include/linux/seccomp.h at v4.14-rc7 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / include / linux / seccomp.h
at v4.14-rc7 104 lines 2.6 kB view raw
  1#ifndef _LINUX_SECCOMP_H
  2#define _LINUX_SECCOMP_H
  3
  4#include <uapi/linux/seccomp.h>
  5
  6#define SECCOMP_FILTER_FLAG_MASK	(SECCOMP_FILTER_FLAG_TSYNC | \
  7					 SECCOMP_FILTER_FLAG_LOG)
  8
  9#ifdef CONFIG_SECCOMP
 10
 11#include <linux/thread_info.h>
 12#include <asm/seccomp.h>
 13
 14struct seccomp_filter;
 15/**
 16 * struct seccomp - the state of a seccomp'ed process
 17 *
 18 * @mode:  indicates one of the valid values above for controlled
 19 *         system calls available to a process.
 20 * @filter: must always point to a valid seccomp-filter or NULL as it is
 21 *          accessed without locking during system call entry.
 22 *
 23 *          @filter must only be accessed from the context of current as there
 24 *          is no read locking.
 25 */
 26struct seccomp {
 27	int mode;
 28	struct seccomp_filter *filter;
 29};
 30
 31#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
 32extern int __secure_computing(const struct seccomp_data *sd);
 33static inline int secure_computing(const struct seccomp_data *sd)
 34{
 35	if (unlikely(test_thread_flag(TIF_SECCOMP)))
 36		return  __secure_computing(sd);
 37	return 0;
 38}
 39#else
 40extern void secure_computing_strict(int this_syscall);
 41#endif
 42
 43extern long prctl_get_seccomp(void);
 44extern long prctl_set_seccomp(unsigned long, char __user *);
 45
 46static inline int seccomp_mode(struct seccomp *s)
 47{
 48	return s->mode;
 49}
 50
 51#else /* CONFIG_SECCOMP */
 52
 53#include <linux/errno.h>
 54
 55struct seccomp { };
 56struct seccomp_filter { };
 57
 58#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
 59static inline int secure_computing(struct seccomp_data *sd) { return 0; }
 60#else
 61static inline void secure_computing_strict(int this_syscall) { return; }
 62#endif
 63
 64static inline long prctl_get_seccomp(void)
 65{
 66	return -EINVAL;
 67}
 68
 69static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3)
 70{
 71	return -EINVAL;
 72}
 73
 74static inline int seccomp_mode(struct seccomp *s)
 75{
 76	return SECCOMP_MODE_DISABLED;
 77}
 78#endif /* CONFIG_SECCOMP */
 79
 80#ifdef CONFIG_SECCOMP_FILTER
 81extern void put_seccomp_filter(struct task_struct *tsk);
 82extern void get_seccomp_filter(struct task_struct *tsk);
 83#else  /* CONFIG_SECCOMP_FILTER */
 84static inline void put_seccomp_filter(struct task_struct *tsk)
 85{
 86	return;
 87}
 88static inline void get_seccomp_filter(struct task_struct *tsk)
 89{
 90	return;
 91}
 92#endif /* CONFIG_SECCOMP_FILTER */
 93
 94#if defined(CONFIG_SECCOMP_FILTER) && defined(CONFIG_CHECKPOINT_RESTORE)
 95extern long seccomp_get_filter(struct task_struct *task,
 96			       unsigned long filter_off, void __user *data);
 97#else
 98static inline long seccomp_get_filter(struct task_struct *task,
 99				      unsigned long n, void __user *data)
100{
101	return -EINVAL;
102}
103#endif /* CONFIG_SECCOMP_FILTER && CONFIG_CHECKPOINT_RESTORE */
104#endif /* _LINUX_SECCOMP_H */