Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 426646ed authored by Jeff Vander Stoep's avatar Jeff Vander Stoep Committed by Dennis Cagle
Browse files

FROMLIST: security,perf: Allow further restriction of perf_event_open 

When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN).  This version doesn't include making
the variable read-only.  It also allows enabling further restriction
at run-time regardless of whether the default is changed.

https://lkml.org/lkml/2016/1/11/587

Conflicts:
	kernel/events/core.c

Git-repo: https://android.googlesource.com/kernel/common.git


Git-commit: 012b0adc
Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
Signed-off-by: default avatarDennis Cagle <d-cagle@codeaurora.org>
Bug: 29054680
Bug: 29119870
Change-Id: Iff5bff4fc1042e85866df9faa01bce8d04335ab8
(cherry picked from commit f16929ac8586f37949c638c738a6f0de969ed1ea)
parent b01add1f
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment