[deliverable/linux.git] / include / linux / seccomp.h

#ifndef _LINUX_SECCOMP_H
#define _LINUX_SECCOMP_H

#include <uapi/linux/seccomp.h>

#ifdef CONFIG_SECCOMP

#include <linux/thread_info.h>
#include <asm/seccomp.h>

struct seccomp_filter;
/**
 * struct seccomp - the state of a seccomp'ed process
 *
 * @mode:  indicates one of the valid values above for controlled
 *         system calls available to a process.
 * @filter: The metadata and ruleset for determining what system calls
 *          are allowed for a task.
 *
 *          @filter must only be accessed from the context of current as there
 *          is no locking.
 */
struct seccomp {
	int mode;
	struct seccomp_filter *filter;
};

extern int __secure_computing(int);
static inline int secure_computing(int this_syscall)
{
	if (unlikely(test_thread_flag(TIF_SECCOMP)))
		return  __secure_computing(this_syscall);
	return 0;
}

/* A wrapper for architectures supporting only SECCOMP_MODE_STRICT. */
static inline void secure_computing_strict(int this_syscall)
{
	BUG_ON(secure_computing(this_syscall) != 0);
}

extern long prctl_get_seccomp(void);
extern long prctl_set_seccomp(unsigned long, char __user *);

static inline int seccomp_mode(struct seccomp *s)
{
	return s->mode;
}

#else /* CONFIG_SECCOMP */

#include <linux/errno.h>

struct seccomp { };
struct seccomp_filter { };

static inline int secure_computing(int this_syscall) { return 0; }
static inline void secure_computing_strict(int this_syscall) { return; }

static inline long prctl_get_seccomp(void)
{
	return -EINVAL;
}

static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3)
{
	return -EINVAL;
}

static inline int seccomp_mode(struct seccomp *s)
{
	return 0;
}
#endif /* CONFIG_SECCOMP */

#ifdef CONFIG_SECCOMP_FILTER
extern void put_seccomp_filter(struct task_struct *tsk);
extern void get_seccomp_filter(struct task_struct *tsk);
extern u32 seccomp_bpf_load(int off);
#else  /* CONFIG_SECCOMP_FILTER */
static inline void put_seccomp_filter(struct task_struct *tsk)
{
	return;
}
static inline void get_seccomp_filter(struct task_struct *tsk)
{
	return;
}
#endif /* CONFIG_SECCOMP_FILTER */
#endif /* _LINUX_SECCOMP_H */
Commit	Line	Data
	1	#ifndef _LINUX_SECCOMP_H
	2	#define _LINUX_SECCOMP_H
	3
	4	#include <uapi/linux/seccomp.h>
	5
	6	#ifdef CONFIG_SECCOMP
	7
	8	#include <linux/thread_info.h>
	9	#include <asm/seccomp.h>
	10
	11	struct seccomp_filter;
	12	/**
	13	* struct seccomp - the state of a seccomp'ed process
	14	*
	15	* @mode: indicates one of the valid values above for controlled
	16	* system calls available to a process.
	17	* @filter: The metadata and ruleset for determining what system calls
	18	* are allowed for a task.
	19	*
	20	* @filter must only be accessed from the context of current as there
	21	* is no locking.
	22	*/
	23	struct seccomp {
	24	int mode;
	25	struct seccomp_filter *filter;
	26	};
	27
	28	extern int __secure_computing(int);
	29	static inline int secure_computing(int this_syscall)
	30	{
	31	if (unlikely(test_thread_flag(TIF_SECCOMP)))
	32	return __secure_computing(this_syscall);
	33	return 0;
	34	}
	35
	36	/* A wrapper for architectures supporting only SECCOMP_MODE_STRICT. */
	37	static inline void secure_computing_strict(int this_syscall)
	38	{
	39	BUG_ON(secure_computing(this_syscall) != 0);
	40	}
	41
	42	extern long prctl_get_seccomp(void);
	43	extern long prctl_set_seccomp(unsigned long, char __user *);
	44
	45	static inline int seccomp_mode(struct seccomp *s)
	46	{
	47	return s->mode;
	48	}
	49
	50	#else /* CONFIG_SECCOMP */
	51
	52	#include <linux/errno.h>
	53
	54	struct seccomp { };
	55	struct seccomp_filter { };
	56
	57	static inline int secure_computing(int this_syscall) { return 0; }
	58	static inline void secure_computing_strict(int this_syscall) { return; }
	59
	60	static inline long prctl_get_seccomp(void)
	61	{
	62	return -EINVAL;
	63	}
	64
	65	static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3)
	66	{
	67	return -EINVAL;
	68	}
	69
	70	static inline int seccomp_mode(struct seccomp *s)
	71	{
	72	return 0;
	73	}
	74	#endif /* CONFIG_SECCOMP */
	75
	76	#ifdef CONFIG_SECCOMP_FILTER
	77	extern void put_seccomp_filter(struct task_struct *tsk);
	78	extern void get_seccomp_filter(struct task_struct *tsk);
	79	extern u32 seccomp_bpf_load(int off);
	80	#else /* CONFIG_SECCOMP_FILTER */
	81	static inline void put_seccomp_filter(struct task_struct *tsk)
	82	{
	83	return;
	84	}
	85	static inline void get_seccomp_filter(struct task_struct *tsk)
	86	{
	87	return;
	88	}
	89	#endif /* CONFIG_SECCOMP_FILTER */
	90	#endif /* _LINUX_SECCOMP_H */