1 /**	$MirOS: src/bin/systrace/systrace.h,v 1.2 2012/12/31 20:13:33 tg Exp $ */
2 /*	$OpenBSD: systrace.h,v 1.27 2006/07/02 12:34:15 sturm Exp $	*/
3 /*
4  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. All advertising materials mentioning features or use of this software
16  *    must display the following acknowledgement:
17  *      This product includes software developed by Niels Provos.
18  * 4. The name of the author may not be used to endorse or promote products
19  *    derived from this software without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
22  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
23  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
24  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
25  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
26  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
30  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 #ifndef _SYSTRACE_H_
34 #define _SYSTRACE_H_
35 #include <sys/queue.h>
36 
37 #define _PATH_XSYSTRACE	"/usr/X11R6/bin/xsystrace"
38 
39 enum logicop { LOGIC_AND, LOGIC_OR, LOGIC_NOT, LOGIC_SINGLE };
40 
41 struct logic {
42 	enum logicop op;
43 	struct logic *left;
44 	struct logic *right;
45 	char *type;
46 	int typeoff;
47 	int flags;
48 	void *filterdata;
49 	size_t filterlen;
50 	int (*filter_match)(struct intercept_translate *, struct logic *);
51 	void *filterarg;
52 };
53 
54 #define LOGIC_NEEDEXPAND	0x01
55 
56 struct filter {
57 	TAILQ_ENTRY(filter) next;
58 	TAILQ_ENTRY(filter) policy_next;
59 
60 	char *rule;
61 	char name[32];
62 	char emulation[16];
63 	struct logic *logicroot;
64 	short match_action;
65 	int match_error;
66 	int match_flags;
67 	int match_count;	/* Number of times this filter matched */
68 
69 	struct predicate {
70 #define PREDIC_UID	0x01
71 #define PREDIC_GID	0x02
72 #define PREDIC_NEGATIVE	0x10
73 #define PREDIC_LESSER	0x20
74 #define PREDIC_GREATER	0x30
75 #define PREDIC_MASK	0x30
76 		int p_flags;
77 		uid_t p_uid;
78 		gid_t p_gid;
79 	} match_predicate;
80 
81 	struct elevate elevate;
82 };
83 
84 TAILQ_HEAD(filterq, filter);
85 
86 struct policy_syscall {
87 	SPLAY_ENTRY(policy_syscall) node;
88 
89 	char name[64];
90 	char emulation[16];
91 
92 	struct filterq flq;
93 };
94 
95 struct policy {
96 	SPLAY_ENTRY(policy) node;
97 	SPLAY_ENTRY(policy) nrnode;
98 
99 	const char *name;
100 	char emulation[16];
101 
102 	struct timespec ts_last;	/* last time we read the file */
103 
104 	SPLAY_HEAD(syscalltree, policy_syscall) pflqs;
105 
106 	int policynr;			/* in-kernel policy number */
107 	short kerneltable[INTERCEPT_MAXSYSCALLNR];
108 	int flags;
109 
110 	struct filterq filters;
111 	int nfilters;			/* nr of installed policy statements */
112 	struct filterq prefilters;	/* filters we need to install*/
113 };
114 
115 struct template {
116 	TAILQ_ENTRY(template) next;
117 
118 	char *filename;
119 	char *name;
120 	char *description;
121 
122 	char *emulation;
123 };
124 
125 TAILQ_HEAD(tmplqueue, template);
126 
127 #define POLICY_PATH		"/etc/systrace"
128 
129 #define POLICY_UNSUPERVISED	0x01	/* Auto-Pilot */
130 #define POLICY_DETACHED		0x02	/* Ignore this program */
131 #define POLICY_CHANGED		0x04
132 
133 #define PROCESS_INHERIT_POLICY	0x01	/* Process inherits policy */
134 #define PROCESS_DETACH		0x02	/* Process gets detached */
135 #define SYSCALL_LOG		0x04	/* Log this system call */
136 #define PROCESS_PROMPT		0x08	/* Prompt but nothing else */
137 
138 #define SYSTRACE_UPDATETIME	30	/* update policies every 30 seconds */
139 
140 void systrace_parameters(void);
141 int systrace_initpolicy(char *, char *);
142 void systrace_setupdir(char *);
143 struct template *systrace_readtemplate(char *, struct policy *,
144     struct template *);
145 void systrace_initcb(void);
146 struct policy *systrace_newpolicy(const char *, const char *);
147 void systrace_cleanpolicy(struct policy *);
148 void systrace_freepolicy(struct policy *);
149 int systrace_newpolicynr(int, struct policy *);
150 int systrace_modifypolicy(int, int, const char *, short);
151 struct policy *systrace_findpolicy(const char *);
152 struct policy *systrace_findpolicy_wildcard(const char *);
153 struct policy *systrace_findpolnr(int);
154 int systrace_dumppolicies(int);
155 int systrace_updatepolicies(int);
156 struct policy *systrace_readpolicy(const char *);
157 int systrace_addpolicy(const char *);
158 int systrace_updatepolicy(int fd, struct policy *policy);
159 struct filterq *systrace_policyflq(struct policy *, const char *, const char *);
160 char *systrace_getpolicyname(const char *);
161 
162 int systrace_error_translate(const char *);
163 
164 #define SYSTRACE_MAXALIAS	10
165 
166 struct systrace_alias {
167 	SPLAY_ENTRY(systrace_alias) node;
168 	TAILQ_ENTRY(systrace_alias) next;
169 
170 	char name[64];
171 	char emulation[16];
172 
173 	char aname[64];
174 	char aemul[16];
175 
176 	struct intercept_translate *arguments[SYSTRACE_MAXALIAS];
177 	int nargs;
178 
179 	struct systrace_revalias *reverse;
180 };
181 
182 int systrace_initalias(void);
183 struct systrace_alias *systrace_new_alias(const char *, const char *, char *, char *);
184 void systrace_switch_alias(const char *, const char *, char *, char *);
185 struct systrace_alias *systrace_find_alias(const char *, const char *);
186 void systrace_alias_add_trans(struct systrace_alias *,
187     struct intercept_translate *);
188 
189 struct systrace_revalias {
190 	SPLAY_ENTRY(systrace_revalias) node;
191 
192 	char name[64];
193 	char emulation[16];
194 
195 	TAILQ_HEAD(revaliasq, systrace_alias) revl;
196 };
197 
198 struct systrace_revalias *systrace_reverse(const char *, const char *);
199 struct systrace_revalias *systrace_find_reverse(const char *, const char *);
200 
201 short filter_evaluate(struct intercept_tlq *, struct filterq *,
202     struct intercept_pid *);
203 short filter_ask(int, struct intercept_tlq *, struct filterq *, int,
204     const char *, const char *, char *, short *, struct intercept_pid *);
205 void filter_free(struct filter *);
206 void filter_modifypolicy(int, int, const char *, const char *, short);
207 
208 int filter_predicate(struct intercept_pid *, struct predicate *);
209 int filter_parse_simple(char *, short *, short *);
210 int filter_parse(char *, struct filter **);
211 int filter_prepolicy(int, struct policy *);
212 char *filter_expand(char *);
213 char *filter_dynamicexpand(struct intercept_pid *, char *);
214 int filter_needexpand(char *);
215 
216 void cradle_start(char *, char *, char *);
217 
218 int parse_filter(char *, struct filter **);
219 
220 char *uid_to_name(uid_t);
221 
222 char *strrpl(char *, size_t, char *, char *);
223 
224 void make_output(char *, size_t, const char *, pid_t, pid_t, int,
225     const char *, int, const char *, const char *, int, struct intercept_tlq *,
226     struct intercept_replace *);
227 short trans_cb(int, pid_t, int, const char *, int, const char *, void *,
228     int, struct intercept_replace *, struct intercept_tlq *, void *);
229 short gen_cb(int, pid_t, int, const char *, int, const char *, void *,
230     int, void *);
231 void execres_cb(int, pid_t, int, const char *, const char *, void *);
232 void policyfree_cb(int, void *);
233 
234 extern struct intercept_translate ic_oflags;
235 extern struct intercept_translate ic_modeflags;
236 extern struct intercept_translate ic_fdt;
237 extern struct intercept_translate ic_uidt;
238 extern struct intercept_translate ic_uname;
239 extern struct intercept_translate ic_gidt;
240 extern struct intercept_translate ic_trargv;
241 extern struct intercept_translate ic_sockdom;
242 extern struct intercept_translate ic_socktype;
243 extern struct intercept_translate ic_pidname;
244 extern struct intercept_translate ic_signame;
245 extern struct intercept_translate ic_fcntlcmd;
246 extern struct intercept_translate ic_memprot;
247 extern struct intercept_translate ic_linux_memprot;
248 extern struct intercept_translate ic_fileflags;
249 
250 extern struct intercept_translate ic_linux_oflags;
251 
252 int requestor_start(char *, int);
253 
254 #endif /* _SYSTRACE_H_ */
255