From: Alexander Popov <alex.popov@linux.com>
Date: Sat, 16 Dec 2023 23:11:53 +0000 (+0300)
Subject: Add the SECURITY_SELINUX_DEBUG check
X-Git-Tag: v0.6.6~33
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=303573e55b87ce142a89d48c0a4d2694cf37cae7;hp=476c0992e1a1726737274d3794797556a58e20cf;p=kconfig-hardened-check.git

Add the SECURITY_SELINUX_DEBUG check
---

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index 7c3d033..69a9fd9 100644
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -246,6 +246,7 @@ def add_kconfig_checks(l, arch):
     l += [KconfigCheck('security_policy', 'kspp', 'SECURITY_LOCKDOWN_LSM_EARLY', 'y')]
     l += [KconfigCheck('security_policy', 'kspp', 'LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY', 'y')]
     l += [KconfigCheck('security_policy', 'kspp', 'SECURITY_WRITABLE_HOOKS', 'is not set')] # refers to SECURITY_SELINUX_DISABLE
+    l += [KconfigCheck('security_policy', 'my', 'SECURITY_SELINUX_DEBUG', 'is not set')]
     l += [OR(KconfigCheck('security_policy', 'my', 'SECURITY_SELINUX', 'y'),
              KconfigCheck('security_policy', 'my', 'SECURITY_APPARMOR', 'y'),
              KconfigCheck('security_policy', 'my', 'SECURITY_SMACK', 'y'),