The veriexec pseudo-device is used to load and delete entries to and from the in-kernel Veriexec databases, as well as query information about them. It can also be used to dump the entire database.
VERIEXEC_LOADThe dictionary passed contains the following elements:
| Name Type Purpose |
| file string filename for this entry |
| entry-type uint8 entry type( see below) |
| fp-type string fingerprint hashing algorithm |
| fp data the fingerprint |
``entry-type'' can be one or more (binary-OR'd) of the following:
| Type Effect |
VERIEXEC_DIRECT can execute directly
|
VERIEXEC_INDIRECT can execute indirectly (interpreter,mmap(2))
|
VERIEXEC_FILE can be opened
|
VERIEXEC_UNTRUSTED located on untrusted storage
|
VERIEXEC_DELETEThe dictionary passed contains the following elements:
| Name Type Purpose |
| file string filename or mount-point |
VERIEXEC_DUMPOnly files that the filename is kept for them will be dumped. The returned array contains dictionaries with the following elements:
| file string filename |
| fp-type string fingerprint hashing algorithm |
| fp data the fingerprint |
| entry-type uint8 entry type( see above) |
VERIEXEC_FLUSHThis command has no parameters.
VERIEXEC_QUERYThe dictionary passed contains the following elements:
| Name Type Purpose |
| file string filename |
The dictionary returned contains the following elements:
| entry-type uint8 entry type( see above) |
| status uint8 entry status |
| fp-type string fingerprint hashing algorithm |
| fp data the fingerprint |
``status'' can be one of the following:
| Status Meaning |
FINGERPRINT_NOTEVAL not evaluated
|
FINGERPRINT_VALID fingerprint match
|
FINGERPRINT_MISMATCH fingerprint mismatch
|
Note that the requests
VERIEXEC_LOAD,
VERIEXEC_DELETE,
and
VERIEXEC_FLUSH
are not permitted once the strict level has been raised past 0.