• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #ifndef _LINUX_SECCOMP_H
2 #define _LINUX_SECCOMP_H
3 
4 #include <uapi/linux/seccomp.h>
5 
6 #define SECCOMP_FILTER_FLAG_MASK	(SECCOMP_FILTER_FLAG_TSYNC	| \
7 					 SECCOMP_FILTER_FLAG_SPEC_ALLOW)
8 
9 #ifdef CONFIG_SECCOMP
10 
11 #include <linux/thread_info.h>
12 #include <asm/seccomp.h>
13 
14 struct seccomp_filter;
15 /**
16  * struct seccomp - the state of a seccomp'ed process
17  *
18  * @mode:  indicates one of the valid values above for controlled
19  *         system calls available to a process.
20  * @filter: must always point to a valid seccomp-filter or NULL as it is
21  *          accessed without locking during system call entry.
22  *
23  *          @filter must only be accessed from the context of current as there
24  *          is no read locking.
25  */
26 struct seccomp {
27 	int mode;
28 	struct seccomp_filter *filter;
29 };
30 
31 #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
32 extern int __secure_computing(void);
secure_computing(void)33 static inline int secure_computing(void)
34 {
35 	if (unlikely(test_thread_flag(TIF_SECCOMP)))
36 		return  __secure_computing();
37 	return 0;
38 }
39 
40 #define SECCOMP_PHASE1_OK	0
41 #define SECCOMP_PHASE1_SKIP	1
42 
43 extern u32 seccomp_phase1(struct seccomp_data *sd);
44 int seccomp_phase2(u32 phase1_result);
45 #else
46 extern void secure_computing_strict(int this_syscall);
47 #endif
48 
49 extern long prctl_get_seccomp(void);
50 extern long prctl_set_seccomp(unsigned long, char __user *);
51 
seccomp_mode(struct seccomp * s)52 static inline int seccomp_mode(struct seccomp *s)
53 {
54 	return s->mode;
55 }
56 
57 #else /* CONFIG_SECCOMP */
58 
59 #include <linux/errno.h>
60 
61 struct seccomp { };
62 struct seccomp_filter { };
63 
64 #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
secure_computing(void)65 static inline int secure_computing(void) { return 0; }
66 #else
secure_computing_strict(int this_syscall)67 static inline void secure_computing_strict(int this_syscall) { return; }
68 #endif
69 
prctl_get_seccomp(void)70 static inline long prctl_get_seccomp(void)
71 {
72 	return -EINVAL;
73 }
74 
prctl_set_seccomp(unsigned long arg2,char __user * arg3)75 static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3)
76 {
77 	return -EINVAL;
78 }
79 
seccomp_mode(struct seccomp * s)80 static inline int seccomp_mode(struct seccomp *s)
81 {
82 	return SECCOMP_MODE_DISABLED;
83 }
84 #endif /* CONFIG_SECCOMP */
85 
86 #ifdef CONFIG_SECCOMP_FILTER
87 extern void put_seccomp_filter(struct task_struct *tsk);
88 extern void get_seccomp_filter(struct task_struct *tsk);
89 #else  /* CONFIG_SECCOMP_FILTER */
put_seccomp_filter(struct task_struct * tsk)90 static inline void put_seccomp_filter(struct task_struct *tsk)
91 {
92 	return;
93 }
get_seccomp_filter(struct task_struct * tsk)94 static inline void get_seccomp_filter(struct task_struct *tsk)
95 {
96 	return;
97 }
98 #endif /* CONFIG_SECCOMP_FILTER */
99 
100 #if defined(CONFIG_SECCOMP_FILTER) && defined(CONFIG_CHECKPOINT_RESTORE)
101 extern long seccomp_get_filter(struct task_struct *task,
102 			       unsigned long filter_off, void __user *data);
103 #else
seccomp_get_filter(struct task_struct * task,unsigned long n,void __user * data)104 static inline long seccomp_get_filter(struct task_struct *task,
105 				      unsigned long n, void __user *data)
106 {
107 	return -EINVAL;
108 }
109 #endif /* CONFIG_SECCOMP_FILTER && CONFIG_CHECKPOINT_RESTORE */
110 #endif /* _LINUX_SECCOMP_H */
111