src/security/scrutiny/lib/plugins/src/verify/controller/boot_options.rs - fuchsia - Git at Google

 // Copyright 2020 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 use {
     crate::core::collection::Zbi,
     anyhow::{anyhow, Result},
     scrutiny::{model::controller::DataController, model::model::*},
     serde_json::{json, value::Value},
     std::sync::Arc,
 };

 #[derive(Default)]
 pub struct ZbiCmdlineVerifyController {}

 impl DataController for ZbiCmdlineVerifyController {
     fn query(&self, model: Arc<DataModel>, _value: Value) -> Result<Value> {
         if let Ok(zbi) = model.get::<Zbi>() {
             if zbi.cmdline.contains("kernel.enable-debugging-syscalls=true") {
                 return Err(anyhow!("debugging syscalls are not disabled"));
             }
             return Ok(json!({"verified":true}));
         }
         Err(anyhow!("ZBI not found"))
     }

     fn description(&self) -> String {
         "verifies the ZBI cmdline options for a _user build".to_string()
     }
 }
	// Copyright 2020 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	use {
	crate::core::collection::Zbi,
	anyhow::{anyhow, Result},
	scrutiny::{model::controller::DataController, model::model::*},
	serde_json::{json, value::Value},
	std::sync::Arc,
	};

	#[derive(Default)]
	pub struct ZbiCmdlineVerifyController {}

	impl DataController for ZbiCmdlineVerifyController {
	fn query(&self, model: Arc<DataModel>, _value: Value) -> Result<Value> {
	if let Ok(zbi) = model.get::<Zbi>() {
	if zbi.cmdline.contains("kernel.enable-debugging-syscalls=true") {
	return Err(anyhow!("debugging syscalls are not disabled"));
	}
	return Ok(json!({"verified":true}));
	}
	Err(anyhow!("ZBI not found"))
	}

	fn description(&self) -> String {
	"verifies the ZBI cmdline options for a _user build".to_string()
	}
	}