18c2ecf20Sopenharmony_ci# SPDX-License-Identifier: GPL-2.0-only
28c2ecf20Sopenharmony_ciconfig SECURITY_TOMOYO
38c2ecf20Sopenharmony_ci	bool "TOMOYO Linux Support"
48c2ecf20Sopenharmony_ci	depends on SECURITY
58c2ecf20Sopenharmony_ci	depends on NET
68c2ecf20Sopenharmony_ci	select SECURITYFS
78c2ecf20Sopenharmony_ci	select SECURITY_PATH
88c2ecf20Sopenharmony_ci	select SECURITY_NETWORK
98c2ecf20Sopenharmony_ci	select SRCU
108c2ecf20Sopenharmony_ci	select BUILD_BIN2C
118c2ecf20Sopenharmony_ci	default n
128c2ecf20Sopenharmony_ci	help
138c2ecf20Sopenharmony_ci	  This selects TOMOYO Linux, pathname-based access control.
148c2ecf20Sopenharmony_ci	  Required userspace tools and further information may be
158c2ecf20Sopenharmony_ci	  found at <http://tomoyo.sourceforge.jp/>.
168c2ecf20Sopenharmony_ci	  If you are unsure how to answer this question, answer N.
178c2ecf20Sopenharmony_ci
188c2ecf20Sopenharmony_ciconfig SECURITY_TOMOYO_MAX_ACCEPT_ENTRY
198c2ecf20Sopenharmony_ci	int "Default maximal count for learning mode"
208c2ecf20Sopenharmony_ci	default 2048
218c2ecf20Sopenharmony_ci	range 0 2147483647
228c2ecf20Sopenharmony_ci	depends on SECURITY_TOMOYO
238c2ecf20Sopenharmony_ci	help
248c2ecf20Sopenharmony_ci	  This is the default value for maximal ACL entries
258c2ecf20Sopenharmony_ci	  that are automatically appended into policy at "learning mode".
268c2ecf20Sopenharmony_ci	  Some programs access thousands of objects, so running
278c2ecf20Sopenharmony_ci	  such programs in "learning mode" dulls the system response
288c2ecf20Sopenharmony_ci	  and consumes much memory.
298c2ecf20Sopenharmony_ci	  This is the safeguard for such programs.
308c2ecf20Sopenharmony_ci
318c2ecf20Sopenharmony_ciconfig SECURITY_TOMOYO_MAX_AUDIT_LOG
328c2ecf20Sopenharmony_ci	int "Default maximal count for audit log"
338c2ecf20Sopenharmony_ci	default 1024
348c2ecf20Sopenharmony_ci	range 0 2147483647
358c2ecf20Sopenharmony_ci	depends on SECURITY_TOMOYO
368c2ecf20Sopenharmony_ci	help
378c2ecf20Sopenharmony_ci	  This is the default value for maximal entries for
388c2ecf20Sopenharmony_ci	  audit logs that the kernel can hold on memory.
398c2ecf20Sopenharmony_ci	  You can read the log via /sys/kernel/security/tomoyo/audit.
408c2ecf20Sopenharmony_ci	  If you don't need audit logs, you may set this value to 0.
418c2ecf20Sopenharmony_ci
428c2ecf20Sopenharmony_ciconfig SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
438c2ecf20Sopenharmony_ci	bool "Activate without calling userspace policy loader."
448c2ecf20Sopenharmony_ci	default n
458c2ecf20Sopenharmony_ci	depends on SECURITY_TOMOYO
468c2ecf20Sopenharmony_ci	help
478c2ecf20Sopenharmony_ci	  Say Y here if you want to activate access control as soon as built-in
488c2ecf20Sopenharmony_ci	  policy was loaded. This option will be useful for systems where
498c2ecf20Sopenharmony_ci	  operations which can lead to the hijacking of the boot sequence are
508c2ecf20Sopenharmony_ci	  needed before loading the policy. For example, you can activate
518c2ecf20Sopenharmony_ci	  immediately after loading the fixed part of policy which will allow
528c2ecf20Sopenharmony_ci	  only operations needed for mounting a partition which contains the
538c2ecf20Sopenharmony_ci	  variant part of policy and verifying (e.g. running GPG check) and
548c2ecf20Sopenharmony_ci	  loading the variant part of policy. Since you can start using
558c2ecf20Sopenharmony_ci	  enforcing mode from the beginning, you can reduce the possibility of
568c2ecf20Sopenharmony_ci	  hijacking the boot sequence.
578c2ecf20Sopenharmony_ci
588c2ecf20Sopenharmony_ciconfig SECURITY_TOMOYO_POLICY_LOADER
598c2ecf20Sopenharmony_ci	string "Location of userspace policy loader"
608c2ecf20Sopenharmony_ci	default "/sbin/tomoyo-init"
618c2ecf20Sopenharmony_ci	depends on SECURITY_TOMOYO
628c2ecf20Sopenharmony_ci	depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
638c2ecf20Sopenharmony_ci	help
648c2ecf20Sopenharmony_ci	  This is the default pathname of policy loader which is called before
658c2ecf20Sopenharmony_ci	  activation. You can override this setting via TOMOYO_loader= kernel
668c2ecf20Sopenharmony_ci	  command line option.
678c2ecf20Sopenharmony_ci
688c2ecf20Sopenharmony_ciconfig SECURITY_TOMOYO_ACTIVATION_TRIGGER
698c2ecf20Sopenharmony_ci	string "Trigger for calling userspace policy loader"
708c2ecf20Sopenharmony_ci	default "/sbin/init"
718c2ecf20Sopenharmony_ci	depends on SECURITY_TOMOYO
728c2ecf20Sopenharmony_ci	depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
738c2ecf20Sopenharmony_ci	help
748c2ecf20Sopenharmony_ci	  This is the default pathname of activation trigger.
758c2ecf20Sopenharmony_ci	  You can override this setting via TOMOYO_trigger= kernel command line
768c2ecf20Sopenharmony_ci	  option. For example, if you pass init=/bin/systemd option, you may
778c2ecf20Sopenharmony_ci	  want to also pass TOMOYO_trigger=/bin/systemd option.
788c2ecf20Sopenharmony_ci
798c2ecf20Sopenharmony_ciconfig SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
808c2ecf20Sopenharmony_ci	bool "Use insecure built-in settings for fuzzing tests."
818c2ecf20Sopenharmony_ci	default n
828c2ecf20Sopenharmony_ci	depends on SECURITY_TOMOYO
838c2ecf20Sopenharmony_ci	select SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
848c2ecf20Sopenharmony_ci	help
858c2ecf20Sopenharmony_ci	  Enabling this option forces minimal built-in policy and disables
868c2ecf20Sopenharmony_ci	  domain/program checks for run-time policy modifications. Please enable
878c2ecf20Sopenharmony_ci	  this option only if this kernel is built for doing fuzzing tests.
88