LinSec configurable mandatory security policy provides two ways of hiding information related to processes (Chapter 4, Subsection 4.2.11):
Functionality, for both of the options, is implemented by forcing kernel functions that provide the information, obtainable through /proc file system, to omit the relevant data belonging to the hidden processes.
In the first case, it is enough to test whether the process to be listed has CAP_PROC_HIDDEN in its effective capability set. The struct task_struct for any process is easily located given the pid (process identifier). The functionality is implemented in function get_pid_list in fs/proc/base.c.
The second case, however, proved to be much more tricky to implement Linux kernel does not provide a mechanism to determine struct task_struct of a process that created a socket given struct sock (net/sock.h) structure that describes the socket. It is possible to find process group owning a socket (receiving IO signals on the socket) but that is not good enough. Therefore, LinSec had to extend struct sock by adding a flag element that shows whether a socket is hidden or not, determined by the existence of the CAP_NET_HIDDEN capability in the effective capability set of the process that created the socket at the time of the creation (sys_socket function in net/socket.h had to be modified). After such a solution has been implemented, it was enough to extend appropriate functions in net/ipv4/raw.c, net/ipv4/udp.c and net/ipv4/tcp_ipv4 to filter network information they provide to the /proc interface based on the flag value.