File: /Users/paulross/dev/linux/linux-3.13/include/linux/seccomp.h

Green shading in the line number column means the source is part of the translation unit, red means it is conditionally excluded. Highlighted line numbers link to the translation unit page. Highlighted macros link to the macro page.

       1: #ifndef _LINUX_SECCOMP_H
       2: #define _LINUX_SECCOMP_H
       3: 
       4: #include <uapi/linux/seccomp.h>
       5: 
       6: #ifdef CONFIG_SECCOMP
       7: 
       8: #include <linux/thread_info.h>
       9: #include <asm/seccomp.h>
      10: 
      11: struct seccomp_filter;
      12: /**
      13:  * struct seccomp - the state of a seccomp'ed process
      14:  *
      15:  * @mode:  indicates one of the valid values above for controlled
      16:  *         system calls available to a process.
      17:  * @filter: The metadata and ruleset for determining what system calls
      18:  *          are allowed for a task.
      19:  *
      20:  *          @filter must only be accessed from the context of current as there
      21:  *          is no locking.
      22:  */
      23: struct seccomp {
      24:     int mode;
      25:     struct seccomp_filter *filter;
      26: };
      27: 
      28: extern int __secure_computing(int);
      29: static inline int secure_computing(int this_syscall)
      30: {
      31:     if (unlikely(test_thread_flag(TIF_SECCOMP)))
      32:         return  __secure_computing(this_syscall);
      33:     return 0;
      34: }
      35: 
      36: /* A wrapper for architectures supporting only SECCOMP_MODE_STRICT. */
      37: static inline void secure_computing_strict(int this_syscall)
      38: {
      39:     BUG_ON(secure_computing(this_syscall) != 0);
      40: }
      41: 
      42: extern long prctl_get_seccomp(void);
      43: extern long prctl_set_seccomp(unsigned long, char __user *);
      44: 
      45: static inline int seccomp_mode(struct seccomp *s)
      46: {
      47:     return s->mode;
      48: }
      49: 
      50: #else /* CONFIG_SECCOMP */
      51: 
      52: #include <linux/errno.h>
      53: 
      54: struct seccomp { };
      55: struct seccomp_filter { };
      56: 
      57: static inline int secure_computing(int this_syscall) { return 0; }
      58: static inline void secure_computing_strict(int this_syscall) { return; }
      59: 
      60: static inline long prctl_get_seccomp(void)
      61: {
      62:     return -EINVAL;
      63: }
      64: 
      65: static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3)
      66: {
      67:     return -EINVAL;
      68: }
      69: 
      70: static inline int seccomp_mode(struct seccomp *s)
      71: {
      72:     return 0;
      73: }
      74: #endif /* CONFIG_SECCOMP */
      75: 
      76: #ifdef CONFIG_SECCOMP_FILTER
      77: extern void put_seccomp_filter(struct task_struct *tsk);
      78: extern void get_seccomp_filter(struct task_struct *tsk);
      79: extern u32 seccomp_bpf_load(int off);
      80: #else  /* CONFIG_SECCOMP_FILTER */
      81: static inline void put_seccomp_filter(struct task_struct *tsk)
      82: {
      83:     return;
      84: }
      85: static inline void get_seccomp_filter(struct task_struct *tsk)
      86: {
      87:     return;
      88: }
      89: #endif /* CONFIG_SECCOMP_FILTER */
      90: #endif /* _LINUX_SECCOMP_H */
      91: