From patchwork Sat Sep 22 00:19:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10612373 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6CAEF913 for ; Mon, 24 Sep 2018 12:30:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5B8B429EAB for ; Mon, 24 Sep 2018 12:30:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5012929EB5; Mon, 24 Sep 2018 12:30:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,NO_RDNS_DOTCOM_HELO,RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from ucol19pa13.eemsg.mail.mil (ucol19pa13.eemsg.mail.mil [214.24.24.86]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 7A34C29EAB for ; Mon, 24 Sep 2018 12:30:28 +0000 (UTC) X-EEMSG-check-008: 627428759|UCOL19PA13_EEMSG_MP11.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.54,297,1534809600"; d="scan'208";a="627428759" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by ucol19pa13.eemsg.mail.mil with ESMTP/TLS/DHE-RSA-AES256-SHA256; 24 Sep 2018 12:30:26 +0000 X-IronPort-AV: E=Sophos;i="5.54,297,1534809600"; d="scan'208";a="16142296" IronPort-PHdr: 9a23:IDaTARZbzsgfXtaDqsC4E3r/LSx+4OfEezUN459isYplN5qZosu5Zh7h7PlgxGXEQZ/co6odzbaO7Oa4ASQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9HiTahY75+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v9LlgRgP2hygbNj456GDXhdJ2jKJHuxKquhhzz5fJbI2JKPZye6XQct0ARWpFQ81fSSpPDI2hZIcLFuYNIPpUo4z7qlQJrxSxHwmsBOToyjNRn3P7waM33uU8HQ3fwAAsAs8FvHDKoNnpMasfV/2+wqvVwjXZd/5Yxzn95ojLfB4vr/6DUrB/f9fJyUQtCg/IgEmfp4P7MDOOzekNr2qW4vB8We6zhWMrtQd8qSWvyMc2jYnJg5oYx07e+iVi3ok0JcCzRlNnbt6kCpRQqi+aN49oTcM4Xmplvzo1xacduZGlfCkH048nyALfa/OdboiI7BbjW/iLITthmH1qYqiziAq18Uil0+DxUNS/3lVSriddj9XBuX8A2wbT58SaUPdx4Eis1SiV2wzO8u1JIEI5mbDGJ5MgxrM8jJsevETZEiPohkn7g6mbfVg+9Oey8eToeLDmq4eZN49zlw7xLLwjmte6AeQkKggOWHWb+fik2L3j40L5RLJKg+UqkqbDqpDaJNkbprWjDw9J0ocs9xa/DzC83NQegXYHN05KdAiCj4joP1HCOPH4DfGhjFSwiDpn2v/LM7L7DpjNM3TPiqntcLlj50JG1QY/1dVf6IhVCrEFLvLzQEjxtNnAAx8iLQO0x+fnCNNg1oIRQG6AGaiZML7UsVCU+O0vOPKBZJMVuTnhK/gl4OTijXkimVAHZ6Wp0pwXaG6gEvR8P0qZeWbsgssGEWoSvAo+S+rqh0eeUT5TfXmyWbkx5jM8CIKgCIfMXJutgKCf0yehBZ1afGdGCkqDEX3wbYWLR+8MaD6OIs9mijEEV7qhRJU92hGtrw/6zLxnLuvK+iADu5Lj0MV15uLImhEv8zx0E9md33uKT2FukWMCXyU207xnoUxh1leD1rB1gvJZFdxX4vNGTB06OIXSz+NkFt/yXRjBcc2RSFa8RdWmAy8+Qc4tw9MUZEZ9AdqihAjZ3yW2G78Vi6CLBJss/63Bw3fxIsF9y3Da1KU8lFQmXNVANXenhq9+8AjTAZTFk0OHmKa2ba4cxjLC9H+fzWqSu0FVSBB/Ub3fUnAFZ0vWts/05lvYQL+0CLQnKRNBycqYJaRWdNLll1JGRO3sON7GeWK+h3+wBQqUxrOLdIfqeH8S3CbaCEgZiA0T/myJNQs5Bie8uW7eCyZuFV33aUP27eZ+sG+7TlMzzwySdUJuyqC1+h8LivyGUP4cxK4LuCI7pzVzBla90MrcC8CcqAp5YKVcfdQ97U9b2m3DswxyIIegL7xih14ZaAl3pF/h1xRpBYVGjcgqrWklwBB0Ka2GzFNLbymY0ozoOr3LNmny+wiia7TL1V7Dy9uW9aIP6fsip1Xlog6pClIo82973NlNz3uc+pLKARIJUZL/SEY38AN6p63Bbykm4YPU0nNtMayuvT/Ewd4pAvUqygq4dddFLKyEDBPyE9EdB8W2Ju0lgVypbg4aM+BI7645JN2meOWc2KGwIeZgmSiqjWNd4IByykiM7TZzSvbU35YZxPGVxg2HVzb4jFelrM/3gptJaisMEWqlzijoHolRZrd9fYwTE2ehP9W3xslih57qQ3NX6UKjCEkc2MKyZRWSaFn90hFK2kQMvXyrgy24wCJokzsxtKqQwDTOw/j+dBoAImNLWmhigkvwIYizldAWRlSnbwgulBuj6kb33KxbpKV5L2bJW0dIeDL6L2Z4Uqu/rrCCedJA6Is0sSVLV+SxeVSaSr/moxsGyi/jBHVRxDQ6dzGsp5X4kAd3iHmFLHZyqnrZeN1/xQzF6NzaW/FRwiIMRDNkhjnPGli8I96p8M2Ol5fEtuC+U3yuVodPfinsw4KNrzC75XB2Dh2khfyzncfnEQci2y/hy9ZqTTnIrAr7YoTz1KS1L+RnflJzCV//9cV6HJp+ko0ui5EMw3QagY+V/XUfm2fpLdpbwb7+bGYKRTMT297a+hXl2El9IXKR3Y35UGmdzdV7Z9Shf2MWwTwy79pRCKuO97xEmjZ1okCkog3Pb/h9mS0dyfQw53IAheEGphYtxD2HAr8OBUlYITDslxOQ4tCgqqVYeX2icaa21EVjndCtFreCrR9AWHzhYJctATdw7tljMFLLyHDz8pvreMTUbd8IqhKUkgvAjuhMJJI/jPUKgzBrOWXnvX0q0+Q7lwBh3YmmvIibLGVg5Ky5DQReNj3pYMMT/yrgjahAkcmL2ICvBI9uGi0RXJvvT/KnDi4dtej9OwaJCj08pW+RGaDDEg+H9Edms3XPHoiuN36NIHkZycttRAWBJENFmg8ZRzM6kYAlFgCx2MPual956S4L6l7+tBRM1vpiNwPjXWfHuAeodjA0RYCRLBpM8A5N+lzVPtaY7uJvGCFY5YasoxaRJWyefQhICnsJWkOcDVD5Irau/cXA8/SfBuemN/vBf66BpvJYV/eJ2ZKv1ZBr/zeSOcqRIHZuFfo72lBMXXphAcTWhy0PSzALlyLKd8OUvwyz9ipzrsC+6/TrRBnv6ZGUC7RMLdpj4Qu2jrmHN+6RgiZ5NDlZ24gQyn7I0rgfwUUShztgdja3DbQArinNTKTKlq9QFR4bZDt5NNFU4KIkwglNJcnbh8vu2b55gf41DFFFWEf8lc63fsMKInuyNFXdCEaMLrSGKiXBw9vrbqOkVb1QkOJUugWyuTabE07jJjODlz3oVxCzL+5BlySbPB1CuIGnbBlhE2/jTMjpahejKt94kSU2waEohnPNLWMcMjh9c0dTobCL6CNYhft/G2Jf4Xp5MemEmyGZ7+zGJZoMt/tkHDh0nfpA4Hsm07tV8D1ERPttlSvUsNFhuVWmn/KMyjpgSxpOtixEhISQvUVhOKXV7J9AVmjY/BgV92WfFwwKp8d5Ct3oo61Q0MbAlLntJzhY6dLb4cscCtPPJ8KGKnouLB3pGDDMDAsfUzGqNXvTh0pDn/GO7neVtIQ1qoDwmJoSTb9WTEE6FvQcCkRjAdMNPpN3XjI/nLGBksEI/32+oAPWRMVAsZDNTuiSDun3KDaFkblEYAMFzq7iIoQNN430xldiZ0Jgk4TQAUrQWt5MojZ/YQAovUVN6nl+TnEz2k7/bAOi/mMTH+aunhEqkgt+ffgt9DD07lczIVrKvjU/kE8wmNXimj2RfzjxLLqqUYFRESr0uFA7MonnTAZtcQ2ygUtkOS/fR71Pi7tgdGZriBLTuJZUBfFcSqhEbwMKyvGMe/Uky1JcpTu7xUVf/+vKFYNilBc2cZ6rt39AxwNjbNsyJazMJKpIzkNdib+Pvi6ozO8+2xUSJ0AT/2OOYCQIolAHNqE6Jyq0+exh8RaNmz9CeGcQSfUluvdq90M7O+SHySLvyaVOJVuwN+OFKaOVombAldOSTlM2yEwIi1FP/aJq3sc7b0qUS0cvwaOKGBsXM8rPMhtaYNdM9HfNZyaOqv/CwYh1PomnEeDoV+COvr4Ogk24BAYpA5gM7sMZE5mjzUHYLMPnLLobxhUo/wnkOUuKA+9IeB2RljcLuca/zIV43YNFPDESHX19MTmr5rbQvgIqmvyDXNYqbXcaWYsEMmk2VtWjlSBEpXpNED653/kFxwiF6j/zuj7fDCLgb9Z5Yvebew9sAsms+Toj66i2lULX8pLGKmHgL9tioNjP5vgBqpabEfNbV6d9vFnYm4lZQXyqXGrPEd+6J5jwd4ksY8b7Cmy/UlCljTI6UdvxNs63LqeUmQHoWZpUsI6D0TEtL8OyCjEeGxZ1p+EC/q18ZhYOY5slbhH2qQsyLau/IB2X0t+2WWaiNSNWT+VDzeW9f7FXyjAjbvW5yHQ+UpE6zu+38UEWSZAElB7ew+qsZ41ZUSjuB3NdYB/DpSwnmGh9Luwy2PswwAvUsVkANDCGbPZmaHZZv9E6H1+SIm57Cms5R1+dkYrM+RSg37YM8CtBh9xUy/FKsGDivp/DZzKhQLCrqZLQsyc7cdgqv6hxPpf5LsuAqpzegiTVTIPMvQ2dTC66C/1al8BSICJfXvZFgnwqNtIduYVf80oxStkxKKFVBKkquL+qdSJuDTQOwi8BS4OAwDsCj/+g27THixiQcY4tMBgfvZpehdsdVjJ5bTkFpK+/TYnWkXGLSnQTKgcJ8QtM/B4AlpN3fu39+IrIV4NMxCRLrPJoSSbLDZ5o90bhSm6Kn1f4Tumhk/az0gJW1v7s1cMbWBFnA0hH2+lWjlcoKK1wK6QIpYHKvCOHeV/4sW7wxuarP0VeycrRd1LkFoXFrnb8Xjca+XIKWY9F0GvfGogKkwpldKYro01BIJq4dUnj5zwr3ZhpEqK8VcCs2VYqs2gKSDutE9VcFe5qqlTXVyN5Y5qzspXqJ41SQnNM+J2as1pZjF9tPDCnxpVBMMxN/zoMXCRVoTqHotuyScpD2ctoAJ8QONt/vG39GKxcMpiLv3I2oqDvymPe+z0ksle13i+zG6ijT+Jd5WIeBB4kJ2GDqkkrE+ss83vd8lHXvVBy5OdXHL+PjV9+oDxlBJBBGi5J1Wy5L1R0VHRGsf9VKKLbc8xGRPk9eAGgNgciFfE82UyJ5kZ0kW3/YyNsqgtQ4zrdUBUsVSkJnrftniUTqsejOTIBSpJIazAhYz3EKwKdlyBXpgxQa1p2W5ADH9ZK560b3ZZO/sXcU0qsLjsFXBN6PAIizfVfjVJDsFmfeS3FCwqodOrAshpzfciLt86lNvX5/ABAioP8q+A17KADSnKpmAG3RtDetYD8vMWQtkSSbKf4L/G8YXjZQTjIlhCwgLcpAoLE/yfNLQVbLIN6xmA8YZj7Dm7LPwpJKL4HJ0ZBUqB6c9pGqPhAZ8B4YKYJ5bNtBhWfSxPtGYyvqeJLLlPNSjXeMSqB6O2/oYTc7bDHT+jveNCMzW7dQ61rJpd69SX7G7Dy3I9f+0v5wO1i+V9hRFjdLS+BsMruKR8R6MmlbEvisYUjHSnKD5dojHrt2kZAetIMTC2r65QZxolW6HTxSeJkykj8qvBS971/5IYr5LBm1Nm7Kr3PKfRAtk9nGAKbCh9t9pU3D2h1X3pRbfMJKPfNYaQZitjjq/jtGKwL9BKV++JYadzdJ0HCg8W/ES+TSRhFnAcHtD4bIRCR1+aflK9oVcmlpeb42kU341i9NBIGz65i5Z2C+qWWoO/bdRzRzaILWqLyXMP8sqwsu1+O5f0jjLMOdXJ6Ywu7EOgaUc4RwXzgwr4uzSItFcPDAr3h9eVHV30nhDLhm4pyE08QGvwKAbqB5Z5ekXsgm+zFKt0WdbhPlXqNFRG+DrAP0mKk6yyTIGlhgxHBzQvwQX+t41DqrS90WyzMz83skkBNTLm4GV9SXza1OU9/qD6POQ3otNzruaQ68k47KWnktNOXm2unJrxXA8P+JNuGISk3v1IblpsxScKz2YoDA9qyPM8R8G1ibvvZ826rnDNOo7xch4bH/8+b9fPZHXimj62HpLSA3z9Yyn0islE59N+sLPbO58eFQ/6wzWYeUz9/uxfdXx6ysrHbrVcUOUyN0EvRhIMKPtVZ3WQl2UDn5egjRskz9AZfFovbefMCpC7zNyHwwVmCYtI7TC+e3CVLHljtC1l3BLA82H7svMLOjXrQ+kMoSZN2d0H8gRx3Epg3KUMq6FgM2CYDFhINaR+DBrGyGUvlNZcEVVQEaRmf3ri1ZKk33UN3wr606u7cd+p8CLQRNvpHiA6BgkRbEIoMsaICWLJ8Z0Nd9KnPqwjtD4jnWPbnmmQ0Nf2xWc1a6scZt30j4gmjXRag74lM76oDgpCSaqFEeYTMvNx770p/6z4PbDZCgB5jgBO4SuARv+Xj4sDasJax8eavWr0tS/8Q9xguCGR0l4Hwj0w7odHLy+dcTZXYiYH+8ABOIH6Kv53X0xtmJuoNLIKreqhv93MdKygYOX0OIcKca+Mg7C91LDXT+1tCD9sXatwGOsrNhRtZilbtWLFU6srbBkGYBJlueMwy6Gr30j81+4MmUun88D+2OYzf71ZVMvNbiyVskMjNpPIbwPrVDCgX72KUax1ywiOF0JmCFer//f+LyNHPTFMGHyg2U4hHKDqF4wynSfK/lI/1XQOM9s/znJU+eVqeRnOvmKQFs75MHvBbhyT63zheE4X1iOyPs9qo9mRbrFpHEJx87RfdAqVQIo17OQjklsmsXkV9CDP/eNvVdhUypuWb3eIM4+RiN0vke4AXOBUEy6j16XBNVAthVKb2vkqFXeIWfNZmT/fEoW5O5IJ4L68AJkOdpIDrrjhUtFA2GhEmZ6EqojxcaEbOgBVfW7zot74YlgscTdl5tFdIGWKxPmI++jXGWb1RjKmQE/wV7i6TQ7cPU0pyNCN+RAm52JJ0e7umhfpHqH9JnjthoPg21DxrXB68tjfwqKIN2DIg/ra4uS4fuXxESOWRjSPICVRFzPQXgqYQEXHi6UazYHMbdov9/KFnJdj89Ykm+3k/Yw8sfy4BXeu7ECzwkqWIApCPsNJbmR6Nt8XObaOpISgUKLs91QrpR2Jh3QjGgBZo7GwLTy277N8qIYWyJccoyymzFGjFalkM+KJJscr2tV4NVuc2b01uwHkwmvSAEwk2YYSbH2czkxhhcmhPbYhC9Q5fEq4knzKFlrdJ8xtSYzrOFImhvI7KkpGMkVs0SNpxjkfRvLeEndt+0nhigcl19QaIsXEfdqrfScA6RjDI+897yOrjd735qe0DSY172Jy9QfQCNY+l4mLw15J0DAvt4pc6OhLtNO4F26eeUCq/T2CccfqEfnLKnDsjNEP2ox6yIQtzIOVNr0l1EOzCj5hHmgupBbFzRiPWp1jbxWo4POUyfAswv4GmcAUOCuUWYr7YbcsjzeZ2I1wLbDedHiZ7EOSxtl2Fl4hhPHBh/EC8Zv7ipESuDNaOAQQDWa7TqJJ4saiiS2SOJH5miR5/Jk9588/eUlA2qOIaaJ+SgMLZwdJ2l+wdIbMlCSQgvpY2nYV55MHAyM6XdTnJx4v2YNTSpeKVRfbYyhJuMlpGX6IZbAW93IAzOto0SvWHBrdClQgNDqg9Bpo6PiH+878iaEs5dg/XeaTxjNLmq/yGYrNKqHLMqFE9NiHRv1sE0PP+BVh/bpa3lzD8O5w9WD9Fh8NiBwEgH4ZVHc4E6Q29DMjQ0Ii/hs+86gtWvOUQsLv5DLie3di+1Z9wTpFczUOONTfVQqJshxIhxsGzifTJUZ3GMsrmcEcCHLx+Q2XtZr7JH4a4JnSIN96qPwZ9+rqC2a5+SBjZQS3iWLCPvyTsYO4i5EggzZZxd+OKkhQi6rja3J35YGQN9Qm5qnvcH5JE4U2CPufeVg9aTfefuDJuFLYafKPv/+cHLNImzcLZ6AA15zNHhpjWa5O9p1PBjxooPanQK1HkjmNoAdNQch2iLUshh3PYoX3BAHNaa9KpMtRpnM3PUke/2mJWvToGXkcYQSzlSNKKNi4e0sO6IgiL8FEubZ4Yh+DiX0k+u+WpTPVwfI1fkLChva4KgP5yICHGWcZeMjuVJ7YwNT1UXYCt7EMwbEsitL44EpwweYDIJUoGNEmazianxgLZ3FzcbNes3buHJCsMt35OibnC1GspxUGiofjMpMrlXfjCaY3uGv7fNC1wTjaBWTE7Clqk43+/vPwFt6HAfyJG+hYfZSSJDRRVo6luqZ7aADWViORje5pMj/efCEWSACF7la9nHi9QrgjMWPsMEwDKcmXsyHRRog2sJ/JAvDrlYrSUy7ATWrk+E4JMdfrfSNzddA== X-IPAS-Result: A2CNAQDM16hb/wHyM5BaHAEBAQQBAQcEAQGBU4IJA4EIXCiMaItJhGaTdhSBXyoTAYRARIMWITYWAQMBAQEBAQECAWwcDII1JIJgAwMBAiQTBgEBDCAMAgMJAQFACAgDAS0UAREGAQcFBgIBAQEYBIMAgWoDFQOXEYocgWozgnUBAQWBBAEBdYIwA4JTCBeKYReCAIE5gjYHhHkBEgE4hT+OQDGOEAmCDI4XHVmIO4YYjnuHVwonZHFNIxU7gmyCGQwXg0aKHAFVT3sBAYl9gj0BAQ Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 24 Sep 2018 12:30:25 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8OCUOiq028848; Mon, 24 Sep 2018 08:30:25 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w8M0JvYN018308 for ; Fri, 21 Sep 2018 20:19:57 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8M0Jrrk009928 for ; Fri, 21 Sep 2018 20:19:57 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1ChAAD5iaVblywYGNZbHQEBBQEHBQGDXIFnKINziHSLS4RmlXCEdwJCgwQhOBQBAwEBAQEBAQIUAQEBAQEGGAZMhUUDAyMEGQEBOA8lAiYCAkUSBgEMBgIBAYMdgWoDFQOYHYocb3szgnUBAQWBBAEBdYI+A4JRCBd0iWUXggCBOYI2B4VFgmiCV44+MY4NCYIMjhcdWYg7hhSOd4djgXZNIxWDJ4IZDA4Jg0aKHAFVT45UAQE X-IPAS-Result: A1ChAAD5iaVblywYGNZbHQEBBQEHBQGDXIFnKINziHSLS4RmlXCEdwJCgwQhOBQBAwEBAQEBAQIUAQEBAQEGGAZMhUUDAyMEGQEBOA8lAiYCAkUSBgEMBgIBAYMdgWoDFQOYHYocb3szgnUBAQWBBAEBdYI+A4JRCBd0iWUXggCBOYI2B4VFgmiCV44+MY4NCYIMjhcdWYg7hhSOd4djgXZNIxWDJ4IZDA4Jg0aKHAFVT45UAQE X-IronPort-AV: E=Sophos;i="5.54,287,1534824000"; d="scan'208";a="375845" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 21 Sep 2018 20:19:56 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0CVAACWiaVblywYGNZbHQEBBQEHBQGDXIFnKINziHSLS4RmlXCEdwJCgwQhOBQBAwEBAQEBAQIBEwEBAQEBBhgGTAyCNSSCYAMDIwQZAQE4DyUCJgICRRIGAQwGAgEBgx2BagMVA5ggihxvezOCdQEBBYEEAQF1gj4DglEIF3SJZReCAIE5gjYHhUWCaIJXjj4xjg0JggyOFx1ZiDuGFI53h2OBdk0jFYMnghkMDgmDRoocAVVPjlQBAQ X-IPAS-Result: A0CVAACWiaVblywYGNZbHQEBBQEHBQGDXIFnKINziHSLS4RmlXCEdwJCgwQhOBQBAwEBAQEBAQIBEwEBAQEBBhgGTAyCNSSCYAMDIwQZAQE4DyUCJgICRRIGAQwGAgEBgx2BagMVA5ggihxvezOCdQEBBYEEAQF1gj4DglEIF3SJZReCAIE5gjYHhUWCaIJXjj4xjg0JggyOFx1ZiDuGFI53h2OBdk0jFYMnghkMDgmDRoocAVVPjlQBAQ X-IronPort-AV: E=Sophos;i="5.54,287,1534809600"; d="scan'208";a="16120243" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from ucol3cpa06.eemsg.mail.mil ([214.24.24.44]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 22 Sep 2018 00:19:56 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;b26f230c-0b6c-42a7-ac94-5fa7c7575444 Authentication-Results: UCOL3CPA13.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic306-10.consmr.mail.bf2.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 55238576|UCOL3CPA13_EEMSG_MP28.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 74.6.132.49 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0CAAgCWiaVbhzGEBkpbHQEBBQEHBQGFQyiDc4h0kDGVcIR3AkKDBBkGBjQUAQMBAQEBAQEBAQETAQEBCA0JCBsOIwyCNSSCYAMDIwQZAQE4DyUCJgICRRIGAQwGAgEBgx2BagMVmCOKHG97M4J1AQEFgQQBAXWCPgOCUQgXdIl8ggCBOYI2B4VFgmiCV44+MY4NCYIMjhcdWYg7hhSOd4djgXZNIxWDJ4IZDA4Jg0aKHAFVHzCOVAEB X-IPAS-Result: A0CAAgCWiaVbhzGEBkpbHQEBBQEHBQGFQyiDc4h0kDGVcIR3AkKDBBkGBjQUAQMBAQEBAQEBAQETAQEBCA0JCBsOIwyCNSSCYAMDIwQZAQE4DyUCJgICRRIGAQwGAgEBgx2BagMVmCOKHG97M4J1AQEFgQQBAXWCPgOCUQgXdIl8ggCBOYI2B4VFgmiCV44+MY4NCYIMjhcdWYg7hhSOd4djgXZNIxWDJ4IZDA4Jg0aKHAFVHzCOVAEB Received: from sonic306-10.consmr.mail.bf2.yahoo.com ([74.6.132.49]) by UCOL3CPA13.eemsg.mail.mil with ESMTP; 22 Sep 2018 00:19:55 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1537575594; bh=i/FeXI6VaSffmX1y1gpuicpe9EtDrQAWHmEzOnUriC0=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject; b=FATU+veusBAp8RqgiYFYB8uBdP/nTVGcHrDWb3KefwqQsHUnRf9W3GDiJ5QIkYTl4CIaUuOsu5+nuZWaW5pShWncSLDJrlME48sXRDpiDee1fR7vYE+/FnvL11UEpza/6zQ4O3H4r5Peo92RX8pBX3glh2LUegLLevzmdWZVeue1dCs7Ciby1Y0rEsQvWlaO1WIua1IMifJ7jP5xuAdB+W8hixwBM9YUcHpKNafgnA5s/Lt3gS63yJAHHEYnvmVEJkPzctN/XDY940IQlLlLxcDzLPWXgAQu7zvGnSXn3QIDFk1FglV2yzmeFFZeSirNkLs/untperhR4/GECDP2bw== X-YMail-OSG: XuaOVtEVM1mikCscWceS8.HCm.CdAuEC6YfliI6G_vFCTRqznqbIa6p8F0rskD7 uZvg1h9_7b8ihb6tZHQZY979Su_pKSuzDFR1hvr6ZEWCJG1j_C02Rgc8e_thtwgp_QDWbImMAgOe G3xevsva0JwZKTo3151ZcNtHAXzKY8JbbRdiPYMlEDU_J8cEgM5Ssu_IF6OGLVLEM5H4cTZtMl2R OsnOYOj6RjsV4qZ9e9RhSD6vnWvxDb71S8Uz_sGuJ.DDldaM4SHvz2GMcVLJzFc.PoPaB.E.7W3A 0kOC_ND9kI9CO.vZKBLojJLD.Ft2u5iEqvh0U8U5SbzZ4R7xobeMxn8PM1pKeBYw68dfeMSd7WR4 gPlu2XvaMeM64k2W_gtTq8qqnbCOLWgN7df2PsLL7H8HzVs315KB7ZAyoE.FC09GGP64s333M3fK TVsDdrBxl66JEHrWwEX88oL7rdfEUrisC75ZT2H.c8d_RgGvD2YzR1Gi.JUAXb7xBf0HvMxl2dz9 PykWeApB33u2ggXRc5XpTw2fBTQD8ZfRxFdp9zyc_U1rF37lWWYh1Rqb34LWN2msUAJLq1PtbPHZ J4nJuEr4ApvAiauVhi4tMcKRGhEnjo7FwIjCiMVCcLYO5i00g0Vnp..WlNEqlgl8A1Jdd3Eoza_h SAxReyWoE.f3jO8i0dUjqJaP62YmoyAJ7dMmUoLunvWb2BaYbIcqdp394bdlSxYNUAglQrJzBYrr DS4O6r6zEnAWYOoYaKAgtWr.8F15zPQS1MAerCeHtZ4G6Yskc99Fk7WUIY8WgODPq.KKqOXSDHuj Bo3LqnCG1jzlsa8n_c2VR3yq7Bqq0iwjNEptm9ZWIL3fYW_aY6XTbE8gXOuDLdXnXc437pVFRtAm xPVi3ssbbn71fxgucZSMOz6VgFTsFZ1aakVETYj1XJgdPDfEK3HUFdLscGrDpighGCWoa7zyuZHr SeRbkgGMPfq8X7BGzKyzKdHIuOo8J1UNa2bAK9VFuQtD0wcPQRp4dOM__37DQPzLj04D8SXX46H8 rpGLlOwkqCZep8g_Exhscyw63C7ynnGW8bDqxBBo9ZQ-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.bf2.yahoo.com with HTTP; Sat, 22 Sep 2018 00:19:54 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp409.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID c77f6ae516e03a89627c63bd722d43d2; Sat, 22 Sep 2018 00:19:49 +0000 (UTC) To: LSM , James Morris , SE Linux , LKLM , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Salvatore Mesoraca References: X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: <383f1b1a-3d7c-46d2-a553-3a09f25bc1c4@schaufler-ca.com> Date: Fri, 21 Sep 2018 17:19:45 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Mailman-Approved-At: Mon, 24 Sep 2018 08:26:06 -0400 Subject: [PATCH v4 16/19] SELinux: Abstract use of ipc security blobs X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Don't use the ipc->security pointer directly. Don't use the msg_msg->security pointer directly. Provide helper functions that provides the security blob pointers. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook --- security/selinux/hooks.c | 18 +++++++++--------- security/selinux/include/objsec.h | 13 +++++++++++++ 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 389e51ef48a5..e6cb5fce5437 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5884,7 +5884,7 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, struct common_audit_data ad; u32 sid = current_sid(); - isec = ipc_perms->security; + isec = selinux_ipc(ipc_perms); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = ipc_perms->key; @@ -5941,7 +5941,7 @@ static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) struct common_audit_data ad; u32 sid = current_sid(); - isec = msq->security; + isec = selinux_ipc(msq); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = msq->key; @@ -5990,8 +5990,8 @@ static int selinux_msg_queue_msgsnd(struct kern_ipc_perm *msq, struct msg_msg *m u32 sid = current_sid(); int rc; - isec = msq->security; - msec = msg->security; + isec = selinux_ipc(msq); + msec = selinux_msg_msg(msg); /* * First time through, need to assign label to the message @@ -6038,8 +6038,8 @@ static int selinux_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *m u32 sid = task_sid(target); int rc; - isec = msq->security; - msec = msg->security; + isec = selinux_ipc(msq); + msec = selinux_msg_msg(msg); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = msq->key; @@ -6092,7 +6092,7 @@ static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg) struct common_audit_data ad; u32 sid = current_sid(); - isec = shp->security; + isec = selinux_ipc(shp); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = shp->key; @@ -6189,7 +6189,7 @@ static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg) struct common_audit_data ad; u32 sid = current_sid(); - isec = sma->security; + isec = selinux_ipc(sma); ad.type = LSM_AUDIT_DATA_IPC; ad.u.ipc_id = sma->key; @@ -6275,7 +6275,7 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) { - struct ipc_security_struct *isec = ipcp->security; + struct ipc_security_struct *isec = selinux_ipc(ipcp); *secid = isec->sid; } diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 591adb374d69..5bf9f280e9b2 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -26,6 +26,7 @@ #include #include #include +#include #include #include "flask.h" #include "avc.h" @@ -173,4 +174,16 @@ static inline struct inode_security_struct *selinux_inode( return inode->i_security; } +static inline struct msg_security_struct *selinux_msg_msg( + const struct msg_msg *msg_msg) +{ + return msg_msg->security; +} + +static inline struct ipc_security_struct *selinux_ipc( + const struct kern_ipc_perm *ipc) +{ + return ipc->security; +} + #endif /* _SELINUX_OBJSEC_H_ */