[RFC PATCH 2/2] LSM: A sample of dynamically appendable LSM module.

Tetsuo Handa penguin-kernel at I-love.SAKURA.ne.jp
Wed Sep 27 15:09:31 UTC 2023


This is an example of dynamically appendable LSM modules.

Signed-off-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
---
 demo/Makefile |  1 +
 demo/demo.c   | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 demo/Makefile
 create mode 100644 demo/demo.c

diff --git a/demo/Makefile b/demo/Makefile
new file mode 100644
index 000000000000..8a6ab0945858
--- /dev/null
+++ b/demo/Makefile
@@ -0,0 +1 @@
+obj-m += demo.o
diff --git a/demo/demo.c b/demo/demo.c
new file mode 100644
index 000000000000..90b03d10bd72
--- /dev/null
+++ b/demo/demo.c
@@ -0,0 +1,38 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+#include <linux/module.h>
+#include <linux/lsm_hooks.h>
+
+static int demo_task_alloc_security(struct task_struct *p,
+				    unsigned long clone_flags)
+{
+	static unsigned int count;
+
+	if (count++ < 5)
+		dump_stack();
+	return 0;
+}
+
+static void demo_task_free_security(struct task_struct *p)
+{
+	static unsigned int count;
+
+	if (count++ < 5)
+		dump_stack();
+}
+
+static struct security_hook_list demo_hooks[] __ro_after_init = {
+	LSM_HOOK_INIT(task_free, demo_task_free_security),
+	LSM_HOOK_INIT(task_alloc, demo_task_alloc_security),
+};
+
+static int __init demo_init(void)
+{
+	const int ret = register_loadable_lsm(demo_hooks,
+					      ARRAY_SIZE(demo_hooks), "demo");
+
+	pr_info("Registering demo LSM module returned %d.\n", ret);
+	return ret;
+}
+
+module_init(demo_init);
+MODULE_LICENSE("GPL");
-- 
2.18.4



More information about the Linux-security-module-archive mailing list