[src/netbsd-3]: src/sys/sys Pull up revision 1.14 (requested by elad in ticke...

[tron <tron%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/f972ef42eab9
branches:  netbsd-3
changeset: 576385:f972ef42eab9
user:      tron <tron%NetBSD.org@localhost>
date:      Sat Jul 02 15:58:17 2005 +0000

description:
Pull up revision 1.14 (requested by elad in ticket #487):
- Use more calls to veriexec_report() where possible.
- Change #ifdef VERIFIED_EXEC_VERBOSE to another verbose level, 2. Add
sysctl(3) bits.
- Simplify access type conflict handling during load. This depends on
the values of access type defines to be ordered from least to most
'strict'.

diffstat:

 sys/sys/verified_exec.h |  29 ++++++++++++-----------------
 1 files changed, 12 insertions(+), 17 deletions(-)

diffs (76 lines):

diff -r 5d6a4e7c8bc1 -r f972ef42eab9 sys/sys/verified_exec.h
--- a/sys/sys/verified_exec.h   Sat Jul 02 15:58:08 2005 +0000
+++ b/sys/sys/verified_exec.h   Sat Jul 02 15:58:17 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: verified_exec.h,v 1.6.2.6 2005/07/02 15:53:40 tron Exp $       */
+/*     $NetBSD: verified_exec.h,v 1.6.2.7 2005/07/02 15:58:17 tron Exp $       */
 
 /*-
  * Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -29,27 +29,26 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
-#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.h,v 1.6.2.6 2005/07/02 15:53:40 tron Exp $");
-
 /*
  *
  * Definitions for the Verified Executables kernel function.
  *
  */
+#ifndef _SYS_VERIFIED_EXEC_H_
+#define _SYS_VERIFIED_EXEC_H_
+
+#include <sys/cdefs.h>
 #include <sys/param.h>
 #include <sys/hash.h>
 
-#ifndef V_EXEC_H
-#define V_EXEC_H 1
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.h,v 1.6.2.7 2005/07/02 15:58:17 tron Exp $");
 
 /* Max length of the fingerprint type string, including terminating \0 char */
 #define VERIEXEC_TYPE_MAXLEN 9
 
 struct veriexec_params  {
        unsigned char type;
-       unsigned char fp_type[VERIEXEC_TYPE_MAXLEN];  /* type of fingerprint
-                                                        this is */
+       unsigned char fp_type[VERIEXEC_TYPE_MAXLEN];
        char file[MAXPATHLEN];
        unsigned int size;  /* number of bytes in the fingerprint */
        unsigned char *fingerprint;
@@ -61,7 +60,8 @@
 };
 
 /*
- * Types of veriexec inodes we can have
+ * Types of veriexec inodes we can have. Ordered from less strict to
+ * most strict -- this is enforced if a duplicate entry is loaded.
  */
 #define VERIEXEC_DIRECT                0 /* Allow direct execution */
 #define VERIEXEC_INDIRECT      1 /* Only allow indirect execution */
@@ -150,6 +150,7 @@
 /* Readable values for veriexec_report(). */
 #define        REPORT_NOVERBOSE        0
 #define        REPORT_VERBOSE          1
+#define        REPORT_VERBOSE_HIGH     2
 #define        REPORT_NOPANIC          0
 #define        REPORT_PANIC            1
 #define        REPORT_NOALARM          0
@@ -191,12 +192,6 @@
 void veriexec_report(const u_char *, const u_char *, struct vattr *,
                     struct proc *, int, int, int);
 
-#endif
+#endif /* _KERNEL */
 
-#ifdef VERIFIED_EXEC_DEBUG
-#define veriexec_dprintf(x) printf x
-#else
-#define veriexec_dprintf(x)
-#endif /* VERIFIED_EXEC_DEBUG */
-
-#endif
+#endif /* _SYS_VERIFIED_EXEC_H_ */