Page MenuHomeFreeBSD
Differential D30962 Diff 91571 sys/security/mac_veriexec_parser/mac_veriexec_parser.c

Changeset View

Standalone View

View Options

sys/security/mac_veriexec_parser/mac_veriexec_parser.c

Show First 20 LinesShow All 59 Lines▼ Show 20 Lines
static const struct fingerprint_type fp_table[] = { static const struct fingerprint_type fp_table[] = {
{"sha256=", SHA256_DIGEST_LENGTH}, {"sha256=", SHA256_DIGEST_LENGTH},
#if MAXFINGERPRINTLEN >= SHA384_DIGEST_LENGTH #if MAXFINGERPRINTLEN >= SHA384_DIGEST_LENGTH
{"sha384=", SHA384_DIGEST_LENGTH}, {"sha384=", SHA384_DIGEST_LENGTH},
#endif #endif
#if MAXFINGERPRINTLEN >= SHA512_DIGEST_LENGTH #if MAXFINGERPRINTLEN >= SHA512_DIGEST_LENGTH
{"sha512=", SHA512_DIGEST_LENGTH}, {"sha512=", SHA512_DIGEST_LENGTH},
#endif #endif
{"no_hash", 0},
{NULL, 0} {NULL, 0}
}; };
static const struct fp_flag flags_table[] = { static const struct fp_flag flags_table[] = {
{"indirect", VERIEXEC_INDIRECT}, {"indirect", VERIEXEC_INDIRECT},
{"no_ptrace", VERIEXEC_NOTRACE}, {"no_ptrace", VERIEXEC_NOTRACE},
{"trusted", VERIEXEC_TRUSTED}, {"trusted", VERIEXEC_TRUSTED},
{"no_fips", VERIEXEC_NOFIPS}, {"no_fips", VERIEXEC_NOFIPS},
▲ Show 20 LinesShow All 116 Lines▼ Show 20 Lines if (fp_type != NULL) {
*/ */
if (*delimiter == ' ' && flags != NULL) if (*delimiter == ' ' && flags != NULL)
*flags = get_flags(delimiter); *flags = get_flags(delimiter);
/* /*
* Split entry into three parts: * Split entry into three parts:
* path, fp_type and digest. * path, fp_type and digest.
*/ */
if (local_digest[-1] == '=')
local_digest[-1] = '\0'; local_digest[-1] = '\0';
*delimiter = '\0'; *delimiter = '\0';
fp_type[-1] = '\0'; fp_type[-1] = '\0';
break; break;
} }
} }
if (fp_type == NULL) if (fp_type == NULL)
return (EINVAL); return (EINVAL);
▲ Show 20 LinesShow All 117 Lines▼ Show 20 Linesparse_entry(char *entry, char *prefix)
fp_type = NULL; fp_type = NULL;
digest = NULL; digest = NULL;
flags = 0; flags = 0;
rc = get_fp(entry, &fp_type, &digest, &flags); rc = get_fp(entry, &fp_type, &digest, &flags);
if (rc != 0) if (rc != 0)
return (rc); return (rc);
if (strcmp(fp_type, "no_hash") == 0)
return (0);
rc = hexstring_to_bin(digest); rc = hexstring_to_bin(digest);
if (rc != 0) if (rc != 0)
return (rc); return (rc);
if (strnlen(entry, MAXPATHLEN) == MAXPATHLEN) if (strnlen(entry, MAXPATHLEN) == MAXPATHLEN)
return (EINVAL); return (EINVAL);
/* If the path is not absolute prepend it with a prefix */ /* If the path is not absolute prepend it with a prefix */
if (prefix != NULL && entry[0] != '/') { if (prefix != NULL && entry[0] != '/') {
rc = snprintf(path, MAXPATHLEN, "%s/%s", rc = snprintf(path, MAXPATHLEN, "%s/%s",
prefix, entry); prefix, entry);
if (rc < 0) if (rc < 0)
return (-rc); return (-rc);
} else { } else {
strcpy(path, entry); strcpy(path, entry);
} }
rc = open_file(path, &nid); rc = open_file(path, &nid);
NDFREE(&nid, NDF_ONLY_PNBUF); NDFREE(&nid, NDF_ONLY_PNBUF);
if (rc != 0) if (rc != 0) {
if (rc == ENOENT) {
strlcat(path, ".gz", sizeof(path));
rc = open_file(path, &nid);
NDFREE(&nid, NDF_ONLY_PNBUF);
if (rc == 0) {
/*
* A compressed version of this entry exists.
* These can't be loaded by kldload anyway,
* so just ignore this entry.
*/
goto out;
}
rc = ENOENT;
}
return (rc); return (rc);
}
rc = VOP_GETATTR(nid.ni_vp, &va, curthread->td_ucred); rc = VOP_GETATTR(nid.ni_vp, &va, curthread->td_ucred);
if (rc != 0) if (rc != 0)
goto out; goto out;
is_exec = (va.va_mode & VEXEC); is_exec = (va.va_mode & VEXEC);
mtx_lock(&ve_mutex); mtx_lock(&ve_mutex);
▲ Show 20 LinesShow All 113 LinesShow Last 20 Lines