1 #ifndef _LINUX_SECCOMP_H 2 #define _LINUX_SECCOMP_H 3 4 #include <linux/compiler.h> 5 #include <linux/types.h> 6 7 8 /* Valid values for seccomp.mode and prctl(PR_SET_SECCOMP, <mode>) */ 9 #define SECCOMP_MODE_DISABLED 0 /* seccomp is not in use. */ 10 #define SECCOMP_MODE_STRICT 1 /* uses hard-coded filter. */ 11 #define SECCOMP_MODE_FILTER 2 /* uses user-supplied filter. */ 12 13 /* 14 * All BPF programs must return a 32-bit value. 15 * The bottom 16-bits are for optional return data. 16 * The upper 16-bits are ordered from least permissive values to most. 17 * 18 * The ordering ensures that a min_t() over composed return values always 19 * selects the least permissive choice. 20 */ 21 #define SECCOMP_RET_KILL 0x00000000U /* kill the task immediately */ 22 #define SECCOMP_RET_TRAP 0x00030000U /* disallow and force a SIGSYS */ 23 #define SECCOMP_RET_ERRNO 0x00050000U /* returns an errno */ 24 #define SECCOMP_RET_TRACE 0x7ff00000U /* pass to a tracer or disallow */ 25 #define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */ 26 27 /* Masks for the return value sections. */ 28 #define SECCOMP_RET_ACTION 0x7fff0000U 29 #define SECCOMP_RET_DATA 0x0000ffffU 30 31 /** 32 * struct seccomp_data - the format the BPF program executes over. 33 * @nr: the system call number 34 * @arch: indicates system call convention as an AUDIT_ARCH_* value 35 * as defined in <linux/audit.h>. 36 * @instruction_pointer: at the time of the system call. 37 * @args: up to 6 system call arguments always stored as 64-bit values 38 * regardless of the architecture. 39 */ 40 struct seccomp_data { 41 int nr; 42 __u32 arch; 43 __u64 instruction_pointer; 44 __u64 args[6]; 45 }; 46 47 #ifdef __KERNEL__ 48 #ifdef CONFIG_SECCOMP 49 50 #include <linux/thread_info.h> 51 #include <asm/seccomp.h> 52 53 struct seccomp_filter; 54 /** 55 * struct seccomp - the state of a seccomp'ed process 56 * 57 * @mode: indicates one of the valid values above for controlled 58 * system calls available to a process. 59 * @filter: The metadata and ruleset for determining what system calls 60 * are allowed for a task. 61 * 62 * @filter must only be accessed from the context of current as there 63 * is no locking. 64 */ 65 struct seccomp { 66 int mode; 67 struct seccomp_filter *filter; 68 }; 69 70 extern int __secure_computing(int); 71 static inline int secure_computing(int this_syscall) 72 { 73 if (unlikely(test_thread_flag(TIF_SECCOMP))) 74 return __secure_computing(this_syscall); 75 return 0; 76 } 77 78 /* A wrapper for architectures supporting only SECCOMP_MODE_STRICT. */ 79 static inline void secure_computing_strict(int this_syscall) 80 { 81 BUG_ON(secure_computing(this_syscall) != 0); 82 } 83 84 extern long prctl_get_seccomp(void); 85 extern long prctl_set_seccomp(unsigned long, char __user *); 86 87 static inline int seccomp_mode(struct seccomp *s) 88 { 89 return s->mode; 90 } 91 92 #else /* CONFIG_SECCOMP */ 93 94 #include <linux/errno.h> 95 96 struct seccomp { }; 97 struct seccomp_filter { }; 98 99 static inline int secure_computing(int this_syscall) { return 0; } 100 static inline void secure_computing_strict(int this_syscall) { return; } 101 102 static inline long prctl_get_seccomp(void) 103 { 104 return -EINVAL; 105 } 106 107 static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3) 108 { 109 return -EINVAL; 110 } 111 112 static inline int seccomp_mode(struct seccomp *s) 113 { 114 return 0; 115 } 116 #endif /* CONFIG_SECCOMP */ 117 118 #ifdef CONFIG_SECCOMP_FILTER 119 extern void put_seccomp_filter(struct task_struct *tsk); 120 extern void get_seccomp_filter(struct task_struct *tsk); 121 extern u32 seccomp_bpf_load(int off); 122 #else /* CONFIG_SECCOMP_FILTER */ 123 static inline void put_seccomp_filter(struct task_struct *tsk) 124 { 125 return; 126 } 127 static inline void get_seccomp_filter(struct task_struct *tsk) 128 { 129 return; 130 } 131 #endif /* CONFIG_SECCOMP_FILTER */ 132 #endif /* __KERNEL__ */ 133 #endif /* _LINUX_SECCOMP_H */ 134
