seccomp: create internal mode-setting function

In preparation for having other callers of the seccomp mode setting logic, split the prctl entry point away from the core logic that performs seccomp mode setting. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
2024-11-07 03:47:13 +00:00 · 2014-05-21 15:02:11 -07:00 · 2014-05-21 15:02:11 -07:00 · 1315b0c1b3
commit 1315b0c1b3
parent 4c52a8a097
1 changed files with 14 additions and 2 deletions
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@ -462,7 +462,7 @@ long prctl_get_seccomp(void)
 }

 /**
- * prctl_set_seccomp: configures current->seccomp.mode
+ * seccomp_set_mode: internal function for setting seccomp mode
 * @seccomp_mode: requested mode to use
 * @filter: optional struct sock_fprog for use with SECCOMP_MODE_FILTER
 *
@ -475,7 +475,7 @@ long prctl_get_seccomp(void)
 *
 * Returns 0 on success or -EINVAL on failure.
 */
-long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
+static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter)
 {
 	long ret = -EINVAL;

@ -506,3 +506,15 @@ long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
 out:
 	return ret;
 }
+
+/**
+ * prctl_set_seccomp: configures current->seccomp.mode
+ * @seccomp_mode: requested mode to use
+ * @filter: optional struct sock_fprog for use with SECCOMP_MODE_FILTER
+ *
+ * Returns 0 on success or -EINVAL on failure.
+ */
+long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
+{
+	return seccomp_set_mode(seccomp_mode, filter);
+}