1 /* 2 * $FreeBSD$ 3 * 4 * Copyright (c) 2011-2013, 2015, 2019, Juniper Networks, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 /* 30 * 31 * Definitions for the Verified Executables kernel function. 32 * 33 */ 34 #ifndef _DEV_VERIEXEC_VERIEXEC_IOCTL_H 35 #define _DEV_VERIEXEC_VERIEXEC_IOCTL_H 36 37 #include <sys/param.h> 38 #include <security/mac_veriexec/mac_veriexec.h> 39 40 #define VERIEXEC_FPTYPELEN 16 41 42 struct verified_exec_params { 43 unsigned char flags; 44 char fp_type[VERIEXEC_FPTYPELEN]; /* type of fingerprint */ 45 char file[MAXPATHLEN]; 46 unsigned char fingerprint[MAXFINGERPRINTLEN]; 47 }; 48 49 struct verified_exec_label_params { 50 struct verified_exec_params params; 51 char label[MAXLABELLEN]; 52 }; 53 54 #define VERIEXEC_LOAD _IOW('S', 0x1, struct verified_exec_params) 55 #define VERIEXEC_ACTIVE _IO('S', 0x2) /* start checking */ 56 #define VERIEXEC_ENFORCE _IO('S', 0x3) /* fail exec */ 57 #define VERIEXEC_LOCK _IO('S', 0x4) /* don't allow new sigs */ 58 #define VERIEXEC_DEBUG_ON _IOWR('S', 0x5, int) /* set/get debug level */ 59 #define VERIEXEC_DEBUG_OFF _IO('S', 0x6) /* reset debug */ 60 #define VERIEXEC_GETSTATE _IOR('S', 0x7, int) /* get state */ 61 #define VERIEXEC_SIGNED_LOAD _IOW('S', 0x8, struct verified_exec_params) 62 #define VERIEXEC_GETVERSION _IOR('S', 0x9, int) /* get version */ 63 #define VERIEXEC_LABEL_LOAD _IOW('S', 0xa, struct verified_exec_label_params) 64 65 #define _PATH_DEV_VERIEXEC _PATH_DEV "veriexec" 66 67 #endif 68