[PATCH] security: policy: allow querying the active policy

Mon Nov 10 13:46:42 PST 2025

Sometimes it is needed from board code to not to check what is allowed,
but what is the currently activated security policy to do some stuff.

Signed-off-by: Fabian Pflug <f.pflug at pengutronix.de>
---
 include/security/policy.h | 1 +
 security/policy.c         | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/include/security/policy.h b/include/security/policy.h
index c41220ef3b..3eedf6e5ac 100644
--- a/include/security/policy.h
+++ b/include/security/policy.h
@@ -32,6 +32,7 @@ const struct security_policy *security_policy_get(const char *name);
 int security_policy_activate(const struct security_policy *policy);
 int security_policy_select(const char *name);
 void security_policy_list(void);
+bool security_policy_is_active(const char *name);
 
 #ifdef CONFIG_SECURITY_POLICY
 int __security_policy_register(const struct security_policy policy[]);
diff --git a/security/policy.c b/security/policy.c
index 85333d9e6f..abb956014d 100644
--- a/security/policy.c
+++ b/security/policy.c
@@ -225,6 +225,14 @@ static int security_policy_get_name(struct param_d *param, void *priv)
 	return 0;
 }
 
+bool security_policy_is_active(const char *name)
+{
+	if (!active_policy)
+		return false;
+
+	return !strcmp(name, active_policy->name);
+}
+
 static int security_init(void)
 {
 	register_device(&security_device);
-- 
2.47.3


