1*49cdfc7eSAndroid Build Coastguard Worker // SPDX-License-Identifier: GPL-2.0-or-later 2*49cdfc7eSAndroid Build Coastguard Worker /* 3*49cdfc7eSAndroid Build Coastguard Worker * Copyright (c) 2019 FUJITSU LIMITED. All rights reserved. 4*49cdfc7eSAndroid Build Coastguard Worker * Author: Yang Xu <[email protected]> 5*49cdfc7eSAndroid Build Coastguard Worker */ 6*49cdfc7eSAndroid Build Coastguard Worker #ifndef LAPI_SECCOMP_H__ 7*49cdfc7eSAndroid Build Coastguard Worker #define LAPI_SECCOMP_H__ 8*49cdfc7eSAndroid Build Coastguard Worker 9*49cdfc7eSAndroid Build Coastguard Worker #include <stdint.h> 10*49cdfc7eSAndroid Build Coastguard Worker 11*49cdfc7eSAndroid Build Coastguard Worker #ifdef HAVE_LINUX_SECCOMP_H 12*49cdfc7eSAndroid Build Coastguard Worker # include <linux/seccomp.h> 13*49cdfc7eSAndroid Build Coastguard Worker #else 14*49cdfc7eSAndroid Build Coastguard Worker /* Valid values for seccomp.mode and prctl(PR_SET_SECCOMP, <mode>) */ 15*49cdfc7eSAndroid Build Coastguard Worker # define SECCOMP_MODE_DISABLED 0 16*49cdfc7eSAndroid Build Coastguard Worker # define SECCOMP_MODE_STRICT 1 17*49cdfc7eSAndroid Build Coastguard Worker # define SECCOMP_MODE_FILTER 2 18*49cdfc7eSAndroid Build Coastguard Worker 19*49cdfc7eSAndroid Build Coastguard Worker # define SECCOMP_RET_KILL_THREAD 0x00000000U /* kill the thread */ 20*49cdfc7eSAndroid Build Coastguard Worker # define SECCOMP_RET_KILL SECCOMP_RET_KILL_THREAD 21*49cdfc7eSAndroid Build Coastguard Worker # define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */ 22*49cdfc7eSAndroid Build Coastguard Worker 23*49cdfc7eSAndroid Build Coastguard Worker /** 24*49cdfc7eSAndroid Build Coastguard Worker * struct seccomp_data - the format the BPF program executes over. 25*49cdfc7eSAndroid Build Coastguard Worker * @nr: the system call number 26*49cdfc7eSAndroid Build Coastguard Worker * @arch: indicates system call convention as an AUDIT_ARCH_* value 27*49cdfc7eSAndroid Build Coastguard Worker * as defined in <linux/audit.h>. 28*49cdfc7eSAndroid Build Coastguard Worker * @instruction_pointer: at the time of the system call. 29*49cdfc7eSAndroid Build Coastguard Worker * @args: up to 6 system call arguments always stored as 64-bit values 30*49cdfc7eSAndroid Build Coastguard Worker * regardless of the architecture. 31*49cdfc7eSAndroid Build Coastguard Worker */ 32*49cdfc7eSAndroid Build Coastguard Worker struct seccomp_data { 33*49cdfc7eSAndroid Build Coastguard Worker int nr; 34*49cdfc7eSAndroid Build Coastguard Worker uint32_t arch; 35*49cdfc7eSAndroid Build Coastguard Worker uint64_t instruction_pointer; 36*49cdfc7eSAndroid Build Coastguard Worker uint64_t args[6]; 37*49cdfc7eSAndroid Build Coastguard Worker }; 38*49cdfc7eSAndroid Build Coastguard Worker 39*49cdfc7eSAndroid Build Coastguard Worker #endif /* HAVE_LINUX_SECCOMP_H*/ 40*49cdfc7eSAndroid Build Coastguard Worker #endif /* LAPI_SECCOMP_H__ */ 41