From patchwork Mon May 22 13:08:28 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Jurgens X-Patchwork-Id: 9740319 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 59B08601C2 for ; Mon, 22 May 2017 13:17:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 478B32793B for ; Mon, 22 May 2017 13:17:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3A59928419; Mon, 22 May 2017 13:17:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (emsm-gh1-uea10.nsa.gov [8.44.101.8]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 558B92793B for ; Mon, 22 May 2017 13:17:56 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.38,377,1491264000"; d="scan'208";a="7298321" IronPort-PHdr: =?us-ascii?q?9a23=3AIxLt+hHVBCeAGjzszMf3Op1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ79psqzbnLW6fgltlLVR4KTs6sC0LuJ9fq/EjJaqb+681k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRo?= =?us-ascii?q?LerpBIHSk9631+ev8JHPfglEnjSwbLdwIRmsswnctMYajIp8Jq0s1hbHv3xEdv?= =?us-ascii?q?hMy2h1P1yThRH85smx/J5n7Stdvu8q+tBDX6vnYak2VKRUAzs6PW874s3rrgTD?= =?us-ascii?q?QhCU5nQASGUWkwFHDBbD4RrnQ5r+qCr6tu562CmHIc37SK0/VDq+46t3ThLjlS?= =?us-ascii?q?kINyQ98GrKlMJ+iqxVqw+lqxBm3oLYfISZOfxjda3fYNwaX3JMUMZPWSJcDI2y?= =?us-ascii?q?bIwBAOgPPeZArYTxulUDogWlBQS3GO/j1iVFimPs0KEmz+gsFxzN0gw6H9IJtX?= =?us-ascii?q?TZtNv7O70UUeuoyKfI0C/Db/xI1jf784jDbxcsruyWUrJ2cMre100vFwHeg1WV?= =?us-ascii?q?t4PlOzeV2f4Ls2ic4OtsT/6gi2kiqwxopDWk28kiio7Mho0Py1DE8z10wIcuKt?= =?us-ascii?q?KmTk50fMakEJxKtyGGLYd5X90tQ39utS0nybMGoYa2cDUFxZko3RLSa+GLf5KW?= =?us-ascii?q?7h/sSuqdOyp0iGp4dL+7iRu+60etx+/mWsWp0VtHrjBJnsTSun0J0RHY99KJRe?= =?us-ascii?q?Fn/ki73DaCzwXT6uZZLk8qjafbMJshwqIolpoUrETDAjf6mEXog6+ScUUp4vSo?= =?us-ascii?q?5P79YrXnu5+cLJV4ih3+M6symsy/Bv40Mg4SUGiA5euwzrjj/Uz9QLlSj/02lL?= =?us-ascii?q?fWsIzCKMgGqaO0DBVZ34Y+5xqlETur38oUkWMaIF5dfRKIlYnpO1XAIPDiCve/?= =?us-ascii?q?hkyhkCx1yPDCP73hBIjNL3fanLj6erZ99khcxxYtwtBE/J9UFrEAL+7zWk/2rt?= =?us-ascii?q?DYCAQ5PBauz+boD9V9yJsSWXiTDa+BLKPSrViI6/otI+mLYo8aoir9K/g/6P7o?= =?us-ascii?q?lnI5m1gdfa+s3ZQNc3C4AuppI1+CYXb2hdcBC2gKtBIkTOP2kF2CTSJTZ3GqUq?= =?us-ascii?q?I+5DE0Ep6pDYTYRoCqhryB3Tm7E4ZYZmBCF1CNHmznd5iCW/cQdSKeOMhhkiYL?= =?us-ascii?q?VbK5UY8uyQmutBPmy7pgNufV9CwYtZbm1Ndr/e3ejh8y+iJpAMSayWGCVXl0nn?= =?us-ascii?q?kPRz80wq9wvVB9xk2E0ahijPxSDcZT6O9RUgcmKZ7cyPR3BM3uVQLEedeJTkqm?= =?us-ascii?q?Tsi9DDEvUN0x2d4OYkd6G9WklBzD2TSlA6MNnbyRGJM06r7c32T2J8tl1nnGyL?= =?us-ascii?q?Muj0M9T8RTMm2mg7Jw+BLIB47ViUmZkbildbgE1i7X6GiD1XaOvF1fUANoUaTE?= =?us-ascii?q?XHcfZk3NoNT84kPOVr6uCbI9PgtH08GCMKhKatz3jVpYXvvjPsrRY36pkWeqGR?= =?us-ascii?q?mI3q+MbJbte2gFxyrSE08IkwQS/XadKQg+HT2to3nAAzNyD17veF3j8e1/qHO9?= =?us-ascii?q?U081wBqHYFFh1rqv5x4VnuaQSv0J0bIYoychrDN0EEy639LMBNqKvxBhc7lEYd?= =?us-ascii?q?Mh/FdH0nrUuBJlPpO6NaBih0Uefh9vv0z0zRV3C55AkdAurHww0AV9N7iU0FRb?= =?us-ascii?q?dzOXxZrwIKHYKnHu/BCzbK7bwl/e0MyM9acJ9Ps4qk7jsRqsFko68nVrysJV0n?= =?us-ascii?q?WH5pnQCwoSS53xWF4t9xdmv7HafjU954TM2H1vK6a0sTjC288yCesm0BmgfNBf?= =?us-ascii?q?ML6eGA/1Cc0aCNCkKPY2lFixchIEIOdS+bYuMMy7bfuG2bCkPPx7kT28kWtH5Z?= =?us-ascii?q?px0kWW9ypzUuTIxYoKw+mE3gubUDfxlEyhss7tmYBDfjESAnGyyTPiBI5WaKxy?= =?us-ascii?q?eJwECWG0L82x2Np+m4bnW2RE+167G1MGxMipdAKcblPn2Q1QyVoYoWa8mSaj0T?= =?us-ascii?q?x7jSspobGC3CzL2ejicwAHOmFTTml4kVjsOZS0j8wdXEWwcwgmiQaq5UfgyKhf?= =?us-ascii?q?v6lwM27TQUJUcCfsNGFiTrG8trycbM5T8JkoqzlYUPygYVCGTb7wux0a0yLnH2?= =?us-ascii?q?ta2j87bCqntY/nkBxgj2KRNnFzrGDWecto3xfQ+MTcReJN3joBXCR4lzjXCUSg?= =?us-ascii?q?P9mu59WYjYvMsuC5V2KnWZ1eai3rzYKGtCSh/21qBgezn/epmt3oCQI6yzP018?= =?us-ascii?q?F2VSXUqxbxeo3r16WhMeJ7Z0VoH0Hz6857GoF4j4sxi4od2WMChpWU+3oHkHv8?= =?us-ascii?q?Mc5B1aL4cnUNWSYBw8TJ7wj9xE1jMnWJyprjVnWaxsthY8e1YnkK1SI64cFHE7?= =?us-ascii?q?yU7KFYkituuFa4qhjRYfdllDcH1fQu8GIag/0OuAc11iWSGK0SHU1CMSP2jRiH?= =?us-ascii?q?9Ne+rKFLZGaod7i9z09+kcynDLGFvg5QQnD5dYk+HSVo9MVwLErM0GHv6oHjYN?= =?us-ascii?q?TQbswcthuPkxrbjOhaNpQxluEMhSV5JWLxp3oly/Q0jRZ2x5G1oJCHK3lx/KK+?= =?us-ascii?q?GhNYKDv1aN4I9zHzi6ZRg8aW05qpHpp/BjUBRIHoQu6wEDIOqfTnMB6DECUmpX?= =?us-ascii?q?eGHbrSBhOQ6EZ6r3PPCpyrOWuYJH8DwdVlXhmdK1RVgBoIUzUigp45CgeqydT5?= =?us-ascii?q?cEhj+zAR4kD3qgNWxeJuKxnwTH3fqRy1ajcvVpefNgFW4htZ50fSLMye9P58ED?= =?us-ascii?q?9W/p2mtgyNJXKUax5ODW4XRkyOH0rjMaW25dnc7+iYAfKzL/XUbrWItexeUPKI?= =?us-ascii?q?yImh0oR44jmMMd+PMWN6D/0h3UpDX252FNjFmzkVTCwXjS3NZdaBpBig4i13st?= =?us-ascii?q?y/8PPzVQLq/4SPD79SPstz+xCqm6iMLfWdhCBnJjZEzZMD2WXHyKAB01IIjSFh?= =?us-ascii?q?aSWtG6watSHRVKLQhrNXDxkDZiNpLsdJ4bgw3gxXNs7fjdP01qV1geQpBFdAT1?= =?us-ascii?q?DhndupZcMSKWGnKFzHHFqLNKiBJTDTzcH3e72zRqBLjOpOsR2wpTGbE1T4MzuZ?= =?us-ascii?q?izbpUgqjMeZWjCGUJBZeop2ycg5xCWj/S9Lrchu7MMVtgj0u2b05nX3KNW8GMT?= =?us-ascii?q?hnb0NNoLyQ7SVCjfV5B2NB72BqLe2elyae9enYJY4cseF3DSRsi+Ja/HM6xqNN?= =?us-ascii?q?7C5aX/N6hi3Srt9yo1GhieSPyyRoXwRQpTpRg4KLp0piM73D9pZcQXbE4A4N7W?= =?us-ascii?q?KIBhsXvNtqFMfgu69KytfViqL+MyxC/MjX/csBHcjbMtiLMH48MRrvAjHUFhIJ?= =?us-ascii?q?TSKsNWHch01dl+ue9nuLoZgmspLsgoYBSqdHVFwpEfMXEl9lE8YcIJhtUTMrj6?= =?us-ascii?q?WbgdUT5XWkshneXspasY7cVv6IB/XgNiqZh6FeZxQU2bP4MZgTNorj1kN5a1l6?= =?us-ascii?q?k4PKG0zLUN9QvCJudQ40r19L8HRkSW0zwU3lYBu34HAPDf60ggI2igxmbOs3+z?= =?us-ascii?q?fj+Uk3KUTRqSs3iEk+h9PlgTWLfz7wKKe/RoZWCiXuu0g2KJP7TB5/bReukkx8?= =?us-ascii?q?KDfEW7VRgqN8dWBsjQ/Qo4FPGfldTKJaZh8f3uuXZ/I23lRfsSio2UhH5e7ZBp?= =?us-ascii?q?R4jwsqbYSgr3Re1AJ/dNQ1P7DfJLJVzlhMgaKDpiyo1+A1wAAAPEsN9WSSeCAG?= =?us-ascii?q?uEMWKrkmOyqo/utp6QOcgTdDfnYDV+YyqPJw6kw9I/iAzz7n07NbLEC+KfaQL6?= =?us-ascii?q?eCtmjDks6IWU8w2VkOl0le/rh20N0vc0yKWEAz1LGRDQgGNdLeKQFJaMpf7GLT?= =?us-ascii?q?cjiVserT2511JZmyFuDzQOCVtaYUmF+rHAEnH4QU9MQOAJmt3FveLcj5ML4P0Q?= =?us-ascii?q?8t6xjzJFWZEPRJfwqGnyoAo8G5yp94wJdSJjUcAWhmKyq4+KzXpggwjPqERtc2?= =?us-ascii?q?bW8QXpEYOXIuRM26hylZsmxdAzatzOIZyRWN7yTnqyvKFjn8dd1jZfmPZRxyFN?= =?us-ascii?q?625C8/86mqiV/X6JneIX/1Nch6sN/V9ewav4qHC+9TTbRlt0fcnJNYSGKsU2/O?= =?us-ascii?q?Ft64PJfwa48xbdDuDXa6SFO/gSovT8jtJNatMrSIgQbwSIZProab2DEjNcmgFj?= =?us-ascii?q?ARABp/u+YD5KdgagIZeJo7fQTktwIgOKyjOA2YyMmhQ36xKTtKSPlS1ea6Z6ZX?= =?us-ascii?q?ziU2aO+61HsgQ4o1z+mw6U4CWIsGjhfAyva/f4NeSzT8GmRBewXToio0j3RhNu?= =?us-ascii?q?c3wuc43BPIsVkdPiuWe+xoaG1LpcozCUmUIXpoFmoyX0Wcgpbb4g6ww7AS+DNQ?= =?us-ascii?q?kMxQ0e1ErHfxoIfQYDesWaytrpXVtTAvYMM9rK1wK4PjJNKKtJ3DnjDFSpnfrB?= =?us-ascii?q?GFWjagF/VGgthQPD5YQP5QlG4+J8MGv5FM5lAsWccgObNPErIsqaqwaTtkFyIS?= =?us-ascii?q?yjUZV4yY1jwYnui8w6falguXcJk6PxwErZRCgt8ZUyFoZyMTv7KsWJvNmG+FUG?= =?us-ascii?q?cLJh0f7QNW5AIPjoVwZPzq4JLUTJ9QzD5bu+h0Ui3KFpZ091v7TWWWgUPgRvu4?= =?us-ascii?q?juKnxx5fwvX339YHXx5/DFRSyPxNlks0Mr13LbcfvpLSuD+SaUz6pH7tyPehJF?= =?us-ascii?q?RJ083bakD3AZHKtWr5XSwQ43sUSpFTyHvHD5QdjxJ5aLo3pFVLOI2mYFzx5yYj?= =?us-ascii?q?x4tyBLS4SdqryEw7rXkYQyeqEtxBC+5isFLWVz1lY4yrqJv/NJVIR29c4pudpE?= =?us-ascii?q?lFkE91KS621YJcK91R4j4LRDVOry+Rs8eySM1C3M92DoUDItRktnf8BqxLJoae?= =?us-ascii?q?r2cxurz1xX/T4yo8v0uixDWvB6+4SPpU8HcEGgU0IWSSsEovAvAt8mfT81DNrk?= =?us-ascii?q?t78/1dBreRkUV7uCx9EYxWBjZVyXClKEx+THhAs+VGNqvVd9JTQ/wsah+zIRw/?= =?us-ascii?q?FeUr30uR/U5qm3f5ZjZ9tgpe+y/GWAk1WjMZgrD3mT0RssunIyMVS4pUbTU9aC?= =?us-ascii?q?fIMw2bmTpNsxZZd0FnQJEZAtFL+rEdwYtU/tTNSUeqKSEZQhNiLBg00fxBmk5f?= =?us-ascii?q?qE+YYzzSDRK0dfbTtR16ZduRrMmsLPni4AdLlobnv/si+6UFWXKmhRWnQcrCoI?= =?us-ascii?q?/kqt2KqkyOeb/4M+Kme3/OVjzMgg2riLg5EZbK5zDTPxRfK5Zk03ooe5/hCXTE?= =?us-ascii?q?PR5ePaIUO1JbVbxmadVBuu1aZchkd7gS9KBwGB2HXQ3gGJazrPZYM1nfXzLeID?= =?us-ascii?q?ud8uanu4Lc8aTdSfT8ZsyL33vIWKx3MYtm5TT5Brvn35RT9Vbx2vdo6kx1U0PG?= =?us-ascii?q?MzyboNTnOAwL+NGodlH+sZ0xATPWHJBwnWL3xk5easUXQzel8IgDxZNd73bwV/?= =?us-ascii?q?x33lbvv+1V6rZr95M747Z3xseoPa3SM+hVsVd7AhiIAQVn7o0tAHNjR29Lf+AR?= =?us-ascii?q?NOzcfb8ejcDzseD4C7IY6BuJ++xDc9THI1vNms6lCjGTURZEhhsOqSYGLguA0P?= =?us-ascii?q?6Ig7N0Sdy7qufnx00g+EW+LhoazLB3/4iE5KuIpOjTbxTP0bgIQK/qRtn8rr40?= =?us-ascii?q?oUOd+eUklKISemxyewCnEvISVtQaxmf7yaAl1zwsHtjGH7L9/P5DS3M5kS7hm5?= =?us-ascii?q?9nGVUWAekYHb2R/YRRhm04gfDWNsUKcqBenWaCDRykHaUEyX6l8SuXJ3RqjQ/V?= =?us-ascii?q?3hHsW2yz6kT2rShiTSvK0djjjlJfVqOrCkdKQyqpJUh4vSuJPArsr9f3uKI17E?= =?us-ascii?q?QsPmzlstKNmnGhN6lMH83jPtycPDU7pE4KjJ0rWNOjw4cbGcCyIN0J6nFxcuPe?= =?us-ascii?q?63+3ky9Gu6pHgYve7d2S+vXTB3aglLeWq7SKxDBf0Xg4pkoy6tWvO/DB/dGKRO?= =?us-ascii?q?6o12kJRSdlpwTBRwK1qqDcr10MJUOEykPLl5IRPtFF3Xg40Vrr5PM/T9Iy6gpe?= =?us-ascii?q?EJrAZ/IYqjzpPjv730qfacotViaCyztXAk71EV5gFag4w2LwucLEmGze+1I2W4?= =?us-ascii?q?ZwcFbnigZvD4UiLkIt6kYYzTYfEQQXbhCbFr6oD1z/LYQYTUgDdQiH3L+id6c1?= =?us-ascii?q?3E1zx6ii5OrNYu18GaUNLPddjgiBnFRBHJIZr7EeSqpme1BB7K7XuhTiC4//Uv?= =?us-ascii?q?jnlHs/L+e6TdxB/MACqXQi/hiwSAa65ZdE9bYbh4iCdrRYbpjUoMB880Bn6CYU?= =?us-ascii?q?eSxMmxh+gQm2UeIdpOD/+tjUqoeo6uK1WakxQOUY6gY7CH5jj5vqh1Aju8vY2/?= =?us-ascii?q?1bSo3PhoT16BpNLGKSuIbGzxl8LvIDK5qxc7Z863oHJyYfJ3UUPdqVcvU8+DFi?= =?us-ascii?q?MDHS51xEH8MNasgVPNLXlgBIlkLpWL9S9s3BGl+bEYtzdN4n73DxyD8r9ZswSO?= =?us-ascii?q?Hg6CW5JZrH9VFCI+tDjDlwlNLFvOUV3eDSBzYT4XaDbRh63DiPxISMC/b//OWM?= =?us-ascii?q?1MvbV0gcES4sTodRPjyC9hK7RuCtjpXmThuU6tPvgJI5bE+QSWa+nL4bvaZQEe?= =?us-ascii?q?5NkSH73jlCFo/rh/Kaqces6HBNul1BDolz8QXPGL9DMZVjJRT4is6rS1BzBiTh?= =?us-ascii?q?fsHUah0uuO2RyucX/ep+M0r+ZYkGIhML0L/67WRaThFuSbHspFqZW/weZMd+Qv?= =?us-ascii?q?Pesn9V8Z5gK7MIPFWFuJPqrC1Hp0wtDQA1b78wqjhadkjQkw1PR6b7pqIPigsG?= =?us-ascii?q?Xd5+o09MFnq6OHgi6DrfSaRVkK6RBeQQ8jWUSKwOT0poPT1lThOw2ZVhYb2pku?= =?us-ascii?q?5bsmJImSN9uvsq0yd8SBu6pyLsu7oH2Sg897GgqDUBpXtFQ/2RkyjUElVD1+0G?= =?us-ascii?q?g7oTBXjk6Fy8ZmQDbYTp7bloIMTv748h7GolbRUkZS0GUvyqCzvsgKOQHoyPrN?= =?us-ascii?q?VciQaPuMXJbb+zKzIeOag9yRLnWnhyzwnfnBdu8GsQQTWg7cQpJJu8OcY73CWo?= =?us-ascii?q?HXXUdFcW7qNPrsTxqUYBTPEqZlN53GVjzs+HSzUMRMzRAWk1iBMpaWFZcJ1e6B?= =?us-ascii?q?8aELIojiyPvqlc8QEeeC3UHZi9+onMgcfI3mEwTdV0yWLYqK2Fgogn0XN/lNNy?= =?us-ascii?q?8CGOpG4ed+rGXM9wGnLzzJtQyfTiZ/WxteAKUIRmyLCmUP4MLMaj/W+21Y5xWk?= =?us-ascii?q?+iwLQeHka2PPUFxrjFTyevUXeYVviTc2iQgzY5NVb/5RuoLlw3cMdKqEs9Mure?= =?us-ascii?q?hpFCjADhVLJ0RjmKpVDF1mAjNvkadw0usoe9ZwMKVPIRZ/SbJeU23P0+CV4MYm?= =?us-ascii?q?TVHSt3F+C2skCinIxhN3Vm/0r6ffzn8hr6P9uKBhkEDYnao4Z0+fy7RWKBOnhg?= =?us-ascii?q?wQZwPEZu9OffEFIxufFac5qLm9jfmch72/Yfd/hxKS09psITmoV75IaPzsiKdw?= =?us-ascii?q?3Rw43pJdHRpfiYH+Hfz1o0dW5HSLYZZhn154oiNN4jR7LTBadZvQgbBaUiWJwh?= =?us-ascii?q?MGPx+7tuLAJ9dQ7RYLq0j9LvpuKMYZtUvGHZ4U4qLCfboB0D0f20TQp0b5ywgH?= =?us-ascii?q?XyOp8wTCpbr9JxEhtmAJdPG8QYogqpHZGUnKC7i8ev9E5huu4KsK/wCvXU29Sj?= =?us-ascii?q?24V+QYJW5UuRPDbeHKNrmFhqjvyugvfc1Zn8Ec3jecseVOh6XmHKdKTLHoC+Kj?= =?us-ascii?q?KSIMLzZVRK87mG0LJ2Sh+Rfjz2X7KatC24M/Vp+UI7yohmc+fI1Dwt66vU2MDu?= =?us-ascii?q?Z2FauiijsWSJO4VB41DQA+zRQQ5UQ+Kf8Gl5Ba0XcZf09OAWPNwmwdic5RRz7T?= =?us-ascii?q?tb3MuBIqihtVPM2llgeJLaNkTp3SE5VZMNIBSlPksmmXXZpWjFAXRAMsikLtFg?= =?us-ascii?q?gM2LARzp5klxn3wtZ2FGFmTnWdeROXYU29igaw2S7g1GFNUDkPCteU4+qKKyTf?= =?us-ascii?q?JnOohKmemws7UHi9lpITnVRMdGJyHQMKN2Pj1JA+XKvlcnfh4Es7kzWocyfpWO?= =?us-ascii?q?PkIHMEGexiP2zAvC11D0dtO22KaOOiYW/W1Nz6jZ3jhUuwm5pfGZj9XhUL/Db5?= =?us-ascii?q?H2W+XdPTE4VjGcWTQyEUGp+Uqru/oEoPqUO2EfrU4IYiiKEg4curhvrcTMDm/U?= =?us-ascii?q?geBjc4cFi+uAWyDxViJ4kLE/BjhPtU+WWPoDFBTWY2XngGVCpAyoPuVM8m79b7?= =?us-ascii?q?2E2qpVXPQbAolJcv2eWdvYY/FeJywzmzUfIum8esPTr7cj3lLPV2sZHLHC9EeC?= =?us-ascii?q?Q06OXvyc2zXrUJ0Ov4g6vyon5tPdkyxsHqTWIbmfvT+u84+/jCaeo+HeUHciY1?= =?us-ascii?q?BmyN4FVXKMxBhGNXEsF8AeuEarRLWJIUlLyiEHk+VrjjMFfkxRT2dh33tN1KKx?= =?us-ascii?q?E8tYRFoWpGajRPkPaldnSjg3+BnZsUXJfdUctJWLFCdl/bwWRN9YdaEl?= X-IPAS-Result: =?us-ascii?q?A2GYAgDs4yJZ/wHyM5BcGwEBAQMBAQEJAQEBFgEBAQMBAQE?= =?us-ascii?q?JAQEBgwEpgW6OepB9cpcQJIwXVwEBAQEBAQEBAgECaAUjgjMkgkIGAQIXDVUDC?= =?us-ascii?q?QEBFwgpCAMBUxkFiE+BUASxYjomAosZiD2CZ4sJBZAogQGMbZMhixuGU5RIWFk?= =?us-ascii?q?xTyIVhG0LAQEBQhyBZnOJKgEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 22 May 2017 13:17:49 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v4MDHiOH015283; Mon, 22 May 2017 09:17:46 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v4MDFcgO141699 for ; Mon, 22 May 2017 09:15:38 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v4MDFWnx014688 for ; Mon, 22 May 2017 09:15:37 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1B1AgB44yJZf4GlL8FcHAEBBAEBCgEBgyyCF456kH1ylxOGJAKGaQECAQEBAQECEwEBIV2FGQMDGg1SEBgIMVcZiFSBVLFiOosPMog9gmeLCQWQKIEBjG2TIZFulEhWWjFPIhWFPRyBZj02iSoBAQE X-IPAS-Result: A1B1AgB44yJZf4GlL8FcHAEBBAEBCgEBgyyCF456kH1ylxOGJAKGaQECAQEBAQECEwEBIV2FGQMDGg1SEBgIMVcZiFSBVLFiOosPMog9gmeLCQWQKIEBjG2TIZFulEhWWjFPIhWFPRyBZj02iSoBAQE X-IronPort-AV: E=Sophos;i="5.38,377,1491278400"; d="scan'208";a="6061056" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 22 May 2017 09:15:37 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3A+bSJJRKmU8bUBFhEQ9mcpTZWNBhigK39O0sv0rFi?= =?us-ascii?q?tYgRLPTxwZ3uMQTl6Ol3ixeRBMOAuq0C0bWd7fqocFdDyK7JiGoFfp1IWk1Nou?= =?us-ascii?q?QttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZr?= =?us-ascii?q?KeTpAI7SiNm82/yv95HJbQhFgDiwbalsIBi0ognct9caipZ+J6gszRfEvmFGcP?= =?us-ascii?q?lMy2NyIlKTkRf85sOu85Nm7i9dpfEv+dNeXKvjZ6g3QqBWAzogM2Au+c3krgLD?= =?us-ascii?q?QheV5nsdSWoZjBxFCBXY4R7gX5fxtiz6tvdh2CSfIMb7Q6w4VSik4qx2UxLjlj?= =?us-ascii?q?sJOCAl/2HWksxwjbxUoBS9pxxk3oXYZJiZOOdicq/BeN8XQ3dKUMRMWCxbGo6y?= =?us-ascii?q?b5UBAfcPM+hbqIfypVUOoACiCQWwHu7j1iVFimPq0aA8zu8vERvG3AslH98Wvn?= =?us-ascii?q?rbttP1P7oWX+Co1qnIwivMb/VN2Tzg74XHbwouofeNXb1udcrRy1IiFwbbgVWU?= =?us-ascii?q?rYzqJTWV1uMCsmSB8+VgUuevhnchpgpsrDavwcIshZPIhoIT0l3E9D52z5gzJd?= =?us-ascii?q?KlUE57ZsSkEIdKuy6HKYR2XMUvSHxrtiYi0rAKpJq2cSYQxJkoxRPTceGLfomI?= =?us-ascii?q?7x75SeqdPzN1iXR4c7ylnRmy61KvyujkW8m0zllKqi1Fn8HJtn8T0xzT7tKISv?= =?us-ascii?q?16/kauwzqAywfT5vtFIUAwjabbKpghzaAslpcLrEjOGiH7lF/5gaKUbEko5+ml?= =?us-ascii?q?5uT9brn7uJORM5d4igTkPaQvnsy/D/44Mg8LX2WD5Ouzzrvj/UznT7VOjP07ia?= =?us-ascii?q?zZv47eJcQfvKG5BQhV04k55xmjCDem1cwUnWMbI1JdZBKHk4/pNknVIP/mCfe/?= =?us-ascii?q?glKskCpkxv3dIr3gAonCLnjEkLv7e7Z98FRTxBA8zdBY+ZIHQo0Gden+Xk73qc?= =?us-ascii?q?zwEg4yMwvyxf3uTtp6yNAwQ2WKV4OQNuvwrEWH6+Q0a72AbYkUtTL/A/0o4/rn?= =?us-ascii?q?i3gp31QaeP/6jtMsdHmkE6E+cA2ian32j4JESD9Ssw=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0HmAQDs4yJZf4GlL8FcHAEBBAEBCgEBF?= =?us-ascii?q?wEBBAEBCgEBgwGCF456kH1ylxOGJAKGaQEBAQEBAQEBAgECEAEBIV2CMyQBgkE?= =?us-ascii?q?DAxoNUhAYCDFXGYhUgVSxYjqLDzKIPYJniwkFkCiBAYxtkyGRbpRIVlsxTyIVh?= =?us-ascii?q?T0cgWY9NokqAQEB?= X-IPAS-Result: =?us-ascii?q?A0HmAQDs4yJZf4GlL8FcHAEBBAEBCgEBFwEBBAEBCgEBgwG?= =?us-ascii?q?CF456kH1ylxOGJAKGaQEBAQEBAQEBAgECEAEBIV2CMyQBgkEDAxoNUhAYCDFXG?= =?us-ascii?q?YhUgVSxYjqLDzKIPYJniwkFkCiBAYxtkyGRbpRIVlsxTyIVhT0cgWY9NokqAQE?= =?us-ascii?q?B?= X-IronPort-AV: E=Sophos;i="5.38,377,1491264000"; d="scan'208";a="7298162" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from mail-il-dmz.mellanox.com (HELO mellanox.co.il) ([193.47.165.129]) by emsm-gh1-uea10.nsa.gov with ESMTP; 22 May 2017 13:15:35 +0000 Received: from Internal Mail-Server by MTLPINE1 (envelope-from danielj@mellanox.com) with ESMTPS (AES256-SHA encrypted); 22 May 2017 16:08:51 +0300 Received: from x-vnc01.mtx.labs.mlnx. (x-vnc01.mtx.labs.mlnx [10.12.150.16]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id v4MD8f0s017562; Mon, 22 May 2017 16:08:50 +0300 From: Dan Jurgens To: selinux@tycho.nsa.gov Subject: [PATCH v3 6/9] libsepol: Add IB end port handling to CIL Date: Mon, 22 May 2017 16:08:28 +0300 Message-Id: <1495458511-46724-7-git-send-email-danielj@mellanox.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1495458511-46724-1-git-send-email-danielj@mellanox.com> References: <1495458511-46724-1-git-send-email-danielj@mellanox.com> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Daniel Jurgens Add IB end port parsing, symbol table management, and policy generation to CIL. Signed-off-by: Daniel Jurgens --- v1: James Carter: - Add cil_resolve_ibendportcon prototype in cil_resolve_ast.h --- libsepol/cil/src/cil.c | 18 +++++++++++ libsepol/cil/src/cil_binary.c | 29 +++++++++++++++++ libsepol/cil/src/cil_binary.h | 12 +++++++ libsepol/cil/src/cil_build_ast.c | 65 ++++++++++++++++++++++++++++++++++++++ libsepol/cil/src/cil_build_ast.h | 2 ++ libsepol/cil/src/cil_copy_ast.c | 25 +++++++++++++++ libsepol/cil/src/cil_flavor.h | 1 + libsepol/cil/src/cil_internal.h | 9 ++++++ libsepol/cil/src/cil_policy.c | 15 +++++++++ libsepol/cil/src/cil_post.c | 42 ++++++++++++++++++++++++ libsepol/cil/src/cil_post.h | 1 + libsepol/cil/src/cil_reset_ast.c | 10 ++++++ libsepol/cil/src/cil_resolve_ast.c | 28 ++++++++++++++++ libsepol/cil/src/cil_resolve_ast.h | 1 + libsepol/cil/src/cil_tree.c | 13 ++++++++ libsepol/cil/src/cil_verify.c | 23 ++++++++++++++ 16 files changed, 294 insertions(+) diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index 3df670a7..c02a41a5 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -189,6 +189,7 @@ static void cil_init_keys(void) CIL_KEY_CONTEXT = cil_strpool_add("context"); CIL_KEY_FILECON = cil_strpool_add("filecon"); CIL_KEY_IBPKEYCON = cil_strpool_add("ibpkeycon"); + CIL_KEY_IBENDPORTCON = cil_strpool_add("ibendportcon"); CIL_KEY_PORTCON = cil_strpool_add("portcon"); CIL_KEY_NODECON = cil_strpool_add("nodecon"); CIL_KEY_GENFSCON = cil_strpool_add("genfscon"); @@ -259,6 +260,7 @@ void cil_db_init(struct cil_db **db) cil_sort_init(&(*db)->filecon); cil_sort_init(&(*db)->nodecon); cil_sort_init(&(*db)->ibpkeycon); + cil_sort_init(&(*db)->ibendportcon); cil_sort_init(&(*db)->portcon); cil_sort_init(&(*db)->pirqcon); cil_sort_init(&(*db)->iomemcon); @@ -311,6 +313,7 @@ void cil_db_destroy(struct cil_db **db) cil_sort_destroy(&(*db)->filecon); cil_sort_destroy(&(*db)->nodecon); cil_sort_destroy(&(*db)->ibpkeycon); + cil_sort_destroy(&(*db)->ibendportcon); cil_sort_destroy(&(*db)->portcon); cil_sort_destroy(&(*db)->pirqcon); cil_sort_destroy(&(*db)->iomemcon); @@ -737,6 +740,9 @@ void cil_destroy_data(void **data, enum cil_flavor flavor) case CIL_PORTCON: cil_destroy_portcon(*data); break; + case CIL_IBENDPORTCON: + cil_destroy_ibendportcon(*data); + break; case CIL_NODECON: cil_destroy_nodecon(*data); break; @@ -1105,6 +1111,8 @@ const char * cil_node_to_string(struct cil_tree_node *node) return CIL_KEY_FILECON; case CIL_IBPKEYCON: return CIL_KEY_IBPKEYCON; + case CIL_IBENDPORTCON: + return CIL_KEY_IBENDPORTCON; case CIL_PORTCON: return CIL_KEY_PORTCON; case CIL_NODECON: @@ -1838,6 +1846,16 @@ void cil_netifcon_init(struct cil_netifcon **netifcon) (*netifcon)->context_str = NULL; } +void cil_ibendportcon_init(struct cil_ibendportcon **ibendportcon) +{ + *ibendportcon = cil_malloc(sizeof(**ibendportcon)); + + (*ibendportcon)->dev_name_str = NULL; + (*ibendportcon)->port = 0; + (*ibendportcon)->context_str = NULL; + (*ibendportcon)->context = NULL; +} + void cil_context_init(struct cil_context **context) { *context = cil_malloc(sizeof(**context)); diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index 1ddbf21f..c0ca60f2 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -3323,6 +3323,30 @@ exit: return rc; } +int cil_ibendportcon_to_policydb(policydb_t *pdb, struct cil_sort *ibendportcons) +{ + int rc = SEPOL_ERR; + uint32_t i; + ocontext_t *tail = NULL; + + for (i = 0; i < ibendportcons->count; i++) { + ocontext_t *new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_IBENDPORT], &tail); + struct cil_ibendportcon *cil_ibendportcon = ibendportcons->array[i]; + + new_ocon->u.ibendport.dev_name = cil_strdup(cil_ibendportcon->dev_name_str); + new_ocon->u.ibendport.port = cil_ibendportcon->port; + + rc = __cil_context_to_sepol_context(pdb, cil_ibendportcon->context, &new_ocon->context[0]); + if (rc != SEPOL_OK) + goto exit; + } + + return SEPOL_OK; + +exit: + return rc; +} + int cil_nodecon_to_policydb(policydb_t *pdb, struct cil_sort *nodecons) { int rc = SEPOL_ERR; @@ -3887,6 +3911,11 @@ int __cil_contexts_to_policydb(policydb_t *pdb, const struct cil_db *db) goto exit; } + rc = cil_ibendportcon_to_policydb(pdb, db->ibendportcon); + if (rc != SEPOL_OK) { + goto exit; + } + if (db->target_platform == SEPOL_TARGET_XEN) { rc = cil_pirqcon_to_policydb(pdb, db->pirqcon); if (rc != SEPOL_OK) { diff --git a/libsepol/cil/src/cil_binary.h b/libsepol/cil/src/cil_binary.h index a03d250d..5367febe 100644 --- a/libsepol/cil/src/cil_binary.h +++ b/libsepol/cil/src/cil_binary.h @@ -342,6 +342,18 @@ int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, st int cil_ibpkeycon_to_policydb(policydb_t *pdb, struct cil_sort *ibpkeycons); /** + * Insert cil idbev structure into sepol policydb. + * The function is given a structure containing the sorted ibendportcons and + * loops over this structure inserting them into the policy database. + * + * @param[in] pdb The policy database to insert the pkeycon into. + * @param[in] node The cil_sort structure that contains the sorted ibendportcons. + * + * @return SEPOL_OK upon success or an error otherwise. + */ +int cil_ibendportcon_to_policydb(policydb_t *pdb, struct cil_sort *pkeycons); + +/** * Insert cil portcon structure into sepol policydb. * The function is given a structure containing the sorted portcons and * loops over this structure inserting them into the policy database. diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index 11215744..0a9a5e57 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -4667,6 +4667,68 @@ void cil_destroy_netifcon(struct cil_netifcon *netifcon) free(netifcon); } +int cil_gen_ibendportcon(__attribute__((unused)) struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node) +{ + enum cil_syntax syntax[] = { + CIL_SYN_STRING, + CIL_SYN_STRING, + CIL_SYN_STRING, + CIL_SYN_STRING | CIL_SYN_LIST, + CIL_SYN_END + }; + int syntax_len = sizeof(syntax) / sizeof(*syntax); + int rc = SEPOL_ERR; + struct cil_ibendportcon *ibendportcon = NULL; + + if (!db || !parse_current || !ast_node) + goto exit; + + rc = __cil_verify_syntax(parse_current, syntax, syntax_len); + if (rc != SEPOL_OK) + goto exit; + + cil_ibendportcon_init(&ibendportcon); + + ibendportcon->dev_name_str = parse_current->next->data; + + rc = cil_fill_integer(parse_current->next->next, &ibendportcon->port, 10); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Improper ibendport port specified\n"); + goto exit; + } + + if (!parse_current->next->next->next->cl_head) { + ibendportcon->context_str = parse_current->next->next->data; + } else { + cil_context_init(&ibendportcon->context); + + rc = cil_fill_context(parse_current->next->next->next->cl_head, ibendportcon->context); + if (rc != SEPOL_OK) + goto exit; + } + + ast_node->data = ibendportcon; + ast_node->flavor = CIL_IBENDPORTCON; + + return SEPOL_OK; + +exit: + cil_tree_log(parse_current, CIL_ERR, "Bad ibendportcon declaration"); + cil_destroy_ibendportcon(ibendportcon); + return SEPOL_ERR; +} + +void cil_destroy_ibendportcon(struct cil_ibendportcon *ibendportcon) +{ + if (!ibendportcon) + return; + + if (!ibendportcon->context_str && ibendportcon->context) + cil_destroy_context(ibendportcon->context); + + free(ibendportcon); +} + int cil_gen_pirqcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node) { enum cil_syntax syntax[] = { @@ -6301,6 +6363,9 @@ int __cil_build_ast_node_helper(struct cil_tree_node *parse_current, uint32_t *f } else if (parse_current->data == CIL_KEY_IBPKEYCON) { rc = cil_gen_ibpkeycon(db, parse_current, ast_node); *finished = CIL_TREE_SKIP_NEXT; + } else if (parse_current->data == CIL_KEY_IBENDPORTCON) { + rc = cil_gen_ibendportcon(db, parse_current, ast_node); + *finished = CIL_TREE_SKIP_NEXT; } else if (parse_current->data == CIL_KEY_PORTCON) { rc = cil_gen_portcon(db, parse_current, ast_node); *finished = CIL_TREE_SKIP_NEXT; diff --git a/libsepol/cil/src/cil_build_ast.h b/libsepol/cil/src/cil_build_ast.h index c2d7b31e..8153e51e 100644 --- a/libsepol/cil/src/cil_build_ast.h +++ b/libsepol/cil/src/cil_build_ast.h @@ -177,6 +177,8 @@ int cil_gen_filecon(struct cil_db *db, struct cil_tree_node *parse_current, stru void cil_destroy_filecon(struct cil_filecon *filecon); int cil_gen_ibpkeycon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); void cil_destroy_ibpkeycon(struct cil_ibpkeycon *ibpkeycon); +int cil_gen_ibendportcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); +void cil_destroy_ibendportcon(struct cil_ibendportcon *ibendportcon); int cil_gen_portcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); void cil_destroy_portcon(struct cil_portcon *portcon); int cil_gen_nodecon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node); diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c index 7307b08b..7af00aaf 100644 --- a/libsepol/cil/src/cil_copy_ast.c +++ b/libsepol/cil/src/cil_copy_ast.c @@ -1227,6 +1227,28 @@ int cil_copy_ibpkeycon(struct cil_db *db, void *data, void **copy, __attribute__ return SEPOL_OK; } +int cil_copy_ibendportcon(struct cil_db *db, void *data, void **copy, __attribute__((unused)) symtab_t *symtab) +{ + struct cil_ibendportcon *orig = data; + struct cil_ibendportcon *new = NULL; + + cil_ibendportcon_init(&new); + + new->dev_name_str = orig->dev_name_str; + new->port = orig->port; + + if (orig->context_str) { + new->context_str = orig->context_str; + } else { + cil_context_init(&new->context); + cil_copy_fill_context(db, orig->context, new->context); + } + + *copy = new; + + return SEPOL_OK; +} + int cil_copy_portcon(struct cil_db *db, void *data, void **copy, __attribute__((unused)) symtab_t *symtab) { struct cil_portcon *orig = data; @@ -1942,6 +1964,9 @@ int __cil_copy_node_helper(struct cil_tree_node *orig, __attribute__((unused)) u case CIL_IBPKEYCON: copy_func = &cil_copy_ibpkeycon; break; + case CIL_IBENDPORTCON: + copy_func = &cil_copy_ibendportcon; + break; case CIL_PORTCON: copy_func = &cil_copy_portcon; break; diff --git a/libsepol/cil/src/cil_flavor.h b/libsepol/cil/src/cil_flavor.h index 4505b8bb..c2f0cee7 100644 --- a/libsepol/cil/src/cil_flavor.h +++ b/libsepol/cil/src/cil_flavor.h @@ -114,6 +114,7 @@ enum cil_flavor { CIL_MLS, CIL_SRC_INFO, CIL_IBPKEYCON, + CIL_IBENDPORTCON, /* * boolean constraint set catset diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h index 2add97bb..6d6a7d90 100644 --- a/libsepol/cil/src/cil_internal.h +++ b/libsepol/cil/src/cil_internal.h @@ -204,6 +204,7 @@ char *CIL_KEY_MLSVALIDATETRANS; char *CIL_KEY_CONTEXT; char *CIL_KEY_FILECON; char *CIL_KEY_IBPKEYCON; +char *CIL_KEY_IBENDPORTCON; char *CIL_KEY_PORTCON; char *CIL_KEY_NODECON; char *CIL_KEY_GENFSCON; @@ -288,6 +289,7 @@ struct cil_db { struct cil_sort *filecon; struct cil_sort *nodecon; struct cil_sort *ibpkeycon; + struct cil_sort *ibendportcon; struct cil_sort *portcon; struct cil_sort *pirqcon; struct cil_sort *iomemcon; @@ -789,6 +791,12 @@ struct cil_netifcon { char *context_str; }; +struct cil_ibendportcon { + char *dev_name_str; + uint32_t port; + char *context_str; + struct cil_context *context; +}; struct cil_pirqcon { uint32_t pirq; char *context_str; @@ -974,6 +982,7 @@ int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_s void cil_sort_init(struct cil_sort **sort); void cil_sort_destroy(struct cil_sort **sort); void cil_netifcon_init(struct cil_netifcon **netifcon); +void cil_ibendportcon_init(struct cil_ibendportcon **ibendportcon); void cil_context_init(struct cil_context **context); void cil_level_init(struct cil_level **level); void cil_levelrange_init(struct cil_levelrange **lvlrange); diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c index 35a0a29e..2196ae8d 100644 --- a/libsepol/cil/src/cil_policy.c +++ b/libsepol/cil/src/cil_policy.c @@ -1729,6 +1729,20 @@ static void cil_ibpkeycons_to_policy(FILE *out, struct cil_sort *ibpkeycons, int } } +static void cil_ibendportcons_to_policy(FILE *out, struct cil_sort *ibendportcons, int mls) +{ + uint32_t i; + + for (i = 0; i < ibendportcons->count; i++) { + struct cil_ibendportcon *ibendportcon = (struct cil_ibendportcon *)ibendportcons->array[i]; + + fprintf(out, "ibendportcon %s ", ibendportcon->dev_name_str); + fprintf(out, "%u ", ibendportcon->port); + cil_context_to_policy(out, ibendportcon->context, mls); + fprintf(out, "\n"); + } +} + static void cil_portcons_to_policy(FILE *out, struct cil_sort *portcons, int mls) { unsigned i; @@ -1958,6 +1972,7 @@ void cil_gen_policy(FILE *out, struct cil_db *db) cil_portcons_to_policy(out, db->portcon, db->mls); cil_netifcons_to_policy(out, db->netifcon, db->mls); cil_ibpkeycons_to_policy(out, db->ibpkeycon, db->mls); + cil_ibendportcons_to_policy(out, db->ibendportcon, db->mls); cil_nodecons_to_policy(out, db->nodecon, db->mls); cil_pirqcons_to_policy(out, db->pirqcon, db->mls); cil_iomemcons_to_policy(out, db->iomemcon, db->mls); diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c index 893860d5..0d494ea6 100644 --- a/libsepol/cil/src/cil_post.c +++ b/libsepol/cil/src/cil_post.c @@ -217,6 +217,25 @@ int cil_post_netifcon_compare(const void *a, const void *b) return strcmp(anetifcon->interface_str, bnetifcon->interface_str); } +int cil_post_ibendportcon_compare(const void *a, const void *b) +{ + int rc = SEPOL_ERR; + + struct cil_ibendportcon *aibendportcon = *(struct cil_ibendportcon **)a; + struct cil_ibendportcon *bibendportcon = *(struct cil_ibendportcon **)b; + + rc = strcmp(aibendportcon->dev_name_str, bibendportcon->dev_name_str); + if (rc) + return rc; + + if (aibendportcon->port < bibendportcon->port) + return -1; + else if (bibendportcon->port < aibendportcon->port) + return 1; + + return rc; +} + int cil_post_nodecon_compare(const void *a, const void *b) { struct cil_nodecon *anodecon; @@ -426,6 +445,9 @@ static int __cil_post_db_count_helper(struct cil_tree_node *node, uint32_t *fini case CIL_IBPKEYCON: db->ibpkeycon->count++; break; + case CIL_IBENDPORTCON: + db->ibendportcon->count++; + break; case CIL_PORTCON: db->portcon->count++; break; @@ -516,6 +538,17 @@ static int __cil_post_db_array_helper(struct cil_tree_node *node, uint32_t *fini sort->index++; break; } + case CIL_IBENDPORTCON: { + struct cil_sort *sort = db->ibendportcon; + uint32_t count = sort->count; + uint32_t i = sort->index; + + if (!sort->array) + sort->array = cil_malloc(sizeof(*sort->array) * count); + sort->array[i] = node->data; + sort->index++; + break; + } case CIL_FSUSE: { struct cil_sort *sort = db->fsuse; uint32_t count = sort->count; @@ -1662,6 +1695,14 @@ static int __cil_post_db_cat_helper(struct cil_tree_node *node, uint32_t *finish goto exit; break; } + case CIL_IBENDPORTCON: { + struct cil_ibendportcon *ibendportcon = node->data; + + rc = __evaluate_levelrange_expression(ibendportcon->context->range, db); + if (rc != SEPOL_OK) + goto exit; + break; + } case CIL_PORTCON: { struct cil_portcon *portcon = node->data; rc = __evaluate_levelrange_expression(portcon->context->range, db); @@ -2022,6 +2063,7 @@ static int cil_post_db(struct cil_db *db) qsort(db->netifcon->array, db->netifcon->count, sizeof(db->netifcon->array), cil_post_netifcon_compare); qsort(db->genfscon->array, db->genfscon->count, sizeof(db->genfscon->array), cil_post_genfscon_compare); qsort(db->ibpkeycon->array, db->ibpkeycon->count, sizeof(db->ibpkeycon->array), cil_post_ibpkeycon_compare); + qsort(db->ibendportcon->array, db->ibendportcon->count, sizeof(db->ibendportcon->array), cil_post_ibendportcon_compare); qsort(db->portcon->array, db->portcon->count, sizeof(db->portcon->array), cil_post_portcon_compare); qsort(db->nodecon->array, db->nodecon->count, sizeof(db->nodecon->array), cil_post_nodecon_compare); qsort(db->fsuse->array, db->fsuse->count, sizeof(db->fsuse->array), cil_post_fsuse_compare); diff --git a/libsepol/cil/src/cil_post.h b/libsepol/cil/src/cil_post.h index fe7f3a58..3d541548 100644 --- a/libsepol/cil/src/cil_post.h +++ b/libsepol/cil/src/cil_post.h @@ -40,6 +40,7 @@ void cil_post_fc_fill_data(struct fc_data *fc, char *path); int cil_post_filecon_compare(const void *a, const void *b); int cil_post_ibpkeycon_compare(const void *a, const void *b); int cil_post_portcon_compare(const void *a, const void *b); +int cil_post_ibendportcon_compare(const void *a, const void *b); int cil_post_genfscon_compare(const void *a, const void *b); int cil_post_netifcon_compare(const void *a, const void *b); int cil_post_nodecon_compare(const void *a, const void *b); diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c index fc23a2c8..73034a97 100644 --- a/libsepol/cil/src/cil_reset_ast.c +++ b/libsepol/cil/src/cil_reset_ast.c @@ -326,6 +326,13 @@ static void cil_reset_netifcon(struct cil_netifcon *netifcon) } } +static void cil_reset_ibendportcon(struct cil_ibendportcon *ibendportcon) +{ + if (!ibendportcon->context_str) { + cil_reset_context(ibendportcon->context); + } +} + static void cil_reset_pirqcon(struct cil_pirqcon *pirqcon) { if (pirqcon->context_str == NULL) { @@ -498,6 +505,9 @@ int __cil_reset_node(struct cil_tree_node *node, __attribute__((unused)) uint32 case CIL_IBPKEYCON: cil_reset_ibpkeycon(node->data); break; + case CIL_IBENDPORTCON: + cil_reset_ibendportcon(node->data); + break; case CIL_PORTCON: cil_reset_portcon(node->data); break; diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c index 9e3cb2b5..a6710683 100644 --- a/libsepol/cil/src/cil_resolve_ast.c +++ b/libsepol/cil/src/cil_resolve_ast.c @@ -2086,6 +2086,31 @@ exit: return rc; } +int cil_resolve_ibendportcon(struct cil_tree_node *current, void *extra_args) +{ + struct cil_ibendportcon *ibendportcon = current->data; + struct cil_symtab_datum *con_datum = NULL; + + int rc = SEPOL_ERR; + + if (ibendportcon->context_str) { + rc = cil_resolve_name(current, ibendportcon->context_str, CIL_SYM_CONTEXTS, extra_args, &con_datum); + if (rc != SEPOL_OK) + goto exit; + + ibendportcon->context = (struct cil_context *)con_datum; + } else { + rc = cil_resolve_context(current, ibendportcon->context, extra_args); + if (rc != SEPOL_OK) + goto exit; + } + + return SEPOL_OK; + +exit: + return rc; +} + int cil_resolve_pirqcon(struct cil_tree_node *current, void *extra_args) { struct cil_pirqcon *pirqcon = current->data; @@ -3606,6 +3631,9 @@ int __cil_resolve_ast_node(struct cil_tree_node *node, void *extra_args) case CIL_NETIFCON: rc = cil_resolve_netifcon(node, args); break; + case CIL_IBENDPORTCON: + rc = cil_resolve_ibendportcon(node, args); + break; case CIL_PIRQCON: rc = cil_resolve_pirqcon(node, args); break; diff --git a/libsepol/cil/src/cil_resolve_ast.h b/libsepol/cil/src/cil_resolve_ast.h index 0506a3de..82c8ea34 100644 --- a/libsepol/cil/src/cil_resolve_ast.h +++ b/libsepol/cil/src/cil_resolve_ast.h @@ -75,6 +75,7 @@ int cil_resolve_validatetrans(struct cil_tree_node *current, void *extra_args); int cil_resolve_context(struct cil_tree_node *current, struct cil_context *context, void *extra_args); int cil_resolve_filecon(struct cil_tree_node *current, void *extra_args); int cil_resolve_ibpkeycon(struct cil_tree_node *current, void *extra_args); +int cil_resolve_ibendportcon(struct cil_tree_node *current, void *extra_args); int cil_resolve_portcon(struct cil_tree_node *current, void *extra_args); int cil_resolve_genfscon(struct cil_tree_node *current, void *extra_args); int cil_resolve_nodecon(struct cil_tree_node *current, void *extra_args); diff --git a/libsepol/cil/src/cil_tree.c b/libsepol/cil/src/cil_tree.c index 89706d0f..d36401b4 100644 --- a/libsepol/cil/src/cil_tree.c +++ b/libsepol/cil/src/cil_tree.c @@ -1506,6 +1506,19 @@ void cil_tree_print_node(struct cil_tree_node *node) cil_log(CIL_INFO, "\n"); return; } + case CIL_IBENDPORTCON: { + struct cil_ibendportcon *ibendportcon = node->data; + + cil_log(CIL_INFO, "IBENDPORTCON: %s %u ", ibendportcon->dev_name_str, ibendportcon->port); + + if (ibendportcon->context) + cil_tree_print_context(ibendportcon->context); + else if (ibendportcon->context_str) + cil_log(CIL_INFO, " %s", ibendportcon->context_str); + + cil_log(CIL_INFO, "\n"); + return; + } case CIL_PIRQCON: { struct cil_pirqcon *pirqcon = node->data; diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c index 108da33d..1036d73c 100644 --- a/libsepol/cil/src/cil_verify.c +++ b/libsepol/cil/src/cil_verify.c @@ -1012,6 +1012,26 @@ exit: return rc; } +int __cil_verify_ibendportcon(struct cil_db *db, struct cil_tree_node *node) +{ + int rc = SEPOL_ERR; + struct cil_ibendportcon *ib_end_port = node->data; + struct cil_context *ctx = ib_end_port->context; + + /* Verify only when anonymous */ + if (!ctx->datum.name) { + rc = __cil_verify_context(db, ctx); + if (rc != SEPOL_OK) + goto exit; + } + + return SEPOL_OK; + +exit: + cil_tree_log(node, CIL_ERR, "Invalid ibendportcon"); + return rc; +} + int __cil_verify_genfscon(struct cil_db *db, struct cil_tree_node *node) { int rc = SEPOL_ERR; @@ -1475,6 +1495,9 @@ int __cil_verify_helper(struct cil_tree_node *node, uint32_t *finished, void *ex case CIL_IBPKEYCON: rc = __cil_verify_ibpkeycon(db, node); break; + case CIL_IBENDPORTCON: + rc = __cil_verify_ibendportcon(db, node); + break; case CIL_PORTCON: rc = __cil_verify_portcon(db, node); break;