linux/include/linux/seccomp.h
<<
>>
Prefs 
   1#ifndef _LINUX_SECCOMP_H
   2#define _LINUX_SECCOMP_H
   3
   4#include <uapi/linux/seccomp.h>
   5
   6#define SECCOMP_FILTER_FLAG_MASK        (SECCOMP_FILTER_FLAG_TSYNC)
   7
   8#ifdef CONFIG_SECCOMP
   9
  10#include <linux/thread_info.h>
  11#include <asm/seccomp.h>
  12
  13struct seccomp_filter;
  14/**
  15 * struct seccomp - the state of a seccomp'ed process
  16 *
  17 * @mode:  indicates one of the valid values above for controlled
  18 *         system calls available to a process.
  19 * @filter: must always point to a valid seccomp-filter or NULL as it is
  20 *          accessed without locking during system call entry.
  21 *
  22 *          @filter must only be accessed from the context of current as there
  23 *          is no read locking.
  24 */
  25struct seccomp {
  26        int mode;
  27        struct seccomp_filter *filter;
  28};
  29
  30#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
  31extern int __secure_computing(void);
  32static inline int secure_computing(void)
  33{
  34        if (unlikely(test_thread_flag(TIF_SECCOMP)))
  35                return  __secure_computing();
  36        return 0;
  37}
  38
  39#define SECCOMP_PHASE1_OK       0
  40#define SECCOMP_PHASE1_SKIP     1
  41
  42extern u32 seccomp_phase1(struct seccomp_data *sd);
  43int seccomp_phase2(u32 phase1_result);
  44#else
  45extern void secure_computing_strict(int this_syscall);
  46#endif
  47
  48extern long prctl_get_seccomp(void);
  49extern long prctl_set_seccomp(unsigned long, char __user *);
  50
  51static inline int seccomp_mode(struct seccomp *s)
  52{
  53        return s->mode;
  54}
  55
  56#else /* CONFIG_SECCOMP */
  57
  58#include <linux/errno.h>
  59
  60struct seccomp { };
  61struct seccomp_filter { };
  62
  63#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
  64static inline int secure_computing(void) { return 0; }
  65#else
  66static inline void secure_computing_strict(int this_syscall) { return; }
  67#endif
  68
  69static inline long prctl_get_seccomp(void)
  70{
  71        return -EINVAL;
  72}
  73
  74static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3)
  75{
  76        return -EINVAL;
  77}
  78
  79static inline int seccomp_mode(struct seccomp *s)
  80{
  81        return SECCOMP_MODE_DISABLED;
  82}
  83#endif /* CONFIG_SECCOMP */
  84
  85#ifdef CONFIG_SECCOMP_FILTER
  86extern void put_seccomp_filter(struct task_struct *tsk);
  87extern void get_seccomp_filter(struct task_struct *tsk);
  88#else  /* CONFIG_SECCOMP_FILTER */
  89static inline void put_seccomp_filter(struct task_struct *tsk)
  90{
  91        return;
  92}
  93static inline void get_seccomp_filter(struct task_struct *tsk)
  94{
  95        return;
  96}
  97#endif /* CONFIG_SECCOMP_FILTER */
  98
  99#if defined(CONFIG_SECCOMP_FILTER) && defined(CONFIG_CHECKPOINT_RESTORE)
 100extern long seccomp_get_filter(struct task_struct *task,
 101                               unsigned long filter_off, void __user *data);
 102#else
 103static inline long seccomp_get_filter(struct task_struct *task,
 104                                      unsigned long n, void __user *data)
 105{
 106        return -EINVAL;
 107}
 108#endif /* CONFIG_SECCOMP_FILTER && CONFIG_CHECKPOINT_RESTORE */
 109#endif /* _LINUX_SECCOMP_H */
 110
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.