ANDROID: restrict access to perf events

Add: CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y to android-base.cfg The kernel.perf_event_paranoid sysctl is set to 3 by default. No unprivileged use of the perf_event_open syscall will be permitted unless it is changed. Bug: 29054680 Change-Id: Ie7512259150e146d8e382dc64d40e8faaa438917
author: Jeff Vander Stoep <jeffv@google.com> 2016-06-01 13:44:47 -0700
committer: Moyster <oysterized@gmail.com> 2016-09-10 15:04:43 +0200
commit: 1398edd04f17d802160377b3a55a90ed058e5bec (patch)
tree: c99ee1a0ba7ac64a465144798eda496698b3c143
parent: acda8ed24ef6c0a4a8445073d01b908f47b7eb75 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/android/configs/android-base.cfg b/android/configs/android-base.cfg
index d8503e450..c2ffa1b84 100644
--- a/android/configs/android-base.cfg
+++ b/android/configs/android-base.cfg
@@ -129,6 +129,12 @@ CONFIG_PREEMPT=y
 CONFIG_RESOURCE_COUNTERS=y
 CONFIG_RTC_CLASS=y
 CONFIG_RT_GROUP_SCHED=y
+CONFIG_SECURITY=y
+CONFIG_SECURITY_NETWORK=y
+CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SND=y
+CONFIG_SOUND=y
 CONFIG_STAGING=y
 CONFIG_SWITCH=y
 CONFIG_SYNC=y
author	Jeff Vander Stoep <jeffv@google.com>	2016-06-01 13:44:47 -0700
committer	Moyster <oysterized@gmail.com>	2016-09-10 15:04:43 +0200
commit	1398edd04f17d802160377b3a55a90ed058e5bec (patch)
tree	c99ee1a0ba7ac64a465144798eda496698b3c143
parent	acda8ed24ef6c0a4a8445073d01b908f47b7eb75 (diff)