From patchwork Tue Sep 11 16:41:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10595919 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1AD926CB for ; Tue, 11 Sep 2018 16:49:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 06E1928CF9 for ; Tue, 11 Sep 2018 16:49:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EEDE929890; Tue, 11 Sep 2018 16:49:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,NO_RDNS_DOTCOM_HELO,RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from UCOL19PA13_EEMSG_MP11.csd.disa.mil (ucol19pa13.eemsg.mail.mil [214.24.24.86]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D687128CF9 for ; Tue, 11 Sep 2018 16:49:18 +0000 (UTC) X-EEMSG-check-008: 622359886|UCOL19PA13_EEMSG_MP11.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.53,361,1531785600"; d="scan'208";a="622359886" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by UCOL19PA13_EEMSG_MP11.csd.disa.mil with ESMTP; 11 Sep 2018 16:49:16 +0000 X-IronPort-AV: E=Sophos;i="5.53,361,1531785600"; d="scan'208";a="18080344" IronPort-PHdr: 9a23:FLwTqBIF9k7rIowKxdmcpTZWNBhigK39O0sv0rFitYgTKfj6rarrMEGX3/hxlliBBdydt6obzbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZLebxlKiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0vRz+s87lkRwPpiCcfNj427mfXitBrjKlGpB6tvgFzz5LIbI2QMvdxcLndfdcHTmRfWMhfWTFKDoelY4cSE+YNOOBVoI7/qFQUrRu+Ag6sCPr2xjJUiHL73LA23/09HQ3bwQcsG8wCvGjRoNjzKawcU/26zLPQwDvdYfNY2TTz5obGfR8uo/6CQKpwfMjMxUQhCwzLgUufqZf+MjOJ1OkAqXSX4/ZuWO6xjWMstgF/oiKoxscpkoTEmJgaykva+iR53Y07OMG3SE5hbt65HptQsz+VN5FrSc4lX25noj06xaMGuJOgZygF1JQnyATCa/yJd4iH/AjjWP+NLjhinn5qZLW/hxOr/EWm1+byVdG03U5XoidKndTArHAA2wHJ5sSZRfZx4F2t1SuX2w3S6OxIO104mKvfJpI7w7M9loAfvVrdEiL5nkj9kbWYeV8++uey7uTqerDmppiBOIBqkgz+KaEumtCnAeQ/LwgOQ3CX+eSi273n+k30WKlKgecskqnYrZDaPt4XprK5AgBJ0oYj7AyzDzG639QDgXYLNldFeBODj4TxOlHOJu73DeunjlixnzpmyOrKM738DpnXMHTOn6ntcaxg50JEzQo819Ff55ZaCrEbJ/LzX1f8tMfGAR89Mgy0xfvnCdpk2owFXmKPH6mZP7/Mvl+T/e8vP+mNa5MVuDb6MfQl4eXugmUjlV8Seqmpw4MbaGqkEfR+P0WZfX3sj88DEWcNuAoxVvDqiF2YXj5VfHuyXaU85jc+CI28FofDWp6igKaa3CuhGZ1WfG9GAEiWEXj0b4WER+sMaCWKL89jkDwLT6SuS4w61RGpsg/6yqRnI/Ha+i0cqJLi28N65/DVlREu6Dx4FcOd03uCT2tshGMHWyc23LxjoUx60lqC36l4g/hdFdNN/fNESQk6OoDBwOx9EdD9QBrBfs2OSFakXNqpHS0xQsg2w98UbEZ3A8+igQzb3yq2H78VkKSGC4Eo/aLZ2HjxIdp9x2vd2ak/kVYmWMpPNGyhhq557QTTAZDGk1mBnaawaascxDLN9HuEzWeWoU5YTBR/Ub/eUH8DYUvWqMj26VnZT7+yE7gnNBVOydKaIKtQdtLplUlGROvkONnGYGK+gWSwBRGVxr6Xb4rlYWYd3CLACEQelAAT53mGPxAkBii9u2LeECBuFVX3bkz27OZ+snK7QVEuzwyRdUJuy7+19gQShfyGRPMZxqgEtzs5qzVoAFa92MrbC8GOpwp7e6Vces897Uxc1WLfsAx8MJmgILpkhlIEdQR4oV/u3Q1tCopcicgqsG8qzA1qJKOWylxBcy+Y0o7qOr3MMWTy4g6ga7TN1VHD1daa4KAP6O43q1/7pgGmClIi82l709lSy3ac4JTKDA4WUZ3vSUY67AJ1qK/AYik6/Y/U0mdsMaasuD/Yx90pHPclygqnf9pHLqOEFRP9E9EdB8i0MuAlh1ipbhUCPOBd76M0O8Kmd/2c166xO+ZshjWmjX5I4IplyEKD6zJ8SvLU35YC2/yY2gqHVyzgjFu4qcD4h4REZTAUHmqixinpH5VRZrVzfYYNCGehP9a3ys94h5HzR35S7ESjCE8e2M+1ZRqSaETw3RdX1UQTpXyohzG4wCBzkzAntaefxzHOzPj5dBYdPW5LXmZih0/2IYeol9AaQFSobw8xmRum+0n6wbNbqb98L2bNR0dIZC72IH9+UqeqsbqCecFP4osysSpLSOS8fUyaSrnlrhsE1SPsAnBTxC49dz63upX1hRp6h3yBLHxrtnrWZdlwxQvD5NzbXfNRxiAJRDR8iTTMGle8PsWp/NWNm5fNqO++UXitVppJcSnk1YmArje05XV2AR2jmPC+gtPnHhI80S/n0NlqUD7FrBjibYb20KS6K/hoflFyBF/76cp1BJ1xkpcqiJEXw3gaiY2f/WAbnmfrLdVbxaX+YWIIRTERx97V5Bbq2FF/Ln2T3Y30TXOdzdV9Z9mhfmwZwDo94N5QBKeS8rNEgTN/okCkogLJffh9gjAdxOMg6H4Ane4GpREtwT+bArAOGklYJjfhmA6U4NC7tqlXY3yvcbeo3kpkgd+hFK2Coh1bWHvhYpctAzR/4dt5MFLNzH3z7ZrpeNjOYt0NqBKYiRDAj/JaKJgpjPoFmTJnOX7hvX0i0+M0lgdh0Za+vIiGMGVt4Lm5DgRDNjLre8wf4CrtgrhansaX2YCvA5pgFy4XU5roV/KoDSkSue7pNgmUDD08sXCbGbzFEQ+Y8kdmoGrFE4q3OHGPOHkZ0dJiSQGHK0xQmg8UQis1k4U+FgCy2sPhdkJ56SoQ5l78sRRMze1pOwP4UmfFqweici00R4SHLBpK8gFC4F/YMdCZ7uJ2BS1Y5JqhrQ2TJWydfAtIF2YJVVKHB134Irau4tzA/PSCCeqlM/vCe7OOpvJCV/2Q35KgzpNm/yqQNsWIJnRiDf0720pbXXB+H8TZmikPRDIMmiLIbs6buA289TNtosC46vTrVxrl5ZGTBLtKLdVv5xe2jL+AN++QgCZ2Ny1V1pYLxX/GxrgQwkISiz1udzmqFLQPqzTBTKTOla9LFxQbcT98NNNU76Ig2QlAIdDUisvv2b5ij/41EExIVUT7lcGzZMwKOHm9NFfdC0mXKruKPzrLw9v4YamkU71fkP1UtwGsuTacC0LjOCqMmCPtVx20MuFMizqbPABEt4G7aRZtCmnjQMjgahKlLN99lSc2zqEshnPWKW4cNiBxc1lTob2L8yxXmO9/FHBB7nd+NuaEmjyZ4PTfKpYYqftrGDp7luJA7HQ81bRV8DlOROZplyvKst5uv1amn/GSxTpgVhpOrCtEi5yPvUVjIqjW7IdPWWzD/B4X6mWQERsKrcN/CtLzo6BQ1sTPlKXrJThf6d3U48ocCNXPKM+cKnUhKwDpGDnaDQseUzGkKXzfh1ZckPGO9nyZtJ46pYbwmJAWUL9USEQ1Fu8GCkRiBNECO4l4Xjclkb6dkc4J6mGzowXWRMVfop/ITOmSAen1JDafk7ZEewMCwankIoQLKo37x0tiZ0FmnITLHkrQWsxNoi1hbwIvvUpN8Xh/QXco1E7/bAOi/mMTH+aunhEqkgt+ffgt9DD07lgsOFXKojA9n1MsltX7nz+RaiXxI72qXYBWESb0sFIxMpzjSQZvcQKyhVBkNCvDR79Jlbtgc2FrhxPcuZtIHf5cVrVKbgYNy/+Ne/gm1k9RpTmgxU9C+eTKE4BilBcwfZ6qsX1AxxppbMQpKqzIOKpJ0l9Qi7qUviCyzOAxxxQRKl0R8GOIYiEIplIHNr0nJyqu8exs7Q2CmzRDeGgQWfoluOhq9kYnN+SG0S3gz6ZJKlqtOOyHM6OZp2/AmNaGQ18qykwIl0hF/b130cg5cEqZTEEvw6WPGBsXL8bCLhtVb8VK/njJYSmOqfnNwY5yP4ilE+DnV/WOtKUKjUK4HQYpGYsM498PH5a21kHXMcPnLLkYyRow/wTnPlOFA+pVeBiTijcIv9m/zINr3YlaPjwSG399MTix5rrNpQ8nm/uDXNY3YncGRYQILHQ2V9OmmyRBpXRPECG30v4FyAiF9zL8pyLQDCXiYNpneviUYA1jCM2s+TQ/6KW2jkbX/YvYJ2H/L9tiu9vP5vgdp5eIEf9USqN9s0jEkYlCW3OqS3LPEcKyJ5Xod4ksatn0B22mUlCjjjI6VN39PNCzIaiUmQvoX5pbsJGH3DA/Ms+wDjMeGxBuqOwY+a1zexYDbIQhYR70qQsxKrazIAGG3dWyW2ytMydZT+FDzeWmYLxa1zYsYfKnx3shVJ46y/K6/lIKRJEPkh7R3+2jZ5VEXSj1BHNdZx3FpTAlmGh5KuYy3uA/zQvQsVkHLzCEbvFmaHBfstEnAlOSPG92BXYmSF+akYrD+BSj37QI8ytahdZU3vVPsGLisZ/HfDKsRKurpI3OvCoucdcqv698PZHtL8adqJzemTnfQ4XKvQ2eTC62DfxalcZMIChAWvlHhXklOdAauYpG8UcxTNkxKKFPCKY2urCncj5kDSkMzSAHSY+PwDsCjfqi1LfAkBefbogiOgQesJpemtsdTzJ2YiQGqa+/TYXZiXGLRXUQLQcO6QRM+BgAmZVufuDk54rISIFDyyJMr/JzSCvLGYFi90HnRWGOnVj4VPKhnvSr3Q1I1vLs1cIbWBplBkhD3OtWk1YoKLVrK6kRooHKsyWHdUXhvG73z+umPlZRw9XOd1LkFIrFqXb8UioE9H0WX4BPzn/fFY4VkwVkdqkmv0lML5qgekbl4Dwo3YJpEKekVcqz3VYqsW4GRzu2E9pGE+xmtlbXVSZkY5CtrZXpIZRSQmle+J2HsVhZi1ltMzSkyZVAN8FN/yQMUyZVrTWaptuyR9VJ2dVqAJ8UPtd/p3D9FbtCOJiQv3I2vbjvxWXC+zwmsVe6wzKzG7SjT+9C+m0TFQooK36Zqkk1AOsm6n3S/UzVslBo4+dbAaCCgllrrzZ5AJ9OHSpJ1HCiL1loV3lJr+RaJ7rTc8xAQvk9fwWjOxogGv46x0aJ5117nW/lYyxusQtX4yTdXxIxVSQVmbrtlyMRpdygOT8AUZ1IdS8hbyDHKw2FhS9XoAxTa0ZwW5AWGtxF4a0U3ZNI/sreTkahMSMFXB1nNg8j1PpQi05Cv1uCeSDcCwqoeuzDshtpcseNtMSpNuj2/B9bioP7t+A176QDRny8lgK3Xd/TtJT8ucOWtkSQaKj0Keq8YWXOTDLUlxC/ma8kD4XW/yjUKAdUMJh6yWEqYJf7C27LPAhGJ7oBKEpGUaB3cslJoudHaMB6YqkJ5LVtBhWdRhz1AoCvq+NGLlnLTzTEMyqB6vC/oZ7U7bHFUejvfNCMyGrHQ6N5OZd68zr7F67x0YBA/kr22/Ft9l51SFXdKyCOtsjhKR8L5MiscUvipJ4pESnVAJhuinrtwF9Pd84NTy2t6pQYx4tT6GzsRuJgzkjzrOpS+qF45ok1+b9m1dy5KrvVKfRetU9nAwabBh929pozHGd/R3pdYugLKPfeZa4Zl9zhq/jrF6wL7x2Y4+lZadzBJ0HdlcmwFCqRSRlFnAgbrz4VMBec1vCCm69uSsalvvL12kQz7FiiNhQG1qxi5Z+Y+qqUo+/adxnRzb8EWqjsXM/8srQsu0eP5fI5lb8Oe2p1YxakEOgcTcMd2Gbgzb4wwiIoDszDHqjs+PhdWHIlhjjggYxyH00KGvMIGrqG5YVennkilOzfLdAWdr1ClXuOFR6jCb8O03mr6zGYIGN9mBHBzwnwQX+v7F/xtSJ4QzXDz9ntkkpRTbS2C11dXyy3Nk9kqj+POhTntMbvs6Qv8E42KnDktM6KlGa5N7NXG8r/JdKCLikwoFIal4YxRtup2YAaBdWxOtER/29ibvHG8WOkjzdBo7tbh4rZ+syV//TXHXqjj62dsLiNxipXyns/vVE59N+gMOvC59uUTPS0z2wRVTtwuxPdXx6prbzWt0sbNlKN0EfXg4EKJdVZ3X4k1kH6+ugsXs88+B9ZFobaaPMIvSrzNyfswVaDf9I3UTGT0yNQHlLxC1Z4AqY92GX0vMLHjnrQ/looRo5rd0P5mRN3FYI4KVk26FgWxCoDHhIBaReBDLGnHU7lN5cLVVAfaRSb27i3Yqk30lN3wrOu/O/cc/dxBqsMNvZYiw6BgkJbGpYIvqEER7J8YVBd/rbNpgf+E4jnQ+TmlX0oOPy7WsBa68EZuGc87QukQhqg6ItD76wFh5ySca5Ee5fMtthm70h7/T4PajBNgB9nghO+VeATuvvu4sDfsJWy8eauSKctSPkL9xguGWtxkYH8gFY9rtHLz+1cUJHaiZzj8ABRJH6HoILa0xh6KeoTJIOnZbJg93QcJygCPHIDJtuWZOM64y9qKjnT4EZCAswUb9MCIMXNgRxUilHuWLxL88rUAEOXC4dyd8Au6Gr60y418Zo6Uun+7D+2JJbf70xCPv9ZiyVsjt3CrvAPwfXOECgX/WWZax9tzyOA0ZaNCPHw8v6XxdHJUVMGAi42U4BAJDqN+QynWvC5lJP3XQOI8sXzmo4xdFqMRnytm6QIqr1MEeBFiirn3zVTFZv4h+yLvNq26WtWt1pHEIBp4R3DBqpfIsYzBROtsvKODhx4By3iaITPexEzouuK16IJ5OljM0bWe4AWOFQHxqj85H4TSRFhHvq+nF+cUPlZQdx8UvLf5iRX7IV6Ma4UFF6UoZHr6DBSpwZySCsKTJp4+jhbcFTe2Q5YQaD5vJYehQYGF910o0lBHSS3Im1oo3L8eOxxja+MGLRB6TiXT6oTQ210Iyh+RFWzw5wodLy3y7QPkGRGmGtfp/gj1SdrQlPouyrsoeQP3jIp/qq1sh0KsHpCSOSVmiOOAlJGmrBCrqoRED7J7lu/KC0AYYbp675gJuzr9ZMm5nUiZFMkZSJQGaycBj3rkqTAIoWJvNsU0AaAvsrTbLn2LiUIMLk54ROmQ39j307FlRV16mJNRDjm7sdyYM2FMNshjg+vHnLWPAIU675NmNP4qFpOSewxc14ny2JmhIzPfTEAXMzCHS4OiwEgbWhVOMZY5QQyC7gjgjHOuLJPuA4TfmGQWs6h+4/NjYLGwnUwU9pu7nzZq7fDhZ4w1nBh3dRu4WTG7HATcfHIFsF3DnXt24N31+PzfbOuv/oBRY8gz66uBrtKG82u6WankLltUFWk170YVw6wPOgJ3LbKWiGNRmiRWODNeG+JyWUXKEn3sDKhNVAmIPxBr0YgPO/PnNYInAT6XKJcXS6QrELVyGE5dOgTMQkxvdH0KEQxUOcNar3EdqAVy/okBQ5JPieTR3l/FvO2vFixnYNyJ3Rn5wDgbP/w9hz9aofJSCQ8PaWBhaZYoaP8S2+EInAmyRRzOA9x9uOMcjZ5rfdSJrCWm9WYnNFnyagdbf44OiQmt887gYlj4JSa1MqQNBrYiJ31IIKwwLCDG/OK6UMsdylBV6YBJwb85oE0JNk8DrbaBrZIlQ8XBaEnTpgsLSL6/ed/KwYgF2yZf6y61+/toO/DfZ5IvznW41Y3eT/boAEGw+eoQBZTdJeshn6peMt1HG0HpNprER58Wo5GGsdGqQf+RY+dmKa8zdS2/hAf2acGsqv1X+jDz8/xn55wUJ5T+VGRMX7PCbNqjEVogqX6gvrJ3pTrT8K3UcINVO98BGXCb7I= X-IPAS-Result: A2DUFQACrpdb/wHyM5BcGwEBAQEDAQEBCQEBAYNLA4EIXCiMZIs/gWCDBpNbFIFiJxMBhQSDSCE2FgECAQEBAQEBAgFsHAyCNSSCYAMDAQIkEwYBAQwgCwECAwkBAUAICAMBLRQBEQYBBwUGAgEBARgEgwCBagMVA5oOihyBajOCdQEBBYEEAQFqgj4DglAIF4kzgRsXggCBEieCPYR5ARIBhXeIKIUfPzCNVAmCCI10HViIHYV7jhiCbYRRAy5kcU0jFTuCbIIZDBeDRYocAVVPewEBimGCPAEB Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 11 Sep 2018 16:49:17 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8BGnGV4023213; Tue, 11 Sep 2018 12:49:17 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w8BGftfm031933 for ; Tue, 11 Sep 2018 12:41:55 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8BGfs24023062 for ; Tue, 11 Sep 2018 12:41:55 -0400 IronPort-PHdr: 9a23:SaibtxFHw8jFDM8UqWC5oJ1GYnJ96bzpIg4Y7IYmgLtSc6Oluo7vJ1Hb+e431wKbYL33wKlvs8OO7ObtVGkb7tCEuXEGNplNU0xNkt0YyionBsPNEkjnNLjydSVvF81ZWU5N5Hq7OFVbHMvkIlbb5Ha16G1aAQ3xYCxyIOm9AYvOl4Ky3uG29YfUZlBDjSGwcJtpJxW/sAvVu9NTioIkIaE0mVPSunUdXeNQyCtzIE6L2Rbx4sDl5Jl47yFZoO4s7eZbVqP7dP9gFvkCU3ItNGYu4detsBDCSU2J6yJaQ2wWlR0OCA/Av1n2XZb05zPzrfE1mDKbMsv/Ua0uVHy84r1qRh7lhGZPNzMw/GzNzM0lpLNSoBWm4Rd4xoM= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1AXBAACrpdblywbGNZcHAEBAQQBAQoBAYNLgWcog3KIcos/gWCDBpNbgXqEdwJCg0ghNhYBAgEBAQEBAQIUAQEBAQEIFgZMhUUDAyMEGQEBNwEPJQImAgJFEgYBDAYCAQGDHYFqAxUDmg6KHG97M4J1AQEFgQQBAWqCPgOCUAgXdIg/gRsXggCBEieCPYgtgleIKIUfPzCNVAmCCI10HViIHYV7jhiCbYRRA4IDTSMVgyeCGQwOCYNFihwBVU+OGgEB X-IPAS-Result: A1AXBAACrpdblywbGNZcHAEBAQQBAQoBAYNLgWcog3KIcos/gWCDBpNbgXqEdwJCg0ghNhYBAgEBAQEBAQIUAQEBAQEIFgZMhUUDAyMEGQEBNwEPJQImAgJFEgYBDAYCAQGDHYFqAxUDmg6KHG97M4J1AQEFgQQBAWqCPgOCUAgXdIg/gRsXggCBEieCPYgtgleIKIUfPzCNVAmCCI10HViIHYV7jhiCbYRRA4IDTSMVgyeCGQwOCYNFihwBVU+OGgEB X-IronPort-AV: E=Sophos;i="5.53,360,1531800000"; d="scan'208";a="366472" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 11 Sep 2018 12:41:54 -0400 IronPort-PHdr: 9a23:qWUIwh9RIsctGf9uRHKM819IXTAuvvDOBiVQ1KB+0e8fIJqq85mqBkHD//Il1AaPAd2Eraocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze+/94HRbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDtU7s6RSqt4LtqSB/wiScIKTg58H3MisdtiK5XuQ+tqwBjz4LRZoyaM/hxcbndfdMdQmpNR99dWjBPD469cocDFvYNMftFpIX5uVcCsR6yCA+xD+3t1zBInGf707Ak3eQvEQ/I3wIuENwBv3vWsNr7O7wfUfy3waTS0TnPc/1b1DX75YPVch4hu/aMXbdofMfP00YvDB3Kj1WNooL4IzyV1v4Cs3WV7+pkS+2vkXMspgZtrTe13ccjlInIi5kOyl/Y9SV22ps1JdO8SEFle96oCYdfuDuAO4RqRcMiRnhltSAnwbMFoZ62ZDYGxIkoyhLFdfCKfJKE7gzhWeqLLjp1i2ppdbO9ihqo7ESty+nxWtO13VtKtCZJjMfAu38L2hfO8MaIUOF98V2k2TuX1wDc9OVEIUcsmKXVMZAvzKA9m5QNvErZAiL6hEX7gLWIeUo6/+io8Ovnbq/jppCGNo90jhvyMqEvmsy7Geg4Mw4OUHaH+emkyrHv4EL0TK9UgvA5iKXVrpLXKd4Uq6O2GwNV15ws6xe7DzeoytQYmnwHIUpZdx2dlIjmJVHPLevjDfijg1Sjiiprx/7CPrL/GJXBN2TMn637cblh7E5czRI/zcpD6JJMFrEBPPXzV1fqtNPGCh85Mgq0w/voCdhmyoMfWX6AAq+eMK/It1+I/fggL/ODZI8SpjauY8QistrVqDdtnV4bYLnsxpYcdWq5AuUjJkKVfH7hqskOHH1MvQckSuHuzlqYXmgXL1S7Wq8nrhQ8EpinFs+XRIWqmqaAxw+9F5hbZyZBEF/aVT/MVKGhE6MIaSSPMopinyYCWLyJVYAsz1etuRX8xr4hKfDbrGlQjr+r8Nlz+v2bwQo/8T1yEtS1z3CGT2YymHgBATAxwvY76W56ylHL8694ivpDGNobs/FOUgF8N5ncxuphBtbaUQvHedGIQ1+iBN6hBGd1BvE8zsRGSEF6GJ32jR3OxCGtBLw9nLyRA5k176ea2GL+cYI193vaz7Qmx3kvRMdGfTm+i6hw6gnVQo3EiUOUk46rMKAbwiOL726A0HCH+kdVFgxoB+GNZXkCYgPzqtPj6wuWV7azDZw/OxZFjMuFLbFHLNbuiAMCDMz/NczebmT5oGK5ARKF1/vYd4bxU3kM1yXaTk4fmkYc+mjQcUB0AianvnKbAidiGEziZ2vy/uRk7nC2VEk5y0eNdUIrn+6x+xgIlbmSUP8ewL8AkDkupi8yH1un2d/STd2aqFwlNIxYbMMw8R9r0mjDth10ONT0JqxljEQfYg1xl0zr3hRzTI5HlJ55gmktyV9ZILmVwRt6fDORwJ70N6effmL75x2+Q7Xd2ljD3tKb4OIE4bIzrFC171LhLVYr73gyi4od6HCb/JifSVpKC8ijW1sr9xV8u7DRazU84IWRz3B3LK2oqWWZhoAUPMcOkT2YVo8Adq6JERT9VcgTBszoLe0uyBCydhxRGudU+eYvOt++MeOc0fugNf1tjRq9hmRO/Y5531jJ/CM6QenNjN4e2//N+AyBWn/niUu59MX+mIRKfzYXS2G20iX1LJVaZqRvc4IGEyKlKou8wdAtz4X1VSt+81iuT0gDxNfveReWaAnl2hZM0E0MvXG9sTC/yT1/yGly6/DAmifJxf/nblwCM29PAm9v1BH9KIiziJYRW037JwQqlR7w/U/h3OAbv6VwKWDPXF1FNzb7NWBsU6a89/KCbsdD5YlusHB/Qe28ZlfcQbn4rg== X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0DIAwACrpdblywbGNZcHAEBAQQBAQoBAYNLgWcog3KIcos/gWCDBpNbgXqEdwJCg0ghNhYBAgEBAQEBAQIBEwEBAQEBCBYGTAyCNSSCYAMDIwQZAQE3AQ8lAiYCAkUSBgEMBgIBAYMdgWoDFQOaDoocb3szgnUBAQWBBAEBaoI+A4JQCBd0iD+BGxeCAIESJ4I9iC2CV4gohR8/MI1UCYIIjXQdWIgdhXuOGIJthFEDggNNIxWDJ4IZDA4Jg0WKHAFVT44aAQE X-IPAS-Result: A0DIAwACrpdblywbGNZcHAEBAQQBAQoBAYNLgWcog3KIcos/gWCDBpNbgXqEdwJCg0ghNhYBAgEBAQEBAQIBEwEBAQEBCBYGTAyCNSSCYAMDIwQZAQE3AQ8lAiYCAkUSBgEMBgIBAYMdgWoDFQOaDoocb3szgnUBAQWBBAEBaoI+A4JQCBd0iD+BGxeCAIESJ4I9iC2CV4gohR8/MI1UCYIIjXQdWIgdhXuOGIJthFEDggNNIxWDJ4IZDA4Jg0WKHAFVT44aAQE X-IronPort-AV: E=Sophos;i="5.53,361,1531785600"; d="scan'208";a="18079974" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa05.eemsg.mail.mil ([214.24.27.44]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 11 Sep 2018 16:41:54 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;5c8669b7-e90b-4764-90ae-b5d1d847b473 Authentication-Results: UPDC3CPA07.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic303-27.consmr.mail.ne1.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 41881361|UPDC3CPA07_EEMSG_MP23.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 66.163.188.153 X-EEMSG-check-002: true IronPort-PHdr: 9a23:BC8YlBHHBWJu925dFa74eZ1GYnF86YWxBRYc798ds5kLTJ76pcW7bnLW6fgltlLVR4KTs6sC17KJ9fi4EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCa/bL9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjm58axlVAHnhzsGNz4h8WHYlMpwjL5AoBm8oxBz2pPYbJ2JOPZ7eK7SetEVSnBBXsZWUCxNG5qwYpcBAucAIOpUtpXxq0YTphe6GwWgGObjxzlVjXH0wKI6yfwsHxzY0gwuH9wAs3rao9v6O6gQTe+7w7LFzSnBYv5MxTvx9IbFfxInrPqRXbxwa83RyUw3Gg7blFqQspLqPjOI3eoQr2eb7/BvVf+hi24jtQ5xuCWky8AwhYbTnYIa1FDF+D5iwIkpJd23UlN7YdCgEJROrSGWLpd5Tdk4T250vyY6z6QLtJimdyYJ0JQq3x/SZv2df4SV4x/uWvydLSp7iX9mYr6zmha//Ea4xuD9VMS4yktGoytBn9XWt30A1wbf5taZRvZy+EqqxCyB2BrJ6u5eJEA5jarbJIAlwr43jpcTqkPDHin3mErqgqKaaksp9vG25+nleLnpupicN4lvigH7KKQigMm/Dv45MggKRWSb//qz2KD58Uz5WrpKjvo2kq7DvJ/GIsQbo7a1Aw5T0ok99xayFzar3dUCkXUaLV9IdgiLg5XqNlzNOvz0EPeyjlq0nDdu3f/GP7nhApvXLnjElbfsZapy5FRHyAUtzdFS/IlUBa0BIP3pR0/xutjYAQEjMwCt3+noEs9x2Z8ZWWKKGqOZKr/dsUeU5uIzJOmBfJQVtyj5K/gk4f7ukHA4lEQBfaipwZQXaHe4Eu5gI0WCe3XgmNgBEWAUvll2cOu/rGanGWpXZnCvT+cn6zomEoO6HMLGQYywhLGpwii2BNtVa3pAB1TKFm3nIcHMef4JZTnaB8h7iD0fHeyjTog7zxC1nAnzzrdmaO3O9Xtc/bbA8P09s+nSkwwisD95FcKQ10mTQGxu2GAFXTk72OZ4u0Mrjh+4/OBcgvpFBZQH/P5NUwEnJbbA3ud6DJb0QQuHcdCXHhLuYNKmB3kTSdI4xcQDZQ4pGdKiiFbB2CqjBaQYkZSADZoz9KPX1ny3LMF4nTKO96QslBENRcxMfTmli6Nk/A/UBKbCk1+ekqe3cOIbxiGbsC+/wHaVoUYQcAd2XayNCWgSYETLrNK85U7YSbKqIbViNgxfxIiZI6hXcNSvi1gARu+1fJzman+100K3AgyFjueUZZfuU30UwSGYDU8DiQ1V9nGDY0x2PTusu2LTCnRVEFvrZ079ub1lpGiTUl4/zwbMaVZokbWy5EhRzbaYSvUOzvcKoysstThwNEiy0siQCNeaoQdlOqJGbpl1tFNG03/J8gJmMpG+IqRKmFETaUJ0slno2hExDZ9Px4xihXcn3AdjYY6f2klAZjqelcT5NrrdMGjj9RaHZKvf21WY29GTrPQh8vM9/n7qpwy4XnEp83x63d1YyTPI7ZzRARs6SpnxW1s58xVg4rrTJCI64tWHhjVXLaCov2qaiJoSD+w/x0PlL48GYfG0UTTqGshfPPCAbekjmlyndBUBZbAA76U0Nt6oc/acnaWieu1nmWD+1DgV0MVGykuJshFEZKvQxZ9ck6OD1QuOSjn4gU3kucmxkodBN2lLQziPjBP8DYsUXZVcOIYGDWD1cp+swdN/jMW1ADsCqxioAFUd3dXvfBOTaxr70FQWxE0Xpnvhkiy9nWR5 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AnAgDF7pdbh5m8o0JbHQEBBQELAYUyKINyiHKQKpNhgXqEdwJCgyEZBgYyFgECAQEBAQEBAQEBEwEBAQgNCQgpIwyCNSSCYAMDIwQZAQE3AQ8lAiYCAkUSBgEMBgIBAYMdgWoDFZpMihxvezOCdQEBBYEEAQFqgjwDglEIF3SIQYEyggCBEieCPYgtgleIKIUfQDCNXAmCCY13HViIH4V+jiOCbYRRA4IDTSMVgyeCGQwOCYNFihwBVR8wjl4BAQ X-IPAS-Result: A0AnAgDF7pdbh5m8o0JbHQEBBQELAYUyKINyiHKQKpNhgXqEdwJCgyEZBgYyFgECAQEBAQEBAQEBEwEBAQgNCQgpIwyCNSSCYAMDIwQZAQE3AQ8lAiYCAkUSBgEMBgIBAYMdgWoDFZpMihxvezOCdQEBBYEEAQFqgjwDglEIF3SIQYEyggCBEieCPYgtgleIKIUfQDCNXAmCCY13HViIH4V+jiOCbYRRA4IDTSMVgyeCGQwOCYNFihwBVR8wjl4BAQ Received: from sonic303-27.consmr.mail.ne1.yahoo.com ([66.163.188.153]) by UPDC3CPA07.eemsg.mail.mil with ESMTP; 11 Sep 2018 16:41:51 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1536684108; bh=efy+qsAF4giNeC+TrXXd0DX5z1LRzicKu/1nyCX3awQ=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=VXrCEWtOp6oEKGVUINslX8ZdQjmIcPTMARPbAPI18GnSt8l918yb2AvLSHuvVH8aOUy0vohWnUFGoShvfbulnR/L2rzxIfYafGeKam0tIE3dwuWdJZbEQ7e1F117O2Pc8czwFA+WHJQPsWIV0qA3dus2FESlFnZvVF6Lf4Ed33Pc53KICO6ZwHpi7VvexQ/1t1lxLpVgOo1XFJkkvCRMfvUC8+pvHrNSFuT7BhburdMx/KgYCtBqWvkPVOvH2nDACtL/W31FxbSDRYhOoRFv+10Ir3bo879TrE7jNbMqk3406hqXGf7Y9rnqRTK255J77ffbPPVRYFQ7gfFW9BajMg== X-YMail-OSG: dZ0sr.YVM1nGGlBKGNRWNnGwqGRHXoIiD5OtHBh0_2GwmD.FOvi6aQ0kyzWzIyY VCu4M3bdKyAR1W6SxzhSY6xclqveUTDOfbLAc8EbdnulPkhyPYj7ugYPjdaJsJ8YTjQAu8V2azmi 9lCQjXXvF8HKq2Bp9wNH435Nof3FdrxrH6TpBCwo_YFx.rskYmP40ZiCu4vi0Jzvksld5tHGQiau eiEZh.Qi15vXalFtxLVKLFprZmcLwAh4o0ajnvhAOBdtod9MWodyfKbXqfdo0uCUj3hSCjZcN2Gb aAOdrwMTANL4eReh9cS2Q01SJwwqk7ngWoml8kcz2qLxGk5ejbd5.psdhI2QlNQMZa8avt4B8vKV Vg46YsdWYeL_MeSxaEvZV0hZZQUnkl6p9RdDs46t95pFVuP15w4LiOaufKk96VyRr8YDeoNmoQ.N g8H56_wjYNjPsdhUXjKnLyktQs_Hf8eKsEWCHF4zHhpxehJ2AqnoGNwWQWNs2z5vCFOaNBYI3Lp3 atQpJf.OkuvYtPjEoyWsuTlGWrHcrPwGEwTvoJodZp2FowBeS7yCXx8zGhYMdMTBOATR.koKd_eD oFuoMlqYhSXqriQGKf0rT5169PXAL3yOptqdIQRs5dokPcH4PIkcFrwDLK5OYdDbvRZSGlJvqxyr vue_axLPshAiIy3BNBKRKzGifX3I8Zyxg4aeN7Mq5I5n_Fox02oWiClyrbfmbjbpwabv33J1efrB oYSGEg8_Nxd.3Se29cQz_gDGFXG0ZQo6nGy_rHpYCGT5PJmvdyqfnEQadXmh0lqJqP1mxzlylQAl U8HCvjmXa0JMbi1tZQDKUqVxEol_dm8eKXMclx9UjzENsjwAW.FhUD2yqR2elogMMDv0Gd_m6nXT dRE4ElJYzSha4QnlkgIHDnHja7bbAkG8ezTuhC2wbTrAOfI0hyI7eNA.kW2XCIk45hR16N9QmNkd uWumAng8LpyQemN6qrdv62roK5msqVBdC4XCP_SXzjE6c2p0ppKsHZzmbAjWo4XPEbQ.pLW2TnD5 755LWnvt_gvkK7UTLfy.uQmKER3fDesd_UL3p Received: from sonic.gate.mail.ne1.yahoo.com by sonic303.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Sep 2018 16:41:48 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp429.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID f2752b8eb39fa05cb2b42c74a9e475a4; Tue, 11 Sep 2018 16:41:47 +0000 (UTC) To: LSM , James Morris , LKLM , SE Linux , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan References: X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: <39bcaa18-4c53-f386-5e89-8903a49a3256@schaufler-ca.com> Date: Tue, 11 Sep 2018 09:41:44 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Mailman-Approved-At: Tue, 11 Sep 2018 12:45:04 -0400 Subject: [PATCH 03/10] SELinux: Abstract use of cred security blob X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: "Schaufler, Casey" Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Don't use the cred->security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook --- security/selinux/hooks.c | 54 +++++++++++++++---------------- security/selinux/include/objsec.h | 5 +++ security/selinux/xfrm.c | 4 +-- 3 files changed, 34 insertions(+), 29 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ad9a9b8e9979..9d6cdd21acb6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -228,7 +228,7 @@ static inline u32 cred_sid(const struct cred *cred) { const struct task_security_struct *tsec; - tsec = cred->security; + tsec = selinux_cred(cred); return tsec->sid; } @@ -464,7 +464,7 @@ static int may_context_mount_sb_relabel(u32 sid, struct superblock_security_struct *sbsec, const struct cred *cred) { - const struct task_security_struct *tsec = cred->security; + const struct task_security_struct *tsec = selinux_cred(cred); int rc; rc = avc_has_perm(&selinux_state, @@ -483,7 +483,7 @@ static int may_context_mount_inode_relabel(u32 sid, struct superblock_security_struct *sbsec, const struct cred *cred) { - const struct task_security_struct *tsec = cred->security; + const struct task_security_struct *tsec = selinux_cred(cred); int rc; rc = avc_has_perm(&selinux_state, tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, @@ -1949,7 +1949,7 @@ static int may_create(struct inode *dir, struct dentry *dentry, u16 tclass) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct inode_security_struct *dsec; struct superblock_security_struct *sbsec; u32 sid, newsid; @@ -1971,7 +1971,7 @@ static int may_create(struct inode *dir, if (rc) return rc; - rc = selinux_determine_inode_label(current_security(), dir, + rc = selinux_determine_inode_label(selinux_cred(current_cred()), dir, &dentry->d_name, tclass, &newsid); if (rc) return rc; @@ -2478,8 +2478,8 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) if (bprm->called_set_creds) return 0; - old_tsec = current_security(); - new_tsec = bprm->cred->security; + old_tsec = selinux_cred(current_cred()); + new_tsec = selinux_cred(bprm->cred); isec = inode_security(inode); /* Default to the current task SID. */ @@ -2643,7 +2643,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) struct rlimit *rlim, *initrlim; int rc, i; - new_tsec = bprm->cred->security; + new_tsec = selinux_cred(bprm->cred); if (new_tsec->sid == new_tsec->osid) return; @@ -2686,7 +2686,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) */ static void selinux_bprm_committed_creds(struct linux_binprm *bprm) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct itimerval itimer; u32 osid, sid; int rc, i; @@ -2989,7 +2989,7 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode, u32 newsid; int rc; - rc = selinux_determine_inode_label(current_security(), + rc = selinux_determine_inode_label(selinux_cred(current_cred()), d_inode(dentry->d_parent), name, inode_mode_to_security_class(mode), &newsid); @@ -3009,14 +3009,14 @@ static int selinux_dentry_create_files_as(struct dentry *dentry, int mode, int rc; struct task_security_struct *tsec; - rc = selinux_determine_inode_label(old->security, + rc = selinux_determine_inode_label(selinux_cred(old), d_inode(dentry->d_parent), name, inode_mode_to_security_class(mode), &newsid); if (rc) return rc; - tsec = new->security; + tsec = selinux_cred(new); tsec->create_sid = newsid; return 0; } @@ -3026,7 +3026,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, const char **name, void **value, size_t *len) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct superblock_security_struct *sbsec; u32 newsid, clen; int rc; @@ -3036,7 +3036,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, newsid = tsec->create_sid; - rc = selinux_determine_inode_label(current_security(), + rc = selinux_determine_inode_label(selinux_cred(current_cred()), dir, qstr, inode_mode_to_security_class(inode->i_mode), &newsid); @@ -3498,7 +3498,7 @@ static int selinux_inode_copy_up(struct dentry *src, struct cred **new) return -ENOMEM; } - tsec = new_creds->security; + tsec = selinux_cred(new_creds); /* Get label from overlay inode and set it in create_sid */ selinux_inode_getsecid(d_inode(src), &sid); tsec->create_sid = sid; @@ -3918,7 +3918,7 @@ static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp) */ static void selinux_cred_free(struct cred *cred) { - struct task_security_struct *tsec = cred->security; + struct task_security_struct *tsec = selinux_cred(cred); /* * cred->security == NULL if security_cred_alloc_blank() or @@ -3938,7 +3938,7 @@ static int selinux_cred_prepare(struct cred *new, const struct cred *old, const struct task_security_struct *old_tsec; struct task_security_struct *tsec; - old_tsec = old->security; + old_tsec = selinux_cred(old); tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp); if (!tsec) @@ -3953,8 +3953,8 @@ static int selinux_cred_prepare(struct cred *new, const struct cred *old, */ static void selinux_cred_transfer(struct cred *new, const struct cred *old) { - const struct task_security_struct *old_tsec = old->security; - struct task_security_struct *tsec = new->security; + const struct task_security_struct *old_tsec = selinux_cred(old); + struct task_security_struct *tsec = selinux_cred(new); *tsec = *old_tsec; } @@ -3970,7 +3970,7 @@ static void selinux_cred_getsecid(const struct cred *c, u32 *secid) */ static int selinux_kernel_act_as(struct cred *new, u32 secid) { - struct task_security_struct *tsec = new->security; + struct task_security_struct *tsec = selinux_cred(new); u32 sid = current_sid(); int ret; @@ -3995,7 +3995,7 @@ static int selinux_kernel_act_as(struct cred *new, u32 secid) static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) { struct inode_security_struct *isec = inode_security(inode); - struct task_security_struct *tsec = new->security; + struct task_security_struct *tsec = selinux_cred(new); u32 sid = current_sid(); int ret; @@ -4544,7 +4544,7 @@ static int sock_has_perm(struct sock *sk, u32 perms) static int selinux_socket_create(int family, int type, int protocol, int kern) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); u32 newsid; u16 secclass; int rc; @@ -4564,7 +4564,7 @@ static int selinux_socket_create(int family, int type, static int selinux_socket_post_create(struct socket *sock, int family, int type, int protocol, int kern) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock)); struct sk_security_struct *sksec; u16 sclass = socket_type_to_security_class(family, type, protocol); @@ -5442,7 +5442,7 @@ static int selinux_secmark_relabel_packet(u32 sid) const struct task_security_struct *__tsec; u32 tsid; - __tsec = current_security(); + __tsec = selinux_cred(current_cred()); tsid = __tsec->sid; return avc_has_perm(&selinux_state, @@ -6379,7 +6379,7 @@ static int selinux_getprocattr(struct task_struct *p, unsigned len; rcu_read_lock(); - __tsec = __task_cred(p)->security; + __tsec = selinux_cred(__task_cred(p)); if (current != p) { error = avc_has_perm(&selinux_state, @@ -6502,7 +6502,7 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) operation. See selinux_bprm_set_creds for the execve checks and may_create for the file creation checks. The operation will then fail if the context is not permitted. */ - tsec = new->security; + tsec = selinux_cred(new); if (!strcmp(name, "exec")) { tsec->exec_sid = sid; } else if (!strcmp(name, "fscreate")) { @@ -6631,7 +6631,7 @@ static int selinux_key_alloc(struct key *k, const struct cred *cred, if (!ksec) return -ENOMEM; - tsec = cred->security; + tsec = selinux_cred(cred); if (tsec->keycreate_sid) ksec->sid = tsec->keycreate_sid; else diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index cc5e26b0161b..734b6833bdff 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -158,4 +158,9 @@ struct bpf_security_struct { u32 sid; /*SID of bpf obj creater*/ }; +static inline struct task_security_struct *selinux_cred(const struct cred *cred) +{ + return cred->security; +} + #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 91dc3783ed94..8ffe7e1053c4 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -79,7 +79,7 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp, gfp_t gfp) { int rc; - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct xfrm_sec_ctx *ctx = NULL; u32 str_len; @@ -138,7 +138,7 @@ static void selinux_xfrm_free(struct xfrm_sec_ctx *ctx) */ static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); if (!ctx) return 0;