405  * NOTE: vfe is assumed to be locked for writing on entry.
409     struct veriexec_file_entry *vfe, u_char *fp)
429 	ctx = kmem_alloc(vfe->ops->context_size, KM_SLEEP);
432 	(vfe->ops->init)(ctx);
450 		(vfe->ops->update)(ctx, buf, (unsigned int) len);
456 	(vfe->ops->final)(fp, ctx);
459 	kmem_free(ctx, vfe->ops->context_size);
489     struct veriexec_file_entry *vfe, u_char *status)
491 	size_t hash_len = vfe->ops->hash_len;
497 	error = veriexec_fp_calc(l, vp, file_lock_state, vfe, digest);
502 	if (veriexec_fp_cmp(vfe->ops, vfe->fp, digest) == 0)
539 veriexec_file_report(struct veriexec_file_entry *vfe, const u_char *msg,
542 	if (vfe != NULL && vfe->filename != NULL)
543 		filename = vfe->filename;
578 	struct veriexec_file_entry *vfe;
585 #define VFE_NEEDS_EVAL(vfe) ((vfe->status == FINGERPRINT_NOTEVAL) || \
586 			     (vfe->type & VERIEXEC_UNTRUSTED))
595 	vfe = veriexec_get(vp);
597 		*vfep = vfe;
600 	if (vfe == NULL) {
622 	if (VFE_NEEDS_EVAL(vfe)) {
623 		rw_enter(&vfe->lock, RW_WRITER);
624 		if (!VFE_NEEDS_EVAL(vfe))
625 			rw_downgrade(&vfe->lock);
627 		rw_enter(&vfe->lock, RW_READER);
630 	if (VFE_NEEDS_EVAL(vfe)) {
633 		error = veriexec_fp_status(l, vp, file_lock_state, vfe, &status);
635 			veriexec_file_report(vfe, "Fingerprint calculation error.",
637 			rw_exit(&vfe->lock);
640 		vfe->status = status;
641 		rw_downgrade(&vfe->lock);
644 	if (!(vfe->type & flag)) {
645 		veriexec_file_report(vfe, "Incorrect access type.", name, l,
650 			rw_exit(&vfe->lock);
655 	switch (vfe->status) {
658 		rw_exit(&vfe->lock);
659 		veriexec_file_report(vfe, "Not-evaluated status "
667 		veriexec_file_report(vfe, "Match.", name, NULL,
674 		veriexec_file_report(vfe, "Mismatch.", name,
679 			rw_exit(&vfe->lock);
687 		rw_exit(&vfe->lock);
688 		veriexec_file_report(vfe, "Invalid status "
700 	struct veriexec_file_entry *vfe;
708 	    &vfe);
711 	if ((r  == 0) && (vfe != NULL))
712 		rw_exit(&vfe->lock);
715 		*found = (vfe != NULL) ? true : false;
726 	struct veriexec_file_entry *vfe;
733 	vfe = veriexec_get(vp);
736 	if (vfe == NULL) {
744 	veriexec_file_report(vfe, "Remove request.", pathbuf, l,
760  * XXX: nice to update vfe->filename to the new name if it's not NULL and
850 veriexec_file_free(struct veriexec_file_entry *vfe)
852 	if (vfe != NULL) {
853 		if (vfe->fp != NULL)
854 			kmem_free(vfe->fp, vfe->ops->hash_len);
855 		if (vfe->filename != NULL)
856 			kmem_free(vfe->filename, vfe->filename_len);
857 		rw_destroy(&vfe->lock);
858 		kmem_free(vfe, sizeof(*vfe));
863 veriexec_file_purge(struct veriexec_file_entry *vfe, int have_lock)
865 	if (vfe == NULL)
869 		rw_enter(&vfe->lock, RW_WRITER);
871 		VERIEXEC_RW_UPGRADE(&vfe->lock);
873 	vfe->status = FINGERPRINT_NOTEVAL;
875 		rw_exit(&vfe->lock);
877 		rw_downgrade(&vfe->lock);
881 veriexec_file_purge_cb(struct veriexec_file_entry *vfe, void *cookie)
883 	veriexec_file_purge(vfe, VERIEXEC_UNLOCKED);
1049 	struct veriexec_file_entry *vfe = NULL;
1071 	vfe = kmem_zalloc(sizeof(*vfe), KM_SLEEP);
1072 	rw_init(&vfe->lock);
1076 	if ((vfe->ops = veriexec_fpops_lookup(fp_type)) == NULL) {
1084 	    vfe->ops->hash_len) {
1091 	vfe->fp = kmem_alloc(vfe->ops->hash_len, KM_SLEEP);
1092 	memcpy(vfe->fp, prop_data_value(prop_dictionary_get(dict, "fp")),
1093 	    vfe->ops->hash_len);
1098 	if (prop_dictionary_get_uint8(dict, "entry-type", &vfe->type) == FALSE)
1099 		vfe->type = 0;
1103 		extra_flags = vfe->type & ~(VERIEXEC_DIRECT |
1112 	if (!(vfe->type & (VERIEXEC_DIRECT | VERIEXEC_INDIRECT |
1114 		vfe->type |= VERIEXEC_DIRECT;
1116 	vfe->status = FINGERPRINT_NOTEVAL;
1118 		vfe->filename = kmem_strdupsize(file, &vfe->filename_len,
1121 		vfe->filename = NULL;
1124 	    (vfe->type & VERIEXEC_UNTRUSTED)) {
1128 		    vfe, &status);
1131 		vfe->status = status;
1142 		if (vfe->type == ovfe->type &&
1143 		    vfe->status == ovfe->status &&
1144 		    vfe->ops == ovfe->ops &&
1145 		    memcmp(vfe->fp, ovfe->fp, vfe->ops->hash_len) == 0)
1156 	error = fileassoc_add(vp, veriexec_hook, vfe);
1171 		veriexec_file_free(vfe);
1219 veriexec_file_convert(struct veriexec_file_entry *vfe, prop_dictionary_t rdict)
1221 	if (vfe->filename)
1223 		    prop_string_create_copy(vfe->filename));
1224 	prop_dictionary_set_uint8(rdict, "entry-type", vfe->type);
1225 	prop_dictionary_set_uint8(rdict, "status", vfe->status);
1227 	    prop_string_create_copy(vfe->ops->type));
1229 	    prop_data_create_copy(vfe->fp, vfe->ops->hash_len));
1235 	struct veriexec_file_entry *vfe;
1239 	vfe = veriexec_get(vp);
1240 	if (vfe == NULL) {
1245 	rw_enter(&vfe->lock, RW_READER);
1246 	veriexec_file_convert(vfe, rdict);
1247 	rw_exit(&vfe->lock);
1308 	struct veriexec_file_entry *vfe = NULL;
1331 				     VERIEXEC_FILE_LOCKED, &vfe);
1338 	if ((vfe != NULL) && ((fmode & FWRITE) || (fmode & O_TRUNC))) {
1339 		veriexec_file_report(vfe, "Write access request.", path, l,
1346 			veriexec_file_purge(vfe, VERIEXEC_LOCKED);
1349 	if (vfe != NULL)
1350 		rw_exit(&vfe->lock);
1358 veriexec_file_dump(struct veriexec_file_entry *vfe, prop_array_t entries)
1363 	if (vfe->filename == NULL)
1368 	veriexec_file_convert(vfe, entry);

Indexes created Tue Jan 13 23:09:28 GMT 2026