cts: Modify ConfigHardwareMitigations to check new kernel vulnerability Mark the target as mitigated if it is vulnerable to "Vulnerable: Unprivileged eBPF enabled" as this vulnerability is not a problem for Android and it is handled using selinux. Bug: 232889873 Change-Id: I3ff213f02608900b3f33ed941eaad3f9af683894 Test: run cts --m CtsSecurityHostTestCases --t android.security.cts.KernelConfigTest#testConfigHardwareMitigations (cherry picked from commit a3135f5b4f6591b9677f3ba7de95b877d4912f68)

commit: 4a38fd79264f8f524f2647f1b2db065d785a3c5e [log] [tgz]
author: Mukesh Ojha <quic_mojha@quicinc.com> Fri Jun 03 11:48:52 2022 +0530
committer: Banseok Ahn <banseok@google.com> Wed Jun 22 06:00:15 2022 +0000
tree: c0ee3297c109303e72501f09cac54cc8576b17fa
parent: 4ad412da021a47e80fdc3c8877f01d859e6efb10 [diff]
diff --git a/hostsidetests/security/src/android/security/cts/KernelConfigTest.java b/hostsidetests/security/src/android/security/cts/KernelConfigTest.java
index 734a3a2..64ba2fd 100644
--- a/hostsidetests/security/src/android/security/cts/KernelConfigTest.java
+++ b/hostsidetests/security/src/android/security/cts/KernelConfigTest.java

@@ -187,7 +187,8 @@
 
         if (mitigationInfoMeltdown != null && mitigationInfoSpectreV2 != null &&
             !mitigationInfoMeltdown.contains("Vulnerable") &&
-            !mitigationInfoSpectreV2.contains("Vulnerable"))
+            (!mitigationInfoSpectreV2.contains("Vulnerable") ||
+              mitigationInfoSpectreV2.equals("Vulnerable: Unprivileged eBPF enabled\n")))
                 return "VULN_SAFE";
 
         for (String nodeInfo : pathList) {
commit	4a38fd79264f8f524f2647f1b2db065d785a3c5e	[log] [tgz]
author	Mukesh Ojha <quic_mojha@quicinc.com>	Fri Jun 03 11:48:52 2022 +0530
committer	Banseok Ahn <banseok@google.com>	Wed Jun 22 06:00:15 2022 +0000
tree	c0ee3297c109303e72501f09cac54cc8576b17fa
parent	4ad412da021a47e80fdc3c8877f01d859e6efb10 [diff]