1 /* 2 * 3 * Copyright (c) 2011-2023, Juniper Networks, Inc. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 /* 29 * 30 * Definitions for the Verified Executables kernel function. 31 * 32 */ 33 #ifndef _DEV_VERIEXEC_VERIEXEC_IOCTL_H 34 #define _DEV_VERIEXEC_VERIEXEC_IOCTL_H 35 36 #include <security/mac_veriexec/mac_veriexec.h> 37 38 /* for backwards compatability */ 39 struct verified_exec_params32 { 40 unsigned char flags; 41 char fp_type[VERIEXEC_FPTYPELEN]; /* type of fingerprint */ 42 char file[MAXPATHLEN]; 43 unsigned char fingerprint[32]; 44 }; 45 46 struct verified_exec_params { 47 unsigned char flags; 48 char fp_type[VERIEXEC_FPTYPELEN]; /* type of fingerprint */ 49 char file[MAXPATHLEN]; 50 unsigned char fingerprint[MAXFINGERPRINTLEN]; 51 }; 52 53 struct verified_exec_label_params { 54 struct verified_exec_params params; 55 char label[MAXLABELLEN]; 56 }; 57 58 #define VERIEXEC_LOAD _IOW('S', 0x1, struct verified_exec_params) 59 #define VERIEXEC_ACTIVE _IO('S', 0x2) /* start checking */ 60 #define VERIEXEC_ENFORCE _IO('S', 0x3) /* fail exec */ 61 #define VERIEXEC_LOCK _IO('S', 0x4) /* don't allow new sigs */ 62 #define VERIEXEC_DEBUG_ON _IOWR('S', 0x5, int) /* set/get debug level */ 63 #define VERIEXEC_DEBUG_OFF _IO('S', 0x6) /* reset debug */ 64 #define VERIEXEC_GETSTATE _IOR('S', 0x7, int) /* get state */ 65 #define VERIEXEC_SIGNED_LOAD32 _IOW('S', 0x8, struct verified_exec_params32) 66 #define VERIEXEC_VERIFIED_FILE _IOW('S', 0x9, int) /* fd */ 67 #define VERIEXEC_GETVERSION _IOR('S', 0xa, int) /* get version */ 68 #define VERIEXEC_LABEL_LOAD _IOW('S', 0xb, struct verified_exec_label_params) 69 #define VERIEXEC_SIGNED_LOAD _IOW('S', 0xc, struct verified_exec_params) 70 71 #define _PATH_DEV_VERIEXEC _PATH_DEV "veriexec" 72 73 #endif 74