From a433970e2888cdb2ebe99ad45b6ae7c24430d154 Mon Sep 17 00:00:00 2001 From: Zongyao Chen Date: Thu, 14 May 2026 18:51:18 +0800 Subject: [PATCH 1/2] lua-lsm: expose kernel file load ids to Lua hooks Lua-LSM left the id arguments for kernel_load_data(), kernel_post_load_data(), kernel_read_file(), and kernel_post_read_file() as nil placeholders. Expose those ids as the stable strings returned by kernel_load_data_id_str() and kernel_read_file_id_str(). Lua policies can compare descriptive values such as "kernel-module" or "security-policy" without depending on kernel enum numbers. Signed-off-by: Zongyao Chen --- security/lua/lsm_defs.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/security/lua/lsm_defs.c b/security/lua/lsm_defs.c index 788d9d280916..157b1087c559 100644 --- a/security/lua/lsm_defs.c +++ b/security/lua/lsm_defs.c @@ -21,6 +21,7 @@ #include #include /* for __MAP */ #include /* for ktime_get */ +#include #include #include #include @@ -1804,18 +1805,18 @@ LUA_LSM_INT_DEFINE1(kernel_module_request, char *, kmod_name) } /** - * TODO: kernel_load_data + * kernel_load_data * Default: 0 */ LUA_LSM_INT_DEFINE2(kernel_load_data, enum kernel_load_data_id, id, bool, contents) { - lua_pushnil(L); /* TODO: id */ + lua_pushstring(L, kernel_load_data_id_str(id)); lua_pushboolean(L, (int)contents); } /** - * TODO: kernel_post_load_data + * kernel_post_load_data * Default: 0 */ LUA_LSM_INT_DEFINE4(kernel_post_load_data, char *, buf, loff_t, size, @@ -1823,24 +1824,24 @@ LUA_LSM_INT_DEFINE4(kernel_post_load_data, char *, buf, loff_t, size, { lua_pushlstring(L, (const char *)buf, (size_t)size); lua_pushinteger(L, (lua_Integer)size); - lua_pushnil(L); /* TODO: id */ + lua_pushstring(L, kernel_load_data_id_str(id)); lua_pushstring(L, (const char *)description); } /** - * TODO: kernel_read_file + * kernel_read_file * Default: 0 */ LUA_LSM_INT_DEFINE3(kernel_read_file, struct file *, file, enum kernel_read_file_id, id, bool, contents) { *newfile(L) = file; - lua_pushnil(L); /* TODO: id */ + lua_pushstring(L, kernel_read_file_id_str(id)); lua_pushboolean(L, (int)contents); } /** - * TODO: kernel_post_read_file + * kernel_post_read_file * Default: 0 */ LUA_LSM_INT_DEFINE4(kernel_post_read_file, struct file *, file, @@ -1849,7 +1850,7 @@ LUA_LSM_INT_DEFINE4(kernel_post_read_file, struct file *, file, *newfile(L) = file; lua_pushlstring(L, (const char *)buf, (size_t)size); lua_pushinteger(L, (lua_Integer)size); - lua_pushnil(L); /* TODO: id */ + lua_pushstring(L, kernel_read_file_id_str(id)); } static void build_lsm_setid_flags(lua_State *L, int flags) From 8cb3ac918ecc1c60c2d248173b844e7601c4ea55 Mon Sep 17 00:00:00 2001 From: Zongyao Chen Date: Thu, 14 May 2026 19:08:20 +0800 Subject: [PATCH 2/2] lua-lsm: drop redundant size args for file data hooks kernel_post_load_data() and kernel_post_read_file() expose file data to Lua as binary-safe strings. Lua policy can get the byte length with the Lua length operator, so passing a separate size argument duplicates information already carried by the string. Drop the Lua-visible size argument from those hooks while keeping the kernel hook signatures unchanged. Signed-off-by: Zongyao Chen --- security/lua/lsm_defs.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/security/lua/lsm_defs.c b/security/lua/lsm_defs.c index 157b1087c559..0e1df33831ed 100644 --- a/security/lua/lsm_defs.c +++ b/security/lua/lsm_defs.c @@ -1823,7 +1823,6 @@ LUA_LSM_INT_DEFINE4(kernel_post_load_data, char *, buf, loff_t, size, enum kernel_load_data_id, id, char *, description) { lua_pushlstring(L, (const char *)buf, (size_t)size); - lua_pushinteger(L, (lua_Integer)size); lua_pushstring(L, kernel_load_data_id_str(id)); lua_pushstring(L, (const char *)description); } @@ -1849,7 +1848,6 @@ LUA_LSM_INT_DEFINE4(kernel_post_read_file, struct file *, file, { *newfile(L) = file; lua_pushlstring(L, (const char *)buf, (size_t)size); - lua_pushinteger(L, (lua_Integer)size); lua_pushstring(L, kernel_read_file_id_str(id)); }