From patchwork Sat Sep 22 00:19:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10612371 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 695C414BD for ; Mon, 24 Sep 2018 12:30:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 57A3F29EAB for ; Mon, 24 Sep 2018 12:30:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4B48929EB5; Mon, 24 Sep 2018 12:30:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,NO_RDNS_DOTCOM_HELO,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from upbd19pa12.eemsg.mail.mil (upbd19pa12.eemsg.mail.mil [214.24.27.87]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 5046B29EAB for ; Mon, 24 Sep 2018 12:30:23 +0000 (UTC) X-EEMSG-check-008: 159496104|UPBD19PA12_EEMSG_MP12.csd.disa.mil Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by upbd19pa12.eemsg.mail.mil with ESMTP; 24 Sep 2018 12:30:20 +0000 X-IronPort-AV: E=Sophos;i="5.54,297,1534809600"; d="scan'208";a="18575234" IronPort-PHdr: 9a23:OD1Dph9HAyEcnP9uRHKM819IXTAuvvDOBiVQ1KB61OkUIJqq85mqBkHD//Il1AaPAd2Eraocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze+/94HRbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDtU7s6RSqt4LtqSB/wiScIKTg58H3MisdtiK5XuQ+tqwBjz4LRZoyaOuB+fqfAdt0EQ2RPUNtaWyhYDo+hc4cDCuwMMuFaoIbnp1sOqhy+CRC1CO7zxDJFh2L60bQm3+g8DArK2BIsE84LvHnSsd77NrodUfqtwafWwzXNb/BY1znz54fHcB8vvOmMULBtfcff1UYhGB3Kjk6LpIz5PT6YzPgBv3SV4uZ+U++klm4pqxt2ojiq3sohlJPGhpkLxVHE6C533Zo6Jd2iR05mb96kFIVftzuHPIZxXswtWXpotzg6y7Adop60YCgKx446xx7Rb/yIbZKI7gv/W+mLOzt3mHVleLemihu07EOuyfX8W9Gp3FtFoSdJiNnBum0X2xDN5cWLVOFx8lq51TuO1Q3f8PxILEEwmKbBKpMswqQ8moQNvUnMGCL9hV/4g7WMdko+/+il8+HnYrL7qZCCL4J0kQT+Mrg2msy4HOQ4LhACX2iF9uS4073u5VH5T69Qjv03j6nZq4rWJdgbp6GlAw9V1Zwv6xCjADe9zNsUh3wHLFNBeB6fjojpPU/BIOzgAPuijFmhny1nyvDbMrH7HJnAIWbPnK38cbpl7k5T0gszzdRR55JODbEBJer+WlTvu9zcDx85NRG0wun+BNpm0YMeRGSPDbOHP6PJqlKI+uIuLPWMZI8Sojr9LeMl6OT0gX82nl8dY7Gl3YELZ3CgAvRmP0KZbGLugtcGF2cFpBY+TOzwh12ESjNTZXGyX6Q55j4hE4KmEZnMRpq2gLCb2ye7BJJWbHhcCl+QCXfoa5mEW/AUZSKQIM9uiCALVbu6S48m0xGutRH6xqFpLurQ5y0Zuons1MVz5+3PiBE+7zt0D96S02uVVWF7gnsIRyMq3KB4uUF90kmM3rNmjPxeFNxT+/RJXxw7NZHC0eN1Fcr+WgXbfteGUFymWMmpASktTtItxN8De1tyG9KkjhDFwiWlHbsVl72QCZMu7K3cxX/xK9x6y3bc26krl0MmTddXNW26mq5/8BDeCJDRk0qDjaaqdL8c0TXV9GiZ12qOvVpYUBZ0UarfQX8QeFHardPj5kPNV7WuE6goMhNdyc6eLatHctPojVRCRPfmJtveeXm8m2muChmVwbOMdpDle30H3CXaCkgLjRwc/WqcOQg5HCehrHrUDCZyGlL3f0Ps7e5+pWu1Tk8u1Q6KaVFu17uu+hMOgPycU/IT0qsfuCYvsDV4BlG938jZC9CYvQpuYL1cYc8h4FdAzW/ZtBZyPp+nL6B/nVMecB54v0Dp1xVqEIlAltIqrHwyxgpoNa2YyE9Bdy+f3Z3oILLYN3Py/BGxZK7MwVzRysqZ+qIV5PQ/sVXjsxmjFlA+/HV/z9lVz3yc643WAwUIVZL+TF039wR6prHdeSQ9/J/b1XxyPqmyrj/C2sgmCPEjyhm+Y9dVKLmEGxPqE80GG8iuL/Qnm0K0YR0ZJ+1S+6s0Psy8e/uAxqGrIP5qnCi6gmRf/IB9zkWM+jJnSu7GxZYFxOqY3hecWjfnilehtc72mYVeajEUBGa/zzbrBJJJbK1oYYkLEXuuI9GwxthmiZ/iQXpY9EK9CFMcw8+kYgSSYELn3QJLyEQXpGarmSyizzx7izsptLaQ3DTSw+T+cxoKImhLRGhmjVfoP4e0lMsXU1K2YAgzkxup/0H6x7JUpK5nNWncXV9IfzTqL2FlSqa/q6aCbNRV6J4zrSpXV+G8bkyARb7mvxsWySXjEHVCxDojbTGlpo35nwBmiGKaNHtzsnvZdt1sxRfY/tzQX+Je3joBRCl+hjnaHVy8P9iv/dqOjZfDtfqyV2W7Vp1caSPr15+PtDOn5W12Bh2yh/Szmtz8EQgmyCP7zMdlVSHJrBb6f4nq2L+3Mfl/fklpAl/86tZ1Gppknos2mp4QxWAQho+J8nofjWfzLdJb1LrkbHoKQT4Lx8Da4BL5101kIHOE3Jn5VmiBzct6fdW6ZXkW2i0l5cBQFKiU9KBEnTdyolegrgLef/59niwGxPst9nEahfoJuAwzwSWBGLwSGlNYPSP0nRSS89++tLlXZHqocbWozEpxh82hDLWcrQFEQnn5fIsiEjFq7shkLVLMy2P86pv/eNXKdtITsQCUkw3cgOdLJpIxkeAKhSV5Nm7nu30q1fI7hwR03Z6mpIiHN3lt/KWhDx5GMD36etge+i/rjalDnsaaxYavEYt9Gj8TRpvnUeqoEC4OtfTgLwuOCCczqmqfGbfEAQCf6VtmrnLWH5ClLX6XImMVzdJ4RBmSPEZfmhwbXC0mnp4lEQCn3M/hcUd95j8P/VP4rxxMyuxmNxbhTmffuAeoajAxSJeBNhZW6B9N51vNO8yE8u1zBz1Y/oGmrAGVJGyUfQJIDX0OWkyBHF3jMKeh6sTH8+iCHOW+N+HOYbKMqeNAS/iI2Yij0ox8/zaDLs+PJGVtD+Un2kpfWnB0A8rZmy8RRCMKjCLCdcibpAu7+i1stc2w6ujkWAf16YuIEbtSPs1l+wqqjqebK+6QmCF5JC5D2ZwXwnPIzLkf3EUOiyF1bTWtCqoPujLXQKLLhKBXCx8bayVuNMpH9K8zwglMOdTGitPuzLJ5gOQ6C0teVVzmnMGlf8sKI3uyNFnfHkaEKKyGJSHXw8Hwea6zUrxQjOpTtx22ojuUDlHsMS+ClzbzURCjK+ZMjDuUPBZGooGybg5tCXT/TNLhchC7Mt93jD0uwb0zgnPKNHIcPiZnfkNIr72Q8TlYjetlF2xG9HplIvGOmzyF4OnANpYWrfxrDzxyl+1E+ns6z6BY7CJDRPxuhCvdtNhuo0qlkumO0DZnVgRBqipTjoKRoUpiIbnZ9oVHWXvc5hIC836QBAoQqNt/FtLvu7tdxcPOlKLpNThC9NzU/dMGB8fKKMOLKnwhPgT1GDTMFgsKUSarNX3Dh0xaiPyd62earoY7qpfxg5oDUaVUVEYvFvMdBEVlB8INL4tqXjM+kL6bkM4J6WC4rBbPWMVQporHWe6KAfXzNDaZiqFJZx8PwbPiM4sTMIz620t5Z1l1moTKBlDcXddXoi1udgU0ullC8GBiTm0v3ELochit72EXFf61mB42lwR/bP8x+zfr5lc4OkDFpDAskEUrn9XqnyyReibrLKisRYFWFzb0t08pP5zmXwl1aAqynUp4NDvZXL9RkaVvdXpqiA7dvptPH+RQTatabx8M3fuXfekn0UxAqiW7wk9K/ffFCZpnlAstbZ6sr3JB1hl+Y940Ja3fPrFGwkJWhq2Qoi+izvoxzxMGJ0YR7GOSfzYFt1YMNrknOyWn4PRj6QmCmjtFf2gMUeAlr+lx+UM8IeuAyTvs07BeKkyrMeyQMb+ZsXDalcGUWlMwyl8Il05d8Ldtz8gjdVGZWFoyw7uPCRsJL9HCJhtPb8tS7nTTejyOserVy5JvI4q9DvzoTfOJtKsMmEKkGgcpEJgM7sQGGpmsy1nWI976IrAf1Rgj4x/mK0mCDPRMZB2EiiwHo92lwJ9xw4ZdOikXAX9hPiWv+rbXuggqjeKfU9c0eHgVQpAJOW4xWM2+ny5ZvmpPDCOr0u0H1AeC7yXwpiPKDDnzd9BjfuubZQtwCNGq/jUy67K2hkTN8pXZPG73LshiusXV5uMEuZmHD/JUTb9ys0fYmolYSHyqU3LBEdGvPZjwbpMgbdrqBXamSla/kS46T9/tPNaxKaiFmQ/pSZxIv4mb3TAjMM69GSsdGxprpuEM+rxzahMZb5o8ex7ouBw0N7ajLweAztWuX2GtJCNTT/ZF1+W6ZKJYzzYtbu+8x3stVZ87wPOx8UERQJEKiQzeyuu4Z4VEVyj8BGBdcR3VpSUlj2hhKvoywuAnzRPQtlkcNyqEdPZnaWxDu9E8C0ifIXBxCmo/XF+Tk5bM4hSr37AJ5CtdntBU0eJfvHj5pJ/fbyqmWLa3ppXNryogcd8mrrVrPoz5P8uGsonSnj/EQZnRsw2FUTK6GOFAlthWPi1YXOFCmXs5NswepYpB9U0xW98iJ7xIDakhvayqZSZhDSEJ1yMZUZ2P3CAaiOemx7TajguQcIglMBEcspVChcUSXjVrbSwAv6+sSZ/Wl3OaRWcWOgsT6xpD5B4YnI9qYu/l+JbITINLyzNOv/J7TzbEFphy+Fv/UWyZnV/4SPC9nOOzxgJS0Ojg0t8FVx5jEUJd3fpZllM0KLFrLKkdppbKsiSUdUzgoW3t1PCrJEJWyc3JbV33EJTKtWzgUi0G43IUQZVDyHbFFZQdiwB5crokpE1QIIC6fUbz/ycrx4p1ELWkV82n2lgooG0aSCetFtpOF/tpsEnLWDF/ZZCktonlMY1IQmBM4J2dt0tZkEJ1Pi6j15VTNsFN7SQQXDVUpTWdu8WyR9Nd1cBqCJ8DP8lwt237GKxaJJibu2c2taD3yn/F5zA8t0+3xCmpG6CmUe1W4nYTGhgtJ2SCsEkgFfUs8mbV8lDJrF904/1XBr+VjUV+uDx9BIxBBi5V1XC5KFR+VHxGvP9eKKTRbcNcX+UyagW1NBElE/4pwVCJ/Vpoknjjeyx9qBFW+ybDUAkoTSMVmKvimSUCqsG7Pj8XU5BIYi87byfCMAKbnTpYvAhEZkFvRpAZBspF+7AH0otV5MXCT12sJTsCXBx4OQIyyeBfmlJbsEWEZSDdChKldfTVvR1xc8eRtsmpI+nn8wpcloPoquY4974ER3G8nw2iX8zepZfmttKWrkuOaLv4M+qkbH/OUTjMjBSwhbM6AJnP5CXcLRRUJIJ7yXU+Z5jtE2nLPQ5JJ6gDPUpUSbh6aclaouBdf8JkeqcJ+ap2CxKCWBzuGJKgrONHLlbVSjTSNSOB/fKjoYjL97zSVfDgZtCQx3bAW693OJN65CL6G7fs1I9S4Ev22vFj9kNgU1fGKDyBrM78JgwX+Mmia1HisYMzETPRGpdwn2LnxltceMoPXy2q7JMYxYtc6Hb3T+J4zkfzv/NJ+rlh6Ik4+bZpxtmoJabcLvRaq0xnAgOOCgVs6JotHHB1R3pNbe8JNPfRYaMZgNjqq+DsEqwa6AaY++JHZtTaIEHBgNOwCimGSRxDngcOtyIVLheG2/6Cga90Rt6vpfLl1UI1/1i+MhkGwahs5YaF4KWHvvPYYgDKzbcaRqjlWN/8oq4ru0OI6v0ujKQOdXBtYw27DOgdUdYQyXzhzaAxwyMjCcHDH7P8+P5bTX05gzbglothEFURB/wbA6CE/ZlEnmc/gezWLMcacqdYmmaADRSkCKMNyWa36yuLJ2lomgnO3AvsQWyv7F/3oyh4QTHPz9v6iUpaSL23BUZUXyq0Nk51qyuPMxD0tNXruaQ04kY2MnbntN6Xl2uuJqlXH8vhK9yYOyU0o0gXjJIpTNy1xY8bAca9IMsW8HxmYfvR9WWrkzNGo6dAgIbe+d+a+vHWHXmmkq2bpK6AxDRGxXgivVAw8MqsNvfQ6N2WW/6ozXoeTz9juwvdWB64srrbr1EINkyM1EfEgpcKMstY3Xk/0UHm//MjTck29AhRGYfMffQCpSr8ODHs21aQf8o3VjWC0ztQBl/1HkV3GLMn2G7poczHmnHe+1wuRolteE3qnhN3D4AiJkIr9lcb2C0DERICaRqDFrGnGVzlLZcYVUgEcRmH3r+6eqcx3UFp3ryv5OvTbfFhCKsMN/ZdiBWOnFtaGp8Nr60eQax8dEVZ9KHKpwjuEY7nUOb6lXAoL/26Xtha8dwFt3sl+gu/RgSg5o1F77sAjJCIa7NLYZnLvMBn9Utn4iQPdiNVihhlkxy5SfwcpPzk4tXDspqn9OiuVKgpR+gM+Rk7HWJ+gIXsgFw5p9HYyftcQJXPiYvj6ABNP2KKuIHC3hlzLeoOLIyqc6hk93UDPCUePHUOPdyXa/Yg+SNtNivc50BaCMMWedwYJNbNmRxTikDxXbFT98nbGlyfC4podcAn9Wn3yDcz8ZQiVObs8jm2Ko7D71tVJfNMkD1slM7epOgS2ffdEzYY4X+FaxVu2SOCz56NC+rs/eWS1t7bSkkKHiksU4dSPDCC4xCoRvKplJX1VQOZ8sHzj4w6dEKRXny+gr8Is6dNEe5FjyX0wCJeFoTriP6PtNqs8mRXvEVdEIlv9R3FBLlfPpJjNBX2jsmrXEl8CTfhd8zPcxouufaWxv0S7OlkMEv+f4AbKAoey73m8XpVUhduSLnus1aeWeIeesBrSOvArn9P8oJgN64PM0SBpJzwsDhHtko6AAk3Z78stjZabFXBnBVJW6bov74Nkg8cUd9/uU9RFmO8IWY+5zvcVaRJl6mcE/0V/S+VTqwJSUloNTl+Qxyt0pV0Z7SphexHsn9Bni5lpfglySBpRBu9uS3qoKIAwiwg+LC+tDofvXxFT+OekzrHCFlZy/QKl6gcAW746VOgeHkDcJfy4L5/KMTi74Yh4HM/bg44ci0bW+SgFyHwj6SVAoyAsNJcmASBuMPQYr+vNSISLKgyyQr/R3hh1QjThA1o8GUOQjq87dIpJ56wOdg7ySqyGGjadVEM4qVTvMv3q1ELULh+VVQ05F5GmpyDRysQVInUFm0olAk4eCBBd55e7RIyCaYlmHCLs7NA8wVSZy3bRMDt2IDVkNyA/H4nV9ZxjjbUo6qfnJIx+Htsnt51qCmUtyJWP9f1G+ttBGXjntNExOj/Yei9mvwWQ4thjrK6WbkNNdf1vSOS+7FPEhuhx7IDDx+6PfUFy7PzTSioUyubVP6NfmzKmCw2ZAq6xx6oKBUVb8dDqVQwNKOWhJlckUvjVrN9QD6do3fQxWokN+IRfgZws4CiLUhCb+McfKC3Iu8tiKk9BVYXZHjOHgN9C/WxtF+wmc58IXo2pQ3GbPj27weuENKUFhBMRZbXqJFs+Pr/RW+bP3Jk5Bw3OE5q+qHEHlcsrOYadZvXn8CGw5xD2PMBP9JqNjcw8ooLk59nwZGdzcPPdBbW1Ju0LtbQ9LzQOOHS10QnfClhV7MdZQ7kr9EhMsURR6zYHbwfuw8VQ6c9Xsplfy319adpPEZ9aQLcermwqtflq/jNZZZOoXLSqFUqI22U7xkCzOGkCAJgY520inHaPp89XHRCosdrBx8gG5FATYdIhg6qE5OF0I28gcWw6kp887sDva36EPHb3dKR0IB4Xpwc7kuOanKZIahggU3mitOJi/PJRp+5XcbjcvsIVed6QWnJLLnLAtP7YgmHPtz1Z0lc/va53al+SByabWitROyDuTajLvxv6Bxl4oN9devXijcq6ueI9sH1YjRwrzyuvDayP5tW8VLOCPaWCxldUveU2H1uHaQKY4/57qIFOJopx93KsFo71yhLzMbQe/vplUTLwE8uMMODdhG70jslWYQMPBW0OFcthmmcsHnGHHBANZL4cptwmNyZV0317hEr32wgY3VOXG/hRNPXPGkfiKfcLBaS+ldtCNAO1/WyZVZ+rre7HOJhIZhUsf6htLwan9JkMWTETY5ROCSDSd0+JSJfW8PIolVgeRsYq/4wU4Yxa4KJJRYMOVyN2AvpxgvLzEPwesbp36/PKyEToRAlh6nd321qoA+08e2cntWlUL3da8TuW+XONSM+SjyAbS81F0eiog/5/qNc+vGfJ3wauBYRayOWTgQd/OZ+pNjXCSnYnugwGf9CiPObXnXoQTZj3OopBylNvFyRWfdLCwTMbnHgjWYd8AyvL/NB5zTkOpWJz6pSXKodBY5B X-IPAS-Result: A2CNAQB72Khb/wHyM5BaHAEBAQQBAQcEAQGBU4IJA4EIXCiMaItJgWiCfpN2FIFfKhMBhQSDFiE2FgEDAQEBAQEBAgFsHAyCNSSCYAMDAQIkEwYBAQwgDAIDCQEBQAgIAwEtFAERBgEHBQYCAQEBGASDAIFqAxUDlw2KHIFqM4J1AQEFgQQBAXWCMAOCUwgXimEXggCBEicMhyoBEgGFd4hKhXYxjhAJggyOFx1ZiDuGGI57h1YBMWRxTSMVO4JsghkMF4NGihwBVU97AQGJfYI9AQE Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 24 Sep 2018 12:29:59 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8OCTwFc028770; Mon, 24 Sep 2018 08:29:59 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w8M0JN5i018278 for ; Fri, 21 Sep 2018 20:19:23 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8M0JNxZ009895 for ; Fri, 21 Sep 2018 20:19:23 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1A3AAD5iaVblywbGNZbHAEBAQQBAQcEAQGBVIIIgWcog3OIdItLgWiCfpVwhHcCQoMEITcVAQMBAQEBAQECFAEBAQEBBhgGTIVFAwMjBBkBATgPJQImAgJFEgYBDAYCAQGDHYFqAxUDmB2KHG97M4J1AQEFgQQBAXWCPgOCUQgXdIllF4IAgRInDIpegleISoV0MY4NCYIMjhcdWYg7hhSOd4digXdNIxWDJ4IZDA4Jg0aKHAFVT45UAQE X-IPAS-Result: A1A3AAD5iaVblywbGNZbHAEBAQQBAQcEAQGBVIIIgWcog3OIdItLgWiCfpVwhHcCQoMEITcVAQMBAQEBAQECFAEBAQEBBhgGTIVFAwMjBBkBATgPJQImAgJFEgYBDAYCAQGDHYFqAxUDmB2KHG97M4J1AQEFgQQBAXWCPgOCUQgXdIllF4IAgRInDIpegleISoV0MY4NCYIMjhcdWYg7hhSOd4digXdNIxWDJ4IZDA4Jg0aKHAFVT45UAQE X-IronPort-AV: E=Sophos;i="5.54,287,1534824000"; d="scan'208";a="375834" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 21 Sep 2018 20:19:22 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AzAACWiaVblywbGNZbHAEBAQQBAQcEAQGBVIIIgWcog3OIdItLgWiCfpVwhHcCQoMEITcVAQMBAQEBAQECARMBAQEBAQYYBkwMgjUkgmADAyMEGQEBOA8lAiYCAkUSBgEMBgIBAYMdgWoDFQOYIIocb3szgnUBAQWBBAEBdYI+A4JRCBd0iWUXggCBEicMil6CV4hKhXQxjg0JggyOFx1ZiDuGFI53h2KBd00jFYMnghkMDgmDRoocAVVPjlQBAQ X-IPAS-Result: A0AzAACWiaVblywbGNZbHAEBAQQBAQcEAQGBVIIIgWcog3OIdItLgWiCfpVwhHcCQoMEITcVAQMBAQEBAQECARMBAQEBAQYYBkwMgjUkgmADAyMEGQEBOA8lAiYCAkUSBgEMBgIBAYMdgWoDFQOYIIocb3szgnUBAQWBBAEBdYI+A4JRCBd0iWUXggCBEicMil6CV4hKhXQxjg0JggyOFx1ZiDuGFI53h2KBd00jFYMnghkMDgmDRoocAVVPjlQBAQ X-IronPort-AV: E=Sophos;i="5.54,287,1534809600"; d="scan'208";a="18546050" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa05.eemsg.mail.mil ([214.24.27.44]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 22 Sep 2018 00:19:22 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;441b6571-c1b5-40d0-b2e3-af7a87567ae2 Authentication-Results: upbd19pa02.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic305-10.consmr.mail.bf2.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 324511353|UPBD19PA02_EEMSG_MP2.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 74.6.133.49 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AhAQBFiaVbhzGFBkpbHQEBBQEHBQGBVINvKINziHSNM4J+lXCEdwJCgwQZBgYzFQEDAQEBAQEBAQEBEwEBAQoLCQgbDiMMgjUkgmADAyMEGQEBOA8lAiYCAkUSBgEMBgIBAYMdgWoDFZgpihxvezOCdQEBBYEEAQF1gj4DglEIF3SJfIIAgRInDIIxiC2CV4hKhXQxjg0JggyOFx1ZiDuGFI53h2KBd00jFYMnghkMDgmDRoocAVUfMI5UAQE X-IPAS-Result: A0AhAQBFiaVbhzGFBkpbHQEBBQEHBQGBVINvKINziHSNM4J+lXCEdwJCgwQZBgYzFQEDAQEBAQEBAQEBEwEBAQoLCQgbDiMMgjUkgmADAyMEGQEBOA8lAiYCAkUSBgEMBgIBAYMdgWoDFZgpihxvezOCdQEBBYEEAQF1gj4DglEIF3SJfIIAgRInDIIxiC2CV4hKhXQxjg0JggyOFx1ZiDuGFI53h2KBd00jFYMnghkMDgmDRoocAVUfMI5UAQE Received: from sonic305-10.consmr.mail.bf2.yahoo.com ([74.6.133.49]) by upbd19pa02.eemsg.mail.mil with ESMTP; 22 Sep 2018 00:19:20 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1537575558; bh=e5xnuvmG768OyriYI2Q3ymRBgxIuzqd5VowbgFQFpQs=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject; b=U8LYwSsrlGYsVnrJodiQXH601VhkjYWXBE0sW5S3GZwABtsd7G6KrNcVPUL0b7yeY9eOLuwfcR+JgPRMf1NODQDjwTo4K2s82b6NGl8YMOoaizuqb12tP+UuZhGhEusULc4zPAJi8Ll/XUlKiGTn5Nj9/zNtgY9UyCP2Qeca6mG311MUUUI2kbCytNBFQDb4hqtAiD1tTNirTff6FxHOw8BnDgNLxwCn0cd71g1dN5lJySVgIyxYuVylRcqmhZOUHY5RZWZ+/nZVsGLK9zu1cxZKRu80VzcRL2cMMezpGUdpND2lbbUhmYTEqXkL5FvFAuj7Q+zrZU9SjQ90FSigyQ== X-YMail-OSG: V3qHnYQVM1kcCrRO6gQd9s.3ePXXakiLVHBO66FuYv_KwK9JAIFacleDFKePO58 mQW_GXhqtnBG5pyBoF2d6oiZdSIVx3xRf.y22ozwYcNNOK.rF_I_6Oi9nukGYOuD9ToSHqRzkQRM .zF0fLkQaF9aSz15kmUO.odB0.woxBgJTsuXxajOnADopz8Hmwd6CSc9tXmY_VpOc9Hp0IZybZFd VDRfMncmmcoQCghaGrI9u0Uefj71iF88Cs6gJsMJ8ePrDpc1fPnd3gVuNvYp6_ax.mJVQLtaHfjY JNhY1A5wKJnl1.su1ysRO0L9lZ4ROW4I5Foir6_paK2MST761YirNth3oN4.SJBi1QD_VX50iGsG fayWRb0gL9RzXJ_cLfD849AJwkaWctHdOQXjPTZO.Qu8lqXbJHCZB9vXrOCyHi3oNwSpRmMjjVvr uBh_Vp1ktzKjWp_JTjhNZyuFV.umCv8n1.ndbEn7Bo28x4XFTbcXrWcNFEAO214rZfSc4K0ZOxT9 Sa5CYruPwE_hD4qIldeMuJi1p1.fvvWHMKnfltzVgR3gS7s_kTQW_WQqnGILvePN.rk_z58q9zQE p5WkmDe6gm.40rSDqQU79RIkK7KpE9UfWt1aeBauDXiqImk1WMeiXnkpdbmkBnUz6aLzQb.vZP4m wxTCHpbf65fO97qeFewKrJ4ph1CW5BLSIAu3CpbKL.3_7P1I6lYovSfwnzG5RTlJvne14NgdBRBK aXjyxxUlh6eScYE_nG.LnaeY9ODhiugdwNPxaR3RQMiBLrnQRtBLcqmes_HyqzFaxF0TUYA22eZj wzT44qNWsgj685ezNoeSP.lKtkKfI0Sm5_ui7yR_OCOxEQ52nBlbZXvxRAckv.2vcNmx62yCSceE qkrfdfOsZYLkBnF2R_YOt1IaU8CyiDIGhVK8J9F6PBSgadfVMI63lqUN6VqZlUhbrC5L.81GtI28 GnS3Oksec5lAWyhmfo3PmSEQbCUdkisvdgktoy5fgBf9LhmoD.9jYiZVnN242Rd.PUhrcAYkijmq ARNwJb68a7szmJzNwrFfa_MgjyHEbhMq6iwLJVW2z8Q-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.bf2.yahoo.com with HTTP; Sat, 22 Sep 2018 00:19:18 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp424.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID fa508117aad77ec105d372d13cfd6c60; Sat, 22 Sep 2018 00:19:16 +0000 (UTC) To: LSM , James Morris , SE Linux , LKLM , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Salvatore Mesoraca References: X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: <0a85567d-fde1-8272-d79e-b15d5b094b47@schaufler-ca.com> Date: Fri, 21 Sep 2018 17:19:11 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Mailman-Approved-At: Mon, 24 Sep 2018 08:26:06 -0400 Subject: [PATCH v4 12/19] SELinux: Abstract use of inode security blob X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Don't use the inode->i_security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook --- security/selinux/hooks.c | 26 +++++++++++++------------- security/selinux/include/objsec.h | 6 ++++++ security/selinux/selinuxfs.c | 4 ++-- 3 files changed, 21 insertions(+), 15 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index fdda53552224..248ae907320f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -275,7 +275,7 @@ static int __inode_security_revalidate(struct inode *inode, struct dentry *dentry, bool may_sleep) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); might_sleep_if(may_sleep); @@ -296,7 +296,7 @@ static int __inode_security_revalidate(struct inode *inode, static struct inode_security_struct *inode_security_novalidate(struct inode *inode) { - return inode->i_security; + return selinux_inode(inode); } static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu) @@ -306,7 +306,7 @@ static struct inode_security_struct *inode_security_rcu(struct inode *inode, boo error = __inode_security_revalidate(inode, NULL, !rcu); if (error) return ERR_PTR(error); - return inode->i_security; + return selinux_inode(inode); } /* @@ -315,14 +315,14 @@ static struct inode_security_struct *inode_security_rcu(struct inode *inode, boo static struct inode_security_struct *inode_security(struct inode *inode) { __inode_security_revalidate(inode, NULL, true); - return inode->i_security; + return selinux_inode(inode); } static struct inode_security_struct *backing_inode_security_novalidate(struct dentry *dentry) { struct inode *inode = d_backing_inode(dentry); - return inode->i_security; + return selinux_inode(inode); } /* @@ -333,7 +333,7 @@ static struct inode_security_struct *backing_inode_security(struct dentry *dentr struct inode *inode = d_backing_inode(dentry); __inode_security_revalidate(inode, dentry, true); - return inode->i_security; + return selinux_inode(inode); } static void inode_free_rcu(struct rcu_head *head) @@ -346,7 +346,7 @@ static void inode_free_rcu(struct rcu_head *head) static void inode_free_security(struct inode *inode) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); struct superblock_security_struct *sbsec = inode->i_sb->s_security; /* @@ -1500,7 +1500,7 @@ static int selinux_genfs_get_sid(struct dentry *dentry, static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry) { struct superblock_security_struct *sbsec = NULL; - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); u32 task_sid, sid = 0; u16 sclass; struct dentry *dentry; @@ -1800,7 +1800,7 @@ static int inode_has_perm(const struct cred *cred, return 0; sid = cred_sid(cred); - isec = inode->i_security; + isec = selinux_inode(inode); return avc_has_perm(&selinux_state, sid, isec->sid, isec->sclass, perms, adp); @@ -3028,7 +3028,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, /* Possibly defer initialization to selinux_complete_init. */ if (sbsec->flags & SE_SBINITIALIZED) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); isec->sclass = inode_mode_to_security_class(inode->i_mode); isec->sid = newsid; isec->initialized = LABEL_INITIALIZED; @@ -3128,7 +3128,7 @@ static noinline int audit_inode_permission(struct inode *inode, unsigned flags) { struct common_audit_data ad; - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); int rc; ad.type = LSM_AUDIT_DATA_INODE; @@ -4148,7 +4148,7 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info, static void selinux_task_to_inode(struct task_struct *p, struct inode *inode) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); u32 sid = task_sid(p); spin_lock(&isec->lock); @@ -6527,7 +6527,7 @@ static void selinux_release_secctx(char *secdata, u32 seclen) static void selinux_inode_invalidate_secctx(struct inode *inode) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); spin_lock(&isec->lock); isec->initialized = LABEL_INVALID; diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index cad8b765f6dd..ea1687e737ad 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -170,4 +170,10 @@ static inline struct file_security_struct *selinux_file(const struct file *file) return file->f_security; } +static inline struct inode_security_struct *selinux_inode( + const struct inode *inode) +{ + return inode->i_security; +} + #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index f3a5a138a096..145ee62f205a 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1378,7 +1378,7 @@ static int sel_make_bools(struct selinux_fs_info *fsi) goto out; } - isec = (struct inode_security_struct *)inode->i_security; + isec = selinux_inode(inode); ret = security_genfs_sid(fsi->state, "selinuxfs", page, SECCLASS_FILE, &sid); if (ret) { @@ -1953,7 +1953,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent) } inode->i_ino = ++fsi->last_ino; - isec = (struct inode_security_struct *)inode->i_security; + isec = selinux_inode(inode); isec->sid = SECINITSID_DEVNULL; isec->sclass = SECCLASS_CHR_FILE; isec->initialized = LABEL_INITIALIZED;