From patchwork Sun Mar 11 16:22:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn via Selinux X-Patchwork-Id: 10274843 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id CA491602C2 for ; Sun, 11 Mar 2018 16:23:48 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AAFE628C8F for ; Sun, 11 Mar 2018 16:23:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9EAE328D5A; Sun, 11 Mar 2018 16:23:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from UCOL19PA11.eemsg.mail.mil (ucol19pa11.eemsg.mail.mil [214.24.24.84]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4FEB228C8F for ; Sun, 11 Mar 2018 16:23:46 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.47,455,1515456000"; d="scan'208";a="464592835" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by UCOL19PA11.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 11 Mar 2018 16:23:45 +0000 X-IronPort-AV: E=Sophos;i="5.47,455,1515456000"; d="scan'208";a="10429384" IronPort-PHdr: =?us-ascii?q?9a23=3Aj2xRkB8EWY2uyf9uRHKM819IXTAuvvDOBiVQ1KB6?= =?us-ascii?q?2uofIJqq85mqBkHD//Il1AaPAd2Araocw8Pt8InYEVQa5piAtH1QOLdtbDQizf?= =?us-ascii?q?ssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1?= =?us-ascii?q?JuPoEYLOksi7ze+/94HdbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeu?= =?us-ascii?q?BWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbO?= =?us-ascii?q?SxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsL4V7A0XSmp4bltRhHmlS?= =?us-ascii?q?wLMyc1/HzLhsB1iq9Upw6sqhJjz4LJeY2ZKOdydb7Zcd8HRWdNW8BcXDFDDIyh?= =?us-ascii?q?dYsCF+oPM/hFoYfzpFUAqgCzCRWwCO711jNFnGP60bE83u88EQ/GxgsgH9cWvX?= =?us-ascii?q?rIrdX6KKcSXvqvzKbV0D7NbelZ2Tb76IfWaRAqvO+MXbNqfsHM1EcgCQfFjlSW?= =?us-ascii?q?qYz4MDKey+MAs3OF4OpkVOKvjXMnqg5qrzizxsYjlonJhoUPxlDC7iV22pw5Jd?= =?us-ascii?q?K/SE5leNOpFoZbuSKCN4ZuX88vTG5ltDw6x7Ebo5K3YicHxIo9yxLCc/CKcImF?= =?us-ascii?q?7gj+WOufLjp0nnJodbylixqs/0Ws1OvxXdSu3llQtCpKiNzMu2gI1xzU98eIVO?= =?us-ascii?q?Nw/lyk2TaTzwDT7fxEIVwsmarbNZEhxrkwm4IPsUvZBC/2mVj2jLSMekU4+umn?= =?us-ascii?q?9+TnYrL8qp+aK4B0kR3xPr4rmsy+BeQ0KgkOX26F9uSgzLDv4EL0TbpQgvA2j6?= =?us-ascii?q?XVqo7WKMsFqqKjHgNZyoMj5Ay+Dzei3tQYh34HLFdddRKckYfpP1DOIPblDfaw?= =?us-ascii?q?mlijizBrx+3APrL9HJrNNWPOkKvhfLlh605czxA/zdZE551OEL0BL/XzWlHpuN?= =?us-ascii?q?zCEhA5KxC0w/rgCNhl1IMeXmSPDbWFMKPSq1CI4PkiI+uLZI8TvTbyMeMl5+Lw?= =?us-ascii?q?gn8jgl8RZ66p3YEYaHqgBPRpP12ZYWbwgtcGCWoKvAg+Q/b2h12BSj5TYHCyX6?= =?us-ascii?q?Mi5jwgBoKmCZrDR4+2j7yc2ie7AoBWanpBClCWHnfib5+EVOsUaCKOPs9hlSQJ?= =?us-ascii?q?VLagS48l0BGhqhX6xqFpLuXK5yIYsojj28Jt5+3JkhEy9yJ7ANiB022XSGF0hG?= =?us-ascii?q?wITScs3K9juUx91kuD0a9gjvNFCdNT4vRJUgEmNZLB1OF6Fc79WhjAftaIT1am?= =?us-ascii?q?RM+qATcvQdIt29UOeVpyG82+jhDf2CqnG6Ial6CRC5wu6a/Tw3/xJ8NhxHncz6?= =?us-ascii?q?khk0MqQs1ROm26nqR/7RTcB5bVk0WFkKanbaQd3S/K9GeF1meOuUVYXBdxUaXD?= =?us-ascii?q?R3wfYFHZrc765kPDUb+hF64rMg1fxs6eMqFKcMHmjU1aRPf/P9TTe3y+m3+qCh?= =?us-ascii?q?aSx7OMd5Hne30H0yXHCUgEiBgT/XKcOgciGCituWXeDCZhFVj3eUPj7fF+qG+n?= =?us-ascii?q?Tk8z1wyKYVdh2KCz+hEJhPycUOge3rccuCcgsjl0B1i838nMB9qHvQphc71WYc?= =?us-ascii?q?kh71dfyWLZqwt9M4SjL694hV4edBl3sljt1xptCYVAltUqoGktzApoJqKSyElB?= =?us-ascii?q?eC+A3ZDsJr3XLXH/8wqyZK7M21HRzsyW97wV5/skrlXvpgapFlAt839/ydlaz2?= =?us-ascii?q?Oc5onWDAoVSZ/xSFs4+AVhqrHVZyk86JnY1XtyPqmoqjXCwc4mBPM5yha8eNdS?= =?us-ascii?q?KLiEFAHoE80dHMiuNPcnm0OvbhIDMuFS8bQ7P8W8e/uAxqGrIP5qnCi6gmRf/I?= =?us-ascii?q?B9zkWM+jJyS+HS25YF3++X3hGcVzrnkleurNr3lptZZTEXBGa/zjLkBIFJbK1o?= =?us-ascii?q?YYkLEXuuI9GwxthmgZ7tWnpY9Fq9CFMdw8KmYwSdb0b63QFK0kQXu3OnkzOizz?= =?us-ascii?q?NoizEpsraf3CvWzuT8dRoIJnJLRG54jVv2PYe0j9caXE6nbwUykBul5ED6yLJB?= =?us-ascii?q?pKR4NWXTRl1IfyfuJWF4TqSwrqaCY9JI6J4wtSVXUf+8YUyDRr7mvRQa1yLjH2?= =?us-ascii?q?1DxDE0bDyqoY35nx18iGKcMHlzt2DVecduyhfD/NbcX+Je3iIaRClkjjnaHkK8?= =?us-ascii?q?P96t/dWQiZjDqPyxV2WvV5BIainr0J+PtDCh6W1tGx2/kOi5msf7HggizS/7y9?= =?us-ascii?q?5qWD3LrBniZInrzL+3MeF5cUluH1/87dR1Gp1knos3npEQ1mAQho+J8nofjWfz?= =?us-ascii?q?LdJb1LrmbHUXWD4Lx8Da4BD/101lMnKG2Zj5W26Awst6eda6eHgW1jgm78BNFa?= =?us-ascii?q?eU9qBLkjV7olq/twLRbuZyki0byfQw9H4Qm/sJtxY1ziWBHrASGlFVPTLqlxuV?= =?us-ascii?q?9N2+sqNXa3uvcbSq0kpxg8yhBqmYog5AQHb5ZosiHSho48VxKl3M1mHz6obheN?= =?us-ascii?q?TLY9IcqACbkxDaj+dPMJIxjP0KhSh5Nm3hoX0p0ek7jQZh3ZuipoiIN31t/L6l?= =?us-ascii?q?Ah5fLjD1Ytkc+jXpjalAgsaWw5qgEY96FzUNQpToUemoHy4IuvT/KQmCCjs8pW?= =?us-ascii?q?mHGbDHBw+Q9F9mr27TE5CsL3yXKmMZwst/SxmGPkNfhhwUXDIhnpMiDA+l2Mnh?= =?us-ascii?q?fF1+5jAL6V7ysgFMxf5wNxnjTmffox+lajEuSJeFNBpW9hpP50nUMcyE9eJzAy?= =?us-ascii?q?9Y/pynrAOXLGyUewVIAnsNWkCeAFDjJLau78Ha8+eEHuq+M+fOYbKWpOxGSfiH?= =?us-ascii?q?3oyg0o1n/zaQMcWCJXhiAOMl1UVdR3x5HN7ZmzoXQSwNiy3Nd9KbpAu7+iBvtc?= =?us-ascii?q?+w6/PnWAbu5YuUF7tSKs9j+wuojqifLeKQnzh2KTJZ1pMK2H/Jx6MS00ISiiF0?= =?us-ascii?q?ajmtCq4MtCDXQ6LMga9XCBgbZzl0NMtS4KI2xhNNNtLDitPpyr54ieY4BExEVV?= =?us-ascii?q?zuncGpY9cHLHyjO1zcBUaELrKGKSfMw8HtbqO2UadQg/lMtx2spTabFFfuMS6M?= =?us-ascii?q?lzbzSRCgL/pBjCaDPBNAvoG9dwxiCWnnTN39bR26P8V7jToswb07nnnKL3ITMS?= =?us-ascii?q?Bgc0NRqb2d9T9YgvJ6G2Bb9HplKuiFlDif7+bDMJYWtuVkAidvmu1G53Q6zqda?= =?us-ascii?q?4ztfRPxpgifSqMBho02+mOmV1jVnSAZOqipMhI+Tv0ViOaXY9oFHWXbA/RIN8X?= =?us-ascii?q?ufBg8Pp9tkFt3vob5fxsLIlKLpJzdI68jU8tcEB8jINMKHN2IsMRnpGT7QEgQI?= =?us-ascii?q?VjurNWbRh0xTjv6S6mGVrpg9qpjphpUCULlbW0IpFvkCEERqAMQCIItrXjMjib?= =?us-ascii?q?ObitAH6mC6rBTKR8VauYvHVu6IDvXpMzaZjrhEawEOwbzmMYQZLpf71FB6allm?= =?us-ascii?q?gITKHFLdXcpTrS16cAA7ul9N/2R+TmAowE3laxmt72IUFf66hh42kBVxYOQ3+D?= =?us-ascii?q?fq/Vg3OkLApDEsn0kphdXlnTeRfSbsI6e3W4FWDTf7uFY1MpP6WAt6dxO9nVZj?= =?us-ascii?q?NDveQLJRlbRgf3hxiADAoZtPBeJcTapcbRAN3/6XefQo3klHqii830BH//HFCZ?= =?us-ascii?q?xslQsxb5Gjs29A2xhibN4pJa3cPqxJwUZMhqiWpC+nyvgxwBMCJ0YK6G6SfCkI?= =?us-ascii?q?uFYWObkgJiuo+fdh6QOEmzteYmQMUOAqov1y/EMnJ+uA1z7g06JEKk2pLOyQMa?= =?us-ascii?q?eZu2nGlc6VTVI9zV8Hl05A/bdqy8gjaFaUW1opzLSPCxQDLdDCJh1Nb8pO6HjT?= =?us-ascii?q?ej6DsfnMwZJwOIW9CuDoTO+VuakJg0KlHBwmEJ8W4sQHAJaszFnSLd37I74d1R?= =?us-ascii?q?Ut+APrKU2fA/RNeRKEjCkIrNm6zJ5324ldITcdDn9mPCqs57bYvAkqjOONXNcr?= =?us-ascii?q?eHsaWJULNm4uUs2ghyFZp2hADCWw0u8B0weN8Tn8qz/KAzbhcdpseu2UZQh2B9?= =?us-ascii?q?Gs+TQz6a+2iUTY8p/GPWH1KcxiusPT6eMdv5uHBO5UTbh5s0fYhYZYQmenXHPR?= =?us-ascii?q?HtGuJpj/cY8sYcbzCnagXVy1kyg1QNvpPNaxMqiIhhnlRZxSsImawD8jNci9Fj?= =?us-ascii?q?UFGxlovu8N+bhyaBEEbZcgfRHosAE+OLClLweDztWiWWCtJiVKT/NH1+W1e6RX?= =?us-ascii?q?zzYwbu+90HYgVIs1z/Ow8UEWX5wKkgveyuy9Z4ZAVSjzG3pdewrLpSo4mGhhNv?= =?us-ascii?q?oywuklzxPStFkQKTaLe/J1aGZcpdEzGUuSIWlqCmo/X1Kdg5DP7RKs37AT+itd?= =?us-ascii?q?nsxb0e5evXj/oJDQfiyjVLasqZXPvCoqdcImrLFpMYz/PsuGs4vTnjnFQ5nKsQ?= =?us-ascii?q?2KTjK6F/tcmthfOy9ZTuNHmWc5NswCvopB9Fc+VtwkK7xJFqYsuqigaSB4Ai4K?= =?us-ascii?q?0S8ZS4SA0SQYjeemxrvakA2ccJc5PRwFsZVCg8cdXDVsbiMYuqCjS53cl3WYRW?= =?us-ascii?q?gTPAcT8QNM6RoBlo92YuDq/o7IQ4FJyzFIv/J0SCvKG4Jv91vjVG6Wh134R++g?= =?us-ascii?q?k+ytxg1Sy/3t3sMcWB5lBkhX3/xWmVcwKLFrN6kQuZbHsiOPdUP/p2/t1PeqJF?= =?us-ascii?q?xKxsHOcV33EpbFv3LmUiIA4X0UWZNPyHbHGJQSiQV5crwkpFFRL429Z0nx+SQk?= =?us-ascii?q?x5x3ELm8S8+r3UwprXEcRyelC9BBEf1psErLWD15ZJCmsJflO5JMTWJL5ZKStU?= =?us-ascii?q?xZn1t3My6l15VTNttB4jgSUzhTuT+dpse9SNVf2c9qCJ8BOst/tGrgF6NFIpeR?= =?us-ascii?q?p2Y7taDoyn/c5z8zqky6xCmpF6++Ue1Z43UUGh81KGSGtkkvE+ws/3/J/VDDrl?= =?us-ascii?q?944+VWCqWBgEhqvDl9GZVOCSpT2nC+M1R/Vn9GvPtGKK7NacxTX+EyZQOzOxw5?= =?us-ascii?q?DfMmxVKG8lx0nXjjfyx/rQ9a+yfDXwYqSyUanrDtliAApc29Pz8VVY5IZy07by?= =?us-ascii?q?jZMwKbhTxXvBFHZkFyQJAZHsxK9KwH3YZP5crCTlusKTsZUxN8MAI4zeBfmlRH?= =?us-ascii?q?sEmCfiDdFwWof+7VshJrZceRsNKpLPPh8QdbkIPorv43+LgYSn27nQ2tXcreoJ?= =?us-ascii?q?Xitt2LsUuOcLn3M/GmbX/GVjjMggi6ha04AJnS4yjTLA1bJoF4yXU+e5jhDnXL?= =?us-ascii?q?PRBcKKIFPEdbUL16adFaouBbe8BkebwG+al2Bh6dQRPvAoOvpuFcLlnPXTTeMz?= =?us-ascii?q?mB8uunrILR97PdT+bgZtaLx3naXa16JYt65iP9G7fx1o9S4Ez21elx9kliU1jJ?= =?us-ascii?q?LziBrMj9JgMM/MSicE/is4YoHTPQBZd8invtxkdOd8oNWSKq64gYyIlE6HnsVe?= =?us-ascii?q?J4z1Lzv/NI+7lj84k37Khjyd2oKqfKNfRarUhnDwCSBgVr6potB2x/SHpKYuML?= =?us-ascii?q?KffReqMZjdv1q+3sEqwa5xKU9/ZeadvdKEHLgtO/BS2ESRxYgAcBriYXIReG2P?= =?us-ascii?q?6BhaB0UtqlpOj+2k82+FixMh8Gw65r5YeY+6qHvvXbbx3PwrgYQqLqXN/8rqww?= =?us-ascii?q?u0OO4v0pjLoOendwYwCnC+UdWNASyXrnzaAw1y0sC9nDH7Xi+PFdS305gijsm5?= =?us-ascii?q?dnH1UZAvkUB6aE/ZxCnmcknOzULt8WcqFHmmuUEB6rDL8DxmCx6yuWJmlljQvC?= =?us-ascii?q?0xfuTmOv9FX2tzN3QTPQz9f/lUpYTri3BEZIUCWzJUB1qyiPMxT0tNXppas59k?= =?us-ascii?q?Y2MnbrtNiVjmuuJKtXH9HjJNybOSQ7v1MXjIY/R9O124AbGMa9IM8L/3FjavvT?= =?us-ascii?q?8H+kkyhcrKhZnYXe/9uV+vLNHXa6laGarK+NxD9AwHgioV4/8sygNu3J59CSW/?= =?us-ascii?q?SnzXoRQDt/uwrPWB61sL/bo0kPOUOV1EfLmYoKPsxW3HQjzkHp/vQjT84z9ARQ?= =?us-ascii?q?EYbAffACqSrwODTq21afZcw4Vi2E3ztQBFL1HkFyGLIg12LooMLJiXDQ9kUnRo?= =?us-ascii?q?ZqbUzomwB3D4UjJEIp6VgX3jQMEQgXZhCGF7GkH0LlIpUYVUIbcxSIwKC6ersr?= =?us-ascii?q?3U102r6v6/HcbepgB6oKMfZRiRWOk0ZfGpIXt60eXb19dkRZ9KHJvAjjC5LoU+?= =?us-ascii?q?LglXUuKf2/Wtpa/twBt3s+/ga/QAKt5otB77kBlJ+FbbJLYZ/IvMB47kdo+yQP?= =?us-ascii?q?djBTjxdjjxO1S+ccpPrs4tLDqpqn9v6uVLoxR+UQ7xU0AmN+j53sgFAsv97azO?= =?us-ascii?q?JcSozPhoT57g9NP3CLuIHA0xl/MuoCMYSrc6h8938fPSgRO2oOPcaKa/k7+yJt?= =?us-ascii?q?Pync50dZAs8VeN0WM8zDmQFSik30V7Be7cXbGlqCBId1ac8k9W33yCo68ZEkSO?= =?us-ascii?q?bv9Ce2JYzD71FKJ/5DjiJslNLEpOQP3fXSCCwX4WSEZBl0wyOCzYKNC/Xx/eiX?= =?us-ascii?q?1tHUVk0GETQyU4hAJTqO4wqnSfSplJ/xSAOb9tfzgI4idEKXXnGxnboFvbxKEe?= =?us-ascii?q?NbjiX7wyVRFoHyh/KOqdas73FXtlJfGoZp8RLFALlfPol8ORnglMmkWEZ8BiX7?= =?us-ascii?q?eMzPeBshouyWyfkQ4+lkMUvxe5MbKAoey73m8XpVUhduSLnus1aWWeIRY9VnR+?= =?us-ascii?q?3ArnBR8o9gMKgPPF6cpJP2tDtIrk45ABMxYr8qsjNablXOnBFSW6vspL4Aiw4c?= =?us-ascii?q?XMVluU9NBW2wO3wx5z7dWaRTkqaRFOQf8i+PQawWT0VoLiR+Tguw2JVveLupnv?= =?us-ascii?q?dHv3hEnixno/gq1DpmSwW6uSH2oaICxy4g8qmitDodoXxFUvmekyDQBFpY0vsK?= =?us-ascii?q?i7scBm356Vy4Z3kDcJfy4Kd5Ksv974Uh5G4/YRo7dS0cQeugEz3wj7+PAoGXqN?= =?us-ascii?q?JcgxqNt9/Ubb69KigSMro9xAnmR3h61Qjehwhn/3cRQjWn998kP4S9OcAqxiay?= =?us-ascii?q?HmjbblkM6LtTsMTtrV4LUPc2aVR5zWVtzMeHQiwNRNTRFGsujwkkaGBEcJdd5h?= =?us-ascii?q?8AE6knnCyEvq5c/gEbeD3UCJiq+pHMncfU3nkwVdlrxnrMpq2EmpwlzmZom9Z1?= =?us-ascii?q?7i6SonQdafbUU8h2Anj8zo1f0/DxZ+2xsuAbT4tr0LOhUPscPcS44Wu23I9lWl?= =?us-ascii?q?S5xrQfA1W5LPUDyanFXCu/T22XR/iLeXCWnzklKk7y+QWoLlovZcdOrk89NPbC?= =?us-ascii?q?h5FFmw3lULN0XTmQpUTAwWwiK+wacQU2tJ2gewwQQ+4bf/KcKvQ2wP0iFFsMaG?= =?us-ascii?q?fEHS5sBOCqsV6tnY57O3J77EXkYOTt9B7pMN+TGhkCDI7boYR9+fugRmKOIXVg?= =?us-ascii?q?1gF9PFFo9+fDEFQ8ru1cfIySndjXnNt2yvMFd/FxMS09vd4Th41j6YmI0MuQdx?= =?us-ascii?q?He0IryL8nPoveEG/3f01gqemZCX7obZAP14J86PsQ4W73IBrZZuw4TBa0kT5wg?= =?us-ascii?q?LWvx87t0LAxreA7LeLu0mtXqpv6MZpZMvH/W4FcwIzvdthAA0fG0UxJ0b4qrh3?= =?us-ascii?q?TzJ5AwQChNr9tzBRt6BIdPG90Prw6gA5OMnKG7jMO+9Fl+u+8KtqrwEezK2M69?= =?us-ascii?q?34V2Q5dV/0iLMyvWBKlumEtlj+Kyju/B0pn3F8ziZcsJWet6T2Lfd7PLEIqyJi?= =?us-ascii?q?iON8/yYUJK7bCR3KxhXhWUfi/5Xq6GtCO+NPVj5EU20ot1fPDSzDMx77HUwsHy?= =?us-ascii?q?aHxDqSi/tXGJNIFQ7F3MBePARBJZUuGK8HpkHa0RcYv76v0OMdo8z9iA+QV88D?= =?us-ascii?q?NC0M6cLqWns0TBxEZ7dY/ALEv1xSk5Q5QEIBW+MEQymWLVtieVPXMJNcWgKM9w?= =?us-ascii?q?kP6JHxft4A93gmhraWlfSVDlXdOABW9O4cO1ZASQ+EprBtcFkvX/LVQ5va27U+?= =?us-ascii?q?VfMaJFkOSsua4vm8poLT3CXs5XI2fbK7ogbRRLCeCanlkjYhcev/AVU4YzaIPG?= =?us-ascii?q?PkIOeHyNzSL00BuKhVb5c92qybahPDcd8nIByanMlzdLuV/q6r6insT/XeWBP9?= =?us-ascii?q?nNV/nIPX94Ww=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2BuCQBJV6Va/wHyM5BdGwEBAQEDAQEBCQEBAYMjLWZvFRO?= =?us-ascii?q?OYox8YYI5lFGBciYLiBUhOBQBAgEBAQEBAQIBaieCOAyCZwIkVQMJAkgIAwFsB?= =?us-ascii?q?YJjWYE/AQEBFQMBC6t8OoQHWoN4ghqFNYIuEIMshhiIIQSaVgmGQ4oSgXGMfQG?= =?us-ascii?q?HdIsANSGBUisIAhgIIQ+Bahp5CYIpHIF5d4wOAQEB?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 11 Mar 2018 16:23:44 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w2BGNDbY031189; Sun, 11 Mar 2018 12:23:21 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w2BGN6gD027820 for ; Sun, 11 Mar 2018 12:23:06 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w2BGN9fg031184 for ; Sun, 11 Mar 2018 12:23:10 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1CTAgC8V6Valy0bGNZdHAEBAQQBAQoBA?= =?us-ascii?q?YMjKmlvKI5ijHyDGpZHLYUCgxMhOBQBAgEBAQEBAQITAQEBAQEGGAaGJxkBOAE?= =?us-ascii?q?VgTuDQYE+AQMVAwELq3o6gwIFgQBog2MHgg4ECIU1gTV5gzyGGIghBJpWCYZDi?= =?us-ascii?q?hKBcYx+h3SLADWBczMaI4MSCYIaDxAMgXl3jA4BAQE?= X-IPAS-Result: =?us-ascii?q?A1CTAgC8V6Valy0bGNZdHAEBAQQBAQoBAYMjKmlvKI5ijHy?= =?us-ascii?q?DGpZHLYUCgxMhOBQBAgEBAQEBAQITAQEBAQEGGAaGJxkBOAEVgTuDQYE+AQMVA?= =?us-ascii?q?wELq3o6gwIFgQBog2MHgg4ECIU1gTV5gzyGGIghBJpWCYZDihKBcYx+h3SLADW?= =?us-ascii?q?BczMaI4MSCYIaDxAMgXl3jA4BAQE?= X-IronPort-AV: E=Sophos;i="5.47,455,1515474000"; d="scan'208";a="221873" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 11 Mar 2018 12:23:09 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3A0nJ9bhEhrAL9Euiy5Ek/RZ1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ7yr8iwAkXT6L1XgUPTWs2DsrQY07GQ6/iocFdDyK7JiGoFfp1IWk1Nou?= =?us-ascii?q?QttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZr?= =?us-ascii?q?KeTpAI7SiNm82/yv95HJbAhEmDSwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+?= =?us-ascii?q?NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjD?= =?us-ascii?q?QhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VDK/5KlpVRDokj?= =?us-ascii?q?8KOT4n/m/KhMJ+j6VVrQm9qxBj2YPYfJuYOOZicq7bYNgURXBBXsFUVyFZHo28?= =?us-ascii?q?bpcAD+obMuZCsob2ulkAogG/BQmqGuzv0SJDi3js3a07z+shERvJ3BY9EN0WrH?= =?us-ascii?q?vbtNX1O70TUeCz0qbI1i7OYOhK2Tf87ojIbg4uoeuKXb1ubcrd01UgFwTAjliJ?= =?us-ascii?q?r4HuIjCb1vwVvmSF8uZtWvijh3Aopg1rvDSixN0gh4bJi44NyV3J9D91zJs7KN?= =?us-ascii?q?C3UkJ2YdCpHIFOuyyUKYd7RN4pTXtytyYg0LIGvIa2fCgUx5QjwB7Sc/KIfZKG?= =?us-ascii?q?7B/9WuucPy12iW55dL++nRq971avyujnVsm7ylpKqzBKktjItnwX0hzT68yHRu?= =?us-ascii?q?N8/kenxzmPyxje5v9ZLU07j6bXNZEszqQumpcRq0jOES/7lF3zjKCMd0Uk/uao?= =?us-ascii?q?6/7gYrXjvpKcLY50hR3+Mqs0gMywHPw3PRQWUGib4+u81bvj8lPiQLhRlfI2jq?= =?us-ascii?q?jZsJbGJcsFvK65BRFa0po55xmjCDem1cwUnWMbI1JdZBKHk4/pNknVIP/mCfe/?= =?us-ascii?q?glKskCpkxv3dIr3gAonCLnjEkLv7e7Z98FRTxBA8zdBY+ZJYErEBL+z3Wk/2rN?= =?us-ascii?q?HYChg5PBCuzObjCNV90ZgeWX6VDq+dN6PdrUWH5uYyLOmLYY8aojf9K/496/7v?= =?us-ascii?q?i382h0MdcLGq0JYWcny0A/prLkqDbXfsjNoNC3kGswQgQODyjV2NSz9TZ3K8X6?= =?us-ascii?q?Im4TE7DZqrAIDZRoCsnLOB3D20HodLaW9eFl+DCXfoeJ+FW/cKdi2SOdRsnScY?= =?us-ascii?q?VbigTY8hyQ+htBX8y7V5MurY4DEXtZXm1NVs4eDYiA8/9ThpD8SGz2GCUXt0kH?= =?us-ascii?q?4JRz43wq9yuVBxmR+/1v1jjvhZE8FDz+9YWQc9c5jHxqp1DM6hdBjGe4KzSV2m?= =?us-ascii?q?S8+qSRE4T9Q82JdaeUd2G9y4gifI6CqjArkYjJSBGJ0y7q/G2XXtYc16ziCVh+?= =?us-ascii?q?Eak1A6T54XZiWdjall+l2LCg=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CUAgBJV6Valy0bGNZdHAEBAQQBAQoBA?= =?us-ascii?q?YMjKmlvKI5ijHyDGpZHLYUCgxMhOBQBAgEBAQEBAQIBEgEBAQEBBhgGVoI4IoJ?= =?us-ascii?q?3GQE4ARWBO4NBgT4BAxUDAQurfDqDAgWBAGiDYweCDgQIhTWBNXmDPIYYiCEEm?= =?us-ascii?q?lYJhkOKEoFxjH6HdIsANYFzMxojgxIJghoPEAyBeXeMDgEBAQ?= X-IPAS-Result: =?us-ascii?q?A0CUAgBJV6Valy0bGNZdHAEBAQQBAQoBAYMjKmlvKI5ijHy?= =?us-ascii?q?DGpZHLYUCgxMhOBQBAgEBAQEBAQIBEgEBAQEBBhgGVoI4IoJ3GQE4ARWBO4NBg?= =?us-ascii?q?T4BAxUDAQurfDqDAgWBAGiDYweCDgQIhTWBNXmDPIYYiCEEmlYJhkOKEoFxjH6?= =?us-ascii?q?HdIsANYFzMxojgxIJghoPEAyBeXeMDgEBAQ?= X-IronPort-AV: E=Sophos;i="5.47,455,1515456000"; d="scan'208";a="10429380" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa06.eemsg.mail.mil ([214.24.27.45]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 11 Mar 2018 16:23:08 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;4d8c1902-d19d-4e6d-985f-04d4da683209 Received: from localhost.localdomain (localhost [127.0.0.1]) by UPDCF3IC08.oob.disa.mil (Postfix) with SMTP id 3zzmcq5ZJrz34qvp for ; Sun, 11 Mar 2018 16:23:07 +0000 (UTC) Received: from UPBD19PA04.eemsg.mil (unknown [192.168.18.5]) by UPDCF3IC08.oob.disa.mil (Postfix) with ESMTP id 3zzmcq4Qj2z34qv4 for ; Sun, 11 Mar 2018 16:23:07 +0000 (UTC) X-EEMSG-check-008: 301055461|UPBD19PA04_EEMSG_MP4.csd.disa.mil X-EEMSG-SBRS: 3.4 X-EEMSG-ORIG-IP: 65.20.0.209 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0D/AAAFV6VahtEAFEFdGwEBAQEDAQEBCQEBAYMjgRNvKI5ikBaWRw8ehQKDNDgUAQIBAQEBAQECEwEBAQoJCwgoLoVRGQE4ARWBO4NBgT4BAxUEC6t8OoMCBYEAaINjB4IOBAiFNYE1hDWGGIghBJpWCYZDihKBcYx9AYd0iwA1gXMzGiODEgmCGg8QDIF5d4wOAQEB X-IPAS-Result: A0D/AAAFV6VahtEAFEFdGwEBAQEDAQEBCQEBAYMjgRNvKI5ikBaWRw8ehQKDNDgUAQIBAQEBAQECEwEBAQoJCwgoLoVRGQE4ARWBO4NBgT4BAxUEC6t8OoMCBYEAaINjB4IOBAiFNYE1hDWGGIghBJpWCYZDihKBcYx9AYd0iwA1gXMzGiODEgmCGg8QDIF5d4wOAQEB Received: from rgout0303.bt.lon5.cpcloud.co.uk (HELO rgout03.bt.lon5.cpcloud.co.uk) ([65.20.0.209]) by upbd19pa04.eemsg.mail.mil with ESMTP; 11 Mar 2018 16:23:07 +0000 X-OWM-Source-IP: 86.134.53.232 (GB) X-OWM-Env-Sender: richard_c_haines@btinternet.com X-RazorGate-Vade-Classification: clean X-RazorGate-Vade-Verdict: clean 0 X-VadeSecure-score: verdict=clean score=0/300, class=clean X-SNCR-VADESECURE: CLEAN X-RazorGate-Vade-Verdict: clean 0 X-RazorGate-Vade-Classification: clean X-Junkmail-Premium-Raw: score=9/50, refid=2.7.2:2018.3.11.160916:17:9.975, ip=, rules=__HAS_FROM, __FRAUD_WEBMAIL_FROM, __TO_MALFORMED_2, __TO_NO_NAME, __HAS_CC_HDR, __CC_NAME, __CC_NAME_DIFF_FROM_ACC, __SUBJ_ALPHA_END, __HAS_MSGID, __SANE_MSGID, __HAS_X_MAILER, __FROM_DOMAIN_IN_ANY_CC1, __TO_IN_SUBJECT, __ANY_URI, __FRAUD_BODY_WEBMAIL, __URI_NO_WWW, __NO_HTML_TAG_RAW, BODY_SIZE_10000_PLUS, __MIME_TEXT_P1, __MIME_TEXT_ONLY, __URI_NS, HTML_00_01, HTML_00_10, __FRAUD_WEBMAIL, __FROM_DOMAIN_IN_RCPT, __CC_REAL_NAMES, __PHISH_SPEAR_STRUCTURE_1, TO_IN_SUBJECT, __MIME_TEXT_P, NO_URI_HTTPS X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedtfedrledugdeltdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemuceutffkvffkuffjvffgnffgvefqofdpqfgfvfenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofestddtredtredttdenucfhrhhomheptfhitghhrghrugcujfgrihhnvghsuceorhhitghhrghruggptggphhgrihhnvghssegsthhinhhtvghrnhgvthdrtghomheqnecukfhppeekiedrudefgedrheefrddvfedvnecurfgrrhgrmhephhgvlhhopehlohgtrghlhhhoshhtrdhlohgtrghlughomhgrihhnpdhinhgvthepkeeirddufeegrdehfedrvdefvddpmhgrihhlfhhrohhmpeeorhhitghhrghruggptggphhgrihhnvghssegsthhinhhtvghrnhgvthdrtghomheqnecuvehluhhsthgvrhfuihiivgeptd Received: from localhost.localdomain (86.134.53.232) by rgout03.bt.lon5.cpcloud.co.uk (9.0.019.24-1) (authenticated as richard_c_haines@btinternet.com) id 5A9D3B60008FDAEA; Sun, 11 Mar 2018 16:23:04 +0000 X-EEMSG-check-009: 444-444 To: selinux@tycho.nsa.gov Date: Sun, 11 Mar 2018 16:22:55 +0000 Message-Id: <20180311162255.27901-1-richard_c_haines@btinternet.com> X-Mailer: git-send-email 2.14.3 Subject: [PATCH] selinux: Add support for the SCTP portcon keyword X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: From: Richard Haines via Selinux Reply-To: Richard Haines Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Update libsepol, checkpolicy and the CIL compiler to support the SCTP portcon keyword. Signed-off-by: Richard Haines Acked-by: James Carter --- checkpolicy/checkpolicy.c | 5 +++++ checkpolicy/policy_define.c | 5 +++++ libsepol/cil/src/cil.c | 1 + libsepol/cil/src/cil_binary.c | 6 ++++++ libsepol/cil/src/cil_build_ast.c | 2 ++ libsepol/cil/src/cil_internal.h | 4 +++- libsepol/cil/src/cil_policy.c | 2 ++ libsepol/cil/src/cil_tree.c | 2 ++ libsepol/include/sepol/port_record.h | 1 + libsepol/src/kernel_to_cil.c | 4 ++++ libsepol/src/kernel_to_common.c | 3 +++ libsepol/src/kernel_to_conf.c | 4 ++++ libsepol/src/module_to_cil.c | 4 ++++ libsepol/src/port_record.c | 2 ++ libsepol/src/ports.c | 7 +++++++ secilc/docs/cil_network_labeling_statements.md | 5 +++-- secilc/test/policy.cil | 1 + 17 files changed, 55 insertions(+), 3 deletions(-) diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c index 923b47c1..fbda4558 100644 --- a/checkpolicy/checkpolicy.c +++ b/checkpolicy/checkpolicy.c @@ -69,6 +69,9 @@ #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif #include #include #include @@ -944,6 +947,8 @@ int main(int argc, char **argv) protocol = IPPROTO_UDP; else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP")) protocol = IPPROTO_DCCP; + else if (!strcmp(ans, "sctp") || !strcmp(ans, "SCTP")) + protocol = IPPROTO_SCTP; else { printf("unknown protocol\n"); break; diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index 2c5db55d..11fd37d8 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -40,6 +40,9 @@ #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif #include #include #include @@ -5004,6 +5007,8 @@ int define_port_context(unsigned int low, unsigned int high) protocol = IPPROTO_UDP; } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { protocol = IPPROTO_DCCP; + } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) { + protocol = IPPROTO_SCTP; } else { yyerror2("unrecognized protocol %s", id); goto bad; diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index 5a64c2bc..2a7ec063 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -109,6 +109,7 @@ static void cil_init_keys(void) CIL_KEY_UDP = cil_strpool_add("udp"); CIL_KEY_TCP = cil_strpool_add("tcp"); CIL_KEY_DCCP = cil_strpool_add("dccp"); + CIL_KEY_SCTP = cil_strpool_add("sctp"); CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow"); CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif"); CIL_KEY_ALLOW = cil_strpool_add("allow"); diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index 431cd9cd..0cc6eeb1 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -34,6 +34,9 @@ #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif #include #include @@ -3272,6 +3275,9 @@ int cil_portcon_to_policydb(policydb_t *pdb, struct cil_sort *portcons) case CIL_PROTOCOL_DCCP: new_ocon->u.port.protocol = IPPROTO_DCCP; break; + case CIL_PROTOCOL_SCTP: + new_ocon->u.port.protocol = IPPROTO_SCTP; + break; default: /* should not get here */ rc = SEPOL_ERR; diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index e84336bf..b90b0f60 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -4405,6 +4405,8 @@ int cil_gen_portcon(struct cil_db *db, struct cil_tree_node *parse_current, stru portcon->proto = CIL_PROTOCOL_TCP; } else if (proto == CIL_KEY_DCCP) { portcon->proto = CIL_PROTOCOL_DCCP; + } else if (proto == CIL_KEY_SCTP) { + portcon->proto = CIL_PROTOCOL_SCTP; } else { cil_log(CIL_ERR, "Invalid protocol\n"); rc = SEPOL_ERR; diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h index 8393e391..6ff32285 100644 --- a/libsepol/cil/src/cil_internal.h +++ b/libsepol/cil/src/cil_internal.h @@ -103,6 +103,7 @@ char *CIL_KEY_STAR; char *CIL_KEY_TCP; char *CIL_KEY_UDP; char *CIL_KEY_DCCP; +char *CIL_KEY_SCTP; char *CIL_KEY_AUDITALLOW; char *CIL_KEY_TUNABLEIF; char *CIL_KEY_ALLOW; @@ -740,7 +741,8 @@ struct cil_filecon { enum cil_protocol { CIL_PROTOCOL_UDP = 1, CIL_PROTOCOL_TCP, - CIL_PROTOCOL_DCCP + CIL_PROTOCOL_DCCP, + CIL_PROTOCOL_SCTP }; struct cil_ibpkeycon { diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c index 99eb53c2..5edab5e0 100644 --- a/libsepol/cil/src/cil_policy.c +++ b/libsepol/cil/src/cil_policy.c @@ -1757,6 +1757,8 @@ static void cil_portcons_to_policy(FILE *out, struct cil_sort *portcons, int mls fprintf(out, "tcp "); } else if (portcon->proto == CIL_PROTOCOL_DCCP) { fprintf(out, "dccp "); + } else if (portcon->proto == CIL_PROTOCOL_SCTP) { + fprintf(out, "sctp "); } if (portcon->port_low == portcon->port_high) { fprintf(out, "%d ", portcon->port_low); diff --git a/libsepol/cil/src/cil_tree.c b/libsepol/cil/src/cil_tree.c index b394a9d8..2abbb96c 100644 --- a/libsepol/cil/src/cil_tree.c +++ b/libsepol/cil/src/cil_tree.c @@ -1436,6 +1436,8 @@ void cil_tree_print_node(struct cil_tree_node *node) cil_log(CIL_INFO, " tcp"); } else if (portcon->proto == CIL_PROTOCOL_DCCP) { cil_log(CIL_INFO, " dccp"); + } else if (portcon->proto == CIL_PROTOCOL_SCTP) { + cil_log(CIL_INFO, " sctp"); } cil_log(CIL_INFO, " (%d %d)", portcon->port_low, portcon->port_high); diff --git a/libsepol/include/sepol/port_record.h b/libsepol/include/sepol/port_record.h index df04ea09..77149cfa 100644 --- a/libsepol/include/sepol/port_record.h +++ b/libsepol/include/sepol/port_record.h @@ -16,6 +16,7 @@ typedef struct sepol_port_key sepol_port_key_t; #define SEPOL_PROTO_UDP 0 #define SEPOL_PROTO_TCP 1 #define SEPOL_PROTO_DCCP 2 +#define SEPOL_PROTO_SCTP 3 /* Key */ extern int sepol_port_compare(const sepol_port_t * port, diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c index 0055c238..b1eb66d6 100644 --- a/libsepol/src/kernel_to_cil.c +++ b/libsepol/src/kernel_to_cil.c @@ -12,6 +12,9 @@ #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif #include #include @@ -2631,6 +2634,7 @@ static int write_selinux_port_rules_to_cil(FILE *out, struct policydb *pdb) case IPPROTO_TCP: protocol = "tcp"; break; case IPPROTO_UDP: protocol = "udp"; break; case IPPROTO_DCCP: protocol = "dccp"; break; + case IPPROTO_SCTP: protocol = "sctp"; break; default: sepol_log_err("Unknown portcon protocol: %i", portcon->u.port.protocol); rc = -1; diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c index 01ffc8fc..342bc3c9 100644 --- a/libsepol/src/kernel_to_common.c +++ b/libsepol/src/kernel_to_common.c @@ -10,6 +10,9 @@ #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif #include #include diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index 95aa92fc..95405207 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -11,6 +11,9 @@ #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif #include #include @@ -2491,6 +2494,7 @@ static int write_selinux_port_rules_to_conf(FILE *out, struct policydb *pdb) case IPPROTO_TCP: protocol = "tcp"; break; case IPPROTO_UDP: protocol = "udp"; break; case IPPROTO_DCCP: protocol = "dccp"; break; + case IPPROTO_SCTP: protocol = "sctp"; break; default: sepol_log_err("Unknown portcon protocol: %i", portcon->u.port.protocol); rc = -1; diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index 15b58a7a..5b8ed19e 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -30,6 +30,9 @@ #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif #include #include #include @@ -2656,6 +2659,7 @@ static int ocontext_selinux_port_to_cil(struct policydb *pdb, struct ocontext *p case IPPROTO_TCP: protocol = "tcp"; break; case IPPROTO_UDP: protocol = "udp"; break; case IPPROTO_DCCP: protocol = "dccp"; break; + case IPPROTO_SCTP: protocol = "sctp"; break; default: log_err("Unknown portcon protocol: %i", portcon->u.port.protocol); rc = -1; diff --git a/libsepol/src/port_record.c b/libsepol/src/port_record.c index ed9093bf..15fb198f 100644 --- a/libsepol/src/port_record.c +++ b/libsepol/src/port_record.c @@ -186,6 +186,8 @@ const char *sepol_port_get_proto_str(int proto) return "tcp"; case SEPOL_PROTO_DCCP: return "dccp"; + case SEPOL_PROTO_SCTP: + return "sctp"; default: return "???"; } diff --git a/libsepol/src/ports.c b/libsepol/src/ports.c index 62ec6029..cc558632 100644 --- a/libsepol/src/ports.c +++ b/libsepol/src/ports.c @@ -2,6 +2,9 @@ #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif #include #include "debug.h" @@ -21,6 +24,8 @@ static inline int sepol2ipproto(sepol_handle_t * handle, int proto) return IPPROTO_UDP; case SEPOL_PROTO_DCCP: return IPPROTO_DCCP; + case SEPOL_PROTO_SCTP: + return IPPROTO_SCTP; default: ERR(handle, "unsupported protocol %u", proto); return STATUS_ERR; @@ -37,6 +42,8 @@ static inline int ipproto2sepol(sepol_handle_t * handle, int proto) return SEPOL_PROTO_UDP; case IPPROTO_DCCP: return SEPOL_PROTO_DCCP; + case IPPROTO_SCTP: + return SEPOL_PROTO_SCTP; default: ERR(handle, "invalid protocol %u " "found in policy", proto); return STATUS_ERR; diff --git a/secilc/docs/cil_network_labeling_statements.md b/secilc/docs/cil_network_labeling_statements.md index b06dbccc..49a836c1 100644 --- a/secilc/docs/cil_network_labeling_statements.md +++ b/secilc/docs/cil_network_labeling_statements.md @@ -155,7 +155,7 @@ These examples show named and anonymous [`nodecon`](cil_network_labeling_stateme portcon ------- -Label a udp, tcp or dccp port. +Label a udp, tcp, dccp or sctp port. **Statement definition:** @@ -175,7 +175,7 @@ Label a udp, tcp or dccp port.

protocol

-

The protocol keyword tcp, udp or dccp.

+

The protocol keyword tcp, udp, dccp or sctp.

port |

@@ -200,3 +200,4 @@ These examples show named and anonymous [`portcon`](cil_network_labeling_stateme (portcon udp 4444 (unconfined.user object_r unconfined.object ((s0) level_2))) (portcon tcp (2000 20000) (unconfined.user object_r unconfined.object (systemlow level_3))) (portcon dccp (6840 6880) (unconfined.user object_r unconfined.object ((s0) level_2))) + (portcon sctp (1024 1035) (unconfined.user object_r unconfined.object ((s0) level_2))) diff --git a/secilc/test/policy.cil b/secilc/test/policy.cil index 4c37ecca..02f4f88d 100644 --- a/secilc/test/policy.cil +++ b/secilc/test/policy.cil @@ -271,6 +271,7 @@ (portcon udp 25 system_u_bin_t_l2h) (portcon tcp 22 system_u_bin_t_l2h) (portcon dccp (2048 2096) system_u_bin_t_l2h) + (portcon sctp (1024 1035) system_u_bin_t_l2h) (genfscon - "/usr/bin" system_u_bin_t_l2h) (netifcon eth0 system_u_bin_t_l2h system_u_bin_t_l2h) ;different contexts? (fsuse xattr ext3 system_u_bin_t_l2h)