1/* 2 * 3 * Copyright (c) 2011-2023, Juniper Networks, Inc. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28/* 29 * 30 * Definitions for the Verified Executables kernel function. 31 * 32 */ 33#ifndef _DEV_VERIEXEC_VERIEXEC_IOCTL_H 34#define _DEV_VERIEXEC_VERIEXEC_IOCTL_H 35 36#include <security/mac_veriexec/mac_veriexec.h> 37 38/* for backwards compatability */ 39struct verified_exec_params32 { 40 unsigned char flags; 41 char fp_type[VERIEXEC_FPTYPELEN]; /* type of fingerprint */ 42 char file[MAXPATHLEN]; 43 unsigned char fingerprint[32]; 44}; 45 46struct verified_exec_params { 47 unsigned char flags; 48 char fp_type[VERIEXEC_FPTYPELEN]; /* type of fingerprint */ 49 char file[MAXPATHLEN]; 50 unsigned char fingerprint[MAXFINGERPRINTLEN]; 51}; 52 53struct verified_exec_label_params { 54 struct verified_exec_params params; 55 char label[MAXLABELLEN]; 56}; 57 58#define VERIEXEC_LOAD _IOW('S', 0x1, struct verified_exec_params) 59#define VERIEXEC_ACTIVE _IO('S', 0x2) /* start checking */ 60#define VERIEXEC_ENFORCE _IO('S', 0x3) /* fail exec */ 61#define VERIEXEC_LOCK _IO('S', 0x4) /* don't allow new sigs */ 62#define VERIEXEC_DEBUG_ON _IOWR('S', 0x5, int) /* set/get debug level */ 63#define VERIEXEC_DEBUG_OFF _IO('S', 0x6) /* reset debug */ 64#define VERIEXEC_GETSTATE _IOR('S', 0x7, int) /* get state */ 65#define VERIEXEC_SIGNED_LOAD32 _IOW('S', 0x8, struct verified_exec_params32) 66#define VERIEXEC_VERIFIED_FILE _IOW('S', 0x9, int) /* fd */ 67#define VERIEXEC_GETVERSION _IOR('S', 0xa, int) /* get version */ 68#define VERIEXEC_LABEL_LOAD _IOW('S', 0xb, struct verified_exec_label_params) 69#define VERIEXEC_SIGNED_LOAD _IOW('S', 0xc, struct verified_exec_params) 70 71#define _PATH_DEV_VERIEXEC _PATH_DEV "veriexec" 72 73#endif 74