tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / linux / seccomp.h
at for-next 3.2 kB view raw
1/* SPDX-License-Identifier: GPL-2.0 */ 2#ifndef _LINUX_SECCOMP_H 3#define _LINUX_SECCOMP_H 4 5#include <uapi/linux/seccomp.h> 6#include <linux/seccomp_types.h> 7 8#define SECCOMP_FILTER_FLAG_MASK (SECCOMP_FILTER_FLAG_TSYNC | \ 9 SECCOMP_FILTER_FLAG_LOG | \ 10 SECCOMP_FILTER_FLAG_SPEC_ALLOW | \ 11 SECCOMP_FILTER_FLAG_NEW_LISTENER | \ 12 SECCOMP_FILTER_FLAG_TSYNC_ESRCH | \ 13 SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV) 14 15/* sizeof() the first published struct seccomp_notif_addfd */ 16#define SECCOMP_NOTIFY_ADDFD_SIZE_VER0 24 17#define SECCOMP_NOTIFY_ADDFD_SIZE_LATEST SECCOMP_NOTIFY_ADDFD_SIZE_VER0 18 19#ifdef CONFIG_SECCOMP 20 21#include <linux/thread_info.h> 22#include <linux/atomic.h> 23#include <asm/seccomp.h> 24 25#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER 26extern int __secure_computing(const struct seccomp_data *sd); 27static inline int secure_computing(void) 28{ 29 if (unlikely(test_syscall_work(SECCOMP))) 30 return __secure_computing(NULL); 31 return 0; 32} 33#else 34extern void secure_computing_strict(int this_syscall); 35static inline int __secure_computing(const struct seccomp_data *sd) 36{ 37 secure_computing_strict(sd->nr); 38 return 0; 39} 40#endif 41 42extern long prctl_get_seccomp(void); 43extern long prctl_set_seccomp(unsigned long, void __user *); 44 45static inline int seccomp_mode(struct seccomp *s) 46{ 47 return s->mode; 48} 49 50#else /* CONFIG_SECCOMP */ 51 52#include <linux/errno.h> 53 54struct seccomp_data; 55 56#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER 57static inline int secure_computing(void) { return 0; } 58#else 59static inline void secure_computing_strict(int this_syscall) { return; } 60#endif 61static inline int __secure_computing(const struct seccomp_data *sd) { return 0; } 62 63static inline long prctl_get_seccomp(void) 64{ 65 return -EINVAL; 66} 67 68static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3) 69{ 70 return -EINVAL; 71} 72 73static inline int seccomp_mode(struct seccomp *s) 74{ 75 return SECCOMP_MODE_DISABLED; 76} 77#endif /* CONFIG_SECCOMP */ 78 79#ifdef CONFIG_SECCOMP_FILTER 80extern void seccomp_filter_release(struct task_struct *tsk); 81extern void get_seccomp_filter(struct task_struct *tsk); 82#else /* CONFIG_SECCOMP_FILTER */ 83static inline void seccomp_filter_release(struct task_struct *tsk) 84{ 85 return; 86} 87static inline void get_seccomp_filter(struct task_struct *tsk) 88{ 89 return; 90} 91#endif /* CONFIG_SECCOMP_FILTER */ 92 93#if defined(CONFIG_SECCOMP_FILTER) && defined(CONFIG_CHECKPOINT_RESTORE) 94extern long seccomp_get_filter(struct task_struct *task, 95 unsigned long filter_off, void __user *data); 96extern long seccomp_get_metadata(struct task_struct *task, 97 unsigned long filter_off, void __user *data); 98#else 99static inline long seccomp_get_filter(struct task_struct *task, 100 unsigned long n, void __user *data) 101{ 102 return -EINVAL; 103} 104static inline long seccomp_get_metadata(struct task_struct *task, 105 unsigned long filter_off, 106 void __user *data) 107{ 108 return -EINVAL; 109} 110#endif /* CONFIG_SECCOMP_FILTER && CONFIG_CHECKPOINT_RESTORE */ 111 112#ifdef CONFIG_SECCOMP_CACHE_DEBUG 113struct seq_file; 114struct pid_namespace; 115struct pid; 116 117int proc_pid_seccomp_cache(struct seq_file *m, struct pid_namespace *ns, 118 struct pid *pid, struct task_struct *task); 119#endif 120#endif /* _LINUX_SECCOMP_H */