Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3b268df1 authored by Ryan Savitski's avatar Ryan Savitski Committed by Gerrit Code Review
Browse files

Merge "dev devices with permissive boot: disable perf_event_paranoid"

parents 32809d82 ea93f110

init/security.cpp

+14 −0
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ 
#include <errno.h>

#include <fcntl.h>

#include <linux/perf_event.h>

#include <selinux/selinux.h>

#include <sys/ioctl.h>

#include <sys/syscall.h>

#include <unistd.h>
@@ -222,6 +223,19 @@ Result<void> SetKptrRestrictAction(const BuiltinArguments&) { 
// supporting kernels that precede the perf_event_open hooks (Android common

// kernels 4.4 and 4.9).

Result<void> TestPerfEventSelinuxAction(const BuiltinArguments&) {

    // Special case: for *development devices* that boot with permissive

    // SELinux, treat the LSM hooks as present for the effect of lowering the

    // perf_event_paranoid sysctl. The sysprop is reused for pragmatic reasons,

    // as there no existing way for init rules to check for permissive boot at

    // the time of writing.

    if (ALLOW_PERMISSIVE_SELINUX) {

        if (!security_getenforce()) {

            LOG(INFO) << "Permissive SELinux boot, forcing sys.init.perf_lsm_hooks to 1.";

            SetProperty("sys.init.perf_lsm_hooks", "1");

            return {};

        }

    }



    // Use a trivial event that will be configured, but not started.

    struct perf_event_attr pe = {

            .type = PERF_TYPE_SOFTWARE,