[PATCH 5/5] LSM: A sample of dynamically appendable LSM module.
Tetsuo Handa
penguin-kernel at I-love.SAKURA.ne.jp
Sat Nov 11 10:12:26 UTC 2023
This patch demonstrates how to use PATCH 4/5. This patch is not for merge.
By the way, should mod_lsm_dynamic_hooks be directly exported to LKM-based
LSMs rather than exporting mod_lsm_add_hooks() to LKM-based LSMs, so that
LKM-based LSMs can check whether hooks which need special considerations
(e.g. security_secid_to_secctx() and security_xfrm_state_pol_flow_match())
are in-use and decide what to do?
Signed-off-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
---
demo/Makefile | 1 +
demo/demo.c | 25 +++++++++++++++++++++++++
2 files changed, 26 insertions(+)
create mode 100644 demo/Makefile
create mode 100644 demo/demo.c
diff --git a/demo/Makefile b/demo/Makefile
new file mode 100644
index 000000000000..9b2ef5f08392
--- /dev/null
+++ b/demo/Makefile
@@ -0,0 +1 @@
+obj-m = demo.o
diff --git a/demo/demo.c b/demo/demo.c
new file mode 100644
index 000000000000..6f6f603b8cd7
--- /dev/null
+++ b/demo/demo.c
@@ -0,0 +1,25 @@
+#include <linux/lsm_hooks.h>
+#include <uapi/linux/lsm.h>
+
+#define LSM_INT_HOOK(RET, DEFAULT, NAME, ...) \
+ static RET test_##NAME(__VA_ARGS__) { \
+ pr_info_once("Called %s\n", __func__); \
+ return DEFAULT; \
+ }
+#define LSM_VOID_HOOK(RET, DEFAULT, NAME, ...) \
+ static RET test_##NAME(__VA_ARGS__) { \
+ pr_info_once("Called %s\n", __func__); \
+ }
+#include <linux/lsm_hook_defs.h>
+
+static const struct security_hook_mappings test_callbacks __initconst = {
+#define LSM_HOOK(RET, DEFAULT, NAME, ...) .NAME = test_##NAME,
+#include <linux/lsm_hook_defs.h>
+};
+
+static int __init test_init(void)
+{
+ return mod_lsm_add_hooks(&test_callbacks);
+}
+module_init(test_init);
+MODULE_LICENSE("GPL");
--
2.34.1
More information about the Linux-security-module-archive
mailing list