Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
1/* SPDX-License-Identifier: GPL-2.0 */
2#ifndef _LINUX_SECCOMP_H
3#define _LINUX_SECCOMP_H
4
5#include <uapi/linux/seccomp.h>
6#include <linux/seccomp_types.h>
7
8#define SECCOMP_FILTER_FLAG_MASK (SECCOMP_FILTER_FLAG_TSYNC | \
9 SECCOMP_FILTER_FLAG_LOG | \
10 SECCOMP_FILTER_FLAG_SPEC_ALLOW | \
11 SECCOMP_FILTER_FLAG_NEW_LISTENER | \
12 SECCOMP_FILTER_FLAG_TSYNC_ESRCH | \
13 SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV)
14
15/* sizeof() the first published struct seccomp_notif_addfd */
16#define SECCOMP_NOTIFY_ADDFD_SIZE_VER0 24
17#define SECCOMP_NOTIFY_ADDFD_SIZE_LATEST SECCOMP_NOTIFY_ADDFD_SIZE_VER0
18
19#ifdef CONFIG_SECCOMP
20
21#include <linux/thread_info.h>
22#include <linux/atomic.h>
23#include <asm/seccomp.h>
24
25extern int __secure_computing(void);
26
27#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
28static inline int secure_computing(void)
29{
30 if (unlikely(test_syscall_work(SECCOMP)))
31 return __secure_computing();
32 return 0;
33}
34#else
35extern void secure_computing_strict(int this_syscall);
36#endif
37
38extern long prctl_get_seccomp(void);
39extern long prctl_set_seccomp(unsigned long, void __user *);
40
41static inline int seccomp_mode(struct seccomp *s)
42{
43 return s->mode;
44}
45
46#else /* CONFIG_SECCOMP */
47
48#include <linux/errno.h>
49
50struct seccomp_data;
51
52#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
53static inline int secure_computing(void) { return 0; }
54#else
55static inline void secure_computing_strict(int this_syscall) { return; }
56#endif
57static inline int __secure_computing(void) { return 0; }
58
59static inline long prctl_get_seccomp(void)
60{
61 return -EINVAL;
62}
63
64static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3)
65{
66 return -EINVAL;
67}
68
69static inline int seccomp_mode(struct seccomp *s)
70{
71 return SECCOMP_MODE_DISABLED;
72}
73#endif /* CONFIG_SECCOMP */
74
75#ifdef CONFIG_SECCOMP_FILTER
76extern void seccomp_filter_release(struct task_struct *tsk);
77extern void get_seccomp_filter(struct task_struct *tsk);
78#else /* CONFIG_SECCOMP_FILTER */
79static inline void seccomp_filter_release(struct task_struct *tsk)
80{
81 return;
82}
83static inline void get_seccomp_filter(struct task_struct *tsk)
84{
85 return;
86}
87#endif /* CONFIG_SECCOMP_FILTER */
88
89#if defined(CONFIG_SECCOMP_FILTER) && defined(CONFIG_CHECKPOINT_RESTORE)
90extern long seccomp_get_filter(struct task_struct *task,
91 unsigned long filter_off, void __user *data);
92extern long seccomp_get_metadata(struct task_struct *task,
93 unsigned long filter_off, void __user *data);
94#else
95static inline long seccomp_get_filter(struct task_struct *task,
96 unsigned long n, void __user *data)
97{
98 return -EINVAL;
99}
100static inline long seccomp_get_metadata(struct task_struct *task,
101 unsigned long filter_off,
102 void __user *data)
103{
104 return -EINVAL;
105}
106#endif /* CONFIG_SECCOMP_FILTER && CONFIG_CHECKPOINT_RESTORE */
107
108#ifdef CONFIG_SECCOMP_CACHE_DEBUG
109struct seq_file;
110struct pid_namespace;
111struct pid;
112
113int proc_pid_seccomp_cache(struct seq_file *m, struct pid_namespace *ns,
114 struct pid *pid, struct task_struct *task);
115#endif
116#endif /* _LINUX_SECCOMP_H */