1#ifndef _LINUX_SECCOMP_H 2#define _LINUX_SECCOMP_H 3 4#include <uapi/linux/seccomp.h> 5 6#ifdef CONFIG_SECCOMP 7 8#include <linux/thread_info.h> 9#include <asm/seccomp.h> 10 11struct seccomp_filter; 12/** 13 * struct seccomp - the state of a seccomp'ed process 14 * 15 * @mode: indicates one of the valid values above for controlled 16 * system calls available to a process. 17 * @filter: The metadata and ruleset for determining what system calls 18 * are allowed for a task. 19 * 20 * @filter must only be accessed from the context of current as there 21 * is no locking. 22 */ 23struct seccomp { 24 int mode; 25 struct seccomp_filter *filter; 26}; 27 28extern int __secure_computing(int); 29static inline int secure_computing(int this_syscall) 30{ 31 if (unlikely(test_thread_flag(TIF_SECCOMP))) 32 return __secure_computing(this_syscall); 33 return 0; 34} 35 36/* A wrapper for architectures supporting only SECCOMP_MODE_STRICT. */ 37static inline void secure_computing_strict(int this_syscall) 38{ 39 BUG_ON(secure_computing(this_syscall) != 0); 40} 41 42extern long prctl_get_seccomp(void); 43extern long prctl_set_seccomp(unsigned long, char __user *); 44 45static inline int seccomp_mode(struct seccomp *s) 46{ 47 return s->mode; 48} 49 50#else /* CONFIG_SECCOMP */ 51 52#include <linux/errno.h> 53 54struct seccomp { }; 55struct seccomp_filter { }; 56 57static inline int secure_computing(int this_syscall) { return 0; } 58static inline void secure_computing_strict(int this_syscall) { return; } 59 60static inline long prctl_get_seccomp(void) 61{ 62 return -EINVAL; 63} 64 65static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3) 66{ 67 return -EINVAL; 68} 69 70static inline int seccomp_mode(struct seccomp *s) 71{ 72 return 0; 73} 74#endif /* CONFIG_SECCOMP */ 75 76#ifdef CONFIG_SECCOMP_FILTER 77extern void put_seccomp_filter(struct task_struct *tsk); 78extern void get_seccomp_filter(struct task_struct *tsk); 79#else /* CONFIG_SECCOMP_FILTER */ 80static inline void put_seccomp_filter(struct task_struct *tsk) 81{ 82 return; 83} 84static inline void get_seccomp_filter(struct task_struct *tsk) 85{ 86 return; 87} 88#endif /* CONFIG_SECCOMP_FILTER */ 89#endif /* _LINUX_SECCOMP_H */ 90