Re: [RFC PATCH 2/2] LSM: A sample of dynamically appendable LSM module.
From: Song Liu <song@kernel.org>
Date: 2023-09-27 16:05:36
Also in:
bpf
On Wed, Sep 27, 2023 at 8:09 AM Tetsuo Handa [off-list ref] wrote:
This is an example of dynamically appendable LSM modules.
Maybe add this to samples/lsm/ or samples/security/? And we need to assign maintainer(s) for it. Maybe add the files to "SECURITY SUBSYSTEM" in MAINTAINERS Thanks, Song
quoted hunk ↗ jump to hunk
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> --- demo/Makefile | 1 + demo/demo.c | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 demo/Makefile create mode 100644 demo/demo.cdiff --git a/demo/Makefile b/demo/Makefile new file mode 100644 index 000000000000..8a6ab0945858 --- /dev/null +++ b/demo/Makefile@@ -0,0 +1 @@ +obj-m += demo.odiff --git a/demo/demo.c b/demo/demo.c new file mode 100644 index 000000000000..90b03d10bd72 --- /dev/null +++ b/demo/demo.c@@ -0,0 +1,38 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +#include <linux/module.h> +#include <linux/lsm_hooks.h> + +static int demo_task_alloc_security(struct task_struct *p, + unsigned long clone_flags) +{ + static unsigned int count; + + if (count++ < 5) + dump_stack(); + return 0; +} + +static void demo_task_free_security(struct task_struct *p) +{ + static unsigned int count; + + if (count++ < 5) + dump_stack(); +} + +static struct security_hook_list demo_hooks[] __ro_after_init = { + LSM_HOOK_INIT(task_free, demo_task_free_security), + LSM_HOOK_INIT(task_alloc, demo_task_alloc_security), +}; + +static int __init demo_init(void) +{ + const int ret = register_loadable_lsm(demo_hooks, + ARRAY_SIZE(demo_hooks), "demo"); + + pr_info("Registering demo LSM module returned %d.\n", ret); + return ret; +} + +module_init(demo_init); +MODULE_LICENSE("GPL"); --2.18.4