The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)

[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/sys/verified_exec.h

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10  
    1 /*      $NetBSD: verified_exec.h,v 1.45.2.3 2007/01/19 22:12:49 bouyer Exp $    */
    2 
    3 /*-
    4  * Copyright 2005 Elad Efrat <elad@NetBSD.org>
    5  * Copyright 2005 Brett Lymn <blymn@netbsd.org>
    6  *
    7  * This code is derived from software contributed to The NetBSD Foundation
    8  * by Brett Lymn and Elad Efrat
    9  *
   10  * Redistribution and use in source and binary forms, with or without
   11  * modification, are permitted provided that the following conditions
   12  * are met:
   13  * 1. Redistributions of source code must retain the above copyright
   14  *    notice, this list of conditions and the following disclaimer.
   15  * 2. Neither the name of The NetBSD Foundation nor the names of its
   16  *    contributors may be used to endorse or promote products derived
   17  *    from this software without specific prior written permission.
   18  *
   19  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
   20  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
   21  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   22  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
   23  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
   24  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
   25  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
   26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
   27  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
   29  * POSSIBILITY OF SUCH DAMAGE.
   30  */
   31 
   32 #ifndef _SYS_VERIFIED_EXEC_H_
   33 #define _SYS_VERIFIED_EXEC_H_
   34 
   35 #include <sys/cdefs.h>
   36 #include <sys/param.h>
   37 #include <sys/ioctl.h>
   38 
   39 #ifdef _KERNEL
   40 #include <sys/malloc.h>
   41 #include <uvm/uvm_extern.h>
   42 #include <uvm/uvm_pglist.h>
   43 #include <uvm/uvm_page.h>
   44 #include <prop/proplib.h>
   45 #endif /* _KERNEL */
   46 
   47 /* Flags for a Veriexec entry. These can be OR'd together. */
   48 #define VERIEXEC_DIRECT         0x01 /* Direct execution (exec) */
   49 #define VERIEXEC_INDIRECT       0x02 /* Indirect execution (#!) */
   50 #define VERIEXEC_FILE           0x04 /* Plain file (open) */
   51 #define VERIEXEC_UNTRUSTED      0x10 /* Untrusted storage */
   52 
   53 /* Operations for /dev/veriexec. */
   54 #define VERIEXEC_LOAD           _IOW('X',  0x1, struct plistref)
   55 #define VERIEXEC_TABLESIZE      _IOW('X',  0x2, struct plistref)
   56 #define VERIEXEC_DELETE         _IOW('X',  0x3, struct plistref)
   57 #define VERIEXEC_QUERY          _IOWR('X', 0x4, struct plistref)
   58 
   59 /* Veriexec modes (strict levels). */
   60 #define VERIEXEC_LEARNING       0       /* Learning mode. */
   61 #define VERIEXEC_IDS            1       /* Intrusion detection mode. */
   62 #define VERIEXEC_IPS            2       /* Intrusion prevention mode. */
   63 #define VERIEXEC_LOCKDOWN       3       /* Lockdown mode. */
   64 
   65 /* Valid status field values. */
   66 #define FINGERPRINT_NOTEVAL  0  /* fingerprint has not been evaluated */
   67 #define FINGERPRINT_VALID    1  /* fingerprint evaluated and matches list */
   68 #define FINGERPRINT_NOMATCH  2  /* fingerprint evaluated but does not match */
   69 
   70 /* Per-page fingerprint status. */
   71 #define PAGE_FP_NONE    0       /* no per-page fingerprints. */
   72 #define PAGE_FP_READY   1       /* per-page fingerprints ready for use. */
   73 #define PAGE_FP_FAIL    2       /* mismatch in per-page fingerprints. */
   74 
   75 /*
   76  * Operations vector for verified exec, this defines the characteristics
   77  * for the fingerprint type.
   78  * Function types: init, update, final.
   79  */
   80 typedef void (*veriexec_fpop_init_t)(void *);
   81 typedef void (*veriexec_fpop_update_t)(void *, u_char *, u_int);
   82 typedef void (*veriexec_fpop_final_t)(u_char *, void *);
   83 
   84 #ifdef _KERNEL
   85 MALLOC_DECLARE(M_VERIEXEC);
   86 
   87 struct veriexec_file_entry;
   88 struct veriexec_table_entry;
   89 
   90 extern int veriexec_verbose;
   91 extern int veriexec_strict;
   92 
   93 /* Readable values for veriexec_report(). */
   94 #define REPORT_ALWAYS           0x01    /* Always print */
   95 #define REPORT_VERBOSE          0x02    /* Print when verbose >= 1 */
   96 #define REPORT_DEBUG            0x04    /* Print when verbose >= 2 (debug) */
   97 #define REPORT_PANIC            0x08    /* Call panic() */
   98 #define REPORT_ALARM            0x10    /* Alarm - also print pid/uid/.. */
   99 #define REPORT_LOGMASK          (REPORT_ALWAYS|REPORT_VERBOSE|REPORT_DEBUG)
  100 
  101 void    veriexecattach(struct device *, struct device *, void *);
  102 int     veriexecopen(dev_t, int, int, struct lwp *);
  103 int     veriexecclose(dev_t, int, int, struct lwp *);
  104 int     veriexecioctl(dev_t, u_long, caddr_t, int, struct lwp *);
  105 
  106 void veriexec_init(void);
  107 int veriexec_fpops_add(const char *, size_t, size_t, veriexec_fpop_init_t,
  108     veriexec_fpop_update_t, veriexec_fpop_final_t);
  109 int veriexec_table_add(struct lwp *, prop_dictionary_t);
  110 int veriexec_file_add(struct lwp *, prop_dictionary_t);
  111 int veriexec_verify(struct lwp *, struct vnode *, const u_char *, int,
  112     boolean_t *);
  113 boolean_t veriexec_lookup(struct vnode *);
  114 int veriexec_file_delete(struct lwp *, struct vnode *);
  115 int veriexec_table_delete(struct lwp *, struct mount *);
  116 int veriexec_convert(struct vnode *, prop_dictionary_t);
  117 void veriexec_report(const u_char *, const u_char *, struct lwp *, int);
  118 void veriexec_purge(struct vnode *);
  119 int veriexec_page_verify(struct veriexec_file_entry *, struct vm_page *,
  120     size_t, struct lwp *);
  121 int veriexec_removechk(struct vnode *, const char *, struct lwp *l);
  122 int veriexec_renamechk(struct vnode *, const char *, struct vnode *,
  123     const char *, struct lwp *);
  124 int veriexec_unmountchk(struct mount *);
  125 int veriexec_openchk(struct lwp *, struct vnode *, const char *, int);
  126 #endif /* _KERNEL */
  127 
  128 #endif /* !_SYS_VERIFIED_EXEC_H_ */

Cache object: 4c2fe8cc103c63c00f4f85638f311162

[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.