From 53c04604d484169c8b1a805022251fcf91ed5cec Mon Sep 17 00:00:00 2001
From: Paul Renauld <paulrenauld27@gmail.com>
Date: Wed, 10 Jun 2020 11:51:48 +0200
Subject: [PATCH 1/2] init paulsm

---
 security/Kconfig         |  1 +
 security/Makefile        |  2 ++
 security/paulsm/Kconfig  | 12 ++++++++++++
 security/paulsm/Makefile |  1 +
 security/paulsm/paulsm.c | 30 ++++++++++++++++++++++++++++++
 5 files changed, 46 insertions(+)
 create mode 100644 security/paulsm/Kconfig
 create mode 100644 security/paulsm/Makefile
 create mode 100644 security/paulsm/paulsm.c

diff --git a/security/Kconfig b/security/Kconfig
index cd3cc7da3a55d9..8fe3efc4bb8ffc 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -235,6 +235,7 @@ source "security/smack/Kconfig"
 source "security/tomoyo/Kconfig"
 source "security/apparmor/Kconfig"
 source "security/loadpin/Kconfig"
+source "security/paulsm/Kconfig"
 source "security/yama/Kconfig"
 source "security/safesetid/Kconfig"
 source "security/lockdown/Kconfig"
diff --git a/security/Makefile b/security/Makefile
index 3baf435de5411b..fda594d4e4ef46 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -10,6 +10,7 @@ subdir-$(CONFIG_SECURITY_TOMOYO)        += tomoyo
 subdir-$(CONFIG_SECURITY_APPARMOR)	+= apparmor
 subdir-$(CONFIG_SECURITY_YAMA)		+= yama
 subdir-$(CONFIG_SECURITY_LOADPIN)	+= loadpin
+subdir-$(CONFIG_SECURITY_PAULSM)	+= paulsm
 subdir-$(CONFIG_SECURITY_SAFESETID)    += safesetid
 subdir-$(CONFIG_SECURITY_LOCKDOWN_LSM)	+= lockdown
 subdir-$(CONFIG_BPF_LSM)		+= bpf
@@ -28,6 +29,7 @@ obj-$(CONFIG_SECURITY_TOMOYO)		+= tomoyo/
 obj-$(CONFIG_SECURITY_APPARMOR)		+= apparmor/
 obj-$(CONFIG_SECURITY_YAMA)		+= yama/
 obj-$(CONFIG_SECURITY_LOADPIN)		+= loadpin/
+obj-$(CONFIG_SECURITY_PAULSM)		+= paulsm/
 obj-$(CONFIG_SECURITY_SAFESETID)       += safesetid/
 obj-$(CONFIG_SECURITY_LOCKDOWN_LSM)	+= lockdown/
 obj-$(CONFIG_CGROUPS)			+= device_cgroup.o
diff --git a/security/paulsm/Kconfig b/security/paulsm/Kconfig
new file mode 100644
index 00000000000000..1d8f2c74d559aa
--- /dev/null
+++ b/security/paulsm/Kconfig
@@ -0,0 +1,12 @@
+
+config SECURITY_PAULSM
+	bool "Prevent deleting files for which the name starts with `paul`"
+	depends on SECURITY && BLOCK
+	help
+	  Any hard link unlinking on files that starts with `paul` will be prevented, and an error message will be displayed.
+
+config SECURITY_PAULSM_ENFORCE
+	bool "Enforce paulsm at boot"
+	depends on SECURITY_PAULSM
+	help
+	  If selected, paulsm will be enforced at boot.
diff --git a/security/paulsm/Makefile b/security/paulsm/Makefile
new file mode 100644
index 00000000000000..8b79b3d09b1809
--- /dev/null
+++ b/security/paulsm/Makefile
@@ -0,0 +1 @@
+obj-$(CONFIG_SECURITY_PAULSM) += paulsm.o
diff --git a/security/paulsm/paulsm.c b/security/paulsm/paulsm.c
new file mode 100644
index 00000000000000..2b6f73de43f4a8
--- /dev/null
+++ b/security/paulsm/paulsm.c
@@ -0,0 +1,30 @@
+
+#include <linux/module.h>
+#include <linux/lsm_hooks.h>
+
+static int paul_inode_unlink(struct inode *dir, struct dentry *dentry)
+{
+	if (strncmp("paul", dentry->d_iname, 4) == 0) {
+		printk(KERN_ALERT "Paul's unlinking node alert: %s\n", 
+			dentry->d_iname);
+		return 1;
+	}
+	return 0;
+}
+
+static struct security_hook_list paulsm_hooks[] __lsm_ro_after_init = {
+	LSM_HOOK_INIT(inode_unlink, paul_inode_unlink),
+};
+
+static int __init paulsm_init(void)
+{
+	printk(KERN_ALERT "paulsm init");
+	security_add_hooks(paulsm_hooks, ARRAY_SIZE(paulsm_hooks), "paulsm");
+	return 0;
+}
+
+DEFINE_LSM(paulsm) = {
+	.name = "paulsm",
+	.init = paulsm_init,
+};
+

From d4dcf9f18cb4a2b4c8527b6afe07c6288e0cd7b4 Mon Sep 17 00:00:00 2001
From: Paul Renauld <paulrenauld27@gmail.com>
Date: Wed, 10 Jun 2020 12:10:52 +0200
Subject: [PATCH 2/2] license + description

---
 security/paulsm/Kconfig  | 4 ++--
 security/paulsm/Makefile | 1 +
 security/paulsm/paulsm.c | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/security/paulsm/Kconfig b/security/paulsm/Kconfig
index 1d8f2c74d559aa..2433298c19f1e6 100644
--- a/security/paulsm/Kconfig
+++ b/security/paulsm/Kconfig
@@ -1,6 +1,6 @@
-
+# SPDX-License-Identifier: GPL-2.0-only
 config SECURITY_PAULSM
-	bool "Prevent deleting files for which the name starts with `paul`"
+	bool "Prevents any file that starts with `paul` to be deleted"
 	depends on SECURITY && BLOCK
 	help
 	  Any hard link unlinking on files that starts with `paul` will be prevented, and an error message will be displayed.
diff --git a/security/paulsm/Makefile b/security/paulsm/Makefile
index 8b79b3d09b1809..5e9555cfedcd33 100644
--- a/security/paulsm/Makefile
+++ b/security/paulsm/Makefile
@@ -1 +1,2 @@
+# SPDX-License-Identifier: GPL-2.0-only
 obj-$(CONFIG_SECURITY_PAULSM) += paulsm.o
diff --git a/security/paulsm/paulsm.c b/security/paulsm/paulsm.c
index 2b6f73de43f4a8..55a28288d75730 100644
--- a/security/paulsm/paulsm.c
+++ b/security/paulsm/paulsm.c
@@ -1,4 +1,4 @@
-
+// SPDX-License-Identifier: GPL-2.0-only
 #include <linux/module.h>
 #include <linux/lsm_hooks.h>