From patchwork Tue Sep 11 16:41:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10595927 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6BB35112B for ; Tue, 11 Sep 2018 16:49:43 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5921628CF9 for ; Tue, 11 Sep 2018 16:49:43 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4CBF929890; Tue, 11 Sep 2018 16:49:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,NO_RDNS_DOTCOM_HELO,RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from USFB19PA16_EEMSG_MP12.csd.disa.mil (uphb19pa13.eemsg.mail.mil [214.24.26.87]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 7FEE628CF9 for ; Tue, 11 Sep 2018 16:49:42 +0000 (UTC) X-EEMSG-check-008: 126274102|USFB19PA16_EEMSG_MP12.csd.disa.mil Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by USFB19PA16_EEMSG_MP12.csd.disa.mil with ESMTP; 11 Sep 2018 16:49:40 +0000 X-IronPort-AV: E=Sophos;i="5.53,361,1531785600"; d="scan'208";a="15731451" IronPort-PHdr: 9a23:Q4zUhhOYQLh0vYNoHlIl6mtUPXoX/o7sNwtQ0KIMzox0L///psbcNUDSrc9gkEXOFd2Cra4c1KyO6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fcbglUhjexe69+IAmrpgjNq8cahpdvJLwswRXTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Qiqp4bt1RxD0iScHLz85/3/Risxsl6JQvRatqwViz4LIfI2ZMfxzca3HfdMeWGFPQMBfWSJcCY+4docDEvYNMeNeoob6pVQBtxu+BQ6rBO/20zNFmnH70Kwn3+g4DQ3KwRErE9YQvHjIqdn4MroZX+Kow6nS1TjNcf1W1zf+5obGfB8urvODU69occfT1EUiGR/KgFqOpoz+JD6VyuYAvnKH4+Z8W++jlWgqoBxxrDi1wccsj5HEi5wPxVDf6yp4wJs+K8CkR057e9GkDZVQtyWEOItsX8gvRH1ntzwhyrIYuZ+2ZzMKx4gnxxHFdvyHfYyI7Qz5VOqIPTh3nmhpd664hxa36EWtzPD3WMqs0FtSsyZIndbBumoN2hDO8MSLVPRw8lm71TqSzwze6+NJLVopmafaL5Mt2L89m5oJvUjdACP7l0P7h7KMeEo+4Oin8eHnb63jpp+bKoB7lBnzMr8rmsyjGeQ4NRUOX3SD9eS8yrLj+Ur5Ta1WjvIsiKnZsY3aJd8Bqq6lAw5azoYj6xGlAzegzNsYhmUIIEhAeBKGi4jlI1DOIPbmAvejm1mgjThmyv/cMrDhH5nBNGbPnbj/cbpn9kJQ0A8zwspe55JQBLEBOvXzWkrpudzDEBA5Nw20w+D6CNRyz48RQmWPArKfMKzOr1CI/fkiI/WMZYAJuDb9LOIp5/j1jXAjg1Mdcq6p3YUPZHCiAvtmO1mZYWbrgtoZE2cKuQw+Q/b2iF2CSzFTYW2/X6A75jE9DYKpF5zDRpyzj7ybxye3BJpWZnpJClqUC3fna52EW+sQaCKVOsJhkD4EWqK9RI8izhGuswn6y7t5LufP9C0YsY/j1ddu6O3OkxEy6SF0A96a02GXQGF+hnkISCMu3KBjvUx9zU+O0KZ5g/xcENxc+elJXxw0NZHC0uN6DMryVRjZfteTT1amQMupDi0tTt4rxN8OeUl9Ec24jh/fxyqqH6MVl7uTCZMp7q3c2n/xJ8Bhy3rbz6QhkUcpQtFONWynga5/8RLfB4jXnEWFj6yqb7gT3DbR9GefymqDpFxXUBJqXqXfRn0QekzWrdHl6UzYVL+uFa4rMg1fxs6eMqFKcMHmjU1aRPf/P9TTe3y+m3+qChaSx7OMd5Hne30H0yXHCUgEiBgT/XKcOgciGCituWXeDCZhFVj3eUPj7fF+qG+nTk8z1wyKbFdu17my+h4InvGcSOkc3rEDuCc8sTl0G0y9393OAdqauwVhZLlcYc864Fpfz23WqhZ9Pp2+IKB4nVMRaRh4v0b02xVwEIVAntAgrGk2wwpqNaKYzFRBeiuD3ZD+IL3XLXLy/Ay0Zq7N3FHe19iX+qIV5/Q+sVnjuh+mFlY6+XV9z9ZVy2ec5onNDAcKX5P+SEI39wRkqLHAeSkw/J3U2mN2Maavrz/C3sglBOw/yhavZ91fKr+LFBfuE80GAMijMOoqm1mtbhIAIu9S77U5MNm4ePuc366nJuFgnCipjW5f+oByzlqM9zZgSu7Px5sF3fCY0RebVzf7lletqNz4mYBDZTEUEWqy0izkBI9XZqJoZ4YLDn2iI8qtxtVxn5TtQWJX9Ea/B1Ma38+kYR6Sb13m3Q1MzEgXumKomS+5zzxyjjEoobGS3DfWw+TjchoHO3JERHJ4gVfqP4e0k8gQXFK0YAgxiBul+UH6yrBBpKR4K2nTRVlHfzLqIGFlXKq9raGCY9NT55MzqylXV/68YV+CQL7nvxQayz/jH3dZxD0jdDGlpJP5nwdhhWKeMnlzqmHZecduyhfD/tDcQuRR3jUeTililTbXHkS8P8Wu/diMiZfDtP2xWnm/Vp1VbCbrzZmMtC2l6m12GRe/hey8msX7EQgm1i/2z8FqWj/VrBb4eYTky6W6Mf5nf0VxCl/z8cx6Fpt5kosqi5EawWIaiYmN/XobjWfzNs1W2azkY3oLWT4LxNvV7RPr2EJ9M32JwJj5WW+Fwst7YNm6YH0Z1T4h78xQD6eU9rNElzNvolWktQLRfeR9njAFxPsr8nEah+UJtxQxziWBGL8dB1JVPSrymBSU9NCxsL9YZH6xfrSq0kpxg8yhBqmYog5AQHb5ZosiHSho48VxKlLDzmD86pr+d9nWcdITsQaUngzagOdJLZI9jP0KhTBoOWjlp30q1/Y7jQBy3ZG9pIWHM3ti87mnDR5eNz31e8QT9yrsjalAgMmZwZqjHpJ7GjUERJHoV+6nECoOtfT7MAaDCCYzpWycFbrbHA+f81tmr2nVH5CwKX6YOGMVzc58SxmZJUxfhh0UXTohk5ElFgGq3tHhcFxj6jEf/FH4tgBMyuVuNxXlVWffvgioYC8uSJeDNBpW8h1C50DNPMOE4eJ8BT9Y8YO6oQyKMmyUeQJIDWQTVUyFA1DsJb6u5Nba/+ifHOq+IOPEYa+SpuxGS/eI2ZWv35N6/zaLM8WDJGNiD/o620VdW3B2AN7ZmzIRRCwUjC/Cc8mbpBKg9SJttcC/7O7nWATx6ouTE7FSK8lg+wiqgaefMO6dnCR5KTZY15MUwn/IzLkf3EIMhCx1cjmtEKgAtTTTQ67Kna9XFREbYTtpNMRU96I8whVNOcnDh9P21r94iuA6BkxAVVzmlMGpa9IFI32hNFPHA0aLMaqJKSfNw87pfaO2UadQg/lMtx2spTabFFfuPjKdmDbzUxCiKuJMjCaAPBxCoo69dA1tCWviTN78bB20LsN3hyUswbIonnPKKXIcMT9kfkNXsLKQ9j1Xje9lG2Nd7npoNvKLmyeD7+bFLZYWv+NrAj5qmONa+ng6zaVa7D1cTvxvhCTStsJuo02hkuSX1zVnVxxOqjBWi42VuUViOL7U+YNeVnbe+xIB92KQCw4Fp9F9EN3gp7hQysTTlKL0MDpN7sjb/dUdB8fJM8KKK2AuMQDzGD7TAgoFViCkOn3Ch0xHkfGS6n2UooI8qpfyhJoEUqVbW0AtFvMGFkRlG8QPIIxpUTMgkL6bitMI5HWloRbNQ8Vau4zIWeiJAfXzMjqZi6dLZwcQy7PiMYsTLpH721BlalRigITKGk/QXddRoi1hbg45u1hC8Hl+T2IpwE3pcAWt72EPFfSshB45lhN+Yfgx9Dfr+1o4PUTFpC0rnUYrhNrlny6ecCTqLKiqR4FXCzD4t08rMpP0Wwx1dxG9nVR4NDfYQLJcl6FgdWZqiADAuZtPHvpcTbZcbhEJ2P+Zfekl31NHpyq7wk9H4PfKBoF5lAs2a5KsqWxP2x57Zt4vOaPQPLZJzkRXhq+WpC+nzPoxwAgFKEsW7GOSYjQHuFIWObkiJiqo+ONs6QiDmztMeGgMS/Qqrehw9kM4IeiAyTzv06JbIECrK+OfN7+Zu3THlcOQTFI8zF8Hl0lE/bhz0McsaUmUWlsuzLSPCRsGK9DOKQZPb8pd7HLTZzqBsf3RwZJpOIWwDuXoQvWUtKYXnE2kAAcpH4ID7skaEJijykfYItvjLL4C1BUi+R/rKE+DDPtXZBKBiC0HrN2nzJ9rwYldISkQDn9nMSWq4LbbvAwqjeGCXNc3Y3caQpALOmgwWMKkhy5Tp25AAyWv0uIF1AiC6CfxpiXWDDngcdVjYOmbZRZyB9Gq4zU+87O7iVnP8prAIWH6MM5tut7L6ewBoJaGBOlYTb5ns0fTg4NYXWClU3bTEd6pIJj9c5UsbdvxCnuhTlyzlzc1QNzrMNarMKeInRniRZxIv4mDwDAjKci9GykcGxd3ue4O/79zahMYY5Ulex7oqxoxOLGlLAeezNquX36nKSFKQPlH0eW6e7tXwjIwbuCn1XQgT4s1z+2s/EERQ5EKiw3Ryuy4Z4lCSyTzHGJSexnXryoji2dhLvoywvs4wB7QqVkcKCyLe/Z0Z2xYpNw8HlSSIWhsCmUkWVCci5bD4hS20LAW5SddmMxU0eJdunjkopDfeC6sWLCsqZjNqCUgY8Qpr7FzPID+LMaLr4/RnjvaTJbMqAKFSzK6G+BcmtdOPCJSWONIln09OcwapYpB7lI8Vt0gKLNSCKkjvKyqZCFgDS4V0y8WSZ2M0yAFguihxbTWjBGQf4o+MBYcqpVNnsMdUzJqYiMZvKKjS5/WmHGaRWcWOwoT8ABM5B4aloBqYODl4Y3ITJtSxD5Kuf50VTHLFpZw/VvhVm6WmUT4SOmmk+Gx3wJd1ujs0t4AWB57E0dd2f1blk41KLFzN6kQv5LFsj6SekP8p2Lh0uymJENeycfMbV33EJLFtXbgUi0b4XAUR5VAyHfRFZQIlAp2dbgkqU5QII+8fEb+/Dsky55vH7amScCh30wlomoeRye2D9pBDPlrsFTTWDB+YpCrrpDlN49TQm9W9p2dsU1WkF5xMy6j1JpTN91N4iMWXDdRuzmdu8GySMJb089sE5AMOst/u2v6GK5cPpiRomE5urvrynDD4DAwqla6xDK0G6+jVOJU5GgeFwomJmiErUkvFeQs+H/I8l/RqlB04/tbBr+XgEptujl9Go5BBi1V1XGlKFR+V2JGvPlbKKvLdcxcX/gyagW1Nxw4C/Emw1SD/Vtoknfhfyxyqgxa9jjZXwkvUCkYgqzgmTMApc66Pj8aUYhHbS07byfCKQKUhzxYvApFZ0FtQZAZDc5P+6sH0otM4srCVUGsJDkHXBxjMwI1yv9fmlBDsUqGYyDdDAyodfnVvh1xY8iRsNajLO7l8wdfloPnrOc4+r0CR3yngwKiW8zRopTnttKUqkuBarv3P/e7YX/bQzjGlQqwiqs8D5nW4yjTNxJWJIJ7yXo/b5nuE2zLPRVaJ6IDPUVbSKR6ZM5areBdesBrZrwG+bJ3BhKAXBPgApajrP5cLlbcXT7eNTmO8vSjoYLP6rzQUfDgadaQx3nbQ6J2MJB66SP4G7vzyo9R5E722vZr9kNnRlnLKDiBo879JgwX5MmjeEzivocqHT/MA5d/jmDtxkdeeMoTWSGq944YyJxB4nbqVe14ylTzsPFV97R89YY34apmxtuvKKjOLvRatUtnAhmKCQVw6pUiHnRwR2BLbu8WMvfRcrwTjdrypODvC6wX9BqV9vRcadvAIUHBhsa/BS+HRBxBnQcOszgaIRWA1/+LnK90U8WlpfPj1kIr/Ve+MgYMzKpx6oec5qqIuOjXYgPTzbgDWqjqQNn/oagsu0OW+P0rib8Pem1zYw28E+gdV9UQxnnhzaA01y0sF97MH7P69P5FSX05girqm4phEFUOBvMUAb2L8JxfnmcmgePZMMYbcqRfmmmSFB6kFaQCxWSs6yuNL2lvmgvO3A3oQWOv8F/2qjd1QSnSwNftnEpVUqK6BElIUCqvJ0B4rCmDPAz2u9rroa419l05MnT4tNKRk2usILxXH8n4JN2SPyY0oFYXgYYqRtyo34AbGMayLM0X8H5gcvvU83mrnDNZo6dbm4re5dmY+vDWHXmjjK2arK6AxDJCxXg7ulE/7M6vNvfU692MXfuoy34bTz1jtAvZQx61trvbokgPNkOV1kfLhJcHPspd3Xk/ykHm+PYjT8wu+wlEEYbAffwCryjpODTo2Vaff843Vi6G3jtPGVL1FUN3GLIy2WL3uMLJm2zd+1gvRol3bEzomwB4D58/KUI281gXwywDEQcXZRCcFrGoClzvLZEYWkgbdRSHwL+6d7853UJtxrOv5ffTYvJnCqsMN/ZdiwuOk0ZBGpISr6ISWrV8e0VS9KTPvAjtF5DnX+T6lXo3LfC0TNha8doYt3Q+/AmyXB+g6ZZf77YBlp+EbKlEYYLDvMpk9Udo+SYPdjBRgBh4lx65VuQcq/7479jDtJqn8P2uVLosR+oL6xg0HXpxgIXqjFAlv97Xy/9WSpfJhoTn7ABNP3mKtZ7e0xl9L+oONo2qcK9k93UGPCgeO2kOMMGXa/Ym5S9tNy/f51tYAsMDfdkYJtbCmRhIik31X7Fe7s/bFUWEBIdzdsAo6W33xSsr8Zs9VObv9ju2JZHZ71FQMPJPliJslMjNpOIN2/rdFDAX4WWFaxhy2i6CyYOCC/X3/eqX09zUSlUGHjI2U4daOTqC9gynRvavmJXvTAyU9tf5gIgie0KIWnyxgKMFv75XEe5OjyX0wjlTG4PuivKLrdWs8mpXt1xAEIZ19xHFHrtQPokocSj/w+2QYwAoAir5ZdGRbRclpfCX2vZJ5uJyKk/zTZEULwhCyL/g73dRCAx0R+iy9nSQWO8KLP5hUunFtTgB64dnMbUOJ3CbrZnnr3FPsl9gREcNS5sV5mhed0/TjEhWVrzytboolAQRS5h6tFVKFGb2P3gxsX6PbokdqKiXFexdpi6eSq0ITlVALjJ1QxTz3o5nPbSug6YD+kFBniU1gv8q2jp9SR307S/rp6RL2zUg8bejuTMpsnVDSeOfmC7MT15EyaJOxYQRBm2qwlu7YzFXb4b/+7JgIsfI/ok75HE+fBBleDcJC6DoNyzslL6PSqyGtt5VzEqVtcPBcL61aCsfLLIwzTriAnx6zAWYhx9r7XECBDOtqt08csH1Ac84wmKNHm/BeR5Y+qpUtOPpvEMPCe4xbklshm5k157DDhYRSdTPFmB9tQ0tbWFJYdoX8hMBP7U5iTaP+K9d90cbZymCVszv/ojWgNeN12IxQMlnwkrIqaCfwJAnynton5Vz9CHE8CAWdurFQ4piGXT+yIpb4fLxau/rse0dToZijrO7X6lGeuCn9Hu7yd1GXUW/x6UXGRLtOeMEzK3aQi6jYWKdUOWPNWOLmmBqHFT14EyDJ0Y6eY9xpE80L+XGi4QUwwboSr5lbj6bpVbGwmguK6YRfkQ9v4LxKF9Cd/IYe+XJfbtm+/Y5ElZZKi6RR3EkAvKqsVOrgIlwMmlh5kO/e+n27wT6K4HOQUs5KaLx9bVJ0KTlAG+MPGRvihh7PU0y8ubbRDFT/vREfcO3mt7dz89+zfZDb+1kZCY0odMCsplo6YCJ3sOHa1Tax9D5ItSGx5rQGOXRmmItfGwSSb8FeUXw7oQ+MMQ+XujYFKBUrDwHDqgzXZIlOn20/6gyJwR2IWuzLK+sjJzMoeSGLoBRu2eQ7l80K3LEvAYfz/WvUQFhR4utgXT5e8hsA2ge6dZqDABjBs1KEsIE6QyqWtiFkaG8jJm6/EYp3o1CvanxD6XS3c+il8VqXpdc7FCWJjuZGqRxg0pkg+jzyvfN25X8E4XjLPsVXeh8RSjObbrL X-IPAS-Result: A2BRBwDI8Zdb/wHyM5BbHAEBAQQBAQoBAYNLA4EIXCiMZItEgWiCfpN1gV8qEwGFBIMFITgUAQIBAQEBAQECAWwcDII1JIJgAwMBAiQTBgEBDCALAQIDCQEBQAgIAwEtFAERBgEHBQYCAQEBGASDAIFqAxUDmkGKHIFqM4J1AQEFgQQBAWqCOwOCUQgXiTWBGxeCAIESJwyCMYR5ARIBhVUijgcwjVwJggmNdx1YiB+Ffo4jh04hZHFNIxU7gmyCGQwXg0WKHAFVT3sBAYskgj0BAQ Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 11 Sep 2018 16:49:39 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8BGnb1h023253; Tue, 11 Sep 2018 12:49:38 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w8BGgWBc031960 for ; Tue, 11 Sep 2018 12:42:32 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8BGgScu023093 for ; Tue, 11 Sep 2018 12:42:31 -0400 IronPort-PHdr: 9a23:dAcn6hf+JdxzMARTU7EYu/u+lGMj4e+mNxMJ6pchl7NFe7ii+JKnJkHE+PFxlwWSANfm095v0MHumvi/H2EN5I2O9nULcZgKUh4B2o0NhwJ1JsmDBAXgKeLyKTQgFZFJXURo7lmgOkhcBcj6akeXqXT05jkXSV3kLQQgAOPzF8bJitivkeW7+pndeQJN0TG0er5jBA69rQzMuM0bm85pI+A6zR6a6mBQdbFwwmVlbUmWgw665sq0+8t79D9Mvvs668Naeb79eaUzFuQESW55dWsy4tbur1/GRAqLoH0RCyMHmxpPBE7O6xSpFpvysy6vruNmw2HaJsz5S7koRC6vp7lmUh7miSoLdnY5/Wjbh9Y2jfdzsRuhoBs5yInRbQ== X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1AaBAACrpdbly0bGNZcHAEBAQQBAQoBAYNLgWcog3KIcos/gWAIgn6VVYR3AkKDSCE4FAECAQEBAQEBAhQBAQEBAQYYBkyFRQMDIwQZAQE3AQ8lAiYCAkUSBgEMBgIBAYMdgWoDFQOaDoocb3szgnUBAQWBBAEBaoI+A4JQCBd0iD+BGxeCAIESJwyCMYgtgjUijgYwjVQJggiNdB1YiB2Fe44Yh06Bdk0jFYMnghkMDgmDRYocAVVPjhoBAQ X-IPAS-Result: A1AaBAACrpdbly0bGNZcHAEBAQQBAQoBAYNLgWcog3KIcos/gWAIgn6VVYR3AkKDSCE4FAECAQEBAQEBAhQBAQEBAQYYBkyFRQMDIwQZAQE3AQ8lAiYCAkUSBgEMBgIBAYMdgWoDFQOaDoocb3szgnUBAQWBBAEBaoI+A4JQCBd0iD+BGxeCAIESJwyCMYgtgjUijgYwjVQJggiNdB1YiB2Fe44Yh06Bdk0jFYMnghkMDgmDRYocAVVPjhoBAQ X-IronPort-AV: E=Sophos;i="5.53,360,1531800000"; d="scan'208";a="366485" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 11 Sep 2018 12:42:31 -0400 IronPort-PHdr: 9a23:QwGMZR90aRJ28f9uRHKM819IXTAuvvDOBiVQ1KB+0e8fIJqq85mqBkHD//Il1AaPAd2Eraocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze+/94HRbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDtU7s6RSqt4LtqSB/wiScIKTg58H3MisdtiK5XuQ+tqwBjz4LRZoyaM/hxcbndfdMdQmpNR99dWjBPD469cocDFvYNMftFpIX5uVcCsR6yCA+xD+3t1zBInGf707Ak3eQvEQ/I3wIuENwBv3vWsNr7O7wfUfy3waTS0TnPc/1b1DX75YPVch4hu/aMXbdofMfP00YvDB3Kj1WNooL4IzyV1v4Cs3WV7+pkS+2vkXMspgZtrTe13ccjlInIi5kOyl/Y9SV22ps1JdO8SEFle96oCYdfuDuAO4RqRcMiRnhltSAnwbMFoZ62ZDYGxIkoyhLFdfCKfJKE7gzhWeqLLjp1hGppdbO9ihqo7ESty+nxWtO13VtKtCZJjMfAu38L2hfO8MaIUOF98V2k2TuX1wDc9OVEIUcsmKXVMZAvzKA9m5QNvErZAiL6hET7gLWIeUo6/+io8Ovnbq/jppCGNo90jhvyMqEvmsy7Geg4Mw4OUHaH+emkyrHv4EL0TK9UgvA5iKXVrpLXKd4Uq6O5GwNV15ws6xe7DzeoytQYmnwHIUpZdx2dlIjmJVHPLevjDfijg1Sjiiprx/7CPrL/GJXBN2TMn637cblh7E5czRI/zcpD6JJMFrEBPPXzV1fqtNPGCh85Mgq0w/voCdhmyoMfWX6AAq+eMK/It1+I/fggL/ODZI8SpjauY8QistrVqDdtnV4bYLnsxpYcdWq5AuUjJkKVfH7hqskOHH1MvQckSuHuzlqYXmgXL1S7Wq8nrhQ8EpinFs+XRIWqmqaAxw+9F5hbZyZBEF/aVT/MVKGhE6MIaSSPMopinyYCWLyJVYAsz1etuRX8xr4hKfDbrGlQjr+r8Nlz+v2bwQo/8T1yEtS1z3CGT2YymHgBATAxwvY76W56ylHL8694ivpDGNobs/FOUgF8N5ncxuphBtbaUQvHedGIQ1+iBN6hBGd1BvE8zsRGSEF6GJ32jR3OxCGtBLw9nLyRA5k176ea2GL+cYI193vaz7Qmx3kvRMdGfTm+i6hw6gnVQo3EiUOUk46rMKAbwiOL726A0HCH+kdVFgxoB+GNZXkCYgPzqtPj6wuWV7azDZw/OxZFjMuFLbFHLNbuiAMCDMz/NczebmT5oGK5ARKF1/vYd4bxU3kM1yXaTk4fmkYc+mjQcUB0AianvnKbAidiGEziZ2vy/uRk7nC2VEk5y0eNdUIrn+6x+xgIlbmSUP8ewL8AkDkupi8yH1un2d/STd2aqFwlNIxYbMMw8R9r0mjDth10ONT0JqxljEQfYg1xl0zr3hRzTI5HlJ55gmktyV9ZILmVwRt6fDORwJ70N6effmL75x2+Q7Xd2ljD3tKb4OIE4bIzrFC171LhLVYr73gyi4od6HCb/JifSVpKC8ijW1sr9xV8u7DRazU84IWRz3B3LK2oqWWZhoAUPMcOkT2YVo8Adq6JERT9VcgTBszoLe0uyBCydhxRGudU+eYvOt++MeOc0fugNf1tjRq9hmRO/Y5531jJ/CM6QenNjN4e2//N+AyBWn/niUu59MX+mIRKfzYXS2G20iX1LJVaZqRvc4IGEyKlKou8wdAtz4X1VSt+81iuT0gDxNfveReWaAnl2hZM0E0MvXG9sTC/yT1/yGl16/DAmifJxf/nblwCM29PAm9v1BH9KIiziJYRW037JwQqlR7w/U/h3OAbv6VwKWDPXF1FNzb7NWBsU6a89/KCbsdD5YlusHB/Qe28ZlfcQbn4rg== X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0DTAQBg75dbly0bGNZbHAEBAQQBAQoBAYNLgWcog3KIcotEgWiCfpVbhHcCQoMdITgUAQIBAQEBAQECARMBAQEBAQYYBkwMgjUkgmADAyMEGQEBNwEPJQImAgJFEgYBDAYCAQGDHYFqAxUDmkqKHG97M4J1AQEFgQQBAWqCPAOCUQgXdIhBgRsXggCBEicMgjGILYI1Io4HMI1cCYIJjXcdWIgfhX6OI4dOgXZNIxWDJ4IZDA4Jg0WKHAFVT45eAQE X-IPAS-Result: A0DTAQBg75dbly0bGNZbHAEBAQQBAQoBAYNLgWcog3KIcotEgWiCfpVbhHcCQoMdITgUAQIBAQEBAQECARMBAQEBAQYYBkwMgjUkgmADAyMEGQEBNwEPJQImAgJFEgYBDAYCAQGDHYFqAxUDmkqKHG97M4J1AQEFgQQBAWqCPAOCUQgXdIhBgRsXggCBEicMgjGILYI1Io4HMI1cCYIJjXcdWIgfhX6OI4dOgXZNIxWDJ4IZDA4Jg0WKHAFVT45eAQE X-IronPort-AV: E=Sophos;i="5.53,361,1531785600"; d="scan'208";a="15730823" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa06.eemsg.mail.mil ([214.24.27.45]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 11 Sep 2018 16:42:30 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;62639a38-5872-470b-9076-df4c954fdf6c Authentication-Results: UPDC3CPA07.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic304-27.consmr.mail.ne1.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 41881426|UPDC3CPA07_EEMSG_MP23.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 66.163.191.153 X-EEMSG-check-002: true IronPort-PHdr: 9a23:kRbmMxBpRmtSBVjyjW89UyQJP3N1i/DPJgcQr6AfoPdwSP35rs2wAkXT6L1XgUPTWs2DsrQY07WQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmDiwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VC+85Kl3VhDnlCYHNyY48G7JjMxwkLlbqw+lqxBm3oLYfJ2ZOP94c6zaf9wVX2pBXsFWVyBYG4+xc4UCAuscMepBs4XxukYFoR+gCQWwAe/izCJDiH3r0q0gy+kvDB/I3AIgEdwNvnrbotr6O6UOXu6616TI0TfOYulK1Tvh5oXFcBYsquyMU7JqdsrRzFEiGh3fgVWLt4PkPy6e2PkRvGib9eVgSOyvi2o5pAFrvzOiwdsjhZPSho0LylHJ7j55z5o1JdKiVU57b9qkH4VKty2DK4R5WNkuTH1vuCY/07ALv4OwcisSyJk/xhPSauaLf5WJ7x/tTuqdPDN1iG9/dL6ihxu//1Csx+z+W8WuzVpHry5InsPNu30NzRDf9NaLR/R780y8wziAzRrT5ftBIU0slarUNZohwrkom5oItkTDGC72l1n4gaOKeUgo4/ak5ub9brr6oZ+cMZR0igTkMqg0n8ywG+U4MgwUU2id5+uwyafv/E3jT7VKif02lbPVv4zdJcQevqK5AglV3Zg/6xunDjqr0c4UkWQGIV9LYh6LkozkN0zULPzlDfqyjUygkDJxyPDHOr3hDI/NLn/GkLr5Ybly8VVcxxQzzN1E/JJbFrEBL+juWk//sNzXEAU5PxWozOn9EtlyyoQeWWeXDq+DLKzSqUOI5v4oI+SUf48apjL9K/kj5/7zgn40gkMdfKm10psXb3C0BPJmI16Dbnb2jdcBFnkK7UICS7nOs3jKBTpSYWuiGrkx7SwhCZ63SILESp2pjZSf0yqhWJ5bfGZLDhaLC3i+M82mUvIBc2q3JdV7kydMAbqkTJU71AqGsgb/xrshKfDbrGlQkbHH8ZAh4+zViAF39jFuCcmZ+3+CQnsynW4SQTIymqdlrho5gmyumYx5heFIXYhI6vdIVBoqHYLNxOx9TdbpU0TOecnfDB6ERdWgSRM2Tts32NIIKxJ/HNWkyBLE3yOsGLITv7eCApsy86nV2z76IMMrjz7l2aQ6x3IhRcgHYW6ri7V08A/QL4XJiUKclruvM6MG03iJvFuO0XGTuwl4WQh8WO2RRX0ZaVbXq5H661nEQruGCPEjNRVMj9WLKbZQY5vvgBNEXKGncOzXfmb5vmC3HxvAkquFcY7CY2wA2GDYD08enkYY+nPQcUAFGiq5o2/YRAdrHFbrblKkpfJys1unX0Q0yEeMdEQn2L2rrFpdz/idTe4Dm7wftCo/pjFcAlmwxZTVBsCGqg4ne79TK5tp5FZByHKcuRdxM4KtK4h8iVMENQd6pUXj01NwEIoW1YADqH46wRs6BaWSylJQfjXQiZn8PbfNK3j7+jigbqfX3hfV19PAqYkV7/FtgFz4sRDhLUEi+mhp19RPmy+X747HHSIJWpL4T0gz+gI/rLicaS44sdCHnUZwOLW552eRk+kiA/Eon1PwJ44OYpPBLxf7FoghP+brLeUrn1azaRddbLJJ/649Is2ieuHD06ftN+Flzmr/0TZ3pbtl20fJzBJSD/bS1s9VkeqT3gKaWTPxlhKqu4b8noUWPWhPTFr68jDtActqXoM3fYsPDjz/cdawwNR13MaxHiQHslWkAUgDwomscBuWKVrwhEtB3EQQpjqsni7qlzE= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0ApAgAu8Jdbh5m/o0JbHQEBBQELAYUyKINyiHKNLIJ+lVuEdwJCgxMZBgY0FAECAQEBAQEBAQEBEwEBAQoLCQgpIwyCNSSCYAMDIwQZAQE3AQ8lAiYCAkUSBgEMBgIBAYMdgWoDFZpKihxvezOCdQEBBYEEAQFqgjwDglEIF3SIQYEyggCBEicMgjGILYI1Io4HMI1cCYIJjXcdWIgfhX6OI4dOgXZNIxWDJ4IZDA4Jg0WKHAFVHzCOXgEB X-IPAS-Result: A0ApAgAu8Jdbh5m/o0JbHQEBBQELAYUyKINyiHKNLIJ+lVuEdwJCgxMZBgY0FAECAQEBAQEBAQEBEwEBAQoLCQgpIwyCNSSCYAMDIwQZAQE3AQ8lAiYCAkUSBgEMBgIBAYMdgWoDFZpKihxvezOCdQEBBYEEAQFqgjwDglEIF3SIQYEyggCBEicMgjGILYI1Io4HMI1cCYIJjXcdWIgfhX6OI4dOgXZNIxWDJ4IZDA4Jg0WKHAFVHzCOXgEB Received: from sonic304-27.consmr.mail.ne1.yahoo.com ([66.163.191.153]) by UPDC3CPA07.eemsg.mail.mil with ESMTP; 11 Sep 2018 16:42:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1536684124; bh=4ClzVXf1c1vpYtXQSRli2QiS1/B1yPxp/XJLpx83RE4=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=NOQLHU2WEBVGd+KCIdBFuayYNSCLu+XTn9qEt735RL789OIiAHNfySu7yZrEAdGe3OVms54e2Lc1BSdS536uCvdM2pvueoV0UOxaRlIYg0iVcB+nU3/ngkhIlNUQa7Hy1Y67I0gD6HiVOci3Vh4qFBs3UTNrTCL3WZyqHNzqNCw9EBNSKte020XmIikkqW7hMChS7FUk2J15AAi33gvKB1mxLpCWX7hgWpqbMr0IIbQxhyuuxchwZivxhGT3bYzVCOmrXVsGYYiMVAf4KJM/v+zg93AEqfpYNOL9i40MpgRUxoqmK7Q4GEer5CX/UOrZKPEJurjrTorJ9VePDx1mag== X-YMail-OSG: 6ZDxm_0VM1koAFi1MIitN0syDJYKOHQjoEBj8xwz7BqTDz7LZlQBNNfr5TC3iyl I7EViKe8ulHTTBwDsjFFtBenJ0Ebr8lGHA33UBKVZRhLYoc5H5iqb.dMJHUvKup8JvxTJlZ0MsGx vCcOB96dj9TYamQuN2aZ1tIO60ewN1r3qDFaoBG6.1byoGFqo5NiFufPITazp3ISeB6JXmTFXVwE ZoJqhUqhNKdISy870gvMxeN_8SL5fbT3J3884WinIfuZVw.egFUhWitljZF1nna2CC5cevZvLcds k3dYX4CPDJLkTHdQhrAE8DLjTSnw0mIkhp8IPQEjXZpvQyLDTBTuNYQNciGAHP9T8S88SWqMUFr5 edhhT.NMF63y5DYp.5fduj2c5uoDIlQ.lUeSCgYdg6IzmyfHcUmaDl4ZHkG_XoAh_ew2_gfLpVz. AtVBZZLJBzUDsVeklQYsSjxqiasbaXJntQ4ke4ZG6quG2J2UwpyovU9wA2GjSvTSXFOiIViw5qac ZFlFT.UwksTqeCtuGxzi5Fyd67khNh4a1qoRk1IAgTeNfTMte26IPFvG1ysJXoUmMaAAYR.NBsGt RV6xemUByGDwv4oTlJ_f3_Y_qEGTHoY1dQeASPfKdKqDcfPh0tDjQeXiORku9hbyvpUMYmPU9bq. s1K8lRpTMQAFPg8Bo7UwwbTmtc4AxiR38ccfII394ITosOfoLd0JRBANBfNfvvH7RGmUkqBcgxrO X_HFL05IAs9xEF5dADzzpuW64o4XXy_tJ_UGwi3yQ.etfHtNKpXWckPCOfwgUQLDFw5Xpm6IXprk Va9zDmRxlVQL.dGduRp68yqEZx55bUJdFjZdzGEQQeaZG4spXqTfjgLnoGE4.n0aqBAR0kPyBxvK Cfphi8lfiG8xR3LjkS6IBtK8i2i.KeLVnHfJCRHK93yX8leI8ar0BNJTXEa3ylE93PVVVmisoL89 nt3iY8wgwTnJGLznmWUck9yB37Yed5t7.dUyZC9UdGoXosFFdTlKvAZuCRyDkkPtOJWqx11fw6ut ShS6rfinXqeyEI0e729ygTYWP_Gy8FiAnQ9KQ Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Sep 2018 16:42:04 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp415.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID fa9305f2bb603b002ee5198a503b0a13; Tue, 11 Sep 2018 16:42:01 +0000 (UTC) To: LSM , James Morris , LKLM , SE Linux , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan References: X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: <65bccad6-5669-9f4a-a645-35e0da301817@schaufler-ca.com> Date: Tue, 11 Sep 2018 09:41:58 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Mailman-Approved-At: Tue, 11 Sep 2018 12:45:04 -0400 Subject: [PATCH 05/10] SELinux: Abstract use of file security blob X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: "Schaufler, Casey" Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Don't use the file->f_security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook --- security/selinux/hooks.c | 18 +++++++++--------- security/selinux/include/objsec.h | 5 +++++ 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9b49698754a7..94b3123c237b 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -397,7 +397,7 @@ static int file_alloc_security(struct file *file) static void file_free_security(struct file *file) { - struct file_security_struct *fsec = file->f_security; + struct file_security_struct *fsec = selinux_file(file); file->f_security = NULL; kmem_cache_free(file_security_cache, fsec); } @@ -1880,7 +1880,7 @@ static int file_has_perm(const struct cred *cred, struct file *file, u32 av) { - struct file_security_struct *fsec = file->f_security; + struct file_security_struct *fsec = selinux_file(file); struct inode *inode = file_inode(file); struct common_audit_data ad; u32 sid = cred_sid(cred); @@ -2224,7 +2224,7 @@ static int selinux_binder_transfer_file(struct task_struct *from, struct file *file) { u32 sid = task_sid(to); - struct file_security_struct *fsec = file->f_security; + struct file_security_struct *fsec = selinux_file(file); struct dentry *dentry = file->f_path.dentry; struct inode_security_struct *isec; struct common_audit_data ad; @@ -3536,7 +3536,7 @@ static int selinux_revalidate_file_permission(struct file *file, int mask) static int selinux_file_permission(struct file *file, int mask) { struct inode *inode = file_inode(file); - struct file_security_struct *fsec = file->f_security; + struct file_security_struct *fsec = selinux_file(file); struct inode_security_struct *isec; u32 sid = current_sid(); @@ -3571,7 +3571,7 @@ static int ioctl_has_perm(const struct cred *cred, struct file *file, u32 requested, u16 cmd) { struct common_audit_data ad; - struct file_security_struct *fsec = file->f_security; + struct file_security_struct *fsec = selinux_file(file); struct inode *inode = file_inode(file); struct inode_security_struct *isec; struct lsm_ioctlop_audit ioctl; @@ -3823,7 +3823,7 @@ static void selinux_file_set_fowner(struct file *file) { struct file_security_struct *fsec; - fsec = file->f_security; + fsec = selinux_file(file); fsec->fown_sid = current_sid(); } @@ -3838,7 +3838,7 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk, /* struct fown_struct is never outside the context of a struct file */ file = container_of(fown, struct file, f_owner); - fsec = file->f_security; + fsec = selinux_file(file); if (!signum) perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */ @@ -3862,7 +3862,7 @@ static int selinux_file_open(struct file *file) struct file_security_struct *fsec; struct inode_security_struct *isec; - fsec = file->f_security; + fsec = selinux_file(file); isec = inode_security(file_inode(file)); /* * Save inode label and policy sequence number @@ -4002,7 +4002,7 @@ static int selinux_kernel_module_from_file(struct file *file) ad.type = LSM_AUDIT_DATA_FILE; ad.u.file = file; - fsec = file->f_security; + fsec = selinux_file(file); if (sid != fsec->sid) { rc = avc_has_perm(&selinux_state, sid, fsec->sid, SECCLASS_FD, FD__USE, &ad); diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index db1c7000ada3..2586fbc7e38c 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -167,4 +167,9 @@ static inline struct task_security_struct *selinux_cred(const struct cred *cred) return cred->security; } +static inline struct file_security_struct *selinux_file(const struct file *file) +{ + return file->f_security; +} + #endif /* _SELINUX_OBJSEC_H_ */