[PATCH] security: policy: allow querying the active policy

Mon, 10 Nov 2025 13:47:40 -0800 

Sometimes it is needed from board code to not to check what is allowed,
but what is the currently activated security policy to do some stuff.

Signed-off-by: Fabian Pflug <[email protected]>
---
 include/security/policy.h | 1 +
 security/policy.c         | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/include/security/policy.h b/include/security/policy.h
index c41220ef3b..3eedf6e5ac 100644
--- a/include/security/policy.h
+++ b/include/security/policy.h
@@ -32,6 +32,7 @@ const struct security_policy *security_policy_get(const char 
*name);
 int security_policy_activate(const struct security_policy *policy);
 int security_policy_select(const char *name);
 void security_policy_list(void);
+bool security_policy_is_active(const char *name);
 
 #ifdef CONFIG_SECURITY_POLICY
 int __security_policy_register(const struct security_policy policy[]);
diff --git a/security/policy.c b/security/policy.c
index 85333d9e6f..abb956014d 100644
--- a/security/policy.c
+++ b/security/policy.c
@@ -225,6 +225,14 @@ static int security_policy_get_name(struct param_d *param, 
void *priv)
        return 0;
 }
 
+bool security_policy_is_active(const char *name)
+{
+       if (!active_policy)
+               return false;
+
+       return !strcmp(name, active_policy->name);
+}
+
 static int security_init(void)
 {
        register_device(&security_device);
-- 
2.47.3

Reply via email to