Module Name: src Committed By: jruoho Date: Tue Apr 13 07:14:45 UTC 2010
Modified Files: src/share/man/man9: veriexec.9 Log Message: Provide prototypes in SYNOPSIS; use only parameter names in FUNCTIONS. To generate a diff of this commit: cvs rdiff -u -r1.22 -r1.23 src/share/man/man9/veriexec.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/share/man/man9/veriexec.9 diff -u src/share/man/man9/veriexec.9:1.22 src/share/man/man9/veriexec.9:1.23 --- src/share/man/man9/veriexec.9:1.22 Wed May 13 22:43:58 2009 +++ src/share/man/man9/veriexec.9 Tue Apr 13 07:14:45 2010 @@ -1,4 +1,4 @@ -.\" $NetBSD: veriexec.9,v 1.22 2009/05/13 22:43:58 wiz Exp $ +.\" $NetBSD: veriexec.9,v 1.23 2010/04/13 07:14:45 jruoho Exp $ .\" .\" Copyright 2006 Elad Efrat <e...@netbsd.org> .\" Copyright 2006 Brett Lymn <bl...@netbsd.org> @@ -35,9 +35,47 @@ .Nd in-kernel file integrity subsystem KPI .Sh SYNOPSIS .In sys/verified_exec.h +.Ft void +.Fn veriexec_init "void" +.Ft bool +.Fn veriexec_lookup "struct vnode *vp" +.Ft int +.Fn veriexec_verify "struct lwp *l" "struct vnode *vp" \ +"const u_char *name" "int flag" "bool *found" +.Ft void +.Fn veriexec_purge "struct vnode *vp" +.Ft int +.Fn veriexec_fpops_add "const char *fp_type" "size_t hash_len" \ +"size_t ctx_size" "veriexec_fpop_init_t init" "veriexec_fpop_update_t update" \ +"veriexec_fpop_final_t final" +.Ft int +.Fn veriexec_file_add "struct lwp *l" "prop_dictionary_t dict" +.Ft int +.Fn veriexec_file_delete "struct lwp *l" "struct vnode *vp" +.Ft int +.Fn veriexec_table_delete "struct lwp *l" "struct mount *mp" +.Ft int +.Fn veriexec_flush "struct lwp *l" +.Ft int +.Fn veriexec_openchk "struct lwp *l" "struct vnode *vp" \ +"const char *path" "int fmode" +.Ft int +.Fn veriexec_renamechk "struct lwp *l" "struct vnode *fromvp" \ +"const char *fromname" "struct vnode *tovp" "const char *toname" +.Ft int +.Fn veriexec_removechk "struct lwp *l" "struct vnode *vp" \ +"const char *name" +.Ft int +.Fn veriexec_unmountchk "struct mount *mp" +.Ft int +.Fn veriexec_convert "struct vnode *vp" "prop_dictionary_t rdict" +.Ft int +.Fn veriexec_dump "struct lwp *l" "prop_array_t rarray" .Sh DESCRIPTION .Nm -is the KPI for +is the +.Tn KPI +for .Em Veriexec , the .Nx @@ -47,26 +85,25 @@ enforce the .Em Veriexec policy. +.Sh FUNCTIONS .Ss Core Routines .Bl -tag -width compact -.It Ft void Fn veriexec_init "void" +.It Fn veriexec_init "void" Initialize the .Em Veriexec subsystem. Called only once during system startup. -.It Ft "bool" Fn veriexec_lookup "struct vnode *vp" +.It Fn veriexec_lookup "vp" Check if .Ar vp is monitored by -.Em Veriexec -or not. +.Em Veriexec . Returns .Dv true if it is, or .Dv false otherwise. -.It Ft int Fn veriexec_verify "struct lwp *l" "struct vnode *vp" \ -"const u_char *name" "int flag" "bool *found" +.It Fn veriexec_verify "l" "vp" "name" "flag" "found" Verifies the digital fingerprint of .Ar vp . .Ar name @@ -94,7 +131,7 @@ in the .Em Veriexec tables. -.It Ft void Fn veriexec_purge "struct vnode *vp" +.It Fn veriexec_purge "vp" Purge the file entry for .Ar vp . This invalidates the fingerprint so it will be evaluated next time the file @@ -103,9 +140,8 @@ .El .Ss Fingerprint Related Routines .Bl -tag -width compact -.It Ft int Fn veriexec_fpops_add "const char *fp_type" "size_t hash_len" \ -"size_t ctx_size" "veriexec_fpop_init_t init" "veriexec_fpop_update_t update" \ -"veriexec_fpop_final_t final" +.It Fn veriexec_fpops_add "fp_type" "hash_len" "ctx_size" \ +"init" "update" "final" Add support for fingerprinting algorithm .Ar fp_type with binary hash length @@ -123,8 +159,7 @@ .El .Ss Table Management Routines .Bl -tag -width compact -.It Ft int Fn veriexec_file_add "struct lwp *l" \ -"prop_dictionary_t dict" +.It Fn veriexec_file_add "l" "dict" Add a .Em Veriexec entry for the file described by @@ -139,25 +174,24 @@ .It fp-type string fingerprint hashing algorithm .It fp data the fingerprint .El -.It Ft int Fn veriexec_file_delete "struct lwp *l" "struct vnode *vp" +.It Fn veriexec_file_delete "l" "vp" Remove .Em Veriexec entry for .Ar vp . -.It Ft int Fn veriexec_table_delete "struct lwp *l" "struct mount *mp" +.It Fn veriexec_table_delete "l" "mp" Remove .Em Veriexec table for mount-point .Ar mp . -.It Ft int Fn veriexec_flush "struct lwp *l" +.It Fn veriexec_flush "l" Delete all .Em Veriexec tables. .El .Ss Hook Handlers .Bl -tag -width compact -.It Ft int Fn veriexec_openchk "struct lwp *l" "struct vnode *vp" \ -"const char *path" "int fmode" +.It Fn veriexec_openchk "l" "vp" "path" "fmode" Called when a file is opened. .Pp .Ar l @@ -172,8 +206,7 @@ is the pathname for the file (not necessarily a full path), and .Ar fmode are the mode bits with which the file was opened. -.It Ft int Fn veriexec_renamechk "struct lwp *l" "struct vnode *fromvp" \ -"const char *fromname" "struct vnode *tovp" "const char *toname" +.It Fn veriexec_renamechk "l" "fromvp" "fromname" "tovp" "toname" Called when a file is renamed. .Pp .Ar fromvp @@ -190,8 +223,7 @@ Depending on the strict level, .Nm will either track changes appropriately or prevent the rename. -.It Ft int Fn veriexec_removechk "struct lwp *l" "struct vnode *vp" \ -"const char *name" +.It Fn veriexec_removechk "l" "vp" "name" Called when a file is removed. .Pp .Ar vp @@ -204,14 +236,14 @@ Depending on the strict level, .Nm will either clean-up after the file or prevent its removal. -.It Ft int Fn veriexec_unmountchk "struct mount *mp" +.It Fn veriexec_unmountchk "mp" Checks if the current strict level allows .Ar mp to be unmounted. .El .Ss Miscellaneous Routines .Bl -tag -width compact -.It Ft int Fn veriexec_convert "struct vnode *vp" "prop_dictionary_t rdict" +.It Fn veriexec_convert "vp" "rdict" Convert .Em Veriexec entry for @@ -243,7 +275,7 @@ .Er ENOENT is returned. Otherwise, zero. -.It Ft int Fn veriexec_dump "struct lwp *l" "prop_array_t rarray" +.It Fn veriexec_dump "l" "rarray" Fill .Ar rarray with entries for all files monitored by