| 1 | /* $NetBSD: verified_exec.h,v 1.58 2010/11/19 06:44:34 dholland Exp $ */ |
| 2 | |
| 3 | /*- |
| 4 | * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> |
| 5 | * Copyright (c) 2005, 2006 Brett Lymn <blymn@NetBSD.org> |
| 6 | * All rights reserved. |
| 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions |
| 10 | * are met: |
| 11 | * 1. Redistributions of source code must retain the above copyright |
| 12 | * notice, this list of conditions and the following disclaimer. |
| 13 | * 2. Redistributions in binary form must reproduce the above copyright |
| 14 | * notice, this list of conditions and the following disclaimer in the |
| 15 | * documentation and/or other materials provided with the distribution. |
| 16 | * 3. The name of the authors may not be used to endorse or promote products |
| 17 | * derived from this software without specific prior written permission. |
| 18 | * |
| 19 | * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR |
| 20 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 21 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 22 | * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 23 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 24 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 28 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 29 | */ |
| 30 | |
| 31 | #ifndef _SYS_VERIFIED_EXEC_H_ |
| 32 | #define _SYS_VERIFIED_EXEC_H_ |
| 33 | |
| 34 | #include <sys/ioccom.h> |
| 35 | |
| 36 | #if defined(_KERNEL) && !defined(HAVE_NBTOOL_CONFIG_H) |
| 37 | #include <sys/types.h> |
| 38 | #include <prop/proplib.h> |
| 39 | |
| 40 | struct mount; |
| 41 | struct vnode; |
| 42 | |
| 43 | #ifdef notyet |
| 44 | struct vm_page; |
| 45 | #endif /* notyet */ |
| 46 | #endif /* _KERNEL */ |
| 47 | |
| 48 | /* Flags for a Veriexec entry. These can be OR'd together. */ |
| 49 | #define VERIEXEC_DIRECT 0x01 /* Direct execution (exec) */ |
| 50 | #define VERIEXEC_INDIRECT 0x02 /* Indirect execution (#!) */ |
| 51 | #define VERIEXEC_FILE 0x04 /* Plain file (open) */ |
| 52 | #define VERIEXEC_UNTRUSTED 0x10 /* Untrusted storage */ |
| 53 | |
| 54 | /* Operations for the Veriexec pseudo-device. */ |
| 55 | #define VERIEXEC_LOAD _IOW('X', 0x1, struct plistref) |
| 56 | #define VERIEXEC_TABLESIZE _IOW('X', 0x2, struct plistref) |
| 57 | #define VERIEXEC_DELETE _IOW('X', 0x3, struct plistref) |
| 58 | #define VERIEXEC_QUERY _IOWR('X', 0x4, struct plistref) |
| 59 | #define VERIEXEC_DUMP _IOR('X', 0x5, struct plistref) |
| 60 | #define VERIEXEC_FLUSH _IO('X', 0x6) |
| 61 | |
| 62 | /* Veriexec modes (strict levels). */ |
| 63 | #define VERIEXEC_LEARNING 0 /* Learning mode. */ |
| 64 | #define VERIEXEC_IDS 1 /* Intrusion detection mode. */ |
| 65 | #define VERIEXEC_IPS 2 /* Intrusion prevention mode. */ |
| 66 | #define VERIEXEC_LOCKDOWN 3 /* Lockdown mode. */ |
| 67 | |
| 68 | /* Valid status field values. */ |
| 69 | #define FINGERPRINT_NOTEVAL 0 /* fingerprint has not been evaluated */ |
| 70 | #define FINGERPRINT_VALID 1 /* fingerprint evaluated and matches list */ |
| 71 | #define FINGERPRINT_NOMATCH 2 /* fingerprint evaluated but does not match */ |
| 72 | |
| 73 | /* Per-page fingerprint status. */ |
| 74 | #define PAGE_FP_NONE 0 /* no per-page fingerprints. */ |
| 75 | #define PAGE_FP_READY 1 /* per-page fingerprints ready for use. */ |
| 76 | #define PAGE_FP_FAIL 2 /* mismatch in per-page fingerprints. */ |
| 77 | |
| 78 | #if defined(_KERNEL) && !defined(HAVE_NBTOOL_CONFIG_H) |
| 79 | |
| 80 | #if NVERIEXEC > 0 |
| 81 | /* FUTURE: remove this macro entirely - dholland 20100215 */ |
| 82 | #define VERIEXEC_PATH_GET(from, cto, to) \ |
| 83 | do { \ |
| 84 | to = NULL; \ |
| 85 | cto = from; \ |
| 86 | } \ |
| 87 | } while (/*CONSTCOND*/0) |
| 88 | #define VERIEXEC_PATH_PUT(to) \ |
| 89 | do { \ |
| 90 | (void)(to); \ |
| 91 | } while (/*CONSTCOND*/0) |
| 92 | #else |
| 93 | #define VERIEXEC_PATH_GET(from, cto, to) \ |
| 94 | cto = from |
| 95 | #define VERIEXEC_PATH_PUT(to) \ |
| 96 | (void)to |
| 97 | |
| 98 | #endif |
| 99 | |
| 100 | /* |
| 101 | * Fingerprint operations vector for Veriexec. |
| 102 | * Function types: init, update, final. |
| 103 | */ |
| 104 | typedef void (*veriexec_fpop_init_t)(void *); |
| 105 | typedef void (*veriexec_fpop_update_t)(void *, u_char *, u_int); |
| 106 | typedef void (*veriexec_fpop_final_t)(u_char *, void *); |
| 107 | |
| 108 | void veriexec_init(void); |
| 109 | int veriexec_fpops_add(const char *, size_t, size_t, veriexec_fpop_init_t, |
| 110 | veriexec_fpop_update_t, veriexec_fpop_final_t); |
| 111 | int veriexec_file_add(struct lwp *, prop_dictionary_t); |
| 112 | int veriexec_verify(struct lwp *, struct vnode *, const u_char *, int, |
| 113 | bool *); |
| 114 | #ifdef notyet |
| 115 | int veriexec_page_verify(struct veriexec_file_entry *, struct vm_page *, |
| 116 | size_t, struct lwp *); |
| 117 | #endif /* notyet */ |
| 118 | bool veriexec_lookup(struct vnode *); |
| 119 | int veriexec_file_delete(struct lwp *, struct vnode *); |
| 120 | int veriexec_table_delete(struct lwp *, struct mount *); |
| 121 | int veriexec_convert(struct vnode *, prop_dictionary_t); |
| 122 | int veriexec_dump(struct lwp *, prop_array_t); |
| 123 | int veriexec_flush(struct lwp *); |
| 124 | void veriexec_purge(struct vnode *); |
| 125 | int veriexec_removechk(struct lwp *, struct vnode *, const char *); |
| 126 | int veriexec_renamechk(struct lwp *, struct vnode *, const char *, |
| 127 | struct vnode *, const char *); |
| 128 | int veriexec_unmountchk(struct mount *); |
| 129 | int veriexec_openchk(struct lwp *, struct vnode *, const char *, int); |
| 130 | #endif /* _KERNEL */ |
| 131 | |
| 132 | #endif /* !_SYS_VERIFIED_EXEC_H_ */ |
| 133 | |