Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / f0bb2d44ca26b7090dc7bade8877b77005f07dfc / . / security / apparmor / Kconfig
blob: b6b68a7750ce36597ecba044f82385c8e6efc71f [file] [log] [blame]
John Johansen016d8252010-07-30 13:46:33 +1000[diff] [blame]1config SECURITY_APPARMOR
2 bool "AppArmor support"
Randy Dunlap06c22da2010-08-02 10:52:18 -0700[diff] [blame]3 depends on SECURITY && NET
John Johansen016d8252010-07-30 13:46:33 +1000[diff] [blame]4 select AUDIT
5 select SECURITY_PATH
6 select SECURITYFS
7 select SECURITY_NETWORK
8 default n
9 help
10 This enables the AppArmor security module.
11 Required userspace tools (if they are not included in your
12 distribution) and further information may be found at
13 http://apparmor.wiki.kernel.org
14
15 If you are unsure how to answer this question, answer N.
16
17config SECURITY_APPARMOR_BOOTPARAM_VALUE
18 int "AppArmor boot parameter default value"
19 depends on SECURITY_APPARMOR
20 range 0 1
21 default 1
22 help
23 This option sets the default value for the kernel parameter
24 'apparmor', which allows AppArmor to be enabled or disabled
25 at boot. If this option is set to 0 (zero), the AppArmor
26 kernel parameter will default to 0, disabling AppArmor at
27 boot. If this option is set to 1 (one), the AppArmor
28 kernel parameter will default to 1, enabling AppArmor at
29 boot.
30
31 If you are unsure how to answer this question, answer 1.
John Johansenf8eb8a12013-08-14 11:27:36 -0700[diff] [blame]32
33config SECURITY_APPARMOR_HASH
John Johansen6059f712014-10-24 09:16:14 -0700[diff] [blame]34 bool "Enable introspection of sha1 hashes for loaded profiles"
John Johansenf8eb8a12013-08-14 11:27:36 -0700[diff] [blame]35 depends on SECURITY_APPARMOR
Arnd Bergmann083c1292015-10-21 21:16:29 +0200[diff] [blame]36 select CRYPTO
John Johansenf8eb8a12013-08-14 11:27:36 -0700[diff] [blame]37 select CRYPTO_SHA1
38 default y
John Johansenf8eb8a12013-08-14 11:27:36 -0700[diff] [blame]39 help
John Johansen6059f712014-10-24 09:16:14 -0700[diff] [blame]40 This option selects whether introspection of loaded policy
41 is available to userspace via the apparmor filesystem.
42
43config SECURITY_APPARMOR_HASH_DEFAULT
44 bool "Enable policy hash introspection by default"
45 depends on SECURITY_APPARMOR_HASH
46 default y
John Johansen6059f712014-10-24 09:16:14 -0700[diff] [blame]47 help
48 This option selects whether sha1 hashing of loaded policy
49 is enabled by default. The generation of sha1 hashes for
50 loaded policy provide system administrators a quick way
51 to verify that policy in the kernel matches what is expected,
52 however it can slow down policy load on some devices. In
53 these cases policy hashing can be disabled by default and
54 enabled only if needed.
John Johansen680cd622017-01-16 00:42:27 -0800[diff] [blame]55
56config SECURITY_APPARMOR_DEBUG
57 bool "Build AppArmor with debug code"
58 depends on SECURITY_APPARMOR
59 default n
60 help
61 Build apparmor with debugging logic in apparmor. Not all
62 debugging logic will necessarily be enabled. A submenu will
63 provide fine grained control of the debug options that are
64 available.
65
66config SECURITY_APPARMOR_DEBUG_ASSERTS
67 bool "Build AppArmor with debugging asserts"
68 depends on SECURITY_APPARMOR_DEBUG
69 default y
70 help
71 Enable code assertions made with AA_BUG. These are primarily
72 function entry preconditions but also exist at other key
73 points. If the assert is triggered it will trigger a WARN
74 message.
75
76config SECURITY_APPARMOR_DEBUG_MESSAGES
77 bool "Debug messages enabled by default"
78 depends on SECURITY_APPARMOR_DEBUG
79 default n
80 help
81 Set the default value of the apparmor.debug kernel parameter.
82 When enabled, various debug messages will be logged to
83 the kernel message buffer.