xref: /openbmc/linux/security/apparmor/Kconfig (revision 7ae9fb1b7ecbb5d85d07857943f677fd1a559b18) 
1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only
2016d825fSJohn Johansenconfig SECURITY_APPARMOR
3016d825fSJohn Johansen	bool "AppArmor support"
406c22dadSRandy Dunlap	depends on SECURITY && NET
5016d825fSJohn Johansen	select AUDIT
6016d825fSJohn Johansen	select SECURITY_PATH
7016d825fSJohn Johansen	select SECURITYFS
8016d825fSJohn Johansen	select SECURITY_NETWORK
9016d825fSJohn Johansen	default n
10016d825fSJohn Johansen	help
11016d825fSJohn Johansen	  This enables the AppArmor security module.
12016d825fSJohn Johansen	  Required userspace tools (if they are not included in your
13016d825fSJohn Johansen	  distribution) and further information may be found at
14016d825fSJohn Johansen	  http://apparmor.wiki.kernel.org
15016d825fSJohn Johansen
16016d825fSJohn Johansen	  If you are unsure how to answer this question, answer N.
17016d825fSJohn Johansen
18680cd62eSJohn Johansenconfig SECURITY_APPARMOR_DEBUG
19680cd62eSJohn Johansen	bool "Build AppArmor with debug code"
20680cd62eSJohn Johansen	depends on SECURITY_APPARMOR
21680cd62eSJohn Johansen	default n
22680cd62eSJohn Johansen	help
23680cd62eSJohn Johansen	  Build apparmor with debugging logic in apparmor. Not all
24680cd62eSJohn Johansen	  debugging logic will necessarily be enabled. A submenu will
25680cd62eSJohn Johansen	  provide fine grained control of the debug options that are
26680cd62eSJohn Johansen	  available.
27680cd62eSJohn Johansen
28680cd62eSJohn Johansenconfig SECURITY_APPARMOR_DEBUG_ASSERTS
29680cd62eSJohn Johansen	bool "Build AppArmor with debugging asserts"
30680cd62eSJohn Johansen	depends on SECURITY_APPARMOR_DEBUG
31680cd62eSJohn Johansen	default y
32680cd62eSJohn Johansen	help
33680cd62eSJohn Johansen	  Enable code assertions made with AA_BUG. These are primarily
34680cd62eSJohn Johansen	  function entry preconditions but also exist at other key
35680cd62eSJohn Johansen	  points. If the assert is triggered it will trigger a WARN
36680cd62eSJohn Johansen	  message.
37680cd62eSJohn Johansen
38680cd62eSJohn Johansenconfig SECURITY_APPARMOR_DEBUG_MESSAGES
39680cd62eSJohn Johansen	bool "Debug messages enabled by default"
40680cd62eSJohn Johansen	depends on SECURITY_APPARMOR_DEBUG
41680cd62eSJohn Johansen	default n
42680cd62eSJohn Johansen	help
43680cd62eSJohn Johansen	  Set the default value of the apparmor.debug kernel parameter.
44680cd62eSJohn Johansen	  When enabled, various debug messages will be logged to
45680cd62eSJohn Johansen	  the kernel message buffer.
464d944bcdSMike Salvatore
47d61c57fdSJohn Johansenconfig SECURITY_APPARMOR_INTROSPECT_POLICY
48d61c57fdSJohn Johansen	bool "Allow loaded policy to be introspected"
49d61c57fdSJohn Johansen	depends on SECURITY_APPARMOR
50d61c57fdSJohn Johansen	default y
51d61c57fdSJohn Johansen	help
52d61c57fdSJohn Johansen	  This option selects whether introspection of loaded policy
53d61c57fdSJohn Johansen	  is available to userspace via the apparmor filesystem. This
54d61c57fdSJohn Johansen	  adds to kernel memory usage. It is required for introspection
55d61c57fdSJohn Johansen	  of loaded policy, and check point and restore support. It
56d61c57fdSJohn Johansen	  can be disabled for embedded systems where reducing memory and
57d61c57fdSJohn Johansen	  cpu is paramount.
58d61c57fdSJohn Johansen
59d61c57fdSJohn Johansenconfig SECURITY_APPARMOR_HASH
60d61c57fdSJohn Johansen	bool "Enable introspection of sha1 hashes for loaded profiles"
61d61c57fdSJohn Johansen	depends on SECURITY_APPARMOR_INTROSPECT_POLICY
62d61c57fdSJohn Johansen	select CRYPTO
63d61c57fdSJohn Johansen	select CRYPTO_SHA1
64d61c57fdSJohn Johansen	default y
65d61c57fdSJohn Johansen	help
66d61c57fdSJohn Johansen	  This option selects whether introspection of loaded policy
67d61c57fdSJohn Johansen	  hashes is available to userspace via the apparmor
68d61c57fdSJohn Johansen	  filesystem. This option provides a light weight means of
69d61c57fdSJohn Johansen	  checking loaded policy.  This option adds to policy load
70d61c57fdSJohn Johansen	  time and can be disabled for small embedded systems.
71d61c57fdSJohn Johansen
72d61c57fdSJohn Johansenconfig SECURITY_APPARMOR_HASH_DEFAULT
73d61c57fdSJohn Johansen       bool "Enable policy hash introspection by default"
74d61c57fdSJohn Johansen       depends on SECURITY_APPARMOR_HASH
75d61c57fdSJohn Johansen       default y
76d61c57fdSJohn Johansen       help
77d61c57fdSJohn Johansen         This option selects whether sha1 hashing of loaded policy
78d61c57fdSJohn Johansen	 is enabled by default. The generation of sha1 hashes for
79d61c57fdSJohn Johansen	 loaded policy provide system administrators a quick way
80d61c57fdSJohn Johansen	 to verify that policy in the kernel matches what is expected,
81d61c57fdSJohn Johansen	 however it can slow down policy load on some devices. In
82d61c57fdSJohn Johansen	 these cases policy hashing can be disabled by default and
83d61c57fdSJohn Johansen	 enabled only if needed.
84d61c57fdSJohn Johansen
85d61c57fdSJohn Johansenconfig SECURITY_APPARMOR_EXPORT_BINARY
86d61c57fdSJohn Johansen	bool "Allow exporting the raw binary policy"
87d61c57fdSJohn Johansen	depends on SECURITY_APPARMOR_INTROSPECT_POLICY
88f4d6b94bSJon Tourville	select ZSTD_COMPRESS
89f4d6b94bSJon Tourville	select ZSTD_DECOMPRESS
90d61c57fdSJohn Johansen	default y
91d61c57fdSJohn Johansen	help
92d61c57fdSJohn Johansen	  This option allows reading back binary policy as it was loaded.
93d61c57fdSJohn Johansen	  It increases the amount of kernel memory needed by policy and
94d61c57fdSJohn Johansen	  also increases policy load time. This option is required for
95d61c57fdSJohn Johansen	  checkpoint and restore support, and debugging of loaded policy.
96d61c57fdSJohn Johansen
975bfcbd22SJohn Johansenconfig SECURITY_APPARMOR_PARANOID_LOAD
985bfcbd22SJohn Johansen	bool "Perform full verification of loaded policy"
995bfcbd22SJohn Johansen	depends on SECURITY_APPARMOR
1005bfcbd22SJohn Johansen	default y
1015bfcbd22SJohn Johansen	help
1025bfcbd22SJohn Johansen	  This options allows controlling whether apparmor does a full
1035bfcbd22SJohn Johansen	  verification of loaded policy. This should not be disabled
1045bfcbd22SJohn Johansen	  except for embedded systems where the image is read only,
1055bfcbd22SJohn Johansen	  includes policy, and has some form of integrity check.
1065bfcbd22SJohn Johansen	  Disabling the check will speed up policy loads.
1075bfcbd22SJohn Johansen
1084d944bcdSMike Salvatoreconfig SECURITY_APPARMOR_KUNIT_TEST
109*b11e51ddSRae Moar	tristate "Build KUnit tests for policy_unpack.c" if !KUNIT_ALL_TESTS
110*b11e51ddSRae Moar	depends on KUNIT && SECURITY_APPARMOR
1116d6861d4SAnders Roxell	default KUNIT_ALL_TESTS
1124d944bcdSMike Salvatore	help
1134d944bcdSMike Salvatore	  This builds the AppArmor KUnit tests.
1144d944bcdSMike Salvatore
1154d944bcdSMike Salvatore	  KUnit tests run during boot and output the results to the debug log
116c9fecf50SAlexander A. Klimov	  in TAP format (https://testanything.org/). Only useful for kernel devs
1174d944bcdSMike Salvatore	  running KUnit test harness and are not for inclusion into a
1184d944bcdSMike Salvatore	  production build.
1194d944bcdSMike Salvatore
1204d944bcdSMike Salvatore	  For more information on KUnit and unit tests in general please refer
1214d944bcdSMike Salvatore	  to the KUnit documentation in Documentation/dev-tools/kunit/.
1224d944bcdSMike Salvatore
1234d944bcdSMike Salvatore	  If unsure, say N.
124