From patchwork Thu May 18 22:25:42 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Jurgens X-Patchwork-Id: 9735333 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 69CE5601A1 for ; Thu, 18 May 2017 22:27:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5156B288B2 for ; Thu, 18 May 2017 22:27:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 44200288BE; Thu, 18 May 2017 22:27:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id C0D3C288B2 for ; Thu, 18 May 2017 22:27:09 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.38,360,1491264000"; d="scan'208";a="7229042" IronPort-PHdr: =?us-ascii?q?9a23=3Ac9Fx1BAmwLjCTs9/Wy1+UyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSPr6osmwAkXT6L1XgUPTWs2DsrQf2rWQ6firADZIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+?= =?us-ascii?q?KPjrFY7OlcS30P2594HObwlSijewZbF/IA+ooQnNucUanJVuIbstxxXUpXdFZ/?= =?us-ascii?q?5Yzn5yK1KJmBb86Maw/Jp9/ClVpvks6c1OX7jkcqohVbBXAygoPG4z5M3wqBnM?= =?us-ascii?q?VhCP6WcGUmUXiRVHHQ7I5wznU5jrsyv6su192DSGPcDzULs5Vyiu47ttRRT1hi?= =?us-ascii?q?gHLTo5+3zJhMJ2gqxQvRatqwViz4LIZY2YMud1cKHActMAXWdPXthfWTFPDI2/?= =?us-ascii?q?aIUADeQBPf5aooXgqVYBswC+CBKwCO/z0DJEmmX70bEm3+knDArI3BYgH9ULsH?= =?us-ascii?q?nMotv6LqESWv2xwqnV1zXDYO1Z2THm6IPVdR0uvOuDXbRxccXPzUkvFRjIjlCO?= =?us-ascii?q?pozhOzOazOINs2+U7uZ6Se2vjGsnphh3rzOyyMksjYzJiZgUylDC7Sh5xZw6Jc?= =?us-ascii?q?WiRE56Z96pFoZbuSKCN4ZuX88vTG5ltDw6x7Ebo5K3YicHxIo9yxLCc/CLboyF?= =?us-ascii?q?7xz5WOueIzp0nm9pdbO/ihqo7ESs1OnxW8+p21hQtCVFiMPDtnUV2hzW7ciIV+?= =?us-ascii?q?Vy81+62TaKywDT8uZEIV0olabDK54u3Lowlp0LvETfBCD2gkT2jLKNdkk+5uip?= =?us-ascii?q?6/joYrXhppOGMY97lhr+Pbg0lsy6AOQ4NhACX2md+euiyL3u5VD1TbpFg/Eskq?= =?us-ascii?q?TVrYrWKdoUq6KnGQNZz54v6xOlADen1NQYk2MHLFVAeB+flIjmJVXOIPH+Dfei?= =?us-ascii?q?jFWgiSxkx/fbPr3nHprCMGPDnaz9fbd990FcyA0zwcpZ55JPEL4NOv3zWkjvtN?= =?us-ascii?q?DAFB82LxS0w/r7CNV6zo4eW2WPAqmDP6POsV+H/OQvLvKOZI8Svjb9LuIq5+Xy?= =?us-ascii?q?jXAng18dZrOl3ZwNaHC3Bv5mOVmWYWLwgtcdFmcHpgg+TO7wh1KeUj5TfHGyX6?= =?us-ascii?q?Q95jElE4+mA4PDRp2igbOawSe7GIFWZn1cBlCLC3foeJ2OW+0QZyKKPs9hjjsE?= =?us-ascii?q?WKC5S4A/zh6hqgn6y7t7LurT4SAYtIzs28Zr6OHJkhEy7zN0BdyH026RV2F0gn?= =?us-ascii?q?8IRzgu0a9ipkx9zFGD3rVmjPxcFNxe/OlGXRkgNZ7b1eB6DMryWg3ZdNeTVFmm?= =?us-ascii?q?WsmmAS02Tt8p3tAOf1xyG8+5gx/f2CqqBqMamKaQBJwo6K7c2Wb+J9plwXbcyK?= =?us-ascii?q?Yhl0UmQtdINWC+h65/8RTTCJDNk0qHkqala7gc3DTN9WqYymqOpF9XUAh1Uarf?= =?us-ascii?q?XHAfYlDZrdP250/YSL+uE7snOBNbycGeMqtKdsHpjVJeSfbjOdXeZGSxlny1BR?= =?us-ascii?q?aM37+MbYzqd38b3CrHEkgEkAET/WiYOgQkACeuvX7eBiR0FV3ze0Ps7fV+qHSj?= =?us-ascii?q?Q0Av1A6GaElh17uu+h4JnvyQUegT0awYtys7sDV7AlK939PQC9qdqAtsZ7lTYN?= =?us-ascii?q?Mn4FdazmLVrQJ8MYa8L6B5gV4edR57v0T01xV4Eo9Ai9QlrGs2zApuLqKVyE1O?= =?us-ascii?q?dyuC0pDqO73XMXL//Ai1ZK7M21Hey86W+qMV5/sktVrvpgapFlAt839/ydlaz2?= =?us-ascii?q?Oc5onWDAoVSZ/wXEc39xx/p77EeCkw/I3U2mNxPqmzqD/NwcopBPEiyhaiYdhQ?= =?us-ascii?q?LL+EGBX1E80ACMikMPYqlESxbhIYIOBS87Y5P828d/Sc3q6kIOdgnCm9gGRC+I?= =?us-ascii?q?B901uA9zFyS+7TxZoFxOuY3gSfXTfmkFihqtz3mZxDZTwKHWqw0yvkBIlMZqBp?= =?us-ascii?q?foYEE2SuI8qqxtlkgJ7tQXFY/ka5B1wawM+pZQaSb1vl0AJKyEsXu32nljWizz?= =?us-ascii?q?FviT4msq+f0DbJw+T4exoNInRLS3V6jVfwPYi0iMgXU1SyYAgtihSl/lr6xqhc?= =?us-ascii?q?pKlkNGncXUZIcDbwL2F+U6u/rKCOY8hR55M0qS9XSvizYUiGSr7hpBsXyzjjH2?= =?us-ascii?q?VExDA8bDGqpo70nwd8iGKaIndzqWDWecdqyRfZ+tPcWeZb3iAaSylglTnXGl+8?= =?us-ascii?q?MsGn/NqOk5fDrv6xV3i6VpBIbynk05mAuzCm5W1vGxG/mOqzmtL/GwggzSD7z8?= =?us-ascii?q?VqVTnPrBvkfonkyrm1MeN9cUlsH1Lz9816GoRinYQqn5EQxWIWhpOL8nobiW3z?= =?us-ascii?q?K8lU2bribHoRQj4G28DV4An5101/KXKJ3Zj1WWmdwstmYdm6bXgb2iY878BMEq?= =?us-ascii?q?iU9rtEkTFyolqiogLbeeJ9kSsFyfsy9H4ahPkEuA4sziWGHrAeBFJYMjLolxSJ?= =?us-ascii?q?6dC+sapWaX20cbio1Up+m9GhA62Zog1GXnb2ZIsiFzdq7spjKFLMzGHz6ob8dd?= =?us-ascii?q?nKatITshmUnAnaj+dJL5IwmOEHhTF6OW3hpn0p0ek7jQZh3ZuipoiIN31t/L6l?= =?us-ascii?q?Ah5fLjD1f9kc+izpjapEhMmaxZugHpJlGjUXW5voS+mlEDcOufThMAaBDCcwqn?= =?us-ascii?q?GFFrrDBQWf8ltpr2rTE5C3MHGaPHoZwstkRBmGP0Ffgx4bXDMhnp4/CA+q2Nbt?= =?us-ascii?q?cEBj5jAe/lT4sAdDyvp0NxnjVWfSvB+oZS0pSJibMhVW9htN50HJMcOA9OJ+BD?= =?us-ascii?q?xY/oa/owyXMWyXfR9IDWYUWkyeG1/sILeu5d7a8+iXGOWyNf3ObquSqeZGTfeH?= =?us-ascii?q?2Yqv0pd6/zaLLsiPIH9iAOAg10pdW3B2BsTZly8JSyMJiyLHd9Sbqwuk+i1rss?= =?us-ascii?q?C/9+zmWBr16ouSD7tfKslg+xGqgaaDLuKQijx2KTBC2pML33/Ix6AV3EQOhCF2?= =?us-ascii?q?azmtDbMAuDbOTKPQnq9YEQUWayZ0NMtG4aIzwBVNOdLbitPy0753kOQ5C1FbWl?= =?us-ascii?q?z9gsupf9AFI3mhNFPbA0aGLLqGKifNw8HrZqO8TKZdjOtKuBKtvjabCVXsPiyZ?= =?us-ascii?q?lznuVRCgL/1DjD2BMBxZooG9fQ5nCXL/Q9L+dh27LNh3gCUswbIpm3zHLmEcMT?= =?us-ascii?q?1zck9XqL2f8z9YiO1lG2Nd9nplMfWEmyGB4unCMJoXv+FnAiFumOJe53Q7y6BY?= =?us-ascii?q?4ztYS/xwgifSqcRuo16+mOmV1jVnSAZOqipMhI+Ts0ViI7vW+YRbWXne+hIN8W?= =?us-ascii?q?KQCw8RqtR/FtLvvrpcyt/VlKL8MD1C6c7b/dMAB8jIL8KKKHwhMQDzFz7MFAsI?= =?us-ascii?q?VjCrNWDFh0xGjPGS+HyVrp4gpZjqhJUOS6VUVFgvGvMdEERlE8QIII1rUTM8jb?= =?us-ascii?q?6bkMkI6GKjoxnKWspVpJ/HVuiIDvXxMzuZlqNLZxgVwbPiN4sfLIn721FkalZg?= =?us-ascii?q?hoTGAlbQXddOoixhaQ84ukNN/2ZiTmcrwULqdhut4GMPFf6zhhM2jAp+YeAp9D?= =?us-ascii?q?jy+Fc6PUDFqzUqkEk2g9nlhiqRcDHpJqeqQY5WEzb0t1Q2Mp7jWAl1bAKynUti?= =?us-ascii?q?NDrfWr1ekaBvdWFxhw/ao5dPHuRcTaJcah8K2f6Xf+ko0Uhbqii/30BH6vHKCY?= =?us-ascii?q?V8mwYxdp6st2xP2wRmbNEvJKzQILFGzl9fh66UuS+ozO8xyhcEJ0kR6GOSZDII?= =?us-ascii?q?uEsQO7k6ICqo+/Zg6RaFmzpCZmcMUeElouht9kwjOOSN1D7v07lGKk+tLeOfNL?= =?us-ascii?q?+Zt3LGlcGWXlM6zlkImFVd/bhqzccjdFKZV0Yxw7SLExQELsnCKQZOb8pO7nfT?= =?us-ascii?q?ez2OsebMwZ5vOYWyCPzoR/eUtKkImkKkABopH4MU48QbAJasy1/XIt39LLEZyR?= =?us-ascii?q?Ug/x/kJFSfDPtUfxKLni8Ho9uhw553x4VdIC8SAXllOyWt+rnXvhMqgOaEXNou?= =?us-ascii?q?f3gVRJUENnMrV82hgCNWpW5ADCOw0uMX0wiN8SPzpjnKDDn9c9piZO2YZRVyB9?= =?us-ascii?q?Gq4T8/6bS5iUbL8pXCIGH3LdBiutjV6ewEoZaGCvRUQKJys0faholUXXuqU3TA?= =?us-ascii?q?EdStPZj/d5EsbcDoCna9SlG/kCw6T8PwPNarM6iJjhrlSppTsImewD8sL9S9Fi?= =?us-ascii?q?0EFxd2ue4D+Lp2ZRcfbJojfR7oqwM+OrSiLwiE19WuRGCtKSdLQ/RE0+W1eaZX?= =?us-ascii?q?zystb++9znssVJc6wPer8UQVXpEFkgnexeq/Z4lZSSXzGWZdegXVqio/i2hhNv?= =?us-ascii?q?0/wug4wBPQrVYQKTaLe/J1aGZcpdEzGUuSIWlqCmo/X1KckYvD4gur37AO/ytc?= =?us-ascii?q?n81Z3vBEsHn+pJDQeyigWKq1ppXJqyAgd8Qpo7VtMYz/JcuLrJzenibFQ5nWrg?= =?us-ascii?q?2ISy+6F/1Um9hWPCJYQOdHmWAjOcwap4VB81A9VsEgKLxTEKMsvKylaSJ4DS4O?= =?us-ascii?q?yi8UT5mP3DgDguigxbTVjhKQcZQkMBwDtpVNmMAQXDV3YiwEoq+vTovWl3KeRm?= =?us-ascii?q?gNPggT8RxG5BgcmY9oYuDl/I3IQYdXxDFIpfJ5STHEGYR291TlUGGWmkL3SO+h?= =?us-ascii?q?kuCz2gJS1v3s2MEBWBFjEUhd2/pWlkwwJbFtLakQv5LFsj+PdUP+p2Lj0PKoKk?= =?us-ascii?q?RLx8DIcFP1F5bKtW35UiIA43IUXpNPxGvZFZsMjwpzcLwrq0lUIIC6Zkb+4CQp?= =?us-ascii?q?yJhrH7aiSc+m3EoqrXECRyeuEtpOFftmsE7JVzJ5Y5CnspLlO49dQmVI4p2St0?= =?us-ascii?q?9ZkFlxMy6+0ZdcMdtC4iQLXDdUujidoMGyR9dd2cBoC58MI9F/u3j5GKNFN5iR?= =?us-ascii?q?o2E2urL1xX/D/jAwqlG6yyuvG6WgVeJW43UeGhk1J2SZskQuAfEg/XvS8lDMt1?= =?us-ascii?q?B0/v1UBruUgEVwvjlyAI5BCixO1XC/IFR5VGNGvPlCKKTJb8xcROE/ZQeoOxw6?= =?us-ascii?q?D/EmxUKI/UZwnXf3eCFyswxa+yfGXwYqSSYVmLDtmSYFqsGmPz8aRIhEbTI7by?= =?us-ascii?q?fKMwibgzxYvA5Da0F2XJAUGsxK+6sG3YtS5MbCSl2hKSAEXBxjKgI3yuBTlUhd?= =?us-ascii?q?v0WEYSrdFxande7Tsh1resectNKpLPP8/ApcloPrrOU4+L4ZS32ghwKtXcjUr5?= =?us-ascii?q?Xgud2SqkuOaKD4PvW8YXDbVjjDlxSwiqo/ApbX4SfTKBJbJId+yXU6e5jtE2nL?= =?us-ascii?q?PQ5JJ6gDPUpUSbh6aclaouBdf8JkeqEJ9rF2Cx2aWBzvA5KgrONaLlnNWDvSNS?= =?us-ascii?q?OB/fKjoYjL97zSVfDgZtCQx3bAW694JZl65iXnF7rozINT9FH71etq9kN/VVfJ?= =?us-ascii?q?KTuBrMj7KgMN+saialPovoc1EjPOHJdwjH3ty1lad8UJXiKq8I4XyI9C5Xb0Tu?= =?us-ascii?q?J4zFb8vPNO+Llj9IY4/aplycGqKqfOMf5aq1NoAgCIBgV28ZUgGHB/R3tNYuAL?= =?us-ascii?q?NfjRYb8Ujdvpq+DqDawY9AOa++pFadvdPU7BntOzCjaGSRxLhA0BsyIVLhOA1/?= =?us-ascii?q?6ZnK95UdqlpfLn1U0z/lezNQMGzLRx5Yee4KWIuu7XbxzVzbcaRqjmXMTzrq4j?= =?us-ascii?q?u0mK//0riKYOenBpYw2gCOUdU9QSxmPkza800SIsD9nMEKj79f5FSX05ginglI?= =?us-ascii?q?xnEFUOBPwYB7yL8ppCnm0ggezWKsUWcrxemmaIDROkEKUNyWSs6yuMJGlqmA/O?= =?us-ascii?q?3gr1QWOu6F/2sS54TjfNz9j5lEpVTaO7BUBIXyqmIUV4qi+APBL0tNrrvqQ49E?= =?us-ascii?q?M2PXbitNKDjmuhP65YENPkKdyAOyY0okkXjJorStypx48bBcK3IM0N/3Fmcvve?= =?us-ascii?q?92SrnjdOo6dahore5sWV9evSHXS7kqKVta6CxDFCxXg+p10/7cqgNv7W7d2QX/?= =?us-ascii?q?uoz3oRTzt4uwbZWR61rqfWr1ESOUyOykvLmYoKPt9D3XYizUHm+PIjQM8v+wVC?= =?us-ascii?q?C4bAfe0NqSr0ODvuzlaVe8g3WTWG0ztLAlL1FkF1GK072GL2oMLJmmnf9kYtRo?= =?us-ascii?q?lxbUPngwJ4D5k2KEIq8lgXwTEDHRILaR+FELGiHV7lIpccVUgfdRSH26C3eqMs?= =?us-ascii?q?3U12wr6i/+HTYvJhCKoKLPZSlBaOnEJcGpIUr6IRXK58d0Va9K7NqQjoE5LnUO?= =?us-ascii?q?T+lXosKf21RdhX8dsDuHs8+Am/SASv6YxY4rYAkp+IaLRLYZfSs8Bn9Utn4yAA?= =?us-ascii?q?djBVihhlkxy5SfwcpPzk4tXDspqo6+OuWb0oR+oJ9xk7GX5+j5r2gFAsu93X0f?= =?us-ascii?q?lTSpHNg4Tl7A9NO2KKuJrd0xRkKOoPKpikc6x8+HgcPCgROW4OMsSKZPUm5C9t?= =?us-ascii?q?KjrT7URYAswQfdMYINbNmQdMh0LyWbFT7cTaFUWaC4dya8Ao93D4yC0x8ZYnTu?= =?us-ascii?q?ng7yK5Ko7F4FFQJfNDiz9sm8jYqOgS2/rSBzAd4WOFZBht3iOC156NBu7o/eqW?= =?us-ascii?q?1NHbS1MGHyAxU4dHJzqO4BenSfSxlJXoVAOU98DyjYkmdE2KWny+gKQFs6hLEe?= =?us-ascii?q?5aiSX3xDteGZ7vh/KTrdWs7HFbtlpdEIZ89RfFArlQPo1nORTkkcmmXlR8BjHh?= =?us-ascii?q?d8HQbBUuvvSZy/wR7OV/OEv+ZJMbLQgfy73g83pVUxFiSLjosVaFRegRfsdpSO?= =?us-ascii?q?vYrnBJ7oJtM6APM0KHpJP0sjdIqEs7AAsoaL8ssDNadlPBnBBOW6ruvr4PlBcc?= =?us-ascii?q?W8ZjuUBQAWKwJH4+5z3fWKRakqaRDuAV8jKUTqAJSEVnLCd+QxKz2JVzdLqkhv?= =?us-ascii?q?RHvX1cniJ9uvcmyTpmSwWguSf0vaICxSog+K2ktDUGoXFFSOSenDvPCVVH1vsK?= =?us-ascii?q?lr0QC3fl6Vy7e3kDd5D/4LxoKMXv74Uh5G4/YRo7dS0cQeugEz3wj7+PAoGXv9?= =?us-ascii?q?JTmAWNuN7XYbGuIiYcMLU9yRT+R3lyyQXekxNo/3ENQjq+9tMkI5+9Ock9zCqy?= =?us-ascii?q?BWfbbEoM4r9OsMbpt14LS+s2aVV7zGp/0siHQjANS9HOGmY0iAgkcmZEcJNY5B?= =?us-ascii?q?8EFqkonCyHvq1b8QEVejvUFJqq+pXIl8fSxXY9Vctqxn7RpqCdh5Mqzmdqm9Vv?= =?us-ascii?q?4y6KpXQdau3YU8h3AnTp0Ydf0+P+be23su8bUItm1KihUPgaP8mh52S21ptqWk?= =?us-ascii?q?u+y7UQBVW5NvEMxqvBXyejV2KYRfyBc3KQkDYhLk7y+R6oI0U4aMdOqE88PPXN?= =?us-ascii?q?hppYlwD6SrN0QSOQpV7Hw2A5N+MVaR42sp+9ewMWVO4Re/ScJe82zf08CFsNb2?= =?us-ascii?q?fJHSxyC++3rV6igpN2O3Bh4UXme+Ti7BrqMNyIGhkLCYTatIJ++eSmRmKdPn9t?= =?us-ascii?q?1AFyPEhx9+rEC1Qxt/NTc5WPktjUndh71/AKd+t1Oy0nptETgp5j6ZWT0MqSdB?= =?us-ascii?q?HRz5XyJdLSovWDAf3Q1UcqemZcUrUHZwP5/YM6McAlW7fLB7tWoQwcBbQmQJwm?= =?us-ascii?q?L2r+7797LAVvcgPKf7S0hs7qpv6XZptKuXDZ80g8LCDGux0M0va0VxB0b4i2h3?= =?us-ascii?q?XuJ5A9XjxBoMNpChtnBItABdgNrgumA56RnaG0lcWx+0dktOMQtqrwEP/K3syj?= =?us-ascii?q?34ptR5ha+VCLPDHJCahlmkRllOWyjeve3ZTqDMPieM8EVPJlTWLfbb/GBIq/IC?= =?us-ascii?q?qUOs3gY05G76Kc0LVhXxWWYCD2QbGLtDWgNPp++kU71o14c/bPzDw38b7UxsH+?= =?us-ascii?q?Z2dFqSe/tXSJLodQ7ETWBezCWBJZUf6F8GdjHa0KYor47eMOMd05wNiA+Al+9z?= =?us-ascii?q?VC39GDI6imtEPM3Vh7dZ3DJkvzxyk5QZUKIAi4MUY0mm/WtHDdAXVaLsi5Jshh?= =?us-ascii?q?h9mbDgDt50Zvg2EieHZBFXDzSNeSJ2cbwcS+axOO9A1QEtYDkPS7eUkitq29Ue?= =?us-ascii?q?NoIIlKmf22tLUbltZkMyTPS9JGMCHQLb92OD1RA/7RpFgpZB4Lrbw1WoYzZZiT?= =?us-ascii?q?L0ILKkCAyTn9zQHay037a8Ss1LqVICYR6nhHzajK0TtLpwaiovuZn8vjUKzZbJ?= =?us-ascii?q?HxQf7SPyolVi2ASTQ0D0mp5U+uu+AYs/qAPWcfvlcUbzqdCAEJva9vt9nQAXHX?= =?us-ascii?q?meB4Yp0KgOqVWzvxSC1ljqYyADhEtVyUSfoZCQbWd2PhgHZbuAG6JP9M+HXlb6?= =?us-ascii?q?eCxqpUQOwbGY1MfeecQ9TGePBSPTAoli8WOOykZd3Ts6450k7UTWseC6TI71Oe?= =?us-ascii?q?TEuKTfGdxD/mRpsVsJYuuiop+9PQmSl3H77OP7mBuz79urK/2T2VvezYS3kFf1?= =?us-ascii?q?0+gOVEBnKIhhZHNjIqEdYQ7W3kROaielxD2XQywbZi0hkNdQBxenhj1nlfmvGt?= =?us-ascii?q?XMZeTAhH3yuVXPQaYQUvX3sL9kiQ71i3OIQN?= X-IPAS-Result: =?us-ascii?q?A2FoXACcHh5Z/wHyM5BcGwEBAQMBAQEJAQEBFgEBAQMBAQE?= =?us-ascii?q?JAQEBgwEpYoEMjniQe4IMAZEQhF0sA4JKiShXAQEBAQEBAQECAQJoBSOCMyQsV?= =?us-ascii?q?AEBAQEBAQEBAUwxPAYBAiRVAwkBARcIKQgDAVMZBRaIOYFPBLBrOiYCiySIPY1?= =?us-ascii?q?wBZAngQGMa4ccgzWITIJXiEKGU5RGWIEKTyEVhG0LAQEBPwMcgWZzhXcrghABA?= =?us-ascii?q?QE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 18 May 2017 22:27:08 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v4IMR7h4024449; Thu, 18 May 2017 18:27:08 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v4IMQ8ef076191 for ; Thu, 18 May 2017 18:26:08 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v4IMQ2uD024119 for ; Thu, 18 May 2017 18:26:07 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1CyAwDZHh5Z/4GlL8FcHAEBBAEBCgEBgyyBC4EMjniQe5gFHAiCSoM2AoZHAQIBAQEBAQJrKIUZBidSEBgIMVcZG4g5gVOwbjqLGgExiD2NcAWQJ4EBjGuHHIM1iEyCV48VlEZXgQpPIRWFOgMcgWY9NoV3K4IQAQEB X-IPAS-Result: A1CyAwDZHh5Z/4GlL8FcHAEBBAEBCgEBgyyBC4EMjniQe5gFHAiCSoM2AoZHAQIBAQEBAQJrKIUZBidSEBgIMVcZG4g5gVOwbjqLGgExiD2NcAWQJ4EBjGuHHIM1iEyCV48VlEZXgQpPIRWFOgMcgWY9NoV3K4IQAQEB X-IronPort-AV: E=Sophos;i="5.38,360,1491278400"; d="scan'208";a="6058445" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 18 May 2017 18:26:06 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AyM3fBBCMydGIyEX7dqu+UyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSPv+o8bcNUDSrc9gkEXOFd2CrakV1KyM6+u5AyQp2tWoiDg6aptCVhsI24?= =?us-ascii?q?09vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7?= =?us-ascii?q?Ovr6GpLIj8Swyuu+54Dfbx9GiTe5Y75+Ngu6oRneusULn4dpN7o8xAbOrnZUYe?= =?us-ascii?q?pd2HlmJUiUnxby58ew+IBs/iFNsP8/9MBOTLv3cb0gQbNXEDopPWY15Nb2tRbY?= =?us-ascii?q?VguA+mEcUmQNnRVWBQXO8Qz3UY3wsiv+sep9xTWaMMjrRr06RTiu86FmQwLzhS?= =?us-ascii?q?wZKzA27n3Yis1ojKJavh2hoQB/w5XJa42RLfZyY7/Rcc8fSWdHQ81fVTFOApmk?= =?us-ascii?q?YoUPEeQPIOhWoYr6qVQMoxuzHhWgCP/1xzNUnHL6wbE23uI8Gg/GxgwgGNcOvW?= =?us-ascii?q?zaotrvMqcZTOS7zLTSzTXMcfxW3yz945XPfx88u/6MW7NwftTVyUktDA7Fi0uf?= =?us-ascii?q?qYjhPzyP0OQNtGea4/B8WuKojm4qsgd8qSWhyMcrj4nGnIMVylbc+CV82ok1Pc?= =?us-ascii?q?e0SE99YdOiDZBetDmaOpNrTs4mTWxkoik3x78ctZKmfSUHyI4rywPBZ/GDdYWD?= =?us-ascii?q?/wjtW/yLIThigXJoYLK/iAi28Uin0uD8U9e70FJOriVflNnMsX8M2wbP5ciAUP?= =?us-ascii?q?d9/0Oh1S6O1wDV9O5EPVg5mbffJpMv2LI9mZgevV7eEiL3mEj6lrKaelsg9+Sw?= =?us-ascii?q?7uToeLTmppuSN49ujQH+N7wjldGlDuQ+MwgBQWyb+ean2b3m40L5RLFKgecwkq?= =?us-ascii?q?nev5HWP9gUpqm8AwNNyIYs9w6/Dyu60NQfhXQHN0xKeBaGj4jvJlHPL+v1Deu/?= =?us-ascii?q?gluwkDdrwOrKPrv6AprXNHTDn7Dhfaguo3JbnRE+ydFZ+oJ8FqAKIPW1XFT48t?= =?us-ascii?q?PfEEwXKQuxlsruDp1fy5kRVGSUSvuVOaXTvFuKzuciJ+2FYogF/j36Lq52tLbV?= =?us-ascii?q?kXYllApFLuGS1pwNZSX9R6w+Lg=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0FqYwCcHh5Z/4GlL8FcHAEBBAEBCgEBF?= =?us-ascii?q?wEBBAEBCgEBgwGBC4EMjniQe4IMAZEQhGgcCIJKgzYChkcBAQEBAQEBAQIBAmg?= =?us-ascii?q?ogjMkAStUAQEBAQEBAQEBTDE8BidSEBgIMVcZG4g5gVOwazqLGgExiD2NcAWQJ?= =?us-ascii?q?4EBjGuHHIM1iEyCV48VlEZYgQpPIRWFOgMcgWY9NoV3K4IQAQEB?= X-IPAS-Result: =?us-ascii?q?A0FqYwCcHh5Z/4GlL8FcHAEBBAEBCgEBFwEBBAEBCgEBgwG?= =?us-ascii?q?BC4EMjniQe4IMAZEQhGgcCIJKgzYChkcBAQEBAQEBAQIBAmgogjMkAStUAQEBA?= =?us-ascii?q?QEBAQEBTDE8BidSEBgIMVcZG4g5gVOwazqLGgExiD2NcAWQJ4EBjGuHHIM1iEy?= =?us-ascii?q?CV48VlEZYgQpPIRWFOgMcgWY9NoV3K4IQAQEB?= X-IronPort-AV: E=Sophos;i="5.38,360,1491264000"; d="scan'208";a="5923797" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from mail-il-dmz.mellanox.com (HELO mellanox.co.il) ([193.47.165.129]) by emsm-gh1-uea11.nsa.gov with ESMTP; 18 May 2017 22:26:05 +0000 Received: from Internal Mail-Server by MTLPINE1 (envelope-from danielj@mellanox.com) with ESMTPS (AES256-SHA encrypted); 19 May 2017 01:26:02 +0300 Received: from x-vnc01.mtx.labs.mlnx. (x-vnc01.mtx.labs.mlnx [10.12.150.16]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id v4IMPsGa013313; Fri, 19 May 2017 01:26:01 +0300 From: Dan Jurgens To: selinux@tycho.nsa.gov Subject: [PATCH v2 2/9] libsepol: Add ibpkey ocontext handling Date: Fri, 19 May 2017 01:25:42 +0300 Message-Id: <1495146349-75366-3-git-send-email-danielj@mellanox.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1495146349-75366-1-git-send-email-danielj@mellanox.com> References: <1495146349-75366-1-git-send-email-danielj@mellanox.com> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Daniel Jurgens Add support for reading, writing, and copying Infiniband Pkey ocontext data. Also add support for querying a Pkey sid to checkpolicy. Signed-off-by: Daniel Jurgens --- v1: Stephen Smalley: - Removed domain and type params from sepol_ibpkey_sid. - Removed splen param from sepol_ibpkey_sid, it never varied. - Removed extra XPERMS_IOCTL version from policydb_compat_info. - Confirm that low order bytes of IPv6 addr for subnet prefix is 0's. James Carter: - Added ibpkey handling to kernel_to_cil.c and kernel_to_conf.c v2: Stephen Smalley: - Store subnet prefix as 8 bytes. This mooted a couple other comments about checking and forcing 0's in the lower 8 bytes. - Bounds check PKeys values in ocontext_read_selinux. James Carter: - Add sorting of pkey ocontexts in kernel_to_common.c --- checkpolicy/checkpolicy.c | 27 +++++++++++++ libsepol/include/sepol/policydb/services.h | 8 ++++ libsepol/src/expand.c | 7 ++++ libsepol/src/kernel_to_cil.c | 62 +++++++++++++++++++++++++++++ libsepol/src/kernel_to_common.c | 19 +++++++++ libsepol/src/kernel_to_conf.c | 63 ++++++++++++++++++++++++++++++ libsepol/src/libsepol.map.in | 1 + libsepol/src/module_to_cil.c | 41 +++++++++++++++++++ libsepol/src/policydb.c | 37 ++++++++++++++++++ libsepol/src/services.c | 37 ++++++++++++++++++ libsepol/src/write.c | 16 ++++++++ 11 files changed, 318 insertions(+) diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c index 534fc22e..8aeecc1b 100644 --- a/checkpolicy/checkpolicy.c +++ b/checkpolicy/checkpolicy.c @@ -22,6 +22,7 @@ * * Policy Module support. * + * Copyright (C) 2017 Mellanox Technologies Inc. * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * Copyright (C) 2003 - 2005 Tresys Technology, LLC * Copyright (C) 2003 Red Hat, Inc., James Morris @@ -699,6 +700,7 @@ int main(int argc, char **argv) printf("h) change a boolean value\n"); printf("i) display constraint expressions\n"); printf("j) display validatetrans expressions\n"); + printf("k) Call ibpkey_sid\n"); #ifdef EQUIVTYPES printf("z) Show equivalent types\n"); #endif @@ -1220,6 +1222,31 @@ int main(int argc, char **argv) "\nNo validatetrans expressions found.\n"); } break; + case 'k': + { + char *p; + struct in6_addr addr6; + uint64_t subnet_prefix; + unsigned int pkey; + + printf("subnet prefix? "); + FGETS(ans, sizeof(ans), stdin); + ans[strlen(ans) - 1] = 0; + p = (char *)&addr6; + + if (inet_pton(AF_INET6, ans, p) < 1) { + printf("error parsing subnet prefix\n"); + break; + } + + memcpy(&subnet_prefix, p, sizeof(subnet_prefix)); + printf("pkey? "); + FGETS(ans, sizeof(ans), stdin); + pkey = atoi(ans); + sepol_ibpkey_sid(subnet_prefix, pkey, &ssid); + printf("sid %d\n", ssid); + } + break; #ifdef EQUIVTYPES case 'z': identify_equiv_types(); diff --git a/libsepol/include/sepol/policydb/services.h b/libsepol/include/sepol/policydb/services.h index 9162149a..3f3b95d1 100644 --- a/libsepol/include/sepol/policydb/services.h +++ b/libsepol/include/sepol/policydb/services.h @@ -188,6 +188,14 @@ extern int sepol_port_sid(uint16_t domain, uint16_t port, sepol_security_id_t * out_sid); /* + * Return the SID of the ibpkey specified by + * `subnet prefix', and `pkey'. + */ +extern int sepol_ibpkey_sid(uint64_t subnet_prefix_p, + uint16_t pkey, + sepol_security_id_t *out_sid); + +/* * Return the SIDs to use for a network interface * with the name `name'. The `if_sid' SID is returned for * the interface and the `msg_sid' SID is returned as diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c index 54bf781d..e4cfc41e 100644 --- a/libsepol/src/expand.c +++ b/libsepol/src/expand.c @@ -4,6 +4,7 @@ * * Copyright (C) 2004-2005 Tresys Technology, LLC * Copyright (C) 2007 Red Hat, Inc. + * Copyright (C) 2017 Mellanox Technologies, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -2217,6 +2218,12 @@ static int ocontext_copy_selinux(expand_state_t *state) return -1; } break; + case OCON_IBPKEY: + n->u.ibpkey.subnet_prefix = c->u.ibpkey.subnet_prefix; + + n->u.ibpkey.low_pkey = c->u.ibpkey.low_pkey; + n->u.ibpkey.high_pkey = c->u.ibpkey.high_pkey; + break; case OCON_PORT: n->u.port.protocol = c->u.port.protocol; n->u.port.low_port = c->u.port.low_port; diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c index 3a1c0be7..d1006186 100644 --- a/libsepol/src/kernel_to_cil.c +++ b/libsepol/src/kernel_to_cil.c @@ -2784,6 +2784,63 @@ exit: return rc; } +static int write_selinux_ibpkey_rules_to_cil(FILE *out, struct policydb *pdb) +{ + struct ocontext *ibpkeycon; + char subnet_prefix_str[INET6_ADDRSTRLEN]; + struct in6_addr subnet_prefix = {0}; + uint16_t low; + uint16_t high; + char low_high_str[44]; /* 2^64 <= 20 digits so "(low high)" <= 44 chars */ + char *ctx; + int rc = 0; + + for (ibpkeycon = pdb->ocontexts[OCON_IBPKEY]; ibpkeycon != NULL; + ibpkeycon = ibpkeycon->next) { + memcpy(&subnet_prefix.s6_addr, &ibpkeycon->u.ibpkey.subnet_prefix, + sizeof(ibpkeycon->u.ibpkey.subnet_prefix)); + + if (inet_ntop(AF_INET6, &subnet_prefix.s6_addr, + subnet_prefix_str, INET6_ADDRSTRLEN) == NULL) { + sepol_log_err("ibpkeycon subnet_prefix is invalid: %s", + strerror(errno)); + rc = -1; + goto exit; + } + + low = ibpkeycon->u.ibpkey.low_pkey; + high = ibpkeycon->u.ibpkey.high_pkey; + if (low == high) { + rc = snprintf(low_high_str, 44, "%u", low); + } else { + rc = snprintf(low_high_str, 44, "(%u %u)", low, high); + } + if (rc < 0 || rc >= 44) { + rc = -1; + goto exit; + } + + ctx = context_to_str(pdb, &ibpkeycon->context[0]); + if (!ctx) { + rc = -1; + goto exit; + } + + sepol_printf(out, "(ibpkeycon %s %s %s)\n", subnet_prefix_str, low_high_str, ctx); + + free(ctx); + } + + rc = 0; + +exit: + if (rc != 0) { + sepol_log_err("Error writing ibpkeycon rules to CIL\n"); + } + + return rc; +} + static int write_xen_isid_rules_to_cil(FILE *out, struct policydb *pdb) { return write_sid_context_rules_to_cil(out, pdb, xen_sid_to_str); @@ -3180,6 +3237,11 @@ int sepol_kernel_policydb_to_cil(FILE *out, struct policydb *pdb) if (rc != 0) { goto exit; } + + rc = write_selinux_ibpkey_rules_to_cil(out, pdb); + if (rc != 0) { + goto exit; + } } else if (pdb->target_platform == SEPOL_TARGET_XEN) { rc = write_xen_isid_rules_to_cil(out, pdb); if (rc != 0) { diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c index 45adc5d5..294f0b4e 100644 --- a/libsepol/src/kernel_to_common.c +++ b/libsepol/src/kernel_to_common.c @@ -518,6 +518,20 @@ static int node6_data_cmp(const void *a, const void *b) return memcmp(&(*aa)->u.node6.addr, &(*bb)->u.node6.addr, sizeof((*aa)->u.node6.addr)); } +static int ibpkey_data_cmp(const void *a, const void *b) +{ + int rc; + struct ocontext *const *aa = a; + struct ocontext *const *bb = b; + + rc = (*aa)->u.ibpkey.subnet_prefix - (*bb)->u.ibpkey.subnet_prefix; + if (rc) + return rc; + + return compare_ranges((*aa)->u.ibpkey.low_pkey, (*aa)->u.ibpkey.high_pkey, + (*bb)->u.ibpkey.low_pkey, (*bb)->u.ibpkey.high_pkey); +} + static int pirq_data_cmp(const void *a, const void *b) { struct ocontext *const *aa = a; @@ -641,6 +655,11 @@ int sort_ocontexts(struct policydb *pdb) if (rc != 0) { goto exit; } + + rc = sort_ocontext_data(&pdb->ocontexts[OCON_IBPKEY], ibpkey_data_cmp); + if (rc != 0) { + goto exit; + } } else if (pdb->target_platform == SEPOL_TARGET_XEN) { rc = sort_ocontext_data(&pdb->ocontexts[1], pirq_data_cmp); if (rc != 0) { diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index 22a09095..23307ce6 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -2645,6 +2645,64 @@ exit: return rc; } +static int write_selinux_ibpkey_rules_to_conf(FILE *out, struct policydb *pdb) +{ + struct ocontext *ibpkeycon; + char subnet_prefix_str[INET6_ADDRSTRLEN]; + struct in6_addr subnet_prefix = {0}; + uint16_t low; + uint16_t high; + char low_high_str[44]; /* 2^64 <= 20 digits so "low-high" <= 44 chars */ + char *ctx; + int rc = 0; + + for (ibpkeycon = pdb->ocontexts[OCON_IBPKEY]; ibpkeycon != NULL; + ibpkeycon = ibpkeycon->next) { + memcpy(&subnet_prefix.s6_addr, &ibpkeycon->u.ibpkey.subnet_prefix, + sizeof(ibpkeycon->u.ibpkey.subnet_prefix)); + + if (inet_ntop(AF_INET6, &subnet_prefix.s6_addr, + subnet_prefix_str, INET6_ADDRSTRLEN) == NULL) { + sepol_log_err("ibpkeycon address is invalid: %s", + strerror(errno)); + rc = -1; + goto exit; + } + + low = ibpkeycon->u.ibpkey.low_pkey; + high = ibpkeycon->u.ibpkey.high_pkey; + if (low == high) { + rc = snprintf(low_high_str, 44, "%u", low); + } else { + rc = snprintf(low_high_str, 44, "%u-%u", low, high); + } + if (rc < 0 || rc >= 44) { + rc = -1; + goto exit; + } + + ctx = context_to_str(pdb, &ibpkeycon->context[0]); + if (!ctx) { + rc = -1; + goto exit; + } + + sepol_printf(out, "ibpkeycon %s %s %s\n", subnet_prefix_str, + low_high_str, ctx); + + free(ctx); + } + + rc = 0; + +exit: + if (rc != 0) { + sepol_log_err("Error writing ibpkeycon rules to policy.conf\n"); + } + + return rc; +} + static int write_xen_isid_rules_to_conf(FILE *out, struct policydb *pdb) { return write_sid_context_rules_to_conf(out, pdb, xen_sid_to_str); @@ -3045,6 +3103,11 @@ int sepol_kernel_policydb_to_conf(FILE *out, struct policydb *pdb) if (rc != 0) { goto exit; } + + rc = write_selinux_ibpkey_rules_to_conf(out, pdb); + if (rc != 0) { + goto exit; + } } else if (pdb->target_platform == SEPOL_TARGET_XEN) { rc = write_xen_isid_rules_to_conf(out, pdb); if (rc != 0) { diff --git a/libsepol/src/libsepol.map.in b/libsepol/src/libsepol.map.in index 40426408..36225d1c 100644 --- a/libsepol/src/libsepol.map.in +++ b/libsepol/src/libsepol.map.in @@ -6,6 +6,7 @@ LIBSEPOL_1.0 { sepol_context_*; sepol_mls_*; sepol_check_context; sepol_iface_*; sepol_port_*; + sepol_ibpkey_*; sepol_node_*; sepol_user_*; sepol_genusers; sepol_set_delusers; sepol_msg_*; sepol_debug; diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index 7d8eb204..10d0700c 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -3,6 +3,7 @@ * Functions to convert policy module to CIL * * Copyright (C) 2015 Tresys Technology, LLC + * Copyright (C) 2017 Mellanox Technologies Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -2656,6 +2657,45 @@ exit: return rc; } +static int ocontext_selinux_ibpkey_to_cil(struct policydb *pdb, + struct ocontext *ibpkeycons) +{ + int rc = -1; + struct ocontext *ibpkeycon; + char subnet_prefix_str[INET6_ADDRSTRLEN]; + struct in6_addr subnet_prefix = {0}; + uint16_t high; + uint16_t low; + + for (ibpkeycon = ibpkeycons; ibpkeycon; ibpkeycon = ibpkeycon->next) { + low = ibpkeycon->u.ibpkey.low_pkey; + high = ibpkeycon->u.ibpkey.high_pkey; + memcpy(&subnet_prefix.s6_addr, &ibpkeycon->u.ibpkey.subnet_prefix, + sizeof(ibpkeycon->u.ibpkey.subnet_prefix)); + + if (inet_ntop(AF_INET6, &subnet_prefix.s6_addr, + subnet_prefix_str, INET6_ADDRSTRLEN) == NULL) { + log_err("ibpkeycon subnet_prefix is invalid: %s", + strerror(errno)); + rc = -1; + goto exit; + } + + if (low == high) + cil_printf("(ibpkeycon %s %i ", subnet_prefix_str, low); + else + cil_printf("(ibpkeycon %s (%i %i) ", subnet_prefix_str, low, + high); + + context_to_cil(pdb, &ibpkeycon->context[0]); + + cil_printf(")\n"); + } + return 0; +exit: + return rc; +} + static int ocontext_selinux_netif_to_cil(struct policydb *pdb, struct ocontext *netifs) { struct ocontext *netif; @@ -2889,6 +2929,7 @@ static int ocontexts_to_cil(struct policydb *pdb) ocontext_selinux_node_to_cil, ocontext_selinux_fsuse_to_cil, ocontext_selinux_node6_to_cil, + ocontext_selinux_ibpkey_to_cil, }; static int (*ocon_xen_funcs[OCON_NUM])(struct policydb *pdb, struct ocontext *ocon) = { ocontext_xen_isid_to_cil, diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index b1530955..09d14140 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -18,6 +18,7 @@ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * Copyright (C) 2003 - 2005 Tresys Technology, LLC * Copyright (C) 2003 - 2007 Red Hat, Inc. + * Copyright (C) 2017 Mellanox Technologies Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -186,6 +187,13 @@ static struct policydb_compat_info policydb_compat[] = { .target_platform = SEPOL_TARGET_SELINUX, }, { + .type = POLICY_KERN, + .version = POLICYDB_VERSION_INFINIBAND, + .sym_num = SYM_NUM, + .ocon_num = OCON_IBPKEY + 1, + .target_platform = SEPOL_TARGET_SELINUX, + }, + { .type = POLICY_BASE, .version = MOD_POLICYDB_VERSION_BASE, .sym_num = SYM_NUM, @@ -291,6 +299,13 @@ static struct policydb_compat_info policydb_compat[] = { .target_platform = SEPOL_TARGET_SELINUX, }, { + .type = POLICY_BASE, + .version = MOD_POLICYDB_VERSION_INFINIBAND, + .sym_num = SYM_NUM, + .ocon_num = OCON_IBPKEY + 1, + .target_platform = SEPOL_TARGET_SELINUX, + }, + { .type = POLICY_MOD, .version = MOD_POLICYDB_VERSION_BASE, .sym_num = SYM_NUM, @@ -395,6 +410,13 @@ static struct policydb_compat_info policydb_compat[] = { .ocon_num = 0, .target_platform = SEPOL_TARGET_SELINUX, }, + { + .type = POLICY_MOD, + .version = MOD_POLICYDB_VERSION_INFINIBAND, + .sym_num = SYM_NUM, + .ocon_num = 0, + .target_platform = SEPOL_TARGET_SELINUX, + }, }; #if 0 @@ -2798,6 +2820,21 @@ static int ocontext_read_selinux(struct policydb_compat_info *info, (&c->context[1], p, fp)) return -1; break; + case OCON_IBPKEY: + rc = next_entry(buf, fp, sizeof(uint32_t) * 4); + if (rc < 0 || buf[2] > 0xffff || buf[3] > 0xffff) + return -1; + + memcpy(&c->u.ibpkey.subnet_prefix, buf, + sizeof(c->u.ibpkey.subnet_prefix)); + + c->u.ibpkey.low_pkey = le32_to_cpu(buf[2]); + c->u.ibpkey.high_pkey = le32_to_cpu(buf[3]); + + if (context_read_and_validate + (&c->context[0], p, fp)) + return -1; + break; case OCON_PORT: rc = next_entry(buf, fp, sizeof(uint32_t) * 3); if (rc < 0) diff --git a/libsepol/src/services.c b/libsepol/src/services.c index 03fb1203..27e802c6 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -21,6 +21,7 @@ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * Copyright (C) 2003 - 2004 Tresys Technology, LLC * Copyright (C) 2003 - 2004 Red Hat, Inc. + * Copyright (C) 2017 Mellanox Technologies Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -1911,6 +1912,42 @@ int hidden sepol_fs_sid(char *name, } /* + * Return the SID of the ibpkey specified by + * `subnet prefix', and `pkey number'. + */ +int hidden sepol_ibpkey_sid(uint64_t subnet_prefix, + uint16_t pkey, sepol_security_id_t *out_sid) +{ + ocontext_t *c; + int rc = 0; + + c = policydb->ocontexts[OCON_IBPKEY]; + while (c) { + if (c->u.ibpkey.low_pkey <= pkey && + c->u.ibpkey.high_pkey >= pkey && + subnet_prefix == c->u.ibpkey.subnet_prefix) + break; + c = c->next; + } + + if (c) { + if (!c->sid[0]) { + rc = sepol_sidtab_context_to_sid(sidtab, + &c->context[0], + &c->sid[0]); + if (rc) + goto out; + } + *out_sid = c->sid[0]; + } else { + *out_sid = SECINITSID_UNLABELED; + } + +out: + return rc; +} + +/* * Return the SID of the port specified by * `domain', `type', `protocol', and `port'. */ diff --git a/libsepol/src/write.c b/libsepol/src/write.c index 1606807d..f63e7489 100644 --- a/libsepol/src/write.c +++ b/libsepol/src/write.c @@ -16,6 +16,7 @@ * * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * Copyright (C) 2003-2005 Tresys Technology, LLC + * Copyright (C) 2017 Mellanox Technologies Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -1411,6 +1412,21 @@ static int ocontext_write_selinux(struct policydb_compat_info *info, if (context_write(p, &c->context[1], fp)) return POLICYDB_ERROR; break; + case OCON_IBPKEY: + /* The subnet prefix is in network order */ + memcpy(buf, &c->u.ibpkey.subnet_prefix, + sizeof(c->u.ibpkey.subnet_prefix)); + + buf[2] = cpu_to_le32(c->u.ibpkey.low_pkey); + buf[3] = cpu_to_le32(c->u.ibpkey.high_pkey); + + items = put_entry(buf, sizeof(uint32_t), 4, fp); + if (items != 4) + return POLICYDB_ERROR; + + if (context_write(p, &c->context[0], fp)) + return POLICYDB_ERROR; + break; case OCON_PORT: buf[0] = c->u.port.protocol; buf[1] = c->u.port.low_port;