From 5fbc06faf9bf8703a408e8b91717a9ba3f5aabf8 Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 27 Mar 2022 23:03:02 +0300
Subject: [PATCH] Add cmdline checks to '--print'

---
 kconfig_hardened_check/__init__.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 17bf7be..7324a9e 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -656,6 +656,14 @@ def add_kconfig_checks(l, arch):
 #   l += [KconfigCheck('feature_test', 'my', 'LKDTM', 'm')] # only for debugging!
 
 
+def add_cmdline_checks(l, arch):
+    # Calling the CmdlineCheck class constructor:
+    #     CmdlineCheck(reason, decision, name, expected)
+
+    l += [CmdlineCheck('self_protection', 'kspp', 'randomize_kstack_offset', 'on')]
+    # TODO: add other
+
+
 def print_unknown_options(checklist, parsed_options):
     known_options = []
 
@@ -861,6 +869,7 @@ def main():
             sys.exit('[!] ERROR: wrong mode "{}" for --print'.format(mode))
         arch = args.print
         add_kconfig_checks(config_checklist, arch)
+        add_cmdline_checks(config_checklist, arch)
         if mode != 'json':
             print('[+] Printing kernel security hardening preferences for {}...'.format(arch))
         print_checklist(mode, config_checklist, False)
-- 
2.31.1