From patchwork Thu Sep 20 00:21:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10607589 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7E8916CB for ; Thu, 20 Sep 2018 12:34:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6D6532C808 for ; Thu, 20 Sep 2018 12:34:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 605782C9E2; Thu, 20 Sep 2018 12:34:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,NO_RDNS_DOTCOM_HELO,RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from ucol19pa13.eemsg.mail.mil (ucol19pa13.eemsg.mail.mil [214.24.24.86]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 661392C808 for ; Thu, 20 Sep 2018 12:34:32 +0000 (UTC) X-EEMSG-check-008: 625807364|UCOL19PA13_EEMSG_MP11.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.53,398,1531785600"; d="scan'208";a="625807364" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by ucol19pa13.eemsg.mail.mil with ESMTP; 20 Sep 2018 12:34:31 +0000 X-IronPort-AV: E=Sophos;i="5.53,398,1531785600"; d="scan'208";a="16048476" IronPort-PHdr: 9a23:L7rXFxNDyqj08ZdrjuEl6mtUPXoX/o7sNwtQ0KIMzox0L/v4pcbcNUDSrc9gkEXOFd2Cra4c1KyO6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fcbglUhjexe69+IAmrpgjNq8cahpdvJLwswRXTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Qiqp4bt1RxD0iScHLz85/3/Risxsl6JQvRatqwViz4LIfI2ZMfxzca3HfdMeWGFPQMBfWSJcCY+4docDEvYNMeNeoob6pVQBtxu+BQ6rBO/20zNFmnH70Kwn3+g4DQ3KwRErE9YQvHjIqdn4MroZX+Kow6nS1TjNcf1W1zf+5obGfB8urvODU69occfT1EUiGR/KgFqOpoz+JD6VyuYAvnKH4+Z8W++jlWgqoBxxrDi1wccsj5HEi5wPxVDf6yp4wJs+K8CkR057e9GkDZVQtyWEOItsX8gvRH1ntzwhyrIYuZ+2ZzMKx4gnxxHFdvyHfYyI7Qz5VOqIPTh3nmhpd664hxa36EWtzPD3WMqs0FtSsyZIndbBumoN2hDO8MSLVPRw8lm71TqSzwze6+NJLVopmafaL5Mt2L89m5oJvUjdACP7l0P7h7KMeEo+4Oin8eHnb63jpp+bKoB7lBnzMr8rmsyjGeQ4NRUOX3SD9eS8yrLj+Ur5Ta1WjvIsiKnZsY3aJd8Bqq6lAw5azoYj6xGlAzegzNsYhmUIIEhAeBKGi4jlI1DOIPbmAvejm1mgjThmyv/cMrDhH5nBNGbPnbj/cbpn9kJQ0A8zwspe55JQBLEBOvXzWkrpudzDEBA5Nw20w+D6CNRyz48RQmWPArKfMKzOr1CI/fkiI/WMZYAJuDb9LOIp5/j1jXAjg1Mdcq6p3YUPZHCiAvtmO1mZYWbrgtoZE2cKuQw+Q/b2iF2CSzFTYW2/X6A75jE9DYKpF5zDRpyzj7ybxye3BJpWZnpJClqUC3fna52EW+sQaCKVOsJhkD4EWqK9RI8izhGuswn6y7t5LufP9C0YsY/j1ddu6O3OkxEy6SF0A96a02GXQGF+hnkISCMu3KBjvUx9zU+O0bBmjPNDC9NT4fJJUhs9NZPHzux1Fc79VRzbcteOUlamTc2sASstQdIp398Of0F9Fs2/gRDE2SqqBaIamKKPBJw16a/TxWb+J9x6y3rc06khlVYmSNNVNWK6nq5/6xTTB4nRnkqHj6alb74c3C/W9GqY1WqBpltYUA9rUaXdWXAQfFfZosrj6kPFVb+uBqwtMhFdxs6aNqtKdtrpgE1IRffiPNTeZny+m32rCBaG2LyDcY3qe38H0yXFEkgElAIT8miaOggiHCuhpHjeDDN2H1L1f0zs6fV+qG+8TkIszAGFdU5h172o+hMOhvyTUfAT3rUZuCs7rDV0Blm91crMC9WcvwphYLlcYdQl7VhdyG3ZrQ19MYK6L615nFERbwF3s1np1xVtBYVKidIqo28yzApuNaKY10tMeC+C0pD0JLLXMXXy/RCoa6PNwVHRzNeW9bkJ6PQkqlXsphulFkw8/HV7y9NVyWeT5o3WDAoOVpL8Slw3+AVnqLzBbSk94ozV2WdqMaaqrj/Iw8gpC/c9yha8Y9dfN7uJFBT8E80AAMiuM/AqlkOybhICO+BT+qs0MNmgd/ec3q6kIvpgliq8jWtb+IB9zl6M9y1kR+/GxZkFx+2Y0RWdVzfnl1qhrN74mZpfajEPG2qz0y/kBJReZqdqZ4YEFX+uI9GrxtV5n5PtXX9Y9FqnB1wYw8+kYgCdYELn3Q1Xz0gXpmanmSSgxTxujz4ptraf3DDJw+n6aRUHJnRERHN5gFjwJoi0iswVU1Kzbwg1jhel41j1x7RDrqRlM2bTWVtIfzTxL2x6TKuwt6aNY9JI6JMyqylYTOS8YVecSr7yuBYa1yLjH21EyzAhcDGmoJL5nwZ1iGiFNnZ8sGLZed1sxRfY/NHcQf9R3iEaRCVhkjnYGFy8P9iv/dWJmJbOqfu+V3qgVp1VcCnk0ZiAuDG95WJ0HR21h+qzlcH/EQgmzS/70MFnVT/PrBb4Zonkyb66Pv5gfkhmH1L88Nd6FZ1lkocqg5EQw3cajI2P/XUbiWfzLclb2aXmYXoOWzELxcXV7RPm2EJ9KHKJ3IT5WWuBwsd7YNm6eGwW0Don789WEKeU8KBEnSxtr1qgtw3RfPx9kSkFyfQ07n4an/8GuBA2wyWAGbAdA1NYPTf2mxST6NC+sb9Xa3qxfri+00p+h9+hA6+YrgFaRnn5Zo8oHTVs4cVnLFLMzHrz55n6eNnWcN0erQOUkxHdgOhVMp4xkOQFhTZ/M2LnoXIl0/I7jQBp3ZyipIiIMXht/KaiDxFENz31e8MS9ijjjalEmMaaxYevHo9uGj8TRpvnUeqoEC4OtfTgLwuOEz09qnOFFrfEGA+f70lmr3zRHJC3K3GXJH4ZzdB8SxWHIkxQnhwUVi0gnpElDgCq2NDhcEBh6zAf/FH4rAdMyuVtNxTkXGfQuhqnajAuSJeFNBpW9AZC50XLPsOC8uJ/BSZY/oeurAaVMGyUexxIDX0VWkyDH13jMKOu6sfd/OiDHOW+KefOYbKVqeFFTfiH2Zev3pFh/zaWOcWFJmNiAOEj2kpfQXB5HNzUlC4URCAQkyLNbtWbpAun+iFttcCw7ujkVBj05YSRD7tSMNNv+w25gKqYK+GRhDx5KStD1p8Wy37H0qQf3EUViyFobTWtFq4AtSHVRqLKhqBXFwIbaz90NMZQ9K083wZNOcndit7uy7F3kOU6C1ZfWlzngM2pYtYKI26lPlPdGEmLLKiGJSHMw8zvY6O8Sb1RjP1Ttx20uDabD1HsMy+GlznoSxCvK/9DgDucPBxEt4G3agxtBnT7TNL6dh27N8d6jTsozrIugnPHLm0cMT9nc0NRtLKQ6zhYgvZ+G2Bb6HpqM/WEkT6D7+bEMpYWredrAiNsmuJA/ns60KVa4zteRPNpmCvftcVho1C8kuaSzTpnXgJOqixVi4OLp0liP7vW9oVYU3be4B0N9XmQCwgNp9Z9F9Lgob5QytnSm6LoMzpN6cjU/dEbB8naM8KILmYuMQfzGD7VEAsETSSnNWfBiExBiPuS7GGaroAmqpjwn5oDUrtbVFsvFvwEDERkHdsCLYx4XjMijL6XlskI5WCxrBPJXsVVoojHVu6OAfXoMDuZlqdLZx8JwbP+MIQSOZb21FBlall/gIvFAVHQXcxXri1ncAA0vF1H8GJiQW0rx0LldgSt7WcOGvGomx42jQ1+Yfgw+Dr3/Vc4OEDKpCoxkUk2n9XpmzaRfyDtLK2oR4FZFzL0t1QtMpP8Wwt1cQyynUljNDfYR7JQj6Bten1qiA7co5RAAuRQTatabx8M3fuXfekn0UxAqiW7wk9K/fHKCZ9jlAQ2b5Gjt3dA2gJlbN4yI6zfPrFEwUNRhq2UuC+kz+4xwBIEK0YL7mySZDYCuFYUObk+Oyqo4uts5BSZlDRdfmgBTOAlre909kwjIeSA1Djv06RDK0yrMOyfNayZsXDalcGUWlMwyl8Il05d8Lhs18cjclabV0AozLuVDBQHLdPMJxxPYcdO83beZjqBseLIwZ1pJYq9DfzoQfWItKkKnkKuBBwpEJgU7sQdApms11nVItvlLLEf1Rog/xjkJFKBDPRNeRKEji0Ho92hw5Br3YlRPDYdAX9yMS+v/LbYuhcqgOafXNcxenoaRJELNmgxWMKhgCNZo25AAyOp0u0HzAiC7jn8pivUDDn9YNpjZOuUZR12B9Gs/DUz6a62hkDL8p/GPWH1KcxiusPT6eMdv5uGBelYQqV9s0fdnolYRmalU23UHN60OZf/dZcjYcbzCnagXVy1kyg1QNvpPNaxMqiIhhnlRYNOv4mB3zAsK9O9FjAYGxd/vOwC6rhzZQsfbJo/Zh7oqhkxN7elLAeezNquX36nKSFKQPlH0eW6e7tXwjI0bu+9zHsvVIs6zuew8U4JSpEHlRTexfGkZ4lFTyf8BmZdewLUpSoilmhhMOkyzv04wBPSvlkWKyqLe/BxaGxYo9E8AkufLm9sCmolQV+Ql4nD7xWt37AT/itdg81b3fdDsHfgop/VeCisV7CzqZXJryogasAro7F2MYzmOcaGqI/SnjnEQ5XKtA2KTjK6HeJAmtdMOCJYXOVImWY9NMwEvopO91E8WdogKLxUFqYsvKyqZiR5AiIIyy8WSZ+A1iQYguigw7vaiguQcJM6PRwKqpVNmN0dXDJ3YiMFv6KjUp3Wl26dRmgQLgYT9h5A5AUalo9/Zurl+pbHTIdQyz5KpPJ5SjfLGYR1+Fv6UG6WhUP1R+mmk+yswQ1d1uns0sUBVB55F0dd2/5cllE0J7FvN6kQoonKvyeQdUPhoGLi0vapJEVKxM3PcF34EZDFunbiXS0a5X0UX5VAyHXFGZQViQp5Z74hpE9QL4C+Zkb++zskypxyELm2Sc+n21QooWsISiqxD9VBDORmv07NVz1+f5CnspPlNItOQmVI4p2St09ZkFlxMy6+0ZdcMd9C7SMMXDdVvTWQp9+ySMpd2cBoEZMDPtB/tGrjF69ePpievWE2sKT1ynDF4zA8rEu6xDKrFq+kVeJW4XMRFRgyKmSDrkkvE/Es/X3M8lDMtVB0+/lUBqSVgUV2ujZ9EYhEBixV2nC9M1RzUH5Gvv1fKKvPd8xcR+c9ZQOzOxMkD/ErxEqJ8l9onXfifyN9rBNa9D7HUwkySyYVnq/nmScCpcG/JT8aV5VIYC0jbyjfMQKbnjtXvBJFZEF0QJ0ZB8tF+7UH3YtV4sXCSFyjKSceXBB4MQI4y/Vfn1ZZsEqEYSDdERaodfHXvx11Z8iRqsCpLO7+/AhalIzqq/w4+L8FR329ng2hW9beoJHgtteSrEuBaL/4M/GgYX/GVDXMgg2whbYgD5nO4SfTNRFWJIRkxnU/YJjuE2jLMQ5BJ6IBKEpRTbp6ZsleouBGe89kf74E+a1sBhKCXR7vHZKgrflYIVbJRDTeKSqB/va5oY3N8bzXUfLgadCUx3bbX6J3OY936T//G7rx0I9e/E/21u1s9kN8R1jGKTqOrM/9JgMR+cmtalfivoAzHTzIGptwl2Dtxk5YfcoNXyKq6IgYyI9e6HvoTOJ41U7zsPFd97Z68oQ35rFpxt2yJajMNfRbv0hnAgKXBgVx7JktBnZwR3xJaO8LNPjRZbgZjdzpq+3vE6wX8xiV9uxCZNvJOU7Oh86/CiuGRhxchgcBrjwaIRWA2P6ZgaN0Ttylpefh0EI3/1e+NgIGzKxq5Yqc+6qJpfXYYAHNwrUfQajlWN/zoaowtE+I4v0kjrEOcHRvYwK7COgdStIdxmD4wK8xzCIsCM3CEKji+P5CS3I5hijvm415H1gNBvwUGqeE8ppEkWclgezZMccWfbpYlmaIDx6kHacIyWS35CuPPGllnhbO3gnoQWyp8F/5sS94QCXLz9f5kUpZT6K3CllWXyqoP094rTyOMRHwtNXtpaQ68EE2M2LjtNKXl2utIrBXENPlJNyaPyY0oEgbjJorRtygwYobA8ayIM8N8HFiafvT82yrnDFHo6dbgIre5caZ+u7JEnmkjq2araiNxT9Dx3g8o14/8NChOevU692MXfuoy34bTz1jtAvZQx61trvbokgSOUyKzEjLn4gKMctC3XUi10Hm4+8jQMko9AhFE4bNaPwDqSr0ODvuzlaVe8g3WTWG0ztLAlL1FkF1GKcg12Lrp8LFjGre9VIuSIlxcUznmBN2Ap43KUIo8lcXxDQMHRIKaRCBA7GiHV7lIpccVUgfdRSH26C3eqUw3U1zxLOj/vPcbex4B6oQK/lcjw+OnF5AGpIVsK0TW6x8e15D9KHNogjtFonnU+LglXUuKf2/Wtpa/twBt3s+/ga/QAKt6ZZd77kBjpCFbapEYYXRs8B96Edn/iQDditXgBhwlxm5S/wTpPj/4tjHt5ql8uSuW7gjR+UZ8xg5HGp/gIH2gF89vdHbzeFcRZPJiY7n6gBCP2aKuJrG0xl7MecOJIarfLFu9noZIygeI2kDPcGRa/k64i9iLC/f51pcDcMQfdkYJtbCmRhIik31X7Fe7s/bGl6bC4dwcMAl9Gj3xyo28Zs7VObv9jm2KYrZ715TI/NJlD9sm87apOgJ3frSDzAa7mKHZBhz3iOP0IKNC/L3/eWQ1NHUSU0JETMsX4daPjqC9hStRvCpm5XxTgOU9sjzjYowdE2OQnyxnbwFvbhXHO9BiyX72z1eGZ7vh/KRrdWg8mxXtkdIEIxr9x3KBL1fPolnORT/jsSqSFB8BjH+eM7IaBUjo++WxuYQ4+VkKUTyf4gbIggLy7ji83paUhNuSKLqvlaeRe8RY99mR+3fo3BN7YJvMbQPPEScpJP2sjdIsk45DxEzZL82sDNaalHEnBdJVKbspL4AlgwcXMZ9uU9NH2KwJW0/6yPDVaRUl6mRFOcV/y6STqMUVUVoNTlyQxSv2JVhY7Gph+xIsntaniNhp/gnyzlmSwGgti3spqIN3zUg9aqmtDUAv3xKUOGekybOCVVew/UGl6AcC2zt6VakenkMcJPy4KV7JcTn7YQh4W4wYRYkfyIdRumgFifwj7+IAoyIrdJcix6NuNnUYb+1MycSKqw3yQj/SHhlzgjegBFo/XMQQjWu6d8rOISwNMU+yyq2B2fbblcM46JOsMv3r1ILSvU5aU8yiFlkh+y8Y2VZQM3JBnZwlQUvdH9FbIMG7BgWCq0lqiiHs7MA/QwOZjrQVIO/9d+U1eXB3HQmBfJt3HjXveXRhJYtymdkgPty5yuDuTIVbeOOF4dXLzDX14FC2aSqfPips+YaWKN62b+hV7kEKcDl9myojtEifmyB4/xKG1u/Lf9GxbrBVSqhYXOXVP7NcGWWmTs9dEno6k/sZn8waMECjUg9O+3Zi5gUww/mUbUyRCKQrFnAwWoLOuoccAQ3s46jPQcNSbhVL8uRKPNm6/o5CxNYbHLEBiBxDOyeul63m416JnAm5l/1N6Clzg36K8aVUjkNF4LT5spp9Pq1W2OHfHxt1ht/OGF1suPYCVl3reZfboyY297dwdZjh6pNT/5wNWUYvdkJl8o38YCJ1O+SeAzVi5P1IsvY5POfBqubh382d3laX7xRWgb844E3L5ZtQLHINadIthQbQ64hSdouMHmnsOk+KAJ1bx6Uaq+4j9fnosqVaZZO4Xzb9FQ9KGHboRJJgqiwTApmf9WknHn/Pp00bixOoscrCRZ8GoZLXcQaoFzjS7eQlbG2mped/Elguv4Dt+KkA/zN3s64zox3d5df7E2Pej3WAf8vymFkhee7AfP36ZD1AFfkMYcBVeNTTm/Ka7zBEsO5Jy7YforHckpY+qKbyr8xdxiKYzrwVKPO4DbiMfh/5l8ywYUhIsLcyTUs6/fQ396kNE9BoSL2hneSOYoX11fKDPHQWx9OAa6O+X1oDIUMZov96ekKPMZny9Ha6A52umcRmPCZKrSs+xefknlwcojWeQ64g3xjC4AXPBSyN1ctimbFq3PbRG5RNdWgNdI33I3HEwTn6xAggWh0PShMF2/zSpGUMGkfnce/YF7vlkpQF9hWuemxdAYjs7GqD/FyM8BOkP6npZ0cmtZgNi/LSdIfNCiWJ7hzbV8zRv7Xqg0OZRgJ+6MwRp9zYJGPJE0dN0LVwirpwBrqykb0fsGi0KuTZS0ftH5AyuGgs3BXvwfsn/Gfj4X4VazBKpH7WPmHKC0+SjSTXig/C26y/lGlsKFc4L/BcSEUpVYPZzjUDQcSouZlo4KWH2bTnuold5oP15X4EyzzSSgtjKMpHW4LrkGDRfMfCBPbJ2HsmmtSuQGuZ7dM8HvpYqfex/99SuUWBYwKefqcTg== X-IPAS-Result: A2AKAgCWkqNb/wHyM5BbHAEBAQQBAQoBAYFTggIDgQhcKIxni1GBaIJ+lAmBXyoTAYUEgn4hNxUBAwEBAQEBAQIBbBwMgjUkgmADAwECJBMGAQEMIAwCAwkBAUAICAMBLRQBEQYBBwUGAgEBARgEgwCBagMVA5hcihyBajOCdQEBBYEEAQF1gkQDglEIF4pYF4IAgRInDIcqARIBhXeISIVwMY4HCYIMjhIIFViIOYYRjmyHYSJkcU0jFTuCbIIZDBeDRoocAVVPewEBijqCPQEB Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 20 Sep 2018 12:34:30 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8KCYTP4025564; Thu, 20 Sep 2018 08:34:30 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w8K0LbJ9024247 for ; Wed, 19 Sep 2018 20:21:37 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8K0LarM020796 for ; Wed, 19 Sep 2018 20:21:36 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1AcAADe56Jbly0bGNZcHAEBAQQBAQoBAYFRggSBZyiDc4h0i1KBYAiCfpN0gXqEdwJCgnkhNRcBAwEBAQEBAQIUAQEBAQEGGAZMhUUDAyMEGQEBOA8lAiYCAkUSBgEMBgIBAYMdgWoDFQOZboocb3szgnUBAQWBBAEBdYJMA4JRCBd0iWIXggCBEicMil6CV4hDhW4xjXwJggyOEQgVWIg2hgyOaodLAYIKTSMVgyeCGQwOCYNFihwBVU+NbAEB X-IPAS-Result: A1AcAADe56Jbly0bGNZcHAEBAQQBAQoBAYFRggSBZyiDc4h0i1KBYAiCfpN0gXqEdwJCgnkhNRcBAwEBAQEBAQIUAQEBAQEGGAZMhUUDAyMEGQEBOA8lAiYCAkUSBgEMBgIBAYMdgWoDFQOZboocb3szgnUBAQWBBAEBdYJMA4JRCBd0iWIXggCBEicMil6CV4hDhW4xjXwJggyOEQgVWIg2hgyOaodLAYIKTSMVgyeCGQwOCYNFihwBVU+NbAEB X-IronPort-AV: E=Sophos;i="5.53,396,1531800000"; d="scan'208";a="373940" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 19 Sep 2018 20:21:21 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AaAAC15qJbly0bGNZcHAEBAQQBAQoBAYFRggSBZyiDc4h0i1KBYAiCfpN0gXqEdwJCgnkhNRcBAwEBAQEBAQIBEwEBAQEBBhgGTAyCNSSCYAMDIwQZAQE4DyUCJgICRRIGAQwGAgEBgx2BagMVA5lyihxvezOCdQEBBYEEAQF1gksDglEIF3SJYheCAIESJwyKXoJXiEOFbjGNfAmCDI4RCBVYiDaGDI5qh0sBggpNIxWDJ4IZDA4Jg0WKHAFVT41sAQE X-IPAS-Result: A0AaAAC15qJbly0bGNZcHAEBAQQBAQoBAYFRggSBZyiDc4h0i1KBYAiCfpN0gXqEdwJCgnkhNRcBAwEBAQEBAQIBEwEBAQEBBhgGTAyCNSSCYAMDIwQZAQE4DyUCJgICRRIGAQwGAgEBgx2BagMVA5lyihxvezOCdQEBBYEEAQF1gksDglEIF3SJYheCAIESJwyKXoJXiEOFbjGNfAmCDI4RCBVYiDaGDI5qh0sBggpNIxWDJ4IZDA4Jg0WKHAFVT41sAQE X-IronPort-AV: E=Sophos;i="5.53,396,1531785600"; d="scan'208";a="18452140" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa06.eemsg.mail.mil ([214.24.27.45]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 20 Sep 2018 00:21:21 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;f3f7431e-56b8-466c-964b-16f5665f0635 Authentication-Results: upbd19pa13.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic304-18.consmr.mail.bf2.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 171908457|UPBD19PA13_EEMSG_MP13.csd.disa.mil X-EEMSG-SBRS: 3.4 X-EEMSG-ORIG-IP: 74.6.128.41 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BPAAC15qJbhimABkpcHQEBBQELAYFQg2wog3OIFV+NMgiCfpN0gXqEdwJCgnkZBgYwGAEDAQEBAQEBAQEBEwEBAQgLCwgbDiMMgjUkgmADAyMEGQEBOA8lAiYCAkUSBgEMBgIBAYMdgWoDFZl1ihxvezOCdQEBBYEEAQF1gksDglEIF3SJeYIAgRInDIIxiC2CV4hDhW4xjXwJggyOEQgVWIg2hgyOaodJgg1NIxWDJ4IZDA4Jg0WKHAFVHzCNbAEB X-IPAS-Result: A0BPAAC15qJbhimABkpcHQEBBQELAYFQg2wog3OIFV+NMgiCfpN0gXqEdwJCgnkZBgYwGAEDAQEBAQEBAQEBEwEBAQgLCwgbDiMMgjUkgmADAyMEGQEBOA8lAiYCAkUSBgEMBgIBAYMdgWoDFZl1ihxvezOCdQEBBYEEAQF1gksDglEIF3SJeYIAgRInDIIxiC2CV4hDhW4xjXwJggyOEQgVWIg2hgyOaodJgg1NIxWDJ4IZDA4Jg0WKHAFVHzCNbAEB Received: from sonic304-18.consmr.mail.bf2.yahoo.com ([74.6.128.41]) by upbd19pa13.eemsg.mail.mil with ESMTP; 20 Sep 2018 00:21:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1537402878; bh=lDn2TZnl47IkvDsRZQmyI5nIEhttnVnyaZY5OBTFSzA=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject; b=ekQh6UnyJA80hcF2VSecbjRmxRNIMlhSQSXs/Hnswi3Z55CIFpPf5ukXeUSORjx4pfyl/+p9ElYHfPpBvKNr0iyRgaTOQKYqV8UJ/UKHgXN3D+1adc1EKmeGPv5N+hajJXRVb+NzDCt35SUQpevugGl+sAfReihgJ4fnMI5xp+2VZommhHw4UwZ1Fop/4lE4t48Z4K4StsaAK6CcZagtXL3cqVcACqgz+Aptr+iMlOLaQm6IqXPLvpYCx568cCEOiOQYPEIDPJsgI+lghKfbu+InfPq3V6JdpyuJlvVIFD4SHnzKVmHYDKauviRlR1uV2ebqqbzIU5kOIeoCD6Dp+w== X-YMail-OSG: 4GI39OMVM1mQN855hYEBWo71_Q3rRiE3gawxC85cURzPQmTbWDDongljfMPLQLM 50zm.HF7252i.ZF2oVblDAmp3wh1OCbVBKwkbIdTVxD8LxkJ3uGXJ2UCQmZVKRA1KcF1bQ9uLaXc Q6KkGw1uUq1t5ZJAk_tVCtb5fIUWRjLNBj5361RgHSQ9hAdEvjUc7BdV5GQA7nxDEC7Hp8PjODOO hihuUn8IJFLrD4RLR7ouMlgPHIlH5vVr4aVu6nLqOtCJQhtEUdg5fYybRdpX05Cbs.Kgx.z4Pmoe bAx_QcyIwNipk6rfgh0tOs8kjT80BPuQm2v7L3Zo0fbOKscbnNK8UMglfs8WohTf9x_HV1nFrXp1 .nBEEIYk1gIRdw1Viy_mjD__aFGlb7RlbOesIL2kFdIVqIlDdwNE1uVrgJRlsF6D1.B48GIppl_N 4ivLp4LXYQoPUcrR.L5ZNcUdk4IVW9tiKkmNJOc3Yjt33Vvdlbu.mhyFB6exYIyabP_cVUghSWom 6rzaD3jcHy7F5sOXhhDbpd7snwwrUWT.SO9Yc4VQqXXary9aLxzJJ2rFK7eQcFDaLiyoRQ5E4QNO dKpkrVbQuud0qg6ZEogs1U2RojJJxAmYe8NDRdh1FwXjAGlWQEvIqQSfjRchoa1eirMW3KE7uRcf _fxjqjCdjmp4pXhkJasAyfVom_SN_2M9VF3GEds2xz6oBkkB6COD5Fb7WQty4IztlHHAsywDQw7P UcQWaZTojuh1NT.LROdIRROmJslblFQ0tCmJ.s0QE2..yCkvaD1P8.i9yMQh2cRwRLrWEYfOHHFf exSY2F2Ot3fV6VNbUDG9GIORQhu4ALkopB8qaWtq9SNVQkGp0R2U.ba7lzg02W7HQzmkO7djsiV4 HKb7BdHa1IzVxsEDUpsLgqHKEFkZNVxMoSdUJ50EcWoLxTtBNUcbLptUMieRiQNnFU.pbpecJZbx oejGc.mJEZPZvHIrjuNIYlbvasf5sKWzv7_xjGg3JprFZBSo9U90bp66tObjgBTM2vHytTuO2HUn 9QAonj0tqo81aaHzpklp2KYlg7t6H44hS3PVkrZMqYak- Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.bf2.yahoo.com with HTTP; Thu, 20 Sep 2018 00:21:18 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp409.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 6d7aafc99d96b41bd5270f3948311290; Thu, 20 Sep 2018 00:21:13 +0000 (UTC) To: LSM , James Morris , SE Linux , LKLM , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Salvatore Mesoraca References: <748c61cb-b6fa-c36d-a7b3-2315ff6292af@schaufler-ca.com> X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: <95742603-9696-55e5-52ca-0d9950af89d9@schaufler-ca.com> Date: Wed, 19 Sep 2018 17:21:10 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <748c61cb-b6fa-c36d-a7b3-2315ff6292af@schaufler-ca.com> Content-Language: en-US X-Mailman-Approved-At: Thu, 20 Sep 2018 08:30:05 -0400 Subject: [PATCH v3 11/16] SELinux: Abstract use of inode security blob X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP SELinux: Abstract use of inode security blob Don't use the inode->i_security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler --- security/selinux/hooks.c | 26 +++++++++++++------------- security/selinux/include/objsec.h | 6 ++++++ security/selinux/selinuxfs.c | 4 ++-- 3 files changed, 21 insertions(+), 15 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index fdda53552224..248ae907320f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -275,7 +275,7 @@ static int __inode_security_revalidate(struct inode *inode, struct dentry *dentry, bool may_sleep) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); might_sleep_if(may_sleep); @@ -296,7 +296,7 @@ static int __inode_security_revalidate(struct inode *inode, static struct inode_security_struct *inode_security_novalidate(struct inode *inode) { - return inode->i_security; + return selinux_inode(inode); } static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu) @@ -306,7 +306,7 @@ static struct inode_security_struct *inode_security_rcu(struct inode *inode, boo error = __inode_security_revalidate(inode, NULL, !rcu); if (error) return ERR_PTR(error); - return inode->i_security; + return selinux_inode(inode); } /* @@ -315,14 +315,14 @@ static struct inode_security_struct *inode_security_rcu(struct inode *inode, boo static struct inode_security_struct *inode_security(struct inode *inode) { __inode_security_revalidate(inode, NULL, true); - return inode->i_security; + return selinux_inode(inode); } static struct inode_security_struct *backing_inode_security_novalidate(struct dentry *dentry) { struct inode *inode = d_backing_inode(dentry); - return inode->i_security; + return selinux_inode(inode); } /* @@ -333,7 +333,7 @@ static struct inode_security_struct *backing_inode_security(struct dentry *dentr struct inode *inode = d_backing_inode(dentry); __inode_security_revalidate(inode, dentry, true); - return inode->i_security; + return selinux_inode(inode); } static void inode_free_rcu(struct rcu_head *head) @@ -346,7 +346,7 @@ static void inode_free_rcu(struct rcu_head *head) static void inode_free_security(struct inode *inode) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); struct superblock_security_struct *sbsec = inode->i_sb->s_security; /* @@ -1500,7 +1500,7 @@ static int selinux_genfs_get_sid(struct dentry *dentry, static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry) { struct superblock_security_struct *sbsec = NULL; - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); u32 task_sid, sid = 0; u16 sclass; struct dentry *dentry; @@ -1800,7 +1800,7 @@ static int inode_has_perm(const struct cred *cred, return 0; sid = cred_sid(cred); - isec = inode->i_security; + isec = selinux_inode(inode); return avc_has_perm(&selinux_state, sid, isec->sid, isec->sclass, perms, adp); @@ -3028,7 +3028,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, /* Possibly defer initialization to selinux_complete_init. */ if (sbsec->flags & SE_SBINITIALIZED) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); isec->sclass = inode_mode_to_security_class(inode->i_mode); isec->sid = newsid; isec->initialized = LABEL_INITIALIZED; @@ -3128,7 +3128,7 @@ static noinline int audit_inode_permission(struct inode *inode, unsigned flags) { struct common_audit_data ad; - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); int rc; ad.type = LSM_AUDIT_DATA_INODE; @@ -4148,7 +4148,7 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info, static void selinux_task_to_inode(struct task_struct *p, struct inode *inode) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); u32 sid = task_sid(p); spin_lock(&isec->lock); @@ -6527,7 +6527,7 @@ static void selinux_release_secctx(char *secdata, u32 seclen) static void selinux_inode_invalidate_secctx(struct inode *inode) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); spin_lock(&isec->lock); isec->initialized = LABEL_INVALID; diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index cad8b765f6dd..ea1687e737ad 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -170,4 +170,10 @@ static inline struct file_security_struct *selinux_file(const struct file *file) return file->f_security; } +static inline struct inode_security_struct *selinux_inode( + const struct inode *inode) +{ + return inode->i_security; +} + #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index f3a5a138a096..145ee62f205a 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1378,7 +1378,7 @@ static int sel_make_bools(struct selinux_fs_info *fsi) goto out; } - isec = (struct inode_security_struct *)inode->i_security; + isec = selinux_inode(inode); ret = security_genfs_sid(fsi->state, "selinuxfs", page, SECCLASS_FILE, &sid); if (ret) { @@ -1953,7 +1953,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent) } inode->i_ino = ++fsi->last_ino; - isec = (struct inode_security_struct *)inode->i_security; + isec = selinux_inode(inode); isec->sid = SECINITSID_DEVNULL; isec->sclass = SECCLASS_CHR_FILE; isec->initialized = LABEL_INITIALIZED;