From patchwork Tue Sep 11 16:41:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10595917 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 434C3112B for ; Tue, 11 Sep 2018 16:49:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3093F28CF9 for ; Tue, 11 Sep 2018 16:49:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 23F7F29890; Tue, 11 Sep 2018 16:49:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,NO_RDNS_DOTCOM_HELO,RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from UCOL19PA13_EEMSG_MP11.csd.disa.mil (ucol19pa13.eemsg.mail.mil [214.24.24.86]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id DDE0028CF9 for ; Tue, 11 Sep 2018 16:49:16 +0000 (UTC) X-EEMSG-check-008: 622359848|UCOL19PA13_EEMSG_MP11.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.53,361,1531785600"; d="scan'208";a="622359848" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by UCOL19PA13_EEMSG_MP11.csd.disa.mil with ESMTP; 11 Sep 2018 16:49:13 +0000 X-IronPort-AV: E=Sophos;i="5.53,361,1531785600"; d="scan'208";a="18080333" IronPort-PHdr: 9a23:0Zi6OBYMxwC2BNiZagAhDkv/LSx+4OfEezUN459isYplN5qZos++ZR7h7PlgxGXEQZ/co6odzbaO7Oa4ASQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9HiTahY75+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v9LlgRgP2hygbNj456GDXhdJ2jKJHuxKquhhzz5fJbI2JKPZye6XQct0ARWpFQ81fSSpPDI2hZIcLFuYNIPpUo4z7qlQJrxSxHwmsBOToyjNRn3P7waM33uU8HQ3fwAAsAs8FvHDKoNnpMasfV/2+wqvVwjXZd/5Yxzn95ojLfB4vr/6DUrB/f9fJyUQtCg/IgEmfp4P7MDOOzekNr2qW4vB8We6zhWMrtQd8qSWvyMc2jYnJg5oYx07e+iVi3ok0JcCzRlNnbt6kCpRQqi+aN49oTcM4Xmplvzo1xacduZGlfCkH048nyALfa/OdboiI7BbjW/iLITthmH1qYqiziAq18Uil0+DxUNS/3lVSriddj9XBuX8A2wbT58SaUPdx4Eis1SiV2wzO8u1JIEI5mbDGJ5MgxrM8jJsevETZEiPohkn7g6mbfVg+9Oey8eToeLDmq4eZN49zlw7xLLwjmte6AeQkKggOWHWb+fik2L3j40L5RLJKg+UqkqbDqpDaJNkbprWjDw9J0ocs9xa/DzC83NQegXYHN05KdAiCj4joP1HCOPH4DfGhjFSwiDpn2v/LM7L7DpjNM3TPiqntcLlj50JG1QY/1dVf6IhVCrEFLvLzQEjxtNnAAx8iLQO0x+fnCNNg1oIRQG6AGaiZML7UsVCU+O0vOPKBZJMVuTnhK/gl4OTijXkimVAHZ6Wp0pwXaG6gEvR8P0qZeWbsgssGEWoSvAo+S+rqh0eeUT5TfXmyWbkx5jM8CIKgCIfMXJutgKCf0yehBZ1afGdGCkqDEX3wbYWLR+8MaD6OIs9mijEEV7qhRJU92hGtrw/6zLxnLuvK+iADu5Lj0MV15uLImhEv8zx0E9md33uKT2FukWMCXyU207xnoUxh1leD1rB1g+RGGtNI+fxJVAY6NYLbz+FhCtD9RBzOccmTRFahWNWmDik7TsgtzN8Wf0Z9B9Kigwje0CqtBb8VkaGEC4Iw8qLdxHX+Pdhyy2zB1KU7iFkmWMRPP3W8hqFj7wjTG5LJk0KBmqm3aaQTxjTN+XyfwmqJuUFXTBR/Ub7ZXXwFYEvZs8j57FvYT7CyEbQnLhdBycmaJ6RUct3ml09GRPb4ONnFe2K+gX2wBReTxrOUaIrlYXkS0zvHBEgDiQAT8m6MNRIiCSe5v2LeEDtuGEruY0Pq7elxtne7QVExzw6Uc01hzbq09wUShfyEVfwT2LcEtz0gqzVwB1m92N3XB8CHpwp7c6VWeck970tf1WLFqwx9OYStLq5jhl4adgR4oVnu2g55CopejMcqq2kqwxBqKaKC11NBdS2X0ozsOrHNLWny5h+vYbbM2l7CyNaW5rsP6PMgplXgpg6pFU0i82h83tlWyXSc5ZLKDBcIXZL2SEY3+ABwp6vGbSkl+4PUyXpsPLGuvTDfwdIpBfUqygy7cthFLKyEERX+E8oAB8ihMOYqgUSmbgoYPOBO8645J9+peOGC2KG1J+ZggDKnjWNc7YBmzk2M9jRzSujU35YE2f6UxA2HWCngjF25qMD4hZhEZS0OHmq40SXkH4BRZrd1fYYQFWejONa3xtN5h5/jXn5X7lijC0kA2MC3ZRqYd0b90hFI1UQLvXynnjO1zjJunDEtsqqQwjbOw//5eRoZJGFLXnJtjUrpIYSuiNAaRkeoZRAzlBS5/Ub627RbpKNnImnVQEdIeyz2IH95UqarrLWNfdRP6JQyvSVQSuS8bkiQSqThrBsCzyPjA2xeySgldzGrppr5gxt6iHiHIHlvrHrZfsdwxRjE6dzYRP5R2CAJRDN/iTXNAVi8Jdap982Ol5jfquC+S36hVppLfCnvzIOArze76XRxARKhm/Czm9vnERU10CLgzNlqTSTIrBD9Yob3zKS2K+RncVd0BFXk8cp1Bpl+kpcshJEXwXUanJKV/X4DkWjtK9VUxaX+bXQWSD4Q3t7a/BPl1FdkLnKTyILzTm+dzdd5Z9mmfmMW3Tow78NUB6eS97xJhih1rUS+rQLKZ/hygCsdxeEp6H4AjOEDoBAtwTmFArAOAUlYOjThlwqO79+jt6hXemCvfqWw1EZkm9CuEq2CqBlGWHnlYpciATNw7sJnPVLUynLz94XkdcLMYtISqh2Vkw7Mj+ZPJ5I3jPYKgjBnOW3lt30/1+E7lQBu3Y29vIWfKGVs/Ka5DQBDOz3wYMMT9D/tgrhCnsaK34CvGZBhFSsRUJvuU/2oDCoYte77OAaWDD08tnCbFKLRHQCF7kdms3XPE5WwOnGZOnYW0NJiRAOHK0xHmgAUWzc6kYAlGQC23sDhd1155j8J7F7ithRM0v5oNwX4UmrHqgeocCk7R4WELBVM6AFC+0DVMdeF4+1pAy5Y+4etrAuXKmyUfw5IF30GWlSYB1D/Obmj/cLP/POfCuq6LvvOeqmOqfdEW/eT252gzpFq/y2SOcWLP3liCeA720VYUH9lG8XZgSgPSzcNmyPDdcGbuAy8+ipxrsyl9/TrQg3v75OVC7ROKdVv5wy2gaCbOuGKiyZ2MyhY2Y0XyH/P0LgQwlgSiyR0eDmsFbQPrinNTa3Klq9QFR4bZDt5NNFU4KIkwglNJcnbh8vp1r5/i/45EU1FVVvgm863Y8wFOHu9NFTZC0aIL7mJOTrLw8TrbqymUr1QkP9YtxuutjaHC0XjJCiMlyH1VxCzNuFBlCObPBxeuYGldRZtDWnjTM74ZRCgNd93jCE2wacqiX/QMm4cKzd8eVtXrrKM9SNYnul/G2tZ43pjM+aLgSKZ4vLbKpYRqvtrHj57l+RB4HQ5yrtZ9idES+JpmCHKtN5hv0mmkvWTyjpgSBdOsChEhJmVskp4I6XW6plAVG3f8xIM92WfFhMKp9V9Ct31pa9RysLDlKTtJzde69jU59cTB9DIKMKbN3osKQfmFyTKDAsEUDGrLnrSiFZHkPGI8X2UoIM6pYbwl5oTUL9bVUA1F/MABkRjAtMCPI99Xik4nr6DkM4I+X2+oQHKRMpEupDHV/SSAejgKTuCkbZEYB4Izq/iIoQIKo33wUpiZUdmnI7SAUrfQchNojF9bg8zuEhC7WRxTmg020LjdgOh/WQeFeCqkR4siwt/YOMt9DH271cxOFXKuDM6kFMtltX9nTCRbDnxIb+sXYFXDir0sFQxMpP7QgtucAKynExlOy3fSL5Libtva3xrghfGuZRTAf5cUbFEYBgIyP6Mefoo109RpT+6yk9Z++TFE4BimxEwcZ+stX5A3BhjbNEtL6zKOKVJ1kRQhr6JviKwzOAxxg4eKFoN8GOVfC4Io1QGOKA7KSSy4uFi7hePlCdEeGgJS/UluOlq9l8nN+SG0S3gz6ZJKlqtOOyHM6OZp2/AmNaUTVMyzEwHi1JI8qRx0ccnd0qUVl4gzKGNFxsXKcXCKRtZb81I9HjcZSyOq/nCwYppP4WhEeDlVfWOu7wOgkKjBwkkBJgM7t4bEZmyzk7YKcbnLLgKyRUp5QTrK1WFDOhHeB2RijcHptuzzJlp0olBPjsdG3lyMT2r5rbLoQ8nmPSCUM0qbXcaX4sEM3M2V9e5myNCvnRPEie43fwDxAiF9T/8qTzaDCPgYNp7ePeUeRRsBcmz+Tol6ai2ikDY8onfJ2H8OtRvodHO5vkcp5mbD/NUSqR9vFrHm4VCQXylTXLPG8avJ5fsc4ksccD0CnGiX1ynjDI1S93+PMyjL6iPhQHoS51ZsIyc3DAkLs+yCC0RGw13p+EY/6J8ZAsDY5UhbR7vrQQ+OLS1IB2E3dW2X2atNTxWQuFFwuWgerxXyTAgbuyhxXshT5E6zvW3/lUXSJEMkB7e2e6pZ5NCXijrBnxdZwLPqDIll2hmM+Y/2fs/zA/NsVYHKTyLcvJmaHBctdEmGVySOWl2CnY/R1KEj4rD5RCj0qsP8CRDhNZbz/dFsGTgsZDCej6sXrKkqYnNuSo6cdcmu7FxMZDkIsaeqJPRgyHQTJjKvQ2BSyO1C/1amt1MLy1CW/lIhXspOcoYtopd8UAxTNsxJ6RTCKkwobCncSJkDTUOzSADSoyAwCcPgvy727vHjBefbIotMBoYsJVYmNQdVzR6YiQEpK+sT4/WjXOLSnAXIAcP6gRB/BkPloFscez54ofEUZFBxiVKrPJzVyvECoNn90DnSm2Mh1j3VumhmfSz3Q1O1PLszsUbWBlnBEhH2elZi0soJ6trK6QLuo7KtSGIel3ksG3xz+upOUdexdfSd1LmEIrPrXD8XTEE+X0IWY9Pz2nSFYgIkwVndqkkuU5BIJ2iekbi/Twr3ZppH7i/VcCv2VklsWwKRyCwE9pOE+tmqk7YWCV5Y5C3r5XoI5BSTXVU+J2ZtVhZjFltPDSjxpdHLcFC/CIMXCNTrjqHpNu9VtdP2cloAJ8QOt1/oWvyGLtYOJiNpH07or7vxWXD+zA7q1e6wC+8G7GjQuJc4m0eHhkpJ2WCpUkuFeQs9HzS/krKslBu8OdRHqKPgllpoDZhApBOAS5E1XK/IFR1QnlGqeJaJ7nLfMFHX/k9fxmvOwc5FfI82UyG4110l2/jYyNurgta5zzdXw4sWCkXg7ftnCYTqsS5Nj4aVZ1IdzQhbyHKKw6BnyBYogpfYVlwW58FGtZF560b3YxM88rETUahMiAFXBpnNg4i0Ppfk0BDsF+CdiDGEQqob+vPvQFrfceMts6mMu71/ABdioPoqOo47bkMR2W6mQ2xRtDTt4r8ttqMtkuSe6f3LfaxYXrATDfWixC/m6skDpfN/yjJMwpbMIN2yXw6bpj9EWTLJwhJJ7oHJ0pHUqB3cdFGovtfZ8JkY6sJ97FiCQ+ARhP1AoOvtONGLlHRRTvAMyqB7vazoYXJ7bzSUeLgfNCDx27bQ6JrOZd38Tj7Grbw3oBE5kX7wext+V1mSVfYLy+NttPhJhkE5MO6bEvtooUpHS/KAJd3iHfi3UBAd9EZQiKw8pQYyY9Z6G7qRuJl1kj+q/Fd97555oYp+b9p1N20JaDIKftAq0NnBQKUBgpy/JU3HGd/X3xRYvMWKPrJZaQWl9zupPz3F60Z7x2V4e9ZZcLcJ07fnsm/CzecSQFLnQoasT4VNBec2OKFm656Tsalv+v51lgu41egNB4Gyq5i5YOe9qqPvu/XYAPbzaIYVajyWsPzsrMstluU5f0liLEOfWh1bBe8EOQHV84dwWDgzbsxzS83FsPOEL3h9OREV3IjkTLqg4p9EEkOGvMIAbqL+pxTnmU/m+zZMN0aaLxNmmaLFR65D7ADyH+r6y2MIGlmgxHDyA/wQWKt7FDsqS93XCrMw83lkkVLSrm9HV1SUDaxOU9krDOPOxLltNvpuasv6kE7KWjktM+Qm2ugP7NXBNfzJNuGISk7vFgXloE+RsSz2YAHHtqwONUR/29wbvvQ72OmiCFArL1Bh4XA/sGZ4PPXEme8j6eCsbWC2ChYymQkvVE48t2gOfXO59qEQvu202YRSzxyuxDGXx6zq7zUs0oYOUqV30fXgIYKJM1W3WEk1kH64+guWNcz9ARdFobDYPMPvjLzNyH3wVaYZdI4SC+e3yFRHl3rDVlyALI8137ovMLViXfQ/EUlSZJueEzhmRx6FJ44KUYq6FgL3ioDDxYCZg2BALGvH0TlIpMOVVIfZhSfwLi6ZqA30FV9wryx4O/TbPR8CLQWO/dcjw6OmV1bFYwMsa0aXr1wYVhd9LTYpgL6EYjoQ+DmlWYsNf2yWs1b/9gZt2Ej4gmjWRWt8pJD77cHiJCSaKFIe5/MvNpz701//z4AajRNgARjjxO+Se0co+Tj7cbAvZqw7uahTr0tR/kW9xcoG2R+lYX/j045rdHRyehcVpXfiZ7j/wBVP36KpIHa3gF4KeoPLYKrYblh+2wDJygfPHIOIcGWZuI94yB3NjXT4EZOAsQWZdMXJMDNgxxbilX1WLFP8crWAlqYBJ1veMAo7mr3zjc1/IAiUubh7j+5O5Tf71BLP/NegyRgjtXCpPIawfDKEigY/WGZawRpwiOF05SNCez//eaLyN7PTF4GAyg2U5tdJDqF5AynSeq1lInzXgOS9MDznIo0dFiMSXypgKQFrqFMHPZbiiX12zhRCoH4ivGOvtqy9mRXrFxHEYd07R3DAqlfOIt0OQir3vWsE2xHI2OrfMDSawpro+ed2/0N//Q7MkzyeIsWCgwLxqi86ndPSAZqDrnssQDdFcAYYdZ9ANbDtGpU8so0KaoIJkKcv7TspzJFqRYxGgB/LPcUjRh/Ph3KnQtIS+P3taQGhw80T9F0owlPFHi2NWZ44CDIA+Adt4TZLP0T7yXbGrcDV0RuLzNWXwK+2JIofaCg2/9ArDUC1gF6oP5i8TtmTR2ntCuk86AK2TRm+ra4vTMatHptReyYlCHJAlxHiv8NiPFYQ1Xv5Ef0S34Eb8Om47RqPs/n8ooJ6HQlZhAiYihAWv6vXWW4s66UGZGI+PJVghKE8JHWYLm8MCkUc7cw0xTuQ1B8lwzZghsu62IIXy+pqtkpYoelb4Jt/iO1HSD+c1EW7+sdqMLssXYTRfYyLFZmx39ulMOAQ3tJDPfTFn41gw5sUmBNdJZO+FdODKUzqiqZtalBuAcPaXHbFZrzvsGamcbOxGl4Q8xmy3zbooWbiZ4wln5ogdV56miJontYP7jcUslxEj39zYtS1+H6T+uiv/pBS4Z8zrmlFvgYPZ/nsUKy1YVnSweJwb4EHkuwNqdXz7vcWT2kWGSeceuOemmI2T0+NxihywOvKwgcYdxHvgcGOevLm5BYmhepBbh9XSiBjUTQzGU+P+cXbUc9scGsfAlcH71ZXPSVOeV7mK52M1ALdXKcWHouUbXkuEOxnIV9J3Rr6Fn7ZuKo6A39Ld+OAUNYStznlrJaoteCbzvbf3JtyQZ9ekx99uOZElU15Yo+O42Jk432gNJ2mfUAa+8rKTc079UagY9ywZKf0M6XfxXc1NP5LJfepf3LZp+X1FwkL0ddVLdRegbp/8M/N989VafUGO5StA8RFIAhS5woKmn1+bsxJwo1eQnUN9HWytLyqLetYZ1Z72TT8kp2LCrYvEgbzeeoSAVgc52wr271JpE7HWod6ocyTBBhGpBKAYUFpgujRZiZweeqgt+2/AVxvOpZ1Mi4BvPL0YGh1p5qF9hB5EONNSrMHqQjnEl/j+qzj/uBmpn8AM/vY5UFAcBqS27CbfnNGYCy X-IPAS-Result: A2DYFQACrpdb/wHyM5BcGwEBAQEDAQEBCQEBAYNLA4EIXCiMZIs/gWCDBpNvgVgxEwGFBINIITcVAQIBAQEBAQECAWwcDII1JIJgAwMBAiQTBgEBDCALAQIDCQEBNwkICAMBLRQBEQYBBwUGAgEBARgEgwCBagMVA5oOihyBajOCdQEBBYEEAQFqgj4DglAIF4kzgRsXggCBEieCPYRnEgESAV6FGYgohR8/MI1UCYIIjXQdWIgdhXuOGIdNImRxTSMVO4JsghkMF4NFihwBVU97AQGKYYI8AQE Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 11 Sep 2018 16:49:13 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8BGnB0Q023203; Tue, 11 Sep 2018 12:49:13 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w8BGfs51031930 for ; Tue, 11 Sep 2018 12:41:54 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8BGfs23023062 for ; Tue, 11 Sep 2018 12:41:54 -0400 IronPort-PHdr: 9a23:xPUrZR+o8BJTjv9uRHGN82YQeigqvan1NQcJ650hzqhDabmn44+4ZxGN2M1BpwTiZayCsbRJhu/NvOblUG0Ep5OAtCNKa4RCAjkCj8hehAk8GIidE0SuJ/fxYj0SB89CXUJr+3yhdENcXs35Yg6auWW8uBgVHBi3Lg9pPqLwE4/Wgd6w0rW58obeci1Tjzq0fL12IQ/zpgyXvc4T0sN5Mqhk7BzPrzNTfvhOg2NlIVXGhxHn+sK554Ju6QxLvPQg/JUYDeCgIOIzSrpDCS5gNmk04IvtuECFXAKP4XxaWWITwVJEAAnAuQnzRYy58jD7uex0xDSAMIXoQKo1VzWv4+YjSBLhhCodcT9s2HDeist3yqlcpR8= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1AZBAACrpdblywbGNZcHAEBAQQBAQoBAYNLgWcog3KIcos/gWCDBpNvgWaEdwJCg0ghNxUBAgEBAQEBAQIUAQEBAQEIFgZMhUUDAyMEGQEBNwEPJQIRFQICRRIGAQwGAgEBgx2BagMVA5oOihxvezOCdQEBBYEEAQFqgj4DglAIF3SIP4EbF4IAgRIngj2EZ4EEgkKCV4gohR8/MI1UCYIIjXQdWIgdhXuOGIdNgXdNIxU7gmyCGQwOCYNFihwBVU+OGgEB X-IPAS-Result: A1AZBAACrpdblywbGNZcHAEBAQQBAQoBAYNLgWcog3KIcos/gWCDBpNvgWaEdwJCg0ghNxUBAgEBAQEBAQIUAQEBAQEIFgZMhUUDAyMEGQEBNwEPJQIRFQICRRIGAQwGAgEBgx2BagMVA5oOihxvezOCdQEBBYEEAQFqgj4DglAIF3SIP4EbF4IAgRIngj2EZ4EEgkKCV4gohR8/MI1UCYIIjXQdWIgdhXuOGIdNgXdNIxU7gmyCGQwOCYNFihwBVU+OGgEB X-IronPort-AV: E=Sophos;i="5.53,360,1531800000"; d="scan'208";a="366471" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 11 Sep 2018 12:41:53 -0400 IronPort-PHdr: 9a23:O63IkBZSW57UGFwLGqmnNWr/LSx+4OfEezUN459isYplN5qZps6/bR7h7PlgxGXEQZ/co6odzbaO7Oa4ASQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9HiTahY75+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v9LlgRgP2hygbNj456GDXhdJ2jKJHuxKquhhzz5fJbI2JKPZye6XQctQYSmVbXsZRUCtBDpqlY4YTAecMPPtUo5Dhq1cTsBCyARegCP/qxjJOm3T437A10/45HA/bwgIgEdIAvnfaotr7O6gdU/y6wqbTwDXfbf5bwyvx5JTGfx0jp/yHQLJ+cdDWyUkqDw7IkE+fqZf7MDKVy+8DrnSU7+p6WuKyhW4nrx9+oiKyzcorlobGnJkVxU7E9Chi24Y6Od24R1RmYd6qFJtfqTuaO5JqTcw4WW1npCE6yrgftJO9YSMEy4wnygbBZ/CafIWE+AzvWemLLTtmhn9pYr2yihmq/UWhyODwTNS43VdOoyZfk9TBtmoB2wLN5sWITPZ2412v1iyV1w/J7+FJOUA0mrTfK54m2rM/mIAdv0rdEyL4hkj4lrObelkk9+Sy9evofLDmpoSTN4NujwHxKKUumsilDeQ9MwgOW3CX+eW61LL94U30WKtGguA5n6XDrpzXKt4XqrC7DgNP3Ysu5A6zDzK839QZmXkHIkhFeBWCj4XxJ17BOuv4Aum/glm3izdk2/DGMaf8ApXDKnjMjq3hca9h5EFG0gY80ddf55dMBrEbPP3zQlPxtMDfDhIhKAy73eLnCNR71oMDVmOCGbOZMaPOvl+I4eIjOe+MZJQPtzrnJPgl4ODu3jcFngo5RozhiZ8Wbm2oW+9rKFiDYGb9x9IGHXoOsyIgQ+Hwzl6PSzheYzC1Ra1qonkZAYerFs/mQZq3gafJiCW+GYdMZ3tuDFmJHHaucJ+LDbNETAG2B4c1lj0CSKjkSII70xyqnBH1xqAhLefO/CAc85X5244xr9b+3TUz8yFkR5CG3mWMSXxktn8ZTD8xmqZkqApyzUnVleBahPxeXf5U5/pPSQo8fcreyOx8TdL1WgvHZdqPYF2vRNKgADo4SpQ6xNpYJw5eFti5xjvE2CniV7wYmqeAA5s32qncxX/0Jtt4jXHc2/9lx2UrXtBSMiWGj6hz/kCHH4PPnFiYkeOpeL4a0Srl9SKHynSD+lpRUxNqWOPDUDYdfh2S5ezw+0eKaripE7lvZhNI1MqqMqJXbpjsilJcSbHoP9GIJyqKh2qoBRuOjoiJZY7udnRViD7RE2AYggsT+jCALgF4CSC/9SaWRjhvE0//Jk33/eRgpXeTUEA51UeJYldn2r7z/QQaz7TIT/IVw6JBtjwtpit5GH6j0N/MTdmNvQxseONbe9xrpB9u0W/Juh01EpuqNaFzj1hWJw17uEn01gR+DK1PlMErqDUhyw8keoyC11YUXDqD0IG4AbbXI3T8+B21I/rd00rTwf6N8acG9fo8pk+mtwjvHU0npSY0m+JJ2meRs82ZRDEZVoj8BwNnr0Ig9bjHfikw4Z/V3nRwMK6y9yXPwM8tGPB/kUvyQu9zG/ivLCarSYsXCs21J6ovklmtKBcFOLMa77Y6auWhcfbOw6u3JKB4hjvzhm1c7ZFVyUmM/jdyTuPSmp0Mhfqf21jPTC/y2XGmtM2/goVYfXcXF2u7xzLjAdtab7Z/bK4QAmenPsOzy887jJerUHldpxa4H11T/sivdFKJakDlmw1d0UNCuXu8hS6x1CB5iRkyqaye13eWn6G4K1wMPWhQQXMkiF7tJc6ygolcTUGoaA9vnxygtg72xKle8bx2NHKbAVxJcC7/M3x4X+Ouu6CDbc9C5NJgsSheXOmmJ1HPYq/0oxwdlSjkGmY= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0DKAwACrpdblywbGNZcHAEBAQQBAQoBAYNLgWcog3KIcos/gWCDBpNvgWaEdwJCg0ghNxUBAgEBAQEBAQIBEwEBAQEBCBYGTAyCNSSCYAMDIwQZAQE3AQ8lAhEVAgJFEgYBDAYCAQGDHYFqAxUDmg6KHG97M4J1AQEFgQQBAWqCPgOCUAgXdIg/gRsXggCBEieCPYRngQSCQoJXiCiFHz8wjVQJggiNdB1YiB2Fe44Yh02Bd00jFTuCbIIZDA4Jg0WKHAFVT44aAQE X-IPAS-Result: A0DKAwACrpdblywbGNZcHAEBAQQBAQoBAYNLgWcog3KIcos/gWCDBpNvgWaEdwJCg0ghNxUBAgEBAQEBAQIBEwEBAQEBCBYGTAyCNSSCYAMDIwQZAQE3AQ8lAhEVAgJFEgYBDAYCAQGDHYFqAxUDmg6KHG97M4J1AQEFgQQBAWqCPgOCUAgXdIg/gRsXggCBEieCPYRngQSCQoJXiCiFHz8wjVQJggiNdB1YiB2Fe44Yh02Bd00jFTuCbIIZDA4Jg0WKHAFVT44aAQE X-IronPort-AV: E=Sophos;i="5.53,361,1531785600"; d="scan'208";a="18079972" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa05.eemsg.mail.mil ([214.24.27.44]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 11 Sep 2018 16:41:52 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;3bba0eac-f3d8-4169-91f5-68b798bb8850 Authentication-Results: UPDC3CPA12.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic304-27.consmr.mail.ne1.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 50003850|UPDC3CPA12_EEMSG_MP28.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 66.163.191.153 X-EEMSG-check-002: true IronPort-PHdr: 9a23:IHXelx2766jgWtVHsmDT+DRfVm0co7zxezQtwd8ZsesUI/3xwZ3uMQTl6Ol3ixeRBMOHs60C07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9JDffwdFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUjq+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfV5fKzSZ9MaRW1GXspITiBMHo2xYooSA+YYIepUspT2q18QoReiAAWhAv7kxD1ViX/sxaA0zvovEQ/G0gIjEdwBvnvbo9fpO6kdSu210KvFwC/fY/9K1zrw6o7FeQ0hr/GWWrJwdNLcxFc1GAPekFqRqZHuMS6J2eQNqWeb8uRgVeaxhG49tgp8pSSgyd03iobXhoMY0UvE+jl5wIkvON24Rkp7bsC+EJdJqy6VLZF6Td8lQ2FtoSs3zKANt52jfCUSyZkqxgTTZ+GGfoWG+B7vSeKcLSpiiH54eL+yiQ6+/Emix+HmS8W50VJHojBEn9TMrHwByQLf58eBR/Bg5EmuwyyP2BrW6uxcIUA7i67bK5k5z74rkZoTt0XDETP4lUnqg6Kab1so9+qy5+v7ZbXmoIScN4puig3kN6QhgM2/AeAiPggIQWeX5P6w1b358k35R7VKiec6nbXesJDfPcgbp6i5DBFJ0os76huyDi2q3MkZkHQJNl5JZRaKg5XzN13TIP31A++zg1G2nzdqw/DGMKfhApLILnXbjLjuZ6195FBcyQco1tBQ+5JUBascIPL9Xk/+qsbYAgYlPAOu2eroFNJ91oYGVWKVHqCZKL/SsUOP5u83OOmDeosVuDf7K/g46P/jlmM5mF8Bcqmp2psbcna4Hu98LEmDbnrshckBQi82uV8ad8mi3FmDVyNDIm2/VL8m5y0qTYehAZrHS6izj7GbmiS2BJtbYiZBEF/aVT/KfoCJQL8pbziII9Qpxj4BUqK7SpQJ0xiruQ68zKBoeK6c3g48kNq30Nlz+v2Wlhwo8zFwJ9qS3nvLTGxumG4MATgs0/Y76XdQgnOC17Voy6hDGNhS4e5ZehsrPp7biephApb9XRyXOp+rT1agCvehATg3Vd83i4sMZEZ7XdeljhnFxCesK7QckbuNBZc99uTX2H2nY45exnvdnIImiFpuFshCOHatgal83wPTHYnMklic0aGwevJYlBLA6HyeyiKutUdUWUYkSajDUm0eYA7VoM7/60fqTvqqDqoqdBBIytOYI+1MZ5vrlQMCDM/qJdCWRmW2gWr4UQ6B27ekdIP3fyAY2yLHBQ4PlAVFuT69KQUmBiqn61nbBThqGEOnN1jg6sFiuXi7SQky1AjMYEp/gf79sBoUg+GMDv0I0r8atSMJtTp5BhC+0sjQBt7GoBBuNu0IZdI7/UcC23nVuhJwOrS+IK14wF0TaQJ6uwXpzRohTs1plcU6oWJi4A14M6OJ2VUJIzqU2prqO6zeLEH9+Rmub+jd3VSIg/iM/aJaw/0jpkSrhwqpH1cs93h9m41e2mCR973RBwobTJz1X1xy/BE8rLbfNHpur7jI3GFhZPHn+gTJ3MgkUa51kk/xLecaC7uNEUrJK+NfAsGvLOIwnF3wPkAfN+Bb6aAwMtnjfPLA06mubr45wGCWyF9f6YU46XqisjJmQ7eYjY0Ow/iF0A+KTXL3hRGqtcWlwdkZNwFXJXK2zG3fPKAUZqB2et1aW3ypJcy8nY0iwsSyHXVf8kWmHRUD0c6tPxyfNhrs1A1X0gIcpnn1wSY= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0DXAQD27pdbh5m/o0JbHAEBAQQBAQoBAYUyKINyiHKQKpN1gWaEdwJCgyEZBgYzFQECAQEBAQEBAQEBEwEBAQoLCQgpIwyCNSSCYAMDIwQZAQE3AQ8lAhEVAgJFEgYBDAYCAQGDHYFqAxWaTIocb3szgnUBAQWBBAEBaoI8A4JRCBd0iEGBMoIAgRIngj2EZ4EEgkKCV4gohR9AMI1cCYIJjXcdWIgfhX6OI4dNgXdNIxU7gmyCGQwOCYNFihwBVR8wjl4BAQ X-IPAS-Result: A0DXAQD27pdbh5m/o0JbHAEBAQQBAQoBAYUyKINyiHKQKpN1gWaEdwJCgyEZBgYzFQECAQEBAQEBAQEBEwEBAQoLCQgpIwyCNSSCYAMDIwQZAQE3AQ8lAhEVAgJFEgYBDAYCAQGDHYFqAxWaTIocb3szgnUBAQWBBAEBaoI8A4JRCBd0iEGBMoIAgRIngj2EZ4EEgkKCV4gohR9AMI1cCYIJjXcdWIgfhX6OI4dNgXdNIxU7gmyCGQwOCYNFihwBVR8wjl4BAQ Received: from sonic304-27.consmr.mail.ne1.yahoo.com ([66.163.191.153]) by UPDC3CPA12.eemsg.mail.mil with ESMTP; 11 Sep 2018 16:41:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1536684104; bh=Xxn5XZ0360VJoxUP+9MQ/Q3uchVp7RW7wv4PkfXmLLk=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=YCUoq0mLlowQNll3rIL2MfgGrnYjo1CN0B+/pfN4p5Te+bIwUpgJepm4+eiE2ySZhsIKaTb6CdE1SZk+UJePFRLCwbiq+HBuLqkCJt0FMoILj/qB2BlGnrI42bxAXUjI3x+MUnRYwd+zAWyQFxyrFJynVLIwiV/+FKFOtzhJMxvpX5+RC563KRyxOncW1MHXZZhXmqBht+H7uHmqF7cHfp+nYe56Tk+kaNsk3+IhjOzUjTpxpGM+DyGssRxrRh9OHMUqeWbcrr/F6/7odUuvcJWHZIOnrIqPs9R6+jibtFZq+qkNnnELwGRYFsiV58RhEJYRRcWciuX8jZyLVYLTRQ== X-YMail-OSG: LR4dI0sVM1n3S1IW2RKA7Td6tv4pzy_jmabhoZomjkDKeTgpEmRW9O4RbFgnd6t P0wyNYzkuTW2V_5OJwpvZS67tQsZykevuNt2imfdSmZP2hOU_eqt5WbreTMuoLWU_rlHvkBmoHbg _soiF4s1l1iIA56aNUJsnf9Rx7GfD8YYhIjqGYSbTbS2NHwF6sSnY5UefN6plWRq0PCM0d3aEcbi y5_Vp05TEe0u_lRMLnt1utOy3IiBunFmL.xYZtZ4m9fuhuwvKGCO67F3bO_do0LHpXhUPwZmTQ7m eSRi3YW9h4F2lWeGJayZaoCJeFsY_xz8slc79KzFKz2IAYfG4iehLNKBk2IELhvTyegq_rdw.Wiu L1XNXYDnHiL2G1bVQwjN2jh9Zijx7s_dmm8ZdCykmtbc0ChjwEAdsekLczt27dhwskrcLv7l1Dww 7kSzRDMtDvH3pE4YwH92ltpidwUN2nOeli_MsCPdpgUjPIuDoy5kFudkSWSNhio9oohLkbDijgx7 Y8WLSQFZptaSBLiK8.nsxzAqeJszajpsnuklvRqPaHpyY3PI.NBPFF6dSxi4b2uDzMrUuTJiRwba 1vGvJfwHG_TScfTyGlGnfQWXGpGF4_ZCXuHpGi2S3cGjsfQukhGyNObSsyOyzvr9vtUDKElTi4MV MJR51FzKGDnwUZn3VG.g78mk9K80cuORnENtaCjLUdL55AeLgKniIu8d5WLylH0cX2NKT7KDyfFA URxftmkNidSQFGeM8fOHNgxtmfr7yVhdxHZGSurxuma.JKAx_psxcNufTu2ITnrP9awBTAN1S.KE rh.s7X6wpwUZpQmXZRoFqeSP7IwlrWql_9uypN8FOvB0A8zsSeDXa8cliuvnBvfR.hv7EUNw6eN9 tPZAhKlFPkJV.uL9M0.c4yKbrrugbJYfyM788pNuhg1ocA_SdRmY4gCS79Z_A5ovMYBpfI09T5Rh Jk0dyKfNvoHJqffBVPzM4SfdOllNGqdgkfSCrFxumV39cJCgbiW.kuWoMAnIyaEDqBGP1lsllVg6 _mM1jVtEKoMgte6OOVQZkKnr8ZnxmTHES7Dbc Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Sep 2018 16:41:44 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp412.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID d6ca3045781ebef13b1fbc1312440f37; Tue, 11 Sep 2018 16:41:43 +0000 (UTC) To: LSM , James Morris , LKLM , SE Linux , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan References: X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: <18c20c50-3ec5-0c85-93ef-58a3dbf3498c@schaufler-ca.com> Date: Tue, 11 Sep 2018 09:41:40 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Mailman-Approved-At: Tue, 11 Sep 2018 12:45:04 -0400 Subject: [PATCH 02/10] Smack: Abstract use of cred security blob X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: "Schaufler, Casey" Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Don't use the cred->security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler --- security/smack/smack.h | 14 +++++++-- security/smack/smack_access.c | 4 +-- security/smack/smack_lsm.c | 57 +++++++++++++++++------------------ security/smack/smackfs.c | 18 +++++------ 4 files changed, 50 insertions(+), 43 deletions(-) diff --git a/security/smack/smack.h b/security/smack/smack.h index f7db791fb566..0b55d6a55b26 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -356,6 +356,11 @@ extern struct list_head smack_onlycap_list; #define SMACK_HASH_SLOTS 16 extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS]; +static inline struct task_smack *smack_cred(const struct cred *cred) +{ + return cred->security; +} + /* * Is the directory transmuting? */ @@ -382,13 +387,16 @@ static inline struct smack_known *smk_of_task(const struct task_smack *tsp) return tsp->smk_task; } -static inline struct smack_known *smk_of_task_struct(const struct task_struct *t) +static inline struct smack_known *smk_of_task_struct( + const struct task_struct *t) { struct smack_known *skp; + const struct cred *cred; rcu_read_lock(); - skp = smk_of_task(__task_cred(t)->security); + cred = __task_cred(t); rcu_read_unlock(); + skp = smk_of_task(smack_cred(cred)); return skp; } @@ -405,7 +413,7 @@ static inline struct smack_known *smk_of_forked(const struct task_smack *tsp) */ static inline struct smack_known *smk_of_current(void) { - return smk_of_task(current_security()); + return smk_of_task(smack_cred(current_cred())); } /* diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 9a4c0ad46518..489d49a20b47 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -275,7 +275,7 @@ int smk_tskacc(struct task_smack *tsp, struct smack_known *obj_known, int smk_curacc(struct smack_known *obj_known, u32 mode, struct smk_audit_info *a) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_tskacc(tsp, obj_known, mode, a); } @@ -635,7 +635,7 @@ DEFINE_MUTEX(smack_onlycap_lock); */ bool smack_privileged_cred(int cap, const struct cred *cred) { - struct task_smack *tsp = cred->security; + struct task_smack *tsp = smack_cred(cred); struct smack_known *skp = tsp->smk_task; struct smack_known_list_elem *sklep; int rc; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 340fc30ad85d..68ee3ae8f25c 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -122,7 +122,7 @@ static int smk_bu_note(char *note, struct smack_known *sskp, static int smk_bu_current(char *note, struct smack_known *oskp, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); char acc[SMK_NUM_ACCESS_TYPE + 1]; if (rc <= 0) @@ -143,7 +143,7 @@ static int smk_bu_current(char *note, struct smack_known *oskp, #ifdef CONFIG_SECURITY_SMACK_BRINGUP static int smk_bu_task(struct task_struct *otp, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct smack_known *smk_task = smk_of_task_struct(otp); char acc[SMK_NUM_ACCESS_TYPE + 1]; @@ -165,7 +165,7 @@ static int smk_bu_task(struct task_struct *otp, int mode, int rc) #ifdef CONFIG_SECURITY_SMACK_BRINGUP static int smk_bu_inode(struct inode *inode, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct inode_smack *isp = inode->i_security; char acc[SMK_NUM_ACCESS_TYPE + 1]; @@ -195,7 +195,7 @@ static int smk_bu_inode(struct inode *inode, int mode, int rc) #ifdef CONFIG_SECURITY_SMACK_BRINGUP static int smk_bu_file(struct file *file, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct smack_known *sskp = tsp->smk_task; struct inode *inode = file_inode(file); struct inode_smack *isp = inode->i_security; @@ -225,7 +225,7 @@ static int smk_bu_file(struct file *file, int mode, int rc) static int smk_bu_credfile(const struct cred *cred, struct file *file, int mode, int rc) { - struct task_smack *tsp = cred->security; + struct task_smack *tsp = smack_cred(cred); struct smack_known *sskp = tsp->smk_task; struct inode *inode = file_inode(file); struct inode_smack *isp = inode->i_security; @@ -429,7 +429,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, } rcu_read_lock(); - tsp = __task_cred(tracer)->security; + tsp = smack_cred(__task_cred(tracer)); tracer_known = smk_of_task(tsp); if ((mode & PTRACE_MODE_ATTACH) && @@ -496,7 +496,7 @@ static int smack_ptrace_traceme(struct task_struct *ptp) int rc; struct smack_known *skp; - skp = smk_of_task(current_security()); + skp = smk_of_task(smack_cred(current_cred())); rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); return rc; @@ -913,7 +913,7 @@ static int smack_sb_statfs(struct dentry *dentry) static int smack_bprm_set_creds(struct linux_binprm *bprm) { struct inode *inode = file_inode(bprm->file); - struct task_smack *bsp = bprm->cred->security; + struct task_smack *bsp = smack_cred(bprm->cred); struct inode_smack *isp; struct superblock_smack *sbsp; int rc; @@ -1744,7 +1744,7 @@ static int smack_mmap_file(struct file *file, return -EACCES; mkp = isp->smk_mmap; - tsp = current_security(); + tsp = smack_cred(current_cred()); skp = smk_of_current(); rc = 0; @@ -1840,7 +1840,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, struct fown_struct *fown, int signum) { struct smack_known *skp; - struct smack_known *tkp = smk_of_task(tsk->cred->security); + struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); struct file *file; int rc; struct smk_audit_info ad; @@ -1888,7 +1888,7 @@ static int smack_file_receive(struct file *file) if (inode->i_sb->s_magic == SOCKFS_MAGIC) { sock = SOCKET_I(inode); ssp = sock->sk->sk_security; - tsp = current_security(); + tsp = smack_cred(current_cred()); /* * If the receiving process can't write to the * passed socket or if the passed socket can't @@ -1930,7 +1930,7 @@ static int smack_file_receive(struct file *file) */ static int smack_file_open(struct file *file) { - struct task_smack *tsp = file->f_cred->security; + struct task_smack *tsp = smack_cred(file->f_cred); struct inode *inode = file_inode(file); struct smk_audit_info ad; int rc; @@ -1977,7 +1977,7 @@ static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) */ static void smack_cred_free(struct cred *cred) { - struct task_smack *tsp = cred->security; + struct task_smack *tsp = smack_cred(cred); struct smack_rule *rp; struct list_head *l; struct list_head *n; @@ -2007,7 +2007,7 @@ static void smack_cred_free(struct cred *cred) static int smack_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) { - struct task_smack *old_tsp = old->security; + struct task_smack *old_tsp = smack_cred(old); struct task_smack *new_tsp; int rc; @@ -2038,15 +2038,14 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old, */ static void smack_cred_transfer(struct cred *new, const struct cred *old) { - struct task_smack *old_tsp = old->security; - struct task_smack *new_tsp = new->security; + struct task_smack *old_tsp = smack_cred(old); + struct task_smack *new_tsp = smack_cred(new); new_tsp->smk_task = old_tsp->smk_task; new_tsp->smk_forked = old_tsp->smk_task; mutex_init(&new_tsp->smk_rules_lock); INIT_LIST_HEAD(&new_tsp->smk_rules); - /* cbs copy rule list */ } @@ -2057,12 +2056,12 @@ static void smack_cred_transfer(struct cred *new, const struct cred *old) * * Sets the secid to contain a u32 version of the smack label. */ -static void smack_cred_getsecid(const struct cred *c, u32 *secid) +static void smack_cred_getsecid(const struct cred *cred, u32 *secid) { struct smack_known *skp; rcu_read_lock(); - skp = smk_of_task(c->security); + skp = smk_of_task(smack_cred(cred)); *secid = skp->smk_secid; rcu_read_unlock(); } @@ -2076,7 +2075,7 @@ static void smack_cred_getsecid(const struct cred *c, u32 *secid) */ static int smack_kernel_act_as(struct cred *new, u32 secid) { - struct task_smack *new_tsp = new->security; + struct task_smack *new_tsp = smack_cred(new); new_tsp->smk_task = smack_from_secid(secid); return 0; @@ -2094,7 +2093,7 @@ static int smack_kernel_create_files_as(struct cred *new, struct inode *inode) { struct inode_smack *isp = inode->i_security; - struct task_smack *tsp = new->security; + struct task_smack *tsp = smack_cred(new); tsp->smk_forked = isp->smk_inode; tsp->smk_task = tsp->smk_forked; @@ -2278,7 +2277,7 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, * specific behavior. This is not clean. For one thing * we can't take privilege into account. */ - skp = smk_of_task(cred->security); + skp = smk_of_task(smack_cred(cred)); rc = smk_access(skp, tkp, MAY_DELIVER, &ad); rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); return rc; @@ -3605,7 +3604,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value) */ static int smack_setprocattr(const char *name, void *value, size_t size) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct cred *new; struct smack_known *skp; struct smack_known_list_elem *sklep; @@ -3646,7 +3645,7 @@ static int smack_setprocattr(const char *name, void *value, size_t size) if (new == NULL) return -ENOMEM; - tsp = new->security; + tsp = smack_cred(new); tsp->smk_task = skp; /* * process can change its label only once @@ -4291,7 +4290,7 @@ static void smack_inet_csk_clone(struct sock *sk, static int smack_key_alloc(struct key *key, const struct cred *cred, unsigned long flags) { - struct smack_known *skp = smk_of_task(cred->security); + struct smack_known *skp = smk_of_task(smack_cred(cred)); key->security = skp; return 0; @@ -4322,7 +4321,7 @@ static int smack_key_permission(key_ref_t key_ref, { struct key *keyp; struct smk_audit_info ad; - struct smack_known *tkp = smk_of_task(cred->security); + struct smack_known *tkp = smk_of_task(smack_cred(cred)); int request = 0; int rc; @@ -4591,7 +4590,7 @@ static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) return -ENOMEM; } - tsp = new_creds->security; + tsp = smack_cred(new_creds); /* * Get label from overlay inode and set it in create_sid @@ -4619,8 +4618,8 @@ static int smack_dentry_create_files_as(struct dentry *dentry, int mode, const struct cred *old, struct cred *new) { - struct task_smack *otsp = old->security; - struct task_smack *ntsp = new->security; + struct task_smack *otsp = smack_cred(old); + struct task_smack *ntsp = smack_cred(new); struct inode_smack *isp; int may; diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index f6482e53d55a..9d2dde608298 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -2208,14 +2208,14 @@ static const struct file_operations smk_logging_ops = { static void *load_self_seq_start(struct seq_file *s, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_start(s, pos, &tsp->smk_rules); } static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_next(s, v, pos, &tsp->smk_rules); } @@ -2262,7 +2262,7 @@ static int smk_open_load_self(struct inode *inode, struct file *file) static ssize_t smk_write_load_self(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, &tsp->smk_rules_lock, SMK_FIXED24_FMT); @@ -2414,14 +2414,14 @@ static const struct file_operations smk_load2_ops = { static void *load_self2_seq_start(struct seq_file *s, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_start(s, pos, &tsp->smk_rules); } static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_next(s, v, pos, &tsp->smk_rules); } @@ -2467,7 +2467,7 @@ static int smk_open_load_self2(struct inode *inode, struct file *file) static ssize_t smk_write_load_self2(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, &tsp->smk_rules_lock, SMK_LONG_FMT); @@ -2681,14 +2681,14 @@ static const struct file_operations smk_syslog_ops = { static void *relabel_self_seq_start(struct seq_file *s, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_start(s, pos, &tsp->smk_relabel); } static void *relabel_self_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_next(s, v, pos, &tsp->smk_relabel); } @@ -2736,7 +2736,7 @@ static int smk_open_relabel_self(struct inode *inode, struct file *file) static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); char *data; int rc; LIST_HEAD(list_tmp);