From patchwork Wed Sep 27 15:09:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tetsuo Handa X-Patchwork-Id: 13400985 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BB1F31170F for ; Wed, 27 Sep 2023 15:09:52 +0000 (UTC) Received: from www262.sakura.ne.jp (www262.sakura.ne.jp [202.181.97.72]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C1DF2F4; Wed, 27 Sep 2023 08:09:49 -0700 (PDT) Received: from fsav411.sakura.ne.jp (fsav411.sakura.ne.jp [133.242.250.110]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 38RF9ZRE033048; Thu, 28 Sep 2023 00:09:36 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav411.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav411.sakura.ne.jp); Thu, 28 Sep 2023 00:09:35 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav411.sakura.ne.jp) Received: from [192.168.1.6] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 38RF9Z8a033045 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Thu, 28 Sep 2023 00:09:35 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Message-ID: <9fccf6d7-4b1b-dd4e-5479-3c6d21d08d5a@I-love.SAKURA.ne.jp> Date: Thu, 28 Sep 2023 00:09:31 +0900 Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 Subject: [RFC PATCH 2/2] LSM: A sample of dynamically appendable LSM module. Content-Language: en-US From: Tetsuo Handa To: linux-security-module , Casey Schaufler , KP Singh , Paul Moore , bpf Cc: Kees Cook , Linus Torvalds References: In-Reply-To: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-State: RFC This is an example of dynamically appendable LSM modules. Signed-off-by: Tetsuo Handa --- demo/Makefile | 1 + demo/demo.c | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 demo/Makefile create mode 100644 demo/demo.c diff --git a/demo/Makefile b/demo/Makefile new file mode 100644 index 000000000000..8a6ab0945858 --- /dev/null +++ b/demo/Makefile @@ -0,0 +1 @@ +obj-m += demo.o diff --git a/demo/demo.c b/demo/demo.c new file mode 100644 index 000000000000..90b03d10bd72 --- /dev/null +++ b/demo/demo.c @@ -0,0 +1,38 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +#include +#include + +static int demo_task_alloc_security(struct task_struct *p, + unsigned long clone_flags) +{ + static unsigned int count; + + if (count++ < 5) + dump_stack(); + return 0; +} + +static void demo_task_free_security(struct task_struct *p) +{ + static unsigned int count; + + if (count++ < 5) + dump_stack(); +} + +static struct security_hook_list demo_hooks[] __ro_after_init = { + LSM_HOOK_INIT(task_free, demo_task_free_security), + LSM_HOOK_INIT(task_alloc, demo_task_alloc_security), +}; + +static int __init demo_init(void) +{ + const int ret = register_loadable_lsm(demo_hooks, + ARRAY_SIZE(demo_hooks), "demo"); + + pr_info("Registering demo LSM module returned %d.\n", ret); + return ret; +} + +module_init(demo_init); +MODULE_LICENSE("GPL");