Provide prototypes in SYNOPSIS; use only parameter names in FUNCTIONS.

share/man/man9/veriexec.9

@@ -1,4 +1,4 @@
-.\" $NetBSD: veriexec.9,v 1.22 2009/05/13 22:43:58 wiz Exp $
+.\" $NetBSD: veriexec.9,v 1.23 2010/04/13 07:14:45 jruoho Exp $
 .\"
 .\" Copyright 2006 Elad Efrat <elad@NetBSD.org>
 .\" Copyright 2006 Brett Lymn <blymn@NetBSD.org>
@@ -35,9 +35,47 @@
 .Nd in-kernel file integrity subsystem KPI
 .Sh SYNOPSIS
 .In sys/verified_exec.h
+.Ft void
+.Fn veriexec_init "void"
+.Ft bool
+.Fn veriexec_lookup "struct vnode *vp"
+.Ft int
+.Fn veriexec_verify "struct lwp *l" "struct vnode *vp" \
+"const u_char *name" "int flag" "bool *found"
+.Ft void
+.Fn veriexec_purge "struct vnode *vp"
+.Ft int
+.Fn veriexec_fpops_add "const char *fp_type" "size_t hash_len" \
+"size_t ctx_size" "veriexec_fpop_init_t init" "veriexec_fpop_update_t update" \
+"veriexec_fpop_final_t final"
+.Ft int
+.Fn veriexec_file_add "struct lwp *l" "prop_dictionary_t dict"
+.Ft int
+.Fn veriexec_file_delete "struct lwp *l" "struct vnode *vp"
+.Ft int
+.Fn veriexec_table_delete "struct lwp *l" "struct mount *mp"
+.Ft int
+.Fn veriexec_flush "struct lwp *l"
+.Ft int
+.Fn veriexec_openchk "struct lwp *l" "struct vnode *vp" \
+"const char *path" "int fmode"
+.Ft int
+.Fn veriexec_renamechk "struct lwp *l" "struct vnode *fromvp" \
+"const char *fromname" "struct vnode *tovp" "const char *toname"
+.Ft int
+.Fn veriexec_removechk "struct lwp *l" "struct vnode *vp" \
+"const char *name"
+.Ft int
+.Fn veriexec_unmountchk "struct mount *mp"
+.Ft int
+.Fn veriexec_convert "struct vnode *vp" "prop_dictionary_t rdict"
+.Ft int
+.Fn veriexec_dump "struct lwp *l" "prop_array_t rarray"
 .Sh DESCRIPTION
 .Nm
-is the KPI for
+is the
+.Tn KPI
+for
 .Em Veriexec ,
 the
 .Nx
@@ -47,26 +85,25 @@ calculation and comparison, file monitoring tables, and relevant hooks to
 enforce the
 .Em Veriexec
 policy.
+.Sh FUNCTIONS
 .Ss Core Routines
 .Bl -tag -width compact
-.It Ft void Fn veriexec_init "void"
+.It Fn veriexec_init "void"
 Initialize the
 .Em Veriexec
 subsystem.
 Called only once during system startup.
-.It Ft "bool" Fn veriexec_lookup "struct vnode *vp"
+.It Fn veriexec_lookup "vp"
 Check if
 .Ar vp
 is monitored by
-.Em Veriexec
-or not.
+.Em Veriexec .
 Returns
 .Dv true
 if it is, or
 .Dv false
 otherwise.
-.It Ft int Fn veriexec_verify "struct lwp *l" "struct vnode *vp" \
-"const u_char *name" "int flag" "bool *found"
+.It Fn veriexec_verify "l" "vp" "name" "flag" "found"
 Verifies the digital fingerprint of
 .Ar vp .
 .Ar name
@@ -94,7 +131,7 @@ is a pointer to a boolean indicating whether an entry for the file was found
 in the
 .Em Veriexec
 tables.
-.It Ft void Fn veriexec_purge "struct vnode *vp"
+.It Fn veriexec_purge "vp"
 Purge the file entry for
 .Ar vp .
 This invalidates the fingerprint so it will be evaluated next time the file
@@ -103,9 +140,8 @@ is accessed.
 .El
 .Ss Fingerprint Related Routines
 .Bl -tag -width compact
-.It Ft int Fn veriexec_fpops_add "const char *fp_type" "size_t hash_len" \
-"size_t ctx_size" "veriexec_fpop_init_t init" "veriexec_fpop_update_t update" \
-"veriexec_fpop_final_t final"
+.It Fn veriexec_fpops_add "fp_type" "hash_len" "ctx_size" \
+"init" "update" "final"
 Add support for fingerprinting algorithm
 .Ar fp_type
 with binary hash length
@@ -123,8 +159,7 @@ context.
 .El
 .Ss Table Management Routines
 .Bl -tag -width compact
-.It Ft int Fn veriexec_file_add "struct lwp *l" \
-"prop_dictionary_t dict"
+.It Fn veriexec_file_add "l" "dict"
 Add a
 .Em Veriexec
 entry for the file described by
@@ -139,25 +174,24 @@ is expected to have the following:
 .It fp-type	string	fingerprint hashing algorithm
 .It fp	data	the fingerprint
 .El
-.It Ft int Fn veriexec_file_delete "struct lwp *l" "struct vnode *vp"
+.It Fn veriexec_file_delete "l" "vp"
 Remove
 .Em Veriexec
 entry for
 .Ar vp .
-.It Ft int Fn veriexec_table_delete "struct lwp *l" "struct mount *mp"
+.It Fn veriexec_table_delete "l" "mp"
 Remove
 .Em Veriexec
 table for mount-point
 .Ar mp .
-.It Ft int Fn veriexec_flush "struct lwp *l"
+.It Fn veriexec_flush "l"
 Delete all
 .Em Veriexec
 tables.
 .El
 .Ss Hook Handlers
 .Bl -tag -width compact
-.It Ft int Fn veriexec_openchk "struct lwp *l" "struct vnode *vp" \
-"const char *path" "int fmode"
+.It Fn veriexec_openchk "l" "vp" "path" "fmode"
 Called when a file is opened.
 .Pp
 .Ar l
@@ -172,8 +206,7 @@ the file is being created.
 is the pathname for the file (not necessarily a full path), and
 .Ar fmode
 are the mode bits with which the file was opened.
-.It Ft int Fn veriexec_renamechk "struct lwp *l" "struct vnode *fromvp" \
-"const char *fromname" "struct vnode *tovp" "const char *toname"
+.It Fn veriexec_renamechk "l" "fromvp" "fromname" "tovp" "toname"
 Called when a file is renamed.
 .Pp
 .Ar fromvp
@@ -190,8 +223,7 @@ is the LWP renaming the file.
 Depending on the strict level,
 .Nm
 will either track changes appropriately or prevent the rename.
-.It Ft int Fn veriexec_removechk "struct lwp *l" "struct vnode *vp" \
-"const char *name"
+.It Fn veriexec_removechk "l" "vp" "name"
 Called when a file is removed.
 .Pp
 .Ar vp
@@ -204,14 +236,14 @@ is the LWP removing the file,
 Depending on the strict level,
 .Nm
 will either clean-up after the file or prevent its removal.
-.It Ft int Fn veriexec_unmountchk "struct mount *mp"
+.It Fn veriexec_unmountchk "mp"
 Checks if the current strict level allows
 .Ar mp
 to be unmounted.
 .El
 .Ss Miscellaneous Routines
 .Bl -tag -width compact
-.It Ft int Fn veriexec_convert "struct vnode *vp" "prop_dictionary_t rdict"
+.It Fn veriexec_convert "vp" "rdict"
 Convert
 .Em Veriexec
 entry for
@@ -243,7 +275,7 @@ If no entry was found,
 .Er ENOENT
 is returned.
 Otherwise, zero.
-.It Ft int Fn veriexec_dump "struct lwp *l" "prop_array_t rarray"
+.It Fn veriexec_dump "l" "rarray"
 Fill
 .Ar rarray
 with entries for all files monitored by