1#ifndef _LINUX_SECCOMP_H 2#define _LINUX_SECCOMP_H 3 4#include <linux/compiler.h> 5#include <linux/types.h> 6 7 8/* Valid values for seccomp.mode and prctl(PR_SET_SECCOMP, <mode>) */ 9#define SECCOMP_MODE_DISABLED 0 /* seccomp is not in use. */ 10#define SECCOMP_MODE_STRICT 1 /* uses hard-coded filter. */ 11#define SECCOMP_MODE_FILTER 2 /* uses user-supplied filter. */ 12 13/* 14 * All BPF programs must return a 32-bit value. 15 * The bottom 16-bits are for optional return data. 16 * The upper 16-bits are ordered from least permissive values to most. 17 * 18 * The ordering ensures that a min_t() over composed return values always 19 * selects the least permissive choice. 20 */ 21#define SECCOMP_RET_KILL 0x00000000U /* kill the task immediately */ 22#define SECCOMP_RET_TRAP 0x00030000U /* disallow and force a SIGSYS */ 23#define SECCOMP_RET_ERRNO 0x00050000U /* returns an errno */ 24#define SECCOMP_RET_TRACE 0x7ff00000U /* pass to a tracer or disallow */ 25#define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */ 26 27/* Masks for the return value sections. */ 28#define SECCOMP_RET_ACTION 0x7fff0000U 29#define SECCOMP_RET_DATA 0x0000ffffU 30 31/** 32 * struct seccomp_data - the format the BPF program executes over. 33 * @nr: the system call number 34 * @arch: indicates system call convention as an AUDIT_ARCH_* value 35 * as defined in <linux/audit.h>. 36 * @instruction_pointer: at the time of the system call. 37 * @args: up to 6 system call arguments always stored as 64-bit values 38 * regardless of the architecture. 39 */ 40struct seccomp_data { 41 int nr; 42 __u32 arch; 43 __u64 instruction_pointer; 44 __u64 args[6]; 45}; 46 47#ifdef __KERNEL__ 48#ifdef CONFIG_SECCOMP 49 50#include <linux/thread_info.h> 51#include <asm/seccomp.h> 52 53struct seccomp_filter; 54/** 55 * struct seccomp - the state of a seccomp'ed process 56 * 57 * @mode: indicates one of the valid values above for controlled 58 * system calls available to a process. 59 * @filter: The metadata and ruleset for determining what system calls 60 * are allowed for a task. 61 * 62 * @filter must only be accessed from the context of current as there 63 * is no locking. 64 */ 65struct seccomp { 66 int mode; 67 struct seccomp_filter *filter; 68}; 69 70extern int __secure_computing(int); 71static inline int secure_computing(int this_syscall) 72{ 73 if (unlikely(test_thread_flag(TIF_SECCOMP))) 74 return __secure_computing(this_syscall); 75 return 0; 76} 77 78/* A wrapper for architectures supporting only SECCOMP_MODE_STRICT. */ 79static inline void secure_computing_strict(int this_syscall) 80{ 81 BUG_ON(secure_computing(this_syscall) != 0); 82} 83 84extern long prctl_get_seccomp(void); 85extern long prctl_set_seccomp(unsigned long, char __user *); 86 87static inline int seccomp_mode(struct seccomp *s) 88{ 89 return s->mode; 90} 91 92#else /* CONFIG_SECCOMP */ 93 94#include <linux/errno.h> 95 96struct seccomp { }; 97struct seccomp_filter { }; 98 99static inline int secure_computing(int this_syscall) { return 0; } 100static inline void secure_computing_strict(int this_syscall) { return; } 101 102static inline long prctl_get_seccomp(void) 103{ 104 return -EINVAL; 105} 106 107static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3) 108{ 109 return -EINVAL; 110} 111 112static inline int seccomp_mode(struct seccomp *s) 113{ 114 return 0; 115} 116#endif /* CONFIG_SECCOMP */ 117 118#ifdef CONFIG_SECCOMP_FILTER 119extern void put_seccomp_filter(struct task_struct *tsk); 120extern void get_seccomp_filter(struct task_struct *tsk); 121extern u32 seccomp_bpf_load(int off); 122#else /* CONFIG_SECCOMP_FILTER */ 123static inline void put_seccomp_filter(struct task_struct *tsk) 124{ 125 return; 126} 127static inline void get_seccomp_filter(struct task_struct *tsk) 128{ 129 return; 130} 131#endif /* CONFIG_SECCOMP_FILTER */ 132#endif /* __KERNEL__ */ 133#endif /* _LINUX_SECCOMP_H */ 134