[RFC PATCH 2/2] LSM: A sample of dynamically appendable LSM module.

Song Liu song at kernel.org
Wed Sep 27 16:05:21 UTC 2023


On Wed, Sep 27, 2023 at 8:09 AM Tetsuo Handa
<penguin-kernel at i-love.sakura.ne.jp> wrote:
>
> This is an example of dynamically appendable LSM modules.

Maybe add this to samples/lsm/ or samples/security/?

And we need to assign maintainer(s) for it. Maybe add the files to
"SECURITY SUBSYSTEM" in MAINTAINERS

Thanks,
Song

>
> Signed-off-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
> ---
>  demo/Makefile |  1 +
>  demo/demo.c   | 38 ++++++++++++++++++++++++++++++++++++++
>  2 files changed, 39 insertions(+)
>  create mode 100644 demo/Makefile
>  create mode 100644 demo/demo.c
>
> diff --git a/demo/Makefile b/demo/Makefile
> new file mode 100644
> index 000000000000..8a6ab0945858
> --- /dev/null
> +++ b/demo/Makefile
> @@ -0,0 +1 @@
> +obj-m += demo.o
> diff --git a/demo/demo.c b/demo/demo.c
> new file mode 100644
> index 000000000000..90b03d10bd72
> --- /dev/null
> +++ b/demo/demo.c
> @@ -0,0 +1,38 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +#include <linux/module.h>
> +#include <linux/lsm_hooks.h>
> +
> +static int demo_task_alloc_security(struct task_struct *p,
> +                                   unsigned long clone_flags)
> +{
> +       static unsigned int count;
> +
> +       if (count++ < 5)
> +               dump_stack();
> +       return 0;
> +}
> +
> +static void demo_task_free_security(struct task_struct *p)
> +{
> +       static unsigned int count;
> +
> +       if (count++ < 5)
> +               dump_stack();
> +}
> +
> +static struct security_hook_list demo_hooks[] __ro_after_init = {
> +       LSM_HOOK_INIT(task_free, demo_task_free_security),
> +       LSM_HOOK_INIT(task_alloc, demo_task_alloc_security),
> +};
> +
> +static int __init demo_init(void)
> +{
> +       const int ret = register_loadable_lsm(demo_hooks,
> +                                             ARRAY_SIZE(demo_hooks), "demo");
> +
> +       pr_info("Registering demo LSM module returned %d.\n", ret);
> +       return ret;
> +}
> +
> +module_init(demo_init);
> +MODULE_LICENSE("GPL");
> --
> 2.18.4
>
>



More information about the Linux-security-module-archive mailing list