/* Medusa DS9 header file */ #ifndef _MEDUSA_H_ #define _MEDUSA_H_ #define __KERNEL__ #define _LINUX_FS_H 1 #include #undef _LINUX_FS_H // just to be sure the unsigned long type is defined ;) #include #undef __KERNEL__ #include #include #include /* extension to struct task_struct */ struct med_proc { __u32 med_vs; /* bitmap of virtual spaces (member) */ __u32 med_vs_s; /* see */ __u32 med_vs_r; /* read */ __u32 med_vs_w; /* write */ __u16 med_act; /* actions which need acknowledgement from constable */ __u16 med_iact; /* iactions which need acknowledgement from constable */ __u32 med_user; /* for free daemon use */ #ifdef CONFIG_MEDUSA_SYSCALL __u32 med_syscall[NR_syscalls / (sizeof(__u32) * 8)]; /* bitmap of syscalls, which are reported */ #endif #ifdef CONFIG_MEDUSA_FORCE void *force_code; /* code to froce or NULL, kfree */ int force_len; /* force code length */ #endif __u32 cinfo[4]; /* info for constable */ }; /* extension to struct inode */ struct med_inode { __u32 med_vs; /* bitmap of virtual spaces (member) */ __u16 med_act; /* actions which need acknowledgement from constable */ #ifdef CONFIG_MEDUSA_FILE_CAPABILITIES kernel_cap_t icap; /* support for Linux capabilities */ kernel_cap_t pcap; kernel_cap_t ecap; #endif /* CONFIG_MEDUSA_FILE_CAPABILITIES */ u_long cinfo; /* info for constable */ __u16 magic; /* whether is it actual */ }; struct iattr; #define MEDUSA_MAJOR 111 #define MP_SIZE sizeof(struct medusa_packet) #define BEGIN_VS (0xffffffff) #define ALL_VS (0xffffffff) #define NONE_VS (0x0) #define MIN_DATA_LEN 512 #define MAX_DATA_LEN 2048 #define B_SIZE sizeof(struct communication_bufffer) /* process actions * + SKIP - if answer is SKIP then operation doesn't execute but * it returns success, otherwise, SKIP does same as OK */ #define MPACT_FORK 0x0001 /* clone_flags */ #define MPACT_EXEC 0x0002 /* attempt - 0, done - 1 */ #define MPACT_EXIT 0x0004 #define MPACT_SETUID 0x0008 /* setuid, setreuid, !setgid, !setgroups ... */ #define MPACT_KILL 0x0010 /* send signal, + SKIP */ #define MPACT_SOCKET 0x0020 /* socketcall ... */ #define MPACT_PTRACE 0x0040 /* stop and send signal to be ptraced */ #define MPACT_PERM 0x0100 /* is in permission function */ #define MPACT_CH 0x0200 /* is in notify_change function */ #define MPACT_IOP 0x0400 /* it does inode operation (MIACT_) */ #define MPACT_CAP 0x0800 /* capable */ #define MPACT_MODULE 0x1000 /* create_module, init_module, delete_module */ #define MPACT_SEXEC 0x2000 /* target = new uid, inof1 = inode vs info2 =rcinfo + SKIP */ #define MPACT_START 0x4000 /* start of new process */ #define MPACT_MAY_CD 0x8000 /* temporarily, it can access all dirs */ struct m_proc_inf { int pid, parent_pid, child_pid, sibling_pid; /* older sib. */ int pgrp; unsigned short uid, euid, suid, fsuid; unsigned short gid, egid, sgid, fsgid; unsigned short luid; kernel_cap_t cap_effective, cap_inheritable, cap_permitted; struct med_proc mp; }; /* inode actions (MED_YES doesn't work with inode ops yet, it defaults to MED_OK) */ #define MIACT_ACCESS 0x0001 /* if it finds this inode, it can redirect */ #define MIACT_CREATE 0x0002 /* + SKIP */ #define MIACT_LINK 0x0004 /* + SKIP */ #define MIACT_UNLINK 0x0008 /* */ #define MIACT_SYMLINK 0x0010 /* */ #define MIACT_MKDIR 0x0020 /* */ #define MIACT_RMDIR 0x0040 /* + SKIP */ #define MIACT_MKNOD 0x0080 /* */ #define MIACT_RENAME 0x0100 /* + SKIP */ #define MIACT_READLINK 0x0200 /* !!! not yet, but can be helpful */ #define MIACT_FOLLOW 0x0400 /* !!! what for ??? */ #define MIACT_TRUNCATE 0x0800 /* + SKIP */ #define MIACT_PERMISSION 0x1000 /* + SKIP */ #define MIACT_EXEC 0x2000 /* (inode, argv,envp, path), redir */ #define MIACT_INHERIT 0x4000 /* - inherit inode attributes */ #define MIACT_VALID 0x8000 /* - information is valid */ struct m_inode_inf { #if LINUX_VERSION_CODE>=KERNEL_VERSION(2,3,0) unsigned long dev; unsigned long ino; unsigned short mode; unsigned short nlink; int uid; int gid; unsigned long rdev; struct med_inode mi; #else kdev_t dev; unsigned long ino; __kernel_mode_t mode; __kernel_nlink_t nlink; __kernel_uid_t uid; __kernel_gid_t gid; kdev_t rdev; struct med_inode mi; #endif }; /* cmd */ #define MED_VERSION 0 #define MED_IGET 1 /* Read information for inode */ struct medreq_iget { struct m_inode_inf inode; struct m_inode_inf parent; /* + name */ }; struct medans_iget { struct m_inode_inf inode; }; #define MED_IACT 2 /* Report inode action */ struct medreq_iact { __u16 pact; /* process action (0= inode action/ process action) */ __u16 act; /* sub-action which process attempts to execute */ struct m_inode_inf inode; struct m_proc_inf proc; __u32 info1; /* additional information */ __u32 info2; /* additional information */ /* + * data * (name) * */ }; struct medans_iact { struct m_proc_inf proc; /* ... ??? */ /* + redirection(pathname) */ }; #define MED_PACT 3 /* Report process action */ struct medreq_pact { __u16 act; /* action which process attempts to execute */ struct m_proc_inf proc; struct m_proc_inf target; __u32 info1; /* additional information */ __u32 info2; /* additional information */ }; struct medans_pact { struct m_proc_inf proc; }; #define MED_TRACE 4 /* Report syscall */ struct medreq_trace { __u16 syscall; /* syscall */ struct m_proc_inf proc; __u32 arg[5]; }; struct medans_trace { struct m_proc_inf proc; __u32 arg[5]; __u32 retval; /* valid only when answer is MED_NO */ }; /* commands cmd to kernel from daemon */ #define MED_RESET 0x100 #define MED_GET_PROC 0x101 #define MED_SET_PROC 0x102 #define MED_FOREACH_PROC 0x103 #define MED_FORCE 0x104 #define MED_GETSTR 0x110 #define MED_PRINTK 0x111 struct medreq_cmd { __u32 arg[8]; struct m_proc_inf proc; }; struct medans_cmd { __u32 arg[8]; struct m_proc_inf proc; }; /* answer codes */ #define MED_ERR -1 /* error */ #define MED_YES 0 /* permit operation */ #define MED_NO 1 /* forbid operation */ #define MED_SKIP 2 /* forbid operation, but return success */ #define MED_OK 3 /* permit operation, but proceed with standard system permission check if any */ struct medusa_packet { int id; int cmd; int answer; int data_len; /* kernel->daemon, daemon->kernel */ union { struct medreq_iget r_iget; struct medans_iget a_iget; struct medreq_iact r_iact; struct medans_iact a_iact; struct medreq_pact r_pact; struct medans_pact a_pact; struct medreq_trace r_trace; struct medans_trace a_trace; struct medreq_cmd r_cmd; struct medans_cmd a_cmd; } u; }; #define med_c_valid(MI) (((MI)->med_act & MIACT_VALID) ? 1 : 0) #endif /* _MEDUSA_H_ */