forked from ~ljy/RK356X_SDK_RELEASE
blame | history | patch | commit | commitdiff
hc
2024-02-20 ea08eeccae9297f7aabd2ef7f0c2517ac4549acc 
 kernel/security/tomoyo/Kconfig
....@@ -1,3 +1,4 @@
1
+# SPDX-License-Identifier: GPL-2.0-only
12 config SECURITY_TOMOYO
23 	bool "TOMOYO Linux Support"
34 	depends on SECURITY
....@@ -42,7 +43,7 @@
4243 	bool "Activate without calling userspace policy loader."
4344 	default n
4445 	depends on SECURITY_TOMOYO
45
-	---help---
46
+	help
4647 	  Say Y here if you want to activate access control as soon as built-in
4748 	  policy was loaded. This option will be useful for systems where
4849 	  operations which can lead to the hijacking of the boot sequence are
....@@ -59,7 +60,7 @@
5960 	default "/sbin/tomoyo-init"
6061 	depends on SECURITY_TOMOYO
6162 	depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
62
-	---help---
63
+	help
6364 	  This is the default pathname of policy loader which is called before
6465 	  activation. You can override this setting via TOMOYO_loader= kernel
6566 	  command line option.
....@@ -69,8 +70,18 @@
6970 	default "/sbin/init"
7071 	depends on SECURITY_TOMOYO
7172 	depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
72
-	---help---
73
+	help
7374 	  This is the default pathname of activation trigger.
7475 	  You can override this setting via TOMOYO_trigger= kernel command line
7576 	  option. For example, if you pass init=/bin/systemd option, you may
7677 	  want to also pass TOMOYO_trigger=/bin/systemd option.
78
+
79
+config SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
80
+	bool "Use insecure built-in settings for fuzzing tests."
81
+	default n
82
+	depends on SECURITY_TOMOYO
83
+	select SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
84
+	help
85
+	  Enabling this option forces minimal built-in policy and disables
86
+	  domain/program checks for run-time policy modifications. Please enable
87
+	  this option only if this kernel is built for doing fuzzing tests.