CVS commit: src

Wed, 09 Dec 2015 10:27:05 -0800 

Module Name:    src
Committed By:   maxv
Date:           Wed Dec  9 18:25:32 UTC 2015

Modified Files:
        src/share/man/man9: veriexec.9
        src/sys/conf: files
Added Files:
        src/sys/dev: veriexec.c
Removed Files:
        src/sys/dev: verified_exec.c

Log Message:
Rename verified_exec.c -> veriexec.c.

The old log is now in Attic/.


To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 src/share/man/man9/veriexec.9
cvs rdiff -u -r1.1151 -r1.1152 src/sys/conf/files
cvs rdiff -u -r0 -r1.1 src/sys/dev/veriexec.c
cvs rdiff -u -r1.71 -r0 src/sys/dev/verified_exec.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/share/man/man9/veriexec.9
diff -u src/share/man/man9/veriexec.9:1.28 src/share/man/man9/veriexec.9:1.29
--- src/share/man/man9/veriexec.9:1.28	Fri Feb 13 17:50:48 2015
+++ src/share/man/man9/veriexec.9	Wed Dec  9 18:25:32 2015
@@ -1,4 +1,4 @@
-.\" $NetBSD: veriexec.9,v 1.28 2015/02/13 17:50:48 maxv Exp $
+.\" $NetBSD: veriexec.9,v 1.29 2015/12/09 18:25:32 maxv Exp $
 .\"
 .\" Copyright 2006 Elad Efrat <e...@netbsd.org>
 .\" Copyright 2006 Brett Lymn <bl...@netbsd.org>
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd February 13, 2015
+.Dd December 9, 2015
 .Dt VERIEXEC 9
 .Os
 .Sh NAME
@@ -293,7 +293,7 @@ containing the filename.
 .Sh FILES
 .Bl -column srcxsysxkernxkernxverifiedexecxc foo
 .It Sy Path	Purpose
-.It src/sys/dev/verified_exec.c	driver for userland communication
+.It src/sys/dev/veriexec.c	driver for userland communication
 .It src/sys/sys/verified_exec.h	shared (userland/kernel) header file
 .It src/sys/kern/kern_veriexec.c	subsystem code
 .It src/sys/kern/vfs_syscalls.c	rename, remove, and unmount policies

Index: src/sys/conf/files
diff -u src/sys/conf/files:1.1151 src/sys/conf/files:1.1152
--- src/sys/conf/files:1.1151	Sat Dec  5 13:31:07 2015
+++ src/sys/conf/files	Wed Dec  9 18:25:32 2015
@@ -1,4 +1,4 @@
-#	$NetBSD: files,v 1.1151 2015/12/05 13:31:07 jmcneill Exp $
+#	$NetBSD: files,v 1.1152 2015/12/09 18:25:32 maxv Exp $
 #	@(#)files.newconf	7.5 (Berkeley) 5/10/93
 
 version 	20150846
@@ -1436,7 +1436,7 @@ file	dev/kttcp.c			kttcp		needs-flag
 # Veriexec
 defpseudo veriexec
 file	kern/kern_veriexec.c	veriexec
-file	dev/verified_exec.c		veriexec	needs-flag
+file	dev/veriexec.c		veriexec	needs-flag
 
 # driver attach / detach user interface
 defpseudo drvctl

Added files:

Index: src/sys/dev/veriexec.c
diff -u /dev/null src/sys/dev/veriexec.c:1.1
--- /dev/null	Wed Dec  9 18:25:32 2015
+++ src/sys/dev/veriexec.c	Wed Dec  9 18:25:32 2015
@@ -0,0 +1,270 @@
+/*	$NetBSD: veriexec.c,v 1.1 2015/12/09 18:25:32 maxv Exp $	*/
+
+/*-
+ * Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org>
+ * Copyright (c) 2005, 2006 Brett Lymn <bl...@netbsd.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the authors may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: veriexec.c,v 1.1 2015/12/09 18:25:32 maxv Exp $");
+
+#include <sys/param.h>
+#include <sys/errno.h>
+#include <sys/conf.h>
+#include <sys/vnode.h>
+#include <sys/fcntl.h>
+#include <sys/namei.h>
+#include <sys/verified_exec.h>
+#include <sys/kauth.h>
+#include <sys/syslog.h>
+#include <sys/proc.h>
+
+#include <sys/ioctl.h>
+#include <sys/device.h>
+#define DEVPORT_DEVICE struct device
+
+#include <prop/proplib.h>
+
+void veriexecattach(device_t, device_t, void *);
+static dev_type_open(veriexecopen);
+static dev_type_close(veriexecclose);
+static dev_type_ioctl(veriexecioctl);
+
+struct veriexec_softc {
+	DEVPORT_DEVICE veriexec_dev;
+};
+
+const struct cdevsw veriexec_cdevsw = {
+	.d_open = veriexecopen,
+	.d_close = veriexecclose,
+	.d_read = noread,
+	.d_write = nowrite,
+	.d_ioctl = veriexecioctl,
+	.d_stop = nostop,
+	.d_tty = notty,
+	.d_poll = nopoll,
+	.d_mmap = nommap,
+	.d_discard = nodiscard,
+	.d_kqfilter = nokqfilter,
+	.d_flag = D_OTHER,
+};
+
+/* count of number of times device is open (we really only allow one open) */
+static unsigned int veriexec_dev_usage = 0;
+
+void
+veriexecattach(DEVPORT_DEVICE *parent, DEVPORT_DEVICE *self, void *aux)
+{
+	veriexec_dev_usage = 0;
+}
+
+static int
+veriexecopen(dev_t dev, int flags, int fmt, struct lwp *l)
+{
+	if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_VERIEXEC,
+	    KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS, NULL, NULL, NULL))
+		return (EPERM);
+
+	if (veriexec_dev_usage > 0)
+		return(EBUSY);
+
+	veriexec_dev_usage++;
+	return (0);
+}
+
+static int
+veriexecclose(dev_t dev, int flags, int fmt, struct lwp *l)
+{
+	if (veriexec_dev_usage > 0)
+		veriexec_dev_usage--;
+	return (0);
+}
+
+static int
+veriexec_delete(prop_dictionary_t dict, struct lwp *l)
+{
+	struct vnode *vp;
+	const char *file;
+	int error;
+
+	if (!prop_dictionary_get_cstring_nocopy(dict, "file", &file))
+		return (EINVAL);
+
+	error = namei_simple_kernel(file, NSM_FOLLOW_NOEMULROOT, &vp);
+	if (error)
+		return (error);
+
+	/* XXX this should be done differently... */
+	if (vp->v_type == VREG)
+		error = veriexec_file_delete(l, vp);
+	else if (vp->v_type == VDIR)
+		error = veriexec_table_delete(l, vp->v_mount);
+
+	vrele(vp);
+
+	return (error);
+}
+
+static int
+veriexec_query(prop_dictionary_t dict, prop_dictionary_t rdict, struct lwp *l)
+{
+	struct vnode *vp;
+	const char *file;
+	int error;
+
+	if (!prop_dictionary_get_cstring_nocopy(dict, "file", &file))
+		return (EINVAL);
+
+	error = namei_simple_kernel(file, NSM_FOLLOW_NOEMULROOT, &vp);
+	if (error)
+		return (error);
+
+	error = veriexec_convert(vp, rdict);
+
+	vrele(vp);
+
+	return (error);
+}
+
+int
+veriexecioctl(dev_t dev, u_long cmd, void *data, int flags, struct lwp *l)
+{
+	struct plistref *plistref;
+	prop_dictionary_t dict;
+	int error = 0;
+
+	switch (cmd) {
+	case VERIEXEC_TABLESIZE:
+	case VERIEXEC_LOAD:
+	case VERIEXEC_DELETE:
+	case VERIEXEC_FLUSH:
+		if (!(flags & FWRITE))
+			return (EPERM);
+
+		error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_VERIEXEC,
+		    KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY, KAUTH_ARG(cmd), NULL,
+		    NULL);
+		if (error)
+			return error;
+
+		break;
+
+	case VERIEXEC_QUERY:
+	case VERIEXEC_DUMP:
+		if (!(flags & FREAD))
+			return (EPERM);
+
+		break;
+
+	default:
+		/* Invalid operation. */
+		return (ENODEV);
+	}
+
+	plistref = (struct plistref *)data;
+
+	switch (cmd) {
+	case VERIEXEC_TABLESIZE:
+		/* Do nothing. Kept for binary compatibility. */
+		break;
+
+	case VERIEXEC_LOAD:
+		error = prop_dictionary_copyin_ioctl(plistref, cmd, &dict);
+		if (error)
+			break;
+
+		error = veriexec_file_add(l, dict);
+		prop_object_release(dict);
+		break;
+
+	case VERIEXEC_DELETE:
+		error = prop_dictionary_copyin_ioctl(plistref, cmd, &dict);
+		if (error)
+			break;
+
+		error = veriexec_delete(dict, l);
+		prop_object_release(dict);
+		break;
+
+	case VERIEXEC_QUERY: {
+		prop_dictionary_t rdict;
+
+		error = prop_dictionary_copyin_ioctl(plistref, cmd, &dict);
+		if (error)
+			return (error);
+
+		rdict = prop_dictionary_create();
+		if (rdict == NULL) {
+			prop_object_release(dict);
+			error = ENOMEM;
+			break;
+		}
+
+		error = veriexec_query(dict, rdict, l);
+		if (error == 0) {
+			error = prop_dictionary_copyout_ioctl(plistref, cmd,
+			    rdict);
+		}
+
+		prop_object_release(rdict);
+		prop_object_release(dict);
+
+		break;
+		}
+
+	case VERIEXEC_DUMP: {
+		prop_array_t rarray;
+
+		rarray = prop_array_create();
+		if (rarray == NULL) {
+			error = ENOMEM;
+			break;
+		}
+
+		error = veriexec_dump(l, rarray);
+		if (error == 0) {
+			error = prop_array_copyout_ioctl(plistref, cmd,
+			    rarray);
+		}
+
+		prop_object_release(rarray);
+
+		break;
+		}
+
+	case VERIEXEC_FLUSH:
+		error = veriexec_flush(l);
+		break;
+
+	default:
+		/* Invalid operation. */
+		error = ENODEV;
+		break;
+	}
+
+	return (error);
+}
+

Reply via email to