summaryrefslogtreecommitdiffstats
path: root/kernel/include/linux/seccomp.h
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/include/linux/seccomp.h')
-rw-r--r--kernel/include/linux/seccomp.h98
1 files changed, 98 insertions, 0 deletions
diff --git a/kernel/include/linux/seccomp.h b/kernel/include/linux/seccomp.h
new file mode 100644
index 000000000..a19ddacda
--- /dev/null
+++ b/kernel/include/linux/seccomp.h
@@ -0,0 +1,98 @@
+#ifndef _LINUX_SECCOMP_H
+#define _LINUX_SECCOMP_H
+
+#include <uapi/linux/seccomp.h>
+
+#define SECCOMP_FILTER_FLAG_MASK (SECCOMP_FILTER_FLAG_TSYNC)
+
+#ifdef CONFIG_SECCOMP
+
+#include <linux/thread_info.h>
+#include <asm/seccomp.h>
+
+struct seccomp_filter;
+/**
+ * struct seccomp - the state of a seccomp'ed process
+ *
+ * @mode: indicates one of the valid values above for controlled
+ * system calls available to a process.
+ * @filter: must always point to a valid seccomp-filter or NULL as it is
+ * accessed without locking during system call entry.
+ *
+ * @filter must only be accessed from the context of current as there
+ * is no read locking.
+ */
+struct seccomp {
+ int mode;
+ struct seccomp_filter *filter;
+};
+
+#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
+extern int __secure_computing(void);
+static inline int secure_computing(void)
+{
+ if (unlikely(test_thread_flag(TIF_SECCOMP)))
+ return __secure_computing();
+ return 0;
+}
+
+#define SECCOMP_PHASE1_OK 0
+#define SECCOMP_PHASE1_SKIP 1
+
+extern u32 seccomp_phase1(struct seccomp_data *sd);
+int seccomp_phase2(u32 phase1_result);
+#else
+extern void secure_computing_strict(int this_syscall);
+#endif
+
+extern long prctl_get_seccomp(void);
+extern long prctl_set_seccomp(unsigned long, char __user *);
+
+static inline int seccomp_mode(struct seccomp *s)
+{
+ return s->mode;
+}
+
+#else /* CONFIG_SECCOMP */
+
+#include <linux/errno.h>
+
+struct seccomp { };
+struct seccomp_filter { };
+
+#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
+static inline int secure_computing(void) { return 0; }
+#else
+static inline void secure_computing_strict(int this_syscall) { return; }
+#endif
+
+static inline long prctl_get_seccomp(void)
+{
+ return -EINVAL;
+}
+
+static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3)
+{
+ return -EINVAL;
+}
+
+static inline int seccomp_mode(struct seccomp *s)
+{
+ return 0;
+}
+#endif /* CONFIG_SECCOMP */
+
+#ifdef CONFIG_SECCOMP_FILTER
+extern void put_seccomp_filter(struct task_struct *tsk);
+extern void get_seccomp_filter(struct task_struct *tsk);
+#else /* CONFIG_SECCOMP_FILTER */
+static inline void put_seccomp_filter(struct task_struct *tsk)
+{
+ return;
+}
+static inline void get_seccomp_filter(struct task_struct *tsk)
+{
+ return;
+}
+#endif /* CONFIG_SECCOMP_FILTER */
+#endif /* _LINUX_SECCOMP_H */