From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 6 Oct 2024 22:25:11 +0000 (+0300)
Subject: Reorder populating the checklist with data
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=c577892112b1692ea53d251268d18217a18bf8a8;p=kconfig-hardened-check.git

Reorder populating the checklist with data

First, we should add the version data.

Then we should populate the checklist with the parsed Kconfig data
and do the kconfig refinement.
---

diff --git a/kernel_hardening_checker/__init__.py b/kernel_hardening_checker/__init__.py
index 0af2e30..41414e3 100755
--- a/kernel_hardening_checker/__init__.py
+++ b/kernel_hardening_checker/__init__.py
@@ -328,13 +328,23 @@ def main() -> None:
             # add relevant sysctl checks to the checklist
             add_sysctl_checks(config_checklist, arch)
 
+        # populate the checklist with the kernel version data
+        populate_with_data(config_checklist, kernel_version, 'version')
+
         # populate the checklist with the parsed Kconfig data
         parsed_kconfig_options = {} # type: Dict[str, str]
         parse_kconfig_file(mode, parsed_kconfig_options, args.config)
         populate_with_data(config_checklist, parsed_kconfig_options, 'kconfig')
 
-        # populate the checklist with the kernel version data
-        populate_with_data(config_checklist, kernel_version, 'version')
+        # hackish refinement of the CONFIG_ARCH_MMAP_RND_BITS check
+        mmap_rnd_bits_max = parsed_kconfig_options.get('CONFIG_ARCH_MMAP_RND_BITS_MAX', None)
+        if mmap_rnd_bits_max:
+            override_expected_value(config_checklist, 'CONFIG_ARCH_MMAP_RND_BITS', mmap_rnd_bits_max)
+        else:
+            # remove the CONFIG_ARCH_MMAP_RND_BITS check to avoid false results
+            if mode != 'json':
+                print('[-] Can\'t check CONFIG_ARCH_MMAP_RND_BITS without CONFIG_ARCH_MMAP_RND_BITS_MAX')
+            config_checklist[:] = [o for o in config_checklist if o.name != 'CONFIG_ARCH_MMAP_RND_BITS']
 
         if args.cmdline:
             # populate the checklist with the parsed cmdline data
@@ -348,16 +358,6 @@ def main() -> None:
             parse_sysctl_file(mode, parsed_sysctl_options, args.sysctl)
             populate_with_data(config_checklist, parsed_sysctl_options, 'sysctl')
 
-        # hackish refinement of the CONFIG_ARCH_MMAP_RND_BITS check
-        mmap_rnd_bits_max = parsed_kconfig_options.get('CONFIG_ARCH_MMAP_RND_BITS_MAX', None)
-        if mmap_rnd_bits_max:
-            override_expected_value(config_checklist, 'CONFIG_ARCH_MMAP_RND_BITS', mmap_rnd_bits_max)
-        else:
-            # remove the CONFIG_ARCH_MMAP_RND_BITS check to avoid false results
-            if mode != 'json':
-                print('[-] Can\'t check CONFIG_ARCH_MMAP_RND_BITS without CONFIG_ARCH_MMAP_RND_BITS_MAX')
-            config_checklist[:] = [o for o in config_checklist if o.name != 'CONFIG_ARCH_MMAP_RND_BITS']
-
         # now everything is ready, perform the checks
         perform_checks(config_checklist)