On Wed, Sep 27, 2023 at 8:09 AM Tetsuo Handa
<penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote:
>
> This is an example of dynamically appendable LSM modules.
Maybe add this to samples/lsm/ or samples/security/?
And we need to assign maintainer(s) for it. Maybe add the files to
"SECURITY SUBSYSTEM" in MAINTAINERS
Thanks,
Song
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
> ---
> demo/Makefile | 1 +
> demo/demo.c | 38 ++++++++++++++++++++++++++++++++++++++
> 2 files changed, 39 insertions(+)
> create mode 100644 demo/Makefile
> create mode 100644 demo/demo.c
>
> diff --git a/demo/Makefile b/demo/Makefile
> new file mode 100644
> index 000000000000..8a6ab0945858
> --- /dev/null
> +++ b/demo/Makefile
> @@ -0,0 +1 @@
> +obj-m += demo.o
> diff --git a/demo/demo.c b/demo/demo.c
> new file mode 100644
> index 000000000000..90b03d10bd72
> --- /dev/null
> +++ b/demo/demo.c
> @@ -0,0 +1,38 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +#include <linux/module.h>
> +#include <linux/lsm_hooks.h>
> +
> +static int demo_task_alloc_security(struct task_struct *p,
> + unsigned long clone_flags)
> +{
> + static unsigned int count;
> +
> + if (count++ < 5)
> + dump_stack();
> + return 0;
> +}
> +
> +static void demo_task_free_security(struct task_struct *p)
> +{
> + static unsigned int count;
> +
> + if (count++ < 5)
> + dump_stack();
> +}
> +
> +static struct security_hook_list demo_hooks[] __ro_after_init = {
> + LSM_HOOK_INIT(task_free, demo_task_free_security),
> + LSM_HOOK_INIT(task_alloc, demo_task_alloc_security),
> +};
> +
> +static int __init demo_init(void)
> +{
> + const int ret = register_loadable_lsm(demo_hooks,
> + ARRAY_SIZE(demo_hooks), "demo");
> +
> + pr_info("Registering demo LSM module returned %d.\n", ret);
> + return ret;
> +}
> +
> +module_init(demo_init);
> +MODULE_LICENSE("GPL");
> --
> 2.18.4
>
>
