400  * NOTE: vfe is assumed to be locked for writing on entry.
404     struct veriexec_file_entry *vfe, u_char *fp)
424 	ctx = kmem_alloc(vfe->ops->context_size, KM_SLEEP);
427 	(vfe->ops->init)(ctx);
445 		(vfe->ops->update)(ctx, buf, (unsigned int) len);
451 	(vfe->ops->final)(fp, ctx);
454 	kmem_free(ctx, vfe->ops->context_size);
484     struct veriexec_file_entry *vfe, u_char *status)
486 	size_t hash_len = vfe->ops->hash_len;
492 	error = veriexec_fp_calc(l, vp, file_lock_state, vfe, digest);
497 	if (veriexec_fp_cmp(vfe->ops, vfe->fp, digest) == 0)
534 veriexec_file_report(struct veriexec_file_entry *vfe, const u_char *msg,
537 	if (vfe != NULL && vfe->filename != NULL)
538 		filename = vfe->filename;
573 	struct veriexec_file_entry *vfe;
580 #define VFE_NEEDS_EVAL(vfe) ((vfe->status == FINGERPRINT_NOTEVAL) || \
581 			     (vfe->type & VERIEXEC_UNTRUSTED))
590 	vfe = veriexec_get(vp);
592 		*vfep = vfe;
595 	if (vfe == NULL) {
617 	if (VFE_NEEDS_EVAL(vfe)) {
618 		rw_enter(&vfe->lock, RW_WRITER);
619 		if (!VFE_NEEDS_EVAL(vfe))
620 			rw_downgrade(&vfe->lock);
622 		rw_enter(&vfe->lock, RW_READER);
625 	if (VFE_NEEDS_EVAL(vfe)) {
628 		error = veriexec_fp_status(l, vp, file_lock_state, vfe, &status);
630 			veriexec_file_report(vfe, "Fingerprint calculation error.",
632 			rw_exit(&vfe->lock);
635 		vfe->status = status;
636 		rw_downgrade(&vfe->lock);
639 	if (!(vfe->type & flag)) {
640 		veriexec_file_report(vfe, "Incorrect access type.", name, l,
645 			rw_exit(&vfe->lock);
650 	switch (vfe->status) {
653 		rw_exit(&vfe->lock);
654 		veriexec_file_report(vfe, "Not-evaluated status "
662 		veriexec_file_report(vfe, "Match.", name, NULL,
669 		veriexec_file_report(vfe, "Mismatch.", name,
674 			rw_exit(&vfe->lock);
682 		rw_exit(&vfe->lock);
683 		veriexec_file_report(vfe, "Invalid status "
695 	struct veriexec_file_entry *vfe;
703 	    &vfe);
706 	if ((r  == 0) && (vfe != NULL))
707 		rw_exit(&vfe->lock);
710 		*found = (vfe != NULL) ? true : false;
721 	struct veriexec_file_entry *vfe;
728 	vfe = veriexec_get(vp);
731 	if (vfe == NULL) {
739 	veriexec_file_report(vfe, "Remove request.", pathbuf, l,
755  * XXX: nice to update vfe->filename to the new name if it's not NULL and
845 veriexec_file_free(struct veriexec_file_entry *vfe)
847 	if (vfe != NULL) {
848 		if (vfe->fp != NULL)
849 			kmem_free(vfe->fp, vfe->ops->hash_len);
850 		if (vfe->filename != NULL)
851 			kmem_free(vfe->filename, vfe->filename_len);
852 		rw_destroy(&vfe->lock);
853 		kmem_free(vfe, sizeof(*vfe));
858 veriexec_file_purge(struct veriexec_file_entry *vfe, int have_lock)
860 	if (vfe == NULL)
864 		rw_enter(&vfe->lock, RW_WRITER);
866 		VERIEXEC_RW_UPGRADE(&vfe->lock);
868 	vfe->status = FINGERPRINT_NOTEVAL;
870 		rw_exit(&vfe->lock);
872 		rw_downgrade(&vfe->lock);
876 veriexec_file_purge_cb(struct veriexec_file_entry *vfe, void *cookie)
878 	veriexec_file_purge(vfe, VERIEXEC_UNLOCKED);
1044 	struct veriexec_file_entry *vfe = NULL;
1066 	vfe = kmem_zalloc(sizeof(*vfe), KM_SLEEP);
1067 	rw_init(&vfe->lock);
1071 	if ((vfe->ops = veriexec_fpops_lookup(fp_type)) == NULL) {
1079 	    vfe->ops->hash_len) {
1086 	vfe->fp = kmem_alloc(vfe->ops->hash_len, KM_SLEEP);
1087 	memcpy(vfe->fp, prop_data_value(prop_dictionary_get(dict, "fp")),
1088 	    vfe->ops->hash_len);
1093 	if (prop_dictionary_get_uint8(dict, "entry-type", &vfe->type) == FALSE)
1094 		vfe->type = 0;
1098 		extra_flags = vfe->type & ~(VERIEXEC_DIRECT |
1107 	if (!(vfe->type & (VERIEXEC_DIRECT | VERIEXEC_INDIRECT |
1109 		vfe->type |= VERIEXEC_DIRECT;
1111 	vfe->status = FINGERPRINT_NOTEVAL;
1113 		vfe->filename = kmem_strdupsize(file, &vfe->filename_len,
1116 		vfe->filename = NULL;
1119 	    (vfe->type & VERIEXEC_UNTRUSTED)) {
1123 		    vfe, &status);
1126 		vfe->status = status;
1137 		if (vfe->type == ovfe->type &&
1138 		    vfe->status == ovfe->status &&
1139 		    vfe->ops == ovfe->ops &&
1140 		    memcmp(vfe->fp, ovfe->fp, vfe->ops->hash_len) == 0)
1151 	error = fileassoc_add(vp, veriexec_hook, vfe);
1166 		veriexec_file_free(vfe);
1214 veriexec_file_convert(struct veriexec_file_entry *vfe, prop_dictionary_t rdict)
1216 	if (vfe->filename)
1218 		    prop_string_create_copy(vfe->filename));
1219 	prop_dictionary_set_uint8(rdict, "entry-type", vfe->type);
1220 	prop_dictionary_set_uint8(rdict, "status", vfe->status);
1222 	    prop_string_create_copy(vfe->ops->type));
1224 	    prop_data_create_copy(vfe->fp, vfe->ops->hash_len));
1230 	struct veriexec_file_entry *vfe;
1234 	vfe = veriexec_get(vp);
1235 	if (vfe == NULL) {
1240 	rw_enter(&vfe->lock, RW_READER);
1241 	veriexec_file_convert(vfe, rdict);
1242 	rw_exit(&vfe->lock);
1303 	struct veriexec_file_entry *vfe = NULL;
1326 				     VERIEXEC_FILE_LOCKED, &vfe);
1333 	if ((vfe != NULL) && ((fmode & FWRITE) || (fmode & O_TRUNC))) {
1334 		veriexec_file_report(vfe, "Write access request.", path, l,
1341 			veriexec_file_purge(vfe, VERIEXEC_LOCKED);
1344 	if (vfe != NULL)
1345 		rw_exit(&vfe->lock);
1353 veriexec_file_dump(struct veriexec_file_entry *vfe, prop_array_t entries)
1358 	if (vfe->filename == NULL)
1363 	veriexec_file_convert(vfe, entry);

Indexes created Wed Jul 03 21:38:27 MDT 2024