From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 9 Oct 2022 18:31:25 +0000 (+0300)
Subject: Check SECURITY_SELINUX_DEVELOP (recommended by Clip OS)
X-Git-Tag: v0.6.1~74
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=89acc36f215efad1e37a25f08d4d41c943b3b1c8;p=kconfig-hardened-check.git

Check SECURITY_SELINUX_DEVELOP (recommended by Clip OS)

Clip OS description: it "will eventually be n".
---

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 9dcc9d8..98a3493 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -535,6 +535,7 @@ def add_kconfig_checks(l, arch):
     l += [KconfigCheck('security_policy', 'kspp', 'SECURITY_LANDLOCK', 'y')]
     l += [KconfigCheck('security_policy', 'kspp', 'SECURITY_SELINUX_DISABLE', 'is not set')]
     l += [KconfigCheck('security_policy', 'clipos', 'SECURITY_SELINUX_BOOTPARAM', 'is not set')]
+    l += [KconfigCheck('security_policy', 'clipos', 'SECURITY_SELINUX_DEVELOP', 'is not set')]
     l += [KconfigCheck('security_policy', 'clipos', 'SECURITY_LOCKDOWN_LSM', 'y')]
     l += [KconfigCheck('security_policy', 'clipos', 'SECURITY_LOCKDOWN_LSM_EARLY', 'y')]
     l += [KconfigCheck('security_policy', 'clipos', 'LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY', 'y')]