On Apr 16, 2025 Li Li <dualli@xxxxxxxxxxxx> wrote: > > Introduce a new permission "setup_report" to the "binder" class. > This persmission controls the ability to set up the binder generic > netlink driver to report certain binder transactions. > > Signed-off-by: Thiébaud Weksteen <tweek@xxxxxxxxxx> > Signed-off-by: Li Li <dualli@xxxxxxxxxx> > --- > include/linux/lsm_hook_defs.h | 1 + > include/linux/security.h | 6 ++++++ > security/security.c | 13 +++++++++++++ > security/selinux/hooks.c | 7 +++++++ > security/selinux/include/classmap.h | 3 ++- > 5 files changed, 29 insertions(+), 1 deletion(-) When possible, it is helpful to include at least one caller in the patch which adds a new LSM hook as it helps put the hook in context. With that in mind, I think it would be best to reorder this patchset so that patch 2/3 comes first and this patch comes second, with this patch including the change to binder_nl_report_setup_doit() which adds the call to the new LSM hook. -- paul-moore.com
