[GitHub/mt8127/android_kernel_alcatel_ttab.git] / include / linux / seccomp.h

#ifndef _LINUX_SECCOMP_H
#define _LINUX_SECCOMP_H

#include <uapi/linux/seccomp.h>

#ifdef CONFIG_SECCOMP

#include <linux/thread_info.h>
#include <asm/seccomp.h>

struct seccomp_filter;
/**
 * struct seccomp - the state of a seccomp'ed process
 *
 * @mode:  indicates one of the valid values above for controlled
 *         system calls available to a process.
 * @filter: The metadata and ruleset for determining what system calls
 *          are allowed for a task.
 *
 *          @filter must only be accessed from the context of current as there
 *          is no locking.
 */
struct seccomp {
	int mode;
	struct seccomp_filter *filter;
};

extern int __secure_computing(int);
static inline int secure_computing(int this_syscall)
{
	if (unlikely(test_thread_flag(TIF_SECCOMP)))
		return  __secure_computing(this_syscall);
	return 0;
}

/* A wrapper for architectures supporting only SECCOMP_MODE_STRICT. */
static inline void secure_computing_strict(int this_syscall)
{
	BUG_ON(secure_computing(this_syscall) != 0);
}

extern long prctl_get_seccomp(void);
extern long prctl_set_seccomp(unsigned long, char __user *);

static inline int seccomp_mode(struct seccomp *s)
{
	return s->mode;
}

#else /* CONFIG_SECCOMP */

#include <linux/errno.h>

struct seccomp { };
struct seccomp_filter { };

static inline int secure_computing(int this_syscall) { return 0; }
static inline void secure_computing_strict(int this_syscall) { return; }

static inline long prctl_get_seccomp(void)
{
	return -EINVAL;
}

static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3)
{
	return -EINVAL;
}

static inline int seccomp_mode(struct seccomp *s)
{
	return 0;
}
#endif /* CONFIG_SECCOMP */

#ifdef CONFIG_SECCOMP_FILTER
extern void put_seccomp_filter(struct task_struct *tsk);
extern void get_seccomp_filter(struct task_struct *tsk);
extern u32 seccomp_bpf_load(int off);
#else  /* CONFIG_SECCOMP_FILTER */
static inline void put_seccomp_filter(struct task_struct *tsk)
{
	return;
}
static inline void get_seccomp_filter(struct task_struct *tsk)
{
	return;
}
#endif /* CONFIG_SECCOMP_FILTER */
#endif /* _LINUX_SECCOMP_H */
Commit	Line	Data
1da177e4 LT	1	#ifndef _LINUX_SECCOMP_H
	2	#define _LINUX_SECCOMP_H
	3
607ca46e	4	#include <uapi/linux/seccomp.h>
e2cfabdf	5
1da177e4 LT	6	#ifdef CONFIG_SECCOMP
1da177e4 LT	7
1da177e4 LT	8	#include <linux/thread_info.h>
	9	#include <asm/seccomp.h>
	10
e2cfabdf WD	11	struct seccomp_filter;
	12	/**
	13	* struct seccomp - the state of a seccomp'ed process
	14	*
	15	* @mode: indicates one of the valid values above for controlled
	16	* system calls available to a process.
	17	* @filter: The metadata and ruleset for determining what system calls
	18	* are allowed for a task.
	19	*
	20	* @filter must only be accessed from the context of current as there
	21	* is no locking.
	22	*/
932ecebb WD	23	struct seccomp {
932ecebb WD	24	int mode;
e2cfabdf	25	struct seccomp_filter *filter;
932ecebb	26	};
1da177e4	27
acf3b2c7 WD	28	extern int __secure_computing(int);
acf3b2c7 WD	29	static inline int secure_computing(int this_syscall)
1da177e4 LT	30	{
1da177e4 LT	31	if (unlikely(test_thread_flag(TIF_SECCOMP)))
acf3b2c7 WD	32	return __secure_computing(this_syscall);
acf3b2c7 WD	33	return 0;
1da177e4 LT	34	}
1da177e4 LT	35
e4da89d0 WD	36	/* A wrapper for architectures supporting only SECCOMP_MODE_STRICT. */
	37	static inline void secure_computing_strict(int this_syscall)
	38	{
	39	BUG_ON(secure_computing(this_syscall) != 0);
	40	}
	41
1d9d02fe	42	extern long prctl_get_seccomp(void);
e2cfabdf	43	extern long prctl_set_seccomp(unsigned long, char __user *);
1d9d02fe	44
932ecebb	45	static inline int seccomp_mode(struct seccomp *s)
5cec93c2 AL	46	{
	47	return s->mode;
	48	}
	49
1da177e4 LT	50	#else /* CONFIG_SECCOMP */
1da177e4 LT	51
42a17ad2 RB	52	#include <linux/errno.h>
42a17ad2 RB	53
932ecebb	54	struct seccomp { };
e2cfabdf	55	struct seccomp_filter { };
1da177e4	56
b1fa650c	57	static inline int secure_computing(int this_syscall) { return 0; }
e4da89d0	58	static inline void secure_computing_strict(int this_syscall) { return; }
1da177e4	59
1d9d02fe AA	60	static inline long prctl_get_seccomp(void)
	61	{
	62	return -EINVAL;
	63	}
	64
e2cfabdf	65	static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3)
1d9d02fe AA	66	{
	67	return -EINVAL;
	68	}
	69
932ecebb	70	static inline int seccomp_mode(struct seccomp *s)
5cec93c2 AL	71	{
	72	return 0;
	73	}
1da177e4 LT	74	#endif /* CONFIG_SECCOMP */
1da177e4 LT	75
e2cfabdf WD	76	#ifdef CONFIG_SECCOMP_FILTER
	77	extern void put_seccomp_filter(struct task_struct *tsk);
	78	extern void get_seccomp_filter(struct task_struct *tsk);
	79	extern u32 seccomp_bpf_load(int off);
	80	#else /* CONFIG_SECCOMP_FILTER */
	81	static inline void put_seccomp_filter(struct task_struct *tsk)
	82	{
	83	return;
	84	}
	85	static inline void get_seccomp_filter(struct task_struct *tsk)
	86	{
	87	return;
	88	}
	89	#endif /* CONFIG_SECCOMP_FILTER */
1da177e4	90	#endif /* _LINUX_SECCOMP_H */