linux/security/security.c
Imported from
_research/manual-study-linux/file-notes/linux__security__security.c.md.
File Notes: security/security.c
Status: reviewed.
Purpose: Linux Security Module hook dispatch.
Review target: hook registration, policy dispatch, default behavior, and agent authority/sandbox design.
Evidence
security/security.cbuilds static calls and active keys for LSM hooks around lines 88-154.- It includes
linux/lsm_hook_defs.haround lines 122-124 and 147-151 to generate hook structures. include/linux/lsm_hook_defs.hdocuments theLSM_HOOK(return, default, name, args...)pattern around lines 17-27.- Example hooks include
capableat line 44, mount hooks around lines 72-74, and path hooks around lines 90-110.
Design Notes
The LSM layer is a policy hook lattice across object lifecycles. An AI runtime should use the same idea for tool authorization: typed hooks, default decisions, and explicit policy modules instead of scattered permission checks.