From patchwork Sat Sep 22 00:17:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10612359 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B9DC26CB for ; Mon, 24 Sep 2018 12:29:48 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A582A29EA4 for ; Mon, 24 Sep 2018 12:29:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 964C629EAB; Mon, 24 Sep 2018 12:29:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,NO_RDNS_DOTCOM_HELO,RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from UCOL19PA11.eemsg.mail.mil (ucol19pa11.eemsg.mail.mil [214.24.24.84]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D429D29EA4 for ; Mon, 24 Sep 2018 12:29:43 +0000 (UTC) X-EEMSG-check-008: 592935078|UCOL19PA11_EEMSG_MP9.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.54,297,1534809600"; d="scan'208";a="592935078" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by UCOL19PA11.eemsg.mail.mil with ESMTP; 24 Sep 2018 12:29:40 +0000 X-IronPort-AV: E=Sophos;i="5.54,297,1534809600"; d="scan'208";a="16142235" IronPort-PHdr: 9a23:tLWJyBCgm8NnfaRVkbTlUyQJP3N1i/DPJgcQr6AfoPdwSPn8pM6wAkXT6L1XgUPTWs2DsrQY07WQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmDiwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VC+85Kl3VhDnlCYHNyY48G7JjMxwkLlbqw+lqxBm3oLYfJ2ZOP94c6zTZ9MaQXdKUNhXWSJPH4iwa5IDA/cdMepdqYTyoFkBogG+BQmrA+Pj0yZEi2P40KA7zugtCB3K0BE9FN4KrnjYsND5OaEPWu630abI1y3OYe1Y2Tn964bGfB4urv6OUrxtacrcy1QjGg3ZgVuft4PlJCiY1vgPvmWB8+ZsSeyih3Ahpgpsojav3MAsiozRi48L0F/E7jt2wYYoLtOlVEF7YcSrEIZetyGeKYR2WN4pTmZ0tykg0b0Jp566cTMRyJs7xx7QceGHc4aM4h39TuadOCt3i2h/dL2jgBay9FGtx+vhXce3yFZHtjdJn9bDu3wX1xHf99KLRuVy80u/wzqDyhjf5+BGLEwuiKbWKposzqQxm5cTq0jPADH6lUrwgaSLbEsr4PKo5P7iYrj+o5+cMJJ7hR/mP6Q1n8y/Hfw4Mg8TX2iH4ei81KPs/Un+QLhSkv05iLPZsJHHJcQAvKK5Hw9U3Zoj6xa4FTum1sgXnWIbI15ffRKHjozpN0nPIPD+E/i/n0yhnCpkyv3JJLHsAojBImLdnLruY7px8VNQxBI2zd9F5pJUDr8BIOj0Wk/0rNHYFQE2Mwi1w+bhFdV82ZoSVnmIAq+ENqPdrUGH5vk0LumQZI4apDb9K/8/6/7oln82g0URfaau3ZsJcHy4BOhpI12FYXrwhdcMCWUKvg04TOPwlF2CUSRcZ3CpUqI+4TE7DoemAp3YRoCxnrOBxjy7EodRZmBcBVCGCW3oeJmcW/cQdCKSJddskj4GVbe7V4Ah1gqutAj8y7pmMOrZ4SMYtZb+1Nl6/OLTiBcy9SBpD8iH1GGNVW50lHsSRzAqxKB/vVB9ylCb3KhgnfNXDsJc5/VIUgcmMp7R1O16BM7sVQ3fZNuJT0ymQtq+CzErUt0x28MOY1p6G9i6kx/D2CyqA7kImLOVAJw087nR0GLvKMZnzHbKzq4hj0MpQsFXL22pmrZ/9xTPB47Oi0iWib6qer4G3C7M72eO1nKOs1tCUA5xSqXFRXQfaVHKotvn/E/CSKWuCbs/OAtb1cGCMrdKasHujVheSvbjOdDeY2evlGeqHhuIyK2DY5fte2UHxirdEFIEkwcR/XmYKQc+Gj2to2XEDDxhDVjveV/j8fFiqHOnSU851w+Kb1d72Lqz5hEVhOecRugW3rIcuSctsi50HVim397MDNqAvQVhdr1GYdwh+FdHyX7ZtwtlM5yjNa9ihVkecxlsskPtzRp3CYJAkdUwoHMt1gpyJrqS0EldeDOAwZDwJrrXJ3Ho8x+yca7W20/R0MyN96gV9Ps4rk/vvAazFkot639nycVa02OA5pXWCwofSY7+XVwz9xdkvLHafik854TP2H13Laa0syHN29Q1BOsk0BmsZdFfP72YFAXqCc0VG9CuKPA2m1iudh8EJv1d+7MvMsOpcvuH17SnPOB+kzK6lW5H+pxy0lqQ9ypgTe7Fx40Fw/+C3guATDf8kEysstvxmYBDazASG3CwyS7+CI5XeKJyYZ4BCX2yLM2v2tV+m5ntVmZW9VG5A1MGxNGmeQCJb1Hmww1fy14Xrme6mSu91TB0lCsprqWH1izU3+vibAYHOnJMRGR6i1fsIIy0j9QEU0izdAUmjgWq5Vz9x6RBo6R/NWbTS19SfyfqN2FiTrewtr2absFS9JMnqz9XXf+gblCdT77yvwEV0zj/H2dEwjA0aS2qsI3jnxNmkGKdMGpzrH3BdMFuxBfQ+MDcRflL3jYcWCZ4iT7XBl6zP9Sy+dWUlpHDvfqkV2KmTJFTdjPrzYyYviuh+WJqGQG/n+y0mtD/FQg60DT718VzWSXTshn8Zojr16KnMeNoZURoH0f868t8GoF/joQwn4sc2X4EiZWJ5XAHi3v8Mc1H2aLia3oAXSQLw9nR4AjhxkJjNG6Gx4X3V3iG2cthesW1YngM1iI69cBKB7+e7KZYkittvlq4sQXRbOB+njgDz/su82UXg+IXtwor1SWdBK4dHVVCMSzrjRSI4Mi0rL9La2a3bbiwyE1+kMi5DL6YvwFcXGj2eo84Ei928sVwLkjM3Wbu6oH/ZtbQd8kTugePkxfHkuhVMo4+meQEhSpgI2L9smMqx/Q9jRNwwZGwpJKHJHl1/KKlHh5YMSX4Z90V+j7wlqtegMCW0J2vHpl7HDUEQofoR+qyED0OrfTnKxqOEDokp3eDA7XfAAuf5Vx6oHLOD5CqN2ibJHcDwtVkXhWdI1ZfgA8MVjUggpE5DhyqxNDmcEph5TAQ5lr4pQVXx+JtMBn/XGnfqxm0ajcoSJifKx9W4R9Y60fTL8Oe8vp5HztE8Z25sAyNNmubahxGDW4TXEyEG1fjPry16NnO7eeXG+2+L+HUbrWWs+xeUPWIyoyz3Yt65TqMMd+PPnZ6Bf0hxkVDRWx5G9jemzgXRSwXjTzCYNOApBim/C13sse/8O/wVQ31+YSPDqFeMdJ1+xC5ma2DLfKfhD5lKTZE0ZMB3WTHx6MY0F4WiiFubCWtEa8auS7WUq3fhrVbDwUFZCN3NctI6b883wZWNMHHitL1zKN4juUvB1ZLT1PhhtqpZcsMI22nM1PHHkmLPqycJTLX28H3fb+8SbpIgepPth2wtjGbE0n4MzueiTbmTBGvPvtKjC2BOxxeoo69eA53CWf/VNLmdgG7MNhvgD00wb01hmvKNWkYMTh9b0NCsKad7SZZgvVjAWxO8GBpLe6emyaW9+PYMIoZseN3AiRokOJX+HI6xKVP4yFAX/F1myzSrsVyo168lOmP0TlnUBtUpjZNmo2LoV1oOb/F+ZlYRXbE4BUN4H2KCxsUvNtqFMfgu7pMxdjPj6/8MzZC88jJ8ssbCcjUMNiHP2QhMBbzHj7bEhcFRyaxNW7Dn0xdjO2S9nqNo5cnsJfshpsORaJAVFEuDPwaEF5lHNsMIZdsQDwrjaObjNQJ5XqirBjdXsNasY7bVviKG/XgNC6ZjaVYZxsP2b74KYMTNpfl1Exka1h6m5/HG0XWXdBQuCFhaRU0oEpV+nhkUmIzw17lah+q4HILDv67gBo2igp4YeQw+zbh+Es4Jl3PpCQsikYxgsnljSqXcDHvMKe6RZtWBDbst0gtLpP7RB54YhCukkxhMzfEQa5Rg6Z7eGB1lgDco5pPGP9bTa1CehMQw++YZ+kw21RGtiqn3VNH5ffCCZZ6iAsqcJusr3Vc2wJjbN84PrHfJKtJz1dKna2CpCmo2f4twAUGPUYC7HuSeDIUuEwPLrQpPS6o/u1w5gOcgzRDfWgNV/wtovJs7EwwIP+PzyP63L5FM0yxOfGfI7mfu2feic6CWkkw2V8Ql0lZ4bh21t8ufFGKWEAp17aeDQkGNdTcJgFPdMpd7mLTfCaUveXK25J1MJ23Fvr0Qu+WqKYUnkWkER4zH4QK78QOApms0EbcLcf8NLAL0Agj6h73KVuCF/lGZBWLkDIbrM6l1593wZNRJjcDDmVhKS+3/KrYphc2gPqfW9c7emsVXokeOX0qQ8C1hylZv3BEDDm2zO0Z0hSC4CHgqSTQFjX8aMBjZPiMbxN2FN624Sk/87SxiVPP6JXRPXv6NdN5tdLU9eMavYyIC+1KQrl5skfcnYZYR3irU27AEd61O5bwZJM2bdzxEHq6VEKwiy4tRcfrINmtNrSIgR3vRYtMvoiXxiwsNc+8FjEbGhd/veID6bl9ZQIdfZU0fwTktwMkN6ywOA2YyMmhQ36xKTtKSPlS1eC6aKZNzyovcOC61HogTpc1z+Ss/08CXpcKgQ3axfakeolRTDPzFmZbewrRuSozj3JhOfoqwucj3BPItkERMyiMdOxtcmNEpd89BVSWIXV4EWc4QlicjY3Y4gGyw78S5Sxdn81P0e1Etnj+sYXTYDW2WKyksZ/VqTYvbcA6o61tNozuOtGJtInDnjzZVpXQsRaIUC+7F/pbhthfOzhUQP9WlmE5IcYGo5ZO6VItVsciILxCELUsprevaTd/ES4e0SoZWJia0DwEnOi8x6PQlg2Mf5Q6LBwErJJCj8MfUy5xfCwTv7KsWJvNl2CaUGgLPBkc4hlW6AIGiIBwYvjv4JDUQ59U1z5Wv/V0XzPXFpZ16lT7S3uZgVzjRfq9lOyp2B5dw+j30tkHQhJ/D1ZSx/pOnEsyNL53M7UQvpLNsjKQbUP6p37tx/G7K1lN0sDUbFr4DJfftWXgTCIc/2EURZVVx3HbD5gSlBB5aKkzrlVWPI+mYlr+5yAjx4lxBLa4W9yky0onoHobSSqnCMZOC+ZjsF3LQjJleIyrpI/jO5pMXm9a4IedpEtBkEVxLy65zoJRK9tT7TERXDhAuymdscC2SM1Ex895EYEALct4u3jgBqxIIp6RrGMqurb30H/W5yg8sEumxDW0A6K4U/hZ8HMAFQo0PGmet00vD/c28mjI7FDNs1d0/+NFCbiTl0lxpyx9Hp9WDDZTyX+lN0hzTGVBs+hCLaTaachcQ/0sah+zJxwxD+Qp0leP/U5qgXf5eDB9uRFC+y/DRQU0Uzcagqv1kz0Ets6nISMaS45PbTg5bSfKMRibmSdMvBZbcU5qRYsUAtNY+7EfwYtU/9bNSUe2JiEDRxxuLAU40eBQlURbqkWXZTjdDRa0dfbIqhB3f92erMinLPTj+wdIl53ovfsk96oZQX2mggqtTcrYr4Diqt2ArlGOe7vgM+2gfX/BSyDBjR+thbclC5nK+zbcMA9AJpZn13UrepnhBnTNPRhcIKIbPUVbX7hgadpauuBae9NkeKER9K9vBxKHQwjiGImxo/hGMFnTXzXeLyOO8uClp4Lc86DdQ/D6ZsOQ33bHX753PpBi5Dn9H7fnyo5e+kzz2vt390N6T1bGMzqbo9T6OgML/tSieVf+vp00BzPZHo18kH33xkFPb8AXWTGl8IwEyJNF73b9Ued40k/1sO1O+Llr95I647VoyciuI6fdN+hasEFgAhiOBQVq7Y8hAG5hSGBNeuURMuvefbwFjcDyrOD6D6gX6AaQ++FZctbHKV/OldS4CjGGUxNEhB0BqTkYLgSCy/GFh7V4ScG/pej2wkgt+USxLgYazLBx4oeJ4quIpe7NYBTL0bcJQbPqSd3vrrsyp0ye//oklKQBemZteQ2oDPAdVtIBxmfn1a0l1iMsE9jNHr36+v5DVm45nir6lJBgG1UbAe8bHb2W8otAhGg4hvbZNtoMcq9YgGqPEgSkErAaw36x9ySXOHVlgg3J0xzoWWO89kP2ojN4QSrCyNfjiElVWqCsBUhMWyqpOEl4sC6APQfzrNr4o7g14102Mm3qs9KNjmihNKlUH8LhPtycJzc7pFYNgJ02XNyv1pgRGcChL9cJ7HF+cvze5nukkyBfpadHm43e4saS9vXMA3agi6yaq7OQxDFX0XU4uU8w6sqgN/7U/dGKReqn13oJRSdlpwTBRwK1qqDcr10MP0yL0VvEmIsOPt5Dxnk0zEDm5O8kQNIo7wVTDYPAavwNpDzpPzv021mfacotViaCyztXAk71EV5gFagzxG3wp9nJmW7N9VMnQIdwdkrnhQF4DogjJkIt7UIYwiwdHgQXbhCbFr6oD1z/LYQYTUgDdQiH3L+id6c12k1zwrWv6PXPYux8A6oNK+tSjw+PnFhdAZIWsqweTalie19c6q7YvAziBJXmX/T8k3o/K+G1SNhA8c8Fr3si/hq/Rx245JdC8bYUkpaIe7VAYZjRoc987kBn5SUVeixKmhh/gAuzUfoAq+D7/tjbrJ2o5/6sVKkzSeUX+Rw0Cn9wjpTqhlAsv83X2/1aSoLLlYT16BpNLGKSuIbGzxl8LvIDK42vfLZn+XQIOSweJ3YVMNqNbPk85S5tPynJ61xEHMwMecsSPNDRlgBMlk3pRLZT+9LeGl+ZCIdzdMco4nH1yD8v8ps8VeDg5yGwJZzF6VFCIe9Dhj12lN3evOgV3ebSCC8P7HaCdRd1xD+CxoKWC/b0+uWM1M3UV00YESErSYtdIyCC+QO/TOqviJrpSh+U6tP0gJ8mekKfWHixnKUdsqlSCuNBiyT73j1bFo/rnfKVt8Sj5HFQtl1dH4Z59QfFF7lHPpVnJRT4kdGmR0ZkBivlecHbagQhtfGTxucN/+V+LVXxaZUcIhIexLLw8WBVQRd2SL7qolaZWvocZNxiSPzatX1V8YZgJLUUPFiBpZzlsitIqEooDwA3crMwqCJVdlXWlg1PR6n0oKIAihcbUdNhvU9MGGSwOH8x5jbeUaRVjbKRCOAO8jiIT6wBSUNoMiRkTxOywpVudKOjnepbvWNegiN9vP8q3iRjRBSmpSLsp6MN2TQn+LyjqjUBuHpFQfuakyfJD1VD0fsLgb0bC3b45ly2eGMDY5fq4Ll7OcTg8pEs43YlbhUgeC0JRv+tCzz2j6OUAoyPt89chBGNuMXSd7OzKzYdNqglwxL5W3d9yhTenApv8GYTWTWg4tokK5m8NMsm3SeoB3bUdEwN4qJIt8vxs0QHTO0oZlN9ky1f1Z2jfQhFEMjOHXslyxMpYnhecY5SrBodG7Qsjx6WsaRcuAIZejHZFsKi4IaG2Y/q0HwwVp9PwXjMp7bN0pEv12d/mshc6CeLtXVUcPbXBYskOVW78oZZ1Py2M+6gtuEBVZtO1KWqUPhENNKqv2SxxsMuEmuG4pFWS164NvITg7TWSSGoTUWGVumRNWuBhTA0Ngj1/xb+ahUVb8dM5206MuLEnZNa31njVrNyACeXpVbd12ElGegTcQUwuYyuf0oBS+tHI6C/KOU1iNY5D1hEO3zEEDB9DOi1mVWtho9+Omhlp0LgbrKpujzrLMCPHVEkGIjWp9Yl4fG8SX+APzpjwQd0MU1c9qLbEEo88PRVcIuLlJ7WipJ5ybhBP89kLCl1n9kUgI8rvZGdzcOiaRjMytP3ItbPr76TBPiJiwwRZmxCUrcfKTjw7oE+M89xD6bfBpNFrB8cAu48W5VnOGDvouU8ZgdydBPBIbqvjsT0q+ajeJRZvTnV40g2ISOavAcMgLTgSQ19coDviW7+LY49QhpfoNB3TBhrBo1CH4UHtQXxR9a9nKyrhs7510Rwoe4buKy4XvnG096j3pR4WbBV4EWKOHDaA6w9xgxAj++xi3TE5aL4Dcp2f5tQUelwamLEZb7FGYn5LD+SbIa0QEdC7beA16h0GjCcfyfjVqGP/Hm/cvBp+kIhw4dxJbT7wzkk7rWd09z3MTJ1vCCm+FWAL5ZOpGfBBeXDURZZU7LR+29+ELw/doD0/foANdE4hdOVpQJ06WIRg4O+P6G9oxqUiQpAfpXBIR6sin5jA9sDPQi/PE0wgGTQtnXaBzFGI9O5LdV22orOXCHVy2IqslkEPj8HF2ftXtjXPGEa34S7ZQnZkWADFM4Nysiwf0NwraiuUa9wIJwQkuyxuaQvit1pIjzBQMVAeirZarRxO2k0bK3UvFZ9RBkCvvAuX5stI52HIUcJKkCFnCj71gbT+Vb/d9Wx2qKEOmMd+zNMyLeWtFoEvBG37NCehMCrS7XFdNf2UfrVZTIiTS2fTC8uHFyB4lCiuvFf5KbdeDdZqVcSeSeITgsap6Qpp9aKSH7amepkOpYNgaP/OWj8Syx9wbI7HT0D9VuNTPwKCRTMYjf/jXBdtg2vKr4E/X/sY7CCgKsAc/0fAoxLNPaeRtY= X-IPAS-Result: A2AYBQDM16hb/wHyM5BaHAEBAQQBAQcEAQGDXAOBCFwojGiLSYFogn6UCoFfKhMBhQSDFiE4FAEDAQEBAQEBAgFsHAyCNSSCYAMDAQIkEwYBAQwgDAIDCQEBQAgIAwEtFAERBgEHAgMGAgEBARgEgwCBagMVA5cRihyBajOCdQEBBYEEAQF1gjADglMIF4phF4IAgRInDIcqARIBhXeOQDGOEAmCDI4XHVmIO4YYjnuHZyFkcU0jFTuCbIIZDBeDRoocAVVPewEBiX2CPQEB Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 24 Sep 2018 12:29:41 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8OCTdg1028722; Mon, 24 Sep 2018 08:29:40 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w8M0ITje018250 for ; Fri, 21 Sep 2018 20:18:29 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8M0ISkT009846 for ; Fri, 21 Sep 2018 20:18:28 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1APAAD5iaVbly0bGNZbHAEBAQQBAQcEAQGBUYILgWcog3OIFV+LS4Fogn6TdoF6hHcCQoMEITQYAQMBAQEBAQECFAEBAQEBBhgGTIVFAwMjBBkBATgPJQImAgJFEgYBCQMGAgEBgx2BagMVA5gdihxvezOCdQEBBYEEAQF1gj4DglEIF3SBI4hCF4IAgRInDIpegleOPjGODQmCDI4XHVmIO4YUjneHTIINTSMVgyeCGQwOCYNGihwBVU+OVAEB X-IPAS-Result: A1APAAD5iaVbly0bGNZbHAEBAQQBAQcEAQGBUYILgWcog3OIFV+LS4Fogn6TdoF6hHcCQoMEITQYAQMBAQEBAQECFAEBAQEBBhgGTIVFAwMjBBkBATgPJQImAgJFEgYBCQMGAgEBgx2BagMVA5gdihxvezOCdQEBBYEEAQF1gj4DglEIF3SBI4hCF4IAgRInDIpegleOPjGODQmCDI4XHVmIO4YUjneHTIINTSMVgyeCGQwOCYNGihwBVU+OVAEB X-IronPort-AV: E=Sophos;i="5.54,287,1534824000"; d="scan'208";a="375820" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 21 Sep 2018 20:18:12 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AOAACWiaVbly0bGNZbHAEBAQQBAQcEAQGBUYILgWcog3OIFV+LS4Fogn6TdoF6hHcCQoMEITQYAQMBAQEBAQECARMBAQEBAQYYBkwMgjUkgmADAyMEGQEBOA8lAiYCAkUSBgEJAwYCAQGDHYFqAxUDmCCKHG97M4J1AQEFgQQBAXWCPgOCUQgXdIEjiEIXggCBEicMil6CV44+MY4NCYIMjhcdWYg7hhSOd4dMgg1NIxWDJ4IZDA4Jg0aKHAFVT45UAQE X-IPAS-Result: A0AOAACWiaVbly0bGNZbHAEBAQQBAQcEAQGBUYILgWcog3OIFV+LS4Fogn6TdoF6hHcCQoMEITQYAQMBAQEBAQECARMBAQEBAQYYBkwMgjUkgmADAyMEGQEBOA8lAiYCAkUSBgEJAwYCAQGDHYFqAxUDmCCKHG97M4J1AQEFgQQBAXWCPgOCUQgXdIEjiEIXggCBEicMil6CV44+MY4NCYIMjhcdWYg7hhSOd4dMgg1NIxWDJ4IZDA4Jg0aKHAFVT45UAQE X-IronPort-AV: E=Sophos;i="5.54,287,1534809600"; d="scan'208";a="18546028" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa06.eemsg.mail.mil ([214.24.27.45]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 22 Sep 2018 00:18:11 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;addffed1-1adb-4e35-ab06-7e985682f64b Authentication-Results: UPDC3CPA09.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic304-18.consmr.mail.bf2.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 54147986|UPDC3CPA09_EEMSG_MP25.csd.disa.mil X-EEMSG-SBRS: 3.4 X-EEMSG-ORIG-IP: 74.6.128.41 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BQAABFiaVbhimABkpbHQEBBQEHBQGBUYNyKINziBVfjTOCfpN2gXqEdwJCgwQZBgYwGAEDAQEBAQEBAQEBEwEBAQoJCwgbDiMMgjUkgmADAyMEGQEBOA8lAiYCAkUSBgEJAwYCAQGDHYFqAxWYKYocb3szgnUBAQWBBAEBdYI+A4JRCBd0iXyCAIESJwyCMYgtgleOPjGODQmCDI4XHVmIO4YUjneHTIINTSMVgyeCGQwOCYNGihwBVR8wjlQBAQ X-IPAS-Result: A0BQAABFiaVbhimABkpbHQEBBQEHBQGBUYNyKINziBVfjTOCfpN2gXqEdwJCgwQZBgYwGAEDAQEBAQEBAQEBEwEBAQoJCwgbDiMMgjUkgmADAyMEGQEBOA8lAiYCAkUSBgEJAwYCAQGDHYFqAxWYKYocb3szgnUBAQWBBAEBdYI+A4JRCBd0iXyCAIESJwyCMYgtgleOPjGODQmCDI4XHVmIO4YUjneHTIINTSMVgyeCGQwOCYNGihwBVR8wjlQBAQ Received: from sonic304-18.consmr.mail.bf2.yahoo.com ([74.6.128.41]) by UPDC3CPA09.eemsg.mail.mil with ESMTP; 22 Sep 2018 00:18:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1537575486; bh=moeYvcwDz4aHiI88+2oNPpuMjK4sdeV0qJVQV11wnek=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject; b=NCRyCMWsfPCupQl75/PsQ9NYMrF2sRyV0BJIs40t4oxmrmoU9uFeTKXsqSwjE5kSdzXcRgKz9Ts8+x7WZ0+NTVgZMsAUWotfTNC0KHPwPJrdQKGVblBvyq/1k7ojgvoZ+TiU40BWGjj+0Tgg3la2CU0xFJIfseHKnOH5N/xs7tIWJ9ItUStTOhlfioK9ldfLjqj0XZBKXUqgdGb9KU7IZ55/t+d+dcaGrjUymH1Wz8f+y5rD5CmhYB9AxPPTsQ4j3WuVa8qZ2Sb5lwIqxwksCWsiLArSCFzAxd5O8k6wMrT9eIfGmmRomR9Hhd81ggzQhuQ3LevNhvhTjU5xtPPUqA== X-YMail-OSG: sbj6abEVM1kSW373iwhkHdt3qPKP6FhEE6R28BxytgCwL0wrVh_aVBULcABhGNY rZk0qTyOfQF.Z6Mw1AsCqFCcskHNWs4vcO9NzUrSOyGXLEwgpIkJc0jRNF.MesgzDxJQpqq848ze Z_Qheq1YNcGhN3RRKhyVEWeIXqvR0IS1Ln79REQYx7HtU3skJZljmkcDPhskeeg2vwG1LnyGXT7T RHkmlpjzc0LfLf5w5BEkOz.XgI4J0nCFG8.do6Clb4PJiGfUs4Sr7RBh_SVrRjpWR4RczPw.NHo8 sJY8DwlT.rFnRq60FuVCJMHZkVAAdY7EFJ2T8N9t8U1ELAzQnbItmEp4rEZAMfrHtfH5kJjxGAeE BySuOhGdeGoMmVwCniTHMyQxp_IvMyOo5VF4hDVxcmf6P0jUUSKoCRCoY.d7LvHZZHX4JbIO6sYD Rwjgr6QCqk4OfYCPcgJkH2DTLWtF2cGF5XjuRXmhaSRaBQJiHvpSyL2QBbjDvtHV5p5GaB8osp74 vk1SUv30_PxhvjrKBt7EgK0wC_cPM8ZfH2EEQtqawblcOkSTKaa6PcuDvVkF7o4.m7mkpuV8iPq1 SkUyH56cum_0LrpwyO7wRlTDth__SJ4_8Hlri8jKVxc3uOC4iErjYq2.7e0VLjiCkSt6JX62gDJS jLOZGFtYRATV8grxwrsKybPDcuCn4RiOn6OlJg6qFD2AMtOLaIABGIXsgOy3TM4zhAMmXXKoBMS4 nbwJ8PJIT9Lht6jOKMMTeHGZ78C9DIEZAk_Lx8B3h.3T7KU81dqyorKqnMf6CgKayZIi1MOt9Mkh Ls86dHQkROfgd9K6PLsFyNSL13FLIWvoKpY0ew3v2lLhBCJJ2oG_qKU_I2bQ18nXiZLCLZfk9as6 qlPDh.FFd14Vi_ef7zkGOJ78qqd41Szn8ppKXEBqEX4yzWGyaz3dv5HHpDi2yutIin1a8Xf7IcuP m5Arr6g1xodbfWE2I3FRx3TJi9shakEeLJRFTkYHNoJSCnWzxQ.5oJJnajFfcXJxqqP6R95iEukr EX0InN3zrfbqZU2ZVyzYh3ZcRQBAMlWKx Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.bf2.yahoo.com with HTTP; Sat, 22 Sep 2018 00:18:06 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp420.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 2cf301e387c71a2550cd07cc03f04e49; Sat, 22 Sep 2018 00:18:04 +0000 (UTC) To: LSM , James Morris , SE Linux , LKLM , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Salvatore Mesoraca References: X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: Date: Fri, 21 Sep 2018 17:17:59 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Mailman-Approved-At: Mon, 24 Sep 2018 08:26:06 -0400 Subject: [PATCH v4 06/19] AppArmor: Abstract use of cred security blob X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Don't use the cred->security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook --- security/apparmor/domain.c | 2 +- security/apparmor/include/cred.h | 16 +++++++++++++++- security/apparmor/lsm.c | 10 +++++----- security/apparmor/task.c | 6 +++--- 4 files changed, 24 insertions(+), 10 deletions(-) diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 08c88de0ffda..726910bba84b 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -975,7 +975,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) } aa_put_label(cred_label(bprm->cred)); /* transfer reference, released when cred is freed */ - cred_label(bprm->cred) = new; + set_cred_label(bprm->cred, new); done: aa_put_label(label); diff --git a/security/apparmor/include/cred.h b/security/apparmor/include/cred.h index e287b7d0d4be..a90eae76d7c1 100644 --- a/security/apparmor/include/cred.h +++ b/security/apparmor/include/cred.h @@ -23,8 +23,22 @@ #include "policy_ns.h" #include "task.h" -#define cred_label(X) ((X)->security) +static inline struct aa_label *cred_label(const struct cred *cred) +{ + struct aa_label **blob = cred->security; + + AA_BUG(!blob); + return *blob; +} +static inline void set_cred_label(const struct cred *cred, + struct aa_label *label) +{ + struct aa_label **blob = cred->security; + + AA_BUG(!blob); + *blob = label; +} /** * aa_cred_raw_label - obtain cred's label diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 8b8b70620bbe..4f51705c3c71 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -57,7 +57,7 @@ DEFINE_PER_CPU(struct aa_buffers, aa_buffers); static void apparmor_cred_free(struct cred *cred) { aa_put_label(cred_label(cred)); - cred_label(cred) = NULL; + set_cred_label(cred, NULL); } /* @@ -65,7 +65,7 @@ static void apparmor_cred_free(struct cred *cred) */ static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp) { - cred_label(cred) = NULL; + set_cred_label(cred, NULL); return 0; } @@ -75,7 +75,7 @@ static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp) static int apparmor_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) { - cred_label(new) = aa_get_newest_label(cred_label(old)); + set_cred_label(new, aa_get_newest_label(cred_label(old))); return 0; } @@ -84,7 +84,7 @@ static int apparmor_cred_prepare(struct cred *new, const struct cred *old, */ static void apparmor_cred_transfer(struct cred *new, const struct cred *old) { - cred_label(new) = aa_get_newest_label(cred_label(old)); + set_cred_label(new, aa_get_newest_label(cred_label(old))); } static void apparmor_task_free(struct task_struct *task) @@ -1455,7 +1455,7 @@ static int __init set_init_ctx(void) if (!ctx) return -ENOMEM; - cred_label(cred) = aa_get_label(ns_unconfined(root_ns)); + set_cred_label(cred, aa_get_label(ns_unconfined(root_ns))); task_ctx(current) = ctx; return 0; diff --git a/security/apparmor/task.c b/security/apparmor/task.c index c6b78a14da91..4551110f0496 100644 --- a/security/apparmor/task.c +++ b/security/apparmor/task.c @@ -81,7 +81,7 @@ int aa_replace_current_label(struct aa_label *label) */ aa_get_label(label); aa_put_label(cred_label(new)); - cred_label(new) = label; + set_cred_label(new, label); commit_creds(new); return 0; @@ -138,7 +138,7 @@ int aa_set_current_hat(struct aa_label *label, u64 token) return -EACCES; } - cred_label(new) = aa_get_newest_label(label); + set_cred_label(new, aa_get_newest_label(label)); /* clear exec on switching context */ aa_put_label(ctx->onexec); ctx->onexec = NULL; @@ -172,7 +172,7 @@ int aa_restore_previous_label(u64 token) return -ENOMEM; aa_put_label(cred_label(new)); - cred_label(new) = aa_get_newest_label(ctx->previous); + set_cred_label(new, aa_get_newest_label(ctx->previous)); AA_BUG(!cred_label(new)); /* clear exec && prev information when restoring to previous context */ aa_clear_task_ctx_trans(ctx);