FreeBSD/Linux Kernel Cross Reference
sys/sys/systrace.h
1 /* $NetBSD: systrace.h,v 1.12.14.3 2006/10/16 20:36:50 ghen Exp $ */
2
3 /*
4 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software
16 * must display the following acknowledgement:
17 * This product includes software developed by Niels Provos.
18 * 4. The name of the author may not be used to endorse or promote products
19 * derived from this software without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 */
32
33 #ifndef _SYSTRACE_H_
34 #define _SYSTRACE_H_
35
36 #include <sys/select.h>
37 #include <sys/ioccom.h>
38 #include <sys/lock.h>
39
40 #define SYSTR_EMULEN 8 /* sync with sys proc */
41
42 struct str_msg_emul {
43 char emul[SYSTR_EMULEN];
44 };
45
46 struct str_msg_ugid {
47 uid_t uid;
48 gid_t gid;
49 };
50
51 #define SYSTR_MAX_POLICIES 64
52 #define SYSTR_MAXARGS 64
53 #define SYSTR_MAXFNAME 8
54 #define SYSTR_MAXREPLEN 2048
55
56 struct str_msg_ask {
57 int32_t code;
58 int32_t argsize;
59 register_t args[SYSTR_MAXARGS];
60 register_t rval[2];
61 int32_t result;
62 };
63
64 /* Queued on fork or exit of a process */
65
66 struct str_msg_child {
67 pid_t new_pid;
68 };
69
70 #define SYSTR_MSG_ASK 1
71 #define SYSTR_MSG_RES 2
72 #define SYSTR_MSG_EMUL 3
73 #define SYSTR_MSG_CHILD 4
74 #define SYSTR_MSG_UGID 5
75 #define SYSTR_MSG_POLICYFREE 6
76
77 #define SYSTR_MSG_NOPROCESS(x) \
78 ((x)->msg.msg_type == SYSTR_MSG_CHILD || \
79 (x)->msg.msg_type == SYSTR_MSG_POLICYFREE)
80
81 struct str_message {
82 int32_t msg_type;
83 pid_t msg_pid;
84 u_int16_t msg_seqnr; /* answer has to match seqnr */
85 int16_t msg_policy;
86 union {
87 struct str_msg_emul msg_emul;
88 struct str_msg_ugid msg_ugid;
89 struct str_msg_ask msg_ask;
90 struct str_msg_child msg_child;
91 } msg_data;
92 };
93
94 struct str_process;
95 struct str_msgcontainer {
96 TAILQ_ENTRY(str_msgcontainer) next;
97 struct str_process *strp;
98
99 struct str_message msg;
100 };
101
102
103 struct systrace_answer {
104 pid_t stra_pid;
105 u_int16_t stra_seqnr;
106 int16_t reserved;
107 uid_t stra_seteuid; /* elevated privileges for system call */
108 uid_t stra_setegid;
109 int32_t stra_policy;
110 int32_t stra_error;
111 int32_t stra_flags;
112 };
113
114 #define SYSTR_READ 1
115 #define SYSTR_WRITE 2
116
117 struct systrace_io {
118 pid_t strio_pid;
119 int32_t strio_op;
120 void *strio_offs;
121 void *strio_addr;
122 size_t strio_len;
123 };
124
125 #define SYSTR_POLICY_NEW 1
126 #define SYSTR_POLICY_ASSIGN 2
127 #define SYSTR_POLICY_MODIFY 3
128
129 struct systrace_policy {
130 int32_t strp_op;
131 int32_t strp_num;
132 union {
133 struct {
134 int16_t code;
135 int16_t policy;
136 } assign;
137 pid_t pid;
138 int32_t maxents;
139 } strp_data;
140 };
141
142 #define strp_pid strp_data.pid
143 #define strp_maxents strp_data.maxents
144 #define strp_code strp_data.assign.code
145 #define strp_policy strp_data.assign.policy
146
147 #define SYSTR_NOLINKS 1
148
149 struct systrace_replace {
150 pid_t strr_pid;
151 u_int16_t strr_seqnr;
152 int16_t reserved;
153 int32_t strr_nrepl;
154 caddr_t strr_base; /* Base memory */
155 size_t strr_len; /* Length of memory */
156 int32_t strr_argind[SYSTR_MAXARGS];
157 size_t strr_off[SYSTR_MAXARGS];
158 size_t strr_offlen[SYSTR_MAXARGS];
159 int32_t strr_flags[SYSTR_MAXARGS];
160 };
161
162 #define STRIOCATTACH _IOW('s', 101, pid_t)
163 #define STRIOCDETACH _IOW('s', 102, pid_t)
164 #define STRIOCANSWER _IOW('s', 103, struct systrace_answer)
165 #define STRIOCIO _IOWR('s', 104, struct systrace_io)
166 #define STRIOCPOLICY _IOWR('s', 105, struct systrace_policy)
167 #define STRIOCGETCWD _IOW('s', 106, pid_t)
168 #define STRIOCRESCWD _IO('s', 107)
169 #define STRIOCREPORT _IOW('s', 108, pid_t)
170 #define STRIOCREPLACE _IOW('s', 109, struct systrace_replace)
171
172 #define SYSTR_POLICY_ASK 0
173 #define SYSTR_POLICY_PERMIT 1
174 #define SYSTR_POLICY_NEVER 2
175
176 #define SYSTR_FLAGS_RESULT 0x001
177 #define SYSTR_FLAGS_SETEUID 0x002
178 #define SYSTR_FLAGS_SETEGID 0x004
179
180 #ifdef _KERNEL
181 #include <sys/namei.h>
182
183 /* XXX: these shouldn't be here. */
184 #define SET(t, f) ((t) |= (f))
185 #define ISSET(t, f) ((t) & (f))
186 #define CLR(t, f) ((t) &= ~(f))
187
188 struct fsystrace {
189 struct lock lock;
190 struct selinfo si;
191
192 TAILQ_HEAD(strprocessq, str_process) processes;
193 size_t nprocesses;
194
195 TAILQ_HEAD(strpolicyq, str_policy) policies;
196
197 TAILQ_HEAD(strmessageq, str_msgcontainer) messages;
198
199 size_t npolicynr;
200 size_t npolicies;
201
202 int issuser;
203 uid_t p_ruid;
204 gid_t p_rgid;
205
206 /* cwd magic */
207 pid_t fd_pid;
208 struct vnode *fd_cdir;
209 struct vnode *fd_rdir;
210 };
211
212 /* Internal prototypes */
213
214 int systrace_enter(struct proc *, register_t, void *);
215 void systrace_namei(struct nameidata *);
216 void systrace_exit(struct proc *, register_t, void *, register_t [], int);
217 void systrace_sys_exit(struct proc *);
218 void systrace_sys_fork(struct proc *, struct proc *);
219 void systrace_init(void);
220
221 #endif /* _KERNEL */
222 #endif /* !_SYSTRACE_H_ */
Cache object: db3dc7ea31719e86368c5d2dede8f8e6
|