FreeBSD/Linux Kernel Cross Reference
sys/sys/systrace.h
1 /* $NetBSD: systrace.h,v 1.21 2006/10/06 16:17:11 christos Exp $ */
2
3 /*
4 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software
16 * must display the following acknowledgement:
17 * This product includes software developed by Niels Provos.
18 * 4. The name of the author may not be used to endorse or promote products
19 * derived from this software without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 */
32
33 #ifndef _SYS_SYSTRACE_H_
34 #define _SYS_SYSTRACE_H_
35
36 #include <sys/select.h>
37 #include <sys/ioccom.h>
38 #include <sys/lock.h>
39
40 #define SYSTR_EMULEN 8 /* sync with sys proc */
41
42 struct str_msg_emul {
43 char emul[SYSTR_EMULEN];
44 };
45
46 struct str_msg_ugid {
47 uid_t uid;
48 gid_t gid;
49 };
50
51 struct str_msg_execve {
52 char path[MAXPATHLEN];
53 };
54
55 #define SYSTR_MAX_POLICIES 64
56 #define SYSTR_MAXARGS 64
57 #define SYSTR_MAXFNAME 8
58 #define SYSTR_MAXREPLEN 2048
59
60 struct str_msg_ask {
61 int32_t code;
62 int32_t argsize;
63 register_t args[SYSTR_MAXARGS];
64 register_t rval[2];
65 int32_t result;
66 };
67
68 /* Queued on fork or exit of a process */
69
70 struct str_msg_child {
71 pid_t new_pid;
72 };
73
74 #define SYSTR_MSG_ASK 1
75 #define SYSTR_MSG_RES 2
76 #define SYSTR_MSG_EMUL 3
77 #define SYSTR_MSG_CHILD 4
78 #define SYSTR_MSG_UGID 5
79 #define SYSTR_MSG_POLICYFREE 6
80 #define SYSTR_MSG_EXECVE 7
81 #define SYSTR_MSG_SCRIPTNAME 8
82
83 #define SYSTR_MSG_NOPROCESS(x) \
84 ((x)->msg.msg_type == SYSTR_MSG_CHILD || \
85 (x)->msg.msg_type == SYSTR_MSG_POLICYFREE)
86
87 struct str_message {
88 int32_t msg_type;
89 pid_t msg_pid;
90 uint16_t msg_seqnr; /* answer has to match seqnr */
91 int16_t msg_policy;
92 union {
93 struct str_msg_emul msg_emul;
94 struct str_msg_ugid msg_ugid;
95 struct str_msg_ask msg_ask;
96 struct str_msg_child msg_child;
97 struct str_msg_execve msg_execve;
98 } msg_data;
99 };
100
101 struct str_process;
102 struct str_msgcontainer {
103 TAILQ_ENTRY(str_msgcontainer) next;
104 struct str_process *strp;
105
106 struct str_message msg;
107 };
108
109
110 struct systrace_answer {
111 pid_t stra_pid;
112 uint16_t stra_seqnr;
113 int16_t reserved;
114 uid_t stra_seteuid; /* elevated privileges for system call */
115 gid_t stra_setegid;
116 int32_t stra_policy;
117 int32_t stra_error;
118 int32_t stra_flags;
119 };
120
121 struct systrace_scriptname {
122 pid_t sn_pid;
123 char sn_scriptname[MAXPATHLEN];
124 };
125
126 #define SYSTR_READ 1
127 #define SYSTR_WRITE 2
128
129 struct systrace_io {
130 pid_t strio_pid;
131 int32_t strio_op;
132 void *strio_offs;
133 void *strio_addr;
134 size_t strio_len;
135 };
136
137 #define SYSTR_POLICY_NEW 1
138 #define SYSTR_POLICY_ASSIGN 2
139 #define SYSTR_POLICY_MODIFY 3
140
141 struct systrace_policy {
142 int32_t strp_op;
143 int32_t strp_num;
144 union {
145 struct {
146 int16_t code;
147 int16_t policy;
148 } assign;
149 pid_t pid;
150 int32_t maxents;
151 } strp_data;
152 };
153
154 #define strp_pid strp_data.pid
155 #define strp_maxents strp_data.maxents
156 #define strp_code strp_data.assign.code
157 #define strp_policy strp_data.assign.policy
158
159 #define SYSTR_NOLINKS 1
160
161 struct systrace_replace {
162 pid_t strr_pid;
163 uint16_t strr_seqnr;
164 int16_t reserved;
165 int32_t strr_nrepl;
166 caddr_t strr_base; /* Base memory */
167 size_t strr_len; /* Length of memory */
168 int32_t strr_argind[SYSTR_MAXARGS];
169 size_t strr_off[SYSTR_MAXARGS];
170 size_t strr_offlen[SYSTR_MAXARGS];
171 int32_t strr_flags[SYSTR_MAXARGS];
172 };
173
174 #define STRIOCATTACH _IOW('s', 101, pid_t)
175 #define STRIOCDETACH _IOW('s', 102, pid_t)
176 #define STRIOCANSWER _IOW('s', 103, struct systrace_answer)
177 #define STRIOCIO _IOWR('s', 104, struct systrace_io)
178 #define STRIOCPOLICY _IOWR('s', 105, struct systrace_policy)
179 #define STRIOCGETCWD _IOW('s', 106, pid_t)
180 #define STRIOCRESCWD _IO('s', 107)
181 #define STRIOCREPORT _IOW('s', 108, pid_t)
182 #define STRIOCREPLACE _IOW('s', 109, struct systrace_replace)
183 #define STRIOCSCRIPTNAME _IOW('s', 110, struct systrace_scriptname)
184
185 #define SYSTR_POLICY_ASK 0
186 #define SYSTR_POLICY_PERMIT 1
187 #define SYSTR_POLICY_NEVER 2
188
189 #define SYSTR_FLAGS_RESULT 0x001
190 #define SYSTR_FLAGS_SETEUID 0x002
191 #define SYSTR_FLAGS_SETEGID 0x004
192
193 #ifdef _KERNEL
194 #include <sys/namei.h>
195
196 struct fsystrace {
197 struct lock lock;
198 struct selinfo si;
199
200 TAILQ_HEAD(strprocessq, str_process) processes;
201 size_t nprocesses;
202
203 TAILQ_HEAD(strpolicyq, str_policy) policies;
204
205 TAILQ_HEAD(strmessageq, str_msgcontainer) messages;
206
207 size_t npolicynr;
208 size_t npolicies;
209
210 int issuser;
211 uid_t p_ruid;
212 gid_t p_rgid;
213
214 /* cwd magic */
215 pid_t fd_pid;
216 struct vnode *fd_cdir;
217 struct vnode *fd_rdir;
218 };
219
220 /* Internal prototypes */
221
222 int systrace_enter(struct lwp *, register_t, void *);
223 void systrace_namei(struct nameidata *);
224 void systrace_exit(struct lwp *, register_t, void *, register_t [], int);
225 void systrace_sys_exit(struct proc *);
226 void systrace_sys_fork(struct proc *, struct proc *);
227 #ifndef __NetBSD__
228 void systrace_init(void);
229 #endif /* ! __NetBSD__ */
230 void systrace_execve0(struct proc *);
231 void systrace_execve1(char *, struct proc *);
232 int systrace_scriptname(struct proc *, char *);
233
234 #endif /* _KERNEL */
235 #endif /* !_SYS_SYSTRACE_H_ */
Cache object: b3baf67b8949d7462dcad1bd8a0d2d3b
|