Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/dev/verified_exec.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $NetBSD: verified_exec.c,v 1.52.2.1 2007/01/19 22:12:47 bouyer Exp $ */ 2 3 /*- 4 * Copyright 2005 Elad Efrat <elad@NetBSD.org> 5 * Copyright 2005 Brett Lymn <blymn@netbsd.org> 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Brett Lymn and Elad Efrat 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Neither the name of The NetBSD Foundation nor the names of its 16 * contributors may be used to endorse or promote products derived 17 * from this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 #if defined(__NetBSD__) 34 __KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.52.2.1 2007/01/19 22:12:47 bouyer Exp $"); 35 #else 36 __RCSID("$Id: verified_exec.c,v 1.52.2.1 2007/01/19 22:12:47 bouyer Exp $\n$NetBSD: verified_exec.c,v 1.52.2.1 2007/01/19 22:12:47 bouyer Exp $"); 37 #endif 38 39 #include <sys/param.h> 40 #include <sys/errno.h> 41 #include <sys/conf.h> 42 #include <sys/vnode.h> 43 #include <sys/fcntl.h> 44 #include <sys/namei.h> 45 #include <sys/verified_exec.h> 46 #include <sys/kauth.h> 47 #include <sys/syslog.h> 48 49 #ifdef __FreeBSD__ 50 #include <sys/kernel.h> 51 #include <sys/device_port.h> 52 #include <sys/ioccom.h> 53 #else 54 #include <sys/ioctl.h> 55 #include <sys/device.h> 56 #define DEVPORT_DEVICE struct device 57 #endif 58 59 #include <prop/proplib.h> 60 61 struct veriexec_softc { 62 DEVPORT_DEVICE veriexec_dev; 63 }; 64 65 #if defined(__FreeBSD__) 66 # define CDEV_MAJOR 216 67 # define BDEV_MAJOR -1 68 #endif 69 70 const struct cdevsw veriexec_cdevsw = { 71 veriexecopen, 72 veriexecclose, 73 noread, 74 nowrite, 75 veriexecioctl, 76 #ifdef __NetBSD__ 77 nostop, 78 notty, 79 #endif 80 nopoll, 81 nommap, 82 #if defined(__NetBSD__) 83 nokqfilter, 84 D_OTHER, 85 #elif defined(__FreeBSD__) 86 nostrategy, 87 "veriexec", 88 CDEV_MAJOR, 89 nodump, 90 nopsize, 91 0, /* flags */ 92 BDEV_MAJOR 93 #endif 94 }; 95 96 static int veriexec_query(prop_dictionary_t, prop_dictionary_t, struct lwp *); 97 static int veriexec_delete(prop_dictionary_t, struct lwp *); 98 99 /* count of number of times device is open (we really only allow one open) */ 100 static unsigned int veriexec_dev_usage; 101 102 void 103 veriexecattach(DEVPORT_DEVICE *parent, DEVPORT_DEVICE *self, 104 void *aux) 105 { 106 veriexec_dev_usage = 0; 107 108 if (veriexec_verbose >= 2) 109 log(LOG_DEBUG, "Veriexec: Pseudo-device attached.\n"); 110 } 111 112 int 113 veriexecopen(dev_t dev, int flags, 114 int fmt, struct lwp *l) 115 { 116 if (veriexec_verbose >= 2) { 117 log(LOG_DEBUG, "Veriexec: Pseudo-device open attempt by " 118 "uid=%u, pid=%u. (dev=%u)\n", 119 kauth_cred_geteuid(l->l_cred), l->l_proc->p_pid, 120 dev); 121 } 122 123 if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, 124 &l->l_acflag) != 0) 125 return (EPERM); 126 127 if (veriexec_dev_usage > 0) { 128 if (veriexec_verbose >= 2) 129 log(LOG_ERR, "Veriexec: pseudo-device already in " 130 "use.\n"); 131 132 return(EBUSY); 133 } 134 135 veriexec_dev_usage++; 136 return (0); 137 } 138 139 int 140 veriexecclose(dev_t dev, int flags, int fmt, 141 struct lwp *l) 142 { 143 if (veriexec_dev_usage > 0) 144 veriexec_dev_usage--; 145 return (0); 146 } 147 148 int 149 veriexecioctl(dev_t dev, u_long cmd, caddr_t data, int flags, 150 struct lwp *l) 151 { 152 struct plistref *plistref; 153 prop_dictionary_t dict; 154 int error = 0; 155 156 if (veriexec_strict > VERIEXEC_LEARNING) { 157 log(LOG_WARNING, "Veriexec: Strict mode, modifying tables not " 158 "permitted.\n"); 159 160 return (EPERM); 161 } 162 163 plistref = (struct plistref *)data; 164 165 switch (cmd) { 166 case VERIEXEC_TABLESIZE: 167 error = prop_dictionary_copyin_ioctl(plistref, cmd, &dict); 168 if (error) 169 break; 170 171 error = veriexec_table_add(l, dict); 172 prop_object_release(dict); 173 break; 174 175 case VERIEXEC_LOAD: 176 error = prop_dictionary_copyin_ioctl(plistref, cmd, &dict); 177 if (error) 178 break; 179 180 error = veriexec_file_add(l, dict); 181 prop_object_release(dict); 182 break; 183 184 case VERIEXEC_DELETE: 185 error = prop_dictionary_copyin_ioctl(plistref, cmd, &dict); 186 if (error) 187 break; 188 189 error = veriexec_delete(dict, l); 190 prop_object_release(dict); 191 break; 192 193 case VERIEXEC_QUERY: { 194 prop_dictionary_t rdict; 195 196 error = prop_dictionary_copyin_ioctl(plistref, cmd, &dict); 197 if (error) 198 return (error); 199 200 rdict = prop_dictionary_create(); 201 if (rdict == NULL) { 202 error = ENOMEM; 203 break; 204 } 205 206 error = veriexec_query(dict, rdict, l); 207 if (error == 0) { 208 error = prop_dictionary_copyout_ioctl(plistref, cmd, 209 rdict); 210 } 211 212 prop_object_release(rdict); 213 prop_object_release(dict); 214 215 break; 216 } 217 218 default: 219 /* Invalid operation. */ 220 error = ENODEV; 221 break; 222 } 223 224 return (error); 225 } 226 227 #if defined(__FreeBSD__) 228 static void 229 veriexec_drvinit(void *unused) 230 { 231 make_dev(&verifiedexec_cdevsw, 0, UID_ROOT, GID_WHEEL, 0600, 232 "veriexec"); 233 verifiedexecattach(0, 0, 0); 234 } 235 236 SYSINIT(veriexec, SI_SUB_PSEUDO, SI_ORDER_ANY, veriexec_drvinit, NULL); 237 #endif 238 239 static int 240 veriexec_delete(prop_dictionary_t dict, struct lwp *l) 241 { 242 struct nameidata nid; 243 int error; 244 245 NDINIT(&nid, LOOKUP, FOLLOW, UIO_SYSSPACE, 246 prop_string_cstring_nocopy(prop_dictionary_get(dict, "file")), l); 247 error = namei(&nid); 248 if (error) 249 return (error); 250 251 /* XXX this should be done differently... */ 252 if (nid.ni_vp->v_type == VREG) 253 error = veriexec_file_delete(l, nid.ni_vp); 254 else if (nid.ni_vp->v_type == VDIR) 255 error = veriexec_table_delete(l, nid.ni_vp->v_mount); 256 257 vrele(nid.ni_vp); 258 259 return (error); 260 } 261 262 static int 263 veriexec_query(prop_dictionary_t dict, prop_dictionary_t rdict, struct lwp *l) 264 { 265 struct nameidata nid; 266 int error; 267 268 NDINIT(&nid, LOOKUP, FOLLOW, UIO_SYSSPACE, 269 prop_string_cstring_nocopy(prop_dictionary_get(dict, "file")), l); 270 error = namei(&nid); 271 if (error) 272 return (error); 273 274 error = veriexec_convert(nid.ni_vp, rdict); 275 276 vrele(nid.ni_vp); 277 278 return (error); 279 }
Cache object: 92d1c890868a3ab96f4920d21870829d
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]