| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
| 1 | /* $NetBSD: veriexec.c,v 1.2 2021/06/21 03:11:05 christos Exp $ */ | | 1 | /* $NetBSD: veriexec.c,v 1.3 2022/02/12 02:40:48 riastradh Exp $ */ |
| 2 | | | 2 | |
| 3 | /*- | | 3 | /*- |
| 4 | * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> | | 4 | * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> |
| 5 | * Copyright (c) 2005, 2006 Brett Lymn <blymn@NetBSD.org> | | 5 | * Copyright (c) 2005, 2006 Brett Lymn <blymn@NetBSD.org> |
| 6 | * All rights reserved. | | 6 | * All rights reserved. |
| 7 | * | | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | | 9 | * modification, are permitted provided that the following conditions |
| 10 | * are met: | | 10 | * are met: |
| 11 | * 1. Redistributions of source code must retain the above copyright | | 11 | * 1. Redistributions of source code must retain the above copyright |
| 12 | * notice, this list of conditions and the following disclaimer. | | 12 | * notice, this list of conditions and the following disclaimer. |
| 13 | * 2. Redistributions in binary form must reproduce the above copyright | | 13 | * 2. Redistributions in binary form must reproduce the above copyright |
| 14 | * notice, this list of conditions and the following disclaimer in the | | 14 | * notice, this list of conditions and the following disclaimer in the |
| @@ -19,74 +19,69 @@ | | | @@ -19,74 +19,69 @@ |
| 19 | * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR | | 19 | * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR |
| 20 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | | 20 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 21 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | | 21 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 22 | * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, | | 22 | * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 23 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | | 23 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 24 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | | 24 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | | 25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | | 26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | | 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 28 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | | 28 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 29 | */ | | 29 | */ |
| 30 | | | 30 | |
| 31 | #include <sys/cdefs.h> | | 31 | #include <sys/cdefs.h> |
| 32 | __KERNEL_RCSID(0, "$NetBSD: veriexec.c,v 1.2 2021/06/21 03:11:05 christos Exp $"); | | 32 | __KERNEL_RCSID(0, "$NetBSD: veriexec.c,v 1.3 2022/02/12 02:40:48 riastradh Exp $"); |
| 33 | | | 33 | |
| 34 | #include <sys/param.h> | | 34 | #include <sys/param.h> |
| 35 | #include <sys/errno.h> | | 35 | #include <sys/errno.h> |
| 36 | #include <sys/conf.h> | | 36 | #include <sys/conf.h> |
| 37 | #include <sys/vnode.h> | | 37 | #include <sys/vnode.h> |
| 38 | #include <sys/fcntl.h> | | 38 | #include <sys/fcntl.h> |
| 39 | #include <sys/namei.h> | | 39 | #include <sys/namei.h> |
| 40 | #include <sys/verified_exec.h> | | 40 | #include <sys/verified_exec.h> |
| 41 | #include <sys/kauth.h> | | 41 | #include <sys/kauth.h> |
| 42 | #include <sys/syslog.h> | | 42 | #include <sys/syslog.h> |
| 43 | #include <sys/proc.h> | | 43 | #include <sys/proc.h> |
| 44 | | | 44 | |
| 45 | #include <sys/ioctl.h> | | 45 | #include <sys/ioctl.h> |
| 46 | #include <sys/device.h> | | 46 | #include <sys/device_if.h> |
| 47 | #define DEVPORT_DEVICE struct device | | | |
| 48 | | | 47 | |
| 49 | #include <prop/proplib.h> | | 48 | #include <prop/proplib.h> |
| 50 | | | 49 | |
| 51 | void veriexecattach(device_t, device_t, void *); | | 50 | void veriexecattach(device_t, device_t, void *); |
| 52 | static dev_type_open(veriexecopen); | | 51 | static dev_type_open(veriexecopen); |
| 53 | static dev_type_close(veriexecclose); | | 52 | static dev_type_close(veriexecclose); |
| 54 | static dev_type_ioctl(veriexecioctl); | | 53 | static dev_type_ioctl(veriexecioctl); |
| 55 | | | 54 | |
| 56 | struct veriexec_softc { | | | |
| 57 | DEVPORT_DEVICE veriexec_dev; | | | |
| 58 | }; | | | |
| 59 | | | | |
| 60 | const struct cdevsw veriexec_cdevsw = { | | 55 | const struct cdevsw veriexec_cdevsw = { |
| 61 | .d_open = veriexecopen, | | 56 | .d_open = veriexecopen, |
| 62 | .d_close = veriexecclose, | | 57 | .d_close = veriexecclose, |
| 63 | .d_read = noread, | | 58 | .d_read = noread, |
| 64 | .d_write = nowrite, | | 59 | .d_write = nowrite, |
| 65 | .d_ioctl = veriexecioctl, | | 60 | .d_ioctl = veriexecioctl, |
| 66 | .d_stop = nostop, | | 61 | .d_stop = nostop, |
| 67 | .d_tty = notty, | | 62 | .d_tty = notty, |
| 68 | .d_poll = nopoll, | | 63 | .d_poll = nopoll, |
| 69 | .d_mmap = nommap, | | 64 | .d_mmap = nommap, |
| 70 | .d_discard = nodiscard, | | 65 | .d_discard = nodiscard, |
| 71 | .d_kqfilter = nokqfilter, | | 66 | .d_kqfilter = nokqfilter, |
| 72 | .d_flag = D_OTHER, | | 67 | .d_flag = D_OTHER, |
| 73 | }; | | 68 | }; |
| 74 | | | 69 | |
| 75 | /* count of number of times device is open (we really only allow one open) */ | | 70 | /* count of number of times device is open (we really only allow one open) */ |
| 76 | static unsigned int veriexec_dev_usage = 0; | | 71 | static unsigned int veriexec_dev_usage = 0; |
| 77 | | | 72 | |
| 78 | void | | 73 | void |
| 79 | veriexecattach(DEVPORT_DEVICE *parent, DEVPORT_DEVICE *self, void *aux) | | 74 | veriexecattach(device_t parent, device_t self, void *aux) |
| 80 | { | | 75 | { |
| 81 | veriexec_dev_usage = 0; | | 76 | veriexec_dev_usage = 0; |
| 82 | } | | 77 | } |
| 83 | | | 78 | |
| 84 | static int | | 79 | static int |
| 85 | veriexecopen(dev_t dev, int flags, int fmt, struct lwp *l) | | 80 | veriexecopen(dev_t dev, int flags, int fmt, struct lwp *l) |
| 86 | { | | 81 | { |
| 87 | if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_VERIEXEC, | | 82 | if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_VERIEXEC, |
| 88 | KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS, NULL, NULL, NULL)) | | 83 | KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS, NULL, NULL, NULL)) |
| 89 | return (EPERM); | | 84 | return (EPERM); |
| 90 | | | 85 | |
| 91 | if (veriexec_dev_usage > 0) | | 86 | if (veriexec_dev_usage > 0) |
| 92 | return(EBUSY); | | 87 | return(EBUSY); |