~hc/RK356X_SDK_RELEASE.git

..	..	@@ -15,11 +15,14 @@
15	15	#define SECCOMP_SET_MODE_STRICT 0
16	16	#define SECCOMP_SET_MODE_FILTER 1
17	17	#define SECCOMP_GET_ACTION_AVAIL 2
	18	+#define SECCOMP_GET_NOTIF_SIZES 3
18	19
19	20	/* Valid flags for SECCOMP_SET_MODE_FILTER */
20		-#define SECCOMP_FILTER_FLAG_TSYNC (1UL << 0)
21		-#define SECCOMP_FILTER_FLAG_LOG (1UL << 1)
22		-#define SECCOMP_FILTER_FLAG_SPEC_ALLOW (1UL << 2)
	21	+#define SECCOMP_FILTER_FLAG_TSYNC (1UL << 0)
	22	+#define SECCOMP_FILTER_FLAG_LOG (1UL << 1)
	23	+#define SECCOMP_FILTER_FLAG_SPEC_ALLOW (1UL << 2)
	24	+#define SECCOMP_FILTER_FLAG_NEW_LISTENER (1UL << 3)
	25	+#define SECCOMP_FILTER_FLAG_TSYNC_ESRCH (1UL << 4)
23	26
24	27	/*
25	28	* All BPF programs must return a 32-bit value.
..	..	@@ -35,6 +38,7 @@
35	38	#define SECCOMP_RET_KILL SECCOMP_RET_KILL_THREAD
36	39	#define SECCOMP_RET_TRAP 0x00030000U /* disallow and force a SIGSYS */
37	40	#define SECCOMP_RET_ERRNO 0x00050000U /* returns an errno */
	41	+#define SECCOMP_RET_USER_NOTIF 0x7fc00000U /* notifies userspace */
38	42	#define SECCOMP_RET_TRACE 0x7ff00000U /* pass to a tracer or disallow */
39	43	#define SECCOMP_RET_LOG 0x7ffc0000U /* allow after logging */
40	44	#define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */
..	..	@@ -60,4 +64,87 @@
60	64	__u64 args[6];
61	65	};
62	66
	67	+struct seccomp_notif_sizes {
	68	+ __u16 seccomp_notif;
	69	+ __u16 seccomp_notif_resp;
	70	+ __u16 seccomp_data;
	71	+};
	72	+
	73	+struct seccomp_notif {
	74	+ __u64 id;
	75	+ __u32 pid;
	76	+ __u32 flags;
	77	+ struct seccomp_data data;
	78	+};
	79	+
	80	+/*
	81	+ * Valid flags for struct seccomp_notif_resp
	82	+ *
	83	+ * Note, the SECCOMP_USER_NOTIF_FLAG_CONTINUE flag must be used with caution!
	84	+ * If set by the process supervising the syscalls of another process the
	85	+ * syscall will continue. This is problematic because of an inherent TOCTOU.
	86	+ * An attacker can exploit the time while the supervised process is waiting on
	87	+ * a response from the supervising process to rewrite syscall arguments which
	88	+ * are passed as pointers of the intercepted syscall.
	89	+ * It should be absolutely clear that this means that the seccomp notifier
	90	+ * _cannot_ be used to implement a security policy! It should only ever be used
	91	+ * in scenarios where a more privileged process supervises the syscalls of a
	92	+ * lesser privileged process to get around kernel-enforced security
	93	+ * restrictions when the privileged process deems this safe. In other words,
	94	+ * in order to continue a syscall the supervising process should be sure that
	95	+ * another security mechanism or the kernel itself will sufficiently block
	96	+ * syscalls if arguments are rewritten to something unsafe.
	97	+ *
	98	+ * Similar precautions should be applied when stacking SECCOMP_RET_USER_NOTIF
	99	+ * or SECCOMP_RET_TRACE. For SECCOMP_RET_USER_NOTIF filters acting on the
	100	+ * same syscall, the most recently added filter takes precedence. This means
	101	+ * that the new SECCOMP_RET_USER_NOTIF filter can override any
	102	+ * SECCOMP_IOCTL_NOTIF_SEND from earlier filters, essentially allowing all
	103	+ * such filtered syscalls to be executed by sending the response
	104	+ * SECCOMP_USER_NOTIF_FLAG_CONTINUE. Note that SECCOMP_RET_TRACE can equally
	105	+ * be overriden by SECCOMP_USER_NOTIF_FLAG_CONTINUE.
	106	+ */
	107	+#define SECCOMP_USER_NOTIF_FLAG_CONTINUE (1UL << 0)
	108	+
	109	+struct seccomp_notif_resp {
	110	+ __u64 id;
	111	+ __s64 val;
	112	+ __s32 error;
	113	+ __u32 flags;
	114	+};
	115	+
	116	+/* valid flags for seccomp_notif_addfd */
	117	+#define SECCOMP_ADDFD_FLAG_SETFD (1UL << 0) /* Specify remote fd */
	118	+
	119	+/**
	120	+ * struct seccomp_notif_addfd
	121	+ * @id: The ID of the seccomp notification
	122	+ * @flags: SECCOMP_ADDFD_FLAG_*
	123	+ * @srcfd: The local fd number
	124	+ * @newfd: Optional remote FD number if SETFD option is set, otherwise 0.
	125	+ * @newfd_flags: The O_* flags the remote FD should have applied
	126	+ */
	127	+struct seccomp_notif_addfd {
	128	+ __u64 id;
	129	+ __u32 flags;
	130	+ __u32 srcfd;
	131	+ __u32 newfd;
	132	+ __u32 newfd_flags;
	133	+};
	134	+
	135	+#define SECCOMP_IOC_MAGIC '!'
	136	+#define SECCOMP_IO(nr) _IO(SECCOMP_IOC_MAGIC, nr)
	137	+#define SECCOMP_IOR(nr, type) _IOR(SECCOMP_IOC_MAGIC, nr, type)
	138	+#define SECCOMP_IOW(nr, type) _IOW(SECCOMP_IOC_MAGIC, nr, type)
	139	+#define SECCOMP_IOWR(nr, type) _IOWR(SECCOMP_IOC_MAGIC, nr, type)
	140	+
	141	+/* Flags for seccomp notification fd ioctl. */
	142	+#define SECCOMP_IOCTL_NOTIF_RECV SECCOMP_IOWR(0, struct seccomp_notif)
	143	+#define SECCOMP_IOCTL_NOTIF_SEND SECCOMP_IOWR(1, \
	144	+ struct seccomp_notif_resp)
	145	+#define SECCOMP_IOCTL_NOTIF_ID_VALID SECCOMP_IOW(2, __u64)
	146	+/* On success, the return value is the remote process's added fd number */
	147	+#define SECCOMP_IOCTL_NOTIF_ADDFD SECCOMP_IOW(3, \
	148	+ struct seccomp_notif_addfd)
	149	+
63	150	#endif /* _UAPI_LINUX_SECCOMP_H */