Annotation of sys/dev/systrace.h, Revision 1.1
1.1 ! nbrk 1: /* $OpenBSD: systrace.h,v 1.20 2006/10/06 05:47:27 djm Exp $ */
! 2: /*
! 3: * Copyright 2002 Niels Provos <provos@citi.umich.edu>
! 4: * All rights reserved.
! 5: *
! 6: * Redistribution and use in source and binary forms, with or without
! 7: * modification, are permitted provided that the following conditions
! 8: * are met:
! 9: * 1. Redistributions of source code must retain the above copyright
! 10: * notice, this list of conditions and the following disclaimer.
! 11: * 2. Redistributions in binary form must reproduce the above copyright
! 12: * notice, this list of conditions and the following disclaimer in the
! 13: * documentation and/or other materials provided with the distribution.
! 14: * 3. All advertising materials mentioning features or use of this software
! 15: * must display the following acknowledgement:
! 16: * This product includes software developed by Niels Provos.
! 17: * 4. The name of the author may not be used to endorse or promote products
! 18: * derived from this software without specific prior written permission.
! 19: *
! 20: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
! 21: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
! 22: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
! 23: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
! 24: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
! 25: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
! 26: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
! 27: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
! 28: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
! 29: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
! 30: */
! 31:
! 32: #ifndef _SYSTRACE_H_
! 33: #define _SYSTRACE_H_
! 34:
! 35: #include <sys/ioccom.h>
! 36: #include <sys/rwlock.h>
! 37:
! 38: #define SYSTR_EMULEN 8 /* sync with sys proc */
! 39:
! 40: struct str_msg_emul {
! 41: char emul[SYSTR_EMULEN];
! 42: };
! 43:
! 44: struct str_msg_ugid {
! 45: uid_t uid;
! 46: gid_t gid;
! 47: };
! 48:
! 49: struct str_msg_execve {
! 50: char path[MAXPATHLEN];
! 51: };
! 52:
! 53: #define SYSTR_MAX_POLICIES 64
! 54: #define SYSTR_MAXARGS 64
! 55: #define SYSTR_MAXFNAME 8
! 56: #define SYSTR_MAXINJECTS 8
! 57: #define SYSTR_MAXREPLEN 2048
! 58:
! 59: struct str_msg_ask {
! 60: int code;
! 61: int argsize;
! 62: register_t args[SYSTR_MAXARGS];
! 63: register_t rval[2];
! 64: int result;
! 65: };
! 66:
! 67: /* Queued on fork or exit of a process */
! 68:
! 69: struct str_msg_child {
! 70: pid_t new_pid;
! 71: };
! 72:
! 73: #define SYSTR_MSG_ASK 1
! 74: #define SYSTR_MSG_RES 2
! 75: #define SYSTR_MSG_EMUL 3
! 76: #define SYSTR_MSG_CHILD 4
! 77: #define SYSTR_MSG_UGID 5
! 78: #define SYSTR_MSG_POLICYFREE 6
! 79: #define SYSTR_MSG_EXECVE 7
! 80:
! 81: #define SYSTR_MSG_NOPROCESS(x) \
! 82: ((x)->msg.msg_type == SYSTR_MSG_CHILD || \
! 83: (x)->msg.msg_type == SYSTR_MSG_POLICYFREE)
! 84:
! 85: struct str_message {
! 86: int msg_type;
! 87: pid_t msg_pid;
! 88: u_int16_t msg_seqnr; /* answer has to match seqnr */
! 89: short msg_policy;
! 90: union {
! 91: struct str_msg_emul msg_emul;
! 92: struct str_msg_ugid msg_ugid;
! 93: struct str_msg_ask msg_ask;
! 94: struct str_msg_child msg_child;
! 95: struct str_msg_execve msg_execve;
! 96: } msg_data;
! 97: };
! 98:
! 99: struct systrace_answer {
! 100: pid_t stra_pid;
! 101: u_int16_t stra_seqnr;
! 102: short reserved;
! 103: uid_t stra_seteuid; /* elevated privileges for system call */
! 104: uid_t stra_setegid;
! 105: int stra_policy;
! 106: int stra_error;
! 107: int stra_flags;
! 108: };
! 109:
! 110: struct systrace_scriptname {
! 111: pid_t sn_pid;
! 112: char sn_scriptname[MAXPATHLEN];
! 113: };
! 114:
! 115: #define SYSTR_READ 1
! 116: #define SYSTR_WRITE 2
! 117:
! 118: struct systrace_io {
! 119: pid_t strio_pid;
! 120: int strio_op;
! 121: void *strio_offs;
! 122: void *strio_addr;
! 123: size_t strio_len;
! 124: };
! 125:
! 126: #define SYSTR_POLICY_NEW 1
! 127: #define SYSTR_POLICY_ASSIGN 2
! 128: #define SYSTR_POLICY_MODIFY 3
! 129:
! 130: struct systrace_policy {
! 131: int strp_op;
! 132: int strp_num;
! 133: union {
! 134: struct {
! 135: short code;
! 136: short policy;
! 137: } assign;
! 138: pid_t pid;
! 139: int maxents;
! 140: } strp_data;
! 141: };
! 142:
! 143: #define strp_pid strp_data.pid
! 144: #define strp_maxents strp_data.maxents
! 145: #define strp_code strp_data.assign.code
! 146: #define strp_policy strp_data.assign.policy
! 147:
! 148: #define SYSTR_NOLINKS 1
! 149:
! 150: struct systrace_replace {
! 151: pid_t strr_pid;
! 152: u_int16_t strr_seqnr;
! 153: int16_t reserved;
! 154: int strr_nrepl;
! 155: caddr_t strr_base; /* Base memory */
! 156: size_t strr_len; /* Length of memory */
! 157: int strr_argind[SYSTR_MAXARGS];
! 158: size_t strr_off[SYSTR_MAXARGS];
! 159: size_t strr_offlen[SYSTR_MAXARGS];
! 160: int32_t strr_flags[SYSTR_MAXARGS];
! 161: };
! 162:
! 163: struct systrace_inject {
! 164: /* On return, this contains the stackgap address. */
! 165: caddr_t stri_addr;
! 166: size_t stri_len;
! 167: pid_t stri_pid;
! 168: };
! 169:
! 170: #define STRIOCCLONE _IOR('s', 100, int)
! 171: #define SYSTR_CLONE STRIOCCLONE
! 172: #define STRIOCATTACH _IOW('s', 101, pid_t)
! 173: #define STRIOCDETACH _IOW('s', 102, pid_t)
! 174: #define STRIOCANSWER _IOW('s', 103, struct systrace_answer)
! 175: #define STRIOCIO _IOWR('s', 104, struct systrace_io)
! 176: #define STRIOCPOLICY _IOWR('s', 105, struct systrace_policy)
! 177: #define STRIOCGETCWD _IOW('s', 106, pid_t)
! 178: #define STRIOCRESCWD _IO('s', 107)
! 179: #define STRIOCREPORT _IOW('s', 108, pid_t)
! 180: #define STRIOCREPLACE _IOW('s', 109, struct systrace_replace)
! 181: #define STRIOCSCRIPTNAME _IOW('s', 110, struct systrace_scriptname)
! 182: #define STRIOCINJECT _IOWR('s', 111, struct systrace_inject)
! 183:
! 184: #define SYSTR_POLICY_ASK 0
! 185: #define SYSTR_POLICY_PERMIT 1
! 186: #define SYSTR_POLICY_NEVER 2
! 187:
! 188: #define SYSTR_FLAGS_RESULT 0x001
! 189: #define SYSTR_FLAGS_SETEUID 0x002
! 190: #define SYSTR_FLAGS_SETEGID 0x004
! 191:
! 192: #ifdef _KERNEL
! 193: #include <sys/namei.h>
! 194:
! 195: struct str_process;
! 196: struct fsystrace {
! 197: struct rwlock lock;
! 198: struct selinfo si;
! 199:
! 200: TAILQ_HEAD(strprocessq, str_process) processes;
! 201: int nprocesses;
! 202:
! 203: TAILQ_HEAD(strpolicyq, str_policy) policies;
! 204:
! 205: struct strprocessq messages;
! 206:
! 207: int npolicynr;
! 208: int npolicies;
! 209:
! 210: int issuser;
! 211: uid_t p_ruid;
! 212: gid_t p_rgid;
! 213:
! 214: /* cwd magic */
! 215: pid_t fd_pid;
! 216: struct vnode *fd_cdir;
! 217: struct vnode *fd_rdir;
! 218: };
! 219:
! 220: /* Internal prototypes */
! 221:
! 222: void systrace_namei(struct nameidata *);
! 223: int systrace_redirect(int, struct proc *, void *, register_t *);
! 224: void systrace_exit(struct proc *);
! 225: void systrace_fork(struct proc *, struct proc *);
! 226: void systrace_execve0(struct proc *);
! 227: void systrace_execve1(char *, struct proc *);
! 228: int systrace_scriptname(struct proc *, char *);
! 229:
! 230: #endif /* _KERNEL */
! 231: #endif /* _SYSTRACE_H_ */
CVSweb