| Message ID | 9fccf6d7-4b1b-dd4e-5479-3c6d21d08d5a@I-love.SAKURA.ne.jp (mailing list archive) |
|---|---|
| State | RFC |
| Headers | show |
| Series | [RFC,1/2] LSM: Allow dynamically appendable LSM modules. | expand |
| Context | Check | Description |
|---|---|---|
| netdev/tree_selection | success | Not a local patch |
On Wed, Sep 27, 2023 at 8:09 AM Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > > This is an example of dynamically appendable LSM modules. Maybe add this to samples/lsm/ or samples/security/? And we need to assign maintainer(s) for it. Maybe add the files to "SECURITY SUBSYSTEM" in MAINTAINERS Thanks, Song > > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > --- > demo/Makefile | 1 + > demo/demo.c | 38 ++++++++++++++++++++++++++++++++++++++ > 2 files changed, 39 insertions(+) > create mode 100644 demo/Makefile > create mode 100644 demo/demo.c > > diff --git a/demo/Makefile b/demo/Makefile > new file mode 100644 > index 000000000000..8a6ab0945858 > --- /dev/null > +++ b/demo/Makefile > @@ -0,0 +1 @@ > +obj-m += demo.o > diff --git a/demo/demo.c b/demo/demo.c > new file mode 100644 > index 000000000000..90b03d10bd72 > --- /dev/null > +++ b/demo/demo.c > @@ -0,0 +1,38 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later > +#include <linux/module.h> > +#include <linux/lsm_hooks.h> > + > +static int demo_task_alloc_security(struct task_struct *p, > + unsigned long clone_flags) > +{ > + static unsigned int count; > + > + if (count++ < 5) > + dump_stack(); > + return 0; > +} > + > +static void demo_task_free_security(struct task_struct *p) > +{ > + static unsigned int count; > + > + if (count++ < 5) > + dump_stack(); > +} > + > +static struct security_hook_list demo_hooks[] __ro_after_init = { > + LSM_HOOK_INIT(task_free, demo_task_free_security), > + LSM_HOOK_INIT(task_alloc, demo_task_alloc_security), > +}; > + > +static int __init demo_init(void) > +{ > + const int ret = register_loadable_lsm(demo_hooks, > + ARRAY_SIZE(demo_hooks), "demo"); > + > + pr_info("Registering demo LSM module returned %d.\n", ret); > + return ret; > +} > + > +module_init(demo_init); > +MODULE_LICENSE("GPL"); > -- > 2.18.4 > >
diff --git a/demo/Makefile b/demo/Makefile new file mode 100644 index 000000000000..8a6ab0945858 --- /dev/null +++ b/demo/Makefile @@ -0,0 +1 @@ +obj-m += demo.o diff --git a/demo/demo.c b/demo/demo.c new file mode 100644 index 000000000000..90b03d10bd72 --- /dev/null +++ b/demo/demo.c @@ -0,0 +1,38 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +#include <linux/module.h> +#include <linux/lsm_hooks.h> + +static int demo_task_alloc_security(struct task_struct *p, + unsigned long clone_flags) +{ + static unsigned int count; + + if (count++ < 5) + dump_stack(); + return 0; +} + +static void demo_task_free_security(struct task_struct *p) +{ + static unsigned int count; + + if (count++ < 5) + dump_stack(); +} + +static struct security_hook_list demo_hooks[] __ro_after_init = { + LSM_HOOK_INIT(task_free, demo_task_free_security), + LSM_HOOK_INIT(task_alloc, demo_task_alloc_security), +}; + +static int __init demo_init(void) +{ + const int ret = register_loadable_lsm(demo_hooks, + ARRAY_SIZE(demo_hooks), "demo"); + + pr_info("Registering demo LSM module returned %d.\n", ret); + return ret; +} + +module_init(demo_init); +MODULE_LICENSE("GPL");
This is an example of dynamically appendable LSM modules. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> --- demo/Makefile | 1 + demo/demo.c | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 demo/Makefile create mode 100644 demo/demo.c