1 /* 2 * $FreeBSD$ 3 * 4 * Copyright (c) 2011-2023, Juniper Networks, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 /* 30 * 31 * Definitions for the Verified Executables kernel function. 32 * 33 */ 34 #ifndef _DEV_VERIEXEC_VERIEXEC_IOCTL_H 35 #define _DEV_VERIEXEC_VERIEXEC_IOCTL_H 36 37 #include <security/mac_veriexec/mac_veriexec.h> 38 39 /* for backwards compatability */ 40 struct verified_exec_params32 { 41 unsigned char flags; 42 char fp_type[VERIEXEC_FPTYPELEN]; /* type of fingerprint */ 43 char file[MAXPATHLEN]; 44 unsigned char fingerprint[32]; 45 }; 46 47 struct verified_exec_params { 48 unsigned char flags; 49 char fp_type[VERIEXEC_FPTYPELEN]; /* type of fingerprint */ 50 char file[MAXPATHLEN]; 51 unsigned char fingerprint[MAXFINGERPRINTLEN]; 52 }; 53 54 struct verified_exec_label_params { 55 struct verified_exec_params params; 56 char label[MAXLABELLEN]; 57 }; 58 59 #define VERIEXEC_LOAD _IOW('S', 0x1, struct verified_exec_params) 60 #define VERIEXEC_ACTIVE _IO('S', 0x2) /* start checking */ 61 #define VERIEXEC_ENFORCE _IO('S', 0x3) /* fail exec */ 62 #define VERIEXEC_LOCK _IO('S', 0x4) /* don't allow new sigs */ 63 #define VERIEXEC_DEBUG_ON _IOWR('S', 0x5, int) /* set/get debug level */ 64 #define VERIEXEC_DEBUG_OFF _IO('S', 0x6) /* reset debug */ 65 #define VERIEXEC_GETSTATE _IOR('S', 0x7, int) /* get state */ 66 #define VERIEXEC_SIGNED_LOAD32 _IOW('S', 0x8, struct verified_exec_params32) 67 #define VERIEXEC_VERIFIED_FILD _IOW('S', 0x9, int) /* fd */ 68 #define VERIEXEC_GETVERSION _IOR('S', 0xa, int) /* get version */ 69 #define VERIEXEC_LABEL_LOAD _IOW('S', 0xb, struct verified_exec_label_params) 70 #define VERIEXEC_SIGNED_LOAD _IOW('S', 0xc, struct verified_exec_params) 71 72 #define _PATH_DEV_VERIEXEC _PATH_DEV "veriexec" 73 74 #endif 75