXfY2W3m2qrAB?= =?us-ascii?q?aIwqqAbIvse2kH2iXSElIEkwMS/XaYKwcyHCGhrHzCDDZ2D1Lgf1vs8fViqHO8?= =?us-ascii?q?VkI71BqFY0pl17q04R4VmeecR+kI3r0apCgtsS50E0i539LXDdqAugVgcb5Abt?= =?us-ascii?q?I9+ldHyHnZuxZzP5O6M6BinVkecwJts0PpzRV3BZ1KkdI2o3My0ApyNaWY3Utf?= =?us-ascii?q?eDOAx5/wILzXKnLp8RC3caHWwFDe0M2O+qcL8vs3t0vssBuuFko4/HVty8NV3G?= =?us-ascii?q?eE5pXWEAoSVor8U0g29xh+orHVfDM96pja1XJyLKa0tSXC1MgxBOs/zRagfclQ?= =?us-ascii?q?P7+YFAPoFM0aHceuIvQwm1e1dhIEIPxS9KksMsOobfuJwqirM/phnDK9lmlH5Z?= =?us-ascii?q?h90kOV+ypnRO/IxIwJw/aC3guITz38lkuustjrmYBYYjEfBmm/xjLnBI5We61/?= =?us-ascii?q?ZoULBn2tI82w29VynZntW2RX9FS7HVMJxNepeQaOb1z6xQBfz1kYoWammSSm1T?= =?us-ascii?q?x5iCsmobaa3CDUxOTibhUHMHZRRGZ+lVfsPZS0j9cCUUe0dQcpkAWq5V3mx6lb?= =?us-ascii?q?o6RyNHLTTltJfyfoKWFiTqqwuaCYb85J9pworT1dUP6gblCCVr79vxwa3jv4H2?= =?us-ascii?q?tQ3jA7cCqquonikhxhjmKdK3hyrH/DdsF23xvf4sLTReJJ1DocWCZ4kSXXBkS7?= =?us-ascii?q?P9Sx89SbjZPDsvygWGK7TZ1eajfrwp2atCSg+G1qBAezn/epmt3oCQI6yzP018?= =?us-ascii?q?F2VSXUqxbxepXr2LmnPuJmZEZoAETx5NZ9GoF7joQ/nooQ2WQAipWT43UHjX/5?= =?us-ascii?q?Mc9H1qLmcHoNWTkLzsbL4AjkxEJjMnWJx5jjWnqBwsthYN+6YmwN1yI57sBKDr?= =?us-ascii?q?2b7KZDnSdvpVq4tw3Ra+BnnjgB0fsu9GIag+YRtQopzyWdGawSEVBDPSPykxSI?= =?us-ascii?q?7ta+rLhYZWu0ariwzEt+ndagDL6euQFQQnD5dYk+HSVo9MVwLErM0GHv6oHjYN?= =?us-ascii?q?TQd9UTthmQkxjelehaNJUxl/QRiCp8JGLyoWYlx/Q8jRx00pGwpJKHJHl1/KKl?= =?us-ascii?q?Hh5YMSX4Z9sJ9THwiaZShNyZ05q0EZVmHjULQJzoTfSzHTIXqfjnMQGOHyEmpn?= =?us-ascii?q?edB7XfAReV6F16oHLXD5CrK3aXKWEazdp8QhmdP1dSgAMKUzU8hZ45EB6lxND7?= =?us-ascii?q?fEd+/DAR6UbyqgFQxeJwKxn/TmDfqR+wajguVZifKARZ7hlY6EfTLcyR8PhzEj?= =?us-ascii?q?pF/p26sgONMHebax5TDWEOR0yEHUzsMaeg5dnH6eiYCfSxI+HIYbqQtexUT+2I?= =?us-ascii?q?yo630ot64zaMMd2CPmdkD/ImwUdDQ3Z5FNnZmzkVTSwYiT7NZdaBpBig4i13st?= =?us-ascii?q?y/8PPzVQL3/4SPFr9SPM5z9BC3naeCN/echChjJjZezJ8MwmXIyLcH1l4Ily5u?= =?us-ascii?q?byWtEagHtSPVT6LRmqtXAAAAZiN2M8tI4aw80RdROc7HitP10bt4geAvB1dDS1?= =?us-ascii?q?PhhtmjZdYWLGGlKFPHGEGLOayIJTLRxcH3faS8SbhLgeVaqRK/pDGbE1X5MTSb?= =?us-ascii?q?jTnpUBKvPv9QgyGHJhBev5u9chl1A2j5UN3mcgG7MMNwjTAu2704nH3LOXQZMT?= =?us-ascii?q?dmd0NNqb2R4DhCjfpjHmxN9H1lLfOLmyyB9enXNo4Wsed3AiRzj+9a7m46xKVI?= =?us-ascii?q?4yFfXvN1njfSrtl1o1y9iOaA1j9nXABJqjZRi4KBpV9iNrnB9plcRXbE+woA7W?= =?us-ascii?q?OKCxsQv9tlEsbiu65RytjVj6LzNDlC89PS/cQGAcjbNMOHP2AlMRbzHz7UFgQF?= =?us-ascii?q?RyaxNW7Dn0xdjO2S9nqNo5cnsZjjhoABSrBBVFMvCPMXEV9lE8YBIJdqRDMri6?= =?us-ascii?q?SXjMoV5Xq4thbRXtxWvozAVvKRAfTvLyyVjb9aaBsU2bn4N5gcNpXn20x+bVl3?= =?us-ascii?q?hILKG0vUXdBJvCJhdRQ5r19T/3hkSW0/wUXlahmi4HULD/67ggY2ihdiYeQq7D?= =?us-ascii?q?rj+FY3JlXNpCs2i0Q+hMvqjiuQcDHrKqe8R4ZWCzD7t0IpKJP0Xx51bRGunUxj?= =?us-ascii?q?LDrLXb1RgKF+dW91kwLcvoNPFuBaTa1BehAQxPWXaO4v0VVTsCmnwlVH5eTdA5?= =?us-ascii?q?t4iAQqaYKsr25H2w97cN41IqnQKLBTzlhXh6OBoCmo2fsrwA8ZOUkN83ifdzIP?= =?us-ascii?q?uEwNKrYpPTGo/vB25QyEhTRDZHAGV+A2rfJy6kM9J+OAwjrm07FdME+xM/eSL6?= =?us-ascii?q?Ceu2jbic6HWFUw1lgLl0lE57R219ksc1aMXUA10LSRDwgJNdbFKQxNdcpd6mPT?= =?us-ascii?q?cjiUvuXX3Z11P56wGfvpTe+UqakUhUykHB4zH4sS7sUNBJ+s31/ELc3/Nr4K1Q?= =?us-ascii?q?0t5Bj3JFWCFPlGZQiEkCkGo86i1596xpNSJisHAWV6PyS3/ajYqRM3gPqZXdc2?= =?us-ascii?q?fncbUpECNn0oRM2wgzRZsGhYDDmrzuIZzxCP7zv7piTKEjb8adtiZPCPaBNjDt?= =?us-ascii?q?G25C8z86+siV7Y6p/ePX31Ncx+ut/T7uMXv42HBO1QTbl8tUfchoZZSme2XG7I?= =?us-ascii?q?FN66O4L/a5IwbdDuDHa1TEC/gSovT8jtJNatMrSIgQbwSIlJrIab2TcjNcmhFj?= =?us-ascii?q?0DABpwuf8M5Lh9ZQwCZJo7ZwTktwIgOKyjOA2YyMmhQ36xKTtKSPlS1ea6Z6ZX?= =?us-ascii?q?ziU2aO+61HsgQ4o1z+mw6U4CWIsGjhfAyva/f4NeSzT8GmRBewXToio0j3RhNu?= =?us-ascii?q?c3wuc43BPIsVkdPiuWe+xoaG1LpcozCUmUIXpoFmoyX0Wcgpbb4g6ww7AS+DNQ?= =?us-ascii?q?n9lO0eJftnj+ooTSYDOrWK2lr5XVryogYsYno613LYzsPNGGuInYnjPBUJnaqh?= =?us-ascii?q?eFXzKiF/pGhthQJzpVT+NMmWEkJcMJp5JO6U8xV8c4ILxPDrMjq6uxZjplFyES?= =?us-ascii?q?yzYVV42d3DAYhOezxafanA+KcJs+KBwErIlCgtwFXiFtfCweorSuWJ/LmG+aVG?= =?us-ascii?q?cLOhwT4h5W5AMAjINwefrl4IXQRp9W1zFWu+50UjfMFpRw7Vv7TGCWjkT4SPWm?= =?us-ascii?q?l+ypxhpcwuvx3NcBRBNxDlNQyPpRlkstNL54MbIQvpLQvj+Oa0z6oHrnyPG6K1?= =?us-ascii?q?lJ1c3Ua1r4AZLZumr+SCIT5WYZSpNIyHHbEZQSkhR2aLw3pFpSPI+melzy5zs+?= =?us-ascii?q?x4RmB7O4T9ykx045rXYaQCenC8BBBPt8sFLQQzJoeIyrqI//NJVMXGBQ/Jydq1?= =?us-ascii?q?FWkEVpMi65xppcK91D4jEWRjhPpC+RvN2sR81fwcV2FYMDIs9ju3fhH6NJIJaQ?= =?us-ascii?q?r2cqtbzvy3/Z/jE8v025xDioGq+3UfxW8HMEFgUuPWSepVElD/Ew/WfK7lDNrl?= =?us-ascii?q?d08v9DBriIiUV+uix9H55JBjZN23CoNFFzTH5Bs+VBNqvab9ZcQ/4pZR+0Ohw+?= =?us-ascii?q?E/Em01aO/UFuknfzezZyuRdC+yDBQwk0UjEYja33mT0DrMGrIzwaRolJbTUgbi?= =?us-ascii?q?fFNxmUlTpRvBlBd0FgQ4oZDcpd+7EHwYtU+dLPSVqrKSEARxFiKh400f9EmkJZ?= =?us-ascii?q?tkWXZzzdBxKydfnTqh13YduRrMmxIfT55ghHkJnosOQl+KgYWnKphxWtQcjAoI?= =?us-ascii?q?/4qNKKrFGCdKDiM+2zeXXBViTDjQishbc4CJnH5yrTMA1FJJRh1HUrf4PhBnDR?= =?us-ascii?q?PRRaOa0UOlBXVaZkZtVauupafdNreL4V+a9xARKKXgjgGIKzo/VaLFvfWDrTIj?= =?us-ascii?q?6d/ey4pILc8abSSfP8ZsCWwXbIXb53NI9g6TbnA7fqzZNe+k3u1/d36Ex1VFjG?= =?us-ascii?q?PDqdrNn6IgML49eieVX8spI1GjPZHYl/nGDrxk5ea8odWzeq/4gAyJNF9HbwTv?= =?us-ascii?q?p10lDosO1O7bZr9JU37qtyycezOKfSM+hVvlFhAhiIHAVl7JEtDHJ4R2BLbe8b?= =?us-ascii?q?MO3RcrgBjcDyt+D3ELQa6AGP++NHd9TIOlrMmtS7CjGAUxxLhhkBqT8dLguYyf?= =?us-ascii?q?GFh7V4ScG/pej2wkgt+USxLgYazLBx4oeJ4q+Iq/XTbxvV07cERrTqSdnpobk3?= =?us-ascii?q?vUOd++EklKUSdWNvew2oDvIRVsgDyWf81aoq1z4jE9vfH7L8//5OT3A5kSj6m5?= =?us-ascii?q?B6BFUWHukbHaSQ8IRbg2c4n/DZNtwKfaBDgGmPEwWkHqUFyX6x5CudOHNljQ3W?= =?us-ascii?q?0xHsXWOz60f7rS1iTivKwdfjiE1VWaSpCkpJQyqmI0l4sCiIPAbystr4p7g15l?= =?us-ascii?q?ksMmP4rNKNiHehOLRPEs3wOdycIC00pFYJg500XdGgxJ4UFsG8INgL9nFydPze?= =?us-ascii?q?63mkkyVZuadIm5Le4t2J+vXQBXSgiamapq6MxDBez3g0p1A/6tauNvHU/dKKWO?= =?us-ascii?q?io13wMTyhjpwvBQgS1paLBo1ATI0yL31/BmJYWMdFBwXk4ykbm6fAmQNI08gVe?= =?us-ascii?q?ConAaO0ZqDD2OTv721CfbMwrViiQ1DtXBFH1EUJiFKg6xm3woNrDlW3M9F0wWo?= =?us-ascii?q?lwa0vniARtD4olNE0g81cXwi8MEAQXbxCUEq2oD1z/LYQYTUgDdQiH3L+id6cz?= =?us-ascii?q?xk1zx7Oi6fTdbeNiGqUNMexdgRSWnFhBHZIWs7MRT65ge1NH867XvAfiAZD9X/?= =?us-ascii?q?f6jXowKeG1QsdC/MACrXQi/BywRxW+5pdY9Lsbk4qHdrBebpjDos989F1r5TgR?= =?us-ascii?q?eSxRmBJ/lQ+2UfgApOD/5djWqJio6uerVKs2QuUY6Rg1CHpkj5vxhlAjrsvb1+?= =?us-ascii?q?FCRY3JkY7/6hxCI2aWuIbG1BlxMesOKoOxc7l663oKPDMeKGwSPdWId/Yw+Sht?= =?us-ascii?q?MC/c51ZaGMMDecsYPNbRmQBTkkDmQ7BT9tHVG1CCCYdzdtwo73LtxzAo9ZsxSf?= =?us-ascii?q?rv6DirKp/B9V5NIulDjCJ2lN3YvuQVxuDSCCcP63mDdxd12j+Cy4WKC/vo5eWD?= =?us-ascii?q?0s3UWE8GHi84VIddPjmC9RW8RuWrkJXpUwWU6tL8gZ8lbEKfXGCxk7gFsqdCFu?= =?us-ascii?q?5AkCb70iJdFo/rnfKVtcSj6G9Nul1ACoZz4gXPGL9DMZVjJRT4is6rS1BgBivl?= =?us-ascii?q?Zs7UcgAhuOyIyeoX/up+NkT+ZY4HIh0e0LL182BVThZ0RL7woFmZQfobZMF6R/?= =?us-ascii?q?PcsnBV9YVgJrcAPFeHvpzlsCtIqFAtDQ8tab8wsiJVdknUkw1IQKb4orgAhRUA?= =?us-ascii?q?UdRho09DBXqwOH4i5zrATalVg7eeCPoJ8jWUSawCVF5oPT16QxO03pVuZrSokO?= =?us-ascii?q?tDsmxYhCN8oOIl3yZgRBSipS3mv7gN1i44+LGkqDUBvmRITuOfkyjUDlVDyO4F?= =?us-ascii?q?jbwGB3bj7ly8Z2IDbJDp7bliKsnh+pMt43MlYRUsZycGR/ivCznsj6OUBYyCqN?= =?us-ascii?q?1ciwKWuMXVdLO9MCccOLI8yRLlWnh83RPTnBlt8GQRRDWv8sUoJIKnOcYq3iCo?= =?us-ascii?q?A3TUdE4Q4qNVt8v8rVwLTOw2aVNn2mlszsiHRikQRMPSGmc1jw4kaX5HcJJC8h?= =?us-ascii?q?IaCagogiiSsalC4w4UYS3YEoK79YnMhc3Iw2UyTc92xmLKoa2InpIq0GN/lNNy?= =?us-ascii?q?9SOOvGkSePHZU89rGXj/zIBfyfbxZ/+1qOAIVJNmyKi9UP8FKsSj+3W52JtkWk?= =?us-ascii?q?+h3bkfEUC2MOkdybfHSSulT3OXWfiTeWiWgzk5KlLy5QWvLlAvZ8dKq0g9M+Xc?= =?us-ascii?q?iZ5Ykw3sSqh0RiKWpV/a0GMvK+UaeBwquI2/YQwFUPYRZ/SAJegp2PA+ClsMbn?= =?us-ascii?q?/RHStxD++2sEKtk5ZgNnVl4EX6ff7t/R78PNuVABkEHpbQroRt9vyiWmKBJXhg?= =?us-ascii?q?wQVuPEl18ufSDEgxtu5AfJaSg9fQg8530egbePdxKSc9oMIcmpp/6YmI18eHaR?= =?us-ascii?q?TRzpfxJdHWpfiVGP/fwF4pemFdVLoWfwX16588PtEnR73ZBaFZsggEBagmXJwh?= =?us-ascii?q?MH/8+7pqIwN1bg7cf6+0gs3tpuKXeptUuWHZ4U8qICfboR0DxeS+TRZnYJCym3?= =?us-ascii?q?XyPJcwSypPr9JzDhtmHZNPFN0bogumAp6UnaS7hMGr+0N+peAGq63wCurF1N6h?= =?us-ascii?q?xYV+Q4Ba5VCXPDbWHKRqjFxljv6zgvjczJb8EsbiedIYVOhhXGHJcLjGHp+wKj?= =?us-ascii?q?iWIMLzZ1ZG86KA0LJ+ShiRYyT5ULSduS28MPVr+147ypB5fOXP0Dwt9a/U18Xo?= =?us-ascii?q?a2FduCijsWaDNIFD41zSGezeQxVUROKB8GZkG60XcIT1+P4KMdwj29ic/xJz4S?= =?us-ascii?q?9D0MSfJaihqVXA2kVhdZLUNEHpwTo2WZEWIBSjNkshmXTZpWrZAXRdKMikNMZs?= =?us-ascii?q?jNGaABzx50l+h3staXBZGmXyXtqROnYU29i4ZAKU8AJEFMsDn+GtdU4/rK2yRv?= =?us-ascii?q?FiOo9ZluWyqLUHjdFpJjnKRMdAIy7QLL52PjxWDujUulgoYxgEvKYxWoc0Y5iO?= =?us-ascii?q?PUwGPF2HySPowgvIyVf0eMC01KaVPCYW9W1Kz7Df3jhPoAm2ou2UgtDlULDFbJ?= =?us-ascii?q?H2W+PSMCUlVjGGXzgyF1im+Uu8sfoeoPWYOXsfokwTYi+KBw4cvLtgrcLRDmDN?= =?us-ascii?q?ne1uZ4MKhPSAVCDrSS14ibA+BiBVukCQW/ADDxXZb2f9gGpAvwyvPv1M/Xfib7?= =?us-ascii?q?2C3KpVWvcWD5BKcvKDRtvXZ/FeKy0vljUDN+a2Z8fcoKoh0lLUUWsZFLHF9EaQ?= =?us-ascii?q?TE6TXvORxjHmUJ4Lv4cqoCoo+9PRnihxE6jSObaQuSKuocaEi3ODtOnfUHQ9S1?= =?us-ascii?q?Aki+IFRm+ayV9PL39XJcsSvRTBS6jIRVtW238vkqo61xYKeQl3UFVr33lSlfC6?= =?us-ascii?q?CotSTltC3zDme+EPcF0iVGB4xkSN+ACnJIVYtA=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2FSQAC+4iJZ/wHyM5BcGwEBAQMBAQEJAQEBFgEBAQMBAQE?= =?us-ascii?q?JAQEBgwEpYoEMjnqQfYIMAZEQhF0sA4JKiUlXAQEBAQEBAQECAQJoBSOCMyQsV?= =?us-ascii?q?AEBAQEBAQEBAUwxPAYBAiRVAwkBARcIKQgDAVMZBRaIOYFQBLFmOiYCixmIPY1?= =?us-ascii?q?wBZAogQGMbYcdgzWIT4JYiEOGU5RIWIEKTyIVhG0LAQEBPwMcgWZzhm8rghABA?= =?us-ascii?q?QE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 22 May 2017 13:11:03 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v4MDB2Uj013273; Mon, 22 May 2017 09:11:02 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v4MD8q0E141677 for ; Mon, 22 May 2017 09:08:52 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v4MD8oLc011891 for ; Mon, 22 May 2017 09:08:52 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1B2AgAX4iJZf4GlL8FcHAEBBAEBCgEBgyyBC4EMjnqQfZgFJIJKgzYChmgBAgEBAQEBAhMBASFdhRkDAydSEBgIMVcZG4g5gVSxYjqLDwExiD2NcAWQKIEBjG2HHYM1iE+CWI8WlEhWgQtPIhWFOgMcgWY9NoZvK4IQAQEB X-IPAS-Result: A1B2AgAX4iJZf4GlL8FcHAEBBAEBCgEBgyyBC4EMjnqQfZgFJIJKgzYChmgBAgEBAQEBAhMBASFdhRkDAydSEBgIMVcZG4g5gVSxYjqLDwExiD2NcAWQKIEBjG2HHYM1iE+CWI8WlEhWgQtPIhWFOgMcgWY9NoZvK4IQAQEB X-IronPort-AV: E=Sophos;i="5.38,377,1491278400"; d="scan'208";a="6061034" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 22 May 2017 09:08:51 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AR6lfzhYlXdM4Q4f2SWP9nSL/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZoMm+bnLW6fgltlLVR4KTs6sC0LuJ9fq/EjFRqb+681k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRo?= =?us-ascii?q?LerpBIHSk9631+ev8JHPfglEnjSwbLdwIRmsswnctMYajItmJ60s1hbHv3xEdv?= =?us-ascii?q?hMy2h1P1yThRH85smx/J5n7Stdvu8q+tBDX6vnYak2VKRUAzs6PW874s3rrgTD?= =?us-ascii?q?QhCU5nQASGUWkwFHDBbD4RrnQ5r+qCr6tu562CmHIc37SK0/VDq+46t3ThLjlT?= =?us-ascii?q?wKPCAl/m7JlsNwjbpboBO/qBx5347Ue5yeOP5ncq/AYd8WWW9NU8BMXCJDH4y8?= =?us-ascii?q?dZMCAeofM+hFoYfzpFwAohmwBQS3GO/j1iVFimPs0KEmz+gsFxzN0gw6H9IJtX?= =?us-ascii?q?TZtNv7O70UUeuoyKfI0C/Db/xI1jf784jDbxcsruyWUrJ2cMre100vFwHeg1WV?= =?us-ascii?q?t4PlOzeV2f4Ls2ic4OtsT/6gi2kiqwxopDWk28kiio7Mho0Py1DE8z10wIMvKt?= =?us-ascii?q?2gUkJ7YNikHZ1NvC+ZL4t7Wt4uTmVmtSogxbALu4S3cDULxZkn3RLTduKLfoyO?= =?us-ascii?q?7xn+TuieOy14i2hgeL+nhxa970ygyurkW8mxzllKqi5FncPKtnAK2B3f8NSISv?= =?us-ascii?q?xn8keg3TaDzwHT6udaLkAojafXNposz7Aqmpccs0nPBDL6lUT2gaOMa0ko5Oyl?= =?us-ascii?q?5/ziYrr8p5+cM4F0ihv5MqQrgsGwHP43Mg4PX2eF/eS81qbu/UjnT7VOiv05iK?= =?us-ascii?q?/ZsJfVJMgBuqG5BApV3p456xmjFzemzMgYnX4fIVJeZh2Hi4npO1fTIPH3Fvq/?= =?us-ascii?q?n1Stnytrx/DBJLHhBI7NIWLZnLfuerZ99R0U9A1m1t1b5pRJGpkdMfnzXQn3r9?= =?us-ascii?q?WeARgnYCKuxOOyJNx7nqEDQ22CBLTRZK/bt16F4uAHJuSIYIYTvya7IP8gsa29?= =?us-ascii?q?xUQlkEMQKPH6laAcb2q1S7E/ex2U?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0FjMgCO4SJZf4GlL8FcHAEBBAEBCgEBF?= =?us-ascii?q?wEBBAEBCgEBgwGBC4EMjnqQfYINkRCEaCSCSoM2AoZoAQEBAQEBAQECAQIQAQE?= =?us-ascii?q?hXYIzJAErVAEBAQEBAQEBAUwxPAMDJ1IQGAgxVxkbiDmBVLFgOosPATGIPY1wB?= =?us-ascii?q?ZAogQGMbYcdgzWIT4JYjxaUSFaBDE8iFYU6AxyBZj02hm8rghABAQE?= X-IPAS-Result: =?us-ascii?q?A0FjMgCO4SJZf4GlL8FcHAEBBAEBCgEBFwEBBAEBCgEBgwG?= =?us-ascii?q?BC4EMjnqQfYINkRCEaCSCSoM2AoZoAQEBAQEBAQECAQIQAQEhXYIzJAErVAEBA?= =?us-ascii?q?QEBAQEBAUwxPAMDJ1IQGAgxVxkbiDmBVLFgOosPATGIPY1wBZAogQGMbYcdgzW?= =?us-ascii?q?IT4JYjxaUSFaBDE8iFYU6AxyBZj02hm8rghABAQE?= X-IronPort-AV: E=Sophos;i="5.38,377,1491264000"; d="scan'208";a="5980535" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from mail-il-dmz.mellanox.com (HELO mellanox.co.il) ([193.47.165.129]) by emsm-gh1-uea11.nsa.gov with ESMTP; 22 May 2017 13:08:49 +0000 Received: from Internal Mail-Server by MTLPINE1 (envelope-from danielj@mellanox.com) with ESMTPS (AES256-SHA encrypted); 22 May 2017 16:08:46 +0300 Received: from x-vnc01.mtx.labs.mlnx. (x-vnc01.mtx.labs.mlnx [10.12.150.16]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id v4MD8f0o017562; Mon, 22 May 2017 16:08:45 +0300 From: Dan Jurgens To: selinux@tycho.nsa.gov Subject: [PATCH v3 2/9] libsepol: Add ibpkey ocontext handling Date: Mon, 22 May 2017 16:08:24 +0300 Message-Id: <1495458511-46724-3-git-send-email-danielj@mellanox.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1495458511-46724-1-git-send-email-danielj@mellanox.com> References: <1495458511-46724-1-git-send-email-danielj@mellanox.com> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Daniel Jurgens Add support for reading, writing, and copying Infiniband Pkey ocontext data. Also add support for querying a Pkey sid to checkpolicy. Signed-off-by: Daniel Jurgens --- v1: Stephen Smalley: - Removed domain and type params from sepol_ibpkey_sid. - Removed splen param from sepol_ibpkey_sid, it never varied. - Removed extra XPERMS_IOCTL version from policydb_compat_info. - Confirm that low order bytes of IPv6 addr for subnet prefix is 0's. James Carter: - Added ibpkey handling to kernel_to_cil.c and kernel_to_conf.c v2: Stephen Smalley: - Store subnet prefix as 8 bytes. This mooted a couple other comments about checking and forcing 0's in the lower 8 bytes. - Bounds check PKeys values in ocontext_read_selinux. James Carter: - Add sorting of pkey ocontexts in kernel_to_common.c --- checkpolicy/checkpolicy.c | 27 +++++++++++++ libsepol/include/sepol/policydb/services.h | 8 ++++ libsepol/src/expand.c | 7 ++++ libsepol/src/kernel_to_cil.c | 62 +++++++++++++++++++++++++++++ libsepol/src/kernel_to_common.c | 19 +++++++++ libsepol/src/kernel_to_conf.c | 63 ++++++++++++++++++++++++++++++ libsepol/src/libsepol.map.in | 1 + libsepol/src/module_to_cil.c | 41 +++++++++++++++++++ libsepol/src/policydb.c | 37 ++++++++++++++++++ libsepol/src/services.c | 37 ++++++++++++++++++ libsepol/src/write.c | 16 ++++++++ 11 files changed, 318 insertions(+) diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c index 534fc22e..8aeecc1b 100644 --- a/checkpolicy/checkpolicy.c +++ b/checkpolicy/checkpolicy.c @@ -22,6 +22,7 @@ * * Policy Module support. * + * Copyright (C) 2017 Mellanox Technologies Inc. * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * Copyright (C) 2003 - 2005 Tresys Technology, LLC * Copyright (C) 2003 Red Hat, Inc., James Morris @@ -699,6 +700,7 @@ int main(int argc, char **argv) printf("h) change a boolean value\n"); printf("i) display constraint expressions\n"); printf("j) display validatetrans expressions\n"); + printf("k) Call ibpkey_sid\n"); #ifdef EQUIVTYPES printf("z) Show equivalent types\n"); #endif @@ -1220,6 +1222,31 @@ int main(int argc, char **argv) "\nNo validatetrans expressions found.\n"); } break; + case 'k': + { + char *p; + struct in6_addr addr6; + uint64_t subnet_prefix; + unsigned int pkey; + + printf("subnet prefix? "); + FGETS(ans, sizeof(ans), stdin); + ans[strlen(ans) - 1] = 0; + p = (char *)&addr6; + + if (inet_pton(AF_INET6, ans, p) < 1) { + printf("error parsing subnet prefix\n"); + break; + } + + memcpy(&subnet_prefix, p, sizeof(subnet_prefix)); + printf("pkey? "); + FGETS(ans, sizeof(ans), stdin); + pkey = atoi(ans); + sepol_ibpkey_sid(subnet_prefix, pkey, &ssid); + printf("sid %d\n", ssid); + } + break; #ifdef EQUIVTYPES case 'z': identify_equiv_types(); diff --git a/libsepol/include/sepol/policydb/services.h b/libsepol/include/sepol/policydb/services.h index 9162149a..3f3b95d1 100644 --- a/libsepol/include/sepol/policydb/services.h +++ b/libsepol/include/sepol/policydb/services.h @@ -188,6 +188,14 @@ extern int sepol_port_sid(uint16_t domain, uint16_t port, sepol_security_id_t * out_sid); /* + * Return the SID of the ibpkey specified by + * `subnet prefix', and `pkey'. + */ +extern int sepol_ibpkey_sid(uint64_t subnet_prefix_p, + uint16_t pkey, + sepol_security_id_t *out_sid); + +/* * Return the SIDs to use for a network interface * with the name `name'. The `if_sid' SID is returned for * the interface and the `msg_sid' SID is returned as diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c index 54bf781d..e4cfc41e 100644 --- a/libsepol/src/expand.c +++ b/libsepol/src/expand.c @@ -4,6 +4,7 @@ * * Copyright (C) 2004-2005 Tresys Technology, LLC * Copyright (C) 2007 Red Hat, Inc. + * Copyright (C) 2017 Mellanox Technologies, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -2217,6 +2218,12 @@ static int ocontext_copy_selinux(expand_state_t *state) return -1; } break; + case OCON_IBPKEY: + n->u.ibpkey.subnet_prefix = c->u.ibpkey.subnet_prefix; + + n->u.ibpkey.low_pkey = c->u.ibpkey.low_pkey; + n->u.ibpkey.high_pkey = c->u.ibpkey.high_pkey; + break; case OCON_PORT: n->u.port.protocol = c->u.port.protocol; n->u.port.low_port = c->u.port.low_port; diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c index 3a1c0be7..d1006186 100644 --- a/libsepol/src/kernel_to_cil.c +++ b/libsepol/src/kernel_to_cil.c @@ -2784,6 +2784,63 @@ exit: return rc; } +static int write_selinux_ibpkey_rules_to_cil(FILE *out, struct policydb *pdb) +{ + struct ocontext *ibpkeycon; + char subnet_prefix_str[INET6_ADDRSTRLEN]; + struct in6_addr subnet_prefix = {0}; + uint16_t low; + uint16_t high; + char low_high_str[44]; /* 2^64 <= 20 digits so "(low high)" <= 44 chars */ + char *ctx; + int rc = 0; + + for (ibpkeycon = pdb->ocontexts[OCON_IBPKEY]; ibpkeycon != NULL; + ibpkeycon = ibpkeycon->next) { + memcpy(&subnet_prefix.s6_addr, &ibpkeycon->u.ibpkey.subnet_prefix, + sizeof(ibpkeycon->u.ibpkey.subnet_prefix)); + + if (inet_ntop(AF_INET6, &subnet_prefix.s6_addr, + subnet_prefix_str, INET6_ADDRSTRLEN) == NULL) { + sepol_log_err("ibpkeycon subnet_prefix is invalid: %s", + strerror(errno)); + rc = -1; + goto exit; + } + + low = ibpkeycon->u.ibpkey.low_pkey; + high = ibpkeycon->u.ibpkey.high_pkey; + if (low == high) { + rc = snprintf(low_high_str, 44, "%u", low); + } else { + rc = snprintf(low_high_str, 44, "(%u %u)", low, high); + } + if (rc < 0 || rc >= 44) { + rc = -1; + goto exit; + } + + ctx = context_to_str(pdb, &ibpkeycon->context[0]); + if (!ctx) { + rc = -1; + goto exit; + } + + sepol_printf(out, "(ibpkeycon %s %s %s)\n", subnet_prefix_str, low_high_str, ctx); + + free(ctx); + } + + rc = 0; + +exit: + if (rc != 0) { + sepol_log_err("Error writing ibpkeycon rules to CIL\n"); + } + + return rc; +} + static int write_xen_isid_rules_to_cil(FILE *out, struct policydb *pdb) { return write_sid_context_rules_to_cil(out, pdb, xen_sid_to_str); @@ -3180,6 +3237,11 @@ int sepol_kernel_policydb_to_cil(FILE *out, struct policydb *pdb) if (rc != 0) { goto exit; } + + rc = write_selinux_ibpkey_rules_to_cil(out, pdb); + if (rc != 0) { + goto exit; + } } else if (pdb->target_platform == SEPOL_TARGET_XEN) { rc = write_xen_isid_rules_to_cil(out, pdb); if (rc != 0) { diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c index 45adc5d5..294f0b4e 100644 --- a/libsepol/src/kernel_to_common.c +++ b/libsepol/src/kernel_to_common.c @@ -518,6 +518,20 @@ static int node6_data_cmp(const void *a, const void *b) return memcmp(&(*aa)->u.node6.addr, &(*bb)->u.node6.addr, sizeof((*aa)->u.node6.addr)); } +static int ibpkey_data_cmp(const void *a, const void *b) +{ + int rc; + struct ocontext *const *aa = a; + struct ocontext *const *bb = b; + + rc = (*aa)->u.ibpkey.subnet_prefix - (*bb)->u.ibpkey.subnet_prefix; + if (rc) + return rc; + + return compare_ranges((*aa)->u.ibpkey.low_pkey, (*aa)->u.ibpkey.high_pkey, + (*bb)->u.ibpkey.low_pkey, (*bb)->u.ibpkey.high_pkey); +} + static int pirq_data_cmp(const void *a, const void *b) { struct ocontext *const *aa = a; @@ -641,6 +655,11 @@ int sort_ocontexts(struct policydb *pdb) if (rc != 0) { goto exit; } + + rc = sort_ocontext_data(&pdb->ocontexts[OCON_IBPKEY], ibpkey_data_cmp); + if (rc != 0) { + goto exit; + } } else if (pdb->target_platform == SEPOL_TARGET_XEN) { rc = sort_ocontext_data(&pdb->ocontexts[1], pirq_data_cmp); if (rc != 0) { diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index 22a09095..23307ce6 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -2645,6 +2645,64 @@ exit: return rc; } +static int write_selinux_ibpkey_rules_to_conf(FILE *out, struct policydb *pdb) +{ + struct ocontext *ibpkeycon; + char subnet_prefix_str[INET6_ADDRSTRLEN]; + struct in6_addr subnet_prefix = {0}; + uint16_t low; + uint16_t high; + char low_high_str[44]; /* 2^64 <= 20 digits so "low-high" <= 44 chars */ + char *ctx; + int rc = 0; + + for (ibpkeycon = pdb->ocontexts[OCON_IBPKEY]; ibpkeycon != NULL; + ibpkeycon = ibpkeycon->next) { + memcpy(&subnet_prefix.s6_addr, &ibpkeycon->u.ibpkey.subnet_prefix, + sizeof(ibpkeycon->u.ibpkey.subnet_prefix)); + + if (inet_ntop(AF_INET6, &subnet_prefix.s6_addr, + subnet_prefix_str, INET6_ADDRSTRLEN) == NULL) { + sepol_log_err("ibpkeycon address is invalid: %s", + strerror(errno)); + rc = -1; + goto exit; + } + + low = ibpkeycon->u.ibpkey.low_pkey; + high = ibpkeycon->u.ibpkey.high_pkey; + if (low == high) { + rc = snprintf(low_high_str, 44, "%u", low); + } else { + rc = snprintf(low_high_str, 44, "%u-%u", low, high); + } + if (rc < 0 || rc >= 44) { + rc = -1; + goto exit; + } + + ctx = context_to_str(pdb, &ibpkeycon->context[0]); + if (!ctx) { + rc = -1; + goto exit; + } + + sepol_printf(out, "ibpkeycon %s %s %s\n", subnet_prefix_str, + low_high_str, ctx); + + free(ctx); + } + + rc = 0; + +exit: + if (rc != 0) { + sepol_log_err("Error writing ibpkeycon rules to policy.conf\n"); + } + + return rc; +} + static int write_xen_isid_rules_to_conf(FILE *out, struct policydb *pdb) { return write_sid_context_rules_to_conf(out, pdb, xen_sid_to_str); @@ -3045,6 +3103,11 @@ int sepol_kernel_policydb_to_conf(FILE *out, struct policydb *pdb) if (rc != 0) { goto exit; } + + rc = write_selinux_ibpkey_rules_to_conf(out, pdb); + if (rc != 0) { + goto exit; + } } else if (pdb->target_platform == SEPOL_TARGET_XEN) { rc = write_xen_isid_rules_to_conf(out, pdb); if (rc != 0) { diff --git a/libsepol/src/libsepol.map.in b/libsepol/src/libsepol.map.in index 40426408..36225d1c 100644 --- a/libsepol/src/libsepol.map.in +++ b/libsepol/src/libsepol.map.in @@ -6,6 +6,7 @@ LIBSEPOL_1.0 { sepol_context_*; sepol_mls_*; sepol_check_context; sepol_iface_*; sepol_port_*; + sepol_ibpkey_*; sepol_node_*; sepol_user_*; sepol_genusers; sepol_set_delusers; sepol_msg_*; sepol_debug; diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index 7d8eb204..10d0700c 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -3,6 +3,7 @@ * Functions to convert policy module to CIL * * Copyright (C) 2015 Tresys Technology, LLC + * Copyright (C) 2017 Mellanox Technologies Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -2656,6 +2657,45 @@ exit: return rc; } +static int ocontext_selinux_ibpkey_to_cil(struct policydb *pdb, + struct ocontext *ibpkeycons) +{ + int rc = -1; + struct ocontext *ibpkeycon; + char subnet_prefix_str[INET6_ADDRSTRLEN]; + struct in6_addr subnet_prefix = {0}; + uint16_t high; + uint16_t low; + + for (ibpkeycon = ibpkeycons; ibpkeycon; ibpkeycon = ibpkeycon->next) { + low = ibpkeycon->u.ibpkey.low_pkey; + high = ibpkeycon->u.ibpkey.high_pkey; + memcpy(&subnet_prefix.s6_addr, &ibpkeycon->u.ibpkey.subnet_prefix, + sizeof(ibpkeycon->u.ibpkey.subnet_prefix)); + + if (inet_ntop(AF_INET6, &subnet_prefix.s6_addr, + subnet_prefix_str, INET6_ADDRSTRLEN) == NULL) { + log_err("ibpkeycon subnet_prefix is invalid: %s", + strerror(errno)); + rc = -1; + goto exit; + } + + if (low == high) + cil_printf("(ibpkeycon %s %i ", subnet_prefix_str, low); + else + cil_printf("(ibpkeycon %s (%i %i) ", subnet_prefix_str, low, + high); + + context_to_cil(pdb, &ibpkeycon->context[0]); + + cil_printf(")\n"); + } + return 0; +exit: + return rc; +} + static int ocontext_selinux_netif_to_cil(struct policydb *pdb, struct ocontext *netifs) { struct ocontext *netif; @@ -2889,6 +2929,7 @@ static int ocontexts_to_cil(struct policydb *pdb) ocontext_selinux_node_to_cil, ocontext_selinux_fsuse_to_cil, ocontext_selinux_node6_to_cil, + ocontext_selinux_ibpkey_to_cil, }; static int (*ocon_xen_funcs[OCON_NUM])(struct policydb *pdb, struct ocontext *ocon) = { ocontext_xen_isid_to_cil, diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index b1530955..09d14140 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -18,6 +18,7 @@ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * Copyright (C) 2003 - 2005 Tresys Technology, LLC * Copyright (C) 2003 - 2007 Red Hat, Inc. + * Copyright (C) 2017 Mellanox Technologies Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -186,6 +187,13 @@ static struct policydb_compat_info policydb_compat[] = { .target_platform = SEPOL_TARGET_SELINUX, }, { + .type = POLICY_KERN, + .version = POLICYDB_VERSION_INFINIBAND, + .sym_num = SYM_NUM, + .ocon_num = OCON_IBPKEY + 1, + .target_platform = SEPOL_TARGET_SELINUX, + }, + { .type = POLICY_BASE, .version = MOD_POLICYDB_VERSION_BASE, .sym_num = SYM_NUM, @@ -291,6 +299,13 @@ static struct policydb_compat_info policydb_compat[] = { .target_platform = SEPOL_TARGET_SELINUX, }, { + .type = POLICY_BASE, + .version = MOD_POLICYDB_VERSION_INFINIBAND, + .sym_num = SYM_NUM, + .ocon_num = OCON_IBPKEY + 1, + .target_platform = SEPOL_TARGET_SELINUX, + }, + { .type = POLICY_MOD, .version = MOD_POLICYDB_VERSION_BASE, .sym_num = SYM_NUM, @@ -395,6 +410,13 @@ static struct policydb_compat_info policydb_compat[] = { .ocon_num = 0, .target_platform = SEPOL_TARGET_SELINUX, }, + { + .type = POLICY_MOD, + .version = MOD_POLICYDB_VERSION_INFINIBAND, + .sym_num = SYM_NUM, + .ocon_num = 0, + .target_platform = SEPOL_TARGET_SELINUX, + }, }; #if 0 @@ -2798,6 +2820,21 @@ static int ocontext_read_selinux(struct policydb_compat_info *info, (&c->context[1], p, fp)) return -1; break; + case OCON_IBPKEY: + rc = next_entry(buf, fp, sizeof(uint32_t) * 4); + if (rc < 0 || buf[2] > 0xffff || buf[3] > 0xffff) + return -1; + + memcpy(&c->u.ibpkey.subnet_prefix, buf, + sizeof(c->u.ibpkey.subnet_prefix)); + + c->u.ibpkey.low_pkey = le32_to_cpu(buf[2]); + c->u.ibpkey.high_pkey = le32_to_cpu(buf[3]); + + if (context_read_and_validate + (&c->context[0], p, fp)) + return -1; + break; case OCON_PORT: rc = next_entry(buf, fp, sizeof(uint32_t) * 3); if (rc < 0) diff --git a/libsepol/src/services.c b/libsepol/src/services.c index 03fb1203..27e802c6 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -21,6 +21,7 @@ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * Copyright (C) 2003 - 2004 Tresys Technology, LLC * Copyright (C) 2003 - 2004 Red Hat, Inc. + * Copyright (C) 2017 Mellanox Technologies Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -1911,6 +1912,42 @@ int hidden sepol_fs_sid(char *name, } /* + * Return the SID of the ibpkey specified by + * `subnet prefix', and `pkey number'. + */ +int hidden sepol_ibpkey_sid(uint64_t subnet_prefix, + uint16_t pkey, sepol_security_id_t *out_sid) +{ + ocontext_t *c; + int rc = 0; + + c = policydb->ocontexts[OCON_IBPKEY]; + while (c) { + if (c->u.ibpkey.low_pkey <= pkey && + c->u.ibpkey.high_pkey >= pkey && + subnet_prefix == c->u.ibpkey.subnet_prefix) + break; + c = c->next; + } + + if (c) { + if (!c->sid[0]) { + rc = sepol_sidtab_context_to_sid(sidtab, + &c->context[0], + &c->sid[0]); + if (rc) + goto out; + } + *out_sid = c->sid[0]; + } else { + *out_sid = SECINITSID_UNLABELED; + } + +out: + return rc; +} + +/* * Return the SID of the port specified by * `domain', `type', `protocol', and `port'. */ diff --git a/libsepol/src/write.c b/libsepol/src/write.c index 1606807d..f63e7489 100644 --- a/libsepol/src/write.c +++ b/libsepol/src/write.c @@ -16,6 +16,7 @@ * * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * Copyright (C) 2003-2005 Tresys Technology, LLC + * Copyright (C) 2017 Mellanox Technologies Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -1411,6 +1412,21 @@ static int ocontext_write_selinux(struct policydb_compat_info *info, if (context_write(p, &c->context[1], fp)) return POLICYDB_ERROR; break; + case OCON_IBPKEY: + /* The subnet prefix is in network order */ + memcpy(buf, &c->u.ibpkey.subnet_prefix, + sizeof(c->u.ibpkey.subnet_prefix)); + + buf[2] = cpu_to_le32(c->u.ibpkey.low_pkey); + buf[3] = cpu_to_le32(c->u.ibpkey.high_pkey); + + items = put_entry(buf, sizeof(uint32_t), 4, fp); + if (items != 4) + return POLICYDB_ERROR; + + if (context_write(p, &c->context[0], fp)) + return POLICYDB_ERROR; + break; case OCON_PORT: buf[0] = c->u.port.protocol; buf[1] = c->u.port.low_port;