Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1180b8e6 authored Jun 01, 2020 by Ivaylo Georgiev

Restore "ANDROID: security,perf: Allow further restriction of perf_event_open"



This reverts commit 025a1ee6.

Restore CONFIG_SECURITY_PERF_EVENTS_RESTRICT to fix vintf checker
failure.

Change-Id: I41742532de583329ab802e55ab62eae747f91f13
Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org>

parent 1526c9c6

Documentation/sysctl/kernel.txt

+3 −1

Original line number	Diff line number	Diff line
		@@ -720,7 +720,8 @@ allowed to execute.
		perf_event_paranoid:

		Controls use of the performance events system by unprivileged
		users (without CAP_SYS_ADMIN). The default value is 2.
		users (without CAP_SYS_ADMIN). The default value is 3 if
		CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set, or 2 otherwise.

		-1: Allow use of (almost) all events by all users
		Ignore mlock limit after perf_event_mlock_kb without CAP_IPC_LOCK
		@@ -728,6 +729,7 @@ users (without CAP_SYS_ADMIN). The default value is 2.
		Disallow raw tracepoint access by users without CAP_SYS_ADMIN
		>=1: Disallow CPU event access by users without CAP_SYS_ADMIN
		>=2: Disallow kernel profiling by users without CAP_SYS_ADMIN
		>=3: Disallow all event access by users without CAP_SYS_ADMIN

		==============================================================

arch/arm/configs/vendor/bengal-perf_defconfig

+1 −0

Original line number	Diff line number	Diff line
		@@ -577,6 +577,7 @@ CONFIG_SDCARD_FS=y
		# CONFIG_NETWORK_FILESYSTEMS is not set
		CONFIG_NLS_CODEPAGE_437=y
		CONFIG_NLS_ISO8859_1=y
		CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y
		CONFIG_SECURITY=y
		CONFIG_LSM_MMAP_MIN_ADDR=4096
		CONFIG_HARDENED_USERCOPY=y

arch/arm/configs/vendor/bengal_defconfig

+1 −0

Original line number	Diff line number	Diff line
		@@ -627,6 +627,7 @@ CONFIG_SDCARD_FS=y
		CONFIG_NLS_CODEPAGE_437=y
		CONFIG_NLS_ASCII=y
		CONFIG_NLS_ISO8859_1=y
		CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y
		CONFIG_SECURITY=y
		CONFIG_LSM_MMAP_MIN_ADDR=4096
		CONFIG_HARDENED_USERCOPY=y

arch/arm64/configs/gki_defconfig

+1 −0

Original line number	Diff line number	Diff line
		@@ -451,6 +451,7 @@ CONFIG_NLS_MAC_ROMANIAN=y
		CONFIG_NLS_MAC_TURKISH=y
		CONFIG_NLS_UTF8=y
		CONFIG_UNICODE=y
		CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y
		CONFIG_SECURITY=y
		CONFIG_SECURITYFS=y
		CONFIG_SECURITY_NETWORK=y

arch/arm64/configs/vendor/bengal-perf_defconfig

+1 −0

Original line number	Diff line number	Diff line
		@@ -616,6 +616,7 @@ CONFIG_SDCARD_FS=y
		# CONFIG_NETWORK_FILESYSTEMS is not set
		CONFIG_NLS_CODEPAGE_437=y
		CONFIG_NLS_ISO8859_1=y
		CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y
		CONFIG_SECURITY=y
		CONFIG_HARDENED_USERCOPY=y
		CONFIG_HARDENED_USERCOPY_PAGESPAN=y