From patchwork Wed Sep 19 20:51:14 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nicolas Iooss <nicolas.iooss@m4x.org>
X-Patchwork-Id: 10606551
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 81584112B
	for <patchwork-selinux@patchwork.kernel.org>;
 Wed, 19 Sep 2018 20:51:57 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 727B82CC48
	for <patchwork-selinux@patchwork.kernel.org>;
 Wed, 19 Sep 2018 20:51:57 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 70B502CC53; Wed, 19 Sep 2018 20:51:57 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
Received: from ucol19pa09.eemsg.mail.mil (ucol19pa09.eemsg.mail.mil
 [214.24.24.82])
	(using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 8FB662CC4B
	for <patchwork-selinux@patchwork.kernel.org>;
 Wed, 19 Sep 2018 20:51:56 +0000 (UTC)
X-EEMSG-check-008: 770270957|UCOL19PA09_EEMSG_MP7.csd.disa.mil
X-IronPort-AV: E=Sophos;i="5.53,395,1531785600";
   d="scan'208";a="770270957"
Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3])
  by ucol19pa09.eemsg.mail.mil with ESMTP/TLS/DHE-RSA-AES256-SHA256;
 19 Sep 2018 20:51:54 +0000
X-IronPort-AV: E=Sophos;i="5.53,395,1531785600";
   d="scan'208";a="18447074"
IronPort-PHdr: 
 9a23:mdBc5hOnd5mSCmSghN8l6mtUPXoX/o7sNwtQ0KIMzox0L/3+r8bcNUDSrc9gkEXOFd2Cra4c1KyO6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fcbglUhjexe69+IAmrpgjNq8cahpdvJLwswRXTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs7Vy6i76N2QxH2jikJOSMy/GXOhsFxia5Wpg+qqR5izI7OeIybNORwcK3ec90dSmVPQ95RWi5cDo6yc4QBAPQOPf1DoonhpVYDtweyCBOwCO/xzDJDm3/43bc90+QkCQzIxA0gEM4JsHTQttr1L7oZX+OyzKnP1jXDdO5d1DD76IjJbh8hpvWMUqhrccbLyEkvEATFjk6LqYH+OjOY2esMv3Kc7+p6WuKikmgqoBx/rDiow8cjkIjJhoQNx1DL9CV53IY1JcCjR0JhfdGkF55QuieHPIV1WsMvW3xktSk1x7EcuZO3YTIGxIooyhLBcfCLbpCE7xHnWeqLPDt1hHNodKihixuy70Ss0OnxW8+p21hQtCVFiMPDtnUV2hzW7ciIV+Vy81+62TaKywDT8uZEIV0olabDK54u3Lowlp0LvETfBCD2gkT2jLKNdkk+5uip6/joYrXhppOGMY97lhr+Pbg0lsy6AOQ4NhACX2md+euiyL3u5VD1TbpFg/EskqTVrYrWKdoUq6KnGQNZz54v6xOlADen1NQYk2MHLFVAeB+flIjmJVXOIPH+DfeijFWgiSxkx/fbPr3nHprCMGPDnaz9fbd990FcyA0zwcpZ55JPEL4NOv3zWkjvtNDAFB82LxS0w/r7CNV6zo4eW2WPAqmDP6POsV+H/OQvLvKOZI8Svjb9LuIq5+XyjXAng18dZrOl3ZwNaHC3Bv5mOVmWYWLwgtcdFmcHpgg+TO7wh1KeUj5TfHGyX6Q95jElE4+mA4PDRp2igbOawSe7GIFWZn1cBlCLC3foeJ2OW+0QZyKKPs9hjjsEWKCvSo8g0RGusRH1y6B8I+ra5CIXqJXj1MJv6O3LjxEy8j50ANqB3GGRVW10mXkIRzAu1qBlvUN90kuD0bR/g/FACNNc+/ZJUgA8NZ7A0uB3EM7yVRzbfteISVemRdOmDSs3Tt0v398Ee1x9FMm6jhDfwyqqBKcYmKKTBJMu6KLc3mPxKt1ly3nczqkhjkImQtNLNWK8mqFw6RLfB4nTk0WWj6yqb7gT3DbR9GefymqDpEJYXxRzUaXCQHASfUjWos765kPFUr+iE7MnMhFOycSaMKtFdsXpjUlaRPfkINnReX++m32xBRmW3LOBd5DldHkY3CnHD0gEiQ8T926cNQciHiehv37eDDt2GF3zeUzs9fdxqGinTk40yAGHdFZh2Ka0+hELg/ycV/IT0agetCcntTp0AE6338jKBNqYuwphYKJcbMsn4FhayG3UrAN9PpmvLqx4gF4RbRh3tVv01xprEoVAjdQqrHQywQppJ6KYylRBdyiE3Z3rIb3XLG7y/R6qa6HM3FHSytCW9bkT6P4gsVXsoBmpFlY+83Vgy9RU3WGT5pHWDAUMS5LxSV069wZkqLHAeSY9+obU2WdrMamuvT/Iw8gpC/c9yha8Y9dfN7uJFAnzE80eA8ihNvcqlkOzYR0aJuBS87Q4P8S8d/uJwKSrJvpvnCq6jWRb54Bwyl+D9zZmRe7SxJsK3/aY3g6bWDjml1ehrtr7mYZaajEOBmC/0zTrBJZNZq1ueoYGEXmuI8yrydVigJ7tQWRU+0KjB1MB3s+pdgGfb1j83Q1Wz0sXu3unlTG/zzxunDEjtrCf0zDWw+T+aBoHPXZGRG1jjVf3PYi4lssaU1asbwgokhul+En7yrNApKRnLmnTR0ZIcDTtL214VKu/qKaCadZV6Jw0qSVXTPi8YVeCR77npBsa1yfjEHVExD8ncDGrtI70nwdniG2BN3Z/tn3Zedt/xR3H/tzTWeZR3iYaRCl/kTTXBUazP9+y/diPlJfMrOa+V3mnVpJNbSnn14SAtDG05WdyGx2wg+izmsH7EQg9ySL7z8NlVTjMrBnieonkzaK6Mf55cUlyH1L89tF6FZ9kkosrnp0Qwn8ahoiP/XUbj2jzP9Jb2bjxbHUTXzILxcDa4BT90k15Mn2J3575VmmawsZ5edm6ZH4Z1zkj78BMFaiU7KZInS1rrVqktQjRe+Ryni8Byfsy734Xm/kJtxAwziWZGb0dAUhYPTDslhiR4dCxtqNXaHyocbiq20p0hcqhA62aogFARHb5fY8vHSFq4cV5LFLM13jz55rqeNbOcN0TsQeUnA3Yj+hPL5IxlOQFijZ7OW7nun0l0eE7hwR03Z6mpIiHN3lt/KWhDx5dLDL1Y8cT9S/xjaZChMmZxZuiHpN/FTUXR5vnUeinECoMuvj9MQaBDiE8oG+BGbXDBQ+f9Ftmr3XXHpClLXGYOmQWzc54SxmbOExfhxsUUS4gkZElEwCm3svhcF125joJ/F73tgNMyv50Nxn4SmrQvxynZjAwSJieNxpW8hpC613OMcOA8u1/BTpY8YOlrAyMLGybegtJAHoVVU2EHVDjI6Ku6cPO8ueCGuq+NPzOYbOUpexZTfeIyoql0pF68DaUKsWPIn5iAuUg1UpCUnB5HMLZli4SRCMJjC3NbtSUpBGm9i1wtMC//+zhWBjz6ouXF7tSLdJv9gi0gaeDN++QnCF5KTJZ1pMQ23DF070f3F8OiyF0aTahC7MAtTTCTKjIgK9YEwYbaz9vNMtP96883QlMOcrFhd7u0754ifA1C1lbWlz9hsGpZcsKI2SjO1/dAkaEKqiGLyXRw87reaO8VaFQjOJMuh22pzmUCUvjMy+AlznuTBCvLftDjCeAPBxduYGxaBBtBnb/TNj+cB20LMd3jSEqwb0znn7KL3ATMSNifExXtL2f8SNYj+5kFGxA9HpqMO6EmyiB7+nCNJkXseFnAiJqmOJG+H460ada7DlYRPxpnyvftsNho1agkumJ1zVoTh5OqjdQiY2Ro0piI6LZ+oNHWXbe8xIH9X+QBAgSp9t5Ft3vvLhdxcXVm6LtKTdN7snU8NAGCMjOMsKHN3QgMQH3FzHIEQsFVz+rNX3fhkBHlvGd6GGVpIAgqpfwgJoOVqNbVFstG/MeDURlBsINIJF2XzMjirObg8gI5WekoBnWXsVasYjNVuiODvX3NDaZkb5EagMTwbzmKYQTN4v721Fta1RhgIvKHE/QUsxXrS16cg84ukNN/2ZiTmcrwULqdhut4GMPFf6zhhM2lgp+YeEq9Dfw41c2JkHHqzYxkEgxg9rqmiqdcDjvI6esRYtWETb7t1AtMpPnRAZ4dRe9nUhlNDjYWb1el75gdGBtiA/bv5tAA+VRQrZFYBAKw/Gbfvso0UlGpiWh20BH+fPPCYF+mwsybZ6ss3VA1hp4Y9ErI6zdP7BGwUVOhq2QpC+ozfo+wBUeJkoX92OSYiEIslQSNrY6Pyqo4vBs6QualjtMZWgMVv4qovZ0+UM4IOmP0jzv3KVCKk+rMeyTNaSZu3LPlcSQWFM/ylsIl1VZ/bhxycojaUyUV0Ezw7uREBQJMdHCJxlMYcRP7nbeYSGAvP7RzpJyOoWyCvrnTfSStKoOhEKrAhopFZwW7ssdBpmszF3YLcD/Ib4f0xot/gPrK06eAfRVYhKEiikHrN+7zJ9224ldKTUdAWRyMSW3+rbXqBUlgOCGXNssZHcVQJcEPGosWMKmgy5Zo2hADD6v3+MX0gSN8z/8piXVDDn9ddVjZ+yZZRJyB96o5zoz6a+2iUTY8p/GPWH1KcxiusPT6eMdv5uHDulbTaN+s0jCh4lYRnqqU2HUHN+7PZfwbZUjbdjzCnanT1O/kCg5T8HvM9axNqKImx3nRZ5IsImH2zAuLdWyFisDGxd2ve0D57lxZQwCY5o6fR7nrB4yN6qhLweEyt+uWXqiKSNKT/lDyuW3f6BXzy0pbuKh1HssUpQ6wPKt/U4LWp4KkgnUxey/aIlGTSjzBntddh3NpSo+iWdsLfs9zfkkwBzWq1kcLy6Ee/FzZGxCod48GUuYIW9qBWogW1+ckY3D7xai37AI5SRdmcpb0exesHXlu5/feDOsVLWwqZTbqCosd98mo7d+MYb7OMuJqIveniDDTJnXqgCFTDO1GOdbmtdKJCJVW+VHmWYgOcMao4VB8lYxWt04J7NRFKkmvqqqZiZ8DS4O0S8ZUJuN3CQZguegwbTViwuQfY85MBwDrZVCmMcSXDBwYiMCvq+sTYHWm3WDSmgRLwcZ9R5M6x4Ylo9sYuDl55LFQ4RCyzFKv/55UDbHG5dz+lTnTWGWhET3R++6k+y1xw5Syuzj0sUDUh5lFUdd3/pWllcvKLxvMakfoJPFsj+SekPmp2/tzOymJEdPxsHKa1L4C5fKunTmXi0a53IUWZdFyGvDGpQKjwp5dKErqU1QIIC8ZEnx+SEryp90H7m8ScCr3UwqrWgHRyetF9pOFf1mvEjQWD1/bJChsI/lNIlKQm9M5J2drE9UkEd3PC6jzppcMMVN7SQSXDVUpDWdod+ySNFC2cBqDp8DONF/u2znFKNDIpiRrGU8uqbzxX/B5zA8rFC6yS2xG6CiSeJZ8XceGgI0KGuAsUQvE/Ej8mHJ8lDKqFx0+flUBqSXh0VrvDl9BoxOBipO1X29KVRzSGJLs+RcKKTQacBcQv8yZRG1OxMkDv4mw1aJ/VxoknflfixyrBVV9zraXwkuWikfmq3tliEGqsG7JT8aTIpFbTMgbyjZLAKbnTpYvA1FZ0FrXJAZBc1F+6oA0ItR8cfDRlygKSYfXBxtLgg4y+ZQlVZfsEWEfiDQFQ6ode3KshB3ZsqRotCmI+n+/AddkIznqPo496IBR3K4hQKtXcrSr4jmtt2FrkGObrv3M/WgYX/dSzjBlRKwhbYhD5TR+ijcLgpaJIdgyXolZ5jhBnTHPRJYKKIHP0BbT7x1ac1aouBGYM9pYKcJ+K53CR2dWhziA5evo+daLlnNWTvSNSKB8vawoYjL97zSVfDgZtCQx3bAW694JZZ66SL1Grjw049e+1b22u93+UNnTVjLKDyOrNP8KQwV/saia1HivpozHTzMGptwl2Dtxk5YfcoNXyKq6IgYyI9e6HvoUeJ3yFTzv/FS97hq7ok3+bNpxd6vJajMLfRasElnAgWbBwhx7pUiGnR/SHxRYu4fL/fRZ6cZgdrtq+/pDawX7gOa++hDZdvAPUHBldG1CiuARhxcgAcBtTkaIxOT1/Gbna90VcGlpe/+1kI2/Ve+Kh8GzLZw5YaL4aeIoPHYbwHRzLceQKTqQN38rqg0sUOI+fIkjKIOenByYwC/DOcdVNQSyXv7wK82yiIsF8fDH7P+9/5ZS3I2gC7vm5BnE1URAPMUEqKB/Z5CkWcgh+zZKtoWf7hHmmaIEx6kDrACxmCw5iuSIWlqmBfO3A/sQWK961/2tyx4QTDWw9fljEVVSqG9BV1OUCqxJU94rDSPMRLntNXroqQ191g6PHHrutyLlWuhPq5XHsLkKdyTJCk7vlQXg4MrStyow4AbFsK3IM0N/3Fmcvve92SrnjdDo6dAh4re5NuZ9enXHXmkkq2VtrSMxDFeyngjvlE/68utNu/P592UWfuo03seTyZltwvHQRG1tqTRr0oINkyTzEfLhIsKM8lY3XkmzE7m4vMuQNYu9ApDF4bAYOgCqSr0ODvuzlaVe8g3WTWG0ztLAlL1FkF1GKoi12L+ssLJkWzd+lMySYl2aUPnmQZ7D4MmJkIx8FIX2DYMERARaRCHC7GlHUvlLY8DVUkNdxuH2Ly6d7ws3U10xLOv5fPcYfZ6B6UTKvZXlhSOk0RDGpIKra0eR6pxe1pc9K7UpQjiDJPqX/r8mnozMv21RN5V8cYDu3sk/Am/WwKq6Y1f4LYDlJCIaqlEbIDXs89i6Udn+SUCdjdJgBh4kxO5Tf4cq/7+7dTBt5qo8OmuXr43R+oL7xg0G3h+j5zojVA7ptHX0/1TSpfbiIT49ABNLWWHuIPd0xl7MuoBNZ6kfKxn93UcPCgeJnQOPdWMZ/k7+S9tPy3Z50ZeDcMUedMYIM3NlBhaikL3XLFT99LbFUGDBoZydsAo6m/3xy4v8Zs4TOns8ji2JYrQ71tVJfNMkD1slM7epOgS2ffTBjAX4WOYaxdp3CyP0JyNC/fs/eWW1t7YTVQGHjQ5U41FPjqN5RSnRvaplJXuSg6U7cvzj4wleUKIQny+hr8FsrpNEeFcliX7xCZRGZ7vi/KTrdWs9HNdtkdbH4Zr8R3FBKJfM41/ORT5kMmrW0d9CjL7eMHVbRoupPGWy/wN4+pkMUv+YpUXIhUey7L18XBVVBdhSKbqvlaFWuIcfN5mR+nYoXBV6IJgLagPMUODpJzrqDdHtlQ2AA4vaL8toT1WbE7OnBdaW6zsor4PlhMcUcJluU9LAW+wOngx5znAVatOl6SRFfoV8imTTqwJTkVoPSN+Qw+v1JVoZbSpgehNsnlakSNlvPgqzztmSQO+uS3poKINwygg+LCjtDgav3xKVOCenDnJCVlZy/QKl6gcAW746VOgeHkDcJfy4L5/KMT7+4kh5mgwbBQgciAdQ+SvFTvwj6KJA4yIttJQnhiNt9vSbez7ES9HLbk5yBT+V1BhwwPem1Bu62JNTTK+v/E+I4DoH8cuwS6hAiD6c1EX+esdtsr6sloCV603blR6201mjtjBQTcCEp+cU10phxQpPD0XOKlI7gUXQux22Gzat7Ra/gwSfDbfG5ik/Y+Vh8rTxH0hVo02ljDLvqeJ38Iy2SU53d556zWB/nEbduieVs5oUR2RnotcyOmrYfKrv6hHTYZ9072uXbcENdXr4mq53phmGwely70SEkD/MboFwbHWAELHAXaAV7GzenOX1y08Lla0/QOhe1s2Y8BOplR7M+zFnYV0klHxF7RuSXb1xxfA1GJ2CeoBbEotvZu/PQkDTeoffe+ZcNMU+6VrAXpSSyrsN35zV//wtkSiyY56MHJk6F68YOPq6RvOOtyPHBIJCsjf8o43/ua1FQfjcWR4wkhKNVJvv/zaC0x3tuJYdMOJmsPMgt1gzeMfX/J9aGslvdoCho9o6Y+VydqHNxbLwZs=
X-IPAS-Result: 
 A2AQAQBYtqJb/wHyM5BcHQEBBQELAYFRgV0nA2UjXCiMZ4tSmFkUgV8SGAsIAYN6hAMhNRcBAwEBAQEBAQIBbBwMgjUkgmcCJBMUIA4DCQJACAgDAS0VHwsFGASDAAEoAYFYAwEBCqY4M4N8e4UVBYZXhBaBWD+HPwKBLgESAYV3Ao1sQY4sBwKCBwSEADeDBYZQIo8ai2+JAIFEATVkcTMaMEOCbIYBilRtegEBARQUiXuCPQEB
Received: from tarius.tycho.ncsc.mil ([144.51.242.1])
  by emsm-gh1-uea11.NCSC.MIL with ESMTP; 19 Sep 2018 20:51:54 +0000
Received: from prometheus.infosec.tycho.ncsc.mil
 (prometheus.infosec.tycho.ncsc.mil [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8JKplVm025018;
	Wed, 19 Sep 2018 16:51:52 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
 [144.51.242.1])
 by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
 w8JKpl93023821 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
 Wed, 19 Sep 2018 16:51:47 -0400
Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil
 [144.51.242.250])
 by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8JKpkng025016
 for <selinux@tycho.nsa.gov>; Wed, 19 Sep 2018 16:51:46 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1BkAABYtqJbly0bGNZcHgEGDIFSgVwnaH8ojGeLUphZggUjCYN6hAMhNhYBAwEBAQEBAQIUAQEBAQEGGAZMhXJSgVGDIQEoAYFYAwEBCqY4M4N8e4UVBYZXhBaBWD+HPwKHOQKNbI5tBwKCBwSEADeDBYZQIo8ai2+JAIFJAoIEMxowQ4Jsgk2DNIpUbXoXFIw4AQE
X-IPAS-Result: 
 A1BkAABYtqJbly0bGNZcHgEGDIFSgVwnaH8ojGeLUphZggUjCYN6hAMhNhYBAwEBAQEBAQIUAQEBAQEGGAZMhXJSgVGDIQEoAYFYAwEBCqY4M4N8e4UVBYZXhBaBWD+HPwKHOQKNbI5tBwKCBwSEADeDBYZQIo8ai2+JAIFJAoIEMxowQ4Jsgk2DNIpUbXoXFIw4AQE
X-IronPort-AV: E=Sophos;i="5.53,395,1531800000";
   d="scan'208";a="373788"
Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35])
 by goalie.tycho.ncsc.mil with ESMTP; 19 Sep 2018 16:51:46 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A0BkAABYtqJbly0bGNZcHgEGDIFSgVwnaH8ojGeLUphZggUjCYN6hAMhNhYBAwEBAQEBAQIBEwEBAQEBBhgGTAyCNSKDD1KBUYMhASgBgVgDAQEKpjgzg3x7hRUFhleEFoFYP4c/Aoc5Ao1sjm0HAoIHBIQAN4MFhlAijxqLb4kAgUkCggQzGjBDgmyCTYM0ilRtehcUjDgBAQ
X-IPAS-Result: 
 A0BkAABYtqJbly0bGNZcHgEGDIFSgVwnaH8ojGeLUphZggUjCYN6hAMhNhYBAwEBAQEBAQIBEwEBAQEBBhgGTAyCNSKDD1KBUYMhASgBgVgDAQEKpjgzg3x7hRUFhleEFoFYP4c/Aoc5Ao1sjm0HAoIHBIQAN4MFhlAijxqLb4kAgUkCggQzGjBDgmyCTYM0ilRtehcUjDgBAQ
X-IronPort-AV: E=Sophos;i="5.53,395,1531785600"; d="scan'208";a="18447070"
X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown
Received: from updc3cpa06.eemsg.mail.mil ([214.24.27.45])
 by emsm-gh1-uea11.NCSC.MIL with ESMTP; 19 Sep 2018 20:51:45 +0000
X-EEMSG-check-005: 0
X-EEMSG-check-006: 000-001;0f2241bd-ccc7-430e-9307-885bc539e101
Authentication-Results: upbd19pa04.eemsg.mail.mil;
 dkim=none (message not signed) header.i=none;
 spf=Pass smtp.pra=nicolas.iooss@m4x.org;
 spf=Pass smtp.mailfrom=SRS0=aI6L=MB=m4x.org=nicolas.iooss@bounces.m4x.org;
 spf=Pass smtp.helo=postmaster@mx1.polytechnique.org
X-EEMSG-check-008: 338120961|UPBD19PA04_EEMSG_MP4.csd.disa.mil
X-EEMSG-check-001: false
X-EEMSG-SBRS: 3.5
X-EEMSG-ORIG-IP: 129.104.30.34
X-EEMSG-check-002: true
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A0A+AACYs6JbhyIeaIFcHQEBBQELAYFQgV6BD38ojAhfi1KYWYIFExAIAYN6hAMaBgEFLxgBAwEBAQEBAQEBARMBAQEIDQkIKSMMgjUigw8LAUaBUYMhASgBgVgEAQqmMjODfHuFFQWGV4QWgVg/hz8ChzkCjWyObQcCggcEhAA3gwWGUCKPGotviQCBQoINMxowQ4JshgGKVG16FQEBFIw4AQE
X-IPAS-Result: 
 A0A+AACYs6JbhyIeaIFcHQEBBQELAYFQgV6BD38ojAhfi1KYWYIFExAIAYN6hAMaBgEFLxgBAwEBAQEBAQEBARMBAQEIDQkIKSMMgjUigw8LAUaBUYMhASgBgVgEAQqmMjODfHuFFQWGV4QWgVg/hz8ChzkCjWyObQcCggcEhAA3gwWGUCKPGotviQCBQoINMxowQ4JshgGKVG16FQEBFIw4AQE
Received: from mx1.polytechnique.org ([129.104.30.34])
 by upbd19pa04.eemsg.mail.mil with ESMTP/TLS/DHE-RSA-AES256-SHA256;
 19 Sep 2018 20:51:41 +0000
Received: from localhost.localdomain (89-156-252-9.rev.numericable.fr
 [89.156.252.9])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ssl.polytechnique.org (Postfix) with ESMTPSA id 20018561297;
 Wed, 19 Sep 2018 22:51:39 +0200 (CEST)
X-EEMSG-check-009: 444-444
From: Nicolas Iooss <nicolas.iooss@m4x.org>
To: selinux@tycho.nsa.gov
Date: Wed, 19 Sep 2018 22:51:14 +0200
Message-Id: <20180919205114.2683-1-nicolas.iooss@m4x.org>
X-Mailer: git-send-email 2.19.0
MIME-Version: 1.0
X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Wed Sep 19
 22:51:39 2018 +0200 (CEST))
X-Org-Mail: nicolas.iooss.2010@polytechnique.org
Subject: [PATCH 1/1] python/sepolicy: fix compatibility with setools
 4.2.0
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
 <selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

When testing sepolicy gui with setools 4.2.0-beta, the following error
happened:

      File "python/sepolicy/sepolicy/__init__.py", line 277, in _setools_rule_to_dict
        if isinstance(rule, setools.policyrep.terule.AVRule):
    AttributeError: module 'setools.policyrep' has no attribute 'terule'

This is due to a reorganization of files in setools 4.2. After reporting
the issue on https://github.com/SELinuxProject/setools/issues/8 , it
appears that sepolicy has not been using setools API properly. Fix this
by:
* replacing exception types internal to setools with AttributeError, as
  they all inherit from it ;
* using rule.conditional.evaluate(...) in order to find out whether a
  conditional rule is enabled, instead of relying on
  rule.qpol_symbol.is_enabled() (which disappeared).

This last point required knowing the states of the booleans in the
policy. As sepolicy already retrieves all boolean states in
get_all_bools(), put them in a dict which can be used by
rule.conditional.evaluate().

This code has been tested with setools 4.1.1 and setools 4.2.0-beta.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 python/sepolicy/sepolicy/__init__.py | 30 +++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index 89346aba0b15..ed6dfea9718a 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -112,6 +112,7 @@ login_mappings = None
 file_types = None
 port_types = None
 bools = None
+bools_dict = None
 all_attributes = None
 booleans = None
 booleans_dict = None
@@ -134,6 +135,7 @@ def policy(policy_file):
     global all_domains
     global all_attributes
     global bools
+    global bools_dict
     global all_types
     global role_allows
     global users
@@ -143,6 +145,7 @@ def policy(policy_file):
     all_domains = None
     all_attributes = None
     bools = None
+    bools_dict = None
     all_types = None
     role_allows = None
     users = None
@@ -272,34 +275,35 @@ def _setools_rule_to_dict(rule):
         'class': str(rule.tclass),
     }
 
+    # Evaluate the boolean condition if it is a conditional rule.
+    # In order to do this, extract the booleans which are used in the condition first.
     try:
-        enabled = bool(rule.qpol_symbol.is_enabled(rule.policy))
+        all_bools = get_all_bools_as_dict()
+        used_bools = dict((str(name), all_bools[name]) for name in rule.conditional.booleans)
+        enabled = rule.conditional.evaluate(**used_bools) == rule.conditional_block
     except AttributeError:
         enabled = True
 
-    if isinstance(rule, setools.policyrep.terule.AVRule):
-        d['enabled'] = enabled
+    d['enabled'] = enabled
 
     try:
         d['permlist'] = list(map(str, rule.perms))
-    except setools.policyrep.exception.RuleUseError:
+    except AttributeError:
         pass
 
     try:
         d['transtype'] = str(rule.default)
-    except setools.policyrep.exception.RuleUseError:
+    except AttributeError:
         pass
 
     try:
         d['boolean'] = [(str(rule.conditional), enabled)]
-    except (AttributeError, setools.policyrep.exception.RuleNotConditional):
+    except AttributeError:
         pass
 
     try:
         d['filename'] = rule.filename
-    except (AttributeError,
-            setools.policyrep.exception.RuleNotConditional,
-            setools.policyrep.exception.TERuleNoFilename):
+    except AttributeError:
         pass
 
     return d
@@ -930,6 +934,14 @@ def get_all_bools():
     return bools
 
 
+def get_all_bools_as_dict():
+    """Return a name->state dict of the booleans defined in the policy"""
+    global bools_dict
+    if not bools_dict:
+        bools_dict = dict((b['name'], b['state']) for b in get_all_bools())
+    return bools_dict
+
+
 def prettyprint(f, trim):
     return " ".join(f[:-len(trim)].split("_"))