else:
self.result = 'FAIL: "' + self.state + '"'
+ if self.result.startswith('OK'):
+ return True, self.result
+ else:
+ return False, self.result
+
def __repr__(self):
return '{} = {}'.format(self.name, self.state)
+class OR:
+ def __init__(self, *opts):
+ self.opts = opts
+ self.result = None
+
+ @property
+ def name(self):
+ return self.opts[0].name
+
+ @property
+ def expected(self):
+ return self.opts[0].expected
+
+ @property
+ def state(self):
+ return self.opts[0].state
+
+ @property
+ def decision(self):
+ return self.opts[0].decision
+
+ @property
+ def reason(self):
+ return self.opts[0].reason
+
+ def check(self):
+ for opt in self.opts:
+ result, msg = opt.check()
+ if result:
+ self.result = 'OK (CONFIG_{} {})'.format(opt.name, opt.state)
+ return result, self.result
+ self.result = 'FAIL: "{}"'.format(self.opts[0].state)
+ return False, self.result
+
+
def construct_opt_checks():
checklist.append(OptCheck('BUG', 'y', 'ubuntu18', 'self_protection'))
checklist.append(OptCheck('PAGE_TABLE_ISOLATION', 'y', 'ubuntu18', 'self_protection'))
checklist.append(OptCheck('ZSMALLOC_STAT', 'is not set', 'ubuntu18', 'cut_attack_surface'))
checklist.append(OptCheck('PAGE_OWNER', 'is not set', 'ubuntu18', 'cut_attack_surface'))
checklist.append(OptCheck('DEBUG_KMEMLEAK', 'is not set', 'ubuntu18', 'cut_attack_surface'))
+ checklist.append(OptCheck('BINFMT_AOUT', 'is not set', 'ubuntu18', 'cut_attack_surface'))
checklist.append(OptCheck('IO_STRICT_DEVMEM', 'y', 'kspp', 'cut_attack_surface'))
checklist.append(OptCheck('LEGACY_VSYSCALL_NONE', 'y', 'kspp', 'cut_attack_surface')) # 'vsyscall=none'
def perform_checks(parsed_options):
for opt in checklist:
- opt.state = get_option_state(parsed_options, opt.name)
+ if hasattr(opt, 'opts'):
+ for o in opt.opts:
+ o.state = get_option_state(parsed_options, o.name)
+ else:
+ opt.state = get_option_state(parsed_options, opt.name)
opt.check()
projects / kconfig-hardened-check.git / blobdiff