From patchwork Thu Sep 20 00:20:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10607579 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 67CF614DA for ; Thu, 20 Sep 2018 12:34:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 579FB2C88F for ; Thu, 20 Sep 2018 12:34:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4BCFB2C9EB; Thu, 20 Sep 2018 12:34:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,NO_RDNS_DOTCOM_HELO,RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from usfb19pa15.eemsg.mail.mil (uphb19pa12.eemsg.mail.mil [214.24.26.86]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D43212C88F for ; Thu, 20 Sep 2018 12:34:15 +0000 (UTC) X-EEMSG-check-008: 145490268|USFB19PA15_EEMSG_MP11.csd.disa.mil Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by usfb19pa15.eemsg.mail.mil with ESMTP; 20 Sep 2018 12:34:14 +0000 X-IronPort-AV: E=Sophos;i="5.53,398,1531785600"; d="scan'208";a="18464557" IronPort-PHdr: 9a23:gKvhABy0L3i2bPXXCy+O+j09IxM/srCxBDY+r6Qd1u0VKPad9pjvdHbS+e9qxAeQG9mDtLQc06L/iOPJYSQ4+5GPsXQPItRndiQuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBgvwNRZvJuTyB4Xek9m72/q99pHPYQhEniaxba9vJxiqsAvdsdUbj5F/Iagr0BvJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PGAv5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7Vq4/Vyi84Kh3SR/okCYHOCA/8GHLkcx7kaZXrAu8qxBj34LYZYeYO/RkfqPZYNgUW2xPUMhMXCBFG4+wcpcDA+8HMOlfrYbyvVsOrRy5BQW1He/i1jFFi37r0aEjz+gtDBzN0Ag+E94StXjZqsj+OqUPXuCv1KTG0zvDYfNV1znz5ofHfRIur+yUXb9ybMbcx1UgGQzbgVWLsoHlIzGY2/4Rv2SH4edsS+SigHMnpQFrpTivw98hh5fTiYIO1F/F9ThyzpspKt24UkF7fNCkEJ9OuCGAKoB7Rd8tTHtzuCkkyrwLooW7czQKyJs92h7fZfiHfJaS4h76SOmeOy10i25ieLK6nhu/91WrxO7kVsSszVpHoSVInsPMu3wQzRDf9MeKRuVn8ku8wTqC1gLe5vtZLU01kafXMZ8sz74qmpYNr0jOESn7k1jsgqCMbEUr4O2o5vziYrXhu5CTKZd5ihr7MqQygsy/Bvk4MhQWU2ib5+u80Lrj8FXlQLpQlP02k7TZsIvAKcQHpq+2Hw9V0oE55xa5Ezimy8gXkWMCLFJEfBKLl4npO1fQL/DkFfqznluhnThxy/3GI7HtGIvBI3fdnLv7YLpx80tcxxAyzdBb6ZJUELYBIPfrV0/qqtPYCh45Mwqpw+foEdlyzYQeWX+JAqCFLqzSqkSF5v4vIuaQZI8VvyzxK/4+5/H0l3M5llgdfbex0ZsNdH+4BuhmI1meYXf0gNcBFmEKsRAiTOzqklKCVyVeZ3S1X6I64zE0EpmmDZvdSYC3m7yNxiC7HodZZmpeEFCDDW/od5mYW/cLcC+SIM1hnSYYWriiUI8h0heutA7ky7d8IOrU/jAYtJ3429ho4e3TiQwy+SZzD8SH3GGHV3t0kX8QRz8qwKB/plRwyk+d3qdjnfNYE91T5+9OUgohNJ7T0fJ1BM7oVgLGZNeJR06sQs+6DjEpUtIx39gObl5gFNWliBDD2TelDKERl7yKH5E76LzT32L2J8pnzHbGzqYhhUE8QsRTLW2mmrJ/9w/LCoHXi0WWjbyqdaUH3CPW7GeM13COvEBDUA5oVaXKR2wQaVXModT+/EPCQKekCa47PQtZ1c6CNqxKZ8XnjFVHQPfjPcrRY3iqlme+GxmH27SMbJDwdGUFxiXdD0oEnB4P8naaLwQ+AT2ho23GBjx0CV3ve1/s8fV5qH6jTU871QKKb0p817eu+R4an/+cS/QO3r4evychsTp0Fk6n393KE9qAuxZhfKJEbNwn/VhHz2PZuBJnPpG7Na9tmlsefx5wv0P02BV9Ep9AntQyrHM20ApyLrqV309beDOcw5/wIaHXK2n1/B20cK7ZxlDe38iQ+qcT6fQ3sU/vvAe3GUo+639nycVa02OA5pXWCwofSYjxXVsq+BVhqLHaZyY865nS1XJyLam+qiXC1M4xBOs51hageM9SMLiKFA/oFM0aHNSuJfcxm1ivaRIFMuVS+7QyP8+8cfuJxrKrNv56nD26lWRH/Jx90kWU+ityUOHI24oFzO+C3gucTDr8kkmustrsloBZYDEeBG2/yTLrBIRJfK19YZ4LCXuyI82w3th+gZ/tW3pc9FG9HFMLw9WmdgSIb1z6xwFQ0l4XoXO/kyui0zN0iy0prraY3CHW3uviaAAIOnRQSWZ+ilfsJJS7gMoBXEi0dQQpkgWq5VrizahBuKt/N3XTQVtPfyXuMWFiU7e/tqaFY85V8p8nrSVXUOO6YVCVUbP9pxoa0yX5EGtEwzA3bTaquo/2nxZikmKSMG5zrGbFecF33Rrf4N3cReVN3jYfXyl3lz3XBlm6P9m08tSZjIzDsvi/V2KnV51cbTLrwZmGtCSl+W1gGQe/kOyrmt37DQg61jf218NtVSXMqBbzfJPr2Li9MeNpZURoH0L85NZhGo1klYswnp4Q02AAhpqJ5XoHjXvzMdJD1KL9cnUNQyULzsXW4Af73k1jNXSJyJzlVnmHxcthfda6aHsM2i0h98BKFLuU7LtckCttuFW4sAbRbuZlnjgHz/su9GAVg/sStQow1SWSHKoSHVJCMSz3kBSI8sq+o7lJa2ahdriwzkV+ks67ALGEvA5cRG7zeo0+Ei9o8sV/LFXM3WXt6oHiZdbddswTthuJnBfAleRVLow+luYSjyp9JW39pWEly/I8jRF2xZG1ppWHK2F28a2lAx5YKj30a9od+j73i6ZShMGW35qgHp95ADUEQIPoTe60EDIVrfnnNAaPEDkipXqAHLrfGgGf6El4oHLTD5CrN3aXJHwHwtl4QhmSOlBfihgOXDomhp45ChyqxMv5fUd3/D8R4EL4qhxJyu9zORnwTHrQpACyajguUJifNh1W7gNc6EjJLcyS9OVzHztX/pe5tgyCNnSbZxhUDWEOQkGECUrjMaez6tnb6eeYAPa+L/zVYbiVs+NRS/KIyYio0ot88DaGLt+PMWV6D/0nxkpDWmh0FN/ClDkITywXljnNb9KApBum4S14sNyw/O7wWA3x4YuPCr1SMchg+h2tnaiCN/SQhDtiKTpC2JID32PIyKMY3F4UkS1ucCOtEbsYvy7XUK3QgrNXDwIcay5rL8RI7q083g5LOcPAl9z6yKV3jv8vBFdDT1DhndupZcMSKWGnKFzHHFqLNKiBJTDTwcH3YaO9SaVXjOVQth2wpSiUHlTmPjSCiznpTQ6gPftLjCGBMxxUoJu9fQp1CWj/UNLmbQW2MNlpgjIsxb05nXDKNWkHMThgaUxNqKaQ7SBZgvllHWxO8GZlJ/GemymF9+nYNooWsfxzDyRuie1a+2o1xKFP7C5YRPx4gzDdrt90o167lemPxCJnUABQpTdLno6Lu1ttObnB/JlaRXnE5A4N7XmXCxkSutRqEMPvu6FNxdjUj6/8Mi1C88jT/coSHMjbNt6IMGc7MRroBD7VDBEJTTi1OmHDn0Zdiu2d9mWJrpgmrZjhgJ4OSrhBVFMrEPMbC0NlEccNIJdxQzMoi7mbjNQH5XCmthneWN1avozbVvKVGfjvMyiWjb1FZxsO3LP5Ip8eOZH820xndlZ1hp/KG1bKUdBLvCJhchc+oF9R/3hmUm0zx0XlZxuw73APEP60mRg2ihdjbek26jfj/U03JlvLpSs3lkk9g9Plji6NcDTpNqe/QZlWCzbot0g2Kp77Xwd1bQi1nUx4NDfFR6lcgKZhdWFrkgDTooFDGfhCQq1YeBUQ3+2YZ+000VRArSWq3VVI5e/ECZR+igQlaZusrnJG2wJkat46P7fdK7FIzldKgKKCpyGo1v0rzA8YOUkN7HuYeDQUt0wQKrkmOy2o8/R35gOcnTtOY3IDWOc0ov107EM9IP6Pzzjg0rJZLUCxLeOfJbuDu2fcjc6IXk8w1kQQmklf+7h20Nssc0qTV0Ar17ufDw0HO9fYJwxJaMRf72TcfSGLserR2511JJm9GvruTeCQqKYemlikExoxH4QQ8sQBGYGh313aLcj9MLEI0gki5APvJFWBDfRGZgiLkCsZrM6jzJ97x45dJisSAW9lKyW4+q7XphM2gPqERNo2eG0VXpEDNn0tQ8C6hzRZsG5eDDap1uIZyQ6C7zD4piTRAzn8b8ZjZPmOahN2DdG64zM//LaqiVTP6JXRO3n6Nch+ut/I8e4bqYyLBO9UTbl8tkfcmpNXR3+xXm7OD9G6OYb/Z5MrbdzuBXawSka/hC4tT8ftINatKbCFgQTySoZOs4mUwiwjNc67FjERABpxqfsM5KRgag0HZJo7fAPntx8kO6y5PgiYzs2kQ3yxJjtOU/lf0eK6aqRPzyorau+10mEgT589z+mz/04AX5QKjhbZxfa4eYZRTTLzGntGewXUpCo5kWdhOvw1wuclzxPCqUMcPCyTdOx1dGxEuMkxCkmIIXVrDGo0XVycgJHC4g6t3rAS4zBSk8xS0eJbrHj0poXfby60WKy3tZXVtDItbcQho610KoHjPteKtJbFkTDFSpnfrBGFWjagF/VGgthQPD5YQP5QlGEnPswJp5FM5lcvWcclObNPErUsqa63ZjZ+Cy4d0zMZXZua3DMemue8x6falhCIfZQsKhwLqpNCjcccUy5teS4eobejV4TPm2+fRGkLOx0f7QNW5AIPjoVwZPzq4JLUTJ9QzD5bu+50XTbWGZlp7VT7TnqbjkT/SPWkj+OmxxlSzO723tkdRhF/FVBXx/xKmUswNLF3N64Qs5bSsj+TaUP1pn/iyPe9KVlKzs3Uakf4A5bbumr6Ti0c42cbRYtVxHHYD5QSnBJzaLw3q1VUPICmZkH+6iQ/yIRnA7a0ScKmy0sroHsdWyiqFN9BBP18v1LMRD1peZarp4v5O59KWG9f5IWdq0tFkEVqKyO504RTJNxN4jEWQDhCujGdvNysSMJdx8N5E5gMLcphtHvnHqNLJoSRqWUsurPz0n/Z5yw8sFCiyTWvAa+3UfxW8HAFFwU0I2SetlMvAPEy8mfT9VDNtk57//tBCriIl0Vxry53HopSCTZRyXClM1NzQWFDs+pALKTVd9JTQ+UuZRC1IRMzDvgm0FKV/UFvgXj2eTRyuRVA9yDbQQY0STEfgq3xlj0GtsGnJTgaRopKbTo7dSfFLBmbmSRNsxZBcExqXo0ZAtJZ+7EawYRU/9DNSUC3KS0fWxxiLA042+JFlUFfqEWYZTzdDQ2wePbNqBJ3e8mRrNSuLPvk4ghKkZ/nv/o+96UYQH2qgwutTs7Cr4XkrN2FqlOOdLvkM+27eXLBQyXMjRG0hbcgEZbK+jPePxdFJJZhyHore57hBXTMPRRcKKIRP1BbWrxiadVavuBaYNdpeKQI+a9oHR+HQw3gGYyxo/lcL1bTQzveIz+H8uOhvYLZ9abdRvT4ZsyQ23bHRLp6PpF+6TTgGrfq14pe9lD32vdr+EN6U0LJMzudrNT7OwME+NWidlb4vpI3Bz/WB41wkHX1zEFaa8UXWzGq8IgfyJ5B7XbwTuR40lT8sOJM7LRk7Ig37KpvyciqOafTJ/NasVVkAhiPHAlq8IsiAHRnTWBLfuARMOvRfbgejc32r+D3DKkX5R2O9uxXd9TIOkbBmtOlBTGEUxxEmwUBpiAGIQuAzfKFnLV0Scm9r+jjxk0t+0S+LgIBzL115IeF+7CHq/XLYBbK1rgLRLTqSd3vobg2vEOS//IknqYUemNpew2nDPQdVskFy2j7zKAq1iwtHNnBH7Lh5P5DT2g2ni/km51mA1oWHe4bEqSR8oRDhGc4nPbZOccMfqBFgGaPGgauEqUexn6z9yuXPG5ljwnW0x7qXWO88F/2rCF/QSvWzNfvi1FVWaezBUdTWSqpJEB5vSiXPAXyqNr4paQ17U8xMmz+t9KBjmihN61NH835OtOcJTM4pFUNjJ0+Xtavw5wUGcKhINcN93FzdvTe5H2tky9dpKdHgI3S4tqL9fXTHHmgibCaqrqWyTBc1Hc4p1E+5cq6OvHI+dKKX+yi13wNQCdnpwvBQxm1p6Tdr1AVJUOL10PLl5YRPt1D3Hk40Ubm5PM4QN8o8QVTGYnBa+kFpTDpNzv+2UyfbM4vVimCzztXGUr4EVZkF6gnw2L8pd/Hm3jW9V0pQIlwakPmiAd4D4U9M00t7kYYzjAEEQgXZhCRFKuoClj9LYsYSUgDbgyK3Lq9eqc3201/2K+g5O/XbexhGqUMN/ddjgiVnFhYG5IbqrMeQLNie1BH8K7YuwniB5LhX/f4iXo6Lee1TdxC8cAFq3si5R6yRxu+6ZhZ6bYWk5SIdrNZbpjNu8B89F1r5TkVdixCmBJ/lQ+2UfgApOD/5djWqJio5figVKYjQ+Ua7BY1CH54j5TunFAvu9fX2PlASofNk4Tw7BhNI2KWuIbdyxR8Ju4OK4Wlfbl+83UHIzMTJ2kJPdqQavkz/zVhMDPN6FxeGskMf88XPNLRmQBIjU3kQLRT9svYGl+bDId+bMIo4HD0yDAy95szTODg5CWwJZ/B81FHJ+lDgzl0lNLeuOgVxuLfBzMJ7nmfdxh42TiCy52KC/bs4eWM1s/bWE4cEi4xSYddKyKI+Ra7SeqtiJXpTgSU59f9gJ0gcEKQR2Sxk7oev6dNEO5AjyD70SZEFoDxmf2Zqd2s6HFYtldfCoZ88QXFGLlDPpV8IRn5mNGrRlJ9BiTjZs7ZbR8uuOuKxucW/epyLUz+ZZUUIhgc0bL19WJVThdySL7xpluZWuYRa8V9RfPcqnBa85lgK7MOPFeBuJzqtClHp04sDA8vdrAwsiRQdlPSkw1NR6b0pLkAhxMYUd54v09MBG2xNHs65zrGTqRVkLKRBecU8jqJSKwOVF9kMiRkQxO6wJ9uYaemnehbsmNamSNwuP0q3CZ6Sxu8uC3soaUN1Ck++LG5sjUOp3hFTuSYkyfVBlRP1vMKjb0TC3z681yzfGEDbJfu4LlgPcng95Mu43c4YRo4ZCAGQOKgCz3wj6OPH4yPv9JchAKXtMXIc7CzMTAYNq4hxhL7W3h9zg/ekQ5z8GsFRzWv8N4pKYamNMY72CWoA2nbdVcL4qNPqsfxs0AETPdlIW9mlUFY94DTQiwLWdyKAGs+kxIldXQBdZVP9BsXP7cnjyzOvaRc+AwQJjDOHdLhsqvZmMrTkVw6V81r3SqCpKiCnIkry1VjktZ572iJontEM6TjfodIA37uxs8L0uH6ZvOwosgbWYBmz/KnS/ZEPc69ry/+/LZOfwfxwrUYAkr8M+IZwLrfezmqRHfeWumRdWWI2TEjPRi2rTuvLlt/SsBKpkkmP+2K0pxblwunU7R0TyOLqFnzx2UlNuUbfAsy/oygflpOBM0cavPUDu8pw7VqC1YBdHTOGiheAO+stlusgY09PG9vtwGyXenx6R3hePubHBUNWdrCo5h+5P28A2GMI3ltyDVzeU1z6eqZDF0yq/VVNZCc29rI0ZAz6ecYc79INiont5ZHgot+7aGM2dqONBTWyYz/Y9rSp67cS8bDwlwqd2cSab8QZQf49s1uJdIic6HCFrte+xIHDO41R4J3cy+78KByMRM2fBXdaaq5huH0qe+RIJhZvXnb6hQ3NiiW80kHy/qpXUl1dJynmXj2CI4/SygHrNB3DBZiWoxVFJVE5yOjDo6ZiemXjNWr+lJzvadeuKb3AOrLxd2/94p0Vpleo0eMOWCVTIxqiUdsDeCFuf7E2w33QZfneNgsWOl0Q23CZvnAE5npbnq1M8biclJB6bPU9b9iVQ+YbymxC7HAsSC/M+9t6kxilKR3eePSyHom6LSNi/XoYGQOjS64oG/BD5Bf5UHEAeHEF0ZfQOGI4U5+Fq0ecIXw+f1LOtVky9+ZtVogpA9e2deIdvDy5nTH3Vh2INeKdBGziS8kRYkHJgi+OkIwgGjf727QGmlYMtP+dZI/vf2yKkfG32ApxScga2taFSztTNaVf20a35HbBkWR7AweKdEFkqasfFIg8LWoQLxjM45IiM2xv7UOjNhtJjuKT8EcNCbVf9oUdiFJALDpo14lKgUBr6BzX440YZaUJ0ZSO06bxDLa1gDC2FD6c9G2ka2AZi0R9yYirfreyTYZgQ6/tL6Ch9H7FrDUaJajRPnJLC8sTS2XXxwpFkCo8gz85r9d5LyTJmEEp0pSZyuTDEgZqPopvNHQCWiVkupmL/hozPyZWiWlUCRjj+JyHSdEs0mQXuAOXRfbdX7vgWdQ+USiK/ZA8Gijbuiw16NVXOtQCYxJfw== X-IPAS-Result: A2AeAQBUk6Nb/wHyM5BbHAEBAQQBAQoBAYFRggQDgQhcKIxni1GEZpN1FIFfKhMBhQSCfiE1FwEDAQEBAQEBAgFsHAyCNSSCYAMDAQIkEwYBAQwgDAIDCQEBQAgIAwEtFAERBgEHAgMGAgEBARgEgwCBagMVA5hTihyBajOCdQEBBYEEAQF1gkQDglEIF4pYF4IAgRInhzYBEgGFd444MY4HCYIMjhIdWIg5hhGObIdNATVkcU0jFTuCbIIZDBeDRoocAVVPewEBijqCPQEB Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 20 Sep 2018 12:34:13 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8KCYBuo025517; Thu, 20 Sep 2018 08:34:12 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w8K0KdOA024219 for ; Wed, 19 Sep 2018 20:20:39 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8K0Kcc4020759 for ; Wed, 19 Sep 2018 20:20:39 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1AcAAB15qJbly0YGNZcHAEBAQQBAQoBAYFRggSBZyiDc4h0i1KBYIMGk3SBeoR3AkKCeSE1FwEDAQEBAQEBAhQBAQEBAQYYBkyFRQMDIwQZAQE4DyUCJgICRRIGAQkDBgIBAYMdgWoDFQOZcYocb3szgnUBAQWBBAEBdYJLA4JRCBd0gSKIQBeCAIESJ4pqgleOMTGNfAmCDI4RHViINoYMjmqHSwOCCE0jFYMnghkMDgmDRYocAVVPjWwBAQ X-IPAS-Result: A1AcAAB15qJbly0YGNZcHAEBAQQBAQoBAYFRggSBZyiDc4h0i1KBYIMGk3SBeoR3AkKCeSE1FwEDAQEBAQEBAhQBAQEBAQYYBkyFRQMDIwQZAQE4DyUCJgICRRIGAQkDBgIBAYMdgWoDFQOZcYocb3szgnUBAQWBBAEBdYJLA4JRCBd0gSKIQBeCAIESJ4pqgleOMTGNfAmCDI4RHViINoYMjmqHSwOCCE0jFYMnghkMDgmDRYocAVVPjWwBAQ X-IronPort-AV: E=Sophos;i="5.53,396,1531800000"; d="scan'208";a="373922" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 19 Sep 2018 20:20:38 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AaAAAv56Jbly0YGNZcHAEBAQQBAQoBAYFRggSBZyiDc4h0i1KBYIMGk3SBeoR3AkKCeSE1FwEDAQEBAQEBAgETAQEBAQEGGAZMDII1JIJgAwMjBBkBATgPJQImAgJFEgYBCQMGAgEBgx2BagMVA5lzihxvezOCdQEBBYEEAQF1gksDglEIF3SBIohAF4IAgRInimqCV44xMY18CYIMjhEdWIg2hgyOaodLA4IITSMVgyeCGQwOCYNFihwBVU+NbAEB X-IPAS-Result: A0AaAAAv56Jbly0YGNZcHAEBAQQBAQoBAYFRggSBZyiDc4h0i1KBYIMGk3SBeoR3AkKCeSE1FwEDAQEBAQEBAgETAQEBAQEGGAZMDII1JIJgAwMjBBkBATgPJQImAgJFEgYBCQMGAgEBgx2BagMVA5lzihxvezOCdQEBBYEEAQF1gksDglEIF3SBIohAF4IAgRInimqCV44xMY18CYIMjhEdWIg2hgyOaodLA4IITSMVgyeCGQwOCYNFihwBVU+NbAEB X-IronPort-AV: E=Sophos;i="5.53,396,1531785600"; d="scan'208";a="16038243" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from ucol3cpa07.eemsg.mail.mil ([214.24.24.45]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 20 Sep 2018 00:20:38 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;83fea77f-abdd-4d6a-8316-b04f69db9be7 Authentication-Results: UCOL3CPA04.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic305-10.consmr.mail.bf2.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 310934719|UCOL3CPA04_EEMSG_MP19.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 74.6.133.49 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BPAAB15qJbhzGFBkpcHQEBBQELAYFQg2wog3OIFV+NMoMGk3SBeoR3AkKCeRkGBjAYAQMBAQEBAQEBAQETAQEBCA0JCBsOIwyCNSSCYAMDIwQZAQE4DyUCJgICRRIGAQkDBgIBAYMdgWoDFZl0ihxvezOCdQEBBYEEAQF1gksDglEIF3SJeYIAgRIngj2ILYJXjjExjXwJggyOER1YiDaGDI5qh0mCDU0jFYMnghkMDgmDRYocAVUfMI1sAQE X-IPAS-Result: A0BPAAB15qJbhzGFBkpcHQEBBQELAYFQg2wog3OIFV+NMoMGk3SBeoR3AkKCeRkGBjAYAQMBAQEBAQEBAQETAQEBCA0JCBsOIwyCNSSCYAMDIwQZAQE4DyUCJgICRRIGAQkDBgIBAYMdgWoDFZl0ihxvezOCdQEBBYEEAQF1gksDglEIF3SJeYIAgRIngj2ILYJXjjExjXwJggyOER1YiDaGDI5qh0mCDU0jFYMnghkMDgmDRYocAVUfMI1sAQE Received: from sonic305-10.consmr.mail.bf2.yahoo.com ([74.6.133.49]) by UCOL3CPA04.eemsg.mail.mil with ESMTP; 20 Sep 2018 00:20:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1537402836; bh=4YFT2kRkcBS6EDzTvP9aJ97USIwUQlxH8rUXSudgMqg=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject; b=RSwnStclYuCnlAEmk9IGzHV/dX35X33WIm0Dc7LFAm0Ptciy6jHI0hFKy5sozdxE5W29Wd2Q30wQlem6Uf26SCZ5BWSaHwYLxY+/x6XOWOCbGv3QFKK0l+0s4OcxsLkQN//eoKKN5kloiTSs+CiPkeQOVHarBgmuCdui/PIo/IglmmybybaQNLcS9ZaEsb3GMVxm3ueg9xiD4lEV5L5Y7F9QlupSpDAM8G2mQu0B/RemThsmZbrGlRpr0zaZVt27xrP/cVVwNM7PbHTZgYKrjdc5aXFsi32f7M4+cHKgDGNUi2JkdmAinWcXVi9DwuM3ifVoyUm8v4vPj4ODVihJJg== X-YMail-OSG: VHdmbdAVM1lFDdy5OQtZFwpJGS3V.PEhyjwSCDTfAEafG3OaIjQbJjU2GjdO.S2 DaqRwlbM2USxAqo7.jzATHGIZ1h135oRTk2w_O9QrPYA8RPGhlsvNTT1SLpZ7LNR8vjPVEFWRvj4 v3ZTiEr6p9bCSS4Zp7nAHyQLmvXkXMKMoLljUH0DLmhe6UqgQdrfZFGU5edgwIH8PLByzhAwAPhK qS0MnjeqDaWSTMA.FvyApMZ89vkrmQ7akQ.9q7nBIKQpA1mMp_9eSpKYCrNvRiPyVXuY0erXRfEc o6bsO3UJ7NANjr3HDhvdob.GF7MAy6prB5dCjpuF30QszEfc9PzDjFOJb7jty1vFP.wVOcLM1YA7 5La_m1KIH77rszXA57QFP7hSk3.TZfMFZ9DN.e8MPo_LEuVDiqUWCjitbnwV5HsMHhirOjWBn3rE BdTP55jV0sINSk7VRg8JmJ6.MKKEUH9zc2Hq6Jw2ZGcyVQtnMTsfKfw6xa3brXDJNMi.ADsrrFVi 3VcKj1I3SQfht3zVnOIvvvcKT3VwR0aQD1DHWuVk4IgBKsIhtLW0zPLHo0xDvEoUgX9WO.XBONhW VpTEl.oGyggkofG_x6GiUZZJiyDFdDFuCTTRwngsJSwxTaGtIV7xea_FXxEQa3PxnGvRxsGlG__u DLLtWxpMf_aHGy89r1NjuWZnIr8msxkMenPX7aZP63eBgGNJY4KB4q_xMBqs11yIPIH1Ec0wU0nm NdnJM9yLAIWYQTIXPINERgg_o7rxufyyHxG5rB_EihSpkz1ZaZFTf9fCTGHyJEKMs1M8_DKND591 MsZEDpm46mhRz.HMI2.0h6f91gk7fKJoEnnVBOggVSWpF.VUqqpuC.mAWBJUDZWYAxyncYVgxmv4 X.w7iwQqip.fNDiMED9kdHjX2ctagnoisB9rpF6IrWHwhhVoNDoowwNGA0TyTqibN_NtxntM77r. vqNY.85Xlh_WUvprI.kMm3fFTCcASH.byoZOJCWFROS4f3nkykuccnmQZPunMzjcW502TLYaNRkX uR0.8PPHpE1KiDYvOtBmW7gmYklAHDiCdbg-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.bf2.yahoo.com with HTTP; Thu, 20 Sep 2018 00:20:36 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp423.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 601572d7d29fa84acf960ef7c37cc7a4; Thu, 20 Sep 2018 00:20:32 +0000 (UTC) To: LSM , James Morris , SE Linux , LKLM , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Salvatore Mesoraca References: <748c61cb-b6fa-c36d-a7b3-2315ff6292af@schaufler-ca.com> X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: <2eb4065c-1bae-203c-dbe0-47980e009a2c@schaufler-ca.com> Date: Wed, 19 Sep 2018 17:20:28 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <748c61cb-b6fa-c36d-a7b3-2315ff6292af@schaufler-ca.com> Content-Language: en-US X-Mailman-Approved-At: Thu, 20 Sep 2018 08:30:05 -0400 Subject: [PATCH v3 06/16] AppArmor: Abstract use of cred security blob X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP AppArmor: Abstract use of cred security blob Don't use the cred->security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler --- security/apparmor/domain.c | 2 +- security/apparmor/include/cred.h | 16 +++++++++++++++- security/apparmor/lsm.c | 10 +++++----- security/apparmor/task.c | 6 +++--- 4 files changed, 24 insertions(+), 10 deletions(-) diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 08c88de0ffda..726910bba84b 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -975,7 +975,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) } aa_put_label(cred_label(bprm->cred)); /* transfer reference, released when cred is freed */ - cred_label(bprm->cred) = new; + set_cred_label(bprm->cred, new); done: aa_put_label(label); diff --git a/security/apparmor/include/cred.h b/security/apparmor/include/cred.h index e287b7d0d4be..a90eae76d7c1 100644 --- a/security/apparmor/include/cred.h +++ b/security/apparmor/include/cred.h @@ -23,8 +23,22 @@ #include "policy_ns.h" #include "task.h" -#define cred_label(X) ((X)->security) +static inline struct aa_label *cred_label(const struct cred *cred) +{ + struct aa_label **blob = cred->security; + + AA_BUG(!blob); + return *blob; +} +static inline void set_cred_label(const struct cred *cred, + struct aa_label *label) +{ + struct aa_label **blob = cred->security; + + AA_BUG(!blob); + *blob = label; +} /** * aa_cred_raw_label - obtain cred's label diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 8b8b70620bbe..4f51705c3c71 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -57,7 +57,7 @@ DEFINE_PER_CPU(struct aa_buffers, aa_buffers); static void apparmor_cred_free(struct cred *cred) { aa_put_label(cred_label(cred)); - cred_label(cred) = NULL; + set_cred_label(cred, NULL); } /* @@ -65,7 +65,7 @@ static void apparmor_cred_free(struct cred *cred) */ static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp) { - cred_label(cred) = NULL; + set_cred_label(cred, NULL); return 0; } @@ -75,7 +75,7 @@ static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp) static int apparmor_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) { - cred_label(new) = aa_get_newest_label(cred_label(old)); + set_cred_label(new, aa_get_newest_label(cred_label(old))); return 0; } @@ -84,7 +84,7 @@ static int apparmor_cred_prepare(struct cred *new, const struct cred *old, */ static void apparmor_cred_transfer(struct cred *new, const struct cred *old) { - cred_label(new) = aa_get_newest_label(cred_label(old)); + set_cred_label(new, aa_get_newest_label(cred_label(old))); } static void apparmor_task_free(struct task_struct *task) @@ -1455,7 +1455,7 @@ static int __init set_init_ctx(void) if (!ctx) return -ENOMEM; - cred_label(cred) = aa_get_label(ns_unconfined(root_ns)); + set_cred_label(cred, aa_get_label(ns_unconfined(root_ns))); task_ctx(current) = ctx; return 0; diff --git a/security/apparmor/task.c b/security/apparmor/task.c index c6b78a14da91..4551110f0496 100644 --- a/security/apparmor/task.c +++ b/security/apparmor/task.c @@ -81,7 +81,7 @@ int aa_replace_current_label(struct aa_label *label) */ aa_get_label(label); aa_put_label(cred_label(new)); - cred_label(new) = label; + set_cred_label(new, label); commit_creds(new); return 0; @@ -138,7 +138,7 @@ int aa_set_current_hat(struct aa_label *label, u64 token) return -EACCES; } - cred_label(new) = aa_get_newest_label(label); + set_cred_label(new, aa_get_newest_label(label)); /* clear exec on switching context */ aa_put_label(ctx->onexec); ctx->onexec = NULL; @@ -172,7 +172,7 @@ int aa_restore_previous_label(u64 token) return -ENOMEM; aa_put_label(cred_label(new)); - cred_label(new) = aa_get_newest_label(ctx->previous); + set_cred_label(new, aa_get_newest_label(ctx->previous)); AA_BUG(!cred_label(new)); /* clear exec && prev information when restoring to previous context */ aa_clear_task_ctx_trans(ctx);