xref: /freebsd/sys/dev/veriexec/veriexec_ioctl.h (revision af23369a6deaaeb612ab266eb88b8bb8d560c322)
1 /*
2  * $FreeBSD$
3  *
4  * Copyright (c) 2011-2013, 2015, 2019, Juniper Networks, Inc.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 /*
30  *
31  * Definitions for the Verified Executables kernel function.
32  *
33  */
34 #ifndef _DEV_VERIEXEC_VERIEXEC_IOCTL_H
35 #define _DEV_VERIEXEC_VERIEXEC_IOCTL_H
36 
37 #include <sys/param.h>
38 #include <security/mac_veriexec/mac_veriexec.h>
39 
40 #define	VERIEXEC_FPTYPELEN	16
41 
42 struct verified_exec_params  {
43 	unsigned char flags;
44 	char fp_type[VERIEXEC_FPTYPELEN];	/* type of fingerprint */
45 	char file[MAXPATHLEN];
46 	unsigned char fingerprint[MAXFINGERPRINTLEN];
47 };
48 
49 struct verified_exec_label_params  {
50 	struct verified_exec_params params;
51 	char label[MAXLABELLEN];
52 };
53 
54 #define VERIEXEC_LOAD		_IOW('S', 0x1, struct verified_exec_params)
55 #define VERIEXEC_ACTIVE		_IO('S', 0x2)	/* start checking */
56 #define VERIEXEC_ENFORCE 	_IO('S', 0x3)	/* fail exec */
57 #define VERIEXEC_LOCK		_IO('S', 0x4)	/* don't allow new sigs */
58 #define VERIEXEC_DEBUG_ON	_IOWR('S', 0x5, int) /* set/get debug level */
59 #define VERIEXEC_DEBUG_OFF 	_IO('S', 0x6)	/* reset debug */
60 #define VERIEXEC_GETSTATE 	_IOR('S', 0x7, int) /* get state */
61 #define VERIEXEC_SIGNED_LOAD	_IOW('S', 0x8, struct verified_exec_params)
62 #define VERIEXEC_GETVERSION	_IOR('S', 0x9, int) /* get version */
63 #define VERIEXEC_LABEL_LOAD	_IOW('S', 0xa, struct verified_exec_label_params)
64 
65 #define	_PATH_DEV_VERIEXEC	_PATH_DEV "veriexec"
66 
67 #endif
68