From 34aa6cb261351fe5118f6b9c9fb99dff7d601783 Mon Sep 17 00:00:00 2001 From: jruoho Date: Tue, 13 Apr 2010 07:14:45 +0000 Subject: [PATCH] Provide prototypes in SYNOPSIS; use only parameter names in FUNCTIONS. --- share/man/man9/veriexec.9 | 84 +++++++++++++++++++++++++++------------ 1 file changed, 58 insertions(+), 26 deletions(-) diff --git a/share/man/man9/veriexec.9 b/share/man/man9/veriexec.9 index 0389200e01f3..823a146bd91d 100644 --- a/share/man/man9/veriexec.9 +++ b/share/man/man9/veriexec.9 @@ -1,4 +1,4 @@ -.\" $NetBSD: veriexec.9,v 1.22 2009/05/13 22:43:58 wiz Exp $ +.\" $NetBSD: veriexec.9,v 1.23 2010/04/13 07:14:45 jruoho Exp $ .\" .\" Copyright 2006 Elad Efrat .\" Copyright 2006 Brett Lymn @@ -35,9 +35,47 @@ .Nd in-kernel file integrity subsystem KPI .Sh SYNOPSIS .In sys/verified_exec.h +.Ft void +.Fn veriexec_init "void" +.Ft bool +.Fn veriexec_lookup "struct vnode *vp" +.Ft int +.Fn veriexec_verify "struct lwp *l" "struct vnode *vp" \ +"const u_char *name" "int flag" "bool *found" +.Ft void +.Fn veriexec_purge "struct vnode *vp" +.Ft int +.Fn veriexec_fpops_add "const char *fp_type" "size_t hash_len" \ +"size_t ctx_size" "veriexec_fpop_init_t init" "veriexec_fpop_update_t update" \ +"veriexec_fpop_final_t final" +.Ft int +.Fn veriexec_file_add "struct lwp *l" "prop_dictionary_t dict" +.Ft int +.Fn veriexec_file_delete "struct lwp *l" "struct vnode *vp" +.Ft int +.Fn veriexec_table_delete "struct lwp *l" "struct mount *mp" +.Ft int +.Fn veriexec_flush "struct lwp *l" +.Ft int +.Fn veriexec_openchk "struct lwp *l" "struct vnode *vp" \ +"const char *path" "int fmode" +.Ft int +.Fn veriexec_renamechk "struct lwp *l" "struct vnode *fromvp" \ +"const char *fromname" "struct vnode *tovp" "const char *toname" +.Ft int +.Fn veriexec_removechk "struct lwp *l" "struct vnode *vp" \ +"const char *name" +.Ft int +.Fn veriexec_unmountchk "struct mount *mp" +.Ft int +.Fn veriexec_convert "struct vnode *vp" "prop_dictionary_t rdict" +.Ft int +.Fn veriexec_dump "struct lwp *l" "prop_array_t rarray" .Sh DESCRIPTION .Nm -is the KPI for +is the +.Tn KPI +for .Em Veriexec , the .Nx @@ -47,26 +85,25 @@ calculation and comparison, file monitoring tables, and relevant hooks to enforce the .Em Veriexec policy. +.Sh FUNCTIONS .Ss Core Routines .Bl -tag -width compact -.It Ft void Fn veriexec_init "void" +.It Fn veriexec_init "void" Initialize the .Em Veriexec subsystem. Called only once during system startup. -.It Ft "bool" Fn veriexec_lookup "struct vnode *vp" +.It Fn veriexec_lookup "vp" Check if .Ar vp is monitored by -.Em Veriexec -or not. +.Em Veriexec . Returns .Dv true if it is, or .Dv false otherwise. -.It Ft int Fn veriexec_verify "struct lwp *l" "struct vnode *vp" \ -"const u_char *name" "int flag" "bool *found" +.It Fn veriexec_verify "l" "vp" "name" "flag" "found" Verifies the digital fingerprint of .Ar vp . .Ar name @@ -94,7 +131,7 @@ is a pointer to a boolean indicating whether an entry for the file was found in the .Em Veriexec tables. -.It Ft void Fn veriexec_purge "struct vnode *vp" +.It Fn veriexec_purge "vp" Purge the file entry for .Ar vp . This invalidates the fingerprint so it will be evaluated next time the file @@ -103,9 +140,8 @@ is accessed. .El .Ss Fingerprint Related Routines .Bl -tag -width compact -.It Ft int Fn veriexec_fpops_add "const char *fp_type" "size_t hash_len" \ -"size_t ctx_size" "veriexec_fpop_init_t init" "veriexec_fpop_update_t update" \ -"veriexec_fpop_final_t final" +.It Fn veriexec_fpops_add "fp_type" "hash_len" "ctx_size" \ +"init" "update" "final" Add support for fingerprinting algorithm .Ar fp_type with binary hash length @@ -123,8 +159,7 @@ context. .El .Ss Table Management Routines .Bl -tag -width compact -.It Ft int Fn veriexec_file_add "struct lwp *l" \ -"prop_dictionary_t dict" +.It Fn veriexec_file_add "l" "dict" Add a .Em Veriexec entry for the file described by @@ -139,25 +174,24 @@ is expected to have the following: .It fp-type string fingerprint hashing algorithm .It fp data the fingerprint .El -.It Ft int Fn veriexec_file_delete "struct lwp *l" "struct vnode *vp" +.It Fn veriexec_file_delete "l" "vp" Remove .Em Veriexec entry for .Ar vp . -.It Ft int Fn veriexec_table_delete "struct lwp *l" "struct mount *mp" +.It Fn veriexec_table_delete "l" "mp" Remove .Em Veriexec table for mount-point .Ar mp . -.It Ft int Fn veriexec_flush "struct lwp *l" +.It Fn veriexec_flush "l" Delete all .Em Veriexec tables. .El .Ss Hook Handlers .Bl -tag -width compact -.It Ft int Fn veriexec_openchk "struct lwp *l" "struct vnode *vp" \ -"const char *path" "int fmode" +.It Fn veriexec_openchk "l" "vp" "path" "fmode" Called when a file is opened. .Pp .Ar l @@ -172,8 +206,7 @@ the file is being created. is the pathname for the file (not necessarily a full path), and .Ar fmode are the mode bits with which the file was opened. -.It Ft int Fn veriexec_renamechk "struct lwp *l" "struct vnode *fromvp" \ -"const char *fromname" "struct vnode *tovp" "const char *toname" +.It Fn veriexec_renamechk "l" "fromvp" "fromname" "tovp" "toname" Called when a file is renamed. .Pp .Ar fromvp @@ -190,8 +223,7 @@ is the LWP renaming the file. Depending on the strict level, .Nm will either track changes appropriately or prevent the rename. -.It Ft int Fn veriexec_removechk "struct lwp *l" "struct vnode *vp" \ -"const char *name" +.It Fn veriexec_removechk "l" "vp" "name" Called when a file is removed. .Pp .Ar vp @@ -204,14 +236,14 @@ is the LWP removing the file, Depending on the strict level, .Nm will either clean-up after the file or prevent its removal. -.It Ft int Fn veriexec_unmountchk "struct mount *mp" +.It Fn veriexec_unmountchk "mp" Checks if the current strict level allows .Ar mp to be unmounted. .El .Ss Miscellaneous Routines .Bl -tag -width compact -.It Ft int Fn veriexec_convert "struct vnode *vp" "prop_dictionary_t rdict" +.It Fn veriexec_convert "vp" "rdict" Convert .Em Veriexec entry for @@ -243,7 +275,7 @@ If no entry was found, .Er ENOENT is returned. Otherwise, zero. -.It Ft int Fn veriexec_dump "struct lwp *l" "prop_array_t rarray" +.It Fn veriexec_dump "l" "rarray" Fill .Ar rarray with entries for all files monitored by