| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: veriexec.c,v 1.2 2021/06/21 03:11:05 christos Exp $ */ | | 1 | /* $NetBSD: veriexec.c,v 1.3 2022/02/12 02:40:48 riastradh Exp $ */ |
2 | | | 2 | |
3 | /*- | | 3 | /*- |
4 | * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> | | 4 | * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> |
5 | * Copyright (c) 2005, 2006 Brett Lymn <blymn@NetBSD.org> | | 5 | * Copyright (c) 2005, 2006 Brett Lymn <blymn@NetBSD.org> |
6 | * All rights reserved. | | 6 | * All rights reserved. |
7 | * | | 7 | * |
8 | * Redistribution and use in source and binary forms, with or without | | 8 | * Redistribution and use in source and binary forms, with or without |
9 | * modification, are permitted provided that the following conditions | | 9 | * modification, are permitted provided that the following conditions |
10 | * are met: | | 10 | * are met: |
11 | * 1. Redistributions of source code must retain the above copyright | | 11 | * 1. Redistributions of source code must retain the above copyright |
12 | * notice, this list of conditions and the following disclaimer. | | 12 | * notice, this list of conditions and the following disclaimer. |
13 | * 2. Redistributions in binary form must reproduce the above copyright | | 13 | * 2. Redistributions in binary form must reproduce the above copyright |
14 | * notice, this list of conditions and the following disclaimer in the | | 14 | * notice, this list of conditions and the following disclaimer in the |
| @@ -19,74 +19,69 @@ | | | @@ -19,74 +19,69 @@ |
19 | * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR | | 19 | * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR |
20 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | | 20 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
21 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | | 21 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
22 | * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, | | 22 | * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
23 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | | 23 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
24 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | | 24 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | | 25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | | 26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | | 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
28 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | | 28 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
29 | */ | | 29 | */ |
30 | | | 30 | |
31 | #include <sys/cdefs.h> | | 31 | #include <sys/cdefs.h> |
32 | __KERNEL_RCSID(0, "$NetBSD: veriexec.c,v 1.2 2021/06/21 03:11:05 christos Exp $"); | | 32 | __KERNEL_RCSID(0, "$NetBSD: veriexec.c,v 1.3 2022/02/12 02:40:48 riastradh Exp $"); |
33 | | | 33 | |
34 | #include <sys/param.h> | | 34 | #include <sys/param.h> |
35 | #include <sys/errno.h> | | 35 | #include <sys/errno.h> |
36 | #include <sys/conf.h> | | 36 | #include <sys/conf.h> |
37 | #include <sys/vnode.h> | | 37 | #include <sys/vnode.h> |
38 | #include <sys/fcntl.h> | | 38 | #include <sys/fcntl.h> |
39 | #include <sys/namei.h> | | 39 | #include <sys/namei.h> |
40 | #include <sys/verified_exec.h> | | 40 | #include <sys/verified_exec.h> |
41 | #include <sys/kauth.h> | | 41 | #include <sys/kauth.h> |
42 | #include <sys/syslog.h> | | 42 | #include <sys/syslog.h> |
43 | #include <sys/proc.h> | | 43 | #include <sys/proc.h> |
44 | | | 44 | |
45 | #include <sys/ioctl.h> | | 45 | #include <sys/ioctl.h> |
46 | #include <sys/device.h> | | 46 | #include <sys/device_if.h> |
47 | #define DEVPORT_DEVICE struct device | | | |
48 | | | 47 | |
49 | #include <prop/proplib.h> | | 48 | #include <prop/proplib.h> |
50 | | | 49 | |
51 | void veriexecattach(device_t, device_t, void *); | | 50 | void veriexecattach(device_t, device_t, void *); |
52 | static dev_type_open(veriexecopen); | | 51 | static dev_type_open(veriexecopen); |
53 | static dev_type_close(veriexecclose); | | 52 | static dev_type_close(veriexecclose); |
54 | static dev_type_ioctl(veriexecioctl); | | 53 | static dev_type_ioctl(veriexecioctl); |
55 | | | 54 | |
56 | struct veriexec_softc { | | | |
57 | DEVPORT_DEVICE veriexec_dev; | | | |
58 | }; | | | |
59 | | | | |
60 | const struct cdevsw veriexec_cdevsw = { | | 55 | const struct cdevsw veriexec_cdevsw = { |
61 | .d_open = veriexecopen, | | 56 | .d_open = veriexecopen, |
62 | .d_close = veriexecclose, | | 57 | .d_close = veriexecclose, |
63 | .d_read = noread, | | 58 | .d_read = noread, |
64 | .d_write = nowrite, | | 59 | .d_write = nowrite, |
65 | .d_ioctl = veriexecioctl, | | 60 | .d_ioctl = veriexecioctl, |
66 | .d_stop = nostop, | | 61 | .d_stop = nostop, |
67 | .d_tty = notty, | | 62 | .d_tty = notty, |
68 | .d_poll = nopoll, | | 63 | .d_poll = nopoll, |
69 | .d_mmap = nommap, | | 64 | .d_mmap = nommap, |
70 | .d_discard = nodiscard, | | 65 | .d_discard = nodiscard, |
71 | .d_kqfilter = nokqfilter, | | 66 | .d_kqfilter = nokqfilter, |
72 | .d_flag = D_OTHER, | | 67 | .d_flag = D_OTHER, |
73 | }; | | 68 | }; |
74 | | | 69 | |
75 | /* count of number of times device is open (we really only allow one open) */ | | 70 | /* count of number of times device is open (we really only allow one open) */ |
76 | static unsigned int veriexec_dev_usage = 0; | | 71 | static unsigned int veriexec_dev_usage = 0; |
77 | | | 72 | |
78 | void | | 73 | void |
79 | veriexecattach(DEVPORT_DEVICE *parent, DEVPORT_DEVICE *self, void *aux) | | 74 | veriexecattach(device_t parent, device_t self, void *aux) |
80 | { | | 75 | { |
81 | veriexec_dev_usage = 0; | | 76 | veriexec_dev_usage = 0; |
82 | } | | 77 | } |
83 | | | 78 | |
84 | static int | | 79 | static int |
85 | veriexecopen(dev_t dev, int flags, int fmt, struct lwp *l) | | 80 | veriexecopen(dev_t dev, int flags, int fmt, struct lwp *l) |
86 | { | | 81 | { |
87 | if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_VERIEXEC, | | 82 | if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_VERIEXEC, |
88 | KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS, NULL, NULL, NULL)) | | 83 | KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS, NULL, NULL, NULL)) |
89 | return (EPERM); | | 84 | return (EPERM); |
90 | | | 85 | |
91 | if (veriexec_dev_usage > 0) | | 86 | if (veriexec_dev_usage > 0) |
92 | return(EBUSY); | | 87 | return(EBUSY); |