Root/
1 | #ifndef _LINUX_SECCOMP_H |
2 | #define _LINUX_SECCOMP_H |
3 | |
4 | #include <uapi/linux/seccomp.h> |
5 | |
6 | #ifdef CONFIG_SECCOMP |
7 | |
8 | #include <linux/thread_info.h> |
9 | #include <asm/seccomp.h> |
10 | |
11 | struct seccomp_filter; |
12 | /** |
13 | * struct seccomp - the state of a seccomp'ed process |
14 | * |
15 | * @mode: indicates one of the valid values above for controlled |
16 | * system calls available to a process. |
17 | * @filter: The metadata and ruleset for determining what system calls |
18 | * are allowed for a task. |
19 | * |
20 | * @filter must only be accessed from the context of current as there |
21 | * is no locking. |
22 | */ |
23 | struct seccomp { |
24 | int mode; |
25 | struct seccomp_filter *filter; |
26 | }; |
27 | |
28 | extern int __secure_computing(int); |
29 | static inline int secure_computing(int this_syscall) |
30 | { |
31 | if (unlikely(test_thread_flag(TIF_SECCOMP))) |
32 | return __secure_computing(this_syscall); |
33 | return 0; |
34 | } |
35 | |
36 | /* A wrapper for architectures supporting only SECCOMP_MODE_STRICT. */ |
37 | static inline void secure_computing_strict(int this_syscall) |
38 | { |
39 | BUG_ON(secure_computing(this_syscall) != 0); |
40 | } |
41 | |
42 | extern long prctl_get_seccomp(void); |
43 | extern long prctl_set_seccomp(unsigned long, char __user *); |
44 | |
45 | static inline int seccomp_mode(struct seccomp *s) |
46 | { |
47 | return s->mode; |
48 | } |
49 | |
50 | #else /* CONFIG_SECCOMP */ |
51 | |
52 | #include <linux/errno.h> |
53 | |
54 | struct seccomp { }; |
55 | struct seccomp_filter { }; |
56 | |
57 | static inline int secure_computing(int this_syscall) { return 0; } |
58 | static inline void secure_computing_strict(int this_syscall) { return; } |
59 | |
60 | static inline long prctl_get_seccomp(void) |
61 | { |
62 | return -EINVAL; |
63 | } |
64 | |
65 | static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3) |
66 | { |
67 | return -EINVAL; |
68 | } |
69 | |
70 | static inline int seccomp_mode(struct seccomp *s) |
71 | { |
72 | return 0; |
73 | } |
74 | #endif /* CONFIG_SECCOMP */ |
75 | |
76 | #ifdef CONFIG_SECCOMP_FILTER |
77 | extern void put_seccomp_filter(struct task_struct *tsk); |
78 | extern void get_seccomp_filter(struct task_struct *tsk); |
79 | extern u32 seccomp_bpf_load(int off); |
80 | #else /* CONFIG_SECCOMP_FILTER */ |
81 | static inline void put_seccomp_filter(struct task_struct *tsk) |
82 | { |
83 | return; |
84 | } |
85 | static inline void get_seccomp_filter(struct task_struct *tsk) |
86 | { |
87 | return; |
88 | } |
89 | #endif /* CONFIG_SECCOMP_FILTER */ |
90 | #endif /* _LINUX_SECCOMP_H */ |
91 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9