From patchwork Wed Apr 26 13:47:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Haines X-Patchwork-Id: 9701411 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 298A660245 for ; Wed, 26 Apr 2017 13:48:35 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 178542865D for ; Wed, 26 Apr 2017 13:48:35 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0923328662; Wed, 26 Apr 2017 13:48:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id CA33D2865D for ; Wed, 26 Apr 2017 13:48:32 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.37,254,1488844800"; d="scan'208";a="5226401" IronPort-PHdr: =?us-ascii?q?9a23=3A6FYvkBRjBPlJwOTW1fnTChFk3dpsv+yvbD5Q0YIu?= =?us-ascii?q?jvd0So/mwa68ZhOGt8tkgFKBZ4jH8fUM07OQ6PG+HzBcqsjd+Fk5M7V0Hycfjs?= =?us-ascii?q?sXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aFRrwLxd6?= =?us-ascii?q?KfroEYDOkcu3y/qy+5rOaAlUmTaxe71/IRG3oAnLucQbjoRuJ6c+xxDUvnZGZu?= =?us-ascii?q?NayH9yK1mOhRj8/MCw/JBi8yRUpf0s8tNLXLv5caolU7FWFSwqPG8p6sLlsxnD?= =?us-ascii?q?VhaP6WAHUmoKiBpIAhPK4w/8U5zsryb1rOt92C2dPc3rUbA5XCmp4ql3RBP0ji?= =?us-ascii?q?oMKjA28HvTisdtkqxVphyvrAF7z4LNfY2ZKP9yc6XAdt0YWGVBRN5cWSxfDI2h?= =?us-ascii?q?YYUBDO0PPf5aooXgqVYBswC+CBKwCO/z0DJEmmX70bEm3+knDArI3BYgH9ULsH?= =?us-ascii?q?nMsNv1NbsdUeCvw6nS0DrIcvFY1i386IjObB8huuyHULVqccrQ1UYvFxnKjk+N?= =?us-ascii?q?poP9IzyazuQNvHKa7+pmS+2vkHUqpBptojiuwMcslpfGhpgTyl/a6SV12po6Jd?= =?us-ascii?q?q9SENiZ9OvDZhetzmCOodrTc4vTHtktSYnxrEcp5K2czYGxI46yxLHaPGKcpKE?= =?us-ascii?q?7g/sWeuQOzt1hXNodKihixu87EStzPD3WNOu31ZQtCVFl8HBtnUK1xPO9MeKUu?= =?us-ascii?q?B9/kK92TaX0ADT9/1ELVg0laXFL54hxaY9loYJvkTZHy/2hV72gLWKdkQk5ueo?= =?us-ascii?q?6+Pnbq/gppCALI97lhvyMqEvmsy7Geg4Mw4OUHaH+emkybHu8kL0TK9Kg/EriK?= =?us-ascii?q?XVrp/XKdoBqqKkGwNV15ws6xe7DzeoytQYmnwHIUpeeB2Zi4jpOlfOIO33DPum?= =?us-ascii?q?mFuslyprx/baMbL/GZXANWTDkbf9crZ97E5Q0gwzzctF6J5OBbEBJ+zzVlfrtN?= =?us-ascii?q?PEFh85LxC0w+H/BdV/0YMeX3iAArOZMKzIt1+F/eAvI+6KZI8Qojn9MOQl6OD0?= =?us-ascii?q?jX8ig1MderOp3ZQPYnCiAvtmO1mZYWbrgtoZE2cKvBAxQ/DpiF2ZVj5TYXeyX7?= =?us-ascii?q?wn6zE1DIKmEIjCSZuwgLyHwCe7A4daZmdcClCDCX3obZmLW+8QaCKOJc9sijIF?= =?us-ascii?q?VbmlS48kyx6urhT3y7R5IeXJ/S0Yr4js1MBv5+3UlxE96yB7D9iH32GKVWF0kX?= =?us-ascii?q?sCRyUq06BnvUx91lCD3LBljPNEENxT4PVJUhsnOZPH0ex1FcryWgPAf9eOTlaq?= =?us-ascii?q?WNOmDi8tTtgp2d8Bf159G8m+jhDExyelHqMVmKaRBJEv7q3c2H3xKNpnxHbdyK?= =?us-ascii?q?ktlV8mTdVTNWe+nK5w6xDTB5LVk0Wej6urdaUd3CnL9GqYyGqOuFhUUA92Uanf?= =?us-ascii?q?W3AQfFHWrdf45kPcUbCiE7InPRVdycSaMKtFdsXpjUlaRPfkINnRfXqxlH2qBR?= =?us-ascii?q?aJ3bOBd5LqdH8H3CXcE0gEiwQT8myaOgcgHCuhpHjeDDN2H1L1f0zs6fV+qG+8?= =?us-ascii?q?TkIswQGKdVdu17yp9R4UnvyRUPYT3qoFuCs4sDV1Ek2908jRC9qaqAprZL9cbs?= =?us-ascii?q?8l4FdbyWLZsBRwPp+6IKBhgV4ebh96v0D02BV0DYVAjNImrHQwzAp9MaiYyk9O?= =?us-ascii?q?dyuE3ZDsPb3aMnP98w21a67XxF7eys2b9b0T5/Q9sVnjuxupFkU6+XV9z9ZVy2?= =?us-ascii?q?ec5onNDAcKSpLxXFw39x9hp7HGeSQ9/IXU1XpiMKmxqDDC3cglBO07xRa8Z91f?= =?us-ascii?q?Kr+LFBfuE80GAMijMOIrlEKtbhIYIu9S7rU0Mti4d/SYwq6kJ/tgnDe8gWRA+o?= =?us-ascii?q?B93VqG9zBgRe7Qw5YF3/aY0xObVzjhkVihs9r4mYRfaD4OGWq/zDTrC5RKZq1u?= =?us-ascii?q?Z4oLD3mhI9GvzNVkm5HtQ2JY9EKkB14e3s+peB6Sb1jj0g1LzkkYu2KomTG/zz?= =?us-ascii?q?BulDEptKWf1jTUw+v+bBoHJnJLRG56gFfyIIi7k8waXE+ybwQziBSl5UH6x65U?= =?us-ascii?q?pKlkK2nTQEFIcDLsL2FlSKewsaCCY8FX4pMyrSpXSPi8YUydSrPlpxsa0jjjH3?= =?us-ascii?q?dHyDAgaT6qvpT5nxpniGOSN3tzt2LZecB2xRfe+NPcXuRd3jwYSylkkTPXHESz?= =?us-ascii?q?P8G1/dWIkJfOqvq+V2WlVp1Xbybr15+PtCy15GBxGh2/guy8msb9HQg9yy/72M?= =?us-ascii?q?FgVT/Uoxbkfonry6O6PPp/fkZyGV/879B2FZtknoQrg5EQ3WQahpKT/XcclGf/?= =?us-ascii?q?LdNb2aXiY3YXQz4E3cLV6hD/2EJ/NnKJ2575VnKFz8tieda6ZHgW1zk+789UDq?= =?us-ascii?q?eU97pEkjVpolaiqgLRe/d9lC8HyfQy8H4an/0JuA01wyWDBLAdAFJVPTLqlxuV?= =?us-ascii?q?79CytqNXa3izcbKozkpxgcihDK2eogFbQHv5Yo0tHTJ07shkLF3M0WHz64H9dN?= =?us-ascii?q?ned90TsAeYkxDaj+haMJgxjOYFhTJ7OWLhun0o0/Y7ggZz3ZG+ooeHM39i/KSl?= =?us-ascii?q?AhFGLD34fN4T+irzgqZEhcaaxZuvHpJ8GjURQJTnU/yoEDUItfToKQmCCjs8pW?= =?us-ascii?q?mHGbDHBw+Q9F9mr27TE5CsL3yXKmMWzdN+RBmaIUxSmw4UUysnkZ4+DACl3tTh?= =?us-ascii?q?cF1+5jAT+FH3tgdMxvhvNxnlXWfVvB2oZSssSJiDMBpW6RlP50LPPsya6uJ8AT?= =?us-ascii?q?1Y/oG7owOXMWGbYRpHDX0SWkOYHV/jJqeh6cPG8+eGGuq0N+HObqmWqexCS/eI?= =?us-ascii?q?woqi0pF88zeCLMmPO2NtD/k82ktDRn12AdjWmzAVRywQjSLNYNaRpA2g9S1vss?= =?us-ascii?q?C/7PPrVRrh5YuVFbRdLM5v9AqwgaefMO6Qnz10JixE2ZMJ33PIz6If3FEKgSF0?= =?us-ascii?q?azatCagAtTLKTK/InK9XFQQUaztrNMZT4aI83xNNOdXHitP71754iOQ6C1FZWl?= =?us-ascii?q?zggM6pYdYGI2anNFPIHEyLLqiJJSXXw8HrZqOxUaVQg/tPuBKuvzabElPjPjOY?= =?us-ascii?q?mjnoSR+gL/9DgDucPBxEt4G3agxtBnT7TNL6dh27N8d6giYtzrEzgnPKNHUcMS?= =?us-ascii?q?Rnc09Xtb2f8z9Xju9kG2Nf6nplLO+EmzuW7uTDNpkXseFrAjlvl+5A7nU10adV?= =?us-ascii?q?7DpDRPxzgifSqcRuo16+mOmV1jVnSAZOqipMhI+TpkVtI7vZ+YNPWXna5xIA9n?= =?us-ascii?q?6QBA4Up9R/Bd3gpbtQxsLJlK3tNDdI68jU8tcEB8jINMKHN2IsPgHoGD7bCwsF?= =?us-ascii?q?SyWmOnzBiENGkfGd7HuVooI9qpj2l5oEUqVbW0AtFvMGFkRlG8QPL414Xjw+j7?= =?us-ascii?q?6UktUF5X2mrBbPQsVau4rIVvOWAfr0LzaYgqNIZxwSwbP3NY4TLJH021R+allm?= =?us-ascii?q?m4THA1bQXddIoiF7dA80p0RM/2Z4TmIowULlbR2i4HwIGPGomR42jxdxbv429D?= =?us-ascii?q?fw+Vs3IETFpDcomkkrhdrlmSyRcCL2LKqoXoFXCy70uFYqP5P+RAZ1YwOyklJ4?= =?us-ascii?q?NDfYR7JRiL5gen5xhA/ap5RPBeZWTbdYbx8I2fGXe/Io3Exaqiq530BH4fDICZ?= =?us-ascii?q?hllAsxbZ6jtXRA2xlgbN40P6DQIrRGzkRIjKKUoiCozvwxwBMZJ0sV6mOdZjUI?= =?us-ascii?q?t1ISObk8OyWo/vdh5heDmztZZWcMUPQqoupw9kwjO+WM1STg3KBfKkqpLeyQM7?= =?us-ascii?q?uZu3Tclc6PWl4/y0QIl09D/bdrz8gjd0uUWls1w7SPDRQJMtDOKQZPb8pd7HLT?= =?us-ascii?q?ZzqBsf3RwZJpOIWwDv3nQvWQtKYVn02kBx0kEJ4W7sQbGZmt3lrYItn7I74Y0x?= =?us-ascii?q?Ut5RjrJVWfAPRPZh2LjC8No9ujw59vwYldOjYdDH1gPiWs+LnYvAAqgOCZU9co?= =?us-ascii?q?eXoaRZELNnErWM2ggSFVpXBADCSx0u0D0giO9iP8piPTDDj8aNpvfvGUag1wCN?= =?us-ascii?q?uu4zUw77C2iULL8pXZP2z6MdNiusXR5uMcppeHDOhZTbZ7s0fBgYVYQGaqU2HX?= =?us-ascii?q?G96vO5fwc5UsbcDzCnuiSVywlTY1T8b3PNawIamFmh3nRYFRsIaHxj8jLtO9Gi?= =?us-ascii?q?sYGxhuu+EJ/Lh8ahEbY5onfR7osBwzN6+lIAaYyNquRXqtKTtNQvlQyuW6f6BY?= =?us-ascii?q?wzAqbuCk1HsqVos6wPWv8U4RWJEKiQnTxeqiZ4lbVijzBnxdegXUqCUklmhgNv?= =?us-ascii?q?w9zfwlzBPOr1YcLyiBdPZ1Z2xco9E8GVSSLG1sBWo8Rl+TkZTM7Rap37ES+Std?= =?us-ascii?q?mNBU3vdevXflv5/QejSsVLWlqZXIqSYga8Ypo7FpO4z5PsSGrI/eniDYTJTIqQ?= =?us-ascii?q?KKTii6GuFAlddNPiJXXuNImXo/NswcuYtN800xVt0xJ7ZXEqkjuqiqaSZ4DS4V?= =?us-ascii?q?1SIZWJ6A3D0Ggue4xbTakwydf4k8PxMfsZVNmN0dXzRxYiMEq6+pT5/WmHOcSm?= =?us-ascii?q?gXPAcT6hxB5BgGlo9xYu/l4I3ITJtXyzBOuvx6TzHFG4Vv+VbgVm6Whl34R+m7?= =?us-ascii?q?nOyywQJe1vTs3ccHWBRnE0hS2/5Wllc0KLFwM6QQpJPFvSKTeEP1uWLsx/GqJF?= =?us-ascii?q?9Pxs3Ib1f4FpbKtXLgUi0A/n0ZXZVPx2vFFZQViAV0c7orpE9WL4C4ZEn+4z0k?= =?us-ascii?q?x4JmH7m8VMCryFYlrWoIRyiwCdpBDvtqsFTJVz15e5qrsonqO41OQm9M/52Qs1?= =?us-ascii?q?lYnF9xPC65yJpcLsBN7SQPXDVUoDWSosW9R9NZ1c9xFZ8MLc91u23hF6NcJJiR?= =?us-ascii?q?v3o2t6T1xX/D5jA8tk22xDaoFq+5TuJZ/nEeFR4zK2SYtEYvE/Mm8n3O/VDVrl?= =?us-ascii?q?B04+BbC6COjUV3vDZyAJROCShM1X+7M1RzVnlHvv5dKKTNbcNcRfwyagWuOxw6?= =?us-ascii?q?DvEm2EOI8VtznXfjbCx4rhFa9DzFXwkoSSkVha/gmTIEqs69Pz8aV4lFbTQmby?= =?us-ascii?q?bLLQKbhSBXswhea0FsR5AWHMxF96sd3YRK4srIUVysJj0dXBx+KgI41uJSlVJE?= =?us-ascii?q?sEWdYi3dERakdfPUvRFte8eestKpJuzj/AhbkoPnrPw496IbSn2mgwKtW8rRr4?= =?us-ascii?q?vhudCRq0SBar/4M/Wibn/FUjfMlwq8hbA+D5nF5yLTKhZUK4FmyXo4ZpjsEWzL?= =?us-ascii?q?PRNYKK8AOkVUS7t6ZstcouBGecBrZbwF+alzCRKbXhnvApCgrOFaLlbPQjTTNz?= =?us-ascii?q?6O8uKjro7P77HRVObta9eQyHbARqJ4Io116SLnG7vw149R5Fb20O939kxmUVjG?= =?us-ascii?q?LzyBrNP5KwMR+sata0visYc1HT7NBJdwl2TtyV9ee8ULRC2l7YoXxIlf6HnuVe?= =?us-ascii?q?JyylLzv/FK97l49Yk35Khkyd+vJafOM/tVrFNnDwOPBgVt65UtGnRwSH5XYu8N?= =?us-ascii?q?MvfeZ6AZgdrpq+DtGKwd8AeV9PBBadvbO0HBndGyCi2GSRNagggOtCUXLhaY1/?= =?us-ascii?q?6Zga97U9ilpen+2kIp/Ve+MgQKzLd35YeL4qCIvvPYbwPNzbgYXajnXsHzoa42?= =?us-ascii?q?u0OV/v0kkKQBenJubg2iDegdUtIdxmb8wqAr1y0sFdjDE6jn+P5ZWHIzhijglI?= =?us-ascii?q?xlH1UKBvMUGqKG/YZEkWc+lezZLNoWfb1clWuUCR6rCLkCyWWs6yeNJmlqnA3O?= =?us-ascii?q?2QnqQWyv9F/2sTN4QSzUwtfllkpYTbi3BUFXXyazOE94tj2PPBDyu9rspaQ19l?= =?us-ascii?q?w2PXD4tNKQjmuuJqlbH8rlJNyTOSM0vk4YjIUtRtyz3oAWAdy9INYN/3F5avvR?= =?us-ascii?q?8XirnzVAo6dAgIre+dqV9+7SHXSvgKyWsbKNxCpXynIgp1Ew9sigNu3S592NW/?= =?us-ascii?q?mny3weTyNhtAvaQx60qrvboksPOUOX0UfEhooKPs1Y3XYizE3m4vYsQM4r/gVE?= =?us-ascii?q?ConAf+8CpSz0ODbsxVafeNc3WymF3jtZAF36DF54GLIm12LopsLJknXQ9EM0SY?= =?us-ascii?q?lsbUDnggZ3D4ogI0I39FcX2jYDERQKaR2DDrGoBEHlIJABVUcdaRWIwqK6eqYx?= =?us-ascii?q?3U182L+v4vHcbfBkDaoXKvldlhKOnERcGp8OsK0fQahzdEVB+6PMvQjtFZTnUO?= =?us-ascii?q?b6mnYqMv21WM9a+9gDt3Q++ga/Wwag6ZBb4rkAiZCIbaBFboLOvMB980dn/SQA?= =?us-ascii?q?djFJgBVkkxy5Vv0Tq/757djGqpqo7fyuW7w3S+UQ7Rg0CHx0j4Hsj1A7vdHXy+?= =?us-ascii?q?BcR5XNiYvl7ABCP36KuYjd0xlmKuoCMpmrc6hk93UGISgeOn0PMMGOa/Ym/y9i?= =?us-ascii?q?LDXT5lJFAsMWZtMUJsnNlh5Oik3vRr5T8tDXGliCC4d8b8oo9Xb4yCgp8ZsgVe?= =?us-ascii?q?bt8CO2JYrB4FFJJfxDijtjmcnfq+gUzvrSCTQX7mOCaxdv2COC1oOBC/Du8uWQ?= =?us-ascii?q?0NvUTU8JHjYqU4dBIzqP4QOnSfCvlJr3TgOU6tT+gJY/dEKMWHOxnL4KsrtXEe?= =?us-ascii?q?JajCX0wCReHJjvh/2Jq9qs9HdXtlpfHYZ88xLFHrlfPpJ8ORj/jcmkWEx8Bir5?= =?us-ascii?q?eMHJeRsjo+6WyfkW4+R+LUTyf4kbLQwYy7ji83paUhNuSKLqvlaeRe8eeNlmR+?= =?us-ascii?q?nYoX1O9Y1gLKsPPFycpJP0tDdItE45DxMpaLMqqTxabEbOlhVPW6nooL4Alhcc?= =?us-ascii?q?UdlhtE9JHmKwPn4+5zXZWqlOiamRCeYa8jONQawSXURoNTl+QxCu2Jl0fbumg+?= =?us-ascii?q?xHuHtcnixhuPgqzyBmRByktC3ju60Nwikg9KilujsOv3JFT+OekzrHCFhYw/QK?= =?us-ascii?q?iL0TC3D85lCmZ3kDdoTy6qF9Jcv87Ykh/2g/YRI7ci0EWuSgCyfwg7mUDYyPtN?= =?us-ascii?q?JcmQOCucTPbb+1NigSNbU9xAn9R3h8zAjRhhJo/3YKQjm66t8rOpm9M94/xiW0?= =?us-ascii?q?AWjbaEoM4qRRvcvwq14EVu02ZEhlwGV+z8eHRyoNRNfVF2YylAgkZn1OcIhf5h?= =?us-ascii?q?8CC6konjGIs7FE/g4KbjfUHICl95LenMjS33kyU8tqynjQpqKbmpMgyGdllM9s?= =?us-ascii?q?7i6SpHQScPTVU8BoAnj02IZQ1+j+Z/G2v+AcT4tmzrWhX+MYPsml52S2xI1gWl?= =?us-ascii?q?W5ybQGA1q5LOgDy6/ZUyelSWyYQeOLc2yNnzYlLEH//hyoLlwraMdQsUAxKOzC?= =?us-ascii?q?hoRTlwf5S7N7Wj2QpUPHzGwkKe4aeB82uIa6dAwNV+MRe/KcKvYowP0iElQMa2?= =?us-ascii?q?XGHS1qBO+3q1Ghho57NGt84U/ie+Ti7hjmMMeOGhkDCYPasp9x+fmhS2KdOH9v?= =?us-ascii?q?0B5yM1dw9+vFEVQ+qPNceY6LndfMn9R7zfIFd/B1PC04u94TmYFj6Y6P3ceIax?= =?us-ascii?q?7RzZHyJdfLrfieGfHfyVolen1CWLoDfQz1/5k6PsI+W7DLBrRWoxIcBbQhTZw6?= =?us-ascii?q?M2fx8710LB9tcgHPebu4mM7qpviEZpFMvX/Z8kowLDvAux0E0vG0VQt7b5SwiH?= =?us-ascii?q?XoLpEwQTZBr9N2BxtjG4tPHNgAoBS7DJ6On6G7kMSx+0J8u+8Fq6bwDerK1Nuh?= =?us-ascii?q?1YVrQ5da/VCLPCrWBKRzjERqkOCygvbY0pbvEs7jeNIEVO1+QmHbcL/GGpuwJi?= =?us-ascii?q?iJOsLmdE5M66Sc365hUhWNeCD5WLKLtSO8NPV+4EU01pJ3cfHWzDws87HbwsX9?= =?us-ascii?q?a3tcpie5on6DLIFf40DSBezCQxJUTuKI8GFhHaIJdob07OMOPsY5wNiA4gl88C?= =?us-ascii?q?hC0NGbLKe/tEPM3Fx0dY7DJkvzxyk5QZUKIAi4MUY0hW/Zq3LdAWlTL8S9Lclt?= =?us-ascii?q?gc2VDgD250RqmGEifGhBGm3ySdeWI2gb1Nq0ZBeW+wJTE9YDg+m3dFYjtqKsTe?= =?us-ascii?q?loO5NFmfiltbkAnthpNyHPS9ZAPy7ONL95JCFcDubRq1gyZB4Lrbw1VZwoZZiB?= =?us-ascii?q?Ok8HN12AySzqxwvYzUL0b8Cs1LqOICsO93VI1a7K0ThNpwm/vvaUmdPjULHfbJ?= =?us-ascii?q?7oWP7SMSwlViyVRDgoFkap41ikseIevPWEOWcfvkwUYiWKBQ4RvK9vrt/QAXTI?= =?us-ascii?q?lO1+ep0KmPCaWyftSC13lKoyGjxHtUaSTPofDQPWdWPugHJAuAy+If9B5X3lYK?= =?us-ascii?q?eDyapPWuwZHI9Mf+aHQ9vcY/9ePDYoligDNOa6YdLcs64z0kjUQmsBD6nI6Fqe?= =?us-ascii?q?QVaUQvyZwDLrR58Vv4kvuicz/NLfhCp3HLrJP7qFoD6u6IG4hj6CueLCTmktf1?= =?us-ascii?q?A1gOUaDWmazhlALX0LBtAWtUz2XK6PeVxM1HMoiOJp3R8AYgJzXWNy0ndOhvay?= =?us-ascii?q?BtVZSUIIjGOpWPAGbld3DDU0/UKR5w39f8EPuc7UR29E6rQDV5ARLP8254nLa+?= =?us-ascii?q?Msx6My0TZnpjEqmzmMBFNayASe+uzfG7wv6KdF4DwC/vp2V1uDCxPWc27K0cLy?= =?us-ascii?q?EcNExS50rUfv4Mrdv+ZgL5NQu4B/HFoQBy9qYNva+GYSAinPxAKuskPjT3ylKz?= =?us-ascii?q?UD7WNOfHQI?= X-IPAS-Result: =?us-ascii?q?A2E7AwDEowBZ/wHyM5Bbg1wpgW2OcagNPyWKKVcBAQEBAQE?= =?us-ascii?q?BAQIBAmgogjMiDUYmMgEBAQEBAQEBAQEBAQEBARoCCEgBIQIkGQE5AgMJAgUSM?= =?us-ascii?q?QgDAWwFiEuBMgEDFQSsNjomAoJiBYEChF2CaAQIhESDboVth3EFiTKIMYtrkn6?= =?us-ascii?q?LH4ZKApQnWIEHJx0hhHYMRByBZHSIdQEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 26 Apr 2017 13:48:30 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v3QDlcoe015018; Wed, 26 Apr 2017 09:47:54 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v3QDlZvi159364 for ; Wed, 26 Apr 2017 09:47:35 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v3QDlZv8014992 for ; Wed, 26 Apr 2017 09:47:35 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1AVAgA/pABZh34AFEFbHRgHgyCCFo5xqFAOhhaEfQECAQEBAQECEwEBAQoLCQgohXIZATgBFYE7iFCBMgEDFQSsNDqDCgWBAoRdgmgECIREg26FbYRYDIMNBYkyiDGLa5J+kWkClCeBXicdIYR2AQtEEAyBZHSIdQEBAQ X-IPAS-Result: A1AVAgA/pABZh34AFEFbHRgHgyCCFo5xqFAOhhaEfQECAQEBAQECEwEBAQoLCQgohXIZATgBFYE7iFCBMgEDFQSsNDqDCgWBAoRdgmgECIREg26FbYRYDIMNBYkyiDGLa5J+kWkClCeBXicdIYR2AQtEEAyBZHSIdQEBAQ X-IronPort-AV: E=Sophos;i="5.37,254,1488862800"; d="scan'208";a="6030754" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 26 Apr 2017 09:47:33 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AoCeiCRGTjtRGfKWnASwAMJ1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ78r8WwAkXT6L1XgUPTWs2DsrQf2rSQ7/yrBzBIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+?= =?us-ascii?q?KPjrFY7OlcS30P2594HObwlSijewZbJ/IA+5oAjeucUbgIRvIbstxxXUpXdFZ/?= =?us-ascii?q?5Yzn5yK1KJmBb86Maw/Jp9/ClVpvks6c1OX7jkcqohVbBXAygoPG4z5M3wqBnM?= =?us-ascii?q?VhCP6WcGUmUXiRVHHQ7I5wznU5jrsyv6su192DSGPcDzULs5Vyiu47ttRRT1ji?= =?us-ascii?q?oMKjw3/3zNisFojKxVvg+vqRJ8zYDTe4yZKOZyc7nBcd4AWWZNQsBcXDFBDIOm?= =?us-ascii?q?aIsPCvIMM/pZr4bhp1sBtwG+ChSxD+3t0DBIh3n20rMh0+88FgzGxg0gEM4OsH?= =?us-ascii?q?vOttX6Kb8dXvytw6nI1zrDbvVW1inm6IXTaR8hvfCMXbRsccXP00kvER3KjkmK?= =?us-ascii?q?pYP5ODOV0/0Avm6G5ORjTeKik28qpgFrrjSx2ssgkJXFipgIxlza9Ch12IU4KN?= =?us-ascii?q?yiREJmbtOpEYFcuiCbOodsXM8vTXxktSAnwbMco5G7ZjIFyJE/yh7fdfOHd4+I?= =?us-ascii?q?7wr5VOaeJjd4mW5ldK6iixqo6keg1vfwVs2z0FZMridJiMXDtmgR2BzX7ciHV+?= =?us-ascii?q?Zy8l291jaIzQzT9+JELVg1lardNZEh3qY9m5sTvEjZACP6hF/6gLOMekk55OSl?= =?us-ascii?q?6vzrYrD8qZ+dM490hBv+MqMrmsGnG+Q4MxQBX2iB9uSmybLs5VH2T61KjvIsk6?= =?us-ascii?q?nZto7VJd8Aq6GiHw9V04Aj6wqhADe81tQXg2UHIEhZdxKAiojlI0vOL+zgDfej?= =?us-ascii?q?n1Ssly9mx+vYMb3lA5XNKGXDkbj6cLZh609T1AozzddF65JSEbEOOuj/WkD2tN?= =?us-ascii?q?zGXVcFNFmvzuLmDsht/p8PUmKIRKmCOeXdtkHbyPgoJry2ZYQVsSzxY9gs5vjj?= =?us-ascii?q?ljdtg14WfaCz0awcX3CxH/JrOG2TfXvqntobF2oW+AE5Sbq52xW5TTdPaiPqDO?= =?us-ascii?q?oH7TYhBdf+AA=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0HsAQDEowBZh34AFEFbHRgHgyCCFo5xq?= =?us-ascii?q?A1DDoYWhH0BAQEBAQEBAQIBAhABAQEKCwkIKC+CMyAPRiYyAQEBAQEBAQEBAQE?= =?us-ascii?q?BAQEBGgIISEgZATgBFYE7iFCBMgEDFQSsNjqDCgWBAoRdgmgECIREg26FbYRYD?= =?us-ascii?q?IMNBYkyiDGLa5J+kWkClCeBXycdIYR2AQtEEAyBZHSIdQEBAQ?= X-IPAS-Result: =?us-ascii?q?A0HsAQDEowBZh34AFEFbHRgHgyCCFo5xqA1DDoYWhH0BAQE?= =?us-ascii?q?BAQEBAQIBAhABAQEKCwkIKC+CMyAPRiYyAQEBAQEBAQEBAQEBAQEBGgIISEgZA?= =?us-ascii?q?TgBFYE7iFCBMgEDFQSsNjqDCgWBAoRdgmgECIREg26FbYRYDIMNBYkyiDGLa5J?= =?us-ascii?q?+kWkClCeBXycdIYR2AQtEEAyBZHSIdQEBAQ?= X-IronPort-AV: E=Sophos;i="5.37,254,1488844800"; d="scan'208";a="6355326" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from rgout0106.bt.lon5.cpcloud.co.uk (HELO rgout01.bt.lon5.cpcloud.co.uk) ([65.20.0.126]) by emsm-gh1-uea10.nsa.gov with ESMTP; 26 Apr 2017 13:47:32 +0000 X-OWM-Source-IP: 86.146.66.231 (GB) X-OWM-Env-Sender: richard_c_haines@btinternet.com X-Junkmail-Premium-Raw: score=8/50, refid=2.7.2:2017.4.26.2416:17:8.707, ip=, rules=NO_URI_FOUND, NO_CTA_URI_FOUND, NO_MESSAGE_ID, NO_URI_HTTPS, TO_MALFORMED Received: from localhost.localdomain (86.146.66.231) by rgout01.bt.lon5.cpcloud.co.uk (9.0.019.13-1) (authenticated as richard_c_haines@btinternet.com) id 58F62BE300F6B29E; Wed, 26 Apr 2017 14:47:30 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btinternet.com; s=btcpcloud; t=1493214452; bh=xmu+OzpzZkppSf/Mp9F0LF+0em0DfUP2YzLv8tHS6F8=; h=From:To:Cc:Subject:Date:Message-Id:X-Mailer; b=rjhsrsyI7fU15aJB3nkYJEsbd/wbGGTKyZratDV1J7ms7BLfoLc8eYZlcyscMvU0FS4/BI7DjGrlA1FmGNd915aeuijAXkBT7GemaB0c205xBZgjWJQHWdM8hDQ/TKI7Y8huL1f2A9qv8eEorXlOCWeEkY5txSz8fNr0hBXOUgI= From: Richard Haines To: selinux@tycho.nsa.gov Subject: [PATCH] libselinux: Add permissive= entry to avc audit log Date: Wed, 26 Apr 2017 14:47:21 +0100 Message-Id: <20170426134721.2501-1-richard_c_haines@btinternet.com> X-Mailer: git-send-email 2.9.3 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Add audit log entry to specify whether the decision was made in permissive mode/permissive domain or enforcing mode. There are two utilities for testing: utils/avc_has_perm - This can set the AVC mode to follow SELinux, set AVC permissive, or set AVC enforcing. utils/selinux_check_access - This follows SELinux as it calls selinux_check_access(3). Signed-off-by: Richard Haines --- libselinux/src/avc.c | 4 + libselinux/utils/avc_has_perm.c | 203 ++++++++++++++++++++++++++++++++ libselinux/utils/selinux_check_access.c | 145 +++++++++++++++++++++++ 3 files changed, 352 insertions(+) create mode 100644 libselinux/utils/avc_has_perm.c create mode 100644 libselinux/utils/selinux_check_access.c diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c index b1ec57f..5600f80 100644 --- a/libselinux/src/avc.c +++ b/libselinux/src/avc.c @@ -723,6 +723,10 @@ void avc_audit(security_id_t ssid, security_id_t tsid, log_append(avc_audit_buf, " "); avc_dump_query(ssid, tsid, tclass); + + log_append(avc_audit_buf, " permissive=%u", avc_enforcing && + !(avd->flags & SELINUX_AVD_FLAGS_PERMISSIVE) ? 0 : 1); + log_append(avc_audit_buf, "\n"); avc_log(SELINUX_AVC, "%s", avc_audit_buf); diff --git a/libselinux/utils/avc_has_perm.c b/libselinux/utils/avc_has_perm.c new file mode 100644 index 0000000..3d4bfc0 --- /dev/null +++ b/libselinux/utils/avc_has_perm.c @@ -0,0 +1,203 @@ +#include +#include +#include +#include +#include +#include +#include +#include + +static void usage(char *progname) +{ + fprintf(stderr, "usage: %s [-f | -p] [-i] scon tcon class perm\n" + "\nWhere:\n\t" + "-f Follow SELinux permissive or enforcing mode, or\n\t" + "-p Set avc_open to permissive mode.\n\t" + " The default is to set avc_open to enforcing mode.\n\t" + "-i Interactive mode. Once displayed first result, can\n\t" + " enter additional entries and display AVC cache info.\n", + progname); + exit(1); +} + +static void get_entry(char **buffer) +{ + char *buf; + int len; +#define BUF_LEN 81 + + buf = malloc(BUF_LEN * sizeof(char)); + if (!buf) { + perror("malloc"); + exit(1); + } + + if (fgets(buf, BUF_LEN - 1, stdin) == NULL) { + perror("fgets"); + exit(1); + } + + len = strlen(buf); + if (buf[len - 1] == '\n') + buf[len - 1] = 0; + + *buffer = buf; +} + +/* + * Function to print the AVC statistics. Because no audit logging call back + * has been set, the avc_cache_stats will be displayed on stderr. + */ +static void print_avc_stats(void) +{ + struct avc_cache_stats acs; + + avc_cache_stats(&acs); + printf("\nThe avc_cache_stats are as follows:\n"); + printf("entry_hits: %d\t(Decisions found in aeref)\n", + acs.entry_hits); + printf("entry_misses: %d\t(Decisions not found in aeref)\n", + acs.entry_misses); + printf("entry_discards: %d\t(Decisions not found in aeref that were " + "also non-NULL)\n", acs.entry_discards); + printf("entry_lookups: %d\t(Queries made)\n", acs.entry_lookups); + printf("cav_lookups: %d\t(Cache lookups)\n", acs.cav_lookups); + printf("cav_hits: %d\t(Cache hits)\n", acs.cav_hits); + printf("cav_probes: %d\t(Entries examined searching the cache)\n", + acs.cav_probes); + printf("cav_misses: %d\t(Cache misses)\n\n", acs.cav_misses); +} + +struct avc_entry_ref aeref; +static void exec_func(char *scon, char *tcon, char *class, char *perm) +{ + int rc; + security_id_t scon_id; + security_id_t tcon_id; + security_class_t sclass; + access_vector_t av; + + rc = avc_context_to_sid(scon, &scon_id); + if (rc < 0) { + perror("Error scon avc_context_to_sid"); + exit(1); + } + + rc = avc_context_to_sid(tcon, &tcon_id); + if (rc < 0) { + perror("Error tcon avc_context_to_sid"); + exit(1); + } + + sclass = string_to_security_class(class); + av = string_to_av_perm(sclass, perm); + + printf("\nAny avc_log error messages are shown on stderr:\n"); + rc = avc_has_perm(scon_id, tcon_id, sclass, av, &aeref, NULL); + printf("\nEnd of avc_log error messages.\n\n"); + + if (rc < 0) + printf("Error avc_has_perm: %s\n", strerror(errno)); + else + printf("Permission ALLOWED.\n"); +} + +int main(int argc, char **argv) +{ + int opt, rc; + bool interactive = false, follow = false; + char *scon, *tcon, *class, *perm; + struct selinux_opt avc_option; + + avc_option.type = AVC_OPT_SETENFORCE; + avc_option.value = (char *)1; + + while ((opt = getopt(argc, argv, "ifp")) != -1) { + switch (opt) { + case 'i': + interactive = true; + break; + case 'f': + follow = true; + break; + case 'p': + avc_option.value = NULL; + break; + default: + usage(argv[0]); + } + } + + if ((argc - optind) != 4) + usage(argv[0]); + + rc = is_selinux_enabled(); + if (rc == 0) { + printf("SELinux is not enabled.\n"); + exit(1); + } else if (rc == 1) { + printf("SELinux is enabled.\n"); + } else { + perror("Error is_selinux_enabled"); + exit(1); + } + + rc = security_getenforce(); + if (rc == 0) + printf("SELinux running in PERMISSIVE mode.\n"); + else if (rc == 1) + printf("SELinux running in ENFORCING mode.\n"); + else { + perror("Error security_getenforce"); + exit(1); + } + + rc = security_deny_unknown(); + if (rc == 0) + printf("Undefined object classes or permissions: ALLOWED.\n"); + else if (rc == 1) + printf("Undefined object classes or permissions: DENIED.\n"); + else { + perror("Error security_deny_unknown"); + exit(1); + } + + if (follow) { + if (avc_open(NULL, 0)) { + perror("Error avc_open"); + exit(1); + } + printf("avc_open - Following SELinux mode.\n"); + } else { + if (avc_open(&avc_option, 1)) { + perror("Error avc_open"); + exit(1); + } + + if (avc_option.value == NULL) + printf("avc_open - PERMISSIVE mode.\n"); + else + printf("avc_open - ENFORCING mode.\n"); + } + + avc_entry_ref_init(&aeref); + + exec_func(argv[optind], argv[optind + 1], argv[optind + 2], + argv[optind + 3]); + + while (interactive) { + printf("\nEnter scon: "); + get_entry(&scon); + printf("Enter tcon: "); + get_entry(&tcon); + printf("Enter class: "); + get_entry(&class); + printf("Enter perm: "); + get_entry(&perm); + + exec_func(scon, tcon, class, perm); + print_avc_stats(); + } + + exit(0); +} diff --git a/libselinux/utils/selinux_check_access.c b/libselinux/utils/selinux_check_access.c new file mode 100644 index 0000000..8e354c1 --- /dev/null +++ b/libselinux/utils/selinux_check_access.c @@ -0,0 +1,145 @@ +#include +#include +#include +#include +#include +#include +#include +#include + +static void usage(char *progname) +{ + fprintf(stderr, "usage: %s [-i] scon tcon class perm\n" + "\nWhere:\n\t" + "-i Interactive mode. Once displayed first result, can\n\t" + " enter additional entries and display AVC cache info.\n", + progname); + exit(1); +} + +static void get_entry(char **buffer) +{ + char *buf; + int len; +#define BUF_LEN 81 + + buf = malloc(BUF_LEN * sizeof(char)); + if (!buf) { + perror("malloc"); + exit(1); + } + + if (fgets(buf, BUF_LEN - 1, stdin) == NULL) { + perror("fgets"); + exit(1); + } + + len = strlen(buf); + if (buf[len - 1] == '\n') + buf[len - 1] = 0; + + *buffer = buf; +} + +/* + * Function to print the AVC statistics. Because no audit logging call back + * has been set, the avc_cache_stats will be displayed on stderr. + * selinux_check_access* sets aeref = NULL, so do not print these stats. + */ +static void print_avc_stats(void) +{ + struct avc_cache_stats acs; + + avc_cache_stats(&acs); + printf("\nThe avc_cache_stats are as follows:\n"); + printf("entry_lookups: %d\t(Queries made)\n", acs.entry_lookups); + printf("cav_lookups: %d\t(Cache lookups)\n", acs.cav_lookups); + printf("cav_hits: %d\t(Cache hits)\n", acs.cav_hits); + printf("cav_probes: %d\t(Entries examined searching the cache)\n", + acs.cav_probes); + printf("cav_misses: %d\t(Cache misses)\n\n", acs.cav_misses); +} + +static void exec_func(char *scon, char *tcon, char *class, char *perm) +{ + int rc; + + printf("\nAny avc_log error messages are shown on stderr:\n"); + rc = selinux_check_access(scon, tcon, class, perm, NULL); + printf("\nEnd of avc_log error messages.\n\n"); + + if (rc < 0) + printf("Error selinux_check_access: %s\n", strerror(errno)); + else + printf("Permission ALLOWED.\n"); +} + +int main(int argc, char **argv) +{ + int opt, rc; + bool interactive = false; + char *scon, *tcon, *class, *perm; + + while ((opt = getopt(argc, argv, "i")) != -1) { + switch (opt) { + case 'i': + interactive = true; + break; + default: + usage(argv[0]); + } + } + + if ((argc - optind) != 4) + usage(argv[0]); + + rc = is_selinux_enabled(); + if (rc == 0) { + printf("SELinux is not enabled.\n"); + exit(1); + } else if (rc == 1) { + printf("SELinux is enabled.\n"); + } else { + perror("Error is_selinux_enabled"); + exit(1); + } + + rc = security_getenforce(); + if (rc == 0) + printf("SELinux running in PERMISSIVE mode.\n"); + else if (rc == 1) + printf("SELinux running in ENFORCING mode.\n"); + else { + perror("Error security_getenforce"); + exit(1); + } + + rc = security_deny_unknown(); + if (rc == 0) + printf("Undefined object classes or permissions: ALLOWED.\n"); + else if (rc == 1) + printf("Undefined object classes or permissions: DENIED.\n"); + else { + perror("Error security_deny_unknown"); + exit(1); + } + + exec_func(argv[optind], argv[optind + 1], argv[optind + 2], + argv[optind + 3]); + + while (interactive) { + printf("\nEnter scon: "); + get_entry(&scon); + printf("Enter tcon: "); + get_entry(&tcon); + printf("Enter class: "); + get_entry(&class); + printf("Enter perm: "); + get_entry(&perm); + + exec_func(scon, tcon, class, perm); + print_avc_stats(); + } + + exit(0); +}