Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 8e5e42d5 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep Committed by Alistair Strachan
Browse files

ANDROID: security,perf: Allow further restriction of perf_event_open 

When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN).  This version doesn't include making
the variable read-only.  It also allows enabling further restriction
at run-time regardless of whether the default is changed.

https://lkml.org/lkml/2016/1/11/587

Bug: 29054680
Bug: 120445712
Change-Id: Iff5bff4fc1042e85866df9faa01bce8d04335ab8
[jeffv: Upstream doesn't want it https://lkml.org/lkml/2016/6/17/101

]
Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
parent 6a82b2aa
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment