162306a36Sopenharmony_ci# SPDX-License-Identifier: GPL-2.0-only
262306a36Sopenharmony_ciconfig SECURITY_TOMOYO
362306a36Sopenharmony_ci	bool "TOMOYO Linux Support"
462306a36Sopenharmony_ci	depends on SECURITY
562306a36Sopenharmony_ci	depends on NET
662306a36Sopenharmony_ci	select SECURITYFS
762306a36Sopenharmony_ci	select SECURITY_PATH
862306a36Sopenharmony_ci	select SECURITY_NETWORK
962306a36Sopenharmony_ci	default n
1062306a36Sopenharmony_ci	help
1162306a36Sopenharmony_ci	  This selects TOMOYO Linux, pathname-based access control.
1262306a36Sopenharmony_ci	  Required userspace tools and further information may be
1362306a36Sopenharmony_ci	  found at <https://tomoyo.osdn.jp/>.
1462306a36Sopenharmony_ci	  If you are unsure how to answer this question, answer N.
1562306a36Sopenharmony_ci
1662306a36Sopenharmony_ciconfig SECURITY_TOMOYO_MAX_ACCEPT_ENTRY
1762306a36Sopenharmony_ci	int "Default maximal count for learning mode"
1862306a36Sopenharmony_ci	default 2048
1962306a36Sopenharmony_ci	range 0 2147483647
2062306a36Sopenharmony_ci	depends on SECURITY_TOMOYO
2162306a36Sopenharmony_ci	help
2262306a36Sopenharmony_ci	  This is the default value for maximal ACL entries
2362306a36Sopenharmony_ci	  that are automatically appended into policy at "learning mode".
2462306a36Sopenharmony_ci	  Some programs access thousands of objects, so running
2562306a36Sopenharmony_ci	  such programs in "learning mode" dulls the system response
2662306a36Sopenharmony_ci	  and consumes much memory.
2762306a36Sopenharmony_ci	  This is the safeguard for such programs.
2862306a36Sopenharmony_ci
2962306a36Sopenharmony_ciconfig SECURITY_TOMOYO_MAX_AUDIT_LOG
3062306a36Sopenharmony_ci	int "Default maximal count for audit log"
3162306a36Sopenharmony_ci	default 1024
3262306a36Sopenharmony_ci	range 0 2147483647
3362306a36Sopenharmony_ci	depends on SECURITY_TOMOYO
3462306a36Sopenharmony_ci	help
3562306a36Sopenharmony_ci	  This is the default value for maximal entries for
3662306a36Sopenharmony_ci	  audit logs that the kernel can hold on memory.
3762306a36Sopenharmony_ci	  You can read the log via /sys/kernel/security/tomoyo/audit.
3862306a36Sopenharmony_ci	  If you don't need audit logs, you may set this value to 0.
3962306a36Sopenharmony_ci
4062306a36Sopenharmony_ciconfig SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
4162306a36Sopenharmony_ci	bool "Activate without calling userspace policy loader."
4262306a36Sopenharmony_ci	default n
4362306a36Sopenharmony_ci	depends on SECURITY_TOMOYO
4462306a36Sopenharmony_ci	help
4562306a36Sopenharmony_ci	  Say Y here if you want to activate access control as soon as built-in
4662306a36Sopenharmony_ci	  policy was loaded. This option will be useful for systems where
4762306a36Sopenharmony_ci	  operations which can lead to the hijacking of the boot sequence are
4862306a36Sopenharmony_ci	  needed before loading the policy. For example, you can activate
4962306a36Sopenharmony_ci	  immediately after loading the fixed part of policy which will allow
5062306a36Sopenharmony_ci	  only operations needed for mounting a partition which contains the
5162306a36Sopenharmony_ci	  variant part of policy and verifying (e.g. running GPG check) and
5262306a36Sopenharmony_ci	  loading the variant part of policy. Since you can start using
5362306a36Sopenharmony_ci	  enforcing mode from the beginning, you can reduce the possibility of
5462306a36Sopenharmony_ci	  hijacking the boot sequence.
5562306a36Sopenharmony_ci
5662306a36Sopenharmony_ciconfig SECURITY_TOMOYO_POLICY_LOADER
5762306a36Sopenharmony_ci	string "Location of userspace policy loader"
5862306a36Sopenharmony_ci	default "/sbin/tomoyo-init"
5962306a36Sopenharmony_ci	depends on SECURITY_TOMOYO
6062306a36Sopenharmony_ci	depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
6162306a36Sopenharmony_ci	help
6262306a36Sopenharmony_ci	  This is the default pathname of policy loader which is called before
6362306a36Sopenharmony_ci	  activation. You can override this setting via TOMOYO_loader= kernel
6462306a36Sopenharmony_ci	  command line option.
6562306a36Sopenharmony_ci
6662306a36Sopenharmony_ciconfig SECURITY_TOMOYO_ACTIVATION_TRIGGER
6762306a36Sopenharmony_ci	string "Trigger for calling userspace policy loader"
6862306a36Sopenharmony_ci	default "/sbin/init"
6962306a36Sopenharmony_ci	depends on SECURITY_TOMOYO
7062306a36Sopenharmony_ci	depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
7162306a36Sopenharmony_ci	help
7262306a36Sopenharmony_ci	  This is the default pathname of activation trigger.
7362306a36Sopenharmony_ci	  You can override this setting via TOMOYO_trigger= kernel command line
7462306a36Sopenharmony_ci	  option. For example, if you pass init=/bin/systemd option, you may
7562306a36Sopenharmony_ci	  want to also pass TOMOYO_trigger=/bin/systemd option.
7662306a36Sopenharmony_ci
7762306a36Sopenharmony_ciconfig SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
7862306a36Sopenharmony_ci	bool "Use insecure built-in settings for fuzzing tests."
7962306a36Sopenharmony_ci	default n
8062306a36Sopenharmony_ci	depends on SECURITY_TOMOYO
8162306a36Sopenharmony_ci	select SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
8262306a36Sopenharmony_ci	help
8362306a36Sopenharmony_ci	  Enabling this option forces minimal built-in policy and disables
8462306a36Sopenharmony_ci	  domain/program checks for run-time policy modifications. Please enable
8562306a36Sopenharmony_ci	  this option only if this kernel is built for doing fuzzing tests.
86