From a99f0765183642e2f334ec01df7141303ecc28e9 Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Sat, 20 Aug 2022 12:28:33 +0300 Subject: [PATCH] Introduce cc_is_gcc and cc_is_clang Use empty decision and reason for such kind of checks --- kconfig_hardened_check/__init__.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index 46dc658..9280f5a 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -312,10 +312,13 @@ def add_kconfig_checks(l, arch): # [!] Don't add CmdlineChecks in add_kconfig_checks() to avoid wrong results # when the tool doesn't check the cmdline. + efi_not_set = KconfigCheck('-', '-', 'EFI', 'is not set') + cc_is_gcc = KconfigCheck('-', '-', 'CC_IS_GCC', 'y') + cc_is_clang = KconfigCheck('-', '-', 'CC_IS_CLANG', 'y') + modules_not_set = KconfigCheck('cut_attack_surface', 'kspp', 'MODULES', 'is not set') devmem_not_set = KconfigCheck('cut_attack_surface', 'kspp', 'DEVMEM', 'is not set') # refers to LOCKDOWN bpf_syscall_not_set = KconfigCheck('cut_attack_surface', 'lockdown', 'BPF_SYSCALL', 'is not set') # refers to LOCKDOWN - efi_not_set = KconfigCheck('cut_attack_surface', 'my', 'EFI', 'is not set') # 'self_protection', 'defconfig' l += [KconfigCheck('self_protection', 'defconfig', 'BUG', 'y')] -- 2.31.1