Home Explore Help
Sign In
miti
/
graphene
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: fd73358f59
Branches Tags
graphene
/
Pal
/
src
/
host
/
Linux-SGX
/
db_process.c

db_process.c 14 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463 
  1. /* -*- mode:c; c-file-style:"k&r"; c-basic-offset: 4; tab-width:4; indent-tabs-mode:nil; mode:auto-fill; fill-column:78; -*- */
    2. 

  2. /* vim: set ts=4 sw=4 et tw=78 fo=cqt wm=0: */
    3. 

  3. 

  4. /* Copyright (C) 2014 OSCAR lab, Stony Brook University
    5. 

  5.    This file is part of Graphene Library OS.
    6. 

  6. 

  7.    Graphene Library OS is free software: you can redistribute it and/or
    8. 

  8.    modify it under the terms of the GNU General Public License
    9. 

  9.    as published by the Free Software Foundation, either version 3 of the
    10. 

  10.    License, or (at your option) any later version.
    11. 

  11. 

  12.    Graphene Library OS is distributed in the hope that it will be useful,
    13. 

  13.    but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14.    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15.    GNU General Public License for more details.
    16. 

  16. 

  17.    You should have received a copy of the GNU General Public License
    18. 

  18.    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
    19. 

  19. 

  20. /*
    21. 

  21.  * db_process.c
    22. 

  22.  *
    23. 

  23.  * This source file contains functions to create a child process and terminate
    24. 

  24.  * the running process. Child does not inherit any objects or memory from its
    25. 

  25.  * parent pricess. A Parent process may not modify the execution of its
    26. 

  26.  * children. It can wait for a child to exit using its handle. Also, parent and
    27. 

  27.  * child may communicate through I/O streams provided by the parent to the child
    28. 

  28.  * at creation.
    29. 

  29.  */
    30. 

  30. 

  31. #include "pal_defs.h"
    32. 

  32. #include "pal_linux_defs.h"
    33. 

  33. #include "pal.h"
    34. 

  34. #include "pal_internal.h"
    35. 

  35. #include "pal_linux.h"
    36. 

  36. #include "pal_debug.h"
    37. 

  37. #include "pal_error.h"
    38. 

  38. #include "pal_security.h"
    39. 

  39. #include "pal_crypto.h"
    40. 

  40. #include "api.h"
    41. 

  41. 

  42. #include <linux/sched.h>
    43. 

  43. #include <linux/types.h>
    44. 

  44. #include <linux/fs.h>
    45. 

  45. typedef __kernel_pid_t pid_t;
    46. 

  46. #include <asm/fcntl.h>
    47. 

  47. 

  48. struct trusted_child {
    49. 

  49.     struct list_head list;
    50. 

  50.     sgx_arch_hash_t mrenclave;
    51. 

  51.     char uri[];
    52. 

  52. };
    53. 

  53. 

  54. static LIST_HEAD(trusted_children);
    55. 

  55. static struct spinlock trusted_children_lock = LOCK_INIT;
    56. 

  56. 

  57. int register_trusted_child(const char * uri, const char * mrenclave_str)
    58. 

  58. {
    59. 

  59.     struct trusted_child * tc = NULL, * new;
    60. 

  60.     int uri_len = strlen(uri);
    61. 

  61. 

  62.     _DkSpinLock(&trusted_children_lock);
    63. 

  63. 

  64.     list_for_each_entry(tc, &trusted_children, list) {
    65. 

  65.         if (!memcmp(tc->uri, uri, uri_len + 1)) {
    66. 

  66.             _DkSpinUnlock(&trusted_children_lock);
    67. 

  67.             return 0;
    68. 

  68.         }
    69. 

  69.     }
    70. 

  70.     _DkSpinUnlock(&trusted_children_lock);
    71. 

  71. 

  72.     new = malloc(sizeof(struct trusted_child) + uri_len);
    73. 

  73.     if (!new)
    74. 

  74.         return -PAL_ERROR_NOMEM;
    75. 

  75. 

  76.     INIT_LIST_HEAD(&new->list);
    77. 

  77.     memcpy(new->uri, uri, uri_len + 1);
    78. 

  78. 

  79.     char mrenclave_text[sizeof(sgx_arch_hash_t) * 2 + 1] = "\0";
    80. 

  80.     int nbytes = 0;
    81. 

  81.     for (; nbytes < sizeof(sgx_arch_hash_t) ; nbytes++) {
    82. 

  82.         char byte1 = mrenclave_str[nbytes * 2];
    83. 

  83.         char byte2 = mrenclave_str[nbytes * 2 + 1];
    84. 

  84.         unsigned char val = 0;
    85. 

  85. 

  86.         if (byte1 == 0 || byte2 == 0) {
    87. 

  87.             break;
    88. 

  88.         }
    89. 

  89.         if (!(byte1 >= '0' && byte1 <= '9') &&
    90. 

  90.             !(byte1 >= 'a' && byte1 <= 'f')) {
    91. 

  91.             break;
    92. 

  92.         }
    93. 

  93.         if (!(byte2 >= '0' && byte2 <= '9') &&
    94. 

  94.             !(byte2 >= 'a' && byte2 <= 'f')) {
    95. 

  95.             break;
    96. 

  96.         }
    97. 

  97. 

  98.         if (byte1 >= '0' && byte1 <= '9')
    99. 

  99.             val = byte1 - '0';
    100. 

  100.         if (byte1 >= 'a' && byte1 <= 'f')
    101. 

  101.             val = byte1 - 'a' + 10;
    102. 

  102.         val *= 16;
    103. 

  103.         if (byte2 >= '0' && byte2 <= '9')
    104. 

  104.             val += byte2 - '0';
    105. 

  105.         if (byte2 >= 'a' && byte2 <= 'f')
    106. 

  106.             val += byte2 - 'a' + 10;
    107. 

  107. 

  108.         new->mrenclave[nbytes] = val;
    109. 

  109.         snprintf(mrenclave_text + nbytes * 2, 3, "%02x", val);
    110. 

  110.     }
    111. 

  111. 

  112.     if (nbytes < sizeof(sgx_arch_hash_t)) {
    113. 

  113.         free(new);
    114. 

  114.         return -PAL_ERROR_INVAL;
    115. 

  115.     }
    116. 

  116. 

  117.     SGX_DBG(DBG_S, "trusted: %s %s\n", mrenclave_text, new->uri);
    118. 

  118. 

  119.     _DkSpinLock(&trusted_children_lock);
    120. 

  120. 

  121.     list_for_each_entry(tc, &trusted_children, list) {
    122. 

  122.         if (!memcmp(tc->uri, uri, uri_len + 1)) {
    123. 

  123.             _DkSpinUnlock(&trusted_children_lock);
    124. 

  124.             free(new);
    125. 

  125.             return 0;
    126. 

  126.         }
    127. 

  127.     }
    128. 

  128. 

  129.     list_add_tail(&new->list, &trusted_children);
    130. 

  130.     _DkSpinUnlock(&trusted_children_lock);
    131. 

  131.     return 0;
    132. 

  132. }
    133. 

  133. 

  134. struct proc_attestation_data {
    135. 

  135.     sgx_arch_mac_t  keyhash_mac;
    136. 

  136.     uint8_t         reserved[PAL_ATTESTATION_DATA_SIZE - sizeof(sgx_arch_mac_t)];
    137. 

  137. } __attribute__((packed));
    138. 

  138. 

  139. struct check_child_param {
    140. 

  140.     PAL_MAC_KEY     mac_key;
    141. 

  141.     const char *    uri;
    142. 

  142. };
    143. 

  143. 

  144. static int check_child_mrenclave (sgx_arch_hash_t * mrenclave,
    145. 

  145.                                   void * signed_data, void * check_param)
    146. 

  146. {
    147. 

  147.     struct pal_enclave_state * remote_state = signed_data;
    148. 

  148.     struct proc_attestation_data * data = (void *) &remote_state->data;
    149. 

  149. 

  150.     /* the process must be a clean process */
    151. 

  151.     if (remote_state->enclave_flags & PAL_ENCLAVE_INITIALIZED)
    152. 

  152.         return 1;
    153. 

  153. 

  154.     struct check_child_param * param = check_param;
    155. 

  155. 

  156.     /* must make sure the signer of the report is also the owner of the key,
    157. 

  157.        in order to prevent man-in-the-middle attack */
    158. 

  158.     struct proc_attestation_data check_data;
    159. 

  159.     memset(&check_data, 0, sizeof(struct proc_attestation_data));
    160. 

  160. 

  161.     AES_CMAC((void *) &param->mac_key,
    162. 

  162.              remote_state->enclave_keyhash,
    163. 

  163.              sizeof(remote_state->enclave_keyhash),
    164. 

  164.              check_data.keyhash_mac);
    165. 

  165. 

  166.     if (memcmp(data, &check_data, sizeof(struct proc_attestation_data)))
    167. 

  167.         return 1;
    168. 

  168. 

  169.     /* always accept our own as child */
    170. 

  170.     if (!memcmp(mrenclave, pal_sec.mrenclave, sizeof(sgx_arch_hash_t))) {
    171. 

  171.         SGX_DBG(DBG_S, "trusted child: <forked>\n");
    172. 

  172.         return 0;
    173. 

  173.     }
    174. 

  174. 

  175.     struct trusted_child * tc;
    176. 

  176.     _DkSpinLock(&trusted_children_lock);
    177. 

  177. 

  178.     list_for_each_entry(tc, &trusted_children, list) {
    179. 

  179.         if (!memcmp(mrenclave, tc->mrenclave, sizeof(sgx_arch_hash_t))) {
    180. 

  180.             _DkSpinUnlock(&trusted_children_lock);
    181. 

  181.             SGX_DBG(DBG_S, "trusted child: %s\n", tc->uri);
    182. 

  182.             return 0;
    183. 

  183.         }
    184. 

  184.     }
    185. 

  185. 

  186.     _DkSpinUnlock(&trusted_children_lock);
    187. 

  187.     return 1;
    188. 

  188. }
    189. 

  189. 

  190. int _DkProcessCreate (PAL_HANDLE * handle, const char * uri,
    191. 

  191.                       int flags, const char ** args)
    192. 

  192. {
    193. 

  193.     /* only access creating process with regular file */
    194. 

  194.     if (!strpartcmp_static(uri, "file:"))
    195. 

  195.         return -PAL_ERROR_INVAL;
    196. 

  196. 

  197.     unsigned int child_pid;
    198. 

  198.     int proc_fds[3];
    199. 

  199.     int nargs = 0, ret;
    200. 

  200. 

  201.     if (args)
    202. 

  202.         for (const char ** a = args ; *a ; a++)
    203. 

  203.             nargs++;
    204. 

  204. 

  205.     ret = ocall_create_process(uri, nargs, args,
    206. 

  206.                                proc_fds,
    207. 

  207.                                &child_pid);
    208. 

  208.     if (ret < 0)
    209. 

  209.         return ret;
    210. 

  210. 

  211.     PAL_HANDLE proc = malloc(HANDLE_SIZE(process));
    212. 

  212.     SET_HANDLE_TYPE(proc, process);
    213. 

  213.     HANDLE_HDR(proc)->flags |= RFD(0)|WFD(1)|RFD(2)|WFD(2)|WRITEABLE(1)|WRITEABLE(2);
    214. 

  214.     proc->process.stream_in  = proc_fds[0];
    215. 

  215.     proc->process.stream_out = proc_fds[1];
    216. 

  216.     proc->process.cargo      = proc_fds[2];
    217. 

  217.     proc->process.pid = child_pid;
    218. 

  218.     proc->process.nonblocking = PAL_FALSE;
    219. 

  219. 

  220.     PAL_SESSION_KEY session_key;
    221. 

  221.     ret = _DkStreamKeyExchange(proc, &session_key);
    222. 

  222.     if (ret < 0)
    223. 

  223.         return ret;
    224. 

  224. 

  225.     struct check_child_param param;
    226. 

  226.     session_key_to_mac_key(&session_key, &param.mac_key);
    227. 

  227.     param.uri = uri;
    228. 

  228. 

  229.     struct proc_attestation_data data;
    230. 

  230.     memset(&data, 0, sizeof(struct proc_attestation_data));
    231. 

  231. 

  232.     AES_CMAC((void *) &param.mac_key,
    233. 

  233.              pal_enclave_state.enclave_keyhash,
    234. 

  234.              sizeof(pal_enclave_state.enclave_keyhash),
    235. 

  235.              data.keyhash_mac);
    236. 

  236. 

  237.     SGX_DBG(DBG_P|DBG_S, "Attestation data: %s\n", hex2str(data.keyhash_mac));
    238. 

  238. 

  239.     ret = _DkStreamAttestationRequest(proc, &data,
    240. 

  240.                                       &check_child_mrenclave, &param);
    241. 

  241.     if (ret < 0)
    242. 

  242.         return ret;
    243. 

  243. 

  244.     *handle = proc;
    245. 

  245.     return 0;
    246. 

  246. }
    247. 

  247. 

  248. struct check_parent_param {
    249. 

  249.     PAL_MAC_KEY     mac_key;
    250. 

  250. };
    251. 

  251. 

  252. static int check_parent_mrenclave (sgx_arch_hash_t * mrenclave,
    253. 

  253.                                    void * signed_data, void * check_param)
    254. 

  254. {
    255. 

  255.     struct pal_enclave_state * remote_state = signed_data;
    256. 

  256.     struct proc_attestation_param * data = (void *) &remote_state->data;
    257. 

  257. 

  258.     struct check_parent_param * param = check_param;
    259. 

  259. 

  260.     /* must make sure the signer of the report is also the owner of the key,
    261. 

  261.        in order to prevent man-in-the-middle attack */
    262. 

  262.     struct proc_attestation_data check_data;
    263. 

  263.     memset(&check_data, 0, sizeof(struct proc_attestation_data));
    264. 

  264. 

  265.     AES_CMAC((void *) &param->mac_key,
    266. 

  266.              remote_state->enclave_keyhash,
    267. 

  267.              sizeof(remote_state->enclave_keyhash),
    268. 

  268.              check_data.keyhash_mac);
    269. 

  269. 

  270.     if (memcmp(data, &check_data, sizeof(struct proc_attestation_data)))
    271. 

  271.         return 1;
    272. 

  272. 

  273.     /* for now, we will accept any enclave as a parent, but eventually
    274. 

  274.        we should check parent, maybe using crypto challenge */
    275. 

  275.     return 0;
    276. 

  276. }
    277. 

  277. 

  278. int init_child_process (PAL_HANDLE * parent_handle)
    279. 

  279. {
    280. 

  280.     PAL_HANDLE parent = malloc(HANDLE_SIZE(process));
    281. 

  281.     SET_HANDLE_TYPE(parent, process);
    282. 

  282.     HANDLE_HDR(parent)->flags |= RFD(0)|WFD(1)|RFD(2)|WFD(2)|WRITEABLE(1)|WRITEABLE(2);
    283. 

  283. 

  284.     parent->process.stream_in  = pal_sec.proc_fds[0];
    285. 

  285.     parent->process.stream_out = pal_sec.proc_fds[1];
    286. 

  286.     parent->process.cargo      = pal_sec.proc_fds[2];
    287. 

  287.     parent->process.pid        = pal_sec.ppid;
    288. 

  288.     parent->process.nonblocking = PAL_FALSE;
    289. 

  289. 

  290.     PAL_SESSION_KEY session_key;
    291. 

  291.     int ret = _DkStreamKeyExchange(parent, &session_key);
    292. 

  292.     if (ret < 0)
    293. 

  293.         return ret;
    294. 

  294. 

  295.     struct check_parent_param param;
    296. 

  296.     session_key_to_mac_key(&session_key, &param.mac_key);
    297. 

  297. 

  298.     struct proc_attestation_data data;
    299. 

  299.     memset(&data, 0, sizeof(struct proc_attestation_data));
    300. 

  300. 

  301.     AES_CMAC((void *) &param.mac_key,
    302. 

  302.              pal_enclave_state.enclave_keyhash,
    303. 

  303.              sizeof(pal_enclave_state.enclave_keyhash),
    304. 

  304.              data.keyhash_mac);
    305. 

  305. 

  306.     SGX_DBG(DBG_P|DBG_S, "Attestation data: %s\n", hex2str(data.keyhash_mac));
    307. 

  307. 

  308.     ret = _DkStreamAttestationRespond(parent, &data,
    309. 

  309.                                       &check_parent_mrenclave,
    310. 

  310.                                       &param);
    311. 

  311.     if (ret < 0)
    312. 

  312.         return ret;
    313. 

  313. 

  314.     *parent_handle = parent;
    315. 

  315.     return 0;
    316. 

  316. }
    317. 

  317. 

  318. void print_alloced_pages (void);
    319. 

  319. 

  320. void _DkProcessExit (int exitcode)
    321. 

  321. {
    322. 

  322.     if (__pal_control.parent_process)
    323. 

  323.         _DkObjectClose(__pal_control.parent_process);
    324. 

  324. 

  325.     if (__pal_control.manifest_handle)
    326. 

  326.         _DkObjectClose(__pal_control.manifest_handle);
    327. 

  327. 

  328. #if PRINT_ENCLAVE_STAT
    329. 

  329.     print_alloced_pages();
    330. 

  330. #endif
    331. 

  331.     ocall_exit();
    332. 

  332. }
    333. 

  333. 

  334. int _DkProcessSandboxCreate (const char * manifest, int flags)
    335. 

  335. {
    336. 

  336.     return -PAL_ERROR_NOTIMPLEMENTED;
    337. 

  337. }
    338. 

  338. 

  339. static int proc_read (PAL_HANDLE handle, int offset, int count,
    340. 

  340.                           void * buffer)
    341. 

  341. {
    342. 

  342.     return ocall_read(handle->process.stream_in, buffer, count);
    343. 

  343. }
    344. 

  344. 

  345. static int proc_write (PAL_HANDLE handle, int offset, int count,
    346. 

  346.                        const void * buffer)
    347. 

  347. {
    348. 

  348.     int bytes = ocall_write(handle->process.stream_out, buffer, count);
    349. 

  349. 

  350.     if (bytes == -PAL_ERROR_TRYAGAIN)
    351. 

  351.         HANDLE_HDR(handle)->flags &= ~WRITEABLE(1);
    352. 

  352. 

  353.     if (bytes < 0)
    354. 

  354.         return bytes;
    355. 

  355. 

  356.     if (bytes == count)
    357. 

  357.         HANDLE_HDR(handle)->flags |= WRITEABLE(1);
    358. 

  358.     else
    359. 

  359.         HANDLE_HDR(handle)->flags &= ~WRITEABLE(1);
    360. 

  360. 

  361.     return bytes;
    362. 

  362. }
    363. 

  363. 

  364. static int proc_close (PAL_HANDLE handle)
    365. 

  365. {
    366. 

  366.     if (handle->process.stream_in != PAL_IDX_POISON) {
    367. 

  367.         ocall_close(handle->process.stream_in);
    368. 

  368.         handle->process.stream_in = PAL_IDX_POISON;
    369. 

  369.     }
    370. 

  370. 

  371.     if (handle->process.stream_out != PAL_IDX_POISON) {
    372. 

  372.         ocall_close(handle->process.stream_out);
    373. 

  373.         handle->process.stream_out = PAL_IDX_POISON;
    374. 

  374.     }
    375. 

  375. 

  376.     if (handle->process.cargo != PAL_IDX_POISON) {
    377. 

  377.         ocall_close(handle->process.cargo);
    378. 

  378.         handle->process.cargo = PAL_IDX_POISON;
    379. 

  379.     }
    380. 

  380. 

  381.     return 0;
    382. 

  382. }
    383. 

  383. 

  384. static int proc_delete (PAL_HANDLE handle, int access)
    385. 

  385. {
    386. 

  386.     int shutdown;
    387. 

  387.     switch (access) {
    388. 

  388.         case 0:
    389. 

  389.             shutdown = SHUT_RDWR;
    390. 

  390.             break;
    391. 

  391.         case PAL_DELETE_RD:
    392. 

  392.             shutdown = SHUT_RD;
    393. 

  393.             break;
    394. 

  394.         case PAL_DELETE_WR:
    395. 

  395.             shutdown = SHUT_WR;
    396. 

  396.             break;
    397. 

  397.         default:
    398. 

  398.             return -PAL_ERROR_INVAL;
    399. 

  399.     }
    400. 

  400. 

  401.     if (access != PAL_DELETE_WR &&
    402. 

  402.         handle->process.stream_in != PAL_IDX_POISON) {
    403. 

  403.         ocall_close(handle->process.stream_in);
    404. 

  404.         handle->process.stream_in = PAL_IDX_POISON;
    405. 

  405.     }
    406. 

  406. 

  407.     if (access != PAL_DELETE_RD &&
    408. 

  408.         handle->process.stream_out != PAL_IDX_POISON) {
    409. 

  409.         ocall_close(handle->process.stream_out);
    410. 

  410.         handle->process.stream_out = PAL_IDX_POISON;
    411. 

  411.     }
    412. 

  412. 

  413.     if (handle->process.cargo != PAL_IDX_POISON)
    414. 

  414.         ocall_sock_shutdown(handle->process.cargo, shutdown);
    415. 

  415. 

  416.     return 0;
    417. 

  417. }
    418. 

  418. 

  419. static int proc_attrquerybyhdl (PAL_HANDLE handle, PAL_STREAM_ATTR * attr)
    420. 

  420. {
    421. 

  421.     if (handle->process.stream_in == PAL_IDX_POISON)
    422. 

  422.         return -PAL_ERROR_BADHANDLE;
    423. 

  423. 

  424.     int ret = ocall_fionread(handle->process.stream_in);
    425. 

  425. 

  426.     if (ret < 0)
    427. 

  427.         return -ret;
    428. 

  428. 

  429.     memset(attr, 0, sizeof(PAL_STREAM_ATTR));
    430. 

  430.     attr->pending_size = ret;
    431. 

  431.     attr->disconnected = HANDLE_HDR(handle)->flags & (ERROR(0)|ERROR(1));
    432. 

  432.     attr->readable = (attr->pending_size > 0);
    433. 

  433.     attr->writeable = HANDLE_HDR(handle)->flags & WRITEABLE(1);
    434. 

  434.     attr->nonblocking = handle->process.nonblocking;
    435. 

  435.     return 0;
    436. 

  436. }
    437. 

  437. 

  438. static int proc_attrsetbyhdl (PAL_HANDLE handle, PAL_STREAM_ATTR * attr)
    439. 

  439. {
    440. 

  440.     if (handle->process.stream_in == PAL_IDX_POISON)
    441. 

  441.         return -PAL_ERROR_BADHANDLE;
    442. 

  442. 

  443.     if (attr->nonblocking != handle->process.nonblocking) {
    444. 

  444.         int ret = ocall_fsetnonblock(handle->process.stream_in,
    445. 

  445.                                      handle->process.nonblocking);
    446. 

  446. 

  447.         if (ret < 0)
    448. 

  448.             return ret;
    449. 

  449. 

  450.         handle->process.nonblocking = attr->nonblocking;
    451. 

  451.     }
    452. 

  452. 

  453.     return 0;
    454. 

  454. }
    455. 

  455. 

  456. struct handle_ops proc_ops = {
    457. 

  457.         .read           = &proc_read,
    458. 

  458.         .write          = &proc_write,
    459. 

  459.         .close          = &proc_close,
    460. 

  460.         .delete         = &proc_delete,
    461. 

  461.         .attrquerybyhdl = &proc_attrquerybyhdl,
    462. 

  462.         .attrsetbyhdl   = &proc_attrsetbyhdl,
    463. 

  463.     };
    464.