Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | #ifndef _LINUX_SECCOMP_H |
2 | #define _LINUX_SECCOMP_H | |
3 | ||
607ca46e | 4 | #include <uapi/linux/seccomp.h> |
e2cfabdf | 5 | |
1da177e4 LT |
6 | #ifdef CONFIG_SECCOMP |
7 | ||
1da177e4 LT |
8 | #include <linux/thread_info.h> |
9 | #include <asm/seccomp.h> | |
10 | ||
e2cfabdf WD |
11 | struct seccomp_filter; |
12 | /** | |
13 | * struct seccomp - the state of a seccomp'ed process | |
14 | * | |
15 | * @mode: indicates one of the valid values above for controlled | |
16 | * system calls available to a process. | |
17 | * @filter: The metadata and ruleset for determining what system calls | |
18 | * are allowed for a task. | |
19 | * | |
20 | * @filter must only be accessed from the context of current as there | |
21 | * is no locking. | |
22 | */ | |
932ecebb WD |
23 | struct seccomp { |
24 | int mode; | |
e2cfabdf | 25 | struct seccomp_filter *filter; |
932ecebb | 26 | }; |
1da177e4 | 27 | |
acf3b2c7 WD |
28 | extern int __secure_computing(int); |
29 | static inline int secure_computing(int this_syscall) | |
1da177e4 LT |
30 | { |
31 | if (unlikely(test_thread_flag(TIF_SECCOMP))) | |
acf3b2c7 WD |
32 | return __secure_computing(this_syscall); |
33 | return 0; | |
1da177e4 LT |
34 | } |
35 | ||
e4da89d0 WD |
36 | /* A wrapper for architectures supporting only SECCOMP_MODE_STRICT. */ |
37 | static inline void secure_computing_strict(int this_syscall) | |
38 | { | |
39 | BUG_ON(secure_computing(this_syscall) != 0); | |
40 | } | |
41 | ||
1d9d02fe | 42 | extern long prctl_get_seccomp(void); |
e2cfabdf | 43 | extern long prctl_set_seccomp(unsigned long, char __user *); |
1d9d02fe | 44 | |
932ecebb | 45 | static inline int seccomp_mode(struct seccomp *s) |
5cec93c2 AL |
46 | { |
47 | return s->mode; | |
48 | } | |
49 | ||
1da177e4 LT |
50 | #else /* CONFIG_SECCOMP */ |
51 | ||
42a17ad2 RB |
52 | #include <linux/errno.h> |
53 | ||
932ecebb | 54 | struct seccomp { }; |
e2cfabdf | 55 | struct seccomp_filter { }; |
1da177e4 | 56 | |
b1fa650c | 57 | static inline int secure_computing(int this_syscall) { return 0; } |
e4da89d0 | 58 | static inline void secure_computing_strict(int this_syscall) { return; } |
1da177e4 | 59 | |
1d9d02fe AA |
60 | static inline long prctl_get_seccomp(void) |
61 | { | |
62 | return -EINVAL; | |
63 | } | |
64 | ||
e2cfabdf | 65 | static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3) |
1d9d02fe AA |
66 | { |
67 | return -EINVAL; | |
68 | } | |
69 | ||
932ecebb | 70 | static inline int seccomp_mode(struct seccomp *s) |
5cec93c2 AL |
71 | { |
72 | return 0; | |
73 | } | |
1da177e4 LT |
74 | #endif /* CONFIG_SECCOMP */ |
75 | ||
e2cfabdf WD |
76 | #ifdef CONFIG_SECCOMP_FILTER |
77 | extern void put_seccomp_filter(struct task_struct *tsk); | |
78 | extern void get_seccomp_filter(struct task_struct *tsk); | |
e2cfabdf WD |
79 | #else /* CONFIG_SECCOMP_FILTER */ |
80 | static inline void put_seccomp_filter(struct task_struct *tsk) | |
81 | { | |
82 | return; | |
83 | } | |
84 | static inline void get_seccomp_filter(struct task_struct *tsk) | |
85 | { | |
86 | return; | |
87 | } | |
88 | #endif /* CONFIG_SECCOMP_FILTER */ | |
1da177e4 | 89 | #endif /* _LINUX_SECCOMP_H */ |