LXR linux/include/linux/seccomp.h

   1#ifndef _LINUX_SECCOMP_H
   2#define _LINUX_SECCOMP_H
   3
   4#include <uapi/linux/seccomp.h>
   5
   6#ifdef CONFIG_SECCOMP
   7
   8#include <linux/thread_info.h>
   9#include <asm/seccomp.h>
  10
  11struct seccomp_filter;
  12/**
  13 * struct seccomp - the state of a seccomp'ed process
  14 *
  15 * @mode:  indicates one of the valid values above for controlled
  16 *         system calls available to a process.
  17 * @filter: The metadata and ruleset for determining what system calls
  18 *          are allowed for a task.
  19 *
  20 *          @filter must only be accessed from the context of current as there
  21 *          is no locking.
  22 */
  23struct seccomp {
  24        int mode;
  25        struct seccomp_filter *filter;
  26};
  27
  28extern int __secure_computing(int);
  29static inline int secure_computing(int this_syscall)
  30{
  31        if (unlikely(test_thread_flag(TIF_SECCOMP)))
  32                return  __secure_computing(this_syscall);
  33        return 0;
  34}
  35
  36/* A wrapper for architectures supporting only SECCOMP_MODE_STRICT. */
  37static inline void secure_computing_strict(int this_syscall)
  38{
  39        BUG_ON(secure_computing(this_syscall) != 0);
  40}
  41
  42extern long prctl_get_seccomp(void);
  43extern long prctl_set_seccomp(unsigned long, char __user *);
  44
  45static inline int seccomp_mode(struct seccomp *s)
  46{
  47        return s->mode;
  48}
  49
  50#else /* CONFIG_SECCOMP */
  51
  52#include <linux/errno.h>
  53
  54struct seccomp { };
  55struct seccomp_filter { };
  56
  57static inline int secure_computing(int this_syscall) { return 0; }
  58static inline void secure_computing_strict(int this_syscall) { return; }
  59
  60static inline long prctl_get_seccomp(void)
  61{
  62        return -EINVAL;
  63}
  64
  65static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3)
  66{
  67        return -EINVAL;
  68}
  69
  70static inline int seccomp_mode(struct seccomp *s)
  71{
  72        return 0;
  73}
  74#endif /* CONFIG_SECCOMP */
  75
  76#ifdef CONFIG_SECCOMP_FILTER
  77extern void put_seccomp_filter(struct task_struct *tsk);
  78extern void get_seccomp_filter(struct task_struct *tsk);
  79extern u32 seccomp_bpf_load(int off);
  80#else  /* CONFIG_SECCOMP_FILTER */
  81static inline void put_seccomp_filter(struct task_struct *tsk)
  82{
  83        return;
  84}
  85static inline void get_seccomp_filter(struct task_struct *tsk)
  86{
  87        return;
  88}
  89#endif /* CONFIG_SECCOMP_FILTER */
  90#endif /* _LINUX_SECCOMP_H */
  91