Updating XTBs based on .GRDs from branch master
[chromium-blink-merge.git] / sandbox / linux / system_headers / linux_seccomp.h
blob3deb3d2253c0d84a503fb6651f43bbceec7c8866
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SECCOMP_H_
6 #define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SECCOMP_H_
8 // The Seccomp2 kernel ABI is not part of older versions of glibc.
9 // As we can't break compilation with these versions of the library,
10 // we explicitly define all missing symbols.
11 // If we ever decide that we can now rely on system headers, the following
12 // include files should be enabled:
13 // #include <linux/audit.h>
14 // #include <linux/seccomp.h>
16 // For audit.h
17 #ifndef EM_ARM
18 #define EM_ARM 40
19 #endif
20 #ifndef EM_386
21 #define EM_386 3
22 #endif
23 #ifndef EM_X86_64
24 #define EM_X86_64 62
25 #endif
26 #ifndef EM_MIPS
27 #define EM_MIPS 8
28 #endif
29 #ifndef EM_AARCH64
30 #define EM_AARCH64 183
31 #endif
33 #ifndef __AUDIT_ARCH_64BIT
34 #define __AUDIT_ARCH_64BIT 0x80000000
35 #endif
36 #ifndef __AUDIT_ARCH_LE
37 #define __AUDIT_ARCH_LE 0x40000000
38 #endif
39 #ifndef AUDIT_ARCH_ARM
40 #define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE)
41 #endif
42 #ifndef AUDIT_ARCH_I386
43 #define AUDIT_ARCH_I386 (EM_386|__AUDIT_ARCH_LE)
44 #endif
45 #ifndef AUDIT_ARCH_X86_64
46 #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
47 #endif
48 #ifndef AUDIT_ARCH_MIPSEL
49 #define AUDIT_ARCH_MIPSEL (EM_MIPS|__AUDIT_ARCH_LE)
50 #endif
51 #ifndef AUDIT_ARCH_AARCH64
52 #define AUDIT_ARCH_AARCH64 (EM_AARCH64 | __AUDIT_ARCH_64BIT | __AUDIT_ARCH_LE)
53 #endif
55 // For prctl.h
56 #ifndef PR_SET_SECCOMP
57 #define PR_SET_SECCOMP 22
58 #define PR_GET_SECCOMP 21
59 #endif
60 #ifndef PR_SET_NO_NEW_PRIVS
61 #define PR_SET_NO_NEW_PRIVS 38
62 #define PR_GET_NO_NEW_PRIVS 39
63 #endif
64 #ifndef IPC_64
65 #define IPC_64 0x0100
66 #endif
68 // In order to build will older tool chains, we currently have to avoid
69 // including <linux/seccomp.h>. Until that can be fixed (if ever). Rely on
70 // our own definitions of the seccomp kernel ABI.
71 #ifndef SECCOMP_MODE_FILTER
72 #define SECCOMP_MODE_DISABLED 0
73 #define SECCOMP_MODE_STRICT 1
74 #define SECCOMP_MODE_FILTER 2 // User user-supplied filter
75 #endif
77 #ifndef SECCOMP_SET_MODE_STRICT
78 #define SECCOMP_SET_MODE_STRICT 0
79 #endif
80 #ifndef SECCOMP_SET_MODE_FILTER
81 #define SECCOMP_SET_MODE_FILTER 1
82 #endif
83 #ifndef SECCOMP_FILTER_FLAG_TSYNC
84 #define SECCOMP_FILTER_FLAG_TSYNC 1
85 #endif
87 #ifndef SECCOMP_RET_KILL
88 // Return values supported for BPF filter programs. Please note that the
89 // "illegal" SECCOMP_RET_INVALID is not supported by the kernel, should only
90 // ever be used internally, and would result in the kernel killing our process.
91 #define SECCOMP_RET_KILL 0x00000000U // Kill the task immediately
92 #define SECCOMP_RET_INVALID 0x00010000U // Illegal return value
93 #define SECCOMP_RET_TRAP 0x00030000U // Disallow and force a SIGSYS
94 #define SECCOMP_RET_ERRNO 0x00050000U // Returns an errno
95 #define SECCOMP_RET_TRACE 0x7ff00000U // Pass to a tracer or disallow
96 #define SECCOMP_RET_ALLOW 0x7fff0000U // Allow
97 #define SECCOMP_RET_ACTION 0xffff0000U // Masks for the return value
98 #define SECCOMP_RET_DATA 0x0000ffffU // sections
99 #else
100 #define SECCOMP_RET_INVALID 0x00010000U // Illegal return value
101 #endif
103 #ifndef SYS_SECCOMP
104 #define SYS_SECCOMP 1
105 #endif
107 #endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SECCOMP_H_