mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 12:54:27 +00:00
veriexec: Rename old VERIEXEC_SIGNED_LOAD as VERIEXEC_SIGNED_LOAD32
We need to handle old ioctl from old binary. Add some missing ioctls. Obtained from: Juniper Networks, Inc.
This commit is contained in:
parent
d195f39d1d
commit
bd4742c970
|
@ -36,6 +36,14 @@
|
|||
|
||||
#include <security/mac_veriexec/mac_veriexec.h>
|
||||
|
||||
/* for backwards compatability */
|
||||
struct verified_exec_params32 {
|
||||
unsigned char flags;
|
||||
char fp_type[VERIEXEC_FPTYPELEN]; /* type of fingerprint */
|
||||
char file[MAXPATHLEN];
|
||||
unsigned char fingerprint[32];
|
||||
};
|
||||
|
||||
struct verified_exec_params {
|
||||
unsigned char flags;
|
||||
char fp_type[VERIEXEC_FPTYPELEN]; /* type of fingerprint */
|
||||
|
@ -55,9 +63,11 @@ struct verified_exec_label_params {
|
|||
#define VERIEXEC_DEBUG_ON _IOWR('S', 0x5, int) /* set/get debug level */
|
||||
#define VERIEXEC_DEBUG_OFF _IO('S', 0x6) /* reset debug */
|
||||
#define VERIEXEC_GETSTATE _IOR('S', 0x7, int) /* get state */
|
||||
#define VERIEXEC_SIGNED_LOAD _IOW('S', 0x8, struct verified_exec_params)
|
||||
#define VERIEXEC_GETVERSION _IOR('S', 0x9, int) /* get version */
|
||||
#define VERIEXEC_LABEL_LOAD _IOW('S', 0xa, struct verified_exec_label_params)
|
||||
#define VERIEXEC_SIGNED_LOAD32 _IOW('S', 0x8, struct verified_exec_params32)
|
||||
#define VERIEXEC_VERIFIED_FILD _IOW('S', 0x9, int) /* fd */
|
||||
#define VERIEXEC_GETVERSION _IOR('S', 0xa, int) /* get version */
|
||||
#define VERIEXEC_LABEL_LOAD _IOW('S', 0xb, struct verified_exec_label_params)
|
||||
#define VERIEXEC_SIGNED_LOAD _IOW('S', 0xc, struct verified_exec_params)
|
||||
|
||||
#define _PATH_DEV_VERIEXEC _PATH_DEV "veriexec"
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* $FreeBSD$
|
||||
*
|
||||
* Copyright (c) 2011-2013, 2015, 2019 Juniper Networks, Inc.
|
||||
* Copyright (c) 2011-2023, Juniper Networks, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
|
@ -69,7 +69,7 @@ verifiedexecioctl(struct cdev *dev __unused, u_long cmd, caddr_t data,
|
|||
struct nameidata nid;
|
||||
struct vattr vattr;
|
||||
struct verified_exec_label_params *lparams;
|
||||
struct verified_exec_params *params;
|
||||
struct verified_exec_params *params, params_;
|
||||
int error = 0;
|
||||
|
||||
/*
|
||||
|
@ -104,10 +104,18 @@ verifiedexecioctl(struct cdev *dev __unused, u_long cmd, caddr_t data,
|
|||
return (error);
|
||||
|
||||
lparams = (struct verified_exec_label_params *)data;
|
||||
if (cmd == VERIEXEC_LABEL_LOAD)
|
||||
switch (cmd) {
|
||||
case VERIEXEC_LABEL_LOAD:
|
||||
params = &lparams->params;
|
||||
else
|
||||
break;
|
||||
case VERIEXEC_SIGNED_LOAD32:
|
||||
params = ¶ms_;
|
||||
memcpy(params, data, sizeof(struct verified_exec_params32));
|
||||
break;
|
||||
default:
|
||||
params = (struct verified_exec_params *)data;
|
||||
break;
|
||||
}
|
||||
|
||||
switch (cmd) {
|
||||
case VERIEXEC_ACTIVE:
|
||||
|
@ -187,6 +195,13 @@ verifiedexecioctl(struct cdev *dev __unused, u_long cmd, caddr_t data,
|
|||
int flags = FREAD;
|
||||
int override = (cmd != VERIEXEC_LOAD);
|
||||
|
||||
if (params->flags & VERIEXEC_LABEL) {
|
||||
labellen = strnlen(lparams->label,
|
||||
MAXLABELLEN) + 1;
|
||||
if (labellen > MAXLABELLEN)
|
||||
return (EINVAL);
|
||||
}
|
||||
|
||||
/*
|
||||
* Get the attributes for the file name passed
|
||||
* stash the file's device id and inode number
|
||||
|
@ -228,9 +243,6 @@ verifiedexecioctl(struct cdev *dev __unused, u_long cmd, caddr_t data,
|
|||
FINGERPRINT_INVALID);
|
||||
VOP_UNLOCK(nid.ni_vp);
|
||||
(void) vn_close(nid.ni_vp, FREAD, td->td_ucred, td);
|
||||
if (params->flags & VERIEXEC_LABEL)
|
||||
labellen = strnlen(lparams->label,
|
||||
sizeof(lparams->label) - 1) + 1;
|
||||
|
||||
mtx_lock(&ve_mutex);
|
||||
error = mac_veriexec_metadata_add_file(
|
||||
|
|
Loading…
Reference in a new issue