cts: Modify ConfigHardwareMitigations to check new kernel vulnerability
Mark the target as mitigated if it is vulnerable to "Vulnerable:
Unprivileged eBPF enabled" as this vulnerability is not a problem
for Android and it is handled using selinux.
Bug: 232889873
Change-Id: I3ff213f02608900b3f33ed941eaad3f9af683894
Test: run cts --m CtsSecurityHostTestCases --t android.security.cts.KernelConfigTest#testConfigHardwareMitigations
(cherry picked from commit a3135f5b4f6591b9677f3ba7de95b877d4912f68)
diff --git a/hostsidetests/security/src/android/security/cts/KernelConfigTest.java b/hostsidetests/security/src/android/security/cts/KernelConfigTest.java
index 734a3a2..64ba2fd 100644
--- a/hostsidetests/security/src/android/security/cts/KernelConfigTest.java
+++ b/hostsidetests/security/src/android/security/cts/KernelConfigTest.java
@@ -187,7 +187,8 @@
if (mitigationInfoMeltdown != null && mitigationInfoSpectreV2 != null &&
!mitigationInfoMeltdown.contains("Vulnerable") &&
- !mitigationInfoSpectreV2.contains("Vulnerable"))
+ (!mitigationInfoSpectreV2.contains("Vulnerable") ||
+ mitigationInfoSpectreV2.equals("Vulnerable: Unprivileged eBPF enabled\n")))
return "VULN_SAFE";
for (String nodeInfo : pathList) {