lsm,selinux: Add LSM blob support for BPF objects

This patch introduces LSM blob support for BPF maps, programs, and tokens to enable LSM stacking and multiplexing of LSM modules that govern BPF objects. Additionally, the existing BPF hooks used by SELinux have been updated to utilize the new blob infrastructure, removing the assumption of exclusive ownership of the security pointer. Signed-off-by: Blaise Boscaccy <bboscaccy@linux.microsoft.com> [PM: dropped local variable init, style fixes] Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Blaise Boscaccy <bboscaccy@linux.microsoft.com> 2025-07-22 14:21:34 -0700
committer: Paul Moore <paul@paul-moore.com> 2025-08-11 17:56:09 -0400
commit: 5816bf4273edb32716a88c796e0b04f0e12962eb (patch)
tree: 539cd5d2886c3651e23124c5ec913cf053bdb843 /include
parent: e5bc887413e513a2cb658370dd09fa9e1702fb3b (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 090d1d3e19fe..79ec5a2bdcca 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -116,6 +116,9 @@ struct lsm_blob_sizes {
 	int lbs_xattr_count; /* number of xattr slots in new_xattrs array */
 	int lbs_tun_dev;
 	int lbs_bdev;
+	int lbs_bpf_map;
+	int lbs_bpf_prog;
+	int lbs_bpf_token;
 };
 
 /*
author	Blaise Boscaccy <bboscaccy@linux.microsoft.com>	2025-07-22 14:21:34 -0700
committer	Paul Moore <paul@paul-moore.com>	2025-08-11 17:56:09 -0400
commit	5816bf4273edb32716a88c796e0b04f0e12962eb (patch)
tree	539cd5d2886c3651e23124c5ec913cf053bdb843 /include
parent	e5bc887413e513a2cb658370dd09fa9e1702fb3b (diff)