testNoLoadableModules: use correct kernel option
The correct kernel option to disable loadable modules is CONFIG_MODULES,
not CONFIG_KMOD. My bad.
Change-Id: I3cd4c9bdbb8d6b622f66d543e3ba8011efe1957c
diff --git a/tests/tests/security/src/android/security/cts/KernelSettingsTest.java b/tests/tests/security/src/android/security/cts/KernelSettingsTest.java
index 6daaffe..f8ee283 100644
--- a/tests/tests/security/src/android/security/cts/KernelSettingsTest.java
+++ b/tests/tests/security/src/android/security/cts/KernelSettingsTest.java
@@ -96,14 +96,14 @@
* which is commonly used by exploit writers to gain root access.
*
* Support for loadable modules can be removed by editing the Linux kernel
- * config and removing the CONFIG_KMOD option.
+ * config and removing the CONFIG_MODULES option.
*/
public void testNoLoadableModules() throws IOException {
assertFalse(
"Support for loadable modules is compiled into the kernel. "
+ "Loadable modules are often used by rootkits and other "
+ "exploits and should be disabled. Please remove "
- + "CONFIG_KMOD from your kernel config and compile "
+ + "CONFIG_MODULES from your kernel config and compile "
+ "all modules directly into the kernel.",
new File("/proc/sys/kernel/modprobe").exists());
}
