什么是聚合类型

C++03定义
An aggregate is an array or a class (clause 9) with no user-declared constructors (12.1), no private or protected non-static data members (clause 11), no base classes (clause 10), and no virtual functions (10.3).

C++11定义
An aggregate is an array or a class (Clause 9) with no user-provided constructors (12.1), no brace-or-equal-initializers for non-static data members (9.2), no private or protected non-static data members (Clause 11), no base classes (Clause 10), and no virtual functions (10.3).

结合C++03和C++11标准定义，罗列一下聚合类型的特性：

• 聚合类型可以有构造函数，但只能是编译器定义的默认构造函数，或者用=default定义的构造函数
• 聚合类型不能有private，protected非static变量
• 聚合类型可以有copy-assignment operator and/or destructor
• 数组是聚合类型，即便数组成员是非聚合类型
• 聚合类型的数组可以是非聚合类型
• 聚合类型不能用brace-or-equal-initializers（即就地初始化）初始化非static成员。

聚合类型变量初始化

聚合类型可以采用列表初始化（其实非聚合类型，通过自定义构造函数，也可以采用列表初始化）

if(m == n)
{
    // the ith element of the array is initialized with ai
}
else if(m < n) {
    // the first m elements of the array are initialized with a1,  a2, …, am and the other n - m elements are, if possible, value-initialized (see below for the explanation of the term)
}
else if(m > n) {
    // the compiler will issue an error
}
else /*(this is the case when n isn't specified at all like int a[] = {1, 2, 3};) */
{
    // the size of the array (n) is assumed to be equal to m, so int a[] = {1, 2, 3}; is equivalent to int a[3] = {1, 2, 3};
}

聚合变量最大的特点可以做聚合初始化，除了基本的列表初始化规则，聚合初始化还体现在可以递归初始化。

struct X
{
  int i1;
  int i2;
};
struct Y
{
  char c;
  X x;
  int i[2];
  float f; 
protected:
  static double d;
private:
  void g(){}      
}; 
struct Z {
  char a;
  X x;
  Z(char a1) {};
};

Y y = {'a', {10, 20}, {20, 30}};

y.x也被初始化了。如果对Z用递归聚合初始化，例如Z z = {'a', {'b'}}，编译器就会报错。因为Z不是聚合类型，编译器会去找对应的构造函数，显然Z没定义这样的构造函数。
具体介绍可以参考Aggregate initialization。

什么是POD变量

POD = Plain Old Data，可见这是一种兼容型比较好的形态。甚至可以导出与其他语言共享此类变量定义。

C++03定义
A POD-struct is an aggregate class that has no non-static data members of type non-POD-struct, non-POD-union (or array of such types) or reference, and has no user-defined copy assignment operator and no user-defined destructor. Similarly, a POD-union is an aggregate union that has no non-static data members of type non-POD-struct, non-POD-union (or array of such types) or reference, and has no user-defined copy assignment operator and no user-defined destructor. A POD class is a class that is either a POD-struct or a POD-union.

C++11定义变得非常优雅
A POD struct is a non-union class that is both a trivial class and a standard-layout class, and has no non-static data members of type non-POD struct, non-POD union (or array of such types). Similarly, a POD union is a union that is both a trivial class and a standard layout class, and has no non-static data members of type non-POD struct, non-POD union (or array of such types). A POD class is a class that is either a POD struct or a POD union.

总而言之：
POD类型是一种特殊的聚合类型，一个POD类型为：

• 标量类型。
• 满足以下条件的自定义类型：
  • C++11之前：
    • 聚合类型。
    • 没有非POD类型的非静态成员变量。
    • 没有引用类型的非静态成员变量。
    • 没有自定义的构造函数或析构函数。
  • C++11之后：
    • 是平凡类。
    • 是标准布局类。
    • 没有非POD类型的非静态成员变量。
• POD类型的数组。

聚合类型或是POD变量有什么好处？

聚合类最大的特点就是可以采用聚合初始化。
POD的特点更为实用一些

POD的用途
平凡类的用途：

• 平凡类的对象可以与字节流之间安全转换，即：
  - 若要将对象转为字节流，直接取其地址即可。
  - 若要将字节流转为对象，直接将该地址cast为对象指针即可。
  - 直接通过复制字节的方式复制对象。
• 安全的静态初始化。
  - C++11的thread_local变量可以是非平凡类型，但在某些编译器下会有比较大的性能开销。gcc扩展的__thread只能使用POD类型。

标准布局类的用途：
跨进程、跨语言使用。

名次解释

value initialization

• 对于普通类型变量(bool, int, char, double, pointers, etc.)
  it means it is initialized with 0 for that type (false for bool, 0.0 for double, etc.).
• 对于class类型
  • 如果有自定义构造函数，则调用自定义构造函数
  • 如果没有自定一构造函数，则调用默认构造函数
  • 如果没有对应的构造函数，则报错

举例

class A
{
public:
  A(int) {} //no default constructor
};
class B
{
public:
  B() {} //default constructor available
};
int main()
{
  A a1[3] = {A(2), A(1), A(14)}; //OK n == m
  A a2[3] = {A(2)}; //ERROR A has no default constructor. Unable to value-initialize a2[1] and a2[2]
  B b1[3] = {B()}; //OK b1[1] and b1[2] are value initialized, in this case with the default-ctor
  int Array1[1000] = {0}; //All elements are initialized with 0;
  int Array2[1000] = {1}; //Attention: only the first element is 1, the rest are 0;
  bool Array3[1000] = {}; //the braces can be empty too. All elements initialized with false
  int Array4[1000]; //no initializer. This is different from an empty {} initializer in that
  //the elements in this case are not value-initialized, but have indeterminate values 
  //(unless, of course, Array4 is a global array)
  int array[2] = {1, 2, 3, 4}; //ERROR, too many initializers
}

大括号中个数不足的，用value initialization补足。这就是A a = {1};或者A a = {}的含义。大括号中个数超过声明的个数的，则编译报错。

brace-or-equal-initializers

类成员的一种初始化方法

class B {
public:
    B(int){}
};

class A {
    int a = 123;
    int b {456};
    B c {12};
    B d = {34};
};

copy-assignment operator

拷贝赋值方法

class A {
    A A(int) {}
    A(const &) {}
    A& operator= (const A&a) {}
};
void main() {
    A a;
    A b = a; // 这里调用的是拷贝构造函数
    A c;
    c = a; // 这里才会调用拷贝复制函数
}

trial stuff

trivial copyable

参考C++ named requirements: TriviallyCopyable

The following types are collectively called trivially copyable types:

• Scalar types
• Trivially copyable classes, i.e. classes satisfying following requirements:
  - At least one copy constructor, move constructor, copy assignment operator, or move assignment operator is eligible
  - Every eligible copy constructor (if any) is trivial
  - Every eligible move constructor (if any) is trivial
  - Every eligible copy assignment operator (if any) is trivial
  - Every eligible move assignment operator (if any) is trivial
  - Has a trivial non-deleted destructor
• Arrays of TriviallyCopyable objects

This implies that a trivially copyable class has no virtual functions or virtual base classes.

通过模版std::is_trivially_copyable可以检验一个类是否trivially copyable。

trivial constructor/destructor

• 编译器定义的构造/析构函数
• 用=default定义的构造析构函数

trivial class

The standard defines a trivial class as follows:

A trivially copyable class is a class that:

• has no non-trivial copy constructors (12.8),
• has no non-trivial move constructors (12.8),
• has no non-trivial copy assignment operators (13.5.3, 12.8),
• has no non-trivial move assignment operators (13.5.3, 12.8), and
• has a trivial destructor (12.4).

A trivial class is a class that has a trivial default constructor (12.1) and is trivially copyable.

[ Note: In particular, a trivially copyable or trivial class does not have virtual functions or virtual base classes. ]
另外trivial class是递归的，即trivial class不能有非trivial class的非static成员。
用模版std::is_trivial来测试

standard layout

A standard-layout class is a class that:

• has no non-static data members of type non-standard-layout class (or array of such types) or reference,

• has no virtual functions (10.3) and no virtual base classes (10.1),

• has the same access control (Clause 11) for all non-static data members,

• has no non-standard-layout base classes,

• either has no non-static data members in the most derived class and at most one base class with non-static data members, or has no base classes with non-static data members, (要么终点类没有非静态成员，并且只有一个基类有非静态成员；要么没有基类有非静态成员)，and

• has no base classes of the same type as the first non-static data member.

A standard-layout struct is a standard-layout class defined with the class-key struct or the class-key class.

A standard-layout union is a standard-layout class defined with the class-key union.

[ Note: Standard-layout classes are useful for communicating with code written in other programming languages. Their layout is specified in 9.2.]

标准内存分布，确保对象内存和C语言的结构体内存分布完全一致。使得POD变量具备了C兼容性。
用模版std::is_standard_layout可以测试

总结

用std::is_pod来测试你的类吧。

参考文献

1. What are Aggregates and PODs and how/why are they special?
2. C++对象模型（三）POD

C++11的列表初始化

在C语言和C++98/03中，大括号可以用来初始化数组，例如：

int a[] = {1, 2, 3};
int b[4] = {1, 2, 3, 4}; // 如果个数不足的，用0初始化

C++11将这类大括号初始化，扩展到自定义类型，但需要满足一定的条件，否则会编译报错。

参考C++11新特性之列表初始化、POD、聚合类

1. C++98/03标准中对于普通数组和POD类型可以直接使用列表初始化；
2. C++11标准中对于普通数组和聚合类型可以直接使用列表初始化；
3. C++11标准中对于非聚合类型可以通过自定义构造函数的方式使用列表初始化。

C++11新特性之列表初始化提到非聚合类型不能使用列表初始化是不对的。实验证明，不论是不是聚合类型，均可以采用列表初始化。

class A {
	public:
		A(int a1) {}
		A(std::initializer_list<int> l) {}
	private:
		int a {12};
};
int main()
{
	A a = {123};
    ...
}

首先声明A a={123}或者A a{123}这两种构造方法是一致的。
其次，对于这种构造方法，编译器会先尝试用A(std::initializer_list<int> l)去匹配，如果不成功，则会尝试A(int)，如果这两种构造函数都未定义，就会编译报错。
另外，成员变量也可以采用就地初始化, 虽然这会导致类成为非聚合类，但并不妨碍其采用列表初始化方法。使用虚函数，有基类的效果都是一样的，不影响列表初始化方法的使用。

C++11中的几种初始化方法

1. 就地初始化

class A {
	private:
		int a1 {12};
        double a2 = {12.0};
        float a3 = 12.0
        B b{123}
        C c = {123};
};

2. 构造函数初始化列表

class A {
    public:
        A() : a(123), b(456) {}
	private:
        int a;
        int b;
};

3. 列表初始化

class A {
    public:
        A(int, int) {}
        A(std::initializer_list<int, int>) {}
	private:
        int a;
        int b;
};
void main ()
{
    // 优先匹配A(std::initializer_list<int, int>)
    // 再匹配A(int, int)
    // 否则报错
    A a {123, 456};
}

• 就地初始化会最先得到执行，构造函数初始化列表会覆盖就地初始化的值
• 如果采用初始化列表，即a{...}初始化，std::initializer_list<T>的构造函数会优先得到执行
• 如果采用原生构造函数，即a(int)初始化，A(init)优先得到执行

什么是initializer-list

摘录C++11新特性之列表初始化-初始化列表

1. 它是一个轻量级的容器类型，内部定义了迭代器iterator等容器必须的一些概念。
2. initialzer-list<T>来说，它可以接受任意长度的初始化列表，但是元素必须是要相同的或者可以转换为T类型的。
3. 三个成员接口，begin(),end(),size(),其中size()返回initialzer-list的长度。
4. 能被整体的初始化和赋值，遍历只能通过begin和end迭代器来，遍历取得的数据是可读的，是不能对单个进行修改的。

注意一：
initialzer-list<T>保存的是T类型的引用，并不对T类型的数据进行拷贝，因此需要注意变量的生存期

std::initializer_list<int> func(void)
{
    return{ 2, 3 };
}
void main()
{
    auto c = func();
    for (auto it = c.begin(); it != c.end(); it++)
		std::cout << it - c.begin() << ":" << (*it) << std::endl;
}

此处打印是乱的。因为func返回的是右值引用，在退出函数后失效。

注意二：
列表初始化防止类型收窄

int a = 1.1; //OK
int b{ 1.1 }; //error
 
float f1 = 1e40; //OK, 科学计数法10^40
float f2{ 1e40 }; //error
 
const int x = 1024, y = 1;
char c = x; //OK
char d{ x };//error
char e = y;//error
char f{ y };//error

参考文献

initializer_list - cppreference.com

C++11新特性之列表初始化

C++11新特性之列表初始化、POD、聚合类

在Linux中，一个进程拉起另一个进程的流程大致如下：

PHN2ZyBpZD0iZHQ4bnhmMW9lbTQiIHdpZHRoPSIxMDAlIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHN0eWxlPSJtYXgtd2lkdGg6IDYxMC43OTY4NzVweDsiIHZpZXdCb3g9IjAgMCA2MTAuNzk2ODc1IDEzOC41NjI1Ij48c3R5bGU+CgoKI2R0OG54ZjFvZW00IC5sYWJlbCB7CiAgZm9udC1mYW1pbHk6ICd0cmVidWNoZXQgbXMnLCB2ZXJkYW5hLCBhcmlhbDsKICBjb2xvcjogIzMzMzsgfQoKI2R0OG54ZjFvZW00IC5ub2RlIHJlY3QsCiNkdDhueGYxb2VtNCAubm9kZSBjaXJjbGUsCiNkdDhueGYxb2VtNCAubm9kZSBlbGxpcHNlLAojZHQ4bnhmMW9lbTQgLm5vZGUgcG9seWdvbiB7CiAgZmlsbDogI0VDRUNGRjsKICBzdHJva2U6ICM5MzcwREI7CiAgc3Ryb2tlLXdpZHRoOiAxcHg7IH0KCiNkdDhueGYxb2VtNCAubm9kZS5jbGlja2FibGUgewogIGN1cnNvcjogcG9pbnRlcjsgfQoKI2R0OG54ZjFvZW00IC5hcnJvd2hlYWRQYXRoIHsKICBmaWxsOiAjMzMzMzMzOyB9CgojZHQ4bnhmMW9lbTQgLmVkZ2VQYXRoIC5wYXRoIHsKICBzdHJva2U6ICMzMzMzMzM7CiAgc3Ryb2tlLXdpZHRoOiAxLjVweDsgfQoKI2R0OG54ZjFvZW00IC5lZGdlTGFiZWwgewogIGJhY2tncm91bmQtY29sb3I6ICNlOGU4ZTg7IH0KCiNkdDhueGYxb2VtNCAuY2x1c3RlciByZWN0IHsKICBmaWxsOiAjZmZmZmRlICFpbXBvcnRhbnQ7CiAgc3Ryb2tlOiAjYWFhYTMzICFpbXBvcnRhbnQ7CiAgc3Ryb2tlLXdpZHRoOiAxcHggIWltcG9ydGFudDsgfQoKI2R0OG54ZjFvZW00IC5jbHVzdGVyIHRleHQgewogIGZpbGw6ICMzMzM7IH0KCiNkdDhueGYxb2VtNCBkaXYubWVybWFpZFRvb2x0aXAgewogIHBvc2l0aW9uOiBhYnNvbHV0ZTsKICB0ZXh0LWFsaWduOiBjZW50ZXI7CiAgbWF4LXdpZHRoOiAyMDBweDsKICBwYWRkaW5nOiAycHg7CiAgZm9udC1mYW1pbHk6ICd0cmVidWNoZXQgbXMnLCB2ZXJkYW5hLCBhcmlhbDsKICBmb250LXNpemU6IDEycHg7CiAgYmFja2dyb3VuZDogI2ZmZmZkZTsKICBib3JkZXI6IDFweCBzb2xpZCAjYWFhYTMzOwogIGJvcmRlci1yYWRpdXM6IDJweDsKICBwb2ludGVyLWV2ZW50czogbm9uZTsKICB6LWluZGV4OiAxMDA7IH0KCiNkdDhueGYxb2VtNCAuYWN0b3IgewogIHN0cm9rZTogI0NDQ0NGRjsKICBmaWxsOiAjRUNFQ0ZGOyB9CgojZHQ4bnhmMW9lbTQgdGV4dC5hY3RvciB7CiAgZmlsbDogYmxhY2s7CiAgc3Ryb2tlOiBub25lOyB9CgojZHQ4bnhmMW9lbTQgLmFjdG9yLWxpbmUgewogIHN0cm9rZTogZ3JleTsgfQoKI2R0OG54ZjFvZW00IC5tZXNzYWdlTGluZTAgewogIHN0cm9rZS13aWR0aDogMS41OwogIHN0cm9rZS1kYXNoYXJyYXk6ICcyIDInOwogIHN0cm9rZTogIzMzMzsgfQoKI2R0OG54ZjFvZW00IC5tZXNzYWdlTGluZTEgewogIHN0cm9rZS13aWR0aDogMS41OwogIHN0cm9rZS1kYXNoYXJyYXk6ICcyIDInOwogIHN0cm9rZTogIzMzMzsgfQoKI2R0OG54ZjFvZW00ICNhcnJvd2hlYWQgewogIGZpbGw6ICMzMzM7IH0KCiNkdDhueGYxb2VtNCAjY3Jvc3NoZWFkIHBhdGggewogIGZpbGw6ICMzMzMgIWltcG9ydGFudDsKICBzdHJva2U6ICMzMzMgIWltcG9ydGFudDsgfQoKI2R0OG54ZjFvZW00IC5tZXNzYWdlVGV4dCB7CiAgZmlsbDogIzMzMzsKICBzdHJva2U6IG5vbmU7IH0KCiNkdDhueGYxb2VtNCAubGFiZWxCb3ggewogIHN0cm9rZTogI0NDQ0NGRjsKICBmaWxsOiAjRUNFQ0ZGOyB9CgojZHQ4bnhmMW9lbTQgLmxhYmVsVGV4dCB7CiAgZmlsbDogYmxhY2s7CiAgc3Ryb2tlOiBub25lOyB9CgojZHQ4bnhmMW9lbTQgLmxvb3BUZXh0IHsKICBmaWxsOiBibGFjazsKICBzdHJva2U6IG5vbmU7IH0KCiNkdDhueGYxb2VtNCAubG9vcExpbmUgewogIHN0cm9rZS13aWR0aDogMjsKICBzdHJva2UtZGFzaGFycmF5OiAnMiAyJzsKICBzdHJva2U6ICNDQ0NDRkY7IH0KCiNkdDhueGYxb2VtNCAubm90ZSB7CiAgc3Ryb2tlOiAjYWFhYTMzOwogIGZpbGw6ICNmZmY1YWQ7IH0KCiNkdDhueGYxb2VtNCAubm90ZVRleHQgewogIGZpbGw6IGJsYWNrOwogIHN0cm9rZTogbm9uZTsKICBmb250LWZhbWlseTogJ3RyZWJ1Y2hldCBtcycsIHZlcmRhbmEsIGFyaWFsOwogIGZvbnQtc2l6ZTogMTRweDsgfQoKI2R0OG54ZjFvZW00IC5hY3RpdmF0aW9uMCB7CiAgZmlsbDogI2Y0ZjRmNDsKICBzdHJva2U6ICM2NjY7IH0KCiNkdDhueGYxb2VtNCAuYWN0aXZhdGlvbjEgewogIGZpbGw6ICNmNGY0ZjQ7CiAgc3Ryb2tlOiAjNjY2OyB9CgojZHQ4bnhmMW9lbTQgLmFjdGl2YXRpb24yIHsKICBmaWxsOiAjZjRmNGY0OwogIHN0cm9rZTogIzY2NjsgfQoKCiNkdDhueGYxb2VtNCAuc2VjdGlvbiB7CiAgc3Ryb2tlOiBub25lOwogIG9wYWNpdHk6IDAuMjsgfQoKI2R0OG54ZjFvZW00IC5zZWN0aW9uMCB7CiAgZmlsbDogcmdiYSgxMDIsIDEwMiwgMjU1LCAwLjQ5KTsgfQoKI2R0OG54ZjFvZW00IC5zZWN0aW9uMiB7CiAgZmlsbDogI2ZmZjQwMDsgfQoKI2R0OG54ZjFvZW00IC5zZWN0aW9uMSwKI2R0OG54ZjFvZW00IC5zZWN0aW9uMyB7CiAgZmlsbDogd2hpdGU7CiAgb3BhY2l0eTogMC4yOyB9CgojZHQ4bnhmMW9lbTQgLnNlY3Rpb25UaXRsZTAgewogIGZpbGw6ICMzMzM7IH0KCiNkdDhueGYxb2VtNCAuc2VjdGlvblRpdGxlMSB7CiAgZmlsbDogIzMzMzsgfQoKI2R0OG54ZjFvZW00IC5zZWN0aW9uVGl0bGUyIHsKICBmaWxsOiAjMzMzOyB9CgojZHQ4bnhmMW9lbTQgLnNlY3Rpb25UaXRsZTMgewogIGZpbGw6ICMzMzM7IH0KCiNkdDhueGYxb2VtNCAuc2VjdGlvblRpdGxlIHsKICB0ZXh0LWFuY2hvcjogc3RhcnQ7CiAgZm9udC1zaXplOiAxMXB4OwogIHRleHQtaGVpZ2h0OiAxNHB4OyB9CgoKI2R0OG54ZjFvZW00IC5ncmlkIC50aWNrIHsKICBzdHJva2U6IGxpZ2h0Z3JleTsKICBvcGFjaXR5OiAwLjM7CiAgc2hhcGUtcmVuZGVyaW5nOiBjcmlzcEVkZ2VzOyB9CgojZHQ4bnhmMW9lbTQgLmdyaWQgcGF0aCB7CiAgc3Ryb2tlLXdpZHRoOiAwOyB9CgoKI2R0OG54ZjFvZW00IC50b2RheSB7CiAgZmlsbDogbm9uZTsKICBzdHJva2U6IHJlZDsKICBzdHJva2Utd2lkdGg6IDJweDsgfQoKCgojZHQ4bnhmMW9lbTQgLnRhc2sgewogIHN0cm9rZS13aWR0aDogMjsgfQoKI2R0OG54ZjFvZW00IC50YXNrVGV4dCB7CiAgdGV4dC1hbmNob3I6IG1pZGRsZTsKICBmb250LXNpemU6IDExcHg7IH0KCiNkdDhueGYxb2VtNCAudGFza1RleHRPdXRzaWRlUmlnaHQgewogIGZpbGw6IGJsYWNrOwogIHRleHQtYW5jaG9yOiBzdGFydDsKICBmb250LXNpemU6IDExcHg7IH0KCiNkdDhueGYxb2VtNCAudGFza1RleHRPdXRzaWRlTGVmdCB7CiAgZmlsbDogYmxhY2s7CiAgdGV4dC1hbmNob3I6IGVuZDsKICBmb250LXNpemU6IDExcHg7IH0KCgojZHQ4bnhmMW9lbTQgLnRhc2tUZXh0MCwKI2R0OG54ZjFvZW00IC50YXNrVGV4dDEsCiNkdDhueGYxb2VtNCAudGFza1RleHQyLAojZHQ4bnhmMW9lbTQgLnRhc2tUZXh0MyB7CiAgZmlsbDogd2hpdGU7IH0KCiNkdDhueGYxb2VtNCAudGFzazAsCiNkdDhueGYxb2VtNCAudGFzazEsCiNkdDhueGYxb2VtNCAudGFzazIsCiNkdDhueGYxb2VtNCAudGFzazMgewogIGZpbGw6ICM4YTkwZGQ7CiAgc3Ryb2tlOiAjNTM0ZmJjOyB9CgojZHQ4bnhmMW9lbTQgLnRhc2tUZXh0T3V0c2lkZTAsCiNkdDhueGYxb2VtNCAudGFza1RleHRPdXRzaWRlMiB7CiAgZmlsbDogYmxhY2s7IH0KCiNkdDhueGYxb2VtNCAudGFza1RleHRPdXRzaWRlMSwKI2R0OG54ZjFvZW00IC50YXNrVGV4dE91dHNpZGUzIHsKICBmaWxsOiBibGFjazsgfQoKCiNkdDhueGYxb2VtNCAuYWN0aXZlMCwKI2R0OG54ZjFvZW00IC5hY3RpdmUxLAojZHQ4bnhmMW9lbTQgLmFjdGl2ZTIsCiNkdDhueGYxb2VtNCAuYWN0aXZlMyB7CiAgZmlsbDogI2JmYzdmZjsKICBzdHJva2U6ICM1MzRmYmM7IH0KCiNkdDhueGYxb2VtNCAuYWN0aXZlVGV4dDAsCiNkdDhueGYxb2VtNCAuYWN0aXZlVGV4dDEsCiNkdDhueGYxb2VtNCAuYWN0aXZlVGV4dDIsCiNkdDhueGYxb2VtNCAuYWN0aXZlVGV4dDMgewogIGZpbGw6IGJsYWNrICFpbXBvcnRhbnQ7IH0KCgojZHQ4bnhmMW9lbTQgLmRvbmUwLAojZHQ4bnhmMW9lbTQgLmRvbmUxLAojZHQ4bnhmMW9lbTQgLmRvbmUyLAojZHQ4bnhmMW9lbTQgLmRvbmUzIHsKICBzdHJva2U6IGdyZXk7CiAgZmlsbDogbGlnaHRncmV5OwogIHN0cm9rZS13aWR0aDogMjsgfQoKI2R0OG54ZjFvZW00IC5kb25lVGV4dDAsCiNkdDhueGYxb2VtNCAuZG9uZVRleHQxLAojZHQ4bnhmMW9lbTQgLmRvbmVUZXh0MiwKI2R0OG54ZjFvZW00IC5kb25lVGV4dDMgewogIGZpbGw6IGJsYWNrICFpbXBvcnRhbnQ7IH0KCgojZHQ4bnhmMW9lbTQgLmNyaXQwLAojZHQ4bnhmMW9lbTQgLmNyaXQxLAojZHQ4bnhmMW9lbTQgLmNyaXQyLAojZHQ4bnhmMW9lbTQgLmNyaXQzIHsKICBzdHJva2U6ICNmZjg4ODg7CiAgZmlsbDogcmVkOwogIHN0cm9rZS13aWR0aDogMjsgfQoKI2R0OG54ZjFvZW00IC5hY3RpdmVDcml0MCwKI2R0OG54ZjFvZW00IC5hY3RpdmVDcml0MSwKI2R0OG54ZjFvZW00IC5hY3RpdmVDcml0MiwKI2R0OG54ZjFvZW00IC5hY3RpdmVDcml0MyB7CiAgc3Ryb2tlOiAjZmY4ODg4OwogIGZpbGw6ICNiZmM3ZmY7CiAgc3Ryb2tlLXdpZHRoOiAyOyB9CgojZHQ4bnhmMW9lbTQgLmRvbmVDcml0MCwKI2R0OG54ZjFvZW00IC5kb25lQ3JpdDEsCiNkdDhueGYxb2VtNCAuZG9uZUNyaXQyLAojZHQ4bnhmMW9lbTQgLmRvbmVDcml0MyB7CiAgc3Ryb2tlOiAjZmY4ODg4OwogIGZpbGw6IGxpZ2h0Z3JleTsKICBzdHJva2Utd2lkdGg6IDI7CiAgY3Vyc29yOiBwb2ludGVyOwogIHNoYXBlLXJlbmRlcmluZzogY3Jpc3BFZGdlczsgfQoKI2R0OG54ZjFvZW00IC5kb25lQ3JpdFRleHQwLAojZHQ4bnhmMW9lbTQgLmRvbmVDcml0VGV4dDEsCiNkdDhueGYxb2VtNCAuZG9uZUNyaXRUZXh0MiwKI2R0OG54ZjFvZW00IC5kb25lQ3JpdFRleHQzIHsKICBmaWxsOiBibGFjayAhaW1wb3J0YW50OyB9CgojZHQ4bnhmMW9lbTQgLmFjdGl2ZUNyaXRUZXh0MCwKI2R0OG54ZjFvZW00IC5hY3RpdmVDcml0VGV4dDEsCiNkdDhueGYxb2VtNCAuYWN0aXZlQ3JpdFRleHQyLAojZHQ4bnhmMW9lbTQgLmFjdGl2ZUNyaXRUZXh0MyB7CiAgZmlsbDogYmxhY2sgIWltcG9ydGFudDsgfQoKI2R0OG54ZjFvZW00IC50aXRsZVRleHQgewogIHRleHQtYW5jaG9yOiBtaWRkbGU7CiAgZm9udC1zaXplOiAxOHB4OwogIGZpbGw6IGJsYWNrOyB9CgojZHQ4bnhmMW9lbTQgZy5jbGFzc0dyb3VwIHRleHQgewogIGZpbGw6ICM5MzcwREI7CiAgc3Ryb2tlOiBub25lOwogIGZvbnQtZmFtaWx5OiAndHJlYnVjaGV0IG1zJywgdmVyZGFuYSwgYXJpYWw7CiAgZm9udC1zaXplOiAxMHB4OyB9CgojZHQ4bnhmMW9lbTQgZy5jbGFzc0dyb3VwIHJlY3QgewogIGZpbGw6ICNFQ0VDRkY7CiAgc3Ryb2tlOiAjOTM3MERCOyB9CgojZHQ4bnhmMW9lbTQgZy5jbGFzc0dyb3VwIGxpbmUgewogIHN0cm9rZTogIzkzNzBEQjsKICBzdHJva2Utd2lkdGg6IDE7IH0KCiNkdDhueGYxb2VtNCAuY2xhc3NMYWJlbCAuYm94IHsKICBzdHJva2U6IG5vbmU7CiAgc3Ryb2tlLXdpZHRoOiAwOwogIGZpbGw6ICNFQ0VDRkY7CiAgb3BhY2l0eTogMC41OyB9CgojZHQ4bnhmMW9lbTQgLmNsYXNzTGFiZWwgLmxhYmVsIHsKICBmaWxsOiAjOTM3MERCOwogIGZvbnQtc2l6ZTogMTBweDsgfQoKI2R0OG54ZjFvZW00IC5yZWxhdGlvbiB7CiAgc3Ryb2tlOiAjOTM3MERCOwogIHN0cm9rZS13aWR0aDogMTsKICBmaWxsOiBub25lOyB9CgojZHQ4bnhmMW9lbTQgI2NvbXBvc2l0aW9uU3RhcnQgewogIGZpbGw6ICM5MzcwREI7CiAgc3Ryb2tlOiAjOTM3MERCOwogIHN0cm9rZS13aWR0aDogMTsgfQoKI2R0OG54ZjFvZW00ICNjb21wb3NpdGlvbkVuZCB7CiAgZmlsbDogIzkzNzBEQjsKICBzdHJva2U6ICM5MzcwREI7CiAgc3Ryb2tlLXdpZHRoOiAxOyB9CgojZHQ4bnhmMW9lbTQgI2FnZ3JlZ2F0aW9uU3RhcnQgewogIGZpbGw6ICNFQ0VDRkY7CiAgc3Ryb2tlOiAjOTM3MERCOwogIHN0cm9rZS13aWR0aDogMTsgfQoKI2R0OG54ZjFvZW00ICNhZ2dyZWdhdGlvbkVuZCB7CiAgZmlsbDogI0VDRUNGRjsKICBzdHJva2U6ICM5MzcwREI7CiAgc3Ryb2tlLXdpZHRoOiAxOyB9CgojZHQ4bnhmMW9lbTQgI2RlcGVuZGVuY3lTdGFydCB7CiAgZmlsbDogIzkzNzBEQjsKICBzdHJva2U6ICM5MzcwREI7CiAgc3Ryb2tlLXdpZHRoOiAxOyB9CgojZHQ4bnhmMW9lbTQgI2RlcGVuZGVuY3lFbmQgewogIGZpbGw6ICM5MzcwREI7CiAgc3Ryb2tlOiAjOTM3MERCOwogIHN0cm9rZS13aWR0aDogMTsgfQoKI2R0OG54ZjFvZW00ICNleHRlbnNpb25TdGFydCB7CiAgZmlsbDogIzkzNzBEQjsKICBzdHJva2U6ICM5MzcwREI7CiAgc3Ryb2tlLXdpZHRoOiAxOyB9CgojZHQ4bnhmMW9lbTQgI2V4dGVuc2lvbkVuZCB7CiAgZmlsbDogIzkzNzBEQjsKICBzdHJva2U6ICM5MzcwREI7CiAgc3Ryb2tlLXdpZHRoOiAxOyB9CgojZHQ4bnhmMW9lbTQgLmNvbW1pdC1pZCwKI2R0OG54ZjFvZW00IC5jb21taXQtbXNnLAojZHQ4bnhmMW9lbTQgLmJyYW5jaC1sYWJlbCB7CiAgZmlsbDogbGlnaHRncmV5OwogIGNvbG9yOiBsaWdodGdyZXk7IH0KCgoKI2R0OG54ZjFvZW00IC5sYWJlbHsKICBjb2xvcjojMThCMTRFOwp9CiNkdDhueGYxb2VtNCAudGUtbWQtY29udGFpbmVyLS1kYXJrIC5ub2RlIHJlY3QgewogIGZpbGw6IHJlZDsKfQoKI2R0OG54ZjFvZW00IC5ub2RlIHJlY3QsCiNkdDhueGYxb2VtNCAubm9kZSBjaXJjbGUsCiNkdDhueGYxb2VtNCAubm9kZSBlbGxpcHNlLAojZHQ4bnhmMW9lbTQgLm5vZGUgcG9seWdvbiB7CiAgZmlsbDogI0Y5RkZGQjs7CiAgc3Ryb2tlOiAjMkRCRDYwOwogIHN0cm9rZS13aWR0aDogMS41cHg7Cn0KI2R0OG54ZjFvZW00IC5hcnJvd2hlYWRQYXRoewogIGZpbGw6ICMyREJENjA7Cn0KI2R0OG54ZjFvZW00IC5lZGdlUGF0aCAucGF0aCB7CiAgc3Ryb2tlOiAjMkRCRDYwOwogIHN0cm9rZS13aWR0aDogMXB4Owp9CiNkdDhueGYxb2VtNCAuZWRnZUxhYmVsIHsKICBiYWNrZ3JvdW5kLWNvbG9yOiAjZmZmOwp9CiNkdDhueGYxb2VtNCAuY2x1c3RlciByZWN0IHsKICBmaWxsOiAjRjlGRkZCICFpbXBvcnRhbnQ7CiAgc3Ryb2tlOiAjMkRCRDYwICFpbXBvcnRhbnQ7CiAgc3Ryb2tlLXdpZHRoOiAxcHggIWltcG9ydGFudDsKfQoKI2R0OG54ZjFvZW00IC5jbHVzdGVyIHRleHQgewogIGZpbGw6ICNGOUZGRkI7Cn0KCiNkdDhueGYxb2VtNCBkaXYubWVybWFpZFRvb2x0aXAgewogIGJhY2tncm91bmQ6ICNGOUZGRkI7CiAgYm9yZGVyOiAxcHggc29saWQgIzJEQkQ2MDsKfQoKCiNkdDhueGYxb2VtNCAuYWN0b3IgewogIHN0cm9rZTogIzJEQkQ2MDsKICBmaWxsOiAjRjlGRkZCOwp9CgojZHQ4bnhmMW9lbTQgdGV4dC5hY3RvciB7CiAgZmlsbDogIzJEQkQ2MDsKICBzdHJva2U6IG5vbmU7Cn0KCiNkdDhueGYxb2VtNCAuYWN0b3ItbGluZSB7CiAgc3Ryb2tlOiAjMkRCRDYwOwp9CgojZHQ4bnhmMW9lbTQgLm1lc3NhZ2VMaW5lMCB7CiAgc3Ryb2tlLXdpZHRoOiAxLjU7CiAgc3Ryb2tlLWRhc2hhcnJheTogJzIgMic7CiAgbWFya2VyLWVuZDogJ3VybCgjYXJyb3doZWFkKSc7CiAgc3Ryb2tlOiAjMkRCRDYwOwp9CgojZHQ4bnhmMW9lbTQgLm1lc3NhZ2VMaW5lMSB7CiAgc3Ryb2tlLXdpZHRoOiAxLjU7CiAgc3Ryb2tlLWRhc2hhcnJheTogJzIgMic7CiAgc3Ryb2tlOiAjMkRCRDYwOwp9CgojZHQ4bnhmMW9lbTQgI2Fycm93aGVhZCB7CiAgZmlsbDogIzJEQkQ2MDsKfQoKI2R0OG54ZjFvZW00ICNjcm9zc2hlYWQgcGF0aCB7CiAgZmlsbDogIzJEQkQ2MCAhaW1wb3J0YW50OwogIHN0cm9rZTogIzJEQkQ2MCAhaW1wb3J0YW50Owp9CgojZHQ4bnhmMW9lbTQgLm1lc3NhZ2VUZXh0IHsKICBmaWxsOiAjMkRCRDYwOwogIHN0cm9rZTogbm9uZTsKfQoKI2R0OG54ZjFvZW00IC5sYWJlbEJveCB7CiAgc3Ryb2tlOiAjMkRCRDYwOwogIGZpbGw6ICNGOUZGRkI7Cn0KCiNkdDhueGYxb2VtNCAubGFiZWxUZXh0IHsKICBmaWxsOiAjMkRCRDYwOwogIHN0cm9rZTogIzJEQkQ2MDsKfQoKI2R0OG54ZjFvZW00IC5sb29wVGV4dCB7CiAgZmlsbDogIzJEQkQ2MDsKICBzdHJva2U6ICMyREJENjA7Cn0KCiNkdDhueGYxb2VtNCAubG9vcExpbmUgewogIHN0cm9rZS13aWR0aDogMjsKICBzdHJva2UtZGFzaGFycmF5OiAnMiAyJzsKICBtYXJrZXItZW5kOiAndXJsKCNhcnJvd2hlYWQpJzsKICBzdHJva2U6ICMyREJENjA7Cn0KCiNkdDhueGYxb2VtNCAubm90ZSB7CiAgc3Ryb2tlOiAjMkRCRDYwOwogIGZpbGw6ICNGOUZGRkI7Cn0KCiNkdDhueGYxb2VtNCAubm90ZVRleHQgewogIGZpbGw6ICMyREJENjA7CiAgc3Ryb2tlOiAjMkRCRDYwOwp9CgoKI2R0OG54ZjFvZW00IC5zZWN0aW9uewogIG9wYWNpdHk6MTsKfQojZHQ4bnhmMW9lbTQgLnNlY3Rpb24wLCNkdDhueGYxb2VtNCAgLnNlY3Rpb24yIHsKICBmaWxsOiAjRUNGN0YwOwp9CgojZHQ4bnhmMW9lbTQgLnNlY3Rpb24xLAojZHQ4bnhmMW9lbTQgLnNlY3Rpb24zIHsKICBmaWxsOiAjRkZGOwp9CiNkdDhueGYxb2VtNCAudGFza1RleHQwLAojZHQ4bnhmMW9lbTQgLnRhc2tUZXh0MSwKI2R0OG54ZjFvZW00IC50YXNrVGV4dDIsCiNkdDhueGYxb2VtNCAudGFza1RleHQzIHsKICBmaWxsOiAjZmZmOwp9CgojZHQ4bnhmMW9lbTQgLnRhc2swLAojZHQ4bnhmMW9lbTQgLnRhc2sxLAojZHQ4bnhmMW9lbTQgLnRhc2syLAojZHQ4bnhmMW9lbTQgLnRhc2szIHsKICBmaWxsOiAjMkRCRDYwOwogIHN0cm9rZTogIzM1OUY1QTsKfQo8L3N0eWxlPjxzdHlsZT4jZHQ4bnhmMW9lbTQgewogICAgY29sb3I6IHJnYigyNDQsIDI0NCwgMjQ0KTsKICAgIGZvbnQ6IG5vcm1hbCBub3JtYWwgbm9ybWFsIG5vcm1hbCAxNHB4LzIyLjM5OTk5OTYxODUzMDI3M3B4IG1vbm9zcGFjZTsKICB9PC9zdHlsZT48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMTIsIC0xMikiPjxnIGNsYXNzPSJvdXRwdXQiPjxnIGNsYXNzPSJjbHVzdGVycyI+PC9nPjxnIGNsYXNzPSJlZGdlUGF0aHMiPjxnIGNsYXNzPSJlZGdlUGF0aCIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cGF0aCBjbGFzcz0icGF0aCIgZD0iTTEyOC40MDYyNSw4MS4yODEyNUwxNTMuNDA2MjUsODEuMjgxMjVMMTc4LjQwNjI1LDgxLjI4MTI1IiBtYXJrZXItZW5kPSJ1cmwoI2Fycm93aGVhZDE1NTU5KSIgc3R5bGU9InN0cm9rZTogIzMzMzsgc3Ryb2tlLXdpZHRoOiAxLjVweDtmaWxsOm5vbmUiPjwvcGF0aD48ZGVmcz48bWFya2VyIGlkPSJhcnJvd2hlYWQxNTU1OSIgdmlld0JveD0iMCAwIDEwIDEwIiByZWZYPSI5IiByZWZZPSI1IiBtYXJrZXJVbml0cz0ic3Ryb2tlV2lkdGgiIG1hcmtlcldpZHRoPSI4IiBtYXJrZXJIZWlnaHQ9IjYiIG9yaWVudD0iYXV0byI+PHBhdGggZD0iTSAwIDAgTCAxMCA1IEwgMCAxMCB6IiBjbGFzcz0iYXJyb3doZWFkUGF0aCIgc3R5bGU9InN0cm9rZS13aWR0aDogMXB4OyBzdHJva2UtZGFzaGFycmF5OiAxcHgsIDBweDsiPjwvcGF0aD48L21hcmtlcj48L2RlZnM+PC9nPjxnIGNsYXNzPSJlZGdlUGF0aCIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cGF0aCBjbGFzcz0icGF0aCIgZD0iTTIyNi43ODEyNSw2NC4yNjg5NzQ0OTM2OTUwN0wyNjMuOTI5Njg3NSwzOC4xNDA2MjVMMzAxLjA3ODEyNSwzOC4xNDA2MjUiIG1hcmtlci1lbmQ9InVybCgjYXJyb3doZWFkMTU1NjApIiBzdHlsZT0ic3Ryb2tlOiAjMzMzOyBzdHJva2Utd2lkdGg6IDEuNXB4O2ZpbGw6bm9uZSI+PC9wYXRoPjxkZWZzPjxtYXJrZXIgaWQ9ImFycm93aGVhZDE1NTYwIiB2aWV3Qm94PSIwIDAgMTAgMTAiIHJlZlg9IjkiIHJlZlk9IjUiIG1hcmtlclVuaXRzPSJzdHJva2VXaWR0aCIgbWFya2VyV2lkdGg9IjgiIG1hcmtlckhlaWdodD0iNiIgb3JpZW50PSJhdXRvIj48cGF0aCBkPSJNIDAgMCBMIDEwIDUgTCAwIDEwIHoiIGNsYXNzPSJhcnJvd2hlYWRQYXRoIiBzdHlsZT0ic3Ryb2tlLXdpZHRoOiAxcHg7IHN0cm9rZS1kYXNoYXJyYXk6IDFweCwgMHB4OyI+PC9wYXRoPjwvbWFya2VyPjwvZGVmcz48L2c+PGcgY2xhc3M9ImVkZ2VQYXRoIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxwYXRoIGNsYXNzPSJwYXRoIiBkPSJNMjI2Ljc4MTI1LDk4LjI5MzUyNTUwNjMwNDkzTDI2My45Mjk2ODc1LDEyNC40MjE4NzVMMzI1LjczNDM3NSwxMjQuNDIxODc1TDM4OS41NTQ2ODc1LDEyNC40MjE4NzVMNDUyLjI5Njg3NSwxMjQuNDIxODc1IiBtYXJrZXItZW5kPSJ1cmwoI2Fycm93aGVhZDE1NTYxKSIgc3R5bGU9InN0cm9rZTogIzMzMzsgc3Ryb2tlLXdpZHRoOiAxLjVweDtmaWxsOm5vbmUiPjwvcGF0aD48ZGVmcz48bWFya2VyIGlkPSJhcnJvd2hlYWQxNTU2MSIgdmlld0JveD0iMCAwIDEwIDEwIiByZWZYPSI5IiByZWZZPSI1IiBtYXJrZXJVbml0cz0ic3Ryb2tlV2lkdGgiIG1hcmtlcldpZHRoPSI4IiBtYXJrZXJIZWlnaHQ9IjYiIG9yaWVudD0iYXV0byI+PHBhdGggZD0iTSAwIDAgTCAxMCA1IEwgMCAxMCB6IiBjbGFzcz0iYXJyb3doZWFkUGF0aCIgc3R5bGU9InN0cm9rZS13aWR0aDogMXB4OyBzdHJva2UtZGFzaGFycmF5OiAxcHgsIDBweDsiPjwvcGF0aD48L21hcmtlcj48L2RlZnM+PC9nPjxnIGNsYXNzPSJlZGdlUGF0aCIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cGF0aCBjbGFzcz0icGF0aCIgZD0iTTM1MC4zOTA2MjUsMzguMTQwNjI1TDM4OS41NTQ2ODc1LDM4LjE0MDYyNUw0MjguNzE4NzUsMzguMTQwNjI1IiBtYXJrZXItZW5kPSJ1cmwoI2Fycm93aGVhZDE1NTYyKSIgc3R5bGU9InN0cm9rZTogIzMzMzsgc3Ryb2tlLXdpZHRoOiAxLjVweDtmaWxsOm5vbmUiPjwvcGF0aD48ZGVmcz48bWFya2VyIGlkPSJhcnJvd2hlYWQxNTU2MiIgdmlld0JveD0iMCAwIDEwIDEwIiByZWZYPSI5IiByZWZZPSI1IiBtYXJrZXJVbml0cz0ic3Ryb2tlV2lkdGgiIG1hcmtlcldpZHRoPSI4IiBtYXJrZXJIZWlnaHQ9IjYiIG9yaWVudD0iYXV0byI+PHBhdGggZD0iTSAwIDAgTCAxMCA1IEwgMCAxMCB6IiBjbGFzcz0iYXJyb3doZWFkUGF0aCIgc3R5bGU9InN0cm9rZS13aWR0aDogMXB4OyBzdHJva2UtZGFzaGFycmF5OiAxcHgsIDBweDsiPjwvcGF0aD48L21hcmtlcj48L2RlZnM+PC9nPjxnIGNsYXNzPSJlZGdlUGF0aCIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cGF0aCBjbGFzcz0icGF0aCIgZD0iTTUyMi4yOTY4NzUsMzguMTQwNjI1TDU0Ny4yOTY4NzUsMzguMTQwNjI1TDU3NC4wOTg3NTgzNzU1ODg1LDYzLjE0MDYyNSIgbWFya2VyLWVuZD0idXJsKCNhcnJvd2hlYWQxNTU2MykiIHN0eWxlPSJzdHJva2U6ICMzMzM7IHN0cm9rZS13aWR0aDogMS41cHg7ZmlsbDpub25lIj48L3BhdGg+PGRlZnM+PG1hcmtlciBpZD0iYXJyb3doZWFkMTU1NjMiIHZpZXdCb3g9IjAgMCAxMCAxMCIgcmVmWD0iOSIgcmVmWT0iNSIgbWFya2VyVW5pdHM9InN0cm9rZVdpZHRoIiBtYXJrZXJXaWR0aD0iOCIgbWFya2VySGVpZ2h0PSI2IiBvcmllbnQ9ImF1dG8iPjxwYXRoIGQ9Ik0gMCAwIEwgMTAgNSBMIDAgMTAgeiIgY2xhc3M9ImFycm93aGVhZFBhdGgiIHN0eWxlPSJzdHJva2Utd2lkdGg6IDFweDsgc3Ryb2tlLWRhc2hhcnJheTogMXB4LCAwcHg7Ij48L3BhdGg+PC9tYXJrZXI+PC9kZWZzPjwvZz48ZyBjbGFzcz0iZWRnZVBhdGgiIHN0eWxlPSJvcGFjaXR5OiAxOyI+PHBhdGggY2xhc3M9InBhdGgiIGQ9Ik00OTguNzE4NzUsMTI0LjQyMTg3NUw1NDcuMjk2ODc1LDEyNC40MjE4NzVMNTc0LjA5ODc1ODM3NTU4ODUsOTkuNDIxODc1IiBtYXJrZXItZW5kPSJ1cmwoI2Fycm93aGVhZDE1NTY0KSIgc3R5bGU9InN0cm9rZTogIzMzMzsgc3Ryb2tlLXdpZHRoOiAxLjVweDtmaWxsOm5vbmUiPjwvcGF0aD48ZGVmcz48bWFya2VyIGlkPSJhcnJvd2hlYWQxNTU2NCIgdmlld0JveD0iMCAwIDEwIDEwIiByZWZYPSI5IiByZWZZPSI1IiBtYXJrZXJVbml0cz0ic3Ryb2tlV2lkdGgiIG1hcmtlcldpZHRoPSI4IiBtYXJrZXJIZWlnaHQ9IjYiIG9yaWVudD0iYXV0byI+PHBhdGggZD0iTSAwIDAgTCAxMCA1IEwgMCAxMCB6IiBjbGFzcz0iYXJyb3doZWFkUGF0aCIgc3R5bGU9InN0cm9rZS13aWR0aDogMXB4OyBzdHJva2UtZGFzaGFycmF5OiAxcHgsIDBweDsiPjwvcGF0aD48L21hcmtlcj48L2RlZnM+PC9nPjwvZz48ZyBjbGFzcz0iZWRnZUxhYmVscyI+PGcgY2xhc3M9ImVkZ2VMYWJlbCIgc3R5bGU9Im9wYWNpdHk6IDE7IiB0cmFuc2Zvcm09IiI+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwwKSIgY2xhc3M9ImxhYmVsIj48cmVjdCByeD0iMCIgcnk9IjAiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIHN0eWxlPSJmaWxsOiNlOGU4ZTg7Ij48L3JlY3Q+PHRleHQ+PHRzcGFuIHhtbDpzcGFjZT0icHJlc2VydmUiIGR5PSIxZW0iIHg9IjEiPjwvdHNwYW4+PC90ZXh0PjwvZz48L2c+PGcgY2xhc3M9ImVkZ2VMYWJlbCIgc3R5bGU9Im9wYWNpdHk6IDE7IiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgyNjMuOTI5Njg3NSwzOC4xNDA2MjUpIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMTYuMzU5Mzc1LC04LjAwNzgxMjUpIiBjbGFzcz0ibGFiZWwiPjxyZWN0IHJ4PSIwIiByeT0iMCIgd2lkdGg9IjI0LjI5Njg3NSIgaGVpZ2h0PSIxNi4yODEyNSIgc3R5bGU9ImZpbGw6I2U4ZThlODsiPjwvcmVjdD48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+Zm9yazwvdHNwYW4+PC90ZXh0PjwvZz48L2c+PGcgY2xhc3M9ImVkZ2VMYWJlbCIgc3R5bGU9Im9wYWNpdHk6IDE7IiB0cmFuc2Zvcm09IiI+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwwKSIgY2xhc3M9ImxhYmVsIj48cmVjdCByeD0iMCIgcnk9IjAiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIHN0eWxlPSJmaWxsOiNlOGU4ZTg7Ij48L3JlY3Q+PHRleHQ+PHRzcGFuIHhtbDpzcGFjZT0icHJlc2VydmUiIGR5PSIxZW0iIHg9IjEiPjwvdHNwYW4+PC90ZXh0PjwvZz48L2c+PGcgY2xhc3M9ImVkZ2VMYWJlbCIgc3R5bGU9Im9wYWNpdHk6IDE7IiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgzODkuNTU0Njg3NSwzOC4xNDA2MjUpIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMTYuMzU5Mzc1LC04LjAwNzgxMjUpIiBjbGFzcz0ibGFiZWwiPjxyZWN0IHJ4PSIwIiByeT0iMCIgd2lkdGg9IjI4LjMyODEyNSIgaGVpZ2h0PSIxNi4yODEyNSIgc3R5bGU9ImZpbGw6I2U4ZThlODsiPjwvcmVjdD48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+ZXhlYzwvdHNwYW4+PC90ZXh0PjwvZz48L2c+PGcgY2xhc3M9ImVkZ2VMYWJlbCIgc3R5bGU9Im9wYWNpdHk6IDE7IiB0cmFuc2Zvcm09IiI+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwwKSIgY2xhc3M9ImxhYmVsIj48cmVjdCByeD0iMCIgcnk9IjAiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIHN0eWxlPSJmaWxsOiNlOGU4ZTg7Ij48L3JlY3Q+PHRleHQ+PHRzcGFuIHhtbDpzcGFjZT0icHJlc2VydmUiIGR5PSIxZW0iIHg9IjEiPjwvdHNwYW4+PC90ZXh0PjwvZz48L2c+PGcgY2xhc3M9ImVkZ2VMYWJlbCIgc3R5bGU9Im9wYWNpdHk6IDE7IiB0cmFuc2Zvcm09IiI+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwwKSIgY2xhc3M9ImxhYmVsIj48cmVjdCByeD0iMCIgcnk9IjAiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIHN0eWxlPSJmaWxsOiNlOGU4ZTg7Ij48L3JlY3Q+PHRleHQ+PHRzcGFuIHhtbDpzcGFjZT0icHJlc2VydmUiIGR5PSIxZW0iIHg9IjEiPjwvdHNwYW4+PC90ZXh0PjwvZz48L2c+PC9nPjxnIGNsYXNzPSJub2RlcyI+PGcgY2xhc3M9Im5vZGUiIHN0eWxlPSJvcGFjaXR5OiAxOyIgaWQ9IkYiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDc0LjIwMzEyNSw4MS4yODEyNSkiPjxyZWN0IHJ4PSIwIiByeT0iMCIgeD0iLTU0LjIwMzEyNSIgeT0iLTE4LjE0MDYyNSIgd2lkdGg9IjEwOC40MDYyNSIgaGVpZ2h0PSIzNi4yODEyNSI+PC9yZWN0PjxnIGNsYXNzPSJsYWJlbCIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwwKSI+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTQ0LjIwMzEyNSwtOC4xNDA2MjUpIj48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+cGFyZW50IHByb2Nlc3M8L3RzcGFuPjwvdGV4dD48L2c+PC9nPjwvZz48ZyBjbGFzcz0ibm9kZSIgc3R5bGU9Im9wYWNpdHk6IDE7IiBpZD0iQSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMjAyLjU5Mzc1LDgxLjI4MTI1KSI+PHJlY3Qgcng9IjAiIHJ5PSIwIiB4PSItMjQuMTg3NSIgeT0iLTE4LjE0MDYyNSIgd2lkdGg9IjQ4LjM3NSIgaGVpZ2h0PSIzNi4yODEyNSI+PC9yZWN0PjxnIGNsYXNzPSJsYWJlbCIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwwKSI+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTE0LjE4NzUsLTguMTQwNjI1KSI+PHRleHQ+PHRzcGFuIHhtbDpzcGFjZT0icHJlc2VydmUiIGR5PSIxZW0iIHg9IjEiPnN0YXJ0PC90c3Bhbj48L3RleHQ+PC9nPjwvZz48L2c+PGcgY2xhc3M9Im5vZGUiIHN0eWxlPSJvcGFjaXR5OiAxOyIgaWQ9IkIiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDMyNS43MzQzNzUsMzguMTQwNjI1KSI+PHJlY3Qgcng9IjAiIHJ5PSIwIiB4PSItMjQuNjU2MjUiIHk9Ii0xOC4xNDA2MjUiIHdpZHRoPSI0OS4zMTI1IiBoZWlnaHQ9IjM2LjI4MTI1Ij48L3JlY3Q+PGcgY2xhc3M9ImxhYmVsIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMTQuNjU2MjUsLTguMTQwNjI1KSI+PHRleHQ+PHRzcGFuIHhtbDpzcGFjZT0icHJlc2VydmUiIGR5PSIxZW0iIHg9IjEiPmNoaWxkPC90c3Bhbj48L3RleHQ+PC9nPjwvZz48L2c+PGcgY2xhc3M9Im5vZGUiIHN0eWxlPSJvcGFjaXR5OiAxOyIgaWQ9IkMiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDQ3NS41MDc4MTI1LDEyNC40MjE4NzUpIj48cmVjdCByeD0iMCIgcnk9IjAiIHg9Ii0yMy4yMTA5Mzc1IiB5PSItMTguMTQwNjI1IiB3aWR0aD0iNDYuNDIxODc1IiBoZWlnaHQ9IjM2LjI4MTI1Ij48L3JlY3Q+PGcgY2xhc3M9ImxhYmVsIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMTMuMjEwOTM3NSwtOC4xNDA2MjUpIj48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+d2FpdDwvdHNwYW4+PC90ZXh0PjwvZz48L2c+PC9nPjxnIGNsYXNzPSJub2RlIiBzdHlsZT0ib3BhY2l0eTogMTsiIGlkPSJEIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg0NzUuNTA3ODEyNSwzOC4xNDA2MjUpIj48cmVjdCByeD0iMCIgcnk9IjAiIHg9Ii00Ni43ODkwNjI1IiB5PSItMTguMTQwNjI1IiB3aWR0aD0iOTMuNTc4MTI1IiBoZWlnaHQ9IjM2LjI4MTI1Ij48L3JlY3Q+PGcgY2xhc3M9ImxhYmVsIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMzYuNzg5MDYyNSwtOC4xNDA2MjUpIj48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+bmV3IHByb2Nlc3M8L3RzcGFuPjwvdGV4dD48L2c+PC9nPjwvZz48ZyBjbGFzcz0ibm9kZSIgc3R5bGU9Im9wYWNpdHk6IDE7IiBpZD0iRSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoNTkzLjU0Njg3NSw4MS4yODEyNSkiPjxyZWN0IHJ4PSIwIiByeT0iMCIgeD0iLTIxLjI1IiB5PSItMTguMTQwNjI1IiB3aWR0aD0iNDIuNSIgaGVpZ2h0PSIzNi4yODEyNSI+PC9yZWN0PjxnIGNsYXNzPSJsYWJlbCIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwwKSI+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTExLjI1LC04LjE0MDYyNSkiPjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj5lbmQ8L3RzcGFuPjwvdGV4dD48L2c+PC9nPjwvZz48L2c+PC9nPjwvZz48L3N2Zz4=

最常见的就是通过shell终端执行命令。此场景下，/bin/bash就是这个parent process，而要执行的那个命令就是new process。
Linux有一些特性，可以使得创建出的进程比拉起的进程权限高。例如可执行文件配置了set-user-ID位，则拉起的进程就是root权限，而其父进程有可能是普通用户权限。如果可执行文件配置了file capability，则创建出的进程就具备了某些capability，如果父进程没有这些capability，则这也是一种权限放大的场景。
当发生这种权限放大的场景时，Linux的安全特性要求，此时子进程中的某些敏感环境变量会被清空，例如：LD_PRELOAD,LD_LIBRARY_PATH。由于这些环境变量都是从父进程继承过来的，如果不清空，则表明会使用高权限级别执行这些环境变量指定的可执行代码。

LD_LIBRARY_PATH

参考文献[1]，ld.so搜索动态库的顺序如下：

1. DT_PATH指定的库文件（deprecated）
2. LD_LIBRARY_PATH指定的库文件
3. DT_RUNPATH指定的库文件
4. /etc/ld.so.cache这个二进制文件指定的库文件，该文件通过ldconfig命令生成
5. In the default path /lib, and then /usr/lib. (On some 64-bit architectures, the default paths for 64-bit shared objects are /lib64, and then /usr/lib64.) If the binary was linked with the -z nodeflib linker option, this step is skipped.

所以针对LD_LIBRARY_PATH，除了第二条的方法失效，其他的都可以用。

LD_PRELOAD

那针对LD_PRELOAD，是不是就没法用呢？其实也不是。
在没有setcap以及set-user-ID的情况下，如果ld.so需要预加载一个库文件，指定方法在文献[1]中同样有描述：

1. The LD_PRELOAD environment variable.
2. The --preload command-line option when invoking the dynamic linker directly.
3. The /etc/ld.so.preload file.

在secure-execution模式下，方法2和方法3均不受影响。方法1也仍然可以使用。但是需要一些特殊的设置，在[1]中也有描述。

In secure-execution mode, preload pathnames containing slashes are ignored. Furthermore, shared objects are preloaded only from the standard search directories and only if they have set-user-ID mode bit enabled (which is not typical).

综上，需要3点配置：

• LD_PRELOAD环境变量指定的库文件不能包含斜线'/'
• 库文件只会从标准路径下加载。这里标准路径可以参考LD_LIBRARY_PATH中的描述。注意，此时ld.so只会搜索标准路径，不会搜索通过其他手段配置的路径（如上一节描述的）。
• 库文件必须使能了set-user-id位

示例代码

代码目录树：

[ben@localhost test]$ tree .
.
├── lib.c
├── libtest.so
├── main
├── main.c
├── test
└── test.c

main.c生成main可执行程序，test.c生成test可执行程序，lib.c生成libtest.so。

// main.c

#include <stdio.h>
#include <unistd.h>
#include <sys/wait.h>

int main()
{
        pid_t pid = fork();
        if (pid == 0) {
                char *envp[] = {
                        "LD_PRELOAD=libtest.so",
                        // "LD_PRELOAD=./libtest.so",
                        NULL
                };
                char *argv[] = {
                        "test",
                        NULL
                };
                int err = execve("./test", argv, envp);
        }
        else {
                int status;
                wait(&status);
        }
        return 0;
}

// test.c
#include <stdio.h>
#include <stdlib.h>

int main ()
{
        const char *preload = getenv("LD_PRELOAD");
        printf("LD_PRELOAD = %s\n", preload);
        return 0;
}

// lib.c
#include <stdio.h>

static void func(void) __attribute__((constructor));
void func(void)
{
        printf("I'm libtest.so loaded\n");
}

在test可执行程序是普通的二进制时，输出为

[ben@localhost test]$ ./main
I'm libtest.so loaded
LD_PRELOAD = ./libtest.so

当test配置了capability以后：

[ben@localhost test]$ sudo setcap cap_net_admin,cap_net_raw=eip ./test
[ben@localhost test]$ ./main
LD_PRELOAD = (null)

可见LD_PRELOAD指定libtest.so未被加载，且LD_PRELOAD环境变量被清空了。

LD_PRELOAD不含斜线

[ben@localhost test]$ ./main
ERROR: ld.so: object 'libtest.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.
LD_PRELOAD = (null)

LD_PRELOAD仍然被清空了，但ld.so似乎尝试去加载libtest.so了，但是没找着。

将libtest.so放入标准路径

如果没有配置set-user-id位：

[ben@localhost test]$ ./main
ERROR: ld.so: object 'libtest.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.
LD_PRELOAD = (null)

仍然提示找不到。如果设置了set-user-id位：

[ben@localhost test]$ sudo chmod a+s /usr/lib64/libtest.so 
[ben@localhost test]$ ./main
I'm libtest.so loaded
LD_PRELOAD = (null)

在满足上一节提到的3个条件时，libteso.so就可以正常加载了。
看看如果放到/usr/lib下面会怎么样？

[ben@localhost test]$ ls /usr/lib/libtest.so -l
-rwsr-sr-x. 1 root root 8208 1月  24 19:48 /usr/lib/libtest.so
[ben@localhost test]$ ./main
ERROR: ld.so: object 'libtest.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.
LD_PRELOAD = (null)

看看还是一样找不到。可见在x64平台上，/usr/lib并非标准路径，而/usr/lib64以及/lib64才是

参考文献

[1] ld.so(8) — Linux manual page

[2] Stackoverflow - Does using linux capabilities disables LD_PRELOAD

RBAC, Role Based Access Control, 是SELinux的另一个重要的特性。但他并不是一种独立的控制方式，而是对TEAC的一种补充。其主要的作用是，构建SELinux提供的进程级的MAC机制与Linux的用户系统的映射关系。

RBAC工作原理

RBAC并不提供强制访问控制，而是通过user，role，type之间的对应关系，来控制type_transition策略能否成功。

role vs. type

role based最基本的就是定义role到type到对应关系。使用role语句可以实现：role role_name [types type_set];。例如：

role user_r types user_t;
role user_r types { staff_t, admin_t };

• role定义是累积的，即后面的对应关系不会覆盖前面语句定义的对应关系，而只会追加这种关系
• role语句通常定义在type声明附近，以确保该对应关系被及时定义

定义子role (period)
A period is used to indicate restrictions on the set of types that may be assigned to a role. For example, the set of types for a role called apache.cgi must be a subset of the type set of a role called apache.

role语句定义的基本逻辑就是，定义了role=>{ types }集合的映射关系。当发生type transition时，如果转换后的{role，type}组合未定义，则视为权限错误。从这个层面看，role对应的是主体type，即domain type，而非object type。

特殊的role: object_r

object_r是内核SELinux模块预定义的一个role，无需在policy中声明。而这个object_r被专门用来定义客体的安全上下文。

user vs. role

user是对role的再一次扩充，通过user将role与Linux user的映射关系建立起来。SELinux的用户系统独立于Linux用户系统。通过seusers文件或者semanage user命令可以定义他们之间的映射关系。但实际可定义的自由度并没有那么高。

The design decision for SELinux to have a distinct user identifier (rather than share that of Linux) is motivated by the desire to create an immutable SELinux user identifier.

定义一个user与role的映射关系，可以使用user语句：user user_name roles { role_set };
user语句所体现的逻辑和role语句类似，即定义了user=>{ roles }集合的映射关系。当应用启动时发生role transition时，如果转换后的{user, role}未定义，则视为权限错误。

当SELinux通过RBAC，建立起user=>role=>type的映射关系以后，还获得了一个好处。Linux系统的用户数可能很多，而用户的类型很少。用户并不是为了定义权限的，不同的用户之间的使用数据需要隔离。但往往一类用户的权限是相同的。例如超级用户，管理员用户，普通用户等等。系统的权限集最小粒度由domain定义。可能每个进程的权限不同，也可能一组进程的权限相同。但往往domain的数量也很庞大。如果没有RBAC，我们需要定义user到domain到映射。这样也不是不能做，但却不太优雅。每次新增用户时，需要为新增用户绑定一堆domain。定义了role之后，role相当于较稳定的一层抽象，role到types的映射关系是在定义type时候就定义了的。增加新user的时候，只要定义user到role的映射即可。这就是引入RBAC的原因。

PHN2ZyBpZD0iZGpkaWlmNXVnZ3UiIHdpZHRoPSIxMDAlIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHN0eWxlPSJtYXgtd2lkdGg6IDI2OS43NjU2MjVweDsiIHZpZXdCb3g9IjAgMCAyNjkuNzY1NjI1IDIyNC44NDM3NSI+PHN0eWxlPgoKCiNkamRpaWY1dWdndSAubGFiZWwgewogIGZvbnQtZmFtaWx5OiAndHJlYnVjaGV0IG1zJywgdmVyZGFuYSwgYXJpYWw7CiAgY29sb3I6ICMzMzM7IH0KCiNkamRpaWY1dWdndSAubm9kZSByZWN0LAojZGpkaWlmNXVnZ3UgLm5vZGUgY2lyY2xlLAojZGpkaWlmNXVnZ3UgLm5vZGUgZWxsaXBzZSwKI2RqZGlpZjV1Z2d1IC5ub2RlIHBvbHlnb24gewogIGZpbGw6ICNFQ0VDRkY7CiAgc3Ryb2tlOiAjOTM3MERCOwogIHN0cm9rZS13aWR0aDogMXB4OyB9CgojZGpkaWlmNXVnZ3UgLm5vZGUuY2xpY2thYmxlIHsKICBjdXJzb3I6IHBvaW50ZXI7IH0KCiNkamRpaWY1dWdndSAuYXJyb3doZWFkUGF0aCB7CiAgZmlsbDogIzMzMzMzMzsgfQoKI2RqZGlpZjV1Z2d1IC5lZGdlUGF0aCAucGF0aCB7CiAgc3Ryb2tlOiAjMzMzMzMzOwogIHN0cm9rZS13aWR0aDogMS41cHg7IH0KCiNkamRpaWY1dWdndSAuZWRnZUxhYmVsIHsKICBiYWNrZ3JvdW5kLWNvbG9yOiAjZThlOGU4OyB9CgojZGpkaWlmNXVnZ3UgLmNsdXN0ZXIgcmVjdCB7CiAgZmlsbDogI2ZmZmZkZSAhaW1wb3J0YW50OwogIHN0cm9rZTogI2FhYWEzMyAhaW1wb3J0YW50OwogIHN0cm9rZS13aWR0aDogMXB4ICFpbXBvcnRhbnQ7IH0KCiNkamRpaWY1dWdndSAuY2x1c3RlciB0ZXh0IHsKICBmaWxsOiAjMzMzOyB9CgojZGpkaWlmNXVnZ3UgZGl2Lm1lcm1haWRUb29sdGlwIHsKICBwb3NpdGlvbjogYWJzb2x1dGU7CiAgdGV4dC1hbGlnbjogY2VudGVyOwogIG1heC13aWR0aDogMjAwcHg7CiAgcGFkZGluZzogMnB4OwogIGZvbnQtZmFtaWx5OiAndHJlYnVjaGV0IG1zJywgdmVyZGFuYSwgYXJpYWw7CiAgZm9udC1zaXplOiAxMnB4OwogIGJhY2tncm91bmQ6ICNmZmZmZGU7CiAgYm9yZGVyOiAxcHggc29saWQgI2FhYWEzMzsKICBib3JkZXItcmFkaXVzOiAycHg7CiAgcG9pbnRlci1ldmVudHM6IG5vbmU7CiAgei1pbmRleDogMTAwOyB9CgojZGpkaWlmNXVnZ3UgLmFjdG9yIHsKICBzdHJva2U6ICNDQ0NDRkY7CiAgZmlsbDogI0VDRUNGRjsgfQoKI2RqZGlpZjV1Z2d1IHRleHQuYWN0b3IgewogIGZpbGw6IGJsYWNrOwogIHN0cm9rZTogbm9uZTsgfQoKI2RqZGlpZjV1Z2d1IC5hY3Rvci1saW5lIHsKICBzdHJva2U6IGdyZXk7IH0KCiNkamRpaWY1dWdndSAubWVzc2FnZUxpbmUwIHsKICBzdHJva2Utd2lkdGg6IDEuNTsKICBzdHJva2UtZGFzaGFycmF5OiAnMiAyJzsKICBzdHJva2U6ICMzMzM7IH0KCiNkamRpaWY1dWdndSAubWVzc2FnZUxpbmUxIHsKICBzdHJva2Utd2lkdGg6IDEuNTsKICBzdHJva2UtZGFzaGFycmF5OiAnMiAyJzsKICBzdHJva2U6ICMzMzM7IH0KCiNkamRpaWY1dWdndSAjYXJyb3doZWFkIHsKICBmaWxsOiAjMzMzOyB9CgojZGpkaWlmNXVnZ3UgI2Nyb3NzaGVhZCBwYXRoIHsKICBmaWxsOiAjMzMzICFpbXBvcnRhbnQ7CiAgc3Ryb2tlOiAjMzMzICFpbXBvcnRhbnQ7IH0KCiNkamRpaWY1dWdndSAubWVzc2FnZVRleHQgewogIGZpbGw6ICMzMzM7CiAgc3Ryb2tlOiBub25lOyB9CgojZGpkaWlmNXVnZ3UgLmxhYmVsQm94IHsKICBzdHJva2U6ICNDQ0NDRkY7CiAgZmlsbDogI0VDRUNGRjsgfQoKI2RqZGlpZjV1Z2d1IC5sYWJlbFRleHQgewogIGZpbGw6IGJsYWNrOwogIHN0cm9rZTogbm9uZTsgfQoKI2RqZGlpZjV1Z2d1IC5sb29wVGV4dCB7CiAgZmlsbDogYmxhY2s7CiAgc3Ryb2tlOiBub25lOyB9CgojZGpkaWlmNXVnZ3UgLmxvb3BMaW5lIHsKICBzdHJva2Utd2lkdGg6IDI7CiAgc3Ryb2tlLWRhc2hhcnJheTogJzIgMic7CiAgc3Ryb2tlOiAjQ0NDQ0ZGOyB9CgojZGpkaWlmNXVnZ3UgLm5vdGUgewogIHN0cm9rZTogI2FhYWEzMzsKICBmaWxsOiAjZmZmNWFkOyB9CgojZGpkaWlmNXVnZ3UgLm5vdGVUZXh0IHsKICBmaWxsOiBibGFjazsKICBzdHJva2U6IG5vbmU7CiAgZm9udC1mYW1pbHk6ICd0cmVidWNoZXQgbXMnLCB2ZXJkYW5hLCBhcmlhbDsKICBmb250LXNpemU6IDE0cHg7IH0KCiNkamRpaWY1dWdndSAuYWN0aXZhdGlvbjAgewogIGZpbGw6ICNmNGY0ZjQ7CiAgc3Ryb2tlOiAjNjY2OyB9CgojZGpkaWlmNXVnZ3UgLmFjdGl2YXRpb24xIHsKICBmaWxsOiAjZjRmNGY0OwogIHN0cm9rZTogIzY2NjsgfQoKI2RqZGlpZjV1Z2d1IC5hY3RpdmF0aW9uMiB7CiAgZmlsbDogI2Y0ZjRmNDsKICBzdHJva2U6ICM2NjY7IH0KCgojZGpkaWlmNXVnZ3UgLnNlY3Rpb24gewogIHN0cm9rZTogbm9uZTsKICBvcGFjaXR5OiAwLjI7IH0KCiNkamRpaWY1dWdndSAuc2VjdGlvbjAgewogIGZpbGw6IHJnYmEoMTAyLCAxMDIsIDI1NSwgMC40OSk7IH0KCiNkamRpaWY1dWdndSAuc2VjdGlvbjIgewogIGZpbGw6ICNmZmY0MDA7IH0KCiNkamRpaWY1dWdndSAuc2VjdGlvbjEsCiNkamRpaWY1dWdndSAuc2VjdGlvbjMgewogIGZpbGw6IHdoaXRlOwogIG9wYWNpdHk6IDAuMjsgfQoKI2RqZGlpZjV1Z2d1IC5zZWN0aW9uVGl0bGUwIHsKICBmaWxsOiAjMzMzOyB9CgojZGpkaWlmNXVnZ3UgLnNlY3Rpb25UaXRsZTEgewogIGZpbGw6ICMzMzM7IH0KCiNkamRpaWY1dWdndSAuc2VjdGlvblRpdGxlMiB7CiAgZmlsbDogIzMzMzsgfQoKI2RqZGlpZjV1Z2d1IC5zZWN0aW9uVGl0bGUzIHsKICBmaWxsOiAjMzMzOyB9CgojZGpkaWlmNXVnZ3UgLnNlY3Rpb25UaXRsZSB7CiAgdGV4dC1hbmNob3I6IHN0YXJ0OwogIGZvbnQtc2l6ZTogMTFweDsKICB0ZXh0LWhlaWdodDogMTRweDsgfQoKCiNkamRpaWY1dWdndSAuZ3JpZCAudGljayB7CiAgc3Ryb2tlOiBsaWdodGdyZXk7CiAgb3BhY2l0eTogMC4zOwogIHNoYXBlLXJlbmRlcmluZzogY3Jpc3BFZGdlczsgfQoKI2RqZGlpZjV1Z2d1IC5ncmlkIHBhdGggewogIHN0cm9rZS13aWR0aDogMDsgfQoKCiNkamRpaWY1dWdndSAudG9kYXkgewogIGZpbGw6IG5vbmU7CiAgc3Ryb2tlOiByZWQ7CiAgc3Ryb2tlLXdpZHRoOiAycHg7IH0KCgoKI2RqZGlpZjV1Z2d1IC50YXNrIHsKICBzdHJva2Utd2lkdGg6IDI7IH0KCiNkamRpaWY1dWdndSAudGFza1RleHQgewogIHRleHQtYW5jaG9yOiBtaWRkbGU7CiAgZm9udC1zaXplOiAxMXB4OyB9CgojZGpkaWlmNXVnZ3UgLnRhc2tUZXh0T3V0c2lkZVJpZ2h0IHsKICBmaWxsOiBibGFjazsKICB0ZXh0LWFuY2hvcjogc3RhcnQ7CiAgZm9udC1zaXplOiAxMXB4OyB9CgojZGpkaWlmNXVnZ3UgLnRhc2tUZXh0T3V0c2lkZUxlZnQgewogIGZpbGw6IGJsYWNrOwogIHRleHQtYW5jaG9yOiBlbmQ7CiAgZm9udC1zaXplOiAxMXB4OyB9CgoKI2RqZGlpZjV1Z2d1IC50YXNrVGV4dDAsCiNkamRpaWY1dWdndSAudGFza1RleHQxLAojZGpkaWlmNXVnZ3UgLnRhc2tUZXh0MiwKI2RqZGlpZjV1Z2d1IC50YXNrVGV4dDMgewogIGZpbGw6IHdoaXRlOyB9CgojZGpkaWlmNXVnZ3UgLnRhc2swLAojZGpkaWlmNXVnZ3UgLnRhc2sxLAojZGpkaWlmNXVnZ3UgLnRhc2syLAojZGpkaWlmNXVnZ3UgLnRhc2szIHsKICBmaWxsOiAjOGE5MGRkOwogIHN0cm9rZTogIzUzNGZiYzsgfQoKI2RqZGlpZjV1Z2d1IC50YXNrVGV4dE91dHNpZGUwLAojZGpkaWlmNXVnZ3UgLnRhc2tUZXh0T3V0c2lkZTIgewogIGZpbGw6IGJsYWNrOyB9CgojZGpkaWlmNXVnZ3UgLnRhc2tUZXh0T3V0c2lkZTEsCiNkamRpaWY1dWdndSAudGFza1RleHRPdXRzaWRlMyB7CiAgZmlsbDogYmxhY2s7IH0KCgojZGpkaWlmNXVnZ3UgLmFjdGl2ZTAsCiNkamRpaWY1dWdndSAuYWN0aXZlMSwKI2RqZGlpZjV1Z2d1IC5hY3RpdmUyLAojZGpkaWlmNXVnZ3UgLmFjdGl2ZTMgewogIGZpbGw6ICNiZmM3ZmY7CiAgc3Ryb2tlOiAjNTM0ZmJjOyB9CgojZGpkaWlmNXVnZ3UgLmFjdGl2ZVRleHQwLAojZGpkaWlmNXVnZ3UgLmFjdGl2ZVRleHQxLAojZGpkaWlmNXVnZ3UgLmFjdGl2ZVRleHQyLAojZGpkaWlmNXVnZ3UgLmFjdGl2ZVRleHQzIHsKICBmaWxsOiBibGFjayAhaW1wb3J0YW50OyB9CgoKI2RqZGlpZjV1Z2d1IC5kb25lMCwKI2RqZGlpZjV1Z2d1IC5kb25lMSwKI2RqZGlpZjV1Z2d1IC5kb25lMiwKI2RqZGlpZjV1Z2d1IC5kb25lMyB7CiAgc3Ryb2tlOiBncmV5OwogIGZpbGw6IGxpZ2h0Z3JleTsKICBzdHJva2Utd2lkdGg6IDI7IH0KCiNkamRpaWY1dWdndSAuZG9uZVRleHQwLAojZGpkaWlmNXVnZ3UgLmRvbmVUZXh0MSwKI2RqZGlpZjV1Z2d1IC5kb25lVGV4dDIsCiNkamRpaWY1dWdndSAuZG9uZVRleHQzIHsKICBmaWxsOiBibGFjayAhaW1wb3J0YW50OyB9CgoKI2RqZGlpZjV1Z2d1IC5jcml0MCwKI2RqZGlpZjV1Z2d1IC5jcml0MSwKI2RqZGlpZjV1Z2d1IC5jcml0MiwKI2RqZGlpZjV1Z2d1IC5jcml0MyB7CiAgc3Ryb2tlOiAjZmY4ODg4OwogIGZpbGw6IHJlZDsKICBzdHJva2Utd2lkdGg6IDI7IH0KCiNkamRpaWY1dWdndSAuYWN0aXZlQ3JpdDAsCiNkamRpaWY1dWdndSAuYWN0aXZlQ3JpdDEsCiNkamRpaWY1dWdndSAuYWN0aXZlQ3JpdDIsCiNkamRpaWY1dWdndSAuYWN0aXZlQ3JpdDMgewogIHN0cm9rZTogI2ZmODg4ODsKICBmaWxsOiAjYmZjN2ZmOwogIHN0cm9rZS13aWR0aDogMjsgfQoKI2RqZGlpZjV1Z2d1IC5kb25lQ3JpdDAsCiNkamRpaWY1dWdndSAuZG9uZUNyaXQxLAojZGpkaWlmNXVnZ3UgLmRvbmVDcml0MiwKI2RqZGlpZjV1Z2d1IC5kb25lQ3JpdDMgewogIHN0cm9rZTogI2ZmODg4ODsKICBmaWxsOiBsaWdodGdyZXk7CiAgc3Ryb2tlLXdpZHRoOiAyOwogIGN1cnNvcjogcG9pbnRlcjsKICBzaGFwZS1yZW5kZXJpbmc6IGNyaXNwRWRnZXM7IH0KCiNkamRpaWY1dWdndSAuZG9uZUNyaXRUZXh0MCwKI2RqZGlpZjV1Z2d1IC5kb25lQ3JpdFRleHQxLAojZGpkaWlmNXVnZ3UgLmRvbmVDcml0VGV4dDIsCiNkamRpaWY1dWdndSAuZG9uZUNyaXRUZXh0MyB7CiAgZmlsbDogYmxhY2sgIWltcG9ydGFudDsgfQoKI2RqZGlpZjV1Z2d1IC5hY3RpdmVDcml0VGV4dDAsCiNkamRpaWY1dWdndSAuYWN0aXZlQ3JpdFRleHQxLAojZGpkaWlmNXVnZ3UgLmFjdGl2ZUNyaXRUZXh0MiwKI2RqZGlpZjV1Z2d1IC5hY3RpdmVDcml0VGV4dDMgewogIGZpbGw6IGJsYWNrICFpbXBvcnRhbnQ7IH0KCiNkamRpaWY1dWdndSAudGl0bGVUZXh0IHsKICB0ZXh0LWFuY2hvcjogbWlkZGxlOwogIGZvbnQtc2l6ZTogMThweDsKICBmaWxsOiBibGFjazsgfQoKI2RqZGlpZjV1Z2d1IGcuY2xhc3NHcm91cCB0ZXh0IHsKICBmaWxsOiAjOTM3MERCOwogIHN0cm9rZTogbm9uZTsKICBmb250LWZhbWlseTogJ3RyZWJ1Y2hldCBtcycsIHZlcmRhbmEsIGFyaWFsOwogIGZvbnQtc2l6ZTogMTBweDsgfQoKI2RqZGlpZjV1Z2d1IGcuY2xhc3NHcm91cCByZWN0IHsKICBmaWxsOiAjRUNFQ0ZGOwogIHN0cm9rZTogIzkzNzBEQjsgfQoKI2RqZGlpZjV1Z2d1IGcuY2xhc3NHcm91cCBsaW5lIHsKICBzdHJva2U6ICM5MzcwREI7CiAgc3Ryb2tlLXdpZHRoOiAxOyB9CgojZGpkaWlmNXVnZ3UgLmNsYXNzTGFiZWwgLmJveCB7CiAgc3Ryb2tlOiBub25lOwogIHN0cm9rZS13aWR0aDogMDsKICBmaWxsOiAjRUNFQ0ZGOwogIG9wYWNpdHk6IDAuNTsgfQoKI2RqZGlpZjV1Z2d1IC5jbGFzc0xhYmVsIC5sYWJlbCB7CiAgZmlsbDogIzkzNzBEQjsKICBmb250LXNpemU6IDEwcHg7IH0KCiNkamRpaWY1dWdndSAucmVsYXRpb24gewogIHN0cm9rZTogIzkzNzBEQjsKICBzdHJva2Utd2lkdGg6IDE7CiAgZmlsbDogbm9uZTsgfQoKI2RqZGlpZjV1Z2d1ICNjb21wb3NpdGlvblN0YXJ0IHsKICBmaWxsOiAjOTM3MERCOwogIHN0cm9rZTogIzkzNzBEQjsKICBzdHJva2Utd2lkdGg6IDE7IH0KCiNkamRpaWY1dWdndSAjY29tcG9zaXRpb25FbmQgewogIGZpbGw6ICM5MzcwREI7CiAgc3Ryb2tlOiAjOTM3MERCOwogIHN0cm9rZS13aWR0aDogMTsgfQoKI2RqZGlpZjV1Z2d1ICNhZ2dyZWdhdGlvblN0YXJ0IHsKICBmaWxsOiAjRUNFQ0ZGOwogIHN0cm9rZTogIzkzNzBEQjsKICBzdHJva2Utd2lkdGg6IDE7IH0KCiNkamRpaWY1dWdndSAjYWdncmVnYXRpb25FbmQgewogIGZpbGw6ICNFQ0VDRkY7CiAgc3Ryb2tlOiAjOTM3MERCOwogIHN0cm9rZS13aWR0aDogMTsgfQoKI2RqZGlpZjV1Z2d1ICNkZXBlbmRlbmN5U3RhcnQgewogIGZpbGw6ICM5MzcwREI7CiAgc3Ryb2tlOiAjOTM3MERCOwogIHN0cm9rZS13aWR0aDogMTsgfQoKI2RqZGlpZjV1Z2d1ICNkZXBlbmRlbmN5RW5kIHsKICBmaWxsOiAjOTM3MERCOwogIHN0cm9rZTogIzkzNzBEQjsKICBzdHJva2Utd2lkdGg6IDE7IH0KCiNkamRpaWY1dWdndSAjZXh0ZW5zaW9uU3RhcnQgewogIGZpbGw6ICM5MzcwREI7CiAgc3Ryb2tlOiAjOTM3MERCOwogIHN0cm9rZS13aWR0aDogMTsgfQoKI2RqZGlpZjV1Z2d1ICNleHRlbnNpb25FbmQgewogIGZpbGw6ICM5MzcwREI7CiAgc3Ryb2tlOiAjOTM3MERCOwogIHN0cm9rZS13aWR0aDogMTsgfQoKI2RqZGlpZjV1Z2d1IC5jb21taXQtaWQsCiNkamRpaWY1dWdndSAuY29tbWl0LW1zZywKI2RqZGlpZjV1Z2d1IC5icmFuY2gtbGFiZWwgewogIGZpbGw6IGxpZ2h0Z3JleTsKICBjb2xvcjogbGlnaHRncmV5OyB9CgoKCiNkamRpaWY1dWdndSAubGFiZWx7CiAgY29sb3I6IzE4QjE0RTsKfQojZGpkaWlmNXVnZ3UgLnRlLW1kLWNvbnRhaW5lci0tZGFyayAubm9kZSByZWN0IHsKICBmaWxsOiByZWQ7Cn0KCiNkamRpaWY1dWdndSAubm9kZSByZWN0LAojZGpkaWlmNXVnZ3UgLm5vZGUgY2lyY2xlLAojZGpkaWlmNXVnZ3UgLm5vZGUgZWxsaXBzZSwKI2RqZGlpZjV1Z2d1IC5ub2RlIHBvbHlnb24gewogIGZpbGw6ICNGOUZGRkI7OwogIHN0cm9rZTogIzJEQkQ2MDsKICBzdHJva2Utd2lkdGg6IDEuNXB4Owp9CiNkamRpaWY1dWdndSAuYXJyb3doZWFkUGF0aHsKICBmaWxsOiAjMkRCRDYwOwp9CiNkamRpaWY1dWdndSAuZWRnZVBhdGggLnBhdGggewogIHN0cm9rZTogIzJEQkQ2MDsKICBzdHJva2Utd2lkdGg6IDFweDsKfQojZGpkaWlmNXVnZ3UgLmVkZ2VMYWJlbCB7CiAgYmFja2dyb3VuZC1jb2xvcjogI2ZmZjsKfQojZGpkaWlmNXVnZ3UgLmNsdXN0ZXIgcmVjdCB7CiAgZmlsbDogI0Y5RkZGQiAhaW1wb3J0YW50OwogIHN0cm9rZTogIzJEQkQ2MCAhaW1wb3J0YW50OwogIHN0cm9rZS13aWR0aDogMXB4ICFpbXBvcnRhbnQ7Cn0KCiNkamRpaWY1dWdndSAuY2x1c3RlciB0ZXh0IHsKICBmaWxsOiAjRjlGRkZCOwp9CgojZGpkaWlmNXVnZ3UgZGl2Lm1lcm1haWRUb29sdGlwIHsKICBiYWNrZ3JvdW5kOiAjRjlGRkZCOwogIGJvcmRlcjogMXB4IHNvbGlkICMyREJENjA7Cn0KCgojZGpkaWlmNXVnZ3UgLmFjdG9yIHsKICBzdHJva2U6ICMyREJENjA7CiAgZmlsbDogI0Y5RkZGQjsKfQoKI2RqZGlpZjV1Z2d1IHRleHQuYWN0b3IgewogIGZpbGw6ICMyREJENjA7CiAgc3Ryb2tlOiBub25lOwp9CgojZGpkaWlmNXVnZ3UgLmFjdG9yLWxpbmUgewogIHN0cm9rZTogIzJEQkQ2MDsKfQoKI2RqZGlpZjV1Z2d1IC5tZXNzYWdlTGluZTAgewogIHN0cm9rZS13aWR0aDogMS41OwogIHN0cm9rZS1kYXNoYXJyYXk6ICcyIDInOwogIG1hcmtlci1lbmQ6ICd1cmwoI2Fycm93aGVhZCknOwogIHN0cm9rZTogIzJEQkQ2MDsKfQoKI2RqZGlpZjV1Z2d1IC5tZXNzYWdlTGluZTEgewogIHN0cm9rZS13aWR0aDogMS41OwogIHN0cm9rZS1kYXNoYXJyYXk6ICcyIDInOwogIHN0cm9rZTogIzJEQkQ2MDsKfQoKI2RqZGlpZjV1Z2d1ICNhcnJvd2hlYWQgewogIGZpbGw6ICMyREJENjA7Cn0KCiNkamRpaWY1dWdndSAjY3Jvc3NoZWFkIHBhdGggewogIGZpbGw6ICMyREJENjAgIWltcG9ydGFudDsKICBzdHJva2U6ICMyREJENjAgIWltcG9ydGFudDsKfQoKI2RqZGlpZjV1Z2d1IC5tZXNzYWdlVGV4dCB7CiAgZmlsbDogIzJEQkQ2MDsKICBzdHJva2U6IG5vbmU7Cn0KCiNkamRpaWY1dWdndSAubGFiZWxCb3ggewogIHN0cm9rZTogIzJEQkQ2MDsKICBmaWxsOiAjRjlGRkZCOwp9CgojZGpkaWlmNXVnZ3UgLmxhYmVsVGV4dCB7CiAgZmlsbDogIzJEQkQ2MDsKICBzdHJva2U6ICMyREJENjA7Cn0KCiNkamRpaWY1dWdndSAubG9vcFRleHQgewogIGZpbGw6ICMyREJENjA7CiAgc3Ryb2tlOiAjMkRCRDYwOwp9CgojZGpkaWlmNXVnZ3UgLmxvb3BMaW5lIHsKICBzdHJva2Utd2lkdGg6IDI7CiAgc3Ryb2tlLWRhc2hhcnJheTogJzIgMic7CiAgbWFya2VyLWVuZDogJ3VybCgjYXJyb3doZWFkKSc7CiAgc3Ryb2tlOiAjMkRCRDYwOwp9CgojZGpkaWlmNXVnZ3UgLm5vdGUgewogIHN0cm9rZTogIzJEQkQ2MDsKICBmaWxsOiAjRjlGRkZCOwp9CgojZGpkaWlmNXVnZ3UgLm5vdGVUZXh0IHsKICBmaWxsOiAjMkRCRDYwOwogIHN0cm9rZTogIzJEQkQ2MDsKfQoKCiNkamRpaWY1dWdndSAuc2VjdGlvbnsKICBvcGFjaXR5OjE7Cn0KI2RqZGlpZjV1Z2d1IC5zZWN0aW9uMCwjZGpkaWlmNXVnZ3UgIC5zZWN0aW9uMiB7CiAgZmlsbDogI0VDRjdGMDsKfQoKI2RqZGlpZjV1Z2d1IC5zZWN0aW9uMSwKI2RqZGlpZjV1Z2d1IC5zZWN0aW9uMyB7CiAgZmlsbDogI0ZGRjsKfQojZGpkaWlmNXVnZ3UgLnRhc2tUZXh0MCwKI2RqZGlpZjV1Z2d1IC50YXNrVGV4dDEsCiNkamRpaWY1dWdndSAudGFza1RleHQyLAojZGpkaWlmNXVnZ3UgLnRhc2tUZXh0MyB7CiAgZmlsbDogI2ZmZjsKfQoKI2RqZGlpZjV1Z2d1IC50YXNrMCwKI2RqZGlpZjV1Z2d1IC50YXNrMSwKI2RqZGlpZjV1Z2d1IC50YXNrMiwKI2RqZGlpZjV1Z2d1IC50YXNrMyB7CiAgZmlsbDogIzJEQkQ2MDsKICBzdHJva2U6ICMzNTlGNUE7Cn0KPC9zdHlsZT48c3R5bGU+I2RqZGlpZjV1Z2d1IHsKICAgIGNvbG9yOiByZ2IoMjQ0LCAyNDQsIDI0NCk7CiAgICBmb250OiBub3JtYWwgbm9ybWFsIG5vcm1hbCBub3JtYWwgMTRweC8yMi4zOTk5OTk2MTg1MzAyNzNweCBtb25vc3BhY2U7CiAgfTwvc3R5bGU+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTEyLCAtMTIpIj48ZyBjbGFzcz0ib3V0cHV0Ij48ZyBjbGFzcz0iY2x1c3RlcnMiPjwvZz48ZyBjbGFzcz0iZWRnZVBhdGhzIj48ZyBjbGFzcz0iZWRnZVBhdGgiIHN0eWxlPSJvcGFjaXR5OiAxOyI+PHBhdGggY2xhc3M9InBhdGgiIGQ9Ik01Mi43ODk0MzMxNzYzODUzNjYsMTA2LjI4MTI1TDkwLjUsMzguMTQwNjI1TDExNS41LDM4LjE0MDYyNSIgbWFya2VyLWVuZD0idXJsKCNhcnJvd2hlYWQzMzEpIiBzdHlsZT0ic3Ryb2tlOiAjMzMzOyBzdHJva2Utd2lkdGg6IDEuNXB4O2ZpbGw6bm9uZSI+PC9wYXRoPjxkZWZzPjxtYXJrZXIgaWQ9ImFycm93aGVhZDMzMSIgdmlld0JveD0iMCAwIDEwIDEwIiByZWZYPSI5IiByZWZZPSI1IiBtYXJrZXJVbml0cz0ic3Ryb2tlV2lkdGgiIG1hcmtlcldpZHRoPSI4IiBtYXJrZXJIZWlnaHQ9IjYiIG9yaWVudD0iYXV0byI+PHBhdGggZD0iTSAwIDAgTCAxMCA1IEwgMCAxMCB6IiBjbGFzcz0iYXJyb3doZWFkUGF0aCIgc3R5bGU9InN0cm9rZS13aWR0aDogMXB4OyBzdHJva2UtZGFzaGFycmF5OiAxcHgsIDBweDsiPjwvcGF0aD48L21hcmtlcj48L2RlZnM+PC9nPjxnIGNsYXNzPSJlZGdlUGF0aCIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cGF0aCBjbGFzcz0icGF0aCIgZD0iTTY1LjUsMTI0LjQyMTg3NUw5MC41LDEyNC40MjE4NzVMMTE1LjUsMTI0LjQyMTg3NSIgbWFya2VyLWVuZD0idXJsKCNhcnJvd2hlYWQzMzIpIiBzdHlsZT0ic3Ryb2tlOiAjMzMzOyBzdHJva2Utd2lkdGg6IDEuNXB4O2ZpbGw6bm9uZSI+PC9wYXRoPjxkZWZzPjxtYXJrZXIgaWQ9ImFycm93aGVhZDMzMiIgdmlld0JveD0iMCAwIDEwIDEwIiByZWZYPSI5IiByZWZZPSI1IiBtYXJrZXJVbml0cz0ic3Ryb2tlV2lkdGgiIG1hcmtlcldpZHRoPSI4IiBtYXJrZXJIZWlnaHQ9IjYiIG9yaWVudD0iYXV0byI+PHBhdGggZD0iTSAwIDAgTCAxMCA1IEwgMCAxMCB6IiBjbGFzcz0iYXJyb3doZWFkUGF0aCIgc3R5bGU9InN0cm9rZS13aWR0aDogMXB4OyBzdHJva2UtZGFzaGFycmF5OiAxcHgsIDBweDsiPjwvcGF0aD48L21hcmtlcj48L2RlZnM+PC9nPjxnIGNsYXNzPSJlZGdlUGF0aCIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cGF0aCBjbGFzcz0icGF0aCIgZD0iTTUyLjc4OTQzMzE3NjM4NTM2NiwxNDIuNTYyNUw5MC41LDIxMC43MDMxMjVMMTE1LjUsMjEwLjcwMzEyNSIgbWFya2VyLWVuZD0idXJsKCNhcnJvd2hlYWQzMzMpIiBzdHlsZT0ic3Ryb2tlOiAjMzMzOyBzdHJva2Utd2lkdGg6IDEuNXB4O2ZpbGw6bm9uZSI+PC9wYXRoPjxkZWZzPjxtYXJrZXIgaWQ9ImFycm93aGVhZDMzMyIgdmlld0JveD0iMCAwIDEwIDEwIiByZWZYPSI5IiByZWZZPSI1IiBtYXJrZXJVbml0cz0ic3Ryb2tlV2lkdGgiIG1hcmtlcldpZHRoPSI4IiBtYXJrZXJIZWlnaHQ9IjYiIG9yaWVudD0iYXV0byI+PHBhdGggZD0iTSAwIDAgTCAxMCA1IEwgMCAxMCB6IiBjbGFzcz0iYXJyb3doZWFkUGF0aCIgc3R5bGU9InN0cm9rZS13aWR0aDogMXB4OyBzdHJva2UtZGFzaGFycmF5OiAxcHgsIDBweDsiPjwvcGF0aD48L21hcmtlcj48L2RlZnM+PC9nPjxnIGNsYXNzPSJlZGdlUGF0aCIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cGF0aCBjbGFzcz0icGF0aCIgZD0iTTE0Ny4yNzc3Mzk4OTI3MDE5MywxMDYuMjgxMjVMMTg0LjMyODEyNSwzOC4xNDA2MjVMMjA5LjMyODEyNSwzOC4xNDA2MjUiIG1hcmtlci1lbmQ9InVybCgjYXJyb3doZWFkMzM0KSIgc3R5bGU9InN0cm9rZTogIzMzMzsgc3Ryb2tlLXdpZHRoOiAxLjVweDtmaWxsOm5vbmUiPjwvcGF0aD48ZGVmcz48bWFya2VyIGlkPSJhcnJvd2hlYWQzMzQiIHZpZXdCb3g9IjAgMCAxMCAxMCIgcmVmWD0iOSIgcmVmWT0iNSIgbWFya2VyVW5pdHM9InN0cm9rZVdpZHRoIiBtYXJrZXJXaWR0aD0iOCIgbWFya2VySGVpZ2h0PSI2IiBvcmllbnQ9ImF1dG8iPjxwYXRoIGQ9Ik0gMCAwIEwgMTAgNSBMIDAgMTAgeiIgY2xhc3M9ImFycm93aGVhZFBhdGgiIHN0eWxlPSJzdHJva2Utd2lkdGg6IDFweDsgc3Ryb2tlLWRhc2hhcnJheTogMXB4LCAwcHg7Ij48L3BhdGg+PC9tYXJrZXI+PC9kZWZzPjwvZz48ZyBjbGFzcz0iZWRnZVBhdGgiIHN0eWxlPSJvcGFjaXR5OiAxOyI+PHBhdGggY2xhc3M9InBhdGgiIGQ9Ik0xNTkuMzI4MTI1LDEyNC40MjE4NzVMMTg0LjMyODEyNSwxMjQuNDIxODc1TDIwOS4zMjgxMjUsMTI0LjQyMTg3NSIgbWFya2VyLWVuZD0idXJsKCNhcnJvd2hlYWQzMzUpIiBzdHlsZT0ic3Ryb2tlOiAjMzMzOyBzdHJva2Utd2lkdGg6IDEuNXB4O2ZpbGw6bm9uZSI+PC9wYXRoPjxkZWZzPjxtYXJrZXIgaWQ9ImFycm93aGVhZDMzNSIgdmlld0JveD0iMCAwIDEwIDEwIiByZWZYPSI5IiByZWZZPSI1IiBtYXJrZXJVbml0cz0ic3Ryb2tlV2lkdGgiIG1hcmtlcldpZHRoPSI4IiBtYXJrZXJIZWlnaHQ9IjYiIG9yaWVudD0iYXV0byI+PHBhdGggZD0iTSAwIDAgTCAxMCA1IEwgMCAxMCB6IiBjbGFzcz0iYXJyb3doZWFkUGF0aCIgc3R5bGU9InN0cm9rZS13aWR0aDogMXB4OyBzdHJva2UtZGFzaGFycmF5OiAxcHgsIDBweDsiPjwvcGF0aD48L21hcmtlcj48L2RlZnM+PC9nPjxnIGNsYXNzPSJlZGdlUGF0aCIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cGF0aCBjbGFzcz0icGF0aCIgZD0iTTE0Ny4yNzc3Mzk4OTI3MDE5MywxNDIuNTYyNUwxODQuMzI4MTI1LDIxMC43MDMxMjVMMjA5LjMyODEyNSwyMTAuNzAzMTI1IiBtYXJrZXItZW5kPSJ1cmwoI2Fycm93aGVhZDMzNikiIHN0eWxlPSJzdHJva2U6ICMzMzM7IHN0cm9rZS13aWR0aDogMS41cHg7ZmlsbDpub25lIj48L3BhdGg+PGRlZnM+PG1hcmtlciBpZD0iYXJyb3doZWFkMzM2IiB2aWV3Qm94PSIwIDAgMTAgMTAiIHJlZlg9IjkiIHJlZlk9IjUiIG1hcmtlclVuaXRzPSJzdHJva2VXaWR0aCIgbWFya2VyV2lkdGg9IjgiIG1hcmtlckhlaWdodD0iNiIgb3JpZW50PSJhdXRvIj48cGF0aCBkPSJNIDAgMCBMIDEwIDUgTCAwIDEwIHoiIGNsYXNzPSJhcnJvd2hlYWRQYXRoIiBzdHlsZT0ic3Ryb2tlLXdpZHRoOiAxcHg7IHN0cm9rZS1kYXNoYXJyYXk6IDFweCwgMHB4OyI+PC9wYXRoPjwvbWFya2VyPjwvZGVmcz48L2c+PC9nPjxnIGNsYXNzPSJlZGdlTGFiZWxzIj48ZyBjbGFzcz0iZWRnZUxhYmVsIiBzdHlsZT0ib3BhY2l0eTogMTsiIHRyYW5zZm9ybT0iIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIiBjbGFzcz0ibGFiZWwiPjxyZWN0IHJ4PSIwIiByeT0iMCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgc3R5bGU9ImZpbGw6I2U4ZThlODsiPjwvcmVjdD48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+PC90c3Bhbj48L3RleHQ+PC9nPjwvZz48ZyBjbGFzcz0iZWRnZUxhYmVsIiBzdHlsZT0ib3BhY2l0eTogMTsiIHRyYW5zZm9ybT0iIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIiBjbGFzcz0ibGFiZWwiPjxyZWN0IHJ4PSIwIiByeT0iMCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgc3R5bGU9ImZpbGw6I2U4ZThlODsiPjwvcmVjdD48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+PC90c3Bhbj48L3RleHQ+PC9nPjwvZz48ZyBjbGFzcz0iZWRnZUxhYmVsIiBzdHlsZT0ib3BhY2l0eTogMTsiIHRyYW5zZm9ybT0iIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIiBjbGFzcz0ibGFiZWwiPjxyZWN0IHJ4PSIwIiByeT0iMCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgc3R5bGU9ImZpbGw6I2U4ZThlODsiPjwvcmVjdD48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+PC90c3Bhbj48L3RleHQ+PC9nPjwvZz48ZyBjbGFzcz0iZWRnZUxhYmVsIiBzdHlsZT0ib3BhY2l0eTogMTsiIHRyYW5zZm9ybT0iIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIiBjbGFzcz0ibGFiZWwiPjxyZWN0IHJ4PSIwIiByeT0iMCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgc3R5bGU9ImZpbGw6I2U4ZThlODsiPjwvcmVjdD48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+PC90c3Bhbj48L3RleHQ+PC9nPjwvZz48ZyBjbGFzcz0iZWRnZUxhYmVsIiBzdHlsZT0ib3BhY2l0eTogMTsiIHRyYW5zZm9ybT0iIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIiBjbGFzcz0ibGFiZWwiPjxyZWN0IHJ4PSIwIiByeT0iMCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgc3R5bGU9ImZpbGw6I2U4ZThlODsiPjwvcmVjdD48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+PC90c3Bhbj48L3RleHQ+PC9nPjwvZz48ZyBjbGFzcz0iZWRnZUxhYmVsIiBzdHlsZT0ib3BhY2l0eTogMTsiIHRyYW5zZm9ybT0iIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIiBjbGFzcz0ibGFiZWwiPjxyZWN0IHJ4PSIwIiByeT0iMCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgc3R5bGU9ImZpbGw6I2U4ZThlODsiPjwvcmVjdD48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+PC90c3Bhbj48L3RleHQ+PC9nPjwvZz48L2c+PGcgY2xhc3M9Im5vZGVzIj48ZyBjbGFzcz0ibm9kZSIgc3R5bGU9Im9wYWNpdHk6IDE7IiBpZD0iQSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoNDIuNzUsMTI0LjQyMTg3NSkiPjxyZWN0IHJ4PSIwIiByeT0iMCIgeD0iLTIyLjc1IiB5PSItMTguMTQwNjI1IiB3aWR0aD0iNDUuNSIgaGVpZ2h0PSIzNi4yODEyNSI+PC9yZWN0PjxnIGNsYXNzPSJsYWJlbCIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwwKSI+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTEyLjc1LC04LjE0MDYyNSkiPjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj51c2VyPC90c3Bhbj48L3RleHQ+PC9nPjwvZz48L2c+PGcgY2xhc3M9Im5vZGUiIHN0eWxlPSJvcGFjaXR5OiAxOyIgaWQ9IkIiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDEzNy40MTQwNjI1LDM4LjE0MDYyNSkiPjxyZWN0IHJ4PSIwIiByeT0iMCIgeD0iLTIxLjkxNDA2MjUiIHk9Ii0xOC4xNDA2MjUiIHdpZHRoPSI0My44MjgxMjUiIGhlaWdodD0iMzYuMjgxMjUiPjwvcmVjdD48ZyBjbGFzcz0ibGFiZWwiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDAsMCkiPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKC0xMS45MTQwNjI1LC04LjE0MDYyNSkiPjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj5yb2xlPC90c3Bhbj48L3RleHQ+PC9nPjwvZz48L2c+PGcgY2xhc3M9Im5vZGUiIHN0eWxlPSJvcGFjaXR5OiAxOyIgaWQ9IkMiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDEzNy40MTQwNjI1LDEyNC40MjE4NzUpIj48cmVjdCByeD0iMCIgcnk9IjAiIHg9Ii0yMS45MTQwNjI1IiB5PSItMTguMTQwNjI1IiB3aWR0aD0iNDMuODI4MTI1IiBoZWlnaHQ9IjM2LjI4MTI1Ij48L3JlY3Q+PGcgY2xhc3M9ImxhYmVsIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMTEuOTE0MDYyNSwtOC4xNDA2MjUpIj48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+cm9sZTwvdHNwYW4+PC90ZXh0PjwvZz48L2c+PC9nPjxnIGNsYXNzPSJub2RlIiBzdHlsZT0ib3BhY2l0eTogMTsiIGlkPSJEIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgxMzcuNDE0MDYyNSwyMTAuNzAzMTI1KSI+PHJlY3Qgcng9IjAiIHJ5PSIwIiB4PSItMjEuOTE0MDYyNSIgeT0iLTE4LjE0MDYyNSIgd2lkdGg9IjQzLjgyODEyNSIgaGVpZ2h0PSIzNi4yODEyNSI+PC9yZWN0PjxnIGNsYXNzPSJsYWJlbCIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwwKSI+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTExLjkxNDA2MjUsLTguMTQwNjI1KSI+PHRleHQ+PHRzcGFuIHhtbDpzcGFjZT0icHJlc2VydmUiIGR5PSIxZW0iIHg9IjEiPnJvbGU8L3RzcGFuPjwvdGV4dD48L2c+PC9nPjwvZz48ZyBjbGFzcz0ibm9kZSIgc3R5bGU9Im9wYWNpdHk6IDE7IiBpZD0iRSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMjQxLjU0Njg3NSwzOC4xNDA2MjUpIj48cmVjdCByeD0iMCIgcnk9IjAiIHg9Ii0zMi4yMTg3NSIgeT0iLTE4LjE0MDYyNSIgd2lkdGg9IjY0LjQzNzUiIGhlaWdodD0iMzYuMjgxMjUiPjwvcmVjdD48ZyBjbGFzcz0ibGFiZWwiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDAsMCkiPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKC0yMi4yMTg3NSwtOC4xNDA2MjUpIj48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+ZG9tYWluPC90c3Bhbj48L3RleHQ+PC9nPjwvZz48L2c+PGcgY2xhc3M9Im5vZGUiIHN0eWxlPSJvcGFjaXR5OiAxOyIgaWQ9IkYiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDI0MS41NDY4NzUsMTI0LjQyMTg3NSkiPjxyZWN0IHJ4PSIwIiByeT0iMCIgeD0iLTMyLjIxODc1IiB5PSItMTguMTQwNjI1IiB3aWR0aD0iNjQuNDM3NSIgaGVpZ2h0PSIzNi4yODEyNSI+PC9yZWN0PjxnIGNsYXNzPSJsYWJlbCIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwwKSI+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTIyLjIxODc1LC04LjE0MDYyNSkiPjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj5kb21haW48L3RzcGFuPjwvdGV4dD48L2c+PC9nPjwvZz48ZyBjbGFzcz0ibm9kZSIgc3R5bGU9Im9wYWNpdHk6IDE7IiBpZD0iRyIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMjQxLjU0Njg3NSwyMTAuNzAzMTI1KSI+PHJlY3Qgcng9IjAiIHJ5PSIwIiB4PSItMzIuMjE4NzUiIHk9Ii0xOC4xNDA2MjUiIHdpZHRoPSI2NC40Mzc1IiBoZWlnaHQ9IjM2LjI4MTI1Ij48L3JlY3Q+PGcgY2xhc3M9ImxhYmVsIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMjIuMjE4NzUsLTguMTQwNjI1KSI+PHRleHQ+PHRzcGFuIHhtbDpzcGFjZT0icHJlc2VydmUiIGR5PSIxZW0iIHg9IjEiPmRvbWFpbjwvdHNwYW4+PC90ZXh0PjwvZz48L2c+PC9nPjwvZz48L2c+PC9nPjwvc3ZnPg==

Linux用户 vs. SELinux user

• 当前系统的用户可以通过查看/etc/passwd文件获取，也可以参考列出 Linux 系统上所有用户的 3 种方法.
• 查看SELinux的用户可以通过命令semanage user -l.

               标记中        MLS/       MLS/                          
SELinux 用户      前缀         MCS 级别     MCS 范围                         SELinux 角色

guest_u         user       s0         s0                             guest_r
root            user       s0         s0-s0:c0.c1023                 staff_r sysadm_r system_r unconfined_r
staff_u         user       s0         s0-s0:c0.c1023                 staff_r sysadm_r unconfined_r
sysadm_u        user       s0         s0-s0:c0.c1023                 sysadm_r
system_u        user       s0         s0-s0:c0.c1023                 system_r unconfined_r
unconfined_u    user       s0         s0-s0:c0.c1023                 system_r unconfined_r
user_u          user       s0         s0                             user_r
xguest_u        user       s0         s0                             xguest_r

• 查看两者的映射关系可以通过命令semanage login -l.

登录名                  SELinux 用户           MLS/MCS 范围           服务

__default__          unconfined_u         s0-s0:c0.c1023       *
john                 user_u               s0                   *
root                 unconfined_u         s0-s0:c0.c1023       *

Linux用户和SELinux用户的初始映射关系由seusers文件指定。这个文件不属于策略二进制的一部分，而可以直接修改生效。当然更优雅的办法是通过semanage命令来修改。
另外，在修改了context以后，或者新建了用户以后，必须要使用注销登录的方法，才能使新的context生效，而只使用su命令切换用户，并不会切换context。推测注销登录使用的是PAM登录程序，而su命令中，并没有重新加载user context的功能。
Linux用户登录后，获取shell安全上下文的步骤，可以参考文献【2】。简述如下：

1. 根据seusers文件，映射SELinux用户，如果没有seusers文件，系统就无法启动了。如果seusers文件没有对应的用户描述，则统一映射为__default__用户。如果__default__用户描述不存在，则无法登录。
2. 根据SELinux的搜索优先级，找到对应SELinux用户的安全上下文。

勘误
在[1]中，对Linux用户和SELinux的映射关系有如下描述：
On login, if there is an SELinux user identifier that is exactly the same as the Linux user identifier, the matching SELinux user identifier becomes the user identifier in the security context for the initial shell process. In this way, if a Linux user identifier also exists as a user identifier in the SELinux policy, all login processes will set the initial shell process security context user identifier to that matching Linux identity.
经实验证明，并非如此：

• 定义了一个guest_u用户，登录后，其shell的安全上下文仍为：
  
• 但事实证明，明明就有guest_u这个用户
  

总结

现在可以引用[1]中的一幅图来总结一下RBAC的工作原理了。

• Linux系统有一个用户较joe
• SELinuxcelue中规定joe和user_r绑定，user_r和user_t绑定
• 当joe登录时，系统根据seusers（此处与图不同，参见上一章勘误），找到对应的SELinux user，找不到就是__default__, __default__没有就不能登录了
• 根据以下context文件顺序，决定其shell的安全上下文，即joe:user_r:user_t
  • /etc/selinux/specified-policy/contexts/users
  • /etc/selinux/specified-policy/contexts/default_contexts
  • /etc/selinux/specified-policy/contexts/failsafe_context
  • sid kernel的安全上下文
• joe执行了一个应用，开始进行domain_transition, 要从user_t切换到passwd_t
  • 如果定义了role user_r types passwd_t和role user_r types user_t，则这次domain transition可以成功
  • 否则任意一个未定义，domain transition都会失败

高阶用法

role_transition

role transition和domain transition非常类似，也是在某个domain进程在执行某个可执行文件时，即exec系统调用时，切换进程主体的安全上下文。domain transition切换的时domain，role transtion切换的是role。实现方式通过以下两条语句：

allow staff_r sysadm_r; # 允许从staff_r切换到sysadm_r
role_transition sysadm_r http_exec_t system_r; # sysadm_r进程执行http_exec_t类型文件时，role切换为system_r

role_dominance

可以利用role来定义其他role，即role dominance。

dominance { role super_r {role sysadm_r; role secadm_r; }

上面例子中的super_r称为dominant role，它可以从它关联的role中即成types。但它只能继承该条语句之前关联的types。我们之前说role语句是可以累积的。那么在role_dominance语句之后定义的types，并不能动态的添加到dominant role上。

相关工具

跟role相关的主要是semnage的一些用法，另外[1]还介绍了一个apol的可视化工具，可以检索user和role的数据。我理解semanage通过命令行也都可以实现。

1. 前文介绍过的semanage user -l和semanage login -l, 前者用来查看所有SELinux的用户，后者用来查看Linux用户和SELinux用户两者的映射关系.
2. Modify the default user on the system to the guest_u user

• semanage login -m -s guest_u __default__

3. 修改user和role的对应关系

• semanage user -m -R "message_filter_r unconfined_r" user_u

4. 添加一个用户并指定SELinux用户

• useradd joe -Z user_u

参考文献

[1] SELinux by Example_ Using Security Enhanced Linux

[2] SELinux初始化登录用户安全上下文的方法

• 简单单例的问题
  • 谁来释放这个对象？
  • 如何处理并发？
  • 析构顺序？
    • 对象a什么时候会被析构呢？
    • 析构引入的问题
    • C++实现提供C语言接口引入的析构问题
• Take Aways
• 参考文献

SELinux对socket的控制包含这几个方面：

• context语法中的nodecon, portcon, netifcon：这一类控制本端系统资源，确保合法进程才能访问本端网络资源
• 通过iptables工具的SECMARK/CONNSECMARK扩展为socket packet打上的标签：这一类控制socket包的流向，确保只有合法进程才能访问某些网络报文
• NetLable/Labeled IPSec：这一类还没看，留待后面继续学习
  本文关注第二种控制方法，并结合iptables，简要阐述其工作原理和使用方法。

iptables简介

from wiki
iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in different tables, which contain chains of rules for how to treat network traffic packets. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames.

iptables其实就是Linux的防火墙，用户通过配置各种规则来实现数据包的过滤。他利用了Linux的Netfilter框架的hook点对数据包进行判断，并执行action。例如：

iptables -A INPUT -s 10.10.10.10 -j DROP # 来自10.10.10.10的packet全部被丢弃
iptables -A INPUT -s 10.10.10.0/24 -j DROP # 来自10.10.10.0/255.255.255.0（24表示掩码位数）的packet全部被丢弃

iptables支持的规则很多，具体可以参考iptables(8) - Linux man page。

table & chain

如wiki page所述，iptables通过各种tables和chains来管理所有rules。其实chain就是对应了netfilter的hook点。netfilter的hook点有：

The following hooks represent various well-defined points in the networking stack:

• NF_IP_PRE_ROUTING: This hook will be triggered by any incoming traffic very soon after entering the network stack. This hook is processed before any routing decisions have been made regarding where to send the packet.
• NF_IP_LOCAL_IN: This hook is triggered after an incoming packet has been routed if the packet is destined for the local system.
• NF_IP_FORWARD: This hook is triggered after an incoming packet has been routed if the packet is to be forwarded to another host.
• NF_IP_LOCAL_OUT: This hook is triggered by any locally created outbound traffic as soon it hits the network stack.
• NF_IP_POST_ROUTING: This hook is triggered by any outgoing or forwarded traffic after routing has taken place and just before being put out on the wire.

而chain就是和这些hook点一一对应的，例如：

• PREROUTING: Triggered by the NF_IP_PRE_ROUTING hook.
• INPUT: Triggered by the NF_IP_LOCAL_IN hook.
• FORWARD: Triggered by the NF_IP_FORWARD hook.
• OUTPUT: Triggered by the NF_IP_LOCAL_OUT hook.
• POSTROUTING: Triggered by the NF_IP_POST_ROUTING hook.

而iptables又是怎么遍历这些table和chain的呢？
iptable在各个NetFilter的hook点上，依次遍历各个table的各个chain。其顺序按照如下表格：

• chain从左到右
• table从上到下

每个chain和table在整个协议栈的位置如下图。

用户还可以创建自己的chain，使用命令iptables -N <chain name>。然后使用-j参数跳转，例如：iptables -A INPUT -p tcp -j tcp_packets

When/If we reach the end of that chain, we get dropped back to the INPUT chain and the packet starts traversing from the rule one step below where it jumped to the other chain (tcp_packets in this case). If a packet is ACCEPTed within one of the sub chains, it will be ACCEPT’ed in the superset chain also and it will not traverse any of the superset chains any further. However, do note that the packet will traverse all other chains in the other tables in a normal fashion.

总结一下：

• 如果自定义chain遍历结束，则回到原先跳出的chain（super chain），继续遍历
• 如果子链（sub chain）中有ACCEPT，则父链中的规则不会再被继续遍历，但仍然会继续遍历其他chain中的规则，以及其他table中的规则。
• 如果在任意位置，packet被DROP，则后续的chain和table都不会被执行

target

-j除了指定自定义chain外，一个更重要的用途就是指定packet的目的地，也就是target。

Targets on the other hand specify an action to take on the packet in question. We could for example, DROP or ACCEPT the packet depending on what we want to do. There are also a number of other actions we may want to take.
For example: ACCEPT, DROP, CONNMARK, CLASSIFY, LOG ...

• Some targets will cause the packet to stop traversing that specific chain and superior chains as described above. ex. ACCEPT, DROP
• Other targets, may take an action on the packet, after which the packet will continue passing through the rest of the rules. ex. LOG, ULOG, TOS
• Some targets will accept extra options (What TOS value to use etc), while others don’t necessarily need any options.

注：以上摘自[5],时间有点久，可能有些已经不成立了（例如[5]中通篇未提到security table)，但基本思路应该是保持的。

SECMARK

上一章介绍了iptables的基本工作原理，和table/chain的遍历方法。而可以与SELinux联动，并提供基于socket packet的MAC机制的是iptables的security表格。从上面表格可以看到，security table只有3个chain，即：INPUT，FORWARD，OUTPUT。对应了输入，输出以及转发3种数据流。可以满足基本的packet强制访问控制需求。
一条SECMARK相关的iptables语句如下：

iptables -t security -A INPUT -i lo -p tcp --dport 9999 -j SECMARK --selctx system_u:object_r:ext_gateway_packet_t:s0

其中iptables -t security -A INPUT表示往security table的INPUT chain插入一条规则，match部分-i lo -p tcp --dport 9999表示匹配来自lo网卡，协议为tcp的报文，目标端口为9999的数据包被SECMARK目标进行处理。SECMARK目标使用--selctx参数为该类数据包打上system_u:object_r:ext_gateway_packet_t:s0的安全上下文。则SELinux的策略语法即可以针对该类packet进行权限判断。例如:

allow ext_gateway_t ext_gateway_packet_t : packet { send recv };

CONNSECMARK

CONNSECMARK实际上是SECMARK的扩展。从名字就可以看出CONNSECMARK是针对连接（connection）进行mark动作。iptables的连接管理基于NetFilter的conntrack。conntrack是内核模块，针对不同的协议类型，具有相应的连接控制管理。这已经超出本文的范围了。但不管conntrack多么复杂，功能多么强大，对应到iptables的状态只有4个，即NEW, EATABLISHED, RELATED, INVALID。所有的socket packet都被映射到这4歌状态。具体可以参考文献[5]的Chapter 7. The state machine的User-land states。

• NEW: tells us that the packet is the first packet that we see.
• ESTABLISHED: The only requirement to get into an ESTABLISHED state is that one host sends a packet, and that it later on gets a reply from the other host.
• RELATED: The ESTABLISHED connection will then spawn a connection outside of the main connection. The newly spawned connection will then be considered RELATED, if the conntrack module is able to understand that it is RELATED.
  INVALID: The INVALID state means that the packet can’t be identified or that it does not have any state.

有了这状态定义，iptables就可以使用--state maches。例如：iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT定义了规则，处于ESTABLISHED, RELATED状态的packet才被ACCEPT。
iptables与SELinux配合完全基于对socket packet进行过滤。并没有allow规则，或SELinux object是针对网络连接的。所以，iptables可以通过配合state match以及CONNSECMARK为来自于某个连接的packet进行打标签。方法就是--save和--restore参数。

• --save

  • Example: iptables -t mangle -A PREROUTING -p tcp --dport 80 -j CONNSECMARK --save
  • Explanation: Save the security context mark from the packet to the connection if the connection is not marked since before.

• --restore

  • Example: iptables -t mangle -A PREROUTING -p tcp --dport 80 -j CONNSECMARK --restore
  • Explanation: If the packet has no security context mark set on it, the --restore option will set the security context mark associated with the connection on the packet.

总结一下就是：

• --save将packet数据包的context赋予连接
• --restore将连接的context赋予packet
  此时SELinux具备更丰富的上下文，来对socket packet进行强制访问控制。

Gateway实验

简介

文献[2]的2.2章节中提供了一个很好的练习，带我们认识iptables与SELinux配合做socket packet强制访问控制的方法。该方法通过iptables和SELinux实现客户端和服务端之间的数据包过滤。整个测试框架示意图如下所示，其中client和secure_client使用同一份源码编译，只是file context有所不同，server和secure_server同理。

示例代码通过定义可执行文件的安全上下文（如下所示），和type_transition规则，使得secure_*进程工作在ext_gateway_t domain，而非secure进程工作在unconfined_t domain。各可执行文件的安全上下文如下所示：

/usr/local/bin/secure_client system_u:object_r:secure_services_exec_t:s0
/usr/local/bin/secure_server system_u:object_r:secure_services_exec_t:s0
/usr/local/bin/client system_u:object_r:unconfined_t:s0
/usr/local/bin/server system_u:object_r:unconfined_t:s0

示例代码中的策略集（.conf)文件定义了示意图中4个方向数据流的权限，包括：

• 允许访问未标记端口的数据流(default_secmark_packet_t)：auditallow unconfined_t default_secmark_packet_t : packet { send recv };
• 允许secure_*进程访问标记了端口的数据流（ext_gateway_packet_t）：allow ext_gateway_t ext_gateway_packet_t : packet { send recv };
• 允许secure_*进程访问无SECMARK标记的数据流（unconfined_t）：allow ext_gateway_t unconfined_t : packet { recv send };
  iptables_secmark使用若干iptables命令，定义数据包的标签规则，例如：
• 来自于lo网卡的，协议为tcp，目标IP为127.0.0.0，掩码为255.0.0.0输入数据包被设置成default_secmark_packet_t

# This OUTPUT rule sets all packets to default_secmark_packet_t: as it is
iptables -t security -A INPUT -i lo -p tcp -d 127.0.0.0/8 -j SECMARK --selctx system_u:object_r:default_secmark_packet_t:s0

• 来自于lo网卡的，协议为tcp，目标/源端口为9999的输入/输出数据包被设置成ext_gateway_packet_t（节选）

# These rules will replace the above context with the internal or
iptables -t security -A INPUT -i lo -p tcp --dport 9999 -j SECMARK --selctx system_u:object_r:ext_gateway_packet_t:s0
iptables -t security -A OUTPUT -o lo -p tcp --sport 9999 -j SECMARK --selctx system_u:object_r:ext_gateway_packet_t:s0

两类规则定义的数据包范围实际是有重叠的，根据注释可知，实际两者的关系是，general和特例的关系。即前者将所有特定目标的数据包设置为default_secmark_packet_t，而后者将来自特定端口的数据包指定为ext_gateway_packet_t。
经过此类策略设置，client在访问secure_server时，数据包就会被拦截。查看/var/log/audit/audit.log:

type=AVC msg=audit(1602641071.967:3475): avc:  granted  { send } for  pid=0 comm="swapper/0" saddr=127.0.0.1 src=9999 daddr=127.0.0.1 dest=47076 netif=lo scontext=unconfined_u:message_filter_r:ext_gateway_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ext_gateway_packet_t:s0 tclass=packet

type=AVC msg=audit(1602641071.967:3476): avc:  denied  { recv } for  pid=10 comm="ksoftirqd/0" saddr=127.0.0.1 src=9999 daddr=127.0.0.1 dest=47076 netif=lo scontext=unconfined_u:
unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ext_gateway_packet_t:s0 tclass=packet permissive=0

client连接secure_server监听的9999端口，数据流为：tcp，127.0.0.1:9999 => 127.0.0.1:47076。secure_server向client发送成功，但client接收失败。因为client运行于unconfined_t，没有对应ext_gateway_packet_t的recv权限。

勘误

参考文献[2]因为成书过久（写于2014年，现在2020年），且练习基于书中前导章节中的modular-test章节，所以直接运行会产生错误。错误主要包含：

• 基于modular-test构建ext_gateway策略。因为可能是发行版变化（笔者用的CentOS8）或者时间过久的原因，直接用书中的基础策略会造成无法开机，所以modular-test练习中的策略不可用。解决方法是，编译ext_gateway module，并用semodule插入发行版自带的策略中。此时需要针对原生策略进行适配。例如：进程拉起时报错，需要增加相应allow规则，节选如下：

allow ext_gateway_t null_device_t : chr_file { read write open };
allow ext_gateway_t ld_so_t : file { map read execute };
allow ext_gateway_t ld_so_cache_t : file { open map read execute getattr };
allow ext_gateway_t lib_t : file { open map read execute getattr };
...

• 本书给出的示例代码的安全上下文未给出mls描述，在编译时会报错。例如：

iptables -t security -A INPUT -i lo -p tcp --dport 9999 -j SECMARK --selctx system_u:object_r:ext_gateway_packet_t:s0
iptables -t security -A INPUT -i lo -p tcp --sport 9999 -j SECMARK --selctx system_u:object_r:ext_gateway_packet_t:s0
/usr/local/bin/secure_client system_u:object_r:secure_services_exec_t:s0

所有的context都加上了:s0。
经过适配后，书中提供的示例可以顺利跑通，如下：
server

参考文献

[1] SELinux Networking Support

[2] The SELinux Notebook - Building The Sample Policy

[3] iptables wiki page

[4] A Deep Dive into Iptables and Netfilter Architecture

[5] Oskar Andreasson, 2001-2006, Iptables Tutorial 1.2.2

• 1号进程
• libselinux部分
• 内核部分
  • selinuxfs
    • selinuxfs SID初始化
  • selinux_init
  • security_setenforce
  • security_load_policy
• 总结
• 参考文献

• Intro
• initial SID
  • 启动时的使用
  • 系统标签无效时
• 其他SID
• 总结
• 相关工具
  • seinfo
  • initial_contexts
• 参考文献

如果想修改POSIX API的行为，通常我们的第一想法是修改libc库函数，并维护一份自定义的libc。这样做的代价非常大，因为libc是基础库，接口非常多，涉及的面也很广。修改可能不难，但后期维护，merge主干的工作比较麻烦，也没有价值。修改libc函数实现，还有一个缺点是，编译时修改，而非运行时。这会给一些无法下线并重新打包的程序带来困扰，例如程序已经分发，重新打包再分发耗时耗力。如果能找到运行时修改的方法，例如，暂停服务，替换一个库文件就可以修改某些行为。如果能做到运行时修改，对于调试也是非常友好的。
幸运的是，在Linux上，修改libc的方法很多：

1. 使用LD_PRELOAD，覆盖libc中的函数
2. 使用alias替代weak_alias，编译替换libc函数
3. 使用GOT表覆盖libc函数实现

1和3都是动态，运行时修改。3更棒的是，可以做运行时动态获得libc的原实现函数指针，并用自定义实例去覆写。这样在内部可以保存两份实例，而无需维护开源实例。
在整个的学习和实验中查阅了不少资料，回头看来，其中比较有价值的应当是文末的参考文献中列出的一些链接。

Android so注入(inject)和Hook技术学习（二）——Got表hook之导入表hook
我的实验代码基于这个网页中的方法二实例代码，通过解析.dynamic section来获取GOT地址，并覆盖对应表项

Executable and Linkable Format
这个帖子非常棒，详细阐述了动态链接的过程，包括link editor以及runtime dynamic link流程。只是可能时间比较久，其中的一些链接都失效了

Oracle Documentation

Executable and Linking Format Specification, Version 1.2
这两个链接都给出了一些较为官方的阐述，针对各个section，以及对应的取值等等，作为手册查询很好。

ELF概述

from Wiki
Executable and Linkable Format (ELF, formerly named Extensible Linking Format), is a common standard file format for executable files, object code, shared libraries, and core dumps.

              +-----------------+
         +----| ELF File Header |----+
         |    +-----------------+    |
         v                           v
 +-----------------+      +-----------------+
 | Program Headers |      | Section Headers |
 +-----------------+      +-----------------+
      ||                               ||
      ||                               ||
      ||                               ||
      ||   +------------------------+  ||
      +--> | Contents (Byte Stream) |<--+
           +------------------------+

ELF格式通常有linking view和execution view，即编译时，和运行时的不同。

我理解之所以要这么分成不同的view的原因是，运行时，内存比较宝贵，ELF文件被加载时，相关的节(section)被合并成segment。

segment列表[2]

section列表节选[2]

动态链接

我们知道当引用第三方库的时候，通常有两种链接方式，一种是动态链接，一种是静态链接。静态链接库在Windows上是.lib结尾的，在Linux平台上是.a结尾的。静态库不是一种可执行文件，而只是一些代码和数据打包（Archive）。当发生链接时，由链接器将其中的代码和数据分别放到最终的ELF文件的对应的节（section）。
而动态库是一种完全不一样的东西，动态库的行为更趋近于可执行文件。在Windows平台上，动态库文件以.dll结尾，在Linux平台上，动态库文件以.so结尾。
在Windows下，如果要进行动态链接，必须使用LoadLibrary函数打开一个.dll库文件，再用GetProcAddress获取具体函数的地址，进行调用。dll导出函数列表可以使用命令查看：dumpbin /exports <dll文件完整路径>。
Linux下也有类似的方式，就是可以用dlopen打开一个.so文件，再用dlsym找到对应的函数。但是Linux通常使用动态链接库的方式，是直接链接。例如：
gcc -L/lib -ltest main.c -o test
这就是在lib搜索路径下，找到libtest.so，并链接。注意这里默认先尝试动态链接，如果没有.so文件，会再尝试静态链接.a文件。如果都没有，就会报错。这也就是说Linux平台上，通过-l参数指定的链接参数，是默认尝试动态链接，其次才是静态链接。
如果想指定使用静态链接，可以用下面的命令：
gcc -L/lib -static -ltest main.c -o test
或者
gcc -L/lib libtest.a main.c -o test

How is an executable binary in Linux being executed ?[2]

1. sys_execve function (in arch/x86/kernel/process.c) handles the execvc system call from user space. It calls do_execve function.

2. do_execve function (in fs/exec.c) opens the executable binary file and does some preparation. It calls search_binary_handler function.

3. search_binary_handler function (in fs/exec.c) finds out the type of executable binary and calls the corresponding handler, which in our case, is load_elf_binary function.

4. load_elf_binary (in fs/binfmt_elf.c) loads the user's executable binary file into memory. It allocates memory segments and zeros out the BSS section by calling the padzero function.
   load_elf_binary also examines whether the user's executable binary contains an INTERP segment or not.

5. If the executable binary is dynamically linked, then the compiler will usually creates an INTERP segment (which is usually the same as .interp section in ELF's "linking view"), which contains the full pathname of an "interpreter", usually is the Glibc runtime linker ld.so.
   To see this, use command readelf -p .interp a.out

6. Thus, if the ELF executable binary file contains an INTERP segment, load_elf_binary will call load_elf_interp function to load the image of this interpreter as well.

7. Finally, load_elf_binary calls start_thread (in arch/x86/kernel/process_64.c) and passes control to either the interpreter or the user program.

这个1-7就是ELF文件被加载的过程，之后，再只要一个跳转语句，就可以真正的执行这个程序了。这里值得关注的就是第5步。如果被加载的二进制是动态链接生成的，即要么是动态链接库，要么是可执行文件，则加载时，内核会给ELF的内存镜像（即所谓的executing view）加一个INTERP段（segment）。而这个段就是所谓的runtime linker（compile时的linker，即ld，称为link editor），也就是ld.so。

ld.so

什么是ld.so? ld.so做了些啥？文献[2]都做了很好的说明。

ld.so is the runtime linker/loader (the compile-time linker ld is formally called "link editor") for dynamic executables. It provides the following services [2]:

• Analyzes the user's executable binary's DYNAMIC segment and determines what dependencies are required.
• Locates and loads these dependencies, analyzes their DYNAMIC segments to determine if more dependencies are required.
• Performs any necessary relocations to bind these objects.
• Calls any initialization functions (see below) provided by these dependencies.
• Passes control to user's executable binary.

How does ld.so work ?[2]

ld.so是用来加载所有的动态库的，所以ld.so本身不是动态加载的。ld.so的入口在_dl_start。可以通过gdb停在这个函数上。

(gdb) break _dl_start
Function "_dl_start" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (_dl_start) pending.
(gdb) run
Starting program: a.out

Breakpoint 1, 0x0000003433e00fa0 in _dl_start () from /lib64/ld-linux-x86-64.so.2
(gdb) bt
#0  0x0000003433e00fa0 in _dl_start () from /lib64/ld-linux-x86-64.so.2
#1  0x0000003433e00a78 in _start () from /lib64/ld-linux-x86-64.so.2
#2  0x0000000000000001 in ?? ()
#3  0x00007fffffffe4f2 in ?? ()
#4  0x0000000000000000 in ?? ()
...
(gdb) x/10i $pc
   0x3433e00a70 <_start>:       mov    %rsp,%rdi
   0x3433e00a73 <_start+3>:     callq  0x3433e00fa0 <_dl_start>
   0x3433e00a78 <_dl_start_user>:       mov    %rax,%r12
   0x3433e00a7b <_dl_start_user+3>:     mov    0x21b30b(%rip),%eax        # 0x343401bd8c <_dl_skip_args>
...

当_dl_start执行完后，ld.so就会为我们分析依赖关系，并加载起所有必需的动态库文件。

0000003434551000      4K rw---  /lib64/libc-2.5.so     <-- .got.plt .data sections

PLT & GOT

PLT = Procedure Linkage Table
GOT = Global Offsets Table
PLT表搭配GOT表就可以完成动态库函数的重定向。
当编译时，在链接阶段，编译器会查找函数定义，如果在所有的可重定向代码中，即.o、.a文件，无法找到函数定义，则会去链接指定的动态库.so文件中找。这里有两层意思：

1. 会优先查找有函数定义的，也就是说静态库或源文件中定义的函数是可以覆盖动态库中函数的
2. 编译器会为动态库中函数生成跳转代码。而这个跳转代码就是PLT表

可以用objdump -M intel -dj .plt a.out命令查看PLT表具体反编译代码，例如：

• 第一条汇编语句，就是跳转到GOT对应表项，当该表项尚未被填充时（函数第一次被调用），GOT表项会重新跳回到PLT表项的下一条汇编
• 第二条汇编语句，将函数编号push到栈上，此时是准备一次函数调用
• 第三条汇编语句，跳转到PLT表开始的地方。PLT第一个表项指向的是_dl_runtime_resolve函数，该函数会找到之前传入的函数编号对应的函数地址，并填充对应的GOT表项。

关于函数编号，举个例子，解释一下：

#include <stdio.h>
#include <fcntl.h>
int func(void)
{
    open("foo.txt", O_CREAT);
    fopen("foo.txt", "rw");
    printf("hello, in test.so\n");
    return 0;
}

这里引用了glibc里的3个函数，用readelf -r查看，则会得到下面的结果：

重定位节 '.rela.plt' at offset 0x508 contains 3 entries:
  偏移量          信息           类型           符号值        符号名称 + 加数
000000201018  000200000007 R_X86_64_JUMP_SLO 0000000000000000 puts@GLIBC_2.2.5 + 0
000000201020  000400000007 R_X86_64_JUMP_SLO 0000000000000000 open@GLIBC_2.2.5 + 0
000000201028  000500000007 R_X86_64_JUMP_SLO 0000000000000000 fopen@GLIBC_2.2.5 + 0

则puts对应的编号就是0，open是1，fopen是2。看看PLT表：

000000000000580 <puts@plt>:
 580:	ff 25 92 0a 20 00    	jmp    QWORD PTR [rip+0x200a92]        # 201018 <puts@GLIBC_2.2.5>
 586:	68 00 00 00 00       	push   0x0
 58b:	e9 e0 ff ff ff       	jmp    570 <.plt>

0000000000000590 <open@plt>:
 590:	ff 25 8a 0a 20 00    	jmp    QWORD PTR [rip+0x200a8a]        # 201020 <open@GLIBC_2.2.5>
 596:	68 01 00 00 00       	push   0x1
 59b:	e9 d0 ff ff ff       	jmp    570 <.plt>

00000000000005a0 <fopen@plt>:
 5a0:	ff 25 82 0a 20 00    	jmp    QWORD PTR [rip+0x200a82]        # 201028 <fopen@GLIBC_2.2.5>
 5a6:	68 02 00 00 00       	push   0x2
 5ab:	e9 c0 ff ff ff       	jmp    570 <.plt>

理解了PLT和GOT表在解析函数地址中的作用，就可以着手修改GOT表，让函数跳转到我们希望的函数执行。

替换GOT表项

正如前文所说，要做这个替换的操作，就是要找到GOT表对应的表项在哪里，然后修改对应的函数地址即可。这涉及到解析内存中的程序elf格式的镜像。

dynamic section

所有和重定向有关的信息都包含在dynamic section中，在elf的execution view中，也可以称作dynamic segment。实际上，这两者是同一个东西，只是存在的方式不同。当然，因为我们要做的是动态的GOT修改，所以我们要找到dynamic segment在内存中的位置。
由前文可知，要在execution view中查找段，应该要用到Programm Header Table（PHT）。通过objdump -x命令可以查看PHT表项。其中我们关心的就是DYNAMIC段。它包含了所有dynamic section的信息。代码里面，可以如下的获得dynamic。

// 1. 通过/proc/<pid>/maps得到elf加载的地址
    snprintf(filename, sizeof(filename), "/proc/%d/maps", pid);

    // 打开文件/proc/pid/maps，获取指定pid进程加载的内存模块信息
    fp = fopen(filename, "r");
    if(fp != NULL){
        // 每次一行，读取文件 /proc/pid/maps中内容
        while(fgets(line, sizeof(line), fp)){
            // 查找指定的so模块
            if(strstr(line, module_name)){
                // 分割字符串
                pch = strtok(line, "-");
                // 字符串转长整形
                addr = strtoul(pch, NULL, 16);
                break;
            }
        }
    }
    fclose(fp);
  
// 2. 通过遍历program header table，找到dynameic段
    unsigned long long dynamicAddr = 0;
    unsigned int dynamicSize = 0;
    int j = 0;
    for (j = 0; j < phdr_count; j++)
    {
        if (phdr_table[j].p_type == PT_DYNAMIC)
        {
            dynamicAddr = phdr_table[j].p_vaddr + (uint64_t)base_addr;
            dynamicSize = phdr_table[j].p_memsz;
            break;
        }
    }

relocation tables

通过objdump -h命令可以查看文件包含的section。和relocation相关的节有：

• .got
• .got.plt
• .plt
• rel(a).dyn
• rel(a).plt
• 其他rel(a).xxx节
  刚开始的时候，这些类似的节名很容易让人混淆。其实和我们目标真正相关的是rel(a).plt。其他的让我依次澄清一下。不过都是我个人的理解，可能有偏颇之处。
  先用readelf -S查看一下section header table。
  

PROGBITS is stored in the disk image, as opposed to allocated and initialized at load.
节区类型：PROGBITS-程序定义的信息，NOBITS-不占用文件空间(bss),REL-重定位表项

对于各节区，[2]中的解释为：

• .plt: For dynamic binaries, this Procedure Linkage Table holds the trampoline/linkage code. See paragraphs below.
• .got: For dynamic binaries, this Global Offset Table holds the addresses of variables which are relocated upon loading.
• .got.plt: For dynamic binaries, this Global Offset Table holds the addresses of functions in dynamic libraries. They are used by trampoline code in .plt section.

对于.plt.got区网上搜到的解释是：

• This just seems to contain code to jump to the first entry of the .got.

这里很容易让人有很混乱的感觉，又是.got.plt的, 又是.plt.got的。网络上也很难查到两者之间的联系和区别。根据我个人的实验经验，后文尝试解释一下。先对这几个节区做一个总结。

• 这4个都是编译时决定的，节类型都是PROGBITS。信息都是存在可执行文件里，而runtime可用的信息都是通过重定向得到的，即通过rel(a).xxx节区获得的内存地址中存储的数据
• 所有以.plt开头的节区，都是一些跳板代码。
• 所有以.got开头的节区，都是一些数据，存储着这些函数被resolve后最终的地址。
• .plt开头表项的跳板代码，就是跳转到对应的.got表项中决定最终的执行地址。

# table of a dynamic library (.so)
  [10] .plt              PROGBITS         0000000000000610  00000610
  [11] .plt.got          PROGBITS         0000000000000640  00000640
  [20] .got              PROGBITS         0000000000200fc0  00000fc0
  [21] .got.plt          PROGBITS         0000000000201000  00001000

.plt vs .plt.got

先上2个例子，分别是.plt和.plt.got节的。可以看出，这2个节都是一些跳转代码。按照前文的解释，.plt节表项就是需要动态链接的一些函数的跳板代码。跳转代码的目的地是GOT表项。然后通过runtime linker（ld.so)来完成函数地址的解析。
.plt.got的内容与.plt非常类似，也是一些跳板代码。而且jmpq指令后，没有push指令和另一条jmpq指令。这个节和.plt节到底有啥区别？啥时候会用到该节的跳转指令？

# .plt节举例
00000000000008c0 <fopen@plt>:
 8c0:	ff 25 ea 16 20 00    	jmpq   *0x2016ea(%rip)        # 201fb0 <fopen@GLIBC_2.2.5>
 8c6:	68 09 00 00 00       	pushq  $0x9
 8cb:	e9 50 ff ff ff       	jmpq   820 <.plt>


# .plt.got节举例
00000000000005d0 <fopen@plt>:
 5d0:	ff 25 12 0a 20 00    	jmpq   *0x200a12(%rip)        # 200fe8 <fopen@GLIBC_2.2.5>
 5d6:	66 90                	xchg   %ax,%ax

经过我的实验发现，当发生类似这种函数指针赋值时，动态链接函数就会出现在.plt.got节，同时.plt节中就不再包含这个函数。

FuncPuts old_puts = NULL;
old_puts = puts; // puts as a function pointer, assigned to a variable

当函数不在.plt节时，函数的跳转变成静态的了。用objdump -S对照汇编和源码，可以发现，对此类函数的调用就是跳转到对应的.plt.got表项。

puts("hello");
 751:   48 8d 3d 8c 00 00 00    lea    0x8c(%rip),%rdi        # 7e4 <_fini+0x14>
 758:   e8 e3 fe ff ff          callq  640 <puts@plt>
 
 # 对应的.plt.got表项
 0000000000000640 <puts@plt>:
 640:   ff 25 82 09 20 00       jmpq   *0x200982(%rip)        # 200fc8 <puts@GLIBC_2.2.5>
 646:   66 90                   xchg   %ax,%ax 

注: xchg %ax, %ax是一条NOP指令，参看Why does Visual Studio use xchg ax,ax

当只有.plt.got包含该函数表项时，我们的GOT替换魔法就失效了。所以如果想保存原函数指针，正确的做法应当是：

// Don't do like this.
// It will kick puts from .plt and put it into .plt.got.
// We might not be able to substitute its address via rel tables.
// old_puts = puts; 

// Below is RECOMMENDED!!!
if (old_puts == NULL) { // save original libc function pointer
    old_puts = (FuncPuts)*(uint64_t *)(rel_table[i].r_offset + base_addr);
}
*(uint64_t *)(rel_table[i].r_offset + base_addr) = (uint64_t)my_puts;

.got vs .got.plt

按照前文的解释，.got节存储的是需要动态resolve的变量（应当是动态库中定义的全局变量）。而.got.plt是对应.plt节的函数地址表项。
实际的实验结果是：

• 对于可执行文件，.got.plt不存在，而.plt表项直接跳转到.got表项执行。函数的GOT表位置（GLOBAL_OFFSET_TABLE）在0x201f50

> objdump -d --section=.plt mytest 

mytest：     文件格式 elf64-x86-64

Disassembly of section .plt:

0000000000000820 <.plt>:
 820:   ff 35 32 17 20 00       pushq  0x201732(%rip)        # 201f58 <_GLOBAL_OFFSET_TABLE_+0x8>
 826:   ff 25 34 17 20 00       jmpq   *0x201734(%rip)        # 201f60 <_GLOBAL_OFFSET_TABLE_+0x10>
 82c:   0f 1f 40 00             nopl   0x0(%rax)
 
 > objdump -d --section=.got mytest    

mytest：     文件格式 elf64-x86-64

Disassembly of section .got:

0000000000201f50 <_GLOBAL_OFFSET_TABLE_>:
  201f50:       50 1d 20 00 00 00 00 00 00 00 00 00 00 00 00 00
        ...

• 对于一个动态链接库文件，则如前文所述一致，即.got负责跳转变量，而.got.plt负责跳转函数。函数的GOT表位置（GLOBAL_OFFSET_TABLE）在0x201000

> objdump -d --section=.plt libtest.so    

libtest.so：     文件格式 elf64-x86-64

Disassembly of section .plt:

0000000000000610 <.plt>:
 610:   ff 35 f2 09 20 00       pushq  0x2009f2(%rip)        # 201008 <_GLOBAL_OFFSET_TABLE_+0x8>
 616:   ff 25 f4 09 20 00       jmpq   *0x2009f4(%rip)        # 201010 <_GLOBAL_OFFSET_TABLE_+0x10>
 61c:   0f 1f 40 00             nopl   0x0(%rax)

> objdump -d --section=.got.plt libtest.so    

libtest.so：     文件格式 elf64-x86-64

Disassembly of section .got.plt:

0000000000201000 <_GLOBAL_OFFSET_TABLE_>:
  201000:       00 0e 20 00 00 00 00 00 00 00 00 00 00 00 00 00 
        ...

但其实，我们需要关注的是重定向的表格，而不是直接查看.got和.got.plt节区。后文会进一步解释。而在真正的GOT表项替换中，可执行文件和动态链接库并没有表现出什么不同。

Rerwrite GOT

重写GOT表项的思路就是前面讲述的PLT+GOT动态解析函数地址的方法。而覆写的方法是通过重定向表格找到GOT表，并找到对应的表项索引，修改该索引处的内存。流程大致如下：

PHN2ZyBpZD0iZGFmeGI5YWFyMGEiIHdpZHRoPSIxMDAlIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHN0eWxlPSJtYXgtd2lkdGg6IDk1OS43MTg3NXB4OyIgdmlld0JveD0iMCAwIDk1OS43MTg3NSA5NTQuOTgxMjQ2OTQ4MjQyMiI+PHN0eWxlPgoKCiNkYWZ4YjlhYXIwYSAubGFiZWwgewogIGZvbnQtZmFtaWx5OiAndHJlYnVjaGV0IG1zJywgdmVyZGFuYSwgYXJpYWw7CiAgY29sb3I6ICMzMzM7IH0KCiNkYWZ4YjlhYXIwYSAubm9kZSByZWN0LAojZGFmeGI5YWFyMGEgLm5vZGUgY2lyY2xlLAojZGFmeGI5YWFyMGEgLm5vZGUgZWxsaXBzZSwKI2RhZnhiOWFhcjBhIC5ub2RlIHBvbHlnb24gewogIGZpbGw6ICNFQ0VDRkY7CiAgc3Ryb2tlOiAjOTM3MERCOwogIHN0cm9rZS13aWR0aDogMXB4OyB9CgojZGFmeGI5YWFyMGEgLm5vZGUuY2xpY2thYmxlIHsKICBjdXJzb3I6IHBvaW50ZXI7IH0KCiNkYWZ4YjlhYXIwYSAuYXJyb3doZWFkUGF0aCB7CiAgZmlsbDogIzMzMzMzMzsgfQoKI2RhZnhiOWFhcjBhIC5lZGdlUGF0aCAucGF0aCB7CiAgc3Ryb2tlOiAjMzMzMzMzOwogIHN0cm9rZS13aWR0aDogMS41cHg7IH0KCiNkYWZ4YjlhYXIwYSAuZWRnZUxhYmVsIHsKICBiYWNrZ3JvdW5kLWNvbG9yOiAjZThlOGU4OyB9CgojZGFmeGI5YWFyMGEgLmNsdXN0ZXIgcmVjdCB7CiAgZmlsbDogI2ZmZmZkZSAhaW1wb3J0YW50OwogIHN0cm9rZTogI2FhYWEzMyAhaW1wb3J0YW50OwogIHN0cm9rZS13aWR0aDogMXB4ICFpbXBvcnRhbnQ7IH0KCiNkYWZ4YjlhYXIwYSAuY2x1c3RlciB0ZXh0IHsKICBmaWxsOiAjMzMzOyB9CgojZGFmeGI5YWFyMGEgZGl2Lm1lcm1haWRUb29sdGlwIHsKICBwb3NpdGlvbjogYWJzb2x1dGU7CiAgdGV4dC1hbGlnbjogY2VudGVyOwogIG1heC13aWR0aDogMjAwcHg7CiAgcGFkZGluZzogMnB4OwogIGZvbnQtZmFtaWx5OiAndHJlYnVjaGV0IG1zJywgdmVyZGFuYSwgYXJpYWw7CiAgZm9udC1zaXplOiAxMnB4OwogIGJhY2tncm91bmQ6ICNmZmZmZGU7CiAgYm9yZGVyOiAxcHggc29saWQgI2FhYWEzMzsKICBib3JkZXItcmFkaXVzOiAycHg7CiAgcG9pbnRlci1ldmVudHM6IG5vbmU7CiAgei1pbmRleDogMTAwOyB9CgojZGFmeGI5YWFyMGEgLmFjdG9yIHsKICBzdHJva2U6ICNDQ0NDRkY7CiAgZmlsbDogI0VDRUNGRjsgfQoKI2RhZnhiOWFhcjBhIHRleHQuYWN0b3IgewogIGZpbGw6IGJsYWNrOwogIHN0cm9rZTogbm9uZTsgfQoKI2RhZnhiOWFhcjBhIC5hY3Rvci1saW5lIHsKICBzdHJva2U6IGdyZXk7IH0KCiNkYWZ4YjlhYXIwYSAubWVzc2FnZUxpbmUwIHsKICBzdHJva2Utd2lkdGg6IDEuNTsKICBzdHJva2UtZGFzaGFycmF5OiAnMiAyJzsKICBzdHJva2U6ICMzMzM7IH0KCiNkYWZ4YjlhYXIwYSAubWVzc2FnZUxpbmUxIHsKICBzdHJva2Utd2lkdGg6IDEuNTsKICBzdHJva2UtZGFzaGFycmF5OiAnMiAyJzsKICBzdHJva2U6ICMzMzM7IH0KCiNkYWZ4YjlhYXIwYSAjYXJyb3doZWFkIHsKICBmaWxsOiAjMzMzOyB9CgojZGFmeGI5YWFyMGEgI2Nyb3NzaGVhZCBwYXRoIHsKICBmaWxsOiAjMzMzICFpbXBvcnRhbnQ7CiAgc3Ryb2tlOiAjMzMzICFpbXBvcnRhbnQ7IH0KCiNkYWZ4YjlhYXIwYSAubWVzc2FnZVRleHQgewogIGZpbGw6ICMzMzM7CiAgc3Ryb2tlOiBub25lOyB9CgojZGFmeGI5YWFyMGEgLmxhYmVsQm94IHsKICBzdHJva2U6ICNDQ0NDRkY7CiAgZmlsbDogI0VDRUNGRjsgfQoKI2RhZnhiOWFhcjBhIC5sYWJlbFRleHQgewogIGZpbGw6IGJsYWNrOwogIHN0cm9rZTogbm9uZTsgfQoKI2RhZnhiOWFhcjBhIC5sb29wVGV4dCB7CiAgZmlsbDogYmxhY2s7CiAgc3Ryb2tlOiBub25lOyB9CgojZGFmeGI5YWFyMGEgLmxvb3BMaW5lIHsKICBzdHJva2Utd2lkdGg6IDI7CiAgc3Ryb2tlLWRhc2hhcnJheTogJzIgMic7CiAgc3Ryb2tlOiAjQ0NDQ0ZGOyB9CgojZGFmeGI5YWFyMGEgLm5vdGUgewogIHN0cm9rZTogI2FhYWEzMzsKICBmaWxsOiAjZmZmNWFkOyB9CgojZGFmeGI5YWFyMGEgLm5vdGVUZXh0IHsKICBmaWxsOiBibGFjazsKICBzdHJva2U6IG5vbmU7CiAgZm9udC1mYW1pbHk6ICd0cmVidWNoZXQgbXMnLCB2ZXJkYW5hLCBhcmlhbDsKICBmb250LXNpemU6IDE0cHg7IH0KCiNkYWZ4YjlhYXIwYSAuYWN0aXZhdGlvbjAgewogIGZpbGw6ICNmNGY0ZjQ7CiAgc3Ryb2tlOiAjNjY2OyB9CgojZGFmeGI5YWFyMGEgLmFjdGl2YXRpb24xIHsKICBmaWxsOiAjZjRmNGY0OwogIHN0cm9rZTogIzY2NjsgfQoKI2RhZnhiOWFhcjBhIC5hY3RpdmF0aW9uMiB7CiAgZmlsbDogI2Y0ZjRmNDsKICBzdHJva2U6ICM2NjY7IH0KCgojZGFmeGI5YWFyMGEgLnNlY3Rpb24gewogIHN0cm9rZTogbm9uZTsKICBvcGFjaXR5OiAwLjI7IH0KCiNkYWZ4YjlhYXIwYSAuc2VjdGlvbjAgewogIGZpbGw6IHJnYmEoMTAyLCAxMDIsIDI1NSwgMC40OSk7IH0KCiNkYWZ4YjlhYXIwYSAuc2VjdGlvbjIgewogIGZpbGw6ICNmZmY0MDA7IH0KCiNkYWZ4YjlhYXIwYSAuc2VjdGlvbjEsCiNkYWZ4YjlhYXIwYSAuc2VjdGlvbjMgewogIGZpbGw6IHdoaXRlOwogIG9wYWNpdHk6IDAuMjsgfQoKI2RhZnhiOWFhcjBhIC5zZWN0aW9uVGl0bGUwIHsKICBmaWxsOiAjMzMzOyB9CgojZGFmeGI5YWFyMGEgLnNlY3Rpb25UaXRsZTEgewogIGZpbGw6ICMzMzM7IH0KCiNkYWZ4YjlhYXIwYSAuc2VjdGlvblRpdGxlMiB7CiAgZmlsbDogIzMzMzsgfQoKI2RhZnhiOWFhcjBhIC5zZWN0aW9uVGl0bGUzIHsKICBmaWxsOiAjMzMzOyB9CgojZGFmeGI5YWFyMGEgLnNlY3Rpb25UaXRsZSB7CiAgdGV4dC1hbmNob3I6IHN0YXJ0OwogIGZvbnQtc2l6ZTogMTFweDsKICB0ZXh0LWhlaWdodDogMTRweDsgfQoKCiNkYWZ4YjlhYXIwYSAuZ3JpZCAudGljayB7CiAgc3Ryb2tlOiBsaWdodGdyZXk7CiAgb3BhY2l0eTogMC4zOwogIHNoYXBlLXJlbmRlcmluZzogY3Jpc3BFZGdlczsgfQoKI2RhZnhiOWFhcjBhIC5ncmlkIHBhdGggewogIHN0cm9rZS13aWR0aDogMDsgfQoKCiNkYWZ4YjlhYXIwYSAudG9kYXkgewogIGZpbGw6IG5vbmU7CiAgc3Ryb2tlOiByZWQ7CiAgc3Ryb2tlLXdpZHRoOiAycHg7IH0KCgoKI2RhZnhiOWFhcjBhIC50YXNrIHsKICBzdHJva2Utd2lkdGg6IDI7IH0KCiNkYWZ4YjlhYXIwYSAudGFza1RleHQgewogIHRleHQtYW5jaG9yOiBtaWRkbGU7CiAgZm9udC1zaXplOiAxMXB4OyB9CgojZGFmeGI5YWFyMGEgLnRhc2tUZXh0T3V0c2lkZVJpZ2h0IHsKICBmaWxsOiBibGFjazsKICB0ZXh0LWFuY2hvcjogc3RhcnQ7CiAgZm9udC1zaXplOiAxMXB4OyB9CgojZGFmeGI5YWFyMGEgLnRhc2tUZXh0T3V0c2lkZUxlZnQgewogIGZpbGw6IGJsYWNrOwogIHRleHQtYW5jaG9yOiBlbmQ7CiAgZm9udC1zaXplOiAxMXB4OyB9CgoKI2RhZnhiOWFhcjBhIC50YXNrVGV4dDAsCiNkYWZ4YjlhYXIwYSAudGFza1RleHQxLAojZGFmeGI5YWFyMGEgLnRhc2tUZXh0MiwKI2RhZnhiOWFhcjBhIC50YXNrVGV4dDMgewogIGZpbGw6IHdoaXRlOyB9CgojZGFmeGI5YWFyMGEgLnRhc2swLAojZGFmeGI5YWFyMGEgLnRhc2sxLAojZGFmeGI5YWFyMGEgLnRhc2syLAojZGFmeGI5YWFyMGEgLnRhc2szIHsKICBmaWxsOiAjOGE5MGRkOwogIHN0cm9rZTogIzUzNGZiYzsgfQoKI2RhZnhiOWFhcjBhIC50YXNrVGV4dE91dHNpZGUwLAojZGFmeGI5YWFyMGEgLnRhc2tUZXh0T3V0c2lkZTIgewogIGZpbGw6IGJsYWNrOyB9CgojZGFmeGI5YWFyMGEgLnRhc2tUZXh0T3V0c2lkZTEsCiNkYWZ4YjlhYXIwYSAudGFza1RleHRPdXRzaWRlMyB7CiAgZmlsbDogYmxhY2s7IH0KCgojZGFmeGI5YWFyMGEgLmFjdGl2ZTAsCiNkYWZ4YjlhYXIwYSAuYWN0aXZlMSwKI2RhZnhiOWFhcjBhIC5hY3RpdmUyLAojZGFmeGI5YWFyMGEgLmFjdGl2ZTMgewogIGZpbGw6ICNiZmM3ZmY7CiAgc3Ryb2tlOiAjNTM0ZmJjOyB9CgojZGFmeGI5YWFyMGEgLmFjdGl2ZVRleHQwLAojZGFmeGI5YWFyMGEgLmFjdGl2ZVRleHQxLAojZGFmeGI5YWFyMGEgLmFjdGl2ZVRleHQyLAojZGFmeGI5YWFyMGEgLmFjdGl2ZVRleHQzIHsKICBmaWxsOiBibGFjayAhaW1wb3J0YW50OyB9CgoKI2RhZnhiOWFhcjBhIC5kb25lMCwKI2RhZnhiOWFhcjBhIC5kb25lMSwKI2RhZnhiOWFhcjBhIC5kb25lMiwKI2RhZnhiOWFhcjBhIC5kb25lMyB7CiAgc3Ryb2tlOiBncmV5OwogIGZpbGw6IGxpZ2h0Z3JleTsKICBzdHJva2Utd2lkdGg6IDI7IH0KCiNkYWZ4YjlhYXIwYSAuZG9uZVRleHQwLAojZGFmeGI5YWFyMGEgLmRvbmVUZXh0MSwKI2RhZnhiOWFhcjBhIC5kb25lVGV4dDIsCiNkYWZ4YjlhYXIwYSAuZG9uZVRleHQzIHsKICBmaWxsOiBibGFjayAhaW1wb3J0YW50OyB9CgoKI2RhZnhiOWFhcjBhIC5jcml0MCwKI2RhZnhiOWFhcjBhIC5jcml0MSwKI2RhZnhiOWFhcjBhIC5jcml0MiwKI2RhZnhiOWFhcjBhIC5jcml0MyB7CiAgc3Ryb2tlOiAjZmY4ODg4OwogIGZpbGw6IHJlZDsKICBzdHJva2Utd2lkdGg6IDI7IH0KCiNkYWZ4YjlhYXIwYSAuYWN0aXZlQ3JpdDAsCiNkYWZ4YjlhYXIwYSAuYWN0aXZlQ3JpdDEsCiNkYWZ4YjlhYXIwYSAuYWN0aXZlQ3JpdDIsCiNkYWZ4YjlhYXIwYSAuYWN0aXZlQ3JpdDMgewogIHN0cm9rZTogI2ZmODg4ODsKICBmaWxsOiAjYmZjN2ZmOwogIHN0cm9rZS13aWR0aDogMjsgfQoKI2RhZnhiOWFhcjBhIC5kb25lQ3JpdDAsCiNkYWZ4YjlhYXIwYSAuZG9uZUNyaXQxLAojZGFmeGI5YWFyMGEgLmRvbmVDcml0MiwKI2RhZnhiOWFhcjBhIC5kb25lQ3JpdDMgewogIHN0cm9rZTogI2ZmODg4ODsKICBmaWxsOiBsaWdodGdyZXk7CiAgc3Ryb2tlLXdpZHRoOiAyOwogIGN1cnNvcjogcG9pbnRlcjsKICBzaGFwZS1yZW5kZXJpbmc6IGNyaXNwRWRnZXM7IH0KCiNkYWZ4YjlhYXIwYSAuZG9uZUNyaXRUZXh0MCwKI2RhZnhiOWFhcjBhIC5kb25lQ3JpdFRleHQxLAojZGFmeGI5YWFyMGEgLmRvbmVDcml0VGV4dDIsCiNkYWZ4YjlhYXIwYSAuZG9uZUNyaXRUZXh0MyB7CiAgZmlsbDogYmxhY2sgIWltcG9ydGFudDsgfQoKI2RhZnhiOWFhcjBhIC5hY3RpdmVDcml0VGV4dDAsCiNkYWZ4YjlhYXIwYSAuYWN0aXZlQ3JpdFRleHQxLAojZGFmeGI5YWFyMGEgLmFjdGl2ZUNyaXRUZXh0MiwKI2RhZnhiOWFhcjBhIC5hY3RpdmVDcml0VGV4dDMgewogIGZpbGw6IGJsYWNrICFpbXBvcnRhbnQ7IH0KCiNkYWZ4YjlhYXIwYSAudGl0bGVUZXh0IHsKICB0ZXh0LWFuY2hvcjogbWlkZGxlOwogIGZvbnQtc2l6ZTogMThweDsKICBmaWxsOiBibGFjazsgfQoKI2RhZnhiOWFhcjBhIGcuY2xhc3NHcm91cCB0ZXh0IHsKICBmaWxsOiAjOTM3MERCOwogIHN0cm9rZTogbm9uZTsKICBmb250LWZhbWlseTogJ3RyZWJ1Y2hldCBtcycsIHZlcmRhbmEsIGFyaWFsOwogIGZvbnQtc2l6ZTogMTBweDsgfQoKI2RhZnhiOWFhcjBhIGcuY2xhc3NHcm91cCByZWN0IHsKICBmaWxsOiAjRUNFQ0ZGOwogIHN0cm9rZTogIzkzNzBEQjsgfQoKI2RhZnhiOWFhcjBhIGcuY2xhc3NHcm91cCBsaW5lIHsKICBzdHJva2U6ICM5MzcwREI7CiAgc3Ryb2tlLXdpZHRoOiAxOyB9CgojZGFmeGI5YWFyMGEgLmNsYXNzTGFiZWwgLmJveCB7CiAgc3Ryb2tlOiBub25lOwogIHN0cm9rZS13aWR0aDogMDsKICBmaWxsOiAjRUNFQ0ZGOwogIG9wYWNpdHk6IDAuNTsgfQoKI2RhZnhiOWFhcjBhIC5jbGFzc0xhYmVsIC5sYWJlbCB7CiAgZmlsbDogIzkzNzBEQjsKICBmb250LXNpemU6IDEwcHg7IH0KCiNkYWZ4YjlhYXIwYSAucmVsYXRpb24gewogIHN0cm9rZTogIzkzNzBEQjsKICBzdHJva2Utd2lkdGg6IDE7CiAgZmlsbDogbm9uZTsgfQoKI2RhZnhiOWFhcjBhICNjb21wb3NpdGlvblN0YXJ0IHsKICBmaWxsOiAjOTM3MERCOwogIHN0cm9rZTogIzkzNzBEQjsKICBzdHJva2Utd2lkdGg6IDE7IH0KCiNkYWZ4YjlhYXIwYSAjY29tcG9zaXRpb25FbmQgewogIGZpbGw6ICM5MzcwREI7CiAgc3Ryb2tlOiAjOTM3MERCOwogIHN0cm9rZS13aWR0aDogMTsgfQoKI2RhZnhiOWFhcjBhICNhZ2dyZWdhdGlvblN0YXJ0IHsKICBmaWxsOiAjRUNFQ0ZGOwogIHN0cm9rZTogIzkzNzBEQjsKICBzdHJva2Utd2lkdGg6IDE7IH0KCiNkYWZ4YjlhYXIwYSAjYWdncmVnYXRpb25FbmQgewogIGZpbGw6ICNFQ0VDRkY7CiAgc3Ryb2tlOiAjOTM3MERCOwogIHN0cm9rZS13aWR0aDogMTsgfQoKI2RhZnhiOWFhcjBhICNkZXBlbmRlbmN5U3RhcnQgewogIGZpbGw6ICM5MzcwREI7CiAgc3Ryb2tlOiAjOTM3MERCOwogIHN0cm9rZS13aWR0aDogMTsgfQoKI2RhZnhiOWFhcjBhICNkZXBlbmRlbmN5RW5kIHsKICBmaWxsOiAjOTM3MERCOwogIHN0cm9rZTogIzkzNzBEQjsKICBzdHJva2Utd2lkdGg6IDE7IH0KCiNkYWZ4YjlhYXIwYSAjZXh0ZW5zaW9uU3RhcnQgewogIGZpbGw6ICM5MzcwREI7CiAgc3Ryb2tlOiAjOTM3MERCOwogIHN0cm9rZS13aWR0aDogMTsgfQoKI2RhZnhiOWFhcjBhICNleHRlbnNpb25FbmQgewogIGZpbGw6ICM5MzcwREI7CiAgc3Ryb2tlOiAjOTM3MERCOwogIHN0cm9rZS13aWR0aDogMTsgfQoKI2RhZnhiOWFhcjBhIC5jb21taXQtaWQsCiNkYWZ4YjlhYXIwYSAuY29tbWl0LW1zZywKI2RhZnhiOWFhcjBhIC5icmFuY2gtbGFiZWwgewogIGZpbGw6IGxpZ2h0Z3JleTsKICBjb2xvcjogbGlnaHRncmV5OyB9CgoKCiNkYWZ4YjlhYXIwYSAubGFiZWx7CiAgY29sb3I6IzE4QjE0RTsKfQojZGFmeGI5YWFyMGEgLnRlLW1kLWNvbnRhaW5lci0tZGFyayAubm9kZSByZWN0IHsKICBmaWxsOiByZWQ7Cn0KCiNkYWZ4YjlhYXIwYSAubm9kZSByZWN0LAojZGFmeGI5YWFyMGEgLm5vZGUgY2lyY2xlLAojZGFmeGI5YWFyMGEgLm5vZGUgZWxsaXBzZSwKI2RhZnhiOWFhcjBhIC5ub2RlIHBvbHlnb24gewogIGZpbGw6ICNGOUZGRkI7OwogIHN0cm9rZTogIzJEQkQ2MDsKICBzdHJva2Utd2lkdGg6IDEuNXB4Owp9CiNkYWZ4YjlhYXIwYSAuYXJyb3doZWFkUGF0aHsKICBmaWxsOiAjMkRCRDYwOwp9CiNkYWZ4YjlhYXIwYSAuZWRnZVBhdGggLnBhdGggewogIHN0cm9rZTogIzJEQkQ2MDsKICBzdHJva2Utd2lkdGg6IDFweDsKfQojZGFmeGI5YWFyMGEgLmVkZ2VMYWJlbCB7CiAgYmFja2dyb3VuZC1jb2xvcjogI2ZmZjsKfQojZGFmeGI5YWFyMGEgLmNsdXN0ZXIgcmVjdCB7CiAgZmlsbDogI0Y5RkZGQiAhaW1wb3J0YW50OwogIHN0cm9rZTogIzJEQkQ2MCAhaW1wb3J0YW50OwogIHN0cm9rZS13aWR0aDogMXB4ICFpbXBvcnRhbnQ7Cn0KCiNkYWZ4YjlhYXIwYSAuY2x1c3RlciB0ZXh0IHsKICBmaWxsOiAjRjlGRkZCOwp9CgojZGFmeGI5YWFyMGEgZGl2Lm1lcm1haWRUb29sdGlwIHsKICBiYWNrZ3JvdW5kOiAjRjlGRkZCOwogIGJvcmRlcjogMXB4IHNvbGlkICMyREJENjA7Cn0KCgojZGFmeGI5YWFyMGEgLmFjdG9yIHsKICBzdHJva2U6ICMyREJENjA7CiAgZmlsbDogI0Y5RkZGQjsKfQoKI2RhZnhiOWFhcjBhIHRleHQuYWN0b3IgewogIGZpbGw6ICMyREJENjA7CiAgc3Ryb2tlOiBub25lOwp9CgojZGFmeGI5YWFyMGEgLmFjdG9yLWxpbmUgewogIHN0cm9rZTogIzJEQkQ2MDsKfQoKI2RhZnhiOWFhcjBhIC5tZXNzYWdlTGluZTAgewogIHN0cm9rZS13aWR0aDogMS41OwogIHN0cm9rZS1kYXNoYXJyYXk6ICcyIDInOwogIG1hcmtlci1lbmQ6ICd1cmwoI2Fycm93aGVhZCknOwogIHN0cm9rZTogIzJEQkQ2MDsKfQoKI2RhZnhiOWFhcjBhIC5tZXNzYWdlTGluZTEgewogIHN0cm9rZS13aWR0aDogMS41OwogIHN0cm9rZS1kYXNoYXJyYXk6ICcyIDInOwogIHN0cm9rZTogIzJEQkQ2MDsKfQoKI2RhZnhiOWFhcjBhICNhcnJvd2hlYWQgewogIGZpbGw6ICMyREJENjA7Cn0KCiNkYWZ4YjlhYXIwYSAjY3Jvc3NoZWFkIHBhdGggewogIGZpbGw6ICMyREJENjAgIWltcG9ydGFudDsKICBzdHJva2U6ICMyREJENjAgIWltcG9ydGFudDsKfQoKI2RhZnhiOWFhcjBhIC5tZXNzYWdlVGV4dCB7CiAgZmlsbDogIzJEQkQ2MDsKICBzdHJva2U6IG5vbmU7Cn0KCiNkYWZ4YjlhYXIwYSAubGFiZWxCb3ggewogIHN0cm9rZTogIzJEQkQ2MDsKICBmaWxsOiAjRjlGRkZCOwp9CgojZGFmeGI5YWFyMGEgLmxhYmVsVGV4dCB7CiAgZmlsbDogIzJEQkQ2MDsKICBzdHJva2U6ICMyREJENjA7Cn0KCiNkYWZ4YjlhYXIwYSAubG9vcFRleHQgewogIGZpbGw6ICMyREJENjA7CiAgc3Ryb2tlOiAjMkRCRDYwOwp9CgojZGFmeGI5YWFyMGEgLmxvb3BMaW5lIHsKICBzdHJva2Utd2lkdGg6IDI7CiAgc3Ryb2tlLWRhc2hhcnJheTogJzIgMic7CiAgbWFya2VyLWVuZDogJ3VybCgjYXJyb3doZWFkKSc7CiAgc3Ryb2tlOiAjMkRCRDYwOwp9CgojZGFmeGI5YWFyMGEgLm5vdGUgewogIHN0cm9rZTogIzJEQkQ2MDsKICBmaWxsOiAjRjlGRkZCOwp9CgojZGFmeGI5YWFyMGEgLm5vdGVUZXh0IHsKICBmaWxsOiAjMkRCRDYwOwogIHN0cm9rZTogIzJEQkQ2MDsKfQoKCiNkYWZ4YjlhYXIwYSAuc2VjdGlvbnsKICBvcGFjaXR5OjE7Cn0KI2RhZnhiOWFhcjBhIC5zZWN0aW9uMCwjZGFmeGI5YWFyMGEgIC5zZWN0aW9uMiB7CiAgZmlsbDogI0VDRjdGMDsKfQoKI2RhZnhiOWFhcjBhIC5zZWN0aW9uMSwKI2RhZnhiOWFhcjBhIC5zZWN0aW9uMyB7CiAgZmlsbDogI0ZGRjsKfQojZGFmeGI5YWFyMGEgLnRhc2tUZXh0MCwKI2RhZnhiOWFhcjBhIC50YXNrVGV4dDEsCiNkYWZ4YjlhYXIwYSAudGFza1RleHQyLAojZGFmeGI5YWFyMGEgLnRhc2tUZXh0MyB7CiAgZmlsbDogI2ZmZjsKfQoKI2RhZnhiOWFhcjBhIC50YXNrMCwKI2RhZnhiOWFhcjBhIC50YXNrMSwKI2RhZnhiOWFhcjBhIC50YXNrMiwKI2RhZnhiOWFhcjBhIC50YXNrMyB7CiAgZmlsbDogIzJEQkQ2MDsKICBzdHJva2U6ICMzNTlGNUE7Cn0KPC9zdHlsZT48c3R5bGU+I2RhZnhiOWFhcjBhIHsKICAgIGNvbG9yOiByZ2IoMjQ0LCAyNDQsIDI0NCk7CiAgICBmb250OiBub3JtYWwgbm9ybWFsIG5vcm1hbCBub3JtYWwgMTRweC8yMi4zOTk5OTk2MTg1MzAyNzNweCBtb25vc3BhY2U7CiAgfTwvc3R5bGU+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTEyLCAtMTIpIj48ZyBjbGFzcz0ib3V0cHV0Ij48ZyBjbGFzcz0iY2x1c3RlcnMiPjwvZz48ZyBjbGFzcz0iZWRnZVBhdGhzIj48ZyBjbGFzcz0iZWRnZVBhdGgiIHN0eWxlPSJvcGFjaXR5OiAxOyI+PHBhdGggY2xhc3M9InBhdGgiIGQ9Ik00NzAuMDExNzE4NzUsNTYuMjgxMjVMNDcwLjAxMTcxODc1LDgxLjI4MTI1TDQ3MC4wMTE3MTg3NSwxMDYuMjgxMjUiIG1hcmtlci1lbmQ9InVybCgjYXJyb3doZWFkNDMyNikiIHN0eWxlPSJzdHJva2U6ICMzMzM7IHN0cm9rZS13aWR0aDogMS41cHg7ZmlsbDpub25lIj48L3BhdGg+PGRlZnM+PG1hcmtlciBpZD0iYXJyb3doZWFkNDMyNiIgdmlld0JveD0iMCAwIDEwIDEwIiByZWZYPSI5IiByZWZZPSI1IiBtYXJrZXJVbml0cz0ic3Ryb2tlV2lkdGgiIG1hcmtlcldpZHRoPSI4IiBtYXJrZXJIZWlnaHQ9IjYiIG9yaWVudD0iYXV0byI+PHBhdGggZD0iTSAwIDAgTCAxMCA1IEwgMCAxMCB6IiBjbGFzcz0iYXJyb3doZWFkUGF0aCIgc3R5bGU9InN0cm9rZS13aWR0aDogMXB4OyBzdHJva2UtZGFzaGFycmF5OiAxcHgsIDBweDsiPjwvcGF0aD48L21hcmtlcj48L2RlZnM+PC9nPjxnIGNsYXNzPSJlZGdlUGF0aCIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cGF0aCBjbGFzcz0icGF0aCIgZD0iTTQ3MC4wMTE3MTg3NSwxNDIuNTYyNUw0NzAuMDExNzE4NzUsMTY3LjU2MjVMNDcwLjAxMTcxODc1LDE5Mi41NjI1IiBtYXJrZXItZW5kPSJ1cmwoI2Fycm93aGVhZDQzMjcpIiBzdHlsZT0ic3Ryb2tlOiAjMzMzOyBzdHJva2Utd2lkdGg6IDEuNXB4O2ZpbGw6bm9uZSI+PC9wYXRoPjxkZWZzPjxtYXJrZXIgaWQ9ImFycm93aGVhZDQzMjciIHZpZXdCb3g9IjAgMCAxMCAxMCIgcmVmWD0iOSIgcmVmWT0iNSIgbWFya2VyVW5pdHM9InN0cm9rZVdpZHRoIiBtYXJrZXJXaWR0aD0iOCIgbWFya2VySGVpZ2h0PSI2IiBvcmllbnQ9ImF1dG8iPjxwYXRoIGQ9Ik0gMCAwIEwgMTAgNSBMIDAgMTAgeiIgY2xhc3M9ImFycm93aGVhZFBhdGgiIHN0eWxlPSJzdHJva2Utd2lkdGg6IDFweDsgc3Ryb2tlLWRhc2hhcnJheTogMXB4LCAwcHg7Ij48L3BhdGg+PC9tYXJrZXI+PC9kZWZzPjwvZz48ZyBjbGFzcz0iZWRnZVBhdGgiIHN0eWxlPSJvcGFjaXR5OiAxOyI+PHBhdGggY2xhc3M9InBhdGgiIGQ9Ik00MjEuMzIwNzk2MzYwMDE0NDcsMjI4Ljg0Mzc1TDM1NC4yMTg3NSwyNTMuODQzNzVMMzU0LjIxODc1LDI3OC44NDM3NSIgbWFya2VyLWVuZD0idXJsKCNhcnJvd2hlYWQ0MzI4KSIgc3R5bGU9InN0cm9rZTogIzMzMzsgc3Ryb2tlLXdpZHRoOiAxLjVweDtmaWxsOm5vbmUiPjwvcGF0aD48ZGVmcz48bWFya2VyIGlkPSJhcnJvd2hlYWQ0MzI4IiB2aWV3Qm94PSIwIDAgMTAgMTAiIHJlZlg9IjkiIHJlZlk9IjUiIG1hcmtlclVuaXRzPSJzdHJva2VXaWR0aCIgbWFya2VyV2lkdGg9IjgiIG1hcmtlckhlaWdodD0iNiIgb3JpZW50PSJhdXRvIj48cGF0aCBkPSJNIDAgMCBMIDEwIDUgTCAwIDEwIHoiIGNsYXNzPSJhcnJvd2hlYWRQYXRoIiBzdHlsZT0ic3Ryb2tlLXdpZHRoOiAxcHg7IHN0cm9rZS1kYXNoYXJyYXk6IDFweCwgMHB4OyI+PC9wYXRoPjwvbWFya2VyPjwvZGVmcz48L2c+PGcgY2xhc3M9ImVkZ2VQYXRoIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxwYXRoIGNsYXNzPSJwYXRoIiBkPSJNNTE4LjcwMjY0MTEzOTk4NTUsMjI4Ljg0Mzc1TDU4NS44MDQ2ODc1LDI1My44NDM3NUw1ODUuODA0Njg3NSwyNzguODQzNzUiIG1hcmtlci1lbmQ9InVybCgjYXJyb3doZWFkNDMyOSkiIHN0eWxlPSJzdHJva2U6ICMzMzM7IHN0cm9rZS13aWR0aDogMS41cHg7ZmlsbDpub25lIj48L3BhdGg+PGRlZnM+PG1hcmtlciBpZD0iYXJyb3doZWFkNDMyOSIgdmlld0JveD0iMCAwIDEwIDEwIiByZWZYPSI5IiByZWZZPSI1IiBtYXJrZXJVbml0cz0ic3Ryb2tlV2lkdGgiIG1hcmtlcldpZHRoPSI4IiBtYXJrZXJIZWlnaHQ9IjYiIG9yaWVudD0iYXV0byI+PHBhdGggZD0iTSAwIDAgTCAxMCA1IEwgMCAxMCB6IiBjbGFzcz0iYXJyb3doZWFkUGF0aCIgc3R5bGU9InN0cm9rZS13aWR0aDogMXB4OyBzdHJva2UtZGFzaGFycmF5OiAxcHgsIDBweDsiPjwvcGF0aD48L21hcmtlcj48L2RlZnM+PC9nPjxnIGNsYXNzPSJlZGdlUGF0aCIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cGF0aCBjbGFzcz0icGF0aCIgZD0iTTMyMy41OTc2NTYyNSwyMjguNjM5NjYzNzY1NTE1NjVMMTE3Ljg1OTM3NSwyNTMuODQzNzVMMTE3Ljg1OTM3NSwyNzguODQzNzUiIG1hcmtlci1lbmQ9InVybCgjYXJyb3doZWFkNDMzMCkiIHN0eWxlPSJzdHJva2U6ICMzMzM7IHN0cm9rZS13aWR0aDogMS41cHg7ZmlsbDpub25lIj48L3BhdGg+PGRlZnM+PG1hcmtlciBpZD0iYXJyb3doZWFkNDMzMCIgdmlld0JveD0iMCAwIDEwIDEwIiByZWZYPSI5IiByZWZZPSI1IiBtYXJrZXJVbml0cz0ic3Ryb2tlV2lkdGgiIG1hcmtlcldpZHRoPSI4IiBtYXJrZXJIZWlnaHQ9IjYiIG9yaWVudD0iYXV0byI+PHBhdGggZD0iTSAwIDAgTCAxMCA1IEwgMCAxMCB6IiBjbGFzcz0iYXJyb3doZWFkUGF0aCIgc3R5bGU9InN0cm9rZS13aWR0aDogMXB4OyBzdHJva2UtZGFzaGFycmF5OiAxcHgsIDBweDsiPjwvcGF0aD48L21hcmtlcj48L2RlZnM+PC9nPjxnIGNsYXNzPSJlZGdlUGF0aCIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cGF0aCBjbGFzcz0icGF0aCIgZD0iTTYxNi40MjU3ODEyNSwyMjcuNDg4OTY2NTkwNDUzNzRMODQ2LjMwNDY4NzUsMjUzLjg0Mzc1TDg0Ni4zMDQ2ODc1LDI3OC44NDM3NSIgbWFya2VyLWVuZD0idXJsKCNhcnJvd2hlYWQ0MzMxKSIgc3R5bGU9InN0cm9rZTogIzMzMzsgc3Ryb2tlLXdpZHRoOiAxLjVweDtmaWxsOm5vbmUiPjwvcGF0aD48ZGVmcz48bWFya2VyIGlkPSJhcnJvd2hlYWQ0MzMxIiB2aWV3Qm94PSIwIDAgMTAgMTAiIHJlZlg9IjkiIHJlZlk9IjUiIG1hcmtlclVuaXRzPSJzdHJva2VXaWR0aCIgbWFya2VyV2lkdGg9IjgiIG1hcmtlckhlaWdodD0iNiIgb3JpZW50PSJhdXRvIj48cGF0aCBkPSJNIDAgMCBMIDEwIDUgTCAwIDEwIHoiIGNsYXNzPSJhcnJvd2hlYWRQYXRoIiBzdHlsZT0ic3Ryb2tlLXdpZHRoOiAxcHg7IHN0cm9rZS1kYXNoYXJyYXk6IDFweCwgMHB4OyI+PC9wYXRoPjwvbWFya2VyPjwvZGVmcz48L2c+PGcgY2xhc3M9ImVkZ2VQYXRoIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxwYXRoIGNsYXNzPSJwYXRoIiBkPSJNMTE3Ljg1OTM3NSwzMTUuMTI1TDExNy44NTkzNzUsMzQwLjEyNUw0MDYuNDEwMTU2MjUsMzc1LjQ3NDA3OTA3OTgyMTY1IiBtYXJrZXItZW5kPSJ1cmwoI2Fycm93aGVhZDQzMzIpIiBzdHlsZT0ic3Ryb2tlOiAjMzMzOyBzdHJva2Utd2lkdGg6IDEuNXB4O2ZpbGw6bm9uZSI+PC9wYXRoPjxkZWZzPjxtYXJrZXIgaWQ9ImFycm93aGVhZDQzMzIiIHZpZXdCb3g9IjAgMCAxMCAxMCIgcmVmWD0iOSIgcmVmWT0iNSIgbWFya2VyVW5pdHM9InN0cm9rZVdpZHRoIiBtYXJrZXJXaWR0aD0iOCIgbWFya2VySGVpZ2h0PSI2IiBvcmllbnQ9ImF1dG8iPjxwYXRoIGQ9Ik0gMCAwIEwgMTAgNSBMIDAgMTAgeiIgY2xhc3M9ImFycm93aGVhZFBhdGgiIHN0eWxlPSJzdHJva2Utd2lkdGg6IDFweDsgc3Ryb2tlLWRhc2hhcnJheTogMXB4LCAwcHg7Ij48L3BhdGg+PC9tYXJrZXI+PC9kZWZzPjwvZz48ZyBjbGFzcz0iZWRnZVBhdGgiIHN0eWxlPSJvcGFjaXR5OiAxOyI+PHBhdGggY2xhc3M9InBhdGgiIGQ9Ik0zNTQuMjE4NzUsMzE1LjEyNUwzNTQuMjE4NzUsMzQwLjEyNUw0MjEuMzIwNzk2MzYwMDE0NDcsMzY1LjEyNSIgbWFya2VyLWVuZD0idXJsKCNhcnJvd2hlYWQ0MzMzKSIgc3R5bGU9InN0cm9rZTogIzMzMzsgc3Ryb2tlLXdpZHRoOiAxLjVweDtmaWxsOm5vbmUiPjwvcGF0aD48ZGVmcz48bWFya2VyIGlkPSJhcnJvd2hlYWQ0MzMzIiB2aWV3Qm94PSIwIDAgMTAgMTAiIHJlZlg9IjkiIHJlZlk9IjUiIG1hcmtlclVuaXRzPSJzdHJva2VXaWR0aCIgbWFya2VyV2lkdGg9IjgiIG1hcmtlckhlaWdodD0iNiIgb3JpZW50PSJhdXRvIj48cGF0aCBkPSJNIDAgMCBMIDEwIDUgTCAwIDEwIHoiIGNsYXNzPSJhcnJvd2hlYWRQYXRoIiBzdHlsZT0ic3Ryb2tlLXdpZHRoOiAxcHg7IHN0cm9rZS1kYXNoYXJyYXk6IDFweCwgMHB4OyI+PC9wYXRoPjwvbWFya2VyPjwvZGVmcz48L2c+PGcgY2xhc3M9ImVkZ2VQYXRoIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxwYXRoIGNsYXNzPSJwYXRoIiBkPSJNNTg1LjgwNDY4NzUsMzE1LjEyNUw1ODUuODA0Njg3NSwzNDAuMTI1TDUxOC43MDI2NDExMzk5ODU1LDM2NS4xMjUiIG1hcmtlci1lbmQ9InVybCgjYXJyb3doZWFkNDMzNCkiIHN0eWxlPSJzdHJva2U6ICMzMzM7IHN0cm9rZS13aWR0aDogMS41cHg7ZmlsbDpub25lIj48L3BhdGg+PGRlZnM+PG1hcmtlciBpZD0iYXJyb3doZWFkNDMzNCIgdmlld0JveD0iMCAwIDEwIDEwIiByZWZYPSI5IiByZWZZPSI1IiBtYXJrZXJVbml0cz0ic3Ryb2tlV2lkdGgiIG1hcmtlcldpZHRoPSI4IiBtYXJrZXJIZWlnaHQ9IjYiIG9yaWVudD0iYXV0byI+PHBhdGggZD0iTSAwIDAgTCAxMCA1IEwgMCAxMCB6IiBjbGFzcz0iYXJyb3doZWFkUGF0aCIgc3R5bGU9InN0cm9rZS13aWR0aDogMXB4OyBzdHJva2UtZGFzaGFycmF5OiAxcHgsIDBweDsiPjwvcGF0aD48L21hcmtlcj48L2RlZnM+PC9nPjxnIGNsYXNzPSJlZGdlUGF0aCIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cGF0aCBjbGFzcz0icGF0aCIgZD0iTTg0Ni4zMDQ2ODc1LDMxNS4xMjVMODQ2LjMwNDY4NzUsMzQwLjEyNUw1MzMuNjEzMjgxMjUsMzc1Ljk3MzkzNjM4MjEwOTYiIG1hcmtlci1lbmQ9InVybCgjYXJyb3doZWFkNDMzNSkiIHN0eWxlPSJzdHJva2U6ICMzMzM7IHN0cm9rZS13aWR0aDogMS41cHg7ZmlsbDpub25lIj48L3BhdGg+PGRlZnM+PG1hcmtlciBpZD0iYXJyb3doZWFkNDMzNSIgdmlld0JveD0iMCAwIDEwIDEwIiByZWZYPSI5IiByZWZZPSI1IiBtYXJrZXJVbml0cz0ic3Ryb2tlV2lkdGgiIG1hcmtlcldpZHRoPSI4IiBtYXJrZXJIZWlnaHQ9IjYiIG9yaWVudD0iYXV0byI+PHBhdGggZD0iTSAwIDAgTCAxMCA1IEwgMCAxMCB6IiBjbGFzcz0iYXJyb3doZWFkUGF0aCIgc3R5bGU9InN0cm9rZS13aWR0aDogMXB4OyBzdHJva2UtZGFzaGFycmF5OiAxcHgsIDBweDsiPjwvcGF0aD48L21hcmtlcj48L2RlZnM+PC9nPjxnIGNsYXNzPSJlZGdlUGF0aCIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cGF0aCBjbGFzcz0icGF0aCIgZD0iTTQ0Ni4yMDY5ODQ4MzIwMzg0LDQwMS40MDYyNUw0MDIuNzE4NzUsNDM0LjU0Njg3NUw0MDIuNzE4NzUsNDY3LjY4NzUiIG1hcmtlci1lbmQ9InVybCgjYXJyb3doZWFkNDMzNikiIHN0eWxlPSJzdHJva2U6ICMzMzM7IHN0cm9rZS13aWR0aDogMS41cHg7ZmlsbDpub25lIj48L3BhdGg+PGRlZnM+PG1hcmtlciBpZD0iYXJyb3doZWFkNDMzNiIgdmlld0JveD0iMCAwIDEwIDEwIiByZWZYPSI5IiByZWZZPSI1IiBtYXJrZXJVbml0cz0ic3Ryb2tlV2lkdGgiIG1hcmtlcldpZHRoPSI4IiBtYXJrZXJIZWlnaHQ9IjYiIG9yaWVudD0iYXV0byI+PHBhdGggZD0iTSAwIDAgTCAxMCA1IEwgMCAxMCB6IiBjbGFzcz0iYXJyb3doZWFkUGF0aCIgc3R5bGU9InN0cm9rZS13aWR0aDogMXB4OyBzdHJva2UtZGFzaGFycmF5OiAxcHgsIDBweDsiPjwvcGF0aD48L21hcmtlcj48L2RlZnM+PC9nPjxnIGNsYXNzPSJlZGdlUGF0aCIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cGF0aCBjbGFzcz0icGF0aCIgZD0iTTQwMi43MTg3NSw1MDMuOTY4NzVMNDAyLjcxODc1LDUzNy4xMDkzNzVMNDM3LjQ2NjkxOTE3MzI1MDEsNjAzLjc5NDgwMTEwMjYyODQiIG1hcmtlci1lbmQ9InVybCgjYXJyb3doZWFkNDMzNykiIHN0eWxlPSJzdHJva2U6ICMzMzM7IHN0cm9rZS13aWR0aDogMS41cHg7ZmlsbDpub25lIj48L3BhdGg+PGRlZnM+PG1hcmtlciBpZD0iYXJyb3doZWFkNDMzNyIgdmlld0JveD0iMCAwIDEwIDEwIiByZWZYPSI5IiByZWZZPSI1IiBtYXJrZXJVbml0cz0ic3Ryb2tlV2lkdGgiIG1hcmtlcldpZHRoPSI4IiBtYXJrZXJIZWlnaHQ9IjYiIG9yaWVudD0iYXV0byI+PHBhdGggZD0iTSAwIDAgTCAxMCA1IEwgMCAxMCB6IiBjbGFzcz0iYXJyb3doZWFkUGF0aCIgc3R5bGU9InN0cm9rZS13aWR0aDogMXB4OyBzdHJva2UtZGFzaGFycmF5OiAxcHgsIDBweDsiPjwvcGF0aD48L21hcmtlcj48L2RlZnM+PC9nPjxnIGNsYXNzPSJlZGdlUGF0aCIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cGF0aCBjbGFzcz0icGF0aCIgZD0iTTQ3MC41MTE3MTg3NSw3NjQuNTU5MzczNDc0MTIwOUw0NzAuMDExNzE4NzUsNzk3LjE5OTk5Njk0ODI0MjJMNDcwLjAxMTcxODc1LDgzMC4zNDA2MjE5NDgyNDIyIiBtYXJrZXItZW5kPSJ1cmwoI2Fycm93aGVhZDQzMzgpIiBzdHlsZT0ic3Ryb2tlOiAjMzMzOyBzdHJva2Utd2lkdGg6IDEuNXB4O2ZpbGw6bm9uZSI+PC9wYXRoPjxkZWZzPjxtYXJrZXIgaWQ9ImFycm93aGVhZDQzMzgiIHZpZXdCb3g9IjAgMCAxMCAxMCIgcmVmWD0iOSIgcmVmWT0iNSIgbWFya2VyVW5pdHM9InN0cm9rZVdpZHRoIiBtYXJrZXJXaWR0aD0iOCIgbWFya2VySGVpZ2h0PSI2IiBvcmllbnQ9ImF1dG8iPjxwYXRoIGQ9Ik0gMCAwIEwgMTAgNSBMIDAgMTAgeiIgY2xhc3M9ImFycm93aGVhZFBhdGgiIHN0eWxlPSJzdHJva2Utd2lkdGg6IDFweDsgc3Ryb2tlLWRhc2hhcnJheTogMXB4LCAwcHg7Ij48L3BhdGg+PC9tYXJrZXI+PC9kZWZzPjwvZz48ZyBjbGFzcz0iZWRnZVBhdGgiIHN0eWxlPSJvcGFjaXR5OiAxOyI+PHBhdGggY2xhc3M9InBhdGgiIGQ9Ik00NzAuMDExNzE4NzUsODY2LjYyMTg3MTk0ODI0MjJMNDcwLjAxMTcxODc1LDg5MS42MjE4NzE5NDgyNDIyTDQ3MC4wMTE3MTg3NSw5MTYuNjIxODcxOTQ4MjQyMiIgbWFya2VyLWVuZD0idXJsKCNhcnJvd2hlYWQ0MzM5KSIgc3R5bGU9InN0cm9rZTogIzMzMzsgc3Ryb2tlLXdpZHRoOiAxLjVweDtmaWxsOm5vbmUiPjwvcGF0aD48ZGVmcz48bWFya2VyIGlkPSJhcnJvd2hlYWQ0MzM5IiB2aWV3Qm94PSIwIDAgMTAgMTAiIHJlZlg9IjkiIHJlZlk9IjUiIG1hcmtlclVuaXRzPSJzdHJva2VXaWR0aCIgbWFya2VyV2lkdGg9IjgiIG1hcmtlckhlaWdodD0iNiIgb3JpZW50PSJhdXRvIj48cGF0aCBkPSJNIDAgMCBMIDEwIDUgTCAwIDEwIHoiIGNsYXNzPSJhcnJvd2hlYWRQYXRoIiBzdHlsZT0ic3Ryb2tlLXdpZHRoOiAxcHg7IHN0cm9rZS1kYXNoYXJyYXk6IDFweCwgMHB4OyI+PC9wYXRoPjwvbWFya2VyPjwvZGVmcz48L2c+PGcgY2xhc3M9ImVkZ2VQYXRoIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxwYXRoIGNsYXNzPSJwYXRoIiBkPSJNNTAzLjU1NjUxOTM2NzQwODUsNjAzLjc5NDc5OTA5MTUzMDFMNTM3LjMwNDY4NzUsNTM3LjEwOTM3NUw1MzcuMzA0Njg3NSw0ODUuODI4MTI1TDUzNy4zMDQ2ODc1LDQzNC41NDY4NzVMNDkzLjgxNjQ1MjY2Nzk2MTYsNDAxLjQwNjI1IiBtYXJrZXItZW5kPSJ1cmwoI2Fycm93aGVhZDQzNDApIiBzdHlsZT0ic3Ryb2tlOiAjMzMzOyBzdHJva2Utd2lkdGg6IDEuNXB4O2ZpbGw6bm9uZSI+PC9wYXRoPjxkZWZzPjxtYXJrZXIgaWQ9ImFycm93aGVhZDQzNDAiIHZpZXdCb3g9IjAgMCAxMCAxMCIgcmVmWD0iOSIgcmVmWT0iNSIgbWFya2VyVW5pdHM9InN0cm9rZVdpZHRoIiBtYXJrZXJXaWR0aD0iOCIgbWFya2VySGVpZ2h0PSI2IiBvcmllbnQ9ImF1dG8iPjxwYXRoIGQ9Ik0gMCAwIEwgMTAgNSBMIDAgMTAgeiIgY2xhc3M9ImFycm93aGVhZFBhdGgiIHN0eWxlPSJzdHJva2Utd2lkdGg6IDFweDsgc3Ryb2tlLWRhc2hhcnJheTogMXB4LCAwcHg7Ij48L3BhdGg+PC9tYXJrZXI+PC9kZWZzPjwvZz48L2c+PGcgY2xhc3M9ImVkZ2VMYWJlbHMiPjxnIGNsYXNzPSJlZGdlTGFiZWwiIHRyYW5zZm9ybT0iIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKDAsMCkiIGNsYXNzPSJsYWJlbCI+PHJlY3Qgcng9IjAiIHJ5PSIwIiB3aWR0aD0iMCIgaGVpZ2h0PSIwIiBzdHlsZT0iZmlsbDojZThlOGU4OyI+PC9yZWN0Pjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj48L3RzcGFuPjwvdGV4dD48L2c+PC9nPjxnIGNsYXNzPSJlZGdlTGFiZWwiIHRyYW5zZm9ybT0iIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKDAsMCkiIGNsYXNzPSJsYWJlbCI+PHJlY3Qgcng9IjAiIHJ5PSIwIiB3aWR0aD0iMCIgaGVpZ2h0PSIwIiBzdHlsZT0iZmlsbDojZThlOGU4OyI+PC9yZWN0Pjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj48L3RzcGFuPjwvdGV4dD48L2c+PC9nPjxnIGNsYXNzPSJlZGdlTGFiZWwiIHRyYW5zZm9ybT0iIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKDAsMCkiIGNsYXNzPSJsYWJlbCI+PHJlY3Qgcng9IjAiIHJ5PSIwIiB3aWR0aD0iMCIgaGVpZ2h0PSIwIiBzdHlsZT0iZmlsbDojZThlOGU4OyI+PC9yZWN0Pjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj48L3RzcGFuPjwvdGV4dD48L2c+PC9nPjxnIGNsYXNzPSJlZGdlTGFiZWwiIHRyYW5zZm9ybT0iIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKDAsMCkiIGNsYXNzPSJsYWJlbCI+PHJlY3Qgcng9IjAiIHJ5PSIwIiB3aWR0aD0iMCIgaGVpZ2h0PSIwIiBzdHlsZT0iZmlsbDojZThlOGU4OyI+PC9yZWN0Pjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj48L3RzcGFuPjwvdGV4dD48L2c+PC9nPjxnIGNsYXNzPSJlZGdlTGFiZWwiIHRyYW5zZm9ybT0iIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKDAsMCkiIGNsYXNzPSJsYWJlbCI+PHJlY3Qgcng9IjAiIHJ5PSIwIiB3aWR0aD0iMCIgaGVpZ2h0PSIwIiBzdHlsZT0iZmlsbDojZThlOGU4OyI+PC9yZWN0Pjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj48L3RzcGFuPjwvdGV4dD48L2c+PC9nPjxnIGNsYXNzPSJlZGdlTGFiZWwiIHRyYW5zZm9ybT0iIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKDAsMCkiIGNsYXNzPSJsYWJlbCI+PHJlY3Qgcng9IjAiIHJ5PSIwIiB3aWR0aD0iMCIgaGVpZ2h0PSIwIiBzdHlsZT0iZmlsbDojZThlOGU4OyI+PC9yZWN0Pjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj48L3RzcGFuPjwvdGV4dD48L2c+PC9nPjxnIGNsYXNzPSJlZGdlTGFiZWwiIHRyYW5zZm9ybT0iIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKDAsMCkiIGNsYXNzPSJsYWJlbCI+PHJlY3Qgcng9IjAiIHJ5PSIwIiB3aWR0aD0iMCIgaGVpZ2h0PSIwIiBzdHlsZT0iZmlsbDojZThlOGU4OyI+PC9yZWN0Pjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj48L3RzcGFuPjwvdGV4dD48L2c+PC9nPjxnIGNsYXNzPSJlZGdlTGFiZWwiIHRyYW5zZm9ybT0iIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKDAsMCkiIGNsYXNzPSJsYWJlbCI+PHJlY3Qgcng9IjAiIHJ5PSIwIiB3aWR0aD0iMCIgaGVpZ2h0PSIwIiBzdHlsZT0iZmlsbDojZThlOGU4OyI+PC9yZWN0Pjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj48L3RzcGFuPjwvdGV4dD48L2c+PC9nPjxnIGNsYXNzPSJlZGdlTGFiZWwiIHRyYW5zZm9ybT0iIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKDAsMCkiIGNsYXNzPSJsYWJlbCI+PHJlY3Qgcng9IjAiIHJ5PSIwIiB3aWR0aD0iMCIgaGVpZ2h0PSIwIiBzdHlsZT0iZmlsbDojZThlOGU4OyI+PC9yZWN0Pjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj48L3RzcGFuPjwvdGV4dD48L2c+PC9nPjxnIGNsYXNzPSJlZGdlTGFiZWwiIHRyYW5zZm9ybT0iIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKDAsMCkiIGNsYXNzPSJsYWJlbCI+PHJlY3Qgcng9IjAiIHJ5PSIwIiB3aWR0aD0iMCIgaGVpZ2h0PSIwIiBzdHlsZT0iZmlsbDojZThlOGU4OyI+PC9yZWN0Pjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj48L3RzcGFuPjwvdGV4dD48L2c+PC9nPjxnIGNsYXNzPSJlZGdlTGFiZWwiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDQwMi43MTg3NSw0MzQuNTQ2ODc1KSIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtNTIuODEyNSwtOC4wMDc4MTI1KSIgY2xhc3M9ImxhYmVsIj48cmVjdCByeD0iMCIgcnk9IjAiIHdpZHRoPSI3Ni40Mzc1IiBoZWlnaHQ9IjE2LjM1OTM3NSIgc3R5bGU9ImZpbGw6I2U4ZThlODsiPjwvcmVjdD48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+dGhlIGl0aCBlbnRyeTwvdHNwYW4+PC90ZXh0PjwvZz48L2c+PGcgY2xhc3M9ImVkZ2VMYWJlbCIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoNDAyLjcxODc1LDUzNy4xMDkzNzUpIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKC0xMDUuNDY4NzUsLTguMDA3ODEyNSkiIGNsYXNzPSJsYWJlbCI+PHJlY3Qgcng9IjAiIHJ5PSIwIiB3aWR0aD0iMTY3LjAzMTI1IiBoZWlnaHQ9IjE2LjM1OTM3NSIgc3R5bGU9ImZpbGw6I2U4ZThlODsiPjwvcmVjdD48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+bmFtZSBpbmRleCBpbiBzeW1ib2wgZW50cnk8L3RzcGFuPjwvdGV4dD48L2c+PC9nPjxnIGNsYXNzPSJlZGdlTGFiZWwiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDQ3MC4wMTE3MTg3NSw3OTcuMTk5OTk2OTQ4MjQyMikiIHN0eWxlPSJvcGFjaXR5OiAxOyI+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTQuMjAzMTI1LC04LjAwNzgxMjUpIiBjbGFzcz0ibGFiZWwiPjxyZWN0IHJ4PSIwIiByeT0iMCIgd2lkdGg9IjguMDMxMjUiIGhlaWdodD0iMTYuMzU5Mzc1IiBzdHlsZT0iZmlsbDojZThlOGU4OyI+PC9yZWN0Pjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj5ZPC90c3Bhbj48L3RleHQ+PC9nPjwvZz48ZyBjbGFzcz0iZWRnZUxhYmVsIiB0cmFuc2Zvcm09IiIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIiBjbGFzcz0ibGFiZWwiPjxyZWN0IHJ4PSIwIiByeT0iMCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgc3R5bGU9ImZpbGw6I2U4ZThlODsiPjwvcmVjdD48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+PC90c3Bhbj48L3RleHQ+PC9nPjwvZz48ZyBjbGFzcz0iZWRnZUxhYmVsIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg1MzcuMzA0Njg3NSw0ODUuODI4MTI1KSIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtNC4yMDMxMjUsLTguMDA3ODEyNSkiIGNsYXNzPSJsYWJlbCI+PHJlY3Qgcng9IjAiIHJ5PSIwIiB3aWR0aD0iOC45ODQzNzUiIGhlaWdodD0iMTYuMzU5Mzc1IiBzdHlsZT0iZmlsbDojZThlOGU4OyI+PC9yZWN0Pjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj5OPC90c3Bhbj48L3RleHQ+PC9nPjwvZz48L2c+PGcgY2xhc3M9Im5vZGVzIj48ZyBjbGFzcz0ibm9kZSIgaWQ9IkEiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDQ3MC4wMTE3MTg3NSwzOC4xNDA2MjUpIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxyZWN0IHJ4PSIwIiByeT0iMCIgeD0iLTE0NS40NjA5Mzc1IiB5PSItMTguMTQwNjI1IiB3aWR0aD0iMjkwLjkyMTg3NSIgaGVpZ2h0PSIzNi4yODEyNSI+PC9yZWN0PjxnIGNsYXNzPSJsYWJlbCIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwwKSI+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTEzNS40NjA5Mzc1LC04LjE0MDYyNSkiPjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj5nZXQgbW9kdWxlIGJhc2UgZnJvbSAvcHJvYy8mbHQ7cGlkJmd0Oy9tYXBzIGZpbGU8L3RzcGFuPjwvdGV4dD48L2c+PC9nPjwvZz48ZyBjbGFzcz0ibm9kZSIgaWQ9IkIiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDQ3MC4wMTE3MTg3NSwxMjQuNDIxODc1KSIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cmVjdCByeD0iMCIgcnk9IjAiIHg9Ii0xMTAiIHk9Ii0xOC4xNDA2MjUiIHdpZHRoPSIyMjAiIGhlaWdodD0iMzYuMjgxMjUiPjwvcmVjdD48ZyBjbGFzcz0ibGFiZWwiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDAsMCkiPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKC0xMDAsLTguMTQwNjI1KSI+PHRleHQ+PHRzcGFuIHhtbDpzcGFjZT0icHJlc2VydmUiIGR5PSIxZW0iIHg9IjEiPlByb2dyYW0gdGFibGUgaXMgYXQgdGhlIGJlZ2lubmluZzwvdHNwYW4+PC90ZXh0PjwvZz48L2c+PC9nPjxnIGNsYXNzPSJub2RlIiBpZD0iQyIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoNDcwLjAxMTcxODc1LDIxMC43MDMxMjUpIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxyZWN0IHJ4PSIwIiByeT0iMCIgeD0iLTE0Ni40MTQwNjI1IiB5PSItMTguMTQwNjI1IiB3aWR0aD0iMjkyLjgyODEyNSIgaGVpZ2h0PSIzNi4yODEyNSI+PC9yZWN0PjxnIGNsYXNzPSJsYWJlbCIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwwKSI+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTEzNi40MTQwNjI1LC04LjE0MDYyNSkiPjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj5GaW5kIC5keW5hbWljIHNlY3Rpb24gaW4gUEhUIGJ5IFBUX0RZTkFNSUM8L3RzcGFuPjwvdGV4dD48L2c+PC9nPjwvZz48ZyBjbGFzcz0ibm9kZSIgaWQ9IkQiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDM1NC4yMTg3NSwyOTYuOTg0Mzc1KSIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cmVjdCByeD0iMCIgcnk9IjAiIHg9Ii04OC41IiB5PSItMTguMTQwNjI1IiB3aWR0aD0iMTc3IiBoZWlnaHQ9IjM2LjI4MTI1Ij48L3JlY3Q+PGcgY2xhc3M9ImxhYmVsIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtNzguNSwtOC4xNDA2MjUpIj48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+R2V0IC5zdHJ0YWIgYnkgRFRfU1RSVEFCPC90c3Bhbj48L3RleHQ+PC9nPjwvZz48L2c+PGcgY2xhc3M9Im5vZGUiIGlkPSJFIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg1ODUuODA0Njg3NSwyOTYuOTg0Mzc1KSIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cmVjdCByeD0iMCIgcnk9IjAiIHg9Ii05My4wODU5Mzc1IiB5PSItMTguMTQwNjI1IiB3aWR0aD0iMTg2LjE3MTg3NSIgaGVpZ2h0PSIzNi4yODEyNSI+PC9yZWN0PjxnIGNsYXNzPSJsYWJlbCIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwwKSI+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTgzLjA4NTkzNzUsLTguMTQwNjI1KSI+PHRleHQ+PHRzcGFuIHhtbDpzcGFjZT0icHJlc2VydmUiIGR5PSIxZW0iIHg9IjEiPkdldCAuc3ltdGFiIGJ5IERUX1NZTVRBQjwvdHNwYW4+PC90ZXh0PjwvZz48L2c+PC9nPjxnIGNsYXNzPSJub2RlIiBpZD0iRiIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMTE3Ljg1OTM3NSwyOTYuOTg0Mzc1KSIgc3R5bGU9Im9wYWNpdHk6IDE7Ij48cmVjdCByeD0iMCIgcnk9IjAiIHg9Ii05Ny44NTkzNzUiIHk9Ii0xOC4xNDA2MjUiIHdpZHRoPSIxOTUuNzE4NzUiIGhlaWdodD0iMzYuMjgxMjUiPjwvcmVjdD48ZyBjbGFzcz0ibGFiZWwiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDAsMCkiPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKC04Ny44NTkzNzUsLTguMTQwNjI1KSI+PHRleHQ+PHRzcGFuIHhtbDpzcGFjZT0icHJlc2VydmUiIGR5PSIxZW0iIHg9IjEiPkdldCAucmVsKGEpLnBsdCBieSBEVF9KTVBSRUw8L3RzcGFuPjwvdGV4dD48L2c+PC9nPjwvZz48ZyBjbGFzcz0ibm9kZSIgaWQ9IkciIHRyYW5zZm9ybT0idHJhbnNsYXRlKDg0Ni4zMDQ2ODc1LDI5Ni45ODQzNzUpIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxyZWN0IHJ4PSIwIiByeT0iMCIgeD0iLTExNy40MTQwNjI1IiB5PSItMTguMTQwNjI1IiB3aWR0aD0iMjM0LjgyODEyNSIgaGVpZ2h0PSIzNi4yODEyNSI+PC9yZWN0PjxnIGNsYXNzPSJsYWJlbCIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwwKSI+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTEwNy40MTQwNjI1LC04LjE0MDYyNSkiPjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj5HZXQgLnJlbChhKS5wbHQgc2l6ZSBieSBEVF9QTFRSRUxTWjwvdHNwYW4+PC90ZXh0PjwvZz48L2c+PC9nPjxnIGNsYXNzPSJub2RlIiBpZD0iSSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoNDcwLjAxMTcxODc1LDM4My4yNjU2MjUpIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxyZWN0IHJ4PSIwIiByeT0iMCIgeD0iLTYzLjYwMTU2MjUiIHk9Ii0xOC4xNDA2MjUiIHdpZHRoPSIxMjcuMjAzMTI1IiBoZWlnaHQ9IjM2LjI4MTI1Ij48L3JlY3Q+PGcgY2xhc3M9ImxhYmVsIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtNTMuNjAxNTYyNSwtOC4xNDA2MjUpIj48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+TG9vcCBpbiAucmVsKGEpLnBsdDwvdHNwYW4+PC90ZXh0PjwvZz48L2c+PC9nPjxnIGNsYXNzPSJub2RlIiBpZD0iSiIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoNDAyLjcxODc1LDQ4NS44MjgxMjUpIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxyZWN0IHJ4PSIwIiByeT0iMCIgeD0iLTk1LjExNzE4NzUiIHk9Ii0xOC4xNDA2MjUiIHdpZHRoPSIxOTAuMjM0Mzc1IiBoZWlnaHQ9IjM2LjI4MTI1Ij48L3JlY3Q+PGcgY2xhc3M9ImxhYmVsIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtODUuMTE3MTg3NSwtOC4xNDA2MjUpIj48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+R2V0IHN5bWJvbCBlbnRyeSBpbiAuc3ltdGFiPC90c3Bhbj48L3RleHQ+PC9nPjwvZz48L2c+PGcgY2xhc3M9Im5vZGUiIGlkPSJIIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg0NzAuMDExNzE4NzUsNjY3LjE1NDY4NTk3NDEyMTEpIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxwb2x5Z29uIHBvaW50cz0iOTYuOTA0Njg3NTAwMDAwMDEsMCAxOTMuODA5Mzc1MDAwMDAwMDIsLTk2LjkwNDY4NzUwMDAwMDAxIDk2LjkwNDY4NzUwMDAwMDAxLC0xOTMuODA5Mzc1MDAwMDAwMDIgMCwtOTYuOTA0Njg3NTAwMDAwMDEiIHJ4PSI1IiByeT0iNSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTk2LjkwNDY4NzUwMDAwMDAxLDk2LjkwNDY4NzUwMDAwMDAxKSI+PC9wb2x5Z29uPjxnIGNsYXNzPSJsYWJlbCIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwwKSI+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTc5LjUzMTI1LC04LjE0MDYyNSkiPjx0ZXh0Pjx0c3BhbiB4bWw6c3BhY2U9InByZXNlcnZlIiBkeT0iMWVtIiB4PSIxIj5OYW1lIGluIC5zdHJ0YWIgbWF0Y2hlZCA/PC90c3Bhbj48L3RleHQ+PC9nPjwvZz48L2c+PGcgY2xhc3M9Im5vZGUiIGlkPSJLIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg0NzAuMDExNzE4NzUsODQ4LjQ4MTI0Njk0ODI0MjIpIiBzdHlsZT0ib3BhY2l0eTogMTsiPjxyZWN0IHJ4PSIwIiByeT0iMCIgeD0iLTY1LjA3MDMxMjUiIHk9Ii0xOC4xNDA2MjUiIHdpZHRoPSIxMzAuMTQwNjI1IiBoZWlnaHQ9IjM2LjI4MTI1Ij48L3JlY3Q+PGcgY2xhc3M9ImxhYmVsIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtNTUuMDcwMzEyNSwtOC4xNDA2MjUpIj48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+VXBkYXRlIHRhYmxlIGl0ZW08L3RzcGFuPjwvdGV4dD48L2c+PC9nPjwvZz48ZyBjbGFzcz0ibm9kZSIgaWQ9IkwiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDQ3MC4wMTE3MTg3NSw5MzcuODAxNTU5NDQ4MjQyMikiIHN0eWxlPSJvcGFjaXR5OiAxOyI+PGNpcmNsZSB4PSItMjEuMTc5Njg3NSIgeT0iLTE4LjE0MDYyNSIgcj0iMjEuMTc5Njg3NSI+PC9jaXJjbGU+PGcgY2xhc3M9ImxhYmVsIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIj48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMTEuMTc5Njg3NSwtOC4xNDA2MjUpIj48dGV4dD48dHNwYW4geG1sOnNwYWNlPSJwcmVzZXJ2ZSIgZHk9IjFlbSIgeD0iMSI+RW5kPC90c3Bhbj48L3RleHQ+PC9nPjwvZz48L2c+PC9nPjwvZz48L2c+PC9zdmc+

我的基础代码来自于[1]，总的项目后面我会更新到zhougy0717/inject_got仓库中。

Get module base

这里要做的其实就是获取对应的image在虚拟内存中的位置。例如：
可执行文件

    // 打开文件/proc/pid/maps，获取指定pid进程加载的内存模块信息
    fp = fopen(filename, "r");
    if(fp != NULL){
        // 每次一行，读取文件 /proc/pid/maps中内容
        while(fgets(line, sizeof(line), fp)){
            // 查找指定的so模块
            if(strstr(line, module_name)){
                // 分割字符串
                pch = strtok(line, "-");
                // 字符串转长整形
                addr = strtoul(pch, NULL, 16);
                break;
            }
        }
    }
    fclose(fp);
    return (void*)addr;

.rel.plt还是.rela.plt

rel和rela是两种relocation type。是rel还是rela会影响到后续选择的数据结构类型。到底该用rel还是rela，是取决于processor type的。而x86_64都是rela类型的，i386和arm32都是rel类型的。除了通过Google来得到rel type，还有更靠谱的方法是，检查.dynamic section的DT_PLTREL字段。

    for(i=0;i < dynamicSize / sizeof(Elf64_Dyn);i ++)
    {
        uint64_t val = dynamic_table[i].d_un.d_val;
        if (dynamic_table[i].d_tag == DT_PLTREL)
        {
            // DT_RELA = 7
            // DT_REL = 17
            relType = dynamic_table[i].d_un.d_val;
        }
    }

从.rel(a).plt index到.strtab index

这一段代码要做的就是找到.rel(a).plt表项所代表的函数的名字。这个函数的名字是存储在.strtab节的。代码大致如下：

    // 获取.rel(a).plt, .symtab, .strtab地址
    for(i=0;i < dynamicSize / sizeof(Elf64_Dyn);i ++)
    {
        uint64_t val = dynamic_table[i].d_un.d_val;
        if (dynamic_table[i].d_tag == DT_JMPREL)
        {
            jmpRelOff = dynamic_table[i].d_un.d_ptr;
        }
        if (dynamic_table[i].d_tag == DT_STRTAB)
        {
            strTabOff = dynamic_table[i].d_un.d_ptr;
        }
        if (dynamic_table[i].d_tag == DT_PLTRELSZ)
        {
            pltRelSz = dynamic_table[i].d_un.d_val;
        }
        if (dynamic_table[i].d_tag == DT_SYMTAB)
        {
            symTabOff = dynamic_table[i].d_un.d_ptr;
        }
    }
    
    Elf64_Rela* rel_table = (Elf64_Rela*)jmpRelOff;
    // 遍历查找要hook的导入函数
    // i ==> .rela.plt item index
    for(i = 0;i < pltRelSz / sizeof(Elf64_Rela);i++)
    {
        int number = ELF64_R_SYM(rel_table[i].r_info); // .symtab index
        Elf64_Sym* symEnt = (Elf64_Sym*)(number*sizeof(Elf64_Sym) + symTabOff);
        char* funcName = (char*)(symEnt->st_name + strTabOff);
        if(strcmp(funcName, "puts") == 0)
        {
            // 获取当前内存分页的大小
            uint64_t page_size = getpagesize();
            // 获取内存分页的起始地址（需要内存对齐）
            uint64_t mem_page_start = (uint64_t)(((Elf64_Addr)rel_table[i].r_offset + (uint64_t)base_addr)) & (~(page_size - 1));
            mprotect((void *)mem_page_start, page_size, PROT_READ | PROT_WRITE | PROT_EXEC);
            *(uint64_t *)(rel_table[i].r_offset + base_addr) = (uint64_t)my_puts; // overwrite GOT item
            break;
        }
    }

下图就是上面这段代码的示意图。

• 在解析.dynamic节，获取.rel(a).plt, .symtab, .strtab信息时，要注意的是Elf64_Dyn的定义，它是一个union结构，是区分值类型和指针类型的，其定义如下：

typedef struct {
        Elf64_Xword d_tag;
        union {
                Elf64_Xword     d_val;
                Elf64_Addr      d_ptr;
        } d_un;
} Elf64_Dyn;

在获取内存地址的时候要用d_ptr,而在获取例如DT_PLTRELSZ时，就显然是一个值类型。

• 前面说的relocation type在这里就会发挥作用。.rel(a).plt表项在不同的relocation type的情况下，其数据结构是不同的。他们的结构和尺寸都是不同的。
  • rel是Elf64_Rel
  • rela是Elf64_Rela
• DT_SYMTAB是.symtab节，每一个symbol是一个Elf64_Sym数据结构
• .strtab是所有符号的名字字符串表格。而Elf64_Sym.st_name是表格的偏移地址。注意，不是表格索引。所以获取名字的方法是symEnt->st_name + strTabOff。
• 最后，修改对应的页表属性，然后修改对应的内存地址就可以水到渠成了

参考文献

[1] Android so注入(inject)和Hook技术学习（二）——Got表hook之导入表hook

[2] Executable and Linkable Format

[3] Oracle Documentation

[4] Executable and Linking Format Specification, Version 1.2