Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/sys/verified_exec.h
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $NetBSD: verified_exec.h,v 1.59 2018/12/24 16:04:14 maxv Exp $ */ 2 3 /*- 4 * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> 5 * Copyright (c) 2005, 2006 Brett Lymn <blymn@NetBSD.org> 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of the authors may not be used to endorse or promote products 17 * derived from this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR 20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, 23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #ifndef _SYS_VERIFIED_EXEC_H_ 32 #define _SYS_VERIFIED_EXEC_H_ 33 34 #include <sys/ioccom.h> 35 36 #if defined(_KERNEL) && !defined(HAVE_NBTOOL_CONFIG_H) 37 #include <sys/types.h> 38 #include <prop/proplib.h> 39 40 struct mount; 41 struct vnode; 42 43 #ifdef notyet 44 struct vm_page; 45 #endif /* notyet */ 46 #endif /* _KERNEL */ 47 48 /* Flags for a Veriexec entry. These can be OR'd together. */ 49 #define VERIEXEC_DIRECT 0x01 /* Direct execution (exec) */ 50 #define VERIEXEC_INDIRECT 0x02 /* Indirect execution (#!) */ 51 #define VERIEXEC_FILE 0x04 /* Plain file (open) */ 52 #define VERIEXEC_UNTRUSTED 0x10 /* Untrusted storage */ 53 54 /* Operations for the Veriexec pseudo-device. */ 55 #define VERIEXEC_LOAD _IOW('X', 0x1, struct plistref) 56 #define VERIEXEC_TABLESIZE _IOW('X', 0x2, struct plistref) 57 #define VERIEXEC_DELETE _IOW('X', 0x3, struct plistref) 58 #define VERIEXEC_QUERY _IOWR('X', 0x4, struct plistref) 59 #define VERIEXEC_DUMP _IOR('X', 0x5, struct plistref) 60 #define VERIEXEC_FLUSH _IO('X', 0x6) 61 62 /* Veriexec modes (strict levels). */ 63 #define VERIEXEC_LEARNING 0 /* Learning mode. */ 64 #define VERIEXEC_IDS 1 /* Intrusion detection mode. */ 65 #define VERIEXEC_IPS 2 /* Intrusion prevention mode. */ 66 #define VERIEXEC_LOCKDOWN 3 /* Lockdown mode. */ 67 68 /* Valid status field values. */ 69 #define FINGERPRINT_NOTEVAL 0 /* fingerprint has not been evaluated */ 70 #define FINGERPRINT_VALID 1 /* fingerprint evaluated and matches list */ 71 #define FINGERPRINT_NOMATCH 2 /* fingerprint evaluated but does not match */ 72 73 /* Per-page fingerprint status. */ 74 #define PAGE_FP_NONE 0 /* no per-page fingerprints. */ 75 #define PAGE_FP_READY 1 /* per-page fingerprints ready for use. */ 76 #define PAGE_FP_FAIL 2 /* mismatch in per-page fingerprints. */ 77 78 #if defined(_KERNEL) && !defined(HAVE_NBTOOL_CONFIG_H) 79 80 /* 81 * Fingerprint operations vector for Veriexec. 82 * Function types: init, update, final. 83 */ 84 typedef void (*veriexec_fpop_init_t)(void *); 85 typedef void (*veriexec_fpop_update_t)(void *, u_char *, u_int); 86 typedef void (*veriexec_fpop_final_t)(u_char *, void *); 87 88 void veriexec_init(void); 89 int veriexec_fpops_add(const char *, size_t, size_t, veriexec_fpop_init_t, 90 veriexec_fpop_update_t, veriexec_fpop_final_t); 91 int veriexec_file_add(struct lwp *, prop_dictionary_t); 92 int veriexec_verify(struct lwp *, struct vnode *, const u_char *, int, 93 bool *); 94 #ifdef notyet 95 int veriexec_page_verify(struct veriexec_file_entry *, struct vm_page *, 96 size_t, struct lwp *); 97 #endif /* notyet */ 98 bool veriexec_lookup(struct vnode *); 99 int veriexec_file_delete(struct lwp *, struct vnode *); 100 int veriexec_table_delete(struct lwp *, struct mount *); 101 int veriexec_convert(struct vnode *, prop_dictionary_t); 102 int veriexec_dump(struct lwp *, prop_array_t); 103 int veriexec_flush(struct lwp *); 104 void veriexec_purge(struct vnode *); 105 int veriexec_removechk(struct lwp *, struct vnode *, const char *); 106 int veriexec_renamechk(struct lwp *, struct vnode *, const char *, 107 struct vnode *, const char *); 108 int veriexec_unmountchk(struct mount *); 109 int veriexec_openchk(struct lwp *, struct vnode *, const char *, int); 110 #endif /* _KERNEL */ 111 112 #endif /* !_SYS_VERIFIED_EXEC_H_ */
Cache object: 986b3f8cf2fd29912986a676d577d42d
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]