From patchwork Mon Jun 11 19:01:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joe Perches X-Patchwork-Id: 10458679 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8EC4560234 for ; Mon, 11 Jun 2018 19:16:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6AC5128581 for ; Mon, 11 Jun 2018 19:16:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5ECC12858A; Mon, 11 Jun 2018 19:16:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from uhil19pa10.eemsg.mail.mil (uhil19pa10.eemsg.mail.mil [214.24.21.83]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B62B228581 for ; Mon, 11 Jun 2018 19:16:11 +0000 (UTC) Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by uhil19pa10.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 11 Jun 2018 19:16:09 +0000 X-IronPort-AV: E=Sophos;i="5.51,211,1526342400"; d="scan'208";a="12714050" IronPort-PHdr: =?us-ascii?q?9a23=3A9zPs5RTfXDfBqcunUIOtmr0yCdpsv+yvbD5Q0Y?= =?us-ascii?q?Iujvd0So/mwa6/YxOOt8tkgFKBZ4jH8fUM07OQ7/i9HzRYqb+681k6OKRWUB?= =?us-ascii?q?EEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAA?= =?us-ascii?q?jwOhRoLerpBIHSk9631+ev8JHPfglEnjWwba9yIRmssQndqtQdjJd/JKo21h?= =?us-ascii?q?bHuGZDdf5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2?= =?us-ascii?q?Ao/8LrrgXMTRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VD?= =?us-ascii?q?K/5KpwVhTmlDkIOCI48GHPi8x/kqRboA66pxdix4LYeZyZOOZicq/Ye94VS3?= =?us-ascii?q?BBXsJMXCJfBI2yYZYEA+4YMetZqoXwoUYFoxmjCgm2HO7hyiFGiHH106M9zu?= =?us-ascii?q?ohCQPL0BEuEt0BrHvao8v6NLwJXOCpzqTF1ynPYulK1Tvj7oXDbxAvoeuLXb?= =?us-ascii?q?J1acffzU4vGB3YhVuKt4PlJS+a1uQTvGiA8uFtUuCvi2k5pAxqujig2N0shZ?= =?us-ascii?q?XJho0L0VDI7zl2wIEwJdChTkNwfNCqEJxVty6ANot2RNsvQ2VruCY/zr0Ko5?= =?us-ascii?q?m7fDIFyJkh2hXRaOSHfpCV7h/sW+udOzd1iG9/dL6hiBu+71KsxvDkWsS70l?= =?us-ascii?q?tGtDdJn9nRunwXyhDe6tSLRuFj8kqv2TuC0R3Y5PteLkAuj6XbLoYswrs3lp?= =?us-ascii?q?UOr0vOBjT2mEDqjK+OcUUk5/So5/znYrr4op+cMJd5ih3kPaQ0m8y/HP84Ph?= =?us-ascii?q?ISX2mb5eu81Lrj8Vf/QLpWlf05jrPVsJXbJcQfvqK5AglV3Zg/6xunEjur39?= =?us-ascii?q?sVkWMHIV5YYh6LkYfkN0/ULPzlFfu/hk6jkDZvx/DIJL3hBZDNI2DYkLj/eb?= =?us-ascii?q?Z96khcyBc8zNxG/J1UDawBIPTvVUDvr9zVFQM5MgyozObnD9VxzIUeWXmVDa?= =?us-ascii?q?ODP6PStkGI6vo1I+aQfI8VpCr9K/896v7sin85n0USfbWp3ZQNbnC1BfZmI0?= =?us-ascii?q?KfYXrpmNgBCnsKsRQkTOzxklGCViRTZ3mqVaIm+j47EJ6mDZvERo21hryBxj?= =?us-ascii?q?20HoVOZm1dBFCMEG3od56YW/cCaSKSJNVukjoYWrigUYAh0QuitAjgy7poNu?= =?us-ascii?q?DU4DEXtYr/1Nhp4O3ejRMy9T5uAMuB0GGNVGZ0nmUJRz8ox61/r0h9ykqM0K?= =?us-ascii?q?djnvxYE8BT5+5TXgc9L57cwPRwC8ruVQLZYteJVFGmT82oADEwStIxxsEBY1?= =?us-ascii?q?xmFtWskB/Mwi2qA6UPmLyTHpw09aDc0GbtKMZh0XrG07Mhj1Y+SMtVKWKmnr?= =?us-ascii?q?J/9xTUB4PRjkqWi6OqdaMa3C7R6WuO1nSOs19CUA5xUKTFWnYfalHQrdvn+k?= =?us-ascii?q?PIV6WuBqg/Mgtd1c6CLbNHZcD1jVpcXvfuI8jRY2W0m2isHxmI3a+MYJDse2?= =?us-ascii?q?oDwCXXEFIEnBwL/XaaKQg+AT+so2HEAzxtElLvfljh8epkp3O4SU800huGb0?= =?us-ascii?q?p717q64hQVn+CTS+sP3rIYvycssy97E0un39LXFdWAvRFsc79AbtM4+ltH0n?= =?us-ascii?q?jZtwNlNJy6M69inkIecxhwv072zRV4F5hPnNMlrHMvwwt+M6SY301ddzmAx5?= =?us-ascii?q?D/JqXXKnXu/BCoc6PWwV/e0MyR+qcU9PQ1sE7jvAeuFkss9nVoyd9V32Ga5p?= =?us-ascii?q?rUEAoYSYjxXVov9xhmu7HaZTEw5o3O2n1oLam7rCXC28kyCes71BmgZcxQML?= =?us-ascii?q?6BFAPoFM0aHceuIvQwm1e1dhIEIPxS9KksMsOgdvuG3KqrM/h7nD+9l2tI/p?= =?us-ascii?q?p90kWW+yp7UO7I0I4Pw+uE0QufSzf8kFChv9jpmYBFeT4SAm2/yTL+CIFNZq?= =?us-ascii?q?1yeoALCWi1Ls2zx9V+gYTiW2Rf9FK5AFMGwsCpcwKIb1PhxQ1QyVgXoXu/lC?= =?us-ascii?q?u8zjx0iC0porOE3CPQx+TidRwHOnNERWR5llfsOYm0j9YbXEe0dAgljh2l6l?= =?us-ascii?q?jmx6JDvqRwM3HTQVtUfyjxN2xiSKywtr6GY8FR8pMnrSJXUeqnbFCBV77yvw?= =?us-ascii?q?Aa3znkH2tEyzAxbyuqtYnhnxxmlGKdK25+rHnHdsF23hfS/9/cSuBX3jodQi?= =?us-ascii?q?l3lyXXCkK7P9mz8tWej43DvfymV2K9Sp1TdjHmzZuauyum4W1lHwW/kOq1mt?= =?us-ascii?q?37Dwc6yzT218RxVSrWthb8eZPn17+9MeJ6ZElnGEHz68R9GoFknYs/mosc2X?= =?us-ascii?q?4EiZWJ5XAHi3v8Mc1H2aLia3oAXSALw9jI7wX+xk1jKG+Gx4LjWnWb3MRhe8?= =?us-ascii?q?GwYnkK1SIl88BKFKCU4aRcnSRvv1q4qRncbuR8njcByfoi8XAajPsPuAY3yS?= =?us-ascii?q?WdGL8SF1FCPSPwjxSI88y+rKJPaWaha7ew0lZ+ndekDLyZrAFTRmv2epA4HS?= =?us-ascii?q?Bq9sV/KlXM0H/t5Y74ZNncd9UTtgebkx3YlehaNIoxluYWhSpgIW/9uGcqy+?= =?us-ascii?q?o/jRNwwZG6oJKIJH928aK/HBFYKib1aN8J9TH1k6lShMCW0J6zHp95ADUEQI?= =?us-ascii?q?PoTe60EDIVrfnnORyOHyMhpXeAA7XfGxOf6EB9r3/UCZ+kK3SXKGMezdV4Sx?= =?us-ascii?q?mXPFZfjxwMXDUmgp45ERinxNT/f0hi+D8R4F/4qgdLyu9zNhnwTHnQqxmyZj?= =?us-ascii?q?czUpifIwJc7hte6EfNLcye8uVzEjlD8ZK6qwCNLm2bZx9UDWESQECEHE7sMa?= =?us-ascii?q?W06dnb7eeYAuu+L/3TYbSBsuFRS/eJxYiy0ot95TqNON+APmV5D/083EpPR3?= =?us-ascii?q?d5G97Wmz8XUSwYizrNb9KHpBe74iB4tcG/8PvsWALp/oaAFqVdPs5u+x+sh6?= =?us-ascii?q?ePLemQhDx2KTxAzJMD2WfIyKQD3F4VkyxhbTatHq4etSHTV6/QnbdXAAAday?= =?us-ascii?q?N2LsRI7qY80RJKOc/UkN/10aR4jvEtAVdfSVPhgt2pZdANI2ylKFPHA0OLOK?= =?us-ascii?q?6cJT3MwsD4f6W8RqZKjOVTqRKwui2WHFPkPjSGizbmTQuvMf1WgCGdIhNepJ?= =?us-ascii?q?m3cgxxBmj7UNLmdhq7Pcd1jT02wbw0nnTKNWodMThgbUxAtbiQ7SJEgvVlBW?= =?us-ascii?q?NN9H1lLfOLmyyB9enXNo4Wsed3AiRzj+9a43Q7y79L4yxfQfx1nyXSrtBwrF?= =?us-ascii?q?G6jumPyj1nUB9QpTpRgoKEo1liM73D9pZcQXbE4A4N7WKIBhQMudRqENnvtr?= =?us-ascii?q?tTytjIj6LzNC1N89TP/csfBsjYMsSHP2Q9MRDxAj7bEBMFTSK3NWHYn0Fdiu?= =?us-ascii?q?+d9maLoZcgsJjjhJoOR6RAW1w0DPMVF0NlHNIaIJdtQDwlkaSXjMgW6nqitB?= =?us-ascii?q?PRXtlVvojbVvKOBvXiMCuWjb5CZxsO3Lz3M4ATNozg1kN4dFZ6hoPKF1DXXd?= =?us-ascii?q?BXrS1rdhU0r1lV8HhiUm0z3FroZR63738NFP67gwU2hxBkbuQ37jfs5Fk2Jk?= =?us-ascii?q?HUqyQsjUkxg9TlgSyRcTLrKqe/Q51WATLut0ctKpP7Xxp1bQqqkExgMzfEXa?= =?us-ascii?q?xej71hdGBskwLctp1PGeNGQa1Deh8QyumdZ+803lREtiWn2UhH6PPeCZR8kA?= =?us-ascii?q?sqcJisr29P2g94cNE1IqnQK7ZTwVhLmqKCpCmo2f4twAUGPUYC7HuSeDIUuE?= =?us-ascii?q?wPLrQmOyuo/ulr6QyemztCeHMBWOcrovNq7EwyIP6MzyT+3L5fMkqxLfCQL7?= =?us-ascii?q?uFu2jcks6FWkk/1kcJl0ZZ47d5ycIjckqSV0AoyrueDQ8EOtHDKQ5Pacpe7X?= =?us-ascii?q?bTfTuUveXL3511I523Fvr0Qu+WqKYUnkWkER4yEIsS6MQMBYOj31zGLcj5Nr?= =?us-ascii?q?4F0g8i5B7rJVmfC/RJYh2Lmi8do86j1J93wZVdJjYFDGVyLCW357LXpgs0j/?= =?us-ascii?q?qGR9o5f2kVUZAFNn0sXs22gSlZv25PDDOvyOIW1BCC7yPgpiTXFDT8ddxjZP?= =?us-ascii?q?aIahNsD9G2/S4//bCvh1DK6JvTO2b0OM9+td/I7OMVu4yIC+hITbVntUfThZ?= =?us-ascii?q?VYTWSwU2HTCd61O4Twa440YNz6EHa1SFq/hC40T8fqJ9utK7CIgQDxSYZPvo?= =?us-ascii?q?ibxyovNcinFjERAx1wvf0M5LpgZQ0fZJo2eQTouB4kN6y4OwiVycmuQ3y3Jj?= =?us-ascii?q?tIUfZfyeS6Z7pYzyoob++6x3sgTo00z+at604NQYsGjhfAyva/f4NeSzT8Gm?= =?us-ascii?q?RBewXToio0j2ZgOvwuzec/wRPItFgcPCqIdOFyaWxLoc8zCk2ILXVxEGo4SE?= =?us-ascii?q?eWjZDf7Q60w7AS4yxdks5R0eJfqnj+vYHQYC6tWKytppXYqCQhYsIgo6JtNY?= =?us-ascii?q?zjJdaGu47FnjDFSpnfrBGFWjagF/VGgthQPD5YQP5QlG4/I8wGpIxB5VAyVs?= =?us-ascii?q?olJrxPCagspqyxZjZ+Cy4d0zMZXZua3DMemue8x6falhCIfZQjNhwErItNgt?= =?us-ascii?q?8DXC5zfCweuLWjVoXNmm+DUmgEPgET7QFW6wIBko9/Zefl4YXSQJ9L0T5WrO?= =?us-ascii?q?p+UjHXGZlw61v7VmaWjEDkSPWmluykxh5SwO7p0tYAQhJ/D1ZSx/pOnEsyNL?= =?us-ascii?q?53M7UQvpLNsjKQd0P6u3zixfC7K1ZP0s3baUf4DJbbumXhSCEc/2MbRZNXwn?= =?us-ascii?q?HFCZsSixZ5aLospFhUPICpZ1vx5z0+yIRtBLS3Scerx1M5onkcXCeqD8BNC+?= =?us-ascii?q?d4v1LLQDdleYykqI35O5VORW9d4IaSq1lFn0lxMSO11JRRJtpR7T4LWThAvS?= =?us-ascii?q?+SvMCuSMFZ3895EYMMKM9lu3jhAKNEJISRo3out7z11HDW5jA8v02mxDioH6?= =?us-ascii?q?+4SPxZ8HMAFgo1IGSRt1cgA/Eq8mjM7lDHqkp08PtDBriTkUVxpy5wHohVBj?= =?us-ascii?q?ZVz3+qMkhzQWJds+VdNaTVadBTTOc0ZR+zIRwxD/om01aO/UFuknfzezZyuR?= =?us-ascii?q?dC+yDBQwk0UjEYgqv3mTIAtM6oJCQXS49MbTU9dSfKMRybmSFQvBZbdU5qR4?= =?us-ascii?q?oVAtFf+7EUxYFU5NbNSV6wKSEZWxxvLgA43uBFlU5Eq0WYfTrSDRSzePbKrx?= =?us-ascii?q?13eduRrM+1I/T45ghHjJjnvPo/96UZSH2sgRetTszGr4/gqt2KsVODdKXiPO?= =?us-ascii?q?26b3/BVj/Mgg2uiro/E5nF5S7TMBFcK5Vgz3orf4ThA3bRPRtaP6IbO1ZbVa?= =?us-ascii?q?diZNVApuBXfM5keKAM+aN3BxKHQB3vGJa1o/ldMlbTXyneIDmd8uyiu4Lc86?= =?us-ascii?q?bRSe/6ZsyD33zHWb54Po9m6TnnHLfnyYle+kvq1fdq8kN1U0PGPzqArNTmIQ?= =?us-ascii?q?ML/9Kie1DnvpAmEjLaGpBwkGDixktYbcoYXzWq8IgEyJNe8Hv/Vfh30kztv+?= =?us-ascii?q?1J67ll6Y437qtyycioJKfdN/JasVNmAheOHAlq8IsiAHRnTWBLfuARMOvRfb?= =?us-ascii?q?gejc32r+D3DKkX5R2O9uxXd9TIOkbBmtOlBTGEUxxEmwUBpiAGIQuAzfKFnL?= =?us-ascii?q?V0Scm9r+jjxk0t+0S+LgIBzL1154eE+6+IqfTSbxTPzbkLRLLqRsL1rrQjoU?= =?us-ascii?q?+S4+MrlKIWcGxvfwKnCPQdVtIaxmr4zKArzDgjHNnfEL/74/5MSW45kSz8lJ?= =?us-ascii?q?xnGFUWAPwUF6KR/YtChmc4h/DZNtoOf69Zm2aPDhClHaUAyX6q9yuXOHNqgg?= =?us-ascii?q?zK0xzrXWyz60L5ojFiTivR1dfjlVBVWaOtCUdVRSqpNldysCmTMwrwqNr3pa?= =?us-ascii?q?M14VkuMmP+qNKCiGuhOb1QH83lJ9yQODI0q0wTjJ0wQNyvxI8aFMGlINgL7H?= =?us-ascii?q?Fxcvve6m2sky9boKdLnYne7d+P+vXRA3agi7eWq7KXxDBX0nI4p00w6si8Nv?= =?us-ascii?q?HS4N2HW/uo2HwLTyhhpwvBXwW4qrjar1AIJ0OL0F3EmJERPt1D23k3yF3m7v?= =?us-ascii?q?A5QN0v7AVeCprAZ/QaqDD8JjT0x0qfY9UwViWZyDtYAFb1EVh+GKgh12P9p8?= =?us-ascii?q?bJmmnK+1woXIZ8bUrnigJrD48gM0Ii9EAXwjYfEQgKcR2UELOoCl75IoYfSU?= =?us-ascii?q?cDbhCH3Ly7eqgpx01z3q2g6/PTbeBmAKoNLPldhBaUnFdHApIWrbEeQLVkdl?= =?us-ascii?q?9Y867XoBTiC4f5UPX9kHowNOe6QsZE/sAFuXoi5Ry/Rxm76ZtZ6bYUloyIfL?= =?us-ascii?q?ZeYZfQpMB881tn5TkXeyxCnBd/lAi5XfkBqu7s5NbbsZyo6vuhVas2SOUX8g?= =?us-ascii?q?I7B2JggJfqh1Aju97X3f9GSoLJkYT/7BxNI3mStYbY1Bl8KewOJ5i3c7Zg83?= =?us-ascii?q?UHOjURJnMPPdqQcPk84C5tPS7N51xDHMMDf9cYM9fMmQxOjE3mRq1T/NLBGl?= =?us-ascii?q?CEE4dza9wo723vxTA075szSODg5SSyJZDC8l5NPvRDjD52mNLFvugVzuLYCD?= =?us-ascii?q?IL7nmBdxh13iSCxoGPC/nu8+WMxtXUWkgIHyEsVYdSOiaC9RahRuWriJXjSh?= =?us-ascii?q?mU5dPrgJIiaEKQQWS8nKsBsqZLH+9PlCH73jxFG4DugPKVtdus53dNul1BDo?= =?us-ascii?q?lz8QXPGL9DMZVjJRT4is6rS1B5Biv+e8HUdR0utfGUxugW4OV+ME3+apEdIh?= =?us-ascii?q?4ezbL192ZVRBN0SLHqplaZQf4RZNx+RfzfsH9V755gJrQUPFiZo5zqsitIqE?= =?us-ascii?q?4oDwA0crMwqSZadkbWlg1PR6n0oKIAihcbUdNhoU9MHmawN3gk5zvJUqRViK?= =?us-ascii?q?eRBecQ8jWUSawOSFtnPT9kQxOyw5VuYLqpnfZIsm9cmSN9uvcq2SR8RBSgoS?= =?us-ascii?q?3su74N2TU49bG2qjoBvX1FTv2AnCrTCFRDzfEKjaICBHb47VyzfmMPbIzo4L?= =?us-ascii?q?loPc7g75Uu42wjYRU/eC0LReqhCznqj6OJHoOArslRhBuMuMXSd7+8MzIeNr?= =?us-ascii?q?MnyRLsX3J9yBTRnA508GsXRTWt9NgkJIGjNss+3iqoHXLUdE0Q4qNIrMTxqU?= =?us-ascii?q?QLQ/UoZl97xmVszNSHTDUXRMPTA2Y1khQkaWJcfZJH6B8aEbQogzmRsqlC/w?= =?us-ascii?q?EUeyvUEp++94nRh8jI3349Qc1txmLMqa2Pnokq32F9m9No8i6Ov2wfd+nCXM?= =?us-ascii?q?BwAnjz14FfyevlavWzs+AHTpVpyLCgUP8EL8mi9nG62JJwWk+q3r4eBUa2MP?= =?us-ascii?q?cfxrfHVCeoUW+YVv6Ic2iLhDk0KVPy5R+0Ll03b8dKskA9MuvehpJGkQ3uT6?= =?us-ascii?q?90TD2KpVDH1GwjLf8adwUutYe8dQwKSfIeaumfKOU13v0xFkEMb37IHCtxDe?= =?us-ascii?q?+6q1itk5ZnOyYo3UKvQ+Pt9EjEN9ubHAIJF8aOrJlx/7q4QWKIP2RtyjV5NU?= =?us-ascii?q?9z8ebUHlB3vehZJdLZuNnVhpxJ1u4Mbb85Iyo9s8Q7noNl9JnSzsGHbVfQxJ?= =?us-ascii?q?O0LtbQ9LzQL/je0147MkJTSbMFYgLzr9E2O98lQayVHrJCtAgfBK4ST5koNm?= =?us-ascii?q?O3/6Zxekc7SgfMYPyRhc7wq6rffpJJo1fO5080aSLbvAcOjPezSFo/J6u2im?= =?us-ascii?q?3yLZZ4fTdIq9lgG1MyB4dUM98RpAqgRZiPkee0jMHnvwtXoe4B+ZL5EPHRnI?= =?us-ascii?q?C0x4xrXoNy/UWRPS3JAKBgjwJilOvkxr/r24L8GIvZctMNSeZ/T3SNPrTPBY?= =?us-ascii?q?iuAimFOsvhdUpL6fuX2fRyVRDHIGjaUqyavTejfMlt4kg3w8QsYOPQwTAk7L?= =?us-ascii?q?fz3sfua2hHr2GoqjiLLM0bpGDHGffDWFp0QPyJ+S4xBaARYpb18qINPMYkzd?= =?us-ascii?q?y0wkx36ypPlvCsAJWbhwnK1wR5bcSIAlHu3nMbXoRCGBmlOkshmieNqHPQKW?= =?us-ascii?q?xRNMOkJNIri9GQWE++r3JtkH0gMzYSUlHjQs2cbC1Cg5zkPl+D6R5LAtAfnu?= =?us-ascii?q?W+ZU8/sOioRPJ1Polexr74qbUGlY84MyiXFI5XMjrVI/lzNztVSODOoAtNAF?= =?us-ascii?q?YIsLkwD4EyY5XGYEYKK1yJxi66ywzemVb1eNqh2OfBICsf/nhdibOQ1z9Kqg?= =?us-ascii?q?Q=3D?= X-IPAS-Result: =?us-ascii?q?A2AaAgAOyh5b/wHyM5BcGgEBAQEBAgEBAQEIAQEBAYNAA?= =?us-ascii?q?2JtEiiMWowGgV2BOotIiAaBWS4HDAGHIiE3FQECAQEBAQEBAgFsHAyCNSQBg?= =?us-ascii?q?lYCJBMUIAsDAwkCQAgIAwEtFRcBBwsFGASDA4F/AwIKqlQzg3kBhEWBaIhEg?= =?us-ascii?q?hOBDzCFVoFGARIBhXQCh0wehEplPoNZh0wJhW+KfospigeEYoJJgVYiYXFNI?= =?us-ascii?q?xU7gkMJFoICF4hZLoRaAVVPegEBjRwCDRcCBYIbAQE?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 11 Jun 2018 19:16:07 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w5BJF74s015352; Mon, 11 Jun 2018 15:15:19 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w5BJ1SuN027277 for ; Mon, 11 Jun 2018 15:01:28 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w5BJ1TOk014178; Mon, 11 Jun 2018 15:01:29 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1CuAgAFxh5bly0VGNZcHQEBBQELAYNAZ?= =?us-ascii?q?W0SKIxajAaBXYE6i0iHcoF4Kg2EQIJiITYWAQIBAQEBAQECFAEBAQEBBhgGTIV?= =?us-ascii?q?iUoE+ARKDIgKBfwMCCqpSM4N5AYRFgWiIRIITgQ8whVaHTgKHTB6ESmU+g1mHT?= =?us-ascii?q?AmFb4p+iymKB4RigkmBRwmBek0jFYJ+CRaCAg4JiFkuhFoBVU98jRwCJAIFghs?= =?us-ascii?q?BAQ?= X-IPAS-Result: =?us-ascii?q?A1CuAgAFxh5bly0VGNZcHQEBBQELAYNAZW0SKIxajAaBXYE?= =?us-ascii?q?6i0iHcoF4Kg2EQIJiITYWAQIBAQEBAQECFAEBAQEBBhgGTIViUoE+ARKDIgKBf?= =?us-ascii?q?wMCCqpSM4N5AYRFgWiIRIITgQ8whVaHTgKHTB6ESmU+g1mHTAmFb4p+iymKB4R?= =?us-ascii?q?igkmBRwmBek0jFYJ+CRaCAg4JiFkuhFoBVU98jRwCJAIFghsBAQ?= X-IronPort-AV: E=Sophos;i="5.51,211,1526356800"; d="scan'208";a="298419" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 11 Jun 2018 15:01:29 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3A0SDRTx2PHM4ixNkJsmDT+DRfVm0co7zxezQtwd?= =?us-ascii?q?8ZsesXLP3xwZ3uMQTl6Ol3ixeRBMOHs68C07KempujcFRI2YyGvnEGfc4EfD?= =?us-ascii?q?4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFA?= =?us-ascii?q?nhOgppPOT1HZPZg9iq2+yo9JDffwVFiCChbb9uMR67sRjfus4KjIV4N60/0A?= =?us-ascii?q?HJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L2?= =?us-ascii?q?81/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUj?= =?us-ascii?q?q+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfFjfK3SYMkaSH?= =?us-ascii?q?JcUMhRSSJPDICyYYwUAuYdIepVtZXxqkESoReiAwSnGePhyiVPhn/zxaA01+?= =?us-ascii?q?MhHh/b1wI6Ad0OqmjbrNXrO6cJTOu4y6vIzTLdYP5NwTfy9pLIfQwhof6SRr?= =?us-ascii?q?J8a9beyU4qFw7ciFibtILrPzSQ1usXsmib6fJtVeasi24irwF9uD+vxt0jio?= =?us-ascii?q?TPm4kbyUjE+D1nzIooKtC0UlB3bNG+HJdOqi2WLYR7T8M6T2xnuis20KAKtJ?= =?us-ascii?q?6mcCQQ1ZgqxwLTZ+aZf4WG4h/uUvuaLy1ii3J/Yr2/gg6/8Ui+xe34Ucm5yF?= =?us-ascii?q?hFoChGnNfKuH0AyQbd59SbRvZ85EuuxyiA1wXI6uFLO0w0kLDUK58lwrIqk5?= =?us-ascii?q?oTsEDDEjf3mEXwkqCWal0p9va15+noeLnquJCRO5Vqhg3jKKgjlcyyDfw9Mg?= =?us-ascii?q?cUXmib/eq81Kfk/U38WLhKjPo2nbfCvZDCO8sbvLK2Aw9L3YY48RqwEzCm0N?= =?us-ascii?q?EAkXkdMF1FYA6Hj5TuO1zWO/D3EOy/jk+wkDZr2//GPrrhDo/LLnjYirjtZ7?= =?us-ascii?q?l960lCyAAr19BQ+4pUCq0dIPL0QkLxr8LXDhs4Mwyy3ubmB85w1p8eWG2TAq?= =?us-ascii?q?+ZN7nesVmT5u01OeWMa4gVuCiuY8QistzpjXlxu1gddK+y0J1fPHK/HvIgIU?= =?us-ascii?q?KZaHz3j9EpGm4MuQw/R+XuzlaFVGgXL1OzWqN01DY7AZjuWZXERom3qLiA2j?= =?us-ascii?q?qrWINQa3wAC1qJV3zvctPAE9sJaT6IM4dCmycNSbugTcd12RSvqBXrjbluNe?= =?us-ascii?q?PI+SwenZ3m3dlxoebUkEd2vQR9EsDV9maKVWw8ynsBWjsexKlipQl4zVCZ3O?= =?us-ascii?q?5zhPkOUZRo+/5RUgo8faXZxuh+BsG6DhnNZf+VWV2mRZOgGjh3QdUvlZtGTl?= =?us-ascii?q?x8EJ2ahwrCxGL+Dqccjb2QLIQ96KPHx3z4LMs7zGzJgu1ppFA9T9oHDmamj7?= =?us-ascii?q?Nx8wXJT9rCml6Uho6xfqQVwSDJ+X3GxmPIt0ZdBko4cqjDQXkFYQPqpNf06k?= =?us-ascii?q?qKG6OnCrkrOwhH4cieNqdDdtSvhlIARu+1fJzibn6qhmD4JR+OyrrEOJLnfW?= =?us-ascii?q?oA3SOYC0UelQ0X1VfDMQ8gC2GaikHjNhUoE1+pYVu6osdkr3bubEg5hzmHdU?= =?us-ascii?q?Zh2qH9rhwSiNSERukY3r8f/iwmrmMnTx6Gw9vKBo/Y9EJad6JGbIZ4uQ8fjz?= =?us-ascii?q?iLvhFhPpGmM6Fpj0IfdAIypU71yhFrEdoZw9UqrXdznRJ7cfLe3V5acjze2J?= =?us-ascii?q?nxPvvSK22htBysaquD3FbY3Z7W/6oU8/03ph3lux3hDUst9XhrkpFV3nKQ64?= =?us-ascii?q?+MDV8UVpT8Xw=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AdAgCFxh5bly0VGNZcHQEBBQELAYN?= =?us-ascii?q?AZW0SKIxajAaBXYE6i0iHcoF4Kg2EQIJiITYWAQIBAQEBAQECARMBAQEBAQY?= =?us-ascii?q?YBkwMgjUkAYJ8UoE+ARKDIgKBfwMCCqpQM4N5AYRFgWiIRIITgQ8whVaHTgK?= =?us-ascii?q?HTB6ESmU+g1mHTAmFb4p+iymKB4RigkmBRwmBek0jFYJ+CRaCAg4JiFkuhFo?= =?us-ascii?q?BVU98jRwCJAIFghsBAQ?= X-IPAS-Result: =?us-ascii?q?A0AdAgCFxh5bly0VGNZcHQEBBQELAYNAZW0SKIxajAaBX?= =?us-ascii?q?YE6i0iHcoF4Kg2EQIJiITYWAQIBAQEBAQECARMBAQEBAQYYBkwMgjUkAYJ8U?= =?us-ascii?q?oE+ARKDIgKBfwMCCqpQM4N5AYRFgWiIRIITgQ8whVaHTgKHTB6ESmU+g1mHT?= =?us-ascii?q?AmFb4p+iymKB4RigkmBRwmBek0jFYJ+CRaCAg4JiFkuhFoBVU98jRwCJAIFg?= =?us-ascii?q?hsBAQ?= X-IronPort-AV: E=Sophos;i="5.51,211,1526342400"; d="scan'208";a="12713025" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from uhil3cpa06.eemsg.mail.mil ([214.24.21.45]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 11 Jun 2018 19:01:28 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;9782beb3-8be8-4185-a6a5-a50f187a4d1b Authentication-Results: uhil19pa08.eesmg.mail.mil; dkim=none (message not signed) header.i=none X-EEMSG-check-008: 287474817|UHIL19PA08_EEMSG_MP6.csd.disa.mil X-EEMSG-check-001: false X-EEMSG-SBRS: -0.8 X-EEMSG-ORIG-IP: 216.40.44.100 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BkIQC7xh5bXGQsKNhcHAEBAQQBAQoBAYQlbRIojFqNY4E6i0iHcoF4HgwNhECDAzYWAQIBAQEBAQECBxkMCgYqIwyFVlKBJBoBEoMkgX8DAgqqUTODeQGERYFoileBDzCFVodOAodMHoRKZT6DWYdMCYVvin6LKYoHhGKCSYFGATCBU00jFYJ+CRaCAheIWS6EWgFVT3yNHAIkAgWCGwEB X-IPAS-Result: A0BkIQC7xh5bXGQsKNhcHAEBAQQBAQoBAYQlbRIojFqNY4E6i0iHcoF4HgwNhECDAzYWAQIBAQEBAQECBxkMCgYqIwyFVlKBJBoBEoMkgX8DAgqqUTODeQGERYFoileBDzCFVodOAodMHoRKZT6DWYdMCYVvin6LKYoHhGKCSYFGATCBU00jFYJ+CRaCAheIWS6EWgFVT3yNHAIkAgWCGwEB Received: from smtprelay0100.hostedemail.com (HELO smtprelay.hostedemail.com) ([216.40.44.100]) by uhil19pa08.eesmg.mail.mil with ESMTP; 11 Jun 2018 19:01:25 +0000 Received: from filter.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay04.hostedemail.com (Postfix) with ESMTP id 551EA180A8450; Mon, 11 Jun 2018 19:01:23 +0000 (UTC) X-Session-Marker: 6A6F6540706572636865732E636F6D X-HE-Tag: grape99_630826d30ef5d X-Filterd-Recvd-Size: 19017 Received: from joe-laptop.perches.com (unknown [47.151.150.235]) (Authenticated sender: joe@perches.com) by omf08.hostedemail.com (Postfix) with ESMTPA; Mon, 11 Jun 2018 19:01:20 +0000 (UTC) X-EEMSG-check-009: 444-444 From: Joe Perches To: John Johansen , Mimi Zohar , Dmitry Kasatkin , Paul Moore , Stephen Smalley , Eric Paris , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Date: Mon, 11 Jun 2018 12:01:17 -0700 Message-Id: <1e91f8e10ce76d3208239b6b5899aab76d1543ff.1528743633.git.joe@perches.com> X-Mailer: git-send-email 2.15.0 X-Mailman-Approved-At: Mon, 11 Jun 2018 15:14:59 -0400 Subject: [-next PATCH] security: use octal not symbolic permissions X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, linux-integrity@vger.kernel.org MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Currently security files use a mixture of octal and symbolic styles for permissions. Using octal and not symbolic permissions is preferred by many as more readable. see: https://lkml.org/lkml/2016/8/2/1945 Prefer the direct use of octal for permissions. Done using: $ git ls-files security | \ xargs ./scripts/checkpatch.pl -f --fix-inplace --types=symbolic_perms --strict and some typing. Before: $ git grep -P -w "0[0-7]{3,3}" security | wc -l 53 After: $ git grep -P -w "0[0-7]{3,3}" security | wc -l 136 Miscellanea: o Whitespace neatening and line wrapping around these conversions. o Remove now superfluous parentheses around direct use of 0600 Signed-off-by: Joe Perches Acked-by: Casey Schaufler --- security/apparmor/apparmorfs.c | 5 ++-- security/apparmor/lsm.c | 23 ++++++++--------- security/integrity/ima/ima.h | 4 +-- security/integrity/ima/ima_fs.c | 13 +++++----- security/selinux/hooks.c | 4 +-- security/selinux/selinuxfs.c | 57 ++++++++++++++++++++--------------------- security/smack/smack_lsm.c | 6 ++--- security/smack/smackfs.c | 46 ++++++++++++++++----------------- security/tomoyo/condition.c | 18 ++++++------- 9 files changed, 85 insertions(+), 91 deletions(-) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 949dd8a48164..c09dc0f3c3fe 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -2426,10 +2426,9 @@ static int aa_mk_null_file(struct dentry *parent) } inode->i_ino = get_next_ino(); - inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO; + inode->i_mode = S_IFCHR | 0666; inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode); - init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, - MKDEV(MEM_MAJOR, 3)); + init_special_inode(inode, S_IFCHR | 0666, MKDEV(MEM_MAJOR, 3)); d_instantiate(dentry, inode); aa_null.dentry = dget(dentry); aa_null.mnt = mntget(mount); diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index fbb08bc78bee..6759a70918de 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1255,45 +1255,42 @@ static int param_get_mode(char *buffer, const struct kernel_param *kp); /* AppArmor global enforcement switch - complain, enforce, kill */ enum profile_mode aa_g_profile_mode = APPARMOR_ENFORCE; module_param_call(mode, param_set_mode, param_get_mode, - &aa_g_profile_mode, S_IRUSR | S_IWUSR); + &aa_g_profile_mode, 0600); /* whether policy verification hashing is enabled */ bool aa_g_hash_policy = IS_ENABLED(CONFIG_SECURITY_APPARMOR_HASH_DEFAULT); #ifdef CONFIG_SECURITY_APPARMOR_HASH -module_param_named(hash_policy, aa_g_hash_policy, aabool, S_IRUSR | S_IWUSR); +module_param_named(hash_policy, aa_g_hash_policy, aabool, 0600); #endif /* Debug mode */ bool aa_g_debug = IS_ENABLED(CONFIG_SECURITY_APPARMOR_DEBUG_MESSAGES); -module_param_named(debug, aa_g_debug, aabool, S_IRUSR | S_IWUSR); +module_param_named(debug, aa_g_debug, aabool, 0600); /* Audit mode */ enum audit_mode aa_g_audit; -module_param_call(audit, param_set_audit, param_get_audit, - &aa_g_audit, S_IRUSR | S_IWUSR); +module_param_call(audit, param_set_audit, param_get_audit, &aa_g_audit, 0600); /* Determines if audit header is included in audited messages. This * provides more context if the audit daemon is not running */ bool aa_g_audit_header = true; -module_param_named(audit_header, aa_g_audit_header, aabool, - S_IRUSR | S_IWUSR); +module_param_named(audit_header, aa_g_audit_header, aabool, 0600); /* lock out loading/removal of policy * TODO: add in at boot loading of policy, which is the only way to * load policy, if lock_policy is set */ bool aa_g_lock_policy; -module_param_named(lock_policy, aa_g_lock_policy, aalockpolicy, - S_IRUSR | S_IWUSR); +module_param_named(lock_policy, aa_g_lock_policy, aalockpolicy, 0600); /* Syscall logging mode */ bool aa_g_logsyscall; -module_param_named(logsyscall, aa_g_logsyscall, aabool, S_IRUSR | S_IWUSR); +module_param_named(logsyscall, aa_g_logsyscall, aabool, 0600); /* Maximum pathname length before accesses will start getting rejected */ unsigned int aa_g_path_max = 2 * PATH_MAX; -module_param_named(path_max, aa_g_path_max, aauint, S_IRUSR); +module_param_named(path_max, aa_g_path_max, aauint, 0400); /* Determines how paranoid loading of policy is and how much verification * on the loaded policy is done. @@ -1301,11 +1298,11 @@ module_param_named(path_max, aa_g_path_max, aauint, S_IRUSR); * that none root users (user namespaces) can load policy. */ bool aa_g_paranoid_load = true; -module_param_named(paranoid_load, aa_g_paranoid_load, aabool, S_IRUGO); +module_param_named(paranoid_load, aa_g_paranoid_load, aabool, 0444); /* Boot time disable flag */ static bool apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE; -module_param_named(enabled, apparmor_enabled, bool, S_IRUGO); +module_param_named(enabled, apparmor_enabled, bool, 0444); static int __init apparmor_enabled_setup(char *str) { diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 354bb5716ce3..3f7707b8aaa7 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -314,9 +314,9 @@ static inline int security_filter_rule_match(u32 secid, u32 field, u32 op, #endif /* CONFIG_IMA_LSM_RULES */ #ifdef CONFIG_IMA_READ_POLICY -#define POLICY_FILE_FLAGS (S_IWUSR | S_IRUSR) +#define POLICY_FILE_FLAGS 0600 #else -#define POLICY_FILE_FLAGS S_IWUSR +#define POLICY_FILE_FLAGS 0200 #endif /* CONFIG_IMA_READ_POLICY */ #endif /* __LINUX_IMA_H */ diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index ae9d5c766a3c..81700df83f51 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -439,7 +439,7 @@ static int ima_release_policy(struct inode *inode, struct file *file) #elif defined(CONFIG_IMA_WRITE_POLICY) clear_bit(IMA_FS_BUSY, &ima_fs_flags); #elif defined(CONFIG_IMA_READ_POLICY) - inode->i_mode &= ~S_IWUSR; + inode->i_mode &= ~0200; #endif return 0; } @@ -465,28 +465,29 @@ int __init ima_fs_init(void) binary_runtime_measurements = securityfs_create_file("binary_runtime_measurements", - S_IRUSR | S_IRGRP, ima_dir, NULL, + 0440, ima_dir, NULL, &ima_measurements_ops); if (IS_ERR(binary_runtime_measurements)) goto out; ascii_runtime_measurements = securityfs_create_file("ascii_runtime_measurements", - S_IRUSR | S_IRGRP, ima_dir, NULL, + 0440, ima_dir, NULL, &ima_ascii_measurements_ops); if (IS_ERR(ascii_runtime_measurements)) goto out; runtime_measurements_count = securityfs_create_file("runtime_measurements_count", - S_IRUSR | S_IRGRP, ima_dir, NULL, + 0440, ima_dir, NULL, &ima_measurements_count_ops); if (IS_ERR(runtime_measurements_count)) goto out; violations = - securityfs_create_file("violations", S_IRUSR | S_IRGRP, - ima_dir, NULL, &ima_htable_violations_ops); + securityfs_create_file("violations", + 0440, ima_dir, NULL, + &ima_htable_violations_ops); if (IS_ERR(violations)) goto out; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a85fac3345df..8ae043be8782 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6336,9 +6336,9 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) u32 av = 0; av = 0; - if (flag & S_IRUGO) + if (flag & 0444) av |= IPC__UNIX_READ; - if (flag & S_IWUGO) + if (flag & 0222) av |= IPC__UNIX_WRITE; if (av == 0) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index f3d374d2ca04..bfecac19ba92 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1376,7 +1376,7 @@ static int sel_make_bools(struct selinux_fs_info *fsi) goto out; ret = -ENOMEM; - inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR); + inode = sel_make_inode(dir->d_sb, S_IFREG | 0644); if (!inode) goto out; @@ -1582,10 +1582,10 @@ static int sel_make_avc_files(struct dentry *dir) int i; static const struct tree_descr files[] = { { "cache_threshold", - &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR }, - { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO }, + &sel_avc_cache_threshold_ops, 0644 }, + { "hash_stats", &sel_avc_hash_stats_ops, 0444 }, #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS - { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO }, + { "cache_stats", &sel_avc_cache_stats_ops, 0444 }, #endif }; @@ -1643,7 +1643,7 @@ static int sel_make_initcon_files(struct dentry *dir) if (!dentry) return -ENOMEM; - inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); + inode = sel_make_inode(dir->d_sb, S_IFREG | 0444); if (!inode) return -ENOMEM; @@ -1744,7 +1744,7 @@ static int sel_make_perm_files(char *objclass, int classvalue, goto out; rc = -ENOMEM; - inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); + inode = sel_make_inode(dir->d_sb, S_IFREG | 0444); if (!inode) goto out; @@ -1774,7 +1774,7 @@ static int sel_make_class_dir_entries(char *classname, int index, if (!dentry) return -ENOMEM; - inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); + inode = sel_make_inode(dir->d_sb, S_IFREG | 0444); if (!inode) return -ENOMEM; @@ -1870,7 +1870,7 @@ static struct dentry *sel_make_dir(struct dentry *dir, const char *name, if (!dentry) return ERR_PTR(-ENOMEM); - inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO); + inode = sel_make_inode(dir->d_sb, S_IFDIR | 0555); if (!inode) { dput(dentry); return ERR_PTR(-ENOMEM); @@ -1899,25 +1899,24 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent) struct inode_security_struct *isec; static const struct tree_descr selinux_files[] = { - [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR}, - [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR}, - [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO}, - [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO}, - [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO}, - [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO}, - [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO}, - [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO}, - [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR}, - [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO}, - [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR}, - [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO}, - [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR}, - [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO}, - [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO}, - [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO}, - [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO}, - [SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops, - S_IWUGO}, + [SEL_LOAD] = {"load", &sel_load_ops, 0600}, + [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, 0644}, + [SEL_CONTEXT] = {"context", &transaction_ops, 0666}, + [SEL_ACCESS] = {"access", &transaction_ops, 0666}, + [SEL_CREATE] = {"create", &transaction_ops, 0666}, + [SEL_RELABEL] = {"relabel", &transaction_ops, 0666}, + [SEL_USER] = {"user", &transaction_ops, 0666}, + [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, 0444}, + [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, 0200}, + [SEL_MLS] = {"mls", &sel_mls_ops, 0444}, + [SEL_DISABLE] = {"disable", &sel_disable_ops, 0200}, + [SEL_MEMBER] = {"member", &transaction_ops, 0666}, + [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, 0644}, + [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, 0444}, + [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, 0444}, + [SEL_STATUS] = {"status", &sel_handle_status_ops, 0444}, + [SEL_POLICY] = {"policy", &sel_policy_ops, 0444}, + [SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops, 0222}, /* last one */ {""} }; @@ -1943,7 +1942,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent) goto err; ret = -ENOMEM; - inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO); + inode = sel_make_inode(sb, S_IFCHR | 0666); if (!inode) goto err; @@ -1953,7 +1952,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent) isec->sclass = SECCLASS_CHR_FILE; isec->initialized = LABEL_INITIALIZED; - init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3)); + init_special_inode(inode, S_IFCHR | 0666, MKDEV(MEM_MAJOR, 3)); d_add(dentry, inode); dentry = sel_make_dir(sb->s_root, "avc", &fsi->last_ino); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index dcb976f98df2..8953440c6559 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2945,11 +2945,11 @@ static int smack_flags_to_may(int flags) { int may = 0; - if (flags & S_IRUGO) + if (flags & 0444) may |= MAY_READ; - if (flags & S_IWUGO) + if (flags & 0222) may |= MAY_WRITE; - if (flags & S_IXUGO) + if (flags & 0111) may |= MAY_EXEC; return may; diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index f6482e53d55a..270cd3a308f0 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -2857,55 +2857,53 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent) static const struct tree_descr smack_files[] = { [SMK_LOAD] = { - "load", &smk_load_ops, S_IRUGO|S_IWUSR}, + "load", &smk_load_ops, 0644}, [SMK_CIPSO] = { - "cipso", &smk_cipso_ops, S_IRUGO|S_IWUSR}, + "cipso", &smk_cipso_ops, 0644}, [SMK_DOI] = { - "doi", &smk_doi_ops, S_IRUGO|S_IWUSR}, + "doi", &smk_doi_ops, 0644}, [SMK_DIRECT] = { - "direct", &smk_direct_ops, S_IRUGO|S_IWUSR}, + "direct", &smk_direct_ops, 0644}, [SMK_AMBIENT] = { - "ambient", &smk_ambient_ops, S_IRUGO|S_IWUSR}, + "ambient", &smk_ambient_ops, 0644}, [SMK_NET4ADDR] = { - "netlabel", &smk_net4addr_ops, S_IRUGO|S_IWUSR}, + "netlabel", &smk_net4addr_ops, 0644}, [SMK_ONLYCAP] = { - "onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, + "onlycap", &smk_onlycap_ops, 0644}, [SMK_LOGGING] = { - "logging", &smk_logging_ops, S_IRUGO|S_IWUSR}, + "logging", &smk_logging_ops, 0644}, [SMK_LOAD_SELF] = { - "load-self", &smk_load_self_ops, S_IRUGO|S_IWUGO}, + "load-self", &smk_load_self_ops, 0666}, [SMK_ACCESSES] = { - "access", &smk_access_ops, S_IRUGO|S_IWUGO}, + "access", &smk_access_ops, 0666}, [SMK_MAPPED] = { - "mapped", &smk_mapped_ops, S_IRUGO|S_IWUSR}, + "mapped", &smk_mapped_ops, 0644}, [SMK_LOAD2] = { - "load2", &smk_load2_ops, S_IRUGO|S_IWUSR}, + "load2", &smk_load2_ops, 0644}, [SMK_LOAD_SELF2] = { - "load-self2", &smk_load_self2_ops, S_IRUGO|S_IWUGO}, + "load-self2", &smk_load_self2_ops, 0666}, [SMK_ACCESS2] = { - "access2", &smk_access2_ops, S_IRUGO|S_IWUGO}, + "access2", &smk_access2_ops, 0666}, [SMK_CIPSO2] = { - "cipso2", &smk_cipso2_ops, S_IRUGO|S_IWUSR}, + "cipso2", &smk_cipso2_ops, 0644}, [SMK_REVOKE_SUBJ] = { - "revoke-subject", &smk_revoke_subj_ops, - S_IRUGO|S_IWUSR}, + "revoke-subject", &smk_revoke_subj_ops, 0644}, [SMK_CHANGE_RULE] = { - "change-rule", &smk_change_rule_ops, S_IRUGO|S_IWUSR}, + "change-rule", &smk_change_rule_ops, 0644}, [SMK_SYSLOG] = { - "syslog", &smk_syslog_ops, S_IRUGO|S_IWUSR}, + "syslog", &smk_syslog_ops, 0644}, [SMK_PTRACE] = { - "ptrace", &smk_ptrace_ops, S_IRUGO|S_IWUSR}, + "ptrace", &smk_ptrace_ops, 0644}, #ifdef CONFIG_SECURITY_SMACK_BRINGUP [SMK_UNCONFINED] = { - "unconfined", &smk_unconfined_ops, S_IRUGO|S_IWUSR}, + "unconfined", &smk_unconfined_ops, 0644}, #endif #if IS_ENABLED(CONFIG_IPV6) [SMK_NET6ADDR] = { - "ipv6host", &smk_net6addr_ops, S_IRUGO|S_IWUSR}, + "ipv6host", &smk_net6addr_ops, 0644}, #endif /* CONFIG_IPV6 */ [SMK_RELABEL_SELF] = { - "relabel-self", &smk_relabel_self_ops, - S_IRUGO|S_IWUGO}, + "relabel-self", &smk_relabel_self_ops, 0666}, /* last one */ {""} }; diff --git a/security/tomoyo/condition.c b/security/tomoyo/condition.c index 8d0e1b9c9c57..2069f5912469 100644 --- a/security/tomoyo/condition.c +++ b/security/tomoyo/condition.c @@ -874,31 +874,31 @@ bool tomoyo_condition(struct tomoyo_request_info *r, value = S_ISVTX; break; case TOMOYO_MODE_OWNER_READ: - value = S_IRUSR; + value = 0400; break; case TOMOYO_MODE_OWNER_WRITE: - value = S_IWUSR; + value = 0200; break; case TOMOYO_MODE_OWNER_EXECUTE: - value = S_IXUSR; + value = 0100; break; case TOMOYO_MODE_GROUP_READ: - value = S_IRGRP; + value = 0040; break; case TOMOYO_MODE_GROUP_WRITE: - value = S_IWGRP; + value = 0020; break; case TOMOYO_MODE_GROUP_EXECUTE: - value = S_IXGRP; + value = 0010; break; case TOMOYO_MODE_OTHERS_READ: - value = S_IROTH; + value = 0004; break; case TOMOYO_MODE_OTHERS_WRITE: - value = S_IWOTH; + value = 0002; break; case TOMOYO_MODE_OTHERS_EXECUTE: - value = S_IXOTH; + value = 0001; break; case TOMOYO_EXEC_ARGC: if (!bprm)