0001
0002
0003
0004
0005
0006 #include <linux/lsm_hooks.h>
0007 #include <linux/bpf_lsm.h>
0008
0009 static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = {
0010 #define LSM_HOOK(RET, DEFAULT, NAME, ...) \
0011 LSM_HOOK_INIT(NAME, bpf_lsm_##NAME),
0012 #include <linux/lsm_hook_defs.h>
0013 #undef LSM_HOOK
0014 LSM_HOOK_INIT(inode_free_security, bpf_inode_storage_free),
0015 LSM_HOOK_INIT(task_free, bpf_task_storage_free),
0016 };
0017
0018 static int __init bpf_lsm_init(void)
0019 {
0020 security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), "bpf");
0021 pr_info("LSM support for eBPF active\n");
0022 return 0;
0023 }
0024
0025 struct lsm_blob_sizes bpf_lsm_blob_sizes __lsm_ro_after_init = {
0026 .lbs_inode = sizeof(struct bpf_storage_blob),
0027 .lbs_task = sizeof(struct bpf_storage_blob),
0028 };
0029
0030 DEFINE_LSM(bpf) = {
0031 .name = "bpf",
0032 .init = bpf_lsm_init,
0033 .blobs = &bpf_lsm_blob_sizes
0034 };