Skip to content

linux/security/security.c

Imported from _research/manual-study-linux/file-notes/linux__security__security.c.md.

File Notes: security/security.c

Status: reviewed.

Purpose: Linux Security Module hook dispatch.

Review target: hook registration, policy dispatch, default behavior, and agent authority/sandbox design.

Evidence

  • security/security.c builds static calls and active keys for LSM hooks around lines 88-154.
  • It includes linux/lsm_hook_defs.h around lines 122-124 and 147-151 to generate hook structures.
  • include/linux/lsm_hook_defs.h documents the LSM_HOOK(return, default, name, args...) pattern around lines 17-27.
  • Example hooks include capable at line 44, mount hooks around lines 72-74, and path hooks around lines 90-110.

Design Notes

The LSM layer is a policy hook lattice across object lifecycles. An AI runtime should use the same idea for tool authorization: typed hooks, default decisions, and explicit policy modules instead of scattered permission checks.