From patchwork Tue Sep 11 16:42:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10595933 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DFFB16CB for ; Tue, 11 Sep 2018 16:49:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CC63728CF9 for ; Tue, 11 Sep 2018 16:49:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BF7DF29890; Tue, 11 Sep 2018 16:49:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,NO_RDNS_DOTCOM_HELO,RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from USFB19PA16_EEMSG_MP12.csd.disa.mil (uphb19pa13.eemsg.mail.mil [214.24.26.87]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3D68828CF9 for ; Tue, 11 Sep 2018 16:49:55 +0000 (UTC) X-EEMSG-check-008: 126274177|USFB19PA16_EEMSG_MP12.csd.disa.mil Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by USFB19PA16_EEMSG_MP12.csd.disa.mil with ESMTP; 11 Sep 2018 16:49:53 +0000 X-IronPort-AV: E=Sophos;i="5.53,361,1531785600"; d="scan'208";a="15731495" IronPort-PHdr: 9a23:gBGwpBQKzrf/hTXahHUIKtltmdpsv+yvbD5Q0YIujvd0So/mwa6/ZxCGt8tkgFKBZ4jH8fUM07OQ7/i/HzRYqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjWwba9wIRmssQndqtQdjJd/JKo21hbHuGZDdf5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXMTRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KpwVhTmlDkIOCI48GHPi8x/kqRboA66pxdix4LYeZyZOOZicq/Ye94VS3BBXsJMXCJfBI2yYZYEA+4YMepFs4Xxol0Dohy8Cga2BOPvzThIimbv0aAm3eksEBzK0BU8E94TrX/YqMv5OLsXXe2z0aLGzyjMb+lO1Dnj5ojGchMvr/+CUr1/c8Xf1FEvGgHYglietYPrMC2a1v8WvmiH7edtT/6jh3Ippg1vpDWk28ciipPOhoIQ0l3J6z92wJ0rKty4VUV1fMKrEJtKuCGHOYt2Rt0tQ3t1sys91rIJo4W7czYKyZk83B7Qd/yHfJKV4hLtUOaePy14iGt5d72lnRq97U+gyujlW8SyzV1ErTJFn8HRun0C2BHf8MiKRuZn8ku/1juDyRrf5vxcLU01l6fXMYMtz780m5YJsEnOHjX6lFvogKKZcEgv5/Km5P79Yrr8o5+RL4p0igbjPaswgsG/GuE4MhQWX2ic5OS8yKXv/U3nT7VOif07irXZv4rAJcQau665GBVZ0poj6hmjDzem184UnX8bI1JeZB2LlY3pO1DKIPzgDPe/hUqjkCtzyvzbMbDsDY/BI3jenLv7Y7pw5FBQxBAuwdxH4pJbELABIPb9Wk/rs9zYCwc0MxeqzObjCdV90J4eWG2WDqCCN6PSrFmI6f4xLOmXf4IVpDb8JOQl5/7pl3M5n0QdcrOz0ZsYb3C4AOxqI1+Fbnr0ntcBDWAKsxI8TOztjl2NSyJTZ3aoUKI6/Tw7CoWmDYHGRo+3m7yBwDm0HodNZmxcDVCMC3jofZ2eW/gQcCKSPtNhkjscWLijSY8uzw2htAzhy7pgKOrU+zMYuInt1Nhx+u3Smgo99SFyD8SBzmGBVWZ0nnkHRzUuxqBwvVR9ykuf0ah/m/FYDcJc6OhXXQc8NJ7c0+t6BsvzWg3fYNiGVkyqQtK8ATE+Vtgx2cMBY15hG9W+iRDOxzelA7gTl7yNGZM77Kbc33nqKsln1XnGzq4hg0MhQstVOm2snrR/+BTLB47Vj0WZkL6nerkA3CHX7meO1naBvEZdUAFsS6rFRmwfalHQrdvn+kPIV6WuBqg/Mgtd1c6CLbNHatzvjVVaWvjjPMrRY2evlGesHxaJxqiBbI3ye2oD2iXdDVILkwEX/XmdMgg/CT2to2XEDDxhDVjveV/j8fFiqHOnSU851x+Fb1V72Lqv+x4VnueRS+sJ0bIeuSchsC10HFKn0N3KFdWMvQ1hfL9TYdkl+ldIyXrZtxBhPpynN61jiF8ecwByv0zwzRV6EYtAntY3o3Mt1gp9M7qY0ElGdzOaw5//JqHXJnP1/BC1ZK7cwkve38qO+qcT9PQ4rE3uvAKzGUoh9HVnzsJY03iG6ZXJCwoSTIj9UkEt9xh1v7vaeDUy55vI1X1wNqm5qiXN1M8zBOsk1BmgZcxSP7mYGw/3CcEaANKuKOMykVizch0EJPxS9LIzP86+a/SJwqqrM/h7nDK6jWVH55tw0lmQ+Cp9VOHI2YoFw/CC0QedUTfzkkuhuNjtmY9YfTESAna/yS/8CY5KaK1yZ4ELCXyyI8Cs3dV+gZntWnBd9FG5AVMKwsmpdgSOb1blxw1fyVwXoWC7mSu/1zF1nSsmrq6D3CPQ2eTibwEKOnBVS2l4lljsPI20g8odXEiyYAgjjAGl6lrix6hHuKR/KHHeQUFJfyjyK2FtTLCwu6GYbMFR8pMotj9bUOOmYVCVUrT9uQcV0zv/H2tCwzA2by+qupTlkBxmj2KdNmx/o2bZecF3wxff68fRRfpQ3joAXiZ4kz7XCkK7P9mz8tWej43DvfymV2K9Sp1TdjHmzYeBtCug+W1mGAa/kO63mt3mFwg6zCD62sJxVSXQrRb8ZIjr2LihMe59eElnGkP84dJgGo5iioswmI0Q2X8Ci5WP+noHlWPzPstB2a3ia3oMSyUGw8XI4Af5w01vNHWJx5j2Vn+F2Mtue8G6Yn8K2iI6981KC7mb7LpfnSZuoVq3swTRYeN7njgD1fsi8nkag/sGuAA11CWSHqgSHVVEPSzrjxmI8da+o7hMaWaxd7i/yUp+kcqnDL6cvgFWQGz5dYs6HS9s8sV/N0rB0GXp5YH5fNndds4cthyIkxbAluRVJog+lvwQiSpgI2L9smUvy/Qnghx2wZG6oI+HJn1u/KO5Bh5XKCb4Z8YU+jHjg6ZRgNqW35yvHpVmHzUEQoHkTfS2HzIOrf7nLRqBECUgqneHHrrSBQGf511gr3LTFJCrMmqaJHcHwtp/QxmdPlZQgBgOXDU9nJ42CBylxND7fEd+/DAR6UbyqgFQxeJwKxn/TmDfqR+majcuVpeQMQFW4RtE50fJNsye9fl+EDtE8Z2ktgCNLXabZwtQB2ETRkOEH0zjPqWp5dTY6OeXHe2yL//PYbWVtexeTO2ExYmx3YR65TqMLduAPn1jD/09x0pCUmt0FNjZmjUVViwXjDjBbsCBqxeg4S13qca//O7sWAL16ouFE6FSPsl3+xCqnaeDMPadizx2KTlCyJMD22TFyL8H3FEMjSFuciOiEbUEtSHWS6LRlbVbDxkBayN8LMFI9b4z3hFROc7HjdP4zqJ4jvkwC1tfT1zhncCoatIMI26mLlPHA1iENLedKDLXxMH3ZL+zRqdLjOVIrRGwvyiUE1P7NDSZizbpTwyvMf1LjCyDPhxeuIG8cg5qCWjnTdLmdgO0PcRyjT033b00nG3FOXQbMThmfENHtqeQ4j9AgvVjB2xB6WJoLe+alCmD6+nVMZUWsfxwAiRoje1a5m86y7hU7C1eQvx6hjfSpMZ0o166iumP1iZnUB1WpzZRmo2LplttNr/D9pZcWXbJ5wkC7WSKCxsXoNtlBMXvu7pOxdnPjq7zLilN887M98sGG8fUMN6HMGYmMRfxBTHbFhUFTT+2OmHEnEFSiuuS9meSrpk0sZjjhoYBSqJBVFw0CvMbCl5pHNocL5drRjkki6KUjNYU5XqiqxncXN5asY7DVvKTB/XvNTmYgKJYaBsPxLP3MZ4cNpbn20B4bFl1gpjKEVLKXd9Rui1hchM0oEJV/XdjUmIz3kXlagWx4HMODvO0gAA5ihF/YeUs8zfs5U07JlzUqyssiEMxg8nqgSiNcD7tK6e9RZ1WCyvxt0g2LpP7QwZ0YBavkkxlNDbLXaleg6FmdW91lA/WoYFPFuJETa1YfB8QwumaaO423lRasSio31JI5fXbBpt4jwsla4SsrnJa1wJkdt41KrTaJLBVwVhImqKOoiio2/grwA8YJkYC7GOSeCkMuEwTLrcoPjem8PZw5AKFgDZMZG8MV/82rf1w7UM9J/6MzyT+3L5fMkqxLfCQL7uFu2jcks6FWk8/1kESmEZZ5rV5zcAjc06QV0Au0rSRDQgJOtTeJgFVdcZS82LTfSmWu+XX3Z11J5m9FvzvTeKWrqYbmFikHAEyEIkX8sQBBIOj0F/GIsfjLb4Fzxot5ADqJFWKDPRJZByLny0do8G61pN325dSJi0FC2VnLSq3/qrXphMtgPebUtY6eGsVXosFNnIzWc21gS1Zsm9BDDapzO0W1hKO7zjmpiTfFDP8dcZsZO+IZRNwD9G74TA//LKsiV7U7JreO2D6NdJtutLU5+IVvZCHBO9QTbl6rkfThpJYS2asU2HRDd6/P4LwZJU0bdzoFna6VUSyiyoyT8f1JtmtNKaJgQbsRYZaq4Sb2TcjNcimFj4ABxhwveYD5LlnZQ0CZZo7bgTktwMkN6ywOA2YyMmhQ36xKTtKSPlS1f+1Z6ZKzyoqdOO6y2AtTpA7z+m27U4CX4sGjhfAyva/f4NeSzT8GmRBewXToio0j3RhNuE3wuok3BPErVwcPCuReOxvdmNEo8k2BUmOLnVuFmo4W1icgJLB4g6rwb8f5DZSkMhP0eJbqnj+ooHQby+2VKytt5rVrzIqbcI6rK1pLYzjPsyGuYvCnjPCUZbQsxeKUCqhGvVGndhQJT5XT+NTmWE5I8AGv5RO6VYpXMckO7NPELUspqytaTd8FS4S1jMZWJmd0zwemeq8wLzalgqKcJs+LhMEtolCgsEHXC5yeC8eo7WjV4rOnW+eVmcLOBsT7RhL5A8YjYBwcPzq7JbKQZNRxTNbuO57UizOFpZ07VT7UX2WjUL+SPq/j+yjxRhSw+700tkHRB5/DlBQx/xImUQ1KLF4MbUQs5XOsj+Pa0P1onzhx/ehJFZM18LYbVv4A5TZtWDkSC0T5WUURZNTyHHYDZkSjxB5Z7g1q1pRO42mZ0L+5yA+x4tzAbm4VMerx1I7onYaXSuqFMBBC+5+ulLNRDJle4yrqIniO5hKR29f4pmdq1NHn0VxLy6204BTJtpL4jESQDhPuimSs8GqSMJdw8N2CYEDIstnsXfnBKxEIISRo2ExurH3yH/W4So8sFChxDW3AaC4UflU/2gDGgUtO2Seq1UgD+o2/WfU6VDBqFd0//1UBrKXl0V+vC59HoxSBjZOzX2lLU58TH9Is+VAL6TabtJTTuIuZRC1PRw+Dvkm01aP/U5qgXfzezZyuRdC+yDBQwk0UjEYgrXsmT0bscynPCEVSpJWYjU7bifFLQ2blTpRvBlBd0FgQ4oZDcpd+7EHwYtU+dLPSUCoKSweXRxiMAc43eBelU5FvkWYYzrSDRG0dfbVrx14YduRrNOzLPvn5gtHjZnnsO8g/aUZW3KmgRGtQczZr4Lks92KsU2OdLv3M+KienLBSTnMggq2hbg6E5nL8S/TMBBYK5lh03YkZ4buCXLTNxRcO60bP1ZbVbx9adhepuBafMpkdaYS9K9jGB2IWxTvGJa1o/leNFbTQjbeIDud/eyju47T6qbdSef4bMyW23nHW753Pot96TTjGrfr0JVR9VDq1fp27UN1V0TGPD6do9j7IQML/saifFP4vpI1BTPWHItwkH31y05bdsoXWCOr/44ayJNY9HbwUfh30lX3sOBJ67Zk7pQ47K5zxsepP6fSLu5avlV9DhiTHAVq+Y0nAHJjSGBJfu8RNPDRcLwBjc/0t+D4C6wX6ROS++xDatvLPlrBlde7CjGdTxxEgQgApCUCLgSGy/6Kh690SMiipejj2UIh+Vu+IQAczLBr+4iE/rCEpOjNbxve1bIEQLTlRtvvrrQwvEOf/fsklL8SdWxyZw2oCvMdWtQcxmfnyqAq1jksHtjGH7/v9/9PTXU5nijvm5plBVUZBusUHaaX/YRZhmo4mevZNt0QcqxYhmmPFRqkEqIfxn+q6iuXJnJlghLP0xzrX2Oz7UH2ojV8QSTRztfviExVWaerBU1KRSqmJVd4sC+TPArvrNf3uLo141swMmH/sNKNiXauOLJQH83kPtCcJjM0pF0Php0rWtOvwZwbGca6INoJ8nFxcPXe622vkyJaraZInYze7d+J+vnNG3mvkbGaoa2XxD9E0ng4oU0/6te4O/HB492KRPqp2HgVTyd7oAbBRBm1qrrar18II0CL1lnEmJASNNFDwXY4zl3m5PQkQN8r8QVeF4XAZ/AFpT3oOjv721WfY9UxViaA1TtbBFT1HkdkGKIkwmL/oNrJlWvM+10vXoR/bFLohRprD4gjMkIt7F8XwjYfEQgTdx+UEaukBUP/LYsLTUIDcwiI3KCmeqcr2k1+2r2v6/HXbex9H6oCKO1Qjw+PnFheH5IZr7ceQLZidFNH867XvAfiAZD9X/f6jXowKeG1QsdC/MEXr3si+Ae/SAa+5ppY6rYbiYyIdrRabpTWu8B89Uhn7yYVdiNRmBh/kw+5UecEqeDk5tjUroGl6v6qVKk3XOUX6xk0CHhij5vqnl8sv8vb1+FCRY3JkY7/6hxCI2aWuIbG1BlxMe4OK4OtfLZ9+HQLPiweJ3MVPdqKcPkx+C5tPy/V51xFGM8MYskYPMXVkwBOlkLpQK1T9tbcGlKADod8bdwn72r2yDAz9psxSfjg6D6wJZ/B61FNPvVDjDhjld7Yo+gV2/XSAjAN4XaFcxh13j+Cy56VBvby5+qMy9bUWEgdEy4rVYddODqC+Qu6Ruq6lJXpThmY6sntj5IibEiQXGC+nLwZsqZQFu5Nkj773jZbFo/phv+YsMGh6HVJuV1dEYZy7BrFGKNFMpV9Jxv4iprjek8pIhDaMJXQdxwzqK+Ny+wR+eRiJg77YoMGJh8s1b338zxWQxFoRbqwuUyWC6ZZRtJjReiMi3dP84N7Y/sNOV+Hvp3xhjFBrV03RggzZ+l05hh5UmyGyAlUXbvk/b0NkA0RVfZntkJWX2G9ImQz43zAT6sDyOGqJbQx8zOOXuRaSEhsMyVjUzupyZ5ufP2vhvkBvWRYyGc1gv8q1XREQxu1vzbhoepZ2zUg/ve6szUIv2dISM2VmiHPD1RIxfBMhqAZXTKqylGxezEoa4zxqO1kKMn7/o4m4Fw0YQ8keiwbWKKnES6my+u0D5CUrdUUpBeLtMyGOae+KycPN7J4yh/5QXV5+gmbmBF2/S0QSza99tZiIoj7O95zgmKQEHXfPHML5blE+J/pvEMPZPM/dFckxWJkyMXBTSoIEoiHIHo4lggpby1/dZtH7RILX/0zji2gorhN/gZSZizdVIui5N+U1Y3M2H8gXZJk3W7buKCBro0l3WcjmN5u6COK/nMIeKaQB8ttBGXjk4lExeHgavGFrO8KUs1lxa6nXftENdOsry/+8ZFnSkK0jpgZFUC4IeYFjuPSXyCvU2yJUOKjfG2FnjJ/OUn3s0qGNFoyPexDtEIsetDJhpdBmQnsS/sgTSyLqE7z12cjOP4Ucw8s/YyuPQcNSbhCNKCnOeEyzahmWxM3ZHjTEH4zWrfs6wykgZR7NnN84E7zfeXq9EX8PcCPHgUfS9KB/INp8/DjF3qIYSUmwRB3J0Yy8u7eExI0t+sPFvTZhsDe0vJ81+NNbPJxKWsloNdGkYt45Ji8y8yKeAzfypvoYNrc5POfBq66rQwxYm8PdL0fbEvu4pkieNswWrndB7xc6B8VHqUraIcqN27s+qV5NkZ4e0jaY7Hn56uivfqFM71ToXKe9VcsNGHcthkEn+SzVhB+Zou2im/aO5c2Rzka94EoUEQgF4xJAMYa6Q+uAprSnqzizc64+0R9/eQNtPmVaLjG19W8ip14RIMSpVeKMzDYGLRxjwx7g/6zjPbN3ti5Cc7rdd4eEukuan/MarjBWI64Lz8= X-IPAS-Result: A2BNBwDI8Zdb/wHyM5BbHAEBAQQBAQoBAYNLA4EIXCiMZItEhGaTdYFfKhMBhQSDBSE3FQECAQEBAQEBAgFsHAyCNSSCYAMDAQIkEwYBAQwgCwECAwkBAUAICAMBLRQBEQYBBwUGAgEBARgEgwCBagMVA5pBihyBajOCdQEBBYEEAQFqgjsDglEIF4k1gRsXggCBEieCPYR5ARIBhXeIKIVfMI1cCYIJjXcdWIgfhX6OI4dNImRxTSMVO4JsghkMF4NFihwBVU97AQGLJII9AQE Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 11 Sep 2018 16:49:53 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8BGnp0a023283; Tue, 11 Sep 2018 12:49:52 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w8BGhSGj031982 for ; Tue, 11 Sep 2018 12:43:28 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8BGhS4K023131 for ; Tue, 11 Sep 2018 12:43:28 -0400 IronPort-PHdr: 9a23:OQCUQRTu0d67wOn/DScD6g+iZNpsv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESTBtiJ9upOh7OHq6m4AyoN7JOavzYHeZ1IERoEjZZehBQuVeiCD0CzN/v2d2oiBs0XX1Z+8mCTKkNVEdvwY1DI53a7qzUVH0a3LhJ7c8LyHIOalMGrz6a38pzXbR9PgW+2aKh/PT2tpgXYq8cSjJEnIa93wRzM8TNTY+oD42RuKBqImgrkoMe9+Jk26yNLp/co7NJNS43heKI5RucAUHF8bCY+48vwsAOFSAKO4j0aXzxQgxNIBA+D5xb/Dd/9sSr/4/J0wzLSfdb3QrY9RSm44u91RQXphiYKO39x8GzehsFqyqMOiAOopxt4hYXTZYw= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1AXBAACrpdbly0bGNZcHAEBAQQBAQoBAYNLgWcog3KIcos/gWCDBpVVhHcCQoNIITcVAQIBAQEBAQECFAEBAQEBBhgGTIVFAwMjBBkBATcBDyUCJgICRRIGAQwGAgEBgx2BagMVA5oOihxvezOCdQEBBYEEAQFqgj4DglAIF3SIP4EbF4IAgRIngj2ILYJXiCiFXjCNVAmCCI10HViIHYV7jhiHTYF3TSMVgyeCGQwOCYNFihwBVU+OGgEB X-IPAS-Result: A1AXBAACrpdbly0bGNZcHAEBAQQBAQoBAYNLgWcog3KIcos/gWCDBpVVhHcCQoNIITcVAQIBAQEBAQECFAEBAQEBBhgGTIVFAwMjBBkBATcBDyUCJgICRRIGAQwGAgEBgx2BagMVA5oOihxvezOCdQEBBYEEAQFqgj4DglAIF3SIP4EbF4IAgRIngj2ILYJXiCiFXjCNVAmCCI10HViIHYV7jhiHTYF3TSMVgyeCGQwOCYNFihwBVU+OGgEB X-IronPort-AV: E=Sophos;i="5.53,360,1531800000"; d="scan'208";a="366495" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 11 Sep 2018 12:43:27 -0400 IronPort-PHdr: 9a23:oWMMZhwg8jgEYK3XCy+O+j09IxM/srCxBDY+r6Qd0ugTI/ad9pjvdHbS+e9qxAeQG9mDtLQc06L/iOPJYSQ4+5GPsXQPItRndiQuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBgvwNRZvJuTyB4Xek9m72/q99pHPYQhEniaxba9vJxiqsAvdsdUbj5F/Iagr0BvJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PGAv5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7Vq4/Vyi84Kh3SR/okCYHOCA/8GHLkcx7kaZXrAu8qxBj34LYZYeYO/18cazHfdMaQm1BUt9IWyFdDI6xbpYDA/MdMepFsoLxo0UCoQe7CQSqGejhyCJHhmXu0KMnzeohHwHI0g8uEd0Av3vbrsn6OqgJXOCpzqTF1ynPY+9Y1Dr/7oXDbxAvoeuLXbJ1acfc11MgFxjbgVSQtIfrIi+a1uQXvGiG4epgUfygi3Q6oAx2vjeg3NwshZfJh48O0VDL6SV5z5woJd22TE50f8SkHIJMuC6ALYd5XsQiQ2RxtSs817YIuoa7cTAUxJg6yBPTceKLfoeS7h79VuudOzh1iXJ9dL++hRu+61Wsx+z4W8Wu0VtHrjBJnsfSun0C0RHY99KJReFn/ki73DaCzwDT5f9AIUAzjafUJYQvzLAum5cdr0nNBDP7lFn3gaOMaEor5O2o6//oYrn8o5+TLY50igXkPqQrm8y/Bfw0MgkIX2eF5eSxzKPv8VD2TblQkPE7nbPVvI7YKMgBqaO0AxdZ0oM55Ba+Czem3s4YnX4CLF9dZB2IlZPpNE/OIf3jFvewn1Ssny12x/DIOr3uHI/NImHfn7j7Z7py90lcyA8rwdBF+51UEq0BIO70WkLpr9zXEBs5Mw2yw+b6B9RwzZ8eWGKTDa+ZN6Peq1mI5vk1LOWWa48Vvyj9eLAZ4KvKtlpxzVsce7S5mIAaY22iH+h3ZkCebWfoj/8fHmoQ+AkzVurnjBuFSzEFIz6QVqcx/XkeD5i8DJyLEoKoh6ab3TyTGJRTa2EADUqDRzOgU6agfr9YbCOUP98kkTEeU7WlY5Eu2AvotwLgzbdjaO3O9Xtc/anOnPx04fDD3UUp+Dh1CdmN+32cRGFz2GUTTnk5274p5QRfzVeFmYp/g/VeDtFVr6dLVQc8c5zbz+V8EN30cgnIeNCPSV2vRpOtBjRnCpoSztIVK216HNbq2hPO0jGhBLgWv7eLHpsx87/ZmX/rKJA5g0rLyLI8iBEGS81DPCXynqN5+BXSAcvKnl+fmqKCdOEY2zDAsnyKzneUtQdeXUhySfOBFUgWe0+eiNP+/E6KG6enFLAPKgJczYuHLaxQZ5viilAQAL/YJNnGY2+301y1DBKMy6LEOJHmYE0BzS7dDw4CiAlV8nGYY0x2TCOgpX/OSTJ1GV/xbkfE7+ZzsjW4Q1UywgXMaFdunfLh/h8TmOzZRegf06wJvA8/pDhuWlWwxdTbD5yHvQU3OO11Zd4t7UYP+WXTrQ1sN5roe6lugVQEchV+uWvh0hx2DsNLls18/10wyw8nAquD3UIJTDiY1I3+PrDNYj359QuieobN0VHXzdiS971K4/1+oFLm6lL6XnE++mlqhoEGm0CX4Y/HWU9CCcirAE8q6xh3oa3baSAh5oTSkGdhKrSwriSYgI97GfMvxk/xZ94HauWJGQrpHIsfDsmqbukrnwvhdQoKacZV8qN8JMa6b72ewqf+N+97kSOOlm9H6Z1z1k+WsiF1DOXP2sVN2OmWiy2AUTq0l1K9qobykIFAaysVGz+0wDPpFaZKba17YIgPBH3rKMTxzdJ71Nb2Q3AN0lmlChsd3dOxPxqfa1uoxQpLyUEeumCqgwOjyDp1mGpx8u/Fg2rFxOL5cQBBP2dKQC9kgA6qMIG0iNdcV0+tPEAllxqgsF7z3LMT5L9+IG/aXVpScmDoIntjXKq9uvvKY8NG5J4y9yQCePW1YVedDLX6phY= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AiAgBg75dbly0bGNZbHQEBBQELAYNLgWcog3KIcotEhGaVW4R3AkKDHSE3FQECAQEBAQEBAgETAQEBAQEGGAZMDII1JIJgAwMjBBkBATcBDyUCJgICRRIGAQwGAgEBgx2BagMVA5pKihxvezOCdQEBBYEEAQFqgjwDglEIF3SIQYEbF4IAgRIngj2ILYJXiCiFXzCNXAmCCY13HViIH4V+jiOHTYF3TSMVgyeCGQwOCYNFihwBVU+OXgEB X-IPAS-Result: A0AiAgBg75dbly0bGNZbHQEBBQELAYNLgWcog3KIcotEhGaVW4R3AkKDHSE3FQECAQEBAQEBAgETAQEBAQEGGAZMDII1JIJgAwMjBBkBATcBDyUCJgICRRIGAQwGAgEBgx2BagMVA5pKihxvezOCdQEBBYEEAQFqgjwDglEIF3SIQYEbF4IAgRIngj2ILYJXiCiFXzCNXAmCCY13HViIH4V+jiOHTYF3TSMVgyeCGQwOCYNFihwBVU+OXgEB X-IronPort-AV: E=Sophos;i="5.53,361,1531785600"; d="scan'208";a="15730874" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa06.eemsg.mail.mil ([214.24.27.45]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 11 Sep 2018 16:43:27 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;e14fbf87-23b9-462d-b90b-19de868bff4b Authentication-Results: upbd19pa02.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic304-27.consmr.mail.ne1.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 321127927|UPBD19PA02_EEMSG_MP2.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 66.163.191.153 X-EEMSG-check-002: true IronPort-PHdr: 9a23:z+wKCRCr+UXRxA/Sr8bGUyQJP3N1i/DPJgcQr6AfoPdwSP35rs2wAkXT6L1XgUPTWs2DsrQY07WQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmDiwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VC+85Kl3VhDnlCYHNyY48G7JjMxwkLlbqw+lqxBm3oLYfJ2ZOP94c6zaf9wVX2pBXsFWVyBYG4+xc4UCAuscMepBs4XxukYFoR+gCQWwAe/izCJDiH3r0q0gy+kvDB/I3AIgEdwNvnrbotr6O6UOXu6616TI0TfOYulK1Tvh5oXFcBYsquyMU7JqdsrRzFEiGh3fgVWLt4PkPy6e2PkRvGib9eVgSOyvi2o5pAFrvzOiwdsjhZPSho0LylHJ7j55z5o1JdKiVU57b9qkH4VKty2DK4R5WNkuTH1vuCY/07ALv4OwcisSyJk/xhPSauaLf5WJ7x/tTuqdPDN1iG9/dL6ihxu//1Csx+z+W8WuzVpHry5InsPNu30NzRDf9NaLR/R780y8wziAzRrT5ftBIU0slarUNZohwrkom5oItkTDGC72l1n4gaOKeUgo4/ak5ub9brr6oZ+cMZR0igTkMqg0n8ywG+U4MgwUU2id5+uwyafv/E3jT7VKif02lbPVv4zdJcQevqK5AglV3Zg/6xunDjqr0c4UkWQGIV9LYh6LkozkN0zULPzlDfqyjUygkDJxyPDHOr3hDI/NLn/GkLr5Ybly8VVcxxQzzN1E/JJbFrEBL+juWk//sNzXEAU5PxWozOn9EtlyyoQeWWeXDq+DLKzSqUOI5v4oI+SUf48apjL9K/kj5/7zgn40gkMdfKm10psXb3C0BPJmI16Dbnb2jdcBFnkK7UICS7nOs3jKBTpSYWuiGrkx7SwhCZ63SILESp2pjZSf0yqhWJ5bfGZLDhaLC3i+M82mUvIBc2q3JdV7kydMAbqkTJU71AqGsgb/xrshKfDbrGlQkbHH8ZAh4+zViAF39jFuCcmZ+3+CQnsynW4SQTIymqdlrho5gmyumYx5heFIXYhI6vdIVBoqHYLNxOx9TdbpU0TOecnfDB6ERdWgSRM2Tts32NIIKxJ/HNWkyBLE3yOsGLITv7eCApsy86nV2z76IMMrjz7l2aQ6x3IhRcgHYW6ri7V08A/QL4XJiUKclruvM6MG03iJvFuO0XGTuwl4WQh8WO2RRX0ZaVbXq5H661nEQruGCPEjNRVMj9WLKbZQY5vvgBNEXKGncOzXfmb5vmC3HxvAkquFcY7CY2wA2GDYD08enkYY+nPQcUAFGiq5o2/YRAdrHFbrblKkpfJys1unX0Q0yEeMdEQn2L2rrFpdz/idTe4Dm7wftCo/pjFcAlmwxZTVBsCGqg4ne79TK5tp5FZByHKcuRdxM4KtK4h8iVMENQd6pUXj01NwEIoW1YADqH46wRs6BaWSylJQfjXQiZn8PbfNK3j7+jigbqfX3hfV19PAqYkV7/FtgFz4sRDhLUEi+mhp19RPmy+X747HHSIJWpL4T0gz+gI/rLicaS44sdCHnUZwOLW552eRk+kiA/Eon1PwJ44OYpPBLxf7FoghP+brLeUrn1azaRddbLJJ/649Is2ieuHD06ftN+Flzmr/0TZ3pbtl20fJzBJSD/bS1s9VkeqT3gKaWTPxlhKqu4b8noUWPWhPTFr68jDtActqXoM3fYsPDjz/cdawwNR13MaxHiQHslWkAUgDwomscBuWKVrwhEtB3EQQpjqsni7qlzE= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AnAgDe75dbh5m/o0JbHQEBBQELAYUyKINyiHKQKpVbhHcCQoMYGQYGMxUBAgEBAQEBAQEBARMBAQEKCwkIKSMMgjUkgmADAyMEGQEBNwEPJQImAgJFEgYBDAYCAQGDHYFqAxWaTIocb3szgnUBAQWBBAEBaoI8A4JRCBd0iEGBMoIAgRIngj2ILYJXiCiFXzCNXAmCCY13HViIH4V+jiOHTYF3TSMVgyeCGQwOCYNFihwBVR8wjl4BAQ X-IPAS-Result: A0AnAgDe75dbh5m/o0JbHQEBBQELAYUyKINyiHKQKpVbhHcCQoMYGQYGMxUBAgEBAQEBAQEBARMBAQEKCwkIKSMMgjUkgmADAyMEGQEBNwEPJQImAgJFEgYBDAYCAQGDHYFqAxWaTIocb3szgnUBAQWBBAEBaoI8A4JRCBd0iEGBMoIAgRIngj2ILYJXiCiFXzCNXAmCCY13HViIH4V+jiOHTYF3TSMVgyeCGQwOCYNFihwBVR8wjl4BAQ Received: from sonic304-27.consmr.mail.ne1.yahoo.com ([66.163.191.153]) by upbd19pa02.eemsg.mail.mil with ESMTP; 11 Sep 2018 16:42:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1536684129; bh=lICyCWulOZ4Jep4XyvkhNDAi/ddudeTeAtoyTXRT+6o=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=toYH8YvYi5gQYtYuBy8qSa1XeIsXFTDOslPonfsZRz9YNweDsycTfUuoTsR0YT0IX9H5Hr7CMT5CtVcCZ/6zAxVB1mEVQS53tubajltfbRKxAzh+1xF0ouvYymevz0heOMfqeOUElaqivRzhYhfP+8qcIkhIHIbgSnKW4F0sXdL5a+g82A3cNHZiQ/LkfoLoWyT2vT/LIZb/EMlVYJqPs7NyDv9C6a0EKpLzdeyVr11bFONQJ1NH40oqX465DqiZQSMTtlqdXeijnziplt4hGcXAP0GoZqf1LvKirocatIkVFMg9pyFa0FNrQggpniWJUW3YjPIx0Ee4UHQRVliLtg== X-YMail-OSG: o8_QGGUVM1mb7PyDtRRM2Fwroe9qzYLBDjW4d.jUHzr4XDPsw84dpXBRFVMWgMK QgvfqHlJA8QjkpRXxbk_sxyors1MRUwru8kGNtF0winaQGhLVbysopFnA2T3eWZhTjQUarCOlcZq ADehaosnjD8D8_JiIrtePOfnIfoXlQJBW6hMwyz2ZQrAN_uKocTmw0ET7a6uNeiVvgbmiE9JxPHM 3QjKcRdZQPPMFWMDcWXuREAhAUKhpLclB.5mAy3ALU.5EsEEFhX3wp05bEBRnG.Xw6MMBDJTqb18 3H4peKF_sSr0nCZyf6zuqGKlrmw06KzlRkmzl7FTCEAhEnIQpqyXBdMwd1L93Gv1HuM4wuJFZn.C ZietRf17PP_AET2K01nMhify6r5Ly5eUuyDoN6FGAlMwrsDvQY1IHdwk22Ly.HNZvdv2inHv8yK7 oeZhFTSPZcGIS9SBtWxSjrzyFnn3oJUw7IwpDpvPFQXcYVltRbqLcsShowo9HClB_G5gUeHBxoUW pF5W0G_2WjBVZSL4kUev_WOLSQK03ot8KYA9wjb25f_Akh73kWEL_nOAE0nphJLhxmbNBCoR.3SW swEyM.RcNVtQAVtpS6EMbWqm3t6XqDmyPM95lvdhzFWz9z_EjhE.u2FqT67c4myUxUamzYcKGBho 0kQKPVOq84qCoC.e2v6XZplnm.8COAlobbXpm87hzS25pud9PGiN9VIRfPvLc.yYMOjURKzRwW25 xPvuXHwxmVD7zpHKjludXGA7cn75A.LptmhKACEydSpnzudrorK_uGvVRVL4rf2y0dQhE2QbyfUt 8ptEDyI9huZ.8kJk8g_dtIS7uK1_yOc0eEWg13xhqCVfGYrDWBFL6uwwvzZ9jOp3LMIXsHMgjb6_ tylhtvh5tJR35wFY.xyHVOixQep7gAHFp65KpN.FAw_Emae9FN9ev3V6A7BtNr0DK8N4AeLpRpEy y8vJPDg2nloVa0C4yY0uedRRu9Q.wDcUCjld_dzlhguiLQj0g39w5TyRxjwDDuXig_sNjPhci1i0 4BMHfIlOMLSHX0qkK.KaW_DIDvusu3s0coU6MLQ-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Sep 2018 16:42:09 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp401.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID fd7ec437b937cec6fc58432a9a969757; Tue, 11 Sep 2018 16:42:08 +0000 (UTC) To: LSM , James Morris , LKLM , SE Linux , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan References: X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: <1aa12afc-2e1e-2e89-d422-a471990e0367@schaufler-ca.com> Date: Tue, 11 Sep 2018 09:42:04 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Mailman-Approved-At: Tue, 11 Sep 2018 12:45:04 -0400 Subject: [PATCH 07/10] SELinux: Abstract use of inode security blob X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: "Schaufler, Casey" Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Don't use the inode->i_security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook --- security/selinux/hooks.c | 26 +++++++++++++------------- security/selinux/include/objsec.h | 6 ++++++ security/selinux/selinuxfs.c | 4 ++-- 3 files changed, 21 insertions(+), 15 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3468b4592036..2720fe3ebf5f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -276,7 +276,7 @@ static int __inode_security_revalidate(struct inode *inode, struct dentry *dentry, bool may_sleep) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); might_sleep_if(may_sleep); @@ -297,7 +297,7 @@ static int __inode_security_revalidate(struct inode *inode, static struct inode_security_struct *inode_security_novalidate(struct inode *inode) { - return inode->i_security; + return selinux_inode(inode); } static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu) @@ -307,7 +307,7 @@ static struct inode_security_struct *inode_security_rcu(struct inode *inode, boo error = __inode_security_revalidate(inode, NULL, !rcu); if (error) return ERR_PTR(error); - return inode->i_security; + return selinux_inode(inode); } /* @@ -316,14 +316,14 @@ static struct inode_security_struct *inode_security_rcu(struct inode *inode, boo static struct inode_security_struct *inode_security(struct inode *inode) { __inode_security_revalidate(inode, NULL, true); - return inode->i_security; + return selinux_inode(inode); } static struct inode_security_struct *backing_inode_security_novalidate(struct dentry *dentry) { struct inode *inode = d_backing_inode(dentry); - return inode->i_security; + return selinux_inode(inode); } /* @@ -334,7 +334,7 @@ static struct inode_security_struct *backing_inode_security(struct dentry *dentr struct inode *inode = d_backing_inode(dentry); __inode_security_revalidate(inode, dentry, true); - return inode->i_security; + return selinux_inode(inode); } static void inode_free_rcu(struct rcu_head *head) @@ -347,7 +347,7 @@ static void inode_free_rcu(struct rcu_head *head) static void inode_free_security(struct inode *inode) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); struct superblock_security_struct *sbsec = inode->i_sb->s_security; /* @@ -1501,7 +1501,7 @@ static int selinux_genfs_get_sid(struct dentry *dentry, static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry) { struct superblock_security_struct *sbsec = NULL; - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); u32 task_sid, sid = 0; u16 sclass; struct dentry *dentry; @@ -1801,7 +1801,7 @@ static int inode_has_perm(const struct cred *cred, return 0; sid = cred_sid(cred); - isec = inode->i_security; + isec = selinux_inode(inode); return avc_has_perm(&selinux_state, sid, isec->sid, isec->sclass, perms, adp); @@ -3029,7 +3029,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, /* Possibly defer initialization to selinux_complete_init. */ if (sbsec->flags & SE_SBINITIALIZED) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); isec->sclass = inode_mode_to_security_class(inode->i_mode); isec->sid = newsid; isec->initialized = LABEL_INITIALIZED; @@ -3129,7 +3129,7 @@ static noinline int audit_inode_permission(struct inode *inode, unsigned flags) { struct common_audit_data ad; - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); int rc; ad.type = LSM_AUDIT_DATA_INODE; @@ -4150,7 +4150,7 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info, static void selinux_task_to_inode(struct task_struct *p, struct inode *inode) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); u32 sid = task_sid(p); spin_lock(&isec->lock); @@ -6529,7 +6529,7 @@ static void selinux_release_secctx(char *secdata, u32 seclen) static void selinux_inode_invalidate_secctx(struct inode *inode) { - struct inode_security_struct *isec = inode->i_security; + struct inode_security_struct *isec = selinux_inode(inode); spin_lock(&isec->lock); isec->initialized = LABEL_INVALID; diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 2586fbc7e38c..3304a1ee58a4 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -172,4 +172,10 @@ static inline struct file_security_struct *selinux_file(const struct file *file) return file->f_security; } +static inline struct inode_security_struct *selinux_inode( + const struct inode *inode) +{ + return inode->i_security; +} + #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index b5665bdc29fc..cc434e45eaae 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1379,7 +1379,7 @@ static int sel_make_bools(struct selinux_fs_info *fsi) goto out; } - isec = (struct inode_security_struct *)inode->i_security; + isec = selinux_inode(inode); ret = security_genfs_sid(fsi->state, "selinuxfs", page, SECCLASS_FILE, &sid); if (ret) { @@ -1954,7 +1954,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent) } inode->i_ino = ++fsi->last_ino; - isec = (struct inode_security_struct *)inode->i_security; + isec = selinux_inode(inode); isec->sid = SECINITSID_DEVNULL; isec->sclass = SECCLASS_CHR_FILE; isec->initialized = LABEL_INITIALIZED;