1#ifndef _LINUX_SECCOMP_H 2#define _LINUX_SECCOMP_H 3 4#include <uapi/linux/seccomp.h> 5 6#define SECCOMP_FILTER_FLAG_MASK (SECCOMP_FILTER_FLAG_TSYNC) 7 8#ifdef CONFIG_SECCOMP 9 10#include <linux/thread_info.h> 11#include <asm/seccomp.h> 12 13struct seccomp_filter; 14/** 15 * struct seccomp - the state of a seccomp'ed process 16 * 17 * @mode: indicates one of the valid values above for controlled 18 * system calls available to a process. 19 * @filter: must always point to a valid seccomp-filter or NULL as it is 20 * accessed without locking during system call entry. 21 * 22 * @filter must only be accessed from the context of current as there 23 * is no read locking. 24 */ 25struct seccomp { 26 int mode; 27 struct seccomp_filter *filter; 28}; 29 30#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER 31extern int __secure_computing(void); 32static inline int secure_computing(void) 33{ 34 if (unlikely(test_thread_flag(TIF_SECCOMP))) 35 return __secure_computing(); 36 return 0; 37} 38 39#define SECCOMP_PHASE1_OK 0 40#define SECCOMP_PHASE1_SKIP 1 41 42extern u32 seccomp_phase1(struct seccomp_data *sd); 43int seccomp_phase2(u32 phase1_result); 44#else 45extern void secure_computing_strict(int this_syscall); 46#endif 47 48extern long prctl_get_seccomp(void); 49extern long prctl_set_seccomp(unsigned long, char __user *); 50 51static inline int seccomp_mode(struct seccomp *s) 52{ 53 return s->mode; 54} 55 56#else /* CONFIG_SECCOMP */ 57 58#include <linux/errno.h> 59 60struct seccomp { }; 61struct seccomp_filter { }; 62 63#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER 64static inline int secure_computing(void) { return 0; } 65#else 66static inline void secure_computing_strict(int this_syscall) { return; } 67#endif 68 69static inline long prctl_get_seccomp(void) 70{ 71 return -EINVAL; 72} 73 74static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3) 75{ 76 return -EINVAL; 77} 78 79static inline int seccomp_mode(struct seccomp *s) 80{ 81 return SECCOMP_MODE_DISABLED; 82} 83#endif /* CONFIG_SECCOMP */ 84 85#ifdef CONFIG_SECCOMP_FILTER 86extern void put_seccomp_filter(struct task_struct *tsk); 87extern void get_seccomp_filter(struct task_struct *tsk); 88#else /* CONFIG_SECCOMP_FILTER */ 89static inline void put_seccomp_filter(struct task_struct *tsk) 90{ 91 return; 92} 93static inline void get_seccomp_filter(struct task_struct *tsk) 94{ 95 return; 96} 97#endif /* CONFIG_SECCOMP_FILTER */ 98 99#if defined(CONFIG_SECCOMP_FILTER) && defined(CONFIG_CHECKPOINT_RESTORE) 100extern long seccomp_get_filter(struct task_struct *task, 101 unsigned long filter_off, void __user *data); 102#else 103static inline long seccomp_get_filter(struct task_struct *task, 104 unsigned long n, void __user *data) 105{ 106 return -EINVAL; 107} 108#endif /* CONFIG_SECCOMP_FILTER && CONFIG_CHECKPOINT_RESTORE */ 109#endif /* _LINUX_SECCOMP_H */ 110