[PATCH v6 4/7] security: policy: add notifier chain for name change
Fabian Pflug
f.pflug at pengutronix.de
Tue Mar 24 02:52:37 PDT 2026
Add an additional notifier chain, that gets called, whenever a security
policy itself is changed, independent of the policies that have changed,
which could be used to inform users about the currently selected policy
name.
Signed-off-by: Fabian Pflug <f.pflug at pengutronix.de>
---
include/security/config.h | 1 +
security/policy.c | 3 +++
2 files changed, 4 insertions(+)
diff --git a/include/security/config.h b/include/security/config.h
index b37ef4272c..35a5e963f7 100644
--- a/include/security/config.h
+++ b/include/security/config.h
@@ -20,6 +20,7 @@ extern const char *sconfig_names[SCONFIG_NUM];
int sconfig_lookup(const char *name);
extern struct notifier_head sconfig_notifier_list;
+extern struct notifier_head sconfig_name_notifier;
bool is_allowed(const struct security_policy *policy, unsigned option);
diff --git a/security/policy.c b/security/policy.c
index fadcca4463..7795d6dfce 100644
--- a/security/policy.c
+++ b/security/policy.c
@@ -47,6 +47,7 @@ static const struct security_policy *active_policy;
static LIST_HEAD(policy_list);
NOTIFIER_HEAD(sconfig_notifier_list);
+NOTIFIER_HEAD(sconfig_name_notifier);
static bool __is_allowed(const struct security_policy *policy, unsigned option)
{
@@ -102,6 +103,8 @@ int security_policy_activate(const struct security_policy *policy)
notifier_call_chain(&sconfig_notifier_list, i, NULL);
}
+ notifier_call_chain(&sconfig_name_notifier, 0, NULL);
+
return 0;
}
--
2.47.3
More information about the barebox
mailing list