Hello Fabian, On 11/10/25 10:46 PM, Fabian Pflug wrote: > Sometimes it is needed from board code to not to check what is allowed, > but what is the currently activated security policy to do some stuff.
As you know, security policies were a recent addition in the last month's release and we are still gathering experience with how to best use it. May I ask what you are using the name for? I envisioned the name to be just a descriptive string and that boards would define their own SCONFIG_ symbols if they need to control something. Thanks, Ahmad > > Signed-off-by: Fabian Pflug <[email protected]> > --- > include/security/policy.h | 1 + > security/policy.c | 8 ++++++++ > 2 files changed, 9 insertions(+) > > diff --git a/include/security/policy.h b/include/security/policy.h > index c41220ef3b..3eedf6e5ac 100644 > --- a/include/security/policy.h > +++ b/include/security/policy.h > @@ -32,6 +32,7 @@ const struct security_policy *security_policy_get(const > char *name); > int security_policy_activate(const struct security_policy *policy); > int security_policy_select(const char *name); > void security_policy_list(void); > +bool security_policy_is_active(const char *name); > > #ifdef CONFIG_SECURITY_POLICY > int __security_policy_register(const struct security_policy policy[]); > diff --git a/security/policy.c b/security/policy.c > index 85333d9e6f..abb956014d 100644 > --- a/security/policy.c > +++ b/security/policy.c > @@ -225,6 +225,14 @@ static int security_policy_get_name(struct param_d > *param, void *priv) > return 0; > } > > +bool security_policy_is_active(const char *name) > +{ > + if (!active_policy) > + return false; > + > + return !strcmp(name, active_policy->name); > +} > + > static int security_init(void) > { > register_device(&security_device); -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
