Linux kernel security module management method, system, device and medium

By introducing an adaptation hook function mechanism, the security hook functions of third-party modules are decoupled from the kernel version, which solves the compatibility problem caused by version changes in the LSM framework, realizes stable and flexible security checks across versions, reduces maintenance costs, and improves the system's compatibility and portability.

CN122241732APending Publication Date: 2026-06-19XIAN THERMAL POWER RES INST CO LTD +2

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
XIAN THERMAL POWER RES INST CO LTD
Filing Date
2026-03-13
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Due to differences in Linux kernel versions, the hook function interfaces and security checkpoints of the Linux Security Module (LSM) framework may change, requiring third-party security modules to rewrite or modify their code for each kernel version. This increases the complexity of module development and maintenance and limits cross-version portability.

Method used

An adaptation hook function mechanism is introduced to decouple the security hook functions of third-party modules from the security checkpoints of specific kernel versions. By adapting the hook functions, the security checkpoints are mapped to the actual hook interfaces of the current kernel. The kernel version is dynamically obtained and a compatible registration interface is selected. The security hook functions are organized using a linked list structure and executed and decided according to a predefined order and aggregation strategy.

Benefits of technology

It reduces the maintenance cost of third-party modules, improves cross-kernel version compatibility and portability, ensures the stability of security checks and the consistency of policies, avoids code modifications due to kernel version changes, and enhances the robustness and flexibility of the system.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122241732A_ABST
    Figure CN122241732A_ABST
Patent Text Reader

Abstract

This invention relates to the field of Linux security control, specifically to a Linux kernel security module management method, system, device, and medium, comprising: receiving a registration request from a third-party module; registering adaptable hook functions with the Linux kernel security module, each adaptable hook function corresponding to a security checkpoint; in response to any adaptable hook function being called, determining the security checkpoint corresponding to the called adaptable hook function to obtain the current security checkpoint; filtering the security hook functions corresponding to the current security checkpoint from all security hook functions to obtain target security hook functions; executing all target security hook functions, and sending access control decisions for the current security checkpoint to the Linux kernel security module based on the execution results. This invention significantly reduces the maintenance cost of third-party modules and improves their cross-kernel version compatibility and portability.
Need to check novelty before this filing date? Find Prior Art