LCOV - code coverage report
Current view: top level - include/linux - seccomp.h (source / functions) Hit Total Coverage
Test: coverage.info Lines: 0 3 0.0 %
Date: 2023-07-19 18:55:55 Functions: 0 1 0.0 % 

          Line data    Source code
       1             : /* SPDX-License-Identifier: GPL-2.0 */
       2             : #ifndef _LINUX_SECCOMP_H
       3             : #define _LINUX_SECCOMP_H
       4             : 
       5             : #include <uapi/linux/seccomp.h>
       6             : 
       7             : #define SECCOMP_FILTER_FLAG_MASK        (SECCOMP_FILTER_FLAG_TSYNC | \
       8             :                                          SECCOMP_FILTER_FLAG_LOG | \
       9             :                                          SECCOMP_FILTER_FLAG_SPEC_ALLOW | \
      10             :                                          SECCOMP_FILTER_FLAG_NEW_LISTENER | \
      11             :                                          SECCOMP_FILTER_FLAG_TSYNC_ESRCH | \
      12             :                                          SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV)
      13             : 
      14             : /* sizeof() the first published struct seccomp_notif_addfd */
      15             : #define SECCOMP_NOTIFY_ADDFD_SIZE_VER0 24
      16             : #define SECCOMP_NOTIFY_ADDFD_SIZE_LATEST SECCOMP_NOTIFY_ADDFD_SIZE_VER0
      17             : 
      18             : #ifdef CONFIG_SECCOMP
      19             : 
      20             : #include <linux/thread_info.h>
      21             : #include <linux/atomic.h>
      22             : #include <asm/seccomp.h>
      23             : 
      24             : struct seccomp_filter;
      25             : /**
      26             :  * struct seccomp - the state of a seccomp'ed process
      27             :  *
      28             :  * @mode:  indicates one of the valid values above for controlled
      29             :  *         system calls available to a process.
      30             :  * @filter_count: number of seccomp filters
      31             :  * @filter: must always point to a valid seccomp-filter or NULL as it is
      32             :  *          accessed without locking during system call entry.
      33             :  *
      34             :  *          @filter must only be accessed from the context of current as there
      35             :  *          is no read locking.
      36             :  */
      37             : struct seccomp {
      38             :         int mode;
      39             :         atomic_t filter_count;
      40             :         struct seccomp_filter *filter;
      41             : };
      42             : 
      43             : #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
      44             : extern int __secure_computing(const struct seccomp_data *sd);
      45           0 : static inline int secure_computing(void)
      46             : {
      47           0 :         if (unlikely(test_syscall_work(SECCOMP)))
      48           0 :                 return  __secure_computing(NULL);
      49             :         return 0;
      50             : }
      51             : #else
      52             : extern void secure_computing_strict(int this_syscall);
      53             : #endif
      54             : 
      55             : extern long prctl_get_seccomp(void);
      56             : extern long prctl_set_seccomp(unsigned long, void __user *);
      57             : 
      58             : static inline int seccomp_mode(struct seccomp *s)
      59             : {
      60             :         return s->mode;
      61             : }
      62             : 
      63             : #else /* CONFIG_SECCOMP */
      64             : 
      65             : #include <linux/errno.h>
      66             : 
      67             : struct seccomp { };
      68             : struct seccomp_filter { };
      69             : struct seccomp_data;
      70             : 
      71             : #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
      72             : static inline int secure_computing(void) { return 0; }
      73             : static inline int __secure_computing(const struct seccomp_data *sd) { return 0; }
      74             : #else
      75             : static inline void secure_computing_strict(int this_syscall) { return; }
      76             : #endif
      77             : 
      78             : static inline long prctl_get_seccomp(void)
      79             : {
      80             :         return -EINVAL;
      81             : }
      82             : 
      83             : static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3)
      84             : {
      85             :         return -EINVAL;
      86             : }
      87             : 
      88             : static inline int seccomp_mode(struct seccomp *s)
      89             : {
      90             :         return SECCOMP_MODE_DISABLED;
      91             : }
      92             : #endif /* CONFIG_SECCOMP */
      93             : 
      94             : #ifdef CONFIG_SECCOMP_FILTER
      95             : extern void seccomp_filter_release(struct task_struct *tsk);
      96             : extern void get_seccomp_filter(struct task_struct *tsk);
      97             : #else  /* CONFIG_SECCOMP_FILTER */
      98             : static inline void seccomp_filter_release(struct task_struct *tsk)
      99             : {
     100             :         return;
     101             : }
     102             : static inline void get_seccomp_filter(struct task_struct *tsk)
     103             : {
     104             :         return;
     105             : }
     106             : #endif /* CONFIG_SECCOMP_FILTER */
     107             : 
     108             : #if defined(CONFIG_SECCOMP_FILTER) && defined(CONFIG_CHECKPOINT_RESTORE)
     109             : extern long seccomp_get_filter(struct task_struct *task,
     110             :                                unsigned long filter_off, void __user *data);
     111             : extern long seccomp_get_metadata(struct task_struct *task,
     112             :                                  unsigned long filter_off, void __user *data);
     113             : #else
     114             : static inline long seccomp_get_filter(struct task_struct *task,
     115             :                                       unsigned long n, void __user *data)
     116             : {
     117             :         return -EINVAL;
     118             : }
     119             : static inline long seccomp_get_metadata(struct task_struct *task,
     120             :                                         unsigned long filter_off,
     121             :                                         void __user *data)
     122             : {
     123             :         return -EINVAL;
     124             : }
     125             : #endif /* CONFIG_SECCOMP_FILTER && CONFIG_CHECKPOINT_RESTORE */
     126             : 
     127             : #ifdef CONFIG_SECCOMP_CACHE_DEBUG
     128             : struct seq_file;
     129             : 
     130             : int proc_pid_seccomp_cache(struct seq_file *m, struct pid_namespace *ns,
     131             :                            struct pid *pid, struct task_struct *task);
     132             : #endif
     133             : #endif /* _LINUX_SECCOMP_H */

Generated by: LCOV version 1.14