This is an example of dynamically appendable LSM modules.
Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
---
demo/Makefile | 1 +
demo/demo.c | 38 ++++++++++++++++++++++++++++++++++++++
2 files changed, 39 insertions(+)
create mode 100644 demo/Makefile
create mode 100644 demo/demo.c
diff --git a/demo/Makefile b/demo/Makefile
new file mode 100644
index 000000000000..8a6ab0945858
--- /dev/null
+++ b/demo/Makefile
@@ -0,0 +1 @@
+obj-m += demo.o
diff --git a/demo/demo.c b/demo/demo.c
new file mode 100644
index 000000000000..90b03d10bd72
--- /dev/null
+++ b/demo/demo.c
@@ -0,0 +1,38 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+#include <linux/module.h>
+#include <linux/lsm_hooks.h>
+
+static int demo_task_alloc_security(struct task_struct *p,
+ unsigned long clone_flags)
+{
+ static unsigned int count;
+
+ if (count++ < 5)
+ dump_stack();
+ return 0;
+}
+
+static void demo_task_free_security(struct task_struct *p)
+{
+ static unsigned int count;
+
+ if (count++ < 5)
+ dump_stack();
+}
+
+static struct security_hook_list demo_hooks[] __ro_after_init = {
+ LSM_HOOK_INIT(task_free, demo_task_free_security),
+ LSM_HOOK_INIT(task_alloc, demo_task_alloc_security),
+};
+
+static int __init demo_init(void)
+{
+ const int ret = register_loadable_lsm(demo_hooks,
+ ARRAY_SIZE(demo_hooks), "demo");
+
+ pr_info("Registering demo LSM module returned %d.\n", ret);
+ return ret;
+}
+
+module_init(demo_init);
+MODULE_LICENSE("GPL");
--
2.18.4
