diff mbox series

[5/5] LSM: A sample of dynamically appendable LSM module.

Message ID 360548d7-25b5-43e8-9d6d-d6afd31a1f49@I-love.SAKURA.ne.jp (mailing list archive)
State Superseded
Headers show
Series LSM: Officially support appending LSM hooks after boot. | expand

Checks

Context Check Description
netdev/tree_selection success Not a local patch
bpf/vmtest-bpf-PR fail merge-conflict
bpf/vmtest-bpf-VM_Test-19 success Logs for x86_64-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-20 success Logs for x86_64-gcc / test (test_progs_no_alu32_parallel, true, 30) / test_progs_no_alu32_parallel on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-0 success Logs for Lint
bpf/vmtest-bpf-VM_Test-2 success Logs for Validate matrix.py
bpf/vmtest-bpf-VM_Test-7 success Logs for aarch64-gcc / test (test_verifier, false, 360) / test_verifier on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-21 success Logs for x86_64-gcc / test (test_progs_parallel, true, 30) / test_progs_parallel on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-4 success Logs for aarch64-gcc / test (test_maps, false, 360) / test_maps on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-15 success Logs for set-matrix
bpf/vmtest-bpf-VM_Test-12 success Logs for s390x-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on s390x with gcc
bpf/vmtest-bpf-VM_Test-14 success Logs for s390x-gcc / veristat
bpf/vmtest-bpf-VM_Test-13 success Logs for s390x-gcc / test (test_verifier, false, 360) / test_verifier on s390x with gcc
bpf/vmtest-bpf-VM_Test-6 success Logs for aarch64-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-11 success Logs for s390x-gcc / test (test_progs, false, 360) / test_progs on s390x with gcc
bpf/vmtest-bpf-VM_Test-16 success Logs for x86_64-gcc / build / build for x86_64 with gcc
bpf/vmtest-bpf-VM_Test-9 success Logs for s390x-gcc / build / build for s390x with gcc
bpf/vmtest-bpf-VM_Test-3 success Logs for aarch64-gcc / build / build for aarch64 with gcc
bpf/vmtest-bpf-VM_Test-1 success Logs for ShellCheck
bpf/vmtest-bpf-VM_Test-17 fail Logs for x86_64-gcc / test (test_maps, false, 360) / test_maps on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-22 success Logs for x86_64-gcc / test (test_verifier, false, 360) / test_verifier on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-5 success Logs for aarch64-gcc / test (test_progs, false, 360) / test_progs on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-8 success Logs for aarch64-gcc / veristat
bpf/vmtest-bpf-VM_Test-23 fail Logs for x86_64-gcc / veristat / veristat on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-10 success Logs for s390x-gcc / test (test_maps, false, 360) / test_maps on s390x with gcc
bpf/vmtest-bpf-VM_Test-24 success Logs for x86_64-llvm-16 / build / build for x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-18 success Logs for x86_64-gcc / test (test_progs, false, 360) / test_progs on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-25 success Logs for x86_64-llvm-16 / test (test_maps, false, 360) / test_maps on x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-26 success Logs for x86_64-llvm-16 / test (test_progs, false, 360) / test_progs on x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-27 success Logs for x86_64-llvm-16 / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-28 success Logs for x86_64-llvm-16 / test (test_verifier, false, 360) / test_verifier on x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-29 success Logs for x86_64-llvm-16 / veristat

Commit Message

Tetsuo Handa Nov. 11, 2023, 10:12 a.m. UTC 
This patch demonstrates how to use PATCH 4/5. This patch is not for merge.

By the way, should mod_lsm_dynamic_hooks be directly exported to LKM-based
LSMs rather than exporting mod_lsm_add_hooks() to LKM-based LSMs, so that
LKM-based LSMs can check whether hooks which need special considerations
(e.g. security_secid_to_secctx() and security_xfrm_state_pol_flow_match())
are in-use and decide what to do?

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
 demo/Makefile |  1 +
 demo/demo.c   | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 demo/Makefile
 create mode 100644 demo/demo.c
diff mbox series

Patch

diff --git a/demo/Makefile b/demo/Makefile
new file mode 100644
index 000000000000..9b2ef5f08392
--- /dev/null
+++ b/demo/Makefile
@@ -0,0 +1 @@ 
+obj-m = demo.o
diff --git a/demo/demo.c b/demo/demo.c
new file mode 100644
index 000000000000..6f6f603b8cd7
--- /dev/null
+++ b/demo/demo.c
@@ -0,0 +1,25 @@ 
+#include <linux/lsm_hooks.h>
+#include <uapi/linux/lsm.h>
+
+#define LSM_INT_HOOK(RET, DEFAULT, NAME, ...)				\
+	static RET test_##NAME(__VA_ARGS__) {				\
+		pr_info_once("Called %s\n", __func__);			\
+		return DEFAULT;						\
+	}
+#define LSM_VOID_HOOK(RET, DEFAULT, NAME, ...)				\
+	static RET test_##NAME(__VA_ARGS__) {				\
+		pr_info_once("Called %s\n", __func__);			\
+	}
+#include <linux/lsm_hook_defs.h>
+
+static const struct security_hook_mappings test_callbacks __initconst = {
+#define LSM_HOOK(RET, DEFAULT, NAME, ...) .NAME = test_##NAME,
+#include <linux/lsm_hook_defs.h>
+};
+
+static int __init test_init(void)
+{
+	return mod_lsm_add_hooks(&test_callbacks);
+}
+module_init(test_init);
+MODULE_LICENSE("GPL");